[Samba] wbinfo: full name of nt user
Hi, is there a way to not only get the nt account user name (wbinfo -u) but also the full name of a nt user account ? Regards Wolfgang -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] How to join a linux machine to a pure ActiveDirectoryDomain using Samba 3.0alpha21?
[EMAIL PROTECTED] schrieb: So it would appear that Kurt was correct Wrong. Please read the link Glenn send to the list: http://www.experts-exchange.com/Operating_Systems/WinXP/Q_20461281.html#1 However, I don't care about XP Home. I asked: No, I haven't yet setup kerberos. Will net ads join prompt me for the AD to join, or does it somehow automagically figure out which AD to join? Alexander Skwar -- panic(Unable to find empty mailbox for aha1542. ); 2.2.16 /usr/src/linux/drivers/scsi/aha1542.c -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE: [Samba] explorer.exe crashing at login
Hi, Reading your email, are u implying that the default user settings are updated in the SP3. If this is the case if you have a Default User directory under the netlogin share does this mean it will have to updated. If this is the case then our highly modified NTUSER.dat will need to be updated from SP3 then all the mods will need to be reapplied. Is this the case??? Cheers - Kristyan Osborne IT Technician Longhill High School 01273 391672 -- Computers are like airconditioners: They stop working properly if you open windows. Win95: A 32-bit patch for a 16-bit GUI shell running on top of an 8-bit operating system written for a 4-bit processor by a 2-bit company who cannot stand 1 bit of competition. -Original Message- From: Sam Hart [mailto:[EMAIL PROTECTED]] Sent: 19 February 2003 16:54 To: Orion Poplawski Cc: [EMAIL PROTECTED] Subject: Re: [Samba] explorer.exe crashing at login I don't think I'll be able to help solve your problem completely, but I may be able to send you in the right direction. We recently had this problem as well, and found that giving the users higher priviledges on their local client machines solved the problem (which, for our users, was not a desirable solution). It turns out in our situation it had nothing to do with samba being configured incorrectly, but in the fact that the ntuser.* files in their profile directories had older (now incorrect) information in them (after the upgrade). The way I had to solve it was to log in the users (non-priviledged) with out having their profiles roaming (so that Windows created a new profile for them) and then manually copy their new ntuser.* (uh... ntuser.dat, ntuser.dat.log and ntuser.ini, I think) files from the new profile back into their old profile (and then setting them back up to access their old profile) Doing this kludge solved the problem you are talking about in our system. I am guessing (and this is just a shot in the dark) that in our case, the upgrade caused Winwoes (W2K) to think the domain had changed, and that this caused the previous profile information on the client machine to be lost (at least, when viewing ownership on the client machine, the user name was replaced with a long string of garbage). -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Joining Samba 3.0 to a pure Active Directory
Hello. I'd like to join a Samba 3.0 alpha 21 server running on RedHat 8.0 to an Active Directory. This AD does NOT support Windows NT 4.0 Domains. In a previous mail, I've been asked if I already have Kerberos setup and tested. I don't. How do I test if Kerberos is working correctly for me? If everything is working fine, I'd like the Samba server to join the AD europe.delphiauto.net. For this, I should type net ads join. How do I specify, which AD is to be joined? And if this is also working, I'd like to be able to login to the Samba server with a username/password which is ONLY in the AD. Do I need any special privileges in the AD for the server? When this is also working, I'd like offer shares. However, not every user should be allowed to mount every share - IOW: restriction should be done on a per user basis. If I maintain a local smbpasswd, I know that this shouldn't be a problem - but what if I use AD to do the authentication? Thanks a lot for all your help, Alexander Skwar -- #ifdef STUPIDLY_TRUST_BROKEN_PCMD_ENA_BIT 2.4.0-test2 /usr/src/linux/drivers/ide/cmd640.c -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Re: Groups with Samba domain controler or domain member
Update again: glibc-2.3.1-46 _did_ break alot of things. I downgraded back to the one that came on the RedHat 8.0 CD. You could downgrade to RedHat 7.3 (run up2date!) to fix this problem, or work around it as I described. I hadn't tested that workaround, so your only option could be going back to 7.3. Well, I tried to change the ownership to the numeric gid, it worked, but afterwards it doesn't show the group name, only the gid. So I'm not sure it is actually working. However, it is not so important for me by now, I will leave it as is by now; it would be more pain to mess wth glibc, than create some additional groups:) __ Do You Yahoo!? Everything you'll ever need on one web page from News and Sport to Email and Music Charts http://uk.my.yahoo.com -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] domain users in local groups with Winbind/Samba/Redhat
Hello again, at the beginning thank you for your support.Today I had the time to test the various proposals.Finally the gpasswd thing works in that way that I can add any user to local groups.Even domain users... Unfortunately the group members still can not access the shares. I have done it in this way: 1. stop smbd nmbd 2. add winbind use default domain = yes to the smb.conf 3. create a testgroup with groupadd test1 4. add my domain user (without the domain (domain+)) to this group with gpasswd -a rutzki.matthias test1 5. create a share called testshare with valid users = @test1 in smb 6. start smbd nmbd 7. logged in domain on a WIN98 System 8. try to access the testshare 9. System asks me for a password. So, it seems that the samba does not find my user.Same failure when I add my user with gpasswd -a west3+rutzki.matthias test1 to the local group. Here is my winbind log: #access to testshare with valid users = west3+rutzki.matthias (this works perfect): ... [ 8690]: getgroups west3+rutzki.matthias [ 8690]: gid to sid 10250 [ 8690]: gid to sid 11001 [ 8690]: gid to sid 11255 [ 8690]: gid to sid 11257 ... #access to testshare with valid users = @test1 or valid users = +test1(ends in password request): ... [ 8690]: getgroups west3+rutzki.matthias [ 8690]: gid to sid 10250 [ 8690]: gid to sid 11001 [ 8690]: gid to sid 11255 [ 8690]: gid to sid 11257 [ 8690]: getgroups west3+rutzki.matthias [ 8690]: getgroups west3+rutzki.matthias [ 8690]: getgroups west3+rutzki.matthias...(approx.: 30 times this message) ... Has anyone an idea what winbind is doing there? Perhaps you need some other winbind related configuration data: /etc/nsswitch.conf: passwd: files winbind shadow: files winbind group: files winbind /etc/samba/smb.conf: ... security = domain ... winbind separator = + winbind uid = 1-2 winbind gid = 1-2 winbind use default domain = yes winbind cache time = 10 winbind enum users = no #(large domain) winbind enum groups = no #(large domain) template shell = /bin/bash ... [testshare] path = /1 guest ok = no writable = no browseable = yes valid users = @test1 write list = @test1 /etc/pam.d/system-auth: auth required /lib/security/pam_env.so auth sufficient /lib/security/pam_winbind.so auth sufficient /lib/security/pam_unix.so likeauth use_first_pass nullok auth required /lib/security/pam_deny.so accountrequired /lib/security/pam_winbind.so password required /lib/security/pam_cracklib.so retry=3 type= password sufficient /lib/security/pam_unix.so nullok use_authtok md5 shadow passwordrequired /lib/security/pam_deny.so session required /lib/security/pam_limits.so session required /lib/security/pam_unix.so I hope that will help you.Thank you for your help. Greetings Matthias --- David Boynton david.boynton2 at asu.edu wrote: Well, I got this to work once by manually editing the /etc/group file, like adding the line: localgroup:x:gid: domain+user1,domain+user2,etc I don't know if this is a safe thing to do, however. :) I don't believe you can safely manually edit this file, as you would probably also have to edit /etc/gshadow to match. Unix/Linux has a tool called gpasswd that will do this for you: gpasswd -a user group It lets you add users to a group without them existing in /etc/passwd (they don't even have to exist at all). Combine this with winbind use default domain = yes in smb.conf and you're ready to go. For example, in the domain ABC for the user john, do this to add him to a 'local' Unix group called smbusers: gpasswd -a john smbusers With winbind use default domain = yes you don't need to prefix it with your domain. Slick, huh? (: Good luck, /dev/idal -- +++ GMX - Mail, Messaging more http://www.gmx.net +++ Bitte lächeln! Fotogalerie online mit GMX ohne eigene Homepage! -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Joining Samba 3.0 to a pure Active Directory
Alexander Skwar schrieb: In a previous mail, I've been asked if I already have Kerberos setup and tested. I don't. How do I test if Kerberos is working correctly for me? In an off-list mail, someone told me to try | For test your kerberos | | The command | | Kinit [EMAIL PROTECTED] | And your password username I'm getting this error: [root@ugkbase samba]# kinit [EMAIL PROTECTED] kinit(v5): Cannot find KDC for requested realm while getting initial credentials In the ads documentation file of samba at http://tinyurl.com/64gv I read that I need to configure kerberos first: | The minimal configuration for krb5.conf is: | | [realms] | YOUR.KERBEROS.REALM = { |kdc = your.kerberos.server | } That's what I did not yet do. Suppose I've got some Windows clients which are already in the AD - using these machines, can I figure out the name of the KDC? If so, how? Thanks again, Alexander Skwar -- /* When we have more time, we can teach the penguin to say * By your command or Activating turbo boost, Michael. */ 2.2.16 /usr/src/linux/arch/sparc/prom/sun4prom.c -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Joining Samba 3.0 to a pure Active Directory
On your active directory initialize your password vz6tml --- Alexander Skwar [EMAIL PROTECTED] a écrit : Alexander Skwar schrieb: In a previous mail, I've been asked if I already have Kerberos setup and tested. I don't. How do I test if Kerberos is working correctly for me? In an off-list mail, someone told me to try | For test your kerberos | | The command | | Kinit [EMAIL PROTECTED] | And your password username I'm getting this error: [root@ugkbase samba]# kinit [EMAIL PROTECTED] kinit(v5): Cannot find KDC for requested realm while getting initial credentials In the ads documentation file of samba at http://tinyurl.com/64gv I read that I need to configure kerberos first: | The minimal configuration for krb5.conf is: | | [realms] | YOUR.KERBEROS.REALM = { | kdc = your.kerberos.server | } That's what I did not yet do. Suppose I've got some Windows clients which are already in the AD - using these machines, can I figure out the name of the KDC? If so, how? Thanks again, Alexander Skwar -- /* When we have more time, we can teach the penguin to say * By your command or Activating turbo boost, Michael. */ 2.2.16 /usr/src/linux/arch/sparc/prom/sun4prom.c -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba ___ Do You Yahoo!? -- Une adresse @yahoo.fr gratuite et en français ! Yahoo! Mail : http://fr.mail.yahoo.com -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Joining Samba 3.0 to a pure Active Directory
fabien assuid schrieb: On your active directory initialize your password vz6tml What do you mean with initialize? The user has a password and the account is set so that the user does not have to change the password. Alexander Skwar -- /* Nobody will ever see this message :-) */ panic(Cannot initialize video hardware ); 2.0.38 /usr/src/linux/arch/m68k/atari/atafb.c -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] New Users wont authenticate.
Im using Samba 2.2.7a on my RH7.3 box. The 3 users I have had on the system work flawlessly, but when I add a new user (userconf, adduser, smbpasswd -a) the system takes the user, it exists in both PSSWD files, but won't allow logging on from the Win9x box. I look in /var/log/messages and it doesn't tell me anything, nor do my etc/samba/log.smbd-nmbd files, is there a particular switch or configuration in smb.conf that tells it to update the /etc/pamd/passdb file? I feel this is one of those cant see the forest for the trees situations, any assistance is appreciated. Kev -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Help with Winbind
OK, so I got all pam problems sorted out. For those interested, this pam/gdm worked on my RH 8.0 box: auth sufficient /lib/security/pam_winbind.so auth sufficient /lib/security/pam_unix.so likeauth use_first_pass nullok auth required /lib/security/pam_stack.so service=system-auth auth required /lib/security/pam_nologin.so accountsufficient /lib/security/pam_winbind.so accountrequired /lib/security/pam_stack.so service=system-auth password required /lib/security/pam_stack.so service=system-auth sessionrequired /lib/security/pam_stack.so service=system-auth sessionoptional /lib/security/pam_console.so The only difference from what I had been using was the addition of the likeauth and nullok options on the pam_unix.so library. Now on to my next issue with home directories! I've tried two methods. First, I've used what the Winbind docs says for template homedir in smb.conf: /home/%D/%U. When my user logs in, i get an error that the home directory does not exist and then logs the user out. This is expected because they don't exist locally :) Second, I tried first mounting all my users' home directories (we mount them here under windows like Novell used to) under /home.DOMAIN. Then, I changed template homdir to /home/home.%D and restarted the Samba daemons. The user can log in, but I get the following permission error because I've got the home dirs mounted as root. Feb 20 08:12:26 Martyr gdm[849]: gdm_slave_session_start: Directory /home.DOMAIN/user/.gnome2 does not exist. Feb 20 08:12:26 Martyr gdm[849]: gdm_slave_session_start: Directory /home.DOMAIN/user/.gnome2 does not exist. Feb 20 08:12:26 Martyr gdm[849]: gdm_auth_user_add: /home.DOMAIN/user is not owned by uid 10173. Feb 20 08:12:47 Martyr gdm(pam_unix)[849]: session closed for user DOMAIN\user So, I guess my question is, is there a way to mount each user's home directory with their proper auth credentials under unix? I've read through the MARC archives and seen brief mentions of a hacked pam_mount, but nothing detailed or a more standard solution. Thanks again for everyone's help. Khanh Tran Network Operations Sarah Lawrence College -Original Message- From: Aaron Bennett [mailto:[EMAIL PROTECTED]] Sent: Wednesday, February 19, 2003 4:51 PM To: Khanh Tran Cc: '[EMAIL PROTECTED]' Subject: Re: [Samba] Help with Winbind For debugging purposes, put the machine in console mode (init 4 or whatever, just kill kdm/xdm/kdm), and modify /etc/pam.d/login as directed in the Howto. Login is much simpler then gdm, so you don't have to worry about multiple levels of pam stuf. best luck, Aaron Bennett UNIX Administrator Franklin W. Olin College of Engineering Khanh Tran wrote: OK, so I added the lines to /etc/pam.d/gdm file. It's not a big deal for me to re-install RH on this box, so I didn't bother with the telnet test. Anyway, I put in my username and password, and get this error: Feb 19 14:33:31 Martyr gdm(pam_unix)[835]: authentication failure; logname= uid=0 euid=0 tty=:0 ruser=gdm rhost=localhost But RH doesn't return to the username prompt, it asks for the password again, so I enter the same password again, and get: Feb 19 14:33:45 Martyr pam_winbind[835]: user 'ADMIN+khanh' granted acces Feb 19 14:33:45 Martyr gdm(pam_unix)[835]: check pass; user unknown Feb 19 14:33:48 Martyr gdm-binary[835]: Couldn't authenticate user Feb 19 14:33:48 Martyr gdm(pam_unix)[835]: 1 more authentication failure; logname= uid=0 euid=0 tty=:0 ruser=gdm rhost=localhost I'm guessing from the error that the box is trying to authenticate the user to the local passwd file? Anyway, thanks again for the help, but any more ideas? Khanh Tran Network Operations Sarah Lawrence College -Original Message- From: bin wen [mailto:[EMAIL PROTECTED]] Sent: Wednesday, February 19, 2003 2:24 PM To: Khanh Tran; '[EMAIL PROTECTED]' Subject: RE: [Samba] Help with Winbind Looks like you are login through GDM, so you probably have to change the /etc/pam/gdm file too. Before you do that, you may want to just do a telnet to the RH see what happens. --- Khanh Tran [EMAIL PROTECTED] wrote: I changed the pam conf per the 12.5.3.6 section. Here's what I've got: pam.d/login: #%PAM-1.0 auth required /lib/security/pam_securetty.so auth sufficient /lib/security/pam_winbind.so auth sufficient /lib/security/pam_unix.so use_first_pass auth required /lib/security/pam_stack.so service=system-auth auth required /lib/security/pam_nologin.so accountsufficient /lib/security/pam_winbind.so accountrequired /lib/security/pam_stack.so service=system-auth password required /lib/security/pam_stack.so service=system-auth sessionrequired /lib/security/pam_stack.so service=system-auth sessionoptional /lib/security/pam_console.so Khanh Tran Network Operations Sarah Lawrence College
RE: [Samba] New Users wont authenticate.
First, I'd try to see if one of those initial 3 users can log into the Win9x box. That would eliminate network issues and such. Then I'd see if you could telnet, SSH, FTP, etc to the box to see if it's a problem limited to the unix password or samba password files... Khanh Tran Network Operations Sarah Lawrence College -Original Message- From: Kevin Smith [mailto:[EMAIL PROTECTED]] Sent: Thursday, February 20, 2003 8:53 AM To: Samba Subject: [Samba] New Users wont authenticate. Im using Samba 2.2.7a on my RH7.3 box. The 3 users I have had on the system work flawlessly, but when I add a new user (userconf, adduser, smbpasswd -a) the system takes the user, it exists in both PSSWD files, but won't allow logging on from the Win9x box. I look in /var/log/messages and it doesn't tell me anything, nor do my etc/samba/log.smbd-nmbd files, is there a particular switch or configuration in smb.conf that tells it to update the /etc/pamd/passdb file? I feel this is one of those cant see the forest for the trees situations, any assistance is appreciated. Kev -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Re: Novell EDirectory as LDAP backend
Hi, is anybody out there who is using Novell Edir. with samba? Yes, 8.6.3 on a RH 7.3 to be precise. I have searched the archive and found some random notes but no real success story. Works pretty good. I have not yet tried to integrate cups but user authentification (unix login) is done via pam_ldap, i just have some problems getting password syncronisation running, users can alt-ctrl-del an change their windows password, but I want to set the user unix password too. The only thing that does not work is to ldapadd or ldif import users with objectClass sambaAccount. sambaAccount is an auxiliary class, i think you do need a real object class (like user). Take a look with the Schema Manager (ConsoleOne) at the user class, and the needed attributes (IIRC there are 4). Adding posixAccount users and then adding the sambaAccount objectClass via Novells ConsoleOne works, so I guess this is a edir. specific problem which is OT here. Check out the Novell News Servers, one is at: support-forums.novell.com by Stefan -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Help with Winbind
Kanh -- I'm currently beating my head against the pam_mount wall, with no luck. It's the only way I can think of to do this w/o storing the password in plain text. pam_mount is supposed to be able to mount using the login credentials, but I haven't been able to make it work. I'll report any results I find. If you come across any other solutions, could you let me know? Cheers, Aaron Bennett Khanh Tran wrote: OK, so I got all pam problems sorted out. For those interested, this pam/gdm worked on my RH 8.0 box: auth sufficient /lib/security/pam_winbind.so auth sufficient /lib/security/pam_unix.so likeauth use_first_pass nullok auth required /lib/security/pam_stack.so service=system-auth auth required /lib/security/pam_nologin.so accountsufficient /lib/security/pam_winbind.so accountrequired /lib/security/pam_stack.so service=system-auth password required /lib/security/pam_stack.so service=system-auth sessionrequired /lib/security/pam_stack.so service=system-auth sessionoptional /lib/security/pam_console.so The only difference from what I had been using was the addition of the likeauth and nullok options on the pam_unix.so library. Now on to my next issue with home directories! I've tried two methods. First, I've used what the Winbind docs says for template homedir in smb.conf: /home/%D/%U. When my user logs in, i get an error that the home directory does not exist and then logs the user out. This is expected because they don't exist locally :) Second, I tried first mounting all my users' home directories (we mount them here under windows like Novell used to) under /home.DOMAIN. Then, I changed template homdir to /home/home.%D and restarted the Samba daemons. The user can log in, but I get the following permission error because I've got the home dirs mounted as root. Feb 20 08:12:26 Martyr gdm[849]: gdm_slave_session_start: Directory /home.DOMAIN/user/.gnome2 does not exist. Feb 20 08:12:26 Martyr gdm[849]: gdm_slave_session_start: Directory /home.DOMAIN/user/.gnome2 does not exist. Feb 20 08:12:26 Martyr gdm[849]: gdm_auth_user_add: /home.DOMAIN/user is not owned by uid 10173. Feb 20 08:12:47 Martyr gdm(pam_unix)[849]: session closed for user DOMAIN\user So, I guess my question is, is there a way to mount each user's home directory with their proper auth credentials under unix? I've read through the MARC archives and seen brief mentions of a hacked pam_mount, but nothing detailed or a more standard solution. Thanks again for everyone's help. Khanh Tran Network Operations Sarah Lawrence College -Original Message- From: Aaron Bennett [mailto:[EMAIL PROTECTED]] Sent: Wednesday, February 19, 2003 4:51 PM To: Khanh Tran Cc: '[EMAIL PROTECTED]' Subject: Re: [Samba] Help with Winbind For debugging purposes, put the machine in console mode (init 4 or whatever, just kill kdm/xdm/kdm), and modify /etc/pam.d/login as directed in the Howto. Login is much simpler then gdm, so you don't have to worry about multiple levels of pam stuf. best luck, Aaron Bennett UNIX Administrator Franklin W. Olin College of Engineering Khanh Tran wrote: OK, so I added the lines to /etc/pam.d/gdm file. It's not a big deal for me to re-install RH on this box, so I didn't bother with the telnet test. Anyway, I put in my username and password, and get this error: Feb 19 14:33:31 Martyr gdm(pam_unix)[835]: authentication failure; logname= uid=0 euid=0 tty=:0 ruser=gdm rhost=localhost But RH doesn't return to the username prompt, it asks for the password again, so I enter the same password again, and get: Feb 19 14:33:45 Martyr pam_winbind[835]: user 'ADMIN+khanh' granted acces Feb 19 14:33:45 Martyr gdm(pam_unix)[835]: check pass; user unknown Feb 19 14:33:48 Martyr gdm-binary[835]: Couldn't authenticate user Feb 19 14:33:48 Martyr gdm(pam_unix)[835]: 1 more authentication failure; logname= uid=0 euid=0 tty=:0 ruser=gdm rhost=localhost I'm guessing from the error that the box is trying to authenticate the user to the local passwd file? Anyway, thanks again for the help, but any more ideas? Khanh Tran Network Operations Sarah Lawrence College -Original Message- From: bin wen [mailto:[EMAIL PROTECTED]] Sent: Wednesday, February 19, 2003 2:24 PM To: Khanh Tran; '[EMAIL PROTECTED]' Subject: RE: [Samba] Help with Winbind Looks like you are login through GDM, so you probably have to change the /etc/pam/gdm file too. Before you do that, you may want to just do a telnet to the RH see what happens. --- Khanh Tran [EMAIL PROTECTED] wrote: I changed the pam conf per the 12.5.3.6 section. Here's what I've got: pam.d/login: #%PAM-1.0 auth required /lib/security/pam_securetty.so auth sufficient /lib/security/pam_winbind.so auth sufficient /lib/security/pam_unix.so use_first_pass auth required /lib/security/pam_stack.so service=system-auth auth required
RE: [Samba] Help with Winbind
Sure, I'll let you know, but could you pass along what you have for pam_mount? I didn't even start down that path yet. I'm glad to here I'm not alone though. Additionally, this may sound really naive, but what's the point of logging into a domain if you can't get anywhere? Khanh Tran Network Operations Sarah Lawrence College -Original Message- From: Aaron Bennett [mailto:[EMAIL PROTECTED]] Sent: Thursday, February 20, 2003 9:11 AM To: Khanh Tran Cc: '[EMAIL PROTECTED]' Subject: Re: [Samba] Help with Winbind Kanh -- I'm currently beating my head against the pam_mount wall, with no luck. It's the only way I can think of to do this w/o storing the password in plain text. pam_mount is supposed to be able to mount using the login credentials, but I haven't been able to make it work. I'll report any results I find. If you come across any other solutions, could you let me know? Cheers, Aaron Bennett Khanh Tran wrote: OK, so I got all pam problems sorted out. For those interested, this pam/gdm worked on my RH 8.0 box: auth sufficient /lib/security/pam_winbind.so auth sufficient /lib/security/pam_unix.so likeauth use_first_pass nullok auth required /lib/security/pam_stack.so service=system-auth auth required /lib/security/pam_nologin.so accountsufficient /lib/security/pam_winbind.so accountrequired /lib/security/pam_stack.so service=system-auth password required /lib/security/pam_stack.so service=system-auth sessionrequired /lib/security/pam_stack.so service=system-auth sessionoptional /lib/security/pam_console.so The only difference from what I had been using was the addition of the likeauth and nullok options on the pam_unix.so library. Now on to my next issue with home directories! I've tried two methods. First, I've used what the Winbind docs says for template homedir in smb.conf: /home/%D/%U. When my user logs in, i get an error that the home directory does not exist and then logs the user out. This is expected because they don't exist locally :) Second, I tried first mounting all my users' home directories (we mount them here under windows like Novell used to) under /home.DOMAIN. Then, I changed template homdir to /home/home.%D and restarted the Samba daemons. The user can log in, but I get the following permission error because I've got the home dirs mounted as root. Feb 20 08:12:26 Martyr gdm[849]: gdm_slave_session_start: Directory /home.DOMAIN/user/.gnome2 does not exist. Feb 20 08:12:26 Martyr gdm[849]: gdm_slave_session_start: Directory /home.DOMAIN/user/.gnome2 does not exist. Feb 20 08:12:26 Martyr gdm[849]: gdm_auth_user_add: /home.DOMAIN/user is not owned by uid 10173. Feb 20 08:12:47 Martyr gdm(pam_unix)[849]: session closed for user DOMAIN\user So, I guess my question is, is there a way to mount each user's home directory with their proper auth credentials under unix? I've read through the MARC archives and seen brief mentions of a hacked pam_mount, but nothing detailed or a more standard solution. Thanks again for everyone's help. Khanh Tran Network Operations Sarah Lawrence College -Original Message- From: Aaron Bennett [mailto:[EMAIL PROTECTED]] Sent: Wednesday, February 19, 2003 4:51 PM To: Khanh Tran Cc: '[EMAIL PROTECTED]' Subject: Re: [Samba] Help with Winbind For debugging purposes, put the machine in console mode (init 4 or whatever, just kill kdm/xdm/kdm), and modify /etc/pam.d/login as directed in the Howto. Login is much simpler then gdm, so you don't have to worry about multiple levels of pam stuf. best luck, Aaron Bennett UNIX Administrator Franklin W. Olin College of Engineering Khanh Tran wrote: OK, so I added the lines to /etc/pam.d/gdm file. It's not a big deal for me to re-install RH on this box, so I didn't bother with the telnet test. Anyway, I put in my username and password, and get this error: Feb 19 14:33:31 Martyr gdm(pam_unix)[835]: authentication failure; logname= uid=0 euid=0 tty=:0 ruser=gdm rhost=localhost But RH doesn't return to the username prompt, it asks for the password again, so I enter the same password again, and get: Feb 19 14:33:45 Martyr pam_winbind[835]: user 'ADMIN+khanh' granted acces Feb 19 14:33:45 Martyr gdm(pam_unix)[835]: check pass; user unknown Feb 19 14:33:48 Martyr gdm-binary[835]: Couldn't authenticate user Feb 19 14:33:48 Martyr gdm(pam_unix)[835]: 1 more authentication failure; logname= uid=0 euid=0 tty=:0 ruser=gdm rhost=localhost I'm guessing from the error that the box is trying to authenticate the user to the local passwd file? Anyway, thanks again for the help, but any more ideas? Khanh Tran Network Operations Sarah Lawrence College -Original Message- From: bin wen [mailto:[EMAIL PROTECTED]] Sent: Wednesday, February 19, 2003 2:24 PM To: Khanh Tran; '[EMAIL PROTECTED]' Subject: RE: [Samba] Help
[Samba] pam_mount ( was RE: Help with Winbind )
Khanh Tran wrote: Sure, I'll let you know, but could you pass along what you have for pam_mount? I didn't even start down that path yet. I'm glad to here I'm not alone though. Additionally, this may sound really naive, but what's the point of logging into a domain if you can't get anywhere? Here's what I have so far with pam_mount: project homepage: { the first link on google is broken, use this one instead } http://www.flyn.org/#id5426299 from the homepage: -- This module is aimed at environments with SMB (Samba or Windows NT) or NCP (Netware or Mars-NWE) servers that Unix users wish to access transparently. It facilitates access to private volumes of these types well. The module also supports mounting home directories using loopback encrypted filesystems. * Every user can access his own volumes * The user needs to type the password just once (at login) * The mouting process is transparent to the users * There is no need to keep the login passwords in any additional file The volumes are unmounted upon logout, so it saves system resources, avoiding the need of listing every every possibly useful remote volume in /etc/fstab or in an automount/supermount config file. This is also necessary for securing encrypted filesystems. Pam_mount understands SMB, NCP, and any type of filesystem that can be mounted using the standard mount command. If someone has a particular need for a different filesystem, feel free to ask me to include it and send me patches. -- the current version, 0.5.11, on that page doesn't compile for me under Rhat 8. However, an older version, 0.5.9, does compile. However it's poorly documented and I'm not sure if it works for this stuff. At any rate I haven't been able to make it work, yet. It appears it is or was part of connectiva linux. Does anyone else in samba land have any experience with pam_mount? Khanh Tran wrote: Sure, I'll let you know, but could you pass along what you have for pam_mount? I didn't even start down that path yet. I'm glad to here I'm not alone though. Additionally, this may sound really naive, but what's the point of logging into a domain if you can't get anywhere? Khanh Tran Network Operations Sarah Lawrence College -Original Message- From: Aaron Bennett [mailto:[EMAIL PROTECTED]] Sent: Thursday, February 20, 2003 9:11 AM To: Khanh Tran Cc: '[EMAIL PROTECTED]' Subject: Re: [Samba] Help with Winbind Kanh -- I'm currently beating my head against the pam_mount wall, with no luck. It's the only way I can think of to do this w/o storing the password in plain text. pam_mount is supposed to be able to mount using the login credentials, but I haven't been able to make it work. I'll report any results I find. If you come across any other solutions, could you let me know? Cheers, Aaron Bennett Khanh Tran wrote: OK, so I got all pam problems sorted out. For those interested, this pam/gdm worked on my RH 8.0 box: auth sufficient /lib/security/pam_winbind.so auth sufficient /lib/security/pam_unix.so likeauth use_first_pass nullok auth required /lib/security/pam_stack.so service=system-auth auth required /lib/security/pam_nologin.so accountsufficient /lib/security/pam_winbind.so accountrequired /lib/security/pam_stack.so service=system-auth password required /lib/security/pam_stack.so service=system-auth sessionrequired /lib/security/pam_stack.so service=system-auth sessionoptional /lib/security/pam_console.so The only difference from what I had been using was the addition of the likeauth and nullok options on the pam_unix.so library. Now on to my next issue with home directories! I've tried two methods. First, I've used what the Winbind docs says for template homedir in smb.conf: /home/%D/%U. When my user logs in, i get an error that the home directory does not exist and then logs the user out. This is expected because they don't exist locally :) Second, I tried first mounting all my users' home directories (we mount them here under windows like Novell used to) under /home.DOMAIN. Then, I changed template homdir to /home/home.%D and restarted the Samba daemons. The user can log in, but I get the following permission error because I've got the home dirs mounted as root. Feb 20 08:12:26 Martyr gdm[849]: gdm_slave_session_start: Directory /home.DOMAIN/user/.gnome2 does not exist. Feb 20 08:12:26 Martyr gdm[849]: gdm_slave_session_start: Directory /home.DOMAIN/user/.gnome2 does not exist. Feb 20 08:12:26 Martyr gdm[849]: gdm_auth_user_add: /home.DOMAIN/user is not owned by uid 10173. Feb 20 08:12:47 Martyr gdm(pam_unix)[849]: session closed for user DOMAIN\user So, I guess my question is, is there a way to mount each user's home directory with their proper auth credentials under unix? I've read through the MARC archives and
[Samba] pam_unix.so likeauth? (Was: Help with Winbind)
--- Khanh Tran [EMAIL PROTECTED] wrote: auth sufficient /lib/security/pam_unix.so likeauth use_first_pass nullok snip The only difference from what I had been using was the addition of the likeauth and nullok options on the pam_unix.so library. Could you help my ignorance? What does likeauth do for you? I'm only using use_first_pass, and I don't want nullok. In /usr/share/doc/pam-0.75/txts/pam.txt: The likeauth argument makes the module return the same value when called as a credential setting module and an authentication module. This will help libpam take a sane path through the auth component of your configuration file. That wasn't very helpful. I Googled this option but didn't find anything useful. I didn't see an explanation of why you're using it in this thread, either, unless I just missed it. So could you explain, in human terms, how this helps your setup? (: Thanks for the education, /dev/idal __ Do you Yahoo!? Yahoo! Tax Center - forms, calculators, tips, more http://taxes.yahoo.com/ -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] RE: pam_unix.so likeauth? (Was: Help with Winbind)
It makes it work! I was reading through the other messages on the list with similar subjects, and found this one: -Original Message- From: Matthias Rutzki [mailto:[EMAIL PROTECTED]] Sent: Thursday, February 20, 2003 4:51 AM To: [EMAIL PROTECTED]; [EMAIL PROTECTED]; [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Subject: [Samba] domain users in local groups with Winbind/Samba/Redhat It was a long message, so I won't quote it again, but if you read back, you'll find this message. I just decided I'd try his pam setup and it worked after I added the likeauth option. I tend to just do whatever it takes to make it work first and then go back and figure out what consequences I'll run into afterwards... Khanh Tran Network Operations Sarah Lawrence College -Original Message- From: Chris de Vidal [mailto:[EMAIL PROTECTED]] Sent: Thursday, February 20, 2003 9:55 AM To: Khanh Tran; 'Aaron Bennett' Cc: [EMAIL PROTECTED] Subject: pam_unix.so likeauth? (Was: Help with Winbind) --- Khanh Tran [EMAIL PROTECTED] wrote: auth sufficient /lib/security/pam_unix.so likeauth use_first_pass nullok snip The only difference from what I had been using was the addition of the likeauth and nullok options on the pam_unix.so library. Could you help my ignorance? What does likeauth do for you? I'm only using use_first_pass, and I don't want nullok. In /usr/share/doc/pam-0.75/txts/pam.txt: The likeauth argument makes the module return the same value when called as a credential setting module and an authentication module. This will help libpam take a sane path through the auth component of your configuration file. That wasn't very helpful. I Googled this option but didn't find anything useful. I didn't see an explanation of why you're using it in this thread, either, unless I just missed it. So could you explain, in human terms, how this helps your setup? (: Thanks for the education, /dev/idal __ Do you Yahoo!? Yahoo! Tax Center - forms, calculators, tips, more http://taxes.yahoo.com/ -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Solaris, Samba and Windows XP Home ed
Am having problems connecting a Windows XP Home Edition PC to Solaris(V4) via Samba (V0.9??). We can connect all other Windows operating systems without any problems. Would anyone know of a fix. I know Kansas State University, USA, advised its users in May 2002(www.ksu.edu/cns/announce/20020507xphome.html), not to bother with XP Home. Link explains why. Just wondering if there has been a fix since then or should I be giving my department users the same advise. We have just taken delivery of a new server onto which I will be installing Solaris 8 with Samba 1.3, should I expect the same problem? I do apologise if this has already been aired and would appreciate a pointer towards those mailings. Thanks 8-) Wilfred * * * * * * * * * * * * * * * * * Physiology Computing Group Physiology Department University College London Extension: 33265 Telephone: +44(0)20 7679 3265 Email: [EMAIL PROTECTED] Website: www.physiol.ucl.ac.uk * * * * * * * * * * * * * * * * * -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Is Samba made for trash ?!?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Thu, 20 Feb 2003, Michael Paarmann wrote: Yes. And that's what confuse me. Everyone from a Win98 or W2K workstation can log in and gets the login script and so on - but Samba generates this error message. Can i ignore this ? If yes, it's ok, but this messages fill up my logs. Do you have security = domain? Did you join teh Samba box to the domain using smbpasswd? Please supply a copy of your smb.conf. Send it to me off list if you want. In this case:Yes. And the clients crash much more often than before i replace the old server based on novell with Samba. The intenstion of replacing novell was to stabilize the network. I've checked the hardware once again and it's ok. But this messages appears whether the client dies or not! You are dealing with a different network protocol and different network clients. It is possible that a misformatted response could cause client crashes (like explorer.exe or spoolss.exe), but you are going to have to be more specific here. I will say that there are no known issues of clients crashing due to the Samba release. Or are 35 workstations and 15 printers too much for one Samba server ? No. Samba on apprpriate hardware can handle much more than that :-) smbd[30829]: [2003/02/11 14:02:15, 0] rpc_server/srv_netlog.c:api_net_sam_logon(206) smbd[30829]: api_net_sam_logon: Failed to marshall NET_R_SAM_LOGON. Please see the ml archives on this one. 99% chance you can ignore it. Can i disable this warning ? Upgrade to 2.2.7a. You are running and older release. cheers, jerry -- Hewlett-Packard- http://www.hp.com SAMBA Team -- http://www.samba.org GnuPG Key http://www.plainjoe.org/gpg_public.asc You can never go home again, Oatman, but I guess you can shop there. --John Cusack - Grosse Point Blank (1997) -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.0 (GNU/Linux) Comment: For info see http://quantumlab.net/pine_privacy_guard/ iD8DBQE+VPZDIR7qMdg1EfYRAt+AAKDDQwSXQQoUeK+O1wxGnlDCen5K+QCgpkAl OA37r8xHJJE89qdjX9ZR2w8= =9NZO -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE: [Samba] explorer.exe crashing at login
Hi, Reading your email, are u implying that the default user settings are updated in the SP3. If this is the case if you have a Default User directory under the netlogin share does this mean it will have to updated. If this is the case then our highly modified NTUSER.dat will need to be updated from SP3 then all the mods will need to be reapplied. Is this the case??? I'm not certain, I guess they could be. We did recently apply SP3 (very recently) and I actually hadn't made the connection. In our situation, we don't have a Default user directory, everyone has their own unique login. Also, we have roaming profiles disabled (which is retained for legacy purposes, i.e., certain members of our staff would have a cow if they lost their bookmarks/backgrounds ;-) so the profiles are stored on the client machines. If you do have a highly modified NTUSER.dat file, then you may need to have it be recreated... I dont know. Was this an NTUSER.dat file that was modified by hand? (Not like I can help you further one way or the other, it's just that I've always been far too squeemish to look much in, let alone mess with, these files, so I'm curious.) -- Sam Hart University/Work addr. [EMAIL PROTECTED] Personal addr. [EMAIL PROTECTED] end -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Re: domain users in local groups with Winbind/Samba/Redhat
--- Matthias Rutzki [EMAIL PROTECTED] wrote: Unfortunately the group members still can not access the shares. I'm sorry, I'd tested this some time back and should have told you. Winbind doesn't appear to obey local group membership for domain users on the Samba box. We worked around this by creating an NT global group and added members to that. Then we chgrp all files and directories, then chmod g+rw on all files and directories, then chmod g+xs all directories like so: chgrp -R G_servername /path/to/share chmod -R g+rw /path/to/share find /path/to/share -type d -print0 | xargs -0 chgrp g+xs It is important NOT to set files g+xs. It is important to use s (set group id) so files created in the future in that share always have the same group. I have done it in this way: 1. stop smbd nmbd 2. add winbind use default domain = yes to the smb.conf 3. create a testgroup with groupadd test1 Instead, open User Manager for Domains and add an NT global group. I like to use something like G_servername so we A.) know it is a global group and B.) know that if a user can't access a server he just needs to be in that global group. 4. add my domain user (without the domain (domain+)) to this group with gpasswd -a rutzki.matthias test1 Instead, use User Manager to add users to this group. 5. create a share called testshare with valid users = @test1 in smb Use the NT global group here instead. 6. start smbd nmbd 7. logged in domain on a WIN98 System 8. try to access the testshare 9. System asks me for a password. Should be fine now. I tested it this morning with a user with a dot in his name and he could access the share. I don't know how a Samba PDC reacts to local groups. Also, if you apply ACLs, your group memberships can be more flexible and you won't need a global group for each server.. a file or directory can have multiple groups. I hope local group membership will be recognized in Samba 3.0. Perhaps it is an engineering impossibility and will never be recognized? Sorry to mislead you, but I hope you're on the right track now. /dev/idal __ Do you Yahoo!? Yahoo! Tax Center - forms, calculators, tips, more http://taxes.yahoo.com/ -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Samba PDC and NetApps Success
Just FYI, I successfully joined a Samba PDC with a NetApps filer yesterday. Looking through past message lists I couldn't see that it had ever been reported before. Samba 3.0 Alpha 21 NetApps F840 with 6.3.1 release Regards, Randy Parker Dallas, Texas -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Is Samba made for trash ?!?
Hi Jerry ! Do you have security = domain? Did you join teh Samba box to the domain using smbpasswd? Please supply a copy of your smb.conf. Send it to me off list if you want. Ok, here it is: [global] workgroup = Office os level = 128 server string = File- and Printserver encrypt passwords = Yes guest account = Nobody map to guest = Bad User security = DOMAIN printing = LPRNG printcap name = /etc/printcap load printers = Yes socket options = TCP_NODELAY passwd program = /usr/bin/passwd %u passwd chat = *New*password* %n\n *Re-enter*new*password* %n\n *Password*changed* unix password sync = yes local master = YES character set = ISO8859-15 client code page = 850 mangle case = no case sensitive = no short preserve case = yes preserve case = yes time server = yes admin users = domadmin log file = /var/log/samba/samba_log.%U@%m max log size = 500 log level = 0 logon script = %U.bat logon path = \\server_office01\%U\profileNT logon home = \\server_office01\%U hide dot files = yes domain logons = YES domain master = YES preferred master = True local master = Yes wins support = Yes hosts allow = 192.168.0. hosts deny = ALL EXCEPT 192.168.0. kernel oplocks = NO level2 oplocks = NO [homes] comment = Home Directories read only = No create mask = 0770 directory mask = 0770 browseable = No oplocks = no [netlogon] comment = Network Logon Service path = /home/samba/netlogon [printers] comment = Alle Drucker path = /tmp create mask = 0600 printable = Yes browseable = No printer admin = @ma oplocks = no [profiles] comment = Network Profiles Service path = /home/%U/profileNT writeable = yes create mode = 0770 directory mode = 0770 browseable = No oplocks = NO [interna] path = /daten/interna create mode = 0770 directory mode = 0770 force group = ma valid users = @ma comment = Interna write list = @ma oplocks = NO and so on... I've disabled all oplocks. With them the clients crashed much more often than without. But Samba is a lot slower. You are dealing with a different network protocol and different network clients. No, i'm only working with TCP/IP now. And yes, the clients work with W98 or W2K. It is possible that a misformatted response could cause client crashes (like explorer.exe or spoolss.exe), but you are going to have to be more specific here. That's right. Spool32.exe or spoolss.exe die very often. I can see a read or a write socket error in the log list nearly at the same time. I will say that there are no known issues of clients crashing due to the Samba release. Or are 35 workstations and 15 printers too much for one Samba server ? No. Samba on apprpriate hardware can handle much more than that :-) Ok. Upgrade to 2.2.7a. You are running an older release. Hmm, do you really think that this can solve some of my problems? The update from 2.2.3a to 2.2.5 wasn't very effective. But is there a possibility to set Samba in a kind of Compatibility Mode, so that i can be sure the source of the problems isn't Samba ? Thanks in advance. Michel cheers, jerry -- Hewlett-Packard- http://www.hp.com SAMBA Team -- http://www.samba.org GnuPG Key http://www.plainjoe.org/gpg_public.asc You can never go home again, Oatman, but I guess you can shop there. --John Cusack - Grosse Point Blank (1997) -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.0 (GNU/Linux) Comment: For info see http://quantumlab.net/pine_privacy_guard/ iD8DBQE+VPZDIR7qMdg1EfYRAt+AAKDDQwSXQQoUeK+O1wxGnlDCen5K+QCgpkAl OA37r8xHJJE89qdjX9ZR2w8= =9NZO -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Teo Chee Hong/isp is out of the office.
I will be out of the office starting 02/20/2003 and will not return until 02/22/2003. I will respond to your message when I return. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Help in Password Server
Hello, i need help because my samba server is not working. I have a Samba TNG server which SUCCEEDS in authenticating all users stored in a LDAP Directory. They (admins before me) installed in a RH7.3 Box the rpms of Samba HEAD 2.2.3a which *sholud* make available some shares (e.g. users' home) while authenticating against the TNG. The previous version of Samba HEAD did work but since its upgrade it doesn't work anymore. I'm determined to understand why. The SAMBA HEAD is uses TNG as a PASSWORD server but it seems that no trust relationship is found: - -- [2003/02/20 10:29:04, 0] rpc_client/cli_netlogon.c:cli_net_auth2(157) cli_net_auth2: Error NT_STATUS_ACCESS_DENIED [2003/02/20 10:29:04, 0] rpc_client/cli_login.c:cli_nt_setup_creds(74) cli_nt_setup_creds: auth2 challenge failed [2003/02/20 10:29:04, 0] smbd/password c:connect_to_domain_password_server(1335) connect_to_domain_password_server: unable to setup the PDC credentials to machine TNG_DOM. Error was : SUCCESS - 0. [2003/02/20 10:29:04, 0] smbd/password.c:domain_client_validate(1554) domain_client_validate: Domain password server not available. - -- - From the log it seems that some information should be wrote to the HEAD server in order to estabilish the PDC credentials - Why it says 'Error' on a SUCCESS assertion ? - Can someone provide me with a LDAP trust relationship ? Stated that TNG works fine as a PDC i desume that trust relationship work fine. - Is it possible that an upgrade would make it ? The openldap server is OpenLDAP 2.0.27. Thanks Walter -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] pam_smbpass and ldap
I upped teh loge level in my smb.conf jsut to see if that would give me anything. Even at log level = 10 the samba logs say nothing when I do passwd test0. In my pam.d/passwd file I have one line for testing, password required pam_smbpass.so. running passwd test0 looks like this: ppc-test:~# passwd test0 Enter new SMB password: Retype new SMB password: Failed to find entry for user test0. passwd: Authentication token manipulation error auth.log says: Feb 20 17:58:00 ppc-test PAM_smbpass[513]: username [test0] obtained Feb 20 17:58:00 ppc-test PAM_smbpass[513]: username [test0] obtained Feb 20 17:58:03 ppc-test PAM_smbpass[513]: password change failed for user test0 and the samba logs with log level at 10 say nothing. Do I need auth or other lines in pam.d/passwd? If so, why cause debian comes with only password lines in pam.d/passwd? Straces show pam.d/other being opened. other in configured only with pam_unix.so which goes through nss which is configred for LDAP. Do I need pam_smbpass.so in there? If so, why? I've been pouring over straces, but I just can't figure it out. I can see it try to open /etc/passwd at one point. I have straces of both the successful smbpasswd test0 call and the unsuccessful passwd test0 call. I can e-mail cleaned up full straces, but until requested, I'll just include the open() lines: --- smbpasswd test0 open(/etc/ld.so.preload, O_RDONLY)= -1 ENOENT (No such file or directory) open(/etc/ld.so.cache, O_RDONLY) = 3 open(/usr/lib/libldap.so.2, O_RDONLY) = 3 open(/usr/lib/liblber.so.2, O_RDONLY) = 3 open(/lib/libresolv.so.2, O_RDONLY) = 3 open(/usr/lib/libcups.so.2, O_RDONLY) = 3 open(/lib/libdl.so.2, O_RDONLY) = 3 open(/lib/libnsl.so.1, O_RDONLY) = 3 open(/lib/libpam.so.0, O_RDONLY) = 3 open(/lib/libc.so.6, O_RDONLY)= 3 open(/lib/libcrypt.so.1, O_RDONLY)= 3 open(/usr/lib/libsasl.so.7, O_RDONLY) = 3 open(/usr/lib/i686/cmov/libssl.so.0.9.7, O_RDONLY) = 3 open(/usr/lib/i686/cmov/libcrypto.so.0.9.7, O_RDONLY) = 3 open(/lib/libdb2.so.2, O_RDONLY) = 3 open(/etc/localtime, O_RDONLY)= 3 open(/etc/samba/smb.conf, O_RDONLY|O_LARGEFILE) = 3 open(/usr/share/samba/codepages/codepage.850, O_RDONLY|O_LARGEFILE) = 3 open(/usr/share/samba/codepages/unicode_map.850, O_RDONLY|O_LARGEFILE) = 3 open(/usr/share/samba/codepages/unicode_map.ISO8859-1, O_RDONLY|O_LARGEFILE) = 3 open(/var/lib/samba/secrets.tdb, O_RDWR|O_CREAT|O_LARGEFILE, 0600) = 3 open(/dev/tty, O_RDWR|O_CREAT|O_TRUNC|O_LARGEFILE, 0666) = 4 open(/dev/tty, O_RDWR|O_CREAT|O_TRUNC|O_LARGEFILE, 0666) = 4 open(/etc/resolv.conf, O_RDONLY) = 4 open(/etc/nsswitch.conf, O_RDONLY)= 4 open(/etc/ld.so.cache, O_RDONLY) = 4 open(/lib/libnss_files.so.2, O_RDONLY) = 4 open(/etc/host.conf, O_RDONLY)= 4 open(/etc/hosts, O_RDONLY)= 4 open(/etc/ldap/ldap.conf, O_RDONLY|O_LARGEFILE) = 4 open(/root/ldaprc, O_RDONLY|O_LARGEFILE) = -1 ENOENT (No such file or directory) open(/root/.ldaprc, O_RDONLY|O_LARGEFILE) = -1 ENOENT (No such file or directory) open(ldaprc, O_RDONLY|O_LARGEFILE)= -1 ENOENT (No such file or directory) open(/dev/null, O_RDONLY|O_NONBLOCK|O_DIRECTORY) = -1 ENOTDIR (Not a directory) open(/usr/lib/sasl, O_RDONLY|O_NONBLOCK|O_LARGEFILE|O_DIRECTORY) = -1 ENOENT (No such file or directory) open(/etc/hosts, O_RDONLY)= 4 open(/etc/hosts, O_RDONLY)= 4 open(/etc/ld.so.cache, O_RDONLY) = 4 open(/lib/libnss_dns.so.2, O_RDONLY) = 4 open(/etc/hosts, O_RDONLY)= 5 open(/etc/ld.so.cache, O_RDONLY) = 5 open(/lib/libnss_ldap.so.2, O_RDONLY) = 5 open(/etc/libnss-ldap.conf, O_RDONLY) = 5 open(/etc/ldap.secret, O_RDONLY) = 5 open(/etc/hosts, O_RDONLY)= 4 open(/etc/hosts, O_RDONLY)= 4 open(/etc/hosts, O_RDONLY)= 6 open(/etc/hosts, O_RDONLY)= 4 open(/etc/hosts, O_RDONLY)= 4 open(/etc/hosts, O_RDONLY)= 6 --- passwd test0 open(/etc/ld.so.cache, O_RDONLY) = 3 open(/lib/libcrypt.so.1, O_RDONLY)= 3 open(/lib/libpam.so.0, O_RDONLY) = 3 open(/lib/libpam_misc.so.0, O_RDONLY) = 3 open(/lib/libdl.so.2, O_RDONLY) = 3 open(/lib/libc.so.6, O_RDONLY)= 3 open(/var/run/utmp, O_RDWR) = 3 open(/etc/nsswitch.conf, O_RDONLY)= 3 open(/etc/ld.so.cache, O_RDONLY) = 3 open(/lib/libnss_ldap.so.2, O_RDONLY) = 3 open(/usr/lib/libldap.so.2, O_RDONLY) = 3 open(/usr/lib/liblber.so.2, O_RDONLY) = 3 open(/lib/libnsl.so.1, O_RDONLY) = 3 open(/lib/libresolv.so.2, O_RDONLY) = 3 open(/usr/lib/libsasl.so.7, O_RDONLY) = 3 open(/usr/lib/i686/cmov/libssl.so.0.9.7, O_RDONLY) = 3 open(/usr/lib/i686/cmov/libcrypto.so.0.9.7, O_RDONLY) = 3 open(/lib/libdb2.so.2, O_RDONLY) = 3 open(/etc/libnss-ldap.conf, O_RDONLY) = 3 open(/etc/ldap.secret, O_RDONLY) = 3 open(/etc/resolv.conf, O_RDONLY) = 3 open(/etc/ld.so.cache, O_RDONLY) = 3 open(/lib/libnss_files.so.2, O_RDONLY) = 3
re: [Samba] Does smbmount support timeout equivalent to nfs softmount ?
BTW, Windows share needs to be mounted in real time, instead of Linux boot time. So possibly I could not put it to /etc/fstab. Leave it in fstab, but say noauto in the options section -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Printing question
We have printers sitting off of a W2K Native AD FP Server. Is it possible to print to the printer with a Linux client using Samba? If so, how is this accomplished? J -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Printing question
The basic command is: cat file | smbclient //server/share -c 'print -' Note: smbclient doesn't need samba running to work. The things you need to arrange in this setting are: 1. Getting the file filtered on the samba box before it is sent to the windows printer. 2. Taking care of any password stuff in the smbclient command. Once you have this working, you can then explore getting this command put into a print filter on the linux box and set it up to work with lpr. Joel On Thu, Feb 20, 2003 at 02:01:48PM -0500, Esler, Joel Contractor wrote: We have printers sitting off of a W2K Native AD FP Server. Is it possible to print to the printer with a Linux client using Samba? If so, how is this accomplished? J -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Netbios name service forwarding.
I wrote this little program to deal with the situation where there are a number of workgroups on a number of subnets with no WINS server [actually I couldn't get this configuration to run with a WINS server - but that's another story] You run this program on machines bridging your subnets and it listens for netbios nameserver packets and forwards them. [Broadcast packets are sent on to other nets as broadcast packets, the unicast replies are returned as unicast replies] It also sends a copy of any netbios traffic it sees to the local nmbd which will be running on a different port. So I have a machine running samba bridging eth0 192.168.42.0/24 eth1 192.168.48.0/24 I start nmbd with nmbd -D -p 138 and this program nbnsfw 138 eth0 eth1 then my windows machines on each side can resolve names without a WINS server and across multiple workgroups. take care, J. /* * nbnsfw.c: * * Copyright (c) 2003 James McKenzie [EMAIL PROTECTED], * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation; either version 2 of the License, or * (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. * */ static char rcsid[] = $Id: nbnsfw.c,v 1.2 2003/02/20 22:00:46 root Exp root $; /* * $Log: nbnsfw.c,v $ * Revision 1.2 2003/02/20 22:00:46 root * # * * Revision 1.1 2003/02/20 21:54:22 root * Initial revision * */ #include syslog.h #include stdio.h #include sys/ioctl.h #include sys/types.h #include sys/socket.h #include netinet/in.h #include sys/time.h #include sys/types.h #include unistd.h #include string.h #include strings.h #include malloc.h #include net/if.h #include arpa/inet.h #define NETBIOSPORT 137 typedef struct iface_struct { struct iface_struct *next; char *name; int fd; struct sockaddr_in me; struct sockaddr_in nmbd; struct sockaddr_in bcast; struct sockaddr_in addr_cache[0x1]; } *iface; iface ifs; void open_if (char *name, int nb_port, int dm_port) { struct sockaddr_in me = { 0 }; iface i = (iface) malloc (sizeof (struct iface_struct)); int fd; int one = 1; int j; struct ifreq ifr = { 0 }; bzero (i, sizeof (struct iface_struct)); i-name = strdup (name); i-fd = socket (AF_INET, SOCK_DGRAM, 0); if (i-fd 0) { syslog (LOG_ERR, Can't open socket: %m); exit (1); } strcpy (ifr.ifr_name[0], name); if (setsockopt (i-fd, SOL_SOCKET, SO_BINDTODEVICE, ifr, sizeof (ifr))) { syslog (LOG_ERR, Can't bind to interface %s: %m, name); exit (1); } bzero (ifr, sizeof (ifr)); strcpy (ifr.ifr_name[0], name); if (ioctl (i-fd, SIOCGIFADDR, ifr)) { syslog (LOG_ERR, Can't get ip address for interface %s: %m, name); exit (1); } bcopy (ifr.ifr_addr, i-me, sizeof (struct sockaddr_in)); i-me.sin_port = htons (nb_port); bzero (ifr, sizeof (ifr)); strcpy (ifr.ifr_name[0], name); if (ioctl (i-fd, SIOCGIFBRDADDR, ifr)) { syslog (LOG_ERR, Can't get broadcast address for interface %s: %m, name); exit (1); } bcopy (ifr.ifr_addr, i-bcast, sizeof (struct sockaddr_in)); i-bcast.sin_port = htons (nb_port); me.sin_addr.s_addr = INADDR_ANY; me.sin_port = htons (nb_port); if (bind (i-fd, (struct sockaddr *) me, sizeof (struct sockaddr_in)) 00) { syslog (LOG_ERR, Can't bind to port %d on interface %s: %m, nb_port, name); exit (1); } if (setsockopt (i-fd, SOL_SOCKET, SO_BROADCAST, one, sizeof (one))) { syslog (LOG_ERR, Can't enable broadcasts on interface %s: %m, name); exit (1); } i-nmbd = i-me; i-nmbd.sin_port = htons (dm_port); for (j = 0; j 0x1; ++j) { i-addr_cache[j].sin_addr.s_addr = INADDR_BROADCAST; i-addr_cache[j].sin_port = htons (nb_port); } { char buf[1024], *ptr = buf; ptr += sprintf (ptr, Initialized %s ip %s, name, inet_ntoa (i-me.sin_addr)); ptr += sprintf (ptr, bcast %s, inet_ntoa (i-bcast.sin_addr)); syslog (LOG_ERR, ptr); } i-next = ifs; ifs = i; } int main (int argc, char **argv) { unsigned char buf[8192]; int w = getdtablesize (); int len; int fromlen; iface i, j; struct sockaddr_in from; fd_set rfds; int tid; int bcast; int dmport; if (argc 3) { fprintf (stderr, Usage:\n); fprintf (stderr, %s nmbdport interface [interface] [interface] ...\n); exit (1); } openlog (nbnsfw, LOG_CONS, LOG_DAEMON); daemon (0, 0);
Re: [Samba] Suport to HP UX 10.20
On Thu, Feb 20, 2003 at 11:35:10AM -0300, MARIO YWAO AKIOKA wrote: I need to test SAMBA with a HP K 9000 Class machine, with HP-UX 10.20 operating system. Wich SAMBA software version is compatible with this OS? How can I get this software? You can get Samba 2.2.3a for HP-UX 10.20, in HP-UX depot format (for use with the HP-UX swinstall command), from the Software Porting And Archive Centre for HP-UX (http://hpux.connect.org.uk/ - it has nine mirrors in other locations). We've been running Samba from this site for years, and running the above version for the last six months. -- Jonathan Gowland GenaWare -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] cupsaddsmb - why the heck can't I getrpcclient-addprinter to work?
Date: Thu, 20 Feb 2003 20:11:21 + From: Brian Johnson [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: [Samba] cupsaddsmb - why the heck can't I get rpcclient-addprinter to work? Message-ID: [EMAIL PROTECTED] Content-Type: text/plain;charset=iso-8859-1 MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Precedence: list Message: 39 I can't seem to get the rpcclient-addprinter to work - grr Which versions of software are you using? Samba, CUPS? Which OS? It looks like the drivers files are copied correctly and the NT drivers are added correctly but the addprinter command says it's unsuccessful! cupsaddsmb - why the heck can't I get rpcclient-addprinter to work? Maybe because your CUPS/cupsaddsmb version is too old ? The addprinter rpcclient command formerly used by cupsaddsmb has long been replaced by the setdriver command... Cheers, Kurt -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba-LDAP too imature for production?
/On Thu, 2003-02-20 at 15:23, Jim wrote: 2.2.7a It seems that samba-ldap is still to immature for any kind of production environment. The provided Perl scripts simply do not work with the 'add user script' setting or if they do, then there is an an undocumented bug, issue, etc. The scripts work fine from the command line but aparently samba won't execute them properly. Since I cannot expect my users to understand enough of the vagaries of Unix to log in with ssh and add thier machines to the system I don't see how samba-ldap can be implemented in a production environment. well - i use the smbldap-tools in production... are you sure you have the permissions right? add user script = /usr/sbin/smbldap-useradd.pl -a -m %u delete user script = /usr/sbin/smbldap-userdel.pl %u add group script = /usr/sbin/smbldap-groupadd.pl %g delete group script = /usr/sbin/smbldap-groupdel.pl %g add user to group script = /usr/sbin/smbldap-groupmod.pl -m %u %g delete user from group script = /usr/sbin/smbldap-groupmod.pl -x %u %g add machine script = /usr/sbin/smbldap-useradd.pl -w -n %u (this is samba3 but i used to have it working on samba 2.2.5 too) brad -- Bradley W. Langhorst [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Damnit audit
Damnit, pay attention to the list. I submitted a patch to fix this in reply to your message about a week ago. Look back in the list archives. -hal -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Wed, 19 Feb 2003, Zoki wrote: Le 22/01/2003 08:59, « Eugene M. Zheganin » [EMAIL PROTECTED] a écrit : Hi, all. It seems like everybody ignore my letters about audit in samba. snip Yes...there are reported seg faults in the audit VFS module in Samba 2.2. And yes the ones we know about will be fixed for 2.2.8. I've already replied to this effect once I think. Feel free to submit a patch if you have one. cheers, jerry -- Hewlett-Packard- http://www.hp.com SAMBA Team -- http://www.samba.org GnuPG Key http://www.plainjoe.org/gpg_public.asc You can never go home again, Oatman, but I guess you can shop there. --John Cusack - Grosse Point Blank (1997) -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.0 (GNU/Linux) Comment: For info see http://quantumlab.net/pine_privacy_guard/ iD8DBQE+VEs3IR7qMdg1EfYRAtiHAKDsnC5A0zNpOGfLz6H/goCFxxWzYQCgm9ue 43HRpPQX1oElhZjaxuCv0UQ= =kI6w -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [samba] windows client use Linux printer
Congratulations. Getting an understanding of printing problems, rather than just blindly trying this or that printing software solution, is really the way to go with printing. I am not sure why you are just getting black and white printing. Is there a configuration setting in the HP driver on the windows box that is set to BW only? Can you print color from the linux server? I have no good idea why the use of a postscript driver on the windows client is not a universal solution for all windows clients. Maybe it is too simple. Maybe they think they will get better results if they use the driver supplied by the printer manufacturer. There is at least one problem if you use the lexmark windows driver and send the jobs to the raw queue. My lexmarkz53 windows driver had an option for two way communication with the printer. Such communication is impossible with the samba server between you and the printer, and printing won't work. You have to turn the two way communication option off in the lexmark windows software. This minor item took me a LONG time to figure out. Joel On Wed, Feb 19, 2003 at 05:45:45PM +0200, David Harel wrote: Hi and thanks Joel, This information is priceless. I did what you recommended and got it printing. As I see the problem, the most problematic part is to set the driver on the windows client that will produce the desired postscript image. The printer you recommended is not on the list as you typed it. I found the printer: HP Laser Jet III Postscript Plus v2010.118 which works black and white only. Now I am looking for a printer driver that will produce color images. As the role of the driver on the windows system is only to produce postscript image I think samba documents should include a recommendation for such a driver. Joel Hammer wrote: This is always a tricky situation. There is nothing simple about printing. It may look simple, but it is not. So, to get it done, I keep it as simple as possible. Basics: The windows client transfers the job, prefiltered, to the spool directory listed in the samba print share. Then, the command you have supplied in the samba print share is invoked to print that file. The file name is %s. Now, things are hard to follow when you get fancy and use (perhaps unknowingly) a bunch of default settings which may not be what you need. Attempting to load the drivers onto you samba server to allow easy configuration on the windows clients is also another source of error. Now, a basic question is this: Can you print from the samba server directly to your printer? lexmark does provide some nice drivers for their printers for linux, but other drivers might be available. Anyway, if you have a driver for your lexmark printer that works in linux, that means you can convert postscript files to a format your printer understands. If so, you can just use a generic postscript driver on your windows client. HP Laserjet III + works fine for me. Then, direct your printjobs to the queue that does all your other printing on the linux server, and the problem is solved. Here is what I have in my set up: This is /etc/printcap ps|z53:\ sh:sd=/var/spool/lpd/z53:mx#0:\ :lp=/dev/lp0:\ :if=/usr/local/lexmark/z53/z53.sh :mc#1 :sh: lp|LP|z53-outfiles:\ :sd=/var/spool/lpd/lp:\ :mx#0:\ :lp=/dev/lp0:\ :sh:rw: The first handles postscript jobs, the second handles jobs that are already filtered for this printer, ie, a raw queue. This raw queue is there to print test pages from the linux server, too. If you filter your jobs on your clients with the lexmark driver, you would use queue #2 (lp). If you send postscript jobs, you would use #1 (ps). Notice there is no if parameter in the raw queue. Here is my printer share definitions. I don't use the special printer share, because I don't have dozens of printer to service, and I want to be sure I know what samba is really trying to do. smb.conf: [lp] comment = Raw Printer for Z53 path = /tmp create mask = 0700 guest ok = yes hosts allow = 192.168. printable = Yes printing = lprng print command = echo %J %p %s/tmp/junkJ;\ a=`echo '%J' | sed s/^.*- //` ;\ echo This is truncated $a /tmp/junkJ;\ /usr/bin/lpr -Plp -J$a %s;\ rm %s lpq command = /usr/bin/lpq -Plp lprm command = /usr/bin/lprm -Plp %j lppause command = /usr/sbin/lpc hold -Plp %j lpresume command = /usr/sbin/lpc release -Plp %j printer name = lp share modes = No [ps] comment = Filtered for Z53 path = /tmp read only = No create mask = 0700 guest ok = yes hosts allow = 192.168. printable = Yes printing = lprng print command = echo %J %p %s/tmp/junkJ;\ a=`echo '%J' | sed
Re: [Samba] Is it possible to specify Username/Password in a UNCwhen connecting to a samba server from W2K?
Hi, Mebbe I don't understand but try this; smbmount //foo/bar -o username=foo password-bar I use this to cross mount servers of various types for sym link integrity. My way of load balancing. Bri- __ Do you Yahoo!? Yahoo! Tax Center - forms, calculators, tips, more http://taxes.yahoo.com/ -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Success! (was Re: [Samba] samba print server
Hello , I guess I'm talking to myself but I finally got the printer to work changing to security = share. My home directories still require authentication. I guess security = user doesn't permit printers to be active. I'm headed to replace the redhat with gentoo so that I can have just the right amount of software on the server and move my file server to another box with a fat hard drive. I would like to understand why security = user won't permit me to secure the printers. I'm on a private home network of 7 computers so it really doesn't matter with the firewall in place. Here's my smb.conf: #=== Global Settings = [global] # workgroup = NT-Domain-Name or Workgroup-Name workgroup = SLAUGHTERHOUSE # server string is the equivalent of the NT Description field server string = UTILITY # if you want to automatically load your printer list rather # than setting them up individually then you'll need this ; printcap name = /etc/printcap ; load printers = yes # added from doc: ; printing = bsd printcap name = /etc/printcap load printers = yes ; log file = /var/log/samba-log.%m ; lock directory = /var/lock/samba # this tells Samba to use a separate log file for each machine # that connects log file = /var/log/samba/%m.log # Put a capping on the size of the log files (in Kb). max log size = 0 # Security mode. Most people will want user level security. See # security_level.txt for details. ; security = user security = share # You may wish to use password encryption. Please read # ENCRYPTION.txt, Win95.txt and WinNT.txt in the Samba documentation. # Do not enable this option unless you have read those documents encrypt passwords = yes smb passwd file = /etc/samba/smbpasswd # Most people will find that this option gives better performance. # See speed.txt and the manual pages for details ; socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 # DNS Proxy - tells Samba whether or not to try to resolve NetBIOS names # via DNS nslookups. The built-in default for versions 1.9.17 is yes, # this has been changed in version 1.9.18 to no. dns proxy = no # Share Definitions == [homes] comment = Home Directories browseable = no writable = yes valid users = %S create mode = 0664 directory mode = 0775 # NOTE: If you have a BSD-style print system there is no need to # specifically define each individual printer [printers] comment = All Printers ; path = /var/spool/lpd/lp path = /var/spool/samba browseable = no ; public = yes ; create mode = 0700 ;guest ok = yes # Set public = yes to allow user 'guest account' to print guest ok = no writable = no printable = yes end smb.conf I changed 2 things: I removed the socket line and changed security to share. -- See Ya, Clayton mailto:[EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] cupsaddsmb - why the heck can't I getrpcclient-addprinter to work?
cups-1.1.14-15.2 samba-2.2.7-1.7.3 Educate me please ... man rpcclient shows: setdriver printername drivername - Execute a SetPrinter() command to update the printer driver associated with an installed printer. The printer driver must already be correctly installed on the print server. See also the enumprinters and enumdrivers commands for obtaining a list of of installed printers and drivers. This sounds like the printer must already be installed - how is that done if not via addprinter? Currently, if I use enumprinters and enumdrivers (without a level setting), I get a listing of installed drivers and installed printers. If I run setdriver for each of the printer/driver pairs, will it work? I just did it but don't have a windows client to test it against until tomorrow (I'm connected remotely via a ssh terminal) Kurt Pfeifle ([EMAIL PROTECTED]) wrote*: Date: Thu, 20 Feb 2003 20:11:21 + From: Brian Johnson [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: [Samba] cupsaddsmb - why the heck can't I get rpcclient-addprinter to work? Message-ID: [EMAIL PROTECTED] Content-Type: text/plain;charset=iso-8859-1 MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Precedence: list Message: 39 I can't seem to get the rpcclient-addprinter to work - grr Which versions of software are you using? Samba, CUPS? Which OS? It looks like the drivers files are copied correctly and the NT drivers are added correctly but the addprinter command says it's unsuccessful! cupsaddsmb - why the heck can't I get rpcclient-addprinter to work? Maybe because your CUPS/cupsaddsmb version is too old ? The addprinter rpcclient command formerly used by cupsaddsmb has long been replaced by the setdriver command... Cheers, Kurt -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] PATCH: downloading drivers from Solaris [was Re: SoSAMBA no longer ...]
On Thu, 20 Feb 2003, Gerald (Jerry) Carter wrote: OK. after more time than I would like to admit, here the's fix. The bug is obvious now that I see it. Sorry for the headaches this caused. Sorry, if I missed something, but is this really only a problem with solaris or might this be a problem on linux ? Oktay Akbal -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [PATCH] fix sid_to_uid() return correct sidtype
[EMAIL PROTECTED] wrote: On Wed, Feb 19, 2003 at 10:20:35PM +0100, Stefan (metze) Metzmacher wrote: At 21:07 19.02.2003 +, [EMAIL PROTECTED] wrote: On Wed, Feb 19, 2003 at 10:03:57PM +0100, Stefan (metze) Metzmacher wrote: HI all, here's a small fix for returning the correct sidtype in sid_to_uid() and sid_to_gid() this should be applied to all branches with the new uid - sid caching code No attachment - please try again. Jeremy. mailman filtered it out...:-( Actually I made the cache cache the sidtype also. Please check over the code I just checked in... Had also thought about caching the sitype, but then omitted it. Isn't it redundant? What else than SID_NAME_USER and SID_NAME_DOM_GRP can go there, residing in different caches? Cheers! Michael
Accessing Linux workstation from Linux server using samba ..pl
Hi, I am having another doubt that can we access linux workstation from linux server or windows machines in the network using samba? Regards, Rajesh.K
Re: problem with oplocks.
On Tue, 2003-02-18 at 03:34, Michael B. Allen wrote: I wondered what was meant by this too. I concluded it was just a zealous choice of words. I believe he means that a) even after being granted an oplock break the client may still find the file is locked and ultimately get a sharing violation and b) on any system other than Windows or systems with kernel oplocks the file can still be written to and possibly c) if the oplock holder looses connectivity and another writer commits changes data will be lost. There's nothing unreliable or technically flawed about the protocol though. NFSv4 will have the same issues. Hi, I was thinking about the c scenario.
Re: problem with oplocks.
On Tue, 2003-02-18 at 03:34, Michael B. Allen wrote: On Mon, 17 Feb 2003 15:02:59 -0600 Um... Just curious, but how are oplocks are unreliable by definition? I wondered what was meant by this too. I concluded it was just a zealous choice of words. I believe he means that a) even after being granted an oplock break the client may still find the file is locked and ultimately get a sharing violation and b) on any system other than Windows or systems with kernel oplocks the file can still be written to and possibly c) if the oplock holder looses connectivity and another writer commits changes data will be lost. There's nothing unreliable or technically flawed about the protocol though. NFSv4 will have the same issues. Hi, Sorry if I had confused you. I was thinking about the c scenario. Regards, Olaf Fraczyk
Cisco, Nortel, Sun, . - !
úÄÒÁ×ÓÔ×ÕÊÔÅ! Cisco, Nortel, Sun, ÔÅÌÅÆÏÎÉÑ É ÐÒ. - ÏÄÎÉ ÉÚ ÌÕÞÛÉÈ ÃÅÎ × íÏÓË×Å! éÍÅÅÔÓÑ ×ÏÚÍÏÖÎÏÓÔØ ÐÏÓÔÁ×ÌÑÔØ ÏÂÏÒÕÄÏ×ÁÎÉÅ CISCO, Nortel, Lucent, Sun É ÄÒ. ÐÏ ÃÅÎÁÍ ÎÉÖÅ ÒÙÎÏÞÎÙÈ. ðÒÉÞÅÍ ËÁË ÎÏ×ÏÅ ÏÂÏÒÕÄÏ×ÁÎÉÅ, ÔÁË É Â\Õ É ×ÏÓÓÔÁÎÏ×ÌÅÎÎÏÅ, ×ÓÅ Ó ÇÁÒÁÎÔÉÅÊ, ÞÅÒÅÚ ÆÉÒÍÕ, ÓÏ ×ÓÅÍÉ ÄÏËÕÍÅÎÔÁÍÉ. óÒÏËÉ ÐÏÓÔÁ×ËÉ - 1-3 ÎÅÄÅÌÉ, ÐÒÉ ÐÏÓÔÏÑÎÎÙÈ ÚÁËÕÐËÁÈ ÂÙÓÔÒÅÅ. äÌÑ ÆÉÒÍ - ×ÏÚÎÁÇÒÁÖÄÅÎÉÅ ÌÉÃÁÍ, ÏÔ×ÅÔÓÔ×ÅÎÎÙÍ ÚÁ ÚÁËÕÐËÕ ÏÂÏÒÕÄÏ×ÁÎÉÑ! îÁÛÉ ÃÅÎÙ - ÄÅÊÓÔ×ÉÔÅÌØÎÏ ÎÉÚËÉÅ (20-30% ÏÔ GPL ÎÁ ÎÏ×ÏÅ, 40-70% - ÎÁ Â\Õ) îÁ ×ÓÅ ÏÂÏÒÕÄÏ×ÁÎÉÅ ÇÁÒÁÎÔÉÑ 1 ÇÏÄ, × Ô.Þ. ÎÁ Â\Õ! çÉÂËÉÅ ÕÓÌÏ×ÉÑ ÐÏÓÔÁ×ËÉ! ðÒÉÓÙÌÁÊÔÅ ÓÐÉÓÏË ÉÎÔÅÒÅÓÕÀÝÅÇÏ ×ÁÓ ÏÂÏÒÕÄÏ×ÁÎÉÑ Ó ÕËÁÚÁÎÉÅÍ ËÏÌÉÞÅÓÔ×Á, ÕÓÌÏ×ÉÊ É ÓÏÓÔÏÑÎÉÑ ÏÂÏÒÕÄÏ×ÁÎÉÑ (ÎÏ×ÏÅ, Â\Õ) É ÍÙ × ËÒÁÔÞÁÊÛÉÅ ÓÒÏËÉ ÐÏÄÇÏÔÏ×ÉÍ ÏÐÔÉÍÁÌØÎÙÅ ÄÌÑ ×ÁÓ ÐÒÅÄÌÏÖÅÎÉÑ. ðÒÉÎÏÓÉÍ ÷ÁÍ Ó×ÏÉ ÉÚ×ÉÎÅÎÉÑ, ÅÓÌÉ ÄÁÎÎÏÅ ÐÉÓØÍÏ ÐÏÐÁÌÏ ÎÅ ÐÏ ÁÄÒÅÓÕ. ðÉÓØÍÏ ÎÏÓÉÔ ÒÁÚÏ×ÙÊ ÈÁÒÁËÔÅÒ, × ÄÁÌØÎÅÊÛÅÍ ÷Ù ÐÏÄÏÂÎÙÈ ÐÉÓÅÍ ÐÏÌÕÞÁÔØ ÎÅ ÂÕÄÅÔÅ. ÷ÁÛ ÁÄÒÅÓ ×ÚÑÔ ÉÚ ÏÔËÒÙÔÙÈ ÉÓÔÏÞÎÉËÏ×.
RE: Make Admins be admin users
Andrew: You've a valid point that the domain isn't checked (although it's probably still correct for Enterprise Admins). The idea was to do it automatically. Adding Domain Admins to admin users in smb.conf would have the correct results unless somebody forgets to do it. This is especially true if the domain changes. Hence the hack. Since we're trying to emulate a Windows environment, Windows admins expect to have certain privileges. Is there a better way to do this automatically? Ken Ken Cross Network Storage Solutions Phone 865.675.4070 ext 31 [EMAIL PROTECTED] From: Andrew Bartlett [mailto:[EMAIL PROTECTED]] On Thu, 2003-02-20 at 00:17, Ken Cross wrote: Related to the Allow chown of directories patch, I added a hack where members of Admins, Domain Admins, or Enterprise Admins automatically become admin users. (This really saved a lot of headaches for admins.) Note that this sets conn-admin_user, but does *not* set uid to 0 or force_user -- those caused subtle problems. This applies to SAMBA_3_0. This means that administrators in a 'trusted' domain (which means you trust the domain to authenticate it's own users, not to administer your server) has root on your box. I suggest you use: 'admin users = @MYDOM\Domain Admins' In you smb.conf instead. We are going to get rid of 'sid_peek_rid' soon, as it allows this kind of thing too easily - you simply don't know which domain... (The sid_peek_check_rid() version makes sure you have to specify it up front). Andrew Bartlett
Re: [PATCH] fix sid_to_uid() return correct sidtype
Michael Steffens wrote: [EMAIL PROTECTED] wrote: On Wed, Feb 19, 2003 at 10:20:35PM +0100, Stefan (metze) Metzmacher wrote: At 21:07 19.02.2003 +, [EMAIL PROTECTED] wrote: On Wed, Feb 19, 2003 at 10:03:57PM +0100, Stefan (metze) Metzmacher wrote: HI all, here's a small fix for returning the correct sidtype in sid_to_uid() and sid_to_gid() this should be applied to all branches with the new uid - sid caching code No attachment - please try again. Jeremy. mailman filtered it out...:-( Actually I made the cache cache the sidtype also. Please check over the code I just checked in... Had also thought about caching the sitype, but then omitted it. Isn't it redundant? What else than SID_NAME_USER and SID_NAME_DOM_GRP can go there, residing in different caches? Noticed why :) The current caching code does also cache local lookups, meaning that local groups (and machine SIDs when Samba is running as DC) can also occur? Hmm, I'm not sure whether the speed gain for local lookups outweighs the costs of having them wipe winbind SID mapping cache entries. The latter ones look more expensive to me. Cheers! Michael
RE: Make Admins be admin users
On Thu, 2003-02-20 at 21:29, Ken Cross wrote: Andrew: You've a valid point that the domain isn't checked (although it's probably still correct for Enterprise Admins). The idea was to do it automatically. Adding Domain Admins to admin users in smb.conf would have the correct results unless somebody forgets to do it. This is especially true if the domain changes. Hence the hack. Since we're trying to emulate a Windows environment, Windows admins expect to have certain privileges. Is there a better way to do this automatically? Well, I assume your smb.conf file is automatically generated to some extent, so just extend that. (I assume you set 'workgroup' from some other interface, for example). However, NT admins do not have 'root' power over their system. That is reserved for 'System'. NT admins have their power due to ACLs and privileges. The privileges part is being worked on, but a more limited hack has been employed by other NAS vendors to give 'change ownership' permissions. The rest is up to what ACLs you set on your file system. Andrew Bartlett -- Andrew Bartlett [EMAIL PROTECTED] Manager, Authentication Subsystems, Samba Team [EMAIL PROTECTED] Student Network Administrator, Hawker College [EMAIL PROTECTED] http://samba.org http://build.samba.org http://hawkerc.net signature.asc Description: This is a digitally signed message part
Re: Accessing Linux workstation from Linux server using samba ..pl
Assuming you're using a recent redhat release... the default workstation installation installs firewall rules which block incoming connections. This is documented at redhat.com, along with instructions for modifying the default rules. raj rajesh kalagarla wrote: Hi, I am using samba on my both systems working as linux server workstation in windows environment. I am able to access windows machines in the network by both machines. And also I am able to access linux server from Linux workstation but the reverse is not working (accessing linux workstation from linux server). Pl clarify that whether samba will solve the above problem? How can I access linux workstation from linux server? Regards, Rajesh.K smime.p7s Description: S/MIME Cryptographic Signature
Win2K/XP, oplocks, and readahead.
Hi! I'm forwarding this message, which I orignally posted to the samba list, in the hopes of reaching a wider audience for my question. Thanks for considering my problem. I'm working with Samba backed by a high performance filesystem. From a Windows 2K and Windows XP client I'm trying to achieve very high speed single file throughput over GigE from the Windows client using either open/write or CreateFile/ReadFile APIs. I'd rather not venture into overlapped IO there so that we don't have to recommend that all our customers rewrite their applications! I'm seeing a problem where it appears that windows is not reading data far enough ahead (or maybe at all) to keep the pipeline full. From assessing the load on samba, it is a apparent that much of its time is spent idle. The characteristics of the load suggest that WinXP or Win2000 is not requesting readahead far enough to be useful. My link roundtrip latency is around .4 ms beyond the data transmission time, the samba servicing time for 32K of data (32K is the blocksize I'm using) is about .27 ms, and the wire time for 32K of data should be around .27ms on GigE. I understand that it is necessary that oplocking be functional to have the windows client read ahead. However, I have verified that oplocks are being established, yet still the readahead seems either nonexistant or minimal. I don't know how to establish which. FreeBSD is the host OS. I have verified that samba is not sleeping on socket buffer space, and this is borne out by the fact that changing TCP window sizes on client and server improves performance very little. In addition, samba isn't sleeping on the filesystem reads, as readahead on the filesystem ensures data is always available when the windows client requests it. I'd be grateful for answers to any of the following questions: 1. How do Windows clients determine appropriate levels of readahead? Are there any caps on this algorithm that I might be hitting? 2. Is the client or server responsible for producing readahead data (I'm assuming this is the client)? 3. Any other tips on how to make this work or anecdotal evidence of single file performance in the half-gigabit/sec ballpark in the read and write of a single file? 4. Is there any way for samba to send unsolicited readahead data to the Windows client when an oplock has been established? 5. Any samba tricks for debugging this? In terms of registry keys I've already changed those for window sizes, MTU, UseOpportunisticLocking, SizReqBuf (to 64K), EnablePMTUDiscovery, MaxCmds. Here's my samba configuration: [global] encrypt passwords = yes log file = /var/log/samba.log max log size = 100 local master = no read size = 8192 # below socket sizes have been varied without effect socket options = TCP_NODELAY IPTOS_LOWDELAY SO_KEEPALIVE SO_RCVBUF=65536 SO_SNDBUF=65536 dns proxy = no change notify timeout = 3000 disable spoolss = yes smb passwd file = /usr/local/private/smbpasswd password server = * winbind uid = 1-2 winbind gid = 1-2 winbind enum users = yes winbind enum groups = yes workgroup = FOO server string = A Samba Server hosts allow = security = SHARE oplocks = true [myfs] printable = no level2 oplocks = true guest ok = yes path = /myfs comment = myfs read only = no hide dot files = no share modes = no
Samba and windows xp
I have set up a server with Redhat linux version 7.3 running Samba 2.2.7... initially this was configured using the SWAT. This particular server is not only a file server but a webserver and provides database support through MySQL. Shares and users have been set up and the system has worked fine ever since. From a Winxp client I can connect to the server and work as though it was my hard drive. So have a setup that works and has continued to work. In the meantime I have tried setting up two additional servers with the same configuration software wise and for some reason we will have connectivity through Samba for a 3-5 days then all the sudden I get messages to the affect that I don't have permission to use the network resource. I know this sounds crazy but this happens all on its own. Absolutely no changes were made on the server to cause this to happen. I have talked to several people that were more experienced than I and I had already tried their ideas. BTW I have tried syncing all the passwords/usernames and the problem is still there. Below is what my smb.conf file looks like: # Samba config file created using SWAT # from localhost.localdomain (127.0.0.1) # Date: 2003/02/20 08:22:26 # Global parameters [global] workgroup = HDS netbios name = RH_TIC1 server string = Samba Server security = DOMAIN encrypt passwords = Yes update encrypted = Yes obey pam restrictions = Yes pam password change = Yes passwd program = /usr/bin/passwd %u passwd chat = *New*password* %n\n *Retype*new*password* %n\n *passwd:*all*authentication*tokens*updated*successfully* unix password sync = Yes log file = /var/log/samba/%m.log max log size = 0 socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 preferred master = False local master = No domain master = False dns proxy = No printing = lprng [homes] comment = Home Directories valid users = %S read only = No create mask = 0664 directory mask = 0775 browseable = No [printers] comment = All Printers path = /var/spool/samba printable = Yes browseable = No [tic1] path = /tic1 read only = No guest ok = Yes Can one of you real techies tell me what to look for to correct this problem?
Re: Accessing Linux workstation from Linux server using samba ..pl
On Thu, 20 Feb 2003, raj rajesh kalagarla wrote: Hi, I am having another doubt that can we access linux workstation from linux server or windows machines in the network using samba? I know what you mean. Sometimes I find myself doubting that gcc can do what it does, but after a little testing, I find that it's true. Regards - Richard Sharpe, rsharpe[at]ns.aus.com, rsharpe[at]samba.org, sharpe[at]ethereal.com, http://www.richardsharpe.com
Locking db getting corrupt?
We've been seeing a re-curring problem on one of our Samba servers: Samba 2.2.7 running on HP-UX 11.0. After a week of running relatively quietly, we'll get a rash of errors in smbd.log associated with a call from a user that their connection is getting dropped. I_ve been dropped off twice in the past couple of days. So far I_ve been able to get back on -- once took a reboot of my pc, this time it only took trying to reconnect several times. [2003/02/19 12:25:46, 3] smbd/oplock.c:(1211) open_oplock_ipc: opening loopback UDP socket. [2003/02/19 12:25:46, 3] lib/util_sock.c:(813) bind succeeded on port 0 [2003/02/19 12:25:46, 3] smbd/oplock.c:(1241) open_oplock ipc: pid = 18635, global_oplock_port = 60186 [2003/02/19 12:25:46, 3] smbd/process.c:(878) Transaction 0 of length 72 [2003/02/19 12:25:46, 2] smbd/reply.c:(91) netbios connect: name1=ICTEST1 name2=FCMC7196LL [2003/02/19 12:25:46, 2] smbd/reply.c:(110) netbios connect: local=ictest1 remote=fcmc7196ll [2003/02/19 12:45:24, 0] locking/brlock.c:(235) Failed to open byte range locking database [2003/02/19 12:45:24, 0] locking/locking.c:(328) ERROR: Failed to initialise locking database [2003/02/19 12:45:24, 0] locking/brlock.c:(235) Failed to open byte range locking database [2003/02/19 12:45:24, 0] locking/locking.c:(328) ERROR: Failed to initialise locking database [2003/02/19 12:50:04, 3] smbd/oplock.c:(1211) open_oplock_ipc: opening loopback UDP socket. [2003/02/19 12:50:04, 3] lib/util_sock.c:(813) bind succeeded on port 0 [2003/02/19 12:50:04, 3] smbd/oplock.c:(1241) open_oplock ipc: pid = 18875, global_oplock_port = 60285 [2003/02/19 12:50:04, 3] smbd/process.c:(878) Transaction 0 of length 72 [2003/02/19 12:50:04, 2] smbd/reply.c:(91) netbios connect: name1=ICTEST1 name2=SJPCT2679-D [2003/02/19 12:50:04, 2] smbd/reply.c:(110) netbios connect: local=ictest1 remote=sjpct2679-d The above pattern of messages repeats several times in the log, and then disappears again. In past occurances, we've stopped Samba, deleted all the locking databases, and restarted which cleared up more persistant occurances of this issue, but I'd like to discover the root cause. -- Ray Frush Either you are part of the solution T:970.288.6223 or part of the precipitate. -*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*- Agilent Technologies, Inc. | Information Technology | IT Engineer
Re: [PATCH] fix sid_to_uid() return correct sidtype
On Thu, Feb 20, 2003 at 01:20:14PM +0100, Michael Steffens wrote: Noticed why :) The current caching code does also cache local lookups, meaning that local groups (and machine SIDs when Samba is running as DC) can also occur? Hmm, I'm not sure whether the speed gain for local lookups outweighs the costs of having them wipe winbind SID mapping cache entries. The latter ones look more expensive to me. Hmmm. True, but the local lookups could be going via NIS or another method to a remote server. I also reduced the cache size to 10. Can you test the code in you environment and see if it still gives the speedup you noticed. If not I'll remove the local caching code. Jeremy.
mount points / free disk space / dfree command
We have a share with mount points beneath it. Free disk space is incorrect because samba always returns the free space in the top level directory of the share. It is the same problem discussed before in this thread: http://groups.google.com/groups?hl=enlr=ie=UTF-8oe=UTF-8th=4c04c4aeb2405 d4dseekm=9q2iee%242s7r%241%40FreeBSD.csie.NCTU.edu.twframe=off I was hoping to use the dfree command smb.conf option, as the df command reports the correct amount of free space for each subdirectory. I found that my dfree command was always given the directory name of the top level of the share, regardless of the current directory on the Win2k client, so the answer I get with dfree is the same as the internal samba routines. Why does that happen? Does the QUERY_FS_INFO trans2 call have knowledge of the current directory of the client, or is that not included in the client's request? If not, then I must admit that this may be impossible. If it does, and if that directory were passed to the df command, then what I need can be done via samba. I do not want to use recursion and add up the amount of free space as the sum of each mount point. I only care about the current directory. We do have a need to determine the amount of free space from Win2k, and creating a samba share for each subdirectory would be impractical. TIA, Kevin Panko
Re: technical support
On 19 Feb 2003, HAKIZIMANA Claude [EMAIL PROTECTED] wrote: Can you help me? You need to ask this kind of question on the users list, [EMAIL PROTECTED] -- Martin
[PATCH] leak in init_valid_table
util_unistr.c/init_valid_table in HEAD and 3.0 causes a 64k leak every time the configuration is loaded if there is no valid.dat file installed. (The pointer to the malloc'd valid_table is clobbered by the call to map_file.) It looks like it is intended that the valid table be recreated on each reload in case the dos codepage has changed. Is that right? The commit comment for 1.87 says that this should remove the need for valid.dat. Rather than fixing the leak I wonder if it would be better to now just remove valid.dat support altogether? If you don't want to do that, I think this patch will remove the leak. --- util_unistr.c.~1.99.~ 2003-02-21 14:05:33.0 +1100 +++ util_unistr.c 2003-02-21 14:14:20.0 +1100 @@ -105,27 +105,34 @@ static int check_dos_char(smb_ucs2_t c) **/ void init_valid_table(void) { - static int initialised; static int mapped_file; int i; const char *allowed = .!#$%'()_-@^`~; + uint8 *valid_file; - if (initialised mapped_file) return; - initialised = 1; + if (mapped_file) { + /* Can't unmap files, so stick with what we have */ + return; + } - valid_table = map_file(lib_path(valid.dat), 0x1); - if (valid_table) { + valid_file = map_file(lib_path(valid.dat), 0x1); + if (valid_file) { + valid_table = valid_file; mapped_file = 1; return; } - /* Otherwise, using a dynamically loaded one. */ + /* Otherwise, we're using a dynamically created valid_table. +* It might need to be regenerated if the code page changed. +* We know that we're not using a mapped file, so we can +* free() the old one. */ if (valid_table) free(valid_table); DEBUG(2,(creating default valid table\n)); valid_table = malloc(0x1); - for (i=0;i128;i++) valid_table[i] = isalnum(i) || - strchr(allowed,i); + for (i=0;i128;i++) + valid_table[i] = isalnum(i) || strchr(allowed,i); + for (;i0x1;i++) { smb_ucs2_t c; SSVAL(c, 0, i); -- Martin
Re: Byte range locking
On Thu, Feb 20, 2003 at 07:50:22PM -0800, Srikanta Shivanna wrote: I noticed a difference in byte range locking behavior between Samba (2.2.x) and Windows 2000 server, basically on Samba 2.2.x with strict locking enabled, a client process which owns a shared byte range lock can write to the locked region, this is not allowed on Windows 2000 server. Is there a reason for this Samba behavior? Is it because of default value of some config option? Can you give me more information on what open modes, access requested etc. from the client Win32 code please ? Thanks, Jeremy.
Re: [PATCH] fix sid_to_uid() return correct sidtype
Hi Jeremy, [EMAIL PROTECTED] wrote: On Thu, Feb 20, 2003 at 01:20:14PM +0100, Michael Steffens wrote: Hmm, I'm not sure whether the speed gain for local lookups outweighs the costs of having them wipe winbind SID mapping cache entries. The latter ones look more expensive to me. Hmmm. True, but the local lookups could be going via NIS or another method to a remote server. Had not taken NIS into account. Good point. I also reduced the cache size to 10. Actually 100 :) Can you test the code in you environment and see if it still gives the speedup you noticed. I did on a test machine, already during the testing of W2k and XP office apps use of ACLs. Caching did fine. (ACLs did not.) I don't expect the cache behaviour to be much different on the production box. Both don't have NIS, do not act as DCs, and share user management is almost pure winbind driven. (I'm a little winbind biased :) If not I'll remove the local caching code. I was wrong and you convinced me! Thanks! Michael
Re: possible memory leak
On Fri, Jan 24, 2003 at 11:07:49AM -0800, Leo Qiu wrote: Hi, I seem to find some possible memory leaks in Samba code. The patch is attached, Could you guys have a look to check whether it is correct? One of them was, one wasn't. I've added comments to the POSIX_ACL code to make it clearer - thanks ! Jeremy.
IDMAP backend
Hi Jim, Anthony, It's nice to see that someone is working on the idmap backend stuff :-) But I'm REALLY NOT FINE with a parameter name 'winbind backend' for this!!! winbind backends are RPC and ADS. we should name this parameter 'idmap backend' or something like that. please, please change this fast! :-) otherwise it will be bad to change this parameter because everyone has it in his smb.conf and has to change this. also we should seperate the idmap stuff from winbind, so that we can use it in pdb and other subsystems of samba also. metze - Stefan metze Metzmacher [EMAIL PROTECTED]
Re: Locking db getting corrupt?
Ray Frush wrote: We've been seeing a re-curring problem on one of our Samba servers: Samba 2.2.7 running on HP-UX 11.0. After a week of running relatively quietly, we'll get a rash of errors in smbd.log associated with a call from a user that their connection is getting dropped. I_ve been dropped off twice in the past couple of days. So far I_ve been able to get back on -- once took a reboot of my pc, this time it only took trying to reconnect several times. [...] [2003/02/19 12:45:24, 0] locking/brlock.c:(235) Failed to open byte range locking database [2003/02/19 12:45:24, 0] locking/locking.c:(328) ERROR: Failed to initialise locking database [2003/02/19 12:45:24, 0] locking/brlock.c:(235) Failed to open byte range locking database [2003/02/19 12:45:24, 0] locking/locking.c:(328) ERROR: Failed to initialise locking database We haven't had these since running 2.2.7a for about three weeks now on HP-UX 11.11. But messages do remind those smbstatus does report when the locking database just doesn't exist, yet. So it might be temporarily unaccessible? Does dmesg report anything suspicous, like it has run out of nfiles or nflocks? In that case these kernel parameters would need to be increased. Michael
Browing Trouble for SAMBA 1.9.17p4
Hello, (B (BI installed the SAMBA 1.9.17p4 on OpenVMS V6.2. (BDuring the installation, there is no error message. (B (BI can find the SAMBA server from Windows client. (B (BHowever, when I try to acees the SAMBA server, I always rejected. (B (BSo my browsing test, I set "guest ok = yes" and "security = user" at global (Bsection. (BHowever, I can not access the directory of SAMBA server. (B (BThere are my questions. (B(1)What do I need to check the SAMBA is propery working? (B(2)What is the easy way to access the directory of SAMBA (B(This setting use fot testing purpose. So the security is not my concern.) (B(3)What is the best choice for security setting? (B(I was planning to set the server level security.) (B(4)If you can, please tell me how to set the security. (B(Especailly, serlevel security.) (B (BI am waiting for your answer. (B (BThanks,
CVS update: samba/source/nsswitch
Date: Thu Feb 20 10:43:21 2003 Author: abartlet Update of /data/cvs/samba/source/nsswitch In directory dp.samba.org:/tmp/cvs-serv30233/nsswitch Modified Files: winbindd_ads.c Log Message: for some (very weird) reason, the domain I was testing aginst would not return a DN for the user. Make sure we don't segfault. Andrew Bartlett Revisions: winbindd_ads.c 1.61 = 1.62 http://www.samba.org/cgi-bin/cvsweb/samba/source/nsswitch/winbindd_ads.c?r1=1.61r2=1.62
CVS update: samba/source/smbd
Date: Thu Feb 20 10:50:10 2003 Author: abartlet Update of /data/cvs/samba/source/smbd In directory dp.samba.org:/tmp/cvs-serv30729/smbd Modified Files: sesssetup.c Log Message: Like for NTLM logins, lookup the 'winbind' user first, then the 'local' user. This needs to change, to be a SID-UID lookup from the PAC. Andrew Bartlett Revisions: sesssetup.c 1.87 = 1.88 http://www.samba.org/cgi-bin/cvsweb/samba/source/smbd/sesssetup.c?r1=1.87r2=1.88
CVS update: samba/source/auth
Date: Thu Feb 20 12:01:39 2003 Author: abartlet Update of /data/cvs/samba/source/auth In directory dp.samba.org:/tmp/cvs-serv10849/auth Modified Files: auth_util.c Log Message: For a number of months now, support for being a domain member without also running winbind has been broken. This fixes that, by removing assumptions about being able to call sid_to_uid() at will. This whole area needs revising when we get groups into the PDB. Andrew Bartlett Revisions: auth_util.c 1.63 = 1.64 http://www.samba.org/cgi-bin/cvsweb/samba/source/auth/auth_util.c?r1=1.63r2=1.64
CVS update: samba/source/tdb
Date: Thu Feb 20 18:54:12 2003 Author: jra Update of /data/cvs/samba/source/tdb In directory dp.samba.org:/tmp/cvs-serv13023/tdb Modified Files: tdb.c Log Message: Ensure tdb error code is set for corrupt and i/o errors before calling the log function. This allows the log function to take action. Jeremy. Revisions: tdb.c 1.121 = 1.122 http://www.samba.org/cgi-bin/cvsweb/samba/source/tdb/tdb.c?r1=1.121r2=1.122
CVS update: samba/source/tdb
Date: Thu Feb 20 19:03:11 2003 Author: jra Update of /data/cvs/samba/source/tdb In directory dp.samba.org:/tmp/cvs-serv14494/tdb Modified Files: Tag: SAMBA_3_0 tdb.c Log Message: Ensure tdb error code is set for corrupt and i/o errors before calling the log function. This allows the log function to take action. Jeremy. Revisions: tdb.c 1.106.2.8 = 1.106.2.9 http://www.samba.org/cgi-bin/cvsweb/samba/source/tdb/tdb.c?r1=1.106.2.8r2=1.106.2.9
CVS update: samba/source/tdb
Date: Thu Feb 20 19:03:15 2003 Author: jra Update of /data/cvs/samba/source/tdb In directory dp.samba.org:/tmp/cvs-serv12982/tdb Modified Files: Tag: APPLIANCE_HEAD tdb.c Log Message: Ensure tdb error code is set for corrupt and i/o errors before calling the log function. This allows the log function to take action. CR#1837. Jeremy. Revisions: tdb.c 1.35.2.31 = 1.35.2.32 http://www.samba.org/cgi-bin/cvsweb/samba/source/tdb/tdb.c?r1=1.35.2.31r2=1.35.2.32
CVS update: samba/source/rpcclient
Date: Thu Feb 20 19:10:19 2003 Author: jelmer Update of /home/cvs/samba/source/rpcclient In directory dp.samba.org:/tmp/cvs-serv15239 Removed Files: display.c display_spool.c samsync.c Log Message: Remove obsolete files Revisions: display.c 1.47 = NONE http://www.samba.org/cgi-bin/cvsweb/samba/source/rpcclient/display.c?rev=1.47 display_spool.c 1.8 = NONE http://www.samba.org/cgi-bin/cvsweb/samba/source/rpcclient/display_spool.c?rev=1.8 samsync.c 1.31 = NONE http://www.samba.org/cgi-bin/cvsweb/samba/source/rpcclient/samsync.c?rev=1.31
CVS update: samba/source/rpcclient
Date: Thu Feb 20 19:13:37 2003 Author: jelmer Update of /home/cvs/samba/source/rpcclient In directory dp.samba.org:/tmp/cvs-serv16255 Removed Files: Tag: SAMBA_3_0 display_spool.c samsync.c Log Message: Remove obsolete files Revisions: display_spool.c 1.8 = NONE http://www.samba.org/cgi-bin/cvsweb/samba/source/rpcclient/display_spool.c?rev=1.8 samsync.c 1.15.2.6 = NONE http://www.samba.org/cgi-bin/cvsweb/samba/source/rpcclient/samsync.c?rev=1.15.2.6
CVS update: samba/source/lib
Date: Thu Feb 20 19:14:55 2003 Author: jelmer Update of /home/cvs/samba/source/lib In directory dp.samba.org:/tmp/cvs-serv16527 Added Files: Tag: SAMBA_3_0 module.c Log Message: Merge in smb_load_module() function from HEAD Revisions: module.cNONE = 1.6.2.1 http://www.samba.org/cgi-bin/cvsweb/samba/source/lib/module.c?rev=1.6.2.1
CVS update: samba/source
Date: Thu Feb 20 19:21:20 2003 Author: jelmer Update of /home/cvs/samba/source In directory dp.samba.org:/tmp/cvs-serv17261 Modified Files: Tag: SAMBA_3_0 Makefile.in Log Message: Compile in lib/module.o Revisions: Makefile.in 1.468.2.43 = 1.468.2.44 http://www.samba.org/cgi-bin/cvsweb/samba/source/Makefile.in?r1=1.468.2.43r2=1.468.2.44
CVS update: samba/source/utils
Date: Thu Feb 20 22:09:55 2003 Author: jra Update of /data/cvs/samba/source/utils In directory dp.samba.org:/tmp/cvs-serv27467/utils Modified Files: Tag: SAMBA_3_0 testparm.c Log Message: Added Volkers print server role patch. Jeremy. Revisions: testparm.c 1.45.2.10 = 1.45.2.11 http://www.samba.org/cgi-bin/cvsweb/samba/source/utils/testparm.c?r1=1.45.2.10r2=1.45.2.11
CVS update: samba/source/utils
Date: Thu Feb 20 22:09:57 2003 Author: jra Update of /data/cvs/samba/source/utils In directory dp.samba.org:/tmp/cvs-serv27435/utils Modified Files: testparm.c Log Message: Added Volkers print server role patch. Jeremy. Revisions: testparm.c 1.60 = 1.61 http://www.samba.org/cgi-bin/cvsweb/samba/source/utils/testparm.c?r1=1.60r2=1.61
CVS update: samba/source/include
Date: Thu Feb 20 22:26:28 2003 Author: jelmer Update of /home/cvs/samba/source/include In directory dp.samba.org:/tmp/cvs-serv30763/include Modified Files: smb.h Log Message: Make init_module() and thus smb_load_module() return an int. modules/developer.c: init_module() should return an int Revisions: smb.h 1.474 = 1.475 http://www.samba.org/cgi-bin/cvsweb/samba/source/include/smb.h?r1=1.474r2=1.475
CVS update: samba/source/modules
Date: Thu Feb 20 22:26:28 2003 Author: jelmer Update of /home/cvs/samba/source/modules In directory dp.samba.org:/tmp/cvs-serv30763/modules Modified Files: developer.c Log Message: Make init_module() and thus smb_load_module() return an int. modules/developer.c: init_module() should return an int Revisions: developer.c 1.1 = 1.2 http://www.samba.org/cgi-bin/cvsweb/samba/source/modules/developer.c?r1=1.1r2=1.2
CVS update: samba/source/rpc_server
Date: Thu Feb 20 22:26:28 2003 Author: jelmer Update of /home/cvs/samba/source/rpc_server In directory dp.samba.org:/tmp/cvs-serv30763/rpc_server Modified Files: srv_pipe.c Log Message: Make init_module() and thus smb_load_module() return an int. modules/developer.c: init_module() should return an int Revisions: srv_pipe.c 1.104 = 1.105 http://www.samba.org/cgi-bin/cvsweb/samba/source/rpc_server/srv_pipe.c?r1=1.104r2=1.105
CVS update: samba/source/lib
Date: Thu Feb 20 22:26:28 2003 Author: jelmer Update of /home/cvs/samba/source/lib In directory dp.samba.org:/tmp/cvs-serv30763/lib Modified Files: module.c Log Message: Make init_module() and thus smb_load_module() return an int. modules/developer.c: init_module() should return an int Revisions: module.c1.6 = 1.7 http://www.samba.org/cgi-bin/cvsweb/samba/source/lib/module.c?r1=1.6r2=1.7
CVS update: samba/source/nsswitch
Date: Thu Feb 20 22:46:37 2003 Author: jmcd Update of /home/cvs/samba/source/nsswitch In directory dp.samba.org:/tmp/cvs-serv1744/nsswitch Modified Files: winbindd.h winbindd_idmap.c Added Files: winbindd_idmap_tdb.c Log Message: From [EMAIL PROTECTED]: This patch adds the architecture for an IDMAP backend system including a new smb.conf parameter winbind backend. Right now, the only valid value is tdb but I'm currently working on an LDAP backend. Revisions: winbindd_idmap_tdb.cNONE = 1.1 http://www.samba.org/cgi-bin/cvsweb/samba/source/nsswitch/winbindd_idmap_tdb.c?rev=1.1 winbindd.h 1.38 = 1.39 http://www.samba.org/cgi-bin/cvsweb/samba/source/nsswitch/winbindd.h?r1=1.38r2=1.39 winbindd_idmap.c1.23 = 1.24 http://www.samba.org/cgi-bin/cvsweb/samba/source/nsswitch/winbindd_idmap.c?r1=1.23r2=1.24
CVS update: samba/source/rpc_server
Date: Fri Feb 21 00:19:18 2003 Author: jerry Update of /data/cvs/samba/source/rpc_server In directory dp.samba.org:/tmp/cvs-serv21258/rpc_server Modified Files: Tag: SAMBA_2_2 srv_spoolss_nt.c Log Message: fix printer settings on Solaris print servers. ASCII - UNICODE conversion bug. Other branches are already ok. Revisions: srv_spoolss_nt.c1.115.2.224 = 1.115.2.225 http://www.samba.org/cgi-bin/cvsweb/samba/source/rpc_server/srv_spoolss_nt.c?r1=1.115.2.224r2=1.115.2.225
CVS update: samba/source/rpcclient
Date: Fri Feb 21 04:25:04 2003 Author: tpot Update of /data/cvs/samba/source/rpcclient In directory dp.samba.org:/tmp/cvs-serv13842/rpcclient Modified Files: rpcclient.c Log Message: Fix for only specifying one command with -c Revisions: rpcclient.c 1.207 = 1.208 http://www.samba.org/cgi-bin/cvsweb/samba/source/rpcclient/rpcclient.c?r1=1.207r2=1.208
CVS update: samba/source/rpc_client
Date: Fri Feb 21 04:26:58 2003 Author: tpot Update of /data/cvs/samba/source/rpc_client In directory dp.samba.org:/tmp/cvs-serv14580/rpc_client Modified Files: cli_samr.c Log Message: Exit path cleanup for cli_samr_enum_dom_users() Revisions: cli_samr.c 1.73 = 1.74 http://www.samba.org/cgi-bin/cvsweb/samba/source/rpc_client/cli_samr.c?r1=1.73r2=1.74
CVS update: samba/source/rpcclient
Date: Fri Feb 21 04:28:32 2003 Author: tpot Update of /data/cvs/samba/source/rpcclient In directory dp.samba.org:/tmp/cvs-serv14974/rpcclient Modified Files: cmd_samr.c Log Message: Added enumdomusers command. Revisions: cmd_samr.c 1.155 = 1.156 http://www.samba.org/cgi-bin/cvsweb/samba/source/rpcclient/cmd_samr.c?r1=1.155r2=1.156
CVS update: samba/source/smbd
Date: Fri Feb 21 04:46:27 2003 Author: tpot Update of /data/cvs/samba/source/smbd In directory dp.samba.org:/tmp/cvs-serv19737 Modified Files: sesssetup.c Log Message: Fixed compiler warning. Revisions: sesssetup.c 1.88 = 1.89 http://www.samba.org/cgi-bin/cvsweb/samba/source/smbd/sesssetup.c?r1=1.88r2=1.89
CVS update: samba/source/rpc_server
Date: Fri Feb 21 04:47:24 2003 Author: tpot Update of /data/cvs/samba/source/rpc_server In directory dp.samba.org:/tmp/cvs-serv20009 Modified Files: srv_lsa_nt.c Log Message: Fixed compiler warning. Revisions: srv_lsa_nt.c1.67 = 1.68 http://www.samba.org/cgi-bin/cvsweb/samba/source/rpc_server/srv_lsa_nt.c?r1=1.67r2=1.68
CVS update: samba/source/utils
Date: Fri Feb 21 04:53:39 2003 Author: tpot Update of /data/cvs/samba/source/utils In directory dp.samba.org:/tmp/cvs-serv21936 Modified Files: net_ads.c Log Message: Fixed another compiler warning. Revisions: net_ads.c 1.61 = 1.62 http://www.samba.org/cgi-bin/cvsweb/samba/source/utils/net_ads.c?r1=1.61r2=1.62
CVS update: samba/source/nsswitch
Date: Fri Feb 21 05:06:49 2003 Author: tpot Update of /data/cvs/samba/source/nsswitch In directory dp.samba.org:/tmp/cvs-serv25517 Modified Files: winbindd_ads.c Log Message: Fix another compiler warning. Revisions: winbindd_ads.c 1.62 = 1.63 http://www.samba.org/cgi-bin/cvsweb/samba/source/nsswitch/winbindd_ads.c?r1=1.62r2=1.63
CVS update: samba/source
Date: Fri Feb 21 05:51:37 2003 Author: tpot Update of /data/cvs/samba/source In directory dp.samba.org:/tmp/cvs-serv30210 Modified Files: Tag: SAMBA_3_0 Makefile.in Log Message: Ignore errors on python_clean target. Revisions: Makefile.in 1.468.2.44 = 1.468.2.45 http://www.samba.org/cgi-bin/cvsweb/samba/source/Makefile.in?r1=1.468.2.44r2=1.468.2.45
CVS update: samba/source/libsmb
Date: Fri Feb 21 05:54:23 2003 Author: jra Update of /data/cvs/samba/source/libsmb In directory dp.samba.org:/tmp/cvs-serv30390/libsmb Modified Files: Tag: SAMBA_2_2 libsmbclient.c Log Message: Small fix from Tom Jansen [EMAIL PROTECTED] to check correct error return. Jeremy. Revisions: libsmbclient.c 1.27.2.23 = 1.27.2.24 http://www.samba.org/cgi-bin/cvsweb/samba/source/libsmb/libsmbclient.c?r1=1.27.2.23r2=1.27.2.24
CVS update: samba/source/smbd
Date: Fri Feb 21 06:25:02 2003 Author: jra Update of /data/cvs/samba/source/smbd In directory dp.samba.org:/tmp/cvs-serv1729/smbd Modified Files: Tag: SAMBA_2_2 posix_acls.c Log Message: Added comments to make it clearer when we're assigning a pointer that it must not be freed afterwards. Jeremy. Revisions: posix_acls.c1.1.4.68 = 1.1.4.69 http://www.samba.org/cgi-bin/cvsweb/samba/source/smbd/posix_acls.c?r1=1.1.4.68r2=1.1.4.69