RE: samba-3.0.0-2_rh9.i386.rpm
Yes. rpm -Fvh simply did not worked. I have made a backup of important files, uninstalled samba and installed the new version. TNX alias Jan Kovar -Original Message- From: Heath Hoffman [mailto:[EMAIL PROTECTED] Sent: Wednesday, October 15, 2003 4:11 PM To: [EMAIL PROTECTED] Subject: samba-3.0.0-2_rh9.i386.rpm I was wondering if anyone out there was having this problem when installing a fresh copy of Samba? [EMAIL PROTECTED] tmp]# rpm -Fvh samba-3.0.0-2_rh9.i386.rpm warning: samba-3.0.0-2_rh9.i386.rpm: V3 DSA signature: NOKEY, key ID 2f87af6f [EMAIL PROTECTED] tmp]# samba-3.0.0-2_rh9.i386.rpm: V3 DSA signature: NOKEY, key ID 2f87af6f Thank you for any help! Heath Hoffman Computer /Network Specialist Penn State Berks-Lehigh Valley College Berks Campus L110 Luerssen Building Tulpehocken Road Reading, PA 19610 [EMAIL PROTECTED] 610-396-6191 FAX: (610)396-6024
PKG BINARY SAMBA 3 SOLARIS 8
The are the binary packages of samba 3 for solaris 8? Bye Giovanni
RE: [Samba] winbindd: krb5_cc_get_principal failed
On Wed, 2003-10-15 at 08:05, Gavin Davenport wrote: wbinfo --set-auth-user=Administrator%password NEVER do this. There is never a good reason to do this. The wbinfo command is for NT4 trusted domains, that are running 'restrict anonymous'. If you are joined with ADS, and there are ADS trusts to these machines, then Samba can use kerberos, and never needs a 'wbinfo' user. Even when you do need a 'wbinfo user', it does not need any special powers - only those given to *every* user. So add a new, boring, unprivileged user. That password is stored clear-text, in secrets.tdb. Andrew Bartlett -- Andrew Bartlett [EMAIL PROTECTED] Manager, Authentication Subsystems, Samba Team [EMAIL PROTECTED] Student Network Administrator, Hawker College [EMAIL PROTECTED] http://samba.org http://build.samba.org http://hawkerc.net signature.asc Description: This is a digitally signed message part -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: RE : [Samba] Can't add machine account with 3.0.0; ldapsam backend (RESENT)
On Tue, 2003-10-14 at 21:47, Ronny Adsetts wrote: jean-marc pouchoulon said the following on 14/10/03 12:10: they sould be created on the fly as they were with 3.0.0beta1. As I can see, with 3.0 stable this is not done. pdbedit -a -m testonsddd$ -D99 ... ldapsam_modify_entry: Failed to add user dn= uid=testonsddd$,ou=pc,o=g,c=fr with: Object c lass violation But a AddMachine script make it for me without any problem. So this is a bug with 3.0 stable then? Not requiring an account prior to joining the domain when using LDAP backend is a documented feature AFAICR... can't point to the exact documentation right now though... :-) So called 'non unix account' support was removed prior to release. It is not intended to return - certainly not in the guise perviously seen. You need an 'add machine script' and 'add user script' to fill in the bits of LDAP. Generally, I like the idea that we might be able to do this without scripts, but that's not possible at the moment. Andrew Bartlett -- Andrew Bartlett [EMAIL PROTECTED] Manager, Authentication Subsystems, Samba Team [EMAIL PROTECTED] Student Network Administrator, Hawker College [EMAIL PROTECTED] http://samba.org http://build.samba.org http://hawkerc.net signature.asc Description: This is a digitally signed message part -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Re: [OT]SPAM
On Tue, 14 Oct 2003 07:56:18 -0500, tvsjr wrote: Helpful suggestions (although its too late for those of us already subscribed): Quit forwarding the list onto Usenet, at least with email addresses exposed (what's the real use of this, considering it's not that big of a deal for people to subscribe?) I don't think viruses read Usenet. I realize spammers do, but spammers are a relatively small problem compared to Outlook viruses. Protect emails anywhere the list is archived/posted Again, viruses do not read the archives. People who are receiving viruses are probably getting them because their mail was read on an infected Windows PC either by a subscriber, or by somebody subscribed to an echo list. Archives and NNTP mirrors are irrelevant. If I could stop infected people subscribing then I would, but I don't see how to do that. So the only interim solution is to not post from an address without virus filters. I don't see any reason to force anonymous posts when you can do it yourself and some people want to be non-anonymous. -- Martin -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] RE: SPAM
Now that I also get about 150-200(!) Messages of 156KB Mails each day about half an hour(!) after my first posting to this list for the first time in my life I must admit that there IS something terribly wrong. Fact is that I subscribed to the list half a year ago. I also subscribed to OpenLDAP-, Courier-, and other mailing lists. I posted to these lists and I posted many times in the usenet some years ago. I agree that it is not the FAULT of the Samba team who runs this list, but the CAUSE of this behaviour may be due to the fact that the address of a subscriber is presented to the usenet (it is very likely). Maybe the exposure of an E-Mail link on the world wide web is also a potential cause for getting SPAM. The following script elegantly solves this issue, for example: script language=JavaScript !-- var prefix = foo; document.write(a title=\Send E-Mail\ href=\mailto:; + prefix + @bar.com\); document.write(prefix + [AT]bar.com/a); //-- /script Think. ;) -- Best regards, Bernhard Lukas Pericom Communication Consulting GmbH 1060 Wien, Mariahilfer Strasse 47/5/5 Tel. 01 585 64 90 - 63 Fax. 01 585 64 90 - 33 Web. www.pericom.at -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: RE : RE : RE : [Samba] samba-3 PDC BDC fail-over with 2 LDAPserversfails
On Wed, 2003-10-15 at 16:50, jean-marc pouchoulon wrote: It is quite possible that your LDAP libs do not support that syntax. What exactly is the version are you using? Netscape Directory server 4.16. I mean on the client - the libraries that Samba links against. Andrew Bartlett -- Andrew Bartlett [EMAIL PROTECTED] Manager, Authentication Subsystems, Samba Team [EMAIL PROTECTED] Student Network Administrator, Hawker College [EMAIL PROTECTED] http://samba.org http://build.samba.org http://hawkerc.net signature.asc Description: This is a digitally signed message part -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re[2]: [Samba] RE: SPAM
Fortunately my ISP has a firewall wich blocks the virus attachments from most spam message I get since I subscribed for AND mailed to the samba list. But there are about 100 to 150 messages a day reaching my mailbox. The simpliest way to catch all the email addresses of the list is to become member of the mailing list and run a simple filter to collect all the email adresses. And then: happy spamming! The other possibility is that some users have infected systems wich send spam to all email adresses found in their inbox. I don't think the postmasters of the samba list can do anything about it. I will unsibscribe from the list after this message. Lets see if the spam rate goes down. Bye -- Best Regards, Dietrich Streifert -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] outlook 2000 .pst files corrupt
I upgraded from samba 2.2.1a to 2.2.8 a while ago and suddenly started getting corrupt outlook 2000 .pst files the next morning (all pst files are stored in shares on the samba server). Out of about 500 users I got about 3 corrupt pst files per day. I just upgraded again to samba 3 + ldapsam and I now get at leat 30 of these corrupt pst files daily. The strange thing is that it never once happened on samba 2.2.1a. When upgrading to samba 2.2.8 I started getting all kinds of strange file permissions errors on samba shared and roaming profiles problems on my w2k boxes. Loading sp3 fixed this - might this be related? Has anybody had this before? I'm currently running samba 3.0.0 with openldap and the samba 3 ldap schema on redhat 8 and 9 boxes. André de Koning IT Manager Softline VIP Payroll Tel: +27 12 420 7000 [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE : RE : RE : RE : [Samba] samba-3 PDC BDC fail-over with 2LDAPserversfails
Rpm found : openldap-2.0.27-8 nss_ldap-202-5 ldd /usr/sbin/smbd libcom_err.so.3 = /usr/kerberos/lib/libcom_err.so.3 (0x40027000) libk5crypto.so.3 = /usr/kerberos/lib/libk5crypto.so.3 (0x40029000) libkrb5.so.3 = /usr/kerberos/lib/libkrb5.so.3 (0x40039000) libgssapi_krb5.so.2 = /usr/kerberos/lib/libgssapi_krb5.so.2 (0x40098000) liblber.so.2 = /usr/lib/liblber.so.2 (0x400ab000) libldap.so.2 = /usr/lib/libldap.so.2 (0x400b6000) libcups.so.2 = /usr/lib/libcups.so.2 (0x400e1000) libssl.so.4 = /lib/libssl.so.4 (0x400fb000) libcrypto.so.4 = /lib/libcrypto.so.4 (0x4013) libnsl.so.1 = /lib/libnsl.so.1 (0x40222000) libcrypt.so.1 = /lib/libcrypt.so.1 (0x40237000) libpam.so.0 = /lib/libpam.so.0 (0x40264000) libresolv.so.2 = /lib/libresolv.so.2 (0x4026c000) libdl.so.2 = /lib/libdl.so.2 (0x4027e000) libpopt.so.0 = /usr/lib/libpopt.so.0 (0x40282000) libc.so.6 = /lib/tls/libc.so.6 (0x4200) libsasl.so.7 = /usr/lib/libsasl.so.7 (0x4028b000) libz.so.1 = /usr/lib/libz.so.1 (0x40296000) /lib/ld-linux.so.2 = /lib/ld-linux.so.2 (0x4000) libgdbm.so.2 = /usr/lib/libgdbm.so.2 (0x402a4000) ldd /usr/sbin/nmbd libcrypt.so.1 = /lib/libcrypt.so.1 (0x40027000) libresolv.so.2 = /lib/libresolv.so.2 (0x40054000) libnsl.so.1 = /lib/libnsl.so.1 (0x40066000) libdl.so.2 = /lib/libdl.so.2 (0x4007c000) libpopt.so.0 = /usr/lib/libpopt.so.0 (0x4008) libcom_err.so.3 = /usr/kerberos/lib/libcom_err.so.3 (0x40088000) libk5crypto.so.3 = /usr/kerberos/lib/libk5crypto.so.3 (0x4008a000) libkrb5.so.3 = /usr/kerberos/lib/libkrb5.so.3 (0x4009a000) libgssapi_krb5.so.2 = /usr/kerberos/lib/libgssapi_krb5.so.2 (0x400f8000) liblber.so.2 = /usr/lib/liblber.so.2 (0x4010b000) libldap.so.2 = /usr/lib/libldap.so.2 (0x40117000) libc.so.6 = /lib/tls/libc.so.6 (0x4200) /lib/ld-linux.so.2 = /lib/ld-linux.so.2 (0x4000) libsasl.so.7 = /usr/lib/libsasl.so.7 (0x40142000) libssl.so.4 = /lib/libssl.so.4 (0x4014d000) libcrypto.so.4 = /lib/libcrypto.so.4 (0x40182000) libgdbm.so.2 = /usr/lib/libgdbm.so.2 (0x40274000) libpam.so.0 = /lib/libpam.so.0 (0x4027b000) libz.so.1 = /usr/lib/libz.so.1 (0x40283000) Does this give you what you want ? -Message d'origine- De : Andrew Bartlett [mailto:[EMAIL PROTECTED] Envoyé : mercredi 15 octobre 2003 8:55 À : jean-marc pouchoulon Cc : 'Andrew Bartlett'; [EMAIL PROTECTED] Objet : Re: RE : RE : RE : [Samba] samba-3 PDC BDC fail-over with 2LDAPserversfails On Wed, 2003-10-15 at 16:50, jean-marc pouchoulon wrote: It is quite possible that your LDAP libs do not support that syntax. What exactly is the version are you using? Netscape Directory server 4.16. I mean on the client - the libraries that Samba links against. Andrew Bartlett -- Andrew Bartlett [EMAIL PROTECTED] Manager, Authentication Subsystems, Samba Team [EMAIL PROTECTED] Student Network Administrator, Hawker College [EMAIL PROTECTED] http://samba.org http://build.samba.org http://hawkerc.net -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
AW: [Samba] Samba2 and Samba3 mixed environment
Hi, thank you for your report. I had the same problem, tried almost everything but found no solution. I hope this bug will be fixed in Samba 3.0.1 Viele Gre Hubertus -Ursprngliche Nachricht- Von: buc [mailto:[EMAIL PROTECTED] Gesendet: Dienstag, 14. Oktober 2003 17:26 An: [EMAIL PROTECTED] Betreff: [Samba] Samba2 and Samba3 mixed environment My expiriences show that when you what to join a Samba2 machine to Samba3 PDC, and your charsets are not default, you MUST use unix charset = UTF8 on the Samba3 PDC . When I use, for example, unix charset = KOI8-R , then Samba2 machine reports that join (or re-join) is successful, but really such a join is corrupt. If I try to join Samba3 to Samba3, all works fine (both KOI8-R and UTF8). Assume, it is useful report for non-default locale users... buc -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Re: domain groups accessing samba share
Hiya Tim, Thanks for helping. Can you post your smb.conf /etc/pam.d/login wbinfo -g wbinfo -u getent passwd getent group Here we go: # Global parameters [global] workgroup = MYDOMAIN realm = MYNETWORK.ISP.CO.UK server string = Linux Samba Server security = ADS password server = bashful log level = 3 log file = /var/log/samba/log.%m max log size = 100 smb ports = 445 announce as = NT Workstation name resolve order = host bcast wins server = 10.0.0.104 client signing = Yes server signing = Yes client use spnego = Yes socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 load printers = No os level = 10 preferred master = No local master = No domain master = No dns proxy = No idmap uid = 1-2 idmap gid = 1-2 template shell = /bin/bash # winbind separator = + winbind cache time = 2 # winbind use default domain = Yes comment = Redhat 7.1 Samba hosts allow = 127., 10.0.0. [homes] comment = Home Directories read only = No browseable = No [Software] comment = Software Library path = /mnt/largeprimary/software # valid users = @MYNETWORK.ISP.CO.UK\Domain Users # Admin users = @MYNETWORK.ISP.CO.UK\gavdav [EMAIL PROTECTED] /root]# more /etc/pam.d/login #%PAM-1.0 auth required /lib/security/pam_securetty.so auth required /lib/security/pam_stack.so service=system-auth auth required /lib/security/pam_nologin.so accountrequired /lib/security/pam_stack.so service=system-auth password required /lib/security/pam_stack.so service=system-auth sessionrequired /lib/security/pam_stack.so service=system-auth sessionoptional /lib/security/pam_console.so wbinfo -u [EMAIL PROTECTED] /root]# wbinfo -u MYDOMAIN\gavdav MYDOMAIN\Guest MYDOMAIN\Administrator MYDOMAIN\krbtgt MYDOMAIN\SUPPORT_388945a0 MYDOMAIN\fbloggs snip wbinfo -g [EMAIL PROTECTED] /root]# wbinfo -g MYDOMAIN\Domain Computers MYDOMAIN\Cert Publishers MYDOMAIN\Domain Users MYDOMAIN\Domain Guests MYDOMAIN\RAS and IAS Servers MYDOMAIN\Group Policy Creator Owners MYDOMAIN\Schema Admins MYDOMAIN\Enterprise Admins MYDOMAIN\Domain Admins MYDOMAIN\Domain Controllers snip [EMAIL PROTECTED] /root]# getent passwd root:x:0:0:root:/root:/bin/bash snip xfs:x:43:43:X Font Server:/etc/X11/fs:/bin/false gdm:x:42:42::/home/gdm:/bin/bash gavdav:x:500:500:Gavin Davenport:/home/gavdav:/bin/bash named:x:200:200:Nameserver:/var/named:/bin/false vcsa:x:69:69:virtual console memory owner:/dev:/sbin/nologin [EMAIL PROTECTED] /root]# getent group root:x:0:root snip nobody:x:99: users:x:100:gavdav snip xfs:x:43: gdm:x:42: gavdav:x:500: vcsa:x:69: getent and setent are listing local users and groups. What do I need to change in /etc/pam.d/login to fix it ? Where should I be looking for help ? Thanks very much Gavin Davenport -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] SWAT : use on an include file
Hello, I want to : - include a smbauto.conf in smb.conf (I guess it is possible), - allow a non root user to modify smbauto.conf with SWAT. No matter if, as a consequence, SWAT could not be used by root. After some research, I haven't found a way to do so (without modifying source code). Can you help me please ? Thanks -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: RE : [Samba] Can't add machine account with 3.0.0; ldapsam backend (RESENT)
Andrew Bartlett said the following on 15/10/03 07:22: So called 'non unix account' support was removed prior to release. It is not intended to return - certainly not in the guise perviously seen. You need an 'add machine script' and 'add user script' to fill in the bits of LDAP. Thanks for this info (and all the Samba team's hard work). Generally, I like the idea that we might be able to do this without scripts, but that's not possible at the moment. Would be very good - one less thing to worry about :-). Regards, Ronny -- Technical Director Amazing Internet Ltd, London t: +44 20 8607 9535 f: +44 20 8607 9536 w: www.amazinginternet.com -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Join ADS domain
Hi, i had install ther samba-3.0.0-15 in a Redhat 8.0 and I want to join to a Active Directory Domain. When i make net ads join -U administrator i receive the following error net: relocation error: net: undefined symbol: krb5_cc_initialize Any suggestions Thanks A.O -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] RE: [OT] spam
First of all: we don't disclose the subscriber addresses to anyone. The roster of list members is not available from the web page. If you subscribe and do not post, nobody will know your address. A mailing list that you can't post to? How useful. Just to be absolutely clear: - We don't disclose the subscriber addresses. - We are not sending you viruses or spam. - Sometimes spam does get onto the lists. We filter out the vast majority of it. There is no perfect filtering solution. - This is a public list. Anything you send to it can be read, used or archived by anyone in the world. We explain this reasonably clearly. - We have no control over people who might be sending you viruses. You need to complain to their network admin or your network admin or your government. Nevertheless, (I stand corrected) POSTING to the samba list is the kiss of death for an email account. There is a direct causal relationship. You are essentially acting as a spam pimp for whoever is doing this. Posting to the respectable samba mailing list results in an unending stream of attacks. At the minimum, failing to warn people that using your list in its intended fashion results in attacks on their computer constitutes criminal negligence. Doubly (or is it triply) so when you are aware of the situation and do nothing to remedy it. ** If you want something to remain secret, do not post it. ** I personally don't think keeping your address secret is a good solution to spam, but you can try it if you want. I think we are being responsible. The problems are not of our making, and we do our best to reduce them. If you have any concrete constructive suggestions we'll consider them. You should tell people when they sign up that their email addresss will be posted and that there is a 100% chance that that adddress will be attacked. I see you are posting from Outlook, which is the overwhelmingly most common virus vector. Calling us irresponsible is pretty cheeky. If Outlook went away, the email virus problem would nearly disappear overnight. As I said, I've been using the inter/arpa net for over twenty years. No computer I have been responsible for has ever been infected by a virus, machines using outlook included. We pass through messages with whatever address the sender uses. Some people choose to post from addresses other than their real one, and that is allowed. Of course they take the risk of not seeing direct replies. So, causing every single poster to be spamed/attacked is worth direct reply capability? Nice tradeoff. I hope the people running the lists have nothing to do with samba proper. Most lists consider direct replies a misfeature -- why not give everyone one on the list the answer? Make the reply to address the mailing list, not the person who sent the message. I don't understand how you think this would help the spam or viruses problem. The only addresses in the email from the list would be the list and the recipient. I will consider hiding the sender addresses. I don't have this problem with other lists (this account is subscribed to at least 20), so there's no reason why we should have these problems here, either. That is a bit of a non sequiter. I don't know what other lists you're on. Similarly high-profile lists at kernel.org or debian.org seem to have similar policies and our level of spam is as good or better. The point is (and I've been on hundreds of lists over the years) that other lists do not have this problem, so clearly there are solutions. Why aren't you using any of them? Still pissed, Joe Frisbie -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Samba PDC - XP Logins - Replication of secrets file
I think I finally have gotten my XP machines to log into the samba controlled domain. Thank you all to have provided feedback and support. I am wondering though if the solution was something that I just glossed over, or if I just solved a portion of the problem. As a recap, I am running samba 2.2.8a compiled with LDAP so I can have replicated authentication. I was able to join the XP machines to the domain without a problem, but I continually got wrong username/password msessages when I would try to login. I finally copied the secrets.tdb file from the PDC machine over to one of the local branch authentication servers. I ran smbpasswd -S -a \\servername against that to populate the domain SID, restarted Samba and I was good to go. Is this just something that I had missed? I only found it by seeing two obscure posts one about machines.sid and the other about changing a server name and re-running smbpasswd. Any feedback would be appreciated so I can put this to rest. Thanks -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Samba ver1.9.15p6 problem
Dear Sir We are the user of Samba ver 1.9.15p6 running on Sun OS 4.1.x platform. We have recently found that our Samba not working anymore. After a whole day checking, we have found that the problem is caused by the system date. If the system date is set to today date, the Sun Machine will stop during reboot while running startsmb. After we change the date to 15 days before, everything is OK. Please advise whether there is a time period for using Samba. How can we fix it? Does the latest version Samba still support Sun OS 4.1.x? Regards Aaron _ Linguaphone : Learning English? Get Japanese lessons for FREE http://go.msnserver.com/HK/30476.asp -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE: [Samba] RE: [OT] spam
(trimming the CC list yet again) -Original Message- From: J. Frisbie [mailto:[EMAIL PROTECTED] Nevertheless, (I stand corrected) POSTING to the samba list is the kiss of death for an email account. There is a direct causal relationship. You know, I've been posting to the samba list for years, and I have to say I've never had an experience anything like yours. I get virus mail, sure, but nothing like the one every 90 seconds you're suggesting. All I can say is, I don't think your case is typical. There's only so much a mailing list can do about this short of shutting down entirely. The list has no way of knowing if a particular member is infected by viruses, so there's not much they can do about those users. This is hardly unique to this list. If you don't want anyone infected with a virus to see your email address, then about all you can do is not post to mailing lists. I was with you to a certain extent until you started taking this to an extreme position and making veiled legal threats, but now I think you've gone over the edge. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Re: [OT]SPAM
-Original Message- From: Martin Pool [mailto:[EMAIL PROTECTED] I don't think viruses read Usenet. Some people have seen a correlation. Maybe the viruses are grabbing email addresses out of people's USENET news caches. Of course, correlation doesn't prove causation, something I think the person who started this thread is missing. :) -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Re: [OT]SPAM
OK, maybe I don't know what I'm talking about... of course, look at the number of people confirming my story. You'll discover that Outlook the mail client and Outlook the news reader are very much intermingled - if someone is using Outlook to browse the newsgroups and is infected, they will still transmit the virus to the direct email addresses shown on Usenet. Read this one more time: I *DO NOT* have the option of running server-side filtering, unless I want to use Earthlink's option, which has given numerous false positives! As a consultant, I can not afford to have customer email ending up in the trash because the server thought it was spam. Furthermore, I'm subscribed to 20+ mailing lists on this account (from various services, including private lists, Yahoo Groups, etc.) The spam count was about 10 per day until I subscribed to the Samba list. Now it's over 200. Argue as much as you like, but no one else seems to have this problem. Terry At 04:50 PM 10/15/2003 +1000, Martin Pool wrote: On Tue, 14 Oct 2003 07:56:18 -0500, tvsjr wrote: Helpful suggestions (although its too late for those of us already subscribed): Quit forwarding the list onto Usenet, at least with email addresses exposed (what's the real use of this, considering it's not that big of a deal for people to subscribe?) I don't think viruses read Usenet. I realize spammers do, but spammers are a relatively small problem compared to Outlook viruses. Protect emails anywhere the list is archived/posted Again, viruses do not read the archives. People who are receiving viruses are probably getting them because their mail was read on an infected Windows PC either by a subscriber, or by somebody subscribed to an echo list. Archives and NNTP mirrors are irrelevant. If I could stop infected people subscribing then I would, but I don't see how to do that. So the only interim solution is to not post from an address without virus filters. I don't see any reason to force anonymous posts when you can do it yourself and some people want to be non-anonymous. -- Martin -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Re: [OT]SPAM
-Original Message- From: tvsjr [mailto:[EMAIL PROTECTED] As a consultant, I can not afford to have customer email ending up in the trash because the server thought it was spam. I think this is the risk you take if you use a vital email address to post to public forums. I would suggest using seperate addresses for these functions. Besides, if you don't have the ability to filter mail, just the sheer daily volume of *legitimate* mail on this list is going to be a problem. Furthermore, I'm subscribed to 20+ mailing lists on this account (from various services, including private lists, Yahoo Groups, etc.) The spam count was about 10 per day until I subscribed to the Samba list. Now it's over 200. Argue as much as you like, but no one else seems to have this problem. Including me -- I've been subscribed to the Samba list for years and I don't get unmanagable numbers of viruses. I've also seen bursts of virus traffic for no apparent reason. It could be a coincidence. Correlation != causation. There's also always the question of what your ISP is doing. My ameritech.net account gets vast quantities of spam, and started getting it before I even used it! I can only assume Ameritech is selling their email list. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
FW: [Samba] Re: domain groups accessing samba share
-Original Message- From: VR-Bug Support Sent: 15 October 2003 13:42 To: 'Gavin Davenport' Subject: RE: [Samba] Re: domain groups accessing samba share Hi Gavin, This is what I have for my /etc/pam.d/login #%PAM-1.0 auth required pam_securetty.so auth sufficient /lib/security/pam_winbind.so auth sufficient /lib/security/pam_unix.so nodelay use_first_pass auth sufficient /lib/security/pam_krb5.so auth required pam_stack.so service=system-auth auth required pam_nologin.so accountsufficient /lib/security/pam_winbind.so accountsufficient /lib/security/pam_krb5.so accountrequired pam_stack.so service=system-auth password required pam_stack.so service=system-auth sessionrequired pam_stack.so service=system-auth sessionoptional pam_console.so And when I issue getent group or getent passwd it lists both local and ADS users. Regards, Luke -Original Message- From: Gavin Davenport [mailto:[EMAIL PROTECTED] Sent: 15 October 2003 09:05 To: [EMAIL PROTECTED] Cc: Tim Jordan, Network Services Subject: RE: [Samba] Re: domain groups accessing samba share Hiya Tim, Thanks for helping. Can you post your smb.conf /etc/pam.d/login wbinfo -g wbinfo -u getent passwd getent group Here we go: # Global parameters [global] workgroup = MYDOMAIN realm = MYNETWORK.ISP.CO.UK server string = Linux Samba Server security = ADS password server = bashful log level = 3 log file = /var/log/samba/log.%m max log size = 100 smb ports = 445 announce as = NT Workstation name resolve order = host bcast wins server = 10.0.0.104 client signing = Yes server signing = Yes client use spnego = Yes socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 load printers = No os level = 10 preferred master = No local master = No domain master = No dns proxy = No idmap uid = 1-2 idmap gid = 1-2 template shell = /bin/bash # winbind separator = + winbind cache time = 2 # winbind use default domain = Yes comment = Redhat 7.1 Samba hosts allow = 127., 10.0.0. [homes] comment = Home Directories read only = No browseable = No [Software] comment = Software Library path = /mnt/largeprimary/software # valid users = @MYNETWORK.ISP.CO.UK\Domain Users # Admin users = @MYNETWORK.ISP.CO.UK\gavdav [EMAIL PROTECTED] /root]# more /etc/pam.d/login #%PAM-1.0 auth required /lib/security/pam_securetty.so auth required /lib/security/pam_stack.so service=system-auth auth required /lib/security/pam_nologin.so accountrequired /lib/security/pam_stack.so service=system-auth password required /lib/security/pam_stack.so service=system-auth sessionrequired /lib/security/pam_stack.so service=system-auth sessionoptional /lib/security/pam_console.so wbinfo -u [EMAIL PROTECTED] /root]# wbinfo -u MYDOMAIN\gavdav MYDOMAIN\Guest MYDOMAIN\Administrator MYDOMAIN\krbtgt MYDOMAIN\SUPPORT_388945a0 MYDOMAIN\fbloggs snip wbinfo -g [EMAIL PROTECTED] /root]# wbinfo -g MYDOMAIN\Domain Computers MYDOMAIN\Cert Publishers MYDOMAIN\Domain Users MYDOMAIN\Domain Guests MYDOMAIN\RAS and IAS Servers MYDOMAIN\Group Policy Creator Owners MYDOMAIN\Schema Admins MYDOMAIN\Enterprise Admins MYDOMAIN\Domain Admins MYDOMAIN\Domain Controllers snip [EMAIL PROTECTED] /root]# getent passwd root:x:0:0:root:/root:/bin/bash snip xfs:x:43:43:X Font Server:/etc/X11/fs:/bin/false gdm:x:42:42::/home/gdm:/bin/bash gavdav:x:500:500:Gavin Davenport:/home/gavdav:/bin/bash named:x:200:200:Nameserver:/var/named:/bin/false vcsa:x:69:69:virtual console memory owner:/dev:/sbin/nologin [EMAIL PROTECTED] /root]# getent group root:x:0:root snip nobody:x:99: users:x:100:gavdav snip xfs:x:43: gdm:x:42: gavdav:x:500: vcsa:x:69: getent and setent are listing local users and groups. What do I need to change in /etc/pam.d/login to fix it ? Where should I be looking for help ? Thanks very much Gavin Davenport -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba _ This e-mail and all attachments have been scanned by the HighSpeed Office virus scanning service powered by MessageLabs and no known viruses were detected. __ Any views or opinions expressed in this e-mail are solely those of the author and do not necessarily represent those of ENDEMOL UK plc unless specifically stated. This email and the information it contains are confidential and intended solely for the use of the individual or entity to which it is addressed. If you have
RE: [Samba] SPAM
-Original Message- From: Ray Simard [mailto:[EMAIL PROTECTED] The most effective step to reduce this is to restrict posting to subscribed list members. I don't think this will help much, though it may be a good idea for other reasons. I've never seen a virus arrive *through* the list. I think what people are complaining about is viruses being sent to them directly. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE: [Samba] SPAM
At 08:46 AM 10/15/2003 -0400, David Brodbeck wrote: I've never seen a virus arrive *through* the list. I think what people are complaining about is viruses being sent to them directly. There have been a very few that came through the list, according to memory. The vast majority are going direct. Terry -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Samba 3.0 Admin members
Hi, I am currently trying to configure Samba 3.0 as PDC in our Domain. Through which parameter can I tell Samba who is member of the Domain Admin group ? In the old version it was domain admin group = @adm... but this parameter has obviously been dropped in 3.0 . I just joined a machine to the domain by using root , but I think this was just because root is admin member by default. Thanks in advance, Torsten Bergeest -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: [OT]SPAM
On 15 Oct 2003, David Brodbeck [EMAIL PROTECTED] wrote: I've also seen bursts of virus traffic for no apparent reason. It could be a coincidence. Correlation != causation. There's also always the question of what your ISP is doing. My ameritech.net account gets vast quantities of spam, and started getting it before I even used it! I can only assume Ameritech is selling their email list. Some spammer might have guessed david + b from a dictionary attack. (Assuming that's your account name, I don't know.) Or maybe Ameritech are selling their list. As you say, it is hard to determine exact causes when you're looking at the actions of unknown malicious agents. -- Martin -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Edirectory and Samba
I was wondering if anyone has gotten samba to authenticate to Edirectory? If so is there any good docs anywhere online on how to do it? I've done some searching, but can't seem to find a whole lot. Thanks -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE: [Samba] SPAM
-Original Message- From: Ray Simard [mailto:[EMAIL PROTECTED] The most effective step to reduce this is to restrict posting to subscribed list members. This will stop spammers sending to list, but also will hurt people incidently asking questions, without being subscribed. Depending on policy. The occasional spam arriving via the list is neligable as compared to my daily dose of 300+ spams. It will hurt people using the archive as a means to see replies w/o being subscribed. Hurt much, effect little. I've never seen a virus arrive *through* the list. I think what people are complaining about is viruses being sent to them directly. yeah, the complaint is: when subscribing to SAMBA, the email adres used will get spam and virusses at once. Quite possibly by the publication of the list onto usenet with the real adres still visible. The spam is understandeble, the virusses also, since the introduction of spamming virusses. The resolution could be to block the email addy from the senders to the list, when forwarding, but this would hamper ligitimate usage, such as replying to sender. (perhaps the follow up discussion isnt SAMBA related) This is of course totally upto the VOLUNTEERS running this list, if you do not like it, feel free to start a SAMBASTOPSPAM list orso. Threatening to sue VOLUNTEERS over such a silly thing will get you the mocking of every Dutchmen I know, and leads me to believe the complainer was pissed, and should get sober, or the complainer is an American Layer. I hope the former, I think the latter. Or he plays one on the internet anyways. If the complainer was to post onto usenet, and subsequently would get a spammie, who would he then sue? Al Gore? Last but not least, can everybody on this list please reply to this spam discussion, my mailbox isnt yet full, and this list is like, low on traffic. Richard van Beers -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Edirectory and Samba
I am also interesting in good docs on this... anyone got any? Is it in the grand howto? :-) Troy Joe Stuart [EMAIL PROTECTED] 10/15/03 08:27AM I was wondering if anyone has gotten samba to authenticate to Edirectory? If so is there any good docs anywhere online on how to do it? I've done some searching, but can't seem to find a whole lot. Thanks -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] pam_winbind
Hello, I am at my wits end with this... could someone please post a working /etc/pam.d/login and system-auth file for RedHat 9. I have followed various howto docs, and looked at quite a few configuration examples. None of them seem to work on my system. I am trying to get Redhat 9 clients to authenticate from an NT 4 server. I have been able to get this partialy working, but noticed that any wrong password would authenticate a user on the local machine...this of course was not desired. I also intend to use pam_mount and pam_mkhomdir as well. any help will be apreciated... thanx in advance. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] user name problem in samba 2.2.3a
I am running debian testing with samba 2.2.3a all users are XP/win2k some usernames are first and last. i.e. john smith So those with a 2 part username in windows have to enter a second username and password to access samba shares. How can I get samba to use these usernames? currently I have samba using just their first name and password as authentication. Take care, Seth 727-919-1598 [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Re: samba-3.0 and ldap support
I am trying to upgrade samba to samba-3.0,
I have source rpm from samba site and I have been trying to recompile
rpm with spec as following
--with-mmap \
...
--with-ldap \
--with-ldapsam\
--with-ssl \
--with-acl-support
But compile is throwing error that unknow option --with-ldap and
--with-ldapsam and --with-ssl
It think --with-ldapsam and --with-ssl are gone in 3.x.
does anyone know what options I need to compile LDAP support , and
how I can find out that what options are available, I also looked at
.configure , it has all these options, then why compile is failling
I am using redhat 8.0
rpmbuild -bb samba.spec
We build with -
CFLAGS=$RPM_OPT_FLAGS $EXTRA ./configure \
--prefix=%{prefix} \
--localstatedir=/var \
--with-configdir=/etc/samba \
--with-privatedir=/etc/samba \
--with-fhs \
--with-quotas \
--with-smbmount \
--with-pam \
--with-pam_smbpass \
--with-syslog \
--with-utmp \
--with-sambabook=%{prefix}/share/swat/using_samba \
--with-swatdir=%{prefix}/share/swat \
--with-libsmbclient \
--with-acl-support \
--with-ldap \
--with-krb5=/usr/kerberos
--
To unsubscribe from this list go to the following URL and read the
instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Re: Some Samba Press !!
This was a great read (see link). Makes all the 'pain' of getting one of these things up and working properly, all the more worth while. Read on. http://www.itweek.co.uk/News/1144289 Many congrats guys, very impressive. Simon -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [OT] [Samba] SPAM
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Here is the issue, and why the Samba list is basically unable to do anything: If you send a message to the Samba list, it gets resent to everyone on the list. This message will contain a FROM: line, showing an email address. There are people on this list who have virus ridden machines. They get your message, and the virus reads the FROM: line, and sends off a virus to you. The virus goes directly to you; not through the Samba list. The only solution is to completely destroy the FROM and REPLY lines in all your emails; an ugly solution. If you really don't like the virus spam, may I recommend www.mozilla.com ? It's mail filtering works great for me, and all my little virus splats go right into the junk folder. If you really really insist on using Microsoft software and don't want to ever see a virus spam, then post to the group from a one-time hotmail account, and read the replies in the list archives. (http://lists.samba.org) Note that the list archive very rarely has any of this virus spam in it. The only other solution is to LART every clueless user out there; but this is unlikely to work: sysadmins have been trying for 20 years with no results. - -Tom [EMAIL PROTECTED] wrote: |-Original Message- |From: Ray Simard [mailto:[EMAIL PROTECTED] | |The most effective step to reduce this is to restrict posting to |subscribed list members. | | | This will stop spammers sending to list, but also will hurt people | incidently asking questions, without being subscribed. Depending on | policy. The occasional spam arriving via the list is neligable as compared | to my daily dose of 300+ spams. It will hurt people using the archive as a | means to see replies w/o being subscribed. Hurt much, effect little. | | |I've never seen a virus arrive *through* the list. I think what people |are |complaining about is viruses being sent to them directly. | | | yeah, the complaint is: when subscribing to SAMBA, the email adres used | will get spam and virusses at once. Quite possibly by the publication of | the list onto usenet with the real adres still visible. The spam is | understandeble, the virusses also, since the introduction of spamming | virusses. | | The resolution could be to block the email addy from the senders to the | list, when forwarding, but this would hamper ligitimate usage, such as | replying to sender. (perhaps the follow up discussion isnt SAMBA related) | | This is of course totally upto the VOLUNTEERS running this list, if you do | not like it, feel free to start a SAMBASTOPSPAM list orso. | | Threatening to sue VOLUNTEERS over such a silly thing will get you the | mocking of every Dutchmen I know, and leads me to believe the complainer | was pissed, and should get sober, or the complainer is an American Layer. | I hope the former, I think the latter. Or he plays one on the internet | anyways. | | If the complainer was to post onto usenet, and subsequently would get a | spammie, who would he then sue? Al Gore? | | Last but not least, can everybody on this list please reply to this spam | discussion, my mailbox isnt yet full, and this list is like, low on | traffic. | | Richard van Beers -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.2 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQE/jS8qRliD/69byygRAnpwAJ96NBKBCIlrmqPt8zoVtukOARfZzgCdG8LP eY1c47W00UFD7U5JMWgMBmk= =qe3J -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [OT] [Samba] SPAM
Tom Dickson ([EMAIL PROTECTED]) wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Here is the issue, and why the Samba list is basically unable to do anything: If you send a message to the Samba list, it gets resent to everyone on the list. This message will contain a FROM: line, showing an email address. Which should be [EMAIL PROTECTED] like the other mailing lists do. Snip some good stuff. Bob -- Assured Computing When you need to be sure. [EMAIL PROTECTED] www.assuredcomp.com Voice - 541-868-0331 FAX - 541-463-1627 Eugene, Oregon -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [OT] [Samba] SPAM
I would have to agree with Tom. I use Mozilla 1.5a out of the box, and I have never seen a spam or virus message on this list. Granted, I've only been on the list for about 8 months. Further, I would suggest using SpamAssassin, MIMEDefang, and ClamAV for those of you that have control over your mail servers. MIMEDefang does a fine job of stripping out potentially harmful attachments. SpamAssassin marks potential spams with a spam score, and you can use Mozilla's in-borne filters to get rid of them. ClamAV simply blocks known viruses, and the users never even know they exist. Given that, our mail server is a busy little bee with all of the filtering and scanning, but those with an IT budget of at least $700 can build a pretty stout email server. Also, a simple Antivirus program on each Windows desktop will round out your virus protection nicely. In the end, admins can do very little to prevent a determined user from destroying their PC's. Even with all of the above protection, we have, in our organization, a user who somehow infects himself with 5 different, sometimes ancient, viruses a month. Generally he contracts the more debilitating kind, and his PC must be rebuilt. However, with the above protection, those viruses have yet to spread outside of his box. In my opinion, it boils down to this: Spam protection is within the realm of the individual mail administrators, not the mailing list administrators. If your mail system is vulnerable to spam virus attacks, you need to do some work on your systems, not gripe at the mailing list admins and members about it. -Mark. Tom Dickson wrote: If you really don't like the virus spam, may I recommend www.mozilla.com ? It's mail filtering works great for me, and all my little virus splats go right into the junk folder. If you really really insist on using Microsoft software and don't want to ever see a virus spam, then post to the group from a one-time hotmail account, and read the replies in the list archives. (http://lists.samba.org) Note that the list archive very rarely has any of this virus spam in it. The only other solution is to LART every clueless user out there; but this is unlikely to work: sysadmins have been trying for 20 years with no results. - -Tom -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] samba 3.0.0 winbind starting problems.
I've a little problem starting winbindd. using It on a redhat 9 linux, compiled from source. I've configured nsswitch.conf with winbind and kerberos. Naturally joined my ADS realm with the following command: net ads join -U administrator successfully. now the problem is that smbd and nmbd work correclty but I can't start winbindd due the following error and I can't manage why, from the log.winbindd: [2003/10/15 10:54:24, 2] lib/interface.c:add_interface(79) added interface ip=192.168.5.13 bcast=192.168.5.255 nmask=255.255.254.0 [2003/10/15 10:54:24, 5] lib/util.c:init_names(270) Netbios name list:- my_netbios_names[0]=NORAD [2003/10/15 10:54:24, 2] lib/interface.c:add_interface(79) added interface ip=192.168.5.13 bcast=192.168.5.255 nmask=255.255.254.0 [2003/10/15 10:54:24, 5] lib/gencache.c:gencache_init(59) Opening cache file at /usr/samba/var/locks/gencache.tdb [2003/10/15 10:54:24, 5] libsmb/namecache.c:namecache_enable(58) namecache_enable: enabling netbios namecache, timeout 660 seconds [2003/10/15 10:54:24, 0] nsswitch/winbindd_util.c:winbindd_param_init(445) winbindd: idmap uid range missing or invalid [2003/10/15 10:54:24, 0] nsswitch/winbindd_util.c:winbindd_param_init(446) winbindd: cannot continue, exiting. Naturally my smb.conf is: [global] encrypt passwords = Yes workgroup = MYREALM.IT server string = norad security = ads log file = /var/log/samba/log.%m max log size = 50 password server = MASTER BDC realm = MYREALM.IT passdb backend = tdbsam socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 local master = no wins server = 192.168.5.1 192.168.0.1 wins proxy = yes dns proxy = yes [public] comment = nora-d ? chi e` nora-d ? writeable = yes public = yes browseable = yes path = /home/samba read only = No create mask = 0777 directory mask = 0777 guest ok = No ;*** winbindd ** winbind separator = \ winbind cache time = 10 template homedir = /home/%D/%U template shell = /bin/bash winbind uid = 1-2 winbind gid = 1-2 winbind enum users = yes winbind enum groups = yes winbind use default domain = yes It is quite stupid ok ? when I start winbindd with the following option I receive: winbindd version 3.0.0 started. Copyright The Samba Team 2000-2003 lp_load: refreshing parameters Initialising global parameters params.c:pm_process() - Processing configuration file /usr/samba/lib/smb.conf Processing section [global] doing parameter encrypt passwords = Yes doing parameter workgroup = MYREALM.IT doing parameter server string = norad doing parameter security = ads doing parameter log file = /var/log/samba/log.%m doing parameter max log size = 50 doing parameter password server = MASTER BDC doing parameter realm = MYREALM.IT doing parameter passdb backend = tdbsam doing parameter socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 doing parameter wins server = 192.168.5.1 192.168.0.1 doing parameter wins proxy = yes doing parameter dns proxy = yes Processing section [public] doing parameter comment = nora-d ? chi e` nora-d ? doing parameter writeable = yes doing parameter public = yes doing parameter browseable = yes doing parameter path = /home/samba doing parameter read only = No doing parameter create mask = 0777 doing parameter directory mask = 0777 doing parameter guest ok = No doing parameter winbind separator = + Global parameter winbind separator found in service section! doing parameter winbind cache time = 10 Global parameter winbind cache time found in service section! doing parameter template homedir = /home/%D/%U Global parameter template homedir found in service section! doing parameter template shell = /bin/bash Global parameter template shell found in service section! doing parameter winbind uid = 1-2 Global parameter winbind uid found in service section! doing parameter winbind gid = 1-2 Global parameter winbind gid found in service section! doing parameter winbind enum users = yes Global parameter winbind enum users found in service section! doing parameter winbind enum groups = yes Global parameter winbind enum groups found in service section! doing parameter winbind use default domain = yes Global parameter winbind use default domain found in service section! pm_process() returned Yes lp_servicenumber: couldn't find homes adding IPC service adding IPC service set_server_role: role = ROLE_DOMAIN_MEMBER Substituting charset 'UTF-8' for LOCALE Substituting charset 'UTF-8' for LOCALE Substituting charset 'UTF-8' for LOCALE Substituting charset 'UTF-8' for LOCALE Substituting charset 'UTF-8' for LOCALE Substituting charset 'UTF-8' for LOCALE Substituting charset 'UTF-8' for LOCALE Substituting charset 'UTF-8' for LOCALE Substituting charset 'UTF-8' for LOCALE Substituting charset 'UTF-8' for LOCALE added interface ip=192.168.5.13 bcast=192.168.5.255 nmask=255.255.254.0 Netbios name list:- my_netbios_names[0]=NORAD added interface ip=192.168.5.13 bcast=192.168.5.255 nmask=255.255.254.0 Opening cache file
[Samba] QUESTION: security=ads vs. security=domain
Can someone explain to me what ADS buys me over Domain for a member server? We just started implementing Samba 3.0 and want to understand what the new ADS security buys us. Errol Fouquet - UNIX SysAdmin Minerals Management Service, DOI -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Re: read-only problem in 3.0.0
On Tue, 14 Oct 2003 10:14:22 -0400, Greg Louis wrote: We have a problem with shares that we would like to keep read-only for some users; it worked with 2.2.8a, but with 3.0.0 there is this odd behaviour: Users with read-only privilege can browse the files, can copy them out of the share (eg to their own hard disks) and open the copies, and can open the files in situ with Notepad; but if they try to open files in the share with Excel, for example, or Access or AutoCad, a dialogue is displayed to the effect that the file can't be found. Users with write access don't have this problem. AFAIK the apps aren't trying to write into the files. This should match the behaviour of bug 551, which is fixed in CVS and the next Samba release. Peter -- | G r e g L o u i s | gpg key: 0x400B1AA86D9E3E64 | | Consultronics Corporate Manager | available on my website or | | Information Systems Technology | from any keyserver.| | http://www.consultronics.com | http://www.bgl.nu/~glouis| -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE: [Samba] QUESTION: security=ads vs. security=domain
It gives native membership to Windows 2K (Active Directory) domains which is required to participate in a W2k domain if you are not running in mixed mode. Also gives kerberised authentication to Samba shares which is nice for security and single sign-on. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: 15 October 2003 15:53 To: [EMAIL PROTECTED] Subject: [Samba] QUESTION: security=ads vs. security=domain Can someone explain to me what ADS buys me over Domain for a member server? We just started implementing Samba 3.0 and want to understand what the new ADS security buys us. Errol Fouquet - UNIX SysAdmin Minerals Management Service, DOI -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba BBCi at http://www.bbc.co.uk/ This e-mail (and any attachments) is confidential and may contain personal views which are not the views of the BBC unless specifically stated. If you have received it in error, please delete it from your system. Do not use, copy or disclose the information in any way nor act in reliance on it and notify the sender immediately. Please note that the BBC monitors e-mails sent or received. Further communication will signify your consent to this. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Re: domain groups accessing samba share
Ok - I replaced my /etc/pam.d/login with the one you've posted. getent still lists me just local machine users and groups. Trying to attach to the machine results in this in the hosts samba log: Doing spnego session setup NativeOS=[Windows 2002 2600 Service Pack 1] NativeLanMan=[Windows 2002 5.1] Got OID 1 2 840 48018 1 2 2 Got OID 1 2 840 113554 1 2 2 Got OID 1 3 6 1 4 1 311 2 2 10 Got secblob of size 1235 Ticket name is [EMAIL PROTECTED] Username gavdav is invalid on this system error string = No such file or directory error packet at smbd/sesssetup.c(220) cmd=115 (SMBsesssetupX) NT_STATUS_LOGON_FAILURE timeout_processing: End of file from client (client has disconnected). setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 Closing connections Yielding connection to yield_connection: tdb_delete for name failed with error Record does not exist. Server exit (normal exit) Still stuck - what should I have in /etc/pam_smb.conf, and /etc/pam.d/system-auth ?? smb.conf now: # Global parameters [global] workgroup = MYDOMAIN realm = MYNETWORK.ISP.CO.UK server string = Revolver security = ADS password server = bashful log level = 3 log file = /var/log/samba/log.%m max log size = 100 smb ports = 139 445 announce as = NT Workstation name resolve order = host bcast client signing = Yes server signing = Yes client use spnego = Yes use spnego = Yes socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 load printers = No os level = 10 preferred master = No local master = No domain master = No dns proxy = No idmap uid = 1-2 idmap gid = 1-2 template shell = /bin/bash winbind separator = + winbind cache time = 2 winbind use default domain = Yes template homedir = /home/%D/%U template shell = /bin/bash winbind enum users = yes winbind enum groups = yeS comment = Redhat 8.0 Samba hosts allow = 127., 10.0.0. [homes] comment = Home Directories read only = No browseable = No [usr-local] path = /usr/local read only = Yes valid users = @MYNETWORK.ISP.CO.UK\Domain Users Admin users = @MYNETWORK.ISP.CO.UK\gavdav ### Re: domain groups accessing samba share Hi Gavin, This is what I have for my /etc/pam.d/login #%PAM-1.0 auth required pam_securetty.so auth sufficient /lib/security/pam_winbind.so auth sufficient /lib/security/pam_unix.so nodelay use_first_pass auth sufficient /lib/security/pam_krb5.so auth required pam_stack.so service=system-auth auth required pam_nologin.so accountsufficient /lib/security/pam_winbind.so accountsufficient /lib/security/pam_krb5.so accountrequired pam_stack.so service=system-auth password required pam_stack.so service=system-auth sessionrequired pam_stack.so service=system-auth sessionoptional pam_console.so And when I issue getent group or getent passwd it lists both local and ADS users. Regards, Luke -Original Message- From: Gavin Davenport [mailto:[EMAIL PROTECTED] Sent: 15 October 2003 09:05 To: [EMAIL PROTECTED] Cc: Tim Jordan, Network Services Subject: RE: [Samba] Re: domain groups accessing samba share Hiya Tim, Thanks for helping. Can you post your smb.conf /etc/pam.d/login wbinfo -g wbinfo -u getent passwd getent group Here we go: # Global parameters [global] workgroup = MYDOMAIN realm = MYNETWORK.ISP.CO.UK server string = Linux Samba Server security = ADS password server = bashful log level = 3 log file = /var/log/samba/log.%m max log size = 100 smb ports = 445 announce as = NT Workstation name resolve order = host bcast wins server = 10.0.0.104 client signing = Yes server signing = Yes client use spnego = Yes socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 load printers = No os level = 10 preferred master = No local master = No domain master = No dns proxy = No idmap uid = 1-2 idmap gid = 1-2 template shell = /bin/bash # winbind separator = + winbind cache time = 2 # winbind use default domain = Yes comment = Redhat 7.1 Samba hosts allow = 127., 10.0.0. [homes] comment = Home Directories read only = No browseable = No [Software] comment = Software Library path = /mnt/largeprimary/software # valid users = @MYNETWORK.ISP.CO.UK\Domain Users # Admin users = @MYNETWORK.ISP.CO.UK\gavdav [EMAIL PROTECTED] /root]# more /etc/pam.d/login #%PAM-1.0
Re: [OT] [Samba] SPAM
But there's no way for it to filter the data server-side, so my server account still fills up, I still have to deal with the large transfers for each mail, etc. That's not a solution, it's barely a fix. Terry -Original Message- From: Tom Dickson [EMAIL PROTECTED] Sent: Oct 15, 2003 6:27 AM To: Samba Mailing List [EMAIL PROTECTED] Subject: Re: [OT] [Samba] SPAM -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Here is the issue, and why the Samba list is basically unable to do anything: If you send a message to the Samba list, it gets resent to everyone on the list. This message will contain a FROM: line, showing an email address. There are people on this list who have virus ridden machines. They get your message, and the virus reads the FROM: line, and sends off a virus to you. The virus goes directly to you; not through the Samba list. The only solution is to completely destroy the FROM and REPLY lines in all your emails; an ugly solution. If you really don't like the virus spam, may I recommend www.mozilla.com ? It's mail filtering works great for me, and all my little virus splats go right into the junk folder. If you really really insist on using Microsoft software and don't want to ever see a virus spam, then post to the group from a one-time hotmail account, and read the replies in the list archives. (http://lists.samba.org) Note that the list archive very rarely has any of this virus spam in it. The only other solution is to LART every clueless user out there; but this is unlikely to work: sysadmins have been trying for 20 years with no results. - -Tom [EMAIL PROTECTED] wrote: |-Original Message- |From: Ray Simard [mailto:[EMAIL PROTECTED] | |The most effective step to reduce this is to restrict posting to |subscribed list members. | | | This will stop spammers sending to list, but also will hurt people | incidently asking questions, without being subscribed. Depending on | policy. The occasional spam arriving via the list is neligable as compared | to my daily dose of 300+ spams. It will hurt people using the archive as a | means to see replies w/o being subscribed. Hurt much, effect little. | | |I've never seen a virus arrive *through* the list. I think what people |are |complaining about is viruses being sent to them directly. | | | yeah, the complaint is: when subscribing to SAMBA, the email adres used | will get spam and virusses at once. Quite possibly by the publication of | the list onto usenet with the real adres still visible. The spam is | understandeble, the virusses also, since the introduction of spamming | virusses. | | The resolution could be to block the email addy from the senders to the | list, when forwarding, but this would hamper ligitimate usage, such as | replying to sender. (perhaps the follow up discussion isnt SAMBA related) | | This is of course totally upto the VOLUNTEERS running this list, if you do | not like it, feel free to start a SAMBASTOPSPAM list orso. | | Threatening to sue VOLUNTEERS over such a silly thing will get you the | mocking of every Dutchmen I know, and leads me to believe the complainer | was pissed, and should get sober, or the complainer is an American Layer. | I hope the former, I think the latter. Or he plays one on the internet | anyways. | | If the complainer was to post onto usenet, and subsequently would get a | spammie, who would he then sue? Al Gore? | | Last but not least, can everybody on this list please reply to this spam | discussion, my mailbox isnt yet full, and this list is like, low on | traffic. | | Richard van Beers -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.2 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQE/jS8qRliD/69byygRAnpwAJ96NBKBCIlrmqPt8zoVtukOARfZzgCdG8LP eY1c47W00UFD7U5JMWgMBmk= =qe3J -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] winbind use default domain doesn't work on samba 3.0.0
Hi, On my 2 Debian boxes the option winbind use default domain = yes doesn't make any difference any more where as it dit work just before the rest works fine, but not this option in smb.conf. I've discussed the matter on the French Samba mailing-list and I seem not to be the only one who's got this problem. The other person uses winbind with ADS, where as i'm still using it in mixed mode. So do you guys have the same problem? Samba 3 + winbinbd. Could you try to tell me if it's a bug or not. cheers Fabrice Clerc -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Samba 3.x client - Samba 2.2.x server authentication?
Hey, all. I've upgraded my workstation (Debian) to the Debian Samba 3.x install. I decided to start from scratch with my smb.conf, because I didn't know enough to be wary of what parameters were deleted, etc. So I put password server = sambapdc into my smb.conf, and figured it would Just Work. No dice. A glance at the log file shows [2003/10/15 12:11:08, 1] sam/idmap_tdb.c:db_idmap_init(331) idmap gid range missing or invalid idmap will be unable to map foreign SIDs Some Googling showed this to be some sort of issue with the passdb backend (which Debian set to smbpasswd guest), so I commented it out, thinking it might be conflicting with the password server directive. Nothing doing. Any hints? Thanks, Ken D'Ambrosio Sr. SysAdmin, Xanoptix, Inc. P.S. I have to assume that this has already been mentioned, but the smb.conf manpage -- at least in the Debian version that I have -- has almost none of the directives listed; an obvious editing boo-boo... -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Newbie Question about File Systems
Is there anyway to support NFTS security on linux. it might mean compiling a new file system into the kernal? I don't know. Is there a how to that anyone can point me to. Sorry for the basic question, Michael -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE: [Samba] [OT] SPAM
Additional note: I like the idea of using a Hotmail account for lists, the rampant propagation of email worms is the fault of poor design by Microsoft, let Microsoft deal with the wasted bandwidth. I don't have to view/download any emails I don't want to on hotmail. :) my two more cents? Erik Soderquist -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] [OT] SPAM
From: Erik Soderquist [EMAIL PROTECTED] Date: Wed, 15 Oct 2003 12:18:51 -0400 To: [EMAIL PROTECTED] Subject: RE: [Samba] [OT] SPAM I've been watching this thread with amusement. On one side, I see people with calm collected reasoning explaining how email works, how lists work, etc. and on the other side, I see rash, overzealous people who A.) don't want to admit that they have been doing something that most intelligent users know they shouldn't (use a critical email address for list subscriptions) regardless of past success of failure (Russian roulette is a fun game, until you win . . .), Here here! The first thing I do before subscribing to any mailinglist or newsgroup is to create an email alias specific to that group - note the rather obvious alias I've chosen to post to this group with. Believe me, if the spam/worm/virus problem gets too bad for a particular group, I'll simply delete the alias and blackhole any mail sent to it. Problem solved, and my real email address is unharmed. I agree with the idea of using Hotmail or some such if you are unable to create an email alias of your own. and B.) seem to want to yell at someone other than themselves to vent their frustration at winning the roulette game. If you wanna yell at someone, lookup the IP addresses of some of the virus senders, and yell at them or their ISP - probably won't get you much further than yelling here, but at least you'll be pointing your frustration in another direction, and one closer to the proper target. LARTing can be very satisfying stress relief. One trick which I recommend all network admins to use is a panic button such as the following line ripped from our firewall: # $IPTABLES -I FORWARD -i $IN_IFACE -p tcp --dport 25 -j REJECT Basically, if I find out that one of the 800+ computers on our LAN has a mass-mailer, I uncomment that line and restart the service before heading out to locate the computer with the bug. Once I've pulled it's plug, I comment out that line again and re-restart the service so everyone can send email again. Finally, you will see a little tag my mail server adds at the end of this message. I'm not recommending a particular brand name piece of software or anything, but if you run your own mailserver you're an idiot not to run something similar. For one thing, I have yet to see a single copy of swen on my email client. All I'm saying is, these things happen. Take responsibility for your own protection when they do - don't blame a list admin for it. /rant Mike Ely --- [This E-mail scanned for viruses by Declude Virus] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Testing list
Testing. Please ignore. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] RE: [OT] spam
On Wed, Oct 15, 2003 at 07:33:04AM -0400, J. Frisbie wrote: The point is (and I've been on hundreds of lists over the years) that other lists do not have this problem, so clearly there are solutions. Why aren't you using any of them? Still pissed, Joe Frisbie Unsubscribe, go away, stop using Samba. I don't care. Just stop whining insessantly to this list please. Jeremy. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [OT] [Samba] SPAM
On Wed, Oct 15, 2003 at 09:52:13AM -0500, Mark Warner wrote: I would have to agree with Tom. I use Mozilla 1.5a out of the box, and I have never seen a spam or virus message on this list. Granted, I've only been on the list for about 8 months. The spam this person is complaining about isn't coming from being subscribed to the samba lists. I have one of the most easily findable email addresses I know, [EMAIL PROTECTED] and have been on *all* the samba lists since they were created. No more than about 10% of my email is spam (but then again I get a *lot* of Samba related email). The complaining poster has other problems (IMHO). Jeremy. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: read-only problem in 3.0.0
On Wed, Oct 15, 2003 at 05:01:06PM +0200, Dr. Peter Hopfgarter wrote: On Tue, 14 Oct 2003 10:14:22 -0400, Greg Louis wrote: We have a problem with shares that we would like to keep read-only for some users; it worked with 2.2.8a, but with 3.0.0 there is this odd behaviour: Users with read-only privilege can browse the files, can copy them out of the share (eg to their own hard disks) and open the copies, and can open the files in situ with Notepad; but if they try to open files in the share with Excel, for example, or Access or AutoCad, a dialogue is displayed to the effect that the file can't be found. Users with write access don't have this problem. AFAIK the apps aren't trying to write into the files. This should match the behaviour of bug 551, which is fixed in CVS and the next Samba release. This is also fixed in the 3.0.1 pre-release Jerry is working on. Jeremy. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Re: wbinfo --set-auth-user Win2K3
wbinfo --set-auth-user=Administrator%password NEVER do this. There is never a good reason to do this. The wbinfo command is for NT4 trusted domains, that are running 'restrict anonymous'. If you are joined with ADS, and there are ADS trusts to these machines, then Samba can use kerberos, and never needs a 'wbinfo' user. Would this mean that if we have done kinit -V [EMAIL PROTECTED], we should be able to join the domain without providing a password using the same user? Even when you do need a 'wbinfo user', it does not need any special powers - only those given to *every* user. So add a new, boring, unprivileged user. We have been testing against a Windows2003 server, and don't get any user lists ( wbinfo -u ) unless we set auth user ... does this mean something is not correctly setup on our Samba3 server? That password is stored clear-text, in secrets.tdb. I know this, but it's not any worse than smbpasswd -w secret, is it? Thanks Mailed Lee -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] have problem
hi i'm upgrade to samba 3. I have problem with symbol . for example i can't create files with names which contains . also smbclient cant access directories(with symbol ) in ms windows shares. how can i solve this problem? thx ps sorry for my english -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] password sync, unix to smbpasswd
1) where's this list archived? i looked through my joining email and the web pages it sent me to, it says i might be better off reading the archives, but i can't find 'em i've got a feeling my problem is old news, if i could just find the archives. 2) config: samba 3.0.0 red hat 9.0 i WANT to fix it so a unix password change gets propagated to the private/smbpasswd file. the manual, section 25.2.5.1 seems to be talking about exactly what i want. so that's what i tried. the password-sync file it shows lists pam_UNIX.so, which red hat 9. does not have. i tried pam_unix.so, pam_stack.so, pam_UNIX.so (yeah, i know, i know, but i was desperate for something to happen). what happens is that the unix password gets changed, but not propagated to private/smbpasswd. i compiled from source. red hat's samba is on the machine, but it should be ignored--the daemons are the ones i compiled, i'm sure of that. i copied smb_passwd.so into /lib/security, and source/bin/smbpasswd to /usr/bin/smbpasswd. i didn't mess with any of the other red hat binaries/libraries. i've tried turning on debugging in the daemons--pretty silly, actually. no messages from anything, anywhere, that i can find. (the daemons aren't involved in the pam-password stuff, evidently.) there has been much floundering here j. [global] netbios name = crumpled workgroup = MYGROUP os level = 64 preferred master = yes domain master = yes local master = yes security = user obey pam restrictions = yes domain logons = yes logon drive = H: logon path = logon home = add user script = /usr/sbin/useradd -d /dev/null -s /bin/false %u server string = Samba Server load printers = yes log file = /usr/local/samba/var/log.%m max log size = 50 socket options = TCP_NODELAY dns proxy = no [homes] comment = Home Directories browseable = no writable = yes path = /VOLUMES/gizmonics [netlogon] comment = Network Logon Service path = /var/samba/netlogon guest ok = yes read only =yes share modes = yes [Profiles] path = /var/samba/profiles browseable = no guest ok = yes directory mask = 0700 create mask = 0600 [printers] comment = All Printers path = /usr/spool/samba browseable = no guest ok = no writable = no printable = yes -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Samba 2.2.7a and Word 2000 = Corrupted (?) files
I have a Samba 2.2.7a PDC (with an OpenLDAP backend) that seems to be giving me trouble. Here's the scoop: I have Windows 2000 Pro clients running Word 2000. Over the past several days, a lot of them have had trouble with their documents - most of the time during a save. The most critical of these failures presents the following error message when saving: Word has lost data due to a bad network connection or missing floppy. Documents relying on this data are going to be saved and then closed. The only option on this dialog is to select OK and word commence to save a rescue document. This takes a VERY long time - in excess of 10 minutes. Immediately following that process Word presents us with another error message: There is an unrecoverable disk error file File Name of Current Document. The disk you're working on has a media problem that prevents Word from using it. Try the following: Try Formatting another disk. Save the document to another disk. Then Word goes and saves a files called Rescued Document #.txt in the user's My Documents folder. Looking at this file is worthless as it appears to be hex-code or something. This basically ends up with the user loosing work - a total of about 9 hours over the past three days in this most extreme case. I have scoured the mailing lists, Google'd for possibilities but have been unable to come up with any solution. I'm hoping someone here has run into this and may be able to point me in the right direction. I have included the smb.conf file from the server in question below - in case it helps. The problem files are stored in home, admin and projects shares. == # * # -- Nesbitt Engineering, Inc. Stargazer Samba Configuration -- # * # This is the main Samba configuration file for Stargazer - NEI's Primary # Domain Controller and Lexington office File Server. # # This configuration file is only to be used for an LDAP enabled server that # will be acting as a PDC. Modifications will be required for member servers # and machine that will act as BDCs. # # Any line which starts with a ; (semi-colon) or a # (hash) # is a comment and is ignored. In this file we have used a # # for commentary and a ; for parts of the config file that are # either not enabled yet, or temporarily disabled # # NOTE: Whenever you modify this file you should run the command testparm # to check that you have not made any basic syntactic errors. # - # Fear the Penguin! # -- Kevin L. Collins # Systems Manager # Nesbitt Engineering, Inc. # * # Changelog: # Date - Version - Change #* Info about change # - # 10/14/04 - 1.1 - Added veto oplock files directives to the homes, admin and # projects shares in the hope of solving MS Word problems. # 06/04/03 - 1.0 - Original Creation # * #= Global Settings [global] # Server Name and description workgroup = nesbitt.local netbios name = stargazer server string = Stargazer - Lexington File Server # Samba log information log file = /var/log/samba/%m.log max log size = 0 # Security information security = user encrypt passwords = yes smb passwd file = /etc/samba/smbpasswd unix password sync = Yes passwd program = /usr/local/sbin/smbldap-passwd.pl -o %u passwd chat = *New*Password* %n\n *Retype*New*Password* %n\n *All*authentication*tokens*updated*successfully* # To help performance socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 # Settings for PDC setup local master = yes os level = 80 domain master = yes preferred master = yes domain logons = yes logon path = # Activate these Network Services wins support = yes time server = yes # LDAP Declarations -- Needed to allow the LDAP backend to work ldap suffix = dc=nesbitt,dc=local ldap admin dn = cn=Manager,dc=nesbitt,dc=local ldap port = 389 ldap server = 127.0.0.1 ldap ssl = no add user script = /usr/local/sbin/smbldap-useradd.pl -w %m domain admin group = @Domain Admins # Oplocks settings - disable all oplocks for compatibility reasons oplocks = no level2 oplocks = no kernel oplocks = no #= Share Definitions === [netlogon] comment = Network Logon Service path = /usr/local/samba/lib/netlogon guest ok = yes writable = no write list = @domain admins share modes = no [homes]
Re: [Samba] Newbie Question about File Systems
Is there anyway to support NFTS security on linux. it might mean compiling a new file system into the kernal? I don't know. Is there a how to that anyone can point me to. The bad news is that, no, there is no way to give the fine-grained control that NTFS has to most _stock_ 2.4.x kernels. The good news is that you can compile in the ACLs (Access Control Lists) with the 2.4 kernel and some patches, or you can wait six months until the major distributions have started shipping the 2.6 kernel, which supports ACLs out of the gate. [Note: that estimate presumes that 2.6.0 is released in the relatively near future -- my current guess is 11/21, but that's just me.] For a info on ACLs and the like, check out stuff over at http://acl.bestbits.at/ or http://oss.sgi.com/projects/xfs/ . -Ken P.S. There are also some articles here and there about ACL support, though I'm not sure which ones are on-line; you might check over at linuxjournal.com and linuxmagazine.com to see what's available. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Newbie Question about File Systems
-Original Message- From: Lists [mailto:[EMAIL PROTECTED] Is there anyway to support NFTS security on linux. it might mean compiling a new file system into the kernal? I don't know. Is there a how to that anyone can point me to. It depends on what you mean by 'NTFS security'. You can get ACLs (Access Control Lists) by patching your kernel and recompiling Samba. I use this on ext2fs and it works well. This will let you maintain lists of user and group permissions like you can on NTFS, but it will not get you the NT-specific permissions such as Take Ownership -- just read/write permissions. If you're in an NT domain you may also want to look into using winbind. Winbind and ACLs, together, give you a pretty good approximation of an NT domain member file server. You can find more information on Linux ACLs here: http://acl.bestbits.at/ -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] machine accounts aren't added properly with smbldap-useradd.pl + ldap backend
Yay, I finally got my samba 3 PDC working! Following a variety of indirect hints I used the root account to join, rather than trying to mess around with various groups and group mappings. I had done this before, with no good effect, but checked more carefully this time and found that it was my machine account that was not being found, not the root account. Further investigation shows that when using smbldap-useradd.pl -w machine, the machine account does not get the objectClass SambaSAMAccount, and therefore it isn't found when the samba server tries to authenticate it. Using smbldap-useradd.pl -a instead seems to fix this problem, but then the machine is not put into the Computers ou. I can also use an ldap editor (jxplorer, in my case) to manually add the objectclass, but this is less than ideal. Should I add this problem as a bug against smbldap-useradd.pl? Or is that not considered the right tool? I have tried using the smbpasswd method (and yes, I have already done smbpasswd -w); as the unix system uses ldap passwords itself, it should work, but I always get the message 'failed initialise SAM_ACCOUNT for user machine'. Any advice, finally, on setting up roaming user profiles? Most of our users have single-machine local accounts, so I'd like to migrate those; we have never had roaming users at all. Thanks everyone for any help you can give! --JB signature.asc Description: This is a digitally signed message part -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba 3.x client - Samba 2.2.x server authentication?
For backward compatability, you want passdb backend = smbpasswd, most likely. Not that I'm sure that this is even used when password server is used, but this is the old passdb backend. _ _ _ _ ___ _ _ _ |Y#| | | |\/| | \ |\ | | | Ryan Novosielski - Jr. UNIX Systems Admin |$| |__| | | |__/ | \| _| | [EMAIL PROTECTED] - 973/972.0922 (2-0922) \__/ Univ. of Med. and Dent. | IST/ACS - NJMS Medical Science Bldg - C630 On Wed, 15 Oct 2003 [EMAIL PROTECTED] wrote: Hey, all. I've upgraded my workstation (Debian) to the Debian Samba 3.x install. I decided to start from scratch with my smb.conf, because I didn't know enough to be wary of what parameters were deleted, etc. So I put password server = sambapdc into my smb.conf, and figured it would Just Work. No dice. A glance at the log file shows [2003/10/15 12:11:08, 1] sam/idmap_tdb.c:db_idmap_init(331) idmap gid range missing or invalid idmap will be unable to map foreign SIDs Some Googling showed this to be some sort of issue with the passdb backend (which Debian set to smbpasswd guest), so I commented it out, thinking it might be conflicting with the password server directive. Nothing doing. Any hints? Thanks, Ken D'Ambrosio Sr. SysAdmin, Xanoptix, Inc. P.S. I have to assume that this has already been mentioned, but the smb.conf manpage -- at least in the Debian version that I have -- has almost none of the directives listed; an obvious editing boo-boo... -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Sun, SAS and DM Review invite you to a Web Seminar
Sun SAS and DM Review Present Business Intelligence Building Blocks: Enabling the Agile Enterprise Date: Tuesday, October 28, 2003 Time: 11:00 a.m. PDT/2:00 p.m. EDT Duration: One hour Tune into Sun Microsystems' BIDW Network Series Hosted by DM Review, 4th in a 6-part series Today, more than ever, business intelligence needs to be utilized to not only run a business -it must be used to run the business BETTER. The companies that will win in today's challenging marketplace are the ones that succeed in implementing a robust, open and scalable enterprise intelligence infrastructure that makes the process of obtaining valuable information fast, reliable and repeatable. Now hear how SAS and Sun offer a low-risk technology roadmap that provides an integrated set of data management, business intelligence and analytical solutions linked together via an open, extensible architecture. These proven solutions deliver the enterprise intelligence that empowers your organization to: - Accelerate speed to market. - Deepen relationships with your customers and suppliers. - Better manage risk. - Lower operational costs. - Extend competitive advantage. Join us for an interactive hour, hearing first hand from industry experts. Find out how Allstate Financial used intelligence from SAS to learn the differences among customers to target them with the right offerings. - John Hershberger, VP, Database Marketing, Allstate Financial - Don Hatcher, VP, Technology Strategies, SAS - Cyrus Golkar, CxO, Business Intelligence/Data Warehouse Solutions, Sun Microsystems to register visit - http://www.dmreview.com/eletters/clickReg.cfm?URLID=3531 To unsubscribe send a blank e-mail to [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Samba 3.0 + OpenLDAP 2.1 Saga (LDAP Attacks!)
Oh Wise Ones, For the past two days, I have contested with the Samba documentation and other sources of lore in a vain attempt to achieve Samba/LDAP integration. My test system is running RedHat 9 with updates applied, along with OpenLDAP OpenSSL from redhat-rawhide, and the Samba 3.0.1pre1 RPM from the Samba website. A couple of questions: The HOWTOs instruct one to slapadd a file which, among other entries, contains: # Setting up container for groups dn: ou=Groups,dc=quenya,dc=org objectclass: top objectclass: organizationalUnit ou: People Is it intentional that the container group setup references 'ou: People' or is that a typo? I've gotten as far as having Samba try to add a machine or user account. Before I started again from scratch, I was as far as getting errors like: Failed initialise SAM_ACCOUNT for user Failed to modify password entry for user But everything else seemed to work - it was binding to the LDAP server, etc. Any ideas? Are the LDIF's in the HOWTO all that are necessary to setup an LDAP server for use with Samba 3? Sincerely, Chris -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Is it my networking?
I've used samba for the better part of 4 years now. Never had any real problems that were not easily resolved. Samba has become the single most important piece of software in our lab. It has reduced my administrative headaches considerably. However, now I have a real problem that I have no clue on. I'm running a Samba 2.2.8a PDC on Sun Solaris. About 2 months ago, we moved our lab from a location at the Med Center to the main University campus. This included completely changing our network. We updated all of our network parameters (IP, netmask, etc) on all of our UNIX and Windows boxes. The names didn't change, only the domains and the IP's. I made the appropriate changes in my smb.conf file for the new IP's and netmask. Now the problem. I have VERY intermittent connectivity to my PDC. When I show up in the morning, I can't log in more than half the time because it tells me the domain is unavailable. Sometimes stopping and restarting samba does the trick; sometimes it makes it worse. When it's not working, I'll login to the machine running samba and run the following command: nmblookup -M MYDOM and it doesn't show an MYDOM1d entry. It just can't find anything. When I log in as a local user on my Win2K box, and run the following command: nbtstat -M samba_server sometimes it connects and give me the proper info, sometimes not. Browsing is also screwed up. When I go into Windows Explorer, it takes 30 seconds for it to update all my mapped drives. The most frustrating thing(s) about all of this is that it is intermitant, and that samba worked PERFECTLY before the move. The only changes I made were the networking parameters. I've looked through my logs, but don't see anything weird. I'm at the point where I don't know what to do. I'm thinking that my network segment is all f^%$*(@ up, but since I don't control the routers and switches, I can't make changes there. Where do I start? I've probably tried alot of my own ideas already, but I'm open to listen to anybody right now. I'm sure you all have a good idea where to start. I'll post the global section of my smb.conf file below. I've changed the actual IP's, but they reflect how my network is configured. Please email me directly if you would like. Thanks, -Jim * Jim Kreuziger [EMAIL PROTECTED] * # Global parameters [global] workgroup = MYLAB preexec = csh -c `echo /usr/local/samba/bin/smbclient \ -M %m -I %I` server string = Samba %v on (%L) security = user domain logons = yes domain admin group = @domadm encrypt passwords = Yes password level = 3 log level = 2 log file = /samba/current/var/log.smbd.%m #log file = /samba/current/var/log.smbd.nodomain max log size = 2000 wins support = Yes name resolve order = lmhosts wins hosts bcast dns proxy = yes deadtime = 0 keepalive = 3600 client code page = 437 domain master = yes preferred master = yes local master = yes os level = 255 guest account = samba invalid users = daemon bin sys lp smtp uucp nuucp listen dcs consult dumper nobody hosts allow = 10.200.236.32/255.255.255.224 10.87.33. 10.200.126. 127.0.0.1 hosts deny = ALL EXCEPT 10.200.236.32/255.255.255.224 10.87.33. 10.200.126. 127.0.0.1 veto oplock files = /*.mdb/*.dbm/*.doc/*.xls socket options = TCP_NODELAY IPTOS_LOWDELAY getwd cache = yes logon script = %U.bat logon path = \\samba_server\profile\%U utmp = True username map = /samba/current/lib/usermap.txt -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Is it my networking?
-Original Message- From: James Kreuziger [mailto:[EMAIL PROTECTED] Now the problem. I have VERY intermittent connectivity to my PDC. When I show up in the morning, I can't log in more than half the time because it tells me the domain is unavailable. The most frustrating thing(s) about all of this is that it is intermitant, and that samba worked PERFECTLY before the move. The only changes I made were the networking parameters. You might want to check that the broadcast address is right. I've seen Linux get some pretty odd ideas about what it should be. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Is it my networking?
Well, I've checked the results of ifconfig -a, and this is what I get: lo0: flags=1000849UP,LOOPBACK,RUNNING,MULTICAST,IPv4 mtu 8232 index 1 inet 127.0.0.1 netmask ff00 hme0: flags=1000843UP,BROADCAST,RUNNING,MULTICAST,IPv4 mtu 1500 index 2 inet 10.200.236.51 netmask ffe0 broadcast 10.200.236.63 Mind you, I'm running Solaris, not Linux. My Solaris box wouldn't operate without a properly configured network. This I know, because we had this problem when we moved. My /etc/netmasks files reads like this: 10.200.236.32 255.255.255.224 -Jim * Jim Kreuziger [EMAIL PROTECTED] * On Wed, 15 Oct 2003, David Brodbeck wrote: -Original Message- From: James Kreuziger [mailto:[EMAIL PROTECTED] Now the problem. I have VERY intermittent connectivity to my PDC. When I show up in the morning, I can't log in more than half the time because it tells me the domain is unavailable. The most frustrating thing(s) about all of this is that it is intermitant, and that samba worked PERFECTLY before the move. The only changes I made were the networking parameters. You might want to check that the broadcast address is right. I've seen Linux get some pretty odd ideas about what it should be. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] net groupmap modify ntgroup=Domain Admins ... succeeds but fails
After reading through the documentation, I realized that as a part of the migration process from Samba-2.2.X to Samba-3.0.0 I needed to convert everyone in my smbadmin group (previously domain admin group = @smbadmin) to the Domain Admins group w/rid=512. So, I issued the following command: [EMAIL PROTECTED] profile]# net groupmap modify ntgroup=Domain Admins unixgroup=smbadmin The command succeded as was evidenced by net groupmap list: [EMAIL PROTECTED] profile]# net groupmap list System Operators (S-1-5-32-549) - -1 ... Domain Admins (S-1-5-21-3270268339-1200857648-3960152354-512) - smbadmin My understanding of the documentation is that the Domain Admins group is automatically added to the Administrators on all machines that are a member of the domain, however, when I try to log into any of these machines as an administrator, I authenticate successfully but am not considered to be an administrator. To get around this for now, I logged onto the given local machine, went to the user management section, and added the individual account to the Administrators group. This is a rough hack, but works. What am I doing wrong? How come I'm an administrator without any administrator permissions? Thanks. --Kaleb -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Samba 3: is LDAP required?
Hi folks: I've asked this question before and the answer didn't seem that clear. Let's try again - shall we? Yes or no - is OpenLDAP required to be on the SAMBA 3.0 server in order for Active Directory support to work? Active Directory support == security = ads. Thanks -- Ronald R. Gage MCP, LPIC1, A+, Net+ Pontiac, Michigan This message was sent using webmail provided by www.rongage.org -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] net groupmap modify ntgroup=Domain Admins ... succeeds but fails
On Wednesday 15 October 2003 16:20, Kaleb Pederson wrote: What am I doing wrong? How come I'm an administrator without any administrator permissions? I think I had to restart Samba after doing this to make it effective. -- Chris Do not reply to the email address. Please use the contact page below for any desired direct replies. Apologies for the inconvenience. realcomputerguy dot com slash contact dot html -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] net groupmap modify ntgroup=Domain Admins ... succeeds but fails
On Wednesday 15 October 2003 01:29 pm, you wrote: On Wednesday 15 October 2003 16:20, Kaleb Pederson wrote: What am I doing wrong? How come I'm an administrator without any administrator permissions? I think I had to restart Samba after doing this to make it effective. Thanks Chris, that did it! For some reason I assumed that since it was associated with the user that it would be read in as soon as I logged back in and didn't require a samba restart? Apparently that's not the case. Thanks again. --Kaleb -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] First write fails subsequent succeeds
I have been having a problem that has had me scratching my head for the last week and a half. I have searched with google, read the 13th hour troubleshooting guide (stopped when it got to the sniffer diagnostics), and have even upgraded samba to 3.0.0. I will post a description followed by a level 4 debug log file. When a user opens the Public share they can browse the share without error and open documents without error, however, when trying to write to Public, they cannot. When opening the share with Windows 2000 (Authenticating as Guest on the server) I right click and choose Create Folder. I get an error Unable to create folder New Folder Cannot create a file when that file exists. and the folder New Folder DOES get created. When trying to save a file to the server, I get Cannot copy test.txt: The specified network name is no longer available. and a 0 byte file with the right file name. If I delete the file and try recopying it, it copies fine. It seems that the first attempt to write to the share after opening it fails, further attempts work. After I get the error that I can't create the folder, I can delete the New Folder and create it again without an errors. As soon as I get out of the share and go back in, I get the errors again. I have searched for this issue on google, but am having difficulty describing the issue to get a good search result. Here is a level 4 debug log: [2003/10/15 13:32:11, 1] smbd/service.c:make_connection_snum(698) kim (192.168.0.144) connect to service Public initially as user bleith (uid=1001, gid=100) (pid 11983) [2003/10/15 13:32:13, 3] smbd/process.c:process_smb(890) Transaction 1 of length 137 [2003/10/15 13:32:13, 3] smbd/process.c:switch_message(685) switch message SMBnegprot (pid 11994) [2003/10/15 13:32:13, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2003/10/15 13:32:13, 3] smbd/negprot.c:reply_negprot(455) Requested protocol [PC NETWORK PROGRAM 1.0] [2003/10/15 13:32:13, 3] smbd/negprot.c:reply_negprot(455) Requested protocol [LANMAN1.0] [2003/10/15 13:32:13, 3] smbd/negprot.c:reply_negprot(455) Requested protocol [Windows for Workgroups 3.1a] [2003/10/15 13:32:13, 3] smbd/negprot.c:reply_negprot(455) Requested protocol [LM1.2X002] [2003/10/15 13:32:13, 3] smbd/negprot.c:reply_negprot(455) Requested protocol [LANMAN2.1] [2003/10/15 13:32:13, 3] smbd/negprot.c:reply_negprot(455) Requested protocol [NT LM 0.12] [2003/10/15 13:32:13, 3] smbd/negprot.c:reply_nt1(329) using SPNEGO [2003/10/15 13:32:13, 3] smbd/negprot.c:reply_negprot(532) Selected protocol NT LM 0.12 [2003/10/15 13:32:13, 3] smbd/process.c:process_smb(890) Transaction 2 of length 210 [2003/10/15 13:32:13, 3] smbd/process.c:switch_message(685) switch message SMBsesssetupX (pid 11994) [2003/10/15 13:32:13, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2003/10/15 13:32:13, 3] smbd/sesssetup.c:reply_sesssetup_and_X(579) wct=12 flg2=0xc807 [2003/10/15 13:32:13, 2] smbd/sesssetup.c:setup_new_vc_session(535) setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all old resources. [2003/10/15 13:32:13, 3] smbd/sesssetup.c:reply_sesssetup_and_X_spnego(476) Doing spnego session setup [2003/10/15 13:32:13, 3] smbd/sesssetup.c:reply_sesssetup_and_X_spnego(500) NativeOS=[Windows 2000 2195] NativeLanMan=[Windows 2000 5.0] [2003/10/15 13:32:13, 3] smbd/sesssetup.c:reply_spnego_negotiate(385) Got OID 1 3 6 1 4 1 311 2 2 10 [2003/10/15 13:32:13, 3] smbd/sesssetup.c:reply_spnego_negotiate(388) Got secblob of size 41 [2003/10/15 13:32:13, 3] libsmb/ntlmssp.c:debug_ntlmssp_flags(33) Got NTLMSSP neg_flags=0xe000b297 NTLMSSP_NEGOTIATE_UNICODE NTLMSSP_NEGOTIATE_OEM NTLMSSP_REQUEST_TARGET NTLMSSP_NEGOTIATE_SIGN NTLMSSP_NEGOTIATE_LM_KEY NTLMSSP_NEGOTIATE_NTLM NTLMSSP_NEGOTIATE_DOMAIN_SUPPLIED NTLMSSP_NEGOTIATE_WORKSTATION_SUPPLIED NTLMSSP_NEGOTIATE_ALWAYS_SIGN NTLMSSP_NEGOTIATE_128 NTLMSSP_NEGOTIATE_KEY_EXCH [2003/10/15 13:32:13, 3] smbd/process.c:process_smb(890) Transaction 3 of length 298 [2003/10/15 13:32:13, 3] smbd/process.c:switch_message(685) switch message SMBsesssetupX (pid 11994) [2003/10/15 13:32:13, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2003/10/15 13:32:13, 3] smbd/sesssetup.c:reply_sesssetup_and_X(579) wct=12 flg2=0xc807 [2003/10/15 13:32:13, 2] smbd/sesssetup.c:setup_new_vc_session(535) setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all old resources. [2003/10/15 13:32:13, 3] smbd/sesssetup.c:reply_sesssetup_and_X_spnego(476) Doing spnego session setup [2003/10/15 13:32:13, 3] smbd/sesssetup.c:reply_sesssetup_and_X_spnego(500) NativeOS=[Windows 2000 2195] NativeLanMan=[Windows 2000 5.0] [2003/10/15 13:32:13, 3] libsmb/ntlmssp.c:ntlmssp_server_auth(286) Got user=[Administrator] domain=[KIM] workstation=[KIM] len1=24 len2=24 [2003/10/15
[Samba] Kernel Panic, memory leak?
Hi, It's become almost routine now to reboot the server every morning. If we are able to log in, after a lag of ~10 seconds, we see the load average is usually 3.0. As I am writing this, it just went down again. The console had a bunch of text on it, the very bottom reading: o Kernel panic : Aiee, Killing Interrupt handler! In interrupt handler - not syncing Here is the machine info. Currently running Red Hat 8, Samba 3.0, with a PIII, and a RAID. # uname -a Linux BENT00 2.4.18-14 #1 Wed Sep 4 13:35:50 EDT 2002 i686 i686 i386 GNU/Linux # less /proc/meminfo total:used:free: shared: buffers: cached: Mem: 1055735808 1043091456 126443520 15740928 935366656 Swap: 20892098560 2089209856 MemTotal: 1030992 kB MemFree:12348 kB MemShared: 0 kB Buffers:15372 kB Cached: 913444 kB SwapCached: 0 kB Active: 661920 kB Inact_dirty:61648 kB Inact_clean:222832 kB Inact_target: 189280 kB HighTotal: 130992 kB HighFree: 1024 kB LowTotal: 90 kB LowFree:11324 kB SwapTotal: 2040244 kB SwapFree: 2040244 kB Committed_AS: 42644 kB # less /proc/interrupts CPU0 0:1455741 XT-PIC timer 1: 4 XT-PIC keyboard 2: 0 XT-PIC cascade 5: 10806406 XT-PIC eth0 8: 1 XT-PIC rtc 10: 60 XT-PIC eth1 11: 394317 XT-PIC aic7xxx, usb-uhci, usb-uhci 12: 20 XT-PIC PS/2 Mouse 14: 1 XT-PIC ide0 NMI: 0 ERR: 0 is it possible there is a memory leak? if so, what are some good leak detection tools? seems to me it's most likely an IRQ problem. great, looking forward to dealing with that. thanks for reading. Jared -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] net groupmap modify ntgroup=Domain Admins ... succeeds but fails
Kaleb Pederson a écrit : After reading through the documentation, I realized that as a part of the migration process from Samba-2.2.X to Samba-3.0.0 I needed to convert everyone in my smbadmin group (previously domain admin group = @smbadmin) to the Domain Admins group w/rid=512. So, I issued the following command: [EMAIL PROTECTED] profile]# net groupmap modify ntgroup=Domain Admins unixgroup=smbadmin The command succeded as was evidenced by net groupmap list: [EMAIL PROTECTED] profile]# net groupmap list System Operators (S-1-5-32-549) - -1 ... Domain Admins (S-1-5-21-3270268339-1200857648-3960152354-512) - smbadmin My understanding of the documentation is that the Domain Admins group is automatically added to the Administrators on all machines that are a member of the domain, however, when I try to log into any of these machines as an administrator, I authenticate successfully but am not considered to be an administrator. To get around this for now, I logged onto the given local machine, went to the user management section, and added the individual account to the Administrators group. This is a rough hack, but works. What am I doing wrong? How come I'm an administrator without any administrator permissions? Thanks. --Kaleb administrator is a member of smbadmin group ? -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Kernel Panic, memory leak?
On Wed, Oct 15, 2003 at 03:01:19PM -0700, Francis Buxton wrote: Hi, It's become almost routine now to reboot the server every morning. If we are able to log in, after a lag of ~10 seconds, we see the load average is usually 3.0. As I am writing this, it just went down again. The console had a bunch of text on it, the very bottom reading: o Kernel panic : Aiee, Killing Interrupt handler! In interrupt handler - not syncing Not a Samba problem I'm afraid. We can't kill your kernel (easily, anyway :-). Jeremy. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba 3: is LDAP required?
Yes or no - is OpenLDAP required to be on the SAMBA 3.0 server in order for Active Directory support to work? Active Directory support == security = ads. Are you trying to make Samba act as an Active Directory server? If so, then Samba won't do that, you're SOL. If you're trying to make your Samba machine join an Active Directory, no, OpenLDAP is not required. The Active Directory must be running in Mixed or Native mode, not in Native 2003 (2k3 Server only) mode. Terry -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: domain groups accessing samba share
- Original Message - From: Gavin Davenport [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Wednesday, October 15, 2003 12:14 PM Subject: RE: [Samba] Re: domain groups accessing samba share Ok - I replaced my /etc/pam.d/login with the one you've posted. getent still lists me just local machine users and groups. Do you have the following in your /etc/nsswitch.conf: passwdfileswinbind groupfileswinbind shadowfiles Rich -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] winbind use default domain doesn't work on samba 3.0.0
- Original Message - From: Fabrice Clerc [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Wednesday, October 15, 2003 12:01 PM Subject: [Samba] winbind use default domain doesn't work on samba 3.0.0 Hi, On my 2 Debian boxes the option winbind use default domain = yes doesn't make any difference any more where as it dit work just before the rest works fine, but not this option in smb.conf. I've discussed the matter on the French Samba mailing-list and I seem not to be the only one who's got this problem. The other person uses winbind with ADS, where as i'm still using it in mixed mode. So do you guys have the same problem? Samba 3 + winbinbd. Could you try to tell me if it's a bug or not. The problem is fixed in Samba-3.0.1pre1. rich -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Re: machine accounts aren't added properly withsmbldap-useradd.pl + ldap backend
you were so close. It's a combination of the two. /usr/local/bin/smbldap-useradd.pl -a -w computerName from smb.conf add machine script = /usr/local/bin/smbldap-useradd.pl -a -w %m -=Carl=- J B Bell [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Using User Manager for Domains against a Samba PDC
Is there a way to use User Manger for Domains against a Samba PDC? I'm running Samba 2.2.8 on Suse 8.0 with a Win2k workstation as a testbed. I can open UMfD and view all users as well as all groups, however when trying to change group memberships or add users, I am given the message incorrect function. I can present logs, etc, if that's needed. Thanks! Jared -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] passdb/pdb_ldap.c:64: invalid macro name
I can compile samba fine...I start to do a make and it fails soonpassdb/pdb_ldap.c:64: invalid macro name ... anybody see this before. Thanks Jason. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Samba 3 - can not use Samba resources from Win2k
Hi folks (again)...
I have Samba 3 installed (compiled from source) with Kerberos 5v1.3.1 also
installed (from source).
My problem is that none of the domain users can use any resources from the Samba
server. The Samba server is (trying to be) in Domain mode (security = ads).
The Samba server has been joined to the domain and shows up nicely in AD Users
and Computers (on the Windows 2000 Advanced Server that is my AD domain
controller).
Here is the kerberos utils output from the Samba server...
[EMAIL PROTECTED]:~# kinit
Password for [EMAIL PROTECTED]:
[EMAIL PROTECTED]:~# klist
Ticket cache: FILE:/tmp/krb5cc_0
Default principal: [EMAIL PROTECTED]
Valid starting ExpiresService principal
10/15/03 19:35:14 10/16/03 05:35:02 krbtgt/[EMAIL PROTECTED]
renew until 10/16/03 19:35:14
Kerberos 4 ticket cache: /tmp/tkt0
klist: You have no tickets cached
[EMAIL PROTECTED]:~#
Here is the contents of /etc/krb5.conf:
[EMAIL PROTECTED]:/etc# less krb5.conf
[libdefaults]
default_realm = RONGAGE.ORG
[realms]
RONGAGE.ORG = {
kdc = domain.rongage.org:88
default_domain = RONGAGE.ORG
}
And for completeness, here is the smb.conf:
#=== Global Settings =
[global]
# workgroup = NT-Domain-Name or Workgroup-Name, eg: LINUX2
workgroup = RONGAGE
netbios name = RAID
server string = Samba Server
; hosts allow = 192.168.1. 192.168.2. 127.
load printers = no
# log level = 10
idmap uid = 1-2
idmap gid = 1-2
winbind enum users = yes
winbind enum groups = yes
template homedir = /home/%D/%U
template shell = /bin/bash
security = ads
password server = domain.rongage.org
encrypt passwords = yes
realm = rongage.org
; printcap name = /etc/printcap
; printcap name = lpstat
; printing = bsd
; guest account = pcguest
log file = /var/log/samba.%m
max log size = 50
; security = user
; password server = NT-Server-Name
; encrypt passwords = yes
; include = /usr/local/samba/lib/smb.conf.%m
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
; interfaces = 192.168.12.2/24 192.168.13.2/24
; local master = no
; os level = 33
; domain master = yes
; preferred master = yes
; domain logons = yes
; logon script = %m.bat
; logon script = %U.bat
; logon path = \\%L\Profiles\%U
; wins support = yes
; wins server = w.x.y.z
; wins proxy = yes
dns proxy = no
;[homes]
; comment = Home Directories
; browseable = no
; writable = yes
# Un-comment the following and create the netlogon directory for Domain Logons
; [netlogon]
; comment = Network Logon Service
; path = /usr/local/samba/lib/netlogon
; guest ok = yes
; writable = no
; share modes = no
# Un-comment the following to provide a specific roving profile share
# the default is to use the user's home directory
;[Profiles]
;path = /usr/local/samba/profiles
;browseable = no
;guest ok = yes
# NOTE: If you have a BSD-style print system there is no need to
# specifically define each individual printer
;[printers]
; comment = All Printers
; path = /var/spool/samba
; browseable = no
# Set public = yes to allow user 'guest account' to print
; guest ok = no
; writable = no
; printable = yes
# This one is useful for people to share files
;[tmp]
; comment = Temporary file space
; path = /tmp
; read only = no
; public = yes
# A publicly accessible directory, but read only, except for people in
# the staff group
[data]
comment = Accounting
path = /data
public = yes
writable = yes
printable = no
guest ok = yes
create mode = 777
directory mode = 777
Can anybody please tell me what the heck I am doing wrong???
Thanks!
--
Ronald R. Gage
MCP, LPIC1, A+, Net+
Pontiac, Michigan
This message was sent using webmail provided by www.rongage.org
--
To unsubscribe from this list go to the following URL and read the
instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Re: machine accounts aren't added properlywithsmbldap-useradd.pl + ldap backend
may want to check if this is uncommented in your smbldap-useradd.pl file
if (!$with_smbpasswd) {
# (jtournier)
# Objectclass sambaSAMAccount is now added directly by samba when joigning
the domain (for samba3)
if (!add_samba_machine_mkntpwd($userName, $userUidNumber)) {
die $0: error while adding samba account\n;
}
} else {
if (!add_samba_machine($userName)) {
die $0: error while adding samba account\n;
}
Carl Weiss [EMAIL PROTECTED] wrote in message
news:[EMAIL PROTECTED]
you were so close. It's a combination of the two.
/usr/local/bin/smbldap-useradd.pl -a -w computerName
from smb.conf
add machine script = /usr/local/bin/smbldap-useradd.pl -a -w %m
-=Carl=-
J B Bell [EMAIL PROTECTED] wrote in message
news:[EMAIL PROTECTED]
--
To unsubscribe from this list go to the following URL and read the
instructions: http://lists.samba.org/mailman/listinfo/samba
--
To unsubscribe from this list go to the following URL and read the
instructions: http://lists.samba.org/mailman/listinfo/samba
--
To unsubscribe from this list go to the following URL and read the
instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: machine accounts aren't added properlywithsmbldap-useradd.pl + ldap backend
On Wed, 2003-10-15 at 17:11, Carl Weiss wrote:
may want to check if this is uncommented in your smbldap-useradd.pl file
if (!$with_smbpasswd) {
# (jtournier)
# Objectclass sambaSAMAccount is now added directly by samba when joigning
the domain (for samba3)
if (!add_samba_machine_mkntpwd($userName, $userUidNumber)) {
die $0: error while adding samba account\n;
}
} else {
if (!add_samba_machine($userName)) {
die $0: error while adding samba account\n;
}
Actually, I have now tried this both ways.
If I set the add machine script as suggested up-thread, it does create
the machine, but I still get an error saying the account doesn't exist.
The really odd thing is that smbldap-useradd.pl is adding the machine
with the same uid as the previously-created (just previously, that is)
root account. This seems to make it impossible to look up the machine
account.
If I don't uncomment that line, the machine account never gets found,
since it lacks the sambaSAMAccount objectclass.
This is pretty odd. Anyone else seen anything like this? Manually
adding machine accounts with a fixed smbldap-useradd.pl does seem to
work, but this is a pain. Samba also appears not to deal gracefully if
a machine account exists already when it joins a domain.
--JB
signature.asc
Description: This is a digitally signed message part
--
To unsubscribe from this list go to the following URL and read the
instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Migrating a samba setup to another server
Hi all. We're doing a major network upgrade, and I'm considering setting up Samba-3 as a PDC. The computer I want to install it onto already has Samba-2 running ( just a member of an NT4 domain ), and I *need* to keep it up 24/7 until I finish the upgrade. Therefore, I'd like to do the install on a temporary system, set up the PCs in the new domain, and then migrate everything to the real server. I'd like to use Gentoo's portage to do the compilation. It gives me the directories: /etc/samba /var/lib/samba as well as the binaries of course. If I set up all the computers into the Samba-3 domain on the temporary sytem, can I just compile samba on the other computer ( also Gentoo ), copy the /etc/samba and /var/lib/samba directories, and then copy the entries from /etc/passwd onto the real server? Is there an easier way to migrate the setup? Thanks in advance! Dan -- Daniel Kasak IT Developer * NUS Consulting Group* Level 5, 77 Pacific Highway North Sydney, NSW, Australia 2060 T: (+61) 2 9922-7676 / F: (+61) 2 9922 7989 email: [EMAIL PROTECTED] website: http://www.nusconsulting.com.au -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Problems printing from Windows 2000
Markus, Thanks for your message. I changed the debug level as you suggested and restarted CUPS. I then tried Print test page from the Windows PC, which should be seen in the extract below. Note that 192.168.0.65 is my desktop, to which the Lexmark is connected. [EMAIL PROTECTED] cups]# tail -f error_log D [15/Oct/2003:22:15:49 -0700] LoadAllJobs: Loading attributes for job 35... D [15/Oct/2003:22:15:49 -0700] LoadAllJobs: Loading attributes for job 33... D [15/Oct/2003:22:15:49 -0700] LoadAllJobs: Loading attributes for job 34... D [15/Oct/2003:22:15:49 -0700] LoadAllJobs: Loading attributes for job 36... D [15/Oct/2003:22:15:49 -0700] LoadAllJobs: Loading attributes for job 37... D [15/Oct/2003:22:15:49 -0700] LoadAllJobs: Loading attributes for job 38... D [15/Oct/2003:22:15:49 -0700] LoadAllJobs: Loading attributes for job 40... D [15/Oct/2003:22:15:49 -0700] LoadAllJobs: Loading attributes for job 39... D [15/Oct/2003:22:15:51 -0700] UpdateCUPSBrowse: Refused 135 bytes from 192.168.0.65 D [15/Oct/2003:22:15:51 -0700] UpdateCUPSBrowse: Refused 135 bytes from 192.168.0.65 D [15/Oct/2003:22:16:22 -0700] UpdateCUPSBrowse: Refused 135 bytes from 192.168.0.65 D [15/Oct/2003:22:16:22 -0700] UpdateCUPSBrowse: Refused 135 bytes from 192.168.0.65 D [15/Oct/2003:22:16:53 -0700] UpdateCUPSBrowse: Refused 135 bytes from 192.168.0.65 D [15/Oct/2003:22:16:53 -0700] UpdateCUPSBrowse: Refused 135 bytes from 192.168.0.65 D [15/Oct/2003:22:16:58 -0700] AcceptClient() 3 from localhost:631. D [15/Oct/2003:22:16:58 -0700] ReadClient() 3 POST / HTTP/1.1 D [15/Oct/2003:22:16:58 -0700] ProcessIPPRequest: 3 status_code=0 D [15/Oct/2003:22:16:58 -0700] ReadClient() 3 POST / HTTP/1.1 D [15/Oct/2003:22:16:58 -0700] ProcessIPPRequest: 3 status_code=0 D [15/Oct/2003:22:16:58 -0700] CloseClient() 3 D [15/Oct/2003:22:17:20 -0700] AcceptClient() 3 from localhost:631. D [15/Oct/2003:22:17:20 -0700] ReadClient() 3 POST / HTTP/1.1 D [15/Oct/2003:22:17:20 -0700] ProcessIPPRequest: 3 status_code=0 D [15/Oct/2003:22:17:20 -0700] ReadClient() 3 POST / HTTP/1.1 D [15/Oct/2003:22:17:20 -0700] ProcessIPPRequest: 3 status_code=0 D [15/Oct/2003:22:17:20 -0700] CloseClient() 3 D [15/Oct/2003:22:17:23 -0700] AcceptClient() 3 from localhost:631. D [15/Oct/2003:22:17:23 -0700] ReadClient() 3 POST / HTTP/1.1 D [15/Oct/2003:22:17:23 -0700] ProcessIPPRequest: 3 status_code=0 D [15/Oct/2003:22:17:23 -0700] CloseClient() 3 D [15/Oct/2003:22:17:24 -0700] UpdateCUPSBrowse: Refused 135 bytes from 192.168.0.65 D [15/Oct/2003:22:17:24 -0700] UpdateCUPSBrowse: Refused 135 bytes from 192.168.0.65 D [15/Oct/2003:22:17:39 -0700] AcceptClient() 3 from localhost:631. D [15/Oct/2003:22:17:39 -0700] ReadClient() 3 POST / HTTP/1.1 D [15/Oct/2003:22:17:39 -0700] ProcessIPPRequest: 3 status_code=0 D [15/Oct/2003:22:17:39 -0700] ReadClient() 3 POST / HTTP/1.1 D [15/Oct/2003:22:17:39 -0700] ProcessIPPRequest: 3 status_code=0 D [15/Oct/2003:22:17:39 -0700] CloseClient() 3 D [15/Oct/2003:22:17:55 -0700] AcceptClient() 3 from localhost:631. D [15/Oct/2003:22:17:55 -0700] ReadClient() 3 POST / HTTP/1.1 D [15/Oct/2003:22:17:55 -0700] ProcessIPPRequest: 3 status_code=0 D [15/Oct/2003:22:17:55 -0700] UpdateCUPSBrowse: Refused 135 bytes from 192.168.0.65 D [15/Oct/2003:22:17:55 -0700] UpdateCUPSBrowse: Refused 135 bytes from 192.168.0.65 D [15/Oct/2003:22:17:55 -0700] ReadClient() 3 POST / HTTP/1.1 D [15/Oct/2003:22:17:55 -0700] ProcessIPPRequest: 3 status_code=0 D [15/Oct/2003:22:17:55 -0700] CloseClient() 3 D [15/Oct/2003:22:18:10 -0700] AcceptClient() 3 from localhost:631. D [15/Oct/2003:22:18:10 -0700] ReadClient() 3 POST / HTTP/1.1 D [15/Oct/2003:22:18:10 -0700] ProcessIPPRequest: 3 status_code=0 D [15/Oct/2003:22:18:10 -0700] ReadClient() 3 POST / HTTP/1.1 D [15/Oct/2003:22:18:10 -0700] ProcessIPPRequest: 3 status_code=0 D [15/Oct/2003:22:18:10 -0700] CloseClient() 3 D [15/Oct/2003:22:18:26 -0700] UpdateCUPSBrowse: Refused 135 bytes from 192.168.0.65 D [15/Oct/2003:22:18:26 -0700] UpdateCUPSBrowse: Refused 135 bytes from 192.168.0.65 D [15/Oct/2003:22:18:26 -0700] AcceptClient() 3 from localhost:631. D [15/Oct/2003:22:18:26 -0700] ReadClient() 3 POST / HTTP/1.1 D [15/Oct/2003:22:18:26 -0700] ProcessIPPRequest: 3 status_code=0 D [15/Oct/2003:22:18:26 -0700] ReadClient() 3 POST / HTTP/1.1 D [15/Oct/2003:22:18:26 -0700] ProcessIPPRequest: 3 status_code=0 D [15/Oct/2003:22:18:26 -0700] CloseClient() 3 D [15/Oct/2003:22:18:42 -0700] AcceptClient() 3 from localhost:631. D [15/Oct/2003:22:18:42 -0700] ReadClient() 3 POST / HTTP/1.1 D [15/Oct/2003:22:18:42 -0700] ProcessIPPRequest: 3 status_code=0 D [15/Oct/2003:22:18:42 -0700] ReadClient() 3 POST / HTTP/1.1 D [15/Oct/2003:22:18:42 -0700] ProcessIPPRequest: 3 status_code=0 D [15/Oct/2003:22:18:42 -0700] CloseClient() 3 D [15/Oct/2003:22:18:57 -0700] UpdateCUPSBrowse: Refused 135 bytes from 192.168.0.65 D [15/Oct/2003:22:18:57 -0700] UpdateCUPSBrowse: Refused 135 bytes from 192.168.0.65 D [15/Oct/2003:22:18:57 -0700]
CVS update: samba/source/include
Date: Wed Oct 15 17:41:25 2003 Author: idra Update of /data/cvs/samba/source/include In directory dp.samba.org:/tmp/cvs-serv4654/include Modified Files: .cvsignore Log Message: created a new target: genparse this target will build parse file with genstruct it is the duty of the developer to commit updated files this is made to make build platforms independent of a working perl installation as always been with samba so currently you need to run: make genparse and commit: cvs ci include/tdbsam2_parse_info.h if you change anything in genparse/genstruct code or tdbsam2 code. Simo. Revisions: .cvsignore 1.11 = 1.12 http://www.samba.org/cgi-bin/cvsweb/samba/source/include/.cvsignore.diff?r1=1.11r2=1.12
CVS update: samba/source
Date: Wed Oct 15 17:41:25 2003 Author: idra Update of /data/cvs/samba/source In directory dp.samba.org:/tmp/cvs-serv4654 Modified Files: Makefile.in Log Message: created a new target: genparse this target will build parse file with genstruct it is the duty of the developer to commit updated files this is made to make build platforms independent of a working perl installation as always been with samba so currently you need to run: make genparse and commit: cvs ci include/tdbsam2_parse_info.h if you change anything in genparse/genstruct code or tdbsam2 code. Simo. Revisions: Makefile.in 1.722 = 1.723 http://www.samba.org/cgi-bin/cvsweb/samba/source/Makefile.in.diff?r1=1.722r2=1.723
CVS update: samba/source/smbd
Date: Thu Oct 16 00:45:15 2003 Author: jra Update of /data/cvs/samba/source/smbd In directory dp.samba.org:/tmp/cvs-serv17703/smbd Modified Files: lanman.c Log Message: Ensure error code path doesn't free unmalloced memory. Bug #628. Jeremy. Revisions: lanman.c1.96 = 1.97 http://www.samba.org/cgi-bin/cvsweb/samba/source/smbd/lanman.c.diff?r1=1.96r2=1.97
CVS update: samba/source/smbd
Date: Thu Oct 16 00:45:17 2003 Author: jra Update of /data/cvs/samba/source/smbd In directory dp.samba.org:/tmp/cvs-serv17707/smbd Modified Files: Tag: SAMBA_3_0 lanman.c Log Message: Ensure error code path doesn't free unmalloced memory. Bug #628. Jeremy. Revisions: lanman.c1.73.2.19 = 1.73.2.20 http://www.samba.org/cgi-bin/cvsweb/samba/source/smbd/lanman.c.diff?r1=1.73.2.19r2=1.73.2.20
CVS update: samba/source
Date: Thu Oct 16 05:10:18 2003 Author: tpot Update of /data/cvs/samba/source In directory dp.samba.org:/tmp/cvs-serv12004 Modified Files: Tag: SAMBA_3_0 Makefile.in Log Message: Build fix for wrepld. From MORIYAMA Masayuki. Revisions: Makefile.in 1.468.2.185 = 1.468.2.186 http://www.samba.org/cgi-bin/cvsweb/samba/source/Makefile.in.diff?r1=1.468.2.185r2=1.468.2.186
