[Samba] Domain Trust and smbclient error.
I am trying to get a W2K server to trust a samba 3.0 server. I followed the directions in the InterdomainTrusts.html file and receive an error that the domain is not found when trying to trust it. my samba server is configured to use pam to authenticate. I had to add a user named "w2kdomain$" on the machine before I could run smbpasswd -a -i w2kdomain. Once I did that, it created the user just fine. If I run smbclient -L sambaserver -U localusername and enter my password, it uses pam to authenticate it (i am running log level 5 to verify this). If I run the same command on another box (different version of samba/smbclient), it fails. The log file shows that at the same point of authentication, there's some pop_sec_ctx calls and then "unix authentication failed for user username". I'm scratching my head at this point.. my smb.conf is miminal, security = user, encrypt passwords = no any ideas? tom -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] limiting authentication duration
Question 1: Is there a way to keep an authentication to a Samba share from lasting indefinitely? I am implementing a Linux file server for a network of machines all running Windows 98 SE. (Redhat 9, Samba 2.2.7a, share-level security.) Once a user provides a valid password and connects to a Samba share, Samba allows that client machine to access that share indefinitely. In our office each machine may not be used by the same user every day. If Joe connects to a Samba share on Monday by providing the proper password, then Mary uses that client machine on Tuesday, she will have access to the share without needing the password. Is there a way to make Samba ask for the password again? Initially I thought I could just set the deadtime and keepalive options so the connection would be terminated if it is not used for a while. But apparently Windows just autoreconnects. I tried restarting the Samba service but that doesn't work either. Even "smbcontrol smbd close-share * " doesn't prevent autoreconnection. In the O'Reilly book "Using Samba" (second edition) the section on Share-Level Security mentions a REVALIDATE=YES option which I thought might be relevant. However testparm identifies this as an "unknown parameter". (BTW, revalidate does not appear in the index nor in the Configuration Option appendix of the second edition, so I suspect this is a deprecated option, although it was not removed from the text.) Related, but slightly different Question 2: Is there a way for a user on a Windows client to get Samba to ask for a new password? Suppose I have a share such as: [data] path = /var/project1/data username = mary, admin read only = yes write list = admin If mary connects to the share, then asks me to come assist her and I need to write to the share from the Windows machine she is using, how can I terminate her authentication so I can connect with my password and get write privileges? I'm new at this, so if any of my terminology is not right please let me know so I can get it right next time. Doc Dawson Longwood Family Medicine Longwood, Florida [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Samba 3.0 is WORKING
> Due mainly to the help that this list provided, I am now able to > successfully deploy Linux/Samba servers in our corporate domain, and allow > remote offices to function as part of our vast windows domain. Things are > working, and the $$$ it has saved us is almost unmeasurable. Can you elaborate on the $$$ savings? I would like to know.. for example, how much $$$ would be saved by using samba/linux as a server for an enterprise class business. talk in terms of $$ savings, downtime savings, config problems ..stufss like that. I'm running a small samba/linux web/file server for my dept and the only thing I can come out with is $$$ in terms of windows 2000 server licensing fees .. eg: USD10K for 15 users?? >>Ok, thanks a lot for this :-). I hate to admit it but sometimes >>the endless bug reports kind of get you down :-) :-) :-). Don't get down, you guys are doing a _wonderful_ job to benefit all humankind. ( hehe.. if I may exgragerate - dang I don't even know how to spell that word) Opening windows to a wider world Yeah!! Cheers, .^. Mun Heng, Ow/V\ H/M Engineering /( )\ Western Digital M'sia ^^-^^ DID : 03-7870 5168 The Linux Advocate -Original Message- From: Jeremy Allison [mailto:[EMAIL PROTECTED] Sent: Wednesday, October 08, 2003 5:29 AM To: Gabriel Matthews Cc: Samba Mailing List Subject: Re: [Samba] Samba 3.0 is WORKING On Tue, Oct 07, 2003 at 04:25:51PM -0500, Gabriel Matthews wrote: > > I would just like to give a success report, since this list gets mostly > bugs and questions.. > > Due mainly to the help that this list provided, I am now able to > successfully deploy Linux/Samba servers in our corporate domain, and allow > remote offices to function as part of our vast windows domain. Things are > working, and the $$$ it has saved us is almost unmeasurable. > > Again, thanks for your help, and keep up the good work!! It took me a > while to admit it, but heck, samba is pretty cool.. ;) Ok, thanks a lot for this :-). I hate to admit it but sometimes the endless bug reports kind of get you down :-) :-) :-). That was much appreciated :-). Cheers, Jeremy. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] pdb_mysql not working for me
On Mon, 2003-10-06 at 21:42, Andrew St. Denis wrote: > I have been attempting to setup Samba 3 with mysql authentication for some > time now and I keep see the following error in both the log.smbd and when > running pdbedit: > > ./pdbedit: relocation error: /usr/local/samba3/lib/pdb/mysql.so: undefined > symbol: mysql_init > > I have searched google and the newsgroups and the only reference I found to > mysql_init has to do with perl modules and not samba. Any ideas? Looks like a problem with exporting symbols. What OS are you running? In the meantime, try running ./configure --with-expsam=mysql --with-static-modules=pdb_mysql Jelmer -- Jelmer Vernooij - http://jelmer.vernstok.nl/ signature.asc Description: This is a digitally signed message part -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] userGroupRid and groupmapping
Hi ! When I create a user with samba-ldap tools, the userRid is calculated if the -x option is set. The userGroupRid is calculated too. But is the groumapping is enabled, the SambaPrimaryGroupSID not correspond with SambaSID of groupmapping (Embedded image moved to file: pic11538.pcx) (Embedded image moved to file: pic19912.pcx) And in logfile, I can found : [2003/10/07 10:46:51, 0] rpc_server/srv_util.c:get_domain_user_groups(371) get_domain_user_groups: primary gid of user [spucom] is not a Domain group ! get_domain_user_groups: You should fix it, NT doesn't like that I think that's a BUG. can you help me ? thank you Stéphane Purnelle --- Stéphane PURNELLE [EMAIL PROTECTED] Service Informatique Corman S.A. Tel : 00 32 087/342467-- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Problems with some wbinfo tests
Hi! I have installed samba-2.2.8a in three Red Hat 7.3 machines, and, although it is working fine, I get the follwing errors with some wbinfo tests: wbinfo -a user%password plaintext password authentication failed error code was NT_STATUS_INVALID_PARAMETER (0xc00d) Could not authenticate user % with plaintext password challenge/response password authentication succeeded wbinfo -r user Could not get groups for user I am afraid that these errors may indicate that potential problems may arise, sush as using Squid´s external acl helpers to get the windows groups of our users. My configuration options for Samba were the following: /configure --prefix=/usr/local/squid --with-pam --with-pam_smbpass \ --with-winbind --with-winbind-auth-challenge What may be going wrong? Thanks in advance, Carlos. _ Voce quer um iGMail protegido contra vírus e spams? Clique aqui: http://www.igmailseguro.ig.com.br Ofertas imperdíveis! Link: http://www.americanas.com.br/ig/ -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Samba 3.0.0: "force user" not working
Hi, a few days ago I upgraded to Samba 3.0.0. The upgrade worked flawlessly. I just wonder why the "force user" setting does no longer work like it should.. This is an excerpt from my smb.conf-file: [200a3i] path = /home/www_200a3i/public_html valid users = peter, niklas admin users = peter force user = www_200a3i force group = www Usually one expects that these settings make samba use the user www_200a3i from /etc/passwd to create files / folders. But it doesn't, it uses root instead. However, the "force group" settings works just fine. Any suggestions? Greetings, Peter Buecker -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba 3.0 is WORKING
On Tue, Oct 07, 2003 at 04:25:51PM -0500, Gabriel Matthews wrote: > > I would just like to give a success report, since this list gets mostly > bugs and questions.. > > Due mainly to the help that this list provided, I am now able to > successfully deploy Linux/Samba servers in our corporate domain, and allow > remote offices to function as part of our vast windows domain. Things are > working, and the $$$ it has saved us is almost unmeasurable. > > Again, thanks for your help, and keep up the good work!! It took me a > while to admit it, but heck, samba is pretty cool.. ;) Ok, thanks a lot for this :-). I hate to admit it but sometimes the endless bug reports kind of get you down :-) :-) :-). That was much appreciated :-). Cheers, Jeremy. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Samba 3.0 is WORKING
I would just like to give a success report, since this list gets mostly bugs and questions.. Due mainly to the help that this list provided, I am now able to successfully deploy Linux/Samba servers in our corporate domain, and allow remote offices to function as part of our vast windows domain. Things are working, and the $$$ it has saved us is almost unmeasurable. Again, thanks for your help, and keep up the good work!! It took me a while to admit it, but heck, samba is pretty cool.. ;) Gabriel Matthews Network Support Cinergy Communications "No. I am your father." -Darth Vader, leader, devoted parent, and friend to all. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] [URGENT! PLZ HELP!] Problems when moving a Samba installation from one Linux box to another
On Tue, 07 Oct 2003 16:59:29 -0300 "Paulo Bernardo Lindoso (Yahoo)" <[EMAIL PROTECTED]> wrote: > Running through all files, I realised that I recreated all user and > computer accounts in /etc/passwd but the UserIDs obviously won't match > the migrated "smbpasswd": for instance, user "haydee" has userid 514 in > /etc/passwd and userid 1007 in /etc/samba/smbpasswd You should have copied users and groups from old server's passwd, group, gshadow and shadow files to new (just copy whole lines). So please delete all your recreated users and do this. Regards, Nerijus P.S. Please do not use URGENT, it usually has opposite effect. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] [URGENT! PLZ HELP!] Problems when moving a Samba installation from one Linux box to another
Hello all, We just bought a new server to migrate our Samba installation, but we are facing some problems with it. Both machines run Samba 2.2.7 configured as PDC for our domain. When migrating, I copied /etc/samba/smb.conf and smbpasswd, and adjusted smb.conf to listen to the new server's IP address. Now all users can log on to the domain and access the Samba shares, but no-one can access shares created from the workstations, either file ou print shares... Running through all files, I realised that I recreated all user and computer accounts in /etc/passwd but the UserIDs obviously won't match the migrated "smbpasswd": for instance, user "haydee" has userid 514 in /etc/passwd and userid 1007 in /etc/samba/smbpasswd I tried to change the UserID field in smbpasswd but to no avail. Is there any simple hack to fix this or do I have to recreate all accounts, take off all machines from the domains and put them back again? Please help! :-) Thanks in advance, Paulo. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] samba acting as bdc
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Brad Langhorst írta: | On Tue, 2003-10-07 at 13:47, Gémes Géza wrote: | | |>If I'm not asking for too much, could you tell us more about the |>fam+rsync setup? |> | | | fam | http://oss.sgi.com/projects/fam/ | | i use fam to call rsync -e ssh /localdir [EMAIL PROTECTED]:/remotedir | to keep from having to use passwords i use the the certificate features | of ssh | | i wrote a perl script using the SGI::Fam module to register files, | detect changes and propagate them using rysnc. | | I later found out that somebody else did something similar: | fam_mirror | http://tldp.org/linuxfocus/common/src/article199/fam_mirror.html | | best wishes | | brad Many Thanks! Best Regards, Geza Gemes -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.2 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQE/gwA2/PxuIn+i1pIRAhBBAJ9hwiy17DJacSIei8Rim69HOAPzeACfVwKR sryf9/6LvX9S52IbtzYQHmM= =HvRN -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] samba acting as bdc
On Tue, 2003-10-07 at 13:47, Gémes Géza wrote: > If I'm not asking for too much, could you tell us more about the > fam+rsync setup? > fam http://oss.sgi.com/projects/fam/ i use fam to call rsync -e ssh /localdir [EMAIL PROTECTED]:/remotedir to keep from having to use passwords i use the the certificate features of ssh i wrote a perl script using the SGI::Fam module to register files, detect changes and propagate them using rysnc. I later found out that somebody else did something similar: fam_mirror http://tldp.org/linuxfocus/common/src/article199/fam_mirror.html best wishes brad -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Install a Printer Driver with no INF file?
Heh, the HOWTO occurred to me right after I sent that e-mail. I've read
the old HOWTO backwards and forwards and felt like I already knew
everything it had to offer, but the new one is so comprehensive -- 80+
pages of printing only!
Thanks very much to those who took the time to do that -- the directions
worked beautifully ('cept that once I installed the AdobePS driver, I
realized that it was black and white only -- as an aside, anyone know a
"generic" driver that does color PS? Right now I'm using a Tek Phaser 140,
but I figured I'd use one that's as vanilla as possible if it exists...).
_ _ _ _ ___ _ _ _
|Y#| | | |\/| | \ |\ | | | Ryan Novosielski - Jr. UNIX Systems Admin
|$&| |__| | | |__/ | \| _| | [EMAIL PROTECTED] - 973/972.0922 (2-0922)
\__/ Univ. of Med. and Dent. | IST/ACS - NJMS Medical Science Bldg - C630
On Mon, 6 Oct 2003 [EMAIL PROTECTED] wrote:
> Hi Ryan,
>
> You should look at the 3.0 Samba-HOWTO-Collection under Chapter 18.
> Classical Printing Support... specifically "Installing Print Drivers
> Using rpcclient"
>
> Long story short you install the drivers locally onto 1 box just to
> determine which files the printer driver uses and where they're put,
> then copy the drivers into Samba's [print$]/W32X86 directory and use
> rpcclient adddriver to install them. You can then associate the printer
> with the installed drivers, and point 'n print works for the arch you
> installed the drivers for. The howto goes into good detail. The
> hardest part is making sure you get your rpcclient adddriver command
> exactly right (quotation marks, colons, commas, filenames, etc... you'll
> see what I mean).
>
> Good Luck!
> ~ Daniel
>
>
> > Disk..." as it comes in an EXE that installs itself to
> > %SYSTEMDRIVE%\SPOOL, etc. I have run into this in the past
> > and simply gave
> > up, but I feel like there has got to be a way to solve it.
> > Perhaps can I
> > somehow get the driver from a Windows machine with it already
> > installed?
>
>
> ---
>
> This message is the property of Time Inc. or its affiliates. It may be
> legally privileged and/or confidential and is intended only for the use
> of the addressee(s). No addressee should forward, print, copy, or
> otherwise reproduce this message in any manner that would allow it to be
> viewed by any individual not originally listed as a recipient. If the
> reader of this message is not the intended recipient, you are hereby
> notified that any unauthorized disclosure, dissemination, distribution,
> copying or the taking of any action in reliance on the information
> herein is strictly prohibited. If you have received this communication
> in error, please immediately notify the sender and delete this message.
> Thank you.
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: http://lists.samba.org/mailman/listinfo/samba
>
--
To unsubscribe from this list go to the following URL and read the
instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] samba acting as bdc
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Brad Langhorst írta: | On Fri, 2003-10-03 at 04:34, Michal Gubik wrote: | |>Hello, |>I am sorry if I anyone asked this before but I would like to know if its |>possible to use samba 3 to backup data including profiles and netlogon |>scripts from samba 3 pdc? If so how can I do it? I tried to search this |>but never found a suciffient answer. |>Michal Gubik | | | see the samba howto collection for how to configure samba | | to have an effective samba pdc you need to keep a few things in sync | 1) password database | 2) netlogon share | 3) user profiles | | | i use fam to detect changes in the latter two and rsync to synchronize | them | | i use replicated ldap to handle the password database. | | best wishes! | | | brad If I'm not asking for too much, could you tell us more about the fam+rsync setup? Thanks in advance Geza Gemes -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.2 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQE/gvwU/PxuIn+i1pIRAh+mAJ0Y529GddfjpmrbHJupdp8wbNUoqACZAd4V PnIEfMpJHhlvMfyo2Y4d+ZU= =UBR/ -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Creating domain group using Samba 2.2.7
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Corina írta: | Hi all, | | Is there any way of creating an NT domain using Samba 2.2.7? The creatgroup option isn't available to me from rpcclient. | | Thanks, | Caro | Sorry I'll have to disapoint you. In my opinion the bigest advantage of 3.0 over 2.2.x is exactly the group support. So if you realy need it I would suggest to upgrade. Best Regards. Geza Gemes -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.2 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQE/gvwM/PxuIn+i1pIRAnSOAJwPYfvshKwEySbZ1YPDaTdVngckOwCfWiVE yyBd5OAG/Q7bNvMGd3vfTn8= =1BVr -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] swat
Hi People. I can't login to swat using the current root password. what can I do? -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Still having touble with Redhat 7.1 and windows 2003 DC authentication.
On Tue, Oct 07, 2003 at 04:34:14PM +0100, Gavin Davenport wrote: > Hi there > > I'm still going round in circles trying to get winbindd authentication > against a 2003 server working. > > I have what appears to be the same problem as: > http://www.ssite.org/articles/view.aspx?class=2&articleid=2 > There's something wrong with the SMB Packet signing on this machine. > > In parallel, I succcessfully built and have got working samba-devel on > FreeBSD 5.1 against the same ADS. > I used these hints: > http://www.mail-archive.com/[EMAIL PROTECTED]/msg33123.html > and it works (using a pretty much identical smb.conf) > Key additions are: > client signing = Yes > server signing = Yes > client use spnego = Yes > > The box I'm having trouble with is a redhat 7.1 box. I've upgraded the > standard 7.1 RPMs re. krb & pam from: > [EMAIL PROTECTED] samba]# rpm -qa | grep krb > pam_krb5-1.31-1 > krb5-libs-1.2.2-24 > krb5-workstation-1.2.2-24 > krb5-devel-1.2.2-24 > krbafs-1.0.5-1 > krbafs-utils-1.0.5-1 > to: > pam_krb5-1.55-1 > krb5-libs-1.2.2-24 > krb5-workstation-1.2.2-24 > krb5-devel-1.2.2-24 > krbafs-1.0.9-2 > krbafs-devel-1.0.9-2 > krbafs-utils-1.0.9-2 > > Using some SRPMs from rh7.3. > > I don't know how to work out what version of Heimdal is within these > packages which samba-3 has linked to. I have read that 2003 server requires > heimdal 1.6 or older, so I went and got that, compiled and built it > (from: ftp://ftp.pdc.kth.se/pub/heimdal/src/) Have you tried using MIT krb5 1.3.1 ? I know the signing works with that release. I'm wondering if Heimdal is doing the subkeys correctly. Jeremy. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Samba 3 - pending print jobs not being shown
Samba 3 linked against cups. I have a problem that is best illustrated when a printer is paused in cups. When looking at the "Printers" folder for a samba server, often documents is "0" even though there may be some pending. Manually refreshing will sometimes cause them to reappear or dissapear. Furthermore, listing jobs for the individual queue is broken too. Occassionally the jobs may reappear, but usually, whether refreshing or not, the jobs aren't shown. I've tried various lpq cache time's without luck. This is with printing = cups and printcap name = cups. For grins I've also tried without the cups libraries linked (with no better luck). The server is on a different subnet than the clients... should that make a difference? I also tried setting printing = sysv and manually specifing the lpq command, and get similarly inconsistent (usually worse, though) results. Is anybody else seeing anything similar? Thanks, ~ Daniel --- This message is the property of Time Inc. or its affiliates. It may be legally privileged and/or confidential and is intended only for the use of the addressee(s). No addressee should forward, print, copy, or otherwise reproduce this message in any manner that would allow it to be viewed by any individual not originally listed as a recipient. If the reader of this message is not the intended recipient, you are hereby notified that any unauthorized disclosure, dissemination, distribution, copying or the taking of any action in reliance on the information herein is strictly prohibited. If you have received this communication in error, please immediately notify the sender and delete this message. Thank you. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] strange error message
On Tue, Oct 07, 2003 at 09:48:06AM -0700, David Bear wrote: > this is interesting. the next question is > 1) why does samba want to connect 'back' to a client sending a print > job? Because Microsoft designed the change notify in Windows printing to work that way I'm afraid. Insane, but true. Jeremy. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] active directory pains
After googling a bit, it seems that only way samba playes with active directory is with samba 3.x I'f been use samba 2.x with 'pass through' authentication and would like to get rid of the pass through auth cause it seems to cause problems. Yet, I don't know if I can trust samba 3 -- Has anyone been able to get a samba 2.x server to join a an Active Directory domain? My assumptions are the joining Active Directory is 'different' than joining an nt style 'domain'. The samba.org sites seems to be devoid if documents detailing what I really want... which is 1) having samba auth users against active directory -- David Bear phone: 480-965-8257 fax:480-965-9189 College of Public Programs/ASU Wilson Hall 232 Tempe, AZ 85287-0803 "Beware the IP portfolio, everyone will be suspect of trespassing" -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Help: could samba 3.0.0 be backed out to a NT BDC ?
Thanks John, for the confirmation. We know your documentation mention about " Samba-3 cannot function as a BDC to an MS Windows NT4 PDC, and Samba-3 can not function correctly as a PDC to an MS Windows NT4 BDC. Both Samba-3 and MS Windows NT4 can function as a BDC to its own type of PDC" in Chapter 6 In case of the new Samba 3.0.0 PDC can not handle the load from the domain, is there any other way to back out it back to NT4 with the current SAM data? Third party utility? John H Terpstra wrote: On Tue, 30 Sep 2003, Larry Liu wrote: Larry, I have found that the easiest way to migrate from NT4 to SAmba3 is to: 1. Use tdbsam as a medium for migration. 2. Before migrating accounts: i. Make sure that you configure your smb.conf carefully ii. Include all the "user/group/machine scripts" iii. Do NOT run smbd before vampire is run. 3. Set up the smb.conf for a Samba-BDC 4. Join the domain before running vampire 5. Then finally run vampire. IF you want to use an LDAP or smbpasswd backend, use pdbedit to migrate the database. - John T. Larry Liu Robert Inerbickler NT Migration Team Sun Microsystems -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] remote windows management
I keep hoping for better wasy to remotely manage windows machines through samba. In the very old samba-tng there was an rpcclient that could connect to a remote machine and do various things like read/write the registry, grab event logs, etc. I could never get it to work very well and waited for a better one. The trouble is the rpcclient program in samba-current doesn't have these features. Is there any work to add these to an rpcclient for samba or are these features moved elsewhere? I really want total control over windows2000/xp box similar to what you get through the mmc -- control user accounts, start/stop services, remote regedit, etc. any pointers? -- David Bear phone: 480-965-8257 fax:480-965-9189 College of Public Programs/ASU Wilson Hall 232 Tempe, AZ 85287-0803 "Beware the IP portfolio, everyone will be suspect of trespassing" -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Samba 3 on stable
Has anyone installed Samba 3 (final) from untesting on a stable version of Debian? Any concerns I should be aware of before giving it a try? Curtis -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] strange error message
this is interesting. the next question is 1) why does samba want to connect 'back' to a client sending a print job? 2) and if it cannot connect, does it deny the print? I think this error below was thrown becuase the user installed kerio personal firewall on her system, ergo, no connection back. On Mon, Oct 06, 2003 at 01:20:42PM -0500, Gerald (Jerry) Carter wrote: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA1 > > David Bear wrote: > | I don't get it. Why is this listed as an error, when the > | return code is 'success'? > > It's a zero'd structure in memory due to a disconnected socket. > Ignore the error code. > > | [2003/10/06 10:35:09, 0] rpc_client/cli_spoolss_notify.c: > | spoolss_connect_to_client(91) > | connect_to_client: unable to connect to SMB server on > | machine PP086134. Error was : SUCCESS - 0. > > Probably either the client doesn't have the server > service running or smbd couldn't resolve the client's name. > > > > > cheers, jerry > ~ -- > ~ Hewlett-Packard- http://www.hp.com > ~ SAMBA Team -- http://www.samba.org > ~ GnuPG Key http://www.plainjoe.org/gpg_public.asc > ~ "You can never go home again, Oatman, but I guess you can shop there." > ~--John Cusack - "Grosse Point Blank" (1997) > > -BEGIN PGP SIGNATURE- > Version: GnuPG v1.2.1 (GNU/Linux) > Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org > > iD8DBQE/gbJ6IR7qMdg1EfYRApK6AKDK6bMNOMEkPFGpTi0jiy9kK4a+cgCbBIBx > W4ZbVOAt1RlffvbmMO7Bm0E= > =K1qy > -END PGP SIGNATURE- -- David Bear phone: 480-965-8257 fax:480-965-9189 College of Public Programs/ASU Wilson Hall 232 Tempe, AZ 85287-0803 "Beware the IP portfolio, everyone will be suspect of trespassing" -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Software-Programmierer sucht neue Herausforderung ...
Sehr geehrte Damen und Herren, ich habe ein Interesse an eine Mitarbeit mit Ihrer Firma. Meine wichtigste Fachrichtung ist die Entwicklung von Individualsoftware und die Beratung im Hardware- und Softwarebereich. Ich besorge jegliche Entwicklung eines kompletten Programms in den Programmiersprachen JAVA, .NET, VB ... Ich kann reibungslos eine Internetapplikation in den Programmiersprachen JSP, PHP, ASP, ASPX, HTM, HTML, DHTML ... bilden. Ich kann mit den Datenbanken Typen von MS SQL, MySQL, Oracle, dbase, Access ... kommunizieren und verwalten. Ich beherrsche die POS Systeme und die RS-232 Kommunikation ( Serial Printer, Barcode Scanner, Line Display, Cash Drawer, MICR, MSR ... ) auf dem Profiniveau. Ich programmiere auch die Java Applikation J2ME ( MIDP/CLDC ... ) für die mobilen Geräte ( Casio, Palm, Nokia, Siemens ... ). Ich kenne mich sehr gut mit Netzwerken und Netzwerkapplikationen aus und bin fähig, sie auf der Administratorebene zu verwalten und eine schlüsselfertige Lösung vorzuschlagen. ( Windows NT/2000/2003 server, Linux ... ) Ich kann bei Ergebnisseauswertung und Übersichtenverarbeitung aus den Ihren verschiedenen Projekte auch helfen. Ich kann jegliche Hardware ( Montage, Installation, Betreuung ) verwalten. Ich beherrsche diese Betriebssysteme: . Windows Server NT/2000/2003 . Windows 95/98/NT/2000/XP . Linux Programmiersprachen: . Java, Java Script . .NET . ASP, ASPX, PHP . XML, XSL . HTML, DHTML . VB, VBA, VB Script, . SQL . WAP Programme: . JBuilder . Elipse . Java J2ME ( MIDP/CLDC .) . MS VS .NET, MS VS 6.0 . Macromedia Flash MX . MS Office XP . MS SQL Server . Oracle . MS Exchange Server . Photopaint . Corel . und andere ... Datenbanken: . Oracle, dBase, FoxPro . MS SQL Server, MySQL, MS Access . Informix, ISAM, Paradox DB . ODBC ... Seit sieben Jahren arbeite ich vor allem mit den deutschen Firmen z.B.: . Rödl & Partner Consulting GmbH . VBH GmbH . Pausch Röntgengerätebau . Sycat . Messweelk . adlersoftware . UBK GmbH . IT focus GmbH . Weigold & Partner Consulting . WEGASOFT GmbH . Soft & System GmbH . IFS Deutschland GmbH & Co KG . wfi WEITERER & FINKE Informationssysteme GmbH . Cancom IT Systeme AG . und andere ... zusammen. Ich bin sehr kreative und habe viele Ideen, die man sicherlich bei der Lösung Ihrer verschiedenen Probleme nutzen könnte. Wenn Sie ein Interesse für eine Zusammenarbeit mit mir hätten, kontaktieren Sie mich bitte auf meine Email-Adresse: [EMAIL PROTECTED] oder telefonisch +420 607 977 493. Ich danke Ihnen für die Zeit, die Sie bei dem Lesen meine Referenzen hingebracht haben. Mit freundlichen Grüßen Michal Vitek Programmierer-analytiker Masarykova 1154/34 CZ-363 01 Ostrov Handy: +420 607 977 493 Email: [EMAIL PROTECTED] http://www.MichalVitek.cz __ This contacts e-mail i found in internet with search maschine. Searching Words: - edv-entwicklung (All the words) Internet Site: - http://www.faqchest.com/linux/samba-l/smb-01/smb-0105/smb01051707_11968.html If you dont wont sent next informations emails, please make you deregistration in this link: http://www.michalvitek.cz/michalvitek/english/[EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] CIFS / mount.cifs
hello, I want to mount my homedirectory from a server to my workstation under linux using CIFS. the command used is mount.cifs. It works fine but there is one probleme i have not yet resolved. I can not create a symbolic link from my homedirctory to local directory but i can create a symbolic link from a local directory to my home directory. I have used the last cifs patch with no new results. Some suggestions please thanks -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] winbindd using FQDN domain name now?
On Tue, Oct 07, 2003 at 08:35:41AM -0500, Gerald (Jerry) Carter wrote: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA1 > > Sorry for the delayed repsonse... > > Adrian Chung wrote: > | As of RC3 and RC4, I've noticed that winbindd's wb_getpwuid function > | is using the form , and > | before, it was simply . > > This is due to new code in smbd that grabs the domain name > from the krb5 principal name. > > | The net effect of what I'm seeing is that users which have a UNIX > | account locally on the samba box and also a domain account are being > | authenticated against the AD DC, but their UIDs are getting resolved > | to the local UNIX UIDs rather than AD UIDs. > > | > |>From XP SP1 boxes that are domain members: > | > | [2003/09/15 15:49:17, 3] > | nsswitch/winbindd_user.c:winbindd_getpwnam(112) > | [ 6453]: getpwnam genosha.enfusion-group.com-adrian > | [2003/09/15 15:49:17, 5] > | nsswitch/winbindd_user.c:winbindd_getpwnam(140) > | no such domain: GENOSHA.ENFUSION > | [2003/09/15 15:49:17, 3] > | nsswitch/winbindd_user.c:winbindd_getpwnam(112) > | [ 6453]: getpwnam GENOSHA.ENFUSION-GROUP.COM-adrian > | [2003/09/15 15:49:17, 5] > | nsswitch/winbindd_user.c:winbindd_getpwnam(140) > | no such domain: GENOSHA.ENFUSION > > You have the wionbind separator set to '-' don't you? > The probl;em here is that you have a '-' in the realm name. I sure did, changed it back to '+' and we're back in business. Thanks! -- Adrian Chung (adrian at enfusion-group dot com) http://www.enfusion-group.com/~adrian/ GPG Fingerprint: C620 C8EA 86BA 79CC 384C E7BE A10C 353B 919D 1A17 [rogue.genosha.enfusion-group.com] up 5 days, 8:51, 2 users -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Still having touble with Redhat 7.1 and windows 2003 DC authentication.
Hi there I'm still going round in circles trying to get winbindd authentication against a 2003 server working. I have what appears to be the same problem as: http://www.ssite.org/articles/view.aspx?class=2&articleid=2 There's something wrong with the SMB Packet signing on this machine. In parallel, I succcessfully built and have got working samba-devel on FreeBSD 5.1 against the same ADS. I used these hints: http://www.mail-archive.com/[EMAIL PROTECTED]/msg33123.html and it works (using a pretty much identical smb.conf) Key additions are: client signing = Yes server signing = Yes client use spnego = Yes The box I'm having trouble with is a redhat 7.1 box. I've upgraded the standard 7.1 RPMs re. krb & pam from: [EMAIL PROTECTED] samba]# rpm -qa | grep krb pam_krb5-1.31-1 krb5-libs-1.2.2-24 krb5-workstation-1.2.2-24 krb5-devel-1.2.2-24 krbafs-1.0.5-1 krbafs-utils-1.0.5-1 to: pam_krb5-1.55-1 krb5-libs-1.2.2-24 krb5-workstation-1.2.2-24 krb5-devel-1.2.2-24 krbafs-1.0.9-2 krbafs-devel-1.0.9-2 krbafs-utils-1.0.9-2 Using some SRPMs from rh7.3. I don't know how to work out what version of Heimdal is within these packages which samba-3 has linked to. I have read that 2003 server requires heimdal 1.6 or older, so I went and got that, compiled and built it (from: ftp://ftp.pdc.kth.se/pub/heimdal/src/) This built me a heimdal subdirectory (I wanted it seperate), which I then configured in the samba.spec file: --with-krb5=/usr/local/heimdal. but the Samba3 srpm wouldn't compile with this version of heimdal - there seemed to be lots of bits missing. smbclient works ok from the Redhat box against the XP, 2003 or FreeBSD SMB Servers, domain authentication works for that. No clients can attach to the redhat server, they all seem to fail for SMB packet signing reasons. I don't really want to change the DC settings, the BSD box works, I'd like to RedHat box to work too :) I would like to know which RPM supplies the right version of heimdal for 2003AD authentication to work, right now I don't know which bit to look at. Anyone got to the end of this struggle with a redhat box this age ?? Winbindd -i -vv shows: client_check_incoming_message: BAD SIG: wanted SMB signature of [000] 08 CE A3 BF F9 D5 1E 09 .Σ¿ùÕ.. client_check_incoming_message: BAD SIG: got SMB signature of [000] 91 F7 B2 53 5B CA EB 3F .÷²S[Êë? signing_good: SMB signature check failed on seq 1! SMB Signature verification failed on incoming packet! failed kerberos session setup with NT_STATUS_OK anonymous connection attempt to BASHFUL from POTATO failed anonymous session setup with NT_STATUS_OK trusted_domains: Could not open a connection to GDA-ADSL.DEMON.CO.UK for PIPE_NETLOGON (NT_STATUS_UNSUCCESSFUL) convert_string_allocate: Conversion error: Illegal multibyte sequence(Ì) convert_string_allocate: Conversion error: Illegal multibyte sequence(Ì) rescan_trusted_domains: Can't find my own domain! Is this a software version thing or is the PDC signing the SMB packets with an old host key ?? Has anyone done ADS authentication on a Redhat 7.1 box/samba 3.0.0 host ?? Gavin Davenport p.s. I've just tried the same build on a redhat 8.0 box. Thats failing for the same reason. Is it a password thing ?? -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Re: Client connection to a samba PDC
On 10/7/03 11:18 AM, in article [EMAIL PROTECTED], "Mark" <[EMAIL PROTECTED]> wrote: > Take a look here... > > http://tinyurl.com/q14m > > http://tinyurl.com/q15d > Thanks for your reply, however I'm running FreeBSD 4.8 not HPUX. My nobody account has a positive user and group ID. It's frustrating because I have been reading google for hours regarding this problem, so the odds are I've seen any article. I see the problem being posted over and over without a solution. Thanks, Clay -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Re: Client connection to a samba PDC
> I want to change my smb password from a windows > clients. It gives says my domain cannot be found and that it cannot > change the password. What surprises me is that after clicking cancel, > it still logs on to the domain it said could not be found. Any clue? Sorry, last post may not have been complete enough. I am receiving the above error running 2.2.8 on FreeBSD 4.8, and the samba log states: [2003/10/07 09:32:09, 2] smbd/reply.c:reply_special(92) netbios connect: name1=CPUXSV01 name2=IPAQDK [2003/10/07 09:32:09, 2] smbd/reply.c:reply_special(111) netbios connect: local=cpuxsv01 remote=ipaqdk [2003/10/07 09:32:09, 0] lib/util_sec.c:assert_gid(114) Failed to set gid privileges to (0,65534) now set to (65534,65534) uid=(0,65534) [2003/10/07 09:32:09, 0] lib/util.c:smb_panic(1094) PANIC: failed to set gid Take a look here... http://tinyurl.com/q14m http://tinyurl.com/q15d Regards, Mark Samba Setup Guide: www.samba.netfirms.com My gpg public key: www.samba.netfirms.com/gnupg/gpg_public.asc -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] file sharing over Internet
you really want to do that. It's all plain text over the internet except the password! Tom On Tue, 2003-10-07 at 00:01, CHEUNG Chi Wai, Chris wrote: > Hi, > > I have setup a Samba in Local network and working perfect. I want to release > my share over Internet > so that my PC at home can access this share at the RUN \\MYIPADDRESS. > Is it possible? > > Cris -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Profile Path Change
Hi, I run samba 2.2.7 (Redhat latest up2dated version) as a PDC here. My users have home directories like: /disk1/b/i/binand /disk2/s/a/samba and so on. I would also like to have a similar system for the profile paths - currently all profiles are in /profiles - making directory listings unbearably slow :-( I'd like my profile to be loaded from /profiles/b/i/binand, for example. There is no problem for the home directories, but how do I tell samba to get the profile path from a program or something? I was looking at %$(envvar) - can I use this somehow? I already have a program that would give out a line like bash$ get_smb_env -p binand PROFILE=/profiles/b/i/binand I somehow need to ask samba to eval this program's output and set profile path as: logon path = \\%L\profiles\%$(PROFILE) TIA, Binand -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Solaris 2.6 rpcsec & MIT krb5-1.3.1 header conflict
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Brian & Olaf, I've entered this as bug 580: ~ https://bugzilla.samba.org/show_bug.cgi?id=580 We'll try to get something straightened out. cheers, jerry Brian Ford wrote: | Please CC me on replies. | | Hi. I am trying to compile samba 3.0.0 on a Solaris 2.6 box. I noticed | that samba needed MIT Kerberos, so I compiled and installed krb5-1.3.1, I | believe, successfully in /usr/local. | | I now think that may have been a mistake. Trying to compile | samba 3.0.0, I get the following: | | Compiling dynconfig.c | In file included from include/includes.h:429, | from dynconfig.c:21: | /usr/local/include/gssapi/gssapi.h:120: warning: redefinition of | `gss_cred_id_t' | /usr/include/rpc/rpcsec_gss.h:60: warning: `gss_cred_id_t' previously | declared here | /usr/local/include/gssapi/gssapi.h:121: warning: redefinition of | `gss_ctx_id_t' | /usr/include/rpc/rpcsec_gss.h:59: warning: `gss_ctx_id_t' previously | declared here | /usr/local/include/gssapi/gssapi.h:172: conflicting types for | `gss_channel_bindings_t' | /usr/include/rpc/rpcsec_gss.h:61: previous declaration of | `gss_channel_bindings_t' | make: *** [dynconfig.o] Error 1 ~ -- ~ Hewlett-Packard- http://www.hp.com ~ SAMBA Team -- http://www.samba.org ~ GnuPG Key http://www.plainjoe.org/gpg_public.asc ~ "You can never go home again, Oatman, but I guess you can shop there." ~--John Cusack - "Grosse Point Blank" (1997) -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.1 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQE/gsZPIR7qMdg1EfYRAjv9AKDfCuWMYGSVIowHxHeYNUVNdDEOBQCg8nyf 4w4r9uyui6S1hMkRWYxxTiM= =ew+x -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] How to join a domain without using the local administrator
Hi there, I've a question about how to add a Win2000 machine without using the administrator account of the win-client. For example, I want to install a client-machine until the local login. Now I want to sent the pc to a different location where the user should only enter his account and password and domain. The useraccount and machineaccount are already created with smbpassed -ma machine% smbpassed -a user useradd machine$ useradd user But now I have to join the client to the domain, using the local administrator of the win-machine and the the linux root-user. Is it possible to join the machine without using both users (admin and root) - so that an "normal" user can join to the domain like Win9x clients can do it ? My Environment: Samba 2.2.8 configured as PDC SuSE Linux 7.2/Kernel 2.4.16 -- Regards, Jens Strohschnitter - *!!!LINUX LINUX LINUX LINUX LINUX!!!* * http://www.jens-strohschnitter.de * - Set the controls for the heart of the sun - -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Re: Client connection to a samba PDC
> I want to change my smb password from a windows > clients. It gives says my domain cannot be found and that it cannot > change the password. What surprises me is that after clicking cancel, it > still logs on to the domain it said could not be found. Any clue? Sorry, last post may not have been complete enough. I am receiving the above error running 2.2.8 on FreeBSD 4.8, and the samba log states: [2003/10/07 09:32:09, 2] smbd/reply.c:reply_special(92) netbios connect: name1=CPUXSV01 name2=IPAQDK [2003/10/07 09:32:09, 2] smbd/reply.c:reply_special(111) netbios connect: local=cpuxsv01 remote=ipaqdk [2003/10/07 09:32:09, 0] lib/util_sec.c:assert_gid(114) Failed to set gid privileges to (0,65534) now set to (65534,65534) uid=(0,65534) [2003/10/07 09:32:09, 0] lib/util.c:smb_panic(1094) PANIC: failed to set gid -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Re: Client connection to a samba PDC
On 10/7/03 6:41 AM, in article [EMAIL PROTECTED], "Timothy Fabunmi" <[EMAIL PROTECTED]> wrote: I'm having the same problem. I'm running 2.2.8 on FreeBSD 4.8. I've scoured google as well, and I can only find posts from people having the problem, never a solution. Any help would be appreciated. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Creating domain group using Samba 2.2.7
Hi all, Is there any way of creating an NT domain using Samba 2.2.7? The creatgroup option isn't available to me from rpcclient. Thanks, Caro -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] winbindd using FQDN domain name now?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Sorry for the delayed repsonse... Adrian Chung wrote: | As of RC3 and RC4, I've noticed that winbindd's wb_getpwuid function | is using the form , and | before, it was simply . This is due to new code in smbd that grabs the domain name from the krb5 principal name. | The net effect of what I'm seeing is that users which have a UNIX | account locally on the samba box and also a domain account are being | authenticated against the AD DC, but their UIDs are getting resolved | to the local UNIX UIDs rather than AD UIDs. | |>From XP SP1 boxes that are domain members: | | [2003/09/15 15:49:17, 3] | nsswitch/winbindd_user.c:winbindd_getpwnam(112) | [ 6453]: getpwnam genosha.enfusion-group.com-adrian | [2003/09/15 15:49:17, 5] | nsswitch/winbindd_user.c:winbindd_getpwnam(140) | no such domain: GENOSHA.ENFUSION | [2003/09/15 15:49:17, 3] | nsswitch/winbindd_user.c:winbindd_getpwnam(112) | [ 6453]: getpwnam GENOSHA.ENFUSION-GROUP.COM-adrian | [2003/09/15 15:49:17, 5] | nsswitch/winbindd_user.c:winbindd_getpwnam(140) | no such domain: GENOSHA.ENFUSION You have the wionbind separator set to '-' don't you? The probl;em here is that you have a '-' in the realm name. cheers, jerry ~ -- ~ Hewlett-Packard- http://www.hp.com ~ SAMBA Team -- http://www.samba.org ~ GnuPG Key http://www.plainjoe.org/gpg_public.asc ~ "You can never go home again, Oatman, but I guess you can shop there." ~--John Cusack - "Grosse Point Blank" (1997) -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.1 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQE/gsEtIR7qMdg1EfYRAuI4AKDQSJXPNEYIJG/9esHfYjq1zd00LACfTfbp VCx/Q3LUEB64othe3hsB8Hg= =6D86 -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Migrating from Samba 2.2 smbpasswd to Samba 3 LDAP
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Tom Hibbert wrote: | Hi there, | | Does anyone have any experience with this? I was wondering about importing | data from a Samba 2.2 smbpasswd file to a Samba 2.2 style LDAP and then | using some perl scripting to update the schemas to samba 3. There is already a conversion script. See ~ examples/LDAP/convertSambaAccount | However there isnt really much info about migrating user | data and stuff from smbpasswd to LDAP at all.. Somewhere | there must be a nice howto or something ;) See the pdbedit manpage for exporting and importing databases. cheers, jerry ~ -- ~ Hewlett-Packard- http://www.hp.com ~ SAMBA Team -- http://www.samba.org ~ GnuPG Key http://www.plainjoe.org/gpg_public.asc ~ "You can never go home again, Oatman, but I guess you can shop there." ~--John Cusack - "Grosse Point Blank" (1997) -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.1 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQE/gr2jIR7qMdg1EfYRAmcOAJ91COCQOinHBzh3ohO3oMne9kR+XwCgg6fj 9N1BlSLh52zrCbGQzOl2eKU= =f8Fn -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba connecting with NIS
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Ben Segbawu wrote: | I just installed samba 3.0 with the --with-netgroup-support | option. I was under the impression this would allow me to | connect to my unix system using NIS authentication. This is apples and oranges. You don't need any extra flags as long as NIS users can be obtained via getpwnam(). You do need to disable 'encrypt passwords' though. And you will also probably need to read up on the 'password level' parameter in smb.conf(5). | # Global parameters | [global] | workgroup = HEALTH | server string = Solaris Samba Server 3.0 | security = SERVER | password server = addc01 This doesn't make sense to me if you want to authenticate against NIS. I think you need to read the HOWTO's again. security = server is for authenticating against a remote SMB server (and this mode has been deprecated in favor of security = domain for several years now). cheers, jerry ~ -- ~ Hewlett-Packard- http://www.hp.com ~ SAMBA Team -- http://www.samba.org ~ GnuPG Key http://www.plainjoe.org/gpg_public.asc ~ "You can never go home again, Oatman, but I guess you can shop there." ~--John Cusack - "Grosse Point Blank" (1997) -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.1 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQE/gr1HIR7qMdg1EfYRAr2TAJ4sWk4ekC46NLSkdW3BLXZfPaFFggCgjJ7U 45s/dgFH27qNNNMxddp0oIo= =keL4 -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] login problem
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Rudi Yanto - Service Solutions wrote: | Hi Andrew, | After I have spend an extra time and I'm starting to get lost and need a help | please from the samba team. | I have a current running samba which is an old version (I think 1.9.16p9) and ... | I have put the old samba copy back and run it works ok with the password and | able to map and see the available share from the server. | Could you please guide me to where the area I should do and look for as I'm | getting lost and need a help. The default was changed from "security = share" to "security = user" between 1.9 and 2.0. This is probably the source of your problems. cheers, jerry ~ -- ~ Hewlett-Packard- http://www.hp.com ~ SAMBA Team -- http://www.samba.org ~ GnuPG Key http://www.plainjoe.org/gpg_public.asc ~ "You can never go home again, Oatman, but I guess you can shop there." ~--John Cusack - "Grosse Point Blank" (1997) -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.1 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD4DBQE/grtKIR7qMdg1EfYRAtc0AJiUlHqWkVnemCCpHz6LZ++HAMZ5AKDfw61P NqfE7mNtH9Xr6Zy2upVw/g== =afTf -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] 3.0 question
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Brad Langhorst wrote: | On Mon, 2003-10-06 at 19:05, Curtis Vaughan wrote: | |>Ok, I'm using ldapsam 2.2 |> |>But I don't understand something. Let me put it this way, can I put |>Samba 3 on the Debian box and it will work, or do I still have to make |>some changes to LDAP on the RedHat server? | | afaik samab3 will not use a samba2 ldap store... It will actually. Use passdb backend = ldapsam_compat:ldap://server cheers, jerry ~ -- ~ Hewlett-Packard- http://www.hp.com ~ SAMBA Team -- http://www.samba.org ~ GnuPG Key http://www.plainjoe.org/gpg_public.asc ~ "You can never go home again, Oatman, but I guess you can shop there." ~--John Cusack - "Grosse Point Blank" (1997) -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.1 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQE/grqVIR7qMdg1EfYRAgtOAKCL3eZA514r1dCoDPvUe6Dtcbmd8wCgqAKj 4arKIpP4pAAfq7oOvOoUysI= =yLSP -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] RE: Samba 3.0 and LDAP as a PDC
If someone answers my question I will even write a howto! > -Original Message- > From: Ganguly, Sapan > Sent: 01 October 2003 13:36 > To: '[EMAIL PROTECTED]' > Subject: Samba 3.0 and LDAP as a PDC > > > Hello all, > > I hope this is an easy one, I've read all the howtos but I'm still very > hazy on how to do this. What I want to do is replace my NT4 PDC with a > Samba 3.0 PDC with an LDAP backend. > > I've got my OpenLDAP up and running with the basic People, Computers and > Groups ou's. > I've put the builtin NT groups in too. > I have Samba 3.0 functioning as a BDC > > The trouble is that the 'net rpc vampire' command isn't working for me, > probably because I haven't defined the smbldap scripts right in smb.conf. > I've put all the relavent bits in smbldap_conf.pm. If anyone has done this > already please may I see a copy of your smb.conf? > > 'net rpc samdump' works, I guess the output from that could be used to > populate the the LDAP, is there a script for that? > > I've also tried the smbldap-migrate-accounts.pl script, to import all the > information from a pwdump of my PDC, this sort of worked but it only > created posix accounts, is this right? Also pwdump.exe does not seem to > dump groups so what are you supposed to use smbldap-migrate-groups.pl > with? > > I think I might be able to work this out if I can just get a look at > someone else's smb.conf. > > Sapan Ganguly > Thales Research > > > > -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE: [Samba] NT4-Samba Migration Test Results
If someone answers my question I'll even write a howto! -Original Message- From: Ganguly, Sapan Sent: 06 October 2003 10:06 To: '[EMAIL PROTECTED]' Cc: '[EMAIL PROTECTED]' Subject: Re: [Samba] NT4-Samba Migration Test Results >Larry, >I have found that the easiest way to migrate from NT4 to SAmba3 is to: >1. Use tdbsam as a medium for migration. >2. Before migrating accounts: > i. Make sure that you configure your smb.conf carefully > ii. Include all the "user/group/machine scripts" > iii. Do NOT run smbd before vampire is run. >3. Set up the smb.conf for a Samba-BDC >4. Join the domain before running vampire >5. Then finally run vampire. > >IF you want to use an LDAP or smbpasswd backend, use pdbedit to migrate >the database. >- John T. John, Would it be possible for you to show us a copy of your smb.conf for each stage of your migration? I'm also interested in how you use pbedit to migrate the database. Thanks, Sapan -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] ldapsam_compat - join workstation to domain problem
Hi there I am using Samba 3.0 release with the ldapsam_compat backend until we are ready to migrate to the new LDAP samba schema. Using the same "root" LDAP user (and smbldap-tools) that Samba 2.28 allowed me to add workstations to the domain successfully, I receive a new error - "No mapping between account names and security IDs was done". When I switch to the domain running on Samba 2, it then joins the user perfectly. I have used the smb-ldap-3-howto as my guideline. The LDAP "root" user's uidNumber and gidNumber are both 0. The primaryGroupID is 512 and the rid is 1000 (I even tried using the name "Administrator" as per the aforementioned howto, but that made no difference anyway). I have mapped the group - [localsid]-512 to the "admins" group (gidNumber 0). I even tried mapping the group [localsid]-1001 to admins group too, but got the same error. I am at my wit's end, as I have scoured google, the Samba mailing lists, the howto's, documentation, etc, and have found no record of this existing error. What could the problem be? On a side note, I did run a test after converting to a ldapsam v3 and ended up with the same error! So it's not the fact that I'm using ldapsam_compat. I have tried adding multiple workstations and it is not caused from any capital letters (as per the same error message appearing apparently in some Samba 2.x setups). Regards Tirone Nel Systems Administrator Club Technology -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Question: Are Samba 2.2.7 (AIX build) + > 2GB file transfers from Win2K supported?
Is there a known limitation with large (> 2GB) files across samba CIFS connections to an AIX samba server? My environment: Server: AIX 5.1 Samba 2.2.7 (from IBM's AIX Toolbox for Linux Applications) JFS Client: Windows 2000 (SP4) Symptoms: Both the AIX and Windows file systems support large files (tested to a size of 12GB). An ftp of a 6.3GB file between both machines works [once ulimit is adjusted is to relieve the default 2GB soft limit on file size.] However when a file copy is attempted using an AIX share mounted on a Windows 2000 client, the copy fails at the 2GB mark. Regards. jon. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Is it possible to join a win2k domain with samba and...
Hi! A got a Windows 2000 DC running with AD. I would like this win2k DC to do the authentication for my Linux clients - When someone login at the Linux client the username and password are verified by the win2k DC. I'm aware that this is no problem, but my question is, if it is possible to mount the users home directories from the win2k DC to the Linux client, so the users will have the same home directory as if they were at a windows client? Regards, Christoffer -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] (no subject)
Hi all, sorry if this has been answered before or is a kind of faq (did'nt found it there). Does anyone knows whether it is possible to change a password (included in the smbpasswd file) via a pop-up window from a Windo$ client. Many thanks in advance. Bye Frank Heckes This message is confidential. If you have received this message in error, please delete it from your system. You should not copy it for any purpose, or disclose its contents to any other person. Internet communications are not secure and therefore Nokia GmbH does not accept legal responsibility for the contents of this message as it has been transmitted over a public network. Thank you. Nokia GmbH, Nokia Networks is a German Company. Further information about the Company is available from its principal offices at Heltorferstrasse 1, D-40472, Düsseldorf, Germany and from the website at http://www.nokia.com/ -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] ntlm_auth does not work with win98
Hello, I am using ntlm_auth from samba-3.0.0 with squid 2.5.STABLE3. Win2k clients can authenticate, but win98 not. In squid cache.log I see: libsmb/ntlmssp.c:ntlmssp_server_auth(278) ntlmssp_server_auth: failed to parse NTLMSSP: My squid.conf has: auth_param ntlm program /usr/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp auth_param ntlm children 2 auth_param ntlm max_challenge_reuses 0 auth_param ntlm max_challenge_lifetime 2 minutes acl AuthorizedUsers proxy_auth REQUIRED http_access allow AuthorizedUsers Regards, Nerijus -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Client connection to a samba PDC
Hi All, I have recently configured my linux box as a pdc on my network and everything seems fine. I can mount shares, enable profile roaming etc... The problem occurs when I want to change my smb password from a windows clients. It gives says my domain cannot be found and that it cannot change the password. What surprises me is that after clicking cancel, it still logs on to the domain it said could not be found. Any clue? Regards Tim -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] userGroupRid and groupmapping (with text correction)
Hi ! When I create a user with samba-ldap tools, the userRid is calculated if the -x option is set. The userGroupRid is calculated too. But if the groupmapping is enabled, the SambaPrimaryGroupSID not correspond with SambaSID of groupmapping. Example : Groupe "Domain Users" : gidNumber 100 displayNameDomain Users objectClasssambaGroupMapping sambaSID S-1-5-21-xx-x-xx-513 sambaGroupType 2 cnUsers User Toto : sambaPrimaryGroupSID S-1-5-21-xx-x-xx-1201 objectClass sambaSamAccount uid toto uidNumber 1092 gidNumber 100 sambaSIDS-1-5-21-xx-x-xx--3184 And in logfile, I can found : [2003/10/07 10:46:51, 0] rpc_server/srv_util.c:get_domain_user_groups(371) get_domain_user_groups: primary gid of user [toto] is not a Domain group ! get_domain_user_groups: You should fix it, NT doesn't like that I think that's a BUG. can you help me ? thank you Stéphane Purnelle --- Stéphane PURNELLE [EMAIL PROTECTED] Service Informatique Corman S.A. Tel : 00 32 087/342467 -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] userGroupRid and groupmapping
Hi ! When I create a user with samba-ldap tools, the userRid is calculated if the -x option is set. The userGroupRid is calculated too. But is the groumapping is enabled, the SambaPrimaryGroupSID not correspond with SambaSID of groupmapping Example : Groupe "Domain Users" : gidNumber 100 displayNameDomain Users objectClasssambaGroupMapping sambaSID S-1-5-21-xx-x-xx-513 sambaGroupType 2 cnUsers User Toto : sambaPrimaryGroupSID S-1-5-21-xx-x-xx-1201 objectClass sambaSamAccount uid toto uidNumber 1092 gidNumber 100 sambaSIDS-1-5-21-xx-x-xx--3184 And in logfile, I can found : [2003/10/07 10:46:51, 0] rpc_server/srv_util.c:get_domain_user_groups(371) get_domain_user_groups: primary gid of user [toto] is not a Domain group ! get_domain_user_groups: You should fix it, NT doesn't like that I think that's a BUG. can you help me ? thank you Stéphane Purnelle --- Stéphane PURNELLE [EMAIL PROTECTED] Service Informatique Corman S.A. Tel : 00 32 087/342467 -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE : [Samba] samba-3 PDC & BDC fail-over with 2 LDAP servers fails
>PDC (also master-ldap) smb.conf >passdb backend = ldapsam:ldaps://master-ldap.lan ldapsam:ldaps://slave-ldap.lan Beware of the comma : use passdb backend = ldapsam:ldaps://master-ldap.lan, ldapsam:ldaps://slave-ldap.lan, guest Jean-Marc -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Re: Venturing into SAMBA-LDAP
Narayanasamy, Sundar wrote: Hi, Finally I have decided to give go ahead for Samba-LDAP. The questions are 1)I have a system that provides LDAP directory access. Is there anyway, I could just point my SAMBA server to point to that and say 'get the users authenticated'? No. You need to integrate samba.schema and populate users. Or do I have to setup a local LDAP and then add Samba to that. You may configure your existing LDAP to work with samba. 2) Could my Samba be just a workgroup to configure LDAP with it or does it have to be a PDC. Works both. greetings Paul -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] login problem
Hi Andrew, After I have spend an extra time and I'm starting to get lost and need a help please from the samba team. I have a current running samba which is an old version (I think 1.9.16p9) and running on solaris 2.5.1 the problem I have with this is the TCP delay which caused an issue with the window client. I have download an update version which is 2.2.7a and I have also installed gcc 3.3 as per recommended and I have installed this successfully I think ! I assume its ok because when I run the testprm and give me no errors although a lots of option which I'm still trying to understand and need a help for clarification from you please. The main problem I have here is that I can see the server which I installed samba on but when I try to double click and to see the share option which I stated in the smb.conf I need to supply the password and the password that I set on the server when I entered in is invalid and hence I cannot make the connection to the server or cannot map the drive also from the window client. I have tried so many combination and no matter what the password I entered in is invalid. I have put the old samba copy back and run it works ok with the password and able to map and see the available share from the server. Could you please guide me to where the area I should do and look for as I'm getting lost and need a help. Thankyou in advance Regards Rudi -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] samba-3 PDC & BDC fail-over with 2 LDAP servers fails
Hi, In samba help: samba-bdc.html there is a section available configs: Possible PDC/BDC plus LDAP configurations include: PDC -> LDAP master, with secondary slave LDAP server. BDC -> LDAP slave server, with secondary master LDAP server. So I configured it so and tested samba's ability to switch over to backup LDAP backend. If both LDAP servers are up, everything is just fine. But when 1 LDAP goes down, samba should understand it and work with another LDAP. Well, I doesn't work for me... PDC (also master-ldap) smb.conf passdb backend = ldapsam:ldaps://master-ldap.lan ldapsam:ldaps://slave-ldap.lan BDC (also slave-ldap) smb.conf passdb backend = ldapsam:ldaps://slave-ldap.lan ldapsam:ldaps://master-ldap.lan case 1) I shut master LDAP down on PDC master-ldap# smbclient -U username -L (it takes about 15 sec to prompt the pwd) Password: session setup failed: Call timed out: server did not respond after 2 milliseconds on BDC slave-ldap# smbclient -U username -L (it takes about 15 sec to prompt the pwd) Password: tree connect failed: Call timed out: server did not respond after 2 milliseconds case 2) I shut slave LDAP down on PDC master-ldap# smbclient -U username -L (it takes about 15 sec to prompt the pwd) Password: tree connect failed: Call timed out: server did not respond after 2 milliseconds on BDC slave-ldap# smbclient -U username -L (it takes about 15 sec to prompt the pwd) Password: session setup failed: Call timed out: server did not respond after 2 milliseconds In logs of both servers: smbldap_search: LDAP server is down! smbldap_search_suffix: Problem during the LDAP search: (unknown) (Can't contact LDAP server) Basically if 1 LDAP goes down, both SAMBA's are down. Anyone got a hint, why it doesn't work? Both SAMBA's can use any LDAP server (master or slave), if only 1 LDAP defined. Best regards, - Rauno Tuul - -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] How to join a domain without using admin or root
Hi there, I've a question about how to add a Win2000 machine without using the administrator account of the win-client. For example, I want to install a client-machine until the local login. Now I want to sent the pc to a different location where the user should only enter his account and password and domain. The useraccount and machineaccount are already created with smbpassed -ma machine% smbpassed -a user useradd machine$ useradd user But now I have to join the client to the domain, using the local administrator of the win-machine and the the linux root-user. Is it possible to join the machine without using both users (admin and root) - so that an "normal" user can join to the domain like Win9x clients can do it ? My Environment: Samba 2.2.8 configured as PDC SuSE Linux 7.2/Kernel 2.4.16 -- Regards, Jens Strohschnitter - *!!!LINUX LINUX LINUX LINUX LINUX!!!* * http://www.jens-strohschnitter.de * - Set the controls for the heart of the sun - -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] How to join a w2000 client to a domain
Hi there, I've a question about how to add a Win2000 machine without using the administrator account of the win-client. For example, I want to install a client-machine until the local login. Now I want to sent the pc to a different location where the user should only enter his account and password and domain. The useraccount and machineaccount are already created with smbpassed -ma machine% smbpassed -a user useradd machine$ useradd user But now I have to join the client to the domain, using the local administrator of the win-machine and the the linux root-user. Is it possible to join the machine without using both users (admin and root) - so that an "normal" user can join to the domain like Win9x clients can do it ? My Environment: Samba 2.2.8 configured as PDC SuSE Linux 7.2/Kernel 2.4.16 -- Regards, Jens Strohschnitter - *!!!LINUX LINUX LINUX LINUX LINUX!!!* * http://www.jens-strohschnitter.de * - Set the controls for the heart of the sun - -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] file sharing over Internet
I don't know, but I don't think its a good idea... many times ISP's will even block such traffic... what I would do is tunnel over SSH... this would make it secure, give you the chance to use compression, cut though a firewall, and still be sharp enough to thinly slice a tomato... you'll have to either set up a box that keeps the tunnel alive or kill the server service on your box, because you'll be connecting to the shares on 127.0.0.1 if you make the tunnel on your box... understand?... I am too tired to try it now, and definetly not awake enough to explain it... On Tue, 7 Oct 2003, CHEUNG Chi Wai, Chris wrote: > Hi, > > I have setup a Samba in Local network and working perfect. I want to release > my share over Internet > so that my PC at home can access this share at the RUN \\MYIPADDRESS. > Is it possible? > > Cris > -- > To unsubscribe from this list go to the following URL and read the > instructions: http://lists.samba.org/mailman/listinfo/samba > -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] file sharing over Internet
Hi, I have setup a Samba in Local network and working perfect. I want to release my share over Internet so that my PC at home can access this share at the RUN \\MYIPADDRESS. Is it possible? Cris -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
