RE : RE : [Samba] samba-3 PDC BDC fail-over with 2 LDAP serversfails
Bonsoir Andrew, I've just tried to test failover with the two syntax. I use ssh tunnel to connect to ldapserver ( using 127.0.0.1 ) With passdb backend = ldapsam:ldap://127.0.0.1:10389/, ldapsam:ldap://127.0.0.1:13389, guest it works after more slowly but it works. I think after 8 times as I can see in log: Connection to LDAP Server failed for the 8 try! [2003/10/13 17:53:36, 0] lib/smbldap.c:smbldap_search(924) smbldap_search: LDAP server is down! [2003/10/13 17:53:36, 0] lib/smbldap.c:smbldap_search_suffix(1075) smbldap_search_suffix: Problem during the LDAP search: (unknown) (Can't contact LDAP server) [2003/10/13 17:53:36, 0] passdb/pdb_ldap.c:ldapsam_setsampwent(939) ldapsam_setsampwent: LDAP search failed: Can't contact LDAP server [2003/10/13 17:53:36, 2] lib/smbldap.c:smbldap_search_suffix(1066) smbldap_search_suffix: searching for:[((uid=*)(objectclass=sambaSamAccount))] [2003/10/13 17:53:39, 2] passdb/pdb_ldap.c:ldapsam_setsampwent(948) ldapsam_setsampwent: 1388 entries in the base! As I can see in the log , samba try to connect at every stage to the first ldapserver ( there is multiple 'Connection to LDAP Server failed for the 8 try!' ) with this syntax : passdb backend = ldapsam:ldap://127.0.0.1:10389 ldap://127.0.0.1:13389;, guest I am not able to connect to the domain second ldap if I stop the first one. I try to search '8 try' in my old cvs samba code without success. The rpm source is different. Thanks for your previous answers. Jean-Marc. -Message d'origine- De : Andrew Bartlett [mailto:[EMAIL PROTECTED] Envoyé : vendredi 10 octobre 2003 10:12 À : jean-marc pouchoulon Cc : 'Rauno Tuul'; [EMAIL PROTECTED] Objet : Re: RE : [Samba] samba-3 PDC BDC fail-over with 2 LDAP serversfails On Tue, 2003-10-07 at 19:58, jean-marc pouchoulon wrote: PDC (also master-ldap) smb.conf passdb backend = ldapsam:ldaps://master-ldap.lan ldapsam:ldaps://slave-ldap.lan Beware of the comma : use passdb backend = ldapsam:ldaps://master-ldap.lan, ldapsam:ldaps://slave-ldap.lan, guest Nope. The comma doesn't matter. passdb backend = ldapsam:ldaps://ldap1 ldaps://ldap2 is what you want. That way, OpenLDAP gets to process the 'ldap url' in whatever way they like - which is how we get this support. BTW, the first ldap server in that list should be the 'closest' server, as OpenLDAP will bind it that first. Andrew Bartlett -- Andrew Bartlett [EMAIL PROTECTED] Manager, Authentication Subsystems, Samba Team [EMAIL PROTECTED] Student Network Administrator, Hawker College [EMAIL PROTECTED] http://samba.org http://build.samba.org http://hawkerc.net -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Mounting windows shares under linux
Has anybody managed to do this automatically (or not) as I am in need of a solution that DOES NOT require the user to enter the command line. Thanks in advance. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Re: domain groups accessing samba share
Hi there Make this: valid users = @LABOR\domain admins write list = @LABOR\domain admins write useres = @LABOR\domain admins What if the domain user doesn't have a local user on the unix machine ? How do I get round that ?? -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of John H Terpstra Sent: 14 October 2003 02:18 To: Tim Jordan, Network Services Cc: [EMAIL PROTECTED] Subject: [Samba] Re: domain groups accessing samba share On Mon, 13 Oct 2003, Tim Jordan, Network Services wrote: Hey John, I've been working on this most the day. Just can't seem to nail it down! (Yes sir I did read the How To) Winbind is working fine - I can: wbinfo -g wbinfo -u getent passwd getent group Problem is when I try to use a domain group on a Samba share I get a username and password prompt; although, nothing seems to get me in! Please advise #Samba 3.0 running under Gentoo1.4 [global] workgroup = LABOR realm = LABOR.AK server string = Samba3 on ANC-Gentoo1.4 security = ADS password server = passwordserver log file = /usr/local/samba/var/log.%m max log size = 50 socket options = SO_RCVBUF=8192 SO_SNDBUF=8192 os level = 0 preferred master = No local master = No domain master = No dns proxy = No wins server = win_server_ip idmap uid = 1-2 idmap gid = 1-2 template homedir = /home/winnt/%D/%U template shell = /bin/bash [Linux Software] comment = Open Source Software path = /home/tim/Linux Software valid users = @LABOR\domain admins read only = No -- John H Terpstra Email: [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Trying to change password: RAP86: The specified password is invalid.
Good $TIME! ;) I'm having the following problem with Samba 3.0.0 on a Solaris 8 machine. root_s07nfs:/opt/samba3/private/ ls -la total 24 drwxrwxr-x 2 root other 96 Oct 14 10:12 . drwxrwxr-x 9 root other 4096 Oct 9 07:15 .. -rw--- 1 root root8192 Oct 14 10:11 secrets.tdb -rw--- 1 root root 0 Oct 14 10:13 smbpasswd root_s07nfs:/opt/samba3/private/ /opt/samba3/bin/smbpasswd -a vz6tml New SMB password: Retype new SMB password: Added user vz6tml. root_s07nfs:/opt/samba3/private/ ls -la total 32 drwxrwxr-x 2 root other 96 Oct 14 10:12 . drwxrwxr-x 9 root other 4096 Oct 9 07:15 .. -rw--- 1 root root8192 Oct 14 10:11 secrets.tdb -rw--- 1 root root 106 Oct 14 10:13 smbpasswd root_s07nfs:/opt/samba3/private/ cat smbpasswd vz6tml:1100:33BBCC14D194D2DAD3öööF48EE51B785:50C971EB141445781437C06CF1162DBF:[U ]:LCT-3F8BB036: vz6tml_s07nfs:/u/vz6tml/ /opt/samba3/bin/smbpasswd Old SMB password: New SMB password: Retype new SMB password: machine 127.0.0.1 rejected the password change: Error was : RAP86: The specified password is invalid. Failed to change password for vz6tml Uhm, why? The password is correct, I'm sure - after it did not work for the first 10 times, I switched to Copy'n'Paste for the text 10 tries. Always the same error message from smbpasswd :( I also don't quite get, how the smbpasswd binary could write to the smbpasswd file, since the binary just has 775 rights: root_s07nfs:/var/log/ ls -al /opt/samba3/bin/smbpasswd -rwxr-xr-x 1 root other1204900 Oct 1 06:26 /opt/samba3/bin/smbpasswd IOW, it's not suid root. If I set it suid root, I get this error message: vz6tml_s07nfs:/u/vz6tml/ /opt/samba3/bin/smbpasswd smbpasswd must *NOT* be setuid root. Well, what am I doing wrong? Why can't I change the users password when I'm the user? Thanks for your help! root_s07nfs:/var/log/ /opt/samba3/bin/testparm -s Load smb config files from /opt/samba3/lib/smb.conf creating lame upcase table creating lame lowcase table creating default valid table Processing section [homes] NOTE: Service homes is flagged unavailable. Processing section [printers] NOTE: Service printers is flagged unavailable. Processing section [test] Processing section [aaaze] Loaded services file OK. # Global parameters [global] workgroup = EUROPE realm = EUROPE.DELPHIAUTO.NET server string = Samba Server %v on %h interfaces = ge0, lo0 bind interfaces only = Yes pam password change = Yes password level = 1 username level = 1 unix password sync = Yes log level = 3 passdb:5 auth:10 winbind:2 log file = /opt/samba3/logs/log.%m max log size = 128 debug hires timestamp = Yes debug pid = Yes debug uid = Yes load printers = No wins proxy = Yes wins server = 130.171.200.151 ldap ssl = no lock directory = /opt/samba3/locks pid directory = /opt/samba3/locks message command = /usr/bin/mailx -s 'message from %f on %m' root %s; rm %s remote browse sync = 130.171.200.151 NIS homedir = Yes [homes] comment = Home Directories read only = No browseable = No available = No [printers] comment = All Printers path = /usr/spool/samba printable = Yes browseable = No available = No [test] comment = Testshare path = /tmp guest ok = Yes [aaaze] comment = aaaze Directories path = /opt/samba3/shares/aaaze read only = No guest ok = Yes Alexander Skwar -- printk(Illegal format on cdrom. Pester manufacturer.\n); 2.2.16 /usr/src/linux/fs/isofs/inode.c -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE: [Samba] This is frustrating! Need some Help
| This line: | valid users = @wheel matt | Should read | valid users = @wheel, matt Doesn't matter. smbd will accept whitespace or commas as delimiters in this context. cheers, jerry Thanks for the correction...I was always under the (now mistaken)impression that Samba used the , to separate the names or groups. In Samba 2.2.x smb.conf.5.html it shows for valid users: Example: valid users = greg, @pcusers After looking at this further today I noticed that the invalid users example uses whitespace Example: invalid users = root fred admin @wheel Lesson learnedalways thoroughly read the manual! Regards, Mark -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] smbldap_search_suffix: certificate verify failed
Hi :) I'm using samba-3.0 with LDAP as a PDC under FreeBSD-5.1. Note that I compiled samba --with-ldap, not --with-ldapsam. I'm having a strange problem with TLS ldap certificates. If I set the following option in smb.conf: ldap ssl = start_tls, I get errors like this: $ pdbedit -L Failed to issue the StartTLS instruction: Connect error Connection to LDAP Server failed for the 1 try! smbldap_search_suffix: Problem during the LDAP search: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed (Connect error) Failed to issue the StartTLS instruction: Connect error Connection to LDAP Server failed for the 1 try! smbldap_search_suffix: Problem during the LDAP search: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed (Connect error) Failed to issue the StartTLS instruction: Connect error Connection to LDAP Server failed for the 7 try! smbldap_search_suffix: Problem during the LDAP search: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed (Connect error) ldapsam_setsampwent: LDAP search failed: Connect error nss_ldap and pam_ldap both work well using TLS. For your information, here is ma configuration concerning TLS in: slapd.conf -- TLSCertificateFile /usr/local/etc/openldap/ldap.cert TLSCertificateKeyFile /usr/local/etc/openldap/ldap.key TLSCACertificateFile /usr/local/etc/openldap/ca.cert ldap.conf -- BASEdc=domain, dc=com URI ldap://server.domain.com TLS_CACERT /usr/local/etc/openldap/ca.cert smb.conf -- ldap passwd sync = yes passdb backend = ldapsam:ldap://server.domain.com guest ldap machine suffix = ou=Computers,dc=domain,dc=com ldap user suffix = ou=People,dc=domain,dc=com ldap group suffix = ou=Groups,dc=domain,dc=com ldap suffix = dc=domain,dc=com ldap admin dn = cn=Manager,dc=domain,dc=com ldap ssl = start_tls I get no error using ldapsearch, so I really think this is a Samba problem. If I set the option ldap ssl = no, then everything works fine. If you have any idea concerning this issue, I would really appreciate. Thanks. Regards. Antoine -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Can't add machine account with 3.0.0; ldapsam backend (RESENT)
Resending as I'm no closer to a solution and really would appreciate any help that anyone has to offer. Hi, Please cc me on any replies as I'm not subscribed. First, I've seen reference to this problem on the list but no solution, eg.: http://marc.theaimsgroup.com/?l=sambam=106032316504352w=2 Platform is: # uname -a Linux allanon 2.4.21-xfs-aihplc3 #1 SMP Thu Aug 21 15:50:27 BST 2003 i686 unknown Debian woody. Samba is 3.0.0final-1 from Debian unstable complied for woody. Some other non-woody backports such as OpenLDAP, libacl, etc. I was using beta1 previously which didn't have this problem, ie., I could join machines to the domain, both win(NT|2k) and Linux, by providing appropriate credentials without first adding a system account. Config and -D 10 debug output attached. So, adding a machine account from the samba 3.0.0 PDC machine using pdbedit gives: # pdbedit -v -a -m -u tardis ldapsam_modify_entry: Failed to add user dn= uid=tardis$,ou=Machines,dc=amazing-internet,dc=net with: Object class violation object class 'sambaSamAccount' requires attribute 'sambaSID' ldapsam_add_sam_account: failed to modify/add user with uid = tardis$ (dn = uid=tardis$,ou=Machines,dc=amazing-internet,dc=net) Unable to add machine! (does it already exist?) And using net join on a Linux box not in the domain, tardis, gives: # net join -S allanon -U admin -d 3 [2003/10/10 18:53:05, 3] param/loadparm.c:lp_load(3925) lp_load: refreshing parameters [2003/10/10 18:53:05, 3] param/loadparm.c:init_globals(1311) Initialising global parameters [2003/10/10 18:53:06, 3] param/params.c:pm_process(566) params.c:pm_process() - Processing configuration file /etc/samba/smb.conf [2003/10/10 18:53:06, 3] param/loadparm.c:do_section(3428) Processing section [global] [2003/10/10 18:53:06, 2] lib/interface.c:add_interface(79) added interface ip=172.16.1.17 bcast=172.16.1.255 nmask=255.255.255.0 admin password: [2003/10/10 18:53:10, 3] libads/ldap.c:ads_connect(218) Connected to LDAP server 172.16.1.16 [2003/10/10 18:53:10, 1] libads/ldap.c:ads_connect(222) Failed to get ldap server info [2003/10/10 18:53:10, 1] utils/net_ads.c:ads_startup(181) ads_connect: No results returned [2003/10/10 18:53:10, 3] libsmb/cliconnect.c:cli_start_connection(1290) Connecting to host=allanon [2003/10/10 18:53:10, 3] lib/util_sock.c:open_socket_out(690) Connecting to 172.16.1.16 at port 445 [2003/10/10 18:53:10, 3] rpc_client/cli_netlogon.c:cli_nt_setup_creds(283) cli_nt_setup_creds: auth2 challenge failed NT_STATUS_ACCESS_DENIED [2003/10/10 18:53:10, 3] libsmb/trusts_util.c:just_change_the_password(43) just_change_the_password: unable to setup creds (NT_STATUS_ACCESS_DENIED)! [2003/10/10 18:53:10, 1] utils/net_rpc.c:run_rpc_command(152) rpc command function failed! (NT_STATUS_ACCESS_DENIED) [2003/10/10 18:53:10, 3] libsmb/cliconnect.c:cli_start_connection(1290) Connecting to host=allanon [2003/10/10 18:53:10, 3] lib/util_sock.c:open_socket_out(690) Connecting to 172.16.1.16 at port 445 [2003/10/10 18:53:10, 2] libsmb/cliconnect.c:cli_session_setup_spnego(635) Doing spnego session setup (blob length=58) [2003/10/10 18:53:10, 3] libsmb/cliconnect.c:cli_session_setup_spnego(660) got OID=1 3 6 1 4 1 311 2 2 10 [2003/10/10 18:53:10, 3] libsmb/cliconnect.c:cli_session_setup_spnego(667) got principal=NONE [2003/10/10 18:53:10, 3] libsmb/ntlmssp.c:ntlmssp_client_challenge(469) Got challenge flags: [2003/10/10 18:53:10, 3] libsmb/ntlmssp.c:debug_ntlmssp_flags(33) Got NTLMSSP neg_flags=0x20810205 [2003/10/10 18:53:10, 3] libsmb/ntlmssp.c:ntlmssp_client_challenge(518) NTLMSSP: Set final flags: [2003/10/10 18:53:10, 3] libsmb/ntlmssp.c:debug_ntlmssp_flags(33) Got NTLMSSP neg_flags=0x2215 [2003/10/10 18:53:10, 3] rpc_parse/parse_lsa.c:lsa_io_sec_qos(186) lsa_io_sec_qos: length c does not match size 8 Create of workstation account failed Unable to join domain PERN. [2003/10/10 18:53:11, 2] utils/net.c:main(758) return code = 1 net join -d 10 output available directly on request - it's 180Kb. I'm at a loss to explain this. It worked prior to the upgrade. Any ideas? Ronny -- Technical Director Amazing Internet Ltd, London t: +44 20 8607 9535 f: +44 20 8607 9536 w: www.amazinginternet.com allanon:~# pdbedit -v -a -m -u tardis -d 10 pdbedit.txt INFO: Current debug levels: all: True/10 tdb: False/0 printdrivers: False/0 lanman: False/0 smb: False/0 rpc_parse: False/0 rpc_srv: False/0 rpc_cli: False/0 passdb: False/0 sam: False/0 auth: False/0 winbind: False/0 vfs: False/0 idmap: False/0 lp_load: refreshing parameters Initialising global parameters Attempting to register new charset UCS-2LE Registered charset UCS-2LE Attempting to register new charset UTF8 Registered charset UTF8 Attempting to register new charset ASCII Registered charset ASCII Attempting to register new charset 646 Registered charset 646 Attempting to register new charset UCS2-HEX
RE : [Samba] Can't add machine account with 3.0.0; ldapsam backend (RESENT)
# pdbedit -v -a -m -u tardis ldapsam_modify_entry: Failed to add user dn= uid=tardis$,ou=Machines,dc=amazing-internet,dc=net with: Object class violation object class 'sambaSamAccount' requires attribute 'sambaSID' Did you create the machine account in /etc/passwd or in ldap before using pdbedit ? Extract from a python script I've done what am I doing in the ldap before pdbedit -a -m. def cre_ldif_machine(last_uidnumber): Cette fonction crée un fichier d'enregistrement ldap d'un compte machine pour samba sys.stdout = open('/etc/samba/bin/machine.ldif', 'w') print dn: uid=%s,ou=pc,o=test,c=fr % sys.argv[1] print objectclass: account print objectclass: posixaccount print objectclass: shadowaccount print uid:%s % sys.argv[1] print cn: Samba machine %s % sys.argv[1] print uidnumber: %s %last_uidnumber print gidnumber:504 print homedirectory:/dev/null print loginshell:/bin/false sys.stdout.close() Are you sure to have the right object class and attribute ? Jean-Marc -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Joining a domain without using root or administrator
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Date: Mon, 13 Oct 2003 11:00:15 +0200 From: J. Strohschnitter [EMAIL PROTECTED] Subject: [Samba] Joining a domain without using root or administrator To: samba-liste [EMAIL PROTECTED] Message-ID: [EMAIL PROTECTED] Content-Type: text/plain; charset=US-ASCII HI there, is it possible to join a samba 2.2.8 domain with a win2000/xp client without using the local administrator account of windows and the root user of linux ? For win2k/xp, you need: - -to be logged in to the machine as a user with administrative rights to change domain membership (not necessarily Administrator). - -to join the domain as a user with rights to change the machine's trust account password. This means either you must use the root account (and the root smbpasswd, but it can differ from root's unix password of course), or if you are using LDAP you can set it up so that members of the domain admin group can do so using their samba password. Just like adding a the trusted account via console on the linux-machine ? Only with Windows NT4 clients. Regards, Buchan - -- |--Another happy Mandrake Club member--| Buchan MilneMechanical Engineer, Network Manager Cellphone * Work+27 82 472 2231 * +27 21 8828820x202 Stellenbosch Automotive Engineering http://www.cae.co.za GPG Key http://ranger.dnsalias.com/bgmilne.asc 1024D/60D204A7 2919 E232 5610 A038 87B1 72D6 AC92 BA50 60D2 04A7 -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.2 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQE/i8S8rJK6UGDSBKcRAsZeAJ9segT2GXGGc7BqtkMtrydZb880iACfQwJP h15mVOwwfNLnLbutkc4B4hs= =fAgW -END PGP SIGNATURE- * Please click on http://www.cae.co.za/disclaimer.htm to read our e-mail disclaimer or send an e-mail to [EMAIL PROTECTED] for a copy. * -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] password expiring
Hi List! i am using samba 3.0 with ldap. but when my users log on the get an warning that their password will expiring in the nexte days. how do i turn off these password expiring functionality, so that the user never have to change their password? best regards, Thomas Otto -- Thomas Otto Dipl. Wirtsch.-Inf. IT-Administration exedio GmbH Förstereistr. 19 D-01099 Dresden fon +49(0)351 4108-100 fax +49(0)351 4108-199 mob +49(0)177 4209 762 -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Re: security
Alexey Lobanov [EMAIL PROTECTED] ha scritto nel messaggio news:[EMAIL PROTECTED] Hi Erik. :~$ mount . /dev/md0 on /home type ext2 (rw,nosuid,nodev,usrquota,acl) ~$ uname -a Linux woody 2.4.21 #2 Thu Aug 21 17:20:40 MSD 2003 i686 unknown oops woody acl samba? sorry if i put myself in the middle of this but i read somewhere that is were not possible to use acl on ext3 (you actually use ext2 but...) and enable them in samba using a debian distro.. My production server is actually a woody stable with recompiled kernel from kernel.org 2.4.22 and samba 2.2.8a from samba.org. Is you server a production server? is stable? i'm using ann IBM xSeries 235 with raid 5 scsi controller and 3 disks... is it auspicable i can obtain acl works in this context? Thank you for your opinion, Massimo Crisantemo -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Winbind Working!!!
I got winbind working!! For anyone who is interested here is what my smb.conf looks like - [global] workgroup = DOMAIN server string = winbind client log file = /var/log/samba/log.%m max log size = 50 socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 local master = no dns proxy = no idmap uid = 1-2 idmap gid = 1-2 template homedir = /home/%D/%U template shell = /bin/bash winbind seperator = - winbind use default domain = yes I then joined the domain with - net rpc join -S pdc -U administrator%password Then I ran authconfig (I'm using redhat 9.0) to setup PAM for smb authentication. I can now login to my linux machines with my windoze username and password. The only thing I haven't managed to do yet is automatically create the home directories, does anyone know how to do that? I seem to remember reading somewhere that this is also a PAM thing but I can't seem to find that article again. Thanks, Sapan -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: security
Hello. On 14 Oct 2003 at 11:51, Massimo Crisantemo wrote: To: [EMAIL PROTECTED] From: Massimo Crisantemo [EMAIL PROTECTED] Date sent: Tue, 14 Oct 2003 11:51:57 +0200 Subject:[Samba] Re: security :~$ mount . /dev/md0 on /home type ext2 (rw,nosuid,nodev,usrquota,acl) ~$ uname -a Linux woody 2.4.21 #2 Thu Aug 21 17:20:40 MSD 2003 i686 unknown oops woody acl samba? ...with manually compiled samba and kernel. Debian provides acl-utils, libacl and libacl- dev packages. sorry if i put myself in the middle of this but i read somewhere that is were not possible to use acl on ext3 (you actually use ext2 but...) The Linux kernel patch and most of information is got from http://acl.bestbits.at/ and enable them in samba using a debian distro.. My production server is actually a woody stable with recompiled kernel from kernel.org 2.4.22 and samba 2.2.8a from samba.org. Is you server a production server? is stable? Yes, but I have rare but regular problems with locking.tdb. See this maillist and Bugzilla Bug 370. I see no reasons to think that this problem is related to acl; maybe, I am wrong. i'm using ann IBM xSeries 235 with raid 5 scsi controller and 3 disks... is it auspicable i can obtain acl works in this context? Looks like yes. Alexey Thank you for your opinion, Massimo Crisantemo -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Samba 3.0.0-final crashing
Hi, I am running Debian/unstable with Samba-3.0.0-final and a few problems to do with Samba, some minor, some severe. On the system affected these applications are in use: Samba, tomcats, java sdk, several apache 1.3.26, typo3, php 4.3.3 There is a variety of symptoms connected with Samba. Sometimes typo3/php freezes when accessing a samba share. A find . -name s/thing on a samba fs often crashes in a way that samba cannot be restarted without rebooting the entire system. If other applications are involved in this type of crash, they also cannot be removed from the system by kill-signals, which is extremely annoying. I am not sure if this is a bug in Samba-3.0.0-final or a misconfiguration on the linux server or somewhere in the network. Where do I find documentation, that will help me to precisely interpret samba log entries? Any comments are very appreciated. Thanks have a nice day, Rainer Some relevant parts of syslog and log.smbmount: syslog: Oct 13 15:20:20 linux1 kernel: smb_trans2_request: result=-104, setting invalid Oct 13 15:20:20 linux1 kernel: smb_retry: successful, new pid=132, generation=13 Oct 13 15:20:20 linux1 kernel: smb_trans2_request: result=-104, setting invalid Oct 13 15:20:20 linux1 kernel: smb_retry: successful, new pid=135, generation=11 Oct 13 15:20:20 linux1 kernel: smb_trans2_request: result=-104, setting invalid Oct 13 15:20:20 linux1 kernel: smb_retry: successful, new pid=141, generation=11 Oct 13 15:20:20 linux1 kernel: smb_trans2_request: result=-104, setting invalid Oct 13 15:20:20 linux1 kernel: smb_retry: successful, new pid=138, generation=9 ... Oct 13 15:39:12 linux1 kernel: smb_proc_readdir_long: name=\Abrechnung und Planung\*, result=-13, rcls=1, err=5 Oct 13 15:39:12 linux1 kernel: smb_proc_readdir_long: name=\Arbeiten ausgeschiedener Mitarbeiter\*, result=-13, rcls=1, err=5 Oct 13 15:39:12 linux1 kernel: smb_proc_readdir_long: name=\Beschaffung\*, result=-13, rcls=1, err=5 Oct 13 15:39:12 linux1 kernel: smb_proc_readdir_long: name=\EE_Anzeigen\*, result=-13, rcls=1, err=5 Oct 13 15:39:13 linux1 kernel: smb_proc_readdir_long: name=\EE_Personalmanagement\*, result=-13, rcls=1, err=5 Oct 13 15:39:13 linux1 kernel: smb_proc_readdir_long: name=\Investitions- und Betriebsmittel\*, result=-13, rcls=1, err=5 Oct 13 15:39:13 linux1 kernel: smb_proc_readdir_long: name=\KASSENBUCH\*, result=-13, rcls=1, err=5 Oct 13 15:39:13 linux1 kernel: smb_proc_readdir_long: name=\Schriftverkehr\*, result=-13, rcls=1, err=5 Oct 13 15:39:13 linux1 kernel: smb_proc_readdir_long: name=\URLAUBSKARTEI\*, result=-13, rcls=1, err=5 Oct 13 15:39:26 linux1 kernel: Unable to handle kernel paging request at virtual address f800 Oct 13 15:39:26 linux1 kernel: printing eip: Oct 13 15:39:26 linux1 kernel: f89818f7 Oct 13 15:39:26 linux1 kernel: *pde = Oct 13 15:39:26 linux1 kernel: Oops: Oct 13 15:39:26 linux1 kernel: CPU:0 Oct 13 15:39:26 linux1 kernel: EIP: 0010:[nls_iso8859-15:__insmod_nls_iso8859-15_O/lib/modules/2.4.18-686/ke rnel/fs/+-38665/96]Not tai$ Oct 13 15:39:26 linux1 kernel: EFLAGS: 00010282 Oct 13 15:39:26 linux1 kernel: eax: 9abe55b6 ebx: f800 ecx: ff3773fd edx: ebbfaabe Oct 13 15:39:26 linux1 kernel: esi: 213c562a edi: c42e5e34 ebp: c42e5ecc esp: c42e5de4 Oct 13 15:39:26 linux1 kernel: ds: 0018 es: 0018 ss: 0018 Oct 13 15:39:26 linux1 kernel: Process apache (pid: 2048, stackpage=c42e5000) Oct 13 15:39:26 linux1 kernel: Stack: c013bdc0 c42e5e9c f8990284 cfb45620 Oct 13 15:39:26 linux1 kernel:e632b7c0 0004 0190ac5d 0002 cf489000 00b2 Oct 13 15:39:26 linux1 kernel: ffea 0001 00b4 f8980215 e3667ca0 c42e5fb0 c013bdc0 Oct 13 15:39:26 linux1 kernel: Call Trace: [filldir64+0/276] [nls_iso8859-15:__insmod_nls_iso8859-15_O/lib/modules/2.4.18-686/kernel/ fs/+-445$ Oct 13 15:39:26 linux1 kernel:[filldir64+0/276] [nls_iso8859-15:__insmod_nls_iso8859-15_O/lib/modules/2.4.18-686/kernel/ fs/+-40613/96] [f$ Oct 13 15:39:26 linux1 kernel:[filldir64+0/276] [sys_fcntl64+127/136] [system_call+51/56] Oct 13 15:39:26 linux1 kernel: Oct 13 15:39:26 linux1 kernel: Code: 0f b6 03 43 89 c2 c1 e2 04 01 f2 c1 e8 04 01 c2 8d 04 92 8d log.smbmount: [2003/10/14 09:42:47, 0] tdb/tdbutil.c:tdb_log(724) tdb(/var/run/samba/gencache.tdb): tdb_lock failed on list 48 ltype=0 (Bad file descriptor) [2003/10/14 09:42:47, 0] tdb/tdbutil.c:tdb_log(724) tdb(/var/run/samba/gencache.tdb): tdb_lock failed on list 34 ltype=1 (Bad file descriptor) [2003/10/14 10:15:29, 0] tdb/tdbutil.c:tdb_log(724) tdb(/var/run/samba/gencache.tdb): tdb_lock failed on list 34 ltype=0 (Bad file descriptor) [2003/10/14 10:15:29, 0] tdb/tdbutil.c:tdb_log(724) tdb(/var/run/samba/gencache.tdb): tdb_lock failed on list 34 ltype=1 (Bad file descriptor) [2003/10/14 10:15:29, 0] tdb/tdbutil.c:tdb_log(724)
Re: RE : [Samba] password expiring
ok. now i know how to set it to 30 days... is there a limit or a number to set it to unlimited? cu Thomas jean-marc pouchoulon wrote: pdbedit -v -P 'maximum password age' -C 2592000 ( to set Thirty days before expiration , -C in seconds... The first time I set it to 300 seconds thinking in days, my users don't like ... ) To see the expiration's date : pdbedit -v user Yo have Password must change: sam, 08 nov 2003 09:59:03 GMT I think This is set when user is changing his password. Jean-Marc Password must change: sam, 08 nov 2003 09:59:03 GMT -Message d'origine- De : [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] .org] De la part de Thomas Otto Envoyé : mardi 14 octobre 2003 11:45 À : [EMAIL PROTECTED] Objet : [Samba] password expiring Hi List! i am using samba 3.0 with ldap. but when my users log on the get an warning that their password will expiring in the nexte days. how do i turn off these password expiring functionality, so that the user never have to change their password? best regards, Thomas Otto -- Thomas Otto Dipl. Wirtsch.-Inf. IT-Administration exedio GmbH Förstereistr. 19 D-01099 Dresden fon +49(0)351 4108-100 fax +49(0)351 4108-199 mob +49(0)177 4209 762 -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Can't add machine account with 3.0.0;ldapsam backend (RESENT)
jean-marc pouchoulon said the following on 14/10/03 10:40: # pdbedit -v -a -m -u tardis ldapsam_modify_entry: Failed to add user dn= uid=tardis$,ou=Machines,dc=amazing-internet,dc=net with: Object class violation object class 'sambaSamAccount' requires attribute 'sambaSID' Did you create the machine account in /etc/passwd or in ldap before using pdbedit ? No. Using the ldapsam backend with the appropriate config does not require creation of local accounts first AFAIK - they sould be created on the fly as they were with 3.0.0beta1. Are you sure to have the right object class and attribute ? It's all done by Samba... samba LDAP schema is from 3.0.0; schemacheck is on (tested with schemacheck off too). LDAP version is 2.0.27. Regards, Ronny -- Technical Director Amazing Internet Ltd, London t: +44 20 8607 9535 f: +44 20 8607 9536 w: www.amazinginternet.com -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Re: winbindd: krb5_cc_get_principal failed
Check that the time is synchronized between the 2 machines. Axel Suppantschitsch wrote: Well, I've got the three tickets now, but there is still the error in winbindd.log: [2003/10/14 10:34:51, 1] libsmb/clikrb5.c:ads_krb5_mk_req(269) krb5_cc_get_principal failed (No credentials cache found) Cheers, Axel. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE : [Samba] Can't add machine account with 3.0.0; ldapsam backend (RESENT)
they sould be created on the fly as they were with 3.0.0beta1. As I can see, with 3.0 stable this is not done. pdbedit -a -m testonsddd$ -D99 ... ldapsam_modify_entry: Failed to add user dn= uid=testonsddd$,ou=pc,o=g,c=fr with: Object c lass violation But a AddMachine script make it for me without any problem. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] RES: samba Digest, Vol 10, Issue 18
-- Gildevane Aparecido Ferreira Administrador de Rede Depto de Telecomunicações e Redes Gerência de Informática - PUC-Campinas Tel. 0XX 19 3756-7339 / 3756-7337 [EMAIL PROTECTED] - http://www.puc-campinas.edu.br -- -Mensagem original- De: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Em nome de [EMAIL PROTECTED] Enviada em: segunda-feira, 13 de outubro de 2003 19:50 Para: [EMAIL PROTECTED] Assunto: samba Digest, Vol 10, Issue 18 Send samba mailing list submissions to [EMAIL PROTECTED] To subscribe or unsubscribe via the World Wide Web, visit http://lists.samba.org/mailman/listinfo/samba or, via email, send a message with subject or body 'help' to [EMAIL PROTECTED] You can reach the person managing the list at [EMAIL PROTECTED] When replying, please edit your Subject line so it is more specific than Re: Contents of samba digest... -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Problems with netlogon
Hello all, Im having some trouble with netlogon. I created a script called todos.bat that isnt getting executed when the users logon. My configuration is the following: domain logons = yes logon script=todos.bat %U name resolve order = host wins lmhosts bcast wins support = yes dns proxy = yes [NETLOGON] comment = Network Logon Service path = /home/samba/netlogon writable = no force create mode=0644 force directory mode = 0775 Can somebody help me? Best, +- | Luís Miguel Silva | Network Administrator@ ISPGaya.pt | Rua António Rodrigues da Rocha, 291/341 | Sto. Ovídio 4400-025 V. N. de Gaia | Portugal | T: +351 22 3745730/3/5 F: +351 22 3745738 | G: +351 93 6371253 E: [EMAIL PROTECTED] | H: http://lms.ispgaya.pt/ +- Este email foi enviado através do site http://webmail.ispgaya.pt/ Instituto Superior Politécnico Gaya -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: RE : [Samba] Can't add machine account with 3.0.0; ldapsam backend (RESENT)
jean-marc pouchoulon said the following on 14/10/03 12:10: they sould be created on the fly as they were with 3.0.0beta1. As I can see, with 3.0 stable this is not done. pdbedit -a -m testonsddd$ -D99 ... ldapsam_modify_entry: Failed to add user dn= uid=testonsddd$,ou=pc,o=g,c=fr with: Object c lass violation But a AddMachine script make it for me without any problem. So this is a bug with 3.0 stable then? Not requiring an account prior to joining the domain when using LDAP backend is a documented feature AFAICR... can't point to the exact documentation right now though... :-) I don't see anything in bugzilla... I'll see about submitting later when I've more time. Regards, Ronny -- Technical Director Amazing Internet Ltd, London t: +44 20 8607 9535 f: +44 20 8607 9536 w: www.amazinginternet.com -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE: [Samba] winbindd: krb5_cc_get_principal failed
Well, I've got the three tickets now, but there is still the error in winbindd.log: [2003/10/14 10:34:51, 1] libsmb/clikrb5.c:ads_krb5_mk_req(269) krb5_cc_get_principal failed (No credentials cache found) Cheers, Axel. Quoting Gavin Davenport [EMAIL PROTECTED]: It sounds like : make sure you've 'left' the domain (net ads leave) kinit as the domain admin user. klist should list you one ticket. Then net join ads (no parameters) this should use the (cached) Domain Administrator ticket to handle smb logins. you should now have 3 tickets listed in klist. Any help ? -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Axel Suppantschitsch Sent: 13 October 2003 14:31 To: [EMAIL PROTECTED] Subject: [Samba] winbindd: krb5_cc_get_principal failed Hiya, I'm using Fedora Test 2 and Samba 3.0.0-15 packages from Redhat/Fedora rawhide with a Windows 2003 Server. I'm also using MIT Kerberos 1.3.1. Everytime winbindd ist started, it writes following error into /var/log/samba/winbindd.log: [2003/10/13 10:13:40, 1] nsswitch/winbindd.c:main(832) winbindd version 3.0.0-15 started. Copyright The Samba Team 2000-2003 [2003/10/13 10:13:41, 1] nsswitch/winbindd_util.c:add_trusted_domain(149) Added domain SAMBA30 SAMBA30.TEST [2003/10/13 10:13:41, 1] libsmb/clikrb5.c:ads_krb5_mk_req(269) krb5_cc_get_principal failed (No credentials cache found) [2003/10/13 10:13:42, 1] nsswitch/winbindd_util.c:add_trusted_domains(206) scanning trusted domain list How can I get rid of this libsmb/clikrb5.c:ads_krb5_mk_req(269) error? Cheers, Axel. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Machine accounts
Hi, I'm trying to configure a Samba 3.0 as a PDC. I've problems with users on Win2k, probably because of machine accounts. I'm using tdbsam (when it works, I'll try ldapsam). I can add users with pdbedit -a, if users are in /etc/passwd. If an user is not in /etc/passwd, I can't add it with pdbedit or smbpasswd (why?). I've added user root with pdbedit also. But users can't log in to the domain using the root account (says password incorrect). I can't add machines no matter how I try: [EMAIL PROTECTED] bin]# grep pirineus /etc/passwd pirineus:x:1049:1049::/home/pirineus:/bin/bash [EMAIL PROTECTED] bin]# ./pdbedit -a -m pirineus tdb_update_sam: SAM_ACCOUNT (pirineus$) with no RID! Unable to add machine! (does it already exist?) Can someone clarify how do I add machine accounts and user accounts? Do they have to exist already in /etc/passwd? Thanks, -- Dani Pardo, [EMAIL PROTECTED] Enplater S.A -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] SPAM
Hello, I singed up for the [EMAIL PROTECTED] using a one-time email address ([EMAIL PROTECTED]) and now I get virus laden spam messages at that address about every ninety seconds -- thanks. Perhaps you could run your email lists more responsibly in the future. Joe Frisbie -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: RE : RE : [Samba] password expiring
this number is 9 Oct 2003 - pwd must changed immediately. i am searching for the unlimited number in sambapwdmustchange. the sambapwdcanchange is eqal to sambapwdlastset. does anyone know the number for 13 dec 1901 21:45:51 GMT??? cu Thomas jean-marc pouchoulon wrote: I can see in my own ldap : sambapwdcanchange: 1063089564 = Password must change: ven, 13 déc 1901 21:45:51 GMT Try -C 1063089564. -Message d'origine- De : [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] .org] De la part de Thomas Otto Envoyé : mardi 14 octobre 2003 12:23 À : [EMAIL PROTECTED] Objet : Re: RE : [Samba] password expiring ok. now i know how to set it to 30 days... is there a limit or a number to set it to unlimited? cu Thomas jean-marc pouchoulon wrote: pdbedit -v -P 'maximum password age' -C 2592000 ( to set Thirty days before expiration , -C in seconds... The first time I set it to 300 seconds thinking in days, my users don't like ... ) To see the expiration's date : pdbedit -v user Yo have Password must change: sam, 08 nov 2003 09:59:03 GMT I think This is set when user is changing his password. Jean-Marc Password must change: sam, 08 nov 2003 09:59:03 GMT -Message d'origine- De : [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] ba .org] De la part de Thomas Otto Envoyé : mardi 14 octobre 2003 11:45 À : [EMAIL PROTECTED] Objet : [Samba] password expiring Hi List! i am using samba 3.0 with ldap. but when my users log on the get an warning that their password will expiring in the nexte days. how do i turn off these password expiring functionality, so that the user never have to change their password? best regards, Thomas Otto -- Thomas Otto Dipl. Wirtsch.-Inf. IT-Administration exedio GmbH Förstereistr. 19 D-01099 Dresden fon +49(0)351 4108-100 fax +49(0)351 4108-199 mob +49(0)177 4209 762 -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE : [Samba] Machine accounts
Can someone clarify how do I add machine accounts and user accounts? Do they have to exist already in /etc/passwd? Pdbedit is reading your smb.conf and specially the backend you choose. What is your backend in smb.conf ? I think your are using ldapbackend. Machine account must exist in /etc/passwd or on ldap.( as user accounts ) With ldap pdbedit is going to the job , if the ldap record exist ( pdbedit just add samba attribute ), both for users and machine. Smbpasswd continue to work with 3.0 version. Hope this help Jean-Marc -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Re: SPAM
On 14 Oct 2003, J. Frisbie [EMAIL PROTECTED] wrote: Hello, I singed up for the [EMAIL PROTECTED] using a one-time email address ([EMAIL PROTECTED]) and now I get virus laden spam messages at that address about every ninety seconds -- thanks. This kind of complaint is explicitly off topic for the list: http://samba.org/samba/ml-etiquette.html It is also not a security bug. Perhaps you could run your email lists more responsibly in the future. That tone is not helpful. What would you like us to do differently? -- mbp -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Machine accounts
Mensaje citado por Michael Gasch [EMAIL PROTECTED]: a short answer yes, you always need this posix-account - no matter which backend you use i'm using ldap with this structure users in ou=users,... (posix and samba) machines in ou=machines,... (posix and samba) and i'm not able to add samba users with just # /usr/local/samba/bin/pdbedit -a -m machine_name, because there's no posix-account Mmm.. I turned again to LDAP sam, and now I've been able to add machine accounts, but this way: I've made an ldif file taken from an user possixAccount (one entry that does not contain any samba attribute). I've adapted this file with the name of the machine (with the trailing $). Then: # /usr/local/samba/bin/pdbedit -a -m -u machine_name$ So, pdbedit adds the samba attributes, and the ou=Computers stills with no entries (everything goes into ou=People). So I have the same mess in LDAP that I was having with smbpasswd file in samba 2, no? Isn't it too complicated? -- Dani Pardo, [EMAIL PROTECTED] Enplater S.A -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Is there a way to enforce a single login domain wide
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 I.M.H.O you could write a root prexec script for your netlogon share, wich would check for runing smbd with the uid of the connection, and return an error if there is such. And specifying root prexec close = yes on the netlogon share, you could deny them. The danger is that because of blocked clients you would got lots of frustrated clients. Good Luck! Geza Gemes John H Terpstra írta: | On Mon, 13 Oct 2003, Douglas Phillipson wrote: | | |I didn't get any hits on this. Does that mean it's not possible??? |Has anyone enforced a single instance login policy somehow? Is this a |reasonable question to ask? | | | This is not possible. There is no way to do this with MS Windows 200x | server - and there is no way to do this with Samba. | | - John T. | | |DSP | |Douglas Phillipson wrote: | | I would like to enforce a policy for a user being only able to login |once anywhere in the Domain. When you use roaming profiles, the system |gets confused and leaves the local profile on the client PC if the same |user logs in on a second machine while they are still loggewd in on the |first one. This then causes the Samba profile to NOT get updated on |logout. If a user is currently logged on a domain, I need that user to |be refused if they logon to a second machine until they logoff the first |machine. Is this possible with Samba, or would I use some sort of logon |script to query something and force the user off at their second login |attempt? When this problem occurs you have to reboot the machine and |remove the users local profile so it will again use the roaming profile |on the samba DC. Very irritating... | | Thanks | | DSP | | | | -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.2 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQE/i+88/PxuIn+i1pIRAi+fAJ0Yc/e6H8MyKxc0z8s1FnWhLsFVyACgh7vh G3SEihFi0OPiVpUSvBFZZvA= =SjHf -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Settings needed to make Samba work across subnets...Please help
Hi all , I will have a Samba server soon running in PDC mode from within the 172.16.56.* subnet. I want to make sure that clients on other 172.16 subnets, such as 172.16.5.* or 172.16.10.* will be able to access the PDC and hence be able to log on to the domain serviced by the PDC itself. Will remote annonce= 172.16.5.255, 172.16.10.255 in smb.conf be enough or do I really need to configure a local master browser for each subnet? I would like to avoid this if possible and keep it to the PDC only. Many thanks for any help ! -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [OT][Samba] SPAM
Hello. On 14 Oct 2003 at 8:02, J. Frisbie wrote: From: J. Frisbie [EMAIL PROTECTED] To: [EMAIL PROTECTED], [EMAIL PROTECTED] Date sent: Tue, 14 Oct 2003 08:02:44 -0400 Copies to: Subject:[Samba] SPAM Hello, I singed up for the [EMAIL PROTECTED] using a one-time email address ([EMAIL PROTECTED]) and now I get virus laden spam messages at that address about every ninety seconds Yes, too many fair subscribers of this list still use popular inherently insecure mailreaders. I'm afraid, Samba team can do nothing with it. Alexey -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Problem with group/user modification
Hi people! I have a samba-PDC (samba-3.0.0-2) based on LDAP backend (ldapsam_compat). The PDC is working fine, with machines added automatically to the domain, printing with up/downloading of printer drivers in place and correct display of users/groups in the windows properies box. However when I try to change the group membership, I get a strange error: ldapsam_search_one_group: Problem during the LDAP search: LDAP error: (Insufficient access)kanakis opened file test1 read=Yes write=No (numopen=2) [2003/10/14 15:38:34, 2] passdb/pdb_ldap.c:ldapsam_search_one_group(1597) ldapsam_search_one_group: searching for:[((objectClass=sambaGroupMapping)(sambaSID=S-1-5-21-644945029-4113388124-2141 564926-3034))] [2003/10/14 15:38:34, 0] lib/smbldap.c:smbldap_open(799) smbldap_open: cannot access LDAP when not root.. [2003/10/14 15:38:34, 1] lib/smbldap.c:smbldap_retry_open(888) Connection to LDAP Server failed for the 1 try! [2003/10/14 15:38:34, 0] passdb/pdb_ldap.c:ldapsam_search_one_group(1612) ldapsam_search_one_group: Problem during the LDAP search: LDAP error: (Insufficient access)kanakis closed file test1 It is strange because according to the ldap logs, no attempt is beeing made to access objectClass=sambaGroupMapping. (3034 is the RID of user kanakis) The same error appears when I modify file permissions, but samba still sets the new permission set. Has anybody an idea what this smbldap_open: cannot access LDAP when not root.. is all about? Thx in advance! -- Isidoros Kanakis Systems Engineer [EMAIL PROTECTED] Upstream S.A. Athanasaki 3, Ambelokipi, Athens 11526, Greece Tel: +30 210 6985897 Fax: +30 210 6983984 http://www.upstreamsystems.com -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [OT][Samba] SPAM
Yes, too many fair subscribers of this list still use popular inherently insecure mailreaders. I'm afraid, Samba team can do nothing with it. The security of the mailreader has nothing to do with it. I run Eudora, and my corporate installation of Norton AntiVirus catches every one of the incoming Swen mails. However, I'm up to over 200 Swen mails a day, at 55KB/ea., amounting to 11MB of transfer over my 144Kbps symmetrical IDSL line. That's ~11 minutes of additional download time to fetch all of my mail at the end of a long day, not to mention that it fills up my Sprynet account's mailbox. Helpful suggestions (although its too late for those of us already subscribed): Quit forwarding the list onto Usenet, at least with email addresses exposed (what's the real use of this, considering it's not that big of a deal for people to subscribe?) Protect emails anywhere the list is archived/posted I don't have this problem with other lists (this account is subscribed to at least 20), so there's no reason why we should have these problems here, either. Terry -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE: [Samba] higher ascii characaters in smbusers, success!
Space is up front, first character, and I'm not permitted to change it :( These are my current versions. I don't know how to check the version of smbfs, but though it was part of the samba package. # uname -a Linux mcitylinux 2.4.20-8smp #1 SMP Thu Mar 13 17:45:54 EST 2003 i686 i686 i386 GNU/Linux # smbd -V Version 2.2.7a -Original Message- From: Torge Husfeldt [mailto:[EMAIL PROTECTED] Sent: Tuesday, October 14, 2003 05:30 To: Erik Soderquist Subject: Re: [Samba] higher ascii characaters in smbusers, success! Hi, it's me again. Sorry, but i wasn't able to reproduce your other problem. I just changed the machine name of my server to contain a hyphen and changed my fstab accordingly resulting in absolutely no problems. Always be sure to use the latest version of smbfs (comes with the kernel - mine is 2.2.5-SuSE) HTH, Torge On Tue, 14 Oct 2003 11:16:50 +0200, Torge Husfeldt [EMAIL PROTECTED] wrote: OK, i'm working on this one. First of all one remark: You were posting your question in a Samba group. i.e. a group that deals with the questions and problems around the samba server. Please try also to find people or groups that are more concerned with the smbfs questions, because that more specificly matches your request. Second: I just changed the password on my 'server'(just a little win98 notebook that has a share to share) to contain a space and added the space in my credentials file - the mount succeded! Make sure to not put any quotes or backslashes in there and don't put the space up front - as is mentioned in the bugs section of the man page. HTH, Torge On Thu, 9 Oct 2003 15:08:29 -0400, Erik Soderquist [EMAIL PROTECTED] wrote: Since you seem to be good with challenges, would you care to try one? always! The short version is that I can't automount a share on a windows server from samba if the machine name has a hyphen in it or if the password has a space in it. This is from a message I posted previously but got no response to: i seem to be having trouble with certain characters in machine names and passwords. [snip] -- Using M2, Opera's revolutionary e-mail client: http://www.opera.com/m2/ -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] read-only problem in 3.0.0
We have a problem with shares that we would like to keep read-only for some users; it worked with 2.2.8a, but with 3.0.0 there is this odd behaviour: Users with read-only privilege can browse the files, can copy them out of the share (eg to their own hard disks) and open the copies, and can open the files in situ with Notepad; but if they try to open files in the share with Excel, for example, or Access or AutoCad, a dialogue is displayed to the effect that the file can't be found. Users with write access don't have this problem. AFAIK the apps aren't trying to write into the files. The share is set up as follows, on a quad Xeon machine running Linux kernel 2.2.25: - the shared directory and its subdirs are owned by creator, group users, linux permissions 751 (771, 755, 775 have been tried as well out of desperation ;) - The Samba share definition has a valid-users list, which is a superset of a read list (the idea being, users on the read list get read-only access) - the share is not marked read-only (it's been tried both ways) - Linux file permissions are at least 660 (some 664) - all users belong to group users so in principle the other permissions shouldn't manage There is no active directory, no domain controller (association among machines is workgroup based). Details: Samba was configured like this: ./configure --prefix=/usr \ --with-privatedir=/etc/samba/private \ --with-lockdir=/var/lock/samba \ --with-swatdir=/usr/share/samba/swat \ --with-configdir=/etc/samba \ --with-codepagedir=/etc/codepages\ --with-localstatedir=/var\ --with-readline \ --without-pam\ --with-ssl \ --with-sslinc=/usr/include/openssl \ --with-syslog\ --with-quotas One share that gives us the trouble is configured like this: [global] ... log level = 2 log file = /fs/is/samba/%I.log time server = Yes deadtime = 30 keepalive = 0 read size = 8192 socket options = IPTOS_LOWDELAY TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 show add printer wizard = No dns proxy = No ldap ssl = no admin users = ... printer admin = ... create mask = 0774 directory mask = 0775 nt acl support = No posix locking = No strict locking = No wide links = No fake directory create times = Yes ... [ddc] path = /fs/ddc valid users = lots read list = subset of valid users read only = No delete readonly = Yes dos filemode = Yes Can anyone help, please? -- | G r e g L o u i s | gpg key: 0x400B1AA86D9E3E64 | | Consultronics Corporate Manager | available on my website or | | Information Systems Technology | from any keyserver.| | http://www.consultronics.com | http://www.bgl.nu/~glouis| -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] samba 3.0.0 + mysql
I configured the samba to function with mysql, this functioning perfect, but it would like that it nao tied the user of mysql with the usuario of/etc/passwd of linux, exists some skill. thanks, Fernando Athayde From Brazil -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] smb_register_charset error in Samba 3.0.0
Hi all. I upgraded one of my servers to Samba 3.0.0 over the weekend, using the source. Since doing so, I have had a huge number of errors logged on that system that are all related to usage of the smbmont command. Running smbmount (or mount.smbfs) gives the following error: mount.smbfs: error in loading shared libraries: /usr/local/samba/lib/charset/CP850.so: undefined symbol: smb_register_charset Any ideas here? I build Samba using the same options I used to build Samba 2.2.8a, which does not produce the error: ./configure --with-smbmount --with-pam --with-pam_smbpass --with-quotas --with-winbind --with-utmp Any thoughts are appreciated! Note that the server in question is running a Linux 2.2.x kernel, if that has any bearing on the issue. It is an old Redhat 6.0 box that I have kept up to date manually from tarballs, since Redhat stopped producing errata for Redhat 6.x. Thanks! -- Jim Morris([EMAIL PROTECTED]) -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Re: read-only problem in 3.0.0
Greg Louis wrote: open files in the share with Excel, for example, or Access or AutoCad, a dialogue is displayed to the effect that the file can't be found. Users with write access don't have this problem. AFAIK the apps aren't trying to write into the files. They don't write to that file, thats right. But applications like Excel and Word create a temporary file in the same location as the original file. Just try to open a Word document on your local harddrive and while word is running check the content of that folder. If the temp file can't be written the operation fails - for obvious reasons. I know it didn't help much... :) Michael -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Mounting windows shares under linux
I just put the mount commands in the rc.local. Maybe there's a better way? -- Chris Do not reply to this address. The contact page below is a spam limiting device. Apologies for the inconvenience. http://realcomputerguy.com/contact.html -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [OT][Samba] SPAM
yes, i'm spamed heavly because of this list too .. i had to install spamassassin and a email server antiviruss and qmail-scanner, and i still recive alot of trash, think i'm goind to enable email ident too .. This could stop almost everything, anyway , the mail list admins can't do anything, beacuse it isn't related to the server security/filtering :(. And stop using Outlook, get a decent(secure) email client. -- Alexandru Ionica Network Administrator - Facultatea de Matematica si Informatica, Universitatea din Bucuresti. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [OT][Samba] SPAM
This could stop almost everything, anyway , the mail list admins can't do anything, beacuse it isn't related to the server security/filtering Sure they could. If the members' email addresses were only available to the members (rather than being available via Usenet/Google News, public archives, etc.) we wouldn't become spam targets. I agree the list archives need to be public, but it wouldn't be very hard to either convert the email addresses to an image with a random background (much the same as what's being used for verification these days on many sites) or to not show them at all. This being portrayed as the user's fault is bullshit. Having to install software on your server because of a mailing list is *not* an acceptable answer. And, of course, not all of us run our own mail servers, so we don't have the option of installing filtering server-side (Earthlink's spam-killer offering is too restrictive and has given false positives for me.) And stop using Outlook, get a decent(secure) email client. I totally agree... but, even with a decent email client, dialup users will still have to wait 10-15 seconds per infected email for the download to complete. The system is broken, and needs to be fixed. This is *not* an end-user problem... Terry -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Trying to change password: RAP86: The specified password is invalid.
Alexander Skwar wrote: unix password sync = Yes Setting this to No helped. Alexander Skwar -- Signatur vorübergehend deaktiviert. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Re: Help,mix environment browsing
On Tue, 14 Oct 2003, Larry Liu wrote: Thanks, John, for the quick reply. My test environment is like you recommended, only one WINS running on Samba 3.0.0. The interesting part is: on the server subnet, we can see all the win32 and samba clients from other subnets which have at least one samba client on each, but can not see any subnets that have win32 clients only. However, if I go down all those subnets, I can see all the win32 and samba clients that are using this only WINS. Any idea ? What are your Windows clients? 9x/Me or 2KX/XPP? IT makes a difference. For Win9x/Me to be visible across the entire network you must export a share on each. Win 2Kx/XPP should be visible without this hack. - John T. John H Terpstra wrote: On Mon, 13 Oct 2003, Larry Liu wrote: The How-To writes : nmbd can be configured as a WINS server, but it is not necessary to specifically use Samba as your WINS server. MS Windows NT4, Server or Advanced Server 200x can be configured as your WINS server. In a mixed NT/200x server and Samba environment on a Wide Area Network, it is recommended that you use the Microsoft WINS server capabilities. In a Samba-only environment, it is recommended that you use one and only one Samba server as the WINS server. in chapter 10. We found that each of our subnets has to have at least one Samba client pointing to the same Samba WINS server, if we have to make enterprise WINS(running on Samba 3.0.0) working, in a mixed environment as described above, even though all the Win9x,Winnt, Win2k, XP clients point to the same Samba WINS server. Has anyone had the similar experience? Or, any work-around instead of using MS WINS server(s)? You should be able to run with just one Samba WINS server for your whole network. All clients (Samba as well as Windows) must be configured to use that same WINS server. The reason for the recommendation is that MS Windows based WINS servers typically use WINS-WINS replication protocols that Samba does not support. - John T. -- John H Terpstra Email: [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Automount, NIS, and Samba
I'm needing a strategy to accomplish the following: We have AD, with Server for NIS working on the DC. I've got NIS successfully working for login - or at least the client starts to login and then complains about a lack of home dir, which is fine for now. Each AD user has a directory on a fileserver, and I'd like these to be automounted as the home directory. The share path to a user's directory looks more or less like //server/share/gerry. So far, I can think of a couple of strategies for this - one is to mount the share at bootup under some special credential that I create, and then map the home directory at each authentication, but somehow I find that fraught with risk. What I'd rather do is use autofs to mount //server/share/gerry at login time using that user's credentials. After two days, I haven't found any good documentation on how to do this. Can someone point me in the right direction, and are there any gotchas to this approach that I should be aware of? Thanks Mike Ely All replies to group please. --- [This E-mail scanned for viruses by Declude Virus] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Samba] Mounting windows shares under linux
I put into the rc.local: smbmount //server/user /home/user/Documents -o username=user,password=xxx,uid=503,gid=503 (one line) -- Best Regards Thomas J Spuhler Manager International Sales TUSONIX, Inc All Tusonix outgoing e-mail has been scanned for viruses On Mon, 2003-10-13 at 23:22, John Simovic wrote: Has anybody managed to do this automatically (or not) as I am in need of a solution that DOES NOT require the user to enter the command line. Thanks in advance. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Right-management Bug?
Hidiho! I have two small problems and I hope anybody can help me. First a short description, what I want to do: We are moving lots of data from a win2k server to a samba 3.0 server (on a debian woody). The win2k server is the pdc of our network and will not be deactivated. The samba server will only act as a file server - so we installed it on a patched debian with XFS and ACL-support (samba was also compiled with ACL-support). What we did and why we did it : We have a lot of different ACLs for folders. Our first problem was, that there were different ACLs for folders, their subfolders, subsubfolders and so on. We often had the problem that user A shouldn´t read the files in Folder A but should have write-access to subsubfolder C. The situation was a bit tricky because I couldn´t use shares (it would need over 200) so I solved it that way: I created groups that were able to change into the subfolders but were not able to read the files on the way to it. For this purpose I set for this group the Traverse Folder/Execute Files on the whole directory and only granted read- or write-access on specific folders. Example: Directory A: user A: r-x, user B: --- (traverse directory) Subdirectoy A: user A: rwx, user B: --- (traverse directory) Subsubdirectory A: user A: rwx, user B: r-x Subsubdirectory B: user A: rwx, user B: --- (solved by traverse directory) Subdirectory B: user A: r-x, user B: rwx This worked very fine. Now to my first problem: I have to move the directories from win2k to samba. So I started the Total Commander and copied one folder to samba (copy NTFS permissions was activated) On win2k user A had this permissions: Folder A: user A: traverse folder Subfolder A: user A: read files If I copy this from Windows to Samba everything is fine (in 90% of all cases, sometimes not, but I am not able to reproduce it). Now I change the permissions to this directory because user B should have write-access to subfolder A (I use the Windows Explorer to set the permissions in samba): Permissions should be: Folder A: user B: traverse folder Subfolder B: user B: write files Permissions are: Folder A: user B: read files Subfolder B: user B: write files I can reproduce this problem. I open the Properties of Folder A to set List folder contents-permissions on this directory. I change to Advanced to change the permissions in all subfolders and delete the old permissions - and after this all folders and files are readable. :( I found this work-arround: first I set the List folder contents -permission and change it to all subfolders. Now I open the Advanced windows and change the permissions to traverse folder/execute files, read attributes and read permissions (sorry if the names are wrong but I´m working on a german windows and have no english reference at home). This works but now I don´t see a tick at the List folder content in the permission window (I also don´t see this tick after copying the files from windows to samba) :( This is really annoying because I can´t set new permissions without setting permissions twice (and my work time is exploding). Second problem: Does anybody know, how to set this List folder content by a script. I tried to set the permissions by setfacl (because I have a lot of different groups with different ACLs for one folder) but the problem is: I can only set read, write or execute-permissions. If I only set execute to the directories, I can change to every subfolder but I can´t see any file/folder on the way to it (I must know the way to my subfolder). So I asked the people who wrote the ACL-patch for XFS but they only told me: quote Windows doesn't have a permission that gives access to sub-directories but not to files. end of quote (maybe they aren´t familiar with windows permissions). Maybe I use the wrong command - I googled a lot the last few days but there isn´t much documentation about linux and ACLs :( Can anybody help me with my two small problems (I will also appreciate other solutions without List folder contents)? Thanx Phil Wer sich zu wichtig für kleine Aufgaben hält, ist meist zu klein für wichtige Aufgaben. Jacques Tati -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Printing Issues with NT type Clients.
Hi. To begin with, I have a freshly built RedHat Linux 8.0 box running samba 2.2.8a. The kernel version is 2.4.18-14. I downloaded and compiled samba from source. I am using LPRng-3.8.9-6 as my printing system. The attached printer is a Lexmark Z22 printer and it is attached to the parralel port. Problem: For the life of me, I can't get NT type clients, NT4, 2K and XP to print to samba. My smb.conf file is as follows: + [global] workgroup = Popstar netbios name = Paint-Roller server string = Print Server (Samba %v) interfaces = eth0 127.0.0.1 bind interfaces only = Yes encrypt passwords = Yes min passwd length = 0 null passwords = Yes log level = 10 log file = /etc/samba/logs/smblog-%m.txt announce version = 4.0 name resolve order = wins bcast time server = Yes deadtime = 45 socket options = SO_KEEPALIVE TCP_NODELAY SO_SNDBUF=8192 SO_RCVBUF=8192 wins server = 192.168.0.60 hosts allow = 192.168.0.0/24 127.0.0.1 username map = /etc/samba/usernames.cfg preferred master = Yes domain master = Yes local master = Yes printing = lprng print command = lpr -U%u -P%p -r %s lpq command = lpq -U%u -P%p lprm command = lprm -U%u -P%p %j lppause command = lpc -U%u hold %p %j lpresume command = lpc -U%u release%p %j queuepause command = lpq -U%u stop %p queueresume command = lpq -U%u start %p [ipc$] path = /tmp hosts allow = 192.168.0.0/24 127.0.0.1 hosts deny = 0.0.0.0/0 [Lexmark] comment = Lexmark Z22 Color JetPrinter use client driver = yes path = /etc/samba/printers/Lexmark printable = Yes + Windows 9x clients can print flawlessly to the server. It's just a problem with NT type clients. I added the use client driver = yes because it resolved the issue with the access denied error. The printer shows up as ready, but refuses to print anything I send to it. Printing a windows test page results in: Test page failed to print. Would you like to view the print trouble shooter for assistance? Operation could not be completed. The spool directory's permissions look like: drwxrwxrwt2 root root 4096 Oct 14 00:17 Lexmark I have shell access to the server as the user kirby and can print by using the lpr command and I can also write and delete files in the printer's spool directory /etc/samba/printers/Lexmark. I've been playing around with this for quite some time with no success. For troubleshooting, from a windows box, I can do copy c:\boot.ini \\Paint-Roller\Lexmark, and the file prints. I can smbclient //Paint-Roller/Lexmark -U kirby and put a text file in the directory and it would print. However, printing natively from the OS does not work. Before I rebuilt the box this last time my print command was print command = lpr -U%u -P%p %s. If I tried to print, I would get the same unable to print error, but there would be a 0 byte file in the samba spool directory /etc/samba/printers/Lexmark named similar to smbprn.05.rjyCwC. Files from the 9x clients were similarly named and would have a size greater than 0. The NT clients can see the jobs that the 9x clients put in the queue. Can someone please tell me what I am doing wrong? Printing is a big issue here as we would like to migrate out NT print servers to samba. File services have been transferred already. I will include log files in another message because they are fairly big. Thanks in advance. Bob. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Adding uids to unix groups
Can I add the winbind generated uid's or gid's to the unix group to apply permissions on file or directories? I have a windows PDC and the Samba server is a member server. I have winbind working correctly but I'd like to be able to add 'domain+user' or 'uid' given to the user to a unix group. Can this be done or am just talking crazy?? PS I know I can chmod, chown 'domain+user' on file or directories but it might be easier in my situation to add to already established unix groups. -Scott -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Log File 1
[2003/10/14 00:22:40, 6] param/loadparm.c:lp_file_list_changed(2302) lp_file_list_changed() file /etc/samba/smb.conf - /etc/samba/smb.conf last mod_time: Tue Oct 14 00:20:50 2003 [2003/10/14 00:22:40, 2] lib/interface.c:add_interface(81) added interface ip=192.168.0.12 bcast=192.168.0.255 nmask=255.255.255.0 [2003/10/14 00:22:40, 2] lib/interface.c:add_interface(81) added interface ip=127.0.0.1 bcast=127.255.255.255 nmask=255.0.0.0 [2003/10/14 00:22:40, 5] lib/hash.c:hash_table_init(68) Hash size = 521. [2003/10/14 00:22:40, 6] lib/charset.c:codepage_initialise(336) codepage_initialise: client code page = 850 [2003/10/14 00:22:40, 5] lib/charset.c:load_client_codepage(194) load_client_codepage: loading codepage 850. Adding chars 0x85 0xb7 (l-u = True) (u-l = True) Adding chars 0xa0 0xb5 (l-u = True) (u-l = True) Adding chars 0x83 0xb6 (l-u = True) (u-l = True) Adding chars 0xc6 0xc7 (l-u = True) (u-l = True) Adding chars 0x84 0x8e (l-u = True) (u-l = True) Adding chars 0x86 0x8f (l-u = True) (u-l = True) Adding chars 0x91 0x92 (l-u = True) (u-l = True) Adding chars 0x87 0x80 (l-u = True) (u-l = True) Adding chars 0x8a 0xd4 (l-u = True) (u-l = True) Adding chars 0x82 0x90 (l-u = True) (u-l = True) Adding chars 0x88 0xd2 (l-u = True) (u-l = True) Adding chars 0x89 0xd3 (l-u = True) (u-l = True) Adding chars 0x8d 0xde (l-u = True) (u-l = True) Adding chars 0xa1 0xd6 (l-u = True) (u-l = True) Adding chars 0x8c 0xd7 (l-u = True) (u-l = True) Adding chars 0x8b 0xd8 (l-u = True) (u-l = True) Adding chars 0xd0 0xd1 (l-u = True) (u-l = True) Adding chars 0xa4 0xa5 (l-u = True) (u-l = True) Adding chars 0x95 0xe3 (l-u = True) (u-l = True) Adding chars 0xa2 0xe0 (l-u = True) (u-l = True) Adding chars 0x93 0xe2 (l-u = True) (u-l = True) Adding chars 0xe4 0xe5 (l-u = True) (u-l = True) Adding chars 0x94 0x99 (l-u = True) (u-l = True) Adding chars 0x9b 0x9d (l-u = True) (u-l = True) Adding chars 0x97 0xeb (l-u = True) (u-l = True) Adding chars 0xa3 0xe9 (l-u = True) (u-l = True) Adding chars 0x96 0xea (l-u = True) (u-l = True) Adding chars 0x81 0x9a (l-u = True) (u-l = True) Adding chars 0xec 0xed (l-u = True) (u-l = True) Adding chars 0xe7 0xe8 (l-u = True) (u-l = True) Adding chars 0x9c 0x0 (l-u = False) (u-l = False) [2003/10/14 00:22:40, 10] lib/util_unistr.c:load_dos_unicode_map(738) load_dos_unicode_map: 850 [2003/10/14 00:22:40, 5] lib/util_unistr.c:load_unicode_map(599) load_unicode_map: loading unicode map for codepage 850. [2003/10/14 00:22:40, 10] lib/util_unistr.c:load_unix_unicode_map(755) load_unix_unicode_map: ISO8859-1 (init_done=0, override=0) [2003/10/14 00:22:40, 5] lib/util_unistr.c:load_unicode_map(599) load_unicode_map: loading unicode map for codepage ISO8859-1. [2003/10/14 00:22:40, 3] smbd/server.c:main(831) loaded services [2003/10/14 00:22:40, 3] smbd/server.c:main(846) Becoming a daemon. [2003/10/14 00:22:40, 8] lib/util.c:fcntl_lock(1308) fcntl_lock 6 13 0 1 1 [2003/10/14 00:22:40, 8] lib/util.c:fcntl_lock(1346) fcntl_lock: Lock call successful [2003/10/14 00:22:40, 5] smbd/connection.c:claim_connection(156) claiming 0 [2003/10/14 00:22:40, 3] lib/util_sock.c:open_socket_in(813) bind succeeded on port 139 [2003/10/14 00:22:40, 5] lib/util_sock.c:print_socket_options(111) socket option SO_KEEPALIVE = 1 [2003/10/14 00:22:40, 5] lib/util_sock.c:print_socket_options(111) socket option SO_REUSEADDR = 1 [2003/10/14 00:22:40, 5] lib/util_sock.c:print_socket_options(111) socket option SO_BROADCAST = 0 [2003/10/14 00:22:40, 5] lib/util_sock.c:print_socket_options(111) socket option TCP_NODELAY = 0 [2003/10/14 00:22:40, 5] lib/util_sock.c:print_socket_options(111) socket option IPTOS_LOWDELAY = 0 [2003/10/14 00:22:40, 5] lib/util_sock.c:print_socket_options(111) socket option IPTOS_THROUGHPUT = 0 [2003/10/14 00:22:40, 5] lib/util_sock.c:print_socket_options(111) socket option SO_SNDBUF = 16384 [2003/10/14 00:22:40, 5] lib/util_sock.c:print_socket_options(111) socket option SO_RCVBUF = 87380 [2003/10/14 00:22:40, 5] lib/util_sock.c:print_socket_options(111) socket option SO_SNDLOWAT = 1 [2003/10/14 00:22:40, 5] lib/util_sock.c:print_socket_options(111) socket option SO_RCVLOWAT = 1 [2003/10/14 00:22:40, 5] lib/util_sock.c:print_socket_options(111) socket option SO_SNDTIMEO = 0 [2003/10/14 00:22:40, 5] lib/util_sock.c:print_socket_options(111) socket option SO_RCVTIMEO = 0 [2003/10/14 00:22:40, 5] lib/util_sock.c:print_socket_options(111) socket option SO_KEEPALIVE = 1 [2003/10/14 00:22:40, 5] lib/util_sock.c:print_socket_options(111) socket option SO_REUSEADDR = 1 [2003/10/14 00:22:40, 5] lib/util_sock.c:print_socket_options(111) socket option SO_BROADCAST = 0 [2003/10/14 00:22:40, 5] lib/util_sock.c:print_socket_options(111) socket option TCP_NODELAY = 1 [2003/10/14 00:22:40, 5] lib/util_sock.c:print_socket_options(111) socket option IPTOS_LOWDELAY = 0 [2003/10/14
[Samba] IT Week article
An article appeared in IT Week (UK) yesterday, saying how Samba 3 trounced Windows 2003 for file and print serving. Steve -- home steve at gbnet.org NetTek Ltdtel/fax +44-(0)207 483 2455 Email to SMS steve - pager (at) gbnet dot net -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Mounting windows shares under linux
Le 14/10/2003 08:22, « John Simovic » [EMAIL PROTECTED] a écrit : Has anybody managed to do this automatically (or not) as I am in need of a solution that DOES NOT require the user to enter the command line. Thanks in advance. *** On Linux or Windows? In any case you create login scripts (shell or bat) for your users which can be run automatically upon login or by clicking on an icon. You have to make a link on their desktop. -- Cheers, Zoran. Windows software isn't released, it's allowed to escape. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] cant connect....cjk
Le 13/10/2003 12:20, « C J K » [EMAIL PROTECTED] a écrit : Dear all, i have a linux RH8 with samba program running on it. i am trying to setup Samba from webmin program. My question is that should i create a SAMBA user? *** Yes you should. And if yes when i see the linux HDD from a windows 2000 computer it asks me a username and password. Do i put the samba user? the linux user? or the windows 2000 username? *** The samba user. -- Cheers, Zoran. Windows software isn't released, it's allowed to escape. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE: [Samba] RE: SPAM
(Paring the CC list a bit.) -Original Message- From: J. Frisbie [mailto:[EMAIL PROTECTED] Do not send messages to the list with machine parseable return addresess. Make the reply to address the mailing list, not the person who sent the message. This is a bad idea. See: http://www.unicom.com/pw/reply-to-harmful.html -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Guest users when security=ads
Is it possible to have the samba shares accessible to anyone when ADS security is used? Currently all domain users are working great! Even if your not joined to the domain, but your login in windows matches a domain login, you will still pull up the root shares (although access is restricted). If a pc pulls up samba with an unknown username/password, they are prompted to enter one... how could I make the shares visible to all? as there is a share that is public which is not a security problem... Thanks allot for the input! Brian Woodley -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [OT][Samba] SPAM
I do not understand wahat you are saying: swen viruses i receive are of three flavours, mstly being 156 kB in size neve seen a 55kB one .. anyway i got about 180 each day and i am very unhappy. About showing in the lists: I use three addresses for lists, but oddly enough i receive about 180/day on one address, but only one each other day on the other two ... I jist set my reader to leave in my [120 MB] box the messages above 140 kB. This way I esclude most of the viruses, oince everuy thrre days i just browse the list and grab the one [or none] that is OK ... incidentallym ost of oversized messages even if not viral are usually worth the trascan Il 14 Oct 2003 alle 7:56 tvsjr immise in rete The security of the mailreader has nothing to do with it. I run Eudora, and my corporate installation of Norton AntiVirus catches every one of the incoming Swen mails. However, I'm up to over 200 Swen mails a day, at 55KB/ea., amounting to 11MB of transfer over my 144Kbps symmetrical IDSL line. That's ~11 minutes of additional download time to fetch all of my mail at the end of a long day, not to mention that it fills up my Sprynet account's mailbox. Helpful suggestions (although its too late for those of us already subscribed): Quit forwarding the list onto Usenet, at least with email addresses exposed (what's the real use of this, considering it's not that big of a deal for people to subscribe?) Protect emails anywhere the list is archived/posted I don't have this problem with other lists (this account is subscribed to at least 20), so there's no reason why we should have these problems here, either. -- Leonardo Boselli Nucleo Informatico e Telematico del Dipartimento Ingegneria Civile Universita` di Firenze , V. S. Marta 3 - I-50139 Firenze tel +39 0554796431 cell +39 3488605348 fax +39 055495333 http://www.dicea.unifi.it/~leo -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Domain administrator
Hi, I'm still fighting to implement a domain in our network. Now I'd like to have a user (say root) that has Administrative privileges on all Win2k/XP machienes (to install programs for example). Is that possible? Also, what does the sambaAcctFlags (account flags) mean? Does it have a relation? How do you people organize all this? -- Dani Pardo, [EMAIL PROTECTED] Enplater S.A -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] RE: SPAM
I have to agree with the others on the need for the mailing list to do something. I just posted to the Samba list for the first time in a couple of months, and since doing so, have gotten 3 or 4 dozen of these virus emails. And I run server based email filters - these are the ones that are getting through the filters! The viruses don't infect me, as I only read mail from Linux or Mac OS X, but they are clogging my inbox. The point is - I posted one question to this mailing list today, and in the 4 or 5 hours since, have averaged 10+ virus emails an hour. I am not sure what can be done though. The mails don't even have me as the To: address - instead I think they are getting BCC'ed to me by whoever on this list is infected. I would gladly forgo direct replies from this list, and have replies posted only to the list address, if it would eliminate the problem. In other words, the list would almost have to run with anonymous postings or something, for that to work. Obviously you would have to be a subscriber to post, but the emails would be stripped by the mailing list manager. -- Jim Morris([EMAIL PROTECTED]) -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE: [Samba] RE: SPAM
-Original Message- From: Jim Morris [mailto:[EMAIL PROTECTED] I have to agree with the others on the need for the mailing list to do something. I suspect the main culprit is the USENET gateway. Any post to USENET with a valid email address seems to immediately attract lots of virus traffic. Maybe it's time to eliminate the USENET gateway. If USENET wasn't dead before, it effectively is now, since posting to it results in an almost immediate mailbox DoS. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] smb_register_charset error in Samba 3.0.0
Hi Jim, On Tue, Oct 14, 2003 at 09:31:59AM -0500, Jim Morris wrote about '[Samba] smb_register_charset error in Samba 3.0.0': I upgraded one of my servers to Samba 3.0.0 over the weekend, using the source. Since doing so, I have had a huge number of errors logged on that system that are all related to usage of the smbmont command. Running smbmount (or mount.smbfs) gives the following error: mount.smbfs: error in loading shared libraries: /usr/local/samba/lib/charset/CP850.so: undefined symbol: smb_register_charset Any ideas here? I build Samba using the same options I used to build Samba 2.2.8a, which does not produce the error: ./configure --with-smbmount --with-pam --with-pam_smbpass --with-quotas --with-winbind --with-utmp Any thoughts are appreciated! Note that the server in question is running a Linux 2.2.x kernel, if that has any bearing on the issue. It is an old Redhat 6.0 box that I have kept up to date manually from tarballs, since Redhat stopped producing errata for Redhat 6.x. This may be a bug from our side, though it should always work if you have libiconv installed. Did configure detect libiconv and its headers? Jelmer -- Jelmer Vernooij [EMAIL PROTECTED] - http://jelmer.vernstok.nl/ -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Download Samba 2.2.8a
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Guess Logi wrote: | | Does anyone know where can I get Samba 2.2.8a? See http://samba.org/samba.ftp/old-versions/ | Is it okay to have Samba 2.2.8a on PDC and Samba 3.0 on BDC? | Both servers should have to have exact same Samba version.? They don't have to be the same version. But if you are using an LDAP backend, you will need to use ldapsam_compat on the 3.0 server. cheers, jerry ~ -- ~ Hewlett-Packard- http://www.hp.com ~ SAMBA Team -- http://www.samba.org ~ GnuPG Key http://www.plainjoe.org/gpg_public.asc ~ You can never go home again, Oatman, but I guess you can shop there. ~--John Cusack - Grosse Point Blank (1997) -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.1 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQE/jFTLIR7qMdg1EfYRAgdUAJ9pe1MFJ2B8UXAkMNKxsa5QjYSI6ACgjMzJ mRJKPbXtsgleYA98CHTAj2o= =qiMF -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] LDAP+SASL+GSSAPI(Kerberos)
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Gémes Géza wrote: | Gémes Géza írta: | | Hi all, | | I have an LDAP based PDC. I'm planing to move to SASL-GSSAPI | authentication for LDAP. Is it possible with samba? How?, with nss+pam? Samba 3.09 doesn't support SASL for the ldapsam[_compat] passdb backends. Sorry. cheers, jerry ~ -- ~ Hewlett-Packard- http://www.hp.com ~ SAMBA Team -- http://www.samba.org ~ GnuPG Key http://www.plainjoe.org/gpg_public.asc ~ You can never go home again, Oatman, but I guess you can shop there. ~--John Cusack - Grosse Point Blank (1997) -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.1 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQE/jFWrIR7qMdg1EfYRAq4FAKDAndHx3MZrvd7X3H6iCoXiloqV4ACgrgg8 ysxl8d4QwZhYCgd/Mr2pL04= =yv2q -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Will winbind work with Samba PDC?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Alexandr Pushkin wrote: | Hi! | I've got FreeBSD+Samba 3 on it. Will winbind work with Samba PDC? Yes. It does here. cheers, jerry ~ -- ~ Hewlett-Packard- http://www.hp.com ~ SAMBA Team -- http://www.samba.org ~ GnuPG Key http://www.plainjoe.org/gpg_public.asc ~ You can never go home again, Oatman, but I guess you can shop there. ~--John Cusack - Grosse Point Blank (1997) -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.1 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQE/jFX5IR7qMdg1EfYRAu30AKDSTUBxZCkN2Vq2zp9leqo0lvNNRACgv7xB rWBCzdkypMto+sitJnNvFNI= =pD5l -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: RE : RE : [Samba] Winbind ldap samba 3 BDC getent passwd
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 jean-marc pouchoulon wrote: | What is the role of winbindd_privileged/pipe ? To prevent non-root users from accessing certain winbindd functions. | I have a few problem with redhat 9 , unlinked with samba | does winbind work on other site with RH 9 ? Yes. Works here. cheers, jerry ~ -- ~ Hewlett-Packard- http://www.hp.com ~ SAMBA Team -- http://www.samba.org ~ GnuPG Key http://www.plainjoe.org/gpg_public.asc ~ You can never go home again, Oatman, but I guess you can shop there. ~--John Cusack - Grosse Point Blank (1997) -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.1 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQE/jFZyIR7qMdg1EfYRAi3nAKDkGsZQ1wE/vXMG7CN5DX3kBhj3cgCfStmq gL9QLoDAIbHlPPVYPDcPZmI= =GqFC -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Rejoin Domain with Workstation ?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Michael Gasch wrote: | hey there | | i have a simple question | | after dumping the SAM into LDAP (net rpc vampire), switching off the old | NT PDC an introducing Samba 3.0 Final as the new BDC: | | - do i have to rejoin the domain with each workstation? | or should any access by machines be possible at all, because | machine$-accounts were also stored in LDAP by dumping the SAM? You should not have to rejoin the domain. cheers, jerry ~ -- ~ Hewlett-Packard- http://www.hp.com ~ SAMBA Team -- http://www.samba.org ~ GnuPG Key http://www.plainjoe.org/gpg_public.asc ~ You can never go home again, Oatman, but I guess you can shop there. ~--John Cusack - Grosse Point Blank (1997) -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.1 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQE/jFaSIR7qMdg1EfYRAvXgAJ4ghAbMwJ01eHXo0kUMa0gx8Bm5fgCgmpj3 r/8Ev+e+8jY7/f7P7OSqs+A= =1zqz -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Re: Printing Issues with NT type Clients.
I have attached the 2nd log file. I have zipped it because of the size. Bob. begin 666 smblog-sunstar.zip [EMAIL PROTECTED](`-D3B]([EMAIL PROTECTED]EH`0`2VUB;]G+7-U;G-T87(N M='AT[#UI]O*D9\WOZ+K;:[EMAIL PROTECTED]RPN22K/%1\JV=F\+5N%0!((2(! [EMAIL PROTECTED]2O[W[=[!N!E4CP`VN\P2Z:!`=3=T]/[EMAIL PROTECTED],[EMAIL PROTECTED]E$TY2G M8-_.)@$H_-AO3P:F2$S'8[\?#R!_6Z']T$RB'H-(9DX^0/ [EMAIL PROTECTED] M/,K#\RP8W07GVC.-.D#V_KFV89#E,$I[?AZ/HB:\GT;P-LRA((\U+09$ M,H+^PX[EMAIL PROTECTED]@NB(\3A,D/AP\[EMAIL PROTECTED][A)-!Y^ M1DCJ?S\;1V$#!,ZGZQ$AT-O#SS^.HQ9YKN[ZPV0XTFV,CF87QW/LWC MH9^EX0.?YS$:1NHKQA9@+[5Q6J' I/\/7PLG-(S WP.7L2\3*.CY MR!E_6#_-Z?1/ETDO@/430.AOGJ%9'B$;I#DQ$/1KD/:!2[F9?L7K\20- MHRQ#+,45(6JXIE4'%;,(B V W(7P*+/#2M3; [EMAIL PROTECTED]/PF2+% 2`KP` M2E1SZ6P6CY(S#*[3Q]]'/F!2M6?R_48OZX0Y6^$TN(XG82#E$ZRIOH M?G8=32:SZ_YPT!+F_$:T+YN2YKAIX`I''O1GL,5[;EG\XGZZ\PTN\[] MQS!OL3TQC.,=V'8\MP=1 M_OS=C?UD XLTP%X0-C^ [EMAIL PROTECTED]/?E#CWPR M:[EMAIL PROTECTED]@3 OZ0^0==78.(#X[H-;[KO_P9O;_X[EMAIL PROTECTED] MP!S,#N1'$07)$,H0)29;?6L2X_U!;X!-Q[EMAIL PROTECTED],`./5Q9O7%V_XX00(?6 [EMAIL PROTECTED];!+OP'' 4:RQ;74KZ!H0M_W..E!^IA!/YW X01(XH!3P+8O MP7;4!=Y:``XKL$NIJ.1@\6:OZ63A\$DG(X`VGPP#B`%/+`'Z4_(?^ 2 [EMAIL PROTECTED](X%OXU-\3/],!0HW X`1:^4HRM*'I9(.PR2+)9;N4#U:\`1=O MA,$-XPV\AU[EMAIL PROTECTED],#5W0O]_D(`W;6A]ECG(?W?J%;[:K59AJG6G=Z\O MDVB OY1#`]4'[EMAIL PROTECTED]%*ICV)23_5FP9HL%-@)W [EMAIL PROTECTED]@Y_TGJUU4:C_B);K]P//T_]29KF_C2+)@W!'67NOWS4A1]!-)\ MB!HQ#\JK+;TJN##S(K[AC251W 3_7,:97G4`VI-PW0('PJ-5JD0D'UH^H M4#A'@4T:I50HY00OYOQJ(G,!-'XQ).T/ ?E-.^(V$_YI=[%\S[=LU13* M$WP7#3%26!S3^9!NT4(;(4M)D$OUB?,HFI9A_N5Z.I6RNYM!?]2O[5?4J^ MKU?MVB7*3X^?/K#;EH4X\DZJ02W[;0HV:20$G!9#5HXK8E+)M@:[EMAIL PROTECTED])( M!,FP3*KPC)O504)%X-D'7;[EMAIL PROTECTED](CUV?6QR4 R8[;H$KU7A;MK0D5 /C M(;^E8ZK!N_*J$H7^84L(AX!U*Q+4=RE[EMAIL PROTECTED] M/:Y`./FBK+*31(-9BLY:TM/5 2'LL^YT/-([EMAIL PROTECTED],-/3`[$WL.4`F]O5 M`FP*7BQP.G#%H'-%H5S7`^:!KNO5@M*[!,C24BK[O\9AC0,N'Y[_[] MQ8U1;Y++]6K.B' (LWEE\GS^5YQ\MSA4Y=2ZQD.=ZUAS^5YRPZ)K);G MXJXIO:_BDYC=1?=$EG5+%[EMAIL PROTECTED]@E?V2KAM:W-DF96=DPLIMVE MREY)'X$ZF5/*WG9MBO[)750A#Z)=MQ(N55T1^H!Y-73,?)$:H#LBVX([EMAIL PROTECTED] ML[H+AA)*R:4L6HVU'8`9]C5);@V6)4!L3):U\!,!/LMGIF40Z;V=!F*G[ MZ!C!Q:D8 P[1MLPA63U!VP70[X%V0^;8E7+K 78#+S+%QW * ?MN/# M\[!+C]NV$8(1IQX\(PWIT81K4D-4?G`0/P[B0T$8,R! /.A?(`0LN397 MO@)^0:Q ^MK(`/X3Z3@)1) ZI.%0(H2V4F7'I@.2GX*HT$AYT;G[^) M8E.Y,8]QXCT9G1OH7KQ^=?F4S%)O9B:7\S,4^Y6LN)'J(2UY$0EE DUREO@ M(^Y52U)+B[KU)1EECGZ%# L]/$.3`)DFP:J6I)X7*G9-5=/(UY^FSO R0V=M M_//O/%.]4KDNV('2__NZC/!UTE$0)ZT/G9MB'MPO ER='#?OFO-DKZE MB(W],-70?(Z2%9L+8GGK?0Y#'-\7($FTDPBEH?U%S]+294S6)FX2A33Y'R M43#VRUN,7DR5DPR#)$1+!\`OK5(4=F.TZ0_V#:+Y[CHTH\3Q8BJ1=++8U M41JC\*'$K%4FQ G00X ?U/T/\$,I!A;_HKO+;987[0\K;:\[JZV_'RM6P[M MBVV]1?BO1_03! X^%/'(US#NB4\HP55)1MP2.W2(.M`N;7P7@]19' M)$_A(9[?7Z_'09;V[\W'OCL)[EMAIL PROTECTED]'*1H_(@X2.-65E?8F3LE@ [EMAIL PROTECTED],0*U#\:[EMAIL PROTECTED]*#;2NU]\0`9F5._ATU(QY2_M7I.9[$ MGX(\.I\AV*Q[-Y!#75PDQI2*PRO-3=Q/]@?Q6P=?)9E+4,ANG)**!IQ M3?ET9R,=4=);[EMAIL PROTECTED],,[EMAIL PROTECTED]/4:HX[A=]VUP]]/ITEOM]$O M5%HVOOR.)_F),;!-$]'()LZ^03CONJI+(3RGJ,MW41!JQ?V3=#B,)M\ MMG8XIZ2M%(*H;CUTX620]EIN;TYUWH?V.R)!U;_(+GL+K6JQHN8:4 MOHE0/,,(;7*O0L\\[_FO7D/KSOFK'.'8[(87XMI!8'6UY!-PS*AN[YJRW M_33L[EMAIL PROTECTED]H2T6GWEQX@]/IL)?\1X[S!\7[N7J%=$]BF;VK1[EMAIL PROTECTED] MK$DT0-N%5NP3JC(,MY4R6IL0H,TWE]G6B.%49HYD#@*KB+78X7F\=7A3V M- RH,DOWZIO#MN_=.O'T^Q^YM+3YFI3;MTS?7^O1\QKMTRMPM-!4X]I MBN5A:\VRELJ#] 6=L9QTF- !^.)U,R/+HQ1X-[HC/JX\*=R=./OD$/9 MN,D8KL4W3LSGIE2LV_=$#8]0UZ-1-N+1/X39%AD+M:),^;VDR?-00:,` MX]T9/[/.!#^S'9,)TW7.!..68ZTNF26=([EMAIL PROTECTED]78$[NA'[EMAIL PROTECTED];T M@/Z-8LG$0X9WUD:9X^1 EZ-F;I*H-J`:2EEKY_%1'Z3D_8T?JTW' \FUS MJ-FEWI:EW[R3,6C4L81D6VXWP;O#5)L/,5HAC=B+^L%TF,E'0?S!@ M4X64%)4NNL#_=E,;L(T/9.B0_.]1JA]C!]8/TEBO+1L$3*CPTY51I4\5% MJN9LZ\8L9X8^(@:DF?#TUGO-C419)TQVRPBY?]K.5_PZRG[D+6PL_)G[ MHEVM^PE+K0VXNCJI!(GJ?IY:%]!VJD$2MRV]T*,:%J)I(I0^X)9KK (YQF# MMLN``966_TPE3W*(]OF0B4Z[\;QK? 6WP/CX\?KBY85)S=O'WUJGOS M\0`[EMAIL PROTECTED]'8AJ*!_*J^G^6Y/Q?GG=_J/QXL4+/'V'FZ[IKBSM)W)+= M-K]:=MO\BMEMQYC+BM4XDBA2Z5.FOXYS5'_4VRD5U\H,\6*0CF=[$Z-/7 MMPW)3$W[O$V'(X_D3WOX+9K,(.=HW!PX=EP4\1?*9*;NV?DS+NHSJ/4: MF67428J!79:KA]YIG2CZ3E7.G_N$GFQ+/8M$A$BT$/-=]?I. QKRS M?*-J'/K,/*,[EMAIL PROTECTED]ENPD6[W;U^W^TTX5,P MC'LJJ2?)'V ($/V)FJA(44=-2U)QL\[B+.%SE;!^BQ1V'4G=XI1E#S?M@ [EMAIL PROTECTED]/!3$GZ!$?V.V_M;[EMAIL PROTECTED]XR#_)YY3P?C7/76O/+YC' MSR^8W_,+O[;\PF%[G.-Q^,M7=!2UH_(`%8SR53YZS'P8X[1J6]NC4Q4+ M*I- 6E,]KS6-\2Q)@QE)MBX=K9 TJ$32]]3]]3!J]S,@Z+$M-Y-OGDX[_L [EMAIL PROTECTED];_\A;]8FXVWM1%JIR$4W4'0(5A#5SX-K MH2+Q($JB21RBAR:UREYJ/6G2BHQRB=D#Z#V7J@/I5W8$\Z3/O[T]TMKWUE MEYQO,]V-QR;H=H51?2IZC::7H@,-Y!TM55V/T;=?AWX\0.^]TPR MGOVMW;%]M9V10D-$8,ZNR9-MQ,YCEQ+3C#,TEHF5UT;)[O-?;[EMAIL PROTECTED]@3 M)'/6XKAH=X$UBU7]*/MT3 [EMAIL PROTECTED]'=RPY%US4$Y6*7'IJGD+A.J#R)* MF+9 ;,_)/$NDL-8S0D_2AL!8?!(D.^W)3 ^]0D^?OMT'HI?:+8%XK3+[$M MQCAK2[EMAIL PROTECTED],[EMAIL PROTECTED]Z`Z4_BW*E=DS^:+S M+GK)VW)KF6W1'[EMAIL PROTECTED](ZB=]9 YF2GNE3+9KOSR;)K0@:7A
Re: [Samba] RE: SPAM
On Tuesday, October 14, 2003, at 02:39 PM, David Brodbeck wrote: I suspect the main culprit is the USENET gateway. Any post to USENET with a valid email address seems to immediately attract lots of virus traffic. Maybe it's time to eliminate the USENET gateway. If USENET wasn't dead before, it effectively is now, since posting to it results in an almost immediate mailbox DoS. I agree. Usenet these days is the domain of spammers and Warez postings. Ten years ago I used to spend hours a day on Linux and Samba (comp.os.protocols.smb) newsgroups, reading and replying to messages. That was back when there were maybe a couple of thousand newsgroups total. As the web grew, my use of Usenet has decreased, and I have not actively bothered to even setup a newsgroup reader in a couple of years. If I cannot find it in mailing list archives or a google search, I am usually not going to waste time in Usenet - with 30,000 or more groups on most Usenet servers today! I vote to kill the mailing list - Usenet gateway, if that is what is causing these virus email attacks on subscribers. If I wanted to use Usenet, I would go read comp.os.protocols.smb or whatever, directly! -- Jim Morris([EMAIL PROTECTED]) -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba 3.0.0: force user not working
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 [EMAIL PROTECTED] wrote: | Hi, | | a few days ago I upgraded to Samba 3.0.0. | The upgrade worked flawlessly. | I just wonder why the force user setting does no longer work like it | should.. | This is an excerpt from my smb.conf-file: | | [200a3i] | path = /home/www_200a3i/public_html | valid users = peter, niklas | admin users = peter | force user = www_200a3i | force group = www | | Usually one expects that these settings make samba use the user | www_200a3i from /etc/passwd to create files / folders. But it doesn't, | it uses root instead. However, the force group settings works just fine. If you connect as peter, I would expect the admin user option to take precendence. If you connect as niklas, then I would expect the 'force user' parameter to take effect. Is this not what you are seeing? If not, then tell me how the current behavior differs from 2.2. cheers, jerry ~ -- ~ Hewlett-Packard- http://www.hp.com ~ SAMBA Team -- http://www.samba.org ~ GnuPG Key http://www.plainjoe.org/gpg_public.asc ~ You can never go home again, Oatman, but I guess you can shop there. ~--John Cusack - Grosse Point Blank (1997) -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.1 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQE/jFiSIR7qMdg1EfYRApTaAJoCXuCvdjuEZztEs4yNmAxYm1HXHgCg5GrS Vr/gA3YQMLsVc9PgCO4M7o8= =9vKo -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] IT Week article
On Tue, Oct 14, 2003 at 04:03:33PM +0100, Steve Kennedy wrote: An article appeared in IT Week (UK) yesterday, saying how Samba 3 trounced Windows 2003 for file and print serving. Yeah, interesting article. I'd like to see the Netbench specifics statement though. Jeremy. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] RE: SPAM
On Tue, Oct 14, 2003 at 02:27:10PM -0500, Jim Morris wrote: If people want to hide their return e-mail address to avoid this problem, they are free to do so. Just create something creative for your From:. Most decent e-mail clients will allow you to either change From: on an individual message *or* create different mail personalities. This is sensibly left to the user's choice. I can understand people getting frustrated at this cursed Swen virus and its effects to people who post on this list. But to keep things in perspective, it has only been a few weeks, and it should not be much longer before the virus starts dying down and becomes only a rarely seen bad memory. (Until the next outbreak, of course. All the more reason to not let your friends use Outlook.) Personally, I rather receive replies to my posts directly, and am happy with the configuration of the list. Even though my e-mail address has been made public through this list for a long time, Spam (in the form of UCE) has been light. This Swen virus has kept my inbox more active, but should be a temporary inconvenience. I have to agree with the others on the need for the mailing list to do something. I just posted to the Samba list for the first time in a couple of months, and since doing so, have gotten 3 or 4 dozen of these virus emails. And I run server based email filters - these are the ones that are getting through the filters! The viruses don't infect me, as I only read mail from Linux or Mac OS X, but they are clogging my inbox. The point is - I posted one question to this mailing list today, and in the 4 or 5 hours since, have averaged 10+ virus emails an hour. I am not sure what can be done though. The mails don't even have me as the To: address - instead I think they are getting BCC'ed to me by whoever on this list is infected. I would gladly forgo direct replies from this list, and have replies posted only to the list address, if it would eliminate the problem. In other words, the list would almost have to run with anonymous postings or something, for that to work. Obviously you would have to be a subscriber to post, but the emails would be stripped by the mailing list manager. -- Jim Morris([EMAIL PROTECTED]) -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] RE: SPAM
On Tuesday 14 October 2003 16:10, Jim Morris wrote: I vote to kill the mailing list - Usenet gateway, if that is what is causing these virus email attacks on subscribers. If I wanted to use Usenet, I would go read comp.os.protocols.smb or whatever, directly! I disagree. A Usenet search via Google Groups (used to be Deja News) is undoubtedly my most used and most useful troubleshooting and reference tool. In one step I can search for needed information without the need to know the name of the group that may contain the answer or answers. To remove the Samba list from such a search would, IMO, be a gross error. It may not be ideal but today I have taken the steps outlined in my sig. Although I have little doubt I will eventually need to change my email address as well. -- Chris Do not reply to the email address. Please use the contact page below for any desired direct replies. Apologies for the inconvenience. realcomputerguy dot com slash contact dot html -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] domain admin group equiv. with 3.0?
I was previously using 2.2.8 and had 'domain admin group = @smbadmin' set making anybody in the smbadmin group an administrator. However, with samba-3.0 that went away. So, I set 'admin users = @smbadmin name1 name2...' but it doesn't give my users administrative privilege. The logs seem to indicate that the account has administrative privileges but they do not. log.smbd shows this: [2003/10/14 13:33:46, 0] smbd/service.c:set_admin_user(314) name1 logged in as admin user (root privileges) BUG?: man samba mentions smbgroupedit, but this does not exist on my system, nor does the manpage in question? Is there particular option that configure has to be passed in order for it to show up? smbgroupedit(8) The smbgroupedit tool allows for mapping unix groups to NT Builtin, Domain, or Local groups. Also it allows setting priviledges for that group, such as saAddUser, etc. I presume this is the tool I need, but couldn't seem to find more than a cursory mention of it anywhere. Thanks for the help. --Kaleb PS: I'm not on the list (although I will try to watch it for the next few days), so please CC me - thanks. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] SPAM
J. Frisbie wrote: Hello, I singed up for the [EMAIL PROTECTED] using a one-time email address ([EMAIL PROTECTED]) and now I get virus laden spam messages at that address about every ninety seconds -- thanks. ... The most effective step to reduce this is to restrict posting to subscribed list members. Some consider such restrictions to be a form of censorship. I cannot see the rationale for this. Subscribing is easy, fast and open. Anyone with something to say to the list can do so in a matter of minutes. Getting off the list is just as easy. Nobody is censored except the spam-fountains whose target lists happen to include the posting address of this list. Of course, this does not prevent a determined spammer from a hit-and-run spam spew, joining, spamming and then leaving. But few are. There's little benefit to going through even these few steps to join the list to spam it when one can spam hundreds of thousands of addresses while sitting back and swilling beer while the computer does the work. It also doesn't prevent a list subscriber's computer infected with a worm or virus from hitting the list with it. However, it again limits the harm and it also makes it easy to identify the source and inform the party of the infection. In such a case the owner is nearly always a victim of the infection and not an intentional propagator and will appreciate the tip. Ray Simard -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba 3.0.0: force user not working
It was foretold that on Tue, 14 Oct 2003 15:12:02 -0500, Gerald (Jerry) Carter [EMAIL PROTECTED] would mumble: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 [EMAIL PROTECTED] wrote: | Hi, | | a few days ago I upgraded to Samba 3.0.0. | The upgrade worked flawlessly. | I just wonder why the force user setting does no longer work like it | should.. | This is an excerpt from my smb.conf-file: | | [200a3i] | path = /home/www_200a3i/public_html | valid users = peter, niklas | admin users = peter | force user = www_200a3i | force group = www | | Usually one expects that these settings make samba use the user | www_200a3i from /etc/passwd to create files / folders. But it doesn't, | it uses root instead. However, the force group settings works just fine. If you connect as peter, I would expect the admin user option to take precendence. If you connect as niklas, then I would expect the 'force user' parameter to take effect. Is this not what you are seeing? If not, then tell me how the current behavior differs from 2.2. cheers, jerry ~ -- ~ Hewlett-Packard- http://www.hp.com ~ SAMBA Team -- http://www.samba.org ~ GnuPG Key http://www.plainjoe.org/gpg_public.asc ~ You can never go home again, Oatman, but I guess you can shop there. ~--John Cusack - Grosse Point Blank (1997) -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.1 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQE/jFiSIR7qMdg1EfYRApTaAJoCXuCvdjuEZztEs4yNmAxYm1HXHgCg5GrS Vr/gA3YQMLsVc9PgCO4M7o8= =9vKo -END PGP SIGNATURE- Hi Jerry, neither files / directories are created using the user peter, nor niklas. They are create using the user root. The behavior in 2.2 was like this: when setting force user = www_200a3i, then samba would actually create all files with the owner set to www_200a3i. in 3.0.0, this only works with the force group setting. However, i would also like to change the owner, not only the group. Greetings, Peter -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] ldap help
I'm having problems getting my iplanet ds 5.1 sp2 working w/ samba. I have a bunch of question but I cant find it in the documentation. I'm running samba 3.0 and have an existing ldap server w/ 100K entries. 1.Do you really need all of the attributes in the samba schmema. It sure seems like its going to junk up all my entries? 2. Is there any really good documentation out there? 3. Why is it that when I use tls I dont bind as the admin. When I turn it off then I bind. 4. I'm having troubles adding users since I already have them in ldap. What is the best way to just add the need info into each entry? 5. When I try to add a user to ldap w/ smbpasswd, it keep trying to add the entry to a entry dn: SambaDomainEntry=Hostname,dc=temple,dc=edu. Why wont it add it to my people sub-tree. Thanks in advance I have many more questions but I cant think of any now. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Is there a way to enforce a single login domain wide
I just tested the process/uid check theory. Upon initail login the new smbd process is owned by the user but with no activity on any shares it switches to being owned by root in a minute. I guess I could use a script to touch a file with the users login name or uid and just check for that upon login and remove it on logout... Anyone have any better ideas? DSP Gémes Géza wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 I.M.H.O you could write a root prexec script for your netlogon share, wich would check for runing smbd with the uid of the connection, and return an error if there is such. And specifying root prexec close = yes on the netlogon share, you could deny them. The danger is that because of blocked clients you would got lots of frustrated clients. Good Luck! Geza Gemes John H Terpstra írta: | On Mon, 13 Oct 2003, Douglas Phillipson wrote: | | |I didn't get any hits on this. Does that mean it's not possible??? |Has anyone enforced a single instance login policy somehow? Is this a |reasonable question to ask? | | | This is not possible. There is no way to do this with MS Windows 200x | server - and there is no way to do this with Samba. | | - John T. | | |DSP | |Douglas Phillipson wrote: | | I would like to enforce a policy for a user being only able to login |once anywhere in the Domain. When you use roaming profiles, the system |gets confused and leaves the local profile on the client PC if the same |user logs in on a second machine while they are still loggewd in on the |first one. This then causes the Samba profile to NOT get updated on |logout. If a user is currently logged on a domain, I need that user to |be refused if they logon to a second machine until they logoff the first |machine. Is this possible with Samba, or would I use some sort of logon |script to query something and force the user off at their second login |attempt? When this problem occurs you have to reboot the machine and |remove the users local profile so it will again use the roaming profile |on the samba DC. Very irritating... | | Thanks | | DSP | | | | -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.2 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQE/i+88/PxuIn+i1pIRAi+fAJ0Yc/e6H8MyKxc0z8s1FnWhLsFVyACgh7vh G3SEihFi0OPiVpUSvBFZZvA= =SjHf -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE: [Samba] RE: SPAM
Just to further confirm the idea that this mailing list is associated with the current surge in receipts of the SWEN virus, I signed up for this list when I upgraded to Samba 2.2.3 on Oct 1. An hour later I began receiving mass quantities of SWEN-infected emails. TO date I've received 860 from the list, and 800 SWEN emails. Norton AV is catching them, I haven't become infected (and at this point I'm using Outlook XP on Windows 2000 but planning to switch soon.) However, I was most certainly NOT receiving ANY SWEN emails until I joined this list. I got 10 SWEN emails yesterday, 5 on the 12th, 92 on the 10th, with my highest count for a single day being something close to 140. More than just annoying, it made my main email addy for my company nearly useless until I configured a rule to move them to a separate folder... but even at that it costs me download time. I've been keeping them (Norton is configured to silently delete the payload) so I could keep track of the numbers of them per day. I don't mind the messages being gated to Usenet... seems to me that would be a valuable extension of the resources this list provides. HOWEVER, I do think the list owners need to recognize that this list IS proving to be a source of addresses for virus spammers. Objectively, I'm guessing that in the current political climate a case could be made for the idea that, having been notified their list is being targeted and should they do nothing to prevent further abuse, they could be partly liable for any damage occurring. Stripping emails of addresses or at LEAST putting up a warning on the signup page and providing an option to not have your email address listed to the world (not sure if that's there already or not) would do something for future subscribers to stem the raging tide of crap that's been streaming into my mailbox for the last 2 weeks... Just my 2 cents. J -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Chris Smith Sent: Tuesday, October 14, 2003 3:45 PM To: [EMAIL PROTECTED] Subject: Re: [Samba] RE: SPAM On Tuesday 14 October 2003 16:10, Jim Morris wrote: I vote to kill the mailing list - Usenet gateway, if that is what is causing these virus email attacks on subscribers. If I wanted to use Usenet, I would go read comp.os.protocols.smb or whatever, directly! I disagree. A Usenet search via Google Groups (used to be Deja News) is undoubtedly my most used and most useful troubleshooting and reference tool. In one step I can search for needed information without the need to know the name of the group that may contain the answer or answers. To remove the Samba list from such a search would, IMO, be a gross error. It may not be ideal but today I have taken the steps outlined in my sig. Although I have little doubt I will eventually need to change my email address as well. -- Chris Do not reply to the email address. Please use the contact page below for any desired direct replies. Apologies for the inconvenience. realcomputerguy dot com slash contact dot html -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Samba with RedHat AS 2.1
Hi All, I'm trying to setup Samba 3 with RedHat Advance Server 2.1 I compiled Samba with the following switches : --with-winbind --with-smbmount --with-smbwrapper --with-pam --with-pam_smb After I make, make install I try to run SWAT and it comes up to the login window. When I try to login to SWAT with root's credentials, it says the password or username is wrong or invalid. Any ideas? If I don't use Winbind and pam switches...I can get onto SWAT. But I want the winbind features. Thanks in advance Sean Solina ARB, Inc. 26000 Commercentre Dr. Lake Forest, CA 92630 Sean S Solina.vcf -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] NIS-Samba mapping
I'm using NIS for authentication, and would like to use auto.home to mount a particular share on an NT server as $HOME when an NIS-mapped user logs in. I'd rather have the mount occur at each login rather than at boot, as we have a total of seven NT shares which potentially could contain a given users' directory. I can set the correct share for each user at the NIS user, but how do I get it to play nice with Samba (2.2.7a-SuSE)? Thanks, Mike Ely --- [This E-mail scanned for viruses by Declude Virus] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] RE: SPAM
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Jared Rypka-Hauer wrote: | Objectively, I'm | guessing that in the current political climate a case | could be made for the idea that, having been notified | their list is being targeted and should they do | nothing to prevent further abuse, they could be partly | liable for any damage occurring. Jared, I'm not being vindictive here, but your email just got added to my /dev/null box. So please sue me. cheers, jerry -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.1 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQE/jG9aIR7qMdg1EfYRAvCKAKC6v6KYA8nic4YeYQK3d9elIlYHFACg2Jfj nn9FUTb1XO//07+YhOxJ9CE= =Jq/O -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Some simple (I hope) questions
I'm new to Samba, and I have a few minor questions for which I need answers before I start this grandiose adventure in connectivity. I current have a small home network, consisting of: (1) Mandrake Linux 9.1 workstation (1) Windows 2000 Pro workstation (1) Windows XP Pro file/print server (1) LinkSys 4-port (ethernet) router My goal is to be able to use Samba to access the files in and the printers attached to the Windows XP server from my Linux workstation. The impression I'm getting from everyone I ask is that Samba was designed to allow Windows-based workstations to access fioles/printers on Linux/Unix servers. If this is the case, then I'm sunk. I would appreciate any and all advice you can offer in this situation. Much thanks in advance... Joshua Tarplin, MCSE [EMAIL PROTECTED] _ Fretting that your Hotmail account may expire because you forgot to sign in enough? Get Hotmail Extra Storage today! http://join.msn.com/?PAGE=features/es -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] RE: SPAM
Stripping emails of addresses or at LEAST putting up a warning on the signup page and providing an option to not have your email address listed to the world (not sure if that's there already or not) would do something for future subscribers to stem the raging tide of crap that's been streaming into my mailbox for the last 2 weeks... To be fair the warning would have to be general.. perhaps: Warning: you may recieve spam if using email, but Isn't that a bit like Warning: sticking a fork in this light socket may result in electrocution ? Spam sucks - get over it. Nate -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: domain groups accessing samba share
- Original Message - From: Gavin Davenport [EMAIL PROTECTED] To: John H Terpstra [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Sent: Tuesday, October 14, 2003 4:13 AM Subject: RE: [Samba] Re: domain groups accessing samba share Hi there Make this: valid users = @LABOR\domain admins write list = @LABOR\domain admins write useres = @LABOR\domain admins What if the domain user doesn't have a local user on the unix machine ? How do I get round that ?? That is where winbind comes in. You use winbind to allow your domain users from your NT/2k server to be seen by the samba box as normal unix users. Rich -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Multi-IP question
Hi all- I'm fairly new to samba, but have been using 2.2.8 on a local subnet, 192.168.0.x, without problem. The PC with samba is running NetBSD, and has 4 ethernet i/fs, all on different subnets, on different hubs, and has Windows 2k clients. I now need to switch samba to two of the other i/fs instead (the 192.168.1.x and 192.168.2.x subnets), and when I do, I can see the NetBSD box from Windows but can't see any of the shares (path not found error from Windows). I have tried adding the following in my smb.conf: remote announce = 192.168.1.255 192.168.2.255 which didn't seem to work. I also tried adding interfaces = tlp1 tlp2 which also didn't seem to work (the i/fs are detected in order during boot as sip0 - the 192.168.0.x subnet, tlp0, tlp1 and tlp2). I can ping, telnet, ftp, use ssh, etc over the interfaces, so the connection is good, and all the Windows clients are set up identically. I can also use smbclient at the samba machine to login to the server via localhost to see the shares. If I use nmblookup -B server __SAMBA__, it shows only the first subnet (? shouldn't it show both subnets?), but it looks correct (as far as I know...) and nmblookup -B client '*' gives positive name query responses from the Windows boxes. But still no shares visible from Windows. If I switch the conf back to 192.168.0.x, it works fine (and smbclient/nmblookup tests give the same type of results as for the other subnets). I imagine (hope!) I'm missing something obvious; I have googled and read as many of the configs/man pages that I could find, so I apologize if this is in some FAQ somewhere... Thanks for any help Greg -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba 3.0.0: force user not working
On Tue, Oct 14, 2003 at 10:59:11PM +0200, [EMAIL PROTECTED] wrote: | [200a3i] | path = /home/www_200a3i/public_html | valid users = peter, niklas | admin users = peter | force user = www_200a3i | force group = www neither files / directories are created using the user peter, nor niklas. They are create using the user root. The behavior in 2.2 was like this: when setting force user = www_200a3i, then samba would actually create all files with the owner set to www_200a3i. in 3.0.0, this only works with the force group setting. However, i would also like to change the owner, not only the group. Ok, you're not explaining very well what you're seeing. Given the config file above, what user are you connecting as ? What user are you seeing the files created as ? If you are connecting as user peter then the desired behaviour is that files should be owned by root, as that's what you said when you set the admin users parameter. Anyone else connecting should get fixes owned by www_200a3i. Jeremy. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] implementing ldap and samba
gurus, i want to implement ldap authentication server and also a samba server, but in different computer. Is it possible? How should go with this? tnx in advance! eric __ Do you Yahoo!? The New Yahoo! Shopping - with improved product search http://shopping.yahoo.com -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Re: [OT] spam
On 14 Oct 2003, J. Frisbie [EMAIL PROTECTED] wrote: What would you like us to do differently? I see your original message was a bit misleading: you said that you singed up for the samba, but in fact you also posted to the list, thus disclosing your address. First of all: we don't disclose the subscriber addresses to anyone. The roster of list members is not available from the web page. If you subscribe and do not post, nobody will know your address. Just to be absolutely clear: - We don't disclose the subscriber addresses. - We are not sending you viruses or spam. - Sometimes spam does get onto the lists. We filter out the vast majority of it. There is no perfect filtering solution. - This is a public list. Anything you send to it can be read, used or archived by anyone in the world. We explain this reasonably clearly. - We have no control over people who might be sending you viruses. You need to complain to their network admin or your network admin or your government. ** If you want something to remain secret, do not post it. ** I personally don't think keeping your address secret is a good solution to spam, but you can try it if you want. I think we are being responsible. The problems are not of our making, and we do our best to reduce them. If you have any concrete constructive suggestions we'll consider them. I see you are posting from Outlook, which is the overwhelmingly most common virus vector. Calling us irresponsible is pretty cheeky. If Outlook went away, the email virus problem would nearly disappear overnight. [your suggestions:] You have some unscrupulous list subscriber who bombards addresses that appear on the list with viruses. If you tell me who they are, we will remove them from the list. Do not send messages to the list with machine parseable return addresess. We pass through messages with whatever address the sender uses. Some people choose to post from addresses other than their real one, and that is allowed. Of course they take the risk of not seeing direct replies. Addresses in the list archives are not easily machine parseable: http://lists.samba.org/archive/samba/msg72578.html Other people can archive it however they want. Make the reply to address the mailing list, not the person who sent the message. I don't understand how you think this would help the spam or viruses problem. If anything, it will cause more misconfigured antivirus software to send messages to the list, thus annoying everyone and just the poster. Vet your subscriber list. Since people other than subscribers can read the list archives, this too would not prevent people sending viruses to you. But leaving that aside, how do you suggest we vet it? I can't think of any test we could easily do over email that would reliably distinguish good people from evil. Are we supposed to guess that frisbie doesn't look like a real name, so we won't allow it? We could disallow people who're using insecure clients like Outlook, but unfortunately there's a large overlap with Samba's userbase. Allow only subscribers to post to the list. That has nothing to do with people sending viruses direct to you. Doing this in addition to the spam filtering we already have in place might reduce the amount of spam getting onto the list. On the other hand it would impede people who want to just ask one question, which is pretty common. We may yet do it in the future. Since many viruses forge their From address, verifying the From address may not help much anyhow. This would also block people who want to post from an obscured address. Terry suggested: Quit forwarding the list onto Usenet, at least with email addresses exposed (what's the real use of this, considering it's not that big of a deal for people to subscribe?) I think it is very useful for people who want to read through the list archives without receiving every message as its sent. It supports a use mode that's more useful to some people than either email or web archives. I will consider hiding the sender addresses. I don't have this problem with other lists (this account is subscribed to at least 20), so there's no reason why we should have these problems here, either. That is a bit of a non sequiter. I don't know what other lists you're on. Similarly high-profile lists at kernel.org or debian.org seem to have similar policies and our level of spam is as good or better. -- Martin -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] How to compile with ADS support? Require lib files?
Hi there. I need to recompile my samba I am seeing... ie, with ads support. For those of you you have it working, can I get some info from you... that being, what I need in order to successfully compile it with ads support, and what is needed in my compile...is it just --with kerb4=dir. Anyways, any help would be much appreciated. Thanks! -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] RE: SPAM
I always wondered how much mindless, unthinking and thankless abuse it would take to provoke a response. On Tue, Oct 14, 2003 at 04:49:14PM -0500, Gerald (Jerry) Carter wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Jared Rypka-Hauer wrote: | Objectively, I'm | guessing that in the current political climate a case | could be made for the idea that, having been notified | their list is being targeted and should they do | nothing to prevent further abuse, they could be partly | liable for any damage occurring. Jared, I'm not being vindictive here, but your email just got added to my /dev/null box. So please sue me. cheers, jerry -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.1 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQE/jG9aIR7qMdg1EfYRAvCKAKC6v6KYA8nic4YeYQK3d9elIlYHFACg2Jfj nn9FUTb1XO//07+YhOxJ9CE= =Jq/O -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] RE: RE: SPAM
On Tue, 14 Oct 2003 16:13:01 -0500, Jared Rypka-Hauer wrote: Just to further confirm the idea that this mailing list is associated with the current surge in receipts of the SWEN virus, I signed up for this list when I upgraded to Samba 2.2.3 on Oct 1. An hour later I began receiving mass quantities of SWEN-infected emails. Wow, you sent mail to thousands of people and now you're getting viruses? How remarkable. Obviously samba.org is doing something wrong. Stripping emails of addresses or at LEAST putting up a warning on the signup page and Warning! Using email may cause you to receive spam. or perhaps Warning! The samba team cannot control the actions of every random idiot on the Internet. or Warning! Many samba subscribers use virus-prone Microsoft systems. providing an option to not have your email address listed to the world (not sure if that's there already or not) We never do that. As would have been obvious if you'd spent about 30 seconds to look. Objectively, I'm guessing that in the current political climate a case could be made for the idea that, having been notified their list is being targeted and should they do nothing to prevent further abuse, they could be partly liable for any damage occurring. What a shining wit. -- Martin -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] samba-3.0 and ldap support
Hello I am trying to upgrade samba to samba-3.0, I have source rpm from samba site and I have been trying to recompile rpm with spec as following --with-mmap \ --with-pam \ --with-pam_smbpass \ --with-piddir=/var/run \ --with-privatedir=%{_sysconfdir}/samba \ --with-quotas \ --with-smbmount \ --with-swatdir=%{_datadir}/swat \ --with-syslog \ --with-utmp \ --with-vfs \ --without-smbwrapper \ --with-ldap \ --with-ldapsam\ --with-ssl \ --with-acl-support But compile is throwing error that unknow option --with-ldap and --with-ldapsam and --with-ssl does anyone know what options I need to compile LDAP support , and how I can find out that what options are available, I also looked at .configure , it has all these options, then why compile is failling I am using redhat 8.0 rpmbuild -bb samba.spec Thanks - Do you Yahoo!? The New Yahoo! Shopping - with improved product search -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Re: samba-3.0 and ldap support
Sounds like a question for the Samba mailing lists, see http://www.samba.org/samba/archives.html. Kurt At 07:18 PM 10/14/2003, jawed abbasi wrote: Hello I am trying to upgrade samba to samba-3.0, I have source rpm from samba site and I have been trying to recompile rpm with spec as following --with-mmap \ --with-pam \ --with-pam_smbpass \ --with-piddir=/var/run \ --with-privatedir=%{_sysconfdir}/samba \ --with-quotas \ --with-smbmount \ --with-swatdir=%{_datadir}/swat \ --with-syslog \ --with-utmp \ --with-vfs \ --without-smbwrapper \ --with-ldap \ --with-ldapsam\ --with-ssl \ --with-acl-support But compile is throwing error that unknow option --with-ldap and --with-ldapsam and --with-ssl does anyone know what options I need to compile LDAP support , and how I can find out that what options are available, I also looked at .configure , it has all these options, then why compile is failling I am using redhat 8.0 rpmbuild -bb samba.spec Thanks Do you Yahoo!? http://shopping.yahoo.com/?__yltc=s%3A15443%2Cd%3A22708228%2Cslk%3Atext%2Csec%3AmailThe New Yahoo! Shopping - with improved product search -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] RE: RE: SPAM
On Wed, Oct 15, 2003 at 11:55:42AM +1000, Martin Pool wrote: Just to further confirm the idea that this mailing list is associated with the current surge in receipts of the SWEN virus, I signed up for this list when I upgraded to Samba 2.2.3 on Oct 1. An hour later I began receiving mass quantities of SWEN-infected emails. Wow, you sent mail to thousands of people and now you're getting viruses? How remarkable. Obviously samba.org is doing something wrong. I'm going to test out this theory. This email is sent from an email address that has never been used before. I will watch the mail logs and see when/if I get innundated with viruses. Alan Tim Potter Smithee. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: RE : RE : [Samba] samba-3 PDC BDC fail-over with 2 LDAP serversfails
On Tue, 2003-10-14 at 16:18, jean-marc pouchoulon wrote: Bonsoir Andrew, I've just tried to test failover with the two syntax. I use ssh tunnel to connect to ldapserver ( using 127.0.0.1 ) With passdb backend = ldapsam:ldap://127.0.0.1:10389/, ldapsam:ldap://127.0.0.1:13389, guest it works after more slowly but it works. I think after 8 times as passdb backend = ldapsam:ldap://127.0.0.1:10389 ldap://127.0.0.1:13389;, guest I am not able to connect to the domain second ldap if I stop the first one. Thanks for your previous answers. It is quite possible that your LDAP libs do not support that syntax. What exactly is the version are you using? -- Andrew Bartlett [EMAIL PROTECTED] Manager, Authentication Subsystems, Samba Team [EMAIL PROTECTED] Student Network Administrator, Hawker College [EMAIL PROTECTED] http://samba.org http://build.samba.org http://hawkerc.net signature.asc Description: This is a digitally signed message part -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: CVS update: samba/source/nsswitch
I did it on purpose I found the 2 offending DEBUG lines, and found also they were not compiling (may totally b e a problem of mine). As there aren't any other DEBUG lines in that file, I tought you committed that DEBUG statement by mistake. I should have asked, but it was late, sorry. Do it compile now? Simo. On Tue, 2003-10-14 at 01:57, Richard Sharpe wrote: On Mon, 13 Oct 2003 [EMAIL PROTECTED] wrote: Modified Files: wb_common.c Log Message: Revisions: wb_common.c 1.26 = 1.27 http://www.samba.org/cgi-bin/cvsweb/samba/source/nsswitch/wb_common.c.diff?r1=1.26r2=1.27 Hmmm, you might have needed a cvs update before that commit, since all you did was delete a two line addition of debugging info I added. I have since re-applied it and fixed a spelling mistake ... Regards - Richard Sharpe, rsharpe[at]ns.aus.com, rsharpe[at]samba.org, sharpe[at]ethereal.com, http://www.richardsharpe.com -- Simo Sorce- [EMAIL PROTECTED] Samba Team- http://www.samba.org Italian Site - http://samba.xsec.it
CVS update: samba/source/include
Date: Tue Oct 14 07:43:41 2003 Author: idra Update of /data/cvs/samba/source/include In directory dp.samba.org:/tmp/cvs-serv17072/include Added Files: tdbsam2_parse_info.h Log Message: sorry folks, forgot to cvs add/remove before commit. Revisions: tdbsam2_parse_info.hNONE = 1.1 http://www.samba.org/cgi-bin/cvsweb/samba/source/include/tdbsam2_parse_info.h?rev=1.1
CVS update: samba/source/sam
Date: Tue Oct 14 07:43:41 2003 Author: idra Update of /data/cvs/samba/source/sam In directory dp.samba.org:/tmp/cvs-serv17072/sam Added Files: gums_tdbsam2.c Removed Files: gumm_tdb.c Log Message: sorry folks, forgot to cvs add/remove before commit. Revisions: gums_tdbsam2.c NONE = 1.1 http://www.samba.org/cgi-bin/cvsweb/samba/source/sam/gums_tdbsam2.c?rev=1.1 gumm_tdb.c 1.6 = NONE http://www.samba.org/cgi-bin/cvsweb/samba/source/sam/gumm_tdb.c?rev=1.6
CVS update: samba/source/passdb
Date: Tue Oct 14 07:43:41 2003 Author: idra Update of /data/cvs/samba/source/passdb In directory dp.samba.org:/tmp/cvs-serv17072/passdb Added Files: pdb_gums.c Log Message: sorry folks, forgot to cvs add/remove before commit. Revisions: pdb_gums.c NONE = 1.1 http://www.samba.org/cgi-bin/cvsweb/samba/source/passdb/pdb_gums.c?rev=1.1
CVS update: samba/source
Date: Tue Oct 14 07:50:36 2003 Author: idra Update of /data/cvs/samba/source In directory dp.samba.org:/tmp/cvs-serv17838 Modified Files: configure.in Log Message: fix typo Revisions: configure.in1.487 = 1.488 http://www.samba.org/cgi-bin/cvsweb/samba/source/configure.in.diff?r1=1.487r2=1.488
Re: CVS update: samba/source/nsswitch
On Tue, 14 Oct 2003, Simo wrote: I did it on purpose I found the 2 offending DEBUG lines, and found also they were not compiling (may totally b e a problem of mine). As there aren't any other DEBUG lines in that file, I tought you committed that DEBUG statement by mistake. I should have asked, but it was late, sorry. Do it compile now? Actually, it was my problem :-) Regards - Richard Sharpe, rsharpe[at]ns.aus.com, rsharpe[at]samba.org, sharpe[at]ethereal.com, http://www.richardsharpe.com
CVS update: samba/source/libsmb
Date: Tue Oct 14 17:01:03 2003 Author: jra Update of /data/cvs/samba/source/libsmb In directory dp.samba.org:/tmp/cvs-serv30163/libsmb Modified Files: Tag: SAMBA_3_0 smb_signing.c Log Message: Enable us to see what sequence number we were expecting when we fail a sign (should help track down out of sequence bugs). Jeremy. Revisions: smb_signing.c 1.4.2.36 = 1.4.2.37 http://www.samba.org/cgi-bin/cvsweb/samba/source/libsmb/smb_signing.c.diff?r1=1.4.2.36r2=1.4.2.37