[Samba] RE: Profile creation

[Navneet Karnani]

Should you be deleting the user profile completely from the server, including
the user credentials. The problem you encounter, looks like, windows is not able
to find the directory. So, if you want to simulate a new user, do it in style.
Create a new user the right way and do it. I think it should work.

- Navneet

 -Original Message-
 From: [EMAIL PROTECTED]
 [mailto:[EMAIL PROTECTED]]On Behalf Of Nathaniel
 N.Petersen (CNS Student Support)
 Sent: Friday, May 31, 2002 4:56 AM
 To: Samba Technical Mailing List; Samba General Information List
 Subject: Profile creation


 SAMBA VERSION: 2.2.4
 ERROR(S): Profile Creation

 I have recently been assigned to create a Samba PDC.  Earlier in the
 week, I thought I was successful.  I was able to log in, load (or create)
 the test user's .ntprofile, etc.  Went home that night, happy as could be.
 Came back the next day - and nothing was working correctly.  The systems
 could not find the domain.  The domain was not reporting any errors in the
 logs (including, and most importantly, log.nmbd and log.smbd).

 I reported this to my supervisor, and he asked what version of Samba I
 was using.  I told him version 2.2.3a.  Well, he says that I shouldn't
 use an alpha version of Samba.  So I nuke samba off the system (after
 making backups of smb.conf and other vital files).  So I download and
 compile from the source.  I included the needed --with options in
 Configure.  Came back after a cup of coffee to test the install.

 Here is were things get bad.  I set up my smb.conf file, recreate my
 smbpasswd, etc.  I start to add computers using the blind method.  All
 things seem good (was able to add all the computers I wanted).  I was
 able to log on using my test account, and my profile was loaded properly
 for WinNT4, Win2K, and WinXP.  (Note: this .ntprofile/ was saved back
 when things worked fine.)

 So as a final test, I back up my .ntprofile/ and then delete it to
 simulate the creation for a new user.  I go to log on with the WinNT4
 system, and get the error:

 A domain controller for your domain could not be contacted. You have
 been logged on using cached account information.  Changes to your
 profile since you last logged on may not be availible.

 The funny thing is that it creates the profile and lets me use the
 system as if it worked fine.  I verified the newly created .ntprofile/
 and it is as it should be.  Then, after logging off, I tried logging in
 again, and the same error is given.  So I rm -r .ntprofile/ and restore
 from the backup.  Same error, but it loads the profile fine (there is a
 visible difference between the two, so I can visually verify that the
 .ntprofile/ is being loaded correctly.

 So I move on the Win2K system.  This one is even worse.  Here is the
 error that I receive when I try to log on:

 Your roaming profile is not available.  You are logged on with the locally
 stored profile. Changes to the profile will not be propagated to the server.
 Contact your network administrator.

 DETAIL - The system cannot find the path specified.

 I THINK it tries to create the profile, but instead I get a folder
 called ? (\242) or .  To make matters worse, it acts perfectly fine from
 the .ntprofile/ backup.  No error, nothing.  It simply can't make the profile.

 I have not been able to test with XP (made the mistake of starting this
 email from the only system that has XP loaded on it).  However, I am
 confident that it will behave in the same manner as Win2K (...minus the
 candy collored shell).

 I have attached my smb.conf file.  I did not attach my logs because they
 are at level 5 and are figgin' huge.  I will mail upon request.

 Nathaniel N. Petersen
 CNS Computing
 University of Northern Iowa

 --[smb.conf]--

 [global]
   workgroup = CNS_TESTING
   netbios name = TEST_SMB_SERVER
   client code page = 437
   log level = 5
   hosts allow = xxx.xxx.xxx

   security = DOMAIN

   os level = 64
   preferred master = yes
   domain master = yes
   local master = no

   encrypt passwords = yes
   domain logons = yes

   logon path = \\student\%u\.ntprofile
   logon drive = Z:
   logon home = \\student\%u

   admin users = root cthulu
 [netlogon]
   path = /usr/local/samba/lib/netlogon
   writeable = no
   write list = ntadmin
 [homes]
   guest ok = no
   writable = yes




-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] About password length in solaris 8 and samba 2.2.4

[Terja Antola]

Hello

You wrote as below in samba-list:

Message: 19
Date: Tue, 28 May 2002 22:13:35 -0500 (CDT)
From: Gerald (Jerry) Carter [EMAIL PROTECTED]
To: Carl Vincent [EMAIL PROTECTED]
Cc: [EMAIL PROTECTED]
Subject: Re: [Samba] Password Length Conundrum

On Fri, 24 May 2002, Carl Vincent wrote:

 I've jsut installed Samba-2.2.4, from source on a Solaris 2.6 box.
 I'm looking to upgrade from some 2.0.x versions I'm running. 
 
 I've createed a password entry using smbpasswd -a and added my password.
 My password has 9 characters in it. Using smbclient on the Solaris box,
 I can access the share, but I can't from Win95 or Win2000 clients
 (encryption is on). If I try to access using only the first 8 characters
 from my password (without changing the password on the server) it works
 on all three platforms.

Probably Solaris' getpass() routine or something we use.  I'll add it to
my list of stuff to look at when I can.


...
Have you found any solution to problem above?

I have the same problem. We change our smb-passwords in solaris 8 /
samba 2.2.4 machine and now when users authenticate themselves to our
domain it accepts only first 8 characters of the password. It happens
also in authentication server where we have solaris 2.6 and samba
2.0.5a...
only that we allways change our domain passwords in solaris 8/samba
2.2.4 machine.

So I thing there is something wrong with changeing passwords with
smbpasswd command???


-- 
- :=) 
Terja Antola, Univercity of Turku
Puhelin: 02 333 6516, Telefax: 02 333 6040
Internet: [EMAIL PROTECTED]

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] Samba 2.2.3a as a WINS server for a multisubnet network

[Costin Manda]

Hello, samba list!

I need to set up Samba so that a network of 5 subnets (192.168.X.0, where X
is 1..5) consisting of Windows systems communicate through smb and see each
other in Network Neighbourhood.

The samba server is located on one of the subnets (192.168.1.2) and the
subnets communicate with each other through routers that incapsulate packets
through the internet. (each subnet is in another town)

Until now I've set up Samba as explained in the documentation, configured as
a WINS server and it all works fine only for Win9x subnets. If there is one
WIndows2000 computer on one of the subnets, the computers on that subnet
disappear from the network neighbourhood of all the other subnets. The
computers are accessible if the computer name is specified in the address
bar. All the computers have the WINS server set up as 192.168.1.2, but it
still doesn't work. Can you please help me out with this?

   Siderite


-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Winbind, again...

[Christian]

Here is the log showing the winbind daemon starting and an unsuccessful 
wbinfo -u  command
My domain is GASA and the PDC is called FUEGO.

Help Please!!

Christian

- Original Message -
From: Christian [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Thursday, May 30, 2002 8:52 PM
Subject: [Samba] Winbind, again...


 I recently posted a mail about problems with winbind... I'll try to be
more
 specific:

 I have Redat 7.3

 Followed those steps:

 Compiled samba 2.2.4
 Configured nsswitch.conf and the winbind libraries
 Configured smb.conf:
 winbind uid = 1-2
 winbind gid = 1-2
 winbind enum users = yes
 winbind enum groups = yes
 winbind use default domain = yes
 username map = /etc/samba/smbusers (smbusers file contains: root =
 administrator)
 domain admin group = root
 Joined the SAMBA server to the PDC domain
 Started successfully the winbindd daemon
 Started smbd daemon

 Problems:

 1.- Can't run wbinfo -u, the error is  error looking up domain users 
 2.- When adding a user permission in the security tab to a folder from a
 win2k client connected like administrator I have:
 [2002/05/29 18:16:13, 0] smbd/posix_acls.c:create_canon_ace_lists(774)
  create_canon_ace_lists: unable to map SID
 S-1-5-21-2025429265-1580818891-682003330-1109 to uid or gid.

 By the way, before I compiled samba I used the package that came installed
 with Redhat 7.3 (samba 2.2.3, I think), with the same problem.

 If this is a problem with the winbind database, how may I fix it?
 Another idea?

 Thanks,
 Christian


 --
 To unsubscribe from this list go to the following URL and read the
 instructions:  http://lists.samba.org/mailman/listinfo/samba



winbind.log.gz
Description: Binary data

[Samba] samba server creates server entrys

[Lennard Bakker]

Om the local network (all server NT4) i have a single linux box with
samba (2.2.4). For this box is in the NT4 domain a computer
(workstation) account created, so that shares on samba can be used with
auth. from the domain.

The weird thing is that samba also is creating accounts for itself that
is a server, which may validate users for the domain. It create secure
channels to the PDC. And this for all the netbios alliases that samba
has.

What causes this?

Lennard





-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

RE: [Samba] SWAT

[Ken Walker]

Been 
there, done that, checked all ports are set correct

i.e. 
swat tcp 901
swat 
utp 901

ect

and 
checked

ect


and 
checked

etc.


and 
checked

that's 
why I gave up.

but 
now ive put mandrake 8.2 on another machine ( my swat not working was on a 
8.1,but samba was) as a default install and samba wont even run, complains about 
not being able to open database files.Ar

at 
least it will keep me busy for a couple of years, cant say that about a console 
game :o)

but 
what's even sadder, you do get moving images on a games 
console.

if 
only kids of today new the pleasure of that flashing command prompt curser., not 
to mention the [ ok ] in greenYes

  -Original Message-From: [EMAIL PROTECTED] 
  [mailto:[EMAIL PROTECTED]]On Behalf Of Joseph 
  LooSent: 29 May 2002 2:48 PMTo: samba 
  listSubject: Re: [Samba] SWATBut did you have 
  an entry on your pam.d directory?You need a file samba in /etc/pam.d 
  with at least the following:auth 
  required /lib/security/pam_stack.so 
  service=system-authaccount 
  required /lib/security/pam_stack.so 
  service=system-authI could not get mine working until I placed the 
  entry in. I am not sure if it is required to reboot the machine or restart 
  pam. It has been too long since I played with it.Ken Walker wrote:
  [EMAIL PROTECTED] 
  type="cite">change Disable = yes to Disable = noI've been trying to get SWAT working on Mandrake 8.1, looked everywhere,done everything everybody suggested. Gave up, now do it all in vi.GOOD LUCKsuppose its like doom on Linux...some people can get it to work, lots can't.-Original Message-From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]OnBehalf Of Joel HammerSent: 27 May 2002 9:21 PMTo: Benjamin Folayan; [EMAIL PROTECTED]Subject: Re: [Samba] SWATThis is my swat file from RH 7.1. This is the default swat file.Joel# default: off# description: SWAT is the Samba Web Admin Tool. Use swat \#  to con
figure your Samba server. To use SWAT, \#  connect to port 901 with your favorite web browser.service swat{port= 901socket_type = streamwait= noonly_from = 127.0.0.1user= rootserver  = /usr/sbin/swatlog_on_failure  += USERIDdisable = yesOn Mon, May 27, 2002 at 03:49:31PM -0400, Benjamin Folayan wrote:
Hello,  My name is Benjamin Folayan.  I am currently configuring Linux RedHat 7.2.  I wanted to use swat but one of the files I am suppose to adjust,the /etc/xinetd.d/swat file does not exist.  I am suppose to change the"disable line".  What can I do to set this configuration.  I have triedreinstalling and that file still is not there.  Is the line somewhere else.What steps should I follow to get SWAT to work.
Thanks, In Advance.Benjamin Folayan-- 
Joseph Loo
[EMAIL PROTECTED]

[Samba] RE: INFORMAZIONE

[MCCALL,DON (HP-USA,ex1)]

Hi,
Best you discuss this with your HP support people - cifsmount is a part of
the CIFSCLIENT software (based on Sharity client), NOT samba.
Sorry,
Don

-Original Message-
From: Simo Sorce [mailto:[EMAIL PROTECTED]]
Sent: Friday, May 31, 2002 4:19
To: Manuel Clericuzio
Cc: '[EMAIL PROTECTED]'; [EMAIL PROTECTED]
Subject: Re: INFORMAZIONE


From samba-technical.

On Fri, 2002-05-31 at 09:58, Manuel Clericuzio wrote:
 Buongiorno,
 mi hanno chiesto di montare un filesystem NT (macchina win2000) su una
 macchina con Unix HP (release 11.11).
 Ho provato a fare dei tentativi con il comando cifsmount ma non riesco.
 Spero che voi mi potiate aiutare.
 
 Grazie e buona giornata
 
 Manuel
 

Better you write in english Manuel and on the users support list not the
technical one!

I will translate this time only to benefit of the list and the user:

Good morning,
I've been requested to mount a filesystem shared by a win2k server on a
HP-UX (11.11) machine.
I tried to mount it with the cifsmount command but failed.
Is there anyone that can help me.

Thank you.

-- 
Simo Sorce
--
Una scelta di liberta': Software Libero.
A choice of freedom: Free Software.
http://www.softwarelibero.it

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

RE: [Samba] Will rpcclient ever get better?

[Tom . Klopf]

Thanks very much - that clarifies things a lot.

Thomas Klopf
MMS - Gulf Region (ACS-GS contractor)


-Original Message-
From: Tim Potter [mailto:[EMAIL PROTECTED]] 
Sent: Thursday, May 30, 2002 6:44 PM
To: [EMAIL PROTECTED]
Subject: Re: [Samba] Will rpcclient ever get better?

On Thu, May 30, 2002 at 08:28:43AM -0600, [EMAIL PROTECTED] wrote:

 Thanks very much for the response. I was a little confused by the
different
 development trees for samba, though.  As far as I could tell, there's the
 standard samba (is this head?) and then there's TNG.  Could you tell
me
 where to get the HEAD version of rpcclient exactly? 

So the standard samba is really the latest released version of 2.2.
Most new development takes place in the HEAD branch and is eventually
ported into 2.2 or will become Samba 3.0.

TNG is different again.  They are more focussed on being a DCE/RPC
server rather than a file and print server.

If you want to try out some of the development code, download the
nightly tarball from
ftp://ftp.samba.org/pub/unpacked/tarballs/samba-head-snapshot.tar.gz

Having unpacked it, do:

cd source
./configure
make bin/rpcclient

Then if you like copy bin/rpcclient somewhere like
/usr/local/bin/rpcclient-head if you find it useful.

If you are using a packaged binary version of Samba you may need to muck
around with some options to configure to tell rpcclient where to find
your smb.conf file.


Regards,

Tim.

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] Re: Profile creation

[CNS Student Support]

On Fri, May 31, 2002 at 12:09:25PM +0530, Navneet Karnani wrote:
 Should you be deleting the user profile completely from the server, including
 the user credentials. The problem you encounter, looks like, windows is not able
 to find the directory. So, if you want to simulate a new user, do it in style.
 Create a new user the right way and do it. I think it should work.
 
 - Navneet


While you are correct on the point of creating a new user in style, it
is still important to find a solution to corrupted profile creation.
Consider:  User logs in using an NT system.  The *cough* idiot downloads
an infected email, or better yet, just found this nifty program called
regedit.  When the user logs off, this corrupted registry information is
saved to the PDC.  I get a complaint a few hours later that the user
can't log in again.  The obvious fix is to back up his/her profile info
and then delete it.  Next time the user logs on, the profile is
recreated (without reg errors).  Then all I have to do is copy over the
users favorites, My Documents, etc.

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] Windows won't send passwd to samba server

[CJ ferguson]

Hello

I cannot get my Windows98 machines to connect to my Samba server(2.2.4)
shares. It appears that my Win machines are not transmitting the password.
The Samba server looks OK. On the server machine, smbclient -L server -U
user1 prompts me for a passwd, then, after authentication, displays the
shares. When I attempt to map a share from my Win machines, the samba log
file shows

...
smbd/reply.c:reply_sesssetup_and_X(973)
  Defaulting to Lanman password for user1
smbd/password.c:password_ok(593)
  Null passwords not allowed.
smbd/reply.c:reply_sesssetup_and_X(989)
  Rejecting user 'user1': authentication failed
smbd/error.c:error_packet(91)
  error string = No such file or directory
...

I verified the null passwd being sent from the Win machines by turning on
the sniffer(ethereal) on the samba server and looking at the packets coming
through. In packets labeled by the sniffer Session Setup AndX Request, I
can see the account name, and primary domain name, but when it comes to the
password, the length is set to '1' and the password is set to '00'. I am
using the same login and passwords for both my Linux and Win98 machines.

What am I missing?

I would appreciate any info or insight as to what will help me solve my
problem.

CJ Ferguson
[EMAIL PROTECTED]


-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

RE: [Samba] Windows won't send passwd to samba server

[Javid Abdul-AJAVID1]

am running samba-2.0.7 on solaris6
today am observing smbd is taking up lot of memory like for each connection
48M of which 45 mg is its using for heap
any idea, this not normal
thanks
Javid

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

RE: [Samba] Windows won't send passwd to samba server

[MCCALL,DON (HP-USA,ex1)]

Hi CJ,
are you using UNENCRYPTED passwords?  (ie if you do testparm|grep encrypt
pass  does it come back and say 
encrypt passwords = no)  If so, then this is normal windows client
behavior (for later clients like win2k) - they can successfully negotiate
cleartext passwords, but will not actually SEND a cleartext password across
the wire until you respond to a prompt that asks for username password
again.  The first time, it sends a null password (as you see in the trace),
and then when it fails, should ask you for a username and password.  If you
type in the correct username and password then, it should work...
Hope this helps,
Don

-Original Message-
From: CJ ferguson [mailto:[EMAIL PROTECTED]]
Sent: Friday, May 31, 2002 1:13
To: [EMAIL PROTECTED]
Subject: [Samba] Windows won't send passwd to samba server


Hello

I cannot get my Windows98 machines to connect to my Samba server(2.2.4)
shares. It appears that my Win machines are not transmitting the password.
The Samba server looks OK. On the server machine, smbclient -L server -U
user1 prompts me for a passwd, then, after authentication, displays the
shares. When I attempt to map a share from my Win machines, the samba log
file shows

...
smbd/reply.c:reply_sesssetup_and_X(973)
  Defaulting to Lanman password for user1
smbd/password.c:password_ok(593)
  Null passwords not allowed.
smbd/reply.c:reply_sesssetup_and_X(989)
  Rejecting user 'user1': authentication failed
smbd/error.c:error_packet(91)
  error string = No such file or directory
...

I verified the null passwd being sent from the Win machines by turning on
the sniffer(ethereal) on the samba server and looking at the packets coming
through. In packets labeled by the sniffer Session Setup AndX Request, I
can see the account name, and primary domain name, but when it comes to the
password, the length is set to '1' and the password is set to '00'. I am
using the same login and passwords for both my Linux and Win98 machines.

What am I missing?

I would appreciate any info or insight as to what will help me solve my
problem.

CJ Ferguson
[EMAIL PROTECTED]


-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] Read-only users opening files in DENY_DOS vs DENY_NONE mode

[Ken McCord]

Occasionally, when read-only users (via Unix permissions) open an Excel
file, the file is opened with a Deny Mode of DENY_DOS, instead of (what
I take should happen) DENY_NONE mode.  Of course, this then prevents my
read/write users (again, Unix permissions) from updating the file, and
then I get a call asking to track the read-only user down.

We're running Samba 2.2.4 now, but this happened on 2.2.3a (and possibly
other older versions as well).

TIA,

Ken McCord

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

RE: [Samba] Windows won't send passwd to samba server

[C. Ferguson]

Sorry about the double email Mr McCall

Yes, I am using unencrypted passwords. When my Win98
machine attempts to access a share, I get prompted for
a password. I enter the correct password but it
doesn't get tranmitted. I have also tried different
usernames to no avail.

--- MCCALL,DON (HP-USA,ex1) [EMAIL PROTECTED]
wrote:
 Hi CJ,
 are you using UNENCRYPTED passwords?  (ie if you do
 testparm|grep encrypt
 pass  does it come back and say 
 encrypt passwords = no)  If so, then this is
 normal windows client
 behavior (for later clients like win2k) - they can
 successfully negotiate
 cleartext passwords, but will not actually SEND a
 cleartext password across
 the wire until you respond to a prompt that asks for
 username password
 again.  The first time, it sends a null password (as
 you see in the trace),
 and then when it fails, should ask you for a
 username and password.  If you
 type in the correct username and password then, it
 should work...
 Hope this helps,
 Don
 
 -Original Message-
 From: CJ ferguson [mailto:[EMAIL PROTECTED]]
 Sent: Friday, May 31, 2002 1:13
 To: [EMAIL PROTECTED]
 Subject: [Samba] Windows won't send passwd to samba
 server
 
 
 Hello
 
 I cannot get my Windows98 machines to connect to my
 Samba server(2.2.4)
 shares. It appears that my Win machines are not
 transmitting the password.
 The Samba server looks OK. On the server machine,
 smbclient -L server -U
 user1 prompts me for a passwd, then, after
 authentication, displays the
 shares. When I attempt to map a share from my Win
 machines, the samba log
 file shows
 
 ...
 smbd/reply.c:reply_sesssetup_and_X(973)
   Defaulting to Lanman password for user1
 smbd/password.c:password_ok(593)
   Null passwords not allowed.
 smbd/reply.c:reply_sesssetup_and_X(989)
   Rejecting user 'user1': authentication failed
 smbd/error.c:error_packet(91)
   error string = No such file or directory
 ...
 
 I verified the null passwd being sent from the Win
 machines by turning on
 the sniffer(ethereal) on the samba server and
 looking at the packets coming
 through. In packets labeled by the sniffer Session
 Setup AndX Request, I
 can see the account name, and primary domain name,
 but when it comes to the
 password, the length is set to '1' and the password
 is set to '00'. I am
 using the same login and passwords for both my Linux
 and Win98 machines.
 
 What am I missing?
 
 I would appreciate any info or insight as to what
 will help me solve my
 problem.
 
 CJ Ferguson
 [EMAIL PROTECTED]
 
 
 -- 
 To unsubscribe from this list go to the following
 URL and read the
 instructions: 
 http://lists.samba.org/mailman/listinfo/samba
 
 -- 
 To unsubscribe from this list go to the following
 URL and read the
 instructions: 
http://lists.samba.org/mailman/listinfo/samba


__
Do You Yahoo!?
Yahoo! - Official partner of 2002 FIFA World Cup
http://fifaworldcup.yahoo.com

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Win98 not transmitting passwd to samba server

[C. Ferguson]

Sorry about the double post folks; Won't happen
again...
--- CJ ferguson [EMAIL PROTECTED] wrote:
 Hello
 
 I cannot get my Windows98 machines to connect to my
 Samba server(2.2.4)
 shares. It appears that my Win machines are not
 transmitting the password.
 The Samba server looks OK. On the server machine,
 smbclient -L server -U
 user1 prompts me for a passwd, then, after
 authentication, displays the
 shares. When I attempt to map a share from my Win
 machines, the samba log
 file shows
 
 ...
 smbd/reply.c:reply_sesssetup_and_X(973)
   Defaulting to Lanman password for user1
 smbd/password.c:password_ok(593)
   Null passwords not allowed.
 smbd/reply.c:reply_sesssetup_and_X(989)
   Rejecting user 'user1': authentication failed
 smbd/error.c:error_packet(91)
   error string = No such file or directory
 ...
 
 I verified the null passwd being sent from the Win
 machines by turning on
 the sniffer(ethereal) on the samba server and
 looking at the packets coming
 through. In packets labeled by the sniffer Session
 Setup AndX Request, I
 can see the account name, and primary domain name,
 but when it comes to the
 password, the length is set to '1' and the password
 is set to '00'. I am
 using the same login and passwords for both my Linux
 and Win98 machines. No
 encrypted passwords on any machine. Both Win98 and
 server security are set
 to 'user'.
 
 What am I missing?
 
 I would appreciate any info or insight as to what
 will help me solve my
 problem.
 
 CJ Ferguson
 [EMAIL PROTECTED]
 
 
 -- 
 To unsubscribe from this list go to the following
 URL and read the
 instructions: 
http://lists.samba.org/mailman/listinfo/samba


__
Do You Yahoo!?
Yahoo! - Official partner of 2002 FIFA World Cup
http://fifaworldcup.yahoo.com

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] Oplock problem

[Dennis Lattka]

We are continually getting the following messages in the logfile, which
consistently results in corrupted files. Mainly MSOffice 2000 files as well as
FileMaker Pro DB corruption.

error message:

[2002/05/30 14:30:10, 0] smbd/oplock.c:oplock_break(761)
 oplock_break: receive_smb timed out after 30 seconds.
 oplock_break failed for file user/dnitzahn/Expense reports/More May travel
 3.xls (dev = 7441, inode = 18166407, file_id = 64).
 [2002/05/30 14:30:10, 0] smbd/oplock.c:oplock_break(833)
 oplock_break: client failure in oplock break in file user/dnitzahn/Expense
 reports/More May travel 3.xls
 reply_lockingX: Error : oplock break from client for fnum = 13268 and no
 oplock granted on this file (user/dnitzahn/Expense reports/More May travel
 3.xls).e:




-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] auto client updates

[john smith]

Hi,

I'm running a samba PDC, with all users logging onto
the domain.
  I want to be able to update the clients when new
updates/hotfixes/patches are released, but not sure
how. The users often dont logon/off so a login script
wont really work.  Also, as far as I can see M$ has
two type of update, either for individual users to
install (no silent/cmd line install available) or by
using the msiexec system (which needs a windows
server).

What is the 'usual' way of updating clients?

Thanks,

John

__
Do You Yahoo!?
Everything you'll ever need on one web page
from News and Sport to Email and Music Charts
http://uk.my.yahoo.com

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] Stupid Newbie: can't connect localhost:901 - help

[Carl Larson]

I've installed the rpm's and everything seems to be
set up fine.  I've been through many documents (even
the one on redhat that says i must change localhost to
127.0.0.1 in one of the config files
(/etc/xinetd.d/swat).  When i direct mozilla to
http://localhost:901 I get, The connection was
refused when attempting to contact localhost:901

I think maybe that something is not properly setup in
my browser, but i've tried: 
no proxy for:
localhost   //added by me to see if it would make
any difference...but it didn't

I'm sure there is something really small and stupid
that i've forgotten, and i'll feel like an idiot when
someone tells me, but i've spent WAY TOO LONG trying
to figure this out on my own.  Thanks in advance
Carl

__
Do You Yahoo!?
Yahoo! - Official partner of 2002 FIFA World Cup
http://fifaworldcup.yahoo.com

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] can read but not write to samba server

[patrick philbin]

Hello all,

I'm relatively new to linux, and an absolute neophyte to Samba.  I have
installed the Samba server (samba-2.2.4-2)  on my linux box and have it
networked to a pc running Windows98.  (this is where my development
environement resides)  I can transfers any files from my Linux box
(share=ptpl) to my Windows pc, however when I try to to transfer files
the other way (a write to the Linux Box), an error dialog box pops up on
my windows98 machine:

Error Copying File:

Can not copy file filename: Access is denied

Make sure the disc is not full or write protected
and that the file is not currently in use


The disc is not full and I believe Samba does not have it write
protected (writable = Yes).  I am including smb.conf.  Could someone
please guide me on where to look next.

Thank you in advance,
Patrick Philbin


# Samba config file created using SWAT

# from 0.0.0.0 (0.0.0.0)

# Date: 2002/05/21 16:11:17



# Global parameters

[global]

  writable = yes

  dns proxy = No

  security = share

  workgroup = TWG

  server string = Samba Server

  socket options = TCP_NODELABUF=8192 SO_SNDBUF=8192

  guest ok = Yes

  log file = /var/log/samba/log.%m

  load printers = yes

  default = global

  max log size = 50

  locking = no



[homes]

  comment = Home Directories

  writable = yes



[printers]

  comment = All Printers

  path = amba

  read only = Yes

  guest ok = No

  printable = Yes

  browseable = Yes



[ptpl]

  path = /

  writable = yes

  browseable = yes

  security = share

  public = Yes




Re: [Samba] can read but not write to samba server

[Jason Stewart]

Hi Patrick,

Looks like you are sharing your entire root directory (bad idea), and the 
permissions on the root directory would prevent any normal user from 
writing to it.

Good Luck,
Jason Stewart

At 12:44 PM 5/31/2002 -0400, you wrote:
Hello all,

I'm relatively new to linux, and an absolute neophyte to Samba.  I have
installed the Samba server (samba-2.2.4-2)  on my linux box and have it
networked to a pc running Windows98.  (this is where my development
environement resides)  I can transfers any files from my Linux box
(share=ptpl) to my Windows pc, however when I try to to transfer files
the other way (a write to the Linux Box), an error dialog box pops up on
my windows98 machine:

Error Copying File:

Can not copy file filename: Access is denied

Make sure the disc is not full or write protected
and that the file is not currently in use


The disc is not full and I believe Samba does not have it write
protected (writable = Yes).  I am including smb.conf.  Could someone
please guide me on where to look next.

Thank you in advance,
Patrick Philbin
# Samba config file created using SWAT

# from 0.0.0.0 (0.0.0.0)

# Date: 2002/05/21 16:11:17



# Global parameters

[global]

   writable = yes

   dns proxy = No

   security = share

   workgroup = TWG

   server string = Samba Server

   socket options = TCP_NODELABUF=8192 SO_SNDBUF=8192

   guest ok = Yes

   log file = /var/log/samba/log.%m

   load printers = yes

   default = global

   max log size = 50

   locking = no



[homes]

   comment = Home Directories

   writable = yes



[printers]

   comment = All Printers

   path = amba

   read only = Yes

   guest ok = No

   printable = Yes

   browseable = Yes



[ptpl]

   path = /

   writable = yes

   browseable = yes

   security = share

   public = Yes


Jason Stewart
Systems Administrator/Programmer
Right to Life of Michigan
Tel: (616)532-2300
Fax: (616)532-3461

To find out where Michigan Gubernatorial Candidate Jennifer Granholm really 
stands, please visit http://www.granholmgarble.com/


-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

RE: [Samba] Stupid Newbie: can't connect localhost:901 - help

[Carl Larson]

I changed disable to no as you suggested and
restarted xinetd...still nothing

Mozilla is set to Direct Connection to the Internet

I also looked in hosts.allow and hosts.deny and there
were no entries in either of these.  I tried adding:
localhost
to hosts.allow, then I logged out since I didn't know
how to make sure that this took affect.  And this did
nothing.  I'm not sure that logging out was good
enough , maybe i should try rebooting...or if there is
a command that will do this then great.
I hope this helps someone help me.
Thanks
Carl
--- Yannick Tousignant [EMAIL PROTECTED]
wrote:
 
 Check your /etc/xinetd.d/swat file, make sure
  disable = no
 
 restart xinetd : /etc/init.d/xinetd restart
 
 totally disable your proxy in ie...
 ie is sensitive when adding a port, try
 http://localhost:901/
 
 If it doesn't work, check out your hosts.allow,
 hosts.deny
 or maybe ipchains/iptables...
 
 good luck!
 
 Yannick
 
  -Original Message-
  From: [EMAIL PROTECTED]
 [mailto:[EMAIL PROTECTED]]On
  Behalf Of Carl Larson
  Sent: Friday, May 31, 2002 12:44 PM
  To: [EMAIL PROTECTED]
  Subject: [Samba] Stupid Newbie: can't connect
 localhost:901 - help
  
  
  I've installed the rpm's and everything seems to
 be
  set up fine.  I've been through many documents
 (even
  the one on redhat that says i must change
 localhost to
  127.0.0.1 in one of the config files
  (/etc/xinetd.d/swat).  When i direct mozilla to
  http://localhost:901 I get, The connection was
  refused when attempting to contact localhost:901
  
  I think maybe that something is not properly setup
 in
  my browser, but i've tried: 
  no proxy for:
  localhost   //added by me to see if it would
 make
  any difference...but it didn't
  
  I'm sure there is something really small and
 stupid
  that i've forgotten, and i'll feel like an idiot
 when
  someone tells me, but i've spent WAY TOO LONG
 trying
  to figure this out on my own.  Thanks in advance
  Carl
  
  __
  Do You Yahoo!?
  Yahoo! - Official partner of 2002 FIFA World Cup
  http://fifaworldcup.yahoo.com
  
  -- 
  To unsubscribe from this list go to the following
 URL and read the
  instructions: 
 http://lists.samba.org/mailman/listinfo/samba
  


__
Do You Yahoo!?
Yahoo! - Official partner of 2002 FIFA World Cup
http://fifaworldcup.yahoo.com

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Stupid Newbie: can't connect localhost:901 - help

[Harry Rüter]

Hi,

Carl Larson wrote:
 
 I've installed the rpm's and everything seems to be
 set up fine.  I've been through many documents (even
 the one on redhat that says i must change localhost to
 127.0.0.1 in one of the config files
 (/etc/xinetd.d/swat).  When i direct mozilla to
 http://localhost:901 I get, The connection was
 refused when attempting to contact localhost:901
 
 I think maybe that something is not properly setup in
 my browser, but i've tried:
 no proxy for:
 localhost   //added by me to see if it would make
 any difference...but it didn't
 
 I'm sure there is something really small and stupid
 that i've forgotten, and i'll feel like an idiot when
 someone tells me, but i've spent WAY TOO LONG trying
 to figure this out on my own.  Thanks in advance
 Carl
 


what's the output of

fuser -n tcp 901

Here's what happens on my server :

486dx66:/ # fuser -n tcp 901
901/tcp:  1843
486dx66:/ #

It shows, that the serer is running.

I'm using Netscape 4.79 and i 
do the following with proxies:

In the Inputbox no proxies for domains beginning with
i have the entry
 
server.mydomain.xy:901

example:
 
server.test.net:901

Try this with your hostname.

greets Harry

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

RE: [Samba] Stupid Newbie: can't connect localhost:901 - help

[Yannick Tousignant]

-Original Message-
From: Yannick Tousignant [mailto:[EMAIL PROTECTED]] 
Sent: Friday, May 31, 2002 1:07 PM
To: Carl Larson
Subject: RE: [Samba] Stupid Newbie: can't connect localhost:901 - help



Check your /etc/xinetd.d/swat file, make sure
 disable = no

restart xinetd : /etc/init.d/xinetd restart

totally disable your proxy in ie...
ie is sensitive when adding a port, try http://localhost:901/

If it doesn't work, check out your hosts.allow, hosts.deny
or maybe ipchains/iptables...

good luck!

Yannick

 -Original Message-
 From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On
 Behalf Of Carl Larson
 Sent: Friday, May 31, 2002 12:44 PM
 To: [EMAIL PROTECTED]
 Subject: [Samba] Stupid Newbie: can't connect localhost:901 - help
 
 
 I've installed the rpm's and everything seems to be
 set up fine.  I've been through many documents (even
 the one on redhat that says i must change localhost to
 127.0.0.1 in one of the config files
 (/etc/xinetd.d/swat).  When i direct mozilla to
 http://localhost:901 I get, The connection was
 refused when attempting to contact localhost:901
 
 I think maybe that something is not properly setup in
 my browser, but i've tried: 
 no proxy for:
 localhost   //added by me to see if it would make
 any difference...but it didn't
 
 I'm sure there is something really small and stupid
 that i've forgotten, and i'll feel like an idiot when
 someone tells me, but i've spent WAY TOO LONG trying
 to figure this out on my own.  Thanks in advance
 Carl
 
 __
 Do You Yahoo!?
 Yahoo! - Official partner of 2002 FIFA World Cup
 http://fifaworldcup.yahoo.com
 
 -- 
 To unsubscribe from this list go to the following URL and read the
 instructions:  http://lists.samba.org/mailman/listinfo/samba
 

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] I will pay you $10US (via Paypal) out of my own pocket if you cansolve this CUPS Samba problem.

[WEBSTER, Greg]

Seriously. I can't 
afford to be down much longer or I'm going to be in serious 
trouble.

Running Redhat 
7.2.

Here's the 
scoop:
Cups is installed 
and running.
Samba is installed 
and running and is sharing files properly to 100+ people.
I can print a test 
page from the Cups web-interface.
I can print a test 
page by "cat foo | lpr" or "cat foo | lpr.cups" no problem.
Swat sees the 
printer that exists in /etc/printcap.
A print$ share has 
been created:
 [print$] path = 
/usr/share/cups/model/ guest ok = 
Yes
/usr/share/cups/model/ contains a bunch of PPD printer drivers inside a 
directory called foomatic, created by a cups-drivers rpm. I have also tried 
having the drivers I need directly in the /usr/share/cups/model directory with 
no success.

...when I am on a 
windows box and try to install the printer that is listed (via the Printers 
control panel or by browsing to the Printers share via Network Neighbourhood), I 
get a "The server on which the printer resides does not have the correct printer 
driver installed. If you want to install the driver on your local computer, 
click OK". 

I really need to get 
this up and running. Please help.

Greg 
Webster

[Samba] How do i get SambaFax to register Owner from Windows client

[jonny . axelsson]

I'm using sambafax with Hylafax on my linux server and i print to the
sambaprinter
from windows but i can't get samba to get the owner name on the printfile.

Anyone that knows how i can get this to work?


-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

RE: [Samba] I will pay you $10US (via Paypal) out of my own pocket if you can solve this CUPS Samba problem.

[WEBSTER, Greg]

Nope, 
doesn't work, and I need the drivers to be available and read from the linux 
server. The PPD files do contain one which is specific to my printer and has 
worked on another machine.

  -Original Message-From: Blake Patton 
  [mailto:[EMAIL PROTECTED]]Sent: May 31, 2002 11:32 AMTo: 
  WEBSTER, GregSubject: RE: [Samba] I will pay you $10US (via Paypal) 
  out of my own pocket if you can solve this CUPS  Samba 
  problem.
  that 
  looks ok, simply click ok and load the printer driver from 
  whichever
  os 
  version you are using. ie go get the latest drivers for the printer you want 
  to use
  and 
  the os you have on the workstation. simpy those printer drivers and it should 
  work.
  
  
  Blake PattonSpots InterConnect 
  Inc.[EMAIL PROTECTED](403) 571-7768 
  
-Original Message-From: 
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf 
Of WEBSTER, GregSent: Friday, May 31, 2002 12:27 
PMTo: [EMAIL PROTECTED]Subject: [Samba] I will pay 
you $10US (via Paypal) out of my own pocket if you can solve this CUPS  
Samba problem.
Seriously. I 
can't afford to be down much longer or I'm going to be in serious 
trouble.

Running Redhat 
7.2.

Here's the 
scoop:
Cups is 
installed and running.
Samba is 
installed and running and is sharing files properly to 100+ 
people.
I can print a 
test page from the Cups web-interface.
I can print a 
test page by "cat foo | lpr" or "cat foo | lpr.cups" no 
problem.
Swat sees the 
printer that exists in /etc/printcap.
A print$ share 
has been created:
 [print$] path = 
/usr/share/cups/model/ guest 
ok = Yes
/usr/share/cups/model/ contains a bunch of PPD printer drivers inside 
a directory called foomatic, created by a cups-drivers rpm. I have also 
tried having the drivers I need directly in the /usr/share/cups/model 
directory with no success.

...when I am on 
a windows box and try to install the printer that is listed (via the 
Printers control panel or by browsing to the Printers share via Network 
Neighbourhood), I get a "The server on which the printer resides does not 
have the correct printer driver installed. If you want to install the driver 
on your local computer, click OK". 

I really need to 
get this up and running. Please help.

Greg 
Webster

RE: [Samba] I will pay you $10US (via Paypal) out of my own pocket if you can solve this CUPS Samba problem.

[WEBSTER, Greg]

[root@waifer root]# cupsaddsmb -a
Warning: No PPD file for printer PSYSTEMS!

What I'm guessing at this point is that Cups is having a hell of a time
reaching the PPD files. There definitely is one for my printer (HP 5000) on
the system.

Thanks, but no cigar :)

Greg


 -Original Message-
 From: Jason Stewart [mailto:[EMAIL PROTECTED]]
 Sent: May 31, 2002 11:43 AM
 To: WEBSTER, Greg
 Subject: Re: [Samba] I will pay you $10US (via Paypal) out of my own
 pocket if you can solve this CUPS  Samba problem.
 
 
 try cupsaddsmb -a. If not successful, you will get an error. I had a 
 difficult time getting this to work also, so I definitely 
 sympathize with you!
 
 The cupsaddsmb drivers worked for me, but the downside is 
 that you will not 
 get the duplexing and other features that the manufacturer 
 supports. For 
 the usage instructions for cupsaddsmb, see the cups docs.
 
 Good Luck,
 Jason
 
 At 11:26 AM 5/31/2002 -0700, you wrote:
 Seriously. I can't afford to be down much longer or I'm 
 going to be in 
 serious trouble.
 
 Running Redhat 7.2.
 
 Here's the scoop:
 Cups is installed and running.
 Samba is installed and running and is sharing files properly 
 to 100+ people.
 I can print a test page from the Cups web-interface.
 I can print a test page by cat foo | lpr or cat foo | 
 lpr.cups no problem.
 Swat sees the printer that exists in /etc/printcap.
 A print$ share has been created:
  [print$]
  path = /usr/share/cups/model/
  guest ok = Yes
 /usr/share/cups/model/ contains a bunch of PPD printer 
 drivers inside a 
 directory called foomatic, created by a cups-drivers rpm. I 
 have also 
 tried having the drivers I need directly in the 
 /usr/share/cups/model 
 directory with no success.
 
 ...when I am on a windows box and try to install the printer that is 
 listed (via the Printers control panel or by browsing to the 
 Printers 
 share via Network Neighbourhood), I get a The server on 
 which the printer 
 resides does not have the correct printer driver installed. 
 If you want to 
 install the driver on your local computer, click OK.
 
 I really need to get this up and running. Please help.
 
 Greg Webster
 
 Jason Stewart
 Systems Administrator/Programmer
 Right to Life of Michigan
 Tel: (616)532-2300
 Fax: (616)532-3461
 
 To find out where Michigan Gubernatorial Candidate Jennifer 
 Granholm really 
 stands, please visit http://www.granholmgarble.com/
 

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Re: [Samba] I will pay you $10US (via Paypal) out of my own pocketif you can solve this CUPS Samba problem.

[Ben Griffith]

-[ [EMAIL PROTECTED] wrote on 05/31/02 11:26:53 AM -0700 ]-

-- the Printers share via Network Neighbourhood), I get a The server on
-- which the printer resides does not have the correct printer driver
-- installed. If you want to install the driver on your local computer,
-- click OK.

Greg,

In order to get my server to automagically install the drivers, I had to 
use a Win2K machine to load the drivers into the server. Samba needs to 
build an internal database of what drivers it has and what machines the 
drivers are for. Just copying the specific driver files into a dir on the 
linux box does not work ( I tried that too )  :]

You can try to cli the drivers in using the rpcclient ( not the 
recommended way, at least not by me ) or on an NT machine. ( I used Win2K, 
I imagine XP would work too ) Just browse to the server. Then double click 
on the printers folder. Now you should see all of your printers listed 
with little blue sharing icons on them. Goto File--Server Properties. 
There is a drivers tab in there which will show you what drivers are on 
the machine and what OS they are for. There should be an add button on 
that tab. Use this to upload the drivers into the samba server.

I got my drivers from the manufactures, and then unzipped them into a dir 
on the win2k machine. The add driver dialogue will ask for a printer 
driver file. Browse to the folder where you unzipped the driver and hit 
OK. The driver should begin to upload to the samba server. Mine always 
stopped and asked for another file off of the Win2000 server cd. I just 
truncated the extra path info off of the end of the pre-filled path ( it 
had something like C:\Winnt\something\\more stuff ). I cut it off at the 
'\\' and then hit OK. This allowed the driver to finish loading. After it 
all goes in, you return to the drivers tab and there should be a listing 
for the driver that you just installed.

Note, there are a number of drivers which will not be loaded into the 
server. These are the printers that Windows includes 'native' drivers for.

So you have printers now? And connected clients can print?

Once you get the drivers worked out, things will be great.

Good luck.

 --Ben--

---
Ben Griffith
[EMAIL PROTECTED]
---

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

RE: [Samba] I will pay you $10US (via Paypal) out of my own pocke t if you can solve this CUPS Samba problem.

[Jason Stewart]

Hi Greg,

You do have these files in the /usr/share/cups/drivers directory, and they 
are readable and all uppercase?
ADFONTS.MFM
ADOBEPS4.DRV
ADOBEPS4.HLP
ADOBEPS5.DLL
ADOBEPSU.DLL
ADOBEPSU.HLP
DEFPRTR2.PPD
ICONLIB.DLL
PSMON.DLL

If you do not have these files, you can get them from www.adobe.com  with a 
postscript driver bundle.

Good Luck again,
Jason


At 11:52 AM 5/31/2002 -0700, WEBSTER, Greg wrote:
[root@waifer root]# cupsaddsmb -a
Warning: No PPD file for printer PSYSTEMS!

What I'm guessing at this point is that Cups is having a hell of a time
reaching the PPD files. There definitely is one for my printer (HP 5000) on
the system.

Thanks, but no cigar :)

Greg


  -Original Message-
  From: Jason Stewart [mailto:[EMAIL PROTECTED]]
  Sent: May 31, 2002 11:43 AM
  To: WEBSTER, Greg
  Subject: Re: [Samba] I will pay you $10US (via Paypal) out of my own
  pocket if you can solve this CUPS  Samba problem.
 
 
  try cupsaddsmb -a. If not successful, you will get an error. I had a
  difficult time getting this to work also, so I definitely
  sympathize with you!
 
  The cupsaddsmb drivers worked for me, but the downside is
  that you will not
  get the duplexing and other features that the manufacturer
  supports. For
  the usage instructions for cupsaddsmb, see the cups docs.
 
  Good Luck,
  Jason
 
  At 11:26 AM 5/31/2002 -0700, you wrote:
  Seriously. I can't afford to be down much longer or I'm
  going to be in
  serious trouble.
  
  Running Redhat 7.2.
  
  Here's the scoop:
  Cups is installed and running.
  Samba is installed and running and is sharing files properly
  to 100+ people.
  I can print a test page from the Cups web-interface.
  I can print a test page by cat foo | lpr or cat foo |
  lpr.cups no problem.
  Swat sees the printer that exists in /etc/printcap.
  A print$ share has been created:
   [print$]
   path = /usr/share/cups/model/
   guest ok = Yes
  /usr/share/cups/model/ contains a bunch of PPD printer
  drivers inside a
  directory called foomatic, created by a cups-drivers rpm. I
  have also
  tried having the drivers I need directly in the
  /usr/share/cups/model
  directory with no success.
  
  ...when I am on a windows box and try to install the printer that is
  listed (via the Printers control panel or by browsing to the
  Printers
  share via Network Neighbourhood), I get a The server on
  which the printer
  resides does not have the correct printer driver installed.
  If you want to
  install the driver on your local computer, click OK.
  
  I really need to get this up and running. Please help.
  
  Greg Webster
 
  Jason Stewart
  Systems Administrator/Programmer
  Right to Life of Michigan
  Tel: (616)532-2300
  Fax: (616)532-3461
 
  To find out where Michigan Gubernatorial Candidate Jennifer
  Granholm really
  stands, please visit http://www.granholmgarble.com/
 

Jason Stewart
Systems Administrator/Programmer
Right to Life of Michigan
Tel: (616)532-2300
Fax: (616)532-3461

To find out where Michigan Gubernatorial Candidate Jennifer Granholm really 
stands, please visit http://www.granholmgarble.com/


-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

RE: [Samba] I will pay you $10US (via Paypal) out of my own pocket if you can solve this CUPS Samba problem.

[WEBSTER, Greg]

Unfortunately I really do need the drivers to come from Samba (ie the print$
share)...I've got hundreds of machines that I'd have to do this on.

Greg

 -Original Message-
 From: Alfredo Cole [mailto:[EMAIL PROTECTED]]
 Sent: May 31, 2002 12:02 PM
 To: [EMAIL PROTECTED]
 Subject: Re: [Samba] I will pay you $10US (via Paypal) out of my own
 pocket if you can solve this CUPS  Samba problem.
 
 
 -BEGIN PGP SIGNED MESSAGE-
 Hash: SHA1
 
 I have always installed the appropriate printer driver on the Win 
 box. Try it and it should work. It works for me.
 
 El Vie 31 May 2002 12:26, escribiste:
  Seriously. I can't afford to be down much longer or I'm going to be
  in serious trouble.
 
  Running Redhat 7.2.
 
  Here's the scoop:
  Cups is installed and running.
  Samba is installed and running and is sharing files properly to
  100+ people. I can print a test page from the Cups web-interface.
  I can print a test page by cat foo | lpr or cat foo | lpr.cups
  no problem.
  Swat sees the printer that exists in /etc/printcap.
  A print$ share has been created:
  [print$]
  path = /usr/share/cups/model/
  guest ok = Yes
  /usr/share/cups/model/ contains a bunch of PPD printer drivers
  inside a directory called foomatic, created by a cups-drivers rpm.
  I have also tried having the drivers I need directly in the
  /usr/share/cups/model directory with no success.
 
  ...when I am on a windows box and try to install the printer that
  is listed (via the Printers control panel or by browsing to the
  Printers share via Network Neighbourhood), I get a The server on
  which the printer resides does not have the correct printer driver
  installed. If you want to install the driver on your local
  computer, click OK.
 
  I really need to get this up and running. Please help.
 
  Greg Webster
 
 - -- 
 Alfredo J. Cole
 http://www.acyc.com (Accounting Systems)
 http://www.clshonduras.com (Linux Hardware)
 PGP Key available from certserver.pgp.com
 -BEGIN PGP SIGNATURE-
 Version: GnuPG v1.0.6 (GNU/Linux)
 Comment: For info see http://www.gnupg.org
 
 iD8DBQE898iUu5DxuPWE298RAsIfAKCC2cYB6BQTrWSm8X2u5UgessnEoQCfZZb6
 4vQ6ycXSYCoNN4p0G0gVM6s=
 =OqPD
 -END PGP SIGNATURE-
 
 -- 
 To unsubscribe from this list go to the following URL and read the
 instructions:  http://lists.samba.org/mailman/listinfo/samba
 

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] Re: Profile creation - thanks for the (lack) of help

[Simo Sorce]

On Fri, 2002-05-31 at 15:15, Nathaniel N.Petersen wrote:
 Note that from the client's point of view security = domain is the same
 as security = user . It only affects how the server deals with the
 authentication, it does not in any way affect what the client sees.
 
 Since the systems are able to authenticate, this is not an issue.


I have yet not understood if your server is a PDC or not.
If it is, these 4 parameters MUST be set this way:

domain logons = yes
domain master = yes
security = user
encrypt password = yes


  try a path with no leading '.'
  logon path = \\student\homes\%u\ntprofile
 
 Even if you were correct, it worked before (and still is working
 elsewhere), it should work now.

I think this is not a problem.

 I thought about dealing with this diplomaticly - but enough is enough.
 There is nothing wrong with using the homes directories like I do.  The
 lines refered to in the man pages simply don't recommend it.  Well, if
 you have ever worked for a University, you would understand the amount
 of overhead involved.  Creating essentially two account locations for
 evey user is ridiculous.

I have an my setup involved a simple [profile] share with 1777
permissions on it, and that's not a lot of work to do (I had more than
1000 users).
Recommendations exist for a purpose ... it's up to you to decide if they
match your case.

thinking a bit more in this case I think you may have 2 combined
problems:
1. the use of the home directory to store profiles
2. the use of letter Z to map the home directory

unfortunately I do not have handing any url, but I remember clearly that
with later clients (w2k, XP) there are problems with the Z drive.
In fact it is not available to be mapped until the user logged in and at
that point the profile thing is yet over!
It is not a samba problem, Microsoft changed it this way (can't remember
why).

So I would advice you do 2 things:
change the home drive letter or setup a profile share and change the
logon path directive.

 Furthermore, this PDC is set to local master = no for a reason.
 Election.  I have 14 other colleges at this university that are NOT
 running Linux (yes, there are still people out there that use Windows).
 Windows PDC's have fits when this is set to yes.  They lose out on
 elections.  If set to false then nmbd will not attempt to become a
 local master browser on a subnet and will also lose in all browsing
 elections.  With a class B subnet, this is a GOOD THING.

a class B NOT subnetted to C classes? That's should be a broadcast
nightmare ... 

(if your server is not a PDc you should NOT made it be a domain master!,
local master should be ok, and would be better to use a wins server)

 And finally, as far as that whole '.a = patch' thing goes - NO SH!T.
 REALLY?  Well, I'll be... I thought only M$ released patches.
 Seriously,  I was trying (appearantly not hard enough) to make light of 
 my supervisor's lack of knowledge about Samba (AND all the extra work 
 it forced me to do). sarcasmLord knows I would much rather be seen 
 a fool by the Samba community./sarcasm  This should never have been 
 an issue.
?? you are stressed, take a breath

 I want to appologize to those of you who work tirelessly on the Samba
 project.  I also want to thank the attempts at trying to help me.  But,
 they were of ZERO aid.  Nit-picking at these minor issues does not help
 me with the big picture.  Just answer me this - If the windows systems
 are able to verify the domain and authenticate, why does the w2k system
 right corrupt profile data?  If the NT system is able to create a
 profile, why can't it us it?  That's it.

ok, let's try to stay tune and find the roots of your problems!

I do not know what you have made before and how much you get frustrated,
but 90% of users that ask for help generally have simple (!?)
configuration problems so the way I personally answered is my standard
first stage answer, no insulting were intended, and if so I apologize.

Simo.

-- 
Simo Sorce - [EMAIL PROTECTED]
Xsec s.r.l.
via Durando 10 Ed. G - 20158 - Milano
tel. +39 02 2399 7130 - fax: +39 02 700 442 399



signature.asc
Description: This is a digitally signed message part

[Samba] Appology

[CNS Student Support]

After talking this over with a friend, I realize that I have made a
mistake.  I should never have responded in the manner that I did.  I
was the one who asked for help.  You don't know the situation, and you
are correct in that most people who do have problems either didn't read
the existing information, or didn't understand what they read.

I should not have taken the standard responses so personally.  I'm
sorry.

I inicially wrote in because I thought the errors I was receiving were
rather unique.  My past problems with Samba were never this bad.  They
WERE solved most times by just doing a quite search on google or reading
other individual's posts.

But this time, with authentication working fine, I was perplexed.  Why
the corrupt write from the W2K client?  Why did the NT machine write a
profile but not use it?  Or more precisely, why did it use it but say it
didn't?

Again, my frustration exists more from my lack of progress than from the
comments I received.  I humbly submit my whole-hearted appologies to
those I may have angered and/or offended.

-Nathaniel N. Petersen

PS - I will look into the 'Z' drive issue as well as the location of the
profile.  Thank you for giving me some direction to research.

On Fri, May 31, 2002 at 04:02:35PM +0200, Simo Sorce wrote:
 On Fri, 2002-05-31 at 15:15, Nathaniel N.Petersen wrote:
  Note that from the client's point of view security = domain is the same
  as security = user . It only affects how the server deals with the
  authentication, it does not in any way affect what the client sees.
  
  Since the systems are able to authenticate, this is not an issue.
 
 
 I have yet not understood if your server is a PDC or not.
 If it is, these 4 parameters MUST be set this way:
 
 domain logons = yes
 domain master = yes
 security = user
 encrypt password = yes
 
 
   try a path with no leading '.'
   logon path = \\student\homes\%u\ntprofile
  
  Even if you were correct, it worked before (and still is working
  elsewhere), it should work now.
 
 I think this is not a problem.
 
  I thought about dealing with this diplomaticly - but enough is enough.
  There is nothing wrong with using the homes directories like I do.  The
  lines refered to in the man pages simply don't recommend it.  Well, if
  you have ever worked for a University, you would understand the amount
  of overhead involved.  Creating essentially two account locations for
  evey user is ridiculous.
 
 I have an my setup involved a simple [profile] share with 1777
 permissions on it, and that's not a lot of work to do (I had more than
 1000 users).
 Recommendations exist for a purpose ... it's up to you to decide if they
 match your case.
 
 thinking a bit more in this case I think you may have 2 combined
 problems:
 1. the use of the home directory to store profiles
 2. the use of letter Z to map the home directory
 
 unfortunately I do not have handing any url, but I remember clearly that
 with later clients (w2k, XP) there are problems with the Z drive.
 In fact it is not available to be mapped until the user logged in and at
 that point the profile thing is yet over!
 It is not a samba problem, Microsoft changed it this way (can't remember
 why).
 
 So I would advice you do 2 things:
 change the home drive letter or setup a profile share and change the
 logon path directive.
 
  Furthermore, this PDC is set to local master = no for a reason.
  Election.  I have 14 other colleges at this university that are NOT
  running Linux (yes, there are still people out there that use Windows).
  Windows PDC's have fits when this is set to yes.  They lose out on
  elections.  If set to false then nmbd will not attempt to become a
  local master browser on a subnet and will also lose in all browsing
  elections.  With a class B subnet, this is a GOOD THING.
 
 a class B NOT subnetted to C classes? That's should be a broadcast
 nightmare ... 
 
 (if your server is not a PDc you should NOT made it be a domain master!,
 local master should be ok, and would be better to use a wins server)
 
  And finally, as far as that whole '.a = patch' thing goes - NO SH!T.
  REALLY?  Well, I'll be... I thought only M$ released patches.
  Seriously,  I was trying (appearantly not hard enough) to make light of 
  my supervisor's lack of knowledge about Samba (AND all the extra work 
  it forced me to do). sarcasmLord knows I would much rather be seen 
  a fool by the Samba community./sarcasm  This should never have been 
  an issue.
 ?? you are stressed, take a breath
 
  I want to appologize to those of you who work tirelessly on the Samba
  project.  I also want to thank the attempts at trying to help me.  But,
  they were of ZERO aid.  Nit-picking at these minor issues does not help
  me with the big picture.  Just answer me this - If the windows systems
  are able to verify the domain and authenticate, why does the w2k system
  right corrupt profile data?  If the NT system is able to create a
  profile, why can't it 

Re: [Samba] Logon scripting for W95/98

[Bob Crandell]

This is how I do it.  I come from supporting Novell servers and I needed a way to
nest groups and various permissions.  It's not pretty, but it works.  This could be
a pain if you are dealing with lots of users.

[global]
logon script = %U.bat

(user's name).bat -
@ECHO OFF

SET USERNAME=User
SET STAFF=YES
SET ADMIN=NO
SET LOCALPR=NO

@CALL \\Server\netlogon\net-log.bat

net-log.bat -
@ECHO OFF

REM SET USERNAME=Name
REM SET STAFF=YES
REM SET ADMIN=NO
REM SET LOCALPR=NO

ECHO Welcome %USERNAME%.

NET USE * /DEL /YES
NET TIME \\Server /SET /YES

ECHO Are you Admin?
IF %ADMIN% == YES GOTO Admin
GOTO NotAdmin

:Admin
NET USE F: \\Server\netlogon

:NotAdmin
ECHO Mapping home directory
NET USE G: \\Server\Public
NET USE H: \\Server\Home
NET USE K: \\Server\Prgs
NET USE S: \\Server\CDROM
NET USE Z: \\Server\ZIP

:Printers
ECHO Mapping network printers
IF %LOCALPR% == YES GOTO NotLocal
NET USE LPT2: \\Server\HP990
GOTO End

:NotLocal
NET USE LPT1: \\Server\HP990

:End

I hope this helps.

Paul Espinosa ([EMAIL PROTECTED]) wrote*:

All,

As some of have no doubt found out, scripting is subtly different on 95/98
machines and NT machines.  I have a logon script called by:

   logon script = \main.bat %G %U

that works great for NT boxen.  However it does absolutely nothing, no
execution of main.bat at all for a W98 client.  If I remove the parameters
so it is:

   logon script = \main.bat

it executes on the W98 box, obviously not correctly for any commands
requiring the parameters.

What this is used for is a generic logon script for everyone, modified
with special mounts etc. by group and user if defined.

Works great with NT.  Not so good with W98

My questions is, does anyone know how to pass parameters for a logon
script for W95/98 box.

Thanks,



--
Bob Crandell
Assured Computing
When you need to be sure.
Cell 541-914-3985
FAX  240-371-7237
[EMAIL PROTECTED]
www.assuredcomp.com
Eugene, Or. 97402



-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Re: [Samba] I will pay you $10US (via Paypal) out of my own pocke t if you can solve this CUPS Samba problem.

[David W. Chapman Jr.]

On Fri, May 31, 2002 at 12:09:26PM -0700, WEBSTER, Greg wrote:
 
 Unfortunately I really do need the drivers to come from Samba (ie the print$
 share)...I've got hundreds of machines that I'd have to do this on.
 

Yes, what's being said is that you install the drivers from one 
workstation to the server then the rest of them can fetch them.

-- 
David W. Chapman Jr.
[EMAIL PROTECTED]   Raintree Network Services, Inc. www.inethouston.net
[EMAIL PROTECTED]   FreeBSD Committer www.FreeBSD.org

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

RE: [Samba] I will pay you $10US (via Paypal) out of my own pocke t if you can solve this CUPS Samba problem.

[WEBSTER, Greg]

Ok, tried that...no success. I can follow through the steps of adding the
driver for the printer on my machine, then I can use it. However once I
delete the printer and try to add it again I have to go through the same
steps. The drivers are not copied up to the server, they are just installed
on my local machine.

 -Original Message-
 From: David W. Chapman Jr. [mailto:[EMAIL PROTECTED]]
 Sent: May 31, 2002 12:37 PM
 To: WEBSTER, Greg
 Cc: 'Alfredo Cole'; [EMAIL PROTECTED]
 Subject: Re: [Samba] I will pay you $10US (via Paypal) out of my own
 pocke t if you can solve this CUPS  Samba problem.
 
 
 On Fri, May 31, 2002 at 12:09:26PM -0700, WEBSTER, Greg wrote:
  
  Unfortunately I really do need the drivers to come from 
 Samba (ie the print$
  share)...I've got hundreds of machines that I'd have to do this on.
  
 
 Yes, what's being said is that you install the drivers from one 
 workstation to the server then the rest of them can fetch them.
 
 -- 
 David W. Chapman Jr.
 [EMAIL PROTECTED] Raintree Network Services, Inc. 
www.inethouston.net
[EMAIL PROTECTED]   FreeBSD Committer www.FreeBSD.org

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Logon scripting for W95/98

[David W. Chapman Jr.]

On Fri, May 31, 2002 at 08:16:54PM +, Bob Crandell wrote:
 This is how I do it.  I come from supporting Novell servers and I needed a way to
 nest groups and various permissions.  It's not pretty, but it works.  This could be
 a pain if you are dealing with lots of users.

IIRC there was a logon script parser a few years back that supported 
groups and what not.

-- 
David W. Chapman Jr.
[EMAIL PROTECTED]   Raintree Network Services, Inc. www.inethouston.net
[EMAIL PROTECTED]   FreeBSD Committer www.FreeBSD.org

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Slightly OT: Conference this year?

[Jeremy Allison]

On Fri, May 31, 2002 at 08:46:38AM -0500, Sam Barasch wrote:
 Hi.
 
 Our department at the university has been using samba since at least 
 1996.  We love it.
 
 Is there another conference scheduled for this year?  Know where it will be?
 
 How did the last one go?

The SambaXP conference was wonderful - very well attended (better than
the Microsoft/NetApp sponsored CIFS conferences). I keep meaning to
write up a conference report and post it on Samba.org (but no time
yet).

We're hoping the SerNet will sponsor and run the next one (as
they did such a good job this year).

It'll be in Germany though.

Jeremy.

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] Authentication failure for Windows XP clients

[Joshua Weage]

I have configured samba to use security = user, encrypt passwords = yes
and I have added a user using smbpassword.  smbclient from a unix host
works fine.  However, when I try to access a share from a Windows XP
box, I get the following in the logs:

[2002/05/31 17:28:50, 2] smbd/reply.c:(110)
  netbios connect: local=atgdet09 remote=pc5
[2002/05/31 17:28:50, 2] smbd/password.c:(575)
  pass_check_smb failed - invalid password for user [jweage]
[2002/05/31 17:28:50, 2] smbd/reply.c:(963)
  NT Password did not match for user 'jweage'!
[2002/05/31 17:28:50, 2] smbd/reply.c:(973)
  Defaulting to Lanman password for jweage
[2002/05/31 17:28:50, 2] smbd/password.c:(575)
  pass_check_smb failed - invalid password for user [jweage]
[2002/05/31 17:28:50, 1] smbd/reply.c:(989)
  Rejecting user 'jweage': authentication failed
[2002/05/31 17:28:50, 2] smbd/server.c:(461)
  Closing connections

Any ideas what is going wrong here?

Thanks,

Josh

=
--
--  http://origin.me.gatech.edu/~weage--
--  http://members.xoom.com/joshua_weage  --
--  http://weage.freeservers.com/ --

__
Do You Yahoo!?
Yahoo! - Official partner of 2002 FIFA World Cup
http://fifaworldcup.yahoo.com

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

RE: [Samba] I will pay you $10US (via Paypal) out of my own pocke t if you can solve this CUPS Samba problem.

[WEBSTER, Greg]

So where do I send the $10 :)

GregW

 -Original Message-
 From: Manuel Gomez [mailto:[EMAIL PROTECTED]]
 Sent: May 31, 2002 1:49 PM
 To: 'WEBSTER, Greg'
 Cc: '[EMAIL PROTECTED]'
 Subject: RE: [Samba] I will pay you $10US (via Paypal) out of my own
 pocke t if you can solve this CUPS  Samba problem.
 
 
 Greg,
 
 I had a heck of a time getting Samba and CUPS up and running 
 together, but
 here are a couple of pointers.
 
 If you are serving Windows clients, and a Windows driver is 
 available for
 your printer (not hard to imagine), you are probably best off 
 setting up a
 RAW print queue in CUPS, and installing the printer drivers 
 on your Samba
 server using the Add/Remove Printers Wizard.  
 
 The documentation for setting that up is, in my opinion, a 
 little vague, but
 it certainly can be done.  The most simple way to setup it up 
 (in my mind)
 is as follows:
 1) Make sure you have a 'printer admin = ???' directive in 
 your smb.conf,
 where '???' is a comma-separated list of Unix users and/or 
 groups who will
 be able to manage printer settings.  Group designations in 
 smb.conf need an
 '@' prefix (like '@group').
 2) For testing, I would set 'read only = no' on the [print$] 
 share, and when
 it's working, you could either set 'read only = yes' and 
 'write list = ???'
 where ??? is another comma separated list of Unix users 
 and/or groups, these
 being the users who will be able to upload drivers to the server.
 Alternately, you could just leave 'read only = no', just make sure you
 understand the implications.
 3) Make sure the file system permissions will allow you to 
 create files and
 directories under the path of your [print$] share.  I would 
 put it elsewhere
 than /usr/share/cups/model, because these aren't going to 
 hold CUPS drivers,
 but Windows binary drivers.  Then, create directories under 
 that path for
 each Windows version you want to support.  These are 'W32X86' 
 for WinNT 
 Win2K clients, 'WIN40' for Win9x, and I can't remember the others.
 4) If samba is picking up your printers from your printcap, 
 you can skip
 this, but otherwise you'll have to set up a share for each 
 printer you want
 to share.
 5) Browse, from a Windows PC, to the Red Hat server in explorer.
 Double-click 'Printers'.  Depending on your windows version, 
 the following
 may be different.  I'm using Win2K, and this is how it goes:
 Right click in the white space of the window, and select 
 'Server properties'
 from the context menu.  Select the 'Drivers' tab.  Click 
 'Add...' then go
 through the wizard.  If 'Add...' is unselectable 
 (greyed-out), then the
 server is not seeing you as a member of the 'printer admins' 
 list that you
 set up in step 1, so start your troubleshooting there.
 6) Once you've got the drivers uploaded onto the server, you need to
 associate them with a given printer, which you do by 
 right-clicking the
 appropriate printer and selecting 'Properties', then clicking on the
 'Advanced' tab (I think this step is slightly different under 
 NT).  In the
 drop-down box marked 'Driver:', select the appropriate driver 
 (probably the
 one you just uploaded).
 7) Now, on the client machines, install the printer normally, and the
 drivers should automatically download with the connection.  
 
 Let me know if that helps at all.
 
 
 Manuel Gomez 
 
 
 -Original Message-
 From: WEBSTER, Greg [mailto:[EMAIL PROTECTED]] 
 Sent: Friday, May 31, 2002 11:35 AM
 To: 'Blake Patton'
 Cc: '[EMAIL PROTECTED]'
 Subject: RE: [Samba] I will pay you $10US (via Paypal) out of 
 my own pocke t
 if you can solve this CUPS  Samba problem.
 
 
 Nope, doesn't work, and I need the drivers to be available 
 and read from the
 linux server. The PPD files do contain one which is specific 
 to my printer
 and has worked on another machine.
 -Original Message-
 From: Blake Patton [mailto:[EMAIL PROTECTED]]
 Sent: May 31, 2002 11:32 AM
 To: WEBSTER, Greg
 Subject: RE: [Samba] I will pay you $10US (via Paypal) out of 
 my own pocket
 if you can solve this CUPS  Samba problem.
 
 
 that looks ok, simply click ok and load the printer driver 
 from whichever
 os version you are using. ie go get the latest drivers for 
 the printer you
 want to use
 and the os you have on the workstation. simpy those printer 
 drivers and it
 should work.
 
 
 Blake Patton
 Spots InterConnect Inc.
 [EMAIL PROTECTED]
 (403) 571-7768 
 -Original Message-
 From: [EMAIL PROTECTED] 
 [mailto:[EMAIL PROTECTED]]On
 Behalf Of WEBSTER, Greg
 Sent: Friday, May 31, 2002 12:27 PM
 To: [EMAIL PROTECTED]
 Subject: [Samba] I will pay you $10US (via Paypal) out of my 
 own pocket if
 you can solve this CUPS  Samba problem.
 
 
 Seriously. I can't afford to be down much longer or I'm going to be in
 serious trouble.
 
 Running Redhat 7.2.
 
 Here's the scoop:
 Cups is installed and running.
 Samba is installed and running and is sharing files properly 
 to 100+ people.
 I can print a test page from the Cups 

Re: [Samba] Browsing

[Praise]

Alle 06:41, giovedì 30 maggio 2002, Martin Burheim Tingstad ha scritto:
 I cannot see any of the computers in my workgroup from windows, looking
 them up from freebsd works, even querying the subnet for masterbrowser
 works (from the samba-server (bsd)). Why does this happen?

 Greetings, Martin.

There is very little information here. I could not help you I think, even if 
it was there. I am facing the same problem as you, the network knows what is 
its master browser but it fails to display the neighborhood. My suspects are 
that there is a problem in name resolution (digging the doc I have found that 
if name resolution do not work then browsing do not work too).
I have been a bit busy lately so I have to check it better. Let me know what 
was your problem if you find it.

Praise 


--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] printing with samba with NT clients

[Wise, Gene]

Has any had success using Samba as a PRINT SERVER and  
having there drivers automatically installed on their NT 4 clients.


 Any input would be appreciated,
 Thx Gene Wise

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Re: [Samba] WinXP joining a samba PDC

[Sergio Gusmao]

Hi folks,

I've latetly searching for a solution of a problem of mine when I suddenly 
stuck on this msg.

In fact, I've just got the same problem with WinXP on a Samba 2.2.3 server. 
I've followed the same procedure Fernando did but, unfortunately, got a 
message concerning a RPC failure.

My Windows is in Portuguese and I've got no idea of what should it be in 
english, but I supose it's something like Remote Procedure Failure.

If somebody's got any other idea of what could this problem be, please drop 
me a reply.

Thank you inadvance.

Regards,

Sérgio Gusmão
IT Consultant
[EMAIL PROTECTED]
[EMAIL PROTECTED]





I have been added a WinXP machine to a Samba PDC following the steps bellow:

1. Make sure that your smb.conf file contains domain logons = yes

2. Is a good practice create a group only for computer accounts using:

 group -g 201 machines

3. Add the machine account to you /etc/passwd using the following command:

 useradd -g machines -d /dev/null -c machine id machine_name\$

 Don't forgot the \$! Otherwise, Samba will not recognize the account.

4. Lock the password to the machine account using:

 passwd -l machine_name$

5. Add the machine account to your smbpasswd file using the command:

 smbpasswd -a -m machine_name

 Without \$!!!

6. Apply the registry patch in your XP machine.  Using regedit, make
sure to patch all the
 control sets.  The .reg file only patch Current Control Set, may
be there are 2 or 3
 Control Sets more.  You have to parch all of them manually.

7. Using the Network Identification Wizard, try to jouin your XP machine
to the Samba
 domain.  You have to do this proccess using an username with admin
rights in your Linux
 machine (like root for example).  Otherwise, it will not work.

And... if all is ok... Voila! Machine added! :)
Hope this help.  I send my smb.conf file, is working well with all my XP
clients.

Good Luck!

Fernando


Kevin Pratt wrote:

 I am running it to a problem adding a WinXP Computer to my samba PDC.
  It is
 coming up with an error about the trust accounts.
 
 I have tried the registry patch with no success.
 
 Any suggestions?
 
 Kevin
 
 




;basic server settings
workgroup = FAMILIA
netbios name = SERVIDOR
server string = Servidor Linux
socket options = TCP_NODELAY IPTOS_LOWDELAY SO_SNDBUF=8192 SO_RCVBUF=8192
kernel oplocks = no

;PDC and master browser settings
os level = 64
preferred master = yes
local master = yes
domain master = yes
domain logons = yes

;security and logging settings
security = user
encrypt passwords = yes
wins support = yes
log file = /var/log/samba/log.%m
log level = 2
max log size = 50
hosts allow = 127.0.0.1 192.168.1.0/255.255.255.0
socket address = 192.168.1.1

;user profiles and home directory
logon home = \\%L\%U\
logon drive = H:
logon path = \\%L\profiles\%U
logon script = netlogon.bat

; shares 
[homes]
comment = Home Directories
browseable = no
writeable = yes

[profiles]
path = /home/samba/profiles
writeable = yes
browseable = no
create mask = 0600
directory mask = 0700

[netlogon]
comment = Network Logon Service
path = /home/netlogon
read only = yes
browseable = no
write list = root

[Mi Musica]
comment = Archivos MP3
path = /musica
read only = yes
write list = root fmaidana
browseable = yes
guest ok = yes



_
Chat with friends online, try MSN Messenger: http://messenger.msn.com


-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

RE: [Samba] Logon scripting for W95/98

[Cates, Brett]

Has anyone tried using Kixtart from a Samba PDC?
http://www.kixtart.org/

Brett
-Original Message-
From: Paul Espinosa [mailto:[EMAIL PROTECTED]]
Sent: Friday, May 31, 2002 3:37 PM
To: [EMAIL PROTECTED]
Subject: Re: [Samba] Logon scripting for W95/98


Unfortunately not,

That's what I don't want to do, is to create individual .bat files for
200+ users.

I can get that to work fine.  Just be a pain.  And I may have to.  I may
just make a perl script to create the .bat files from the passwd file...

Thanks though,

  .[ Bob Crandell wrote on Fri, 31 May 2002 20:16:54 + ]
  |
  |
  |This is how I do it.  I come from supporting Novell servers and I
  |needed a way to nest groups and various permissions.  It's not pretty,
  |but it works.  This could be a pain if you are dealing with lots of
  |users.
  |
  |[global]
  |logon script = %U.bat
  |

SNIP

--Paul Espinosa

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Mounting an NT share on Linux Server

[Tom Ansley]

I forgot to add the error message for the problem.sorry

I get wins-srv-died(): WINS server 130.253.166.42 appears to be down.
Connection to Fac-Staff failed

But, as I mentioned before, I can connect fine from my workstation.

Thanks

Tom Ansley


On Friday 31 May 2002 05:13 pm, Tom Ansley wrote:
 Hi all,

 I'm trying to connect to a share on an NT server from a Redhat Linux 7.2
 server with the following command:

 smbmount //Fac-Staff/tansley$ /home/tomansley/law_share -o
 username=LAW\\tansley,password=realpassword

 The same command works from my linux workstation!!!

 Anybody got any clue as to what might be holding me up?  I was thinking
 maybe my firewall but am not sure.

 Any help most appreciated

 Cheers

 Tom Ansley


-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Re: [Samba] ASSISTANCE NEEDED

[Wendell Craig]

On Friday 31 May 2002 06:47 pm, mariam zanab ishatu wrote:
   ATTN: CEO/PRESIDENT.

 l am DR. MRS MARIAM ABACHA, wife of the late Nigeria
 Head of State, General Sanni Abacha who died on the
 8th of June, 1998 while still on

 active duty. 

 l currently have within my reach the sum of Twenty
 Eight Million US Dollars (US$28,000,000.00) cash which
 l intend to use for investment, like Real Estate
 Development specifically in your country. This money
 came as a payback contract deal between my late
 husband and a Russian Firm on our countries
 multi-billion dollars Ajaokuta Steel Plant.

[clip]

I can't resist these great offers another minute!  I'm gonna grab the 
money and run!!!

(Weird she would pick the samba list, though?)

-- 
 Wendell Craig [EMAIL PROTECTED]  http://anncrman.com
  
   Information is not knowledge, Knowledge is not wisdom, Wisdom is 
not truth, Truth is not beauty, Beauty is not love, Love is not 
music and Music is THE BEST.  -- FRANK ZAPPA, 1949-1993


-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

RE: [Samba] ASSISTANCE NEEDED

[Van Sickler, Jim]

 -Original Message-
 From: mariam zanab ishatu [mailto:[EMAIL PROTECTED]]
 Sent: Friday, May 31, 2002 3:47 PM
 To: [EMAIL PROTECTED]
 Subject: [Samba] ASSISTANCE NEEDED
 
SPELLCHECKER IS NOT TO BE WORKING!!! 
 
   ATTN: CEO/PRESIDENT.
 
I was a lowly computer jockey;  now I'm a CEO/PRESIDENT...
thanks for the promotion!  Where's the money?

 l am sorry for the embarrassment this my letter might
 cause you as we have not had any correspondence before
 this letter. l got your address through

Embarrassment isn't what your letter caused
 
 my newphew who works with Nigeria Chamber of Commerce
 lndustry and Minning during my research for a reliable
 and trustworthy partner who l can do
 
 business with though l did not disclose the nature of
 the business l intend to do with whoever he recommend
 for me.
 
 l am DR. MRS MARIAM ABACHA, wife of the late Nigeria
 Head of State, General Sanni Abacha who died on the
 8th of June, 1998 while still on
 
 active duty. l am contacting you in view of the fact
 that we will be of great assistance to each other
 likeness developing a cordial relationship.
 
 
 l currently have within my reach the sum of Twenty
 Eight Million US Dollars (US$28,000,000.00) cash which
 l intend to use for investment, like Real Estate
 Development specifically in your country. This money
 came as a payback contract deal between my late
 husband and a Russian Firm on our countries
 multi-billion dollars Ajaokuta Steel Plant.
 
 The Russian Partners returned my husband's share of
 USD$28,000,000.00 after  the death of my husband and
 lodged in my husband's security company of
 which l am director right now, the new Civilian
 Government have intensified their probe on my
 husband's financial and oil company. ln view of these,
 l acted fast to withdraw the US$28,000,000.00 from the
 company's vault and deposited it in a West African
 Security Company in Accra-Ghana. l have since declared
 the Security Company bankrupt. No record ever
 existed concerning the money traceable by the
 government because there is no documentation showing
 that we received the money from the Russian.
 
You deposited it in another country, then declared
the foreign company bankrupt...and you have no
evidence the money existed. How ever are you to get
your nonexistent money back from this bankrupt company,
located in another country?

  What does this have to do with Samba? Are you
going to use Samba to get your nonexistent
USD$28,000,000.00 back?

Please forward a copy of the magical smbclient command
you will be using to accomplish this, so other list users
may get their own USD$28,000,000.00!

 Due to the current situation int the country
 concerning government attitude towards my family, it
 has become quite impossible for me to make use of
 this money within. Let me refer you to the front page
 of thisday newspapers of 10th March, 2001. You can
 check it through their website www.thisdayonline.com.
 The pressent government in Nigeria had frozen
 and seized all our bank accounts both here in Nigeria
 andabroad. Thus consent
 l shall expect you to contact me urgently to enable us
 discuss in detail about this transaction. Bearing in
 mind that your assistance is needed to
 transfer this fund, l proposed a percentage of 30% of
 the total sum to you for the expected service and
 assistance, 15% for offsetting minor expenses incurred
 in the course of this transaction. Your urgent
 response is highly needed as to stop further contacts.

You can stop contact immediately.  I never, ever, EVER
want to hear from you and yours again.

 All correspondence must be by the email address above.
 l will give you my tel/fax numbers where you can
 contact me when l hear from you. l must use this
 opportunity to implore you to exercise the utmost
 indulgence to keep this matter extraordinarily
 confidential whatever your decision while await your
 prompt response.
 
 NB: Because of the security being mounted on the
 members of my family,l have decided that this
 transaction exist between you and my Nephew, MUSA
 AHMED. Remember to include your private tel/fax
 or mobile number
 
If I gave it to him, it wouldn't be private, would
it?  

MUSA AHMED:  does your Aunt know you sent this
message?  Didn't she tell you to stop spamming
mail lists?  You're a naughty boy!  GO AWAY!
Don't bother us again.  If you have questions
about Samba, we'll let you talk to us.  If not,
go find something else to do.

 for easy communication.
 
ALL YOUR BASE ARE BELONG TO US. 

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

RE: [Samba] I will pay you $10US (via Paypal) out of my own pocke t if you can solve this CUPS Samba problem.

[Manuel Gomez]

Greg,

If those instructions really helped you get Samba  CUPS up and running
together, I don't want the $10US.  I nearly pulled my hair out trying to
figure it out, and just knowing that somebody else didn't have to go quite
as crazy trying is enough reward. :)

So send it to the Samba Team.

Cheers,
 
Manuel Gomez


-Original Message-
From: WEBSTER, Greg [mailto:[EMAIL PROTECTED]] 
Sent: Friday, May 31, 2002 3:35 PM
To: 'Manuel Gomez'; WEBSTER, Greg
Cc: '[EMAIL PROTECTED]'
Subject: RE: [Samba] I will pay you $10US (via Paypal) out of my own pocke t
if you can solve this CUPS  Samba problem.



So where do I send the $10 :)

GregW

 -Original Message-
 From: Manuel Gomez [mailto:[EMAIL PROTECTED]]
 Sent: May 31, 2002 1:49 PM
 To: 'WEBSTER, Greg'
 Cc: '[EMAIL PROTECTED]'
 Subject: RE: [Samba] I will pay you $10US (via Paypal) out of my own 
 pocke t if you can solve this CUPS  Samba problem.
 
 
 Greg,
 
 I had a heck of a time getting Samba and CUPS up and running
 together, but
 here are a couple of pointers.
 
 If you are serving Windows clients, and a Windows driver is
 available for
 your printer (not hard to imagine), you are probably best off 
 setting up a
 RAW print queue in CUPS, and installing the printer drivers 
 on your Samba
 server using the Add/Remove Printers Wizard.  
 
 The documentation for setting that up is, in my opinion, a
 little vague, but
 it certainly can be done.  The most simple way to setup it up 
 (in my mind)
 is as follows:
 1) Make sure you have a 'printer admin = ???' directive in 
 your smb.conf,
 where '???' is a comma-separated list of Unix users and/or 
 groups who will
 be able to manage printer settings.  Group designations in 
 smb.conf need an
 '@' prefix (like '@group').
 2) For testing, I would set 'read only = no' on the [print$] 
 share, and when
 it's working, you could either set 'read only = yes' and 
 'write list = ???'
 where ??? is another comma separated list of Unix users 
 and/or groups, these
 being the users who will be able to upload drivers to the server.
 Alternately, you could just leave 'read only = no', just make sure you
 understand the implications.
 3) Make sure the file system permissions will allow you to 
 create files and
 directories under the path of your [print$] share.  I would 
 put it elsewhere
 than /usr/share/cups/model, because these aren't going to 
 hold CUPS drivers,
 but Windows binary drivers.  Then, create directories under 
 that path for
 each Windows version you want to support.  These are 'W32X86' 
 for WinNT 
 Win2K clients, 'WIN40' for Win9x, and I can't remember the others.
 4) If samba is picking up your printers from your printcap, 
 you can skip
 this, but otherwise you'll have to set up a share for each 
 printer you want
 to share.
 5) Browse, from a Windows PC, to the Red Hat server in explorer.
 Double-click 'Printers'.  Depending on your windows version, 
 the following
 may be different.  I'm using Win2K, and this is how it goes:
 Right click in the white space of the window, and select 
 'Server properties'
 from the context menu.  Select the 'Drivers' tab.  Click 
 'Add...' then go
 through the wizard.  If 'Add...' is unselectable 
 (greyed-out), then the
 server is not seeing you as a member of the 'printer admins' 
 list that you
 set up in step 1, so start your troubleshooting there.
 6) Once you've got the drivers uploaded onto the server, you need to
 associate them with a given printer, which you do by 
 right-clicking the
 appropriate printer and selecting 'Properties', then clicking on the
 'Advanced' tab (I think this step is slightly different under 
 NT).  In the
 drop-down box marked 'Driver:', select the appropriate driver 
 (probably the
 one you just uploaded).
 7) Now, on the client machines, install the printer normally, and the
 drivers should automatically download with the connection.  
 
 Let me know if that helps at all.
 
 
 Manuel Gomez
 
 
 -Original Message-
 From: WEBSTER, Greg [mailto:[EMAIL PROTECTED]]
 Sent: Friday, May 31, 2002 11:35 AM
 To: 'Blake Patton'
 Cc: '[EMAIL PROTECTED]'
 Subject: RE: [Samba] I will pay you $10US (via Paypal) out of 
 my own pocke t
 if you can solve this CUPS  Samba problem.
 
 
 Nope, doesn't work, and I need the drivers to be available
 and read from the
 linux server. The PPD files do contain one which is specific 
 to my printer
 and has worked on another machine.
 -Original Message-
 From: Blake Patton [mailto:[EMAIL PROTECTED]]
 Sent: May 31, 2002 11:32 AM
 To: WEBSTER, Greg
 Subject: RE: [Samba] I will pay you $10US (via Paypal) out of 
 my own pocket
 if you can solve this CUPS  Samba problem.
 
 
 that looks ok, simply click ok and load the printer driver
 from whichever
 os version you are using. ie go get the latest drivers for 
 the printer you
 want to use
 and the os you have on the workstation. simpy those printer 
 drivers and it
 should work.
 
 
 Blake Patton
 Spots InterConnect Inc.
 [EMAIL 

[Samba] Empty share

[Martin Burheim Tingstad]

Just compiled samba 3, alpha 17, and thie empty share appears. It has no
name, and no content, what is this?

Yours sincerely, Martin.


-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Re: [Samba] printing with samba with NT clients

[James Leroux]

Gene,

See the message thread below for an excellent explanation...

RE: [Samba] I will pay you $10US (via Paypal) out of my own pocke t if you
can solve this CUPS  Samba problem.


James
--

- Original Message -
From: Wise, Gene [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Friday, May 31, 2002 4:53 PM
Subject: [Samba] printing with samba with NT clients


 Has any had success using Samba as a PRINT SERVER and
 having there drivers automatically installed on their NT 4 clients.


  Any input would be
appreciated,
  Thx Gene Wise

 --
 To unsubscribe from this list go to the following URL and read the
 instructions:  http://lists.samba.org/mailman/listinfo/samba



-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] Error log entry (due to trying to configure a CUPS printer?)

[Rob Blomquist]

[2002/05/31 11:15:58, 0] lib/util_sock.c:read_socket_data(478)
  read_socket_data: recv failure for 4. Error = No route to host

I have no idea what this could mean.

Any gurus able to step up to the plate?
-- 
Rob Blomquist
Kirkland, WA

On the side of the software box, in the 'System Requirements' section, it said 
'Requires Windows 95 or better'. So I installed Linux and lived happily ever 
after.


--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Re: Profile creation

[Simo Sorce]

On Fri, 2002-05-31 at 01:26, Nathaniel N.Petersen wrote:
 SAMBA VERSION: 2.2.4
 ERROR(S): Profile Creation

 I reported this to my supervisor, and he asked what version of Samba I
 was using.  I told him version 2.2.3a.  Well, he says that I shouldn't
 use an alpha version of Samba.

the 'a' means patch level 1, it is a bugfix against the stable version
2.2.3 no alpha!


   os level = 64
   preferred master = yes
   domain master = yes
   local master = no

why you made it domain master but not local master ?

   encrypt passwords = yes
   domain logons = yes
 
   logon path = \\student\%u\.ntprofile

from smb.conf:
  Windows clients can sometimes maintain a connection
  to  the [homes] share, even though there is no user
  logged in.  Therefore, it is vital that  the  logon
  path  does  not  include  a  reference to the homes
  share (i.e. setting this parameter  to  \%N\%U\pro­
  file_path will cause problems).

so,
1. it is better you use a separate directory and share for profiles
(I saw that setting the directory 1777 is a nice solution as everyone
can write/create a profile, but only owners will be able to use/modify
it)
2. better you use %U (uppercase)

   logon drive = Z:
   logon home = \\student\%u

Simo.

-- 
Simo Sorce
--
Una scelta di liberta': Software Libero.
A choice of freedom: Free Software.
http://www.softwarelibero.it

Re: Profile creation

[Stefan (metze) Metzmacher]

At 18:26 30.05.2002 -0500, Nathaniel N.Petersen (CNS Student Support) wrote:
SAMBA VERSION: 2.2.4
ERROR(S): Profile Creation

I have recently been assigned to create a Samba PDC.  Earlier in the

--[smb.conf]--

[global]
 workgroup = CNS_TESTING
 netbios name = TEST_SMB_SERVER
 client code page = 437
 log level = 5
 hosts allow = xxx.xxx.xxx

 security = DOMAIN

If you want to be a PDC set 'security = User' ,
this means that samba uses it's own smbpasswd( or tdb or ldap...) as SAM 
Database, read 'man smb.conf' !!!

I don't now if this fix your problem!?
 os level = 64
 preferred master = yes
 domain master = yes
 local master = no

 encrypt passwords = yes
 domain logons = yes

 logon path = \\student\%u\.ntprofile

try a path with no leading '.'
 logon path = \\student\homes\%u\ntprofile

I'm not really sure,  but try it! I remember this solves my problems on this.
I seems that NT doesn't like this.

And read Simo's comments on this parameter...

 logon drive = Z:
 logon home = \\student\%u

 admin users = root cthulu
[netlogon]
 path = /usr/local/samba/lib/netlogon
 writeable = no
 write list = ntadmin
[homes]
 guest ok = no
 writable = yes


metze
-
Stefan metze Metzmacher [EMAIL PROTECTED]

Re: known BUG multi-byte character set in usernames

[Andrew Bartlett]

Juergen Hasch wrote:
 
 Hi Guenther,
 
 Am Donnerstag, 30. Mai 2002 16:17 schrieb Guenther Deschner:
  hello,
 
  smb.conf-manpage of 2.2.5pre and HEAD states the bug of multi-byte
  character sets in usernames:
 
  -8--snip--8--
  BUG: There is currently a bug  in  the  implementation  of
 security = domain with respect to multi-byte character set
 usernames. The communication with a Domain Controller must
 be  done  in  UNICODE  and  Samba currently does not widen
 multi-byte user names to UNICODE correctly, thus a  multi-
 byte  username  will  not  be  recognized correctly at the
 Domain Controller. This  issue  will  be  addressed  in  a
 future release.
  -8--snap--8--
 

This is a different issue.  We force non-alphanumeric chars to _ in the
login code, for security.  This is what is causing the issue here.  This
may not be what the manpage was originally on about, but is what it
means now ;-)

 Now the correct usernames and groups are shown. I only added a few
 conversions, the correct approach would be to check all
 unistr2_to_ascii calls and add dos_to_unix where neccessary.
 
 I will generate a complete patch if the Samba team thinks it's worth
 considering and I am not completely on the wrong track :-)

What the heck are you trying here?

Can you resend me the patch you were doing for HEAD, and I'll try to get
that in.  In the meantime, this looks bogus.  

Andrew Bartlett

-- 
Andrew Bartlett [EMAIL PROTECTED]
Manager, Authentication Subsystems, Samba Team  [EMAIL PROTECTED]
Student Network Administrator, Hawker College   [EMAIL PROTECTED]
http://samba.org http://build.samba.org http://hawkerc.net

[PATCH] store SID's in SAM_ACCOUNT

[metze]

Hi Andrew and Simo,

this patches are only for discussion,( not completely ready)

please take look at it the Patch for Makefile.in should be cleaner but I 
don't know how to do this... So it would be nice if someoneelse could do that.
The reason for changing Makefile.in is that the global_sam_sid should be 
get with the function get_global_sam_sid(), witch is in 
passdb/machine_sid.c and depends code from passdb/secrets.c 
libsmb/smbencrypt.c libsmb/smbdes.c


code Patch
-
diff -Nur HEAD/source/groupdb/mapping.c HEAD-fix/source/groupdb/mapping.c
--- HEAD/source/groupdb/mapping.c   Mon Apr 29 08:26:39 2002
+++ HEAD-fix/source/groupdb/mapping.c   Fri May 31 10:19:42 2002
@@ -21,7 +21,6 @@

  #include includes.h

-extern DOM_SID global_sam_sid;

  static TDB_CONTEXT *tdb; /* used for driver files */

@@ -186,17 +185,17 @@

 /* Add the defaults domain groups */

-   sid_copy(sid_admins, global_sam_sid);
+   sid_copy(sid_admins, get_global_sam_sid());
 sid_append_rid(sid_admins, DOMAIN_GROUP_RID_ADMINS);
 sid_to_string(str_admins, sid_admins);
 add_initial_entry(-1, str_admins, SID_NAME_DOM_GRP, Domain 
Admins, , privilege_all, PR_ACCESS_FROM_NETWORK|PR_LOG_ON_LOCALLY);

-   sid_copy(sid_users,  global_sam_sid);
+   sid_copy(sid_users,  get_global_sam_sid());
 sid_append_rid(sid_users,  DOMAIN_GROUP_RID_USERS);
 sid_to_string(str_users, sid_users);
 add_initial_entry(-1, str_users,  SID_NAME_DOM_GRP, Domain 
Users,  , privilege_none, PR_ACCESS_FROM_NETWORK|PR_LOG_ON_LOCALLY);

-   sid_copy(sid_guests, global_sam_sid);
+   sid_copy(sid_guests, get_global_sam_sid());
 sid_append_rid(sid_guests, DOMAIN_GROUP_RID_GUESTS);
 sid_to_string(str_guests, sid_guests);
 add_initial_entry(-1, str_guests, SID_NAME_DOM_GRP, Domain 
Guests, , privilege_none, PR_ACCESS_FROM_NETWORK);
@@ -987,7 +986,9 @@
  * make one based on the unix information */
 uint32 alias_rid;

-   sid_peek_rid(sid, alias_rid);
+   if(!sid_peek_rid(NULL,sid, alias_rid))
+   return False;
+
 map-gid=pdb_group_rid_to_gid(alias_rid);

 if ((grp=getgrgid(map-gid)) == NULL)
@@ -1070,7 +1071,7 @@

 /* interim solution until we have a last RID allocated */

-   sid_copy(map-sid, global_sam_sid);
+   sid_copy(map-sid, get_global_sam_sid());
 sid_append_rid(map-sid, pdb_gid_to_group_rid(gid));

 fstrcpy(map-nt_name, grp-gr_name);
diff -Nur HEAD/source/include/sids.h HEAD-fix/source/include/sids.h
--- HEAD/source/include/sids.h  Wed Jan 30 07:08:15 2002
+++ HEAD-fix/source/include/sids.h  Wed May 29 14:27:26 2002
@@ -23,7 +23,7 @@
  #ifndef _SIDS_H
  #define _SIDS_H

-extern DOM_SID global_sam_sid;
+extern DOM_SID *global_sam_sid;
  extern fstring global_sam_name;

  extern DOM_SID global_member_sid;
diff -Nur HEAD/source/include/smb.h HEAD-fix/source/include/smb.h
--- HEAD/source/include/smb.h   Tue May 21 14:07:13 2002
+++ HEAD-fix/source/include/smb.h   Mon May 27 11:28:59 2002
@@ -624,8 +624,8 @@

 uid_t uid;  /* this is a unix uid_t */
 gid_t gid;  /* this is a unix gid_t */
-   uint32 user_rid;/* Primary User ID */
-   uint32 group_rid;   /* Primary Group ID */
+   DOM_SID user_sid;/* Primary User SID */
+   DOM_SID group_sid;   /* Primary Group SID */

 DATA_BLOB lm_pw; /* .data is Null if no password */
 DATA_BLOB nt_pw; /* .data is Null if no password */
diff -Nur HEAD/source/lib/util_sid.c HEAD-fix/source/lib/util_sid.c
--- HEAD/source/lib/util_sid.c  Mon Apr 15 10:32:58 2002
+++ HEAD-fix/source/lib/util_sid.c  Wed May 29 14:43:41 2002
@@ -4,6 +4,7 @@
 Copyright (C) Andrew Tridgell 1992-1998
 Copyright (C) Luke Kenneth Caseson Leighton 1998-1999
 Copyright (C) Jeremy Allison  1999
+   Copyright (C) Stefan (metze) Metzmacher 2002

 This program is free software; you can redistribute it and/or modify
 it under the terms of the GNU General Public License as published by
@@ -25,7 +26,7 @@
  /* NOTE! the global_sam_sid is the SID of our local SAM. This is only
 equal to the domain SID when we are a DC, otherwise its our
 workstation SID */
-DOM_SID global_sam_sid;
+DOM_SID *global_sam_sid=NULL;
  extern pstring global_myname;
  extern fstring global_myworkgroup;

@@ -120,17 +121,17 @@


 if ((lp_security() == SEC_USER)  lp_domain_logons()) {
-   sid_name_map[i].sid = global_sam_sid;
+   sid_name_map[i].sid = get_global_sam_sid();
 sid_name_map[i].name = global_myworkgroup;
 sid_name_map[i].known_users = NULL;
 i++;
-   sid_name_map[i].sid = global_sam_sid;

Re: [PATCH] store SID's in SAM_ACCOUNT

[Simo Sorce]

On Fri, 2002-05-31 at 12:39, Simo Sorce wrote:
 On Fri, 2002-05-31 at 12:20, [EMAIL PROTECTED] wrote:
 the above piece is wrong!
 wrong seem to be the original code. (an unjustified pdb_free_sam ?)
 I'll check it.

Sorry looking at the whole code the free is ok!

 
 Wrong is the patch!
 Why have you got out get_lsa_policy_samr_sid() ?
 
 The code here creates the SID form the info that come from the remote,
 while instead you are creating a user SID from the RID only.

but I sitll think that the code that replaces the orignal is not ok.

Simo.

-- 
Simo Sorce
--
Una scelta di liberta': Software Libero.
A choice of freedom: Free Software.
http://www.softwarelibero.it

Re: known BUG multi-byte character set in usernames

[Juergen Hasch]

Am Freitag, 31. Mai 2002 11:58 schrieb Andrew Bartlett:
 Juergen Hasch wrote:
 
  I will generate a complete patch if the Samba team thinks it's worth
  considering and I am not completely on the wrong track :-)

 What the heck are you trying here?

The problem is like this:
Without patch:
hasch@tower:~ getent passwd
...
DOMAIN\juhasch:x:10004:1:Jrgen Hasch:/home/DOMAIN/juhasch:/bin/false
...

with patch:
hasch@tower:~ getent passwd
...
DOMAIN\juhasch:x:10004:1:Jürgen Hasch:/home/DOMAIN/juhasch:/bin/false
...

i.e. I get the full user name including umlaute. This also shows up in the 
windows client's security settings correct now.

Now I never would have brought this up because I don't care to much for 2.2 
and I was just curious when I made the patches. But since someone asked :-)
The names/groups are transferred by rpc and converted from unicode like this:
unistr2_to_ascii(t, info1.str[j].uni_acct_name, sizeof(pstring));
Adding the line
dos_to_unix(t);
makes the umlaute appear.
Now the charset conversion may be totally wrong there, I believed it to be 
*easiest* patch.

 Can you resend me the patch you were doing for HEAD, and I'll try to get
 that in.  In the meantime, this looks bogus.

In a few minutes.

...Juergen

corrupt tdb?

[Volker.Lendecke]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Hi!

Someone came to me with the following log message. To me it looks like
a corrupt tdb. The system is running Linux 2.2.19 with adaptec RAID
(dpt_io driver), LVM and the tdb's on ext2. The rest of the file
system is reiser. Samba is 2.2.3a. I don't remember tdb corruption
fixes towards 2.2.4. Or did I miss any?

Volker

[2002/05/30 15:47:41, 0, pid=4508] tdb/tdbutil.c:tdb_log(475)
  tdb(/sambalocks/PRR0226/sessionid.tdb): tdb_oob len 976499000 beyond eof at 32768
[2002/05/30 15:47:41, 0, pid=4066] tdb/tdbutil.c:tdb_log(475)
[2002/05/30 15:47:41, 0, pid=4508] tdb/tdbutil.c:tdb_log(475)
  tdb(/sambalocks/PRR0226/sessionid.tdb): tdb_oob len 808465011 beyond eof at 32768
[2002/05/30 15:47:41, 1, pid=4508] smbd/session.c:session_claim(88)
  session_claim: out of session IDs (max is 3000)
  tdb(/sambalocks/PRR0226/sessionid.tdb): tdb_oob len 1768185734 beyond eof at 32768
[2002/05/30 15:47:41, 1, pid=4508] smbd/password.c:register_vuid(337)
  Failed to claim session for vuid=100
[2002/05/30 15:47:41, 0, pid=4066] tdb/tdbutil.c:tdb_log(475)
  tdb(/sambalocks/PRR0226/sessionid.tdb): tdb_oob len 808465011 beyond eof at 32768
[2002/05/30 15:47:41, 0, pid=4066] tdb/tdbutil.c:tdb_log(475)

-BEGIN PGP SIGNATURE-
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: Fingerprint available: phone +49 551 370

iD8DBQE892yEZeeQha3jd9gRAmHPAJ46N/5D8NkiCnvuQXgcf1l4TavMLwCfR16L
r71eUQDbBIi7k6ERQR1/a0U=
=1Ajq
-END PGP SIGNATURE-

RE: INFORMAZIONE

[MCCALL,DON (HP-USA,ex1)]

Hi,
Best you discuss this with your HP support people - cifsmount is a part of
the CIFSCLIENT software (based on Sharity client), NOT samba.
Sorry,
Don

-Original Message-
From: Simo Sorce [mailto:[EMAIL PROTECTED]]
Sent: Friday, May 31, 2002 4:19
To: Manuel Clericuzio
Cc: '[EMAIL PROTECTED]'; [EMAIL PROTECTED]
Subject: Re: INFORMAZIONE


From samba-technical.

On Fri, 2002-05-31 at 09:58, Manuel Clericuzio wrote:
 Buongiorno,
 mi hanno chiesto di montare un filesystem NT (macchina win2000) su una
 macchina con Unix HP (release 11.11).
 Ho provato a fare dei tentativi con il comando cifsmount ma non riesco.
 Spero che voi mi potiate aiutare.
 
 Grazie e buona giornata
 
 Manuel
 

Better you write in english Manuel and on the users support list not the
technical one!

I will translate this time only to benefit of the list and the user:

Good morning,
I've been requested to mount a filesystem shared by a win2k server on a
HP-UX (11.11) machine.
I tried to mount it with the cifsmount command but failed.
Is there anyone that can help me.

Thank you.

-- 
Simo Sorce
--
Una scelta di liberta': Software Libero.
A choice of freedom: Free Software.
http://www.softwarelibero.it

Re: hash2 mangling alghorithm

[The DJ]

on 31-05-2002 12:21, Simo Sorce at [EMAIL PROTECTED] wrote:

 
 I just want to warn people that want to use the new hashing algorithm
 for mangled names.
 
 And that note should also be put in the man page IMO.
 
 You must understand that changing the hashing algorithm on a production
 server may have unwanted side effects (this is why we maintain by
 default hash and not hash2 and why it was not back ported to 2.2
 initially).

Just as a note, it might be useful to add an UPGRADE file to the release in
which we discuss just these kind of problems that might occur with upgrading
production servers.

 Windows clients may save all around (registry, config files, ecc..)
 mangled paths to files need for programs to work correctly.
 
 If you change the hash algorithm these paths will become unusable as the
 new mangled name will be different.
 
 I would advice to use the new hashing algorithm in new installations and
 switch to the new one for old ones only if really necessary to make
 things work (lot of conflicts), and in this case be prepared to
 reinstall some app or manually change some registry/config file to
 reflect the new mangled names.
 
 So do not just try this option, plan to use it carefully.
 
 Simo.

---
Universiteit Twente
---
Derk-Jan 'The DJ' Hartman
ICQnr: 10111559
Mail:  mailto:[EMAIL PROTECTED]
WWW:   http://home.student.utwente.nl/d.hartman/
Goto:  http://xamba.sourceforge.net

RE: hash2 mangling alghorithm

[Simo Sorce]

No, sorry it is not as simple.
When you use mangled names you must assure they will always be mangled
the same way during the same connection.
So if a file gets deleted and then recreated it must be mangled back the
same way!
This will make things overly complex and oblige us to keep 2 separate
caches at a time and switch between 2 algorithms adding too much
complexity and needing a complete retest of the mangling code.
That would made it too much work and would be available in time for
2.2.5

The back port have been made only for special cases (people that have
programs generating lot of similarly named files in a single directory).

The new algorithm will be the default on samba 3 and thats the best
balance IMO.

/simo who hates html  mail ;)

On Fri, 2002-05-31 at 14:47, Esh, Andrew wrote:
 Why not just use a different hash character for the new code, and keep the
 old unhashing code? Old hashed names can still be read, and new hashed names
 can still be stored and read. No confusion would take place.
 

-- 
Simo Sorce
--
Una scelta di liberta': Software Libero.
A choice of freedom: Free Software.
http://www.softwarelibero.it

Re: Profile creation

[CNS Student Support]

On Fri, May 31, 2002 at 12:09:25PM +0530, Navneet Karnani wrote:
 Should you be deleting the user profile completely from the server, including
 the user credentials. The problem you encounter, looks like, windows is not able
 to find the directory. So, if you want to simulate a new user, do it in style.
 Create a new user the right way and do it. I think it should work.
 
 - Navneet


While you are correct on the point of creating a new user in style, it
is still important to find a solution to corrupted profile creation.
Consider:  User logs in using an NT system.  The *cough* idiot downloads
an infected email, or better yet, just found this nifty program called
regedit.  When the user logs off, this corrupted registry information is
saved to the PDC.  I get a complaint a few hours later that the user
can't log in again.  The obvious fix is to back up his/her profile info
and then delete it.  Next time the user logs on, the profile is
recreated (without reg errors).  Then all I have to do is copy over the
users favorites, My Documents, etc.

Re: Disable spoolss

[Gerald Carter]

On Thu, 30 May 2002, Lapers Stefan wrote:

 
 Due to quite some problems with the RPC printing code in samba
 (landscape, paper size), I would like to disable the spoolss
 functionality and use the old code.  However I will probably need Active
 Directory support in the near future, so reverting to samba 2.0 is no
 option. Happy me, there is the disable spoolss option in the smb.conf
 file. I'm using 2.2.4 compiled on Intel RH 7.3, but samba seems to
 ignore the disable spoolss = yes option for Win2K and WinXP clients. NT
 4 seems to be ok.

I know I fixed this recently, but I can't remember if it was pre or post 
2.2.4 release.  I'll have to check.








cheers, jerry
 -
 Hewlett-Packard http://www.hp.com
 SAMBA Team   http://www.samba.org
 --http://www.plainjoe.org
 Sam's Teach Yourself Samba in 24 Hours 2ed.  ISBN 0-672-32269-2
 --I never saved anything for the swim back. Ethan Hawk in Gattaca--

Re: Profile creation

[Andy Thomas]

 From: Nathaniel N.Petersen (CNS Student Support) [EMAIL PROTECTED]
 Date: Fri, 31 May 2002 08:15:07 -0500

 There is nothing wrong with using the homes directories like I do.  The
 lines refered to in the man pages simply don't recommend it.  Well, if
 you have ever worked for a University, you would understand the amount
 of overhead involved.  Creating essentially two account locations for
 evey user is ridiculous.

  I was able to put profile storage outside on home directories without much 
problem.  We have 80,000 student accounts.  We have profile storage on the 
same host as home directories, but in a different place.  We have a separate
filesystem for profiles, /export/profiles.  This allows us to have 500 MB 
quotas for home dirs, and 15 MB quotas for profiles (10 MB quota in policy).  
Profile share is setup as:

[profiles] 

path = /export/profiles/%H
...

  We just changed our unix account creation so that when it creates 
the home directory (/home/hostname/x/username) it also creates 
/export/profiles/home/hostname/x/username.  Besides being simple
to implement, we have a profile directory tree, instead of one 
directory with 40,000 entries.

 On the domain controller, all accounts have 
profile path = \\hostname\profiles

  Clients are Win XP.  My Documents is redirected to users home directory.

  The domain controller is currently a Win 2000 box.  We are looking into
replacing with samba server as the next step.

Andrew Thomas
Manager of Instructional Servers
Instructional Computing Services, Purdue University

RE: Using linux trustee 2.8 rights in samba

[Jesper Nilsson]

If you're talking about Vyacheslav Zavadsky's Linux Trustees patches
(http://trustees.sourceforge.net/), you must write a backend to integrate it
with Samba as the interface is totally different from Linux's Posix ACL.
I looked into this a while ago, but sadly couldn't find the time to work on
it.

regards
/Jesper


 -Original Message-
 From: [EMAIL PROTECTED]
 [mailto:[EMAIL PROTECTED]]On Behalf Of Gerald Carter
 Sent: den 31 maj 2002 17:00
 To: Nieminen, Jooel
 Cc: '[EMAIL PROTECTED]'
 Subject: Re: Using linux trustee 2.8 rights in samba


 On Fri, 31 May 2002, Nieminen, Jooel wrote:

  I'm using samba I installed from the RPM package made for RH7.2 on
  fileserver and it works allright. So does winbind. but then I came up
  problems with file security and patched my kernel with trustee 2.8
  package.
 
  well, trustee works fine, but samba does not care about it. as in
  security tab on windows I can see unix rights.

 Did you recompile Samba to include --with-acl-support?

  the question, what is they to go with this? I've asked elsewhere and ppl
  are saying that it shouldn't do that, but no answers to the problem.
 
  as an example, I have file which is in unix rights marked as read-only
  for all, but with trustee's aclfs are unix file security overwritten and
  given full rights. when logged on trough console as me rm does not ask
  nothing, it just deletes the file. samba is different, it reads itself
  the file security and sais access denied.
 
  I'm getting mad with this and have no clue which way to go, do you,
  anybody?

 I'm not familar with that package, but you may need to write
 a mapping backend from Samba's internal POSIX acl representation
 to the trustee aclfs model.  This is how it works for Solaris ACLs
 and Linux's POSIX ACL support.









 cheers, jerry
  -
  Hewlett-Packard http://www.hp.com
  SAMBA Team   http://www.samba.org
  --http://www.plainjoe.org
  Sam's Teach Yourself Samba in 24 Hours 2ed.  ISBN 0-672-32269-2
  --I never saved anything for the swim back. Ethan Hawk in Gattaca--

Re: bug in smbclient

[Richard Sharpe]

On Fri, 31 May 2002, Sergey Ivanov wrote:

 Hello
 
 
 There are a couple of problems with smbclient connected with the socket timeout in 
 the select operation.
 The default value of the timeout in smblib is about 20 seconds. 
 Smbclient does not override this value.
 So, when a file is big enought, the checking procedure by antivirus can 
 be more that 20 seconds, so samba does not send to smbclient anything 
 and a timeout happens.

Hmmm, I have seen such problems as well, and they annoy me ... 

The problem is that the library takes unilateral decisions about this and 
does not give the upper layer a chance to do anything about it.

It should be possible to change the time out and to tell the lower layers 
to simply not time out at all.

At one stage I added some code to the lower later routines to allow you to 
pass a -ve number as the timeout, which meant, time out but ignore it.

Regards
-
Richard Sharpe, [EMAIL PROTECTED], [EMAIL PROTECTED], 
[EMAIL PROTECTED]

Appology

[CNS Student Support]

After talking this over with a friend, I realize that I have made a
mistake.  I should never have responded in the manner that I did.  I
was the one who asked for help.  You don't know the situation, and you
are correct in that most people who do have problems either didn't read
the existing information, or didn't understand what they read.

I should not have taken the standard responses so personally.  I'm
sorry.

I inicially wrote in because I thought the errors I was receiving were
rather unique.  My past problems with Samba were never this bad.  They
WERE solved most times by just doing a quite search on google or reading
other individual's posts.

But this time, with authentication working fine, I was perplexed.  Why
the corrupt write from the W2K client?  Why did the NT machine write a
profile but not use it?  Or more precisely, why did it use it but say it
didn't?

Again, my frustration exists more from my lack of progress than from the
comments I received.  I humbly submit my whole-hearted appologies to
those I may have angered and/or offended.

-Nathaniel N. Petersen

PS - I will look into the 'Z' drive issue as well as the location of the
profile.  Thank you for giving me some direction to research.

On Fri, May 31, 2002 at 04:02:35PM +0200, Simo Sorce wrote:
 On Fri, 2002-05-31 at 15:15, Nathaniel N.Petersen wrote:
  Note that from the client's point of view security = domain is the same
  as security = user . It only affects how the server deals with the
  authentication, it does not in any way affect what the client sees.
  
  Since the systems are able to authenticate, this is not an issue.
 
 
 I have yet not understood if your server is a PDC or not.
 If it is, these 4 parameters MUST be set this way:
 
 domain logons = yes
 domain master = yes
 security = user
 encrypt password = yes
 
 
   try a path with no leading '.'
   logon path = \\student\homes\%u\ntprofile
  
  Even if you were correct, it worked before (and still is working
  elsewhere), it should work now.
 
 I think this is not a problem.
 
  I thought about dealing with this diplomaticly - but enough is enough.
  There is nothing wrong with using the homes directories like I do.  The
  lines refered to in the man pages simply don't recommend it.  Well, if
  you have ever worked for a University, you would understand the amount
  of overhead involved.  Creating essentially two account locations for
  evey user is ridiculous.
 
 I have an my setup involved a simple [profile] share with 1777
 permissions on it, and that's not a lot of work to do (I had more than
 1000 users).
 Recommendations exist for a purpose ... it's up to you to decide if they
 match your case.
 
 thinking a bit more in this case I think you may have 2 combined
 problems:
 1. the use of the home directory to store profiles
 2. the use of letter Z to map the home directory
 
 unfortunately I do not have handing any url, but I remember clearly that
 with later clients (w2k, XP) there are problems with the Z drive.
 In fact it is not available to be mapped until the user logged in and at
 that point the profile thing is yet over!
 It is not a samba problem, Microsoft changed it this way (can't remember
 why).
 
 So I would advice you do 2 things:
 change the home drive letter or setup a profile share and change the
 logon path directive.
 
  Furthermore, this PDC is set to local master = no for a reason.
  Election.  I have 14 other colleges at this university that are NOT
  running Linux (yes, there are still people out there that use Windows).
  Windows PDC's have fits when this is set to yes.  They lose out on
  elections.  If set to false then nmbd will not attempt to become a
  local master browser on a subnet and will also lose in all browsing
  elections.  With a class B subnet, this is a GOOD THING.
 
 a class B NOT subnetted to C classes? That's should be a broadcast
 nightmare ... 
 
 (if your server is not a PDc you should NOT made it be a domain master!,
 local master should be ok, and would be better to use a wins server)
 
  And finally, as far as that whole '.a = patch' thing goes - NO SH!T.
  REALLY?  Well, I'll be... I thought only M$ released patches.
  Seriously,  I was trying (appearantly not hard enough) to make light of 
  my supervisor's lack of knowledge about Samba (AND all the extra work 
  it forced me to do). sarcasmLord knows I would much rather be seen 
  a fool by the Samba community./sarcasm  This should never have been 
  an issue.
 ?? you are stressed, take a breath
 
  I want to appologize to those of you who work tirelessly on the Samba
  project.  I also want to thank the attempts at trying to help me.  But,
  they were of ZERO aid.  Nit-picking at these minor issues does not help
  me with the big picture.  Just answer me this - If the windows systems
  are able to verify the domain and authenticate, why does the w2k system
  right corrupt profile data?  If the NT system is able to create a
  profile, why can't it 

Access control to SAM / _samr_query_sec_obj

[Kai Krueger]

Hi,

currently, as far as I can see, the access control to the SAM database is
only based upon file access to the db-files. On normal installations
therefore only the root user can change, delete or add things instead of the
entire administrators group. As this is IMHO rather unhelpfull, especially
if you are trying to administer your samba-server from windows machines, I'm
thinking about implementing a more NT-like access control to the SAM-db.
Is there currently anybody else working in that region?

I've started off with implementing default Security Descriptors for the
global SAM object, the domain object and the alias objects (only SD for user
objects were available till now), which are needed in the later to come
se_access_check()s of the open/connect RPCs. These default SDs are based
upon the SDs I received from my Win2k pro workstation. I don't have access
to a Windows PDC, so I couldn't do it for global domain groups. :(
The new _samr_query_sec_obj() can destinguish between the domain SID, SID
S-0-0 that seems to represent the SAM-object and SIDs with appended RID.
However I don't know how to find out if those SIDs represent Users, Groups,
or Alliases, so SDs for useres are still always created in this case instead
of the correct ones. Does anybody know an easy way to figure out which is
correct?


Any comments or improvements are appreciated

Kai




--- ./samba/source/rpc_server/srv_samr_nt.c Sun May 26 21:11:52 2002
+++ ./samba/source/rpc_server/srv_samr_nt.c Fri May 31 19:51:43 2002
 -402,11 +402,90 
  return r_u-status;
 }

+
+/***
+ samr_make_sam_obj_sd
+ /
+
+static NTSTATUS samr_make_sam_obj_sd(TALLOC_CTX *ctx, SEC_DESC **psd, size_t 
+*sd_size)
+{
+ extern DOM_SID global_sid_World;
+ DOM_SID adm_sid;
+ DOM_SID act_sid;
+
+ SEC_ACE ace[3];
+ SEC_ACCESS mask;
+
+ SEC_ACL *psa = NULL;
+
+ sid_copy(adm_sid, global_sid_Builtin);
+ sid_append_rid(adm_sid, BUILTIN_ALIAS_RID_ADMINS);
+
+ sid_copy(act_sid, global_sid_Builtin);
+ sid_append_rid(act_sid, BUILTIN_ALIAS_RID_ACCOUNT_OPS);
+
+ //basic access for every one
+ init_sec_access(mask, 0x20031);
+ init_sec_ace(ace[0], global_sid_World, SEC_ACE_TYPE_ACCESS_ALLOWED, mask, 0);
+
+ //full access for builtin aliases Administrators and Account Operators
+ init_sec_access(mask, 0xf003f);
+ init_sec_ace(ace[1], adm_sid, SEC_ACE_TYPE_ACCESS_ALLOWED, mask, 0);
+ init_sec_ace(ace[2], act_sid, SEC_ACE_TYPE_ACCESS_ALLOWED, mask, 0);
+
+ if((psa = make_sec_acl(ctx, NT4_ACL_REVISION, 3, ace)) == NULL)
+  return NT_STATUS_NO_MEMORY;
+
+ if((*psd = make_sec_desc(ctx, SEC_DESC_REVISION, NULL, NULL, NULL, psa, sd_size)) == 
+NULL)
+  return NT_STATUS_NO_MEMORY;
+
+ return NT_STATUS_OK;
+}
+
+/***
+ samr_make_dom_obj_sd
+ /
+
+static NTSTATUS samr_make_dom_obj_sd(TALLOC_CTX *ctx, SEC_DESC **psd, size_t 
+*sd_size)
+{
+ extern DOM_SID global_sid_World;
+ DOM_SID adm_sid;
+ DOM_SID act_sid;
+
+ SEC_ACE ace[3];
+ SEC_ACCESS mask;
+
+ SEC_ACL *psa = NULL;
+
+ sid_copy(adm_sid, global_sid_Builtin);
+ sid_append_rid(adm_sid, BUILTIN_ALIAS_RID_ADMINS);
+
+ sid_copy(act_sid, global_sid_Builtin);
+ sid_append_rid(act_sid, BUILTIN_ALIAS_RID_ACCOUNT_OPS);
+
+ //basic access for every one
+ init_sec_access(mask, 0x20385);
+ init_sec_ace(ace[0], global_sid_World, SEC_ACE_TYPE_ACCESS_ALLOWED, mask, 0);
+
+ //full access for builtin aliases Administrators and Account Operators
+ init_sec_access(mask, 0xf07ff);
+ init_sec_ace(ace[1], adm_sid, SEC_ACE_TYPE_ACCESS_ALLOWED, mask, 0);
+ init_sec_ace(ace[2], act_sid, SEC_ACE_TYPE_ACCESS_ALLOWED, mask, 0);
+
+ if((psa = make_sec_acl(ctx, NT4_ACL_REVISION, 3, ace)) == NULL)
+  return NT_STATUS_NO_MEMORY;
+
+ if((*psd = make_sec_desc(ctx, SEC_DESC_REVISION, NULL, NULL, NULL, psa, sd_size)) == 
+NULL)
+  return NT_STATUS_NO_MEMORY;
+
+ return NT_STATUS_OK;
+}
+
 /***
  samr_make_usr_obj_sd
  /

-static NTSTATUS samr_make_usr_obj_sd(TALLOC_CTX *ctx, SEC_DESC_BUF **buf, DOM_SID 
*usr_sid)
+static NTSTATUS samr_make_usr_obj_sd(TALLOC_CTX *ctx, SEC_DESC **psd, size_t 
+*sd_size, DOM_SID *usr_sid)
 {
  extern DOM_SID global_sid_World;
  DOM_SID adm_sid;
 -416,8 +495,6 
  SEC_ACCESS mask;

  SEC_ACL *psa = NULL;
- SEC_DESC *psd = NULL;
- size_t sd_size;

  sid_copy(adm_sid, global_sid_Builtin);
  sid_append_rid(adm_sid, BUILTIN_ALIAS_RID_ADMINS);
 -425,23 +502,62 
  sid_copy(act_sid, global_sid_Builtin);
  sid_append_rid(act_sid, BUILTIN_ALIAS_RID_ACCOUNT_OPS);

+ //basic access for every one
  init_sec_access(mask, 

Re: Access control to SAM / _samr_query_sec_obj

[Tim Potter]

On Sat, Jun 01, 2002 at 12:17:19AM +0200, Kai Krueger wrote:

 currently, as far as I can see, the access control to the SAM database is
 only based upon file access to the db-files. On normal installations
 therefore only the root user can change, delete or add things instead of the
 entire administrators group. As this is IMHO rather unhelpfull, especially
 if you are trying to administer your samba-server from windows machines, I'm
 thinking about implementing a more NT-like access control to the SAM-db.
 Is there currently anybody else working in that region?

I'm thinking more seriously about it, but will probably end up only
putting hacks in 2.2 instead.  (-:

 I've started off with implementing default Security Descriptors for the
 global SAM object, the domain object and the alias objects (only SD for user
 objects were available till now), which are needed in the later to come

Is there more than one SD for the SAM system?  I thought there was only
a global one.

 se_access_check()s of the open/connect RPCs. These default SDs are based
 upon the SDs I received from my Win2k pro workstation. I don't have access
 to a Windows PDC, so I couldn't do it for global domain groups. :(

How did you display these?  I'm curious now.

 However I don't know how to find out if those SIDs represent Users, Groups,
 or Alliases, so SDs for useres are still always created in this case instead
 of the correct ones. Does anybody know an easy way to figure out which is
 correct?

I think it's impossible to tell the type of a sid without doing a sid to
name lookup.


Tim.

VFS modules - how do you referrence prev fd from open on first write

[troutb]

VFS - modlues

I want to check the fd on my first write call to see if it just got opened
by write call or is a susequent write call.

The purpose is to preform a backup only if the user actually write data to
thefile.

I have been study the vfs.h, smb.h, skel.c to figure this out
fsp-prev-fd  cause the VFS module to crash!
I'm new to c and to write samba code

I have been study the vfs.h, smb.h, skel.c to figure this out
can someone direct me to some additional info and/or docs on this subject
or anyother helpful insights

thanks

[PATCH] Clean up samba-3.0 for POSIX-96

[Paul_GreenVOS]

The attached set of patches cleans up samba-3.0-alpha17 for
systems such as Stratus VOS that implement POSIX-1996 but do not
provide full Unix compatibility.  I would be most grateful if
this patch could be applied against samba-3.0.  I can supply a
version of this patch for samba-2.2 if/when anyone cares.

Summary of changes by module:

source/configure.in check for non-POSIX headers syslog.h and sys/file.h 
(and alphabetize list)
source/include/includes.h   conditionally include syslog.h and sys/file.h
source/lib/interfaces.c conditionally include sys/time.h and sys/sockio.h 
(autoconf macros already exist)
source/lib/util_sock.c  change memcmp use of (caddr_t) type to (void *); 
removes only use of nonstandard caddr_t type.
source/libsmb/clifile.c fix bug that references uint not uint32, fix bug that 
references S_ISVTX not S_ISUID.
source/nsswitch/winbind_nss_config.hconditionally include sys/select.h (autoconf 
macro already exists)
source/pam_smbpass/general.hconditionally include syslog.h
source/rpc_server/srv_spoolss_nt.c  change 'FALSE' to 'False' (Samba defines 
'False' in smb.h; POSIX-96 does not admit to FALSE)
source/rpcclient/cmd_reg.c  declare optarg and optind (many other Samba 
source files explicitly declare these names)
source/smbd/chgpasswd.c conditionally reference ONLCR macro (not in 
POSIX-96)
source/smbd/trans2.cfix bug that references S_ISVTX not S_ISUID
source/smbd/vfs-wrap.c  conditionally reference fchown (autoconf 
HAVE_FCHOWN macro already exists)
source/smbd/utils/smbcontrol.c  declare optarg (many other Samba source files 
explicitly declare this name)

Patch is against samba-3.0-alpha17.

Tested by successfully rebuilding all of samba-3.0-alpha17 here
on Stratus VOS.  I actually needed a few other changes, but I'm
not submitting them at this time.  I am only submitting the
changes that I am 100% sure of.

Oh, and my official email address is [EMAIL PROTECTED]
This odd addresss ([EMAIL PROTECTED]) is a secondary
address.  I use it because it is not Outlook and won't mess up
the formatting of the text.

### START OF PATCH ###

diff -urp oldsamba3/source/configure.in newsamba3/source/configure.in
--- oldsamba3/source/configure.in   Fri May 31 13:54:22 2002
+++ newsamba3/source/configure.in   Fri May 31 13:54:28 2002
@@ -278,8 +278,9 @@ AC_HEADER_SYS_WAIT
 AC_CHECK_HEADERS(arpa/inet.h sys/fcntl.h sys/select.h fcntl.h sys/time.h sys/unistd.h)
 AC_CHECK_HEADERS(unistd.h utime.h grp.h sys/id.h limits.h memory.h net/if.h)
 AC_CHECK_HEADERS(compat.h rpc/rpc.h rpcsvc/nis.h rpcsvc/yp_prot.h rpcsvc/ypclnt.h)
+AC_CHECK_HEADERS(stdlib.h string.h strings.h syslog.h sys/file.h)
 AC_CHECK_HEADERS(sys/param.h ctype.h sys/wait.h sys/resource.h sys/ioctl.h sys/ipc.h 
sys/mode.h)
-AC_CHECK_HEADERS(sys/mman.h sys/filio.h sys/priv.h sys/shm.h string.h strings.h 
stdlib.h sys/socket.h)
+AC_CHECK_HEADERS(sys/mman.h sys/filio.h sys/priv.h sys/shm.h sys/socket.h)
 AC_CHECK_HEADERS(sys/mount.h sys/vfs.h sys/fs/s5param.h sys/filsys.h termios.h 
termio.h)
 AC_CHECK_HEADERS(sys/termio.h sys/statfs.h sys/dustat.h sys/statvfs.h stdarg.h 
sys/sockio.h)
 AC_CHECK_HEADERS(security/pam_modules.h security/_pam_macros.h ldap.h lber.h)
diff -urp oldsamba3/source/include/includes.h newsamba3/source/include/includes.h
--- oldsamba3/source/include/includes.h Fri May 31 13:08:57 2002
+++ newsamba3/source/include/includes.h Fri May 31 13:55:27 2002
@@ -216,8 +216,14 @@
 #include netinet/in.h
 #include arpa/inet.h
 #include netdb.h
-/* #include syslog.h */
-/* #include sys/file.h */
+
+#ifdef HAVE_SYSLOG_H
+#include syslog.h
+#endif
+
+#ifdef HAVE_SYS_FILE_H
+#include sys/file.h
+#endif
 
 #ifdef HAVE_NETINET_TCP_H
 #include netinet/tcp.h
diff -urp oldsamba3/source/lib/interfaces.c newsamba3/source/lib/interfaces.c
--- oldsamba3/source/lib/interfaces.c   Fri May 31 13:09:54 2002
+++ newsamba3/source/lib/interfaces.c   Fri May 31 13:10:13 2002
@@ -38,11 +38,15 @@
 #include arpa/inet.h
 #include netdb.h
 #include sys/ioctl.h
+#ifdef HAVE_SYS_TIME_H
 #include sys/time.h
+#endif
 #include net/if.h
 
 #ifndef SIOCGIFCONF
+#ifdef HAVE_SYS_SOCKIO_H
 #include sys/sockio.h
+#endif
 #endif
 
 #ifdef AUTOCONF_TEST
diff -urp oldsamba3/source/lib/util_sock.c newsamba3/source/lib/util_sock.c
--- oldsamba3/source/lib/util_sock.cFri May 31 13:09:55 2002
+++ newsamba3/source/lib/util_sock.cFri May 31 13:10:21 2002
@@ -1020,7 +1020,7 @@ static BOOL matchname(char *remotehost,s

/* Look up the host address in the address list we just got. */
for (i = 0; hp-h_addr_list[i]; i++) {
-   if (memcmp(hp-h_addr_list[i], (caddr_t)  addr, sizeof(addr)) == 0)
+   if (memcmp(hp-h_addr_list[i], (void *)  addr, sizeof(addr)) == 0)
return True;
}

diff -urp oldsamba3/source/libsmb/clifile.c newsamba3/source/libsmb/clifile.c

Re: [PATCH] Clean up samba-3.0 for POSIX-96

[Jeremy Allison]

On Fri, May 31, 2002 at 06:47:00PM -0400, [EMAIL PROTECTED] wrote:
 The attached set of patches cleans up samba-3.0-alpha17 for
 systems such as Stratus VOS that implement POSIX-1996 but do not
 provide full Unix compatibility.  I would be most grateful if
 this patch could be applied against samba-3.0.  I can supply a
 version of this patch for samba-2.2 if/when anyone cares.

Please send a SAMBA_2_2 version as well, I'll ensure it gets
into 2.2.5.

Thanks,

Jeremy.

RE: Thanks for fixing oplock.c for Linux 2.0 in 2_2 CVS

[Matt Seitz]

From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
The only thing would be to completely disallow
connection timeouts for Win9x clients - I'm not sure
this is what we want.

Perhaps timeouts could be prevented for a 9x client when an oplock is
present?  Or have two timeouts:  a shorter (soft) timeout when an oplock is
not present and a longer (hard) timeout even when an oplock is present?