Re: [Samba] Samba Server as WINS Server
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 You need to be the wins server for both subnets. See the browsing chapter at http://us2.samba.org/samba/devel/docs/html/Samba-HOWTO-Collection.html Hope this helps. - -Tom Jeevan wrote: | Hi all, | I am new to Samba world. | May be I am asking the question immaturely. | I have a Linux Samba server. It has two interfaces | 192.168.1. and 192.168.10. | I want to use it as WINS Server. | | I have configuration like this | 192.168.10.10/192.168.1.10 --> Samba Server (Also WINS Server) | Network on one side is 10. and other it is 1. . | Now I want to see machines on one side from the other and vice versa. All | other machines are win 2k Machines. | When I sniffed the packets I get the packets with error "The name does not | exists". | I have not configured the samba server machine as WINS server of machines on | 192.168.1. network. I have configured machines on 192.168.10. network to use | Samba server 192.168.10.10 as WINS Server. | My guess was the Samba server will broadcast a query on 1. netwok and | resolve the name. But instead it is not sending any packet on 1. network. | | Can anybody throw some light. Please tell whether I have to do more | homework?? | | | Below is my smb.conf file: - | | | # This is the main Samba configuration file. You should read the | # smb.conf(5) manual page in order to understand the options listed | # here. Samba has a huge number of configurable options (perhaps too | # many!) most of which are not shown in this example | # | # Any line which starts with a ; (semi-colon) or a # (hash) | # is a comment and is ignored. In this example we will use a # | # for commentry and a ; for parts of the config file that you | # may wish to enable | # | # NOTE: Whenever you modify this file you should run the command "testparm" | # to check that you have not made any basic syntactic errors. | # | #=== Global Settings | = | [global] | | # workgroup = NT-Domain-Name or Workgroup-Name |workgroup = WORKGROUP | | # server string is the equivalent of the NT Description field |server string = Samba Server | | # This option is important for security. It allows you to restrict | # connections to machines which are on your local network. The | # following example restricts access to two C class networks and | # the "loopback" interface. For more examples of the syntax see | # the smb.conf man page |hosts allow = 192.168.1. | | # if you want to automatically load your printer list rather | # than setting them up individually then you'll need this |printcap name = /etc/printcap |load printers = yes | | # It should not be necessary to spell out the print system type unless | # yours is non-standard. Currently supported print systems include: | # bsd, sysv, plp, lprng, aix, hpux, qnx |printing = lprng | | # Uncomment this if you want a guest account, you must add this to | /etc/passwd | # otherwise the user "nobody" is used | ; guest account = pcguest | | # this tells Samba to use a separate log file for each machine | # that connects |log file = /var/log/samba/%m.log | | # Put a capping on the size of the log files (in Kb). |max log size = 0 | | # Security mode. Most people will want user level security. See | # security_level.txt for details. | # security = user |security = share | | # Use password server option only with security = server | # The argument list may include: | # password server = My_PDC_Name [My_BDC_Name] [My_Next_BDC_Name] | # or to auto-locate the domain controller/s | # password server = * | ; password server = | | # Password Level allows matching of _n_ characters of the password for | # all combinations of upper and lower case. | password level = 8 | username level = 8 | | # You may wish to use password encryption. Please read | # ENCRYPTION.txt, Win95.txt and WinNT.txt in the Samba documentation. | # Do not enable this option unless you have read those documents |encrypt passwords = yes |smb passwd file = /etc/samba/smbpasswd | | # The following is needed to keep smbclient from spouting spurious errors | # when Samba is built with support for SSL. | ; ssl CA certFile = /usr/share/ssl/certs/ca-bundle.crt | | # The following are needed to allow password changing from Windows to | # update the Linux system password also. | # NOTE: Use these with 'encrypt passwords' and 'smb passwd file' above. | # NOTE2: You do NOT need these to allow workstations to change only | #the encrypted SMB passwords. They allow the Unix password | #to be kept in sync with the SMB password. |unix password sync = Yes |passwd program = /usr/bin/passwd %u |passwd chat = *New*password* %n\n *Retype*new*password* %n\n | *passwd:*all*authentication*tokens*updated*successfully* | | # You can use PAM's password change control flag for Samba. If | # enabled, then PAM will be used for password changes when requested | # by a
[Samba] Samba Server as WINS Server
Hi all, I am new to Samba world. May be I am asking the question immaturely. I have a Linux Samba server. It has two interfaces 192.168.1. and 192.168.10. I want to use it as WINS Server. I have configuration like this 192.168.10.10/192.168.1.10 --> Samba Server (Also WINS Server) Network on one side is 10. and other it is 1. . Now I want to see machines on one side from the other and vice versa. All other machines are win 2k Machines. When I sniffed the packets I get the packets with error "The name does not exists". I have not configured the samba server machine as WINS server of machines on 192.168.1. network. I have configured machines on 192.168.10. network to use Samba server 192.168.10.10 as WINS Server. My guess was the Samba server will broadcast a query on 1. netwok and resolve the name. But instead it is not sending any packet on 1. network. Can anybody throw some light. Please tell whether I have to do more homework?? Below is my smb.conf file: - # This is the main Samba configuration file. You should read the # smb.conf(5) manual page in order to understand the options listed # here. Samba has a huge number of configurable options (perhaps too # many!) most of which are not shown in this example # # Any line which starts with a ; (semi-colon) or a # (hash) # is a comment and is ignored. In this example we will use a # # for commentry and a ; for parts of the config file that you # may wish to enable # # NOTE: Whenever you modify this file you should run the command "testparm" # to check that you have not made any basic syntactic errors. # #=== Global Settings = [global] # workgroup = NT-Domain-Name or Workgroup-Name workgroup = WORKGROUP # server string is the equivalent of the NT Description field server string = Samba Server # This option is important for security. It allows you to restrict # connections to machines which are on your local network. The # following example restricts access to two C class networks and # the "loopback" interface. For more examples of the syntax see # the smb.conf man page hosts allow = 192.168.1. # if you want to automatically load your printer list rather # than setting them up individually then you'll need this printcap name = /etc/printcap load printers = yes # It should not be necessary to spell out the print system type unless # yours is non-standard. Currently supported print systems include: # bsd, sysv, plp, lprng, aix, hpux, qnx printing = lprng # Uncomment this if you want a guest account, you must add this to /etc/passwd # otherwise the user "nobody" is used ; guest account = pcguest # this tells Samba to use a separate log file for each machine # that connects log file = /var/log/samba/%m.log # Put a capping on the size of the log files (in Kb). max log size = 0 # Security mode. Most people will want user level security. See # security_level.txt for details. # security = user security = share # Use password server option only with security = server # The argument list may include: # password server = My_PDC_Name [My_BDC_Name] [My_Next_BDC_Name] # or to auto-locate the domain controller/s # password server = * ; password server = # Password Level allows matching of _n_ characters of the password for # all combinations of upper and lower case. password level = 8 username level = 8 # You may wish to use password encryption. Please read # ENCRYPTION.txt, Win95.txt and WinNT.txt in the Samba documentation. # Do not enable this option unless you have read those documents encrypt passwords = yes smb passwd file = /etc/samba/smbpasswd # The following is needed to keep smbclient from spouting spurious errors # when Samba is built with support for SSL. ; ssl CA certFile = /usr/share/ssl/certs/ca-bundle.crt # The following are needed to allow password changing from Windows to # update the Linux system password also. # NOTE: Use these with 'encrypt passwords' and 'smb passwd file' above. # NOTE2: You do NOT need these to allow workstations to change only #the encrypted SMB passwords. They allow the Unix password #to be kept in sync with the SMB password. unix password sync = Yes passwd program = /usr/bin/passwd %u passwd chat = *New*password* %n\n *Retype*new*password* %n\n *passwd:*all*authentication*tokens*updated*successfully* # You can use PAM's password change control flag for Samba. If # enabled, then PAM will be used for password changes when requested # by an SMB client instead of the program listed in passwd program. # It should be possible to enable this without changing your passwd # chat parameter for most setups. pam password change = yes # Unix users can map to different SMB User names username map = /etc/samba/smbusers # Using the following line enables you to customise your configuration # on a per machine basis. The %m gets replaced with the netbios name # of the machine that is connect
RE: [Samba] smbldap.c
> -Original Message- > From: Gerald (Jerry) Carter [mailto:[EMAIL PROTECTED] > |>IMHO groupmapping doesnt fill that hole, because whatever > groupmap entry > |>doesn't give admin rights on LDAP. > > You're thinking about this from the wrong perspective. > The 'domain admin group' from 3.0 was a limited way to > handle group mapping. Instead of being a smb.conf parameter, > the domain admin group is now a mapping between the domain > admins SID and a unix gid. The check will be pretty much > the same. We'll just make the domain admin sid against > the current user's NT_TOKEN. > > | Honestly said, the parameter "domain admin group" should come back. > | Some say it isn't necessary. > > No. I can fix this just using the group mapping > entry for "Domain Admins". We'll fix it post 3.0.0. This LDAP access check for group mapping entry for "Domain Admins" is a good idea and I'm glad to hear, that solution is coming. After some time, but hopefully it comes... rgds, - Rauno Tuul - -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Re: More files randomly corrupted
On Tue, Sep 16, 2003 at 07:04:48PM -0700, Steve Jr Ramage wrote: > Still having that problem with samba seemingly corrupting files, This class of problems is usually caused by either by bad network hardware or bad network drivers. Check the half/full duplex settings on your switch or try swapping brands of network card. Tim. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Samba3rc4 wbinfo problem
Hi Guys, I experienced problems with Samba3.0rc4. 1. When I run command wbinfo, follow errors will be seen. It works fine when CP850.so is deleted. ( While command 'net' will give warning without that file ) wbinfo: error while loading shared libraries: /usr/lib/charset/CP850.so: undefined symbol: smb_register_charset 2. Join Win2003 domain using 'net ads join ...' successfully ' wbinfo -u ' works fine while 'wbinfo -t' says 'checking the trust secret via RPC calls failed error code was NT_STATUS_UNSUCCESSFUL (0xc001) Could not check secret' Both of them work fine when join Win200 domain. Any suggestions are appreciated. Juer -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] More files randomly corrupted
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Still having that problem with samba seemingly corrupting files, it seems to be the same files that are corrupted again and again, yet they are corrupted differently and sometimes not. I ran my md5 summer against one file ch02.pdf, and it almost contineously corrupts, I checked in a hex editor and there are some differences. Yet the problem is that its not read the same way each time. The md5 changes and oddly enough this seems to affect some files more than other. Ironically ch02.pdf is eBook on Samba, ch01, and ch03 almost never seem corrupted I've moved both of the files to see if directory depth has anything to do. And it doesn't I also checked another machine, now the other machine running the same version of samba (Samba 2.2.3a [Debian Version]), yet diff versions of debian (stable vs. testing). I can't figure it out, I don't know whats causing this or where to start really. To make it worse someone told me there isn't anything in the samba code to cause this. Finally all the files that seem to be corrupted when being read, seem to be intact on the file system they are stored on. Steve Jr Ramage -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.1 (MingW32) iD8DBQE/Z8E/EK+EAP2ExcQRAqOVAKDIrF0eQ49ncWFleew/pHUWFck2jACfcmAg Q1T4tycY/pCCRfHadifb4pg= =rotn -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] tuning and benchmarking samba
Hi, I'm working on a testbed for a samba cluster. Should total 50 cpus eventually. Would someone point me towards linux client benchmarking programs? Anything I should know about tuning samba? Thanks -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Freebsd lockup smb_maperror:Unmapped error 1:158
Almost everyday my FreeBsd 4.8 machine with Samba from ports locks up with smb_maperror:Unmapped error 1:158 /kernel: :158 last message repeated 758 times Machine has to be reset to get it back up and running. Any ideas? Thanks, Patrick -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Samba + LDAP + Password Expiry = Almost working...
Hi, Try looking at the parameter passwd chat = The man pages should help you out here. Cheers --- Kristyan Osborne - IT Technician Longhill High School 01273 391672 -Original Message- From: Collins, Kevin [mailto:[EMAIL PROTECTED] Sent: Tue 16/09/2003 17:53 To: '[EMAIL PROTECTED]' Cc: Subject: [Samba] Samba + LDAP + Password Expiry = Almost working... I've got a Samba 2.2.7a domain with an LDAP backend. It's been working for nearly 3 months now without much bother. By the way: Great work and thanks for all of the effort! I have been missing one minor thing from the setup since I moved away from NT 4: Password Expiration. In the past I have posted questions about this on the list and I've gotten two answers: "Wait for 3." or "Write your own script to do it for you." Well, I sorta went the second route. By "sorta" I mean that I modified a pre-existing script to make it do what I wanted it to. What I did was this...I started with IDEALX's howto and scripts to get things going. I had Samba configured to use their "smbldap-passwd.pl" script to modify passwords. That worked, I could change any Windows account password from Windows or the command line and indeed all three passwords for that user are changed (Unix, LM and NT passwords). I later discovered the LDAP entry "pwdMustChange" while looking at a user account one day. When I set this to a date inside of 14 days from today, Windows begins to barks about "Password will expire in X days" - Great I thought I found my solution. But the default password change script wouldn't modify this value. So I modified the script to where it would. This is where my confusion starts. When I run my modified script from the command line, I get the password changes I expect and I get the pwdMustChange date changes I expect too. "Cool!" I thought - things are coming together. But when I turn to my Windows machine (Windows 2000 or XP) and change my password all I get is the password changes and the value for "pwdLastSet" being changed. HUH? If Samba is being told to run my script in its configuration file with "passwd program = /usr/local/sbin/smbldap-passwd.pl -o %u", then why doesn't it work like when I run it from the command line? To put it simply, when I run my script on the command line, it works - exactly the way I want. When Samba is told to change passwords from a Windows machine, it either doesn't use my script or is passing some other information that causes the script to perform differently. In either case, I have spent the better part of two days looking for cure to this and not been able to find a solution. So, I'm hoping that someone here will be able to help me. I have included the smb.conf file and the modified version of the IDEALX smbpasswd.pl script below. Any help is appreciated. If it comes down to it, I (think I) can create a script that will do what I need outside of the IDEALX stuff, but I would prefer not to as they seem to work so well. SMB.CONF --- # * # -- Nesbitt Engineering, Inc. Stargazer Samba Configuration -- # * # This is the main Samba configuration file for Stargazer - NEI's Primary # Domain Controller and Lexington office File Server. # # This configuration file is only to be used for an LDAP enabled server that # will be acting as a PDC. Modifications will be required for member servers # and machine that will act as "BDCs". # # Any line which starts with a ; (semi-colon) or a # (hash) # is a comment and is ignored. In this file we have used a # # for commentry and a ; for parts of the config file that are # either not enabled yet, or temporarly disabled # # NOTE: Whenever you modify this file you should run the command "testparm" # to check that you have not made any basic syntactic errors. # - # "Fear the Penguin!" # -- Kevin L. Collins # Systems Manager # Nesbitt Engineering, Inc. #
Re: [Samba] smbldap.c
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Tuesday 16 September 2003 23:02, Gerald (Jerry) Carter wrote: > |>So, you think that's ok to remove that piece of code, right ? > | > | removing isn't the best solution, for security reasons. then can > > anyone turn > > | the LDAP to a mess... > > Removing it is a really bad idea since anyone could then > view user passwords if they tried hard enough. Yes, but for now, this is the only solution I found to make things work... otherwise, I get: "cannot access LDAP when not root" errors in my log files. Antoine -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.3 (FreeBSD) iD8DBQE/Z4UZY3Hnhkr+5cQRAr8yAKCJBmiGz5G7fiVM3eGFe3Jmy79hjQCghRMf A63A16j4nuJX1bwzXn3EPHc= =XOUl -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] smbldap.c
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Rauno Tuul wrote: | | -Original Message- | From: Antoine Jacoutot [mailto:[EMAIL PROTECTED] | | On Tuesday 16 September 2003 21:34, Rauno Tuul wrote: | |>IMHO groupmapping doesnt fill that hole, because whatever groupmap entry |>doesn't give admin rights on LDAP. You're thinking about this from the wrong perspective. The 'domain admin group' from 3.0 was a limited way to handle group mapping. Instead of being a smb.conf parameter, the domain admin group is now a mapping between the domain admins SID and a unix gid. The check will be pretty much the same. We'll just make the domain admin sid against the current user's NT_TOKEN. |>So, you think that's ok to remove that piece of code, right ? | | removing isn't the best solution, for security reasons. then can anyone turn | the LDAP to a mess... Removing it is a really bad idea since anyone could then view user passwords if they tried hard enough. | Honestly said, the parameter "domain admin group" should come back. | Some say it isn't necessary. No. I can fix this just using the group mapping entry for "Domain Admins". We'll fix it post 3.0.0. cheers, jerry -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.1 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQE/Z3pLIR7qMdg1EfYRAjbbAKC/RRXQKupbNbnVPUDmtzQ0xIVCcwCgpR99 MvPnNqsO4f2yA6jm954p6uI= =++F/ -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba3, LDAP and FreeBSD 4.8 : need for NSS ?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Tuesday 16 September 2003 22:35, Jérôme Fenal wrote: > Hi all, > another French guy learning, don't bash me too hard... ;-) T'inquiètes, ça fait 2 semaines que je suis dessus :) > In fact, I'm in need of a confirmation : I'm on the way to create a > Samba3+LDAP (new schemas) PDC server (no migration from NT4 nor 2K, only > from an old Samba 2.0 with security=user using /etc/passwd, ie. no encrypt > password). > This Samba3 should be hosted on a FreeBSD 4.8 (ie. pam_ldap can work, I > tested it today, but no NSS available). > I've read many docs, including the HEAD Samba HOWTO collection, HOWTO from > Ignacio Coupeau (worth a read), old one from IdealX (which disapeared last > week, I still have a hardcopy), and many others. > The OpenLDAP 2.1 is up, with a few accounts populated (with both > sambaSamAccount & posixAccount objectclasses). PAM_LDAP auth works. > Then comes the integration with Samba. I have not yet began the work of > integrating Samba to LDAP (I'm learning LDAP). > Here's my question : does Samba3 need a Unix account (in /etc/passwd) in > addition to the one in the LDAP directory ? > I believe the answer is yes (since FreeBSD 4.8 doesn't have NSS, and PAM is > only for authentication), but may someone confirm because I lose the few > last hair I have ;-? Or, before the server is migrated to FreeBSD 5.1 > (-CURRENT), which should undoubtely lessen the need for a firm answer. > Best regards, and thanks for the job for so many years (I live happily with > Samba since 1996, in production since 1998). OK, so basically, you do NOT need nss_ldap to use samba-3.0 with LDAP, but you DO need Unix accounts (if not using nss). So, you do not need any posixAccount object class entries in your LDAP since this is for authenticating Unix users (accept if you need it). I just built a FreeBSD-5.1 + nss_ldap + pam_ldap and samba-3.0 as a PDC. It works great. If you don't want to use 5.1, which I can understand, what I recommend you is to use Unix accounts and pdbedit to ass the samba users, you will almost have nothing to populate LDAP with, samba will take care of it. Basically, you just need a base.ldif file with your domain/organisation, some groups (users, computers, admins and guest) and some ou to add your users/computers into. If you need help, please do not hesitate, I've spent the last 2 weeks on the subject :) Antoine -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.3 (FreeBSD) iD8DBQE/Z3nHY3Hnhkr+5cQRAga0AJwMXGYMix2nPrrJLA/0ioVFn9lXxQCbB1Li SsE9un/nLd9ijw/30EgFLWU= =i/u3 -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] smbldap.c
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Tuesday 16 September 2003 22:25, Rauno Tuul wrote: > Honestly said, the parameter "domain admin group" should come back. > Some say it isn't necessary. > But how can you add PC's to domain with for example 2 users "brick" and > "stone" (different passwords), when their uid isn't 0 and they aren't in > "admin users" list? Well, I had to add an administrator user with UID=0 and SID=500 Antoine -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.3 (FreeBSD) iD8DBQE/Z3hxY3Hnhkr+5cQRAm8nAJ46N67bJdxVsSp5JPB27fcBfbATzgCdGrht NdCtW6EktOPiPOM7p/kTkzA= =nh/O -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] In addition to: Can not register W2K computer (WXP and W98 without problems)
Forgot to tell you I'm using Samba 2.2.8a Regards _ Ricardo Martinezgarza F. ORIGINAL MESAGE: I can NOT have a W2KPro computer to reconnect to a RH9 Samba PDC server domain after initial "registration". (I don't have any problems with WXPPro) NetBios name of the W2KPro computer: PRUEBA RH9 PDC Samba domain name: SAMBA When "registering" the W2KPro computer to the domain for the first time, everything seems to work fine (even though it takes longer than usual to get the "Welcome to domain Samba" window). The entries in /etc/passwd, /etc/shadow and /etc/samba/smbpasswd get created: prueba$:x:504:100::/dev/null:/bin/false (/etc/passwd) prueba$:!!:12311:0:9:7::: (/etc/shadow) prueba$:504::yyy y:[W ]:LCT-3F6761AE: (/etc/samba/smbpasswd) The Samba log (prueba.log) for the W2K computer does not report any problems. After reboot, after typing a valid domain user and password, I get the error message "The system can not initiate a session because either there is no account for this computer in the primary domain or the password for this account is incorrect" To add to my perplexity, if I log into the W2KPro computer using a local(windows) username/password identical to a valid samba account I can browse through the domain via the windows Network Neighborhood without having to supply any further username or password. I can even browse through the Samba "home" directory (linux box) of such username/password. I´m using the "add user script = /usr/sbin/useradd -d /dev/null -g 100 -s /bin/false -M %u" on-the-fly method in smb.conf (which, by the way, has been working just fine for WXPPro computers) I've also tried manual creation of the /etc/passwd and /etc/samba/smbpasswd entries with the same results I've even tried modifying the W2KPro registry parameters in [HKEY_LOCAL_MACHINE|SYSTEM|CurrentControlSet|Service|Netlogon|Parameters] as I did for WXPPro, no luck either. Further yet, I´ve tried to "sniffer-debug" the unsuccessful re-registration of the W2KPro box vs. a successful re-registration of a WXPPro box and can not find what the problem is. Any ideas why this is happening and what else could/should I do/try Thanks gals and guys _ Ricardo Martinezgarza F. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Samba3, LDAP and FreeBSD 4.8 : need for NSS ?
Hi all, another French guy learning, don't bash me too hard... ;-) In fact, I'm in need of a confirmation : I'm on the way to create a Samba3+LDAP (new schemas) PDC server (no migration from NT4 nor 2K, only from an old Samba 2.0 with security=user using /etc/passwd, ie. no encrypt password). This Samba3 should be hosted on a FreeBSD 4.8 (ie. pam_ldap can work, I tested it today, but no NSS available). I've read many docs, including the HEAD Samba HOWTO collection, HOWTO from Ignacio Coupeau (worth a read), old one from IdealX (which disapeared last week, I still have a hardcopy), and many others. The OpenLDAP 2.1 is up, with a few accounts populated (with both sambaSamAccount & posixAccount objectclasses). PAM_LDAP auth works. Then comes the integration with Samba. I have not yet began the work of integrating Samba to LDAP (I'm learning LDAP). Here's my question : does Samba3 need a Unix account (in /etc/passwd) in addition to the one in the LDAP directory ? I believe the answer is yes (since FreeBSD 4.8 doesn't have NSS, and PAM is only for authentication), but may someone confirm because I lose the few last hair I have ;-? Or, before the server is migrated to FreeBSD 5.1 (-CURRENT), which should undoubtely lessen the need for a firm answer. Best regards, and thanks for the job for so many years (I live happily with Samba since 1996, in production since 1998). Jérôme ** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. LogicaCMG ** -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Can not register W2K computer (WXP and W98 without problems)
I can NOT have a W2KPro computer to reconnect to a RH9 Samba PDC server domain after initial "registration". (I don't have any problems with WXPPro) NetBios name of the W2KPro computer: PRUEBA RH9 PDC Samba domain name: SAMBA When "registering" the W2KPro computer to the domain for the first time, everything seems to work fine (even though it takes longer than usual to get the "Welcome to domain Samba" window). The entries in /etc/passwd, /etc/shadow and /etc/samba/smbpasswd get created: prueba$:x:504:100::/dev/null:/bin/false (/etc/passwd) prueba$:!!:12311:0:9:7::: (/etc/shadow) prueba$:504::yyy y:[W ]:LCT-3F6761AE: (/etc/samba/smbpasswd) The Samba log (prueba.log) for the W2K computer does not report any problems. After reboot, after typing a valid domain user and password, I get the error message "The system can not initiate a session because either there is no account for this computer in the primary domain or the password for this account is incorrect" To add to my perplexity, if I log into the W2KPro computer using a local(windows) username/password identical to a valid samba account I can browse through the domain via the windows Network Neighborhood without having to supply any further username or password. I can even browse through the Samba "home" directory (linux box) of such username/password. I´m using the "add user script = /usr/sbin/useradd -d /dev/null -g 100 -s /bin/false -M %u" on-the-fly method in smb.conf (which, by the way, has been working just fine for WXPPro computers) I've also tried manual creation of the /etc/passwd and /etc/samba/smbpasswd entries with the same results I've even tried modifying the W2KPro registry parameters in [HKEY_LOCAL_MACHINE|SYSTEM|CurrentControlSet|Service|Netlogon|Parameters] as I did for WXPPro, no luck either. Further yet, I´ve tried to "sniffer-debug" the unsuccessful re-registration of the W2KPro box vs. a successful re-registration of a WXPPro box and can not find what the problem is. Any ideas why this is happening and what else could/should I do/try Thanks gals and guys _ Ricardo Martinezgarza F. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE: [Samba] smbldap.c
-Original Message- From: Antoine Jacoutot [mailto:[EMAIL PROTECTED] On Tuesday 16 September 2003 21:34, Rauno Tuul wrote: > IMHO groupmapping doesnt fill that hole, because whatever groupmap entry > doesn't give admin rights on LDAP. > So, you think that's ok to remove that piece of code, right ? removing isn't the best solution, for security reasons. then can anyone turn the LDAP to a mess... Honestly said, the parameter "domain admin group" should come back. Some say it isn't necessary. But how can you add PC's to domain with for example 2 users "brick" and "stone" (different passwords), when their uid isn't 0 and they aren't in "admin users" list? Rgds, Rauno. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] How does Samba delete files ?
On Tue, 16 Sep 2003, Bruno Tobias Stella wrote: > John H Terpstra <[EMAIL PROTECTED]> wrote: > > > On Mon, 15 Sep 2003, Bruno Tobias Stella wrote: > > > > > Hi ! > > > > > > I'd like to know how does Samba delete files, because I need do > > > something to instead Samba removes files, it moves the deleted > > > files to another directory, like a Netware Salvage File or a > > > Windows Trash Can. > > > > Oh, you mean like the recycle.so module for samba does. > > Fancy that, it's there already! > > Yes! It's fantastic ! Congratulations ! > > > > Refer to the Samba-HOWTO-Collection.pdf available from: > > > > http://us1.samba.org/samba/devel/docs/Samba-HOWTO-Collection.pdf > > > > See chapter 20. > > > > If this does not answer your needs, please let me know > > in time before Friday so I can fix the documentation > > before Samba-3.0.0 ships and before the HOWTO goes to > > the publisher. > > Ok, I read the documentation, but I have some problems: > > 1) I use Samba-2.2.5 and Samba-2.2.8a, and I didn't get configure > VFS in them. Older implementation. You need to refer to the documentation that is in the old source code under the ~samba/examples/VFS directory for information about how to configure them. > 2) But before, I think that I don't know configure Samba to use > VFS. Is necessary make some diferent configuration ? I didn't find > something like "--with-vfs" in ./configure . No. You had to build the modules separately - they had not yet been integrated into the main code base. > 3) And if only in Samba-3 this recycle will be available, is there > an estimate about when Samba-3 will be a production version? Less than 1 week. Samba-3.0.0rc4 is essentiall release code. - John T. > > Thanks again! > > > > > - John T. > > -- > > John H Terpstra > > Email: [EMAIL PROTECTED] > --- End of Original Message --- > > Bruno Stella > -- John H Terpstra Email: [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] How does Samba delete files ?
John H Terpstra <[EMAIL PROTECTED]> wrote: > On Mon, 15 Sep 2003, Bruno Tobias Stella wrote: > > > Hi ! > > > > I'd like to know how does Samba delete files, because I need do > > something to instead Samba removes files, it moves the deleted > > files to another directory, like a Netware Salvage File or a > > Windows Trash Can. > > Oh, you mean like the recycle.so module for samba does. > Fancy that, it's there already! Yes! It's fantastic ! Congratulations ! > Refer to the Samba-HOWTO-Collection.pdf available from: > > http://us1.samba.org/samba/devel/docs/Samba-HOWTO-Collection.pdf > > See chapter 20. > > If this does not answer your needs, please let me know > in time before Friday so I can fix the documentation > before Samba-3.0.0 ships and before the HOWTO goes to > the publisher. Ok, I read the documentation, but I have some problems: 1) I use Samba-2.2.5 and Samba-2.2.8a, and I didn't get configure VFS in them. 2) But before, I think that I don't know configure Samba to use VFS. Is necessary make some diferent configuration ? I didn't find something like "--with-vfs" in ./configure . 3) And if only in Samba-3 this recycle will be available, is there an estimate about when Samba-3 will be a production version? Thanks again! > > - John T. > -- > John H Terpstra > Email: [EMAIL PROTECTED] --- End of Original Message --- Bruno Stella -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] smbldap.c
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Tuesday 16 September 2003 21:34, Rauno Tuul wrote: > IMHO groupmapping doesnt fill that hole, because whatever groupmap entry > doesn't give admin rights on LDAP. So, you think that's ok to remove that piece of code, right ? Antoine -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.3 (FreeBSD) iD8DBQE/Z2mZY3Hnhkr+5cQRAmbGAJ43SCGZPiwD0eykz7Ws65h9/umoTwCbBBGT rMQojJzKy7BDinlZ9sakP3w= =p7Cd -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE: [Samba] smbldap.c
Hi, Well in samba 2.2.8 (in 2.2.4 wasnt) was passdb/pdb_ldap.c check like this: /* check that the user is in the domain admin group for connecting */ if ( (uid != 0) && !user_in_list(pass->pw_name, lp_domain_admin_group()) ) { DEBUG(0, ("ldap_open_connection: cannot access LDAP when not root or a member of domain admin group..\n")); return False; } So users who belonged to "domain admin group" were able to modify LDAP base, for example add PC's to domain without having uid=0. Basically samba3 is back at 2.2.4 level. I saw this in smb-ldap howto by IDEALX (howto was written for 2.2.4) and there was a little patch. As in samba3 there is no such variable as "domain admin group", so there is no way users with uid!=0 can change LDAP... For big networks adding PCs to domain with one username and password (uid=0, rid=500) just doesnt make sense... IMHO groupmapping doesnt fill that hole, because whatever groupmap entry doesn't give admin rights on LDAP. Regards, Rauno Tuul. -Original Message- From: Antoine Jacoutot ajacoutot at lphp.org Tue Sep 16 16:21:49 GMT 2003 I was just wondering if that piece of code was important (for security and such), because I had to comment it in smbldap.c before compiling samba-3.0; otherwise, I would have errors like: "(Insufficient access)smbldap_open: cannot access LDAP when not root" #ifndef NO_LDAP_SECURITY if (geteuid() != 0) { DEBUG(0, ("smbldap_open: cannot access LDAP when not root..\n")); return LDAP_INSUFFICIENT_ACCESS; } #endif -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Samba + LDAP + Password Expiry = Almost working...
Hi, You almost got it... Samba 2 has a weird behaviour, when using LDAP and passwd program. When you change the password from windows, thnings happen like this: 1) samba reads all the user data from LDAP to memory (doesn't read userpassword) 2) executes the "passwd program" to change userpassword. I this point your script also sets the new "pwdMustChange" valus. 3) things get tricky here, when samba writes back all the data, he got from LDAP earlier and changes password hashes. So if your script changes the "pwdMustChange" value, samba puts it back as it was before :P Workaround is to modify pdb_ldap.c and teach samba not to write back "pwdMustChange". It can be achieved with commenting out 2 lines. When samba3 calculates new "pwdMustChange" based on policy. In samba2 you must do it with scripts. btw, your perl script is way too complex. I attached one my e-mail sent to samba-technical ages ago, where this trick is described. Best regards, Rauno Tuul. -Original Message- From: Collins, Kevin [mailto:[EMAIL PROTECTED] I've got a Samba 2.2.7a domain with an LDAP backend. It's been working for nearly 3 months now without much bother. By the way: Great work and thanks for all of the effort! I have been missing one minor thing from the setup since I moved away from NT 4: Password Expiration. In the past I have posted questions about this on the list and I've gotten two answers: "Wait for 3." or "Write your own script to do it for you." Well, I sorta went the second route. By "sorta" I mean that I modified a pre-existing script to make it do what I wanted it to. What I did was this...I started with IDEALX's howto and scripts to get things going. I had Samba configured to use their "smbldap-passwd.pl" script to modify passwords. That worked, I could change any Windows account password from Windows or the command line and indeed all three passwords for that user are changed (Unix, LM and NT passwords). I later discovered the LDAP entry "pwdMustChange" while looking at a user account one day. When I set this to a date inside of 14 days from today, Windows begins to barks about "Password will expire in X days" - Great I thought I found my solution. But the default password change script wouldn't modify this value., but I would prefer not to as they seem to work so well. . -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Question about DOS 8.3 mangling files name
On Tue, Sep 16, 2003 at 10:02:18AM -0300, OPSC Service wrote: > Hi Jeremy, > > First of all, thanks for your answer! > > One more question: > > Are there any old Samba version that can solve this Samba/DOS hash > incompatibility? No. We always used a different hash. > Are there any patch from Samba Server to solve this incompatibility? No, the hash we use is better than the Windows one (less collisions). Jeremy. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Redhat as Samba Client
Hello, We have a Redhat 7.2 running as a Samba PDC for a long time without any problem. All the client are Windows 2000 and WindowsXP. But now we have introduced Linux as workstations and I want to use the same setting for authenticating the Linux users (basically both systems will use the same settign and the same Samba server). We are using Redhat 9 as the workstations. There is a tab for authentication in the control center and I chose SMB and provided the domain and server name. But it does not work. The Linux systems are not authenticating from the Samba server. So how can I set up Redhat 9 to use the Samba server as the authentication server. (We also have a NIS implementation but I am reluctant to use it). One thing I came to notice after fiddling with the system is that if a user has a local account that username is authenticated from the Samba server and the login works (both using the local account password and the samba server password for that username). Thanks in advance. -Russell. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Samba + LDAP + Password Expiry = Almost working...
I've got a Samba 2.2.7a domain with an LDAP backend. It's been working for nearly 3 months now without much bother. By the way: Great work and thanks for all of the effort! I have been missing one minor thing from the setup since I moved away from NT 4: Password Expiration. In the past I have posted questions about this on the list and I've gotten two answers: "Wait for 3." or "Write your own script to do it for you." Well, I sorta went the second route. By "sorta" I mean that I modified a pre-existing script to make it do what I wanted it to. What I did was this...I started with IDEALX's howto and scripts to get things going. I had Samba configured to use their "smbldap-passwd.pl" script to modify passwords. That worked, I could change any Windows account password from Windows or the command line and indeed all three passwords for that user are changed (Unix, LM and NT passwords). I later discovered the LDAP entry "pwdMustChange" while looking at a user account one day. When I set this to a date inside of 14 days from today, Windows begins to barks about "Password will expire in X days" - Great I thought I found my solution. But the default password change script wouldn't modify this value. So I modified the script to where it would. This is where my confusion starts. When I run my modified script from the command line, I get the password changes I expect and I get the pwdMustChange date changes I expect too. "Cool!" I thought - things are coming together. But when I turn to my Windows machine (Windows 2000 or XP) and change my password all I get is the password changes and the value for "pwdLastSet" being changed. HUH? If Samba is being told to run my script in its configuration file with "passwd program = /usr/local/sbin/smbldap-passwd.pl -o %u", then why doesn't it work like when I run it from the command line? To put it simply, when I run my script on the command line, it works - exactly the way I want. When Samba is told to change passwords from a Windows machine, it either doesn't use my script or is passing some other information that causes the script to perform differently. In either case, I have spent the better part of two days looking for cure to this and not been able to find a solution. So, I'm hoping that someone here will be able to help me. I have included the smb.conf file and the modified version of the IDEALX smbpasswd.pl script below. Any help is appreciated. If it comes down to it, I (think I) can create a script that will do what I need outside of the IDEALX stuff, but I would prefer not to as they seem to work so well. SMB.CONF --- # * # -- Nesbitt Engineering, Inc. Stargazer Samba Configuration -- # * # This is the main Samba configuration file for Stargazer - NEI's Primary # Domain Controller and Lexington office File Server. # # This configuration file is only to be used for an LDAP enabled server that # will be acting as a PDC. Modifications will be required for member servers # and machine that will act as "BDCs". # # Any line which starts with a ; (semi-colon) or a # (hash) # is a comment and is ignored. In this file we have used a # # for commentry and a ; for parts of the config file that are # either not enabled yet, or temporarly disabled # # NOTE: Whenever you modify this file you should run the command "testparm" # to check that you have not made any basic syntactic errors. # - # "Fear the Penguin!" # -- Kevin L. Collins # Systems Manager # Nesbitt Engineering, Inc. # * # Changelog: # Date - Version - Change #* Info about change # - # 06/04/03 - 1.0 - Original Creation # * #= Global Settings [global] # Server Name and description workgroup = nesbitt.local netbios name = stargazer server string = Stargazer - Lexington File Server # Samba log information log file = /var/log/samba/%m.log max log size = 0 # Security information security = user encrypt passwords = yes smb passwd file = /etc/samba/smbpasswd unix password sync = Yes passwd program = /usr/local/sbin/smbldap-passwd.pl -o %u passwd chat = *New*Password* %n\n *Retype*New*Password* %n\n *All*authentication*tokens*updated*successfully* # To help performance socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 # Settings for PDC setup local master = yes os level = 80 domain master = yes preferred master = yes
RE: [Samba] Debug levels
Thanks! 255 sounds good; my wife says I can be pretty assenine. ;-) -Original Message- From: John H Terpstra [mailto:[EMAIL PROTECTED] Sent: Tuesday, September 16, 2003 10:31 AM To: Potts, Ross A. Cc: Samba (E-mail) Subject: Re: [Samba] Debug levels On Tue, 16 Sep 2003, Potts, Ross A. wrote: > How many levels are there, and what verbosity to they provide? Valid values are from 0 - 255. We tend to use 1 - 10, and 100 for assenine level debugging alone. For most things debug level 3 or 5 is sufficient, for nitty things 10. - John T. -- John H Terpstra Email: [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] trying samba 3rc4
Hello, I installed samba 3.0 RC4 on a sun 5.8. I compiled it fine. When I run /usr/local/samba/bin/smbstatus, i have this message : [EMAIL PROTECTED]:/# /usr/local/samba/bin/smbstatus Error trying to resolve symbol 'init_module' in /usr/local/samba/lib/charset/CP8 50.so: ld.so.1: /usr/local/samba/bin/smbstatus: fatal : /usr/local/samba/lib/cha rset/ISO8859-15.so : échec de l'ouverture : Ce fichier ou ce répertoire n'existe pas Conversion from UCS-2LE to CP850 not supported Error trying to resolve symbol 'init_module' in /usr/local/samba/lib/charset/CP8 50.so: ld.so.1: /usr/local/samba/bin/smbstatus: fatal : /usr/local/samba/lib/cha rset/ISO8859-15.so : échec de l'ouverture : Ce fichier ou ce répertoire n'existe pas Conversion from UTF8 to CP850 not supported Error trying to resolve symbol 'init_module' in /usr/local/samba/lib/charset/CP8 50.so: ld.so.1: /usr/local/samba/bin/smbstatus: fatal : /usr/local/samba/lib/cha rset/ISO8859-15.so : échec de l'ouverture : Ce fichier ou ce répertoire n'existe pas Conversion from ASCII to CP850 not supported Error trying to resolve symbol 'init_module' in /usr/local/samba/lib/charset/CP8 50.so: ld.so.1: /usr/local/samba/bin/smbstatus: fatal : /usr/local/samba/lib/cha rset/ISO8859-15.so : échec de l'ouverture : Ce fichier ou ce répertoire n'existe pas Conversion from CP850 to UCS-2LE not supported NOTE: Service homes is flagged unavailable. sessionid.tdb not initialised Service pid machine Connected at --- No locked files of course I found nowhere the file : ISO8859-15.so. If someone has an idea ... Thank you in advance H. Couaillet -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: RE : [Samba] need of a user root in ldap ?
John H Terpstra wrote: In passdb backend, the account can be called root or Administrator. If root is not called Administrator, then it is good policy to add in smb.conf [globals]: username map = /etc/samba/smbusers Then in /etc/samba/smbusers: root = Administrator This effectively means that Windows administration can use the Administrator account, while it is in fact 'root'. Nice, it works like a charm :) -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: RE : [Samba] need of a user root in ldap ?
On Tue, 16 Sep 2003, jean-marc pouchoulon wrote: > > > >So, my question is: why do I have to create a posix user "root" since > my > >system (/etc/passwd) already has one root ? I though just creating the > >samba user would be enough... > > > samba reads backend nor /etc/passwd, isn't it ? So root can be > in /etc/passwd and he must be in a backend. J-M, root is always in /etc/passwd. :) In passdb backend, the account can be called root or Administrator. If root is not called Administrator, then it is good policy to add in smb.conf [globals]: username map = /etc/samba/smbusers Then in /etc/samba/smbusers: root = Administrator This effectively means that Windows administration can use the Administrator account, while it is in fact 'root'. I hope this helps. - Jean-Henri. -- John H Terpstra Email: [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE : [Samba] need of a user root in ldap ?
>So, my question is: why do I have to create a posix user "root" since my >system (/etc/passwd) already has one root ? I though just creating the >samba user would be enough... samba reads backend nor /etc/passwd, isn't it ? So root can be in /etc/passwd and he must be in a backend. Jean-Marc -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] error with make install samba-3.0.0rc4
Hi All, I am using solaris9 x86 installed this packages and then installed samba rc4 booms out with errors libiconv-1.9.1 BerkeleyDB.4.1 openldap-stable-20030709 samba-3.0.0rc4 ./configure --prefix=/data5/samba --with-libiconv=/usr/local/lib --with-krb5=/us r/local/sbin --with-ldap --with-profiling-data --with-quotas --with-sys-quotas - -with-acl-support make make install Installing bin/CP850.so as /data5/samba/lib/charset/CP850.so Installing bin/CP437.so as /data5/samba/lib/charset/CP437.so ./install-sh -c bin/libsmbclient.so /data5/samba/lib make: execvp: ./install-sh: Permission denied make: [installclientlib] Error 127 (ignored) : bin/libsmbclient.a /data5/samba/lib ./install-sh -c /data5/samba-3.0.0rc4/source/include/libsmbclient.h /data5/samba /include make: execvp: ./install-sh: Permission denied make: [installclientlib] Error 127 (ignored) Also I am getting errors by just running testparm, I have tried changing the settings to ASCII or UTF8 and I am still getting this errors. smb.conf: display charset = CP850 dos charset = CP850 unix charset = CP850 - # ./testparm Load smb config files from /data5/samba/lib/smb.conf Error loading module '/data5/samba/lib/charset/646.so': ld.so.1: ./testparm: fat al: /data5/samba/lib/charset/646.so: open failed: No such file or directory Module '/data5/samba/lib/charset/CP850.so' loaded Error loading module '/data5/samba/lib/charset/646.so': ld.so.1: ./testparm: fat al: /data5/samba/lib/charset/646.so: open failed: No such file or directory Error loading module '/data5/samba/lib/charset/646.so': ld.so.1: ./testparm: fat al: /data5/samba/lib/charset/646.so: open failed: No such file or directory Error loading module '/data5/samba/lib/charset/646.so': ld.so.1: ./testparm: fat al: /data5/samba/lib/charset/646.so: open failed: No such file or directory Error loading module '/data5/samba/lib/charset/646.so': ld.so.1: ./testparm: fat al: /data5/samba/lib/charset/646.so: open failed: No such file or directory Error loading module '/data5/samba/lib/charset/646.so': ld.so.1: ./testparm: fat al: /data5/samba/lib/charset/646.so: open failed: No such file or directory Error loading module '/data5/samba/lib/charset/646.so': ld.so.1: ./testparm: fat al: /data5/samba/lib/charset/646.so: open failed: No such file or directory Error loading module '/data5/samba/lib/charset/646.so': ld.so.1: ./testparm: fat al: /data5/samba/lib/charset/646.so: open failed: No such file or directory Error loading module '/data5/samba/lib/charset/646.so': ld.so.1: ./testparm: fat al: /data5/samba/lib/charset/646.so: open failed: No such file or directory Error loading module '/data5/samba/lib/charset/646.so': ld.so.1: ./testparm: fat al: /data5/samba/lib/charset/646.so: open failed: No such file or directory Processing section "[homes]" Processing section "[printers]" Processing section "[tmp]" Loaded services file OK. Server role: ROLE_STANDALONE Press enter to see a dump of your service definitions # Global parameters [global] unix charset = CP850 display charset = CP850 workgroup = MYGROUP server string = Samba Server log file = /data5/samba/log/log.%m max log size = 50 dns proxy = No [homes] comment = Home Directories read only = No browseable = No [printers] comment = All Printers path = /usr/spool/samba printable = Yes browseable = No [tmp] comment = Temporary file space path = /tmp read only = No guest ok = Yes Thanks in advance for any help Eli -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] need of a user root in ldap ?
John H Terpstra wrote: As Andrew says, "Try it, why ask?" Let us know ow it goes. OK, so here it goes: - adding samba user root in LDAP SID-500 --> does NOT work - adding posix user+samba user root in LDAP SID-500, uidNumber=0 --> WORKS - adding posix user+samba user anyusername in LDAP SID-500, uidNumber=0 --> WORKS So, my question is: why do I have to create a posix user "root" since my system (/etc/passwd) already has one root ? I though just creating the samba user would be enough... Antoine -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] need of a user root in ldap ?
Markus Schabel wrote: Is this *really* needed if the machine accounts are stored in LDAP? For writing /etc/passwd you need to be root, but for writing LDAP you usually don't need to be root... You only need to have execute permissions for the machine-add script... As Andrew said, you have to be domain admin (that means ...-500 as SID), but root?? Well, I just tried, but it does not work :( So it needs root. Antoine -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] smbfs mounts hang
We ran into a hanging smbfs now several times: Client: Linux 2.4.18 Server: Solaris 8; running Samba 2.2.2 If the problem occurs we are not able to access or umount the filesystem any longer. Is that a known bug I am not aware of or has anyone experienced something similar? Thanks a lot, Roman __ McAfee VirusScan Online from the Netscape Network. Comprehensive protection for your entire computer. Get your free trial today! http://channels.netscape.com/ns/computing/mcafee/index.jsp?promo=393397 Get AOL Instant Messenger 5.1 free of charge. Download Now! http://aim.aol.com/aimnew/Aim/register.adp?promo=380455 -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] need of a user root in ldap ?
On Tue, 16 Sep 2003, Markus Schabel wrote: > John H Terpstra wrote: > > On Tue, 16 Sep 2003, Antoine Jacoutot wrote: > > > > > >>Hi ! > >> > >>Is there the need for a root account when using samba-3.0+ldap ? > >>I'm asking this because I cannot add XP workstations to the domain (I > >>made the registry changes), I get an "access denied". Under NT, there's > >>no problem, it does not even ask for a login/password as long as the > >>workstation account is created in samba. With XP, I use a user account > >>who is also part of the admins group, but as I said, I get an access denied. > >>Any idea ? > > > > > > Yes. The account you use to add machines has to have uid=0. ie: root. > > Is this *really* needed if the machine accounts are stored in LDAP? For > writing /etc/passwd you need to be root, but for writing LDAP you > usually don't need to be root... You only need to have execute > permissions for the machine-add script... > > As Andrew said, you have to be domain admin (that means ...-500 as SID), > but root?? As Andrew says, "Try it, why ask?" Let us know ow it goes. - John T. -- John H Terpstra Email: [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Multiple PDCs, Single Domain
On Tue, 16 Sep 2003, Matt Schillinger wrote: > On Mon, 2003-09-15 at 15:44, Michael Heironimus wrote: > > On Mon, Sep 15, 2003 at 10:34:22AM -0500, Matt Schillinger wrote: > > > > I have to admit that I don't see why you can't live live one PDC and X > > > > BDCs. You would have construct your LDAP servers this way anyway. If a > > > > PDC goes down (or the connection breaks) the BDC would still be able > > > > process logons on his own. > > > > > > > The only Problem here is resources. The plan is that there are already > > > machines that can be used as PDC, one per building. However, there isn't > > > budget for a BDC per building, so the hope was to have a single BDC at > > > the main building.. I can see that this would be difficult, particularly > > > if ports 137-139 were blocked at T1 Router. > > > > You're trying to do it backwards. You want one PDC and multiple BDC's, > > not the other way around. Take the machines that are slated for PDC use > > and just use them as BDC's instead. You would do the same thing with > > Windows servers, one PDC in the main building and a BDC at each remote > > site. > > > I understand what the standard would be, but the reason that I'm trying > 'backwards' is that I want to keep authentication traffic off of the T-1 > connections that are used for internet/interbuilding traffic. > > So far, all i've come up with is to have no BDC, and have multiple PDC, > each at their own building, with only WINS for the building, and no > other buildings.. LDAP can still be centralized and replicated to each > PDC. That's not the nicest (I'd like for clients to be able to browse > the entire network), but i'm seeing alot of problems with the idea (such > as who authenticates a request for Machine 'a' in building '1', when it > wants a share from Machine 'b' in building '2' --- And, how do you > prevent browsing data from saying that there's a PDC on each building?? > Static Entries for PDCs??), so if it doesn't work right, i guess there's > no choice. > > It is Obviously easier to do it the 'forward' way. > > I guess on that line, if someone could perhaps explain how much traffic > i can expect out of authentication requests for say, 100 users / > building (100/T-1).. Would a T-1 support such traffic without affecting > the usability of internet? Windows NT 3.51 was a dog compared with NT4 and Win2K. I installed my first big network using 3.51. It had 11 branch offices connected via a 64k ISDN link. We had 3500 users. Each branch had at least one BDC. Head office had 1 PDC and three BDCs. With WINS running correctly the total background communications traffic averaged around 9.7 kbps. The larget branch had 140 users on a 256k ISDN link, but it had 64k ISDN links running to mulitple branches more distant from head office than it was. Does that answer your question well enough? > Thanks for all your help and prompt responses, > > Matt Schillinger > [EMAIL PROTECTED] > > > > To do what I think you want, you probably want a central LDAP server and > > Samba PDC in your main building. In each remote building run a slave > > LDAP server replicating from the main one and a Samba BDC. Look at > > chapter 6 of the Samba-HOWTO-Collection document, it has a pretty > > thorough description of how all this works. - John T. -- John H Terpstra Email: [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] need of a user root in ldap ?
John H Terpstra wrote: On Tue, 16 Sep 2003, Antoine Jacoutot wrote: Hi ! Is there the need for a root account when using samba-3.0+ldap ? I'm asking this because I cannot add XP workstations to the domain (I made the registry changes), I get an "access denied". Under NT, there's no problem, it does not even ask for a login/password as long as the workstation account is created in samba. With XP, I use a user account who is also part of the admins group, but as I said, I get an access denied. Any idea ? Yes. The account you use to add machines has to have uid=0. ie: root. Is this *really* needed if the machine accounts are stored in LDAP? For writing /etc/passwd you need to be root, but for writing LDAP you usually don't need to be root... You only need to have execute permissions for the machine-add script... As Andrew said, you have to be domain admin (that means ...-500 as SID), but root?? regards Markus -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] SID
Hi again... :) Is there a way to tell samba to automatically create and set a SID for its domain if it does not have one ? Because, after installing a samba PDC, I have to create a user for samba to create the domain SID, and if I issue the command "net getlocalsid" before creating a user, it returns an error... -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Question about DOS 8.3 mangling files name
On Tue, 16 Sep 2003, OPSC Service wrote: > Hi Jeremy, > > First of all, thanks for your answer! > > One more question: > > Are there any old Samba version that can solve this Samba/DOS hash > incompatibility? > Are there any patch from Samba Server to solve this incompatibility? Not that I can recall. This has never been consistent. You should also be aware that depending on how your Windows workstation registry is set configured for name mangling, you may not get consistent mangling on it either. - John T. > > Regards > Rodrigo N C Fernandes > > Jeremy Allison wrote: > > > > On Fri, Sep 12, 2003 at 05:40:24PM -0300, OPSC Service wrote: > > > Dear all, > > > > > > I have used the Samba 2.2.8a server. > > > > > > mangle method = hash or hash2 > > > > > > But when i make a "dir" command on the MS-DOS prompt, the file name > > > aren't the same from a disk on DOS local partition and Samba Server > > > partition. :-( > > > > > > File name on the Windows view: > > > ESTE_DE_NOME_BEM_GRANDE.TXT > > > > > > DOS prompt on the Samba Serve Partition: > > > TESTE~65.TXT > > > > > > DOS prompt on the DOS local Partition "C:\": > > > TESTE_~1.TXT > > > > > > I would like to know how config the Samba Sever to print the file name > > > with the same name on DOS local partition. > > > > > > Could someone help me? > > > Is there any way to do this? > > > Is it possible? > > > > No, Samba and Windows use different hashing methods for > > this that are not compatible. > > > > Sorry, > > > > Jeremy. > > -- John H Terpstra Email: [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Re: logon hours
On Wed, 2003-09-17 at 00:21, rom wrote: > I m working on a patch for samba 3.0, i ll soon finish it > do you do something like that cause i read that one of us work on bad > password lock ? > > i find that samba need this function, the source for this function is > already present in samba 3.0 (part of almost ...) do you finish it ? Logon hours have not been implmented, except as passdb stubs. The LDAP storage, and auth_sam implementation remain. Likewise, a pdbedit command will need to be created. Andrew Bartlett -- Andrew Bartlett [EMAIL PROTECTED] Manager, Authentication Subsystems, Samba Team [EMAIL PROTECTED] Student Network Administrator, Hawker College [EMAIL PROTECTED] http://samba.org http://build.samba.org http://hawkerc.net signature.asc Description: This is a digitally signed message part -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Debug levels
On Tue, 16 Sep 2003, Potts, Ross A. wrote: > How many levels are there, and what verbosity to they provide? Valid values are from 0 - 255. We tend to use 1 - 10, and 100 for assenine level debugging alone. For most things debug level 3 or 5 is sufficient, for nitty things 10. - John T. -- John H Terpstra Email: [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: RE : [Samba] need of a user root in ldap ?
On Tue, 16 Sep 2003, Antoine Jacoutot wrote: > jean-marc pouchoulon wrote: > > Yes you must, use it to add workstation in domain. SambaSid = > > siddom-1001 (uid=0 ) > > Jean-marc > > Well, I still get the same error message... :( > Acces denied... It is strange. > Why do we need login/passwd to add XP workstation to the samba domain, > can't I just tweak the registry to have the same behaviour NT has ? Sure! Let me know how you do this and I will add it to the HOWTO. - John T. -- John H Terpstra Email: [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Multiple PDCs, Single Domain
On Mon, 2003-09-15 at 15:44, Michael Heironimus wrote: > On Mon, Sep 15, 2003 at 10:34:22AM -0500, Matt Schillinger wrote: > > > I have to admit that I don't see why you can't live live one PDC and X > > > BDCs. You would have construct your LDAP servers this way anyway. If a > > > PDC goes down (or the connection breaks) the BDC would still be able > > > process logons on his own. > > > > > The only Problem here is resources. The plan is that there are already > > machines that can be used as PDC, one per building. However, there isn't > > budget for a BDC per building, so the hope was to have a single BDC at > > the main building.. I can see that this would be difficult, particularly > > if ports 137-139 were blocked at T1 Router. > > You're trying to do it backwards. You want one PDC and multiple BDC's, > not the other way around. Take the machines that are slated for PDC use > and just use them as BDC's instead. You would do the same thing with > Windows servers, one PDC in the main building and a BDC at each remote > site. > I understand what the standard would be, but the reason that I'm trying 'backwards' is that I want to keep authentication traffic off of the T-1 connections that are used for internet/interbuilding traffic. So far, all i've come up with is to have no BDC, and have multiple PDC, each at their own building, with only WINS for the building, and no other buildings.. LDAP can still be centralized and replicated to each PDC. That's not the nicest (I'd like for clients to be able to browse the entire network), but i'm seeing alot of problems with the idea (such as who authenticates a request for Machine 'a' in building '1', when it wants a share from Machine 'b' in building '2' --- And, how do you prevent browsing data from saying that there's a PDC on each building?? Static Entries for PDCs??), so if it doesn't work right, i guess there's no choice. It is Obviously easier to do it the 'forward' way. I guess on that line, if someone could perhaps explain how much traffic i can expect out of authentication requests for say, 100 users / building (100/T-1).. Would a T-1 support such traffic without affecting the usability of internet? Thanks for all your help and prompt responses, Matt Schillinger [EMAIL PROTECTED] > To do what I think you want, you probably want a central LDAP server and > Samba PDC in your main building. In each remote building run a slave > LDAP server replicating from the main one and a Samba BDC. Look at > chapter 6 of the Samba-HOWTO-Collection document, it has a pretty > thorough description of how all this works. > > -- > Michael Heironimus > -- > To unsubscribe from this list go to the following URL and read the > instructions: http://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] smbldap.c
Hi ! I was just wondering if that piece of code was important (for security and such), because I had to comment it in smbldap.c before compiling samba-3.0; otherwise, I would have errors like: "(Insufficient access)smbldap_open: cannot access LDAP when not root" #ifndef NO_LDAP_SECURITY if (geteuid() != 0) { DEBUG(0, ("smbldap_open: cannot access LDAP when not root..\n")); return LDAP_INSUFFICIENT_ACCESS; } #endif Thanks in advance for your answer. Antoine -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Is Samba ready for it?
On Tue, 16 Sep 2003, Fernando Ribeiro wrote: > Hi, > > I am migrating from WinNT 4 to Samba 3 beta3 in a production > environment. > It would be nice to have some advice, because I don't know if Samba is > ready for assuming this ;-) Samba has not been written to act as a psychiatrist - it does not give advice. :- > I never heard about any one that had something like this. > This is kind of a big network so it will be 1 PDC (Samba) , 4 BDC's > (Samba) and 2 File Servers (w2k). I will have a minimum of 800 machines > and 2000 users logging on to Samba. So long as you have enough memory and CPU power there should be no problem with this number of users. Samba is used in much larger sites. > There are more users because of Internet Authentication. > I have Samba 3 beta3 working with NIS and rsync synchronization of > smbpasswd, no db backend. Is this a problem? It's not a problem for me, but it may be for you! NIS is not secure, so I would not use it. > And I can't find a solution for using account policy to block the user > account after bad logins, pdbedit doesn't seem to work. Did you read the Samba-HOWTO-Collection.pdf that ships with Samba-3? You need to read the chapters on Domain Control, Domain Membership, Advanced Management. Short answer is: Use the NT4 Domain User Manager. Instructions for how to obtain this are in the HOWTO. - John T. > If more information is needed just ask me. > > Any thoughts will be welcome. > > Thanks in advance for advices! > > > -- > Fernando Henrique Ribeiro da Silva > > -- John H Terpstra Email: [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] AD authentication problem
On Wed, Sep 17, 2003 at 12:05:44AM +1000, Andrew Bartlett wrote: > On Tue, 2003-09-16 at 23:16, [EMAIL PROTECTED] wrote: > > ># Try to authenticate a user > > > > > >% wbinfo -a [EMAIL PROTECTED] > > >plaintext password authentication failed > > >error code was NT_STATUS_NO_LOGON_SERVERS (0xc05e) > > >error messsage was: No logon servers > > > Your message is "No logon servers", and there is no such declaration in > > your smb.conf. > > How about setting a password server (for example any DC)? > > No, in this case the other logs show this is unrelated. (We can find > the DCs on our own, and unless you have reason to configure otherwise, > it should work just fine). and I did have "password server" set in the smb.conf. Following your suggestion about the workgroup, I have set the workgroup to "S-RES" instead of "S-RES.UVA.NL". It now works much better now. wbinfo -t and wbinfo -a both work correctly. I will now go further with making a share on the linux box with AD authentication but it looks like the problem is solved. Thanks for all the help! Jim -- Jim Mintha Email: [EMAIL PROTECTED] System Administrator Work: +31 20 525-4919 Informatiseringscentrum Home: +31 20 662-3892 University of Amsterdam Debian GNU/Linux: [EMAIL PROTECTED] _There are always Possibilities_ http://www.mintha.com -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] need of a user root in ldap ?
On Tue, 16 Sep 2003, Antoine Jacoutot wrote: > Hi ! > > Is there the need for a root account when using samba-3.0+ldap ? > I'm asking this because I cannot add XP workstations to the domain (I > made the registry changes), I get an "access denied". Under NT, there's > no problem, it does not even ask for a login/password as long as the > workstation account is created in samba. With XP, I use a user account > who is also part of the admins group, but as I said, I get an access denied. > Any idea ? Yes. The account you use to add machines has to have uid=0. ie: root. - John T. -- John H Terpstra Email: [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba + LDAP + multiple Domains
On Tue, 2003-09-16 at 23:48, Markus Schabel wrote: > Hello! > > Running the new Samba 3.0 with all users in an LDAP directory with the > new objectClass sambaSamAccount there seems to be a problem with > multiple domains. > > I have some users that are in more than one domain. Previously this was > no problem, because all domains had access to the same LDAP user account > and allowed users are controlled with specific filters. > > Now the sambaSID contains the domainSID which is different for each > domain, so that it is not possible to use the same account for more than > one domain. > > How do you solve this? Are trust relationships that mature that they can > solve this? Trust relationships are the correct way to deal with this. Any one user should only have one SID - anything else leads to mayhem at one point or another. Or you could just use the 2.2 schema... Andrew Bartlett -- Andrew Bartlett [EMAIL PROTECTED] Manager, Authentication Subsystems, Samba Team [EMAIL PROTECTED] Student Network Administrator, Hawker College [EMAIL PROTECTED] http://samba.org http://build.samba.org http://hawkerc.net signature.asc Description: This is a digitally signed message part -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] AD authentication problem
On Tue, 2003-09-16 at 23:16, [EMAIL PROTECTED] wrote: > ># Try to authenticate a user > > > >% wbinfo -a [EMAIL PROTECTED] > >plaintext password authentication failed > >error code was NT_STATUS_NO_LOGON_SERVERS (0xc05e) > >error messsage was: No logon servers > Your message is "No logon servers", and there is no such declaration in > your smb.conf. > How about setting a password server (for example any DC)? No, in this case the other logs show this is unrelated. (We can find the DCs on our own, and unless you have reason to configure otherwise, it should work just fine). Andrew Bartlett -- Andrew Bartlett [EMAIL PROTECTED] Manager, Authentication Subsystems, Samba Team [EMAIL PROTECTED] Student Network Administrator, Hawker College [EMAIL PROTECTED] http://samba.org http://build.samba.org http://hawkerc.net signature.asc Description: This is a digitally signed message part -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Samba + LDAP + multiple Domains
Hello! Running the new Samba 3.0 with all users in an LDAP directory with the new objectClass sambaSamAccount there seems to be a problem with multiple domains. I have some users that are in more than one domain. Previously this was no problem, because all domains had access to the same LDAP user account and allowed users are controlled with specific filters. Now the sambaSID contains the domainSID which is different for each domain, so that it is not possible to use the same account for more than one domain. How do you solve this? Are trust relationships that mature that they can solve this? thanks Markus -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [TYPO] [Samba] RC4 valid users problem
Sorry, there was a typo in my percedent mail on the second connect attempt: What i tried : wks01:/home# smbclient //172.26.123.121/myshare -U mylogon -W MYAD Password: smb: \> quit wks01:/home# smbclient //172.26.123.121/secondshare -U mylogon -W MYAD Password: tree connect failed: NT_STATUS_ACCESS_DENIED The problem remain the same -- Vincent -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] AD authentication problem
># Try to authenticate a user > >% wbinfo -a [EMAIL PROTECTED] >plaintext password authentication failed >error code was NT_STATUS_NO_LOGON_SERVERS (0xc05e) >error messsage was: No logon servers >Could not authenticate user [EMAIL PROTECTED] with plaintext password >challenge/response password authentication failed >error code was NT_STATUS_NO_LOGON_SERVERS (0xc05e) >error messsage was: No logon servers >Could not authenticate user [EMAIL PROTECTED] with challenge/response > > ># smb.conf >workgroup = S-RES.UVA.NL >netbios name = gnowee >server string = %h server (Samba %v) >log file = /var/log/samba/log.%m >log level = 3 passdb:5 auth:10 winbind:10 >max log size = 1000 >syslog = 0 >panic action = /usr/share/samba/panic-action %d >realm = S-RES.UVA.NL >encrypt passwords = true >password server = s-lorentz.s-res.uva.nl >security = ADS >socket options = TCP_NODELAY >idmap uid = 1-2 >idmap gid = 1-2 >winbind enum users = yes >winbind enum groups = yes Your message is "No logon servers", and there is no such declaration in your smb.conf. How about setting a password server (for example any DC)? -- Vincent -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] RC4 valid users problem
First, many thanks for all who have already help me. I finally success to connect to a share from another computer after searching a lot. Arg isn't this marvellous? ;-) However, i succeed this while removing my account from the valid user in the share declaration. In the following example, authentification for mylogon success in both case. But i can only connect on myshare, while having a NT_STATUS_ACCESS_DENIED in the other case (secondshare). I hope i didn't made any trivial mistake, if so let me know please. In other case, any help or idea would be great Vincent. PS : the windind separator warn about possible problem. Which would be the best one to allow recursive search in group membership (ie user in one group which is part of another, and this another declared in the share declaration?) # /usr/local/samba/bin/testparm /usr/local/samba/etc/samba/smb.conf Load smb config files from /usr/local/samba/etc/samba/smb.conf Processing section "[myshare]" Processing section "[secondshare]" Loaded services file OK. 'winbind separator = +' might cause problems with group membership. Server role: ROLE_DOMAIN_MEMBER Press enter to see a dump of your service definitions # Global parameters [global] workgroup = MYAD realm = MYAD.AD.MYDOMAIN.COM netbios name = servername server string = %h server (Samba %v) security = ADS update encrypted = Yes password server = ip.of.my.dc passwd program = /usr/bin/passwd %u passwd chat = *Enter\snew\sUNIX\spassword:* %n\n *Retype\snew\sUNIX\spassword:* %n\n . client lanman auth = No client plaintext auth = No log level = 3 passdb:5 auth:10 winbind:2 syslog = 0 log file = /var/log/samba/log.%m max log size = 8000 preferred master = No local master = No domain master = No dns proxy = No wins server = ip.of.my.dc ldap ssl = no idmap uid = 1-2 idmap gid = 1-2 winbind separator = + invalid users = root [myshare] path = /mnt/share read only = No [secondshare] path = /mnt/share valid users = MYAD+mylogon read only = No What i tried : wks01:/home# smbclient //172.26.123.121/myshare -U mylogon -W MYAD Password: smb: \> quit wks01:/home# smbclient //172.26.123.121/masters -U mylogon -W MYAD Password: tree connect failed: NT_STATUS_ACCESS_DENIED -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Question about DOS 8.3 mangling files name
Hi Jeremy, First of all, thanks for your answer! One more question: Are there any old Samba version that can solve this Samba/DOS hash incompatibility? Are there any patch from Samba Server to solve this incompatibility? Regards Rodrigo N C Fernandes Jeremy Allison wrote: > > On Fri, Sep 12, 2003 at 05:40:24PM -0300, OPSC Service wrote: > > Dear all, > > > > I have used the Samba 2.2.8a server. > > > > mangle method = hash or hash2 > > > > But when i make a "dir" command on the MS-DOS prompt, the file name > > aren't the same from a disk on DOS local partition and Samba Server > > partition. :-( > > > > File name on the Windows view: > > ESTE_DE_NOME_BEM_GRANDE.TXT > > > > DOS prompt on the Samba Serve Partition: > > TESTE~65.TXT > > > > DOS prompt on the DOS local Partition "C:\": > > TESTE_~1.TXT > > > > I would like to know how config the Samba Sever to print the file name > > with the same name on DOS local partition. > > > > Could someone help me? > > Is there any way to do this? > > Is it possible? > > No, Samba and Windows use different hashing methods for > this that are not compatible. > > Sorry, > > Jeremy. -- OPSC Service Brazil [EMAIL PROTECTED] DARUMA ORGA Card Systems S/A Technology Division OPSC Group - Orga Prepaid Service Center Av. Independencia 3451, Taubate, Sao Paulo, BRAZIL, 12.032-000 Tel: +55 12 281-1900 X 109/110/111 Fax: +55 12 281-1909 Hot Line: +55 12 281-1925, Mo to Fr, 08:00 to 17:00, UTC-3 www.daruma.com.br www.darumaorga.com.br www.orga.com -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Debug levels
How many levels are there, and what verbosity to they provide? -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] RedHat 9.0 Appserver and Enterprise Server
Anyone else use this? I can get the SAMBA 2.2.8 shares out now, I can even mount them to a WIN2K3 server. Here's the weird part. I can drag and drop from the share to the win box, but I can't run backups. I says I don't have access. Any ideas where I should be looking first? I've opened up permissions as far as I can (at least I think so) -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: RE : [Samba] need of a user root in ldap ?
Andrew Bartlett wrote: yes. Ie: S-1-5-21-3798260358-3805881088-2864210895-500 Thanks a lot, it works now :) But I still have one problem. When logging from Windows XP stations with my username, I get the following error: "The procedure number is out of range. Contact your administrator." What is that ? This is the first time I'm seing this error. Antoine -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Is Samba ready for it?
Hi, And I can't find a solution for using account policy to block the user account after bad logins, pdbedit doesn't seem to work. I've just posted a patch concerning this functionnality on samba-technical mailing list which can be fould here : http://lists.samba.org/pipermail/samba-technical/2003-September/047099.html For Samba-3.0.0-rc4. Regards, Aurélien Degrémont -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: RE : [Samba] need of a user root in ldap ?
On Tue, 2003-09-16 at 22:14, Antoine Jacoutot wrote: > Andrew Bartlett wrote: > > > On Tue, 2003-09-16 at 21:57, jean-marc pouchoulon wrote: > > > >>Yes you must, use it to add workstation in domain. SambaSid = > >>siddom-1001 (uid=0 ) > > > > > > That really should be -500, for 'administrator'. But otherwise, this > > is quite correct. > > What should be "-500" ? The sambaSID ? yes. Ie: S-1-5-21-3798260358-3805881088-2864210895-500 > Thanks. > > Antoine -- Andrew Bartlett [EMAIL PROTECTED] Manager, Authentication Subsystems, Samba Team [EMAIL PROTECTED] Student Network Administrator, Hawker College [EMAIL PROTECTED] http://samba.org http://build.samba.org http://hawkerc.net signature.asc Description: This is a digitally signed message part -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: RE : [Samba] need of a user root in ldap ?
Andrew Bartlett wrote: On Tue, 2003-09-16 at 21:57, jean-marc pouchoulon wrote: Yes you must, use it to add workstation in domain. SambaSid = siddom-1001 (uid=0 ) That really should be -500, for 'administrator'. But otherwise, this is quite correct. What should be "-500" ? The sambaSID ? Thanks. Antoine -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: RE : [Samba] need of a user root in ldap ?
jean-marc pouchoulon wrote: Yes you must, use it to add workstation in domain. SambaSid = siddom-1001 (uid=0 ) Jean-marc Well, I still get the same error message... :( Acces denied... It is strange. Why do we need login/passwd to add XP workstation to the samba domain, can't I just tweak the registry to have the same behaviour NT has ? Antoine -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Compiling Samba with LDAP support on Solaris 9 x86
I'm trying to compile Samba 2.2.8a with the --with-ldapsam flag on Solaris 9 for x86 with latest Sun patches. Running 'make' fails with the output below. I've checked all the resources I can find online, but can't find what I'm doing wrong. I have OpenLDAP installed and my LD_LIBRARY_PATH set to point to OpenLDAP's libraries. I'm using GCC 3.2 and Sun's 'make'. Using gmake gives similar errors. Ideally we would then be using Sun's Sun ONE Directory Server for authentication purposes. I'd also be interested to hear from anyone who's got Samba successfully working with Sun's Directory servers. All help much appreciated! Regards Chris Undefined first referenced symbol in file pdb_endsampwent rpc_server/srv_samr_nt.o pdb_delete_sam_account passdb/passdb.o pdb_getsampwrid rpc_server/srv_samr_nt.o pdb_getsampwnam smbd/chgpasswd.o pdb_update_sam_account smbd/chgpasswd.o pdb_add_sam_account passdb/passdb.o pdb_getsampwent rpc_server/srv_samr_nt.o pdb_setsampwent rpc_server/srv_samr_nt.o ld: fatal: Symbol referencing errors. No output written to bin/smbd collect2: ld returned 1 exit status *** Error code 1 make: Fatal error: Command failed for target `bin/smbd' -- Christopher Saul Systems Engineer Tech Access Direct line: +971 4 391 3122 Mob: +971 50 645 4254 -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba and Port 445
On Tue, 2003-09-16 at 05:24, Raymond wrote: > Utilizing Redhat 8.0. and the current SAMBA 2.x RPM. > > Clients are Win2K and XP > > Will be tunneling smb through ssh. > > Would like to utilize port 445 and get away from UDP, LMHOSTS, and the like. > > Please advise on how this can be accomplished with SAMBA. Samba 3.0 will listen to that port by default, but you can certainly forward port 445 on one machine to port 139 on any (recent, including 2.2) samba server, and it should 'just work'. But instead of asking, why not just try it? Andrew Bartlett -- Andrew Bartlett [EMAIL PROTECTED] Manager, Authentication Subsystems, Samba Team [EMAIL PROTECTED] Student Network Administrator, Hawker College [EMAIL PROTECTED] http://samba.org http://build.samba.org http://hawkerc.net signature.asc Description: This is a digitally signed message part -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] AD authentication problem
On Tue, 2003-09-16 at 11:38, Jim Mintha wrote: > I'm having a problem authenticating to Active Directory. I can join > the machine to the domain, wbinfo -g/-u will list the groups and users > and I can map a drive using: smbclient -k //s-lorentz.s-res.uva.nl/c\$ > However when I try to get the linux machine to authenticate a user > it doesn't work giving the error NT_STATUS_NO_LOGON_SERVERS > (0xc05e). Looking further in the logs it fails at: > > [2003/09/16 03:20:22, 2] libsmb/cliconnect.c:cli_session_setup_kerberos(493) > Doing kerberos session setup > [2003/09/16 03:20:22, 5] nsswitch/winbindd_cm.c:cm_get_netlogon_cli(625) > cm_get_netlogon_cli: Using short for of domain name [S-RES.UVA.NL] for netlogon > rpc bind > [2003/09/16 03:20:22, 3] rpc_client/cli_pipe.c:rpc_api_pipe(457) > Bind NACK received on pipe 8003! > workgroup = S-RES.UVA.NL Is this really the netbios workgroup name? This is different to the domain name. For 'security=ads' you should also specify the realm. Andrew Bartlett -- Andrew Bartlett [EMAIL PROTECTED] Manager, Authentication Subsystems, Samba Team [EMAIL PROTECTED] Student Network Administrator, Hawker College [EMAIL PROTECTED] http://samba.org http://build.samba.org http://hawkerc.net signature.asc Description: This is a digitally signed message part -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: RE : [Samba] need of a user root in ldap ?
On Tue, 2003-09-16 at 21:57, jean-marc pouchoulon wrote: > Yes you must, use it to add workstation in domain. SambaSid = > siddom-1001 (uid=0 ) That really should be -500, for 'administrator'. But otherwise, this is quite correct. Andrew Bartlett -- Andrew Bartlett [EMAIL PROTECTED] Manager, Authentication Subsystems, Samba Team [EMAIL PROTECTED] Student Network Administrator, Hawker College [EMAIL PROTECTED] http://samba.org http://build.samba.org http://hawkerc.net signature.asc Description: This is a digitally signed message part -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Is Samba ready for it?
On Tue, 2003-09-16 at 21:54, Fernando Ribeiro wrote: > Hi, > > I am migrating from WinNT 4 to Samba 3 beta3 in a production > environment. > It would be nice to have some advice, because I don't know if Samba is > ready for assuming this ;-) > I never heard about any one that had something like this. > This is kind of a big network so it will be 1 PDC (Samba) , 4 BDC's > (Samba) and 2 File Servers (w2k). I will have a minimum of 800 machines > and 2000 users logging on to Samba. > There are more users because of Internet Authentication. > I have Samba 3 beta3 working with NIS and rsync synchronization of > smbpasswd, no db backend. Is this a problem? Yes. Machines may change their machine account with any BDC, and samba will 'loose' this apon the next rsync from the PDC. You will need to use LDAP (as it has the correct 'talk to the PDC' logic). > And I can't find a solution for using account policy to block the user > account after bad logins, pdbedit doesn't seem to work. A patch to implement this is under consideration - Jeremy has implemented part of this, but it is not yet operational. Andrew Bartlett -- Andrew Bartlett [EMAIL PROTECTED] Manager, Authentication Subsystems, Samba Team [EMAIL PROTECTED] Student Network Administrator, Hawker College [EMAIL PROTECTED] http://samba.org http://build.samba.org http://hawkerc.net signature.asc Description: This is a digitally signed message part -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE : [Samba] need of a user root in ldap ?
Yes you must, use it to add workstation in domain. SambaSid = siddom-1001 (uid=0 ) Jean-marc -Message d'origine- De : [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] .org] De la part de Antoine Jacoutot Envoyé : mardi 16 septembre 2003 13:49 À : [EMAIL PROTECTED] Objet : [Samba] need of a user root in ldap ? Hi ! Is there the need for a root account when using samba-3.0+ldap ? I'm asking this because I cannot add XP workstations to the domain (I made the registry changes), I get an "access denied". Under NT, there's no problem, it does not even ask for a login/password as long as the workstation account is created in samba. With XP, I use a user account who is also part of the admins group, but as I said, I get an access denied. Any idea ? Thanks. Antoine -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Is Samba ready for it?
Hi, I am migrating from WinNT 4 to Samba 3 beta3 in a production environment. It would be nice to have some advice, because I don't know if Samba is ready for assuming this ;-) I never heard about any one that had something like this. This is kind of a big network so it will be 1 PDC (Samba) , 4 BDC's (Samba) and 2 File Servers (w2k). I will have a minimum of 800 machines and 2000 users logging on to Samba. There are more users because of Internet Authentication. I have Samba 3 beta3 working with NIS and rsync synchronization of smbpasswd, no db backend. Is this a problem? And I can't find a solution for using account policy to block the user account after bad logins, pdbedit doesn't seem to work. If more information is needed just ask me. Any thoughts will be welcome. Thanks in advance for advices! -- Fernando Henrique Ribeiro da Silva -- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] need of a user root in ldap ?
Hi ! Is there the need for a root account when using samba-3.0+ldap ? I'm asking this because I cannot add XP workstations to the domain (I made the registry changes), I get an "access denied". Under NT, there's no problem, it does not even ask for a login/password as long as the workstation account is created in samba. With XP, I use a user account who is also part of the admins group, but as I said, I get an access denied. Any idea ? Thanks. Antoine -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Helpers for Squid
Hi, yesterday i've downloaded Samba 3.0.0rc4 and installed it. The integration with Squid works fine(with NTLM). Now i would grant access only those useres who are in a specific Windows Group. Where can i find the "helper", that allows this? Thanks Myrko Leitner --- Der Inhalt dieser e-Mailnachricht ist ausschliesslich fuer den Adressaten bestimmt, gilt somit als persoenlich und vertraulich. Fur den Fall, dass Ihnen diese e-Mailnachricht irrtuemlicherweise zugestellt worden sein sollte, weisen wir Sie darauf hin, dass der Gebrauch, die Auswertung, Veroeffentlichung oder Verbreitung des Inhaltes untersagt ist. Auch bitten wir Sie, uns den irrtuemlichen Empfang dieser e-Mailnachricht mitzuteilen, damit dieser Fehler in Zukunft abgestellt werden kann. Il contenuto di questa e-mail e destinato esclusivamente al destinatario stesso e deve intendersi pertanto riservato e personale. Se pertanto questa e-mail vi fosse pervenuta erroneamente e pertanto non siete i veri destinatari vi avvertiamo che e severamente vietato sia l'analisi e la pubblicazione del relativo contenuto che anche l'utilizzo per qualsiasi altro scopo. Chiediamo inoltre che ci venga comunicata la errata notifica della e-mail. Privileged/Confidential Information may be contained in this message. If you are not the addressee indicated in this message, you may not copy or deliver this message to anyone. In such case, you should destroy this message, and notify me immediately. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Re: Re: delete file problem with samba
Oh, it's fixed in 3.0? But in the previous post, I didn't describe my situation in a very clear way, let me say it more clear here see if it's the exact same problem you recalled. When the folder I want to delete is being opened or the subfolder is being opened in the Windows Explorer, then I'll get an Windows error dialog box saying that, Cannot remove folder : Cannot find the specified file. Let me give you a two scenarios, let say folderB is a subfolder of folderA. 1. If folderB is open and I am trying to delete folderA, then folderA is still there, but folderB will be removed. The windows explorer error msg would be, Cannot remove folder folderB : Cannot find the specified file. 2. If folderA is open and I am trying to delete folderA, then both folderA and folderB got removed. The windows explorer error msg would be, Cannot remove folder folderA : Cannnot find the specified file. On the FreeBSD, this is the log of this error with debug level 0, 1 and 2 smbd/trans2.c: set_delete_on_close_over_all(2214) set_delete_on_close_internal: failed to change delete on close flag for file In this post, I've also attached the log file with debug level 3, but I have no idea what's going on in this log file. It's all about the internal function call. I am using Windows XP professional with all the patches installed. The samba version is 2.2.8a running on a FreeBSD 4.8. Thanks in advance. Joseph "Jeremy Allison" <[EMAIL PROTECTED]> wrote in message news:[EMAIL PROTECTED] > On Mon, Sep 15, 2003 at 10:13:36AM -0400, Joseph Yuen wrote: > > If this is an artifact of the way Windows/UNIX differ in file deletion, then > > many people would have this problem and the samba team should have noticed > > that already. > > > > By the way, my samba server is being used by a group of people, I can't tell > > everybody to ignore it for now. This error keeps creating confusion among > > the > > users, can any expert here suggest some helpful way to solve this? > > This is something we fixed for 3.0 in the CIFS test lab as I recall. > We probably won't fix this in a future 2.2.x release as it's not a > security issue. > > Jeremy. > -- > To unsubscribe from this list go to the following URL and read the > instructions: http://lists.samba.org/mailman/listinfo/samba > begin 666 log.cecil.problem M6S(P,#,O,#DO,34@,30Z,C,Z,38L(#-=('-M8F0O<')O8V5S5]N96=P M5]N96=P5]N96=P5]S97-S<[EMAIL PROTECTED]@P*0H@($1O;6%I;CU;0T5#24Q=("!.871I M=F5/4SU;5VEN9&]W5]S97-S<[EMAIL PROTECTED] M*0H@('-E"YC.G!U"@R.3%]S=&%C:U]N9'@@/2 Q"ELR,# S M+S Y+S$U(#$T.C(S.C$V+" S72!S;6)D+W5I9"YC.G!U%]S M=&%C:U]N9'@@/2 P"ELR,# S+S Y+S$U(#$T.C(S.C$V+" S72!S;6)D+W-E M8U]C='@N8SIG971?8W5R"@P+" P*2 Z M('-E8U]C='A?"YC.F=E M=%]C=7)R96YT7V=R;W5P<[EMAIL PROTECTED](I"B @9V5T7V-U"YC.G-E=%]S96-?8W1X*#,S-"D*(" S('5S97(@9W)O=7!S M.B *(" P(# @,3 @"ELR,# S+S Y+S$U(#$T.C(S.C$V+" S72!S;6)D+W9F M5]T M8V]N7V%N9%]8*#,Y-2D*("!T8V]N6"!S97)V:6-E/7!U8FQI8R!U"YC.G-E=%]S96-?8W1X*#,S-"D*(" S('5S M97(@9W)O=7!S.B *(" P(# @,3 @"ELR,# S+S Y+S$U(#$T.C(S.C$V+" S M72!S;6)D+W1R86YS,BYC.F-A;&Q?=')A;G,R<69I;&5P871H:6YF;[EMAIL PROTECTED] M*0H@(&-A;&Q?=')A;G,R<69I;&5P871H:6YF;[EMAIL PROTECTED])!3E-!0U0R7U%0051( M24Y&3SH@;&5V96P@/2 Q,# T"ELR,# S+S Y+S$U(#$T.C(S.C$V+" S72!L M:6(O=71I;"YC.G5N:7A?8VQE86Y?;[EMAIL PROTECTED]%]C;&5A;E]N M86UE(%M="ELR,# S+S Y+S$U(#$T.C(S.C$V+" S72!L:6(O=71I;"YC.G5N M:7A?8VQE86Y?;[EMAIL PROTECTED]%]C;&5A;E]N86UE(%LN70I;,C P M,R\P.2\Q-2 Q-#HR,SHQ-BP@,UT@2 ](#$@ M;&5V96P@/2 R-C L(&UA>%]D871A7V)Y=&5S(#T@,38S.#0*6S(P,#,O,#DO M,34@,30Z,C,Z,38L(#-=(&QI8B]U=&EL+F,Z=6YI>%]C;&5A;E]N86UE*#,X M-RD*("!U;FEX7V-L96%N7VYA;[EMAIL PROTECTED];,C P,R\P.2\Q-2 Q-#HR,SHQ M-BP@,UT@;&EB+W5T:6PN8SIU;FEX7V-L96%N7VYA;64H,[EMAIL PROTECTED]@('5N:7A? M8VQE86Y?;F%M92!;*ET*6S(P,#,O,#DO,34@,30Z,C,Z,38L(#-=(&QI8B]U M=&EL+F,Z=6YI>%]C;&5A;E]N86UE*#,X-RD*("!U;FEX7V-L96%N7VYA;64@ M6RXO70I;,C P,R\P.2\Q-2 Q-#HR,SHQ-BP@,UT@%]C;&5A;E]N86UE(%LO70I;,C P,R\P.2\Q-2 Q-#HR,SHQ M-BP@,UT@%]M;V1E*#$Q,2D*("!U;FEX7VUO M9&4H+BD@5]C:&%N9V4H,34U-RD*("!C86QL7VYT7W1R86YS86-T7VYO=&EF>5]C:&%N M9V4*6S(P,#,O,#DO,34@,30Z,C,Z,38L(#-=('-M8F0O;G1T2 ](#$@;&5V96P@/2 R-C L(&UA>%]D871A7V)Y=&5S(#T@,38S M.#0*6S(P,#,O,#DO,34@,30Z,C,Z,C$L(#-=(&QI8B]U=&EL+F,Z=6YI>%]C M;&5A;E]N86UE*#,X-RD*("!U;FEX7V-L96%N7VYA;[EMAIL PROTECTED]&;VQD97)!+RI= M"ELR,# S+S Y+S$U(#$T.C(S.C(Q+" S72!L:6(O=71I;"YC.G5N:7A?8VQE M86Y?;[EMAIL PROTECTED]%]C;&5A;E]N86UE(%M&;VQD97)!+RI="ELR M,# S+S Y+S$U(#$T.C(S.C(Q+" S72!L:6(O=71I;"YC.G5N:7A?8VQE86Y? M;[EMAIL PROTECTED]%]C;&5A;E]N86UE(%M&;VQD97)!70I;,C P,R\P M.2\Q-2 Q-#HR,SHR,2P@,UT@%]M;V1E*#$Q,2D*("!U;FEX7VUO9&4H+BD@71E%]C;&5A;E]N86UE(%LO1F]L9&5R02]&;VQD97)"+RI="ELR,# S+S Y M+S$U(#$T.C(S.C(R+" S72!L:6(O=71I;"YC.G5N:7A?8VQE86Y?;[EMAIL PROTECTED] M.#%]C;&5A;E]N86UE(%M&;VQD97)!+T9O;&1E%]C;&5A;E]N M86UE*#,X-RD*("!U;FEX7V-L96%N7VYA;[EMAIL PROTECTED];&1E71E%]C;&5A;E]N86UE(%LO1F]L9&5R02]&;VQD97)"+RI="ELR,# S M+S Y+S$U(#$T.C(S.C(S+" S72!L:6(O=71I;"YC.G5N:7A?8VQE86Y?;F%M [EMAIL PROTECTED]%]C;&5A;E]N86U
Re: [Samba] Roaming Profiles not updating.
On Mon, 2003-09-15 at 13:45, Kevin Anderson wrote: > I'm finding our employees' roaming profiles are not being updated. They were > initially created correctly, they copy down onto a new machine, but updates are not > put back onto the server. I've also noticed that smbstatus does not show any open > dat files, such as ntuser.dat. I would have assumed that these files would have > been held open while the client was connected. > > Employees can sign in, sign out, there are no errors on the Win2K box or the smbd or > user samba logs, but changes are lost. All employees are running Win2K Desktops, > Samba 2.2.8a as a PDC running on Gentoo. > > Any advice would be appreciated. turn your log up to about level 3 and watch to see what is happening when somebody logs off. if you see nothing then it's likely a client problem. Might be that the date is off? brad -- Bradley W. Langhorst <[EMAIL PROTECTED]> -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Samba + Cups + Point'n'Print -> explorer error
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi list, I just installed samba-2.2.8 and cups-1.1.19. Everthing went fine, except for the point'n'print feature. I can successfully upload the driver, but after if I try to view the printer properties after that. I get a nice windows on my xp box that informs me about an unhandled exception within explorer.exe and the status code is "0xc005" I have the problem with two different printers: - - HP - Deskjet 960C - - Oki - C5300n A HP Laserjet 4000n is doing just fine. Can anyone of you point in the right direction to solve this? Thank you and cheers Nicki - -- Linksystem Muenchen GmbH [EMAIL PROTECTED] Schloerstrasse 10 http://www.link-m.de 80634 Muenchen Tel. 089 / 890 518-0 We make the Net work. Fax 089 / 890 518-77 PGP-Key: https://www.link-m.de/pgp/n.messerschmidt.asc -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.1 (GNU/Linux) iD8DBQE/ZtZL6zWc+bXuIEMRArxbAJ0Vw53kXvJ0aCStq+tZFFMsnvH/9gCdEmeD F6gCOQvWrLd133S4svVbZWc= =CAlF -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba 3.0.0rc3 : HPUX Makefile problem
do a strings or nm to see if the symbol is in there, if it is, check your library search path. My experience is to always link statically, that way, if it runs, it runs even after installing buggy quality patches from HP. I have installed the rc3 on several machines, but it only runs on machines with an gcc installed on it. On all others it cores, possibly runtime libraries ... :-\ hence my preference for static linking ... Peter. Ryan Novosielski wrote: I tried +z and I am still having some trouble... different error this time, which I suppose is helpful, but can someone tell me how I'd go about resolving this (this is how the executables behave when compiled with HP ANSIc): # ./net /usr/lib/dld.sl: Unresolved symbol: smb_register_charset (code) from /opt/samba-3.0.0rc4/lib/charset/CP850.sl Abort(coredump) ..the 'smbd' binary just does "Abort" and that's it. _ _ _ _ ___ _ _ _ |Y#| | | |\/| | \ |\ | | | Ryan Novosielski - Jr. UNIX Systems Admin |$&| |__| | | |__/ | \| _| | [EMAIL PROTECTED] - 973/972.0922 (2-0922) \__/ Univ. of Med. and Dent. | IST/ACS - NJMS Medical Science Bldg - C630 On Mon, 15 Sep 2003, Ryan Novosielski wrote: I'm not actually using gcc. :-D I could be (though I prefer to use native compilers whenever possible). Are the native compilers no longer supported? During earlier correspondance with Samba maintainers, they said that they actively attempt to keep native compilers working properly. _ _ _ _ ___ _ _ _ |Y#| | | |\/| | \ |\ | | | Ryan Novosielski - Jr. UNIX Systems Admin |$&| |__| | | |__/ | \| _| | [EMAIL PROTECTED] - 973/972.0922 (2-0922) \__/ Univ. of Med. and Dent. | IST/ACS - NJMS Medical Science Bldg - C630 On Mon, 15 Sep 2003, Peter Van Biesen wrote: Alter CFLAGS in the makefile, add -fpic ( if you're using gcc ), make clean, make ... in the rc3 they added files that are compiled with -fPIC but not all files that needed it, so on HPUX this still doesn't work, so you need to add them manually. +z is the option for the HP C- compiler, as ld doesn't know you're actually using gcc ;-). Hope this helps, Peter. Ryan Novosielski wrote: How does one get past this problem, which is the one that stalls my compile: Linking shared library bin/pam_smbpass.sl /usr/ccs/bin/ld: DP relative code in file /var/tmp//ccqbI3id.o - shared library must be position independent. Use +z or +Z to recompile. collect2: ld returned 1 exit status *** Error exit code 1 Stop. Where would this +z or +Z even go? Part of CFLAGS? _ _ _ _ ___ _ _ _ |Y#| | | |\/| | \ |\ | | | Ryan Novosielski - Jr. UNIX Systems Admin |$&| |__| | | |__/ | \| _| | [EMAIL PROTECTED] - 973/972.0922 (2-0922) \__/ Univ. of Med. and Dent. | IST/ACS - NJMS Medical Science Bldg - C630 On Wed, 10 Sep 2003, Peter Van Biesen wrote: Hello, there's still a small problem when compiling on hpux, after running configure the variable AR is not set in the Makefile. The compilation fails because it tries to run $(AR) -rc and thus tries to run '-rc' ... Adding AR=ar in the Makefile fixes the problem, but I suppose there must be a better way ? Thanks and keep up the good work ! Peter. -- Peter Van Biesen Adj. Sysadmin V.F.S.I.P.H. tel: +32 (0) 2 225 85 70 fax: +32 (0) 2 225 85 88 e-mail: [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- Peter Van Biesen Adj. Sysadmin V.F.S.I.P.H. tel: +32 (0) 2 225 85 70 fax: +32 (0) 2 225 85 88 e-mail: [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- Peter Van Biesen Adj. Sysadmin V.F.S.I.P.H. tel: +32 (0) 2 225 85 70 fax: +32 (0) 2 225 85 88 e-mail: [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Re: adding printer driver to a printer
Christopher Odenbach wrote: > Hi, > >>I'm using debian woody with samba (2.2.3a-12.3). After installing >>2.2.8a everything that worked, still works. What didn't work, still >>doesn't work. >> >>Hereunder is my smb.conf, /etc/lprng/printcap, and the logfile that >>contains errors in relation to the printers (i get them when i go to >>printers&faxes): >> >> === >>[2003/09/15 15:26:08, 0] lib/fault.c:fault_report(39) >> INTERNAL ERROR: Signal 11 in pid 13757 (2.2.3a-12.3 for Debian) > > > >>Anyone an idea? > > Maybe you are still using the old version? Make sure you are using > the new binaries, not the old ones. Sorry for that. That was the logfile when I was running 2.2.3a-12-3. Now I'm running the 2.2.8a. Hereunder the output in the logfile when I go to faxes and printers on a win/xp machine: [2003/09/16 09:36:32, 1] smbd/service.c:make_connection(636) po0015 (10.0.0.111) connect to service shared as user marc (uid=1000, gid=1000) (pid 2427) [2003/09/16 09:36:37, 0] libsmb/cliconnect.c:attempt_netbios_session_request(1084) attempt_netbios_session_request: PO0015 rejected the session for name *SMBSERVER with error Not listening on called name [2003/09/16 09:36:37, 0] rpc_client/cli_spoolss_notify.c:spoolss_connect_to_client(98) connect_to_client: machine PO0015 rejected the NetBIOS session request. [2003/09/16 09:36:37, 0] smbd/service.c:make_connection(252) po0015 (10.0.0.111) couldn't find service ::{2227a280-3aea-1069-a2de-08002b30309d} [2003/09/16 09:36:43, 1] smbd/service.c:close_cnum(677) po0015 (10.0.0.111) closed connection to service shared Marc. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Re: adding printer driver to a printer
Christopher Odenbach wrote: Hi, I'm using debian woody with samba (2.2.3a-12.3). After installing 2.2.8a everything that worked, still works. What didn't work, still doesn't work. Hereunder is my smb.conf, /etc/lprng/printcap, and the logfile that contains errors in relation to the printers (i get them when i go to printers&faxes): === [2003/09/15 15:26:08, 0] lib/fault.c:fault_report(39) INTERNAL ERROR: Signal 11 in pid 13757 (2.2.3a-12.3 for Debian) Anyone an idea? Maybe you are still using the old version? Make sure you are using the new binaries, not the old ones. Sorry for that. That was the logfile when I was running 2.2.3a-12-3. Now I'm running the 2.2.8a. Hereunder the output in the logfile when I go to faxes and printers on a win/xp machine: [2003/09/16 09:36:32, 1] smbd/service.c:make_connection(636) po0015 (10.0.0.111) connect to service shared as user marc (uid=1000, gid=1000) (pid 2427) [2003/09/16 09:36:37, 0] libsmb/cliconnect.c:attempt_netbios_session_request(1084) attempt_netbios_session_request: PO0015 rejected the session for name *SMBSERVER with error Not listening on called name [2003/09/16 09:36:37, 0] rpc_client/cli_spoolss_notify.c:spoolss_connect_to_client(98) connect_to_client: machine PO0015 rejected the NetBIOS session request. [2003/09/16 09:36:37, 0] smbd/service.c:make_connection(252) po0015 (10.0.0.111) couldn't find service ::{2227a280-3aea-1069-a2de-08002b30309d} [2003/09/16 09:36:43, 1] smbd/service.c:close_cnum(677) po0015 (10.0.0.111) closed connection to service shared Marc. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Windows XP Browsing Problems
Hi again, I tried all you said, but now I found the problem, I think. It has nothing to do with wins or not. My dns works very good and is definetly not missconfigured. But when I change in smb.conf security = "domain" to "user", as described in the how-to's, the windows xp professional boxes (not the home versions) don't find any share-names. Wins is configured on this box. If I switch back again to security = domain, everything works again, but in network neighborhood I see the server as BDC and not, as is configured, PDC. That's since my update to CVS 3.0.1pre1. Is there a bug maybe or ajust a change I don't know about? Thank you for helping. Greetings Sascha -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] W2k server pdc and mounts
Hi! I have set up my Linux clients to authorise against a win2k pdc, I'm using Winbindd to the job. I have edited /etc/nsswitch.conf and /etc/pam.d/system-auth and added/modified the parameters as described here: http://www.isomedia.com/homes/kpuckett/Windows_Domain_Logins_from_RH7.3.htm It works perfect, my clients can log in, and if their home directories dosen't exists pam_mkhomedir.so create it. My problem is that the users home directories is on the win2k, and I would like to mount them on the Linux clients, but if I add a entry to /etc/fstab root gets to own it all, and the users can create/delete/modify anything in their home directories. What I want is a solution like the one a get with NIS and NFS, that the owner, group and rights are mounted "together" with the share. Is that possible? Regards, Christoffer Dahl -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Re: adding printer driver to a printer
Hi, > I'm using debian woody with samba (2.2.3a-12.3). After installing > 2.2.8a everything that worked, still works. What didn't work, still > doesn't work. > > Hereunder is my smb.conf, /etc/lprng/printcap, and the logfile that > contains errors in relation to the printers (i get them when i go to > printers&faxes): > >=== > [2003/09/15 15:26:08, 0] lib/fault.c:fault_report(39) >INTERNAL ERROR: Signal 11 in pid 13757 (2.2.3a-12.3 for Debian) > > Anyone an idea? Maybe you are still using the old version? Make sure you are using the new binaries, not the old ones. Christopher -- == Dipl.-Ing. Christopher Odenbach HNI Rechnerbetrieb [EMAIL PROTECTED] Tel.: +49 5251 60 6215 == -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] adding printer driver to a printer
Hi, I'm using debian woody with samba (2.2.3a-12.3). After installing 2.2.8a everything that worked, still works. What didn't work, still doesn't work. Sharing files works properly. I'd like to share a printer via the samba server. When I go to the printers&faxes share in explorer, no printers are shown. Hereunder is my smb.conf, /etc/lprng/printcap, and the logfile that contains errors in relation to the printers (i get them when i go to printers&faxes): start smb.conf: [global] netbios name = ULYSSES workgroup = ULYSSESL server string = %h server (Samba %v) load printers = yes printing = lprng printcap name = /etc/lprng/printcap invalid users = root log file = /var/log/samba/log.%m max log size = 1000 syslog = 0 security = user encrypt passwords = true printer admin = marc hide dot files = yes local master = yes os level = 64 domain master = auto domain logons = yes logon path = \\%N\profiles\%u logon drive = U: logon home = \\%N\%u logon script = %u.bat preferred master = yes passwd program = /usr/bin/passwd %u passwd chat = *Enter\snew\sUNIX\spassword:* %n\n *Retype\snew\sUNIX\spassword:* %n\n . [homes] comment = Home Directories browseable = no writable = yes create mask = 0700 directory mask = 0700 hide dot files = yes [netlogon] comment = Network Logon Service path = /home/samba/netlogon guest ok = yes writable = no share modes = no [profiles] comment = Profiles for the users path = /home/samba/profiles writable = yes create mask = 0600 directory mask = 0700 [print$] comment = printer driver download area path = /home/samba/printers browsable = yes guest ok = yes read only = yes create mask = 0644 directory mask = 755 write list = marc printer admin = marc [printers] comment = All Printers browseable = yes path = /home/samba/printers/spool printable = yes public = no writable = no create mode = 0700 printer admin = marc * end smb.conf: * start printcap # /etc/printcap: printer capability database. See printcap(5). # You can use the filter entries df, tf, cf, gf etc. for # your own filters. See /etc/filter.ps, /etc/filter.pcl and # the printcap(5) manual page for further details. lp1:\ :sd=/var/spool/lpd/lp1:\ :mx#0:\ :sh:\ :rm=10.0.0.88:\ :lpd_bounce=true:\ :PAPERSIZE=a4:\ :DESIRED_TO=ps:\ :PRINTER_TYPE=REMOTE:\ :ASCII_TO_PS=YES:\ :GSDEVICE=POSTSCRIPT:\ :RESOLUTION=600x600:\ :PS_SEND_EOF=YES:\ :NUP=1:\ :RTLFTMAR=18:\ :TOPBOTMAR=18:\ :TEXT_SEND_EOF=NO: #:if=/etc/lprng/master-filter:\ #:rp=9100:\ #:rp=BINARY_P1:\ lp2:\ :sd=/var/spool/lpd/lp2:\ :mx#0:\ :sh:\ :rm=10.0.0.183:\ :lpd_bounce=true:\ :PAPERSIZE=a4:\ :DESIRED_TO=ps:\ :PRINTER_TYPE=REMOTE:\ :ASCII_TO_PS=YES:\ :GSDEVICE=POSTSCRIPT:\ :RESOLUTION=600x600:\ :PS_SEND_EOF=YES:\ :NUP=1:\ :RTLFTMAR=18:\ :TOPBOTMAR=18:\ :TEXT_SEND_EOF=NO: lp3:\ :sd=/var/spool/lpd/lp3:\ :mx#0:\ :sh:\ :rm=10.0.0.88:\ :PAPERSIZE=a4:\ :DESIRED_TO=ps:\ :PRINTER_TYPE=REMOTE:\ :RESOLUTION=600x600:\ :PS_SEND_EOF=YES:\ :NUP=1:\ :RTLFTMAR=18:\ :TOPBOTMAR=18:\ :TEXT_SEND_EOF=NO: * end printcap When I go to printers&faxes on a win/xp machine no printers are shown The following is in the log file: [2003/09/15 15:26:08, 0] libsmb/cliconnect.c:attempt_netbios_session_request(977) attempt_netbios_session_request: PO0015 rejected the session for name *SMBSERVER with error Not listening on called name [2003/09/15 15:26:08, 0] rpc_client/cli_spoolss_notify.c:spoolss_connect_to_client(73) [2003/09/15 15:26:08, 0] lib/fault.c:fault_report(38) === [2003/09/15 15:26:08, 0] lib/fault.c:fault_report(39) INTERNAL ERROR: Signal 11 in pid 13757 (2.2.3a-12.3 for Debian) Please read the file BUGS.txt in the distribution [2003/09/15 15:26:08, 0] lib/fault.c:fault_report(41) === [2003/09/15 15:26:08, 0] lib/util.c:smb_panic(1064) PANIC: internal error [2003/09/15 15:26:10, 0] libsmb/cliconnect.c:attempt_netbios_session_request(977) attempt_netbios_session_request: PO0015 rejected the session for name *SMBSERVER with error Not listening on called name [2003/09/15 15:26:10, 0] rpc_client/cli_spoolss_notify.c:spoolss_connect_to_client(73) [2003/09/15 15:26:10, 0] lib/fault.c:fault_report(38) === [2003/09/15 15:26:10, 0] lib/fau