AW: [Samba] Samba 3.0.0 + ADS authentication and login
hi gary, found the same here. the only difference i found (compared to rc4) was in winbindd_pam.c around line 98. i changed it back to rc4-code (changed "!*name_domain" to "!name_domain") and it works fine here now... but i'm sure that's not the correct solution ;-)) maybe andrew can help regards, chris p.s.: sorry for posting this also to samba-technical, but i think that's the place where it should go -Ursprüngliche Nachricht- Von: gary [mailto:[EMAIL PROTECTED] Gesendet: Dienstag, 30. September 2003 17:43 An: [EMAIL PROTECTED] Betreff: [Samba] Samba 3.0.0 + ADS authentication and login My analysis of the source code indicates that winbindd(the nsswitch related ones) is broken in 3.0 for 'non-trusted' domains. In other words, it cannot handle accounts of its own domain(be it a Samba PDC/BDC or in your case a member server of a domain). -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] samba 3.0, excel 2000, read-only problem
Jeremy Allison wrote: On Wed, Oct 01, 2003 at 08:11:54AM +0500, Dmitry Melekhov wrote: Hello! I just tried to move one of our servers to samba 3.0 and found that it has problems with read-only excel files. Excel simply can't open them. On 2.2.8a Excel successefully opens read-only files. Server is Suse 8.1, kernel 2.4.20. What version of Excel please ? Oops! Sorry! Excel 2000. 9.0.4402 SR-1 -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] samba 3.0, excel 2000, read-only problem
On Wed, Oct 01, 2003 at 08:11:54AM +0500, Dmitry Melekhov wrote: > Hello! > > I just tried to move one of our servers to samba 3.0 and found that it > has problems with read-only excel files. > Excel simply can't open them. > On 2.2.8a Excel successefully opens read-only files. > > Server is Suse 8.1, kernel 2.4.20. What version of Excel please ? Jeremy. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] RE:Samba2.2.8.a "status:access denied, unable to connect"
hi Philip try using : use client driver = yes in the "global" part it should do it if you are installing printer's drivers on the client. tsvi -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] error smbadduser
i try to instal samba be pdc and evrry add user i get error like this : [EMAIL PROTECTED] sambaconf]# ./smbadduser Enter the [Login name] for new samba user : [EMAIL PROTECTED] sambaconf]# ./smbadduser testuser Here we go! Enter the [Login name] for new samba user : testuser Enter the [Real name] for the new samba user []: tes fetch_ldap_pw: neither ldap secret retrieved! ldap_connect_system: Failed to retrieve password from secrets.tdb Connection to LDAP Server failed for the 1 try! smbldap_search_suffix: Problem during the LDAP search: (unknown) (Invalid credentials) fetch_ldap_pw: neither ldap secret retrieved! ldap_connect_system: Failed to retrieve password from secrets.tdb Connection to LDAP Server failed for the 1 try! ldapsam_search_one_group: Problem during the LDAP search: LDAP error: (unknown) (Invalid credentials)fetch_ldap_pw: neither ldap secret retrieved! ldap_connect_system: Failed to retrieve password from secrets.tdb Connection to LDAP Server failed for the 1 try! smbldap_search_suffix: Problem during the LDAP search: (unknown) (Invalid credentials) Failed to add entry for user testuser. Failed to modify password entry for user testuser [EMAIL PROTECTED] sambaconf] and here my smb.conf ( please chek it if i wrong ) [global] netbios name = pim workgroup = pim-net log level = 2 log file = /usr/local/samba/var/sambapdc.log security = share invalid users = root interfaces = 172.18.20.0/32 security = user server string = %h server (PDC %v) syslog only = no socket options = IPTOS_LOWDELAY TCP_NODELAY SO_SNBUF=4096 SO_RCVBUF=4096 encrypt passwords = yes #NT Domain Section wins support = yes os level = 20 domain master = yes local master = yes preferred master = yes domain logons = yes #Scripts Logon logon script = logon.bat # Where the scripts resides. logon path = \\%L\netlogon # Where the profiles are logon home = \\%L\%U\profiles name resolve order = lmhosts host wins bcast dns proxy = no smb passwd file = /usr/local/samba/private/smbpasswd # How long do you want the samba log file to be? max log size = 2000 time server = yes [netlogon] path = /home/samba/netlogon public = no writeable = no browsable = no [profiles] path = /home/samba/profiles read only = no create mask = 0600 directory mask = 0700 [homes] comment = %u browsable = no read only = no create mask = 0700 directory mask = 0700 [pub] comment = Public path = /home/samba/pub public = yes browsable = yes guest ok = yes read only = no [tmp] comment = Temp path = /home/samba/tmp public = yes browsable = yes guest ok = yes read only = no -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] samba 3.0, excel 2000, read-only problem
Hello! I just tried to move one of our servers to samba 3.0 and found that it has problems with read-only excel files. Excel simply can't open them. On 2.2.8a Excel successefully opens read-only files. Server is Suse 8.1, kernel 2.4.20. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] samba be pdc
how to set samba server be pdc with authentihic user 1.openldap 2.passwd 3.mysql 4.postgresql and how to complie it , if i have source ? thank's -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Samba Resources Hog
>>I noticed that memory is constantly decreasing when I typed free. I'm no expert but I think samba takes up like 2-3 MB per connection. (I'm not sure about overheads) SO.. I think this is normal Cheers, Mun Heng, Ow H/M Engineering Western Digital M'sia DID : 03-7870 5168 -Original Message- From: Norman Zhang [mailto:[EMAIL PROTECTED] Sent: Wednesday, October 01, 2003 7:59 AM To: [EMAIL PROTECTED] Subject: [Samba] Samba Resources Hog Hi, I have a Linux box with 512MB RAM and running Samba 2.2.7. I noticed that memory is constantly decreasing when I typed free. If I run ps aux, I see that more and more samba sessions are opened, some by root and some by users. Is this normal? Won't Samba close unused sessions before opening new sessions? Or is this a memory leak somewhere. Regards, Norman -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Samba Resources Hog
Hi, I have a Linux box with 512MB RAM and running Samba 2.2.7. I noticed that memory is constantly decreasing when I typed free. If I run ps aux, I see that more and more samba sessions are opened, some by root and some by users. Is this normal? Won't Samba close unused sessions before opening new sessions? Or is this a memory leak somewhere. Regards, Norman -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Windows to Samba Print servers
On Tue, Sep 30, 2003 at 07:04:24PM -0400, Tim wrote: > I suspect from everything that I've read that this may not be possible. > However, I'd love to hear otherwise. > > Basically, we have a windows NT 4.0 domain with a pre-existing PDC and 4 > BDC's. Roughly 80 percent of the servers in the domain are windows 2000. We > have about 1000 users we support in the domain. > > We're thinking about moving our print servers off of windows 2000 and onto > linux/samba. Here's what we need to achieve: > > 1. Users must be able to add the printer to their windows NT/2000 > workstations with only local user permissions and have the drivers download > automatically. > 2. Users must be able to identify their print job in the print queue and be > able to delete it. > > My question is this: Can we do this without having to make the samba server > the PDC and can we do this without having to enter in all 1000 accounts on > the linux server? (We really don't want to manage 2 user databases). Taking > this a little further, it seems like we could set it up to update both user > databases at the same time, but I'm still a little unclear on this? I read > that Samba servers can't talk to BDC's and that makes me nervous. Yes, you can do this by adding the Samba server into the domain and running winbindd on it. You don't need a Samba PDC for this. This is what the HP PSA product does (it's also running Samba on Linux). Samba servers can and do talk to BDC's all the time. You need to set up the point-and-print on the Samba servers. Alternatively you could just buy the PSA (yes this is a commercial plug for a product I've spent a couple of years on, sorry :-). http://h10010.www1.hp.com/wwpc/us/en/sm/WF02a/18972-236253-64451.html This has all this stuff already set up for you :-). Jeremy. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] kolab server ldap samba....open source pdc with open exchange server
Hi Sambatistas, after setup samba3 perfect working as pdc with the old smbpasswd backend, i decide to test kolab server. it took me a day to setup the server, its a nearly perfect linux exchange solution. The adminstration of kolab is based on ldap, admined over php frontend, and it works like charme. next will be check the functions with the bynari conector and outlook, to test calendering etc. final step should be samba integration with kolab. i could integrate the samba schema in kolab, but failed with connection to the kolab ldap server. but i am new in ldapso i got problems with samba ldap integration a ldap based linux-exchange pdc samba serverwith bind dhcp http ftp and pptp server at last all auth to ldapadmined over a new php script would be fantastic and could be the goal. setup system is suse 8.2 ( i have done the most testings with this distro , not for other reason ) is anyone here which tests samba3 and kolab the same is anyone interested in such stuff. let me know...wouldnt it be great to have a full featured server in one thing ? perhaps we can make a small distro out this working parts like knoppix, based on debian. all the needed server stuff is funktional very nice as far as i tested thembut there is no complete connection of this project. so gurus give me a sign of interest . any help is welcome special to the ldap integration of samba ( cause this is new stuff for me ) after allthx to the coders of samba Best Regards -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Windows to Samba Print servers
I suspect from everything that I've read that this may not be possible. However, I'd love to hear otherwise. Basically, we have a windows NT 4.0 domain with a pre-existing PDC and 4 BDC's. Roughly 80 percent of the servers in the domain are windows 2000. We have about 1000 users we support in the domain. We're thinking about moving our print servers off of windows 2000 and onto linux/samba. Here's what we need to achieve: 1. Users must be able to add the printer to their windows NT/2000 workstations with only local user permissions and have the drivers download automatically. 2. Users must be able to identify their print job in the print queue and be able to delete it. My question is this: Can we do this without having to make the samba server the PDC and can we do this without having to enter in all 1000 accounts on the linux server? (We really don't want to manage 2 user databases). Taking this a little further, it seems like we could set it up to update both user databases at the same time, but I'm still a little unclear on this? I read that Samba servers can't talk to BDC's and that makes me nervous. One of the admins here says that adding a local "lp" account to our windows workstations will fix our problemsI can't see how? Wouldn't that just make each user show up in the queue as "lp" and wouldn't each user have to login as lp locally anyways? I apologize for asking so many questions in one post. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] smbclient - best way to hide the password?
Hi All, I"ve written a web page to show the status of a few smb servers using smbclient with a little bar graph etc.to get the good stuff to parse i've done a: $driveusage=`smbclient $servers[$cur] -U username%password -c 'dir'`; now i want to hid the username and password in the best way possible. i read the man page and i see that i can only do it on the CL, or with the -A option. -A isn't too bad, but it still means a password must be clear text somewhere on the system. i want to eliminate this clear text password file if possible. i've tried adding a user/password the same on the linux box hosting the php so it has a chance to go straight through but it still requires the password. any brilliant ideas oh gurus? :) ta Matt -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Problem writing to XP share
Hello all, I've just recently gotten a Linux 9 install up in my quest to do away with MS Windows on my desktop, but am having trouble writing to an XP shared drive where we store most of our office files. I can read files from it fine, but any attempt to write gives me errors, typically directory is read only. However, any other machine can write to it and I can see on the XP machine itself it does appear set up to allow others on the network to write to the disk. I am also currently running MS Office through Crossover and those apps seem to be able to write to it fine. I have a user set up on the XP machine with the same user name and password as my Linux workstation login, and the mount command in the fstab file is: //server/c /mnt/XPserver smbfs username=*,password=* With the same username and password of course. I belive my settings in the smb.conf are okay, but who can be certain? I have a FreeBSD machine here that acts as a web server, email server, etc, and I can write to the disk from there. So I copied the basic settings from its smb.conf file to the Linux one. No luck. Anyone got any ideas? I'm pretty stumped at this point. -- Skip Evans Network Project Director National Center for Science Education 420 40th St, Suite 2 Oakland, CA 94609 510-601-7203 Ext. 308 510-601-7204 (fax) 800-290-6006 [EMAIL PROTECTED] http://www.ncseweb.org NCSE now has a one way broadcast news list. Please note that this is NOT a discussion list. You cannot post messages for members to receive. We use this list to broadcast news about the creationism/evolution issue to interested parties. To sign up send: subscribe ncse [EMAIL PROTECTED] to: [EMAIL PROTECTED] To unsubscribe send: unsubscribe ncse [EMAIL PROTECTED] to: [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Winbind ldap samba 3 BDC getent passwd answer don't retrieve domain users, can't login on the domain with users that are not on /ect/passwd + typo error ?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 jean-marc pouchoulon wrote: | Helo, | | On redhat 9 - samba 3 stable - Using the rpm from 24 september. | I try to configure a bdc. | | Smb.conf is : | | idmap backend = ldap:ldap://ip_address | ldap idmap suffix = ou=personnes,ou=ac-ville,ou=educ | winbind uid = 1-2 | winbind gid = 1-2 | # allow enumeration of winbind users and groups | winbind enum users = yes | winbind enum groups = yes | # give winbind users a real shell (only needed if they have | telnet access) | template shell = /bin/bash | | | wbinfo -u and -g are working. | | Nsswitch.conf is : | | passwd: files winbind | shadow: files | group: files winbind | | | But getent passwd and getent group did give back only the users | located in /etc/passwd and /etc/group There's a buh in the RPM for RedHat 9 that doesn't create the symlink to /lib/libnss_winbind.so.2. I'll build new RPMS this week. cheers, jerry ~ -- ~ Hewlett-Packard- http://www.hp.com ~ SAMBA Team -- http://www.samba.org ~ GnuPG Key http://www.plainjoe.org/gpg_public.asc ~ "You can never go home again, Oatman, but I guess you can shop there." ~--John Cusack - "Grosse Point Blank" (1997) -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.1 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQE/egRJIR7qMdg1EfYRAk6EAJ4w2/VrMvtQJu2elsAD9nL/LlnUXwCgwnfP Rv8CN3cCW0vOtxjw70kC0Ls= =gCnF -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] USRMGR Adding Users
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Mark Dehus wrote: | I am having troubles getting the user manager to add users. It gives me | an incorrect parameter. I am using samba 3.0 final. I am also using the | tdbsam backend. I noticed in pdbedit it does not have the [u ] | under account flags. It adds the user, but it does not show up in the | user manager for domains (but it gets put inside of the pwdb and | /etc/passwd) here is my config. There some some known issues with user manager and Samba 3.0. We're working on them. See the "Known Issues" in the WHATSNEW file. cheers, jerry ~ -- ~ Hewlett-Packard- http://www.hp.com ~ SAMBA Team -- http://www.samba.org ~ GnuPG Key http://www.plainjoe.org/gpg_public.asc ~ "You can never go home again, Oatman, but I guess you can shop there." ~--John Cusack - "Grosse Point Blank" (1997) -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.1 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQE/egO0IR7qMdg1EfYRAlSNAKDpvWq0tT7t+rRfL5FfaVlAGDE7PwCfSj14 kRd3Mzpwbcd/6mrbbbNvInE= =De5/ -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] unable to save share permissions changes with 3.0
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Eamonn Hamilton wrote: | No, I don't have ACLs enabled on the filesystem. | | However, I thought the share level permissions were coded in | share_info.tdb, and didn't rely on the filesystem ACL capabilities? You are correct. How are you accessing the share acls? This code didn't really change between 2.2 and 3.0. cheers, jerry ~ -- ~ Hewlett-Packard- http://www.hp.com ~ SAMBA Team -- http://www.samba.org ~ GnuPG Key http://www.plainjoe.org/gpg_public.asc ~ "You can never go home again, Oatman, but I guess you can shop there." ~--John Cusack - "Grosse Point Blank" (1997) -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.1 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQE/egI+IR7qMdg1EfYRAjvpAKDo6xzWXgwupUERwjGeql+yimAAhwCggQyq 0vnoOAUEOkU2LpM4aIp+gJk= =52mb -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] port samba to mips platform
Hi, Has anyone ported Samba to MIPS platform. My goal is to get the print server working on the mips platform. Thanks, Kiran. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] NT4-Samba Migration Test Results
John, We previously corresponded on our testing of Samba 3.0.0 RC4. Since then, we have downloaded the Samba 3.0.0 Release version for testing with some interesting results. The Setup Major Networks: Solaris (NIS), Windows Native NT4 Domain Our Test Plan We are testing Samba 3.0 as a candidate for replacing the old NT4 Domain. Being a complex production networking environment, we replicated the networking scenario for testing in our lab. Current Test Results: Test 1: passwd backend = smbpasswd First, we followed your instructions in Chapter 31 of the Samba HOWTO Collection. When we ran the exact syntax for "net rpc vampire", no accounts migrated from the NT4 PDC to our Samba v3.0 Samba PDC running on Solaris. Test 2: passwd backend = smbpasswd Problem Resolution: We imported all the NIS accounts and NT4 machine accounts into the local account database of the Solaris server. Then, we ran "net rpc vampire" again. This time only 2620 of our 5000+ NT4 accounts migrated. After choking, the following error message was generated: [2003/09/29 12:36:51, 0] utils/net_rpc_samsync.c:fetch_group_mem_info(591) Could not find global group 512 [2003/09/29 12:36:51, 0] utils/net_rpc_samsync.c:fetch_group_mem_info(591) Could not find global group 513 Failed to fetch domain database: NT code 0x0001 Test 3: passwd backend = tdbsam Problem Resolution: We reread your Chapter 11 Part III Advanced Configuration documentation from May 24, 2003 and the tdbsam password backend looked interesting. Although it warned that it should be limited to <250 accounts, we decided to try it. It ran perfectly! All 5000+ NT4 accounts migrated. We tested NT4 and Win2K machine accounts and user logins. All were good, no extra configuration required. Comments Vampire is very cool indeed! Perhaps there have been changes in the password backends since the May 24th documentation. However, smbpasswd didn't work in our tests and tdbsam did. Questions 1. We are inquiring if there are any warnings or known gotcha's with the tdbsam or any updates to the smbpasswd? If there are no issues we will likely use the tdbsam scenario for our actual production NT4 migration. 2. We invented the part about pre-importing the NIS and machine accounts into the local OS. Does that sound like a best practice, or is there a better way? So far, so good. Samba 3 is pretty cool... We are looking forward to your thoughts and comments on the 2 questions. Larry Liu Robert Inerbickler NT Migration Team Sun Microsystems -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] samba 3.0.0 spec file problem - OT ?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 [EMAIL PROTECTED] wrote: | Hi ! | | I have tried to build rpm of samba-3.0.0 from spec file. *.spec | file is from samba sources and contains only to modifcations | to ./configure: | --with-expsam=mysql \ | --with-ldapsam | | This is error: | | + mkdir -p /var/tmp/samba-3.0.0-root/usr/bin /var/tmp/samba- | 3.0.0-root/usr/sbin | + mkdir -p /var/tmp/samba-3.0.0- | root/usr/share/swat/images /var/tmp/samba-3.0.0- | root/usr/share/swat/help /var/tmp/samba-3.0.0- | root/usr/share/swat/include /var/tmp/samba-3.0.0- | root/usr/share/swat/using_samba | + mkdir -p /var/tmp/samba-3.0.0- | root/usr/share/swat/using_samba/figs /var/tmp/samba-3.0.0- | root/usr/share/swat/using_samba/gifs | + mkdir -p | mkdir: too few arguments | Try `mkdir --help' for more information. | bĹÄ | d: Bad exit status from /var/tmp/rpm-tmp.90160 (%install) The spec file is designed to be run through makerpms.sh. Don't use it directly. cheers, jerry ~ -- ~ Hewlett-Packard- http://www.hp.com ~ SAMBA Team -- http://www.samba.org ~ GnuPG Key http://www.plainjoe.org/gpg_public.asc ~ "You can never go home again, Oatman, but I guess you can shop there." ~--John Cusack - "Grosse Point Blank" (1997) -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.1 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQE/efdxIR7qMdg1EfYRAkjdAKDGYpGwgEJ8l2+vSFRUYktkCdX7agCZATO3 gfool/BbPax73ANlAHS4v3A= =DsMR -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE : [Samba] OOT : Puzzling
Hi, It is not a Samba issue, but a RH9 one. Try to replace in /etc/sysconfig/i18n the default charset utf8 to something easier (and faster) to handle for the system (look at the same file on your RH73). HTH, Jérôme Message d'origine De: Stefan G. Weichinger [mailto:[EMAIL PROTECTED] Date: mar. 9/30/2003 20:23 À: [EMAIL PROTECTED] Cc: Objet: Re: [Samba] Puzzling Hi Wayne, am Dienstag, 30. September 2003 um 18:32 schrieben Sie: w> Dear List: w> I have installed the lastest Samba 3.0 onto an AMD 2.6 GHz RedHat 9.0 w> system running mirrored SCSI drives. The system is multi homed as such:- w> eth0 - 192.168.50.5 w> - 192.168.100.199 w> eth1 - public IP address What do you mean? eth0 has 2 adresses or what? What does ifconfig tell you? w> I connect from an XP Home box to a Samba share via the 192.168.1.0/24 w> subnet, mapped as Drive Z and performed the following file transfers. Samba (Z:) ->> Samba (Z:) 928 MB folder 20 mins Samba (Z:) ->> XP (C:) 928 MB folder 21 mins XP (C:) ->> Samba (Z:) 928 MB folder 3 mins You smb.conf tells us other things: hosts allow = 192.168.50. 192.168.1. 127. bind interfaces only = TRUE Leave this one out unless you really know what to use it for. #interfaces = eth0 eth0:1 lo interfaces = 192.168.50.5 192.168.1.100 127.0.0.1 You talk about 192.168.100.199 but use the 192.168.1.100 adress. Check your IPs on the Samba box and on the XP box and edit your smb.conf to the right "interfaces" and "hosts allow" options. To make it easier use the line interfaces = eth0 eth1 and leave out the "bind interfaces"-line. It will bind to your subnets nicely, you avoid typos and readjusting smb.conf when changing IPs. Did you map Z: to the [Oasis]-share ? > [Oasis] >comment = Oasis Data & Programs >path = /thelook/Oasis >public = yes >writable = yes >printable = no >write list = @oasis >force create mode = 0770 >force group = +oasis >oplocks = False >level2 oplocks = False >blocking locks = no With the last 3 options you basically set your performance down. Drastically. I donZt know if you really want them to be set like this. At least I would comment them out for testing. Do your log-files say something special? Set "log level" to 1 or 2 and look at your files. Compare the results for the 2 installations. On the other hand, what do you mean by "If I replace the mirrored SCSI drive with a SCSI drive..." ? Might it be simply a difference in harddisk performance? (Again, let the locking-parameters away and let the OS do its work handling the locks ...) Let us know more details ... best regards, Stefan G. Weichinger mailto:[EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba This e-mail and any attachment is for authorised use by the intended recipient(s) only. It may contain proprietary material, confidential information and/or be subject to legal privilege. It should not be copied, disclosed to, retained or used by, any other party. If you are not an intended recipient then please promptly delete this e-mail and any attachment and all copies and inform the sender. Thank you. LogicaCMG global sponsors, Gartner Symposium, Cannes, 4th -7th November 2003 http://symposium.gartner.com/story.php.id.3323.s.5.html Please note that LogicaCMG does not have control over content from,or availability of, this website ** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. LogicaCMG ** -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Using WINBIND and the latest samba 3
Ahh... son of a biscuit... I can't believe that THAT has been my problem... AHH! friggin frickle frackle Okay.. thanks very much for your help.. I REALLY REALLY appreciate it.. :) In a side issue, does anyone know why you have to make this symlink for this to work? Would it hurt anything to make, as part of a future release, a little bit of code to include that in the installation procedure, or is there a specific reason that it's left out? Thanks again for your help!! Now I can smile :-) Gabriel On Tue, 30 Sep 2003, Jeremy Courter wrote: ! ! You might want to look again - I see a symlink for ! libnss_wins, but not winbind. Don't worry, I worked for a couple of ! hours on a similar problem and it turned out I had typed "winbindd" ! instead of "winbind" in /etc/nsswitch.conf. :) ! ! Jeremy ! ! On Tue, 30 Sep 2003 13:41:55 -0500 (CDT), you wrote: ! ! > ! >That is already in place... any other ideas? ! > ! >[EMAIL PROTECTED] lib]# ls libnss_win* -la ! >-rwxr-xr-x1 root root13828 Sep 24 21:01 libnss_winbind.so ! >-rwxr-xr-x1 root root 706072 Sep 24 21:01 libnss_wins.so ! >lrwxrwxrwx1 root root 14 Sep 30 08:55 libnss_wins.so.2 ! >-> libnss_wins.so ! > ! >Gabriel ! > ! >On Tue, 30 Sep 2003, Jeremy Courter wrote: ! > ! >! ! >!Did you create a symbolic link for libnss_winbind.so.2 -> ! >! libnss_winbind.so in /lib? If not, create one and issue an ldconfig ! >! -v |grep winbind and verify that it shows in the output. Once you've ! >! done that, try your getent command again. ! >! ! >! Jeremy ! >! ! >! On Tue, 30 Sep 2003 09:01:19 -0500 (CDT), you wrote: ! >! ! >! > ! >! >I've been tooling with this for a while, and I need some help... please!! ! >! >:) ! >! > ! >! >Here's what I'm trying to do. I want a samba server to work with winbind, ! >! >so that when I type 'getent passwd' it shows a list of local users, as ! >! >well as my domain user list. I want a user to be able to ssh into the ! >! >machine using their NT 4 domain username, like domain\username. That's ! >! >pretty much it. ! >! > ! >! ! >! ! >! ! > ! >Gabriel Matthews ! >Network Support ! >Cinergy Communications ! > ! >"No. I am your father." ! > -Darth Vader, leader, devoted parent, ! > and friend to all. ! ! ! Gabriel Matthews Network Support Cinergy Communications "No. I am your father." -Darth Vader, leader, devoted parent, and friend to all. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Printing: unable to connect from Windows
OK..this is driving me nuts. I cannot print from Windoze, consistenly getting a "Access denied; Unable to connect" error message" from my samba print server. Config --- Server: RH9.0 uptodate with patches, errata. Samba 2.2.7 HP OfficeJet K60 - hpoj 0.90-14 Client: Win2K w/sp4 HP OfficeJet K60 driver What I *can* do --- Print just fine on RH9/Samba server to the directly connected HP Office jet via USB connection. From Windoze client, access all appropriate shares on Server -- read/write, etc. From client, I can print from Windoze CL, e.g. C:\echo Blah, blah > \\Samba_server\device_name. What I can*not* do --- From the client Win2K config printer window do a test print. When I pull up "properties" on the shared printer, I get the "Access denied..." error. All suggestions, recommendations and jeers cheerfully accepted... TIA, te -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Using WINBIND and the latest samba 3
That is already in place... any other ideas? [EMAIL PROTECTED] lib]# ls libnss_win* -la -rwxr-xr-x1 root root13828 Sep 24 21:01 libnss_winbind.so -rwxr-xr-x1 root root 706072 Sep 24 21:01 libnss_wins.so lrwxrwxrwx1 root root 14 Sep 30 08:55 libnss_wins.so.2 -> libnss_wins.so Gabriel On Tue, 30 Sep 2003, Jeremy Courter wrote: ! ! Did you create a symbolic link for libnss_winbind.so.2 -> ! libnss_winbind.so in /lib? If not, create one and issue an ldconfig ! -v |grep winbind and verify that it shows in the output. Once you've ! done that, try your getent command again. ! ! Jeremy ! ! On Tue, 30 Sep 2003 09:01:19 -0500 (CDT), you wrote: ! ! > ! >I've been tooling with this for a while, and I need some help... please!! ! >:) ! > ! >Here's what I'm trying to do. I want a samba server to work with winbind, ! >so that when I type 'getent passwd' it shows a list of local users, as ! >well as my domain user list. I want a user to be able to ssh into the ! >machine using their NT 4 domain username, like domain\username. That's ! >pretty much it. ! > ! ! ! Gabriel Matthews Network Support Cinergy Communications "No. I am your father." -Darth Vader, leader, devoted parent, and friend to all. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Puzzling
Hi Wayne, am Dienstag, 30. September 2003 um 18:32 schrieben Sie: w> Dear List: w> I have installed the lastest Samba 3.0 onto an AMD 2.6 GHz RedHat 9.0 w> system running mirrored SCSI drives. The system is multi homed as such:- w> eth0 - 192.168.50.5 w> - 192.168.100.199 w> eth1 - public IP address What do you mean? eth0 has 2 adresses or what? What does ifconfig tell you? w> I connect from an XP Home box to a Samba share via the 192.168.1.0/24 w> subnet, mapped as Drive Z and performed the following file transfers. Samba (Z:) ->> Samba (Z:) 928 MB folder 20 mins Samba (Z:) ->> XP (C:) 928 MB folder 21 mins XP (C:) ->> Samba (Z:) 928 MB folder 3 mins You smb.conf tells us other things: hosts allow = 192.168.50. 192.168.1. 127. bind interfaces only = TRUE Leave this one out unless you really know what to use it for. #interfaces = eth0 eth0:1 lo interfaces = 192.168.50.5 192.168.1.100 127.0.0.1 You talk about 192.168.100.199 but use the 192.168.1.100 adress. Check your IPs on the Samba box and on the XP box and edit your smb.conf to the right "interfaces" and "hosts allow" options. To make it easier use the line interfaces = eth0 eth1 and leave out the "bind interfaces"-line. It will bind to your subnets nicely, you avoid typos and readjusting smb.conf when changing IPs. Did you map Z: to the [Oasis]-share ? > [Oasis] >comment = Oasis Data & Programs >path = /thelook/Oasis >public = yes >writable = yes >printable = no >write list = @oasis >force create mode = 0770 >force group = +oasis >oplocks = False >level2 oplocks = False >blocking locks = no With the last 3 options you basically set your performance down. Drastically. I don´t know if you really want them to be set like this. At least I would comment them out for testing. Do your log-files say something special? Set "log level" to 1 or 2 and look at your files. Compare the results for the 2 installations. On the other hand, what do you mean by "If I replace the mirrored SCSI drive with a SCSI drive..." ? Might it be simply a difference in harddisk performance? (Again, let the locking-parameters away and let the OS do its work handling the locks ...) Let us know more details ... best regards, Stefan G. Weichinger mailto:[EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] SWAT: chdir failed - the server is not configured correctly
Alexander Skwar wrote: > Hmm, all of a sudden SWAT started to respond. Now when I try to access > http://server:901/, I get: > > 500 Server Error > chdir failed - the server is not configured correctly A very simple solution - I forgot to run "installswat.sh". So, after doing the following, I'm happy SWATting ;) $ cd /opt/samba-3.0.0/samba/bin $ mkdir /opt/samba-3.0.0/swat $ ./installswat.sh /opt/samba-3.0.0/swat /opt/samba-3.0.0/samba/bin - /opt/samba-3.0.0 is the base for my Samba installation - /opt/samba-3.0.0/swat is the installation directory for SWAT - /opt/samba-3.0.0/samba/bin is a directory at the same level as the swat source Bye, Alexander Skwar -- -> Keine Kopien senden - ich lese die Listen in denen ich schreibe! <- -> Do not CC me on replies - I read the list in which I write! <- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] 3.0.0 rc4 /LDAP problem
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Mark írta: |Hi all- | | | |I've configured samba (3.0.0 rc4) with ldap (openldap 2.0.27-8) (and |when testing using 'net groupmap list' I'm getting the following errors: | | | |Failed to bind to server with dn= cn=Manager,dc=my-domain,dc=org Error |Can't contact LDAP server (unknown) | |Lib/smbldap.c:smbldap_search(924) smbldap_search: LDAP server is down! | |Passdb/pdb_ldap.c: ldapsam_setsamgrent(2048) ldapsam_setsamgrent: LDAP |search failed: Can't contact LDAP server | | | |Etc., etc. | | | |Slapd is running, and I'm able to add entries to the ldap server using |both ldapadd and smbldap-useradd.pl, I can also connect via phpLDAPAdmin |all with the same credentials. I've tried uninstalling samba and |openldap and starting from scratch, but it doesn't seem to help. | | | |I've done most of the configuration (aside from a bit of tweaking for |samba3) using the Samba-LDAP-PDC howto from Idealx. I don't seem to be |getting any errors anywhere but when I try to do anything through samba. |I've added the ldap admin dn password (smbpasswd -w) and now I'm stuck. | | | |Any help would be greatly appreciated, if I haven't provided enough |information, please let me know. | | | |Thanks, | |mark | If you read the IDEALX docs I've did, then it was for version 2.2.4, it is perfectly valid for any 2.2.x, but quite inadequate for 3.0, with lots of new configuration options. I would suggest to read the smb.conf manpage, and search for ldap. Another good source of information is the Samba HOWTO Collection, wich is included in your samba3 package. I personaly would also suggest to read http://www.unav.es/cti/ldap-smb/smb-ldap-3-howto.html Good Luck! Geza Gemes -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.2 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQE/ebxr/PxuIn+i1pIRAi+oAJ0Zcambn+Bt+2iyoRDr7zgh8dHjbQCgrewr VYwPCsvUbAHxFMFagI/i098= =kApe -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] OpenBSD 3.4/Samba 3.0.0 CP850.so core dump
On Tue, 2003-09-30 at 18:50, Van Sickler, Jim wrote: > I'm trying to install Samba 3.0.0, and it seems to compile ok. > > When I run testparm or try to start either daemon, I get the > following: > > testparm:/usr/local/lib/charset/CP850.so: undefined symbol > 'smb_register_charset' > lazy binding failed! Looks like the linker didn't export all the symbols in the daemons... Can you check the documentation of your linker and check what arguments it needs to export symbols from an executable? Jelmer -- Jelmer Vernooij - http://jelmer.vernstok.nl/ signature.asc Description: This is a digitally signed message part -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] OpenBSD 3.4/Samba 3.0.0 CP850.so core dump
I'm trying to install Samba 3.0.0, and it seems to compile ok. When I run testparm or try to start either daemon, I get the following: testparm:/usr/local/lib/charset/CP850.so: undefined symbol 'smb_register_charset' lazy binding failed! Segmentation fault (core dumped) Info: gcc v2.95.3 g## v2.95.3 /usr/local/lib/charset/CP850.so does exist ./configure options: --with-smbwrapper --without-sambabook \ --bindir=/usr/local/bin --sbindir=/usr/local/sbin \ --libexecdir=/usr/libexec --prefix=/usr/local \ --exec-prefix=/usr/local --with-sysconfdir=/etc \ --localstatedir=/var --infodir=/usr/local/info \ --mandir=/usr/local/man --with-profile \ --with-privatedir=/etc/samba --with-lockdir=/var/spool/lock \ --with-swatdir=/usr/local/swat --with-configdir=/etc/samba \ --with-ssl Any help would be appreciated. Jim -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Solaris 2.6 rpcsec & MIT krb5-1.3.1 header conflict
Please CC me on replies. Hi. I am trying to compile samba 3.0.0 on a Solaris 2.6 box. I noticed that samba needed MIT Kerberos, so I compiled and installed krb5-1.3.1, I believe, successfully in /usr/local. I now think that may have been a mistake. Trying to compile samba 3.0.0, I get the following: Compiling dynconfig.c In file included from include/includes.h:429, from dynconfig.c:21: /usr/local/include/gssapi/gssapi.h:120: warning: redefinition of `gss_cred_id_t' /usr/include/rpc/rpcsec_gss.h:60: warning: `gss_cred_id_t' previously declared here /usr/local/include/gssapi/gssapi.h:121: warning: redefinition of `gss_ctx_id_t' /usr/include/rpc/rpcsec_gss.h:59: warning: `gss_ctx_id_t' previously declared here /usr/local/include/gssapi/gssapi.h:172: conflicting types for `gss_channel_bindings_t' /usr/include/rpc/rpcsec_gss.h:61: previous declaration of `gss_channel_bindings_t' make: *** [dynconfig.o] Error 1 I noticed that on Solaris 8, rpcsec_gss.h includes , so this conflict is not present. Does anyone have any suggestions? Should I try to back out the krb5 install? Thanks. -- Brian Ford Senior Realtime Software Engineer VITAL - Visual Simulation Systems FlightSafety International Phone: 314-551-8460 Fax: 314-551-8444 -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Puzzling
Dear List: I have installed the lastest Samba 3.0 onto an AMD 2.6 GHz RedHat 9.0 system running mirrored SCSI drives. The system is multi homed as such:- eth0 - 192.168.50.5 - 192.168.100.199 eth1 - public IP address I connect from an XP Home box to a Samba share via the 192.168.1.0/24 subnet, mapped as Drive Z and performed the following file transfers. Samba (Z:) -> Samba (Z:) 928 MB folder 20 mins Samba (Z:) -> XP (C:) 928 MB folder 21 mins XP (C:) -> Samba (Z:) 928 MB folder 3 mins If I replace the mirrored SCSI drive with a SCSI drive running RedHat 7.3, Samba 2.2 (I think!) the results are staggering in that all times are around the 3 mins. I include my smb.conf file as the only thing I can think of is that I must have used/configured some parameter incorrectly! I basically used the smb.conf from the 2.2 installation for the Samba 3.0, although testparam says all is well. Any help appreciated!! Regards Wayne # This is the main Samba configuration file. You should read the # smb.conf(5) manual page in order to understand the options listed # here. Samba has a huge number of configurable options (perhaps too # many!) most of which are not shown in this example # # Any line which starts with a ; (semi-colon) or a # (hash) # is a comment and is ignored. In this example we will use a # # for commentry and a ; for parts of the config file that you # may wish to enable # # NOTE: Whenever you modify this file you should run the command "testparm" # to check that you have not made any basic syntactic errors. # #=== Global Settings = [global] # workgroup = NT-Domain-Name or Workgroup-Name workgroup = THELOOK # server string is the equivalent of the NT Description field server string = Fang # This option is important for security. It allows you to restrict # connections to machines which are on your local network. The # following example restricts access to two C class networks and # the "loopback" interface. For more examples of the syntax see # the smb.conf man page hosts allow = 192.168.50. 192.168.1. 127. # if you want to automatically load your printer list rather # than setting them up individually then you'll need this printcap name = /etc/printcap load printers = yes # It should not be necessary to spell out the print system type unless # yours is non-standard. Currently supported print systems include: # bsd, sysv, plp, lprng, aix, hpux, qnx, cups printing = cups # Uncomment this if you want a guest account, you must add this to /etc/passwd # otherwise the user "nobody" is used ; guest account = pcguest # this tells Samba to use a separate log file for each machine # that connects log file = /var/log/samba/%m.log # Put a capping on the size of the log files (in Kb). max log size = 0 # Security mode. Most people will want user level security. See # security_level.txt for details. security = user # Use password server option only with security = server # The argument list may include: # password server = My_PDC_Name [My_BDC_Name] [My_Next_BDC_Name] # or to auto-locate the domain controller/s # password server = * ; password server = # Password Level allows matching of _n_ characters of the password for # all combinations of upper and lower case. ; password level = 8 ; username level = 8 # You may wish to use password encryption. Please read # ENCRYPTION.txt, Win95.txt and WinNT.txt in the Samba documentation. # Do not enable this option unless you have read those documents encrypt passwords = yes smb passwd file = /etc/samba/smbpasswd # The following is needed to keep smbclient from spouting spurious errors # when Samba is built with support for SSL. ; ssl CA certFile = /usr/share/ssl/certs/ca-bundle.crt # The following are needed to allow password changing from Windows to # update the Linux system password also. # NOTE: Use these with 'encrypt passwords' and 'smb passwd file' above. # NOTE2: You do NOT need these to allow workstations to change only #the encrypted SMB passwords. They allow the Unix password #to be kept in sync with the SMB password. unix password sync = Yes passwd program = /usr/bin/passwd %u passwd chat = *New*password* %n\n *Retype*new*password* %n\n *passwd:*all*authentication*tokens*updated*successfully* # You can use PAM's password change control flag for Samba. If # enabled, then PAM will be used for password changes when requested # by an SMB client instead of the program listed in passwd program. # It should be possible to enable this without changing your passwd # chat parameter for most setups. pam password change = yes # Unix users can map to different SMB User names ; username map = /etc/samba/smbusers # Using the following line enables you to customise your configuration # on a per machine basis. The %m gets replaced with the netbios name # of the machine that is connecting ; include = /etc/samba/smb.c
[Samba] $HOMES con Samba/Winbind & NT40
Hola! Resulta que estoy intentando integrar equipos con Linux (SID) en una red con NT4 como PDC (:?) y hasta ahora va todo bien gracias a Winbind(Utilidad de Samba para tener la BD de Usuarios/contraseñas en el PDC) , el unico problema esta en que no se como cojer algunas cosas que me manda el pdc(NT4) cuando un usuario inicia sesion, como por ejemplo las unidades de red. Cuando un usuario inicia sesion en el dominio,se conecta a tres unidades de red a traves de un script que manda el pdc : NET USE L: /HOME #<-ESTA ES LA QUE NO SE NET USE M: \\SERVIDOR\APP_GEST NEY USE R: \\SERVIDOR\OFIMATIC Mi pregunta es: ¿Como cojo el valor de "/HOME" que me da el PDC con Samba/Winbind? De momento lo hago con un script en el .bashrc pero no es correcto pues la "L" varia bastante y hacerlo a mano es una locura jesuarez:/home/ernesto# wbinfo -u | wc -l 1351 jesuarez:/home/ernesto# Gracias de antemano. Pdt.:¿se podria leer el script completo al validar? -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] samba 3.0.0-1 + OpenLDAP
Hi All, after so much suffering I finally have my rh9 box working with openldap-2.0.0.27-8 and samba-3.0.0-1. I still have some problems as follow: 1 - Once I've joined a machine to the Domain I only can logon using root user; if I try to logon as Administrator the system tells me that username and/or password are not correct. 2 - If I try to use the parameter 'passdb backend = ldapsam:ldap://127.0.0.1/' the authentication doesn't work. I've been following the http://www.unav.es/cti/ldap-smb/smb-ldap-3-howto.html howto. thx, Sergio Pereira here are my config files from rh9 box. ------ /etc/samba/smb.conf [global] workgroup = ryerson.ca netbios name = PDC-SRV server string = SAMBA-LDAP PDC Server encrypt passwords = Yes passwd program = /usr/local/bin/smbldap-passwd.pl -o %u passwd chat = *new*password* %n\n *new*password* %n\n *successfully* unix password sync = Yes log file = /var/log/samba/%m.log log level = 5 max log size = 0 socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 domain logons = Yes os level = 80 preferred master = True domain master = True dns proxy = No wins support = Yes # SAMBA-LDAP declarations ; passdb backend = ldapsam:ldap://127.0.0.1/ ldap suffix = dc=ryerson,dc=ca ldap admin dn = cn=manager,dc=example,dc=com ldap ssl = No printing = lprng add user script = /usr/sbin/smbldap-useradd.pl -w %u [homes] comment = Home Directories valid users = %S read only = No create mask = 0664 directory mask = 0775 browseable = No [netlogon] comment = Network Logon Service path = /home/samba/netlogon guest ok = Yes [profiles] path = /home/samba/profiles writeable = yes browseable = no create mode = 0644 directory mode = 0755 guest ok = yes [printers] comment = All Printers path = /var/spool/samba printable = Yes browseable = No [tmp] comment = Temporary file space path = /tmp read only = No guest ok = Yes xxx here is my /etc/slapd.conf include /etc/openldap/schema/core.schema include /etc/openldap/schema/cosine.schema include /etc/openldap/schema/inetorgperson.schema include /etc/openldap/schema/nis.schema include /etc/openldap/schema/samba.schema database ldbm suffix "dc=ryerson,dc=ca" directory /var/lib/ldap rootdn "cn=manager,dc=example,dc=com" rootpw {SSHA}g72uKCjmK9kSh2sg3nlb9gZwynD5rz # index objectClass,rid,uid,uidNumber,gidNumber,memberUid eq index objectClass,uid,uidNumber,gidNumber,memberUid eq index cn,mail,surname,givenname eq,subinitial ---xxx--- here are the entries for Administrator and Root user: # Administrator, Users, EXAMPLE, COM dn: uid=Administrator,ou=Users,dc=EXAMPLE,dc=COM objectClass: top objectClass: inetOrgPerson objectClass: posixAccount objectClass: sambaSAMAccount cn: Administrator sn: Administrator uid: Administrator uidNumber: 1002 gidNumber: 200 homeDirectory: /home//Administrator loginShell: /bin/bash gecos: System User description: System User sambaLogonTime: 0 sambaLogoffTime: 2147483647 sambaKickoffTime: 2147483647 sambaPwdCanChange: 0 sambaPwdMustChange: 2147483647 displayName: System User sambaAcctFlags: [UX] sambaSID: S-1-5-21-4263734852-1518306851-1126385063-3004 sambaPrimaryGroupSID: S-1-5-21-4263734852-1518306851-1126385063-1401 sambaHomeDrive: U: sambaHomePath: \\smb.example.com\homes sambaProfilePath: \\smb.example.com\profiles\Administrator sambaLogonScript: Administrator.cmd sambaLMPassword: 570992575A0E7CAAC2265B23734E0DAC sambaNTPassword: 9B0166BEA503BA881D5BAC85EB8C93FA sambaPwdLastSet: 1064935056 userPassword:: e1NTSEF9QmFBbyt2Q2VEdGZ1Ylh4YlByL3FrYlF6TnBRaS9ud3k= --- # root, Users, EXAMPLE, COM dn: uid=root,ou=Users,dc=EXAMPLE,dc=COM objectClass: top objectClass: inetOrgPerson objectClass: posixAccount objectClass: sambaSAMAccount cn: root sn: root uid: root homeDirectory: /home//root loginShell: /bin/bash gecos: System User description: System User sambaLogonTime: 0 sambaLogoffTime: 2147483647 sambaKickoffTime: 2147483647 sambaPwdCanChange: 0 sambaPwdMustChange: 2147483647 displayName: System User sambaAcctFlags: [UX] sambaHomeDrive: U: sambaHomePath: \\smb.example.com\homes sambaProfilePath: \\smb.example.com\profiles\root sambaLogonScript: root.cmd gidNumber: 0 sambaSID: S-1-5-21-4263734852-1518306851-1126385063-1000 sambaPrimaryGroupSID: S-1-5-21-4263734852-1518306851-1126385063-1001 uidNumber: 0 sambaLMPassword: 570992575A0E7CAAC2265B23734E0DAC sambaNTPassword: 9B0166BEA503BA881D5BAC85EB8C93FA sambaPwdLastSet: 1064932432 userPassword:: e1NTSEF9VnY2aEFLZFhOQ2NxSFJSMkc0K1dwcFk2a2p5MkZ4Sk0= -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] I have something to say
Good Bye! Samba list forever. -- My Shoes fell off! -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Samba 3.0.0 + ADS authentication and login
My analysis of the source code indicates that winbindd(the nsswitch related ones) is broken in 3.0 for 'non-trusted' domains. In other words, it cannot handle accounts of its own domain(be it a Samba PDC/BDC or in your case a member server of a domain). -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] get_domain_user_groups: You should fix it, NT doesn't like that
Running Samba 3.0 on Linux 2.4.21 with acl patch. The NT box is an NT 4 SP 6 Server. The Samba is set up as a PDC. I have a file F:\c.txt, which is owned by user usera with Special Access (of Take Ownership, only) given to user userb. If I log in as userb and try to do take ownership on that file we get the error "Access Denied" from the GUI and immediately in the log, I see: [2003/09/30 11:12:11, 0] rpc_server/srv_util.c:get_domain_user_groups(371) get_domain_user_groups: primary gid of user [usera] is not a Domain group ! get_domain_user_groups: You should fix it, NT doesn't like that usera's primary group is users: usera:x:1001:100::/dev/null:/bin/false The group `users' is in /etc/group: users::100: which is groupmap'd to Domain Users: Domain Users (S-1-5-21-938323123-1062378614-4074567964-513) -> users Which makes the entry in the log file seem nonsensical. After this error occurs in the log (/var/log/samba/log.ntbox), I try logging in as usera and I received the following error from the GUI: "The local policy of this system does not permit you to log on interactively." If I restart Samba the usera can log in again fine. Any thoughts on what I might be doing wrong? Thanks, Erik. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Samba 3.0.0 compile problems (with gssapi headers)
Hello, I have a compile problem concerning samba-3.0.0 (final) with gssapi on a Solaris 9 machine. I don't know how to fix this, so any suggestions are welcome. Situation: We use LDAP to authenticate logins of a group of users, so I want to use this LDAP directory also from samba. (Openldap-2.1.22 was compiled with BerkeleyDB.4.1, heimdal-0.6 kerberos, and cyrus-sasl-2.1.13). After a configure of samba-3.0.0 (final) with minimal options (see configure info below), but inclusion of the libraries that we need later for OpenLDAP support I get the following type of errors: ... In file included from include/includes.h:425, from dynconfig.c:21: /usr/local/heimdal/include/gssapi.h:50: warning: redefinition of `OM_uint32' /usr/include/gssapi/gssapi.h:87: warning: `OM_uint32' previously declared here /usr/local/heimdal/include/gssapi.h:52: warning: redefinition of `gss_uint32' /usr/include/gssapi/gssapi.h:64: warning: `gss_uint32' previously declared here /usr/local/heimdal/include/gssapi.h:64: conflicting types for `gss_name_t' /usr/include/gssapi/gssapi.h:57: previous declaration of `gss_name_t' ... [cut] many many more lines of the same type [cut] ... make: *** [dynconfig.o] Error 1 There are other gssapi libraries in the box from the SUNWhea SunOS Header Files package that I cannot de-install without breaking lots of things. So I provided the lib and include dirs at the configure command (see below). Why does the compilation go wrong, and what can I do to fix the problem? Suggestions are welcome. Regards, Olaf. Samba configure and make commands used: = We use gcc version 3.2.3. # cd samba-3.0.0/source # export PATH=$PATH:/usr/local/bin:/usr/ccs/bin # export CPPFLAGS="-I/usr/local/openldap/include \ -I/usr/local/ssl/include \ -I/usr/local/heimdal/include" # export LDFLAGS="-L/usr/local/openldap/lib \ -R/usr/local/openldap/lib \ -L/usr/local/ssl/lib \ -R/usr/local/ssl/lib \ -L/usr/local/heimdal/lib \ -R/usr/local/heimdal/lib" # ./configure --prefix=/usr/local/samba-3.0.0 \ --with-smbwrapper \ --with-included-popt Apart from some non-fatal configure warnings, it creates the Makefile. # make Using FLAGS = -g -O2 -I./popt -Iinclude -I/usr/local/src/samba-3.0.0/source/include -I/usr/local/src/samba-3.0.0/source/ubiqx -I/usr/local/src/samba-3.0.0/source/smbwrapper -I. -I/usr/local/openldap/include -I/usr/local/ssl/include -I/usr/local/heimdal/include -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64 -I/usr/local/src/samba-3.0.0/source LIBS = -lsendfile -lsec -lgen -lresolv -lsocket -lnsl -ldl LDSHFLAGS = -G -L/usr/local/openldap/lib -R/usr/local/openldap/lib -L/usr/local/ssl/lib -R/usr/local/ssl/lib -L/usr/local/heimdal/lib -R/usr/local/heimdal/lib LDFLAGS = -L/usr/local/openldap/lib -R/usr/local/openldap/lib -L/usr/local/ssl/lib -R/usr/local/ssl/lib -L/usr/local/heimdal/lib -R/usr/local/heimdal/lib Generating smbd/build_options.c Building include/proto.h creating /usr/local/src/samba-3.0.0/source/include/proto.h Building include/wrepld_proto.h creating /usr/local/src/samba-3.0.0/source/include/wrepld_proto.h Building include/build_env.h creating /usr/local/src/samba-3.0.0/source/nsswitch/winbindd_proto.h creating /usr/local/src/samba-3.0.0/source/web/swat_proto.h creating /usr/local/src/samba-3.0.0/source/client/client_proto.h creating /usr/local/src/samba-3.0.0/source/utils/net_proto.h Compiling dynconfig.c In file included from include/includes.h:425, from dynconfig.c:21: /usr/local/heimdal/include/gssapi.h:50: warning: redefinition of `OM_uint32' /usr/include/gssapi/gssapi.h:87: warning: `OM_uint32' previously declared here /usr/local/heimdal/include/gssapi.h:52: warning: redefinition of `gss_uint32' /usr/include/gssapi/gssapi.h:64: warning: `gss_uint32' previously declared here /usr/local/heimdal/include/gssapi.h:64: conflicting types for `gss_name_t' /usr/include/gssapi/gssapi.h:57: previous declaration of `gss_name_t' /usr/local/heimdal/include/gssapi.h:76: conflicting types for `gss_ctx_id_t' /usr/include/gssapi/gssapi.h:55: previous declaration of `gss_ctx_id_t' /usr/local/heimdal/include/gssapi.h:78: redefinition of `struct gss_OID_desc_struct' ... [cut] ... In file included from include/includes.h:425, from dynconfig.c:21: /usr/local/heimdal/include/gssapi.h:340:1: warning: "GSS_C_CALLING_ERROR_MASK" redefined In file included from /usr/include/rpc/rpcsec_gss.h:25, from /usr/include/rpc/rpc.h:40, from include/includes.h:375, from dynconfig.c:21: /usr/include/gssapi/gssapi.h:302:1: warning: this is the location of the previous definition In file included from include/includes.h:425, from dynconfig.c:21: ... [cut] ... /usr/local/heimdal/include/gssapi.h:746:
[Samba] (no subject)
I can never get any help on this list. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] [Fwd: Winbind under 3.0
Andrew Bartlett wrote: I was using obey pam restrictions because I had the line: session requiredpam_mkhomedir.so skel=/etc/skel umask=0022 What was the rest of this file? Good question, this is where the answer lay. Check what you have for the 'account' line - make sure it's valid by checking what you have for SSH etc. Otherwise, this looks like a pretty normal setup. Right. For those working with Debian, the Samba 3.0 package seems to work with common-file includes. I'm presuming Debian is going that way? Great idea, but the common-account include didn't have the winbind.so line. Did that and now, we're golden! obey pam restrictions is set to yes again, and home directories are autocreated. Thanks much for the clue. -- -Ron + God's got a heaven for coutnry trash -- Johnny Cash -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] 3.0.0 rc4 /LDAP problem
Hi all- I've configured samba (3.0.0 rc4) with ldap (openldap 2.0.27-8) (and when testing using 'net groupmap list' I'm getting the following errors: Failed to bind to server with dn= cn=Manager,dc=my-domain,dc=org Error Can't contact LDAP server (unknown) Lib/smbldap.c:smbldap_search(924) smbldap_search: LDAP server is down! Passdb/pdb_ldap.c: ldapsam_setsamgrent(2048) ldapsam_setsamgrent: LDAP search failed: Can't contact LDAP server Etc., etc. Slapd is running, and I'm able to add entries to the ldap server using both ldapadd and smbldap-useradd.pl, I can also connect via phpLDAPAdmin all with the same credentials. I've tried uninstalling samba and openldap and starting from scratch, but it doesn't seem to help. I've done most of the configuration (aside from a bit of tweaking for samba3) using the Samba-LDAP-PDC howto from Idealx. I don't seem to be getting any errors anywhere but when I try to do anything through samba. I've added the ldap admin dn password (smbpasswd -w) and now I'm stuck. Any help would be greatly appreciated, if I haven't provided enough information, please let me know. Thanks, mark -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Security Question
I have disabled the root user in smbpasswd but I can still use the root account to access shares, Why? -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] SWAT listing Winbindd as not running
When I go into SWAT, and click on the Status button, it shows smbd and nmbd running, but winbind says 'not running'. But when I do the following, it shows it's running just fine.. I'm running the latest stable release of samba 3.0. I have noticed this behavior since the first RC of samba 3, and I assumed it would be fixed on the way to final release.. Is this a bug in SWAT, or maybe a hint that something isn't configured with my winbind properly, hinting to a problem that I submitted in another email to this list recently, with subject "Using WINBIND and the latest samba 3". [EMAIL PROTECTED] root]# ps -ax | grep winbind 2456 ?S 0:00 /usr/sbin/winbindd 2457 ?S 0:00 /usr/sbin/winbindd [EMAIL PROTECTED] root]# /etc/init.d/winbind status winbindd (pid 2457 2456) is running... Gabriel Matthews Network Support Cinergy Communications "No. I am your father." -Darth Vader, leader, devoted parent, and friend to all. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Samba 3.0.0 + ADS authentication and login
Hi list, At a customer site, we have a number of Linux workstations (Mandrake 9.1) with samba 2.2.7a installed running in an NT domain. We use winbindd to do user authentication against the domain server via pam_winbind. When logging in a first time, we create the local user's home directory with pam_mkhomedir. We mount the user's network ressources with pam_mount. This all works very fine. The organization is now migrating from NT to ADS, and we have to provide the same behaviour as before. I installed samba 3.0.0 stable on a test workstation, and configured it as per HOWTO. I was able to successfully join the machine into the ADS domain. The "net ads group" and "net ads user" commands work fine. Logging in as a domain user against the domain server succeeds, but winbindd does not provide the local uid/gid. The next pam modules (login and kde3) report "User not known to the underlying authentication module", so login fails. In the documentation there is no detailed howto for configuring winbindd so that it authenticates with LDAP/Kerberos and creates the local idmap uid and gid for the user. A minimum configuration example would be nice here. I guess that once this step is OK, the next step of creating the local user's directory structure with pam_mkhomedir would work like before... Can anyone help me with this? Robert -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Several privileged users
Hi, I have to setup a samba-3 configuration where several users have the right to join a machine in the domain. I've done a test with "username map between root and a user" but this solution is not acceptable because the user is considered as root even for a normal login (the user's informations (sambaProfile,...) are not used) Is this a workaround ? Thank you, Raphaël -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] bad encryption type when accessing AD member server
Can you send the default debian krb5.conf? I would like to see what the differences are with my krb5.conf. Thanks. On Tue, Sep 30, 2003 at 11:45:35AM +0200, Henning Holtschneider wrote: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA1 > > On Monday 29 September 2003 17:59, Henning Holtschneider wrote: > > > I'm trying to access a Samba 3.0 server (running on Debian unstable) in an > > Active Directory environment. I successfully joined the domain, klist shows > > my Kerberos ticket(s) and I can use smbclient -k to access a Windows 2000 > > server. However, when I try to access a share on the Samba machine from a > > Windows 2000 client, I'm being asked for the password and Samba logs: > > [...] > > [2003/09/29 13:17:02, 3] libads/kerberos_verify.c:ads_verify_ticket(317) > > ads_verify_ticket: krb5_rd_req with auth failed (Bad encryption type) > > I replaced Debian's default krb5.conf (which looks like MIT Kerberos' sample > file) with the minimum configuration described in the Samba documentation and > finally the connection from the Windows clients works! Don't know why I > didn't try that earlier ... > > Sorry about the noise, > > <-gninneH<- > - -- >__ _ ____ Henning Holtschneider > / / ___ ___ _/ |/ /__ / /_ <[EMAIL PROTECTED]> > / /__/ _ \/ __/ _ `// -_) __/ > //\___/\__/\_,_/_/|_/\__/\__/ ...net happens! > -BEGIN PGP SIGNATURE- > Version: GnuPG v1.2.1 (GNU/Linux) > > iD8DBQE/eVC/P9goCV2uudcRArZOAJ9RWeUl/H8umC19zZLZy8NZ58UHCACfcI3q > M0tr3nsdEy02fli9vC+2MAY= > =mnRw > -END PGP SIGNATURE- > > -- > To unsubscribe from this list go to the following URL and read the > instructions: http://lists.samba.org/mailman/listinfo/samba -- --- Derek T. Yarnell University of Maryland Computer Science Department Unix Staff [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] samba3: domain member server: user mapping problem (ldap)
Hi Jelmer, > > idmap backend = ldap:ldap://leibniz.rsidus.riege.de, and not > > > > idmap backend = ldapsam:ldap://leibniz.rsidus.riege.de > > ^^^ > Thanks, I fixed it in the documentation. You may change it there as well: - example §5.3 - §20.1: ( at bootom of page): If idmap backend has been specifies as ldapsam:url ... The text about using winbind on BDCs and member servers at the end of paragraph 5.3 would be of great help in paragraph 6.3 as well. ;) Overall this idmap / winbind thing was merged quite late with the Howto I suppose, because I did not read it when I set up the PDC / BDC ( about the time when rc1/rc2 came out ) and the chapter on winbind still seems to have the winbind 2.2 in mind - overall winbind now seems to be able to act as a snap in replacement for nss_ldap/pam_ldap, but on the other hand I tend to stick with the latter in a plain linux server environment. > > b) am I supposed to use winbind at all? I am already using pam_ldap and > > nss_ldap on the server. The winbind settings are: > > > > idmap uid = 1-2 > > idmap gid = 1-2 > > winbind trusted domains only = yes > > > > The UIDs/GIDs actually used in LDAP are in between 600 and 3000. > I figure idmap is not working correctly (or it's supposed to work > differently as the last time I looked at it..) > > c) net groupmap still does not list anything. > 'net groupmap list' does not give any output _at all_ ? no, it just maps everything to -1: [EMAIL PROTECTED] samba]# net groupmap list System Operators (S-1-5-32-549) -> -1 Replicators (S-1-5-32-552) -> -1 Guests (S-1-5-32-546) -> -1 Domain Admins (S-1-5-21-1454018726-3595976858-1671193852-512) -> -1 Domain Guests (S-1-5-21-1454018726-3595976858-1671193852-514) -> -1 ... while on the PDC/BDC it is more like this: [EMAIL PROTECTED] schlegel]# net groupmap list Domain Admins (S-1-5-21-4157288312-2978303034-1700589767-2201) -> administratoren Domain Users (S-1-5-21-4157288312-2978303034-1700589767-512) -> smbuser Domain Guests (S-1-5-21-4157288312-2978303034-1700589767-514) -> nobody develop (S-1-5-21-4157288312-2978303034-1700589767-3013) -> develop ... however, wbinfo -g gives output on BDC and member server: [EMAIL PROTECTED] samba]# wbinfo -g RIEGE\Domain Admins RIEGE\Domain Users RIEGE\Domain Guests RIEGE\develop ... Maybe net groupmap is not intended / necessary on member servers using winbind? The SIDs get mapped in a correct way now except for the following issue. > > d) In windows the system still shows the rights as [member > > server]\username instead of DOMAIN\username. No hints on this one? > > e) do I have to adjust the member servers SID? It created it's own one > > and it is different from the domains SID. > Have you joined the domain correctly? definitely. net rpc join, and it succeeded and the PDC added the account in the ldap tree. > Each workstation also has it's own > SID, so that shouldn't be a problem. This is what I expects, I am just not sure whether the member servers SID has to partly match the domains SID or something like this. I think I figured out that my main problem ( d), member server name instead of domain name in from of the users name ) is gone if I change the SID of the member server, on the other hand I expect things to get odd and break if the SID is not unique... regards, Gunther -- Gunther SchlegelRiege Software International GmbH Manager System AdministrationMollsfeld 10 40670 Meerbusch, Germany Email: [EMAIL PROTECTED] Phone: +49-2159-9148-0 Fax: +49-2159-9148-11 - Disclaimer: You may grab my GPG key from http://www.keyserver.net . A nonproportional font is recommended for reading. signature.asc Description: This is a digitally signed message part -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] File not found error when opening from a shortcut
I know this might not really be a Samba problem but since a lot of you guys have to deal with people using Access databases stored on Samba servers I though I'd ask anyway. I have a Samba 2.2.8a PDC that have some Access database files and I got a weird problem when trying to open a file from a shortcut. When I open it directly I don't have any problem but if I do a shortcut to it, Access will open the file and then put a File not found error after the file is loaded. I tried with another user and it didn't make that error. Anybody has an idea why it's doing that? BTW I have veto oplock files = /*.dba/*.dbm/*.mdb/*.MDB/ in my smb.conf file Jean-Rene Cormier -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Samba, Redhat 9.0, Not doign ACl.. (cannot load Userlist at this time)
I think I've seen similiar thing. Let's try a couple of things 1. on client site, try login as a brand new domain account to make sure the PDC still can do authentication. We just want to make sure the authentication communication between pdc and the client machine are OK. If the client is win xp don't forget to set the registry key. 2. If you can ssh to the RH 9 pdc with a normal user account. When this happen to me last time I found myself I can not ssh to the pdc box other than root account. The root cause is that the mod was screwed up in /etc directory. Make sure the mod of /etc is 755. Regards Ron Liu Information Technology Consultant Biology Department San Jose State University 408-924-4860 [EMAIL PROTECTED] -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Brad Langhorst Sent: Monday, September 29, 2003 7:13 AM To: Damien Roy Cc: [EMAIL PROTECTED] Subject: Re: [Samba] Samba, Redhat 9.0, Not doign ACl.. (cannot load Userlist at this time) On Mon, 2003-09-29 at 09:01, Damien Roy wrote: > this is something which every where I have searched they have said, this can't happen.. you can't get a list of users using samba as the PDC, you need to be running a 2k or higher PDC. > this can work... try samba3 brad -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] SWAT: chdir failed - the server is not configured correctly
Hello! Hmm, all of a sudden SWAT started to respond. Now when I try to access http://server:901/, I get: 500 Server Error chdir failed - the server is not configured correctly I created a tiny smb.conf in /opt/samba-3.0.0/lib/smb.conf which contains: root_s07nfs:/opt/samba-3.0.0/samba/bin/ > cat /opt/samba-3.0.0/lib/smb.conf [global] workgroup = EUROPE netbios name = S07NFS server string = Samba 3.0.0 Server %v on %h interfaces = ge0 lo0 bind interfaces only = Yes [alexseins] comment = Share fuer Alexander Skwar path = /tmp valid users = vz6tml write list = vz6tml short preserve case = Yes browseable = No I put the configuration file in /opt/samba-3.0.0/lib/smb.conf, because it seemed to be the most senseful output of "strings /opt/samba-3.0.0/samba/bin/swat | grep smb.conf". What am I doing wrong? Thanks a lot, Alexander Skwar -- -> Keine Kopien senden - ich lese die Listen in denen ich schreibe! <- -> Do not CC me on replies - I read the list in which I write! <- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Using WINBIND and the latest samba 3
I've been tooling with this for a while, and I need some help... please!! :) Here's what I'm trying to do. I want a samba server to work with winbind, so that when I type 'getent passwd' it shows a list of local users, as well as my domain user list. I want a user to be able to ssh into the machine using their NT 4 domain username, like domain\username. That's pretty much it. Here's what I have done thus far to accomplish this, to no avail. I have Redhat 9. I have installed samba 3.0 from the .rpm file from samba's site.. I have edited the .conf file to look like it does at the bottom of this email. I have put /etc/init.d/smb and winbind in the /rc.3/ folder so that they will start up automatically on reboot. I have edited nsswitch.conf to look like it does at the bottom of this email. I have even gone so far as to edit the passwd file in /etc/pam.d/ to look like it does in the Samba HOWTO's instructions on Winbind, included at the bottom. I can type 'wbinfo -u' and it shows me the full-on list of all users. I can join the domain with 'net rpc join -S PDC -U admin%passwd' and receive a 'joined domain successfully' response. Everything that I do seems to be working fine, except for some reason my machine is not looking to winbind for its authentication. In the HOWTO, it says that after you join the domain, and can type 'wbinfo -u(g)' and receive proper results, then you should be able to type 'getent passwd' and get proper results as well. But at that point I am coming to a stop. Is there something I'm missing perhaps? Was the RPM file for redhat 9 compiled excluding some special option that I need to accomplish this task? If so, I can certainly compile it from source, but I need to know what option to include so I can know what results to expect. Or perhaps just some step in the configuration that I'm missing? I'm working on a deadline here and I need to get this working soon, so any help anyone can offer me would be greatly appreciated.. Thanks again! --Reference Material: Location of HOWTO I am referring to: /usr/share/swat/help/Samba-HOWTO-Collection.html Contents of /etc/samba/smb.conf: [global] workgroup = DOMAIN server string = FRODO security = SERVER password server = LUKE log file = /var/log/samba/log.%m max log size = 50 socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 preferred master = No local master = No domain master = No dns proxy = No wins server = 192.168.1.2 ldap ssl = no idmap uid = 1-2 idmap gid = 3-4 Contents of /etc/nsswitch.conf: (note: There are other lines in this file, but I have left them default, the passwd and group lines are the only ones I have edited) passwd: files winbind shadow: files group: files winbind Contents of /etc/pam.d/passwd and /etc/pam.d/login [EMAIL PROTECTED] samba]# cat /etc/pam.d/passwd #%PAM-1.0 auth required pam_stack.so service=system-auth accountrequired pam_stack.so service=system-auth password required pam_stack.so service=system-auth [EMAIL PROTECTED] samba]# cat /etc/pam.d/login #%PAM-1.0 auth required pam_securetty.so auth sufficient pam_winbind.so auth sufficient pam_UNIX.so use_first_pass auth required pam_stack.so service=system-auth auth required pam_nologin.so accountsufficient pam_winbind.so accountrequired pam_stack.so service=system-auth password required pam_stack.so service=system-auth sessionrequired pam_stack.so service=system-auth sessionoptional pam_console.so Gabriel Matthews Network Support Cinergy Communications "No. I am your father." -Darth Vader, leader, devoted parent, and friend to all. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] [Fwd: Winbind under 3.0
On Tue, 2003-09-30 at 05:34, Ron Garcia-Vidal wrote: > Jelmer Vernooij wrote: > > >>So under 2.8 this was happening, until I realized I hadn't installed > >>libpam-smbpass. Once I did this, access was granted. After I upgraded > >>I checked that all relevant packages were at 3.0beta2 and they were, > >>including libpam-smbpass. So am I missing another library? Am I > >>missing something in my smb.conf file? Here's the output of testparm: > >> > >> > >libpam-smbpass is not required to make samba work correctly. It is of > >absolutely no use when you put it inside /etc/pam.d/samba. > > > Well, under 2.8 it didn't work until I installed that library. Maybe a > quirk with my setup. No biggie, your statement is certainly true for 3.0. > > >>~obey pam restrictions = Yes > >> > >> > >^^ obey pam restrictions is only useful if you have 'encrypt passwords = > >no' This is incorrect. 'obey pam restrictions' is about using pam's account and session management code, despite using encrypted passwords. > > > I was using obey pam restrictions because I had the line: > > session requiredpam_mkhomedir.so skel=/etc/skel umask=0022 What was the rest of this file? > in pam.d/samba, in order to autocreate home directories when users > accessed via smb. Setting "obey pam restrictions" to no (or commenting > it out) fixed the access problem I was having (Thanks very much!) but > now home directories aren't being autocreated. This is minor and will > probably only result in mild annoyance on the part of my users, but if > anyone knows of a way I can have my cake and eat it too, please do tell! Check what you have for the 'account' line - make sure it's valid by checking what you have for SSH etc. Otherwise, this looks like a pretty normal setup. Andrew Bartlett > -- > -Ron > > + > God's got a heaven for coutnry trash -- Johnny Cash -- Andrew Bartlett [EMAIL PROTECTED] Manager, Authentication Subsystems, Samba Team [EMAIL PROTECTED] Student Network Administrator, Hawker College [EMAIL PROTECTED] http://samba.org http://build.samba.org http://hawkerc.net signature.asc Description: This is a digitally signed message part -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] AD SAMBA Kerberos participation with other AD Kerberised services
On Tue, 2003-09-30 at 21:41, Andrew Smith-MAGAZINES wrote: > Hi All, > > anyone else found that adding a Samba server to an AD domain > appears to be incompatible with using an AD Kerberos realm to > provide other Kerberised services such as NFS from the same > UNIX host? > Problem I have is that when you join an AD domain thorough > Samba 3.x net command this creates a computer account in the > AD to which the administrator does not know the account password. > If you following MS guidelines for configuring other UNIX > Kerberised services to authenticate against a Windows Kerberos > realm (AD domain) you are instructed to use a user account not > a computer account because to generate a keytab file for your > Kerberised service you must know the password for the Kerberos/AD > account. > As you cannot have an AD computer account with the same name as > an AD user account it would seem to me that using Kerberised > Samba is mutually exclusive with providing generic Kerberised > UNIX services from a single UNIX machine. Surely this will cause > many people problems if this is the case, have I missed something? This issue is intended to be addressed - but you can find out the (current) machine account password - just read the plaintext out of the secrets.tdb (root-only access, naturally). Either tdbtool, or a simple 'less' should show it. I think there may even have been some patches flying about to fix this, but I'm not sure... Feel free to file a bug (if there is not one already present) into bugzilla.samba.org Andrew Bartlett -- Andrew Bartlett [EMAIL PROTECTED] Manager, Authentication Subsystems, Samba Team [EMAIL PROTECTED] Student Network Administrator, Hawker College [EMAIL PROTECTED] http://samba.org http://build.samba.org http://hawkerc.net signature.asc Description: This is a digitally signed message part -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] minimize uid usage when doing 'net join' through 'add machine script' ?
On Sun, 2003-09-28 at 17:22, gary ng wrote: > Hi, > > The 'add machine script' and 'add user script' is very > handy in creating samba user accounts and joining > machines to domain. > > However, the 'add machine script' needs to first > create a 'unix account' in order for samba to proceed > and create the necessary SID entry. This unix account > is no longer used after this process(at least I have > deleted it and not seeing any side effect yet). So is > it possible to bypass the 'uid must exist first' > requirment ? Samba 3.0 may enforce this requirement much more strictly (due to changes in our sid->uid code), and the uid is still in use - as you *must not* have two machines with the same SID. (which is based on the UID). You have 2^32 uids on most systems - I'm sure you won't miss them... Andrew Bartlett -- Andrew Bartlett [EMAIL PROTECTED] Manager, Authentication Subsystems, Samba Team [EMAIL PROTECTED] Student Network Administrator, Hawker College [EMAIL PROTECTED] http://samba.org http://build.samba.org http://hawkerc.net signature.asc Description: This is a digitally signed message part -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Cannot start SWAT on Solaris 8 server - libiconv.so.2: open failed: No such file or directory
Hi! I'm having some trouble getting SWAT to run on a Solaris 8 server of mine. On this server, SWAT is started through inetd: root_s07nfs:/opt/ > grep swat /etc/inetd.conf swatstream tcp nowait.400 root/opt/samba-3.0.0/samba/bin/swat swat When I go to http://server:901/, I see this in the browser window: ld.so.1: swat: fatal: libiconv.so.2: open failed: No such file or directory I suppose this is because libiconv.so.2 is in /usr/local/lib: root_s07nfs:/opt/ > ls -la /usr/local/lib/libiconv.so.2 /usr/local/lib/libiconv.so.2.1.0 lrwxrwxrwx 1 root other 17 Sep 30 13:18 /usr/local/lib/libiconv.so.2 -> libiconv.so.2.1.0 -rwxr-xr-x 1 bin bin 1138992 Jan 27 2003 /usr/local/lib/libiconv.so.2.1.0 I guess, this is because /usr/local/lib isn't in a path the dynamical linker searches when looking for libraries. I tried to add /usr/local/lib to this path by running crle: root_s07nfs:/opt/ > crle Configuration file [3]: /var/ld/ld.config Default Library Path (ELF): /usr/lib:/usr/local/lib:/usr/local/ssl/lib Trusted Directories (ELF):/usr/lib/secure (system default) Command line: crle -c /var/ld/ld.config -l /usr/lib:/usr/local/lib:/usr/local/ssl/lib Even after restarting inetd, login via browser is not possible. Hm. When I run smbd, the path configured with crle is used for searching libraries. Any ideas how I can get swat to work? Thanks a lot, Alexander Skwar -- /* * We used to try various strange things. Let's not. */ 2.2.16 /usr/src/linux/fs/buffer.c -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] unable to save share permissions changes with 3.0
No, I don't have ACLs enabled on the filesystem. However, I thought the share level permissions were coded in share_info.tdb, and didn't rely on the filesystem ACL capabilities? Cheers, Eamonn On Tue, 2003-09-30 at 12:32, Jelmer Vernooij wrote: > On Tue, 2003-09-30 at 14:16, Eamonn Hamilton wrote: > > Hi. > > > > I'm trying to change the permissions on a samba share on my system. I've > > connected to it using W2K and tried adding an account to the access list > > as a trial, but when I try and save it I get "access denied". My domain > > account is mapped to a local user, and that user is an admin on the > > share. > > > > Any ideas or gotchas I should know? > Do you have POSIX ACL's set up correctly? > > Jelmer > > -- > Jelmer Vernooij http://samba.org/~jelmer/ http://samba.vernstok.nl/ Last > CVS commit: Mon Sep 29 02:39:41 2003 (1d 9h 46m ago) Bugs in bugzilla: > 15 -- Eamonn Hamilton Senior Technical Designer Technical Projects and Design (North) Tel : +44 (0) 1224 333833 Fax : +44 (0) 1224 840032 Email [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] unable to save share permissions changes with 3.0
On Tue, 2003-09-30 at 14:16, Eamonn Hamilton wrote: > Hi. > > I'm trying to change the permissions on a samba share on my system. I've > connected to it using W2K and tried adding an account to the access list > as a trial, but when I try and save it I get "access denied". My domain > account is mapped to a local user, and that user is an admin on the > share. > > Any ideas or gotchas I should know? Do you have POSIX ACL's set up correctly? Jelmer -- Jelmer Vernooij http://samba.org/~jelmer/ http://samba.vernstok.nl/ Last CVS commit: Mon Sep 29 02:39:41 2003 (1d 9h 46m ago) Bugs in bugzilla: 15 signature.asc Description: This is a digitally signed message part -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] unable to save share permissions changes with 3.0
Hi. I'm trying to change the permissions on a samba share on my system. I've connected to it using W2K and tried adding an account to the access list as a trial, but when I try and save it I get "access denied". My domain account is mapped to a local user, and that user is an admin on the share. Any ideas or gotchas I should know? Thanks in advance for any help, Eamonn -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba 2.2.x die?
On Tue, 2003-09-30 at 14:01, Pavel V.Zheltobryukhov wrote: > What about new versions of Samba 2.2? Does this branch collapsed after releasing of > Samba 3.0.0? Most likely there will be only new versions of Samba 2.2 with bugfixes. No new features. Jelmer -- Jelmer Vernooij - http://jelmer.vernstok.nl/ signature.asc Description: This is a digitally signed message part -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Samba 2.2.x die?
What about new versions of Samba 2.2? Does this branch collapsed after releasing of Samba 3.0.0? -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] AD SAMBA Kerberos participation with other AD Kerberisedservices
sorry the MS url is http://www.microsoft.com/technet/treeview/default.asp?url=/technet/prodtechnol/windows2000serv/howto/kerbstep.asp BBCi at http://www.bbc.co.uk/ This e-mail (and any attachments) is confidential and may contain personal views which are not the views of the BBC unless specifically stated. If you have received it in error, please delete it from your system. Do not use, copy or disclose the information in any way nor act in reliance on it and notify the sender immediately. Please note that the BBC monitors e-mails sent or received. Further communication will signify your consent to this. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] AD SAMBA Kerberos participation with other AD Kerberised services
Hi All, anyone else found that adding a Samba server to an AD domain appears to be incompatible with using an AD Kerberos realm to provide other Kerberised services such as NFS from the same UNIX host? Problem I have is that when you join an AD domain thorough Samba 3.x net command this creates a computer account in the AD to which the administrator does not know the account password. If you following MS guidelines for configuring other UNIX Kerberised services to authenticate against a Windows Kerberos realm (AD domain) you are instructed to use a user account not a computer account because to generate a keytab file for your Kerberised service you must know the password for the Kerberos/AD account. As you cannot have an AD computer account with the same name as an AD user account it would seem to me that using Kerberised Samba is mutually exclusive with providing generic Kerberised UNIX services from a single UNIX machine. Surely this will cause many people problems if this is the case, have I missed something? Microsoft instructions for creating keytabs are on this link, <> many thanks Andy. BBCi at http://www.bbc.co.uk/ This e-mail (and any attachments) is confidential and may contain personal views which are not the views of the BBC unless specifically stated. If you have received it in error, please delete it from your system. Do not use, copy or disclose the information in any way nor act in reliance on it and notify the sender immediately. Please note that the BBC monitors e-mails sent or received. Further communication will signify your consent to this. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] samba3: domain member server: user mapping problem (ldap)
On Tue, 2003-09-30 at 12:27, Gunther Schlegel wrote: > > You should set 'security = domain' (that way, the user and group lists > > are retrieved from the PDC), no 'passdb backend'. Though 'idmap backend' > > should be set (SID-to-UID and SID-to-GID mappings can't be retrieved > > from the PDC). > > This is in fact the first configuration I tried because it seemed to be > the "natural" solution. > > I still have some questions and hope you can help me again: > > a) I had to use winbind to get any use of the passdb backend setting. > However, in opposite to the HowTo Collection §10.2.3 / Example table > 10.1 the line in smb.conf had to be > > idmap backend = ldap:ldap://leibniz.rsidus.riege.de, and not > > > idmap backend = ldapsam:ldap://leibniz.rsidus.riege.de > ^^^ Thanks, I fixed it in the documentation. > b) am I supposed to use winbind at all? I am already using pam_ldap and > nss_ldap on the server. The winbind settings are: > > idmap uid = 1-2 > idmap gid = 1-2 > winbind trusted domains only = yes > > The UIDs/GIDs actually used in LDAP are in between 600 and 3000. I figure idmap is not working correctly (or it's supposed to work differently as the last time I looked at it..) > c) net groupmap still does not list anything. 'net groupmap list' does not give any output _at all_ ? > d) In windows the system still shows the rights as [member > server]\username instead of DOMAIN\username. > > e) do I have to adjust the member servers SID? It created it's own one > and it is different from the domains SID. Have you joined the domain correctly? Each workstation also has it's own SID, so that shouldn't be a problem. -- Jelmer Vernooij - http://jelmer.vernstok.nl/ signature.asc Description: This is a digitally signed message part -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] higher ascii characaters in smbusers, success!
Hi list, Update: originally i wanted to post a question, but in writing i thought of things that finally led me to the solution. This i wanted to share with the community in case it can help. Sorry if this is a FAQ, but I had no luck searching for it. I have a working Samba 2.2.5 installation on SuSE8.1. I have two users on a windows client called Torge (that's me) and Ga&ediaresis;lle (interpreted as HTML special character) You could also write Ga\"elle (TeX convention), but fact is: there is a higher ascii character in the name, that i prefer not to get rid of. I have users for the same two persons on the server called: toh and: gab my smbusers file reads something like this: toh = torge gab = gaelle ga?lle I (toh=torge) can log on impeccably to the server, while my partner (gab=gaelle) is blocked. The log says: [2003/09/29 11:57:18, 1] smbd/password.c:pass_check_smb(545) Couldn't find user 'ga211lle' in passdb. Where the 211 is written in reverse graphics. Now my question is: what should i put in the place of the question mark in my smbusers file? Thanks in advance, Torge P.S.: Answer: with some cat'ing and >>'ing i managed to put the exact character from the log into the smbusers and it worked. Note though that just less'ing and copying into vi with the mouse would not work. -- Using M2, Opera's revolutionary e-mail client: http://www.opera.com/m2/ -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] samba3: domain member server: user mapping problem (ldap)
Hi Jelmer, thanks for your message. > You should set 'security = domain' (that way, the user and group lists > are retrieved from the PDC), no 'passdb backend'. Though 'idmap backend' > should be set (SID-to-UID and SID-to-GID mappings can't be retrieved > from the PDC). This is in fact the first configuration I tried because it seemed to be the "natural" solution. I still have some questions and hope you can help me again: a) I had to use winbind to get any use of the passdb backend setting. However, in opposite to the HowTo Collection §10.2.3 / Example table 10.1 the line in smb.conf had to be idmap backend = ldap:ldap://leibniz.rsidus.riege.de, and not idmap backend = ldapsam:ldap://leibniz.rsidus.riege.de ^^^ b) am I supposed to use winbind at all? I am already using pam_ldap and nss_ldap on the server. The winbind settings are: idmap uid = 1-2 idmap gid = 1-2 winbind trusted domains only = yes The UIDs/GIDs actually used in LDAP are in between 600 and 3000. c) net groupmap still does not list anything. d) In windows the system still shows the rights as [member server]\username instead of DOMAIN\username. e) do I have to adjust the member servers SID? It created it's own one and it is different from the domains SID. regards, Gunther -- Gunther SchlegelRiege Software International GmbH Manager System AdministrationMollsfeld 10 40670 Meerbusch, Germany Email: [EMAIL PROTECTED] Phone: +49-2159-9148-0 Fax: +49-2159-9148-11 - Disclaimer: You may grab my GPG key from http://www.keyserver.net . A nonproportional font is recommended for reading. signature.asc Description: This is a digitally signed message part -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Problem when upgrading to samba 3.0.0
On Tue, 2003-09-30 at 12:25, Manuel Arenaz wrote: > Hello, > > I am using samba 2.2.5 as file and print server. > I want to upgrade to samba 3.0.0, but when I use > samba 3.0.0 the name of some files is displayed > using chinese-like characters. > > Furthermore, the uploading/downloading of windows > printer drivers to/from the servers seems to be > affected by the problem because the PCL code > generated by the driver contains strange control > characters. > > How can I solve this problem? > > Thanks in advance and congratulations for your > great work. Read the unicode chapter of the Samba HOWTO Collection. Jelmer -- Jelmer Vernooij - http://jelmer.vernstok.nl/ signature.asc Description: This is a digitally signed message part -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Problem when upgrading to samba 3.0.0
Hello, I am using samba 2.2.5 as file and print server. I want to upgrade to samba 3.0.0, but when I use samba 3.0.0 the name of some files is displayed using chinese-like characters. Furthermore, the uploading/downloading of windows printer drivers to/from the servers seems to be affected by the problem because the PCL code generated by the driver contains strange control characters. How can I solve this problem? Thanks in advance and congratulations for your great work. -- Manuel Arenaz <[EMAIL PROTECTED]> -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] USRMGR Adding Users
I am having troubles getting the user manager to add users. It gives me an incorrect parameter. I am using samba 3.0 final. I am also using the tdbsam backend. I noticed in pdbedit it does not have the [u ] under account flags. It adds the user, but it does not show up in the user manager for domains (but it gets put inside of the pwdb and /etc/passwd) here is my config. log file = /var/log/samba/log.%m load printers = yes socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 logon drive = H: domain master = yes username map = /etc/samba/smbusers encrypt passwords = yes hosts allow = 127. 172.16. passdb backend = tdbsam logon home = \\sentinel\%U wins support = yes dns proxy = no server string = ECS PDC Samba Server logon script = %U.bat local master = yes workgroup = ECS logon path = os level = 33 printcap name = /etc/printcap security = user preferred master = yes passwd program = /usr/bin/passwd %u add user script = /usr/sbin/useradd -m -g domuser %u delete user script = /usr/sbin/userdel -r %u add group script = /usr/sbin/groupadd -r %g delete group script = /usr/sbin/groupdel %g add user to group script = /usr/bin/gpasswd -a %u %g delete user from group script = /usr/bin/gpasswd -d %u %g set primary group script = /usr/sbin/usermod -g '%g' '%u' add machine script = /usr/sbin/useradd -d /dev/null -g 100 -s /bin/false -M %u max log size = 50 domain logons = yes -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] FYI: Samba 3.0 news @ TheInquirer.net
FYI, I'm just a lurker and not an expert on samba, but I have fond memories of the joy of discovering and installing an ancient version of the samba 1.x port to OS/2, and running it under OS/2 Warp 3.0 (back when even IBM didn't include peer-to-peer LAN networking on the OS) as early as in mid-1994 or early-1995. ( http://www.jacco2.dds.nl/samba/samba2.html ) This was before I discovered Linux and the *ix world. Well, I thought that the 3.0 release of samba was something worth reporting about, hence I wrote this: Samba quietly turned 3.0 Networking for the masses, even SCO. http://www.theinquirer.net/?article=11830 Please, email any comments, flames and/or corrections via private mail please, to avoid polluting this list. Regards Fernando Cassia -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] bad encryption type when accessing AD member server
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Monday 29 September 2003 17:59, Henning Holtschneider wrote: > I'm trying to access a Samba 3.0 server (running on Debian unstable) in an > Active Directory environment. I successfully joined the domain, klist shows > my Kerberos ticket(s) and I can use smbclient -k to access a Windows 2000 > server. However, when I try to access a share on the Samba machine from a > Windows 2000 client, I'm being asked for the password and Samba logs: > [...] > [2003/09/29 13:17:02, 3] libads/kerberos_verify.c:ads_verify_ticket(317) > ads_verify_ticket: krb5_rd_req with auth failed (Bad encryption type) I replaced Debian's default krb5.conf (which looks like MIT Kerberos' sample file) with the minimum configuration described in the Samba documentation and finally the connection from the Windows clients works! Don't know why I didn't try that earlier ... Sorry about the noise, <-gninneH<- - -- __ _ ____ Henning Holtschneider / / ___ ___ _/ |/ /__ / /_ <[EMAIL PROTECTED]> / /__/ _ \/ __/ _ `// -_) __/ //\___/\__/\_,_/_/|_/\__/\__/ ...net happens! -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.1 (GNU/Linux) iD8DBQE/eVC/P9goCV2uudcRArZOAJ9RWeUl/H8umC19zZLZy8NZ58UHCACfcI3q M0tr3nsdEy02fli9vC+2MAY= =mnRw -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Help Samba2.2.8.a "status:access denied, unable to connect"
All Any help would be great I have just upgraded our samba server to v2.2.8a all went well apart form a couple of windows 2000 clients I am now getting "status:access denied, unable to connect". Which is a big pain as my accounts dept cant print!. We are not using a PDC setup just a simple Workgroup set-up. workgroup = ANVIL security = user password server = %m guest account = nobody encrypt passwords = no mangle case = yes os level = 35 printing = sysv printcap name = /etc/printcap load printers = yes print command = /usr/ucb/lpr -P%p -r %s preferred master = yes [printers] comment = All Printers printable = yes writable = no guest = yes Any help would be great... Cheers Philip Philip Grisedale Systems Administrator Anvil Software Ltd -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Samba 3.0.0, Windows 2003, join succeeding but not working
Facing a strange problem with Samba 3.0.0 in a Windows 2003 domain. The net ads join works just fine, but a testjoin shows that the domain hasn't been joined and winbind user/group enumeration services, etc don't work after that. Kerberos is working fine too independently. Time has been sync'ed. Tried with both server signing auto and server signing off. The error message is: kerberos_kinit_password [EMAIL PROTECTED] failed: Preauthentication fail ed kerberos_kinit_password [EMAIL PROTECTED] failed: Preauthentication fail ed Join to domain is not valid The setup is as follows: Samba server (client for Windows 2003): etafps, 10.110.1.7 Windows 2003 PDC (remote): dcdelads01, 10.101.1.51 Windows 2003 BDC (LAN): etaalwads01, 10.110.1.1 I've uploaded the following files and logs to my web site since they're rather large: http://kandalaya.org/samba/smb.conf /etc/samba/smb.conf http://kandalaya.org/samba/krb5.conf/etc/krb5.conf http://kandalaya.org/samba/hosts/etc/hosts http://kandalaya.org/samba/join.log join.log (output of net join -d 3) http://kandalaya.org/samba/net-status.txt net-status.txt (output of net ads status) http://kandalaya.org/samba/winbind.log winbind.log (debug 9 output from winbind after the supposed join) http://kandalaya.org/samba/all.zip all these files zipped up Regards, -- Raju -- Raj Mathur[EMAIL PROTECTED] http://kandalaya.org/ GPG: 78D4 FC67 367F 40E2 0DD5 0FEF C968 D0EF CC68 D17F All your domain are belong to us. It is the mind that moves -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE: Spam and Viruses on the Samba mailing list was: RE: [Samba] Re:samba Digest, Vol 9, Issue 41
hehe.. This is OT too but I'm just wondering... "intelligent auto responder" Can you name me a few??? I'm curious.. Cheers, Mun Heng, Ow H/M Engineering Western Digital M'sia DID : 03-7870 5168 -Original Message- From: Jason Balicki [mailto:[EMAIL PROTECTED] Sent: Tuesday, September 30, 2003 5:45 AM To: 'Darrik Spaude' Cc: [EMAIL PROTECTED] Subject: OT: Spam and Viruses on the Samba mailing list was: RE: [Samba] Re:samba Digest, Vol 9, Issue 41 Darrik Spaude wrote: >I've been getting a lot of messages with attachments on this >list, but I >haven't opened any of the e-mails to see if the attachments >were legitimate. >I also started getting tons of "MS Security...", "Microsoft", >etc. e-mails >with attachments which I have not opened either (especially >figuring that >the "Microsoft" e-mail contains a virus, although our filter >should have >caught that one...). > >Anyone else getting loads of MS e-mails or Samba list e-mails with >attachments? A lot of the traffic being generated (specifically the ones referencing Microsoft) off this list recently is because of the Gibe or Swen (same thing) worm. Do a google search for this if you're interested in the details. While this is a problem, another generator of useless traffic off this list is the Outlook "Out of the office" autoresponder and misconfigured email servers that bounce messages back to the list for one reason or another (usually a virus laden message will trigger this.) Take this as a kindly reminder to those of you who administer your mail servers to try and do something (like: stop your virus notification programs -- most new email worms and viruses forge the sender anyway so you're not doing anyone any favors). Also, those of you who are tempted to tell the world that you're on vacation: don't. If you must, use an intelligent auto responder that you can filter out the mailing lists that you belong to. If your first instinct is to say "that's too hard" please remove yourself from any mailing list you belong to and have someone hurl empty Pringles cans at you for eternity. Every time I post to the Samba list I get at least half a dozen "Out of the office" replies (sometimes more, depends on the season) and it triggers another round of viruses sent to me. Anyway, rant over. --J(K) -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Re: announce as ... whatif? Faking Samba to be a W2k machine?
Aii! It's bad form to reply to yourself. But for anyone who cares (since I didn't come across this anywhere). announce version = displays the following when 'properties' is clicked on under a win2kro: 5.0 = Windows 2000 Server 5.1 = Windows Server (This is the same as clicking on a 2003 Server). Alex Alex wrote: Hi, Quick q. Has anyone tried this, and what's the success/failure of this? Changing param/loadparm.c : /* Types of machine we can announce as. */ #define ANNOUNCE_AS_NT_SERVER 1 #define ANNOUNCE_AS_WIN95 2 #define ANNOUNCE_AS_WFW 3 #define ANNOUNCE_AS_NT_WORKSTATION 4 static const struct enum_list enum_announce_as[] = { {ANNOUNCE_AS_NT_SERVER, "NT"}, {ANNOUNCE_AS_NT_SERVER, "NT Server"}, {ANNOUNCE_AS_NT_WORKSTATION, "NT Workstation"}, {ANNOUNCE_AS_WIN95, "win95"}, {ANNOUNCE_AS_WFW, "WfW"}, {-1, NULL} }; And adding Windows 2000 Server or Windows 2003 Server in there? BTW: What WOULD be the correct string for that? I'm curious. :-) Alex -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Re: samba Digest, Vol 9, Issue 41
I have been getting those "MS Security thingys as well. On Tue, 2003-09-30 at 07:01, Darrik Spaude wrote: > I've been getting a lot of messages with attachments on this list, but I > haven't opened any of the e-mails to see if the attachments were legitimate. > I also started getting tons of "MS Security...", "Microsoft", etc. e-mails > with attachments which I have not opened either (especially figuring that > the "Microsoft" e-mail contains a virus, although our filter should have > caught that one...). > > Anyone else getting loads of MS e-mails or Samba list e-mails with > attachments? > > -Original Message- > From: John Gray [mailto:[EMAIL PROTECTED] > Sent: Monday, September 29, 2003 3:59 PM > To: [EMAIL PROTECTED] > Subject: [Samba] Re: samba Digest, Vol 9, Issue 41 > > > Anyone else getting viruses attached to these lists? > > -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] RE : S3+CUPS+PDF pseudo printer : print command not functional on service
Thanks for your answer. So for my PDF printer, I switched back to BSD printing (calling cups-lpd), and keeped the local (to PDF printer) print command definition. It works now. I still had to add to cups (which automatically generates the /etc/printcap file) a fake printer with the name of the pdf printer (to avoid the loss of the manual addendum to /etc/printcap for the pdf printer). Best regards, Jerome Message d'origine De: Buchan Milne [mailto:[EMAIL PROTECTED] Date: lun. 9/29/2003 16:02 À: [EMAIL PROTECTED] Cc: Jérôme Fenal Objet: Re: S3+CUPS+PDF pseudo printer : print command not functional on service -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 > Message: 14 > Date: Fri, 26 Sep 2003 17:45:11 +0200 > From: J?r?me Fenal <[EMAIL PROTECTED]> > Subject: [Samba] S3+CUPS+PDF pseudo printer : print command not > functional on service > To: <[EMAIL PROTECTED]> > Message-ID: > <[EMAIL PROTECTED]> > Content-Type: text/plain; charset="iso-8859-1" > > Hi all, > > I've just set up a Samba 3.0.0 PDC (LDAP+nss) on FreeBSD 5.1, with CUPS as default print stack, which begins to work nicely. > I'm configuring a PDF pseudo printer, with the following share : > > [pdfwriter] > comment = Imprimante PDF : génère un fichier PDF > printing = bsd > path = /var/tmp > printable = Yes > print command = /usr/local/bin/printpdf -u %U -h %M %s 2>/dev/null > lpq command = > > This very same config (except that %u is replaced here by %U) used to work nicely on Samba 2.2.7a, with cups on stock RH9. The print command was used, and CUPS would not see anything concerning 'pdfwriter'. > > No more on S3, I have in the log : > > [2003/09/26 15:30:19, 0] printing/print_cups.c:cups_job_submit(756) > Unable to print file to pdfwriter - server-error-not-accepting-jobs > > So I think that S3 does not honor any more the 'print command' when specified in printable share when using CUPS. > > Can anyone confirm this is a bug, or point me to my error ? You can't use 'print command' if you have 'printcap name = cups' in the global section. Regards, Buchan - -- |--Another happy Mandrake Club member--| Buchan MilneMechanical Engineer, Network Manager Cellphone * Work+27 82 472 2231 * +27 21 8828820x202 Stellenbosch Automotive Engineering http://www.cae.co.za GPG Key http://ranger.dnsalias.com/bgmilne.asc 1024D/60D204A7 2919 E232 5610 A038 87B1 72D6 AC92 BA50 60D2 04A7 -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.2 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQE/eDturJK6UGDSBKcRAntjAKCcsJWdeNtgPoJh/wAp4aNR6uicRgCfdn1R ri2qMx1MAu2t0eT4tFIQ5ko= =Pybh -END PGP SIGNATURE- * Please click on http://www.cae.co.za/disclaimer.htm to read our e-mail disclaimer or send an e-mail to [EMAIL PROTECTED] for a copy. * This e-mail and any attachment is for authorised use by the intended recipient(s) only. It may contain proprietary material, confidential information and/or be subject to legal privilege. It should not be copied, disclosed to, retained or used by, any other party. If you are not an intended recipient then please promptly delete this e-mail and any attachment and all copies and inform the sender. Thank you. LogicaCMG global sponsors, Gartner Symposium, Cannes, 4th -7th November 2003 http://symposium.gartner.com/story.php.id.3323.s.5.html Please note that LogicaCMG does not have control over content from,or availability of, this website ** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. LogicaCMG ** -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] problem to publish printer driver with samba 3.0 beta
Hi, I am using samba 3.0 beta as a PDC with ldap authentication. I am using cups printing and I am not able to publish printer driver for windows clients with samba 3.0 beta. In samba 2.2.x this feature was there (make_printerdef) what is the option in samba 3.0 so that i can configure this. please mail a cc at [EMAIL PROTECTED] any help really appreciated. thanks in advance. Yahoo! India Matrimony: Find your partner online. Go to http://yahoo.shaadi.com -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba