[Samba] files with ~ in filename

[Sam Ami]

hi all

i'm finding that my users are not able to copy files to samba with a ~
in the file name e.g "marketing report for managemen~t.doc"
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Problem joining XP SP2 Machines to the domain

[Marshall Buschman]

Dale:

There is no client firewall on any of the machines in question.
The windows XP firewall has been disabled.

-Marshall


On Tue, Apr 29, 2008 at 12:57 PM, Dale Schroeder <
[EMAIL PROTECTED]> wrote:

>  Marshall,
>
> One last guess: Windows Firewall.  Is it turned on?  For comparison, in
> the AD domain I administer, I have to turn off the XP firewall or create an
> exception for tcp port 113 to join the domain.  Otherwise, it just sits
> there until it times out.  So, if any client firewall is running, try
> turning it off or making an exception.
>
> Dale
>
>
> Marshall Buschman wrote:
>
> Dale:
>
> I'm continuing to investigate - ipconfig /all shows both WINS servers.
> /var/cache/samba/wins.dat contains the xp machines.
> I do have a local DNS server, and it does resolve typical addresses (
> google.com) as expected.
> My PDC and BDC have A and PTR records that resolve properly, but nothing
> special other than that.
>
> Nothing appears in the logs on either the PDC or BDC.
>
> I've recently tried using the ForensiT User Profile Wizard, which tries to
> join the domain as part of it's process.
> It's interesting that using this tool, when auth fails, wireshark shows no
> conversation between the XP box and the DC - it looks like the XP isn't even
> trying to connect to the PDC.
>
> I've seen similar results using wireshark and the normal domain joining
> facilities.
> I've attempted to disable the signorseal requirements, which have no
> effect.
>
> The only effective solution is adding an entry to the lmhosts file, which
> is undesirable.
>
> -Marshall
>
> On Fri, Apr 25, 2008 at 9:14 AM, Dale Schroeder <
> [EMAIL PROTECTED]> wrote:
>
> > Marshall,
> >
> > Running out of ideas, but:
> > Have you checked the wins.dat file to see if it is actually being
> > populated with the xp machines?
> > Does "ipconfig /all" on the xp machines list the wins server?
> > If using it, is DNS working properly?
> > Any other clues in the logs?
> >
> > In "name resolve order =" I list wins first to give it the first chance
> > at name resolution.
> > I also don't have the multi-subnet issue to deal with, but some admins
> > put a wins server on each subnet.
> >
> > Dale
> >
> >
> > Marshall Buschman wrote:
> >
> > > Dale:
> > >
> > > Correct. I've implemented this option on all of the relevant subnets.
> > > I'm doing something like this:
> > >
> > > -
> > > option  netbios-name-servers 1.2.3.4, 1.3.3.7;
> > >
> > > -
> > >
> > > Where 1.2.3.4 is the old windows 2000 DC that we're migrating away
> > > from, and
> > > 1.3.3.7 is the samba PDC.
> > >
> > > I tested this, and found it to work appropriately under Windows 2000
> > > clients, but not Windows XP clients.
> > >
> > > I've even statically assigned an XP client an IP and WINS server, and
> > > it
> > > still does not work consistently.
> > >
> > > I still get the following error most of the time:
> > >
> > > The following error occurred attempting to join the domain "FOO":
> > > Logon failure: unknown user name or bad password.
> > >
> > > Windows 2000 clients function perfectly.
> > >
> > > Any ideas? Especially why only the XP clients have an issue?
> > >
> > > -Marshall
> > >
> > >
> > > On Thu, Apr 24, 2008 at 8:43 AM, Dale Schroeder <
> > > [EMAIL PROTECTED]> wrote:
> > >
> > >
> > >
> > > > Marshall,
> > > >
> > > > Since you have many clients, I'm guessing you have a dhcp server
> > > > running.
> > > >  If so, do you have a netbios nameserver option enabled in the dhcp
> > > > config?
> > > > In ISC's dhcp3 server it is "option netbios-name-servers
> > > > xxx.xxx.xxx.xxx;"
> > > >
> > > > Of course, on clients with static ip's, wins config must be done
> > > > manually,
> > > > and IIRC, the options changed somewhat in XP.  The default is to get
> > > > netbios
> > > > info from the dhcp server.
> > > >
> > > > Good luck,
> > > > Dale
> > > >
> > > >
> > > >
> > > >
> > > > Marshall Buschman wrote:
> > > >
> > > >
> > > >
> > > > > Hey All:
> > > > >
> > > > > I've got a working samba/ldap domain with a PDC in a datacenter
> > > > > and a BDC
> > > > > in
> > > > > my local office.
> > > > >
> > > > > I'm not able to reliably join a windows XP Pro machine to the
> > > > > domain by
> > > > > specifying the PDC as a wins server.
> > > > >
> > > > > I get the following error 90% of the time or more, with no
> > > > > discernible
> > > > > patterns or errors in any logs:
> > > > > -
> > > > > The following error occurred attempting to join the domain "FOO":
> > > > > Logon failure: unknown user name or bad password.
> > > > > -
> > > > >
> > > > > Windows 2000 machines join the domain 100% of the time.
> > > > >
> > > > > Adding a line to the lmhosts file like this:
> > > > > ---

Re: [Samba] Maxtor NAS share problem

[Toby Bluhm]

Rick Johnson wrote:

Alex Harrington wrote:

I was talking about saving the Linux filesystem info. Do your rsync


to
the NAS, then do a recursive getfacl,  redirecting the output to a 
file on the NAS.
When you do an rsync back from the NAS, correct the owner/perms 
with setfacl.




Trouble is that I CAN'T do my rsync to the NAS drive because it


doesn't


give me the access privileges I need to write to the NAS. The rsync
wants to change owner and the NAS won't let it do that.



There are switches to modify that behaviour - -p, -o, -t, -g - and there
are aliases (eg -a)that switch combinations of those on or off.

What's the exact command line you're using to rsync?



I was using a command of the form:

rsync -avz /source /destination

And if that had worked, I wouldn't have needed to ask this list for 
any help because ALL I was trying to do was use the NAS as a backup 
device.
The permissions, symbolic links, etc. need to be preserved by the 
rsync so that the files can be restored correctly IF they ever need to 
be restored.




Something like rsync -r /source/ /destination should work, regardless of
the permissions, because rsync will write everything as whoever you're
logged on as (or whoever the NAS translates that to be).

As previously suggested you can then do a recursive getfacl over /source
and write the output to /destination. That will create a text file with
all your permissions etc included in it so they can be restored by
setfacl if required.




I'm afraid I don't understand what purpose the getfacl or setfacl 
serves? The files on my system never had any access control lists so 
how does creating them solve my problem?




Understand that getfacl/setfacl captures/restores all file/dir 
attributes, ACL or not. A saved getfacl output, used as an input to 
setfacl will restore the attributes exactly - ACL or not.


Have you read the man pages on rsync, getfacl, setfacl?

It seems to me that what I REALLY need is access to the filesystem on 
the NAS so that I can set appropriate permissions there that will 
allow the original rsync -avz command to function properly.




Which one is your goal:

1.) Get the rsync/NAS combo to work as you want/expect?
2.) Make reliable backups of your Linux box?

If you say #1 , I think it's obvious you're going to have to manhandle 
the NAS box - install new firmware, hack your way in, get to the insides 
somehow - cause it ain't gonna work as is.


If you say #2 , there's a lot of tools that can that done for you - 
right now.


I think #2 should be your answer.


PS - you could always yank the NAS disks out, install them into your 
Linux box, and make a real server.



--
Toby Bluhm
Alltech Medical Systems America, Inc.
30825 Aurora Road Suite 100
Solon Ohio 44139
440-424-2240


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Samba segs when serving files from a windows partition on OpenBSD-4.2

[Jeremy Allison]

On Mon, Apr 28, 2008 at 09:05:29PM +0100, Edd Barrett wrote:

> I am sure that the OpenBSD team will be interested in fixing these bugs
> if they still exist, as they take pride making good quality code. I
> can't speak for NetBSD or FreeBSD.
> 
> As for the "directory name cache size = 0" it does not work for me. On
> OpenBSD. I used this configuration:
> 
> [global]
> workgroup = MYGROUP
> server string = Samba Server
> security = share
> log file = /var/log/smbd.%m
> directory name cache size = 0
> 
> [public]
>comment = Public Stuff
>path = /mnt/hot/sd0i
>public = yes
>writable = yes
>printable = no
> 
> I tested this with samba-latest.tgz from your web-page.
> 
> If I change the path to someplace else on a UFS slice, all is well.

Did you remove the lib/replace/repdir_getdirentries.c code as
well ? The aborts will still trigger even with "directory name cache
size = 0" if that code is in place.

Jeremy.
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Samba segs when serving files from a windows partition on OpenBSD-4.2

[Edd Barrett]

On Tue, Apr 29, 2008 at 10:34:22AM -0700, Jeremy Allison wrote:
> On Tue, Apr 29, 2008 at 10:06:18AM +0100, Edd Barrett wrote:
> > It turns out OpenBSD-current has some patches to fix this problem
> > which came from FreeBSD, just after the release of 4.2.
> > 
> > Is the samba team interested in taking the patches upstream?
> > 
> > http://www.openbsd.org/cgi-bin/cvsweb/ports/net/samba/patches/patch-lib_iconv.c?rev=1.1&content-type=text/x-cvsweb-markup
> > http://www.openbsd.org/cgi-bin/cvsweb/ports/net/samba/patches/patch-lib_replace_repdir_getdirentries_c?rev=1.1&content-type=text/x-cvsweb-markup
> 
> Unfortunately the patch-lib_replace_repdir_getdirentries_c patch
> is completely wrong. It removes the abort assert, but doesn't change
> the code that the abort is trying to assert. That whole replace
> file assumes that an integral number of directory entries always
> fit in a DIR_BUF_SIZE (1<<9) sized buffer. If they don't then
> this code simply doesn't work, which is why the abort is called.
> 
> This file should be removed, when we know that this bug has
> been fixed in the *BSD's.
> 
> "  This is needed because the existing directory handling in FreeBSD
>   and OpenBSD (and possibly NetBSD) doesn't correctly handle unlink()
>   on files in a directory where telldir() has been used. On a block
>   boundary it will occasionally miss a file when seekdir() is used to
>   return to a position previously recorded with telldir().
> 
>   This also fixes a severe performance and memory usage problem with
>   telldir() on BSD systems. Each call to telldir() in BSD adds an
>   entry to a linked list, and those entries are cleaned up on
>   closedir(). This means with a large directory closedir() can take an
>   arbitrary amount of time, causing network timeouts as millions of
>   telldir() entries are freed"
> 
> Is this now the case ? Last time I requested info in this Terry Lambert @ 
> Apple
> claimed that this behavior (doesn't correctly handle unlink() on files in a
> directory where telldir() has been used. On a block boundary it will
> occasionally miss a file when seekdir() is used to return to a position
> previously recorded with telldir()) was allowed by POSIX and there was no
> intention of fixing it.
> 
> If this is true it puts us at an impasse, as all other POSIX systems
> don't behave like this. I did do some work on our directory handling
> code in smbd/dir.c by adding a parameter "directory name cache size"
> which turns off the performance boost if set to zero. Check out the
> (long) bug report here :
> 
> https://bugzilla.samba.org/show_bug.cgi?id=4715
> 
> The last person to check this reported the change did not work
> for him. If this is incorrect, and setting "directory name cache size =
> 0" works for *BSD systems then I can remove the code in
> 
> lib/replace/repdir_getdirentries.c
> 
> entirely.
> 
> In addition, has the second bug been fixed in the *BSD's (the :
> "Each call to telldir() in BSD adds an entry to a linked list"
> bug) ?
> 
> If you give me feedback, I will close this out for 3.2. Unfortunately
> it's hard to get anyone on the *BSD side to work on this with me. I
> tend to be demand driven, and if someone from the *BSD community is
> willing to work directly with me to ensure Samba works on *BSD, I'd
> be happy to keep Samba working happily on these platforms. I don't
> have time to do a lot of testing on *BSD myself though, that's the
> problem. Guenther Kukkuk is a great example of how this can work.
> He drive us to keep fixing bigs with the OS/2 client support and
> is now a member of the Samba Team.
> 
> Jeremy.

I am sure that the OpenBSD team will be interested in fixing these bugs
if they still exist, as they take pride making good quality code. I
can't speak for NetBSD or FreeBSD.

As for the "directory name cache size = 0" it does not work for me. On
OpenBSD. I used this configuration:

[global]
workgroup = MYGROUP
server string = Samba Server
security = share
log file = /var/log/smbd.%m
directory name cache size = 0

[public]
   comment = Public Stuff
   path = /mnt/hot/sd0i
   public = yes
   writable = yes
   printable = no

I tested this with samba-latest.tgz from your web-page.

If I change the path to someplace else on a UFS slice, all is well.

Unfortunately I am not really the one to speak to regarding this, but I
will CC in the maintainer of Samba for OpenBSD.

Marc, do you know anything about these potential issues?

Thats not to say I am not willing to help. I will help if I can.

-- 

Best Regards
Edd

http://students.dec.bmth.ac.uk/ebarrett
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Maxtor NAS share problem

[Rick Johnson]

Alex Harrington wrote:

I was talking about saving the Linux filesystem info. Do your rsync


to 

the NAS, then do a recursive getfacl,  redirecting the output to a 
file on the NAS.
When you do an rsync back from the NAS, correct the owner/perms with 
setfacl.




Trouble is that I CAN'T do my rsync to the NAS drive because it


doesn't


give me the access privileges I need to write to the NAS. The rsync
wants to change owner and the NAS won't let it do that.



There are switches to modify that behaviour - -p, -o, -t, -g - and there
are aliases (eg -a)that switch combinations of those on or off.

What's the exact command line you're using to rsync?



I was using a command of the form:

rsync -avz /source /destination

And if that had worked, I wouldn't have needed to ask this list for any 
help because ALL I was trying to do was use the NAS as a backup device.
The permissions, symbolic links, etc. need to be preserved by the rsync 
so that the files can be restored correctly IF they ever need to be 
restored.




Something like rsync -r /source/ /destination should work, regardless of
the permissions, because rsync will write everything as whoever you're
logged on as (or whoever the NAS translates that to be).

As previously suggested you can then do a recursive getfacl over /source
and write the output to /destination. That will create a text file with
all your permissions etc included in it so they can be restored by
setfacl if required.




I'm afraid I don't understand what purpose the getfacl or setfacl 
serves? The files on my system never had any access control lists so how 
does creating them solve my problem?


It seems to me that what I REALLY need is access to the filesystem on 
the NAS so that I can set appropriate permissions there that will allow 
the original rsync -avz command to function properly.


Best Regards,

Rick J.
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] net view produces error 5

[Larry Alkoff]

Larry Alkoff wrote:
I am debbuging my Kubuntu Linux to Windows XP Professional Service Pack 
1 and 2 connection using Andrew Tridgell's excellent diagnosis.txt.


The test fails on test 5 which should return a list of available shares 
from the server.


 From the XP command prompt:
net view \\kinda
System error 5 has occurred.
Access is denied.

I can't see why this error should be happening.
Bother users have the same user name.
The linux password is encrypted but I don't know about the WXP password.



Problem fixed.  Please ignore.

I was trying to do net view \\kinda
as root.  Changing to user fixed it.

Also it was Tridgell 8 not 5.

Larry
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Re: interdomain trust between two samba pdc's

[Hans-Wilhelm Heisinger]

   I have trusts setup between 3 samba domains.  Do you have a specific 
question regarding setup?


Hans

Adam Williams wrote:
i think you have to create the trusts on both DOMAINS as they only 
work in one direction.  the official samba how to and reference guide 
briefly touches on the subject.


SoUnD WrEcK wrote:

So is no one here doing interdomain trusts using two Samba PDC's on two
different subnets?  I have been struggling with this problem for a 
long time

now, and would like some help with it.  Thanks!


On Fri, Apr 25, 2008 at 2:54 PM, SoUnD WrEcK <[EMAIL PROTECTED]> 
wrote:


 

I have been trying off and on for some time now to get an interdomain
trust relationship going between two samba pdc machines 
(DomainA=trusted &

DomainB=trusting).  Both pdc's are running on Solaris boxes and NIS is
involved (I doubt there is a NIS complication just because I can use
accounts on DomainA on DomainB's samba, as long as I add them using
smbpasswd manually).

The situation is this.  DomainA hosts most user accounts for my two
networks.  Therefore DomainA should be trusted and DomainB should be
trusting.  The documentation is confusing and does not describe this 
exact

scenario (talks about samba with microsoft pdc's).  I have tried every
combination I can think of, but things still aren't working as they 
should.


I have added an account for DomainB on DomainA.  I then type 
"smbpasswd -a

-i DomainB", still working on DomainA.  This seems to go through okay.
However, when I type "net rpc trustdom list" on DomainA, I get the
following:

Trusted domains list:
none

Trusting domains list:
Unable to find a suitable server
domain controller is not responding
DomainB

I expect what I see for trusted, but for trusting, should I really be
seeing those errors?  What do they mean?  Is the fact that DomainB 
is listed

mean that it worked and I should ignore the errors?

I guess I'll stop here and make sure there is not a problem with 
this step

before I post further information about this process.

Thanks.







--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Samba segs when serving files from a windows partition on OpenBSD-4.2

[Uwe Laverenz]

Jeremy Allison schrieb:


If you give me feedback, I will close this out for 3.2. Unfortunately
it's hard to get anyone on the *BSD side to work on this with me. I


Thank you very much for your explanations. I must admit that I am quite 
shocked about this. I always thought of Samba as one of the most 
important products that can be run on a Unix machine. It would be quite 
sad for the *BSDs if nobody takes care of this. Well, maybe that troll 
on slashdot is right... :(


bye,
Uwe
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] samba windows domain controller

[Mike Brady]

The add user script is only for adding users, not machines and it
shouldn't call smbpassword.  The script only needs to handle the OS task
of adding the user.  Samba will add the Samba stuff itself.

To add machines you want an "add machines script" specified.

Depending on what you are trying to do you can also have other scripts
specified.  A full set for a Linux box could be:
add user script = /usr/sbin/useradd "%u" -n -g domusers
delete user script = /usr/sbin/userdel "%u"
add group script = /usr/sbin/groupadd "%g"
delete group script = /usr/sbin/groupdel "%g"
add user to group script = /usr/bin/gpasswd -a "%u" "%g"
delete user from group script = /usr/bin/gpasswd -d "%u" "%g"
add machine script = /usr/sbin/useradd -n -c "Workstation (%u)"
-M -d /nohome -s /bin/false -g machines "%u"
add share command = /usr/local/samba/modify_samba_config.py
delete share command = /usr/local/samba/modify_samba_config.py

On Tue, 2008-04-29 at 14:45 +0100, Evan Ingram wrote:
> Hi
> 
> I want windows machines to automatically be added into samba when they
> try to attach to the domain. Had various problems with root account not
> being accepted. 
> 
> Can anyone spot anything glaringly obviously wrong in my config that
> follows. 
> Cheers 
> 
> 
> 
> 
> [global]
> name resolve order = wins bcast hosts 
> ldap ssl = no
> passwd chat = *New*password* %n\n *Retype*new*password* %n\n
> *passwd:*all*authentication*tokens*updated*successfully*
> idmap gid = 500-550
> admin users = root 
> obey pam restrictions = no
> client schannel = no
> passwd program = /usr/bin/passwd %u
> dns proxy = No
> netbios name = sss-server
> writeable = yes
> printing = lprng
> idmap uid = 500-2000
> logon script = user.bat
> workgroup = domain
> debug level = 3
> os level = 65
> getwd cache = yes
> log file = /var/log/samba/%m.log
> guest account = root 
> socket options = TCP_NODELAY SO_SNDBUF=8192 SO_RCVBUF=8192
> sync always = yes
> map to guest = never
> null passwords = yes
> domain master = Yes
> encrypt passwords = yes
> public = yes
> realm = domain
> wins support = true
> netbios aliases = sss-server
> server string = sss-server
> add user script = /usr/sbin/useradd -g machines -c NTMachine
> -d /dev/null -s /bin/false %m$ && /usr/bin/smbpasswd -a -m %m$
> domain logons = Yes
> pam password change = Yes
> # DOMAIN ADMIN GROUP added to allow root as local admin
> domain admin group = root
> 
> [homes]
> comment = Home Directories
> valid users = %S
> read only = No
> create mask = 0664
> directory mask = 0775
> browseable = No
> [netlogon]
> comment = Network Logon Service
> share modes = No
> public = yes
> path = /usr/local/samba/netlogon
> 
> [Profiles]
> nt acl support = yes
> browseable = no
> delete readonly = yes
> path = /usr/local/samba/profiles
> force group = root
> force user = root
> comment = Network Profiles Service
> create mode = 0600
> directory mode = 0700
> 
> [root_dir]
> comment = root dir mark only
> delete readonly = yes
> path = /
> 
> [data]
> force user = root
> comment = Data Directory
> path = /home/data/
> force group = root
> 
-- 
Mike Brady
PGP ID: 0x9C777DA4


signature.asc
Description: This is a digitally signed message part
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Samba segs when serving files from a windows partition on OpenBSD-4.2

[Jeremy Allison]

On Tue, Apr 29, 2008 at 10:06:18AM +0100, Edd Barrett wrote:
> Hi,
> 
> On Fri, Apr 25, 2008 at 3:00 PM, Edd Barrett <[EMAIL PROTECTED]> wrote:
> >  I am willing to test patches. I may have a prod about in the source at
> >  some point, but you guys can probably diagnose and fix the fault a
> >  whole load better than I can. I have never looked at the samba source
> >  before.
> 
> It turns out OpenBSD-current has some patches to fix this problem
> which came from FreeBSD, just after the release of 4.2.
> 
> Is the samba team interested in taking the patches upstream?
> 
> http://www.openbsd.org/cgi-bin/cvsweb/ports/net/samba/patches/patch-lib_iconv.c?rev=1.1&content-type=text/x-cvsweb-markup
> http://www.openbsd.org/cgi-bin/cvsweb/ports/net/samba/patches/patch-lib_replace_repdir_getdirentries_c?rev=1.1&content-type=text/x-cvsweb-markup

Unfortunately the patch-lib_replace_repdir_getdirentries_c patch
is completely wrong. It removes the abort assert, but doesn't change
the code that the abort is trying to assert. That whole replace
file assumes that an integral number of directory entries always
fit in a DIR_BUF_SIZE (1<<9) sized buffer. If they don't then
this code simply doesn't work, which is why the abort is called.

This file should be removed, when we know that this bug has
been fixed in the *BSD's.

"  This is needed because the existing directory handling in FreeBSD
  and OpenBSD (and possibly NetBSD) doesn't correctly handle unlink()
  on files in a directory where telldir() has been used. On a block
  boundary it will occasionally miss a file when seekdir() is used to
  return to a position previously recorded with telldir().

  This also fixes a severe performance and memory usage problem with
  telldir() on BSD systems. Each call to telldir() in BSD adds an
  entry to a linked list, and those entries are cleaned up on
  closedir(). This means with a large directory closedir() can take an
  arbitrary amount of time, causing network timeouts as millions of
  telldir() entries are freed"

Is this now the case ? Last time I requested info in this Terry Lambert @ Apple
claimed that this behavior (doesn't correctly handle unlink() on files in a
directory where telldir() has been used. On a block boundary it will
occasionally miss a file when seekdir() is used to return to a position
previously recorded with telldir()) was allowed by POSIX and there was no
intention of fixing it.

If this is true it puts us at an impasse, as all other POSIX systems
don't behave like this. I did do some work on our directory handling
code in smbd/dir.c by adding a parameter "directory name cache size"
which turns off the performance boost if set to zero. Check out the
(long) bug report here :

https://bugzilla.samba.org/show_bug.cgi?id=4715

The last person to check this reported the change did not work
for him. If this is incorrect, and setting "directory name cache size =
0" works for *BSD systems then I can remove the code in

lib/replace/repdir_getdirentries.c

entirely.

In addition, has the second bug been fixed in the *BSD's (the :
"Each call to telldir() in BSD adds an entry to a linked list"
bug) ?

If you give me feedback, I will close this out for 3.2. Unfortunately
it's hard to get anyone on the *BSD side to work on this with me. I
tend to be demand driven, and if someone from the *BSD community is
willing to work directly with me to ensure Samba works on *BSD, I'd
be happy to keep Samba working happily on these platforms. I don't
have time to do a lot of testing on *BSD myself though, that's the
problem. Guenther Kukkuk is a great example of how this can work.
He drive us to keep fixing bigs with the OS/2 client support and
is now a member of the Samba Team.

Jeremy.
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Problem joining XP SP2 Machines to the domain

[Marshall Buschman]

Dale:

I'm continuing to investigate - ipconfig /all shows both WINS servers.
/var/cache/samba/wins.dat contains the xp machines.
I do have a local DNS server, and it does resolve typical addresses (
google.com) as expected.
My PDC and BDC have A and PTR records that resolve properly, but nothing
special other than that.

Nothing appears in the logs on either the PDC or BDC.

I've recently tried using the ForensiT User Profile Wizard, which tries to
join the domain as part of it's process.
It's interesting that using this tool, when auth fails, wireshark shows no
conversation between the XP box and the DC - it looks like the XP isn't even
trying to connect to the PDC.

I've seen similar results using wireshark and the normal domain joining
facilities.
I've attempted to disable the signorseal requirements, which have no effect.

The only effective solution is adding an entry to the lmhosts file, which is
undesirable.

-Marshall

On Fri, Apr 25, 2008 at 9:14 AM, Dale Schroeder <
[EMAIL PROTECTED]> wrote:

> Marshall,
>
> Running out of ideas, but:
> Have you checked the wins.dat file to see if it is actually being
> populated with the xp machines?
> Does "ipconfig /all" on the xp machines list the wins server?
> If using it, is DNS working properly?
> Any other clues in the logs?
>
> In "name resolve order =" I list wins first to give it the first chance at
> name resolution.
> I also don't have the multi-subnet issue to deal with, but some admins put
> a wins server on each subnet.
>
> Dale
>
>
>
> Marshall Buschman wrote:
>
> > Dale:
> >
> > Correct. I've implemented this option on all of the relevant subnets.
> > I'm doing something like this:
> >
> > -
> > option  netbios-name-servers 1.2.3.4, 1.3.3.7;
> >
> > -
> >
> > Where 1.2.3.4 is the old windows 2000 DC that we're migrating away from,
> > and
> > 1.3.3.7 is the samba PDC.
> >
> > I tested this, and found it to work appropriately under Windows 2000
> > clients, but not Windows XP clients.
> >
> > I've even statically assigned an XP client an IP and WINS server, and it
> > still does not work consistently.
> >
> > I still get the following error most of the time:
> >
> > The following error occurred attempting to join the domain "FOO":
> > Logon failure: unknown user name or bad password.
> >
> > Windows 2000 clients function perfectly.
> >
> > Any ideas? Especially why only the XP clients have an issue?
> >
> > -Marshall
> >
> >
> > On Thu, Apr 24, 2008 at 8:43 AM, Dale Schroeder <
> > [EMAIL PROTECTED]> wrote:
> >
> >
> >
> > > Marshall,
> > >
> > > Since you have many clients, I'm guessing you have a dhcp server
> > > running.
> > >  If so, do you have a netbios nameserver option enabled in the dhcp
> > > config?
> > > In ISC's dhcp3 server it is "option netbios-name-servers
> > > xxx.xxx.xxx.xxx;"
> > >
> > > Of course, on clients with static ip's, wins config must be done
> > > manually,
> > > and IIRC, the options changed somewhat in XP.  The default is to get
> > > netbios
> > > info from the dhcp server.
> > >
> > > Good luck,
> > > Dale
> > >
> > >
> > >
> > >
> > > Marshall Buschman wrote:
> > >
> > >
> > >
> > > > Hey All:
> > > >
> > > > I've got a working samba/ldap domain with a PDC in a datacenter and
> > > > a BDC
> > > > in
> > > > my local office.
> > > >
> > > > I'm not able to reliably join a windows XP Pro machine to the domain
> > > > by
> > > > specifying the PDC as a wins server.
> > > >
> > > > I get the following error 90% of the time or more, with no
> > > > discernible
> > > > patterns or errors in any logs:
> > > > -
> > > > The following error occurred attempting to join the domain "FOO":
> > > > Logon failure: unknown user name or bad password.
> > > > -
> > > >
> > > > Windows 2000 machines join the domain 100% of the time.
> > > >
> > > > Adding a line to the lmhosts file like this:
> > > > ---
> > > > 1.2.3.4   foopdc #PRE #DOM:FOO #net group's DC
> > > > ---
> > > > Causes the XP machine to be able to join the domain 100% of the
> > > > time.
> > > >
> > > > I have many clients, and adding this file to the lmhosts file
> > > > everywhere
> > > > isn't feasible.
> > > >
> > > > The real question is - why doesn't WINS work?
> > > > I can run net view and see all the machines..
> > > >
> > > > I'd really appreciate any help you guys can provide.
> > > >
> > > > -Marshall
> > > >
> > > >
> > > >
> > > >
> > >
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] net view produces error 5

[Larry Alkoff]

I am debbuging my Kubuntu Linux to Windows XP Professional Service Pack 
1 and 2 connection using Andrew Tridgell's excellent diagnosis.txt.


The test fails on test 5 which should return a list of available shares 
from the server.


From the XP command prompt:
net view \\kinda
System error 5 has occurred.
Access is denied.

I can't see why this error should be happening.
Bother users have the same user name.
The linux password is encrypted but I don't know about the WXP password.
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Strange behaviour regarding timestamps when copying files

[Peter Woelfel]

Hi all,

we observed a strange effect when copying an file within a samba
share: Both atime an mtime of the target file are set to the mtime
of the original file. The atime of the original file is updated to
the current time.


1. Status of the original file:

# stat test.txt
   File: `test.txt'
   Size: 3   Blocks: 8  IO Block: 4096   regular file
Device: 811h/2065d  Inode: 58721415Links: 1
Access: (0777/-rwxrwxrwx)  Uid: (  609/ testuser)   Gid: (  800/testgroup)
Access: 2008-04-25 11:10:38.876386411 +0200
Modify: 2008-04-24 13:31:52.554637383 +0200
Change: 2008-04-24 13:49:26.615046291 +0200

2. Copying the file using a Windows XP SP2 box:

X:\> copy test.txt test2.txt

3. Status of the target file:

# stat test2.txt
   File: `test2.txt'
   Size: 3   Blocks: 8  IO Block: 4096   regular file
Device: 811h/2065d  Inode: 58721425Links: 1
Access: (0775/-rwxrwxr-x)  Uid: (  609/ testuser)   Gid: (  800/testgroup)
Access: 2008-04-24 13:31:52.0 +0200
Modify: 2008-04-24 13:31:52.0 +0200
Change: 2008-04-25 11:10:38.881383030 +0200



When copying the same file on the server with 'cp', all timestamps
of the target file are updated.

# cp test.txt test3.txt

# stat test.txt
   File: `test.txt'
   Size: 3   Blocks: 8  IO Block: 4096   regular file
Device: 811h/2065d  Inode: 58721415Links: 1
Access: (0777/-rwxrwxrwx)  Uid: (  609/ testuser)   Gid: (  800/testgroup)
Access: 2008-04-29 10:39:42.676283318 +0200
Modify: 2008-04-24 13:31:52.554637383 +0200
Change: 2008-04-24 13:49:26.615046291 +0200

# stat test3.txt
   File: `test3.txt'
   Size: 3   Blocks: 8  IO Block: 4096   regular file
Device: 811h/2065d  Inode: 58721426Links: 1
Access: (0755/-rwxr-xr-x)  Uid: (0/root)   Gid: (0/root)
Access: 2008-04-29 10:39:42.675283834 +0200
Modify: 2008-04-29 10:39:42.675283834 +0200
Change: 2008-04-29 10:39:42.675283834 +0200



We verified this behaviour with several samba versions beginning
with 2.2.3 up to 3.0.26. This is the minimalistic smb.conf we used
for testing (with samba 3.x):

[global]
 workgroup = TEST
 passdb backend = ldapsam:ldaps://172.16.112.1
 preferred master = No
 local master = No
 domain master = No
 ldap admin dn = cn=admin,o=leistritz
 ldap suffix = o=leistritz
 printing = bsd

[data]
 comment = data
 path = /data
 read only = No


A Windows Server behaves differently:
here, only the atime of the target file is updated on copy, along
with the creation time which sadly is not available on Unix.

One of our applications appears to get confused by this behaviour,
so we are looking for a way to mimic the MS Windows handling of
timestamps (or at least how Unix does it).


Thanks,
--
| LEISTRITZ Aktiengesellschaft Tel.:  +49 (0) 911 4306 559
| Peter Wölfel, EDV-Abteilung (ITO)Fax:   +49 (0) 911 4306 685
| Markgrafenstraße 29-39   eMail: [EMAIL PROTECTED]
| D-90459 Nürnberg Web:   http://www.leistritz.com
--
LEISTRITZ Aktiengesellschaft
Markgrafenstr. 29-39, D-90459 Nuernberg
Telefon/Phone: +49 911 4306-0  Fax: +49 911 4306-420
Internet: www.leistritz.com

Vorsitzender des Aufsichtsrates/
Chairman of the Supervisory Board: 
Dipl.-Ing. Helmuth Schaak


Vorstand/Board of Directors: 
Dipl.-Kfm. Dr. Heiko Neumann

Dr.-Ing. Michael Radke
Dr.-Ing. Ernst Rothstein 


Sitz der Gesellschaft/Registered Office: Nuernberg
Handelsregister/Commercial Register: HRB 7679, Registergericht Nuernberg
USt-IdNr./VAT-No.: DE133500743  St.-Nr.: 241/115/90148

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Samba send SPNEGO if Extended Security is ON

[Jewelyn Catingub]

Help, anyone?
Your responses will be greatly appreciated.
Thanks!


- Original Message 
From: Jewelyn Catingub <[EMAIL PROTECTED]>
To: Jewelyn Catingub <[EMAIL PROTECTED]>; Gerald (Jerry) Carter <[EMAIL 
PROTECTED]>
Cc: samba@lists.samba.org
Sent: Thursday, April 24, 2008 10:00:04 PM
Subject: Re: [Samba] Samba send SPNEGO if Extended Security is ON


Hi Jerry,

In section 4.1.1 of the SNIA CIFS tech reference,
it is not explicitly says that  extended security bit == spnego support.
Is it right?




- Original Message 
From: Jewelyn Catingub <[EMAIL PROTECTED]>
To: Gerald (Jerry) Carter <[EMAIL PROTECTED]>
Cc: samba@lists.samba.org
Sent: Wednesday, April 23, 2008 6:48:20 AM
Subject: Re: [Samba] Samba send SPNEGO if Extended Security is ON




- Original Message 
From: Gerald (Jerry) Carter <[EMAIL PROTECTED]>
To: Jewelyn Catingub <[EMAIL PROTECTED]>
Cc: samba@lists.samba.org
Sent: Tuesday, April 22, 2008 10:53:20 PM
Subject: Re: [Samba] Samba send SPNEGO if Extended Security is ON

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Jewelyn Catingub wrote:
> 
> - Original Message 
> From: Gerald (Jerry) Carter <[EMAIL PROTECTED]>
> To: Jewelyn Catingub <[EMAIL PROTECTED]>
> Cc: samba@lists.samba.org
> Sent: Tuesday, April 22, 2008 8:40:23 PM
> Subject: Re: [Samba] Samba send SPNEGO if Extended Security is ON
> 
> Jewelyn Catingub wrote:
>> Thanks for your reply.
> 
>> But in Windows, we encountered Raw NTLMSSP (not wrapped by spnego)
>> even if Extended Security bit is ON when there is no KDC in the
> workgroup.
>> (Well, we are not sure if that was really the reason)
>> Why is that so?
> 
> Hmm...What clients ?
> 
> Windows clients

> yes.  I figured that.  But what versions and service packs?

Client: Windows XP SP2
Server: Windows 2003 Server



> cheers, jerry
- --
=
Samba--- http://www.samba.org
Likewise Software  -  http://www.likewisesoftware.com
"What man is a man who does not make the world better?"  --Balian
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFIDfvgIR7qMdg1EfYRAinKAJ4/7g8moK3Kq98kgK5ykcy/seJOfwCfXisi
OU47EbjF9zbpRiqiJudLaH4=
=4Vjh
-END PGP SIGNATURE-



  

Be a better friend, newshound, and 
know-it-all with Yahoo! Mobile.  Try it now.  
http://mobile.yahoo.com/;_ylt=Ahu06i62sR8HDtDypao8Wcj9tAcJ
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba


Be a better friend, newshound, and 
know-it-all with Yahoo! Mobile. Try it now.


  

Be a better friend, newshound, and 
know-it-all with Yahoo! Mobile.  Try it now.  
http://mobile.yahoo.com/;_ylt=Ahu06i62sR8HDtDypao8Wcj9tAcJ
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Samba 3.2.0-pre3 packages in Debian - version of Samba in Debian lenny

[Christian Perrier]

Quoting Gerald (Jerry) Carter ([EMAIL PROTECTED]):
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
>
> Christian,
>
> | Debian entered the freeze stage for lenny on April 1st.
>
> Wow!  A 5 month freeze before release?  I guess I can
> understand for a distro but that seems a bit excessive.


Well, etch freeze started on Aug. 1st 2006 and etch was released on
Apr 8th 2007, so 5 months is actually *short*..:-)

For people interested in such stuff, here's the release schedule:

Early March 2008
  Very soft freeze
Please start thinking about the release when uploading new major
upstream versions. Only upload to unstable if you are sure that
the software will be stable before we release. If you are not
convinced, use experimental as staging area.

  Freeze of release goal list
We will announce the final list of release goals and report about
the progress made in each area. At this point, goals which look
too hard to complete for lenny will be removed from the list (and
automatically put on the list for lenny+1)

  Start of the second BSP marathon for Lenny
See below for more information about this, but you can and should
help with it.

Early April 2008
  Freeze of the essential toolchain

Mid of June 2008
  Freeze of the non-essential toolchain and all libraries
The "non-essential toolchain" means things like debhelper, cdbs 
and a big chunk of other things usually needed to produce binary
packages.

Mid of July 2008
  Full freeze
Please don't wait with uploads for the last day before the freeze,
thanks.

September 2008
  Release lenny!

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] samba windows domain controller

[Gerald (Jerry) Carter]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Evan Ingram wrote:
| Hi
|
| I want windows machines to automatically be added into samba when they
| try to attach to the domain. Had various problems with root account not
| being accepted.
|
| Can anyone spot anything glaringly obviously wrong in my config that
| follows.

| add user script = /usr/sbin/useradd -g machines -c NTMachine
| -d /dev/null -s /bin/false %m$ && /usr/bin/smbpasswd -a -m %m$


Add user script should only add the unix account.  Don't call smbpasswd
here.  smbd will fill in the information.
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.2.2 (Darwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFIFyz7IR7qMdg1EfYRAp3QAJ9pepvD8KtoOSXqyK4f2W1XLTwzpQCdGnlw
GCxzFdhtjyMGSbN8hEdUxqA=
=eaGq
-END PGP SIGNATURE-
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] samba windows domain controller

[Evan Ingram]

Hi

I want windows machines to automatically be added into samba when they
try to attach to the domain. Had various problems with root account not
being accepted. 

Can anyone spot anything glaringly obviously wrong in my config that
follows. 
Cheers 




[global]
name resolve order = wins bcast hosts 
ldap ssl = no
passwd chat = *New*password* %n\n *Retype*new*password* %n\n
*passwd:*all*authentication*tokens*updated*successfully*
idmap gid = 500-550
admin users = root 
obey pam restrictions = no
client schannel = no
passwd program = /usr/bin/passwd %u
dns proxy = No
netbios name = sss-server
writeable = yes
printing = lprng
idmap uid = 500-2000
logon script = user.bat
workgroup = domain
debug level = 3
os level = 65
getwd cache = yes
log file = /var/log/samba/%m.log
guest account = root 
socket options = TCP_NODELAY SO_SNDBUF=8192 SO_RCVBUF=8192
sync always = yes
map to guest = never
null passwords = yes
domain master = Yes
encrypt passwords = yes
public = yes
realm = domain
wins support = true
netbios aliases = sss-server
server string = sss-server
add user script = /usr/sbin/useradd -g machines -c NTMachine
-d /dev/null -s /bin/false %m$ && /usr/bin/smbpasswd -a -m %m$
domain logons = Yes
pam password change = Yes
# DOMAIN ADMIN GROUP added to allow root as local admin
domain admin group = root

[homes]
comment = Home Directories
valid users = %S
read only = No
create mask = 0664
directory mask = 0775
browseable = No
[netlogon]
comment = Network Logon Service
share modes = No
public = yes
path = /usr/local/samba/netlogon

[Profiles]
nt acl support = yes
browseable = no
delete readonly = yes
path = /usr/local/samba/profiles
force group = root
force user = root
comment = Network Profiles Service
create mode = 0600
directory mode = 0700

[root_dir]
comment = root dir mark only
delete readonly = yes
path = /

[data]
force user = root
comment = Data Directory
path = /home/data/
force group = root

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Samba 3.2.0-pre3 packages in Debian - version of Samba in Debian lenny

[Gerald (Jerry) Carter]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Christian,

| Debian entered the freeze stage for lenny on April 1st.

Wow!  A 5 month freeze before release?  I guess I can
understand for a distro but that seems a bit excessive.







cheers, jerry
- --
=
Samba--- http://www.samba.org
Likewise Software  -  http://www.likewisesoftware.com
"What man is a man who does not make the world better?"  --Balian
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.2.2 (Darwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFIFx9nIR7qMdg1EfYRAgdGAKDAa5CaoNxlMC/IUK/xpCARs9n+TQCg1jE2
YvSSxlCdq6v3LGzsnno0hjg=
=xH+j
-END PGP SIGNATURE-
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] new password empty

[Maurizio Marini]

Hi there
i have a very strange issue:
%n is empty, for sure.


ldap passwd sync = No
unix password sync = Yes
passwd program = /usr/bin/php -f /etc/samba/scripts/chgpwd.php %u %n
passwd chat debug = yes

this small php script does log:

Apr 29 11:19:13 pdc myScriptLog[29555]: change password: prova - %n

if i use smbldap-passwd

;   passwd program = /usr/bin/php -f /etc/samba/scripts/chgpwd.php %u %n
passwd program = /usr/sbin/smbldap-passwd -u %u
passwd chat = "New password:" %n\\n "Retype new password:" %n\\n 
"changed"
passwd chat debug = yes

i added some logging to it:
/var/log/perl.log
Apr 29 11:20:31 pdc smbldap-passwd[29615]: Changing UNIX passwords for prova
Apr 29 11:20:34 pdc smbldap-passwd[29617]: starting
Apr 29 11:20:34 pdc smbldap-passwd[29617]: changing password for prova
Apr 29 11:20:34 pdc smbldap-passwd[29617]: Changing UNIX passwords for prova
Apr 29 11:20:36 pdc smbldap-passwd[29619]: starting
Apr 29 11:20:36 pdc smbldap-passwd[29619]: changing password for prova
Apr 29 11:20:36 pdc smbldap-passwd[29619]: Changing UNIX passwords for prova
Apr 29 11:20:38 pdc smbldap-passwd[29621]: starting
Apr 29 11:20:38 pdc smbldap-passwd[29621]: changing password for prova
Apr 29 11:20:38 pdc smbldap-passwd[29621]: Changing UNIX passwords for prova

/var/log/messages:
Apr 29 11:20:17 pdc smbd[592]: [2008/04/29 11:20:17, 0] 
libsmb/smbencrypt.c:decode_pw_buffer(552)
Apr 29 11:20:17 pdc smbd[592]:   decode_pw_buffer: incorrect password length 
(-278203093).
Apr 29 11:20:17 pdc smbd[592]: [2008/04/29 11:20:17, 0] 
libsmb/smbencrypt.c:decode_pw_buffer(553)
Apr 29 11:20:17 pdc smbd[592]:   decode_pw_buffer: check that 'encrypt 
passwords = yes'


as far as i can see, smbldap-passwd does not receive %n and ask it more and 
more 3 times.

Why is it not receiving new password by windows client?
any advise would be apreciated

Maurizio
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Strange behaviour of winbind on solaris 8

[Oliver Weinmann]

Yes, i added him to that group to see if that makes any difference. Thanks
for all your help. And I will let you know, when I found out what the
problem is.

Best Regards,
Oliver


On 4/29/08, Dietrich Streifert <[EMAIL PROTECTED]> wrote:
>
> I wonder why oweinmann is member of the group staff. Maybe there is an
> entry for oweinmann in /etc/passwd?
>
> So I'm running out of ideas :-( Mabye someone out there can take over.
>
> Good luck and report back what you have found.
>
>
> Oliver Weinmann schrieb:
>
> I changed both groups and users to "no". Still no difference. Another
> strange thing i came across.
>
> as user "oweinmann"
>
> $ id
> uid=11611(oweinmann) gid=1613(domain users)
> $ id -a oweinmann
> uid=11611(oweinmann) gid=1613(domain users) groups=10(staff)
> $ id -a
>
> why is the id -a oweinmann working as user "oweinmann" but not id -a
>
>
> On 4/29/08, Dietrich Streifert <[EMAIL PROTECTED]> wrote:
> >
> > Please try to set combinations of
> >
> > winbind enum groups = No
> >
> > and test again.
> >
> > This could be the reason why getent groups never ends. This is known to
> > be a problem with big AD user/groups databases.
> >
> > Have a look at this and related paramters in  > path>/swat/help/manpages/smb.conf.5.html
> >
> >
> >
> > Oliver Weinmann schrieb:
> >
> > It's the latest stable.
> >
> > # smbd -V
> > Version 3.0.28a
> >
> > [global]
> > netbios name = rose8
> > realm = VEGAGROUP.NET 
> > workgroup = VEGA
> > security = ADS
> > encrypt passwords = yes
> > password server = *
> > os level = 20
> > socket options = TCP_NODELAY SO_RCVBUF=16384 SO_SNDBUF=16384
> > idmap uid = 1100-20
> > idmap gid = 1100-20
> > idmap backend = rid:VEGA=1100-20
> > allow trusted domains = no
> > winbind enum users = yes
> > winbind enum groups = yes
> > template homedir = /home/%U
> > template shell = /bin/sh
> > preferred master = no
> > winbind nested groups = Yes
> > winbind use default domain = Yes
> > #winbind separator = +
> > #winbind normalize names = yes
> > log level = 10
> > max log size = 50
> > log file = /var/log/samba/log.%m
> > dns proxy = no
> > wins server = 172.20.205.1
> > allow trusted domains = No
> > client use spnego = Yes
> > use kerberos keytab = true
> > winbind offline logon = yes
> >
> > I really appreciate your big effort. Thanks!
> >
> > On 4/29/08, Dietrich Streifert <[EMAIL PROTECTED]> wrote:
> > >
> > > Which samba version do you use?
> > >
> > > Please post the global configuration section of smb.conf.
> > >
> > >
> > > Oliver Weinmann schrieb:
> > >
> > > Here could be a problem. I could not change our win 2k3 schema. They
> > > were afraid it could break something... tsss. So i had to use the 
> > > idmap_rid
> > > module. Which does a good job actually. It uses the last portion of the AD
> > > users SID and adds it to a base set in smb.conf. I issued your commands:
> > >
> > > bash-2.03# getent passwd | grep oweinmann
> > > oweinmann2:*:15042:1613:Oliver Weinmann2:/home/oweinmann2:/bin/sh
> > > oweinmann:*:11611:1613:Oliver Weinmann:/home/oweinmann:/bin/sh
> > > oweinmann1:*:15041:1613:Oliver Weinmann1:/home/oweinmann1:/bin/sh
> > > bash-2.03# id -a oweinmann
> > > uid=11611(oweinmann) gid=1613(domain users) groups=10(staff)
> > > bash-2.03# su oweinmann
> > > $ id
> > > uid=11611(oweinmann) gid=1613(domain users)
> > > $ id -a
> > >
> > > the "id -a" as user "oweinmann" seems to get stuck. It just sits
> > > there. I noticed when issuing "groups oweinmann" as root it also gets 
> > > stuck.
> > > On some users the "groups" command seems to be working on some other 
> > > don't.
> > >
> > >
> > > On 4/29/08, Dietrich Streifert <[EMAIL PROTECTED]> wrote:
> > > >
> > > > We have several installations where we use the two different AD
> > > > schema extensions (SFU from Windows Services for Unix and rfc2307bis 
> > > > from
> > > > Windows Server 2003R2) to put the needed information in.
> > > >
> > > > We are using the idmap_ad module to map the uid, gid, home etc.
> > > > information from the AD.
> > > >
> > > > The local users and the AD users are completely separated. We do not
> > > > mix up local users and AD users.
> > > >
> > > > The first basic test if the AD user information retreival is working
> > > > is to use the getent command:
> > > >
> > > > getent 
> > > >
> > > > So for a test user account I get:
> > > >
> > > > korund{root}[/]: getent passwd testuser
> > > > testuser:*:1004:1000:Lastname,
> > > > Firstname:/home/testuser:/bin/tcsh
> > > >
> > > > If this works the first step is done.
> > > >
> > > > The second test is to get all related Information for one user:
> > > >
> > > > korund{root}[/]: id -a testuser
> > > > uid=1004(testuser) gid=1000(visionet) groups=

Re: [Samba] Strange behaviour of winbind on solaris 8

[Dietrich Streifert]

I wonder why oweinmann is member of the group staff. Maybe there is an 
entry for oweinmann in /etc/passwd?


So I'm running out of ideas :-( Mabye someone out there can take over.

Good luck and report back what you have found.


Oliver Weinmann schrieb:
I changed both groups and users to "no". Still no difference. Another 
strange thing i came across.
 
as user "oweinmann"
 
$ id

uid=11611(oweinmann) gid=1613(domain users)
$ id -a oweinmann
uid=11611(oweinmann) gid=1613(domain users) groups=10(staff)
$ id -a
 
why is the id -a oweinmann working as user "oweinmann" but not id -a


 
On 4/29/08, *Dietrich Streifert* <[EMAIL PROTECTED] 
> wrote:


Please try to set combinations of

winbind enum groups = No

and test again.


This could be the reason why getent groups never ends. This is
known to be a problem with big AD user/groups databases.

Have a look at this and related paramters in /swat/help/manpages/smb.conf.5.html



Oliver Weinmann schrieb:

It's the latest stable.
 
# smbd -V

Version 3.0.28a

[global]
netbios name = rose8
realm = VEGAGROUP.NET 
workgroup = VEGA
security = ADS
encrypt passwords = yes
password server = *
os level = 20
socket options = TCP_NODELAY SO_RCVBUF=16384 SO_SNDBUF=16384
idmap uid = 1100-20
idmap gid = 1100-20
idmap backend = rid:VEGA=1100-20
allow trusted domains = no
winbind enum users = yes
winbind enum groups = yes
template homedir = /home/%U
template shell = /bin/sh
preferred master = no
winbind nested groups = Yes
winbind use default domain = Yes
#winbind separator = +
#winbind normalize names = yes
log level = 10
max log size = 50
log file = /var/log/samba/log.%m
dns proxy = no
wins server = 172.20.205.1 
allow trusted domains = No
client use spnego = Yes
use kerberos keytab = true
winbind offline logon = yes
 
I really appreciate your big effort. Thanks!
 
On 4/29/08, *Dietrich Streifert* <[EMAIL PROTECTED]

> wrote:

Which samba version do you use?

Please post the global configuration section of smb.conf.


Oliver Weinmann schrieb:

Here could be a problem. I could not change our win 2k3
schema. They were afraid it could break something... tsss.
So i had to use the idmap_rid module. Which does a good job
actually. It uses the last portion of the AD users SID and
adds it to a base set in smb.conf. I issued your commands:
 
bash-2.03# getent passwd | grep oweinmann

oweinmann2:*:15042:1613:Oliver
Weinmann2:/home/oweinmann2:/bin/sh
oweinmann:*:11611:1613:Oliver Weinmann:/home/oweinmann:/bin/sh
oweinmann1:*:15041:1613:Oliver
Weinmann1:/home/oweinmann1:/bin/sh
bash-2.03# id -a oweinmann
uid=11611(oweinmann) gid=1613(domain users) groups=10(staff)
bash-2.03# su oweinmann
$ id
uid=11611(oweinmann) gid=1613(domain users)
$ id -a
 
the "id -a" as user "oweinmann" seems to get stuck. It just

sits there. I noticed when issuing "groups oweinmann" as
root it also gets stuck. On some users the "groups" command
seems to be working on some other don't.

 
On 4/29/08, *Dietrich Streifert*

<[EMAIL PROTECTED]
> wrote:

We have several installations where we use the two
different AD schema extensions (SFU from Windows
Services for Unix and rfc2307bis from Windows Server
2003R2) to put the needed information in.

We are using the idmap_ad module to map the uid, gid,
home etc. information from the AD.

The local users and the AD users are completely
separated. We do not mix up local users and AD users.

The first basic test if the AD user information
retreival is working is to use the getent command:

getent 

So for a test user account I get:

korund{root}[/]: getent passwd testuser
testuser:*:1004:1000:Lastname,
Firstname:/home/testuser:/bin/tcsh

If this works the first step is done.

The second test is to get all related Information for
one user:

korund{root}[/]: id -a testuser
uid=1004(testuser) gid=1000(visionet)
groups=1033(devjavalib)

The third test is to su - testuser and again try to
i

Re: [Samba] Strange behaviour of winbind on solaris 8

[Dietrich Streifert]

Please try to set combinations of

   winbind enum groups = No
   
and test again.


This could be the reason why getent groups never ends. This is known to 
be a problem with big AD user/groups databases.


Have a look at this and related paramters in path>/swat/help/manpages/smb.conf.5.html




Oliver Weinmann schrieb:

It's the latest stable.
 
# smbd -V

Version 3.0.28a

[global]
netbios name = rose8
realm = VEGAGROUP.NET 
workgroup = VEGA
security = ADS
encrypt passwords = yes
password server = *
os level = 20
socket options = TCP_NODELAY SO_RCVBUF=16384 SO_SNDBUF=16384
idmap uid = 1100-20
idmap gid = 1100-20
idmap backend = rid:VEGA=1100-20
allow trusted domains = no
winbind enum users = yes
winbind enum groups = yes
template homedir = /home/%U
template shell = /bin/sh
preferred master = no
winbind nested groups = Yes
winbind use default domain = Yes
#winbind separator = +
#winbind normalize names = yes
log level = 10
max log size = 50
log file = /var/log/samba/log.%m
dns proxy = no
wins server = 172.20.205.1 
allow trusted domains = No
client use spnego = Yes
use kerberos keytab = true
winbind offline logon = yes
 
I really appreciate your big effort. Thanks!
 
On 4/29/08, *Dietrich Streifert* <[EMAIL PROTECTED] 
> wrote:


Which samba version do you use?

Please post the global configuration section of smb.conf.


Oliver Weinmann schrieb:

Here could be a problem. I could not change our win 2k3 schema.
They were afraid it could break something... tsss. So i had to
use the idmap_rid module. Which does a good job actually. It uses
the last portion of the AD users SID and adds it to a base set in
smb.conf. I issued your commands:
 
bash-2.03# getent passwd | grep oweinmann

oweinmann2:*:15042:1613:Oliver Weinmann2:/home/oweinmann2:/bin/sh
oweinmann:*:11611:1613:Oliver Weinmann:/home/oweinmann:/bin/sh
oweinmann1:*:15041:1613:Oliver Weinmann1:/home/oweinmann1:/bin/sh
bash-2.03# id -a oweinmann
uid=11611(oweinmann) gid=1613(domain users) groups=10(staff)
bash-2.03# su oweinmann
$ id
uid=11611(oweinmann) gid=1613(domain users)
$ id -a
 
the "id -a" as user "oweinmann" seems to get stuck. It just sits

there. I noticed when issuing "groups oweinmann" as root it also
gets stuck. On some users the "groups" command seems to be
working on some other don't.

 
On 4/29/08, *Dietrich Streifert* <[EMAIL PROTECTED]

> wrote:

We have several installations where we use the two different
AD schema extensions (SFU from Windows Services for Unix and
rfc2307bis from Windows Server 2003R2) to put the needed
information in.

We are using the idmap_ad module to map the uid, gid, home
etc. information from the AD.

The local users and the AD users are completely separated. We
do not mix up local users and AD users.

The first basic test if the AD user information retreival is
working is to use the getent command:

getent 

So for a test user account I get:

korund{root}[/]: getent passwd testuser
testuser:*:1004:1000:Lastname,
Firstname:/home/testuser:/bin/tcsh

If this works the first step is done.

The second test is to get all related Information for one user:

korund{root}[/]: id -a testuser
uid=1004(testuser) gid=1000(visionet) groups=1033(devjavalib)

The third test is to su - testuser and again try to issue
both commands obove. If the retreived information is the same
you should all be done (except from pam.conf which is another
story).






Oliver Weinmann schrieb:

Could the problem be that the AD users are not in any of the
local groups on the machine? How do you manage your AD users
to be members of local groups e.g. staff, sys etc.? pam_groups?

On 4/29/08, *Oliver Weinmann*
<[EMAIL PROTECTED]
> wrote:

there is nothing in /etc/profile and the user oweinmann
has no .bashrc. The problem seems to be related to nscd.
When nscd is turned on i can login and issue commands
and I don't get kicked out of the ssh login. There is no
idle session timeout set. If there was I would get
kicked out when nscd is turned on as well. Only when
logged in as an AD user I get kicked out...


On 4/29/08, *Dietrich Streifert*
<[EMAIL PROTECTED]
> wrote:

S

Re: [Samba] Strange behaviour of winbind on solaris 8

[Oliver Weinmann]

It's the latest stable.

# smbd -V
Version 3.0.28a

[global]
netbios name = rose8
realm = VEGAGROUP.NET
workgroup = VEGA
security = ADS
encrypt passwords = yes
password server = *
os level = 20
socket options = TCP_NODELAY SO_RCVBUF=16384 SO_SNDBUF=16384
idmap uid = 1100-20
idmap gid = 1100-20
idmap backend = rid:VEGA=1100-20
allow trusted domains = no
winbind enum users = yes
winbind enum groups = yes
template homedir = /home/%U
template shell = /bin/sh
preferred master = no
winbind nested groups = Yes
winbind use default domain = Yes
#winbind separator = +
#winbind normalize names = yes
log level = 10
max log size = 50
log file = /var/log/samba/log.%m
dns proxy = no
wins server = 172.20.205.1
allow trusted domains = No
client use spnego = Yes
use kerberos keytab = true
winbind offline logon = yes

I really appreciate your big effort. Thanks!

On 4/29/08, Dietrich Streifert <[EMAIL PROTECTED]> wrote:
>
> Which samba version do you use?
>
> Please post the global configuration section of smb.conf.
>
>
> Oliver Weinmann schrieb:
>
> Here could be a problem. I could not change our win 2k3 schema. They were
> afraid it could break something... tsss. So i had to use the idmap_rid
> module. Which does a good job actually. It uses the last portion of the AD
> users SID and adds it to a base set in smb.conf. I issued your commands:
>
> bash-2.03# getent passwd | grep oweinmann
> oweinmann2:*:15042:1613:Oliver Weinmann2:/home/oweinmann2:/bin/sh
> oweinmann:*:11611:1613:Oliver Weinmann:/home/oweinmann:/bin/sh
> oweinmann1:*:15041:1613:Oliver Weinmann1:/home/oweinmann1:/bin/sh
> bash-2.03# id -a oweinmann
> uid=11611(oweinmann) gid=1613(domain users) groups=10(staff)
> bash-2.03# su oweinmann
> $ id
> uid=11611(oweinmann) gid=1613(domain users)
> $ id -a
>
> the "id -a" as user "oweinmann" seems to get stuck. It just sits there. I
> noticed when issuing "groups oweinmann" as root it also gets stuck. On some
> users the "groups" command seems to be working on some other don't.
>
>
> On 4/29/08, Dietrich Streifert <[EMAIL PROTECTED]> wrote:
> >
> > We have several installations where we use the two different AD schema
> > extensions (SFU from Windows Services for Unix and rfc2307bis from Windows
> > Server 2003R2) to put the needed information in.
> >
> > We are using the idmap_ad module to map the uid, gid, home etc.
> > information from the AD.
> >
> > The local users and the AD users are completely separated. We do not mix
> > up local users and AD users.
> >
> > The first basic test if the AD user information retreival is working is
> > to use the getent command:
> >
> > getent 
> >
> > So for a test user account I get:
> >
> > korund{root}[/]: getent passwd testuser
> > testuser:*:1004:1000:Lastname, Firstname:/home/testuser:/bin/tcsh
> >
> > If this works the first step is done.
> >
> > The second test is to get all related Information for one user:
> >
> > korund{root}[/]: id -a testuser
> > uid=1004(testuser) gid=1000(visionet) groups=1033(devjavalib)
> >
> > The third test is to su - testuser and again try to issue both commands
> > obove. If the retreived information is the same you should all be done
> > (except from pam.conf which is another story).
> >
> >
> >
> >
> >
> >
> > Oliver Weinmann schrieb:
> >
> > Could the problem be that the AD users are not in any of the local
> > groups on the machine? How do you manage your AD users to be members of
> > local groups e.g. staff, sys etc.? pam_groups?
> >
> > On 4/29/08, Oliver Weinmann <[EMAIL PROTECTED]> wrote:
> > >
> > > there is nothing in /etc/profile and the user oweinmann has no
> > > .bashrc. The problem seems to be related to nscd. When nscd is turned on i
> > > can login and issue commands and I don't get kicked out of the ssh login.
> > > There is no idle session timeout set. If there was I would get kicked out
> > > when nscd is turned on as well. Only when logged in as an AD user I get
> > > kicked out...
> > >
> > > On 4/29/08, Dietrich Streifert <[EMAIL PROTECTED]> wrote:
> > > >
> > > > So there must be something in your bash init files, /etc/profile or
> > > > ~/.bashrc (sorry I'm not a bash user) which causes the problem.
> > > >
> > > > Maybe something which forms the shell prompt like whoami etc.
> > > >
> > > > Maybe there is something like a autologout set for the csh or in
> > > > sshd with idle session timeout.
> > > >
> > > >
> > > > Oliver Weinmann schrieb:
> > > >
> > > > Hi,
> > > >
> > > > no,  there was nothing in /var/adm/messages, but guess what with the
> > > > csh ls -alrt and such commands work fine... But i get kicked out of the 
> > > > ssh
> > > > session after 2 minutes... :(
> > > >
> > > >
> > > > On 4/29/08, Dietrich Streifert <[EMAIL PROTECTED]>
> > > > wr

Re: [Samba] Strange behaviour of winbind on solaris 8

[Dietrich Streifert]

Which samba version do you use?

Please post the global configuration section of smb.conf.


Oliver Weinmann schrieb:
Here could be a problem. I could not change our win 2k3 schema. They 
were afraid it could break something... tsss. So i had to use the 
idmap_rid module. Which does a good job actually. It uses the last 
portion of the AD users SID and adds it to a base set in smb.conf. I 
issued your commands:
 
bash-2.03# getent passwd | grep oweinmann

oweinmann2:*:15042:1613:Oliver Weinmann2:/home/oweinmann2:/bin/sh
oweinmann:*:11611:1613:Oliver Weinmann:/home/oweinmann:/bin/sh
oweinmann1:*:15041:1613:Oliver Weinmann1:/home/oweinmann1:/bin/sh
bash-2.03# id -a oweinmann
uid=11611(oweinmann) gid=1613(domain users) groups=10(staff)
bash-2.03# su oweinmann
$ id
uid=11611(oweinmann) gid=1613(domain users)
$ id -a
 
the "id -a" as user "oweinmann" seems to get stuck. It just sits 
there. I noticed when issuing "groups oweinmann" as root it also gets 
stuck. On some users the "groups" command seems to be working on some 
other don't.


 
On 4/29/08, *Dietrich Streifert* <[EMAIL PROTECTED] 
> wrote:


We have several installations where we use the two different AD
schema extensions (SFU from Windows Services for Unix and
rfc2307bis from Windows Server 2003R2) to put the needed
information in.

We are using the idmap_ad module to map the uid, gid, home etc.
information from the AD.

The local users and the AD users are completely separated. We do
not mix up local users and AD users.

The first basic test if the AD user information retreival is
working is to use the getent command:

getent 

So for a test user account I get:

korund{root}[/]: getent passwd testuser
testuser:*:1004:1000:Lastname, Firstname:/home/testuser:/bin/tcsh

If this works the first step is done.

The second test is to get all related Information for one user:

korund{root}[/]: id -a testuser
uid=1004(testuser) gid=1000(visionet) groups=1033(devjavalib)

The third test is to su - testuser and again try to issue both
commands obove. If the retreived information is the same you
should all be done (except from pam.conf which is another story).






Oliver Weinmann schrieb:

Could the problem be that the AD users are not in any of the
local groups on the machine? How do you manage your AD users to
be members of local groups e.g. staff, sys etc.? pam_groups?

On 4/29/08, *Oliver Weinmann* <[EMAIL PROTECTED]
> wrote:

there is nothing in /etc/profile and the user oweinmann has
no .bashrc. The problem seems to be related to nscd. When
nscd is turned on i can login and issue commands and I don't
get kicked out of the ssh login. There is no idle session
timeout set. If there was I would get kicked out when nscd is
turned on as well. Only when logged in as an AD user I get
kicked out...


On 4/29/08, *Dietrich Streifert*
<[EMAIL PROTECTED]
> wrote:

So there must be something in your bash init files,
/etc/profile or ~/.bashrc (sorry I'm not a bash user)
which causes the problem.

Maybe something which forms the shell prompt like whoami etc.

Maybe there is something like a autologout set for the
csh or in sshd with idle session timeout.


Oliver Weinmann schrieb:

Hi,
 
no,  there was nothing in /var/adm/messages, but guess

what with the csh ls -alrt and such commands work
fine... But i get kicked out of the ssh session after 2
minutes... :(


On 4/29/08, *Dietrich Streifert*
<[EMAIL PROTECTED]
> wrote:

Are there any messages in /var/adm/messages which
are related to nss ?

As I can see you are using bash as your shell.

Try using csh. Does something change?

Oliver Weinmann schrieb:

su to user oweinmann works but when i ussie the ldd
-r /usr/lib/nss_winbind.so command it gets put in
the background.. :( i then do fg 2 and this is the
output:
 
bash-2.03$ ldd -r /usr/lib/nss_winbind.so


[2]+  Stopped ldd -r
/usr/lib/nss_winbind.so
bash-2.03$ fg 2
ldd -r /usr/lib/nss_winbind.so
libthread.so.1 =>   
/usr/lib/libthread.so.1
libsocket.so.1 =>   
/usr/lib/libsocket.so.1

libdl.so.1 =>/usr/lib/libdl.so.1
libc.so.1 => /usr/lib/libc.so.1
libnsl.so.1 =

Re: [Samba] Strange behaviour of winbind on solaris 8

[Oliver Weinmann]

Here could be a problem. I could not change our win 2k3 schema. They were
afraid it could break something... tsss. So i had to use the idmap_rid
module. Which does a good job actually. It uses the last portion of the AD
users SID and adds it to a base set in smb.conf. I issued your commands:

bash-2.03# getent passwd | grep oweinmann
oweinmann2:*:15042:1613:Oliver Weinmann2:/home/oweinmann2:/bin/sh
oweinmann:*:11611:1613:Oliver Weinmann:/home/oweinmann:/bin/sh
oweinmann1:*:15041:1613:Oliver Weinmann1:/home/oweinmann1:/bin/sh
bash-2.03# id -a oweinmann
uid=11611(oweinmann) gid=1613(domain users) groups=10(staff)
bash-2.03# su oweinmann
$ id
uid=11611(oweinmann) gid=1613(domain users)
$ id -a

the "id -a" as user "oweinmann" seems to get stuck. It just sits there. I
noticed when issuing "groups oweinmann" as root it also gets stuck. On some
users the "groups" command seems to be working on some other don't.


On 4/29/08, Dietrich Streifert <[EMAIL PROTECTED]> wrote:
>
> We have several installations where we use the two different AD schema
> extensions (SFU from Windows Services for Unix and rfc2307bis from Windows
> Server 2003R2) to put the needed information in.
>
> We are using the idmap_ad module to map the uid, gid, home etc.
> information from the AD.
>
> The local users and the AD users are completely separated. We do not mix
> up local users and AD users.
>
> The first basic test if the AD user information retreival is working is to
> use the getent command:
>
> getent 
>
> So for a test user account I get:
>
> korund{root}[/]: getent passwd testuser
> testuser:*:1004:1000:Lastname, Firstname:/home/testuser:/bin/tcsh
>
> If this works the first step is done.
>
> The second test is to get all related Information for one user:
>
> korund{root}[/]: id -a testuser
> uid=1004(testuser) gid=1000(visionet) groups=1033(devjavalib)
>
> The third test is to su - testuser and again try to issue both commands
> obove. If the retreived information is the same you should all be done
> (except from pam.conf which is another story).
>
>
>
>
>
>
> Oliver Weinmann schrieb:
>
> Could the problem be that the AD users are not in any of the local groups
> on the machine? How do you manage your AD users to be members of local
> groups e.g. staff, sys etc.? pam_groups?
>
> On 4/29/08, Oliver Weinmann <[EMAIL PROTECTED]> wrote:
> >
> > there is nothing in /etc/profile and the user oweinmann has no .bashrc.
> > The problem seems to be related to nscd. When nscd is turned on i can login
> > and issue commands and I don't get kicked out of the ssh login. There is no
> > idle session timeout set. If there was I would get kicked out when nscd is
> > turned on as well. Only when logged in as an AD user I get kicked out...
> >
> > On 4/29/08, Dietrich Streifert <[EMAIL PROTECTED]> wrote:
> > >
> > > So there must be something in your bash init files, /etc/profile or
> > > ~/.bashrc (sorry I'm not a bash user) which causes the problem.
> > >
> > > Maybe something which forms the shell prompt like whoami etc.
> > >
> > > Maybe there is something like a autologout set for the csh or in sshd
> > > with idle session timeout.
> > >
> > >
> > > Oliver Weinmann schrieb:
> > >
> > > Hi,
> > >
> > > no,  there was nothing in /var/adm/messages, but guess what with the
> > > csh ls -alrt and such commands work fine... But i get kicked out of the 
> > > ssh
> > > session after 2 minutes... :(
> > >
> > >
> > > On 4/29/08, Dietrich Streifert <[EMAIL PROTECTED]> wrote:
> > > >
> > > > Are there any messages in /var/adm/messages which are related to nss
> > > > ?
> > > >
> > > > As I can see you are using bash as your shell.
> > > >
> > > > Try using csh. Does something change?
> > > >
> > > > Oliver Weinmann schrieb:
> > > >
> > > > su to user oweinmann works but when i ussie the ldd -r
> > > > /usr/lib/nss_winbind.so command it gets put in the background.. :( i 
> > > > then do
> > > > fg 2 and this is the output:
> > > >
> > > > bash-2.03$ ldd -r /usr/lib/nss_winbind.so
> > > >
> > > > [2]+  Stopped ldd -r /usr/lib/nss_winbind.so
> > > > bash-2.03$ fg 2
> > > > ldd -r /usr/lib/nss_winbind.so
> > > > libthread.so.1 =>/usr/lib/libthread.so.1
> > > > libsocket.so.1 =>/usr/lib/libsocket.so.1
> > > > libdl.so.1 =>/usr/lib/libdl.so.1
> > > > libc.so.1 => /usr/lib/libc.so.1
> > > > libnsl.so.1 =>   /usr/lib/libnsl.so.1
> > > > libmp.so.2 =>/usr/lib/libmp.so.2
> > > > /usr/platform/SUNW,Ultra-5_10/lib/libc_psr.so.1
> > > >
> > > > bash-2.03$ ls -alrt /etc/nsswitch.conf
> > > >
> > > > [2]+  Stopped ls -alrt /etc/nsswitch.conf
> > > > bash-2.03$ fg 2
> > > > ls -alrt /etc/nsswitch.conf
> > > > -rw-r--r--   1 root sys 1320 Apr 28 13:19
> > > > /etc/nsswitch.conf
> > > >
> > > >
> > > >
> > > >
> > > >
> > > > On 4/29/08, Dietrich Streifert <[EMAIL PROTECTED]>
> > > > wrote:
> > > > >
> > > > > Please try to login (o

Re: [Samba] Strange behaviour of winbind on solaris 8

[Dietrich Streifert]

We have several installations where we use the two different AD schema 
extensions (SFU from Windows Services for Unix and rfc2307bis from 
Windows Server 2003R2) to put the needed information in.


We are using the idmap_ad module to map the uid, gid, home etc. 
information from the AD.


The local users and the AD users are completely separated. We do not mix 
up local users and AD users.


The first basic test if the AD user information retreival is working is 
to use the getent command:


   getent 

So for a test user account I get:

   korund{root}[/]: getent passwd testuser
   testuser:*:1004:1000:Lastname, Firstname:/home/testuser:/bin/tcsh

If this works the first step is done.

The second test is to get all related Information for one user:

korund{root}[/]: id -a testuser
uid=1004(testuser) gid=1000(visionet) groups=1033(devjavalib)

The third test is to su - testuser and again try to issue both commands 
obove. If the retreived information is the same you should all be done 
(except from pam.conf which is another story).







Oliver Weinmann schrieb:
Could the problem be that the AD users are not in any of the local 
groups on the machine? How do you manage your AD users to be members 
of local groups e.g. staff, sys etc.? pam_groups?


On 4/29/08, *Oliver Weinmann* <[EMAIL PROTECTED] 
> wrote:


there is nothing in /etc/profile and the user oweinmann has no
.bashrc. The problem seems to be related to nscd. When nscd is
turned on i can login and issue commands and I don't get kicked
out of the ssh login. There is no idle session timeout set. If
there was I would get kicked out when nscd is turned on as well.
Only when logged in as an AD user I get kicked out...


On 4/29/08, *Dietrich Streifert* <[EMAIL PROTECTED]
> wrote:

So there must be something in your bash init files,
/etc/profile or ~/.bashrc (sorry I'm not a bash user) which
causes the problem.

Maybe something which forms the shell prompt like whoami etc.

Maybe there is something like a autologout set for the csh or
in sshd with idle session timeout.


Oliver Weinmann schrieb:

Hi,
 
no,  there was nothing in /var/adm/messages, but guess what

with the csh ls -alrt and such commands work fine... But i
get kicked out of the ssh session after 2 minutes... :(


On 4/29/08, *Dietrich Streifert*
<[EMAIL PROTECTED]
> wrote:

Are there any messages in /var/adm/messages which are
related to nss ?

As I can see you are using bash as your shell.

Try using csh. Does something change?

Oliver Weinmann schrieb:

su to user oweinmann works but when i ussie the ldd -r
/usr/lib/nss_winbind.so command it gets put in the
background.. :( i then do fg 2 and this is the output:
 
bash-2.03$ ldd -r /usr/lib/nss_winbind.so


[2]+  Stopped ldd -r /usr/lib/nss_winbind.so
bash-2.03$ fg 2
ldd -r /usr/lib/nss_winbind.so
libthread.so.1 =>/usr/lib/libthread.so.1
libsocket.so.1 =>/usr/lib/libsocket.so.1
libdl.so.1 =>/usr/lib/libdl.so.1
libc.so.1 => /usr/lib/libc.so.1
libnsl.so.1 =>   /usr/lib/libnsl.so.1
libmp.so.2 =>/usr/lib/libmp.so.2
/usr/platform/SUNW,Ultra-5_10/lib/libc_psr.so.1

bash-2.03$ ls -alrt /etc/nsswitch.conf

[2]+  Stopped ls -alrt /etc/nsswitch.conf
bash-2.03$ fg 2
ls -alrt /etc/nsswitch.conf
-rw-r--r--   1 root sys 1320 Apr 28 13:19
/etc/nsswitch.conf


 



 
On 4/29/08, *Dietrich Streifert*

<[EMAIL PROTECTED]
> wrote:

Please try to login (or su) to the user oweinmann
and issue then ldd -r /usr/lib/nss_winbind.so

For some reason I think that non root users are not
able to read one of the involved files.

This could be

/etc/nsswitch.conf
/usr/lib/nss_winbind.so

or some of the files found by the ldd -r command.
The fact that you can issue commands while nscd is
running points to this fact becaus nscd is running
as root and has permissions to read all of those files.

/etc/nsswitch.conf should be readable by everyone.

I compiled samba myself with a full stack of
openssl, iconv, heimdal kerberos, cyrus-sasl,
openldap and samba. While people often speak of t

Re: [Samba] Strange behaviour of winbind on solaris 8

[Oliver Weinmann]

Could the problem be that the AD users are not in any of the local groups on
the machine? How do you manage your AD users to be members of local groups
e.g. staff, sys etc.? pam_groups?

On 4/29/08, Oliver Weinmann <[EMAIL PROTECTED]> wrote:
>
> there is nothing in /etc/profile and the user oweinmann has no .bashrc.
> The problem seems to be related to nscd. When nscd is turned on i can login
> and issue commands and I don't get kicked out of the ssh login. There is no
> idle session timeout set. If there was I would get kicked out when nscd is
> turned on as well. Only when logged in as an AD user I get kicked out...
>
> On 4/29/08, Dietrich Streifert <[EMAIL PROTECTED]> wrote:
> >
> > So there must be something in your bash init files, /etc/profile or
> > ~/.bashrc (sorry I'm not a bash user) which causes the problem.
> >
> > Maybe something which forms the shell prompt like whoami etc.
> >
> > Maybe there is something like a autologout set for the csh or in sshd
> > with idle session timeout.
> >
> >
> > Oliver Weinmann schrieb:
> >
> > Hi,
> >
> > no,  there was nothing in /var/adm/messages, but guess what with the csh
> > ls -alrt and such commands work fine... But i get kicked out of the ssh
> > session after 2 minutes... :(
> >
> >
> > On 4/29/08, Dietrich Streifert <[EMAIL PROTECTED]> wrote:
> > >
> > > Are there any messages in /var/adm/messages which are related to nss ?
> > >
> > > As I can see you are using bash as your shell.
> > >
> > > Try using csh. Does something change?
> > >
> > > Oliver Weinmann schrieb:
> > >
> > > su to user oweinmann works but when i ussie the ldd -r
> > > /usr/lib/nss_winbind.so command it gets put in the background.. :( i then 
> > > do
> > > fg 2 and this is the output:
> > >
> > > bash-2.03$ ldd -r /usr/lib/nss_winbind.so
> > >
> > > [2]+  Stopped ldd -r /usr/lib/nss_winbind.so
> > > bash-2.03$ fg 2
> > > ldd -r /usr/lib/nss_winbind.so
> > > libthread.so.1 =>/usr/lib/libthread.so.1
> > > libsocket.so.1 =>/usr/lib/libsocket.so.1
> > > libdl.so.1 =>/usr/lib/libdl.so.1
> > > libc.so.1 => /usr/lib/libc.so.1
> > > libnsl.so.1 =>   /usr/lib/libnsl.so.1
> > > libmp.so.2 =>/usr/lib/libmp.so.2
> > > /usr/platform/SUNW,Ultra-5_10/lib/libc_psr.so.1
> > >
> > > bash-2.03$ ls -alrt /etc/nsswitch.conf
> > >
> > > [2]+  Stopped ls -alrt /etc/nsswitch.conf
> > > bash-2.03$ fg 2
> > > ls -alrt /etc/nsswitch.conf
> > > -rw-r--r--   1 root sys 1320 Apr 28 13:19
> > > /etc/nsswitch.conf
> > >
> > >
> > >
> > >
> > >
> > > On 4/29/08, Dietrich Streifert <[EMAIL PROTECTED]> wrote:
> > > >
> > > > Please try to login (or su) to the user oweinmann and issue then ldd
> > > > -r /usr/lib/nss_winbind.so
> > > >
> > > > For some reason I think that non root users are not able to read one
> > > > of the involved files.
> > > >
> > > > This could be
> > > >
> > > > /etc/nsswitch.conf
> > > > /usr/lib/nss_winbind.so
> > > >
> > > > or some of the files found by the ldd -r command. The fact that you
> > > > can issue commands while nscd is running points to this fact becaus 
> > > > nscd is
> > > > running as root and has permissions to read all of those files.
> > > >
> > > > /etc/nsswitch.conf should be readable by everyone.
> > > >
> > > > I compiled samba myself with a full stack of openssl, iconv, heimdal
> > > > kerberos, cyrus-sasl, openldap and samba. While people often speak of 
> > > > the
> > > > Windows DLL hell this is the Solaris shared library hell :-( But it 
> > > > works.
> > > >
> > > >
> > > >
> > > > Oliver Weinmann schrieb:
> > > >
> > > > Hi,
> > > >
> > > > bash-2.03# ldd -r /usr/lib/nss_winbind.so
> > > > libthread.so.1 =>/usr/lib/libthread.so.1
> > > > libsocket.so.1 =>/usr/lib/libsocket.so.1
> > > > libdl.so.1 =>/usr/lib/libdl.so.1
> > > > libc.so.1 => /usr/lib/libc.so.1
> > > > libnsl.so.1 =>   /usr/lib/libnsl.so.1
> > > > libmp.so.2 =>/usr/lib/libmp.so.2
> > > > /usr/platform/SUNW,Ultra-5_10/lib/libc_psr.so.1
> > > >
> > > > I changed the permissions and files exactly to be the same but i
> > > > still cant issue commands... :(
> > > >
> > > > bash-2.03# ls -alrt /usr/lib/nss_winbind.so*
> > > > -rwxr-xr-x   1 root other  74744 Apr 29 09:03
> > > > /usr/lib/nss_winbind.so.1
> > > > lrwxrwxrwx   1 root other 25 Apr 29 09:04
> > > > /usr/lib/nss_winbind.so -> /usr/lib/nss_winbind.so.1
> > > >
> > > > Could this also be a problem of a compiling? Have you compiled the
> > > > samba yourself or are you using prebuilt packages?
> > > >
> > > > On 4/29/08, Dietrich Streifert <[EMAIL PROTECTED]>
> > > > wrote:
> > > > >
> > > > > which output gives ldd -r /usr/lib/nss_winbind.so ?
> > > > >
> > > > > I have the following naming and permission for nss_winbind:
> > > > >
> > > > > lrwxrwxrwx   1 root other 16 Jan 15  2004
> > > 

Re: [Samba] Strange behaviour of winbind on solaris 8

[Oliver Weinmann]

there is nothing in /etc/profile and the user oweinmann has no .bashrc. The
problem seems to be related to nscd. When nscd is turned on i can login and
issue commands and I don't get kicked out of the ssh login. There is no idle
session timeout set. If there was I would get kicked out when nscd is turned
on as well. Only when logged in as an AD user I get kicked out...

On 4/29/08, Dietrich Streifert <[EMAIL PROTECTED]> wrote:
>
> So there must be something in your bash init files, /etc/profile or
> ~/.bashrc (sorry I'm not a bash user) which causes the problem.
>
> Maybe something which forms the shell prompt like whoami etc.
>
> Maybe there is something like a autologout set for the csh or in sshd with
> idle session timeout.
>
>
> Oliver Weinmann schrieb:
>
> Hi,
>
> no,  there was nothing in /var/adm/messages, but guess what with the csh
> ls -alrt and such commands work fine... But i get kicked out of the ssh
> session after 2 minutes... :(
>
>
> On 4/29/08, Dietrich Streifert <[EMAIL PROTECTED]> wrote:
> >
> > Are there any messages in /var/adm/messages which are related to nss ?
> >
> > As I can see you are using bash as your shell.
> >
> > Try using csh. Does something change?
> >
> > Oliver Weinmann schrieb:
> >
> > su to user oweinmann works but when i ussie the ldd -r
> > /usr/lib/nss_winbind.so command it gets put in the background.. :( i then do
> > fg 2 and this is the output:
> >
> > bash-2.03$ ldd -r /usr/lib/nss_winbind.so
> >
> > [2]+  Stopped ldd -r /usr/lib/nss_winbind.so
> > bash-2.03$ fg 2
> > ldd -r /usr/lib/nss_winbind.so
> > libthread.so.1 =>/usr/lib/libthread.so.1
> > libsocket.so.1 =>/usr/lib/libsocket.so.1
> > libdl.so.1 =>/usr/lib/libdl.so.1
> > libc.so.1 => /usr/lib/libc.so.1
> > libnsl.so.1 =>   /usr/lib/libnsl.so.1
> > libmp.so.2 =>/usr/lib/libmp.so.2
> > /usr/platform/SUNW,Ultra-5_10/lib/libc_psr.so.1
> >
> > bash-2.03$ ls -alrt /etc/nsswitch.conf
> >
> > [2]+  Stopped ls -alrt /etc/nsswitch.conf
> > bash-2.03$ fg 2
> > ls -alrt /etc/nsswitch.conf
> > -rw-r--r--   1 root sys 1320 Apr 28 13:19 /etc/nsswitch.conf
> >
> >
> >
> >
> >
> > On 4/29/08, Dietrich Streifert <[EMAIL PROTECTED]> wrote:
> > >
> > > Please try to login (or su) to the user oweinmann and issue then ldd
> > > -r /usr/lib/nss_winbind.so
> > >
> > > For some reason I think that non root users are not able to read one
> > > of the involved files.
> > >
> > > This could be
> > >
> > > /etc/nsswitch.conf
> > > /usr/lib/nss_winbind.so
> > >
> > > or some of the files found by the ldd -r command. The fact that you
> > > can issue commands while nscd is running points to this fact becaus nscd 
> > > is
> > > running as root and has permissions to read all of those files.
> > >
> > > /etc/nsswitch.conf should be readable by everyone.
> > >
> > > I compiled samba myself with a full stack of openssl, iconv, heimdal
> > > kerberos, cyrus-sasl, openldap and samba. While people often speak of the
> > > Windows DLL hell this is the Solaris shared library hell :-( But it works.
> > >
> > >
> > >
> > > Oliver Weinmann schrieb:
> > >
> > > Hi,
> > >
> > > bash-2.03# ldd -r /usr/lib/nss_winbind.so
> > > libthread.so.1 =>/usr/lib/libthread.so.1
> > > libsocket.so.1 =>/usr/lib/libsocket.so.1
> > > libdl.so.1 =>/usr/lib/libdl.so.1
> > > libc.so.1 => /usr/lib/libc.so.1
> > > libnsl.so.1 =>   /usr/lib/libnsl.so.1
> > > libmp.so.2 =>/usr/lib/libmp.so.2
> > > /usr/platform/SUNW,Ultra-5_10/lib/libc_psr.so.1
> > >
> > > I changed the permissions and files exactly to be the same but i still
> > > cant issue commands... :(
> > >
> > > bash-2.03# ls -alrt /usr/lib/nss_winbind.so*
> > > -rwxr-xr-x   1 root other  74744 Apr 29 09:03
> > > /usr/lib/nss_winbind.so.1
> > > lrwxrwxrwx   1 root other 25 Apr 29 09:04
> > > /usr/lib/nss_winbind.so -> /usr/lib/nss_winbind.so.1
> > >
> > > Could this also be a problem of a compiling? Have you compiled the
> > > samba yourself or are you using prebuilt packages?
> > >
> > > On 4/29/08, Dietrich Streifert <[EMAIL PROTECTED]> wrote:
> > > >
> > > > which output gives ldd -r /usr/lib/nss_winbind.so ?
> > > >
> > > > I have the following naming and permission for nss_winbind:
> > > >
> > > > lrwxrwxrwx   1 root other 16 Jan 15  2004 nss_winbind.so
> > > > -> nss_winbind.so.1
> > > > -rwxr-xr-x   1 root other  44540 Apr 28 17:35
> > > > nss_winbind.so.1
> > > >
> > > > Please try with the exactly same naming and permissions of your
> > > > files.
> > > >
> > > >
> > > >
> > > > Oliver Weinmann schrieb:
> > > >
> > > > > I will try to get hands on the latest patches for solaris 8 and
> > > > > see if that
> > > > > fixes the nscd problems. I can't believe that samba-winbind is not
> > > > > running
> > > > > 100% well on a Solaris 8 machine.
> > > >

Re: [Samba] Strange behaviour of winbind on solaris 8

[Dietrich Streifert]

So there must be something in your bash init files, /etc/profile or 
~/.bashrc (sorry I'm not a bash user) which causes the problem.


Maybe something which forms the shell prompt like whoami etc.

Maybe there is something like a autologout set for the csh or in sshd 
with idle session timeout.



Oliver Weinmann schrieb:

Hi,
 
no,  there was nothing in /var/adm/messages, but guess what with the 
csh ls -alrt and such commands work fine... But i get kicked out of 
the ssh session after 2 minutes... :(



On 4/29/08, *Dietrich Streifert* <[EMAIL PROTECTED] 
> wrote:


Are there any messages in /var/adm/messages which are related to nss ?

As I can see you are using bash as your shell.

Try using csh. Does something change?

Oliver Weinmann schrieb:

su to user oweinmann works but when i ussie the ldd -r
/usr/lib/nss_winbind.so command it gets put in the background..
:( i then do fg 2 and this is the output:
 
bash-2.03$ ldd -r /usr/lib/nss_winbind.so


[2]+  Stopped ldd -r /usr/lib/nss_winbind.so
bash-2.03$ fg 2
ldd -r /usr/lib/nss_winbind.so
libthread.so.1 =>/usr/lib/libthread.so.1
libsocket.so.1 =>/usr/lib/libsocket.so.1
libdl.so.1 =>/usr/lib/libdl.so.1
libc.so.1 => /usr/lib/libc.so.1
libnsl.so.1 =>   /usr/lib/libnsl.so.1
libmp.so.2 =>/usr/lib/libmp.so.2
/usr/platform/SUNW,Ultra-5_10/lib/libc_psr.so.1

bash-2.03$ ls -alrt /etc/nsswitch.conf

[2]+  Stopped ls -alrt /etc/nsswitch.conf
bash-2.03$ fg 2
ls -alrt /etc/nsswitch.conf
-rw-r--r--   1 root sys 1320 Apr 28 13:19
/etc/nsswitch.conf


 



 
On 4/29/08, *Dietrich Streifert* <[EMAIL PROTECTED]

> wrote:

Please try to login (or su) to the user oweinmann and issue
then ldd -r /usr/lib/nss_winbind.so

For some reason I think that non root users are not able to
read one of the involved files.

This could be

/etc/nsswitch.conf
/usr/lib/nss_winbind.so

or some of the files found by the ldd -r command. The fact
that you can issue commands while nscd is running points to
this fact becaus nscd is running as root and has permissions
to read all of those files.

/etc/nsswitch.conf should be readable by everyone.

I compiled samba myself with a full stack of openssl, iconv,
heimdal kerberos, cyrus-sasl, openldap and samba. While
people often speak of the Windows DLL hell this is the
Solaris shared library hell :-( But it works.



Oliver Weinmann schrieb:

Hi,
 
bash-2.03# ldd -r /usr/lib/nss_winbind.so

libthread.so.1 =>/usr/lib/libthread.so.1
libsocket.so.1 =>/usr/lib/libsocket.so.1
libdl.so.1 =>/usr/lib/libdl.so.1
libc.so.1 => /usr/lib/libc.so.1
libnsl.so.1 =>   /usr/lib/libnsl.so.1
libmp.so.2 =>/usr/lib/libmp.so.2
/usr/platform/SUNW,Ultra-5_10/lib/libc_psr.so.1
 
I changed the permissions and files exactly to be the same

but i still cant issue commands... :(

bash-2.03# ls -alrt /usr/lib/nss_winbind.so*
-rwxr-xr-x   1 root other  74744 Apr 29 09:03
/usr/lib/nss_winbind.so.1
lrwxrwxrwx   1 root other 25 Apr 29 09:04
/usr/lib/nss_winbind.so -> /usr/lib/nss_winbind.so.1

Could this also be a problem of a compiling? Have you
compiled the samba yourself or are you using prebuilt packages?
 
On 4/29/08, *Dietrich Streifert*

<[EMAIL PROTECTED]
> wrote:

which output gives ldd -r /usr/lib/nss_winbind.so ?

I have the following naming and permission for nss_winbind:

lrwxrwxrwx   1 root other 16 Jan 15  2004
nss_winbind.so -> nss_winbind.so.1
-rwxr-xr-x   1 root other  44540 Apr 28 17:35
nss_winbind.so.1

Please try with the exactly same naming and permissions
of your files.



Oliver Weinmann schrieb:

I will try to get hands on the latest patches for
solaris 8 and see if that
fixes the nscd problems. I can't believe that
samba-winbind is not running
100% well on a Solaris 8 machine.


On 4/28/08, Oliver Weinmann
<[EMAIL PROTECTED]
> wrote:
 


Just for fun i changed the perms of
/usr/lib/libnss_winbind.so to 777

bash-2.03# chmod 777 /usr/lib/libnss_winbind.so

Re: [Samba] Samba segs when serving files from a windows partition on OpenBSD-4.2

[Edd Barrett]

Hi,

On Fri, Apr 25, 2008 at 3:00 PM, Edd Barrett <[EMAIL PROTECTED]> wrote:
>  I am willing to test patches. I may have a prod about in the source at
>  some point, but you guys can probably diagnose and fix the fault a
>  whole load better than I can. I have never looked at the samba source
>  before.

It turns out OpenBSD-current has some patches to fix this problem
which came from FreeBSD, just after the release of 4.2.

Is the samba team interested in taking the patches upstream?

http://www.openbsd.org/cgi-bin/cvsweb/ports/net/samba/patches/patch-lib_iconv.c?rev=1.1&content-type=text/x-cvsweb-markup
http://www.openbsd.org/cgi-bin/cvsweb/ports/net/samba/patches/patch-lib_replace_repdir_getdirentries_c?rev=1.1&content-type=text/x-cvsweb-markup

-- 

Best Regards

Edd

http://students.dec.bournemouth.ac.uk/ebarrett
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Strange behaviour of winbind on solaris 8

[Oliver Weinmann]

Hi,

no,  there was nothing in /var/adm/messages, but guess what with the csh ls
-alrt and such commands work fine... But i get kicked out of the ssh session
after 2 minutes... :(


On 4/29/08, Dietrich Streifert <[EMAIL PROTECTED]> wrote:
>
> Are there any messages in /var/adm/messages which are related to nss ?
>
> As I can see you are using bash as your shell.
>
> Try using csh. Does something change?
>
> Oliver Weinmann schrieb:
>
> su to user oweinmann works but when i ussie the ldd -r
> /usr/lib/nss_winbind.so command it gets put in the background.. :( i then do
> fg 2 and this is the output:
>
> bash-2.03$ ldd -r /usr/lib/nss_winbind.so
>
> [2]+  Stopped ldd -r /usr/lib/nss_winbind.so
> bash-2.03$ fg 2
> ldd -r /usr/lib/nss_winbind.so
> libthread.so.1 =>/usr/lib/libthread.so.1
> libsocket.so.1 =>/usr/lib/libsocket.so.1
> libdl.so.1 =>/usr/lib/libdl.so.1
> libc.so.1 => /usr/lib/libc.so.1
> libnsl.so.1 =>   /usr/lib/libnsl.so.1
> libmp.so.2 =>/usr/lib/libmp.so.2
> /usr/platform/SUNW,Ultra-5_10/lib/libc_psr.so.1
>
> bash-2.03$ ls -alrt /etc/nsswitch.conf
>
> [2]+  Stopped ls -alrt /etc/nsswitch.conf
> bash-2.03$ fg 2
> ls -alrt /etc/nsswitch.conf
> -rw-r--r--   1 root sys 1320 Apr 28 13:19 /etc/nsswitch.conf
>
>
>
>
>
> On 4/29/08, Dietrich Streifert <[EMAIL PROTECTED]> wrote:
> >
> > Please try to login (or su) to the user oweinmann and issue then ldd -r
> > /usr/lib/nss_winbind.so
> >
> > For some reason I think that non root users are not able to read one of
> > the involved files.
> >
> > This could be
> >
> > /etc/nsswitch.conf
> > /usr/lib/nss_winbind.so
> >
> > or some of the files found by the ldd -r command. The fact that you can
> > issue commands while nscd is running points to this fact becaus nscd is
> > running as root and has permissions to read all of those files.
> >
> > /etc/nsswitch.conf should be readable by everyone.
> >
> > I compiled samba myself with a full stack of openssl, iconv, heimdal
> > kerberos, cyrus-sasl, openldap and samba. While people often speak of the
> > Windows DLL hell this is the Solaris shared library hell :-( But it works.
> >
> >
> >
> > Oliver Weinmann schrieb:
> >
> > Hi,
> >
> > bash-2.03# ldd -r /usr/lib/nss_winbind.so
> > libthread.so.1 =>/usr/lib/libthread.so.1
> > libsocket.so.1 =>/usr/lib/libsocket.so.1
> > libdl.so.1 =>/usr/lib/libdl.so.1
> > libc.so.1 => /usr/lib/libc.so.1
> > libnsl.so.1 =>   /usr/lib/libnsl.so.1
> > libmp.so.2 =>/usr/lib/libmp.so.2
> > /usr/platform/SUNW,Ultra-5_10/lib/libc_psr.so.1
> >
> > I changed the permissions and files exactly to be the same but i still
> > cant issue commands... :(
> >
> > bash-2.03# ls -alrt /usr/lib/nss_winbind.so*
> > -rwxr-xr-x   1 root other  74744 Apr 29 09:03
> > /usr/lib/nss_winbind.so.1
> > lrwxrwxrwx   1 root other 25 Apr 29 09:04
> > /usr/lib/nss_winbind.so -> /usr/lib/nss_winbind.so.1
> >
> > Could this also be a problem of a compiling? Have you compiled the samba
> > yourself or are you using prebuilt packages?
> >
> > On 4/29/08, Dietrich Streifert <[EMAIL PROTECTED]> wrote:
> > >
> > > which output gives ldd -r /usr/lib/nss_winbind.so ?
> > >
> > > I have the following naming and permission for nss_winbind:
> > >
> > > lrwxrwxrwx   1 root other 16 Jan 15  2004 nss_winbind.so
> > > -> nss_winbind.so.1
> > > -rwxr-xr-x   1 root other  44540 Apr 28 17:35 nss_winbind.so.1
> > >
> > > Please try with the exactly same naming and permissions of your files.
> > >
> > >
> > >
> > > Oliver Weinmann schrieb:
> > >
> > > > I will try to get hands on the latest patches for solaris 8 and see
> > > > if that
> > > > fixes the nscd problems. I can't believe that samba-winbind is not
> > > > running
> > > > 100% well on a Solaris 8 machine.
> > > >
> > > >
> > > > On 4/28/08, Oliver Weinmann <[EMAIL PROTECTED]> wrote:
> > > >
> > > >
> > > > > Just for fun i changed the perms of /usr/lib/libnss_winbind.so to
> > > > > 777
> > > > >
> > > > > bash-2.03# chmod 777 /usr/lib/libnss_winbind.so
> > > > > bash-2.03# ls -alrt /usr/lib/libnss_winbind.so
> > > > > -rwxrwxrwx   1 root other  74744 Apr 28 13:32
> > > > > /usr/lib/libnss_winbind.so
> > > > >
> > > > > nscd is turned off. I can login as an AD users but I cant start
> > > > > any
> > > > > command. :(
> > > > >
> > > > >
> > > > > login as: oweinmann
> > > > > Using keyboard-interactive authentication.
> > > > > Password:
> > > > > Last login: Mon Apr 28 15:17:11 2008 from vb8860.vegagrou
> > > > > bash-2.03$ ls -alrt
> > > > >
> > > > > [1]+  Stopped ls -alrt
> > > > > bash-2.03$ id
> > > > >
> > > > > [2]+  Stopped id
> > > > > bash-2.03$ group
> > > > >
> > > > > [3]+  Stopped group
> > > > > bash-2.03$ echo "TEST"
> > > > > TEST
> > > > > b

Re: [Samba] Unable to access linux files from windows using samba configured in linux Vmware

[gforgcc]

gforgcc wrote:
> 
> 
> Helmut Hullen wrote:
>> 
>> Hallo, gforgcc,
>> 
>> Does the workgroup fit?
>> Has the username or the password any special character?
>> 
>> Viele Gruesse!
>> Helmut
>> 
>> 
> Hi Viele Gruesse, :)
> no there are no special charecters in username or password.. just abc and
> abc thats it...
> and i dint get what is the meaning of Workgroup fit ? you mean to say both
> the workgroup in windows and Vmware linux need to be same ?
> if that is the case i am not specifying workgroup anywhere while
> configuring samba..and can you please tell where to specify workgroup, and
> how to find the same in windows that to which workgroup do i belong ? 
> thanks... :)
> 
sorry i came to know that i am in my companies domain so there wont be any
workgroup probably...
-- 
View this message in context: 
http://www.nabble.com/Unable-to-access-linux-files-from-windows-using-samba-configured-in-linux-Vmware-tp16847019p16955744.html
Sent from the Samba - General mailing list archive at Nabble.com.

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Strange behaviour of winbind on solaris 8

[Dietrich Streifert]

Are there any messages in /var/adm/messages which are related to nss ?

As I can see you are using bash as your shell.

Try using csh. Does something change?

Oliver Weinmann schrieb:
su to user oweinmann works but when i ussie the ldd -r 
/usr/lib/nss_winbind.so command it gets put in the background.. :( i 
then do fg 2 and this is the output:
 
bash-2.03$ ldd -r /usr/lib/nss_winbind.so


[2]+  Stopped ldd -r /usr/lib/nss_winbind.so
bash-2.03$ fg 2
ldd -r /usr/lib/nss_winbind.so
libthread.so.1 =>/usr/lib/libthread.so.1
libsocket.so.1 =>/usr/lib/libsocket.so.1
libdl.so.1 =>/usr/lib/libdl.so.1
libc.so.1 => /usr/lib/libc.so.1
libnsl.so.1 =>   /usr/lib/libnsl.so.1
libmp.so.2 =>/usr/lib/libmp.so.2
/usr/platform/SUNW,Ultra-5_10/lib/libc_psr.so.1

bash-2.03$ ls -alrt /etc/nsswitch.conf

[2]+  Stopped ls -alrt /etc/nsswitch.conf
bash-2.03$ fg 2
ls -alrt /etc/nsswitch.conf
-rw-r--r--   1 root sys 1320 Apr 28 13:19 /etc/nsswitch.conf


 



 
On 4/29/08, *Dietrich Streifert* <[EMAIL PROTECTED] 
> wrote:


Please try to login (or su) to the user oweinmann and issue then
ldd -r /usr/lib/nss_winbind.so

For some reason I think that non root users are not able to read
one of the involved files.

This could be

/etc/nsswitch.conf
/usr/lib/nss_winbind.so

or some of the files found by the ldd -r command. The fact that
you can issue commands while nscd is running points to this fact
becaus nscd is running as root and has permissions to read all of
those files.

/etc/nsswitch.conf should be readable by everyone.

I compiled samba myself with a full stack of openssl, iconv,
heimdal kerberos, cyrus-sasl, openldap and samba. While people
often speak of the Windows DLL hell this is the Solaris shared
library hell :-( But it works.



Oliver Weinmann schrieb:

Hi,
 
bash-2.03# ldd -r /usr/lib/nss_winbind.so

libthread.so.1 =>/usr/lib/libthread.so.1
libsocket.so.1 =>/usr/lib/libsocket.so.1
libdl.so.1 =>/usr/lib/libdl.so.1
libc.so.1 => /usr/lib/libc.so.1
libnsl.so.1 =>   /usr/lib/libnsl.so.1
libmp.so.2 =>/usr/lib/libmp.so.2
/usr/platform/SUNW,Ultra-5_10/lib/libc_psr.so.1
 
I changed the permissions and files exactly to be the same but i

still cant issue commands... :(

bash-2.03# ls -alrt /usr/lib/nss_winbind.so*
-rwxr-xr-x   1 root other  74744 Apr 29 09:03
/usr/lib/nss_winbind.so.1
lrwxrwxrwx   1 root other 25 Apr 29 09:04
/usr/lib/nss_winbind.so -> /usr/lib/nss_winbind.so.1

Could this also be a problem of a compiling? Have you compiled
the samba yourself or are you using prebuilt packages?
 
On 4/29/08, *Dietrich Streifert* <[EMAIL PROTECTED]

> wrote:

which output gives ldd -r /usr/lib/nss_winbind.so ?

I have the following naming and permission for nss_winbind:

lrwxrwxrwx   1 root other 16 Jan 15  2004
nss_winbind.so -> nss_winbind.so.1
-rwxr-xr-x   1 root other  44540 Apr 28 17:35
nss_winbind.so.1

Please try with the exactly same naming and permissions of
your files.



Oliver Weinmann schrieb:

I will try to get hands on the latest patches for solaris
8 and see if that
fixes the nscd problems. I can't believe that
samba-winbind is not running
100% well on a Solaris 8 machine.


On 4/28/08, Oliver Weinmann
<[EMAIL PROTECTED]
> wrote:
 


Just for fun i changed the perms of
/usr/lib/libnss_winbind.so to 777

bash-2.03# chmod 777 /usr/lib/libnss_winbind.so
bash-2.03# ls -alrt /usr/lib/libnss_winbind.so
-rwxrwxrwx   1 root other  74744 Apr 28 13:32
/usr/lib/libnss_winbind.so

nscd is turned off. I can login as an AD users but I
cant start any
command. :(


login as: oweinmann
Using keyboard-interactive authentication.
Password:
Last login: Mon Apr 28 15:17:11 2008 from vb8860.vegagrou
bash-2.03$ ls -alrt

[1]+  Stopped ls -alrt
bash-2.03$ id

[2]+  Stopped id
bash-2.03$ group

[3]+  Stopped group
bash-2.03$ echo "TEST"
TEST
bash-2.03$
Some commands are working and some others are put in
background and the
ses

Re: [Samba] Unable to access linux files from windows using samba configured in linux Vmware

[gforgcc]

Helmut Hullen wrote:
> 
> Hallo, gforgcc,
> 
> Does the workgroup fit?
> Has the username or the password any special character?
> 
> Viele Gruesse!
> Helmut
> 
> 
Hi Viele Gruesse, :)
no there are no special charecters in username or password.. just abc and
abc thats it...
and i dint get what is the meaning of Workgroup fit ? you mean to say both
the workgroup in windows and Vmware linux need to be same ?
if that is the case i am not specifying workgroup anywhere while configuring
samba..and can you please tell where to specify workgroup, and how to find
the same in windows that to which workgroup do i belong ? 
thanks... :)
-- 
View this message in context: 
http://www.nabble.com/Unable-to-access-linux-files-from-windows-using-samba-configured-in-linux-Vmware-tp16847019p16955729.html
Sent from the Samba - General mailing list archive at Nabble.com.

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] NT_STATUS_OBJECT_NAME_NOT_FOUND when print client tries to write to \epmapper named pipe

[Volker Lendecke]

On Tue, Apr 29, 2008 at 04:01:39AM -0300, Leonardo Tancredi wrote:
> printer, and looking at logfiles and traffic captures I see the problem 
> is that the client is trying to do an NTCreate_and_X operation to open a 
> named pipe called "\epmapper" but Samba answers with an 
> NT_STATUS_OBJECT_NAME_NOT_FOUND message. The client retries this 
> operation a couple of times and then gives up.

This is the so-called endpoint mapper which right now is not
supported by Samba 3. I'm working on that right now. In the
meantime, it would be interesting to see a sniff of this
machine printing using the same driver on a Windows box.

Volker


pgpnURuYk8XcT.pgp
Description: PGP signature
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Strange behaviour of winbind on solaris 8

[Oliver Weinmann]

su to user oweinmann works but when i ussie the ldd -r
/usr/lib/nss_winbind.so command it gets put in the background.. :( i then do
fg 2 and this is the output:

bash-2.03$ ldd -r /usr/lib/nss_winbind.so

[2]+  Stopped ldd -r /usr/lib/nss_winbind.so
bash-2.03$ fg 2
ldd -r /usr/lib/nss_winbind.so
libthread.so.1 =>/usr/lib/libthread.so.1
libsocket.so.1 =>/usr/lib/libsocket.so.1
libdl.so.1 =>/usr/lib/libdl.so.1
libc.so.1 => /usr/lib/libc.so.1
libnsl.so.1 =>   /usr/lib/libnsl.so.1
libmp.so.2 =>/usr/lib/libmp.so.2
/usr/platform/SUNW,Ultra-5_10/lib/libc_psr.so.1

bash-2.03$ ls -alrt /etc/nsswitch.conf

[2]+  Stopped ls -alrt /etc/nsswitch.conf
bash-2.03$ fg 2
ls -alrt /etc/nsswitch.conf
-rw-r--r--   1 root sys 1320 Apr 28 13:19 /etc/nsswitch.conf





On 4/29/08, Dietrich Streifert <[EMAIL PROTECTED]> wrote:
>
> Please try to login (or su) to the user oweinmann and issue then ldd -r
> /usr/lib/nss_winbind.so
>
> For some reason I think that non root users are not able to read one of
> the involved files.
>
> This could be
>
> /etc/nsswitch.conf
> /usr/lib/nss_winbind.so
>
> or some of the files found by the ldd -r command. The fact that you can
> issue commands while nscd is running points to this fact becaus nscd is
> running as root and has permissions to read all of those files.
>
> /etc/nsswitch.conf should be readable by everyone.
>
> I compiled samba myself with a full stack of openssl, iconv, heimdal
> kerberos, cyrus-sasl, openldap and samba. While people often speak of the
> Windows DLL hell this is the Solaris shared library hell :-( But it works.
>
>
>
> Oliver Weinmann schrieb:
>
> Hi,
>
> bash-2.03# ldd -r /usr/lib/nss_winbind.so
> libthread.so.1 =>/usr/lib/libthread.so.1
> libsocket.so.1 =>/usr/lib/libsocket.so.1
> libdl.so.1 =>/usr/lib/libdl.so.1
> libc.so.1 => /usr/lib/libc.so.1
> libnsl.so.1 =>   /usr/lib/libnsl.so.1
> libmp.so.2 =>/usr/lib/libmp.so.2
> /usr/platform/SUNW,Ultra-5_10/lib/libc_psr.so.1
>
> I changed the permissions and files exactly to be the same but i still
> cant issue commands... :(
>
> bash-2.03# ls -alrt /usr/lib/nss_winbind.so*
> -rwxr-xr-x   1 root other  74744 Apr 29 09:03
> /usr/lib/nss_winbind.so.1
> lrwxrwxrwx   1 root other 25 Apr 29 09:04
> /usr/lib/nss_winbind.so -> /usr/lib/nss_winbind.so.1
>
> Could this also be a problem of a compiling? Have you compiled the samba
> yourself or are you using prebuilt packages?
>
> On 4/29/08, Dietrich Streifert <[EMAIL PROTECTED]> wrote:
> >
> > which output gives ldd -r /usr/lib/nss_winbind.so ?
> >
> > I have the following naming and permission for nss_winbind:
> >
> > lrwxrwxrwx   1 root other 16 Jan 15  2004 nss_winbind.so ->
> > nss_winbind.so.1
> > -rwxr-xr-x   1 root other  44540 Apr 28 17:35 nss_winbind.so.1
> >
> > Please try with the exactly same naming and permissions of your files.
> >
> >
> >
> > Oliver Weinmann schrieb:
> >
> > > I will try to get hands on the latest patches for solaris 8 and see if
> > > that
> > > fixes the nscd problems. I can't believe that samba-winbind is not
> > > running
> > > 100% well on a Solaris 8 machine.
> > >
> > >
> > > On 4/28/08, Oliver Weinmann <[EMAIL PROTECTED]> wrote:
> > >
> > >
> > > > Just for fun i changed the perms of /usr/lib/libnss_winbind.so to
> > > > 777
> > > >
> > > > bash-2.03# chmod 777 /usr/lib/libnss_winbind.so
> > > > bash-2.03# ls -alrt /usr/lib/libnss_winbind.so
> > > > -rwxrwxrwx   1 root other  74744 Apr 28 13:32
> > > > /usr/lib/libnss_winbind.so
> > > >
> > > > nscd is turned off. I can login as an AD users but I cant start any
> > > > command. :(
> > > >
> > > >
> > > > login as: oweinmann
> > > > Using keyboard-interactive authentication.
> > > > Password:
> > > > Last login: Mon Apr 28 15:17:11 2008 from vb8860.vegagrou
> > > > bash-2.03$ ls -alrt
> > > >
> > > > [1]+  Stopped ls -alrt
> > > > bash-2.03$ id
> > > >
> > > > [2]+  Stopped id
> > > > bash-2.03$ group
> > > >
> > > > [3]+  Stopped group
> > > > bash-2.03$ echo "TEST"
> > > > TEST
> > > > bash-2.03$
> > > > Some commands are working and some others are put in background and
> > > > the
> > > > session closes after one or two minutes?
> > > >
> > > > When I turn on nscd everything is fine, except ls -alrt not working.
> > > >
> > > >
> > > >
> > > > On 4/28/08, Gerald (Jerry) Carter <[EMAIL PROTECTED]> wrote:
> > > >
> > > >
> > > > > -BEGIN PGP SIGNED MESSAGE-
> > > > > Hash: SHA1
> > > > >
> > > > > Oliver Weinmann wrote:
> > > > > | forgot to mention that the nss_winbind links are there:
> > > > > |
> > > > > | bash-2.03# ls -alrt /usr/lib/nss_w*
> > > > > | lrwxrwxrwx   1 root other 28 Apr 23 14:30
> > > > > | /usr/lib/nss_winbind.so.2 -> /usr/lib/libnss_win

Re: [Samba] Samba 3.2.0-pre3 packages in Debian - version of Samba in Debian lenny

[Christian Perrier]

Quoting Gerald (Jerry) Carter ([EMAIL PROTECTED]):

> Christian, I really disagree here.  What made you com to
> the decision that 3.0 is batter for a September Debian
> release?


Because the Debian release team asked maintainers to slow odwn
upstream version bumps as of March 2008. And one of the keys of "try
to release Debian on time" is avoiding to go against the release team
suggestions.

(for instance, the KDE packaging team decided to stick with KDE 3.4
for such reasons)

Debian entered the freeze stage for lenny on April 1st. Currenly, only
the base system packages are frozen, but the freeze should slowly become
stronger (the toolchain should come soon).

The current schedule for releasing samba 3.2.0 leaves us quite a chort
time before the planned release and, with the current manpower we have
in the Debian maintenance team, I don't feel comfortable going to
3.2.0 now.

That's a very though decision, indeed. I somewhat feel like Steve
Langasek will agree (actually he didn't disagree when I proposed this
in ou internal mailign listwhile he may be too busy with the
Ubuntu release).

Of course, I'm ready to hear arguments against that decision...

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Strange behaviour of winbind on solaris 8

[Dietrich Streifert]

Please try to login (or su) to the user oweinmann and issue then ldd -r 
/usr/lib/nss_winbind.so


For some reason I think that non root users are not able to read one of 
the involved files.


This could be

   /etc/nsswitch.conf
   /usr/lib/nss_winbind.so

or some of the files found by the ldd -r command. The fact that you can 
issue commands while nscd is running points to this fact becaus nscd is 
running as root and has permissions to read all of those files.


/etc/nsswitch.conf should be readable by everyone.

I compiled samba myself with a full stack of openssl, iconv, heimdal 
kerberos, cyrus-sasl, openldap and samba. While people often speak of 
the Windows DLL hell this is the Solaris shared library hell :-( But it 
works.




Oliver Weinmann schrieb:

Hi,
 
bash-2.03# ldd -r /usr/lib/nss_winbind.so

libthread.so.1 =>/usr/lib/libthread.so.1
libsocket.so.1 =>/usr/lib/libsocket.so.1
libdl.so.1 =>/usr/lib/libdl.so.1
libc.so.1 => /usr/lib/libc.so.1
libnsl.so.1 =>   /usr/lib/libnsl.so.1
libmp.so.2 =>/usr/lib/libmp.so.2
/usr/platform/SUNW,Ultra-5_10/lib/libc_psr.so.1
 
I changed the permissions and files exactly to be the same but i still 
cant issue commands... :(


bash-2.03# ls -alrt /usr/lib/nss_winbind.so*
-rwxr-xr-x   1 root other  74744 Apr 29 09:03 
/usr/lib/nss_winbind.so.1
lrwxrwxrwx   1 root other 25 Apr 29 09:04 
/usr/lib/nss_winbind.so -> /usr/lib/nss_winbind.so.1


Could this also be a problem of a compiling? Have you compiled the 
samba yourself or are you using prebuilt packages?
 
On 4/29/08, *Dietrich Streifert* <[EMAIL PROTECTED] 
> wrote:


which output gives ldd -r /usr/lib/nss_winbind.so ?

I have the following naming and permission for nss_winbind:

lrwxrwxrwx   1 root other 16 Jan 15  2004
nss_winbind.so -> nss_winbind.so.1
-rwxr-xr-x   1 root other  44540 Apr 28 17:35 nss_winbind.so.1

Please try with the exactly same naming and permissions of your files.



Oliver Weinmann schrieb:

I will try to get hands on the latest patches for solaris 8
and see if that
fixes the nscd problems. I can't believe that samba-winbind is
not running
100% well on a Solaris 8 machine.


On 4/28/08, Oliver Weinmann <[EMAIL PROTECTED]
> wrote:
 


Just for fun i changed the perms of
/usr/lib/libnss_winbind.so to 777

bash-2.03# chmod 777 /usr/lib/libnss_winbind.so
bash-2.03# ls -alrt /usr/lib/libnss_winbind.so
-rwxrwxrwx   1 root other  74744 Apr 28 13:32
/usr/lib/libnss_winbind.so

nscd is turned off. I can login as an AD users but I cant
start any
command. :(


login as: oweinmann
Using keyboard-interactive authentication.
Password:
Last login: Mon Apr 28 15:17:11 2008 from vb8860.vegagrou
bash-2.03$ ls -alrt

[1]+  Stopped ls -alrt
bash-2.03$ id

[2]+  Stopped id
bash-2.03$ group

[3]+  Stopped group
bash-2.03$ echo "TEST"
TEST
bash-2.03$
Some commands are working and some others are put in
background and the
session closes after one or two minutes?

When I turn on nscd everything is fine, except ls -alrt
not working.



On 4/28/08, Gerald (Jerry) Carter <[EMAIL PROTECTED]
> wrote:
   


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Oliver Weinmann wrote:
| forgot to mention that the nss_winbind links are there:
|
| bash-2.03# ls -alrt /usr/lib/nss_w*
| lrwxrwxrwx   1 root other 28 Apr 23 14:30
| /usr/lib/nss_winbind.so.2 ->
/usr/lib/libnss_winbind.so.1
| lrwxrwxrwx   1 root other 28 Apr 23 14:30
| /usr/lib/nss_winbind.so.1 ->
/usr/lib/libnss_winbind.so.1
| lrwxrwxrwx   1 root other 28 Apr 23 14:30
| /usr/lib/nss_winbind.so -> /usr/lib/libnss_winbind.so.1

Check the perms on /usr/lib/libnss_winbind.so.1.  Sounds
like it might be rwx for root only.







cheers, jerry
- --

=
Samba---
http://www.samba.org 
Likewise Software  -
 http://www.likewisesoftware.co

[Samba] Re: Samba 3.2.0-pre3 packages in Debian - version of Samba in Debian lenny

[Christian Perrier]

Quoting Volker Lendecke ([EMAIL PROTECTED]):

> 3.0.28a has known bugs in particular with trusts, so you
> will inevitably have to backport stuff from 3.0.28b that
> will be done by then. And, I have to agree with Jerry,
> having to live with .28a for the next decade in Debian might
> be not the best thing.

heh, Debian releases are not supported for a decade..:-). We're just
dropping support for sarge (which was out in 2005) right now. So, in
short, we're roughly targeting a 3-year support timeframe.

When it comes at samba, the "supported" releases are currently:
- 3.0.14a which came with Debian sarge
- 3.0.24 which came with Debian etch
(both were updated with security fixes, of course)

Of course, if 3.0.x releases come out, these will be included in
lenny. Such updates do not break the philosophy of the current "soft
freeze" if I correctly understand the policy of the Samba Team for the
next releases.

So, in short, Debian will be released with "whatever 3.0.x version"
will be current as of the day of the hard freeze of the distribution.


-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] NT_STATUS_OBJECT_NAME_NOT_FOUND when print client tries to write to \epmapper named pipe

[Leonardo Tancredi]

Hello all,

I've googled this but couldn't find anything relevant and the list's 
archives didn't turn anything either, so pretty please someone take a 
look at this if you can spare a moment.


My Samba server shares its CUPS printer, but Windows clients cannot 
print to it (I haven't tried other CIFS clients). I have the 
point-n-print driver all set up, so the Windows XP Pro clients can 
automatically detect this printer and load the driver (I'm also able to 
set the server default settings so the devmode is OK). But once the 
printer is set up in the Windows client, the test page doesn't print. 
The Windows driver says there's a communication problem with the 
printer, and looking at logfiles and traffic captures I see the problem 
is that the client is trying to do an NTCreate_and_X operation to open a 
named pipe called "\epmapper" but Samba answers with an 
NT_STATUS_OBJECT_NAME_NOT_FOUND message. The client retries this 
operation a couple of times and then gives up.


I'm testing this by connecting to the server from a non-domain-member 
machine, but by manually setting the correct username and password with 
the "net use \\myserver /user:muserver\myprinteradminusername itspass" 
command on a Windows command-line. The client and the server are both on 
the same Workgroup.
In case you're wondering, my /var/spool/samba directory exists and has 
mode 1777.


Here's a level 10 log (only the interesting part; ask if you need all of 
it):

---
[2008/04/29 02:30:04, 10] lib/util.c:dump_data(2264)
 [000] 00 5C 00 65 00 70 00 6D  00 61 00 70 00 70 00 65  .\.e.p.m .a.p.p.e
 [010] 00 72 00 00 00.r...
[2008/04/29 02:30:04, 3] smbd/process.c:switch_message(926)
 switch message SMBntcreateX (pid 16016) conn 0x55c09660
[2008/04/29 02:30:04, 4] smbd/uid.c:change_to_user(183)
 change_to_user: Skipping user change - already user
[2008/04/29 02:30:04, 10] smbd/nttrans.c:reply_ntcreate_and_X(515)
 reply_ntcreate_and_X: flags = 0x16, access_mask = 0x2019f 
file_attributes = 0x0, share_access = 0x3, create_disposition = 0x1 
create_options = 0x40 root_dir_fid = 0x0

[2008/04/29 02:30:04, 4] smbd/nttrans.c:nt_open_pipe(328)
 nt_open_pipe: Opening pipe \epmapper.
[2008/04/29 02:30:04, 3] smbd/error.c:error_packet_set(106)
 error packet at smbd/nttrans.c(343) cmd=162 (SMBntcreateX) 
NT_STATUS_OBJECT_NAME_NOT_FOUND

---

Here's an strace of smbd (also abridged); notice that the real uid 501 
corresponds to the one chosen by the "net use" command:


---
write(20, "[2008/04/29 02:35:56, 10] lib/util.c:dump_data(2264)\n", 53) = 53
geteuid()   = 501
write(20, "  [000] 00 5C 00 65 00 70 00 6D  00 61 00 70 00 70 00 65  
.\\.e.p.m .a.p.p.e\n", 76) = 76

geteuid()   = 501
write(20, "  [010] 00 72 00 00 00
.r... \n", 65) = 65

stat("/etc/localtime", {st_mode=S_IFREG|0664, st_size=1882, ...}) = 0
geteuid()   = 501
write(20, "[2008/04/29 02:35:56, 3] 
smbd/process.c:switch_message(926)\n", 60) = 60

geteuid()   = 501
write(20, "  switch message SMBntcreateX (pid 17224) conn 
0x55c094d0\n", 62) = 62

stat("/etc/localtime", {st_mode=S_IFREG|0664, st_size=1882, ...}) = 0
geteuid()   = 501
write(20, "[2008/04/29 02:35:56, 4] smbd/uid.c:change_to_user(183)\n", 
56) = 56

geteuid()   = 501
write(20, "  change_to_user: Skipping user change - already user\n", 54) 
= 54

stat("/etc/localtime", {st_mode=S_IFREG|0664, st_size=1882, ...}) = 0
geteuid()   = 501
write(20, "[2008/04/29 02:35:56, 10] 
smbd/nttrans.c:reply_ntcreate_and_X(515)\n", 67) = 67

geteuid()   = 501
write(20, "  reply_ntcreate_and_X: flags = 0x16, access_mask = 0x2019f 
file_attributes = 0x0, share_access = 0x3, create_dispositio"..., 169) = 169

stat("/etc/localtime", {st_mode=S_IFREG|0664, st_size=1882, ...}) = 0
geteuid()   = 501
write(20, "[2008/04/29 02:35:56, 4] smbd/nttrans.c:nt_open_pipe(328)\n", 
58) = 58

geteuid()   = 501
write(20, "  nt_open_pipe: Opening pipe \\epmapper.\n", 40) = 40
stat("/etc/localtime", {st_mode=S_IFREG|0664, st_size=1882, ...}) = 0
geteuid()   = 501
write(20, "[2008/04/29 02:35:56, 3] 
smbd/error.c:error_packet_set(106)\n", 60) = 60

geteuid()   = 501
write(20, "  error packet at smbd/nttrans.c(343) cmd=162 (SMBntcreateX) 
NT_STATUS_OBJECT_NAME_NOT_FOUND\n", 93) = 93

---

Here's my smb.conf:
---
[global]
   workgroup = CASITA
   netbios name = RAINBOW
   server string = Samba Server
   security = USER
   encrypt passwords = Yes
   passdb backend = tdbsam
   domain master = Yes
   local master = Yes
   preferred master = Yes
   os leve

RE: [Samba] Maxtor NAS share problem

[Alex Harrington]

>> I was talking about saving the Linux filesystem info. Do your rsync
to 
>> the NAS, then do a recursive getfacl,  redirecting the output to a 
>> file on the NAS.
>> When you do an rsync back from the NAS, correct the owner/perms with 
>> setfacl.
>> 
>
> Trouble is that I CAN'T do my rsync to the NAS drive because it
doesn't
> give me the access privileges I need to write to the NAS. The rsync
> wants to change owner and the NAS won't let it do that.

There are switches to modify that behaviour - -p, -o, -t, -g - and there
are aliases (eg -a)that switch combinations of those on or off.

What's the exact command line you're using to rsync?

Something like rsync -r /source/ /destination should work, regardless of
the permissions, because rsync will write everything as whoever you're
logged on as (or whoever the NAS translates that to be).

As previously suggested you can then do a recursive getfacl over /source
and write the output to /destination. That will create a text file with
all your permissions etc included in it so they can be restored by
setfacl if required.

Alex

-- 
Alex Harrington - Network Manager, Longhill High School

t: 01273 304086 | e: [EMAIL PROTECTED]
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba