Re: [Samba] question re multiple backends and the 'guest' backend

[Collen Blijenberg]

Multiple backends was removed, and is ever since
part of the pdb-sql project at sourceforge

so if you want more that 1 backend, install multi.so from pdb-sql...

Cheers,

Collen

Jerome Alet wrote:

On Thu, Apr 26, 2007 at 03:05:05PM +0100, J Xu wrote:
  

I am exactly in the situation as Jerome described. I
keep most of samba users in an ldap database while
still maintain a few users locally. This gave me the
flexibility that those users do not depend on ldap.



Exactly what I wanted to do.

Actually I'm on Debian Sarge and have all my Samba
users defined locally.

Since three years, every night, a batch script is run which extracts 
users that were added today to the central LDAP server of the 
University, with an LDAP filter based on a few criterias, and 
"duplicate" them on the local system (with a different password 
though).


To these users who come indirectly (not at the samba level) from 
LDAP, in fact student accounts, I locally add accounts for people 
who come maybe 2 or 3 days a year (some professors) and that nobody 
wants to add to the central LDAP server (which needless to say is 
not managed by me). So these users are only defined locally.


Now since last September the central LDAP server was modified to 
include the Samba schema and could (theorically, not tested by me 
yet) be used from my local Samba PDC directly to grab its user 
accounts.


I was really happy to learn that, and planned both to upgrade
my Sarge system to Etch, and use that central LDAP server
to not have to duplicate accounts every day, all before
next September.

But I can't do it, since I still need my "2/3 days a year" local user
accounts, and newer releases of Samba don't allow me to do this
(if I understand correctly).

So my choice is :

- Keep Sarge forever.

or :


- Continue this duplication shit.

or :


- Install a local LDAP server which will be a partial
  replicate of the central one, and to which I'll add
  my needed local users.
  
or :  


- ? Drop Samba (just joking)

This really sucks especially because at the system level user accounts
CAN come from different places in a chained configuration with the
help of /etc/nsswitch.conf

Is there any good reason to have made this change ?
Is there any plan to reintroduce the functionnality at a later date ?

TIA

Jerome Alet
  


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] question re multiple backends and the 'guest' backend

[Jerome Alet]

On Thu, Apr 26, 2007 at 03:05:05PM +0100, J Xu wrote:
> 
> I am exactly in the situation as Jerome described. I
> keep most of samba users in an ldap database while
> still maintain a few users locally. This gave me the
> flexibility that those users do not depend on ldap.

Exactly what I wanted to do.

Actually I'm on Debian Sarge and have all my Samba
users defined locally.

Since three years, every night, a batch script is run which extracts 
users that were added today to the central LDAP server of the 
University, with an LDAP filter based on a few criterias, and 
"duplicate" them on the local system (with a different password 
though).

To these users who come indirectly (not at the samba level) from 
LDAP, in fact student accounts, I locally add accounts for people 
who come maybe 2 or 3 days a year (some professors) and that nobody 
wants to add to the central LDAP server (which needless to say is 
not managed by me). So these users are only defined locally.

Now since last September the central LDAP server was modified to 
include the Samba schema and could (theorically, not tested by me 
yet) be used from my local Samba PDC directly to grab its user 
accounts.

I was really happy to learn that, and planned both to upgrade
my Sarge system to Etch, and use that central LDAP server
to not have to duplicate accounts every day, all before
next September.

But I can't do it, since I still need my "2/3 days a year" local user
accounts, and newer releases of Samba don't allow me to do this
(if I understand correctly).

So my choice is :

- Keep Sarge forever.

or :

- Continue this duplication shit.

or :

- Install a local LDAP server which will be a partial
  replicate of the central one, and to which I'll add
  my needed local users.
  
or :  

- ? Drop Samba (just joking)

This really sucks especially because at the system level user accounts
CAN come from different places in a chained configuration with the
help of /etc/nsswitch.conf

Is there any good reason to have made this change ?
Is there any plan to reintroduce the functionnality at a later date ?

TIA

Jerome Alet
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Samba 3.x and PCNetLink domain trusts

[Volker Lendecke]

On Thu, Apr 26, 2007 at 03:00:08PM -0400, Damian Lock (SSCI) wrote:
> I am trying to establish a domain trust between a Samba 3.024 domain and
> a PC Netlink 2.0 domain.

These types of problems are a bit difficult to diagnose,
none of the Samba developers I know has direct access to a
PC Netlink installation. It should be possible to get these
bugs fixed, but I would say that this is not really a high
priority task for us. You might have more success migrating
that domain to NT4, I've seen successful migrations away
from PC Netlink via the NT4 path.

Volker


pgpWbTRSKzzOR.pgp
Description: PGP signature
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Samba & CUPS: only banner-page gets printed

[Tobias Großmann]

On Thu, 26 Apr 2007 18:18:21 -0400
Chris Smith <[EMAIL PROTECTED]> wrote:

> On Thursday 26 April 2007, Johannes Eckhardt wrote:
> > Anyone has an idea?
> 
> Print directly to CUPS via IPP instead of putting Samba in the middle (at 
> least to assist in troubleshooting).
> 
> Chris
> -- 
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/listinfo/samba
oops, wrong post. Please forget my answer to this threat...
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Samba & CUPS: only banner-page gets printed

[Tobias Großmann]

On Thu, 26 Apr 2007 18:18:21 -0400
Chris Smith <[EMAIL PROTECTED]> wrote:

> On Thursday 26 April 2007, Johannes Eckhardt wrote:
> > Anyone has an idea?
> 
> Print directly to CUPS via IPP instead of putting Samba in the middle (at 
> least to assist in troubleshooting).
> 
> Chris
> -- 
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/listinfo/samba

We want to use Samba/Cups because you can connect to the public printers 
without installing drivers at the clients. So we can use scripts to connect the 
printers (net use...)
Also we maybe have a problem. Our company has a special font. We know there are 
problems printing on PCL6-Drivers and we know it works with pcl5.

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Accessing files on a domain-controled network

[Steven Woody]

On 4/27/07, Gary Dale <[EMAIL PROTECTED]> wrote:

Steven Woody wrote:
> hi,
>
> i am new to samba and it seemed that samba documents mainly focus on
> how to setup a linux box as a samba server.  but i am now sitting in a
> linux box and looking for a easy way to access a shared file folder on
> a domain-controled network.  sorry for my no patience to read every
> part of the document since i have to let this job done in today.
>
> the shared folder is something like:  \\serverA\share, and if i need
> to access it from XP i need to login to our domain ( D ),  using my
> user name( U ), and password ( P ).  my task is to, do the same
> accessing from my linux box using same information above.  what do i
> do?
>
> thanks in advance.
>
Here's what I use to access a share. I don't have it mounted
automatically. Instead I type in mount /home/mnt/aux and I get prompted
for the password. You can remove the noauto and include a password in
the /etc/fstab file line for the share but that isn't exactly secure.

Note that the filesystem type is cifs. This is similar to smbfs but cifs
is maintained.  :)

//hyperzip/aux$ /home/mnt/aux   cifs
noauto,user,rw,user=garydale   0   0

You can also look at authenticating against a domain controller for a
single sign-on. Check the samba.org howtos and by example documents for
details on how to do this. It's not supposed to be too tricky. I've just
never gotten to it.  :)
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba



so, i use the similar setting as yours,

put a line in fstab,

//foohost/backup  /mnt/aux  cifs noauto,user,rw,user=me  0  0


then i do 'mount /mnt/aux', but got following error,

mount error: could not find target server. TCP name foohost/backup not found
No ip address specified and hostname not found

and, smbcliet -L //foohost will report 'Connection to foohost failed.

what's the clue?



--
woody

then sun rose thinly from the sea and the old man could see the other
boats, low on the water and well in toward the shore, spread out
across the current.
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Accessing files on a domain-controled network

[Gary Dale]

Steven Woody wrote:

hi,

i am new to samba and it seemed that samba documents mainly focus on
how to setup a linux box as a samba server.  but i am now sitting in a
linux box and looking for a easy way to access a shared file folder on
a domain-controled network.  sorry for my no patience to read every
part of the document since i have to let this job done in today.

the shared folder is something like:  \\serverA\share, and if i need
to access it from XP i need to login to our domain ( D ),  using my
user name( U ), and password ( P ).  my task is to, do the same
accessing from my linux box using same information above.  what do i
do?

thanks in advance.

Here's what I use to access a share. I don't have it mounted 
automatically. Instead I type in mount /home/mnt/aux and I get prompted 
for the password. You can remove the noauto and include a password in 
the /etc/fstab file line for the share but that isn't exactly secure.


Note that the filesystem type is cifs. This is similar to smbfs but cifs 
is maintained.  :)


//hyperzip/aux$ /home/mnt/aux   cifs
noauto,user,rw,user=garydale   0   0


You can also look at authenticating against a domain controller for a 
single sign-on. Check the samba.org howtos and by example documents for 
details on how to do this. It's not supposed to be too tricky. I've just 
never gotten to it.  :)

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Accessing files on a domain-controled network

[Steven Woody]

hi,

i am new to samba and it seemed that samba documents mainly focus on
how to setup a linux box as a samba server.  but i am now sitting in a
linux box and looking for a easy way to access a shared file folder on
a domain-controled network.  sorry for my no patience to read every
part of the document since i have to let this job done in today.

the shared folder is something like:  \\serverA\share, and if i need
to access it from XP i need to login to our domain ( D ),  using my
user name( U ), and password ( P ).  my task is to, do the same
accessing from my linux box using same information above.  what do i
do?

thanks in advance.

--
woody

then sun rose thinly from the sea and the old man could see the other
boats, low on the water and well in toward the shore, spread out
across the current.
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] LiveCD ok, regular install not ok

[Peter]

I have a LiveCD accessing Samba shares nicely (after providing
credentials) but upon installation of the OS the system can no
longer access the share (keeps asking for credentials).  I feel that
this is because the domain server set up an identity automatically
during the initial access and that this is now
conflicting with requests from the regular
installation.  At this point, access to the server
machine is essentially null (cannot access configuration nor logs). 
Any idea?  Will sniffing the wire help?


  Be smarter than spam. See how smart SpamGuard is at giving junk email the 
boot with the All-new Yahoo! Mail at http://mrd.mail.yahoo.com/try_beta?.intl=ca

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] question re multiple backends and the 'guest' backend

[Josh Kelley]

On 4/26/07, J Xu <[EMAIL PROTECTED]> wrote:

Just wonder if there is any sound reason why this
feature is dropped, other than maybe making adding
users/groups/machines comlicated for a PDC
configuration? Is there any plan to re-enable this
feature sometime later?


It was decided that multiple passdb backends overly complicated things
and were hardly ever used:
http://marc.info/?l=samba&m=113952596018519&w=2

Josh Kelley
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] BLOATED LDAP Traffic from Samba

[Josh Kelley]

On 4/24/07, Joseph Williams <[EMAIL PROTECTED]> wrote:

My Samba PDC is sending tons of traffic my ldapserver(iplanet) and is
causing the ldap server load to   peak consitently over a ridiculous 91%.
Logons come to a crawl because the ldap load is so high.  I don't not have
roaming profiles enabled.


This doesn't directly answer your question, but I'm surprised that an
LDAP server would max CPU usage if indexes and such are set up
properly.  Did you make sure to enable all of the recommended LDAP
indexes (in particular, sambaSID)?  (See chapter 2 of the Samba HOWTO
Collection for a sample OpenLDAP slapd.conf file that lists
recommended indexes.)

Josh Kelley
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] test share works, but homes returns with "network name cannot be found

[Dan Roberts]

Just built a new server based on CentOS 5.0 which included Samba 
3.0232.  I also added Webmin as the server is in the closet without a 
monitor currently.


When I went thorugh the generla tutorial with Webmin Samba worked, but 
showed all root directories, except for /home.  That was not as expected 
and certainly not very helpful.


So, I went back and tried again baseed on what I had used in the past on 
the old server. 

I have set up the test share directory and can connect to it without 
problem from either my desktop Win2000 system or my MacBook Pro.  I 
don't have a printer on this server, having switched over to a jetdirect 
card, but I do see the "Printers" icon in the list at least on the Windows.


My home directory is another matter - I can see it and it has the proper 
comment attached, but any attempt to connect from Win2000 results in a 
popup window.  I get rejected from the Mac too, but of course don't get 
the Windows popup window. 

As the Windows popup window actually says something, here it is - top 
line is the banner

--
\\Trailrunner
\\Trailrunner\dan is not accessable.
The network name cannot be found.
---
Googeling on this has lead me to various old postings but nothing 
directly on point, and the bid difference I seem to have is that I can 
indeed get to the test share, copy in files etc... without problem.


What follows are the core entries of my smb.conf file, the notations 
from the log file and the results of what seem to be key tests.


Truly hope someone can help me get this sorted out.

smb.conf
#=== Global Settings 
=

[global]
   log file = /var/log/samba/%m.log
   dns proxy = no
;   passwd chat = *Enter\snew\sUNIX:* %n\n *Retype\spassword:* %n\n
   server string = Trailrunner, Samba %v on (%L)
;   unix password sync = yes
   remote announce = 10.20.30.255
   workgroup = DJ14847
   os level = 20
   encrypt passwords = Yes
   security = user
;   passwd program = /usr/bin/passwd %u
   max log size = 50
   allow hosts = 10.20.30. 127.0.0.1
   log level = 3
   socket options = TCP_NODELAY IPTOS_LOWDELAY
   wins support = yes
   netbios name = trailrunner



# Share Definitions 
==

[homes]
   comment = %U's Home Directory is %H
   valid users = %S
;   path = %H
   read only = no
   browsable = no
   create mask = 0755
   directory mask = 0755

[test]
   comment = for testing purposes only
   path = /export/test
   read only = no
   public = yes

---

From the /var/log/samba/ tial superspiff.log file
-
[EMAIL PROTECTED] samba]# tail superspiff.log
[2007/04/26 19:11:30, 3] smbd/error.c:error_packet(146)
 error packet at smbd/reply.c(676) cmd=117 (SMBtconX) 
NT_STATUS_BAD_NETWORK_NAME

[2007/04/26 19:11:30, 3] smbd/process.c:process_smb(1110)
 Transaction 27 of length 43
[2007/04/26 19:11:30, 3] smbd/process.c:switch_message(914)
 switch message SMBulogoffX (pid 3764) conn 0x0
[2007/04/26 19:11:30, 3] smbd/sec_ctx.c:set_sec_ctx(241)
 setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2007/04/26 19:11:30, 3] smbd/reply.c:reply_ulogoffX(1618)
 ulogoffX vuid=105
-

Testing locally wiht smbclient

[EMAIL PROTECTED] samba]# smbclient -L localhost -U%
Domain=[DJ14847] OS=[Unix] Server=[Samba 3.0.23c-2]

   Sharename   Type  Comment
   -     ---
   testDisk  for testing purposes only
   IPC$IPC   IPC Service (Trailrunner, Samba 
3.0.23c-2 on (trailrunner))

Domain=[DJ14847] OS=[Unix] Server=[Samba 3.0.23c-2]

   Server   Comment
   ----
   DANS-MAC Dan's Mac
   SUPERSPIFF  
   TECRA   
   TRAILRUNNER  Trailrunner, Samba 3.0.23c-2 on (trailrunner)


   WorkgroupMaster
   ----
   DJ14847  TRAILRUNNER
   KUTAKDN-ROBERTS-5898
[EMAIL PROTECTED] samba]#
---

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] question re multiple backends and the 'guest' backend

[J Xu]

>> 
>> We also removed the support foir multiple passdb
backends in latest
>> versions of samba IIRC, so passdb backend should
never list more than 1
>> backend.
>
> Does this means it's not possible anymore to have
most users coming 
> from an LDAP server, and to have additional "local"
users (because 
> they can't be added to the LDAP server which is
managed by other 
> people, for example) ? 
>
> If this is not possible anymore this sucks.

I am exactly in the situation as Jerome described. I
keep most of samba users in an ldap database while
still maintain a few users locally. This gave me the
flexibility that those users do not depend on ldap.

I checked the release notes, the support for multiple
backends in a chained configuration was dropped since
v3.0.23. This is really bad as we planned to upgrade
to Debian etch which has v3.0.24 (I tested and can
confirm that mixing multiple backends together is not
supported).

Just wonder if there is any sound reason why this
feature is dropped, other than maybe making adding
users/groups/machines comlicated for a PDC
configuration? Is there any plan to re-enable this
feature sometime later?

Thanks,

J


  ___ 
Yahoo! Mail is the world's favourite email. Don't settle for less, sign up for
your free account today 
http://uk.rd.yahoo.com/evt=44106/*http://uk.docs.yahoo.com/mail/winter07.html 
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

RE: [Samba] Samba & CUPS: only banner-page gets printed

[Jeff Thurston]

First, I apologize if this gets posted twice, it is not intentional,
after sending it the first time and not seeing it after half an hour I am
trying again...

I'm hoping someone can give me a clue what I am doing wrong here,
Running Debian Etch AMD64, I followed the samba wiki at:
http://wiki.samba.org/index.php/Samba_&_Active_Directory#Prerequisites.

I get mostly good results, except when I try to run 'getent passwd' or
'getent group' only local users/groups are listed.

I was able to join the domain: net ads join -U admin_user
The system shows up in AD under computers on the PDC.

Afterwards if I do wbinfo -u, wbinfo -g, wbinfo -p, wbinfo -t, wbinfo -a
ad_user%password 

All of those appear to work correctly. 

However this seems somewhat fishy, it says "Active Directory: No":

'wbinfo -D domain.com'
Name  : DOMAIN
Alt_Name  : DOMAIN.COM
SID   : S-XX
Active Directory  : No
Native: No
Primary   : Yes
Sequence  : 2008

My nsswitch.conf looks correct:
passwd: files winbind
shadow: files winbind
group: files winbind
hosts: files dns wins


-Jeff

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Joining Samba 3.24 to 2003 ADS

[Jeff Thurston]

I'm hoping someone can give me a clue what I am doing wrong here,

Running Debian Etch AMD64, I followed the samba wiki at:
http://wiki.samba.org/index.php/Samba_

&_Active_Directory#Prerequisites.

I get mostly good results, except when I try to run 'getent passwd' or
'getent group' only local users/groups are listed.

 

I was able to join the domain: net ads join -U admin_user

The system shows up in AD under computers on the PDC.

Afterwards if I do wbinfo -u, wbinfo -g, wbinfo -p, wbinfo -t, wbinfo -a
ad_user%password

All of those appear to work correctly. 

 

This however seems somewhat fishy, it says "Active Directory: No":

 

'wbinfo -D domain.com'

Name  : DOMAIN

Alt_Name  : DOMAIN.COM

SID   : S-XX

Active Directory  : No

Native: No

Primary   : Yes

Sequence  : 2008

 

My nsswitch.conf looks correct:

passwd: files winbind

shadow: files winbind

group: files winbind

hosts: files dns wins

 

 

-Jeff

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Samba & CUPS: only banner-page gets printed

[Chris Smith]

On Thursday 26 April 2007, Johannes Eckhardt wrote:
> Anyone has an idea?

Print directly to CUPS via IPP instead of putting Samba in the middle (at 
least to assist in troubleshooting).

Chris
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Samba & CUPS: only banner-page gets printed

[Gary Dale]

This doesn't sound like a Samba problem. It's more likely CUPS related.

Which printer are you using, what distribution, which CUPS driver, etc.. 
Sounds like the printer is getting confused when you print a banner with 
a RAW printjob.



Johannes Eckhardt wrote:
In my setup I'm running Samba 3.0.23d-19.2 and CUPS  1.2.7-12.1. 
Printing from a windows-client works fine, until I instruct CUPS to 
add a banner-page. The banner-page then is the only thing that gets 
printed. Doing the same from Linux everything works fine. I get my job 
including a banner-page.


The Windows-printjob is passed raw from Samba to CUPS...

Anyone has an idea?

Best,

Johannes



--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Slow Samba

[Josh Andrews]

I am running a Snap 4200 fileserver, which is a network appliance that
uses Samba to share files on a windows network.

I've been experiencing slow performance on the Snap. The issue started
suddenly 5 to 6 weeks ago, so I don't think it's a performance-related
problem. I SSHed into the unit and noticed some odd errors in the samba
event logs. They look something like this:

[2007/04/10 17:29:38, 0] smbd/posix_acls.c:has_pai_get_perm(474)
  has_pai_get_perm: unknown tag type in ACL
[2007/04/10 18:36:15, 0] smbd/service.c:make_connection(844)
  192.168.5.103 (192.168.5.103) couldn't find service furnitur
[2007/04/11 03:04:05, 0] lib/util_sock.c:read_socket_data(342)
  read_socket_data: recv failure for 4. Error = Connection reset by peer
[2007/04/11 07:28:13, 0] smbd/service.c:set_current_service(56)
  chdir (/shares/Meralta) failed
[2007/04/11 07:28:13, 0] smbd/service.c:set_current_service(56)
  chdir (/shares/Meralta) failed
[2007/04/11 07:28:13, 0] smbd/service.c:set_current_service(56)
  chdir (/shares/Meralta) failed
[2007/04/11 07:28:23, 0] smbd/service.c:set_current_service(56)
  chdir (/shares/TEMPLATE) failed
[2007/04/11 07:28:23, 0] smbd/service.c:set_current_service(56)
  chdir (/shares/TEMPLATE) failed
[2007/04/11 07:28:23, 0] smbd/service.c:set_current_service(56)
  chdir (/shares/TEMPLATE) failed
[2007/04/11 07:55:16, 0] smbd/service.c:set_current_service(56)
  chdir (/shares/Drawings) failed
[2007/04/11 07:55:16, 0] smbd/service.c:set_current_service(56)
  chdir (/shares/Drawings) failed
[2007/04/11 08:27:11, 0] lib/module.c:smb_load_module(40)
"log.smbd" [readonly] 3228L, 166021C

Odd errors about enumerating shares... So I did a directory listing of
the shares, and lo and behold, some odd permissions showed themselves:

drwxrwxrwx8 DOMAIN\ DOMAIN\  103 Oct  1  2005 Archive
drwxrwx---   17 DOMAIN\ DOMAIN\ 4096 Apr  5 11:40 Cad
drwxrwx---   89 adminadmingrp 4096 Apr 17 15:25 Design
drwxrwxrwx6 DOMAIN\ DOMAIN\  112 Oct  2  2005 DesignData
drwxrwxrwx   13 DOMAIN\ DOMAIN\ 4096 Feb 12 11:30 Finance
drwxrwxrwx2 adminadmingrp6 Oct  2  2005 Financeapps
drwxrwxrwx   29 adminadmingrp 4096 Apr 18 09:04 Furniture
drwxrwx---  1629 DOMAIN\ DOMAIN\81920 Apr 19 15:53 In_Progress
drwxrwx---   34 DOMAIN\ DOMAIN\ 4096 Apr 10 17:21 Marketing
drwxrwx---   15 adminadmingrp 4096 Apr 19 10:43 Meralta
drwxrwxrwx2 DOMAIN\ DOMAIN\   78 Mar 31 18:27 NAN_bu_Month-End
drwxrwxrwx2 DOMAIN\ DOMAIN\   43 Jun  3  2006 OllieBU_MonthEnd
drwxrwx---  223 adminadmingrp16384 Apr 17 14:15 Purge-atory
drwxrwx---2 DOMAIN\ admingrp  135 Apr 14 20:10 RESTORED
-rwxrwx---1 DOMAIN\ DOMAIN\   89 Apr  6 21:05 SPOT_top_log.txt
-rwxrwxrwx1 DOMAIN\ DOMAIN\  548 Nov  6  2005 Shortcut to
NetVault7_Administrators_Guide.pdf.lnk
drwxrwx---   84 adminadmingrp 4096 Apr 16 13:16 Transfer
drwxrwxrwx   35 DOMAIN\ DOMAIN\ 4096 Feb  2 15:28 cab

The errors in the samba event logs correlate only to the directories
that have permissions of "admin" and "admingrp." Before I wipe the
problem out by brute force with chmod and chgrp, has anybody ever seen
errors like this before, and how did the permissions get changed from
DOMAIN|? Would they cause slow response time?

I've also noticed odd permissions scattered down through the directories
at various locations, and in some cases the owner of a file is set to a
5-digit number like "20160", etc.

Any ideas?

Josh


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] ntlm_auth to AD with only ntlmv2 enabled failing

[Mary Stevens]

tlm_auth -debug=10 --logfile=/tmp --request-nt-key
--dom
ain=adtest --username=stevens3 --challenge=08cb598bb48bab8c
--nt-response=202fa7
d944da7715ef8bf23a0b1b3d08d91345e2e26344da
[2007/04/26 14:36:52, 5] lib/debug.c:debug_dump_status(391)
  INFO: Current debug levels:
all: True/10
tdb: False/0
printdrivers: False/0
lanman: False/0
smb: False/0
rpc_parse: False/0
rpc_srv: False/0
rpc_cli: False/0
passdb: False/0
sam: False/0
auth: False/0
winbind: False/0
vfs: False/0
idmap: False/0
quota: False/0
acls: False/0
locking: False/0
msdfs: False/0
dmapi: False/0
Exec-Program output: NT_KEY: 55766444E6C4E3016575DE3819ABDED0
Exec-Program-Wait: plaintext: NT_KEY: 55766444E6C4E3016575DE3819ABDED0
Exec-Program: returned: 0
rlm_mschap: adding MS-CHAPv2 MPPE keys
  modcall[authenticate]: module "mschap" returns ok for request 1
modcall: leaving group MS-CHAP (returns ok) for request 1
Login OK: [stevens3] (from client nortelnew port 63)
  Processing the post-auth section of radiusd.conf
modcall: entering group post-auth for request 1
radius_xlat:
'/services/ct-radius/run/var/log/radius/radacct/192.17.144.2/reply
-detail-20070426'
rlm_detail:
/services/ct-radius/run/var/log/radius/radacct/%{Client-IP-Address}/
reply-detail-%Y%m%d expands to
/services/ct-radius/run/var/log/radius/radacct/19
2.17.144.2/reply-detail-20070426
  modcall[post-auth]: module "reply_log" returns ok for request 1
modcall: leaving group post-auth (returns ok) for request 1
Sending Access-Accept of id 39 to 192.17.144.2 port 3925
MS-CHAP2-Success =
0x02533d443734324339383338444541434146303141354346334
13437363433363142464138313937314638
MS-MPPE-Recv-Key = 0xdc756f09359a7d521ae376189c6c4449
MS-MPPE-Send-Key = 0x237c89f4e9decfb9031e36f073218ba2
MS-MPPE-Encryption-Policy = 0x0002
MS-MPPE-Encryption-Types = 0x0004
Finished request 1



Any clues which might get this working would be appreciated.  From the
docs it seems like this should be working.

Thanks
mary stevens

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Excessive winbindd logging at log level 0 ????

[Rob Tanner]

Hi,

I am running Samba v3.0.14a-2 with winbindd on Fedora Core.

smb.conf:
auth methods = winbind
winbind nested groups = Yes

nsswitch.conf:
passwd: files winbind ldap
shadow: files ldap
group:  files winbind ldap

The excessive logging started happening as soon as Service Pack 2 was
installed on the win 2003 servers that are the domain controllers. 
Prior to the upgrade, the win 2003 servers were at Service Pack 1 with
all hotfixes installed.

Here is a random sample of the winbindd log:

 libads/ads_ldap.c:ads_sid_to_dn(222)  ads sid_to_dn mapped 
CN=bschwar,OU=Students,OU=People,DC=catnet,DC=wfo,DC=linfield,DC=edu : 3 Time(s)
 libads/ads_ldap.c:ads_sid_to_dn(222)  ads sid_to_dn mapped 
CN=bsmedle,OU=Students,OU=People,DC=catnet,DC=wfo,DC=linfield,DC=edu : 3 Time(s)
 libads/ads_ldap.c:ads_sid_to_dn(222)  ads sid_to_dn mapped 
CN=chofmei,OU=Students,OU=People,DC=catnet,DC=wfo,DC=linfield,DC=edu : 2 
Time(s) 
 nsswitch/winbindd_ads.c:lookup_usergroups(632)  ads lookup_usergroups for 
sid=S-1-5-21-487535032-342659857-1939201933-10480 : 1 Time(s)
 nsswitch/winbindd_ads.c:lookup_usergroups(632)  ads lookup_usergroups for 
sid=S-1-5-21-487535032-342659857-1939201933-10549 : 1 Time(s)
 nsswitch/winbindd_ads.c:lookup_usergroups(632)  ads lookup_usergroups for 
sid=S-1-5-21-487535032-342659857-1939201933-11197 : 1 Time(s)
 nsswitch/winbindd_ads.c:lookup_usergroups(632)  ads lookup_usergroups for 
sid=S-1-5-21-487535032-342659857-1939201933-11198 : 3 Time(s)
 nsswitch/winbindd_ads.c:query_user(437)  ads query_user gave mamason : 2 
Time(s)
 nsswitch/winbindd_ads.c:query_user(437)  ads query_user gave mcooper : 1 
Time(s)
 nsswitch/winbindd_ads.c:query_user(437)  ads query_user gave mmaebor : 2 
Time(s)
 nsswitch/winbindd_group.c:winbindd_getgroups(1008)  [27513]: getgroups 
CATNET\jolds : 3 Time(s)
 nsswitch/winbindd_group.c:winbindd_getgroups(1008)  [27513]: getgroups 
CATNET\mcooper : 2 Time(s)
 nsswitch/winbindd_group.c:winbindd_getgroups(1008)  [27513]: getgroups 
CATNET\mfa5165$ : 2 Time(s)


None of the above entries look like an error that one would expect to
see reported at log level 0.

Any ideas?

Thanks,
Rob

-- 
Rob Tanner
UNIX Services Manager
Linfield College, McMinnville OR

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Samba 3.x and PCNetLink domain trusts

[Damian Lock (SSCI)]

I am trying to establish a domain trust between a Samba 3.024 domain and
a PC Netlink 2.0 domain.

Currently, we are using PC Netlink as our primary Windows file server
and "NT4" domain controller.  (Lets say that the domain is called LEGACY
and the domain controller LX1)  Windows 2003 servers are unable to
join a PC Netlink domain (even with the SignOrSeal option disabled.)
For this, and other reasons the eventual goal is to drop PC Netlink in
favor of Samba.In the interim, I would like to make resources on
Windows 2003 machines available to users without a duplicate set of
accounts being required.

To this end, I configured a Samba 3.024 domain "SAMBA" with a machine
called SMB1.  I can add Windows 2003 servers to this domain.  I then
tried to establish  trusts.  (Actually, I only need the SAMBA domain to
trust the LEGACY domain.)


LEGACY DOMAIN TO TRUST SAMBA DOMAIN

I tried the following to have the LEGACY domain trust the SAMBA domain:
On SMB1:
#useradd legacy$
#smbpasswd -a -i legacy 

On a Windows 2000 server in the LEGACY domain, I used the NT4 User
Manager for Domains tool to add the SAMBA domain as a trusted domain.
Which seemed to work.  I then added my SAMBA user account to the local
users group of the Windows 2000 machine.   However, when I try to log in
as that user, I get the following message

"the system cannot log you on now because the domain e2k is not
available."

The event log on the PC Netlink server shows

"no domain controller is available for E2K for the following reason:
There are currently no logon servers available to service the logon
request" 


SAMBA DOMAIN TO TRUST LEGACY DOMAIN


I have also tried to have the SAMBA domain trust the LEGACY domain.

 
On the Windows 2000 server in the LEGACY domain, with the User Manager
for Domains tool, I listed SAMBA as a trusting domain.  The, on SMB1:

smb1# net rpc trustdom establish legacy
Could not connect to server LX1
Trust to domain LEGACY established


On the Windows 2003 server in the SAMBA domain, I attempt to add users
from the LEGACY domain to the local users group.  I go to the CompMgt
console->users->add -> select the domain.  When prompted, enter the
LEGACY\Administrator name and password.  When I attempt to list
accounts, or explicitly add a name, from from the LEGACY domain, I get
the message
the following error occurred while using the user name and password you
entered.  The remote procedure call failed and did not execute.



Any thoughts?  

thanks for your help.
  

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

RE: [Samba] Samba kerberos more time sensitive that Windows?

[Danilo Almeida]

Jason Haar wrote:
> Hi there
> 
> We just had a problem where a user couldn't connect to a Samba server
> that is a full ADS member. The same user could successfully connect to
> Windows2K3 servers.
> 
> The problem was obvious - their clock was 5 hours out, and Samba
> rejected their connections with a "Failed to verify incoming ticket".
> Correcting the time fixed the fault. However, it remains that Samba
> rejected them when Windows servers didn't.
> 
> Is that an option that can be enabled? Anything that makes Samba look
> more like Windows is a Good Thing (even if it violates the entire point
> of Kerberos! ;-)

Windows client apparently adjust their clocks based on the
CLOCK_SKEW error returned in the negprot response.  It's hard
for us in this cases since we are not the OS.


Not quite. 

Basically, in the krb5 error, the Windows server sends back a server time to 
the client.  The client uses this time to re-issue the krb5 auth request with a 
new authenticator generated using the server time.  This is not subject to 
man-in-the-middle.

So, IIRC, the fundamental issue is that the Samba server's krb5 response does 
not include its time information.

This came up on the list last September:
http://lists.samba.org/archive/samba/2006-September/125610.html

Which pointed to a response on the kerberos list:
http://mailman.mit.edu/pipermail/kerberos/2006-September/010482.html

- Danilo

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] BindDN and password for Active Directory

[Andrew Morgan]

On Thu, 26 Apr 2007, Stellwag, Philippe wrote:


Hello @ll,

I have a general question to Active Directory (AD), not directly
concerning samba, but I think the experts of this list know the answer.

At my scope: I'm using a Windows XP PC which is logged on using
Microsoft AD domain and Kerberos (normal procedure). I want to find out
the BindDN and - if possible the appropriate password - for using it for
a query with the Linux tool "ldapsearch". The problem is that I haven't
an admin-access to AD-server.

(1) Where are BindDN (and password) saved (e.g. Windows registry)?


If you can view your AD domain using the Active Directory Users and 
Computers MMC snap-in (you don't need admin access for this), then you can 
determine the DN of a user.  Find the user and the container (OU) it is 
located in.  The DN will be of the form:


cn=,ou=,dc=,dc=example,dc=com


(2) Which encryption (e.g. none, SSL, TLS) is used by microsoft for the
AD-queries (standard Windows login over an AD-domain)?


AD domain controllers listen on the standard LDAPS port (636) and will 
only accept binds on that port.  You cannot bind as a user on port 389.  I 
don't think they support TLS on port 389, but I have no tried in a long 
time.



(3) Can I use Ethereal for grep this information? If the answer is
"YES", what to do, to force Windows execute an login situation (e.g.
program -> execute as ...)?


Windows AD clients will use Kerberos to authenticate, not LDAP, so you 
won't be able to capture the information you need that way.


Andy
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Samba & CUPS: only banner-page gets printed

[Johannes Eckhardt]

In my setup I'm running Samba 3.0.23d-19.2 and CUPS  1.2.7-12.1. 
Printing from a windows-client works fine, until I instruct CUPS to add 
a banner-page. The banner-page then is the only thing that gets printed. 
Doing the same from Linux everything works fine. I get my job including 
a banner-page.


The Windows-printjob is passed raw from Samba to CUPS...

Anyone has an idea?

Best,

Johannes

--
Ing. Johannes Eckhardt
System- and Networkadministration, Support

Institute for Advanced Studies (IHS)
Dept. of Information Technology

Stumpergasse 56, 1060 Vienna, Austria

Phone:  +43 1 59991-266
Fax:+43 1 59991-555
e-mail: [EMAIL PROTECTED]
WWW:http://www.ihs.ac.at

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] AD and Samba

[Akinola . Oke]

I am new to samba and we have few earlier versions of ver_3 installed on
some old *nix system. I need W2K3-AD domain user to be able to access files
on this systems. I 've read in many documentations that version 3 and above
can easily be intergrated into AD domain, but is there anyway I could
provide file-access to older version. I am not partaining to intregrating
these old system into the AD-domain, so I do not if a WINS-server would be a
solution.

Any Ideas?

Thanks,
topokin

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] 3.0.24 What commands must be executed by root verses ntgroup="Domain Admins"?

[Michael Lueck]

I found the solution, or at least a work around, for my posting: "Can not grant 
SeMachineAccountPrivilege on Debian Etch"

I ended up:
1) ssh to Debian Etch as root
2) smbpasswd -a root
3) issue the "net rpc rights grant ..." command
SUCCESS!!!

So, that raises the question that what MUST be executed as user root verses a member of 
ntgroup="Domain Admins"?

I suspect that since Samba does not prompt for a password when I execute the "net groupmap add ..." command, that Samba does not take seriously that I wish to have users of a group be just like the 
root user.


Also, if I had configured Debian Etch not to use the root account, but sudo instead (Like the Ubuntu project) then how would that affect this condition? As far as I know, I would think that Samba 
would not be tricked into letting the user ID that is not literally "root" execute this command.


I usually do not have user "root" set up in smbpasswd as there has not been 
need for the account to exist as far as Samba is concerned.

Thanks!

--
Michael Lueck
Lueck Data Systems
http://www.lueckdatasystems.com/

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Pdbedit -L: strange error looking up RID 513 by key RID_00000201

[Ricardo Chamorro]

Samba 3.0.24 on Debian Etch 4 - PDC security=user
When I execute "pdbedit -L" then leaves a strange error. I stick underneath a 
copy here:

Linux:~# pdbedit -L
INFO: Current debug levels:
  all: True/5
  tdb: False/0
  printdrivers: False/0
  lanman: False/0
  smb: False/0
  rpc_parse: False/0
  rpc_srv: False/0
  rpc_cli: False/0
  passdb: False/0
  sam: False/0
  auth: False/0
  winbind: False/0
  vfs: False/0
  idmap: False/0
  quota: False/0
  acls: False/0
  locking: False/0
  msdfs: False/0
  dmapi: False/0
doing parameter log file = /var/log/samba/log.%m
doing parameter max log size = 100
doing parameter syslog only = no
doing parameter syslog = 0
doing parameter panic action = /usr/share/samba/panic-action %d
doing parameter security = user
doing parameter encrypt passwords = yes
doing parameter passdb backend = tdbsam
doing parameter obey pam restrictions = yes
doing parameter unix password sync = yes
doing parameter passwd program = /usr/bin/passwd %u
doing parameter passwd chat = *Enter\snew\sUNIX\spassword:* %n\n 
*Retype\snew\sUNIX\spassword:* %n\n *password\supdated\ssuccessfully* .
doing parameter domain logons = yes
doing parameter logon path = \\%N\profiles\%U
doing parameter logon script = logon.cmd
doing parameter socket options = TCP_NODELAY
doing parameter domain master = auto
pm_process() returned Yes
Attempting to register new charset UCS-2LE
Registered charset UCS-2LE
Attempting to register new charset UTF-16LE
Registered charset UTF-16LE
Attempting to register new charset UCS-2BE
Registered charset UCS-2BE
Attempting to register new charset UTF-16BE
Registered charset UTF-16BE
Attempting to register new charset UTF8
Registered charset UTF8
Attempting to register new charset UTF-8
Registered charset UTF-8
Attempting to register new charset ASCII
Registered charset ASCII
Attempting to register new charset 646
Registered charset 646
Attempting to register new charset ISO-8859-1
Registered charset ISO-8859-1
Attempting to register new charset UCS2-HEX
Registered charset UCS2-HEX
Substituting charset 'UTF-8' for LOCALE
Substituting charset 'UTF-8' for LOCALE
Substituting charset 'UTF-8' for LOCALE
Substituting charset 'UTF-8' for LOCALE
Substituting charset 'UTF-8' for LOCALE
Substituting charset 'UTF-8' for LOCALE
Substituting charset 'UTF-8' for LOCALE
Substituting charset 'UTF-8' for LOCALE
Substituting charset 'UTF-8' for LOCALE
Substituting charset 'UTF-8' for LOCALE
Substituting charset 'UTF-8' for LOCALE
Substituting charset 'UTF-8' for LOCALE
Substituting charset 'UTF-8' for LOCALE
Substituting charset 'UTF-8' for LOCALE
Substituting charset 'UTF-8' for LOCALE
Substituting charset 'UTF-8' for LOCALE
Substituting charset 'UTF-8' for LOCALE
Substituting charset 'UTF-8' for LOCALE
Substituting charset 'UTF-8' for LOCALE
Substituting charset 'UTF-8' for LOCALE
Attempting to register passdb backend ldapsam
Successfully added passdb backend 'ldapsam'
Attempting to register passdb backend ldapsam_compat
Successfully added passdb backend 'ldapsam_compat'
Attempting to register passdb backend NDS_ldapsam
Successfully added passdb backend 'NDS_ldapsam'
Attempting to register passdb backend NDS_ldapsam_compat
Successfully added passdb backend 'NDS_ldapsam_compat'
Attempting to register passdb backend smbpasswd
Successfully added passdb backend 'smbpasswd'
Attempting to register passdb backend tdbsam
Successfully added passdb backend 'tdbsam'
Attempting to find an passdb backend to match tdbsam (tdbsam)
Found pdb backend tdbsam
pdb backend tdbsam has a valid init
Netbios name list:-
my_netbios_names[0]="LINUX"
Attempting to find an passdb backend to match tdbsam (tdbsam)
Found pdb backend tdbsam
pdb backend tdbsam has a valid init
tdbsam_open: successfully opened /var/lib/samba/passdb.tdb
Home server: linux
Home server: linux
lookup_global_sam_rid: looking up RID 513.
pdb_getsampwrid (TDB): error looking up RID 513 by key RID_0201.
 Error: Record does not exist
store_gid_sid_cache: gid 1005 in cache -> 
S-1-5-21-275117359-2948478385-1723927003-513
nobody:65534:nobody
Home server: linux
Home server: linux
fetch gid from cache 1005 -> S-1-5-21-275117359-2948478385-1723927003-513
proxy:13:proxy
Home server: linux
Home server: linux
fetch gid from cache 1005 -> S-1-5-21-275117359-2948478385-1723927003-513
Ricardo$:1004:Pc de Ricardo
Home server: linux
Home server: linux
fetch gid from cache 1005 -> S-1-5-21-275117359-2948478385-1723927003-513
riki:1000:RA,,,
Home server: linux
Home server: linux
fetch gid from cache 1005 -> S-1-5-21-275117359-2948478385-1723927003-513
ameliae:1002:,,,
Home server: linux
Home server: linux
fetch gid from cache 1005 -> S-1-5-21-275117359-2948478385-1723927003-513
www-data:33:www-data
Home server: linux
Home server: linux
fetch gid from cache 1005 -> S-1-5-21-275117359-2948478385-1723927003-513
root:0:root
Home server: linux
Home server: linux
fetch gid from cache 1005 -> S-1-5-21-275117359-2948478385-1723927003-513
news:9:news
Home server: linux
Home server:

[Samba] winbindd PID name resolution mis-behaviour with Linux (openSuse 10.1)

[Kristopher . Lalletti]

Hi All,

I'm running Samba quite well on my OpenSuse 10.1 PPC using samba 
3.0.22-13.27-1162-SUSE-CODE10 integrated with winbindd and idmap_rid 
support to a Windows 2003 AD. 

However, I've encountered two issues:

1. username resolution of PID UID's stay numeric, the operating system is 
not resolving the UID of the process and leaving it numric.
2. in another deployment (with exact smb.conf, however this time using a 
Windows 2000 domain), I encounter the same issue as #1, but this time, the 
operating-system is trying to resolve the UID's and taking significant 
time per process that is owned by a winbind-provided UID.

Yet, when I do a getent passwd, or getent group, everything is listed 
properly. When I list files on my filesystem owned by winbind-provided 
UID's, the names and groups resolve, everything works, except for process 
UID name resolution.

How is the operating system hooked into winbind to resolve external 
usernames?  The first scenario of the problem where names simply not 
resolving instantaneously isn't much of a problem, since I can execute 
programs like a ps -ef without having to wait, however, on my 2nd system 
when I do the same command, I have to wait about 10-15 seconds for each 
line having a PID owned by a winbind provided UID.

Any hints?  Workarounds?  It seems to apply on Suse 10, since Suse 9 works 
flawlessly.

Cheers
Kris


My /etc/samba/smb.conf 

[global]
workgroup = MYWORKGROUP
map to guest = Bad User
template homedir = /srv/fs/home/%U
template shell = /srv/fs/scripts/smbshwrapper
winbind nss info = template
idmap backend = rid:MYWORKGROUP=1000-1000
idmap gid = 1000-1000
idmap uid = 1000-1000
allow trusted domains = Yes
realm = MYWORKGROUP.local
security = ADS

winbind refresh tickets = true
winbind offline logon = true

winbind enum users = true
winbind enum groups = true

winbind use default domain = yes

winbind nested groups = no

name resolve order = wins host bcast

wins server = 172.23.23.250 172.23.23.251
wins support = no

unix charset = UTF8 

load printers = no
printcap name = /dev/null 
disable spoolss = no

nt acl support = yes
guest only = no 
guest ok = no 

hide dot files = yes

log level = 2
log file = /var/log/samba/log.%m

admin users = "administrator"
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] (Fwd) mapping drive from sanba machine requesting password fai

[fharrington]

--- Forwarded message follows ---
From:   Self <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
Subject:mapping drive from sanba machine requesting 
password fails
Date sent:  Thu, 26 Apr 2007 08:47:47 -0400

Hello,

I have done the following:
configured  the samba server with  webmin 
made the share not require passwords 
made the passwords on the samba server and windows the same
synchronized unix and samba users
made unix users samba users  

Windows users are still prompted for a password which fails.

I was trying to make the samba server also a PDC so it resides in a different 
domain. We are not trying to use it that way now. Perhaps changing it to the 
same domain would help.

I changed the domain to be the same as the PC machines - still no luck.

This is the definition of the share from the smb.conf.

[public]
comment = new file share on centos
writeable = yes
path = /public
write list = @ocln

I can mount it and so can my boss. Everyone else in the office cannot.

My question is : what diagnostic programs can help me determine why a 
windows user is getting prompted for a password or cannot mount a share ?

Thanks.

Frank

Frank Harrington
Systems Manager
Old Colony Library Network
220 Forbes Road
Braintree, MA 02184
(781)794-2513 ext 3
[EMAIL PROTECTED]
--- End of forwarded message ---
Frank Harrington
Systems Manager
Old Colony Library Network
220 Forbes Road
Braintree, MA 02184
(781)794-2513 ext 3
[EMAIL PROTECTED]
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Automatic printer download

[bsnottum]

Hallo!

I am running samba-3.0.10-1.4E.11 on centOS. I want to enable the
automatic printer download feature, but are running into problems.

I have tried to work it out from samba by example, but since the automatic
driver download is bundeled togehter with ldap (which I am not using),
this does not get me anywhere.

Can anyone direct me to a good howto on this - one that will make things
work! I have found many howtos - but they are too incomplete and
"fragmented".

Thanks!

Sincerly,
Bjorn


-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] nsswitch wins reverse lookup

[Peter Eser]

I don't get reverse lookups (gethostbyaddr) over winbind wins to work.
Normal lookups work and also wbinfo -I gives back a netbios name for an IP.

my entry in nsswitch.conf is  hosts:  files dns wins
(dns reverse lookups ar ok)

The wins server is also samba and runs on another server.

Many thanks for any help...


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Winbind: limiting groups that can log-in

[Gabriel Tabares-Barreiro]

Hi,

I am currently trying to configure AD (Windows 2003) + Linux (CentOS
4.4) to allow user logins for certain users, namely, developers.

The winbind authentication part of it is working correctly, but every
user in AD can login to the servers via ssh.

I have tried to limit users by adding 

valid_users = @"domain+developers" (+ is the separator) 

on /etc/samba/smb.conf, but this does not seem to work for
authentication.

As a workaround, I can limit access to groups by adding 

account required pam_listfile.so file=/etc/samba/allowed_groups
item=group sense=allow onerr=fail

to pam.d/sshd (/etc/samba/allowed_groups contains "developers"), but it
does not seem to get the group from AD, so no remote users can login.

Is there any way to map windows groups to unix groups without
installing SFU? I only want to map one group, so getting the data
directly from AD shouldn't be a problem.

Thanks

Gabriel


This e-mail and its attachments are confidential. If you are not the intended 
recipient of this e-mail message, please telephone or e-mail us immediately, 
delete this message from your system and do not read, copy, distribute, 
disclose or otherwise use this e-mail message and any attachments. 

Although RI3K believes this e-mail and any attachments to be free of any virus 
or other defect which may affect your computer, it is the responsibility of the 
recipient to ensure that it is virus free and RI3K does not accept any 
responsibility for any loss or damage in any way from its use.

RI3K Limited is a company registered in England no: 3909745.  Registered office 
10, Ely Place, London, EC1N 6RY.   VAT registration no: 769 0192 07

RI3K Asia Pte Ltd is a company registered in Singapore no. 200100326R.
Registered address 50, Raffles Place, #24-05 Singapore Land Tower, Singapore 
048623
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] BindDN and password for Active Directory

[Stellwag, Philippe]

Hello @ll,

I have a general question to Active Directory (AD), not directly
concerning samba, but I think the experts of this list know the answer.

At my scope: I'm using a Windows XP PC which is logged on using
Microsoft AD domain and Kerberos (normal procedure). I want to find out
the BindDN and - if possible the appropriate password - for using it for
a query with the Linux tool "ldapsearch". The problem is that I haven't
an admin-access to AD-server.

(1) Where are BindDN (and password) saved (e.g. Windows registry)?
(2) Which encryption (e.g. none, SSL, TLS) is used by microsoft for the
AD-queries (standard Windows login over an AD-domain)?
(3) Can I use Ethereal for grep this information? If the answer is
"YES", what to do, to force Windows execute an login situation (e.g.
program -> execute as ...)?

Much thanks in advance.

Best regards

Philippe Stellwag

-- 
Siemens AG
A&D MC RD3
Frauenauracher Str. 80
91056 Erlangen
Tel.: +49 (9131) 98-3972

Siemens Aktiengesellschaft: Chairman of the Supervisory Board: Heinrich
v. Pierer; 
Managing Board: Klaus Kleinfeld, Chairman, President and Chief Executive
Officer;
Johannes Feldmayer, Joe Kaeser, Rudi Lamprecht, Eduardo Montes, Juergen
Radomski,
Erich R. Reinhardt, Hermann Requardt, Uriel J. Sharef, Klaus Wucherer
Registered offices: Berlin and Munich
Commercial registries: Berlin Charlottenburg, HRB 12300, Munich, HRB
6684
WEEE Reg. No. DE 23691322
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] default devmode

[Martin Zielinski]

Hi!

Obviously the default devmode is enabled by default.
See param/loadparm.c for this.
The manpage is wrong at this point.

Bye,

~ Martin

Lutieri G. schrieb:

Hi.

Recently i created a print server with cups 1.2.8 and smbd Version
3.0.24-1.fc5 under a fedora 5 box.

I've installed some printer like as HP laserjet 2820, Konica Minolta
di2510, konica minolta 2430dl, hp laserjet 2600.

Drivers were uploaded with sucess. But i was getting a problem when
try to create a device mode for HP laserjet 2600. All others work
fine. In clientes with windows 2k, sometimes, when the client try to
change printer preferences explorer.exe crash or when trying to access
the properties page of the printer from Windows, the following error
message appears:
"Function address 0x caused a protection fault (exception code
0xc005). Some or all property page(s) may not be displayed."

i've followed this instructions
http://www.samba.org/samba/docs/man/Samba-HOWTO-Collection/classicalprinting.html#prt-modeset 



but nothing work.

In man smb.conf i found informations about "defaul devmode" option.
The default valeu for "default devmode' option is' no'. However when
declared in [printers] section all works fine. Errors disappear. The
device mode were created correctly.

Some issues: If the default value for this is option is NO why i need
to declare it?! I don't undestood. Can anyone to explain ?!

Bye!!




--
Martin Zielinski [EMAIL PROTECTED]
Software Development
SEH Computertechnik GmbH www.seh.de

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Samba with Kerberos on Active Directory: explorer hang

[Sébastien Estève]

I have just added this setting.

I'll give some feedback in a couple of hours.

Thank you,

Sébastien

2007/4/26, Scott Braiding <[EMAIL PROTECTED]>:


See if you have a deadtime setting in smb.conf.

deadtime = 0

Should keep clients connected.

-Original Message-
From: [EMAIL PROTECTED] [mailto:
[EMAIL PROTECTED] On Behalf Of
[-Jarod-]
Sent: Tuesday, 24 April 2007 10:10 PM
To: samba@lists.samba.org
Subject: [Samba] Samba with Kerberos on Active Directory: explorer hang

Hello everybody,

Apologizes for my english, I'm french :-)

I have set up several samba file servers in my company. Authentification
using kerberos works well with the Windows 2000 Active Directory server.
Everything is fine, windows clients use them and we are really happy with
them.

The point is I have a strange behaviour/phenomemon for which I am totally
unable to find a rational explanation.

After a few times (about 1 hour), windows clients (explorer) hang / are
freezing when they try to access samba shares. They are no longer able to
reach samba servers using the smb protocol.

It is really strange because when they log out and in again within their
windows session (without rebooting the computer), everything work well
again...until the next time !

It is a big issue for us because users are exaspered when it happen during
their work, and such a problem is never encountered with windows servers.

I have absolutely no ideas of what could be the guilty thing. Do somebody
have ever experienced such a behaviour?

I really would like to avoid going back to Windows for the file servers...

Regards,

Sébastien from France
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Problems with winbindd installation

[Andreas Grupp]

Hello

On a server I have installed Samba (3.0.23) - this works fine. Now I
have to be able to use ntlm_auth on the same machine against the own
users - this means the users of the Samba-server on localhost, not a
Samba-server in the network! I can't find any hints how to do this and
assume this is pretty simple :-(.

- smbd, nmbd and winbindd are running
- 'wbinfo -t' -> NT_STATUS_CANT_ACCESS_DOMAIN_INFO,
 Could not check secret
- 'wbinfo -u' -> Error looking up domain users

Is anyone also using this setup? Is there a solution? What am I doing wrong?

Andreas

-- 
_
Dipl.-Ing. Andreas Grupp   Elektronikschule Tettnang
Fachberater am Regierungspräsidium Tübingen / Schule und Bildung
Oberhofer Str. 25  Fon: +49 (0)7542 9372-0 bzw. -7608
88069 Tettnang Fax: +49 (0)7542 9372-40
http://www.elektronikschule.de/~grupp
GPG-Keys 2048R/9CB268A1, 1024D/7BA77A21 available
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba