Re: [Samba] firewall
Try adding the following rule before deny /sbin/iptables -A INPUT -i eth0 -m state --state ESTABLISHED,RELATED -j ACCEPT replace eth0 with your interface. This would let ur firewall accept any pre-established connections, required for most cases where replies are sent to random ports. --- Justin Georgeson [EMAIL PROTECTED] wrote: No change, interestingly enough, iptables says --cport is unknown without -m, and I don't see mention of what -m does in the man page. I have version 1.2.6a-2 of iptables, packaged by RedHat. Looking at tcpdump, the netbios-ns reply packets from the server are being dropped by my firewall. Having discovered that, I've found that I can mount a file share by IP with my current rules. I just can't do netbios-ns or netbios-dgm. Here is the full results of iptables-save *filter :INPUT ACCEPT [0:0] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [0:0] -A INPUT -p tcp -m tcp --dport 22 --syn -j ACCEPT -A INPUT -p tcp -m tcp -s 192.168.1.0/24 --dport 137:139 --syn -j ACCEPT -A INPUT -p udp -m udp -s 0/0 --sport 67:68 -d 0/0 --dport 67:68 -j ACCEPT -A INPUT -p udp -m udp -s 66.150.129.229 --sport 53 -d 0/0 -j ACCEPT -A INPUT -p udp -m udp -s 24.219.4.35 --sport 53 -d 0/0 -j ACCEPT -A INPUT -p udp -m udp -s 192.168.1.0/24 --dport 137:139 -j ACCEPT -A INPUT -i lo -j ACCEPT -A INPUT -p tcp -m tcp --syn -j REJECT -A INPUT -p udp -m udp -j REJECT COMMIT How can I allow the reply packets, since they're addressed to a randomly selected port? James Hubbard wrote: This depends on how restrictive your firewall rules are but why don't you just use this: -A INPUT -p udp -s 192.168.1.0/24 --dport 137:139 -i eth0 -j ACCEPT -A INPUT -p tcp -s 192.168.1.0/24 --dport 137:139 -i eth0 -j ACCEPT I'm not sure what the -m stands for. You'll need to change eth0 to match your internal ethernet card. Make sure you insert this before the reject rules. James Hubbard Justin Georgeson wrote: Ok, so I know from `netstat --ip -lnp` that the only ports smbd and nmbd are using are TCP 139, and UDP 137 and 138. I find it a little odd though that nmbd is bound to both 0.0.0.0 AND my primary interface. My problem is that I can't access shares on a windows machine unless I turn off my firewall. I'm using RH 8 and the 2.2.6-2 RPMs from the web page (working fine so far, barring this firewall thing). I have these rules added in iptables -A INPUT -p tcp -m tcp -s 192.168.1.0/24 --dport 139 --syn -j ACCEPT -A INPUT -p udp -m udp -s 192.168.1.0/24 --dport 137 -j ACCEPT -A INPUT -p udp -m udp -s 192.168.1.0/24 --dport 138 -j ACCEPT tcpdump shows ports TCP 139 and UDP 137 being accessed when I run findsmb. But nothing is listed when I do. If I turn off my firewall, the other machine on the LAN, my windows box, is listed. What am I missing? -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba __ Do you Yahoo!? HotJobs - Search new jobs daily now http://hotjobs.yahoo.com/ -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] firewall
Hrm, no change. :( Would that need the ip_conntrakc module loaded? It didn't have any change whether the module was loaded or not. Ultimately this isn't too big a deal, I'll never be doing SMB over the internet, and I don't have any multiple-subnet LANS anywhere, so I can just disable the firewall when I need SMB. Hesham S. Ahmed wrote: Try adding the following rule before deny /sbin/iptables -A INPUT -i eth0 -m state --state ESTABLISHED,RELATED -j ACCEPT replace eth0 with your interface. This would let ur firewall accept any pre-established connections, required for most cases where replies are sent to random ports. --- Justin Georgeson wrote: No change, interestingly enough, iptables says --cport is unknown without -m, and I don't see mention of what -m does in the man page. I have version 1.2.6a-2 of iptables, packaged by RedHat. Looking at tcpdump, the netbios-ns reply packets from the server are being dropped by my firewall. Having discovered that, I've found that I can mount a file share by IP with my current rules. I just can't do netbios-ns or netbios-dgm. Here is the full results of iptables-save *filter :INPUT ACCEPT [0:0] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [0:0] -A INPUT -p tcp -m tcp --dport 22 --syn -j ACCEPT -A INPUT -p tcp -m tcp -s 192.168.1.0/24 --dport 137:139 --syn -j ACCEPT -A INPUT -p udp -m udp -s 0/0 --sport 67:68 -d 0/0 --dport 67:68 -j ACCEPT -A INPUT -p udp -m udp -s 66.150.129.229 --sport 53 -d 0/0 -j ACCEPT -A INPUT -p udp -m udp -s 24.219.4.35 --sport 53 -d 0/0 -j ACCEPT -A INPUT -p udp -m udp -s 192.168.1.0/24 --dport 137:139 -j ACCEPT -A INPUT -i lo -j ACCEPT -A INPUT -p tcp -m tcp --syn -j REJECT -A INPUT -p udp -m udp -j REJECT COMMIT How can I allow the reply packets, since they're addressed to a randomly selected port? James Hubbard wrote: This depends on how restrictive your firewall rules are but why don't you just use this: -A INPUT -p udp -s 192.168.1.0/24 --dport 137:139 -i eth0 -j ACCEPT -A INPUT -p tcp -s 192.168.1.0/24 --dport 137:139 -i eth0 -j ACCEPT I'm not sure what the -m stands for. You'll need to change eth0 to match your internal ethernet card. Make sure you insert this before the reject rules. James Hubbard Justin Georgeson wrote: Ok, so I know from `netstat --ip -lnp` that the only ports smbd and nmbd are using are TCP 139, and UDP 137 and 138. I find it a little odd though that nmbd is bound to both 0.0.0.0 AND my primary interface. My problem is that I can't access shares on a windows machine unless I turn off my firewall. I'm using RH 8 and the 2.2.6-2 RPMs from the web page (working fine so far, barring this firewall thing). I have these rules added in iptables -A INPUT -p tcp -m tcp -s 192.168.1.0/24 --dport 139 --syn -j ACCEPT -A INPUT -p udp -m udp -s 192.168.1.0/24 --dport 137 -j ACCEPT -A INPUT -p udp -m udp -s 192.168.1.0/24 --dport 138 -j ACCEPT tcpdump shows ports TCP 139 and UDP 137 being accessed when I run findsmb. But nothing is listed when I do. If I turn off my firewall, the other machine on the LAN, my windows box, is listed. What am I missing? -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba __ Do you Yahoo!? HotJobs - Search new jobs daily now http://hotjobs.yahoo.com/ -- Justin Georgeson UnBound Technologies, Inc. http://www.unboundtech.com Main 713.329.9330 Fax713.460.4051 Mobile 512.789.1962 5295 Hollister Road Houston, TX 77040 Real Applications using Real Wireless Intelligence(tm) -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] No such file error when reading Win98 profiles
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Fri, 1 Nov 2002, Ed Lally wrote: Wanted to follow up and let you know that 2.2.6 did indeed fix the name mangling problem we were having. Thanks for the tip! Cool. Thanks for the update. cheers, jerry - Hewlett-Packard - http://www.hp.com SAMBA Team-- http://www.samba.org GnuPG Key http://www.plainjoe.org/gpg_public.asc ISBN 0-672-32269-2SAMS Teach Yourself Samba in 24 Hours 2ed I never saved anything for the swim back. Ethan Hawk in Gattaca -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.0 (GNU/Linux) Comment: For info see http://quantumlab.net/pine_privacy_guard/ iD8DBQE9xS4bIR7qMdg1EfYRAgm1AKCE2j7pl7h/Yuxd6VvUwYVXde/7mwCeI4nc 4GLGrXgvUSrMriw6+bGLURw= =Jnzf -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] 2.2.6 and printer questions
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Fri, 1 Nov 2002, Thomas Bork wrote: If printers served from Samba it is nessesary to double click the netbios name of the samba server to see printershares. Why? Unknown. Tim had looked into this but I don't remember the details. I'm also thinking to remember (may be this is very bad english ;o) the question on this list and someone, who wants to look into it for 2.2.6. But the behavior is the same as in 2.2.5. That probably would have been me. I think it just fell off the plate as a non-essential feature for 2.2.6. We should make sure this works in 3.0. Is it possible, to bundle/deliver printer drivers in an tarfile, whith their relationships to predefined shares? Theoretically yes. But Probably not really a good idead since it would involve messing with the tdb files directory. The other problem is that printer information can only be initialized (Device Mode Printer data) by running the driver bound to the printer. Really messy. Then there is the EULA as well. If you could get around the EULA, then you could package preinitialized drivers and write the information to smbd's tdbs. We have support for storing driver initialization data already. I'm the maintainer of a Samba package for the GPL project eisfair (www.eisfair.org), an easy to use internet server. In my package, currently based on Samba 2.2.6, it is possible to print to an virtual printer for creating PDF files and to a virtual printer for the fax package (installed ghostscript package is needed) . On the windows clients a postscript printer driver must be installed for each of this virtual printers. Sounds interesting. Hmmmwish I could read German :-) It will be nice, if the driver installation is so easy as possible for the user. Thats why I'm interested in an automatic driver installation based on the print$ share. But I can see any problems with this: If I want to deliver drivers for nt/w2k/xp and win9x/me in the package, I think I have to include in the package not only the complete directory predefined in [print$] with the drivers. I think I have also to deliver the tdb-files ntdrivers.tdb ntforms.tdb ntprinters.tdb printing.tdb because anywhere here the relationship between printershare and driver (format and so on...) is saved. But how can this be done without breaking existing relationships with existing drivers and printers in the existing configuration on user side? You don't need printing.tdb. That's a volatile tdb used to cache jobs listed in the queue. The rest of your assessment is correct. cheers, jerry - Hewlett-Packard - http://www.hp.com SAMBA Team-- http://www.samba.org GnuPG Key http://www.plainjoe.org/gpg_public.asc ISBN 0-672-32269-2SAMS Teach Yourself Samba in 24 Hours 2ed I never saved anything for the swim back. Ethan Hawk in Gattaca -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.0 (GNU/Linux) Comment: For info see http://quantumlab.net/pine_privacy_guard/ iD8DBQE9xTYZIR7qMdg1EfYRAtRyAKC6cQDqb1UmZl+YcYMEpM1eS253jgCfXVVi KVgUygxAGvrBfS27kxjF1rg= =OKLh -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Unable to open passdb???
On Sat, 2 Nov 2002, smw wrote: Hello John, My apologies, I should have mentioned that this is on a RedHat 7.3 platform, however I downloaded the RPMs from the Samba site and installed it that way. I will give that a shot as well, and see what I can come up with. In that case, you need to add your root account to smbpasswd. The way to do this is from a root login shell: smbpasswd -a root Let me know how you go. - John T. Thanks, Scott - Original Message - From: John H Terpstra [EMAIL PROTECTED] To: smw [EMAIL PROTECTED] Cc: Noel Kelly [EMAIL PROTECTED]; [EMAIL PROTECTED] Sent: Saturday, November 02, 2002 8:37 PM Subject: Re: [Samba] Unable to open passdb??? On Sat, 2 Nov 2002, smw wrote: Hi Noel, Thanks for the tip, but I've run into an issue now with that.. The directory /usr/local/samba/private doesn't exist. Do I need to create that directory then as well? That would help. What platform is this on? Did you build the binaries yourself? If you did then the likely location for the smbpasswd file is as Scott suggested. If you are on a Linux system and you are using an RPM package then the likely place is /etc/samba/smbpasswd. - John T. Thanks for the assistance! Scott - Original Message - From: Noel Kelly [EMAIL PROTECTED] To: 'smw' [EMAIL PROTECTED]; [EMAIL PROTECTED] Sent: Saturday, November 02, 2002 5:03 PM Subject: RE: [Samba] Unable to open passdb??? Scott, You hopefully just need to manually create the smbpasswd file in /usr/local/samba/private/. Just do a 'touch /usr/local/samba/private/smbpasswd' and retry. Noel -Original Message- From: smw [mailto:kc8lir;yahoo.com] Sent: 02 November 2002 17:13 To: [EMAIL PROTECTED] Subject: [Samba] Unable to open passdb??? Hello, Getting this error: [2002/11/02 12:55:16, 0] passdb/pdb_smbpasswd.c:pdb_getsampwnam(1367) unable to open passdb database. [2002/11/02 12:55:16, 0] smbd/chgpasswd.c:check_oem_password(761) check_oem_password: getsmbpwnam returned NULL [2002/11/02 12:55:16, 0] passdb/passdb.c:pdb_free_sam(210) pdb_free_sam: SAM_ACCOUNT was NULL[2002/11/02 12:55:16, 0] passdb/pdb_smbpasswd.c:pdb_getsampwnam(1367) unable to open passdb database. [2002/11/02 12:55:16, 0] smbd/chgpasswd.c:check_oem_password(761) check_oem_password: getsmbpwnam returned NULL [2002/11/02 12:55:16, 0] passdb/passdb.c:pdb_free_sam(210) pdb_free_sam: SAM_ACCOUNT was NULL Now, I've tried changing passwords via smbpasswd for a couple of different accounts, and for whatever reason it can't change them. I'm trying to set up my Samba box as a PDC. So far I haven't even been able to join the domain. Here's my smb.conf file: [global] netbios name = roswell workgroup = AREA51 os level = 64 preferred master = yes domain master = yes local master = yes security = user encrypt passwords = yes domain logons = yes domain admin group = root swrosch inferno add user script = /usr/sbin/useradd -d /dev/null -g 100 -s /bin/false -M %u allow hosts = 192.168.0. 127. # SHARE DEFINITIONS [netlogon] path = /home/netlogon read only = yes guest ok = no write list = root swrosch inferno I'm running Samba 2.2.6, and trying to join with my Win2k box. But, every time I try to change passwords or anything, I get unable to open passdb errors. Any assistance would be much appreciated. I've been trying to follow the directions in the Samba howto (http://us6.samba.org/samba/docs/Samba-HOWTO-Collection.html), and I'm getting completely confused. -- John H Terpstra Email: [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Unable to open passdb???
Hi John, That worked beautifully. The user is added, and things are great. Now, I'm having issues joining the domain. It seems like it's finding the user information, but when I try to add the computer, it's telling me that it's not finding the domain. Any hints on that note? Thanks, Scott - Original Message - From: John H Terpstra [EMAIL PROTECTED] To: smw [EMAIL PROTECTED] Cc: Noel Kelly [EMAIL PROTECTED]; [EMAIL PROTECTED] Sent: Sunday, November 03, 2002 9:48 AM Subject: Re: [Samba] Unable to open passdb??? On Sat, 2 Nov 2002, smw wrote: Hello John, My apologies, I should have mentioned that this is on a RedHat 7.3 platform, however I downloaded the RPMs from the Samba site and installed it that way. I will give that a shot as well, and see what I can come up with. In that case, you need to add your root account to smbpasswd. The way to do this is from a root login shell: smbpasswd -a root Let me know how you go. - John T. Thanks, Scott - Original Message - From: John H Terpstra [EMAIL PROTECTED] To: smw [EMAIL PROTECTED] Cc: Noel Kelly [EMAIL PROTECTED]; [EMAIL PROTECTED] Sent: Saturday, November 02, 2002 8:37 PM Subject: Re: [Samba] Unable to open passdb??? On Sat, 2 Nov 2002, smw wrote: Hi Noel, Thanks for the tip, but I've run into an issue now with that.. The directory /usr/local/samba/private doesn't exist. Do I need to create that directory then as well? That would help. What platform is this on? Did you build the binaries yourself? If you did then the likely location for the smbpasswd file is as Scott suggested. If you are on a Linux system and you are using an RPM package then the likely place is /etc/samba/smbpasswd. - John T. Thanks for the assistance! Scott - Original Message - From: Noel Kelly [EMAIL PROTECTED] To: 'smw' [EMAIL PROTECTED]; [EMAIL PROTECTED] Sent: Saturday, November 02, 2002 5:03 PM Subject: RE: [Samba] Unable to open passdb??? Scott, You hopefully just need to manually create the smbpasswd file in /usr/local/samba/private/. Just do a 'touch /usr/local/samba/private/smbpasswd' and retry. Noel -Original Message- From: smw [mailto:kc8lir;yahoo.com] Sent: 02 November 2002 17:13 To: [EMAIL PROTECTED] Subject: [Samba] Unable to open passdb??? Hello, Getting this error: [2002/11/02 12:55:16, 0] passdb/pdb_smbpasswd.c:pdb_getsampwnam(1367) unable to open passdb database. [2002/11/02 12:55:16, 0] smbd/chgpasswd.c:check_oem_password(761) check_oem_password: getsmbpwnam returned NULL [2002/11/02 12:55:16, 0] passdb/passdb.c:pdb_free_sam(210) pdb_free_sam: SAM_ACCOUNT was NULL[2002/11/02 12:55:16, 0] passdb/pdb_smbpasswd.c:pdb_getsampwnam(1367) unable to open passdb database. [2002/11/02 12:55:16, 0] smbd/chgpasswd.c:check_oem_password(761) check_oem_password: getsmbpwnam returned NULL [2002/11/02 12:55:16, 0] passdb/passdb.c:pdb_free_sam(210) pdb_free_sam: SAM_ACCOUNT was NULL Now, I've tried changing passwords via smbpasswd for a couple of different accounts, and for whatever reason it can't change them. I'm trying to set up my Samba box as a PDC. So far I haven't even been able to join the domain. Here's my smb.conf file: [global] netbios name = roswell workgroup = AREA51 os level = 64 preferred master = yes domain master = yes local master = yes security = user encrypt passwords = yes domain logons = yes domain admin group = root swrosch inferno add user script = /usr/sbin/useradd -d /dev/null -g 100 -s /bin/false -M %u allow hosts = 192.168.0. 127. # SHARE DEFINITIONS [netlogon] path = /home/netlogon read only = yes guest ok = no write list = root swrosch inferno I'm running Samba 2.2.6, and trying to join with my Win2k box. But, every time I try to change passwords or anything, I get unable to open passdb errors. Any assistance would be much appreciated. I've been trying to follow the directions in the Samba howto (http://us6.samba.org/samba/docs/Samba-HOWTO-Collection.html), and I'm getting completely confused. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] call_trans2qfsinfo, Signal 11,smb_panic, internal error
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Sun, 3 Nov 2002, Mike Junghanns wrote: Hallo, i have a problem with samba 2.2.6 and SuSE linux 8.0 smbd receives a signal 11. Client is WinXP. Can you try to reproduce this against a pristince source version of 2.2.6 built on a SuSE 8.0 box ? I need to find out if this is a SuSE package issue or a generic 2.2.6 issue. Also try to get a backtrace is gdb (see panic action in smb.conf(5)). cheers, jerry - Hewlett-Packard - http://www.hp.com SAMBA Team-- http://www.samba.org GnuPG Key http://www.plainjoe.org/gpg_public.asc ISBN 0-672-32269-2SAMS Teach Yourself Samba in 24 Hours 2ed I never saved anything for the swim back. Ethan Hawk in Gattaca -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.0 (GNU/Linux) Comment: For info see http://quantumlab.net/pine_privacy_guard/ iD8DBQE9xTqlIR7qMdg1EfYRAk0hAKCIdyrAyH6effbVHiwC7DnIdaR7SQCfdFmT pBjnox2LrVwQZNQFoH4aTek= =E6T6 -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
NIS automounts in 2.2.6 [was Re: [Samba] Bug report]
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 btw...we really need interested parties to test the NIS automount functionality in the SAMBA_3_0 tree else it might get broken. On Fri, 1 Nov 2002, Steve Salvini wrote: Hi - I'm trying to get samba set up as a PDC using automounted home directories, the automount maps being served by NIS. After a bit of hacking I think I've found a bug in the latest release (2.2.6) that I downloaded yesterday. It's in ($SAMBA_SRC_DIR)/source/param/loadparm.c and it means that lp_nis_home_map can never return a valid map name under NIS; it would've been fine under NIS+ but let's face it, we're dinosaurs here ;-) Do you mean lp_nis_home_map_name() or really lp_nis_home_map()? The former is a string containing the map name and the latter is a boolean flag. I'm not following you. Here's the diff: As a general rule, it's better to send patches in diff -u format. It would also be useful to (to me, at least) if szNISHomeMapName could be set through configure rather than it being hard-wired into the code. We're probably not the only site to have our own name for this map. There's a parameter in smb.conf homedir map that allows you to set the map name. Does this not work currently in 2.2.6 ? #if (defined(HAVE_NETGROUP) defined(WITH_AUTOMOUNT)) Globals.bNISHomeMap = False; #ifdef WITH_NISPLUS_HOME string_set(Globals.szNISHomeMapName, auto_home.org_dir); #else string_set(Globals.szNISHomeMapName, auto.home); #endif #endif And finally a quick word of thanks as you wouldn't believe what it means to an aging Unix dinosaur be able to investigate problems with an NT PDC by setting debug statements in the code, etc. rather than searching TechNet and praying - goodbye horrible black box aka Microsoft NT server software! ;-) Glad you like it. :-) cheers, jerry - Hewlett-Packard - http://www.hp.com SAMBA Team-- http://www.samba.org GnuPG Key http://www.plainjoe.org/gpg_public.asc ISBN 0-672-32269-2SAMS Teach Yourself Samba in 24 Hours 2ed I never saved anything for the swim back. Ethan Hawk in Gattaca -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.0 (GNU/Linux) Comment: For info see http://quantumlab.net/pine_privacy_guard/ iD8DBQE9xTi1IR7qMdg1EfYRAngRAJ9NFe3fqX/WYXV8YXb1ytnzpwbxYACgno6/ dku3KHlxrdsm+804N8j7KFo= =xobU -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Can't join the domain now.. (Was: Re: [Samba] Unable to open passdb???)
Okay, more details on this one. Here's the error: Your computer could not be joined to the domain because the following error has occured: The account used is a computer account. Use your global user account or local user account to access this server. I'm getting that with whichever user I try to use. Any help would be great. Again, I have tried following the PDC howto, but not much luck so far. Thanks, Scott - Original Message - From: smw [EMAIL PROTECTED] To: John H Terpstra [EMAIL PROTECTED] Cc: Noel Kelly [EMAIL PROTECTED]; [EMAIL PROTECTED] Sent: Sunday, November 03, 2002 9:54 AM Subject: Re: [Samba] Unable to open passdb??? Hi John, That worked beautifully. The user is added, and things are great. Now, I'm having issues joining the domain. It seems like it's finding the user information, but when I try to add the computer, it's telling me that it's not finding the domain. Any hints on that note? Thanks, Scott - Original Message - From: John H Terpstra [EMAIL PROTECTED] To: smw [EMAIL PROTECTED] Cc: Noel Kelly [EMAIL PROTECTED]; [EMAIL PROTECTED] Sent: Sunday, November 03, 2002 9:48 AM Subject: Re: [Samba] Unable to open passdb??? On Sat, 2 Nov 2002, smw wrote: Hello John, My apologies, I should have mentioned that this is on a RedHat 7.3 platform, however I downloaded the RPMs from the Samba site and installed it that way. I will give that a shot as well, and see what I can come up with. In that case, you need to add your root account to smbpasswd. The way to do this is from a root login shell: smbpasswd -a root Let me know how you go. - John T. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] RE: Clarifying CUPS Printing
Kurt, Thanks for pointing to the samba docs, last time I read the relevant parts regarding printing and cups is a couple of months ago ;-). We did have a working configuration already, but I changed smb.conf slightly just in case ... Setup: SuSE Linux, XFS, 2.4.18 kernel, cups 1.1.16 smb.conf: ... load printers = Yes printcap name = cups lpq cache time = 10 lpq command = /usr/bin/lpq -P%p lprm command = /usr/bin/lprm -P%p %j lppause command = /usr/bin/lp -i %p-%j -H hold lpresume command = /usr/bin/lp -i %p-%j -H resume queuepause command = /usr/sbin/reject %p queueresume command = /usr/sbin/accept %p ... printer name = ljfach2 print command = /usr/bin/perl /usr/local/samba/lib/printhp2100.pl %p %s %u %m %I %T ... We now have --a: Samba linked against libcups --c: printcap = cups in smb.conf --d: Printcap /etc/printcap in cupsd.conf and omitted --b: printing = cups in smb.conf to make sure our custom print commands are used. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Samba wins
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Fri, 1 Nov 2002, Noel Kelly wrote: From my understanding Samba WINS can only be a standalone server - there is no code to communicate with other WINS servers. Correct. There is some experimental WINS replication code in HEAD. Feel free to play around with it. cheers, jerry - Hewlett-Packard - http://www.hp.com SAMBA Team-- http://www.samba.org GnuPG Key http://www.plainjoe.org/gpg_public.asc ISBN 0-672-32269-2SAMS Teach Yourself Samba in 24 Hours 2ed I never saved anything for the swim back. Ethan Hawk in Gattaca -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.0 (GNU/Linux) Comment: For info see http://quantumlab.net/pine_privacy_guard/ iD8DBQE9xTlsIR7qMdg1EfYRAigPAKCIxZWI8Ed3MfXWfmabPL2flgShkwCeLhbT FIegNMOMQlh+dUUVoTqDZI4= =JQk9 -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: Can't join the domain now.. (Was: Re: [Samba] Unable to open passdb???)
Okay, update time: I've been tinkering with it, and I've been able to join the domain. The issue that I'm having is that the add user script option isn't functioning for me for some reason. I was able to do the same thing manually, and it worked like a charm though. Strange stuff. I'm going to play with it a little bit more as I have one other machine that I need to join the domain. Very strange problem, but then again, I may be doing something incorrectly. Thanks for the help though with the passdb problem. That was driving me nuts. Cheers! Scott - Original Message - From: smw [EMAIL PROTECTED] To: smw [EMAIL PROTECTED]; John H Terpstra [EMAIL PROTECTED] Cc: Noel Kelly [EMAIL PROTECTED]; [EMAIL PROTECTED] Sent: Sunday, November 03, 2002 10:18 AM Subject: Can't join the domain now.. (Was: Re: [Samba] Unable to open passdb???) Okay, more details on this one. Here's the error: Your computer could not be joined to the domain because the following error has occured: The account used is a computer account. Use your global user account or local user account to access this server. I'm getting that with whichever user I try to use. Any help would be great. Again, I have tried following the PDC howto, but not much luck so far. Thanks, Scott - Original Message - From: smw [EMAIL PROTECTED] To: John H Terpstra [EMAIL PROTECTED] Cc: Noel Kelly [EMAIL PROTECTED]; [EMAIL PROTECTED] Sent: Sunday, November 03, 2002 9:54 AM Subject: Re: [Samba] Unable to open passdb??? Hi John, That worked beautifully. The user is added, and things are great. Now, I'm having issues joining the domain. It seems like it's finding the user information, but when I try to add the computer, it's telling me that it's not finding the domain. Any hints on that note? Thanks, Scott - Original Message - From: John H Terpstra [EMAIL PROTECTED] To: smw [EMAIL PROTECTED] Cc: Noel Kelly [EMAIL PROTECTED]; [EMAIL PROTECTED] Sent: Sunday, November 03, 2002 9:48 AM Subject: Re: [Samba] Unable to open passdb??? On Sat, 2 Nov 2002, smw wrote: Hello John, My apologies, I should have mentioned that this is on a RedHat 7.3 platform, however I downloaded the RPMs from the Samba site and installed it that way. I will give that a shot as well, and see what I can come up with. In that case, you need to add your root account to smbpasswd. The way to do this is from a root login shell: smbpasswd -a root Let me know how you go. - John T. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] RE: firewall
Justin, -A INPUT -p tcp -m tcp -s 192.168.1.0/24 --dport 139 --syn -j ACCEPT -A INPUT -p udp -m udp -s 192.168.1.0/24 --dport 137 -j ACCEPT -A INPUT -p udp -m udp -s 192.168.1.0/24 --dport 138 -j ACCEPT Did you specify OUTPUT rules also ? You may want to try the following lines taken from a working server config. keep_state is a special chain for stateful inspection and logging purposes: -A INPUT -p tcp -s 192.168.1.0/24 --sport 1024: --dport 137:139 -j ACCEPT -A OUTPUT -p tcp -d 192.168.1.0/24 --sport 137:139 --dport 1024: -j keep_state -A OUTPUT -p tcp -d 192.168.1.0/24 --sport 1024: --dport 137:139 -j ACCEPT -A INPUT -p tcp -s 192.168.1.0/24 --sport 137:139 --dport 1024: -j keep_state -A INPUT -p udp -s 192.168.1.0/24 --dport 137:139 -j ACCEPT -A OUTPUT -p udp -d 192.168.1.0/24 --dport 137:139 -j ACCEPT -N keep_state -A keep_state -m state --state INVALID -j DROP -A keep_state -m state --state RELATED,ESTABLISHED -j ACCEPT # debug, info, notice, warning, err, crit, alert und emerg -A keep_state -m limit --limit 10/minute --limit-burst 10 -j LOG --log-level notice --log-prefix Packets dropped: -A keep_state -j DROP -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] libsmbclient bug ?
Hello, I've tried using libsmbclient from the 2.2.6 samba package (on a slackware 8.1, compiled --with-libsmbclient --with-sendfile-support --enable-debug (without debug also) ) and it segfaults when I call smbc_stat() (or smbc_fstat() ) on a file. I'm sorry I'm not able to find out the problem with gdb, the output (with the library compiled with debugging enabled) is: Starting program: /.tmp/tst Program received signal SIGSEGV, Segmentation fault. 0x in ?? () (gdb) The source file that causes this is: tst.c #include stdio.h #include libsmbclient.h void auth_fn(const char *server, const char *share, char *workgroup, int wgmaxlen, char *username, int unmaxlen, char *password, int pwmaxlen) { password[0] = 0; } int main() { struct stat stat_buf; if (0 smbc_init(auth_fn, 0)) { perror(smbc_init()); return 0; } if (0 (smbc_stat(smb://b0di/Muzica/lista, stat_buf))) { perror(smbc_stat()); return 0; } return 0; } -- If there's no smb://b0di/Muzica/lista file, the call works (ENOENT). I'm using the gcc from the distribution (gcc-2.95.3) thanks for reading, any pointer to fixing this (or what i'm missing here) would be appreciated Bogdan Harjoc __ Do you want a free e-mail for life ? Get it at http://www.email.ro/ -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: Can't join the domain now.. (Was: Re: [Samba] Unable to openpassdb???)
On Sun, 3 Nov 2002, smw wrote: Okay, more details on this one. Here's the error: Your computer could not be joined to the domain because the following error has occured: The account used is a computer account. Use your global user account or local user account to access this server. I'm getting that with whichever user I try to use. Any help would be great. Again, I have tried following the PDC howto, but not much luck so far. Launch SWAT. Point your browser at http://localhost:901 on the Samba server. Visit the Entire HOWTO Collection at the bottom of the home page. You will find all you need there. Cheers, John T. Thanks, Scott - Original Message - From: smw [EMAIL PROTECTED] To: John H Terpstra [EMAIL PROTECTED] Cc: Noel Kelly [EMAIL PROTECTED]; [EMAIL PROTECTED] Sent: Sunday, November 03, 2002 9:54 AM Subject: Re: [Samba] Unable to open passdb??? Hi John, That worked beautifully. The user is added, and things are great. Now, I'm having issues joining the domain. It seems like it's finding the user information, but when I try to add the computer, it's telling me that it's not finding the domain. Any hints on that note? Thanks, Scott - Original Message - From: John H Terpstra [EMAIL PROTECTED] To: smw [EMAIL PROTECTED] Cc: Noel Kelly [EMAIL PROTECTED]; [EMAIL PROTECTED] Sent: Sunday, November 03, 2002 9:48 AM Subject: Re: [Samba] Unable to open passdb??? On Sat, 2 Nov 2002, smw wrote: Hello John, My apologies, I should have mentioned that this is on a RedHat 7.3 platform, however I downloaded the RPMs from the Samba site and installed it that way. I will give that a shot as well, and see what I can come up with. In that case, you need to add your root account to smbpasswd. The way to do this is from a root login shell: smbpasswd -a root Let me know how you go. - John T. -- John H Terpstra Email: [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Roaming profiles - How to turn them off?
Is there anything simple to turn them off? Normally I don't mind roaming profiles, but considering how large mine have a tendency to get, I'm not waiting an hour (exaggerated, but close enough) to log in. So, just wondering if there's anything simple to turn them off. I haven't been able to find anything looking through the various texts I've been reading. Now that I've got the actual connecting to the domain issues resolved, I'm attempting to tackle customizing.. Thanks! Scott
[Samba] PDC and logon script
Hi everyone, I have a question about the logon script command. I've read and read and read the man page for smb.conf. In essence, I've duplicated the settings on the PDC how-to document to create a PDC with a logon script. However, when I log in, the scrips doesn't run. The only thing I don't have enabled, like the how-to, is roaming profiles. I'll include my smb.conf for review. I'm running 2.2.5 at work. I have a second Samba at home, with roaming profiles, but it doesn't work there, either (it's running 2.2.6). Any help would be much appreciated. Darin Bawden [EMAIL PROTECTED] smb.conf: [global] coding system = client code page = 850 code page directory = /usr/share/samba/codepages workgroup = TEAMDME netbios name = LINUX1 netbios aliases = netbios scope = server string = Linux Server interfaces = bind interfaces only = No security = USER encrypt passwords = Yes update encrypted = No allow trusted domains = Yes hosts equiv = min passwd length = 5 map to guest = Never null passwords = No obey pam restrictions = Yes password server = smb passwd file = /etc/samba/smbpasswd root directory = pam password change = Yes passwd program = /usr/bin/passwd %u passwd chat = *New*password* %n\n *Retype*new*password* %n\n *passwd:*all*authentication*tokens*updated*successfully* passwd chat debug = No username map = password level = 0 username level = 0 unix password sync = Yes restrict anonymous = No lanman auth = Yes use rhosts = No log level = 2 syslog = 1 syslog only = No log file = /var/log/samba/%m.log max log size = 0 timestamp logs = Yes debug hires timestamp = No debug pid = No debug uid = No protocol = NT1 large readwrite = No max protocol = NT1 min protocol = CORE read bmpx = No read raw = Yes write raw = Yes nt smb support = Yes nt pipe support = Yes announce version = 4.5 announce as = NT max mux = 50 max xmit = 65535 name resolve order = lmhosts host wins bcast max packet = 65535 max ttl = 259200 max wins ttl = 518400 min wins ttl = 21600 time server = Yes unix extensions = No change notify timeout = 60 deadtime = 0 getwd cache = Yes keepalive = 300 lpq cache time = 10 max smbd processes = 0 max disk size = 0 max open files = 1 read size = 16384 socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 stat cache size = 50 use mmap = Yes total print jobs = 0 load printers = Yes printcap name = /etc/printcap disable spoolss = No enumports command = addprinter command = deleteprinter command = show add printer wizard = Yes os2 driver map = strip dot = No character set = mangled stack = 50 stat cache = Yes domain admin group = @root domain guest group = machine password timeout = 604800 add user script = /usr/sbin/adduser -d /dev/null -g 100 -s /bin/false -M %m$ delete user script = logon script = logon.cmd logon path = \\%N\%U\profile logon drive = logon home = \\%N\%U domain logons = Yes os level = 99 lm announce = Auto lm interval = 60 preferred master = True local master = Yes domain master = True browse list = Yes enhanced browsing = Yes dns proxy = No wins proxy = No wins server = wins support = No wins hook = kernel oplocks = Yes oplock break wait time = 0 add share command = change share command = delete share command = config file = preload = lock dir = /var/cache/samba utmp directory = wtmp directory = utmp = No default service = message command = dfree command = valid chars = remote announce = remote browse sync = socket address = 0.0.0.0 homedir map = auto.home time offset = 0 NIS homedir = No source environment = panic action = hide local users = No host msdfs = No winbind uid = winbind gid = template homedir = /home/%D/%U template shell = /bin/false winbind separator = \ winbind cache time = 15 winbind enum users = Yes winbind enum groups = Yes comment = path = alternate permissions = No username = guest account =
Re: [Samba] call_trans2qfsinfo, Signal 11,smb_panic, internal error
On Sun, Nov 03, 2002 at 12:13:23PM +0100, Mike Junghanns wrote: Hallo, i have a problem with samba 2.2.6 and SuSE linux 8.0 smbd receives a signal 11. Client is WinXP. Please can you add the line : panic action = /bin/sleep 999 to the [global] section of smb.conf, reproduce the crash and then attach to the crashed process with gdb and send a backtrace (using the bt gdb command). Thanks, Jeremy. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Roaming profiles - How to turn them off?
On Sunday 03 November 2002 6:28 pm, smw wrote: Is there anything simple to turn them off? Normally I don't mind roaming profiles, but considering how large mine have a tendency to get, I'm not waiting an hour (exaggerated, but close enough) to log in. So, just wondering if there's anything simple to turn them off. I haven't been able to find anything looking through the various texts I've been reading. Now that I've got the actual connecting to the domain issues resolved, I'm attempting to tackle customizing.. Thanks! Scott Try the following in your smb.conf logon path = logon home = mark -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE: [Samba] AutoCAD temp file error
I continue to have this problem w/ LDD and it occurred even before I switched from an NT server to Samba. I'm fairly certain it's an Autodesk problem. -Original Message- From: [EMAIL PROTECTED] [mailto:samba-admin;lists.samba.org]On Behalf Of Brock Nanson Sent: Friday, November 01, 2002 8:31 PM To: Jay Ts Cc: [EMAIL PROTECTED] Subject: Re: [Samba] AutoCAD temp file error Hi Jay, Brock Nanson wrote: I rather doubt this is a samba problem, but perhaps someone can offer a hint to solve the issue... It's very unlikely to be a Samba bug, but may very well be a Samba misconfiguration. Perhaps. But the config hasn't been touched in 2 years and the WinXX workstations have never had the problem. The win2k box fails, saying the file could not be found on the path (and dumps a listing of the paths checked). The path exists in the list, and the file has been written to the directory! When the user responds to the error and the command completes, the file is successfully deleted from the server. So, it is doing everything except finding and inserting the file (which is there!). Exactly what is the name of the file, and are you using any foreign languages in file names? If you are using anything other than English, be aware that support for internationalization in Samba 2.2 is a little complicated to set up, and may be the source of your problem. Even if your file names are in the American/English character set, there are differences between how Unix and Windows handle filenames. A common source of trouble is case sensitivity in filenames. There are parameters that can be set in the Samba configuration file (smb.conf) to help deal with this. The filename looks like this: $abc$de.dwg The letters aren't right (I can't recall them exactly right now), but the file does start with a '$' and has a second on part way through as shown. I think the key to this is hidden in the way I can 'seed' the directory with this file once and have the command work until a new drawing is opened after doing so. Note that the file is deleted as a matter of course and that the file is not there the second, third,... time the command is used and it will work. But I need the file there the first time!! The temp file on the server is being saved with rwxrw-rw- attributes, although all the other files are rw-rw-rw-. That is because Samba's default is 'map archive = yes'. When the archive bit is set on a file from MS-DOS/Windows, Samba will keep track of it using the owner's execute bit. It will look like an executable file to a Unix user. If you don't like this, then set map archive = no in smb.conf. After doing this, MS-DOS backup software may not work right, because it won't see any archive attributes set for files to incrementally back up. Yeah, can't do this as I do use a Windows based backup utility. Funny that this file is the only one saved with the execute bit toggled. The other files AutoCAD creates don't have the execute bit set. I had wondered briefly if the speed with which the file is saved, then requested could be a problem. In a word: no. In three words: I highly doubt it! That's actually four words, but I do agree ;-) Any guesses? Or even a confirmation that the problem is with Win2k and NOT the samba box? I certainly wouldn't guarantee it's not a Windows bug. ;-) If you haven't fixed the problem by now, try providing a little more information, specifically, the _exact_ name of a temporary file that is problematic -- didn't you think of including that in your question? :) I did think of it but as I'm writing these postings away from the system couldn't remember the exact file name. I'm not very familiar with win2k but found it strange that it differentiates between 'Nobody' and 'nobody'. That has me a little worried, but as I can use the work around described above, I don't think the 'N' vs. 'n' is a problem. I do think it is a win2k issue, but it is odd that the problem can't be recreated when using a local drive. Any other ideas?? Thanks, Brock -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] 2.2.6 and printer questions
Hallo Gerald (Jerry) Carter, you wrote: If printers served from Samba it is nessesary to double click the netbios name of the samba server to see printershares. Why? Unknown. Tim had looked into this but I don't remember the details. I'm also thinking to remember (may be this is very bad english ;o) the question on this list and someone, who wants to look into it for 2.2.6. But the behavior is the same as in 2.2.5. That probably would have been me. I think it just fell off the plate as a non-essential feature for 2.2.6. We should make sure this works in 3.0. Thanks you for that :o) Is it possible, to bundle/deliver printer drivers in an tarfile, whith their relationships to predefined shares? Theoretically yes. But Probably not really a good idead since it would involve messing with the tdb files directory. The other problem is that printer information can only be initialized (Device Mode Printer data) by running the driver bound to the printer. Really messy. Then there is the EULA as well. I think, there is a free postscript driver included in cups. If you could get around the EULA, then you could package preinitialized drivers and write the information to smbd's tdbs. We have support for storing driver initialization data already. Where can I get more informations about that? Sounds interesting. Hmmmwish I could read German :-) Sorry, this is a very new project and the english version of the page is not completly done and existing parts are outdated. You don't need printing.tdb. That's a volatile tdb used to cache jobs listed in the queue. The rest of your assessment is correct. Thanks again. But another question: Is it correct, that the automatic download of printer drivers is only possible for printers, which are associated with an printcap entry? When I'm uploading a postscript driver for a *virtuell* printer, which is not associated with an printcap entry and then making an automatic installation of the driver on w2k, the status of this printer is always Failure. The definition in smb.conf is: [pdf] comment = pdf-service on %h browseable = yes printable = yes path = /tmp print command = ( /usr/local/bin/samba-print-pdf %s ~%u %L\\%u %m %I ) public = yes create mode = 0700 The driver is not the reason because I tested it also with a normal driver for the HP Laserjet 4 Plus, for which the automatic installation for non-virtuell printers works fine, if the sharename will be found in /etc/printcap or if in the share a statement like printer = printername in printcap exists. I think, automatic installation of printer drivers would be also usefull for virtuell printers, if there are for instance 200 workstations, which want to print to pdf-service... I looked into the tdb-files but could not find any associations with the printcap entries? Here are the other informations about my printing situation: [global] printing = lprng printcap name = /etc/printcap printer admin = root, eis load printers = no print command = chmod 666 %s;\ name=`echo '%J' | sed s/^.*- //` ;\ /usr/bin/lpr -P%p -J$name %s;\ rm %s lpq command = /usr/bin/lpq -P%p -L lpq cache time = 4 lprm command = /usr/bin/lprm -P%p %j lppause command = /usr/sbin/lpc hold %p %j lpresume command = /usr/sbin/lpc release %p %j queuepause command = /usr/sbin/lpc stop %p queueresume command = /usr/sbin/lpc start %p Share definitions, where automatic download works: [pr1] comment = local printer pr1 on %h browseable = yes printable = yes public = yes create mode = 0700 path = /tmp [pr2] comment = local printer pr2 on %h browseable = yes printable = yes public = yes create mode = 0700 path = /tmp [repr1] comment = remote printer repr1 on %h browseable = yes printable = yes public = yes create mode = 0700 path = /tmp [repr2] comment = remote printer repr2 on %h browseable = yes printable = yes public = yes create mode = 0700 path = /tmp [repr3] comment = remote printer repr3 on %h browseable = yes printable = yes public = yes create mode = 0700 path = /tmp Share for printer drivers: [print$] comment = samba printer drivers on %h browseable = yes writeable = no path = /samba_printer_drivers public = yes write list = root, eis /etc/printcap #-- -- # Lprng configuration file generated by /var/install/config.d/lprng.sh # # Version of Lprng for eisfair is 1.0.1 # # Do not edit this file, use # # 'Edit Lprng Configuration' # # in Printer Services Menu ! # # Creation date: Sat Oct 26 20:39:37 #-- -- #-- -- # Configuration for local Printer
[Samba] Not visable server
Hi list I have a problem. Running Samba 2.2.1a on a Redhat Linux 7.2 kernel 2.4.18 Client is a Microsoft Windows2000pro I can connect to all shares but I can not see my server in network neighborhood. I can see the the clients but not the server??? What have I missed? Some configuration I can test Thanks HÃ¥kan -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Not visable server
Have you walked through DIAGNOSIS.txt in the source docs? On Sun, Nov 03, 2002 at 11:36:49PM +0100, HÃ¥kan wrote: Hi list I have a problem. Running Samba 2.2.1a on a Redhat Linux 7.2 kernel 2.4.18 Client is a Microsoft Windows2000pro I can connect to all shares but I can not see my server in network neighborhood. I can see the the clients but not the server??? What have I missed? Some configuration I can test -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] 2.2.6+acl - strange behaviour
intro: i use a heavily customized arch-linux clone, so this is no newbie stuff. except root all linux users are auth'ed via winbind/w2kdc's. for windoze-user-convenience i have to use winbind use default domain == yes and installed ext3-acl support. acls are working ok, if managed via get/setfacl an also samba honours them correctly. for windoze-user-convenience acls should also be managable via win-client properties-security dialog. but all i saw, was strange behaviour from win-clients (here: w2k prof) : if i want to add acls, enumeration of users/groups (look in) in the add users dialog will let me select only from the samba server and not from the domain. if this is a feature, not a bug, there is the MAIN PROBLEM #1 in eyesight : *** all users are simply missing in this whilst all possible groups are present. *** but there are also problems on the samba end (see below) : FYI : samba version is 2.2.6 see the characteristics and the 2 tests below, where i checked name lookup service with 1 user and 1 group : - samba rootwolf # -bash 500 ~ rootwolf # cat /usr/src/samba-2.2.6-config ./configure --prefix=/usr --with-smbmount --with-fhs \ --with-configdir=/etc/samba --with-lockdir=/var/run/samba \ --with-privatdir=/etc/samba/private --with-lockdir=/var/run/samba \ --with-swatdir=/var/samba/swat --with-logfilebase=/var/log/samba \ --with-pam --with-pam_smbpass \ --with-tdbsam \ --with-ssl --with-syslog --with-quotas \ --with-spinlocks \ --with-msdfs \ --with-winbind --with-winbind-auth-challenge \ --with-acl-support \ --with-libsmbclient \ rootwolf # -bash 502 ~ rootwolf # ldd `which smbd` libacl.so.1 = /usr/lib/libacl.so.1 (0x4001b000) libssl.so.0.9.6 = /usr/lib/libssl.so.0.9.6 (0x40022000) libcrypto.so.0.9.6 = /usr/lib/libcrypto.so.0.9.6 (0x4004f000) libcups.so.2 = /usr/local/lib/libcups.so.2 (0x4010c000) libnsl.so.1 = /lib/libnsl.so.1 (0x40126000) libpam.so.0 = /lib/libpam.so.0 (0x4013c000) libpopt.so.0 = /usr/local/lib/libpopt.so.0 (0x40146000) libc.so.6 = /lib/libc.so.6 (0x4014e000) libdl.so.2 = /lib/libdl.so.2 (0x40277000) libattr.so.1 = /usr/lib/libattr.so.1 (0x4027b000) /lib/ld-linux.so.2 = /lib/ld-linux.so.2 (0x4000) - test 1 rootwolf # -bash 513 ~ rootwolf # sh /rbin/test --- w2kdomain == dom w2kpdc == e231pdc sambahost == wolf winbind separator == + winbind use default domain == no --- = getent group dom+e231 DOM+e231:x:24006:DOM+pichwo,DOM+atest - rpcclient e231pdc cmd = lookupnames e231 e231 S-1-5-21-507921405-1957994488-839522115-1109 (2) -- rpcclient wolf cmd = lookupnames e231 result was NT_STATUS_NONE_MAPPED - rpcclient e231pdc cmd = lookupnames dom\e231 dom\e231 S-1-5-21-507921405-1957994488-839522115-1109 (2) -- rpcclient wolf cmd = lookupnames dom\e231 result was NT_STATUS_NONE_MAPPED - rpcclient wolf cmd = lookupnames dom+e231 result was NT_STATUS_NONE_MAPPED - rpcclient e231pdc cmd = lookupnames wolf\e231 result was NT_STATUS_NONE_MAPPED -- rpcclient wolf cmd = lookupnames wolf\e231 result was NT_STATUS_NONE_MAPPED --- = getent passwd dom+pichwo DOM+pichwo:x:24023:24006:test1:/tmp:/bin/bash - rpcclient e231pdc cmd = lookupnames pichwo pichwo S-1-5-21-507921405-1957994488-839522115-1130 (1) -- rpcclient wolf cmd = lookupnames pichwo result was NT_STATUS_NONE_MAPPED - rpcclient e231pdc cmd = lookupnames dom\pichwo dom\pichwo S-1-5-21-507921405-1957994488-839522115-1130 (1) -- rpcclient wolf cmd = lookupnames dom\pichwo result was NT_STATUS_NONE_MAPPED - rpcclient wolf cmd = lookupnames dom+pichwo dom+pichwo S-1-5-21-507921405-1957994488-839522115-1130 (1) - rpcclient e231pdc cmd = lookupnames wolf\pichwo result was NT_STATUS_NONE_MAPPED -- rpcclient wolf cmd = lookupnames wolf\pichwo result was NT_STATUS_NONE_MAPPED - test 2 rootwolf # -bash 526 ~ rootwolf # sh /rbin/test --- w2kdomain == dom w2kpdc == e231pdc sambahost == wolf winbind separator == + winbind use default domain == yes --- = getent group e231 e231:x:24006:pichwo,atest = getent group dom+e231 e231:x:24006:pichwo,atest - rpcclient e231pdc cmd = lookupnames e231 e231 S-1-5-21-507921405-1957994488-839522115-1109 (2) -- rpcclient wolf cmd = lookupnames e231 e231 S-1-5-21-3906623103-4098751207-3827622673-49013 (4) - rpcclient e231pdc cmd = lookupnames dom\e231 dom\e231 S-1-5-21-507921405-1957994488-839522115-1109 (2) -- rpcclient wolf cmd = lookupnames dom\e231 dom\e231 S-1-5-21-3906623103-4098751207-3827622673-49013 (4) - rpcclient wolf cmd = lookupnames dom+e231 dom+e231 S-1-5-21-3906623103-4098751207-3827622673-49013 (4) - rpcclient e231pdc cmd = lookupnames wolf\e231 result was NT_STATUS_NONE_MAPPED -- rpcclient wolf cmd = lookupnames
Re: [Samba] Port 139 versus Port 445
Anyone have a sample line from inetd.conf that gets smbd to start on port 445 when smbd is already running on 139 from the samba startup script? I haven't had any luck yet? The following works for me: (sorry abt the line break) microsoft-dsstream tcp nowait root/usr/local/samba/bin/smbd smbd -d 1 Glen Gibb Ridley College -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Port 139 versus Port 445
Just make sure that the /etc/services file has microsoft-ds defined in it. Mine doesn't. Joel On Mon, Nov 04, 2002 at 11:51:54AM +1100, Glen Gibb wrote: Anyone have a sample line from inetd.conf that gets smbd to start on port 445 when smbd is already running on 139 from the samba startup script? I haven't had any luck yet? The following works for me: (sorry abt the line break) microsoft-dsstream tcp nowait root/usr/local/samba/bin/smbd smbd -d 1 Glen Gibb Ridley College -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] RE: firewall
Well, still no go. I've attached the script I used to create the firewall. Tcpdump still shows an icmp packet going back to the queried machine to say the UDP port is unreachable. Also, I don't see anything in any files in /var/log (I grepped for Packets). Can anyone comment on what the -m flag is for? Ulrich Kohlhase wrote: Justin, -A INPUT -p tcp -m tcp -s 192.168.1.0/24 --dport 139 --syn -j ACCEPT -A INPUT -p udp -m udp -s 192.168.1.0/24 --dport 137 -j ACCEPT -A INPUT -p udp -m udp -s 192.168.1.0/24 --dport 138 -j ACCEPT Did you specify OUTPUT rules also ? You may want to try the following lines taken from a working server config. keep_state is a special chain for stateful inspection and logging purposes: -A INPUT -p tcp -s 192.168.1.0/24 --sport 1024: --dport 137:139 -j ACCEPT -A OUTPUT -p tcp -d 192.168.1.0/24 --sport 137:139 --dport 1024: -j keep_state -A OUTPUT -p tcp -d 192.168.1.0/24 --sport 1024: --dport 137:139 -j ACCEPT -A INPUT -p tcp -s 192.168.1.0/24 --sport 137:139 --dport 1024: -j keep_state -A INPUT -p udp -s 192.168.1.0/24 --dport 137:139 -j ACCEPT -A OUTPUT -p udp -d 192.168.1.0/24 --dport 137:139 -j ACCEPT -N keep_state -A keep_state -m state --state INVALID -j DROP -A keep_state -m state --state RELATED,ESTABLISHED -j ACCEPT # debug, info, notice, warning, err, crit, alert und emerg -A keep_state -m limit --limit 10/minute --limit-burst 10 -j LOG --log-level notice --log-prefix Packets dropped: -A keep_state -j DROP -- Justin Georgeson UnBound Technologies, Inc. http://www.unboundtech.com Main 713.329.9330 Fax713.460.4051 Mobile 512.789.1962 5295 Hollister Road Houston, TX 77040 Real Applications using Real Wireless Intelligence(tm) fw.sh Description: Bourne shell script
[Samba] swat tool
Im trying to enable the swat utility so that I can manipulate the smb.conf file. I have done this on my PowerMac G4 computer, and now Im trying to set it up on my iBook - but it gives me the following error, xinetd[pid]: bind failed (address already in use (errno = 48). service = swat xinetd[pid]: {init_services} no services. Exiting... I have no idea what is going on, Im doing nothing different now that before?!?!? Please can someone help? Ian -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Not visable server
If you installed samba from sources, in the docs/text directory, you will find this useful troubleshooting document. If not, you'll have to go to the samba web site and look around for it. Joel On Mon, Nov 04, 2002 at 01:43:18AM +0100, HÃ¥kan wrote: Sorry but what answer is that?? The thing is that the system is small! and a do not have tha doc installed... I using the web as my doc /HÃ¥kan Have you walked through DIAGNOSIS.txt in the source docs? On Sun, Nov 03, 2002 at 11:36:49PM +0100, HÃ¥kan wrote: Hi list I have a problem. Running Samba 2.2.1a on a Redhat Linux 7.2 kernel 2.4.18 Client is a Microsoft Windows2000pro I can connect to all shares but I can not see my server in network neighborhood. I can see the the clients but not the server??? What have I missed? Some configuration I can test -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] swat tool
I am not entirely sure of what this error is saying. That is to say, I don't know what address is really referring to. xinetd, which monitors many ports and starts the appropriate daemon for each request, thinks it is supposed to be running swat for you. Which is correct. swat only runs from inetd or xinetd. However, the address is in use. They may mean the port, which is 901 I think, by default. I don't know what an iBook is. Have you a command like: netstat -anp | grep 901 to see if anything is binding to that port? I strongly suggest that you learn to edit your smb.conf file by hand. swat can really mess it up for you, or at least previous versions of swat would. swat is great for documentation, though. Joel On Mon, Nov 04, 2002 at 01:31:03AM +, Ian C Roberts wrote: Im trying to enable the swat utility so that I can manipulate the smb.conf file. I have done this on my PowerMac G4 computer, and now Im trying to set it up on my iBook - but it gives me the following error, xinetd[pid]: bind failed (address already in use (errno = 48). service = swat xinetd[pid]: {init_services} no services. Exiting... I have no idea what is going on, Im doing nothing different now that before?!?!? Please can someone help? Ian -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Problems connecting to Samba through windows
I just started using Linux a couple of weeks ago and have been trying to setup samba. I have a couple of text books I have been following which have helped me be able to run the smbclient from Linux to view both the shares on my Linux and xp machine. The problemis thatI can notaccess theLinux files from my xp machine. I can ping the machine without a problem and can also view the machine through network neighbourhood. However when I double click the Linux machine in network neighbourhood I receive the error: \\linuxis not accessible. you might not have permissions to use this network resource. No service is operating at the destination network endpoint on the remote system. I havegone through all the documentation I can find but nothing seems to help.Could someone please advise me on what I am doing wrong or not doing at all. I am still learning so the more explanatory the better. I look forward to your response Justin
[Samba] RE: RE: firewall
Justin, Well, still no go. I've attached the script I used to create the firewall. Tcpdump still shows an icmp packet going back to the queried machine to say the UDP port is unreachable. ... /sbin/iptables -A INPUT -i lo -j ACCEPT /sbin/iptables -A INPUT -i wlan0 -m state --state ESTABLISHED,RELATED -j ACCEPT /sbin/iptables -A INPUT -p tcp -m tcp --syn -j REJECT ^^^ /sbin/iptables -A INPUT -p udp -m udp -j REJECT ^ Ooops ;-)), you're sure you want to have these rules at the end of your script ?? Can anyone comment on what the -m flag is for? Quoting from the iptables man page: --- MATCH EXTENSIONS iptables can use extended packet matching modules. These are loaded in two ways: implicitly, when -p or --protocol is specified, or with the -m or --match options, followed by the matching module name; after these, various extra command line options become available, depending on the specific module. --- Please have a look at the following website for a couple of great tutorials and FW script examples. I'd personally recommend reading Oskar Andreasson's tutorial also: www.netfilter.org/documentation/index.html#tutorials www.netfilter.org/documentation/tutorials/blueflux/iptables-tutorial.htm l Good luck, Uli -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Problems connecting to Samba through windows
Have you walked through DIAGNOSIS.txt in the docs/text section with the samba sources. Is samba running on the linux box? Joel On Mon, Nov 04, 2002 at 12:16:53PM +1000, Justin wrote: I just started using Linux a couple of weeks ago and have been trying to setup samba. I have a couple of text books I have been following which have helped me be able to run the smbclient from Linux to view both the shares on my Linux and xp machine. The problem is that I can not access the Linux files from my xp machine. I can ping the machine without a problem and can also view the machine through network neighbourhood. However when I double click the Linux machine in network neighbourhood I receive the error: \\linux is not accessible. you might not have permissions to use this network resource. No service is operating at the destination network endpoint on the remote system. I have gone through all the documentation I can find but nothing seems to help. Could someone please advise me on what I am doing wrong or not doing at all. I am still learning so the more explanatory the better. I look forward to your response Justin -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Problems connecting to Samba through windows
Test 5 of the diagnostics.txt failed. SWAT is telling me that nmbd is running though. - Original Message - From: Joel Hammer [EMAIL PROTECTED] To: Justin [EMAIL PROTECTED]; [EMAIL PROTECTED] Sent: Monday, November 04, 2002 12:28 PM Subject: Re: [Samba] Problems connecting to Samba through windows Have you walked through DIAGNOSIS.txt in the docs/text section with the samba sources. Is samba running on the linux box? Joel On Mon, Nov 04, 2002 at 12:16:53PM +1000, Justin wrote: I just started using Linux a couple of weeks ago and have been trying to setup samba. I have a couple of text books I have been following which have helped me be able to run the smbclient from Linux to view both the shares on my Linux and xp machine. The problem is that I can not access the Linux files from my xp machine. I can ping the machine without a problem and can also view the machine through network neighbourhood. However when I double click the Linux machine in network neighbourhood I receive the error: \\linux is not accessible. you might not have permissions to use this network resource. No service is operating at the destination network endpoint on the remote system. I have gone through all the documentation I can find but nothing seems to help. Could someone please advise me on what I am doing wrong or not doing at all. I am still learning so the more explanatory the better. I look forward to your response Justin -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: Can't join the domain now.. (Was: Re: [Samba] Unable to openpassdb???)
On Mon, 2002-11-04 at 02:18, smw wrote: Okay, more details on this one. Here's the error: Your computer could not be joined to the domain because the following error has occured: The account used is a computer account. Use your global user account or local user account to access this server. Just a note for the archives. This is a bug in Samba 2.2, it returns an incorrect error code. It should give back a boring 'access denied'. However given that, this message means that you don't have a machine account yet - you will either need to add one with smbpasswd -m, or setup (as per the HOWTO) to add the machine on the fly. Andrew Bartlett -- Andrew Bartlett [EMAIL PROTECTED] Manager, Authentication Subsystems, Samba Team [EMAIL PROTECTED] Student Network Administrator, Hawker College [EMAIL PROTECTED] http://samba.org http://build.samba.org http://hawkerc.net -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Imprints Problem
Hello, I've been playing around with an old Win95 box and my Debian machine using samba + cups + imprints. I'm stuck at installing the Windows 9x printer. I've been able to create two .tar.gz files one for the windows 9x printer and one for the NT printer using the mkprintpkg perl script. The NT print driver installs fine. Trying to then install the windows 9x printer driver complains of there being no NT driver in the package. I assume I need to create a package with both the NT and the win 9x driver?? Its not clearly stated how to use two or more inf files at once for the one package. I'm using the Imprints Installation Client Howto and Invoking the package Creation Tool (http://imprints.sourceforge.net/packages-manual/x44.html) thanks, Chris Caston -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] MySQL authentication kickoff time?
Hiya. I'm in the middle of (re)developing a authentication system for an internet cafe here in Sydney. By complete accident I discovered the PDB MySQL plugin for samba yesterday in CVS - amazing. Haven't tried this yet (waiting for samba to compile on a really slow machine, heh) but it looks great. Is anybody using this? Would you recommend it for use in a heavy use type environment? I've noticed in the README for this there's identifiers for logoff time and kickoff time. Hmm. Basically, the clients are Windows XP machines, and previously I had written a Windows client / UNIX server infastructure to do this logging off. Can samba actually kick users off after a certain amount of time? Wow. If it can, someone let me know how :) R -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Problems connecting to Samba through windows
Please provide more detail. What is the error message you are getting? Which machine are you running the command on? Which machine are you trying to find with nmblookup? Forget swat. If you mention it once more I'll hang up. What do you see with: ps ax | grep mbd | grep -v grep at the linux server? Joel On Mon, Nov 04, 2002 at 01:29:05PM +1000, Justin Edwards wrote: Test 5 of the diagnostics.txt failed. SWAT is telling me that nmbd is running though. - Original Message - From: Joel Hammer [EMAIL PROTECTED] To: Justin [EMAIL PROTECTED]; [EMAIL PROTECTED] Sent: Monday, November 04, 2002 12:28 PM Subject: Re: [Samba] Problems connecting to Samba through windows Have you walked through DIAGNOSIS.txt in the docs/text section with the samba sources. Is samba running on the linux box? Joel On Mon, Nov 04, 2002 at 12:16:53PM +1000, Justin wrote: I just started using Linux a couple of weeks ago and have been trying to setup samba. I have a couple of text books I have been following which have helped me be able to run the smbclient from Linux to view both the shares on my Linux and xp machine. The problem is that I can not access the Linux files from my xp machine. I can ping the machine without a problem and can also view the machine through network neighbourhood. However when I double click the Linux machine in network neighbourhood I receive the error: \\linux is not accessible. you might not have permissions to use this network resource. No service is operating at the destination network endpoint on the remote system. I have gone through all the documentation I can find but nothing seems to help. Could someone please advise me on what I am doing wrong or not doing at all. I am still learning so the more explanatory the better. I look forward to your response Justin -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] samba not showing all files.
Hello, I've got a web server with samba running on it. The idea is i have a samba web share to which users can put web pages. My problem is none of the files are being shown, i have 5 folders and 24 files, only the five folders show up in a network neighborhood view. I've checked permissions, all the users can place content in that location, but the files are not visible. samba 2.2.6, any ideas? Thanks. Dave. Sign Up for Juno Platinum Internet Access Today Only $9.95 per month! Visit www.juno.com -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] pdb_mysql compile failure
Hiya... Compiling the mysql module (cvs) isn't working too well. I modify srcdir in the Makefile to /usr/src/samba/source (as per README instructions), and I get the following: rootserber[/usr/src/samba/examples/pdb/mysql]# make libtool gcc -O -Iinclude -I/usr/src/samba/source/include -I/usr/src/samba/source/ubiqx -I/usr/src/samba/source/smbwrapper -I. -D_LARGEFILE64_SOURCE -D_FILE_OFFSET_BITS=64 -D_GNU_SOURCE -I/usr/src/samba/source -c pdb_mysql.c rm -f .libs/pdb_mysql.lo gcc -O -Iinclude -I/usr/src/samba/source/include -I/usr/src/samba/source/ubiqx -I/usr/src/samba/source/smbwrapper -I. -D_LARGEFILE64_SOURCE -D_FILE_OFFSET_BITS=64 -D_GNU_SOURCE -I/usr/src/samba/source -c pdb_mysql.c -fPIC -DPIC -o .libs/pdb_mysql.lo pdb_mysql.c: In function `row_to_sam_account': pdb_mysql.c:232: too few arguments to function `pdb_set_pass_last_set_time' pdb_mysql.c:235: too few arguments to function `pdb_set_username' pdb_mysql.c:236: too few arguments to function `pdb_set_domain' pdb_mysql.c:237: too few arguments to function `pdb_set_nt_username' pdb_mysql.c:238: too few arguments to function `pdb_set_fullname' pdb_mysql.c:243: too few arguments to function `pdb_set_acct_desc' pdb_mysql.c:244: too few arguments to function `pdb_set_workstations' pdb_mysql.c:245: too few arguments to function `pdb_set_unknown_str' pdb_mysql.c:246: too few arguments to function `pdb_set_munged_dial' pdb_mysql.c:249: too few arguments to function `pdb_set_uid' pdb_mysql.c:251: too few arguments to function `pdb_set_gid' pdb_mysql.c:254: too few arguments to function `pdb_set_user_sid' pdb_mysql.c:256: too few arguments to function `pdb_set_group_sid' pdb_mysql.c:259: too few arguments to function `pdb_set_lanman_passwd' pdb_mysql.c:261: too few arguments to function `pdb_set_nt_passwd' pdb_mysql.c:268: too few arguments to function `pdb_set_acct_ctrl' pdb_mysql.c:269: too few arguments to function `pdb_set_unknown_3' pdb_mysql.c:270: too few arguments to function `pdb_set_logon_divs' pdb_mysql.c:271: too few arguments to function `pdb_set_hours_len' pdb_mysql.c:272: too few arguments to function `pdb_set_unknown_5' pdb_mysql.c:273: too few arguments to function `pdb_set_unknown_6' pdb_mysql.c: In function `mysqlsam_replace_sam_account': pdb_mysql.c:698: `FLAG_SAM_LOGONTIME' undeclared (first use in this function) pdb_mysql.c:698: (Each undeclared identifier is reported only once pdb_mysql.c:698: for each function it appears in.) pdb_mysql.c:706: `FLAG_SAM_LOGOFFTIME' undeclared (first use in this function) pdb_mysql.c:714: `FLAG_SAM_KICKOFFTIME' undeclared (first use in this function) pdb_mysql.c:722: `FLAG_SAM_CANCHANGETIME' undeclared (first use in this function) pdb_mysql.c:730: `FLAG_SAM_MUSTCHANGETIME' undeclared (first use in this function) pdb_mysql.c:762: `FLAG_SAM_UID' undeclared (first use in this function) pdb_mysql.c:769: `FLAG_SAM_GID' undeclared (first use in this function) make: *** [pdb_mysql.lo] Error 1 The system is running Debian unstable (woody). Cheers R On Monday, November 4, 2002, at 02:56 PM, xfesty wrote: Hiya. I'm in the middle of (re)developing a authentication system for an internet cafe here in Sydney. By complete accident I discovered the PDB MySQL plugin for samba yesterday in CVS - amazing. Haven't tried this yet (waiting for samba to compile on a really slow machine, heh) but it looks great. Is anybody using this? Would you recommend it for use in a heavy use type environment? I've noticed in the README for this there's identifiers for logoff time and kickoff time. Hmm. Basically, the clients are Windows XP machines, and previously I had written a Windows client / UNIX server infastructure to do this logging off. Can samba actually kick users off after a certain amount of time? Wow. If it can, someone let me know how :) R -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] samba modifies permissions when reading them
hello, it may sound strange but samba modifies permissions when reading them using xp explorer. redhat 7.3, samba 2.2.6-1 rpm (from samba site), windows xp (non-sp1) client. file aaa is owned by user john and group john. permissions are 0600. open the explorer's properties dialog and look at the secutity settings. the group john suddenly got the w rights. say ok and now your file got the permissions of 0620. strange! and now go into properties again and switch off the w rights for the group. save it. now you got 0600 again. now i thought i could start again the chain of doing this. but this is not true! if you now open the properties again, you got no w rights and the properties are left at 0600. strange !!! any ideas? or even more: ideas what to change in the sources to get rid of this behaviour? and another thing: if the permissions are set to 0664, the corresponding check boxes in the properties window are gayed. set full access, save and then you are able to change the formerly grayed check boxes again and modify the 0640 settings. what has happened to the permission stuff? is there a configuration fault? thanks, L* -- +++ GMX - Mail, Messaging more http://www.gmx.net +++ NEU: Mit GMX ins Internet. Rund um die Uhr für 1 ct/ Min. surfen! -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Error joining Win2K domain: ads_connect: DSA is unavailable
I had changed my administrator password on the Win2K server prior to doing the net ads join. 'kinit [EMAIL PROTECTED]' is successful. I went ahead and pulled down the krb5-current snapshot from MIT, and samba3.0alpha wont build with it. 30 some lines of errors when 'Linking bin/smbd', if anyone is interested. Looks like brokenness in krb5 though. Is there a snapshot out there known to work with samba+win2k kdc? Or any other idea? Is there no one running samba as a member in a Active directory? :) -Matt MNU Internet System Administrator MNU Network Security Administrator --- Original Message Below --- From: Andrew Bartlett [EMAIL PROTECTED] To: Matt Sapp [EMAIL PROTECTED] Subject: Re: [Samba] Error joining Win2K domain: ads_connect: DSA is unavailable Date: Thu, 31 Oct 2002 11:57:22 + On Thu, Oct 31, 2002 at 05:14:19AM -0500, Matt Sapp wrote: I'm running 3.0alpha (both current CVS pull and alpha20 from dist) and trying to have my samba server join our already in place Win2K ADS domain. I am able to 'kinit user@DOMAIN' and auth successfully, but upon attempting 'net ads join', I get the following: # net ads join -Uadministrator administrator password: [2002/10/31 05:11:19, 1] libsmb/clikrb5.c:krb5_mk_req2(63) krb5_get_credentials failed for mnu-server$@MNU.EDU (No credentials found with supported encryption types) [2002/10/31 05:11:19, 1] utils/net_ads.c:ads_startup(148) ads_connect: DSA is unavailable You have not got the latest MIT kerberos (you need a snapshot, the releases don't seem to support it) and your Administrator password has not been changed since you upgraded to ADS. As such the only password is the MD4 based password from pre-ads, which MIT can't use. Andrew Bartlett -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] problem getting printing started via CUPS
Title: [Samba] problem getting printing started via CUPS I'm using cups for printing and when i try to share a printer with samba i get the msg on my win2000 wks that access is denied, unable to connect my smb.conf looks like this: [global] workgroup = kerkenkruis netbios name = kruimel server string = Samba server running on Redhat %L:%h interfaces = eth0 dns proxy = yes domain master = yes preferred master= yes socket options = IPTOS_LOWDELAY TCP_NODELAY os level = 65 update encrypted= yes unix password sync = yes encrypt passwords = yes printcap name = cups [public] hide dot files = yes path = /tmp [printers] browseable = yes printing = cups lpq command = /usr/bin/lpstat -o%p lprm command = /usr/bin/cancel %p-%j print command = /usr/bin/lp -d%p -orwa %s; rm %s queuepause command = /usr/bin/disable %p queueresume command = /usr/bin/enable %p public = yes printable = yes # valid users = printer name = test What could be the problem??? Gr, Ernst Cozijnsen -- This message contains information that may be privileged or confidential and is the property of the Cap Gemini Ernst Young Group. It is only intended for the person to whom it is addressed. If you are not the intended recipient, you are not authorized to read, print, retain, copy disseminate, distribute, or use this message or any part thereof. If you receive this message in error, please notify the sender immediately and delete all copies of this message.
Re: [Samba] 2.2.6 and printer questions
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 If you could get around the EULA, then you could package preinitialized drivers and write the information to smbd's tdbs. We have support for storing driver initialization data already. Have you heard that you can get CUPS printer drivers exactly for that from cups.org? If they are good drivers, this could be very interesting. Sounds interesting. Hmmmwish I could read German :-) Part of that site is translated :-) Volker -BEGIN PGP SIGNATURE- Version: GnuPG v1.0.6 (GNU/Linux) Comment: Key-ID D32186CF, Fingerprint available: phone +49 551 370 iD8DBQE9xieXOmSXH9Mhhs8RAkMvAJ9sigDXJi9n2njyO2+0EVsFnDNkXACeOqz3 G1Ta4CGXvmhc2ZUp8Nff7fg= =zlGF -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
_net_trust_dom_list() needs actual trustdom implementation.
Mimir: When you get your trustdom patch together, don't forget that: srv_netlog_nt.c:_net_trust_dom_list() also needs to be picked up for the DC side. - so far we are only getting it right in the SAMR call. Now that seems to be the one that's actually called, but anyway... Andrew Bartlett -- Andrew Bartlett [EMAIL PROTECTED] Manager, Authentication Subsystems, Samba Team [EMAIL PROTECTED] Student Network Administrator, Hawker College [EMAIL PROTECTED] http://samba.org http://build.samba.org http://hawkerc.net
Re: Backup browser question.
On Sat, 2 Nov 2002, Christopher R. Hertel wrote: The rule of thumb, as I've seen it stated in some olde Windows95 documentation, is that following the election of the Local Master Browser, one of the other Potential Browsers is selected to be a Backup Browser. For every 32 nodes on the subnet (how is this determined) there is supposed to be yet another Backup Browser. This is correct. Certainly up to NT3.51 Microsoft maintained that NT did the same as WfW networking in respect of Backup Master Browser / Potential master browser behaviour. That's what the docs say anyway. What I find annoying is that I cannot get W/NT4 to select another node as a backup browser. This suggests that the real formula is Backup Browser count = 0 + trunc( nodes / 32 ) No matter what, you must have at least one BMB. PS: I recall in the WfW resource kit reading that WfW elects a BMB for every 15 nodes. NT3.1 changed this to 1 in 32 as I recall. instead of Backup Browser count = 1 + trunc( nodes / 32 ) Thing is, I want to take a look at the protocol used to update the Backup Browsers from the LMB's list. Any clues anyone? Don't know if my comments help. - John T. -- John H Terpstra Email: [EMAIL PROTECTED]
Re: make 'ldap trust ids' the default?
Andrew Bartlett wrote: I've just committed a patch that adds a new 'ldap trust ids' smb.conf option. Currently defaulting to off, this option allows pdb_ldap to use the ldap server directly to determine if a user 'exists' in unix. This gives us a performance boost, particularly on enumerations: (Removes the extra lookup per record). The logic is such that if there are no posixAccount attributes for a user, we try getpwnam(), it's just that we look in LDAP first. As such, do people think we should have this by default? This was a fix to solve some particular problems that metze had, and I'll see if I can get some feedback on exactly how much this helps. Andrew Bartlett That sounds like a good idea, to do it as default or not is a good question, when you have a little user database it isn't really helpfull, but I think it should be on by default. If I could only find some time somewhere, I'll take a look at this. regards -- Markus Schabel |- | TGM - Die Schule der Technik | | IT-Service | | A-1200 Wien, Wexstrasse 19-23 | | Tel.: +43(1)33126/316 Fax: +43(1)33126/154 | | eMail: [EMAIL PROTECTED]| -|
Re: _net_trust_dom_list() needs actual trustdom implementation.
On Mon, Nov 04, 2002 at 01:06:49AM +1100, Andrew Bartlett wrote: Mimir: When you get your trustdom patch together, don't forget that: srv_netlog_nt.c:_net_trust_dom_list() also needs to be picked up for the DC side. - so far we are only getting it right in the SAMR call. Now that seems to be the one that's actually called, but anyway... Indeed. Thanks for point. I missed that one and it certainly needs updating to our new trustdom code. -- cheers, ++ |Rafal 'Mimir' Szczesniak [EMAIL PROTECTED] | |*BSD, GNU/Linux and Samba / |__/
namecache updates and trustdom patch n+4
These are namecache fixes and n+4 update to trusted domains: Changes include: - namecache uses now new ipstr_list_* functions to operate on lists of IP addresses converted to string It doesn't use (yet) str_list_make routine since it lacks support for expandable strings (ie. you cannot add another address to a list) - implemented ipstr_list_make, ipstr_list_add, ipstr_list_parse and ipstr_list_free functions and, I suspect this code will be modified to cooperate with str_list_make; one step at a time, however... - updated 'net cache' code to improve displaying cache contents' readability - trustdom_cache implementation extended to use by ADS environments as well (alt_name and friends...) - small update of rpcclient to make trusted domains enumeration command more flexible about parameters This part works for me, but it wasn't extensively tested, so comments and fixes (memleaks in paricular) are welcome. -- cheers, ++ |Rafal 'Mimir' Szczesniak [EMAIL PROTECTED] | |*BSD, GNU/Linux and Samba / |__/ Index: Makefile.in === RCS file: /cvsroot/samba/source/Makefile.in,v retrieving revision 1.555 diff -u -r1.555 Makefile.in --- Makefile.in 1 Nov 2002 05:41:56 - 1.555 +++ Makefile.in 3 Nov 2002 19:04:02 - @@ -173,7 +173,7 @@ libsmb/smberr.o libsmb/credentials.o libsmb/pwd_cache.o \ libsmb/clioplock.o libsmb/errormap.o libsmb/clirap2.o \ libsmb/passchange.o libsmb/unexpected.o libsmb/doserr.o \ -libsmb/namecache.o $(RPC_PARSE_OBJ1) +libsmb/namecache.o libsmb/trustdom_cache.o $(RPC_PARSE_OBJ1) LIBMSRPC_OBJ = rpc_client/cli_lsarpc.o rpc_client/cli_samr.o \ rpc_client/cli_netlogon.o rpc_client/cli_srvsvc.o \ Index: lib/gencache.c === RCS file: /cvsroot/samba/source/lib/gencache.c,v retrieving revision 1.1 diff -u -r1.1 gencache.c --- lib/gencache.c 11 Sep 2002 14:07:15 - 1.1 +++ lib/gencache.c 3 Nov 2002 19:04:03 - @@ -92,7 +92,6 @@ /** * Add one entry to the cache file. - * (it part of tridge's proposed API) * * @param key string that represents a key of this entry * @param value text representation value being cached @@ -133,7 +132,6 @@ /** * Set existing entry to the cache file. - * (it part of tridge's proposed API) * * @param key string that represents a key of this entry * @param value text representation value being cached @@ -189,7 +187,6 @@ /** * Delete one entry from the cache file. - * (it part of tridge's proposed API) * * @param key string that represents a key of this entry * @@ -219,11 +216,10 @@ /** * Get existing entry from the cache file. - * (it part of tridge's proposed API) * * @param key string that represents a key of this entry * @param value buffer that is allocated and filled with the entry value - *buffer's disposing is done outside + *buffer's disposing must be done outside * @param timeout pointer to a time_t that is filled with entry's *timeout * @@ -269,12 +265,14 @@ * * @param fn pointer to the function that will be supplied with each single *matching cache entry (key, value and timeout) as an arguments + * @param data void pointer to an arbitrary data that is passed directly to the fn + *function on each call * @param keystr_pattern pattern the existing entries' keys are matched to * **/ -void gencache_iterate(void (*fn)(const char* key, const char *value, time_t timeout), - const char* keystr_pattern) +void gencache_iterate(void (*fn)(const char* key, const char *value, time_t timeout, +void* dptr), + void* data, const char* keystr_pattern) { TDB_LIST_NODE *node, *first_node; TDB_DATA databuf; @@ -286,7 +284,7 @@ if (!gencache_init()) return; - DEBUG(5, (Searching cache keys with pattern %s, keystr_pattern)); + DEBUG(5, (Searching cache keys with pattern %s\n, keystr_pattern)); node = tdb_search_keys(cache, keystr_pattern); first_node = node; @@ -306,7 +304,7 @@ DEBUG(10, (Calling function with arguments (key = %s, value = %s, timeout = %s)\n, keystr, valstr, ctime(timeout))); - fn(keystr, valstr, timeout); + fn(keystr, valstr, timeout, data); SAFE_FREE(valstr); SAFE_FREE(entry); @@ -315,5 +313,4 @@ tdb_search_list_free(first_node); } - Index: lib/util_str.c === RCS file: /cvsroot/samba/source/lib/util_str.c,v retrieving
Re: Backup browser question.
John H Terpstra wrote: On Sat, 2 Nov 2002, Christopher R. Hertel wrote: The rule of thumb, as I've seen it stated in some olde Windows95 documentation, is that following the election of the Local Master Browser, one of the other Potential Browsers is selected to be a Backup Browser. For every 32 nodes on the subnet (how is this determined) there is supposed to be yet another Backup Browser. This is correct. Certainly up to NT3.51 Microsoft maintained that NT did the same as WfW networking in respect of Backup Master Browser / Potential master browser behaviour. That's what the docs say anyway. What I find annoying is that I cannot get W/NT4 to select another node as a backup browser. This suggests that the real formula is Backup Browser count = 0 + trunc( nodes / 32 ) No matter what, you must have at least one BMB. One backup... Yes, I thought about it a lot last night and I *think* that the Backup Browser selects itself during the election by sending an election packet with the Backup Browser bit set. PS: I recall in the WfW resource kit reading that WfW elects a BMB for every 15 nodes. NT3.1 changed this to 1 in 32 as I recall. Makes sense. They were probably afraid that being a Browser node would put a strain on the system (we are talking 386's running Windows, after all). Once the 486's started coming out, and they had a bit more experience with it, they probably upped the number. instead of Backup Browser count = 1 + trunc( nodes / 32 ) Thing is, I want to take a look at the protocol used to update the Backup Browsers from the LMB's list. Any clues anyone? Don't know if my comments help. They confirm my read of the documentation. Thing is: 1) When I capture a browser lookup, I am seeing that the GetBackupList request, and the reply (both from Samba and from Windows) shows only one name in the Backup Browser list. That name is the name of the Local Master Browser. 2) I don't know how the LMB goes about counting the nodes on the LAN. I suppose it's looking at the announce messages. 3) I don't know how the LMB goes about telling a node that it should be a Backup Browser. These are things that I want to learn so that I can document them. Once again, all clues are helpful. Thanks! Chris -)- -- Samba Team -- http://www.samba.org/ -)- Christopher R. Hertel jCIFS Team -- http://jcifs.samba.org/ -)- ubiqx development, uninq. ubiqx Team -- http://www.ubiqx.org/ -)- [EMAIL PROTECTED] OnLineBook -- http://ubiqx.org/cifs/-)- [EMAIL PROTECTED]
First draft libsmbclient test program
Hello, I wrote this afternoon this small test program. It does not do all what i would have liked, but it does enough to begin to compare libsmbclient releases. What it tests: -listing workgroups -listing computers -listing shares With an automated way What it does not yet: -all what remains I will go on and implement all what is missing if you feel it will be useful for you. Attached is the output generated by various libsmbclient releases + the current program sources. The first regression is between 2.2.2 and 2.2.3 The second is somewhere i don't know, but is there in 3.0alpha20 Cheers. Fabien. PS: I can make it to dlopen libsmbclient if you need it ...but I use only linux and i have no idea if it will work elsewhere. PS(2): What do you mean, Andrew, by making it scriptable ? -- Samba v2.2.1 [fabientux libsmb]$ lsmbctest Now running test smbc_init... Calling int smbc_init(mbc_get_auth_data_fn, int debug=0) Result : 0 Test smbc_init OK Now running test workgroups listing... Calling int smbc_opendir(const char *durl=smb://) Authentification required for SERVER CUTBIDISH SHARE IPC$ in WORKGROUP WORKGROUP. Returning Result : 11024, errno=0[Success] Calling int smbc_readdir(int dh=11024) Result : 0x400a6da0, errno=0[Success] Found entry type 1, named MDKGROUP Calling int smbc_readdir(int dh=11024) Result : 0x400a6da0, errno=0[Success] Found entry type 1, named REZ Calling int smbc_readdir(int dh=11024) Result : 0x400a6da0, errno=0[Success] Found entry type 1, named WORKGROUP Calling int smbc_readdir(int dh=11024) Result : (nil), errno=0[Success] Test workgroups listing OK Now running test smbc_closedir... Calling int smbc_closedir(int dh=11024) Result : 0, errno=0[Success] Test smbc_closedir OK Now running test machines in workgroup listing... Calling int smbc_opendir(const char *durl=smb://MDKGROUP) Authentification required for SERVER SHADOW SHARE IPC$ in WORKGROUP WORKGROUP. Returning Result : 11024, errno=0[Success] Calling int smbc_readdir(int dh=11024) Result : 0x400a6da0, errno=0[Success] Found entry type 2, named SHADOW Calling int smbc_readdir(int dh=11024) Result : (nil), errno=0[Success] Test machines in workgroup listing OK Calling int smbc_closedir(int dh=11024) Result : 0, errno=0[Success] Now running test shares on a machine listing... Calling int smbc_opendir(const char *durl=smb://SHADOW) Authentification required for SERVER SHADOW SHARE IPC$ in WORKGROUP WORKGROUP. Returning Result : 11024, errno=0[Success] Calling int smbc_readdir(int dh=11024) Result : 0x400a6da0, errno=0[Success] Found entry type 6, named IPC$ Calling int smbc_readdir(int dh=11024) Result : 0x400a6da0, errno=0[Success] Found entry type 3, named ADMIN$ Calling int smbc_readdir(int dh=11024) Result : (nil), errno=0[Success] Test shares on a machine listing OK Calling int smbc_closedir(int dh=11024) Result : 0, errno=0[Success] Test summary: smbc_init Ok smbc_closedir Ok workgroups listing Ok machines in workgroup listing Ok shares on a machine listing Ok -- Samba v2.2.2 [fabientux libsmb]$ lsmbctest Now running test smbc_init... Calling int smbc_init(mbc_get_auth_data_fn, int debug=0) Result : 0 Test smbc_init OK Now running test workgroups listing... Calling int smbc_opendir(const char *durl=smb://) Authentification required for SERVER CUTBIDISH SHARE IPC$ in WORKGROUP WORKGROUP. Returning Result : 11024, errno=0[Success] Calling int smbc_readdir(int dh=11024) Result : 0x400a83e0, errno=0[Success] Found entry type 1, named MDKGROUP Calling int smbc_readdir(int dh=11024) Result : 0x400a83e0, errno=0[Success] Found entry type 1, named REZ Calling int smbc_readdir(int dh=11024) Result : 0x400a83e0, errno=0[Success] Found entry type 1, named WORKGROUP Calling int smbc_readdir(int dh=11024) Result : (nil), errno=0[Success] Test workgroups listing OK Now running test smbc_closedir... Calling int smbc_closedir(int dh=11024) Result : 0, errno=0[Success] Test smbc_closedir OK Now running test machines in workgroup listing... Calling int smbc_opendir(const char *durl=smb://MDKGROUP) Authentification required for SERVER SHADOW SHARE IPC$ in WORKGROUP WORKGROUP. Returning Result : 11024, errno=0[Success] Calling int smbc_readdir(int dh=11024) Result : 0x400a83e0, errno=0[Success] Found entry type 2, named SHADOW Calling int smbc_readdir(int dh=11024) Result : (nil), errno=0[Success] Test machines in workgroup listing OK Calling int smbc_closedir(int dh=11024) Result : 0, errno=0[Success] Now running test shares on a machine listing... Calling int smbc_opendir(const char *durl=smb://SHADOW) Authentification required for SERVER SHADOW SHARE IPC$ in WORKGROUP WORKGROUP. Returning Result : 11024, errno=0[Success]
[Fwd: Re: Backup browser question.]
John H Terpstra wrote: On Sat, 2 Nov 2002, Christopher R. Hertel wrote: The rule of thumb, as I've seen it stated in some olde Windows95 documentation, is that following the election of the Local Master Browser, one of the other Potential Browsers is selected to be a Backup Browser. For every 32 nodes on the subnet (how is this determined) there is supposed to be yet another Backup Browser. This is correct. Certainly up to NT3.51 Microsoft maintained that NT did the same as WfW networking in respect of Backup Master Browser / Potential master browser behaviour. That's what the docs say anyway. What I find annoying is that I cannot get W/NT4 to select another node as a backup browser. This suggests that the real formula is Backup Browser count = 0 + trunc( nodes / 32 ) No matter what, you must have at least one BMB. One backup... Yes, I thought about it a lot last night and I *think* that the Backup Browser selects itself during the election by sending an election packet with the Backup Browser bit set. PS: I recall in the WfW resource kit reading that WfW elects a BMB for every 15 nodes. NT3.1 changed this to 1 in 32 as I recall. Makes sense. They were probably afraid that being a Browser node would put a strain on the system (we are talking 386's running Windows, after all). Once the 486's started coming out, and they had a bit more experience with it, they probably upped the number. instead of Backup Browser count = 1 + trunc( nodes / 32 ) Thing is, I want to take a look at the protocol used to update the Backup Browsers from the LMB's list. Any clues anyone? Don't know if my comments help. They confirm my read of the documentation. Thing is: 1) When I capture a browser lookup, I am seeing that the GetBackupList request, and the reply (both from Samba and from Windows) shows only one name in the Backup Browser list. That name is the name of the Local Master Browser. 2) I don't know how the LMB goes about counting the nodes on the LAN. I suppose it's looking at the announce messages. 3) I don't know how the LMB goes about telling a node that it should be a Backup Browser. These are things that I want to learn so that I can document them. Once again, all clues are helpful. Thanks! Chris -)- -- Samba Team -- http://www.samba.org/ -)- Christopher R. Hertel jCIFS Team -- http://jcifs.samba.org/ -)- ubiqx development, uninq. ubiqx Team -- http://www.ubiqx.org/ -)- [EMAIL PROTECTED] OnLineBook -- http://ubiqx.org/cifs/-)- [EMAIL PROTECTED]
RE: First draft libsmbclient test program
Could we avoid the use of fork() ? :) By script useage I could enjoy small separte tools with clean output for web interface integration/GUI kit. Use plain txt files for scripting events or task to run as argument ? -- Ulf -Original Message- From: Fabien Chevalier [mailto:fchevali;supelec-rennes.fr] Sent: Sunday, November 03, 2002 11:10 PM To: [EMAIL PROTECTED] Subject: First draft libsmbclient test program Hello, I wrote this afternoon this small test program. It does not do all what i would have liked, but it does enough to begin to compare libsmbclient releases. What it tests: -listing workgroups -listing computers -listing shares With an automated way What it does not yet: -all what remains I will go on and implement all what is missing if you feel it will be useful for you. Attached is the output generated by various libsmbclient releases + the current program sources. The first regression is between 2.2.2 and 2.2.3 The second is somewhere i don't know, but is there in 3.0alpha20 Cheers. Fabien. PS: I can make it to dlopen libsmbclient if you need it ...but I use only linux and i have no idea if it will work elsewhere. PS(2): What do you mean, Andrew, by making it scriptable ? -- Samba v2.2.1 [fabien@tux libsmb]$ lsmbctest Now running test smbc_init... Calling int smbc_init(mbc_get_auth_data_fn, int debug=0) Result : 0 Test smbc_init OK Now running test workgroups listing... Calling int smbc_opendir(const char *durl=smb://) Authentification required for SERVER CUTBIDISH SHARE IPC$ in WORKGROUP WORKGROUP. Returning Result : 11024, errno=0[Success] Calling int smbc_readdir(int dh=11024) Result : 0x400a6da0, errno=0[Success] Found entry type 1, named MDKGROUP Calling int smbc_readdir(int dh=11024) Result : 0x400a6da0, errno=0[Success] Found entry type 1, named REZ Calling int smbc_readdir(int dh=11024) Result : 0x400a6da0, errno=0[Success] Found entry type 1, named WORKGROUP Calling int smbc_readdir(int dh=11024) Result : (nil), errno=0[Success] Test workgroups listing OK Now running test smbc_closedir... Calling int smbc_closedir(int dh=11024) Result : 0, errno=0[Success] Test smbc_closedir OK Now running test machines in workgroup listing... Calling int smbc_opendir(const char *durl=smb://MDKGROUP) Authentification required for SERVER SHADOW SHARE IPC$ in WORKGROUP WORKGROUP. Returning Result : 11024, errno=0[Success] Calling int smbc_readdir(int dh=11024) Result : 0x400a6da0, errno=0[Success] Found entry type 2, named SHADOW Calling int smbc_readdir(int dh=11024) Result : (nil), errno=0[Success] Test machines in workgroup listing OK Calling int smbc_closedir(int dh=11024) Result : 0, errno=0[Success] Now running test shares on a machine listing... Calling int smbc_opendir(const char *durl=smb://SHADOW) Authentification required for SERVER SHADOW SHARE IPC$ in WORKGROUP WORKGROUP. Returning Result : 11024, errno=0[Success] Calling int smbc_readdir(int dh=11024) Result : 0x400a6da0, errno=0[Success] Found entry type 6, named IPC$ Calling int smbc_readdir(int dh=11024) Result : 0x400a6da0, errno=0[Success] Found entry type 3, named ADMIN$ Calling int smbc_readdir(int dh=11024) Result : (nil), errno=0[Success] Test shares on a machine listing OK Calling int smbc_closedir(int dh=11024) Result : 0, errno=0[Success] Test summary: smbc_init Ok smbc_closedir Ok workgroups listing Ok machines in workgroup listing Ok shares on a machine listing Ok -- Samba v2.2.2 [fabien@tux libsmb]$ lsmbctest Now running test smbc_init... Calling int smbc_init(mbc_get_auth_data_fn, int debug=0) Result : 0 Test smbc_init OK Now running test workgroups listing... Calling int smbc_opendir(const char *durl=smb://) Authentification required for SERVER CUTBIDISH SHARE IPC$ in WORKGROUP WORKGROUP. Returning Result : 11024, errno=0[Success] Calling int smbc_readdir(int dh=11024) Result : 0x400a83e0, errno=0[Success] Found entry type 1, named MDKGROUP Calling int smbc_readdir(int dh=11024) Result : 0x400a83e0, errno=0[Success] Found entry type 1, named REZ Calling int smbc_readdir(int dh=11024) Result : 0x400a83e0, errno=0[Success] Found entry type 1, named WORKGROUP Calling int smbc_readdir(int dh=11024) Result : (nil), errno=0[Success] Test workgroups listing OK Now running test smbc_closedir... Calling int smbc_closedir(int dh=11024) Result : 0, errno=0[Success] Test smbc_closedir OK Now running test machines in workgroup listing... Calling int smbc_opendir(const char *durl=smb://MDKGROUP) Authentification required for SERVER SHADOW SHARE IPC$ in WORKGROUP WORKGROUP. Returning Result : 11024, errno=0[Success] Calling int smbc_readdir(int dh=11024) Result : 0x400a83e0, errno=0[Success] Found entry type 2,
Re: libsmbclient status
On Sat, 2 Nov 2002, Fabien Chevalier wrote: Hi all. I'm curently playing with KDE smb slave, to try to improve it. It is based on libsmbclient, so... i am playing with libsmbclient too. I found some strange things with libsmbclient. -The first version i tried, 2.2.6, had a problem listing workgroups on the network. All the rest worked fine. OK, you need to initialize your workgroup to something in ~/.smb/smb.conf, and then it will list workgroups. At least that is how it works at the moment in head. This restriction could be lifted, but would require two changes: 1. The code that gets unhappy if smb.conf fails to load will need to change. 2. If a master browser for workgroup cannot be found, then we could do a name status query on the local node, which is not guaranteed to work, or we could prompt for a name. - I then tried 3.0 alpha 20. It had the same problem. And moreover, it could not list the shares on a host anymore. - I then tried 2.2.2...and it seems to work fine. I will have a look at what is wrong in head and see what needs fixing and then commit some code. What's the current status of libsmbclient development ? Is there anything i can do to help solving these problems? [I thought of writing a complete benchmark test program for the lib could be usefull to easily detect regressions...it could the first thing i can do.] -- Regards - Richard Sharpe, [EMAIL PROTECTED], [EMAIL PROTECTED], [EMAIL PROTECTED], http://www.richardsharpe.com
Re: libsmbclient status
On Sat, 2 Nov 2002, Fabien Chevalier wrote: Hi all. I'm curently playing with KDE smb slave, to try to improve it. It is based on libsmbclient, so... i am playing with libsmbclient too. I found some strange things with libsmbclient. - I then tried 3.0 alpha 20. It had the same problem. And moreover, it could not list the shares on a host anymore. I have tried the following with the patches that Tom Jansen sent along with a minor fix of mine: smb:// smb://workgroup smb://server And they all work. - I then tried 2.2.2...and it seems to work fine. What's the current status of libsmbclient development ? Is there anything i can do to help solving these problems? [I thought of writing a complete benchmark test program for the lib could be usefull to easily detect regressions...it could the first thing i can do.] -- Regards - Richard Sharpe, [EMAIL PROTECTED], [EMAIL PROTECTED], [EMAIL PROTECTED], http://www.richardsharpe.com
Re: libsmbclient status
Richard Sharpe wrote: On Sat, 2 Nov 2002, Fabien Chevalier wrote: Hi all. I'm curently playing with KDE smb slave, to try to improve it. It is based on libsmbclient, so... i am playing with libsmbclient too. I found some strange things with libsmbclient. -The first version i tried, 2.2.6, had a problem listing workgroups on the network. All the rest worked fine. OK, you need to initialize your workgroup to something in ~/.smb/smb.conf, and then it will list workgroups. At least that is how it works at the moment in head. This restriction could be lifted, but would require two changes: 1. The code that gets unhappy if smb.conf fails to load will need to change. 2. If a master browser for workgroup cannot be found, then we could do a name status query on the local node, which is not guaranteed to work, or we could prompt for a name. If you are given smb://, then just look for the __MSBROWSE__ name. You may get multiple replies (a good thing). Try each of those until you can get a list of workgroups. If *that* fails, you can go as far as doing an adapter status on each of the responding __MSBROWSE__ nodes and listing their 1D names. You shouldn't need a default workgroup in order to find the workgroup list, though. (Yes, it's kludgy, but this is CIFS!) Chris -)- -- Samba Team -- http://www.samba.org/ -)- Christopher R. Hertel jCIFS Team -- http://jcifs.samba.org/ -)- ubiqx development, uninq. ubiqx Team -- http://www.ubiqx.org/ -)- [EMAIL PROTECTED] OnLineBook -- http://ubiqx.org/cifs/-)- [EMAIL PROTECTED]
Re: First draft libsmbclient test program
On Sun, 3 Nov 2002, Fabien Chevalier wrote: Hello, I wrote this afternoon this small test program. It does not do all what i would have liked, but it does enough to begin to compare libsmbclient releases. One minor fix. In standard C you can't declare a variable after the first executable statement in a function. However, here is the result of running it against my copy of samba-head: ./lsmbctest Now running test smbc_init... Calling int smbc_init(mbc_get_auth_data_fn, int debug=0) Result : 0 Test smbc_init OK Now running test workgroups listing... Calling int smbc_opendir(const char *durl=smb://) Authentification required for SERVER SERVER2 SHARE IPC$ in WORKGROUP SAMBANET. Returning Result : 1, errno=0[Success] Calling int smbc_readdir(int dh=1) Result : 0x804bb44, errno=0[Success] Found entry type 1, named SAMBANET Calling int smbc_readdir(int dh=1) Result : (nil), errno=0[Success] Test workgroups listing OK Now running test smbc_closedir... Calling int smbc_closedir(int dh=1) Result : 0, errno=0[Success] Test smbc_closedir OK Now running test machines in workgroup listing... Calling int smbc_opendir(const char *durl=smb://SAMBANET) Authentification required for SERVER SERVER2 SHARE IPC$ in WORKGROUP SAMBANET. Returning Result : 10001, errno=0[Success] Calling int smbc_readdir(int dh=10001) Result : 0x804bb44, errno=0[Success] Found entry type 2, named N6A3B8 Calling int smbc_readdir(int dh=10001) Result : 0x804bb44, errno=0[Success] Found entry type 2, named SAMBA1 Calling int smbc_readdir(int dh=10001) Result : 0x804bb44, errno=0[Success] Found entry type 2, named SERVER2 Calling int smbc_readdir(int dh=10001) Result : (nil), errno=0[Success] Test machines in workgroup listing OK Calling int smbc_closedir(int dh=10001) Result : 0, errno=0[Success] Now running test shares on a machine listing... Calling int smbc_opendir(const char *durl=smb://N6A3B8) Authentification required for SERVER N6A3B8 SHARE IPC$ in WORKGROUP SAMBANET. Returning Result : 10002, errno=0[Success] Calling int smbc_readdir(int dh=10002) Result : 0x804bb44, errno=0[Success] Found entry type 6, named IPC$ Calling int smbc_readdir(int dh=10002) Result : (nil), errno=0[Success] Test shares on a machine listing OK Calling int smbc_closedir(int dh=10002) Result : 0, errno=0[Success] Test summary: smbc_init Ok smbc_closedir Ok workgroups listing Ok machines in workgroup listing Ok shares on a machine listing Ok Regards - Richard Sharpe, [EMAIL PROTECTED], [EMAIL PROTECTED], [EMAIL PROTECTED], http://www.richardsharpe.com
Re: First draft libsmbclient test program
Richard Sharpe wrote: On Sun, 3 Nov 2002, Fabien Chevalier wrote: Hello, I wrote this afternoon this small test program. It does not do all what i would have liked, but it does enough to begin to compare libsmbclient releases. One minor fix. In standard C you can't declare a variable after the first executable statement in a function. Um... Taken literally, that's not quite true. You can define a variable at the top of any block. The thing is, the variable is only usable within that block. You can even create blocks without having any function, while, for, whatever to initiate them. Just: { long l; /* stuff */ } ...anywhere within a function. The variable 'l' is good until the closing brace. Captain Pedantic -)- -- Samba Team -- http://www.samba.org/ -)- Christopher R. Hertel jCIFS Team -- http://jcifs.samba.org/ -)- ubiqx development, uninq. ubiqx Team -- http://www.ubiqx.org/ -)- [EMAIL PROTECTED] OnLineBook -- http://ubiqx.org/cifs/-)- [EMAIL PROTECTED]
Re: libsmbclient status
Richard Sharpe wrote: : Hmmm, but that name is \000\001MSBROWSE\001\000, I think, and you have to send name requests to a workgroup, don't you? Hmmm, a minute's checking with Ethereal shows that this is not true. I figured you'd clear that up really quickly. Just for the archive's sake, it's: \x01\x02__MSBROWSE__\x02\0x01 ...where that last '\0x01' is the suffix byte. It is registered as a group name by all Local Master Browsers, no matter what the workgroup. They use that name to announce themselves to one-another. That's how the workgroup list gets shared around. That would indeed be the easiest way to do it. I will leave it as an exercise for the students, unless I get around to it first. If you don't know any workgroup names, it's the only way to do it I'm 'fraid. It's what Mike does in jCIFS, btw. If you *do* know a workgroup name (a good reason to have a local NetBIOS name cache, I suppose) then you can try the LMB and/or the DMB for that workgroup. One more problem that was raised on the jCIFS list is that some browsers will not allow you to access the browse list if you're not authenticated. (Which is silly, IMHO.) That's why you might want to gather the list of all IPs that respond to the __MSBROWSE__ name query (the hex codes are too annoying to type all the time) and try them in sequence until you get a usable response. Mike found that LMBs are more likely to allow an anonymous connection (not sure if it's 100%) than they are a guest connection. This came up just a week or so ago. Chris -)- -- Samba Team -- http://www.samba.org/ -)- Christopher R. Hertel jCIFS Team -- http://jcifs.samba.org/ -)- ubiqx development, uninq. ubiqx Team -- http://www.ubiqx.org/ -)- [EMAIL PROTECTED] OnLineBook -- http://ubiqx.org/cifs/-)- [EMAIL PROTECTED]
Re: libsmbclient status
On Sun, 3 Nov 2002, Christopher R. Hertel wrote: Richard Sharpe wrote: : Hmmm, but that name is \000\001MSBROWSE\001\000, I think, and you have to send name requests to a workgroup, don't you? Hmmm, a minute's checking with Ethereal shows that this is not true. I figured you'd clear that up really quickly. Just for the archive's sake, it's: \x01\x02__MSBROWSE__\x02\0x01 ...where that last '\0x01' is the suffix byte. It is registered as a group name by all Local Master Browsers, no matter what the workgroup. They use that name to announce themselves to one-another. That's how the workgroup list gets shared around. I knew I could count on you :-) Regards - Richard Sharpe, [EMAIL PROTECTED], [EMAIL PROTECTED], [EMAIL PROTECTED], http://www.richardsharpe.com
Re: make 'ldap trust ids' the default?
On Sat, Nov 02, 2002 at 06:36:47PM +1100, Andrew Bartlett wrote: I've just committed a patch that adds a new 'ldap trust ids' smb.conf option. Currently defaulting to off, this option allows pdb_ldap to use the ldap server directly to determine if a user 'exists' in unix. This gives us a performance boost, particularly on enumerations: (Removes the extra lookup per record). The logic is such that if there are no posixAccount attributes for a user, we try getpwnam(), it's just that we look in LDAP first. As such, do people think we should have this by default? This was a fix to solve some particular problems that metze had, and I'll see if I can get some feedback on exactly how much this helps. This seems terribly kludgy to me. There's a lot that can be done to optimize unix username lookups without violating the abstraction (e.g., nscd). I particularly don't think this should be used for anything that involves *enumerating* users, as the most frequent NSS configuration involving LDAP is to reference both LDAP *and* local files; so enumerating via the Unix calls may give different results than doing so via the LDAP calls. Steve Langasek postmodern programmer msg04254/pgp0.pgp Description: PGP signature
CVS update: samba/source/passdb
Date: Sun Nov 3 12:54:12 2002 Author: vlendec Update of /data/cvs/samba/source/passdb In directory dp.samba.org:/tmp/cvs-serv12832/passdb Modified Files: passdb.c Log Message: Force algorithmic rid base to sane values and talk about it. Volker Revisions: passdb.c1.178 = 1.179 http://www.samba.org/cgi-bin/cvsweb/samba/source/passdb/passdb.c?r1=1.178r2=1.179
CVS update: samba/source/utils
Date: Sun Nov 3 12:54:12 2002 Author: vlendec Update of /data/cvs/samba/source/utils In directory dp.samba.org:/tmp/cvs-serv12832/utils Modified Files: testparm.c Log Message: Force algorithmic rid base to sane values and talk about it. Volker Revisions: testparm.c 1.53 = 1.54 http://www.samba.org/cgi-bin/cvsweb/samba/source/utils/testparm.c?r1=1.53r2=1.54
Re: CVS update: samba/source/passdb
On Sun, 2002-11-03 at 23:54, [EMAIL PROTECTED] wrote: Date: Sun Nov 3 12:54:12 2002 Author: vlendec Update of /data/cvs/samba/source/passdb In directory dp.samba.org:/tmp/cvs-serv12832/passdb Modified Files: passdb.c Log Message: Force algorithmic rid base to sane values and talk about it. Volker Revisions: passdb.c 1.178 = 1.179 http://www.samba.org/cgi-bin/cvsweb/samba/source/passdb/passdb.c?r1=1.178r2=1.179 Nice patch! Andrew Bartlett -- Andrew Bartlett [EMAIL PROTECTED] Manager, Authentication Subsystems, Samba Team [EMAIL PROTECTED] Student Network Administrator, Hawker College [EMAIL PROTECTED] http://samba.org http://build.samba.org http://hawkerc.net
CVS update: samba/source/auth
Date: Sun Nov 3 13:33:00 2002 Author: tridge Update of /home/cvs/samba/source/auth In directory dp.samba.org:/tmp/cvs-serv14999 Modified Files: auth_builtin.c Log Message: make_server_info_guest() can need root for the ldapsam backend Revisions: auth_builtin.c 1.15 = 1.16 http://www.samba.org/cgi-bin/cvsweb/samba/source/auth/auth_builtin.c?r1=1.15r2=1.16
CVS update: samba/source/passdb
Date: Sun Nov 3 14:10:32 2002 Author: abartlet Update of /data/cvs/samba/source/passdb In directory dp.samba.org:/tmp/cvs-serv17132/passdb Modified Files: passdb.c Log Message: Extra little fix to vl's patch. Make sure the passdb and testparm messages say exactly the same thing - in particular that we can algorithmic rid base == 1000, and use the BASE_RID macro to avoid the use of magic numbers. Andrew Bartlett Revisions: passdb.c1.179 = 1.180 http://www.samba.org/cgi-bin/cvsweb/samba/source/passdb/passdb.c?r1=1.179r2=1.180
CVS update: samba/source/utils
Date: Sun Nov 3 14:13:43 2002 Author: abartlet Update of /data/cvs/samba/source/utils In directory dp.samba.org:/tmp/cvs-serv17350/utils Modified Files: testparm.c Log Message: Extra little fix to vl's patch. Make sure the passdb and testparm messages say exactly the same thing - in particular that we can algorithmic rid base == 1000, and use the BASE_RID macro to avoid the use of magic numbers. Andrew Bartlett Revisions: testparm.c 1.54 = 1.55 http://www.samba.org/cgi-bin/cvsweb/samba/source/utils/testparm.c?r1=1.54r2=1.55
CVS update: samba/source
Date: Mon Nov 4 02:01:48 2002 Author: sharpe Update of /data/cvs/samba/source In directory dp.samba.org:/tmp/cvs-serv2607 Modified Files: Makefile.in Log Message: The fixes from Tom plus a minor update from me. Revisions: Makefile.in 1.555 = 1.556 http://www.samba.org/cgi-bin/cvsweb/samba/source/Makefile.in?r1=1.555r2=1.556
CVS update: samba/source/libsmb
Date: Mon Nov 4 02:01:49 2002 Author: sharpe Update of /data/cvs/samba/source/libsmb In directory dp.samba.org:/tmp/cvs-serv2607/libsmb Modified Files: libsmb_compat.c libsmbclient.c Log Message: The fixes from Tom plus a minor update from me. Revisions: libsmb_compat.c 1.3 = 1.4 http://www.samba.org/cgi-bin/cvsweb/samba/source/libsmb/libsmb_compat.c?r1=1.3r2=1.4 libsmbclient.c 1.60 = 1.61 http://www.samba.org/cgi-bin/cvsweb/samba/source/libsmb/libsmbclient.c?r1=1.60r2=1.61
CVS update: samba/source
Date: Mon Nov 4 02:49:20 2002 Author: abartlet Update of /data/cvs/samba/source In directory dp.samba.org:/tmp/cvs-serv8243 Modified Files: Makefile.in Log Message: Any conversion to POPT must *always* add BUILD_POPT or it just won't work on systems other than linux. Andrew Bartlett Revisions: Makefile.in 1.556 = 1.557 http://www.samba.org/cgi-bin/cvsweb/samba/source/Makefile.in?r1=1.556r2=1.557