[Samba] wbinfo and getent passwd showing different number ofaccounts

[Lee Sanders]

Hello,

I ran into a problem today. One of our users couldn't authenticate to a
share which was working a few days ago. Turns out the reason was the
account didn't exist according to pam but did exist according to wbinfo
-u. The difference between the systems was approximately 30,000 user
accounts. 

A restart of winbindd fixed this issue but I suspect that it is not
completely fixed as there is still a difference of 10,000 accounts
between the two systems.

#wbinfo -u > all.users
#getent passwd > all.passwd

(before fixing
# wc -l all.*
  9989 all.passwd
  43113 all.users

(after fixing)
# wc -l all.*
  2 all.passwd
  43113 all.users

Anyone know of a limit for winbind. I know 43,000 is a lot of ADS
accounts and both pam account numbers seem to be on a 10,000 user
boundary.

Best Regards,
Lee Sanders


-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Re: [Samba] udp 137/138 vs tcp 139

[Andrew Bartlett]

On Fri, 2003-06-20 at 19:51, [EMAIL PROTECTED] wrote:
> Hi!
> 
> I have a samba PDC connected with 2 nics on the same network... (to
> increse bandwidth) well... connections on ports udp 137/138 go on the
> first nic, while tcp 139 goes out only on the second...
> why? Anybody knows?

This is probably due to the difference between UDP and TCP.  TCP will
try to return packets via the exact same route by which them came (not
strictly true, but this is what is happening here).  UDP will find the
'best' route to the host, without regard to where any previous packet
has come from, because the kernel doesn't actually know that there was a
previous packet.

Too increase bandwidth, you will need to use multi-channel bonding and a
specialized switch.

Andrew Bartlett

-- 
Andrew Bartlett [EMAIL PROTECTED]
Manager, Authentication Subsystems, Samba Team  [EMAIL PROTECTED]
Student Network Administrator, Hawker College   [EMAIL PROTECTED]
http://samba.org http://build.samba.org http://hawkerc.net


signature.asc
Description: This is a digitally signed message part
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Re: [Samba] net groupmap syntax ?!?

[Gerald (Jerry) Carter]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On 10 Jun 2003, Holger Brückner wrote:

> hello,
> 
> trying to follow the example im the howto-collection.
> this is a samba 3.0beta-1 from debian, recompiled with ldapsam support
> 
> refering to the howto, the following command should work:
> 
> net groupmap add unixgroup=smbadmin ntgroup="Domain Admins"
> 
> unfortunately ist just says:
>  svpdc:~# net groupmap add unixgroup=smbadmin ntgroup="Domain Admins"
> Usage: net groupmap add {rid=|sid=} unixgroup=
  
> [type=] [ntgroup=] [comment=]


give it a rid or SID.




cheers, jerry
 --
 Hewlett-Packard- http://www.hp.com
 SAMBA Team -- http://www.samba.org
 GnuPG Key   http://www.plainjoe.org/gpg_public.asc
 "You can never go home again, Oatman, but I guess you can shop there."  
--John Cusack - "Grosse Point Blank" (1997)

-BEGIN PGP SIGNATURE-
Version: GnuPG v1.2.0 (GNU/Linux)
Comment: For info see http://quantumlab.net/pine_privacy_guard/

iD8DBQE+9mzgIR7qMdg1EfYRAmtSAKCfFnr7CUsYLTgt8VDrnyGq1oVfcgCgwvgZ
nlVpRieIpns5WjjYGr6lR0Q=
=SLXC
-END PGP SIGNATURE-

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] Winbind Error Message

[John Simovic]

When I try and telnet into my linux machine I get the message Connection closed by 
Foreign Host. Anybody know what this means. It creates the users home directory but 
then the connection is lost. My logs /etc/pam.d/login file are below


[2003/06/20 09:37:03, 3] nsswitch/winbindd_user.c:winbindd_getpwnam(105)
  [ 6699]: getpwnam spennington
[2003/06/20 09:37:03, 3] nsswitch/winbindd_user.c:winbindd_getpwnam(105)
  [ 6699]: getpwnam spennington
[2003/06/20 09:37:03, 3] nsswitch/winbindd_user.c:winbindd_getpwnam(105)
  [ 6699]: getpwnam spennington
[2003/06/20 09:37:03, 5] nsswitch/winbindd.c:client_read(419)
  read failed on sock 15, pid 6699: EOF
[2003/06/20 09:37:03, 5] nsswitch/winbindd.c:client_read(419)
  read failed on sock 13, pid 6699: EOF


#%PAM-1.0
auth   required pam_securetty.so
auth   sufficient   pam_winbind.so
auth   sufficient   pam_unix.so likeauth use_first_pass
auth   required pam_stack.so service=system-auth
auth   required pam_nologin.so
accountsufficient   pam_winbind.so
accountrequired pam_stack.so service=system-auth
password   required pam_stack.so service=system-auth
sessionrequired pam_mkhomedir.so skel=/etc/skel umask=0022
sessionrequired pam_stack.so service=system-auth
sessionoptional pam_console.so



**
This message is intended for the addressee named and may contain
privileged information or confidential information or both. If you
are not the intended recipient please delete it and notify the sender.
**
--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] BackupPC 2.0.0 released (backup to disk forWinXX/Linux/Unix)

[cbarratt]

BackupPC version 2.0.0 has been released on SourceForge, see
http://backuppc.sourceforge.net.  New features include support
for rsync/rsyncd and internationalization of the CGI interface
(including English, French, Spanish and German).

BackupPC a high-performance perl-based package for backing up linux,
unix or WinXX PCs and laptops to a server's disk.  BackupPC is highly
configurable and easy to install and maintain.  SMB (via smbclient),
tar over rsh/ssh or rsync/rsyncd are used to extract client data.

Given the ever decreasing cost of disks and raid systems, it is now
practical and cost effective to backup a large number of machines onto
a server's local disk or network storage.  This is what BackupPC does.

Key features are pooling of identical files (big savings in server disk
space), compression, and a comprehensive CGI interface that allows users
to browse backups and restore files.

BackupPC is free software distributed under a GNU GPL license.
BackupPC runs on linux/unix/freenix servers, and has been tested
on linux, unix, Win95, Win98, Win2000, WinXP and Mac OSX clients.

Enjoy!

Craig Barratt
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Re: [Samba] question

[Tom McKellips]

Post your smb.conf file to have a look at it.


On 22 Jun 2003 09:49:26 -0400, Anne Pyle wrote
> I'm a Windows user who is a newbie to Linux (and obviously to Samba),
> having just installed it for the first time yesterday.  I run three
> computers, a desktop and two laptops.  I've gotten everything set up
> just fine so far -- my network is working, I can access email and the
> web (my internet connection is on the desktop and I'm working on one 
> of the laptops) and can access my files on the other computers.
> 
> The only thing I can't seem to make work is the printers (which are
> located on the Windows computer).  I have Samba set up, have followed
> the instructions (I thought), but when I try to print a test page I get
> the message "Unable to connect to Samba host."  I realize that I've
> probably overlooked something extremely obvious, but can someone 
> help me out here?
> 
> Oh, and I have set up Samba to load automatically when Linux is started.
> -- 
> 
> Anne Pyle
> [EMAIL PROTECTED]
> http://www.ceannmor.com
> 
> 
> -- 
> To unsubscribe from this list go to the following URL and read the
> instructions:  http://lists.samba.org/mailman/listinfo/samba


--
Internet Service Provided By Abyss Communications
Internet Service only $10 a month
1-866-842-2977
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] Hi need some understanding

[RJPvT]

Hi guys,

(sorry for my typos, i'm dutch :-) )

First I would like to congratulate you all for a job wel done, the samba 
3.0 looks and works great.

I have got a question neverteless,

I want to use the user manager for winnt for my users and group admin.
but i also want to stay off the linux accounts since i don't want 
everyone to be able to login to various programs

i am using the tdbsam backend with the idmap, but i cannot create users 
with the user manager, nor can i create groups.

i know i will have to user net group and pdbedit to make these
but i cannot figure out the right syntaxes with the add user, add group 
scripts in smb.conf

also I cannot use more then 1 group per user, and would like te be able 
to change this.

Could you give me some pointers, or possible the commands for
add user, add group, delete user from, add user to, etc. ?
this is my current smb.conf :

[global]
workgroup = RJPCNET
netbios name = RJPC-srv1
server string = Samba3
passdb backend = tdbsam, guest
password level = 8
username level = 8
syslog = 0
log file = /var/log/samba/%m
name resolve order = wins bcast hosts
time server = Yes
socket options = TCP_NODELAY SO_KEEPALIVE SO_SNDBUF=8192 
O_RCVBUF=8192
disable spoolss = Yes
domain logons = Yes
os level = 35
preferred master = Yes
domain master = Yes
wins support = Yes
utmp = Yes
idmap uid = 15000-2
idmap gid = 15000-2
comment = Samba 3.0.0
printing = cups

[homes]
comment = Home Directories
valid users = %S
read only = No
browseable = No
[netlogon]
comment = Network Logon Service
path = /var/lib/samba/netlogon
admin users = root
guest ok = Yes
nt acl support = No
browseable = No
blocking locks = No
csc policy = disable
locking = No
oplocks = No
level2 oplocks = No
posix locking = No
strict locking = No
share modes = No
[simple]
comment = simple share
path = /tmp
read only = No
--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Re: [Samba] ok, so oplocks: good or bad?

[Jeremy Allison]

On Sun, Jun 22, 2003 at 09:27:24AM -0700, [EMAIL PROTECTED] wrote:
> Hi,
> 
> I disabled oplocks after weeks of corrupt files during
> network renders amongst 80+ cpus using XP Pro.
> 
> Disabling oplocks fixed my corrupt file issue however
> I suspect that my choice of using XP Pro in a serious
> production env was a bad one.  I am now switching to
> 2K and have a feeling that with oplocks re enabled,
> file corruption may not occur.

Indeed - search in the archives for the post I sent with
the Microsoft hotfixes for Windows XP SP1 oplock corruption
problems.

Jeremy.
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] roaming profiles on beta samba3 as pdc

[robowarp]

Hi @ll,
can someone enlight me ,
i could log in the domain and profiles are created well on samba, but after
second login, win client says 
i cannot copy //linux/Profiles/testuser to  c:\Dokument ...
so its starts with local copy
after login i am able to browse the Profiles share on samba but if i wanna
open a files the client makes a explorer failure , it seems to me that this is
a permission problem but chmod -R 0777 /var/lib/samba/profiles
does not have any succes to the problem
mapping of home Z works very well, but if i store the the profile to the
home share if got same problem

i found no descript of  profile acls = Yes, what is that?

here is the smb.conf part which should be related to the problem

#logon script = login.bat
logon drive = Z:
logon path = \\%L\Profiles\%U
logon home = \\%L\%U
[homes]
comment = Home Directories
valid users = %S
read only = No
browseable = No
[netlogon]
comment = Network Logon Service
path = /var/lib/samba/netlogon
admin users = root
guest ok = Yes
nt acl support = No
browseable = No
blocking locks = No
csc policy = disable
locking = No
oplocks = No
level2 oplocks = No
posix locking = No
strict locking = No
share modes = No
[Profiles]
comment = Roaming Profile Share
path = /var/lib/samba/profiles
read only = No
profile acls = Yes
Best Regards from sunny hot munich


-- 
+++ GMX - Mail, Messaging & more  http://www.gmx.net +++
Bitte lächeln! Fotogalerie online mit GMX ohne eigene Homepage!

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Re: [Samba] question

[Joel Hammer]

Please see my post for the share printer thread for some information on your
printing question.

> Oh, and I have set up Samba to load automatically when Linux is started.

The best way is to use the startup scripts provided for each daemon
with adjusting the files in rc[0-6].d to properly start and stop these
daemons as you change run levels (start and stop the machine, etc.)
To start any daemon automatically with the startup scripts, you have to
mess around either with some GUI configuration tool (settings), or the
files in /etc/rc.d/rc[0-6].d. If all else fails, just put these commands
in rc.local

/usr/local/samba/bin/smbd -D
/usr/local/samba/bin/nmbd -D

To find the files, locate rc.local and which smbd and which nmbd might help.

Note that the startup scripts have beome increasingly complex over
the last few years. Even for someone who knows some bash they are very
difficult to follow, since each vendor does things suprisingly different.

This home brew script does a fine job for me:
#!/bin/bash
case "$1" in
 start)
  killall smbd
  killall nmbd
/usr/local/samba/bin/smbd -D
/usr/local/samba/bin/nmbd -D
  ;;

 stop)
  killall smbd
  killall nmbd
 ;;
 reload)
 kill -SIGHUP `cat /usr/local/samba/var/locks/smbd.pid`
 kill -SIGHUP `cat /usr/local/samba/var/locks/nmbd.pid`
 ;;
 *)
 echo Usage: 
 echo start stop reload
 ;;
esac
exit 0

Joel

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Re: [Samba] ok, so oplocks: good or bad?

[bkrusic]

Hi,

I disabled oplocks after weeks of corrupt files during
network renders amongst 80+ cpus using XP Pro.

Disabling oplocks fixed my corrupt file issue however
I suspect that my choice of using XP Pro in a serious
production env was a bad one.  I am now switching to
2K and have a feeling that with oplocks re enabled,
file corruption may not occur.

Bri-

__
Do you Yahoo!?
SBC Yahoo! DSL - Now only $29.95 per month!
http://sbc.yahoo.com
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] $BL$>5Bz9-9p"(!!AGE($J=P2q(B$B$$(B

[$B$^$8$a$J=P2q$$(B]

$B!c;v6H$^$l$kJ}$N2q$G$9!#(B
$B!!(B($BF~2q;q3J$O!"(B23$B:P0J>e$GF|K\:_=;$NJ}$G$9!#!K(B
(B
$B!y?75,$4F~2q$5$l$?J}$K$O$"$J$?$N$44uK>$K9g$C$?J}$r(B1$BL>L5NA$G>R2p(B
$B!!$7$^$9!*!JM9JX$G>R2p$7$^$9!#!K(B
(B
$B!yFH<+$N8r:]>pJs;o$rH/9T$7$F$*$j$^$9$N$GB??t$N2q0wMM$+$iA*$Y$k(B
$B!!%7%9%F%`$b$4$6$$$^$9!*(B
(B
$B!y$/$o$7$/$O%[!<%`%Z!<%8$r$4Mw$/[EMAIL PROTECTED](B
(B
$B!y%[!<%`%Z!<%8(Bhttp://www.yy-net.co.jp
(B
$B!y8r:]$NBh0lJb$r$*R2p$G$J$/!"$4$/<+A3$K$*IU$-9g$$$r4uK>$5$l$F$$$k(B
$B!!J}$K$*$9$9$a$G$9!#(B
(B-- 
(BTo unsubscribe from this list go to the following URL and read the
(Binstructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] Re: Windows domain group policies

[[EMAIL PROTECTED]]

Thomas Angst schrieb:
 > It seems that you catched my problem.
i am not sure

 > I don't have or ever had nor I will ever have a w2k server. So can you
 > please describe the turn arounds from the view of a w2k workstation, if
 > possible :)
you will manage a samba-ads-domain from a w2k-client with the
windows-own-tools ?
then you can try it with the necessary tools
eg. from the
w2k-(adv)server-cd:\i386\ADMINPAK.msi (~15 mb)
evtl. you can download it from m$
install it on one of your w2k-professional-client
afterwards, as domain-admin, you should be able to manage your ads-domain
if this works with a samba-ads-domain-controller this would be great
 > How can I check which groups are available and what their names are? I
 > am using a german w2k and if I choose a group then I see names like
 > Administratoren or Standardbenutzer or something like that.
in your *only-local*-user-databases on your w2k-clients where you have
no domain-users and no domain-groups ?
right-click "arbeitsplatz" / "verwaltung" = computerverwaltung (lokal) /
"local-user-groups"
in the shareable *global*-user-database on your samba-domain where
exists your domain-users and domain-groups ?
(i have no experiences with samba-domains)
- not_tested: with the  adminpak
- not_tested: right-click on "computerverwaltung (lokal)" / "verbindung
zu anderem computer herstellen"
choose your samba-domain-controller
- not_tested: add file/share-permissions on your w2k-client
from your domain, afaik,  you can only choose  domain-users  and
global-groups


with my little samba-workgroup-knowledge i would say:
at the moment, the best way to do this is on your samba-server
# man net
# net groupmap
# net --help
# cat /etc/passwd
# cat /etc/group
# cat /path/to/smbpasswd
...
take once again a look on
http://samba.org/~jht/NT4migration/Samba-HOWTO-Collection.pdf


 > The command net group is not working on w2k workstations.

"this command is only available on w2k-domain-controllers"  :-(



sorry if i had missunderstood you completely



--
shrek-m


--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Re: [Samba] smbpasswd not attempting to use LDAP

[Derek J. Balling]

On Sunday, June 22, 2003, at 09:23  AM, Andrew Bartlett wrote:
Like many users before you, you have not run 'testparm'

This would have told you that your configuration was not valid, as 
shown
above.
True, but in fairness, I copied the example off the samba.org site 
verbatim changing only the hostnames involved (see a message I sent 
later saying "the HOWTO needs correction for the typo" essentially). :-)

Thanks, though. :-)

D

--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] question

[Anne Pyle]

I'm a Windows user who is a newbie to Linux (and obviously to Samba),
having just installed it for the first time yesterday.  I run three
computers, a desktop and two laptops.  I've gotten everything set up
just fine so far -- my network is working, I can access email and the
web (my internet connection is on the desktop and I'm working on one of
the laptops) and can access my files on the other computers.

The only thing I can't seem to make work is the printers (which are
located on the Windows computer).  I have Samba set up, have followed
the instructions (I thought), but when I try to print a test page I get
the message "Unable to connect to Samba host."  I realize that I've
probably overlooked something extremely obvious, but can someone help me
out here?

Oh, and I have set up Samba to load automatically when Linux is started.
-- 

Anne Pyle
[EMAIL PROTECTED]
http://www.ceannmor.com


-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] share printer

[Nara Sok]

Dir Sir or Madam,
 
 
i used printer on the terminal that has OS windows XP connect to the local printer and 
i want to use the printer share with Linux, i'm installed samba on the other pc 
already. 
then configure network printer by command line: # printtool, my printer name is 
laserjet 1000, when i was printer the message alert to me  output is not to a terminal
can you help me to the correct configure?
i hope to hear from you soon
 
your sincerely
 
 
Nara Sok


-
Do you Yahoo!?
SBC Yahoo! DSL - Now only $29.95 per month!
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Re: [Samba] smbpasswd not attempting to use LDAP

[Andrew Bartlett]

On Fri, 2003-06-13 at 01:02, Derek J. Balling wrote:
> I've only got LDAP configured as a passdb type in my smb.conf, but 
> samba appears to be completely ignoring that and creating an 
> /etc/samba/smbpass file (full output of that at the bottom)
> 
> my smb.conf has:
> 
> ldap admin dn = "cn=Admin,dc=byramhealthcare,dc=com"
> ldap ssl = off
> passdb backend ldapsam:ldap://ldapmaster.byramhealthcare.com

Missing an = here

> ldap delete dn = no
> ldap user suffix = ou=People,dc=byramhealthcare,dc=com
> ldap machine suffix = ou=Systems,dc=byramhealthcare,dc=com
> ldap suffix = "ou=People,dc=byramhealthcare,dc=com"

Like many users before you, you have not run 'testparm'

This would have told you that your configuration was not valid, as shown
above.

Andrew Bartlett

-- 
Andrew Bartlett [EMAIL PROTECTED]
Manager, Authentication Subsystems, Samba Team  [EMAIL PROTECTED]
Student Network Administrator, Hawker College   [EMAIL PROTECTED]
http://samba.org http://build.samba.org http://hawkerc.net


signature.asc
Description: This is a digitally signed message part
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Re: Fwd: Re: [Samba] add user script & samba 3.0b pdc

[robowarp]

> > On Sat, 2003-06-21 at 05:45, [EMAIL PROTECTED] wrote:
> > > machine add does not work, manual or on the fly,
> > > if have an complete test enviroment so nothing is dangerios,
> > > but sometimes i have to install the boxes new *grins
> > > interface = lo,   changes nothing to the result,
> > > i cant join the samba domain with win2k , cause failure is:
> > > the machine account is not found or trusted by domain controller
> > > 
> > > after all i bulid a bdc with 2.2.7a on traditional way an it worked
> very
> > > nice.
> > > 
> > > my problem is this
> > > [2003/06/20 21:25:53, 2] auth/auth.c:check_ntlm_password(295)
> > >   check_ntlm_password:  Authentication for user [] -> [] FAILED with
> > erro
> > r
> > > NT_STATUS_NO_SUCH_USER
> > 
> > This usually means you left the 'guest' off the end of the 'passdb
> > backend' line, or your guest account (by default nobody) doesn't exist
> > in /etc/passwd.
> > 
> > Andrew Bartlett
> > 
> > -- 
> > Andrew Bartlett [EMAIL PROTECTED]
> > Manager, Authentication Subsystems, Samba Team  [EMAIL PROTECTED]
> > Student Network Administrator, Hawker College   [EMAIL PROTECTED]
> > http://samba.org http://build.samba.org http://hawkerc.net
> > 
> the nobody  account is in passwd as default,
> nobody:x:65534:65533:nobody:/var/lib/nobody:/bin/bash
> youre right i left off the guest in the passdb line
> regards
> 
> -- 
> +++ GMX - Mail, Messaging & more  http://www.gmx.net +++
> Bitte lächeln! Fotogalerie online mit GMX ohne eigene Homepage!
> 
> -- 
> To unsubscribe from this list go to the following URL and read the
> instructions:  http://lists.samba.org/mailman/listinfo/samba
> 
 succes now able to join samba pdc
i included the "guest"
passdb backend = smbpasswd:/etc/samba/smbpasswd, guest
seems that "guest" on logon is urgently needed
thx for help,
i will now test groupmapping features and usrmgr 
Regards Robert

-- 
+++ GMX - Mail, Messaging & more  http://www.gmx.net +++
Bitte lächeln! Fotogalerie online mit GMX ohne eigene Homepage!

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Fw:

[Schelstraete Bart]

On Thu, 19 Jun 2003, Jerry Moore wrote:

>
> Anyone know why I get this message on my NT when trying to mount
> unix home to NT. see config etc... below:
>
> The account is not authorized to login from this station.
>
>

That has to do with the 'encrypt passwords' option in your smb.conf.
You need to activate this, or you need to modify your windows client to
accept non encrypted passwords.

rgrds,
Bart
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Re: Windows domain group policies

[Thomas Angst]

It seems that you catched my problem.
I don't have or ever had nor I will ever have a w2k server. So can you 
please describe the turn arounds from the view of a w2k workstation, if 
possible :)

How can I check which groups are available and what their names are? I 
am using a german w2k and if I choose a group then I see names like 
Administratoren or Standardbenutzer or something like that.

The command net group is not working on w2k workstations.

greetings
Thomas
--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Re: Fwd: Re: [Samba] add user script & samba 3.0b

[robowarp]

> On Sat, 2003-06-21 at 05:45, [EMAIL PROTECTED] wrote:
> > machine add does not work, manual or on the fly,
> > if have an complete test enviroment so nothing is dangerios,
> > but sometimes i have to install the boxes new *grins
> > interface = lo,   changes nothing to the result,
> > i cant join the samba domain with win2k , cause failure is:
> > the machine account is not found or trusted by domain controller
> > 
> > after all i bulid a bdc with 2.2.7a on traditional way an it worked very
> > nice.
> > 
> > my problem is this
> > [2003/06/20 21:25:53, 2] auth/auth.c:check_ntlm_password(295)
> >   check_ntlm_password:  Authentication for user [] -> [] FAILED with
> erro
> r
> > NT_STATUS_NO_SUCH_USER
> 
> This usually means you left the 'guest' off the end of the 'passdb
> backend' line, or your guest account (by default nobody) doesn't exist
> in /etc/passwd.
> 
> Andrew Bartlett
> 
> -- 
> Andrew Bartlett [EMAIL PROTECTED]
> Manager, Authentication Subsystems, Samba Team  [EMAIL PROTECTED]
> Student Network Administrator, Hawker College   [EMAIL PROTECTED]
> http://samba.org http://build.samba.org http://hawkerc.net
> 
the nobody  account is in passwd as default,
nobody:x:65534:65533:nobody:/var/lib/nobody:/bin/bash
youre right i left off the guest in the passdb line
regards

-- 
+++ GMX - Mail, Messaging & more  http://www.gmx.net +++
Bitte lächeln! Fotogalerie online mit GMX ohne eigene Homepage!

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Re: [Samba] what is the default amount of time that smbpasswdincrements the sambaPwdMustChange value

[Andrew Bartlett]

On Sat, 2003-06-21 at 01:28, Justin Kreger wrote:
> So I get a phone call about my companie's controler not being able to
> log into samba.  About two weeks ago we migrated from Win2k Server to
> Samba running on LDAP.  What would be the default value that
> sambaPwdMustChange would be incremented?  This is NT Time Right (1 unit
> for every 100  ms from 1600 right?) 
> 
> I just had to bump everybody what I'm guessing is three weeks, but I
> need to know soon so I don't get woken up out of bed again!

It's 21 days.  It's messy to change (pdbedit -V can do it).  The values
in ldap are in unix time (seconds since 1970)

I'll file a bug in bugzilla about this mess.

Andrew Bartlett

-- 
Andrew Bartlett [EMAIL PROTECTED]
Manager, Authentication Subsystems, Samba Team  [EMAIL PROTECTED]
Student Network Administrator, Hawker College   [EMAIL PROTECTED]
http://samba.org http://build.samba.org http://hawkerc.net


signature.asc
Description: This is a digitally signed message part
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Re: Fwd: Re: [Samba] add user script & samba 3.0b

[Andrew Bartlett]

On Sat, 2003-06-21 at 05:45, [EMAIL PROTECTED] wrote:
> machine add does not work, manual or on the fly,
> if have an complete test enviroment so nothing is dangerios,
> but sometimes i have to install the boxes new *grins
> interface = lo,   changes nothing to the result,
> i cant join the samba domain with win2k , cause failure is:
> the machine account is not found or trusted by domain controller
> 
> after all i bulid a bdc with 2.2.7a on traditional way an it worked very
> nice.
> 
> my problem is this
> [2003/06/20 21:25:53, 2] auth/auth.c:check_ntlm_password(295)
>   check_ntlm_password:  Authentication for user [] -> [] FAILED with error
> NT_STATUS_NO_SUCH_USER

This usually means you left the 'guest' off the end of the 'passdb
backend' line, or your guest account (by default nobody) doesn't exist
in /etc/passwd.

Andrew Bartlett

-- 
Andrew Bartlett [EMAIL PROTECTED]
Manager, Authentication Subsystems, Samba Team  [EMAIL PROTECTED]
Student Network Administrator, Hawker College   [EMAIL PROTECTED]
http://samba.org http://build.samba.org http://hawkerc.net


signature.asc
Description: This is a digitally signed message part
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Re: [Samba] passwd db backend *_nua

[Andrew Bartlett]

On Sun, 2003-06-22 at 16:12, John H Terpstra wrote:
> On Sun, 22 Jun 2003, Chris Leung wrote:
> 
> > Dear all,
> >
> > I would like to ask about *_nua passwd db option.  I am using Samba 3
> > beta1. Could someone tell me where could I get more information about
> > *_nua usage?  I've tried say use smbpasswd_nua in smb.conf.  But the debug
> > log tell me can't find the smbpasswd_nua db packend plugin.  Fail to load
> > the module...  So, any resource that I can make reference?
> 
> The _nua thing went away. It did not work out too well. We are still
> working on the id mapping internals (you can be thankful you never need to
> be exposed to it) that should see a much more functional solution in place
> soon. We hope to have this done by Beta2 (early next week).

At present, the same behavior that using a _nua back-end caused can be
achieved by simply specifying 'idmap uid' in your smb.conf.

Remember, these accounts are really only of value for machines - as they
are 'non unix' they don't have a unix identity.  You cannot login to a
NUA account.

Andrew Bartlett

-- 
Andrew Bartlett [EMAIL PROTECTED]
Manager, Authentication Subsystems, Samba Team  [EMAIL PROTECTED]
Student Network Administrator, Hawker College   [EMAIL PROTECTED]
http://samba.org http://build.samba.org http://hawkerc.net


signature.asc
Description: This is a digitally signed message part
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba