[Samba] Re: samba Digest, Vol 50, Issue 11
Thanks & Regards Hitesh Lad Jr. System Administrator Suma Soft Pvt. Ltd., Pune. - Original Message - From: <[EMAIL PROTECTED]> To: Sent: Thursday, February 08, 2007 8:49 AM Subject: samba Digest, Vol 50, Issue 11 > Send samba mailing list submissions to > samba@lists.samba.org > > To subscribe or unsubscribe via the World Wide Web, visit > https://lists.samba.org/mailman/listinfo/samba > or, via email, send a message with subject or body 'help' to > [EMAIL PROTECTED] > > You can reach the person managing the list at > [EMAIL PROTECTED] > > When replying, please edit your Subject line so it is more specific > than "Re: Contents of samba digest..." > > > Today's Topics: > >1. Re: using the old user profiles for the new PDC (Erol YILDIZ) >2. Re: upgrade 3.04 to 3.0.23d ? (Stefan G. Weichinger) >3. Can't print to windows printer (Toni Casueps) >4. Lock issues? Help with migration from Windows to Linux/Samba > (robert mena) >5. RE: Vista password being rejected on share security mode > (Schaefer Jr, Thomas R.) >6. Re: Lock issues? Help with migration from Windows to > Linux/Samba (John Drescher) >7. Samba can't find unix accounts for user mapping (Rainer Weber) >8. "Unable to connect to CIFS host after (tried 3 times)" > (Kessia Pinheiro) >9. Re: Problems accessing a Samba share while logged into an AD > domain (Sukanta Ganguly) > 10. Smb.conf man page on www.samba.org (Taylor, Marc) > 11. Connection from WinXP 64 Bit to Samba server broken? > (Andreas Haumer) > 12. Re: Problems accessing a Samba share while logged into an AD > domain (Geir A. Myrestrand) > 13. Re[2]: [Samba] Problems accessing a Samba share while logged > into an AD domain (Alex Wang) > 14. Re: Vista password being rejected on share security mode > (Jeremy Allison) > 15. Re: audit module (Sherwood Botsford) > 16. Re: Cannot change case of existing file names (Jordan Russell) > 17. Re: Cannot change case of existing file names (Jeremy Allison) > 18. Samba guest user root? (Tijnema !) > 19. Re: Re: Cannot change case of existing file names > (Gerald (Jerry) Carter) > 20. Re: ntuser.dat (Sherwood Botsford) > 21. Re: Cannot change case of existing file names (Jordan Russell) > 22. "Windows cannot obtain the domain controller name for your > computer network" error on XP Pro SP2 clients for Samba 3.0.23d > PDC (stephen mulcahy) > 23. Re: Domain logons and client IP broadcasts (Sherwood Botsford) > 24. Re: kerberos/Samba integration questions (Jon Allingham) > 25. Re: Re: Cannot change case of existing file names (Jordan Russell) > 26. More than one user with SID xxx (Natxo Asenjo) > 27. Re: More than one user with SID xxx (simo) > 28. Re: upgrade 3.04 to 3.0.23d ? (Stefan G. Weichinger) > 29. Domain login across subnets (John Paul) > 30. wbinfo works, getent doesn't (Donald N Kenepp) > 31. Re: Cannot change case of existing file names (Jeremy Allison) > 32. Re: Cannot change case of existing file names (Jordan Russell) > 33. Re: wbinfo works, getent doesn't (Don McCall) > 34. FreeBSD and Winbind ([EMAIL PROTECTED]) > 35. Re: FreeBSD and Winbind (Daniel O'Connor) > 36. RE: Unicode support--case sensitive in share name > (Latrell Wang ???) > 37. Re: FreeBSD and Winbind ([EMAIL PROTECTED]) > 38. Re: FreeBSD and Winbind ([EMAIL PROTECTED]) > 39. RE: wbinfo works, getent doesn't (Donald N Kenepp) > 40. Re[2]: [Samba] FreeBSD and Winbind (Alex Wang) > 41. Re: FreeBSD and Winbind (Daniel O'Connor) > 42. The Samba 3 Network speed too slow (Akong) > 43. Re: Roaming Profiles won't save (Jason Martin) > 44. simple right question (Jeroen Vriesman) > 45. Re: replacing a samba pdc server. (Collen Blijenberg) > 46. Re: Mac OSX doesn't retain file timestamp when copying to > SAMBA share (Tom Schaefer) > 47. Re: Valid users not working on 3.0.23d (John H Terpstra) > 48. HP-UX 10.20 (mazhead) > 49. Domain logins across subnets (John Paul) > 50. Re: Error ([EMAIL PROTECTED]) > 51. 400 Server Error - chdir failed - the server is not > configured correctly (Vipin Khushu) > 52. Re: Reference Documentation Server (- Reyneke) > 53. DFS in Vista (=?big5?B?TGF0cmVsbCBXYW5nIKT9xG269Q==?=) > 54. Solaris - Samba - AD (Daim Choc) > 55. File locking: is there some kind of timeout I can alter? > (Michael Rignaz) > > > ___ > samba mailing list > samba@lists.samba.org > https://lists.samba.org/mailman/listinfo/samba > > -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] RH Enterprise Question
Hi, I got a question regarding samba. can see the printer share in smbclient -L localhost but when I am trying to access the printers in my network places is not showing up. here is my smb.conf # This is the main Samba configuration file. You should read the # smb.conf(5) manual page in order to understand the options listed # here. Samba has a huge number of configurable options (perhaps too # many!) most of which are not shown in this example # # Any line which starts with a ; (semi-colon) or a # (hash) # is a comment and is ignored. In this example we will use a # # for commentry and a ; for parts of the config file that you # may wish to enable # # NOTE: Whenever you modify this file you should run the command "testparm" # to check that you have not made any basic syntactic errors. # #=== Global Settings = [global] # workgroup = NT-Domain-Name or Workgroup-Name workgroup = ausatplab.local # server string is the equivalent of the NT Description field server string = Samba Server # This option is important for security. It allows you to restrict # connections to machines which are on your local network. The # following example restricts access to two C class networks and # the "loopback" interface. For more examples of the syntax see # the smb.conf man page ; hosts allow = 192.168.1. 192.168.2. 127. # if you want to automatically load your printer list rather # than setting them up individually then you'll need this printcap name = /etc/printcap load printers = yes # It should not be necessary to spell out the print system type unless # yours is non-standard. Currently supported print systems include: # bsd, sysv, plp, lprng, aix, hpux, qnx printing = cups # This option tells cups that the data has already been rasterized cups options = raw # Uncomment this if you want a guest account, you must add this to /etc/passwd # otherwise the user "nobody" is used ; guest account = pcguest # this tells Samba to use a separate log file for each machine # that connects log file = /var/log/samba/%m.log # all log information in one file # log file = /var/log/samba/smbd.log # Put a capping on the size of the log files (in Kb). max log size = 50 # Security mode. Most people will want user level security. See # security_level.txt for details. security = server # Use password server option only with security = server password server = 13.199.110.80 # Password Level allows matching of _n_ characters of the password for # all combinations of upper and lower case. ; password level = 8 ; username level = 8 # You may wish to use password encryption. Please read # ENCRYPTION.txt, Win95.txt and WinNT.txt in the Samba documentation. # Do not enable this option unless you have read those documents ; encrypt passwords = yes ; smb passwd file = /etc/samba/smbpasswd # The following are needed to allow password changing from Windows to # update the Linux system password also. # NOTE: Use these with 'encrypt passwords' and 'smb passwd file' above. # NOTE2: You do NOT need these to allow workstations to change only # the encrypted SMB passwords. They allow the Unix password # to be kept in sync with the SMB password. ; unix password sync = Yes ; passwd program = /usr/bin/passwd %u ; passwd chat = *New*UNIX*password* %n\n *ReType*new*UNIX*password* %n\n *passwd:*all*authentication*tokens*updated*successfully* # Unix users can map to different SMB User names ; username map = /etc/samba/smbusers # Using the following line enables you to customise your configuration # on a per machine basis. The %m gets replaced with the netbios name # of the machine that is connecting ; include = /etc/samba/smb.conf.%m # Most people will find that this option gives better performance. # See speed.txt and the manual pages for details socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 # Configure Samba to use multiple interfaces # If you have multiple network interfaces then you must list them # here. See the man page for details. ; interfaces = 192.168.12.2/24 192.168.13.2/24 # Configure remote browse list synchronisation here # request announcement to, or browse list sync from: # a specific host or from / to a whole subnet (see below) ; remote browse sync = 192.168.3.25 192.168.5.255 # Cause this host to announce itself to local subnets here ; remote announce = 192.168.1.255 192.168.2.44 # Browser Control Options: # set local master to no if you don't want Samba to become a master # browser on your network. Otherwise the normal election rules apply ; local master = no # OS Level determines the precedence of this server in master browser # elections. The default value should be reasonable ; os level = 33 # Domain Master specifies Samba to be the Domain Master Browser. This # allows Samba to collate browse lists between subnets. Don't use this # if you already have a Windows NT
Re: [Samba] FreeBSD and Winbind
On Thursday 08 February 2007 12:26, Alex Wang wrote: > Where did you find the genent? I installed from the port but I didn't > find the genent in my FreeBSD system. It's in 6.2 (and -current) -- Daniel O'Connor software and network engineer for Genesis Software - http://www.gsoft.com.au "The nice thing about standards is that there are so many of them to choose from." -- Andrew Tanenbaum GPG Fingerprint - 5596 B766 97C0 0E94 4347 295E E593 DC20 7B3F CE8C pgp34LEEtzfEn.pgp Description: PGP signature -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] File locking: is there some kind of timeout I can alter?
Hi, I have a problem, that occurs once a week: when my boss opens some files with read/write access via vpn over a crappy internet connection and his connection gets terminated, some files are still locked read-only after several hours/half a day or more. Only restarting the appropriate smbd daemon helps. Is there an option or anything I can modify, that allows me to improve this situation? Reset on vc zero doesn't help, since he might not reconnect everytime this happens.. Thnx a lot for any help! Regards, Michael -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Solaris - Samba - AD
Hello folks. I'm new to the list and I have questions about Samba. I have been able to configure Samba 3.x on Solaris 9 with AD authentication for the users. I'm able to mount the shares onto Windows XP clients and able to read the files. Now, if I use a text editor like notepad or GVIM to save an existing file, it saves it. When I try to use Word, Eclipse, or Crimson Editor, it errors out saying that it can't save the file... One thing I noticed with the later applications is that it tries to create a temp file first where the edited file came from before overwriting the original file. Now in my smb.conf, I have it forced user and group as well as the valid user setting. Has anybody seen a workaround for this? Looks like the application tries to overwrite the file using a different user... Thanks in advance for your help. Below is my smb.conf: [global] netbios name = web1 workgroup = AD server string = TEST Website Server log file = /usr/local/samba/var/log.%m log level = 3 max log size = 5 debug timestamp = no security = DOMAIN socket options = TCP_NODELAY local master = no preferred master = no dns proxy = no encrypt passwords = yes wins proxy = no wins server = 10.1.1.100 socket options = TCP_NODELAY password server = pdc1,pdc2 name resolve order = wins bcast domain master = False browse list = No enhanced browsing = No [test-htdocs] comment = "Test htdocs" path = /akcapps/web/www-test/htdocs public = yes read only = no # writeable = yes create mask = 0644 force create mode = 0664 force directory mode = 0775 force user = web force group = web valid users = @web level2 oplocks = Yes Daim Choc _ Laugh, share and connect with Windows Live Messenger http://clk.atdmt.com/MSN/go/msnnkwme002001msn/direct/01/?href=http://imagine-msn.com/messenger/launch80/default.aspx?locale=en-us&source=hmtagline -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] DFS in Vista
Hi all: I shared a folder in vista. In my samba (3.0.24), I create a DFS link to the vista shared folder. However, I can’t access the share from vista. Other OS such as XP, 2003 can access without a problem. I use two way to connect the share: 1. map network drive: I got “network access is denied” 2. directly type \\ip\share in explorer, I got \\IP\share\DFS is not accessible. You might not have the permission to use the network resource. Network access is denied. Is there anything wrong compatible with vista? Thanks, Latrell. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Reference Documentation Server
Can I have the logfile for the 'map username' / 'security=user' config as well? security=share is really bad these days. Here it is... Config used: [global] workgroup = PPC netbios name = T1000 security = user map to guest = bad password username map = /etc/smbusers [recdata] comment = Read only Recording data path = /T1000 guest ok = yes _ Get Hotmail, News, Sport and Entertainment from MSN on your mobile. http://www.msn.txt4content.com/ -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] 400 Server Error - chdir failed - the server is not configured correctly
Hi! I am unable to get SWAT to work. The browser (Firefox) error message is shown in the subject of this email. Here's what the various config files on my AIX system 4.3.3 running Samba 2.2.8.1 (downloaded from the Bull freeware site) look like :- # cd /etc # more services|grep 901 swat901/tcp #Samba # tail inetd.conf #netbios-ssnstream tcp nowait root/usr/local/samba/bin/smbd smbd #netbios-ns dgram udp waitroot/usr/local/samba/bin/nmbd nmbd swatstream tcp nowait.400 root/usr/local/bin/swat swat # netstat -an|grep 901 tcp0 0 127.0.0.1.33037127.0.0.1.901 CLOSE_WAIT tcp0 0 127.0.0.1.33036127.0.0.1.901 CLOSE_WAIT tcp4 0 0 *.901 *.*LISTEN (The CLOSE_WAIT instances are when I tried to telnet to localhost on port 901 and got hung...) What else should I check? Please advise. Thanks -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Re: Error
Cette adresse n'existe pas sur ce serveur. Personne ne lira votre message. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Domain logins across subnets
Greetings, My environment is Samba 3.0.23d as a PDC, password backend is OpenLDAP 2.3.27, running on SuSE 10.1; workstations are Windows XP SP2, all recent patches applied. All machines are on the same Class B private IP network. Domain logons function perfectly, performance is very nice. For security and performance reasons we are looking at dividing the network into many VLANS, each with its own IP subnet. On the testing network, a very strange thing is happening. When the workstation is on the Class B subnet, all functions work perfectly - Adding machine to domain, logging in, mapping drive to samba server, etc. However, when placed on the test VLAN (a class C private IP subnet) some of this functionality goes away. I can ping the DC (meaning the packets are correctly routed). I can resolve the DC name to its IP (meaning name resolution across the subnet is working), I can resolve my own workstation name to the correct IP. However, when I try to add this machine to the domain, I get the following error: The following error occurred attempting to join the domain "DOMAIN" Logon Failure: unknown user name or bad password. Of course I'm using the same user name and password (root) as I use when on the Class B subnet. When I attempt to map a drive, I get "System error 1326 has occurred - Logon failure: unknown user name or bad password." Stranger yet is that every 5 or so times, this all works perfectly. I've considered problems with the switching hardware, however, I set the workstation to ping the DC constantly for like 4 hours and not a single packet was dropped. There is nothing strange about the setup, it's really very simple. All other services function perfectly between the VLANS. I also tried adding a VLAN on our production network using the production DC with the exact same results. I should add that on the testing network, although the logical layout is similar, we do not have a DHCP server so all address assignments are done by hand. However, when we move the workstation from one subnet to another, we are careful to put the workstation in the correct subnet and make sure that the WINS server is set correctly. I've attached my smb.conf. If any party is interested in further diagnosing the problem I'll be happy spend as much time as necessary to provide the information you might need. Here's my smb.conf (names have been changed to protect the guilty) [global] interfaces = eth0 lo bind interfaces only = yes workgroup = DOMAIN server string = "Domain Controller" passdb backend = ldapsam:ldap://127.0.0.1 log level = 1 syslog = 0 log file = /usr/local/samba/var/log.%m max log size = 2500 name resolve order = wins hosts bcast time server = Yes show add printer wizard = No add user script = /var/lib/samba/sbin/smbldap-useradd.pl -a -m '%u' delete user script = /var/lib/samba/sbin/smbldap-userdel.pl '%u' add group script = /var/lib/samba/sbin/smbldap-groupadd.pl -p '%g' delete group script = /var/lib/samba/sbin/smbldap-groupdel.pl '%g' add user to group script = /var/lib/samba/sbin/smbldap-groupmod.pl -m '%u' '%g' delete user from group script = /var/lib/samba/sbin/smbldap-groupmod.pl -x '%u' '%g' set primary group script = /var/lib/samba/sbin/smbldap-usermod.pl -g '%g' '%u' add machine script = /var/lib/samba/sbin/smbldap-useradd.pl -w '%u' logon script = netlogon.cmd logon path = \\dc\profiles\%U ( file://\dcU ) logon home = \\dc\profiles\%U ( file://\dcU ) domain logons = Yes os level = 75 preferred master = Yes domain master = Yes wins support = Yes ldap admin dn = cn=Manager,dc=example,dc=org ldap group suffix = ou=group ldap idmap suffix = ou=Idmap ldap machine suffix = ou=people ldap suffix = dc=example,dc=org ldap user suffix = ou=people idmap backend = ldap://127.0.0.1 idmap uid = 1-2 idmap gid = 1-2 profile acls = Yes map acl inherit = Yes [netlogon] comment = "Net logon share" path = /netlogon write list = root [profiles] comment = "Roaming profile share" path = /profiles read only = No hide files = /desktop.ini/Desktop.ini/DESKTOP.INI/ csc policy = disable create mask = 0700 force create mode = 0700 directory mask = 0700 force directory mode = 0700 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] HP-UX 10.20
Hello, I encountered a difficult situation in my environment where I have only one hp-ux 10.20 left with no possibility to upgrade. I need a pre-compiled samba version and I am not able to find it. Off course the easiest solution would be the compilation of a older version, but a recent failure on this machine does not allow me to install a compiler :( thus I am in a bad situation. If you maybe have a version somewhere around I would be really happy. Thanks -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Valid users not working on 3.0.23d
On Monday 05 February 2007 11:05, Papo Napolitano wrote: > Felipe Augusto van de Wiel wrote: > > On 02/02/2007 01:08 PM, Papo Napolitano wrote: > >> Any one still having problems with "valid users" on 3.0.23d? > >> I'm working in "security = USER" mode and with local users only. > >> > >> Share configuration : > >> > >> [private] > >> path = /home/private > >> valid users = papo > >> force user = root > >> force group = root > >> read only = No > >> create mask = 0600 > >> directory mask = 0700 > > > > [...] > > > >> Second test, using a valid but not listed user : > >> > >> [EMAIL PROTECTED] /]# smbclient //julieta/private -U administrator > >> Password: > >> Domain=[JULIETA] OS=[Unix] Server=[Samba 3.0.23d] > >> smb: \> mkdir 1 > >> smb: \> rmdir 1 > >> smb: \> quit > >> > >> This is wrong, administrator shouldn't write, not even connect > >> to the share. "invalid users" seems to work ok though. > >> I can provide debug logs for both versions if needed. > >> Any hints? > > > > Is your administrator in the list of 'admin users'? > > > >> Thanks.- > > > > Kind regards, > > No, 'admin users' is empty. > Anyway, I'm observing the same behaviour with any account. > Downgrading to 3.0.22 and using the same smb.conf works, I'm going to > try 3.0.24 in the next couple of days just to be sure. > > Thanks.- Please read the WHATSNEW.txt file that ships with Samba-3.0.x. You'll see that the semantics of "valid users" was changed around 3.0.8. - John T. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Re: Mac OSX doesn't retain file timestamp when copying to SAMBA share
I had a similiar issue recently, also on Solaris. I was running samba 3.0.14a. The clients where Win XP but anyhow a programmer that uses a share noticed one day that one of the timestamps of a file she was copying from somewhere else lost its timestamp. In general though we could copy files over to the share and the timestamps would be retained fine. After lots of experimentation I finally figured out the culprit was when she was copying over top an existing file and she was not the owner of the existing file. She had permission to clobber over the file via her group permission but in that specific case, clobbering over a file she didn't actually own, the file copied would get a fresh timestamp. The first thing I did was try Samba 3.0.23d to see if perhaps it was fixed in that version. Lo and behold it was, the issue went away immediately upon upgrading to 3.0.23d. Tom Schaefer On Tue, 16 Jan 2007 08:30:06 +1100 Troy Kenah <[EMAIL PROTECTED]> wrote: > > Hi All, > > I'm not sure what's causing this but every time I copy a file from one > of the Macs (details below) to the Samba server the file timestamp is > changed to the copy time rather than retaining the last modified time. > Does anyone know what could be causing this? > > Systems: > Mac OSX (versions 10.3.x -> 10.4.x) > Windows 2000 Professional > Solaris 10 running Samba 3.0.11 > > Tests... > Mac OSX -> Mac OSX retains timestamp > Mac OSX -> W2K share retains timestamp > Mac OSX -> Solaris Samba share REPLACES timestamp with copy time > W2K -> Solaris Samba share retains timestamp > > smb.conf > [global] >workgroup = OTP >server string = OTP Server >security = share >load printers = yes >log file = /usr/local/samba/var/log.%m >max log size = 50 >socket options = TCP_NODELAY >dns proxy = no > [otpserver] >comment = OTP Server >browseable = no >writable = yes > [printers] >comment = All Printers >path = /var/spool/samba >browseable = no >guest ok = no >writable = no >printable = yes > [otpdata] >comment = OTP Data >path = /otp/Shared >guest ok = yes >read only = no >writable = yes >public = yes > [ftpdata] >comment = FTP Data >path = /otp/user/guest >guest ok = yes >read only = no >writable = yes >public = yes > > > Regards, > Troy. > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/listinfo/samba > -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] replacing a samba pdc server.
We already did pdbedit -i | -e it some what worked out for us, all i like to say to this is that i find it some what odd that a RPC VAMIRE works for NT4 server migration but not for samba BDC 's ?? but we succeed in migrating from 3.0.11 to 3.0.23d... Thx and Cheers, Collen. Felipe Augusto van de Wiel wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 01/26/2007 05:59 AM, Collen Blijenberg wrote: Hmm, my new server is installed as BDC!, but using RPC VAMPIRE against a samba PDC or Domain, ain't working... Check Andrew's reply, you can't vampire Samba, even if you are a BDC. You should use pdbedit "-i|-e" instead. :) guess it's going to be import/export then, that's all there is left Yes. Kind regards, - -- Felipe Augusto van de Wiel <[EMAIL PROTECTED]> Coordenadoria de Tecnologia da Informação (CTI) - SEDU/PARANACIDADE http://www.paranacidade.org.br/ Phone: (+55 41 3350 3300) -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFFxz/vCj65ZxU4gPQRAihNAJ40oKNUGR+oD2E/ai6YP8HSTatbagCfYJ+y Tgx3KnCOiUUsxEhkoHVfOb8= =oFA/ -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] simple right question
Dear all, I got the following situation, a share called "Bureaus", with the follwong subdirs: /Bureaus/A /Bureaus/B /Bureaus/C etc. where A,B,C.. are the bureau names under all the bureau names are directories: A/Task1 A/Task2 A/Task3 A/Archive For all the bureau names. I've got groups, a groups, everyone is a member of "Domain Users", and that's also always the primary group. And, a group A, a group B etc, and groups "Task1 A", Task1 B"..."Task2 A" etc. The simple idea is to give everyone access to Bureaus, only those who are member of group A can go into /Bureaus/A, and only those who are a member of group "Task1 A" can go to /Bureaus/A/Task1 and do there whatevery they want. So fa so good, I've made acl's which allow "Domain Users" to r-x /Bureau, without passing this to the subdirectories, an acl which allows r-x to group A (also without allowing this to subfolders) for /Bureau/A, and for /Bureau/A/Task1 including subdirectories the acl is "allow group Task1 everything". That works fine. But now for the Archive directory, the /Bureau/A/Archive should be read-only for members of the group A, and read-write for members of the group "Archive Mods A". And that's the problem, if I add an acl (with the windows rights management stuff) for the group A to have read-only right for /Bureau/A/Archive and subdirectories, and for the same directories an acl with "allow everything" for members of the group "Archive Mods A", then the effitive rights for members of "Archive Mods A" is read-only, since the most restrictive rights apply. What I expected at first was that the rights would be additive and only a deny would have the effect which I'm seeing now. How can I make it work? The options I have: global: map acl inherit = Yes The share /Bureaus: path = /samba/Bureau public = no browseable = yes writable = yes printable = no force create mode = 0770 directory mask = 0770 security mask = 0777 force security mode = 0 directory security mask = 0777 force directory security mode = 0 hide unreadable = yes Kind regards, Jeroen Vriesman. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Roaming Profiles won't save
I do have profiles acls = yes in the configuration. On Saturday 03 February 2007 20:58, Daniel O'Connor wrote: > On Saturday 13 January 2007 02:20, Jason Martin wrote: > > Hello! I am migrating an old Red Hat Samba 3.0.9 server to a new Debian > > Etch Samba 3.0.23d with an OpenLDAP backend. I've got almost everything > > working with the new server except the roaming profiles. When a user logs > > off, Windows complains that the permissions are not correct and the > > profile can't be saved. > > Do you have profile acls = yes in your conf? -- Jason Martin Metrix Matrix, Inc. 785 Elmgrove Road, Building 1, Rochester, NY 14624 Office: 888-865-0065 Ext. 202 Mobile: (585) 721-8679 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] The Samba 3 Network speed too slow
Hi, I don't know who can tell me. I have three machines. Two of Windows Server 2003 One is Samba 3 All network is connect 1G NICs. And Switch are all Gigabyte. When I transfer Windows to Windows. The Speed have more then 500Mbits. But when I transfer Windows to Samba The speed only 150Mbits. And sometime will low spped to 70~80Mbits. Is it Samba limited? Or how to fix it? Thanks a lot. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- ³o«Ê«H¥ó¤w¸g¸g¹L MailServer ±½ºË¹L¥B¨S¦³¯f¬r¤Î¤£¦w¥þªº¤º®e -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] FreeBSD and Winbind
On Thursday 08 February 2007 12:00, [EMAIL PROTECTED] wrote: > Unfortunately, some things came up and I going to be here for a while. > So, I changed the debug level on winbindd to 5. Wow, there is a lot > logged! > > When I use wbinfo -u or wbinfo -g, I can see a request to the DC and > information being retrieved. However, when I use getent passwd or getent > group, nothing is logged by winbindd. Does this mean the request is not > getting to winbindd? Sure looks that way. Try runnniing winbindd with -i -n Try enabling debug logging in syslog (ie touch /var/log/debug.log and uncomment the debug line in syslog.conf and restart it) -- Daniel O'Connor software and network engineer for Genesis Software - http://www.gsoft.com.au "The nice thing about standards is that there are so many of them to choose from." -- Andrew Tanenbaum GPG Fingerprint - 5596 B766 97C0 0E94 4347 295E E593 DC20 7B3F CE8C pgpRt3UoteN1N.pgp Description: PGP signature -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re[2]: [Samba] FreeBSD and Winbind
Where did you find the genent? I installed from the port but I didn't find the genent in my FreeBSD system. Thanks ALex On Thu, 8 Feb 2007 01:30:36 - (GMT) [EMAIL PROTECTED] wrote: > > On Thursday 08 February 2007 10:44, [EMAIL PROTECTED] wrote: > >> To be more specific I think I have made a mistake copying the libraries > >> to > >> the proper location. I was not able to find libnss_winbind.so in > >> /usr/samba/source/nsswitch. Instead, I found nss_winbind.so. Is this > >> the > >> correct file to copy? And, where should these files be copied to on > >> FreeBSD? From what I have read so far, I am guessing these should be > >> copied to /usr/lib. > > > > Why aren't you using the port? It should Just Work(tm). > > > > You can keep the nss shared object in /usr/local/lib because FreeBSD will > > mount the disks very early on. > > > >> My nsswitch has the following configuration > >> passwd: files winbind > >> group: files winbind > >> group_compat: nis > >> hosts: files dns > >> networks: files > >> passwd_compat: nis > >> shells: files > > > > Try removing the _compat entries. > > For LDAP I have this.. > > group: files ldap > > hosts: files dns > > networks: files > > passwd: files ldap > > shells: files > > > > And getent works fine. You could try cranking up debugging in Winbindd too > > (not that I've ever used it) > > > > -- > > Daniel O'Connor software and network engineer > > for Genesis Software - http://www.gsoft.com.au > > "The nice thing about standards is that there > > are so many of them to choose from." > > -- Andrew Tanenbaum > > GPG Fingerprint - 5596 B766 97C0 0E94 4347 295E E593 DC20 7B3F CE8C > > > > Unfortunately, some things came up and I going to be here for a while. > So, I changed the debug level on winbindd to 5. Wow, there is a lot > logged! > > When I use wbinfo -u or wbinfo -g, I can see a request to the DC and > information being retrieved. However, when I use getent passwd or getent > group, nothing is logged by winbindd. Does this mean the request is not > getting to winbindd? > > Thanks, > > > Jay > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] wbinfo works, getent doesn't
Hi Don, Thank you very much for the help. A software engineer at my company managed to find the solution, though I'm not quite sure why it worked out the way it did. Thankfully, he was able to look around the "should-be-fine" background of the box I had drawn in troubleshooting. Your comments were right on the mark for the error I posted. I am copying the list because I am a bit troubled by the inconsistencies in the solution. It is not something I looked for first. The original issue was simply that members of the NT 4.0 domain could not access the shares on our file server. The first part of our issue was that libnss_winbind.so was present but not properly linked. This might have happened in an upgrade from 3.0.23 to 3.0.24 earlier this week, though usually Gentoo does this during the build and there is no need to re-link the library manually. It also may have occurred when I rebuilt the samba package earlier today as part of a repair attempt. Our major problem seems to be that I had given the shares access via the following: valid users=@"Domain Users" Apparently this has been deprecated in releases beyond 3.08 and the proper syntax is: valid users=@"DOMAIN\Domain Users" This was apparently made mandatory in 3.0.23. However, we were running fine with the previous on several servers with 3.0.23. Further, the other four file servers, including my original testbed for the upgrade, are all running perfectly with 3.024 and still use this nomenclature. This appears to be quite the enigma, and I didn't want anyone else rebuilding samba and reengineering samba.conf, nsswitch.conf, and all their pam modules before checking this inconsistency that can apparently affect only some servers in the same domain. Again, thank you for the good advice and quick reply. Sincerely, Donald -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] FreeBSD and Winbind
> On Thursday 08 February 2007 10:44, [EMAIL PROTECTED] wrote: >> To be more specific I think I have made a mistake copying the libraries >> to >> the proper location. I was not able to find libnss_winbind.so in >> /usr/samba/source/nsswitch. Instead, I found nss_winbind.so. Is this >> the >> correct file to copy? And, where should these files be copied to on >> FreeBSD? From what I have read so far, I am guessing these should be >> copied to /usr/lib. > > Why aren't you using the port? It should Just Work(tm). > > You can keep the nss shared object in /usr/local/lib because FreeBSD will > mount the disks very early on. > >> My nsswitch has the following configuration >> passwd: files winbind >> group: files winbind >> group_compat: nis >> hosts: files dns >> networks: files >> passwd_compat: nis >> shells: files > > Try removing the _compat entries. > For LDAP I have this.. > group: files ldap > hosts: files dns > networks: files > passwd: files ldap > shells: files > > And getent works fine. You could try cranking up debugging in Winbindd too > (not that I've ever used it) > > -- > Daniel O'Connor software and network engineer > for Genesis Software - http://www.gsoft.com.au > "The nice thing about standards is that there > are so many of them to choose from." > -- Andrew Tanenbaum > GPG Fingerprint - 5596 B766 97C0 0E94 4347 295E E593 DC20 7B3F CE8C > Unfortunately, some things came up and I going to be here for a while. So, I changed the debug level on winbindd to 5. Wow, there is a lot logged! When I use wbinfo -u or wbinfo -g, I can see a request to the DC and information being retrieved. However, when I use getent passwd or getent group, nothing is logged by winbindd. Does this mean the request is not getting to winbindd? Thanks, Jay -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] FreeBSD and Winbind
> On Thursday 08 February 2007 10:44, [EMAIL PROTECTED] wrote: >> To be more specific I think I have made a mistake copying the libraries >> to >> the proper location. I was not able to find libnss_winbind.so in >> /usr/samba/source/nsswitch. Instead, I found nss_winbind.so. Is this >> the >> correct file to copy? And, where should these files be copied to on >> FreeBSD? From what I have read so far, I am guessing these should be >> copied to /usr/lib. > > Why aren't you using the port? It should Just Work(tm). > > You can keep the nss shared object in /usr/local/lib because FreeBSD will > mount the disks very early on. > >> My nsswitch has the following configuration >> passwd: files winbind >> group: files winbind >> group_compat: nis >> hosts: files dns >> networks: files >> passwd_compat: nis >> shells: files > > Try removing the _compat entries. > For LDAP I have this.. > group: files ldap > hosts: files dns > networks: files > passwd: files ldap > shells: files > > And getent works fine. You could try cranking up debugging in Winbindd too > (not that I've ever used it) > > -- > Daniel O'Connor software and network engineer > for Genesis Software - http://www.gsoft.com.au > "The nice thing about standards is that there > are so many of them to choose from." > -- Andrew Tanenbaum > GPG Fingerprint - 5596 B766 97C0 0E94 4347 295E E593 DC20 7B3F CE8C > I removed the compat entires with the same result. I am installing the port now to see if that fixes my problem. When I have some more time tomorrow, I will use the debugging on winbind and see what I can find. Thanks, Jay -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Unicode support--case sensitive in share name
It seems to be the problem with upper.dat and lower.dat. I used strace and found I missed the two files. After copy the two files, the transformation is OK. Thanks, Latrell. -Original Message- From: Don McCall [mailto:[EMAIL PROTECTED] Sent: Tuesday, February 06, 2007 9:25 PM To: Latrell Wang 王獻綱 Subject: Re: [Samba] Unicode support--case sensitive in share name Hi, The only time I have seen this is on filenames with german (or portugese, actually) characters. And it only happened if the client and server were sending ascii, instead of unicode, like the older win95/98 clients will do. Check the version of you samba server, and what client you are using to access the share - unless they negotiate unicode over the wire, I would expect this problem. - Original Message From: Latrell Wang 王獻綱 <[EMAIL PROTECTED]> To: samba@lists.samba.org Sent: Tuesday, February 6, 2007 6:04:48 AM Subject: [Samba] Unicode support--case sensitive in share name Hi all: I create one share named grôzer but the share can’t be accessed.I looked into the log, and find the share name will be transformed to upper case and then lower case. The ASCII can be transformed in between successfully, but German can’t. It leaded to access failed. I also tried the upper case share grÔzer, and it works successfully. It seems the lower case can’t be transformed back from upper case. The log is as follows: [2007/02/06 18:59:46, 5] lib/username.c:Get_Pwnam_internals(234) Trying _Get_Pwnam(), username as lowercase is grÔzer [2007/02/06 18:59:46, 5] lib/username.c:Get_Pwnam_internals(252) Trying _Get_Pwnam(), username as uppercase is GRÔZER [2007/02/06 18:59:46, 5] lib/username.c:Get_Pwnam_internals(261) Checking combinations of 0 uppercase letters in grÔzer [2007/02/06 18:59:46, 5] lib/username.c:Get_Pwnam_internals(267) Get_Pwnam_internals didn't find user [grÔzer]! [2007/02/06 18:59:46, 3] smbd/service.c:find_service(151) checking for home directory grÔzer gave (NULL) [2007/02/06 18:59:46, 3] smbd/service.c:find_service(208) find_service() failed to find service grÔzer [2007/02/06 18:59:46, 0] smbd/service.c:make_connection(851) latrellpc (172.23.26.17) couldn't find service grÔzer [2007/02/06 18:59:46, 3] smbd/error.c:error_packet(146) error packet at smbd/reply.c(672) cmd=117 (SMBtconX) NT_STATUS_BAD_NETWORK_NAME Thanks, Latrell. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba It's here! Your new message! Get new email alerts with the free Yahoo! Toolbar. http://tools.search.yahoo.com/toolbar/features/mail/ -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] FreeBSD and Winbind
On Thursday 08 February 2007 10:44, [EMAIL PROTECTED] wrote: > To be more specific I think I have made a mistake copying the libraries to > the proper location. I was not able to find libnss_winbind.so in > /usr/samba/source/nsswitch. Instead, I found nss_winbind.so. Is this the > correct file to copy? And, where should these files be copied to on > FreeBSD? From what I have read so far, I am guessing these should be > copied to /usr/lib. Why aren't you using the port? It should Just Work(tm). You can keep the nss shared object in /usr/local/lib because FreeBSD will mount the disks very early on. > My nsswitch has the following configuration > passwd: files winbind > group: files winbind > group_compat: nis > hosts: files dns > networks: files > passwd_compat: nis > shells: files Try removing the _compat entries. For LDAP I have this.. group: files ldap hosts: files dns networks: files passwd: files ldap shells: files And getent works fine. You could try cranking up debugging in Winbindd too (not that I've ever used it) -- Daniel O'Connor software and network engineer for Genesis Software - http://www.gsoft.com.au "The nice thing about standards is that there are so many of them to choose from." -- Andrew Tanenbaum GPG Fingerprint - 5596 B766 97C0 0E94 4347 295E E593 DC20 7B3F CE8C pgpgbTRELUUEI.pgp Description: PGP signature -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] FreeBSD and Winbind
I'm hoping this is an easy question, but the way my day has gone I seriously doubt it is going to be. Today, I installed Samba 3.0.24 with winbind support on my FreeBSD 6.2 server. I am able to join my domain and get information concerning groups and passwords from the domain controller (Windows 2003) without any problem. Where I have run into a problem is using getent to get a copy of the usernames/passwords and groups moved to the Samba machine. When I run getent, only information from the local passwd and group files is displayed. Which leads me to believe this is an nsswitch problem. To be more specific I think I have made a mistake copying the libraries to the proper location. I was not able to find libnss_winbind.so in /usr/samba/source/nsswitch. Instead, I found nss_winbind.so. Is this the correct file to copy? And, where should these files be copied to on FreeBSD? From what I have read so far, I am guessing these should be copied to /usr/lib. I have run ldconfig and it shows (using -r) libnss_winbind.so.1 and libnss_winbind.so.2 being listed in the hints file. My nsswitch has the following configuration passwd: files winbind group: files winbind group_compat: nis hosts: files dns networks: files passwd_compat: nis shells: files Any suggestions concerning how to proceed would be greatly appreciated. Thanks, Jay -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] wbinfo works, getent doesn't
Only time I have ever seen this was when /etc/nsswitch.conf was misconfigured, and either didn't have winbind in the passwd and group lines, or the method before it was configured to [notfound return] instead of [notfound continue] Is it possible that someone has messed with this file lately, or that the libnss_winbindd library (or the link to it) has broken? Don - Original Message From: Donald N Kenepp <[EMAIL PROTECTED]> To: samba@lists.samba.org Sent: Wednesday, February 7, 2007 4:05:07 PM Subject: [Samba] wbinfo works, getent doesn't Hi All, I have an NT 4 domain with multiple samba servers. One of my samba fileservers stopped allowing domain login requests. While it can enumerate the domain users with wbinfo -u, and the domain groups with wbinfo -g, getent passwd does not list the domain users. All the other servers in the domain are fine. Any suggestions for how to track down this error? Sincerely, Donald -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba The fish are biting. Get more visitors on your site using Yahoo! Search Marketing. http://searchmarketing.yahoo.com/arp/sponsoredsearch_v2.php -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Cannot change case of existing file names
Jeremy Allison wrote: > I've just fixed this in SVN. Turns out it was side-effect > breakage when we turned on root dfs by default. That was > a fun one - allowed me to clean up some old DFS code :-). Excellent. Thanks! -- Jordan Russell -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Cannot change case of existing file names
On Mon, Feb 05, 2007 at 09:33:35PM -0600, Jordan Russell wrote: > Server OS: Linux / Fedora Core 6 > Samba version: 3.0.24, 3.0.23 (binary packages for FC6) > Samba configuration: All defaults > Client OS: Windows XP SP2, Windows 2000 SP4 > > In recent versions of Samba (including 3.0.24), attempting to rename a > file to a new name that differs only in case appears to have no effect: > > X:\tmp>echo . > FILE.txt > > X:\tmp>dir > 02/05/2007 08:21p 4 FILE.txt > > X:\tmp>ren FILE.txt file.txt > > X:\tmp>dir > 02/05/2007 08:21p 4 FILE.txt > > I'm pretty sure this worked in older versions. > Any ideas? I've just fixed this in SVN. Turns out it was side-effect breakage when we turned on root dfs by default. That was a fun one - allowed me to clean up some old DFS code :-). Jeremy. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] wbinfo works, getent doesn't
Hi All, I have an NT 4 domain with multiple samba servers. One of my samba fileservers stopped allowing domain login requests. While it can enumerate the domain users with wbinfo -u, and the domain groups with wbinfo -g, getent passwd does not list the domain users. All the other servers in the domain are fine. Any suggestions for how to track down this error? Sincerely, Donald -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Domain login across subnets
Greetings, My envrionment is Samba 3.0.23d as a PDC, password backend is OpenLDAP 2.3.27, running on SuSE 10.1; workstations are Windows XP SP2, all recent patches applied. All machines are on the same Class B private IP network. Domain logons function perfectly, performance is very nice. For security and performance reasons we are looking at dividing the network into many VLANS, each with its own IP subnet. On the testing network, a very strange thing is happening. When the workstation is on the Class B subnet, all functions work perfectly - Adding machine to domain, logging in, mapping drive to samba server, etc. However, when placed on the test VLAN (a class C private IP subnet) some of this functionality goes away. I can ping the DC (meaning the packets are correctly routed). I can resolve the DC name to its IP (meaning name resolution across the subnet is working), I can resolve my own workstation name to the correct IP. However, when I try to add this machine to the domain, I get the following error: The following error occurred attempting to join the domain "DOMAIN" Logon Failure: unknown user name or bad password. Of course I'm using the same user name and password (root) as I use when on the Class B subnet. When I attempt to map a drive, I get "System error 1326 has occurred - Logon failure: unknown user name or bad password." Stranger yet is that every 5 or so times, this all works perfectly. I've considered problems with the switching hardware, however, I set the worstation to ping the DC constantly for like 4 hours and not a single packet was dropped. There is nothing strange about the setup, it's really very simple. All other services function perfectly between the VLANs. I also tried adding a VLAN on our prodcution network using the production DC with the exact same results. I should add that on the testing network, although the logical layout is similar, we do not have a DHCP server so all address assignments are done by hand. However, when we move the workstation from one subnet to another, we are careful to put the workstation in the correct subnet and make sure that the WINS server is set correctly. I've attached my smb.conf. If any party is interested in further diagnosing the problem I'll be happy spend as much time as neccessary to provide the information you might need. Here's my smb.conf (names have been changed to protect the guilty) [global] interfaces = eth0 lo bind interfaces only = yes workgroup = DOMAIN server string = "Domain Controller" passdb backend = ldapsam:ldap://127.0.0.1 log level = 1 syslog = 0 log file = /usr/local/samba/var/log.%m max log size = 2500 name resolve order = wins hosts bcast time server = Yes show add printer wizard = No add user script = /var/lib/samba/sbin/smbldap-useradd.pl -a -m '%u' delete user script = /var/lib/samba/sbin/smbldap-userdel.pl '%u' add group script = /var/lib/samba/sbin/smbldap-groupadd.pl -p '%g' delete group script = /var/lib/samba/sbin/smbldap-groupdel.pl '%g' add user to group script = /var/lib/samba/sbin/smbldap-groupmod.pl -m '%u' '%g' delete user from group script = /var/lib/samba/sbin/smbldap-groupmod.pl -x '%u' '%g' set primary group script = /var/lib/samba/sbin/smbldap-usermod.pl -g '%g' '%u' add machine script = /var/lib/samba/sbin/smbldap-useradd.pl -w '%u' logon script = netlogon.cmd logon path = \\dc\profiles\%U logon home = \\dc\profiles\%U domain logons = Yes os level = 75 preferred master = Yes domain master = Yes wins support = Yes ldap admin dn = cn=Manager,dc=example,dc=org ldap group suffix = ou=group ldap idmap suffix = ou=Idmap ldap machine suffix = ou=people ldap suffix = dc=example,dc=org ldap user suffix = ou=people idmap backend = ldap://127.0.0.1 idmap uid = 1-2 idmap gid = 1-2 profile acls = Yes map acl inherit = Yes [netlogon] comment = "Net logon share" path = /netlogon write list = root [profiles] comment = "Roaming profile share" path = /profiles read only = No hide files = /desktop.ini/Desktop.ini/DESKTOP.INI/ csc policy = disable create mask = 0700 force create mode = 0700 directory mask = 0700 force directory mode = 0700 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] upgrade 3.04 to 3.0.23d ?
Stefan G. Weichinger schrieb: > Gerald (Jerry) Carter schrieb: >> STefan, I would recommend reading the WHATSNEW for >> relevant changes since a lot has changes in 3 years. >> This will also help bring you up to date on any >> smb.conf option changes. > > Umm, yes, I know this would be the thing to do. Read through the Whatsnew.txt today, the only danger seems to be the changed behavior regarding SIDs and the group-mapping. I will backup /var/lib/samba before upgrade ;) What about charsets? The problem I am trying to solve seems to be related to some charset-problem: files with umlauts in their names seem to be misinterpreted by linux-tools or something like that, at least at restore time, when unpacking a tgz or similar ... Is it necessary/clever to sync the files to some XP-client (by using a XP-client that sees the filenames correctly), then upgrade samba and after that copy the files back to the Samba-share, storing the files onto the linux-filesystem through the uptodate-samba again? Hope this doesn't sound too weird. I am spending way too much time on debugging this already, backup isn't reliable there right now and I have to find a solution soon without risking too much. Thanks, greets, Stefan. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] More than one user with SID xxx
On Wed, 2007-02-07 at 20:50 +0100, Natxo Asenjo wrote: > hi, > > I do not know how this has happened, but 2 of my users in ldapsam have > the same sid. Can I just modify the sambasid attribute by hand or > should I delete and recreate one of the user accounts? You can just change the SID, but you will have to re-permission all the user files both on the server, but absolutely on the client and in the registry of the client. if you can rename the user that might be easier and you will then migrate the user on the client with the local tools to change profile permissions (exp for the registry). Simo. -- Simo Sorce Samba Team GPL Compliance Officer email: [EMAIL PROTECTED] http://samba.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] More than one user with SID xxx
hi, I do not know how this has happened, but 2 of my users in ldapsam have the same sid. Can I just modify the sambasid attribute by hand or should I delete and recreate one of the user accounts? -- Groeten, J.Asenjo -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: Cannot change case of existing file names
Gerald (Jerry) Carter wrote: > File a bug please. Although in ge grand scheme of things > this would be low priority to me. Maybe Jeremy feels differently. > He lives in the file serving code more than I do. Okay, done: https://bugzilla.samba.org/show_bug.cgi?id=4377 -- Jordan Russell -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Re: kerberos/Samba integration questions
For all interested: Adding the following to the global config section and rejoining the domain caused samba to fill my krb5.keytab file for me! I'm still working on some minor issues with winbind and the ad sfu integration, but this was my big missing item. use kerberos keytab = Yes Thanks to the folks that responded and got me pointed the right way! "Jon Allingham" <[EMAIL PROTECTED]> wrote in message news:[EMAIL PROTECTED] > I'm trying to integrate Samba with my kerberos configuration on Solaris 10 > (with Samba 3.0.23d) and I have one basic issue - probably I don't > understand something. Hopefully one of you experts can help. > > We have an AD based organization but we do a lot of Unix work on Solaris > 10 and AIX 5.3 - I have about 75 *nix servers of various flavors. There's > a lot of value in SSO solutions/credential consolidation to us, but we're > a small organization. > > I have a functional Solaris configuration talking LDAP to AD, using > kerberos for password authentication, successfully pulling UID/GID from > SFU on Server 2003 R2. LDAP mapping using the built in LDAP client in > Solaris 10 works smoothly; getent returns everything it should. kerberos > versions of telnet etc all work fine and forward credentials. This config > uses the pam_krb5 module, not winbind and uses ldap in the nssswitch.conf > > Alternatively, I can not run the kinit -k for the host, leave out the > krb5.keytab (and of course fix all the SPN information in AD from the > above configuration) and configure Samba in AD mode and it properly joins > the domain. User names get mapped properly. File access through samba > works. > > What I can't seem to figure out how to do is have a functional kerberos > configuration with a keytab entry at the same time I have samba working - > Samba wants to join the domain using a machine account and assigns the > principal host/hostname.myorg.com and I don't see any way of getting that > same information exported into the krb5.keytab so I can run kinit -k to > get the proper host credentials. And I need the same > host/hostname.myorg.com principal to be set on the account that is mapped > to the system. > > AD isn't terribly happy about using a machine account anyway to configure > kerberos, at least not on Solaris - it works much better to use a user > account and then set the principal with the ktpass utility on the windows > DC. > > It seems that conceptually what I need is to be able to set the samba > created information as the keytab entry, but I haven't the faintest idea > how to do that. > > I tried setting the verify_ap_req_nofail = false value in the krb5.conf > file to keep it from requiring a host entry, but that didn't seem to make > any difference. > > I suppose what I'd really like to do is be able to manually export the > keytab from AD using ktpass and use the SAME information for both the OS > controlled kerberos based services as well as for Samba. Or alternatively > be able to point my krb5.conf file to a samba controlled keytab entry for > host/hostname.myorg.com > > Any ideas are appreciated. > > > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/listinfo/samba > -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Domain logons and client IP broadcasts
Sebastian Held wrote: I'm sorry, but I don't know the cause. You should make sure, that Lab-119 actually uses DHCP. Have a look at the blocked packets of the firewall and compare with Lab-101. I had the same error "domain not available", but a different scenario... I think it was solved, by joining the PDC to itself - but seems not be related to your problem. If Lab-119 is a windows machine, I would recommend a reinstall - most times this work quite well ;) kind regards, Sebastian all of my lab machines are win2k SP4, identical hardware, and are cast from a single image. So I can restore a machine to an exact state in about 15 minutes. On first boot, a script runs that does a reverse lookup of the IP address and changes the computername to match, then reboots. So for a particular experimental run: restore both machines. change setting on one. try login. Thanks for you help. This may be an effect of using an ancient version of samba (2.2.8a) My next challenge will be to see if I can reproduce this on 3.0.23 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] "Windows cannot obtain the domain controller name for your computer network" error on XP Pro SP2 clients for Samba 3.0.23d PDC
Hi, I've recently reinstalled our Samba server with a view to getting it working as a PDC using the tdbsam backend. I've successfully connected a number of XP Pro SP2 clients to the domain and can login ok, but I'm have problems getting the clients to read/apply an NTConfig.POL file I created following the instructions at http://www.pcc-services.com/custom_poledit.html I'm seeing the following error logged in the event log on the XP Pro SP2 clients, Event ID: 1054 Source: Userenv Type: Error Description: Windows cannot obtain the domain controller name for your computer network. (The specified domain either does not exist or exist or could not be contacted). Group Policy processing aborted. Data: (unavailable) Some Googling turns up the following http://support.microsoft.com/kb/840669 and various other postings on this on the net. In response to those I've tried various combinations of the following, 1. Change from using DHCP to static IP on client. 2. Applied various registry hacks including turning DHCP media sensing off. 3. Disabled various network card options such as media sensing. 4. Forced the card to 100Mbps/full duplex (rather than auto). 5. Upgraded to the latest network card drivers. 6. Downgraded to older network card drivers. I'm getting the same error message on 3 XP Pro SP2 clients which I test this on, all of which have gigabit broadcom cards (various different chipsets). The knowledge base article suggests this is a problem which occurs with gigabit cards .. short of trying adding new network cards to the systems (some of which are laptops) - does anyone have any suggestions on what I could try? I assumes others are successfully running with a similar config or are PDCs with tdbsam rare (or is that totally unrelated to the problems I'm experiencing). I've also tried using a Samba PDC config from the HOWTO rather than my own hand-crafted one (see below for both). Samba version is 3.0.23d running on 2.6.17-2-686 Debian etch on Dell Poweredge 1600sc with an Intel Corporation 82540EM Gigabit Ethernet Controller (rev 02). I have a djbdns dhcp server on the network serving which references the samba server as a wins server. Thanks, -stephen Original PDC config [global] workgroup = X netbios name = server string = %h server (Samba %v) log file = /var/log/samba/log.%m max log size = 1000 syslog = 0 panic action = /usr/share/samba/panic-action %d security = user encrypt passwords = true passdb backend = tdbsam obey pam restrictions = yes guest account = nobody unix password sync = yes passwd program = /usr/bin/passwd %u pam password change = yes domain logons = yes os level = 40 logon path = \\%L\profiles\%U logon drive = U: logon home = \\%L\%U logon script = logon.cmd add machine script = /usr/sbin/useradd -d /var/lib/nobody -g 1015 -s /bin/false %u load printers = yes printing = cups printcap name = cups socket options = TCP_NODELAY domain master = yes preferred master = yes wins support = yes idmap uid = 1-2 idmap gid = 1-2 template shell = /bin/bash smb ports = 445 [homes] comment = Home Directories browseable = no writable = yes create mask = 0700 directory mask = 0700 hide files = /desktop.ini/ntuser.ini/NTUSER.*/RECYCLER/ [printers] comment = All Printers browseable = no path = /var/spool/samba printable = yes public = no writable = no create mode = 0700 # Windows clients look for this share name as a source of downloadable # printer drivers [print$] comment = Printer Drivers path = /var/lib/samba/printers write list = root, @ntadmin printer admin = root, @ntadmin [netlogon] comment = Network Logon Service path = /var/lib/samba/netlogon guest ok = yes writable = no share modes = no # For profiles to work, create a user directory under the path # shown. i.e., mkdir -p /var/lib/samba/profiles/maryo [profiles] comment = Roaming Profile Share path = /var/lib/samba/profiles read only = No profile acls = Yes PDC config from HOWTO [global] workgroup = netbios name = passdb backend = tdbsam printcap name = cups add user script = /usr/sbin/useradd -m %u delete user script = /usr/sbin/userdel -r %u add group script = /usr/sbin/groupadd %g delete group script = /usr/sbin/groupdel %g add user to group script = /usr/sbin/groupmod -A %u %g delete user from group script = /usr/sbin/groupmod -R %u %g add machine script = /usr/sbin/useradd -s /bin/false -d /var/lib/nobody %u # Note: The following specifies the default logon script. # Per user logon scripts can be specified in the user account using pdbedit logon script = scripts\logon.bat # This sets the default profile path. Set per user paths with pdbedit logon path = \\%L\Profiles\%U logon drive = H: logon home = \\%L\%U domain logons = Yes os level = 35 preferred master = Yes domain master = Yes idmap uid = 15000-2
[Samba] Re: Cannot change case of existing file names
Mac wrote: > MS Windows doesn't distinguish between those two names, so it won't let > you perform the re-name as it thinks you're not changing the name. That's actually not true; Windows-hosted filesystems allow it. --- Test on local Windows 2000 file system --- C:\>echo . > FILE.txt C:\>dir 02/07/2007 12:11p 4 FILE.txt C:\>ren FILE.txt file.txt C:\>dir 02/07/2007 12:11p 4 file.txt --- Test on remote share hosted by Windows 2000 server --- J:\>echo . > FILE.txt J:\>dir 02/07/2007 12:12p 4 FILE.txt J:\>ren FILE.txt file.txt J:\>dir 02/07/2007 12:12p 4 file.txt -- Jordan Russell -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] ntuser.dat
Keith Lynn wrote: What are the implications of locking the ntuser.dat file on the user's server profile? That is, if I make the ntuser.dat file read-only, what affects will that have on the client? The follwoing is worth what you paid for it. Maybe. The client machine will fuss when the user logs out, and complain that it cannot copy the profle back. Sometimes this means that other stuff in the profile directory won't get copied back too. If you don't want the users to mess with the profile, then rename it from .dat to .man. This creates a mandatory profile. I think win clients know that this is not changeable and don't try. Users can make changes in the local copy, but they don't stick. This is usually more hassle than it's worth, as some programs use the registry to save state. (E.g. Nikon View saves the last open folder, and brings you back to that point on the next invocation. A third way to do it is to let the users have their individual profiles initially, then run a script that copies a standard profile over the user profile every night. This has to be a profile usable by everyone, or has to be that user's profile from previously. A fourth way to this is to make user that your netlogon share has the profile you want users to use, then just delete the ntuser.dat files every night. The client saves the file without a problem, but the next day, it's not there so the default user profile is loaded instead. The best way, I think would be to script the editing of the user's ntuser.dat file to reset the keys that you want set. Probably can be done with policies too. I'm just learning about policies. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: Cannot change case of existing file names
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Jordan Russell wrote: > Gerald (Jerry) Carter wrote: >> If it did ever work, it was a fluke. Renaming >> files to different case on a caseless filesystem >> (or filesystem protocol) doesn't make much sense. > > Erm, why would it be a "fluke"? You can do this on > local filesystems (as far back as Windows 95, at least), and > you can do this on shares exposed by Windows servers. > Only when talking to a (recent) Samba server does it > fail to rename the file. File a bug please. Although in ge grand scheme of things this would be low priority to me. Maybe Jeremy feels differently. He lives in the file serving code more than I do. cheer,s jerry = Samba--- http://www.samba.org Centeris --- http://www.centeris.com "What man is a man who does not make the world better?" --Balian -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.3 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFFyhs+IR7qMdg1EfYRAjw9AKDs+QDg+XykJ1Dgzfg3FPxiMxsHagCfaSQM DsFDNFnHkaxfFbVKL/XIj8M= =CZiE -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Samba guest user root?
Hi, i have installed samba, but how can i set the guest user to root, so that it has full acces? and i want to add a share that points to / because it is in my LAN, and i don't want to enter login information all the time. i just want to go to \\server\root and see my files Please help me, Thanks, Tijnema -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Cannot change case of existing file names
On Wed, Feb 07, 2007 at 05:12:32AM -0600, Gerald (Jerry) Carter wrote: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA1 > > Jordan Russell wrote: > > > In recent versions of Samba (including 3.0.24), attempting > > to rename a file to a new name that differs only in > > case appears to have no effect: > > If it did ever work, it was a fluke. Renaming > files to different case on a caseless filesystem > (or filesystem protocol) doesn't make much sense. No, someone did log a bug on this once and I did fix it :-). The thing to do is test with smbclient to see if my fix still works - Windows exporer canonicalizes the name so you can't use that. Jeremy. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Re: Cannot change case of existing file names
Gerald (Jerry) Carter wrote: > If it did ever work, it was a fluke. Renaming > files to different case on a caseless filesystem > (or filesystem protocol) doesn't make much sense. Erm, why would it be a "fluke"? You can do this on local filesystems (as far back as Windows 95, at least), and you can do this on shares exposed by Windows servers. Only when talking to a (recent) Samba server does it fail to rename the file. (How I noticed this problem: I have an rsync-like program that mirrors the contents of a local directory to a remote system. One thing it checks for is discrepancies in the case of filenames; if it finds any, it corrects them. This feature works on Windows servers, and up until recently, I'm fairly certain that it worked on Samba servers as well. Now, when talking to Samba servers, the program just finds more and more case discrepancies each time it runs, because it can never correct them.) -- Jordan Russell -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] audit module
Sascha wrote:
{munch}
another question is: how can i tell samba to keep more versions of the log
files? Now it only keeps a client.log and a client.log.old.
One tack may be to write a script to rename any old files to a
datestamped file.
If you do this, you end up with
smbd-smith_2007-01-16.log.gz
smbd-smith_2007-01-17.log.gz
Run the script at 11:58 and do the datestring at the start.
Each file will contain the activity of that day.
Alternately, use newsyslog. Part of the release with freebsd. Probably
available for other systems.
# logfilename [owner:group]mode count size when [ZJB]
[/pid_file] [
sig_num]
//var/log/daemon 644 365 *$D0 Z
/var/log/maillog644 365 *$D0 Z
/var/log/dns644 365 *$D0 Z
I've not done this with samba log files, as I've not found them useful
for anything but debugging current problems.
If you want dailies, then in smb.conf, set the file size for the logs to
be larger than you would get in a day, or set it to be 0 (unlimited)
The format above names them files name.1 name.2 name.3... and gzips them.
If you prefer a slightly different approach:
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Vista password being rejected on share security mode
On Wed, Feb 07, 2007 at 10:07:58AM -0600, Schaefer Jr, Thomas R. wrote: > > Using your patch and Vista, if I'm logged into Vista as someone other > than username schaefer and go Start -> Run -> \\stercus\schaefer it > won't connect, even if the current Vista user's password is the same as > schaefer's password on stercus. So, then Vista prompts me for a > username and password, I can enter schaefer and schaefer's correct > password, it still won't be able to connect. I need to see a debug level 10 of this from a machine with the patch applied. This might be a bug, I'm not sure yet. > What does work is if I'm logged into Vista as someone other than > username schaefer I can right click My Computer, get into the "map > network drive" dialogue, and in that dialogue I can specify a drive > letter, \\stercus\schaefer, and, this is the key, click "Connect using a > different user name" specify schaefer and schaefer's password on stercus > and then the drive maps successfully. > > Eagerly awaiting any comments you might have. Again, thankyou for the > patch, at least I have some funtionality now. I think this is by design on Vista. The key is that Vista does the sessionsetup as user name "schaefer" until you select the ""Connect using a different user name". We cache the user sent in the sessionsetupX call. Jeremy. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re[2]: [Samba] Problems accessing a Samba share while logged into an AD domain....
see below On Wed, 7 Feb 2007 09:14:30 -0800 (PST) Sukanta Ganguly <[EMAIL PROTECTED]> wrote: > Alex, >This is my smb.conf file content. > > > > [global] > workgroup = SMOKIN > # map to guest = Bad User > idmap gid = 1-2 > idmap uid = 1-2 > realm = SMOKIN.NET > security = ADS > usershare max shares = 100 > winbind refresh tickets = yes > server string = Suse-vm2 > netbios name = Suse-vm2 > log level = 3 > log file = /var/log/samba/%m > max log size = 50 > winbind separator = + by Alex < here is + for winbind separator > encrypt passwords = yes > preferred master = no > template homedir = /home/%D/%U > template shell = /bin/bash > [data] > comment = Data > path = /Data > browseable = Yes > read only = No > inherit acls = Yes > valid users = SMOKIN\administrator SMOKIN\user1 SMOKIN\user2 > write list = SMOKIN\Administrator by Alex Here you use "\" as separator > > > > The Linux box runs Suse 10.1 and is names Suse-vm2 in the domain. "/Data" is > a directory where access needs to be provided. > > What am I doing wrong here? > > Thanks for your help > > -S- > > > > - Original Message > From: Alex Wang <[EMAIL PROTECTED]> > To: Sukanta Ganguly <[EMAIL PROTECTED]> > Sent: Tuesday, February 6, 2007 5:52:09 PM > Subject: Re: [Samba] Problems accessing a Samba share while logged into an AD > domain... > > > You better post some kind of samba setting. There are too many reason > for that problem > > > Alex > On Tue, 6 Feb 2007 17:30:06 -0800 (PST) > Sukanta Ganguly <[EMAIL PROTECTED]> wrote: > > > Hi, > >I am having some problems a Samba server logged into an Active Directory > > Domain, acting as PDC on Windows 2003 server. When I log into the AD domain > > from my XP machine, I see the Linux server, which has also logged into the > > AD server and exported a few shares. From XP i see the share in explorer > > but when I try to access it it pops up a login/password box for me. When I > > enter the login id and password (which is my login id and password for the > > AD domain, which it should not ask as I am already logged into the domain), > > it tells me that it is incorrect. > >Do you what I have done wrong here? > >If I am not logged into that particular AD domain where in the > > Linux/Samba server is loged and I try to access the Linux box from outside > > it works. What is the difference here? It still askes me for the Login id > > and password which is the AD login id and password (It should ask in this > > case as I am not logged into the domain). > >Any help or pointers will be appreciated. > > > > Thanks > > -S- > > > > > > > > > > Do you Yahoo!? > > Everyone is raving about the all-new Yahoo! Mail beta. > > http://new.mail.yahoo.com > > -- > > To unsubscribe from this list go to the following URL and read the > > instructions: https://lists.samba.org/mailman/listinfo/samba > > > > > Looking for earth-friendly autos? > Browse Top Cars by "Green Rating" at Yahoo! Autos' Green Center. > http://autos.yahoo.com/green_center/ -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Problems accessing a Samba share while logged into an AD domain....
Sukanta Ganguly wrote: Hi, This is my smb.conf file content. [global] workgroup = SMOKIN # map to guest = Bad User idmap gid = 1-2 idmap uid = 1-2 realm = SMOKIN.NET security = ADS usershare max shares = 100 winbind refresh tickets = yes server string = Suse-vm2 netbios name = Suse-vm2 log level = 3 log file = /var/log/samba/%m max log size = 50 winbind separator = + encrypt passwords = yes preferred master = no template homedir = /home/%D/%U template shell = /bin/bash [data] comment = Data path = /Data browseable = Yes read only = No inherit acls = Yes valid users = SMOKIN\administrator SMOKIN\user1 SMOKIN\user2 write list = SMOKIN\Administrator You set the "winbind separator" to "+" but use "/" for "valid users" and "write list". Try fix that first. -- Geir A. Myrestrand -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Connection from WinXP 64 Bit to Samba server broken?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi! One of our users upgraded her Windows client from Windows XP 32 Bit to windows XP 64 bit and can not connect to any samba server in the network since, with one exception: there is one server, running samba-3.0.20b, which works. With other servers, running various samba versions up to samba-3.0.23c, the Windows client can not connect anymore (there are about 10 samba servers in the network) Windows just says "can not access" and "the request is not supported" (this is a rough translation, the original messages are in german) In the samba logfiles I see the following error (example logs from server "CDROMSRV" at aaa.bbb.ccc.27): [...] [2007/02/02 15:00:32, 3] smbd/sesssetup.c:reply_sesssetup_and_X_spnego(660) Doing spnego session setup [2007/02/02 15:00:32, 3] smbd/sesssetup.c:reply_sesssetup_and_X_spnego(691) NativeOS=[Windows XP 3790 Service Pack 1] NativeLanMan=[] PrimaryDomain=[Windows XP 5.2] [2007/02/02 15:00:32, 3] smbd/sesssetup.c:reply_spnego_negotiate(551) Got OID 1 3 6 1 4 1 311 2 2 10 [2007/02/02 15:00:32, 3] smbd/sesssetup.c:reply_spnego_negotiate(554) Got secblob of size 40 [2007/02/02 15:00:32, 3] libsmb/ntlmssp.c:debug_ntlmssp_flags(63) Got NTLMSSP neg_flags=0xe2088297 [2007/02/02 15:00:32, 3] lib/util_sock.c:open_socket_out(874) Connecting to aaa.bbb.ccc.1 at port 445 [2007/02/02 15:00:32, 3] auth/auth_server.c:server_cryptkey(75) connected to password server SRVL12 [2007/02/02 15:00:32, 3] auth/auth_server.c:server_cryptkey(100) got session [2007/02/02 15:00:32, 3] auth/auth_server.c:server_cryptkey(133) password server OK [2007/02/02 15:00:32, 3] auth/auth_server.c:auth_get_challenge_server(183) using password server validation [2007/02/02 15:00:32, 3] smbd/process.c:timeout_processing(1359) timeout_processing: End of file from client (client has disconnected). [2007/02/02 15:00:32, 3] smbd/sec_ctx.c:set_sec_ctx(241) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2007/02/02 15:00:32, 3] smbd/connection.c:yield_connection(69) Yielding connection to [2007/02/02 15:00:32, 3] smbd/server.c:exit_server_common(675) Server exit (normal exit) This looks like the client just closes the connection before it even authenticates. This is consistent with the network traffic dump I took (the client in question has address aaa.bbb.ccc.125): [...] 112.287218 aaa.bbb.ccc.125aaa.bbb.ccc.27 TCP jvserver > netbios-ssn [SYN] Seq=0 Len=0 MSS=1460 112.287241 aaa.bbb.ccc.27 aaa.bbb.ccc.125TCP netbios-ssn > jvserver [SYN, ACK] Seq=0 Ack=1 Win=5840 Len=0 MSS=1460 112.287346 aaa.bbb.ccc.125aaa.bbb.ccc.27 NBSS Session request, to CDROMSRV<20> from PCI1HAG<00> 112.287362 aaa.bbb.ccc.27 aaa.bbb.ccc.125TCP netbios-ssn > jvserver [ACK] Seq=1 Ack=73 Win=5840 Len=0 112.305943 aaa.bbb.ccc.27 aaa.bbb.ccc.125NBSS Positive session response 112.306197 aaa.bbb.ccc.125aaa.bbb.ccc.27 SMB Negotiate Protocol Request 112.307402 aaa.bbb.ccc.27 aaa.bbb.ccc.125SMB Negotiate Protocol Response 112.307753 aaa.bbb.ccc.125aaa.bbb.ccc.27 SMB Session Setup AndX Request, NTLMSSP_NEGOTIATE 112.324275 aaa.bbb.ccc.27 aaa.bbb.ccc.125SMB Session Setup AndX Response, NTLMSSP_CHALLENGE, Error: STATUS_MORE_PROCESSING_REQUIRED 112.325025 aaa.bbb.ccc.125aaa.bbb.ccc.27 SMB Session Setup AndX Request, NTLMSSP_NEGOTIATE 112.339736 aaa.bbb.ccc.27 aaa.bbb.ccc.125SMB Session Setup AndX Response, NTLMSSP_CHALLENGE, Error: STATUS_MORE_PROCESSING_REQUIRED 112.340073 aaa.bbb.ccc.125aaa.bbb.ccc.27 TCP jvserver > netbios-ssn [FIN, ACK] Seq=678 Ack=716 Win=63797 Len=0 112.341426 aaa.bbb.ccc.27 aaa.bbb.ccc.125TCP netbios-ssn > jvserver [FIN, ACK] Seq=716 Ack=679 Win=8576 Len=0 112.341539 aaa.bbb.ccc.125aaa.bbb.ccc.27 TCP jvserver > netbios-ssn [ACK] Seq=679 Ack=717 Win=63797 Len=0 [...] Before the upgrade to WinXP 64 bit, the client had no problems to connect to any of the samba servers in the network. Also all other (about 100) windows clients (running WinXP and Win2K, all 32 Bit) do not show any problems with any samba server. The one server which still works with the 64Bit WinXP works also as password server for the other samba servers (using "security=server" in a workgroup environment) This is at least suspect, because it seems to show a pattern: samba servers which are using the password server do not work with the new client, the samba server acting as password server does work. But I can not explain the difference and this setup works for all other clients since more than one year now without problems. The only change was the upgrade to 64 bit windows on this one client machine. Any ideas anyone? - - andreas - -- Andreas Haumer | mailto:
[Samba] Smb.conf man page on www.samba.org
To Whom it may Concern: I was trying to lookup some things in the online smb.conf man page on http://us4.samba.org/samba/docs/man/manpages-3/smb.conf.5.html find that a substantial portion of it is missing. On my windows box using Firefox, I see something like this: EXPLANATION OF EACH PARAMETER Thought you should know. Marc Taylor -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Problems accessing a Samba share while logged into an AD domain....
Hi, This is my smb.conf file content. [global] workgroup = SMOKIN # map to guest = Bad User idmap gid = 1-2 idmap uid = 1-2 realm = SMOKIN.NET security = ADS usershare max shares = 100 winbind refresh tickets = yes server string = Suse-vm2 netbios name = Suse-vm2 log level = 3 log file = /var/log/samba/%m max log size = 50 winbind separator = + encrypt passwords = yes preferred master = no template homedir = /home/%D/%U template shell = /bin/bash [data] comment = Data path = /Data browseable = Yes read only = No inherit acls = Yes valid users = SMOKIN\administrator SMOKIN\user1 SMOKIN\user2 write list = SMOKIN\Administrator The Linux box runs Suse 10.1 and is names Suse-vm2 in the domain. "/Data" is a directory where access needs to be provided. What am I doing wrong here? Thanks for your help -S- - Original Message From: Sukanta Ganguly <[EMAIL PROTECTED]> To: samba@lists.samba.org Sent: Tuesday, February 6, 2007 5:30:06 PM Subject: [Samba] Problems accessing a Samba share while logged into an AD domain Hi, I am having some problems a Samba server logged into an Active Directory Domain, acting as PDC on Windows 2003 server. When I log into the AD domain from my XP machine, I see the Linux server, which has also logged into the AD server and exported a few shares. From XP i see the share in explorer but when I try to access it it pops up a login/password box for me. When I enter the login id and password (which is my login id and password for the AD domain, which it should not ask as I am already logged into the domain), it tells me that it is incorrect. Do you what I have done wrong here? If I am not logged into that particular AD domain where in the Linux/Samba server is loged and I try to access the Linux box from outside it works. What is the difference here? It still askes me for the Login id and password which is the AD login id and password (It should ask in this case as I am not logged into the domain). Any help or pointers will be appreciated. Thanks -S- Do you Yahoo!? Everyone is raving about the all-new Yahoo! Mail beta. http://new.mail.yahoo.com -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba No need to miss a message. Get email on-the-go with Yahoo! Mail for Mobile. Get started. http://mobile.yahoo.com/mail -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] "Unable to connect to CIFS host after (tried 3 times)"
Hi all, I configure my workstation to login in Windows AD, with kerberos+pam. I'm trying use cups to print in one printer in a Windows Server. So, i configure Samba (3.0.24) how member ads. But, when i try print a document (logged with my domain user) a cups web admin say: "Unable to connect to CIFS host after (tried 3 times)" . And nothing happening with printer... Well, my workstation isn't in ad, i don't do the command: "net ads join". I need only print in a Windows Server with kerberos authentication. What i need do? /etc/samba/smb.conf [global] workgroup = <> netbios name = debian-test server string = debian-test wins support = yes wins server = <> encrypt passwords = yes smb ports = 139 log file = /var/log/samba/log.%m max log size = 1000 log level = 10 panic action = /usr/share/samba/panic-action %d security = ADS realm = <> template shell = /bin/false load printers = yes printing = cups printcap name = cups socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 domain master = no idmap uid = 1-2 idmap gid = 1-2 winbind enum users = yes winbind enum groups = yes winbind use default domain = yes /etc/cups/printers.conf Info Location DeviceURI smb://10.0.1.21/printer?k=true State Stopped StateMessage Unable to connect to CIFS host after (tried 3 times) Accepting Yes JobSheets none none QuotaPeriod 0 PageLimit 0 KLimit 0 -- Kessia Pinheiro Gmail+GTalk/Email: kessiapinheiro [at] gmail [dot] com Linux Counter User #389695 [http://counter.li.org] -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Samba can't find unix accounts for user mapping
Hi, we're using samba 3.0.24 on Solaris 10. Not long ago we've migrated from NIS to LDAP with the Solaris integrated LDAP Server/Client. Now the user mapping doesn't work any more. If I map the WINDOWS\Administrator account to the unix account admin (this is a local account on the samba server) all works fine. [2007/02/06 16:27:25, 3, effective(0, 0), real(0, 0)] smbd/sesssetup.c:reply_spnego_kerberos(207) Ticket name is [EMAIL PROTECTED] [2007/02/06 16:27:25, 3, effective(0, 0), real(0, 0)] smbd/map_username.c:map_username(155) Mapped user WINDOWS\Administrator to admin and I have access to the shares. But if I use a LDAP account (WINDOWS\raiweber mapping to raiweber) I get this messages and no access to the shares. [2007/02/07 14:39:47, 3, effective(0, 0), real(0, 0)] smbd/sesssetup.c:reply_spnego_kerberos(207) Ticket name is [EMAIL PROTECTED] [2007/02/07 14:39:47, 3, effective(0, 0), real(0, 0)] smbd/map_username.c:map_username(155) Mapped user WINDOWS\raiweber to raiweber [2007/02/07 14:39:47, 1, effective(0, 0), real(0, 0)] smbd/sesssetup.c:reply_spnego_kerberos(310) Username raiweber is invalid on this system [2007/02/07 14:39:47, 3, effective(0, 0), real(0, 0)] smbd/error.c:error_packet(146) error packet at smbd/sesssetup.c(315) cmd=115 (SMBsesssetupX) NT_STATUS_LOGON_FAILURE With NIS I had no problems using local and nis accounts. Samba is a member server of a active directory domain. Sorry for my english! Thanks!!! Rainer Weber -- +--+ | Max Planck Institute for Mathematics | |System Administration | | | | Vivatsgasse 7, 53111 Bonn, Germany | | Tel +49 (0)228-402-239| | Fax +49 (0)228-402-277| | Email [EMAIL PROTECTED] | +--+ -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Lock issues? Help with migration from Windows to Linux/Samba
On 2/7/07, robert mena <[EMAIL PROTECTED]> wrote: Hi, I am facing a problem with my application. It uses a windows share to give access to a buch of dbf (I use FoxPro) files. When I access it alone (via the share) everything runs fine but when two users try both face a strange slowdown. The strange part is that it used to be fast even with dozens of users. It started to behave strangly a few days ago and I've tried everything, including creating a new server. Why am I sending this to the samba list? Because I already run a samba server in another enviroment and I am planning to use a samba server to replace this server. I am assuming that the problem is somewhat related with the OS and how it is handling locks so... I am interestered in tips regarding maximizing the performance of the samba/os in this enviroment. My distro of choice is CentOS 4.4. What version of samba are you using? Do you have logging on? If you do have logging on are there any errors in the logs? Are you using ldap? John -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Vista password being rejected on share security mode
Hi Jeremy, First of all, thank you for sending us the patch! I applied it yesterday and have been testing, it mostly works ok but let me tell you the unexpected behavior I've found.. With Windows XP, and any other client I've ever used, it doesn't matter which, if any, username the client sends to my share level security Samba servers. I specify the username for them with the "username =" smb.conf parameter and whatever the client sends me is irrelevant. In the [HOMES] section, I've got a couple directives.. username = %S valid users = %S Say I've got a UNIX user schaefer on the Samba server stercus. With WinXP I can go Start -> Run -> \\stercus\schaefer and irregardless of what username I'm currently logged into WindowXP with I'll connect to stercus as schaefer if schaefer's password is the same as my current WinXP user's password or if not I'll be prompted for a password where I can just put schaefer's password and presto I'm connected to stercus as schaefer. Using your patch and Vista, if I'm logged into Vista as someone other than username schaefer and go Start -> Run -> \\stercus\schaefer it won't connect, even if the current Vista user's password is the same as schaefer's password on stercus. So, then Vista prompts me for a username and password, I can enter schaefer and schaefer's correct password, it still won't be able to connect. What does work is if I'm logged into Vista as someone other than username schaefer I can right click My Computer, get into the "map network drive" dialogue, and in that dialogue I can specify a drive letter, \\stercus\schaefer, and, this is the key, click "Connect using a different user name" specify schaefer and schaefer's password on stercus and then the drive maps successfully. Eagerly awaiting any comments you might have. Again, thankyou for the patch, at least I have some funtionality now. Tom Schaefer University of Missouri Saint Louis -Original Message- From: Jeremy Allison [mailto:[EMAIL PROTECTED] Sent: Tuesday, February 06, 2007 12:54 PM To: Schaefer Jr, Thomas R. Cc: Lee Devlin; samba@lists.samba.org Subject: Re: [Samba] Vista password being rejected on share security mode On Tue, Feb 06, 2007 at 11:37:09AM -0600, Schaefer Jr, Thomas R. wrote: > I'm using Windows Vista Enterprise and also am having great difficulty > with security = share and 3.0.23d (as well as 3.0.11 and 3.0.14a). It > seems as though Vista will randomly, occasionally work with it, but in > general it just won't work at all. I wish I had your problem of a 10 > second connection delay, far better than no connection at all. Did > you have to do anything special to get it working, albiet with the 10 > second delay? You need the attached patch. It'll be up on the Vista patches page later this week or early next. Jeremy -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Lock issues? Help with migration from Windows to Linux/Samba
Hi, I am facing a problem with my application. It uses a windows share to give access to a buch of dbf (I use FoxPro) files. When I access it alone (via the share) everything runs fine but when two users try both face a strange slowdown. The strange part is that it used to be fast even with dozens of users. It started to behave strangly a few days ago and I've tried everything, including creating a new server. Why am I sending this to the samba list? Because I already run a samba server in another enviroment and I am planning to use a samba server to replace this server. I am assuming that the problem is somewhat related with the OS and how it is handling locks so... I am interestered in tips regarding maximizing the performance of the samba/os in this enviroment. My distro of choice is CentOS 4.4. Thanks. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Can't print to windows printer
I have one Windows XP box where I can print to an OKI printer that doesn't have drivers for Linux. I have tried to share it on Windows and print to that shared printer from a Linux box and it seems to send the print job correctly but it doesn't print. I checked the return value of smbspool and it's 0, and it doesn't echo any error... I have Samba 3.0.20. _ Descarga gratis la Barra de Herramientas de MSN http://www.msn.es/usuario/busqueda/barra?XAPID=2031&DI=1055&SU=http%3A//www.hotmail.com&HL=LINKTAG1OPENINGTEXT_MSNBH -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] upgrade 3.04 to 3.0.23d ?
Gerald (Jerry) Carter schrieb: > Stefan G. Weichinger wrote: > >> Now my next step would be to upgrade Samba to the >> latest available rpm from sernet.de, which would >> mean a straight upgrade from 3.04 to 3.0.23d. > >> Is this breaking anything? >> Should I take care of something special when I do this? > > STefan, I would recommend reading the WHATSNEW for > relevant changes since a lot has changes in 3 years. > This will also help bring you up to date on any > smb.conf option changes. Umm, yes, I know this would be the thing to do. I was hoping for some "no problem, just do it" or "fix xy from release z should fix your problem". But things ain't that easy, I know ;) Thanks anyway, Stefan -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] using the old user profiles for the new PDC
I set the new domains SID to the old domain SID, but are you sure that this is enough to solve the problem? The clients still start a new profile when the users log in. I have also restored the old servers ldap database and when I check users attributes I see rid, sambaPrimaryGroupSID, sambaSID. The computer accounts also have sambaSID and sambaPrimaryGroupSID attributes. I thought these attributes should be the same as previos ldap database so I have changed these attributes to the values before even this doesnt help and still workstations start a new empty profile. On the previos PDC I have done group mappings for all groups, does group mapping change anything about the SIDs? I did create my PDC with this article: http://wiki.novell.com/index.php/OES_as_PDC . Can there be a special situation regarding to this? Thanks.. On 2/6/07, ryan punt <[EMAIL PROTECTED]> wrote: Make sure the SID on your new PDC is the same as the SID on your old PDC. SIDs are used to encode passwords, determine file and directory permissions... If the SID changes, roaming profiles stop working. "man net" for more info (see "net getlocalsid" and "net setlocalsid" specifically). >>> "Erol YILDIZ" <[EMAIL PROTECTED]> 2/6/2007 9:02 AM >>> Hi, A few days ago PDC crashed and I setup a new PDC with the same domain name. I have recreated the user accounts but when the users login, windows xp clients create a new profile. Is there a way to make the windows clients use the old profiles? Thanks. -- Erol -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba - This email transmission and any documents, files or previous email messages attached to it may contain information that is confidential or legally privileged. If you are not the intended recipient, you are hereby notified that any disclosure, copying, printing, distributing or use of this transmission is strictly prohibited. If you have received this transmission in error, please immediately notify the sender by telephone or return email and delete the original transmission and its attachments without reading or saving in any manner. The Evangelical Lutheran Good Samaritan Society. - -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: Cannot change case of existing file names
>Date: Tue, 06 Feb 2007 12:15:49 -0600 >From: Jordan Russell <[EMAIL PROTECTED]> >To: Michael Gasch <[EMAIL PROTECTED]> > >Note that I am able to create new files with all-lowercase letters. I >just can't rename an existing "FILE.txt" to "file.txt". >From what client? MS Windows doesn't distinguish between those two names, so it won't let you perform the re-name as it thinks you're not changing the name. You can do it in Windows as a two-step process:- Rename FILE.txt to anything.txt Rename anything.txt to file.txt Oh the joys of Windows. Mac Assistant Systems Administrator @nibsc.ac.uk [EMAIL PROTECTED] Work: +44 1707 641565 Everything else: +44 7956 237670 (anytime) -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Reference Documentation Server
On Wed, Feb 07, 2007 at 11:09:45AM +, - Reyneke wrote: > > > >Can you try to put *any* password into smbpasswd with > >"smbpasswd -a samba" > > > > Yea, already tried that. Still having problems (although type of err seems > different). > > Log extract: > > [2007/02/07 01:00:36, 10] lib/util.c:dump_data() > [000] 00 5C 00 5C 00 54 00 31 00 30 00 30 00 30 00 5C .\.\.T.1 .0.0.0.\ > [010] 00 52 00 45 00 43 00 44 00 41 00 54 00 41 00 00 .R.E.C.D .A.T.A.. > [020] 00 3F 3F 3F 3F 3F 00 .?. > [2007/02/07 01:00:36, 3] smbd/process.c:switch_message(914) > switch message SMBtconX (pid 113) conn 0x0 > [2007/02/07 01:00:36, 3] smbd/sec_ctx.c:set_sec_ctx(241) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 > [2007/02/07 01:00:36, 5] auth/auth_util.c:debug_nt_user_token(448) > NT user token: (NULL) > [2007/02/07 01:00:36, 5] auth/auth_util.c:debug_unix_user_token(474) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups > [2007/02/07 01:00:36, 5] smbd/uid.c:change_to_root_user(275) > change_to_root_user: now uid=(0,0) gid=(0,0) > [2007/02/07 01:00:36, 4] smbd/reply.c:reply_tcon_and_X(668) > Client requested device type [?] for share [RECDATA] > [2007/02/07 01:00:36, 7] param/loadparm.c:lp_servicenumber(5112) > lp_servicenumber: couldn't find RECDATA If you really have [recdata] in your smb.conf, testparm does not complain and shows the recdata share, then this has to do with your local modifications. Sorry, we can't help you with that. Volker P.S: You might want to look at commercial support list on samba.org. P.P.S: Disclaimer: I work for one of those pgpONXl6jYSWD.pgp Description: PGP signature -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Cannot change case of existing file names
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Jordan Russell wrote: > In recent versions of Samba (including 3.0.24), attempting > to rename a file to a new name that differs only in > case appears to have no effect: If it did ever work, it was a fluke. Renaming files to different case on a caseless filesystem (or filesystem protocol) doesn't make much sense. cheers, jerry = Samba--- http://www.samba.org Centeris --- http://www.centeris.com "What man is a man who does not make the world better?" --Balian -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.3 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFFybQgIR7qMdg1EfYRAj7ZAKDd/nzgFerB6wn0K+zK8PS4dKlJxgCg81Jc WDYYJc9xgyX56HQ4VUEqavM= =wgrk -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Reference Documentation Server
Can you try to put *any* password into smbpasswd with "smbpasswd -a samba" Yea, already tried that. Still having problems (although type of err seems different). Log extract: [2007/02/07 01:00:36, 10] lib/util.c:dump_data() [000] 00 5C 00 5C 00 54 00 31 00 30 00 30 00 30 00 5C .\.\.T.1 .0.0.0.\ [010] 00 52 00 45 00 43 00 44 00 41 00 54 00 41 00 00 .R.E.C.D .A.T.A.. [020] 00 3F 3F 3F 3F 3F 00 .?. [2007/02/07 01:00:36, 3] smbd/process.c:switch_message(914) switch message SMBtconX (pid 113) conn 0x0 [2007/02/07 01:00:36, 3] smbd/sec_ctx.c:set_sec_ctx(241) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2007/02/07 01:00:36, 5] auth/auth_util.c:debug_nt_user_token(448) NT user token: (NULL) [2007/02/07 01:00:36, 5] auth/auth_util.c:debug_unix_user_token(474) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2007/02/07 01:00:36, 5] smbd/uid.c:change_to_root_user(275) change_to_root_user: now uid=(0,0) gid=(0,0) [2007/02/07 01:00:36, 4] smbd/reply.c:reply_tcon_and_X(668) Client requested device type [?] for share [RECDATA] [2007/02/07 01:00:36, 7] param/loadparm.c:lp_servicenumber(5112) lp_servicenumber: couldn't find RECDATA [2007/02/07 01:00:36, 5] lib/username.c:Get_Pwnam_alloc(131) Finding user RECDATA [2007/02/07 01:00:36, 5] lib/username.c:Get_Pwnam_internals(75) Trying _Get_Pwnam(), username as lowercase is RECDATA [2007/02/07 01:00:36, 5] lib/username.c:Get_Pwnam_internals(102) Checking combinations of 0 uppercase letters in RECDATA [2007/02/07 01:00:36, 5] lib/username.c:Get_Pwnam_internals(108) Get_Pwnam_internals didn't find user [RECDATA]! [2007/02/07 01:00:36, 4] smbd/map_username.c:map_username(111) Scanning username map /etc/smbusers [2007/02/07 01:00:36, 3] smbd/map_username.c:map_username(155) Mapped user RECDATA to samba [2007/02/07 01:00:36, 5] lib/username.c:Get_Pwnam_alloc(131) Finding user samba [2007/02/07 01:00:36, 5] lib/username.c:Get_Pwnam_internals(75) Trying _Get_Pwnam(), username as lowercase is samba [2007/02/07 01:00:36, 10] lib/util_pw.c:getpwnam_alloc(76) Got samba from pwnam_cache [2007/02/07 01:00:36, 5] lib/username.c:Get_Pwnam_internals(108) Get_Pwnam_internals did find user [samba]! [2007/02/07 01:00:36, 3] smbd/service.c:find_service(252) checking for home directory samba gave /home/samba [2007/02/07 01:00:36, 7] param/loadparm.c:lp_servicenumber(5112) lp_servicenumber: couldn't find homes [2007/02/07 01:00:36, 7] param/loadparm.c:lp_servicenumber(5112) lp_servicenumber: couldn't find printers [2007/02/07 01:00:36, 3] smbd/service.c:find_service(316) find_service() failed to find service samba [2007/02/07 01:00:36, 0] smbd/service.c:make_connection() _1 (10.1.12.33) couldn't find service samba [2007/02/07 01:00:36, 3] smbd/error.c:error_packet(146) error packet at smbd/reply.c(676) cmd=117 (SMBtconX) NT_STATUS_BAD_NETWORK_NAME [2007/02/07 01:00:36, 5] lib/util.c:show_msg(485) [2007/02/07 01:00:36, 5] lib/util.c:show_msg(495) _ Get Hotmail, News, Sport and Entertainment from MSN on your mobile. http://www.msn.txt4content.com/ -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] upgrade 3.04 to 3.0.23d ?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Stefan G. Weichinger wrote: > Now my next step would be to upgrade Samba to the > latest available rpm from sernet.de, which would > mean a straight upgrade from 3.04 to 3.0.23d. > > Is this breaking anything? > Should I take care of something special when I do this? STefan, I would recommend reading the WHATSNEW for relevant changes since a lot has changes in 3 years. This will also help bring you up to date on any smb.conf option changes. cheers, jerry = Samba--- http://www.samba.org Centeris --- http://www.centeris.com "What man is a man who does not make the world better?" --Balian -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.3 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFFya5cIR7qMdg1EfYRAsWkAKCy4IgrcHCzLZitr5aQMSy4caHSSwCdHMp1 +o8+RYPPG3vFXo2F0riUVjU= =zm3k -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Reference Documentation Server
On Wed, Feb 07, 2007 at 10:16:31AM +, - Reyneke wrote: > >Can I have the logfile for the 'map username' / > >'security=user' config as well? > > > >security=share is really bad these days. > > > > > Here it is... Can you try to put *any* password into smbpasswd with "smbpasswd -a samba" Volker pgp4Rv1vJUSkY.pgp Description: PGP signature -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] smbldap machine account pb since 3.0.23c-1
Hello - Selon Cédric Delfosse <[EMAIL PROTECTED]>: > Le lundi 05 février 2007 à 09:45 +0100, emmanuel musso a écrit : > > Hello > > > > When a windows xp workstation join a domain, by windows gui parameters, > ldap > > machine attributes are not filled correctly: > > > > - No attribute sambaprimarygroupsid (before, there was one terminated by > 515) > > AFAIK, the gid number of a computer/user account entry is now used to > determine its primary group SID (if sambaPrimaryGroupSID is not set). For my computer accounts, gid is correctly defined to 515 > > > - rid (of sambasid) is not equal a 2*uid+1000 > > > > If i create a user, rid (sambasid) equal a 2*uid + 1000 (and > sambaprimarygrousid > > terminated by 513) > > > > All the others samba attributes are ok > > Same problem if i use "smbldap-useradd -w" before joining the domain; Posix > > attributes are created by "smbldap-useradd -w", and samba attributes are > > created the first time workstation join the domain, allways with bad > sambasid > > and without sambaprimarygroupsid. > > > > Same problem if i use "net join" on a linux smbclient with winbind > > > > In all cases, my workstation is connected to the domain, and user can use > it. > > > > I didn't change my config, i didn't modify idealx tools. I think the > problem > > exits since 3.0.23c-1 update in month september. I know my computers who > joined > > the domain before samba 3.0.23c-1 update (debian apt-get) are ok, with > > sambaprimarygroupsid present, and valid sambasid > > (rid = 2* uid + 1000). > > I have 2 Domain with the same problem > > I have one domain that also showed this behaviour (samba 3.0.23d), and > another that works « like before ». > > Looks like that SAMBA was using the sambaNextRid field from the > sambaDomainName entry to build the SAMBA SID of the computer accounts, > but I don't know why. Yes i think you are right Here is syslog when i create a computer Feb 7 09:18:15 nestor slapd[24440]: conn=14766 op=36 SRCH attr=sambaDomainName sambaNextRid sambaNextUserRid sambaNextGroupR id sambaSID sambaAlgorithmicRidBase objectClass Feb 7 09:18:15 nestor slapd[24440]: conn=14766 op=36 SEARCH RESULT tag=101 err=0 nentries=1 text= Feb 7 09:18:15 nestor slapd[24440]: conn=14766 op=37 MOD dn="sambaDomainName=GE2I,dc=ge2i,dc=iut-tlse3,dc=fr" Feb 7 09:18:15 nestor slapd[24440]: conn=14766 op=37 MOD attr=sambaNextRid sambaNextRid here is syslog when i create a user Feb 7 09:38:51 nestor slapd[24440]: conn=14805 op=4 SRCH base="dc=ge2i,dc=iut-tlse3,dc=fr" scope=2 deref=2 filter="(uidNumbe r=5130)" Feb 7 09:38:51 nestor slapd[24440]: conn=14805 op=4 SEARCH RESULT tag=101 err=0 nentries=0 text= Feb 7 09:38:51 nestor slapd[24440]: conn=14805 op=5 SRCH base="ou=Groups,dc=ge2i,dc=iut-tlse3,dc=fr" scope=2 deref=2 filter= "(&(objectClass=posixGroup)(gidNumber=513))" Feb 7 09:38:51 nestor slapd[24440]: conn=14805 op=5 SEARCH RESULT tag=101 err=0 nentries=1 text= Feb 7 09:38:51 nestor slapd[24440]: conn=14805 op=6 SRCH base="ou=People,dc=ge2i,dc=iut-tlse3,dc=fr" scope=2 deref=2 filter= "(sambaSID=s-1-5-21-1013494363-2106538438-1688464621-11260)" Feb 7 09:38:51 nestor slapd[24440]: conn=14805 op=6 SEARCH RESULT tag=101 err=0 nentries=0 text= Feb 7 09:38:51 nestor slapd[24440]: conn=14805 op=7 ADD dn="uid=atest,ou=People,dc=ge2i,dc=iut-tlse3,dc=fr" Feb 7 09:38:51 nestor slapd[24440]: conn=14805 op=7 RESULT tag=105 err=0 text= Feb 7 09:38:51 nestor slapd[24440]: conn=14805 op=8 MOD dn="uid=atest,ou=People,dc=ge2i,dc=iut-tlse3,dc=fr" Feb 7 09:38:51 nestor slapd[24440]: conn=14805 op=8 MOD attr=objectClass sambaPwdLastSet sambaLogonTime sambaLogoffTime samb aKickoffTime sambaPwdCanChange sambaPwdMustChange displayName sambaAcctFlags sambaSID Feb 7 09:38:51 nestor slapd[24440]: conn=14805 op=8 RESULT tag=103 err=0 text= Feb 7 09:38:51 nestor slapd[24440]: conn=14805 op=9 MOD dn="uid=atest,ou=People,dc=ge2i,dc=iut-tlse3,dc=fr" Feb 7 09:38:51 nestor slapd[24440]: conn=14805 op=9 MOD attr=sambaLMPassword sambaPrimaryGroupSID sambaNTPassword sambaLogon Script sambaHomePath sambaHomeDrive Why samba use the sambaNextRid field from the sambaDomainName entry to build the SAMBA SID of the computer accounts ? in which configuration file SID's creation is different for users and computers ? Is there a new samba.schema since september month ? (Mine is original samba.schema with minor update change recommended by whatsnew for 3.0.23)? Thanks > > Regards, > > -- > Cedric Delfosse Linbox / Free&ALter Soft > 152, rue de Grigy - Technopole Metz 57070 METZ - FRANCE > tel: +33 (0)3 87 50 87 90 http://linbox.com > > Regards - Emmanuel musso technicien informatique I.U.T. Paul Sabatier Dépt Génie électrique 0562258241 Service informatique 0562258025 This message was sent using IMP, the Internet Messaging Program. -- To unsubscribe from this list go to the fol
