[Samba] how to call an executable script each time a file is created or modified
is it possible to have a samba daemon call an executable script each time a file within one of it shares is modified or a new file is created? I'm looking to develop a file catalogging system for my file server which depends on my software being notified each time a file is modified or a new file created. This allows the modified/new file to be scanned for relavent information. :) __ Do you Yahoo!? The New Yahoo! Shopping - with improved product search http://shopping.yahoo.com -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Re:samba Re: OT Spam
Same story here since I sent out first mail to this list I get around 500 viruses a day. They get held on my clamav based mail scanner so I only receive warning messages and I can easily filter them and I aint got no outlook. I think it wouldnt be so hard to remove the from line of the header :( -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba 3.0 Admin members
read the chapter on Group Mapping in the Samba HowTo Collection. I believe it is chapter 12... There is no domain admin group anymore. On Wed, 2003-10-15 at 15:02, Torsten_Bergeest/[EMAIL PROTECTED] wrote: Hi, I am currently trying to configure Samba 3.0 as PDC in our Domain. Through which parameter can I tell Samba who is member of the Domain Admin group ? In the old version it was domain admin group = @adm... but this parameter has obviously been dropped in 3.0 . I just joined a machine to the domain by using root , but I think this was just because root is admin member by default. Thanks in advance, Torsten Bergeest -- Gunther SchlegelRiege Software International GmbH Manager System AdministrationMollsfeld 10 40670 Meerbusch, Germany Email: [EMAIL PROTECTED] Phone: +49-2159-9148-0 Fax: +49-2159-9148-11 - Disclaimer: You may grab my GPG key from http://www.keyserver.net . A nonproportional font is recommended for reading. signature.asc Description: This is a digitally signed message part -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Samba MS Office
Hello! I have a strange probleme with samba (debian sid, 3.0final) and Microsoft Office (in moment 97 is in use, but the same error with Office XP). I didn't found something in the Mailing-Lists-Archive, so I simple ask - Samba is used as PDC with Domain-Logons. When creating a new Document in Microsoft Word and try to save it on a samba share, we always get an error - Word says, that saving this file failed (no more information), than it asks, if we would try to safe again, we click on Yes and than it works!?!? Debugging is fully turned on (level 10), but we only see, that samba says, writing ist ok, but in the first try, it hasn't saved this file! This happens only with the MS Office. I also tried it with (as example) notepad to save a simple txt-file and this makes no problem! If found some informations in the Mailing-List and enabled following things: strict allocate = Yes strict locking = Yes strict sync = Yes But that hasn't solved the Problem. Here is a snap of our smb.conf # Global parameters [global] workgroup = OURSMBDOMAIN security=user name resolve order=wins bcast server string = %h server (Samba %v) interfaces = 192.168.193.0/24 encrypt passwords = true unix password sync = Yes log level = 10 time server = Yes keepalive = 30 guest account = nobody socket options = IPTOS_LOWDELAY TCP_NODELAY SO_SNDBUF=4096 SO_RCVBUF=4096 domain admin group = root, Administrator, @smbusers add user script = /usr/sbin/useradd -g 100 -d /dev/null -s /bin/false -M %u logon path = \\%N\profiles\%U logon script = %U.bat domain logons = Yes os level = 64 preferred master = True domain master = True wins support = Yes printing = cups strict allocate = Yes strict locking = Yes strict sync = Yes unix charset = 850 [office] comment = Office path = /mnt/shares/office public = no force group = +office force create mode = 2510 force directory mode = 2510 security mask = 0267 directory security mask = 0267 writeable = yes create mode = 2770 directory mode = 2770 valid users = @office Thank's for any information! Greetings, Andreas Andreas Unterkircher CUBiT IT Solutions GmbH Albertgasse 43 A-1080 Wien Tel: +43-1-7189880-0 Fax: +43-1-7189880-11 [EMAIL PROTECTED] http://www.cubit.at -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] (no subject)
Hi, I have a samba server samba-2.2.7a-8.9.0 running on RedHat 9 with domain logon configured for WinXP. If I login as one particular user from one particular XP workstation the notepad program starts up with the following text: [.ShellClassInfo] [EMAIL PROTECTED],-21787 Can someone explain what this means and how I can prevent it? Koos. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Samba 3.0 PDC - WinXP question
Can someone please tell me why samba PDC only accepts winXP clients while compiled wih LDAP support (even when the LDAP backend is not used) ? Alecs -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Invalid key message
Hi i use samba 2.2.8a suse 7.3, everything works well until i logged on with a win98 machine, i get hundreds of messages like: [2003/10/15 20:39:42, 0] smbd/dir.c:dptr_close(277) Invalid key 1875 given to dptr_close [2003/10/15 20:39:42, 0] smbd/dir.c:dptr_close(277) Invalid key 1914 given to dptr_close [2003/10/15 20:39:42, 0] smbd/dir.c:dptr_close(277) Invalid key 1915 given to dptr_close these seem to slow up network access by the machine does anybody know what this means, and how can i stop it? thanks Rob Carter [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] XP not executing my logon.bat
Hello all I have samba 2.2.8a running as PDC with LDAP. I have both win98 and xp W.Stations. When connecting from the win98 W.S, all the logon.bat script is executed and it maps 2 network drive. BUT when same config is applied to the XP W.S, it does not create the 2 network drives. Please help § Here is my smb.conf [global] workgroup = MIRANDA netbios name = MAINPDC encrypt passwords = Yes domain admin group = @admin logon script = logon.bat domain logons = Yes os level = 65 preferred master = yes domain master = yes wins support = no time server = True guest account = ftp [netlogon] path = /var/samba/netlogon browseable = no [homes] comment = home directory support read only = No browseable = no [test] path = /home/user/test browseable = yes writeable = yes [data] path = /home/user/data browseable = yes writeable = yes logon.bat net use O: \\mainpdc\test net use P: \\mainpdc\data __ Do you Yahoo!? The New Yahoo! Shopping - with improved product search http://shopping.yahoo.com -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Migrating /etc/shadow passwords to LDAP
Hi!. Since now, I was using a Workgroup with samba 2.2, and samba was using /etc/passwd for user accounts (plain text passwords). Now I'm migrating to LDAP, and I'm looking for a way to migrate the passwords without every user typing the password again.. It seems that idealix's scripts (smbldap-migrate-accounts.pl) will migrate from a previous NT based PDC.. but it's not my case. Any suggestion? Thanks! -- Dani Pardo, [EMAIL PROTECTED] Enplater S.A -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Strange problem with password server
Hi, We have a samba 3alpha19 PDC with a LDAP password backend. We have several samba servers runnign as file servers and print servers all fetching their password auth from the PDC. Most of the time clients can connect to the servers, however sometimes people can not connect to printers. The errors we are getting are: [2003/10/15 13:51:50, 1] auth/auth_server.c:check_smbserver_security(259) the challenge that the password server (MC095) supplied us is not the one we gave our client. This just can't work :-( [2003/10/15 13:51:50, 2] auth/auth.c:check_ntlm_password(309) check_ntlm_password: Authentication for user [jpither] - [jpither] FAILED with error NT_STATUS_LOGON_FAILURE and [2003/07/08 08:54:59, 0] passdb/pdb_smbpasswd.c:pdb_getsampwnam(1367) unable to open passdb database. [2003/07/08 08:54:59, 0] passdb/pdb_smbpasswd.c:pdb_getsampwnam(1367) unable to open passdb database. [2003/07/08 13:09:50, 0] smbd/password.c:server_cryptkey(1054) password server not available [2003/07/08 13:09:59, 0] smbd/password.c:server_cryptkey(1054) password server not available [2003/07/08 13:09:59, 0] passdb/pdb_smbpasswd.c:pdb_getsampwnam(1367) unable to open passdb database. [2003/07/08 13:09:59, 0] passdb/pdb_smbpasswd.c:pdb_getsampwnam(1367) unable to open passdb database. [2003/07/08 13:10:43, 0] smbd/password.c:server_cryptkey(1054) password server not available [2003/07/08 13:10:51, 0] smbd/password.c:server_cryptkey(1054) password server not available [2003/07/08 13:10:58, 0] passdb/pdb_smbpasswd.c:pdb_getsampwnam(1367) unable to open passdb database. [2003/07/08 13:10:58, 0] passdb/pdb_smbpasswd.c:pdb_getsampwnam(1367) unable to open passdb database. [2003/07/08 13:11:24, 0] smbd/password.c:server_cryptkey(1054) password server not available any ideas??? Cheers Kris -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Is there a way to enforce a single login domain wide
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Douglas Phillipson írta: | I just tested the process/uid check theory. Upon initail login the new | smbd process is owned by the user but with no activity on any shares it | switches to being owned by root in a minute. I guess I could use a | script to touch a file with the users login name or uid and just check | for that upon login and remove it on logout... | | Anyone have any better ideas? | | DSP | | | Gémes Géza wrote: | | -BEGIN PGP SIGNED MESSAGE- | Hash: SHA1 | | I.M.H.O | | you could write a root prexec script for your netlogon share, wich would | check for runing smbd with the uid of the connection, and return an | error if there is such. And specifying root prexec close = yes on the | netlogon share, you could deny them. | The danger is that because of blocked clients you would got lots of | frustrated clients. | | Good Luck! | | Geza Gemes | | John H Terpstra írta: | | On Mon, 13 Oct 2003, Douglas Phillipson wrote: | | | | | |I didn't get any hits on this. Does that mean it's not possible??? | |Has anyone enforced a single instance login policy somehow? Is | this a | |reasonable question to ask? | | | | | | This is not possible. There is no way to do this with MS Windows 200x | | server - and there is no way to do this with Samba. | | | | - John T. | | | | | |DSP | | | |Douglas Phillipson wrote: | | | | I would like to enforce a policy for a user being only able to login | |once anywhere in the Domain. When you use roaming profiles, the system | |gets confused and leaves the local profile on the client PC if the same | |user logs in on a second machine while they are still loggewd in on the | |first one. This then causes the Samba profile to NOT get updated on | |logout. If a user is currently logged on a domain, I need that user to | |be refused if they logon to a second machine until they logoff the | first | |machine. Is this possible with Samba, or would I use some sort of | logon | |script to query something and force the user off at their second login | |attempt? When this problem occurs you have to reboot the machine and | |remove the users local profile so it will again use the roaming profile | |on the samba DC. Very irritating... | | | | Thanks | | | | DSP | | | | | | | | | | -BEGIN PGP SIGNATURE- | Version: GnuPG v1.2.2 (GNU/Linux) | Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org | | iD8DBQE/i+88/PxuIn+i1pIRAi+fAJ0Yc/e6H8MyKxc0z8s1FnWhLsFVyACgh7vh | G3SEihFi0OPiVpUSvBFZZvA= | =SjHf | -END PGP SIGNATURE- | | | | Maybe if you would try to filter smbstatus output in your root preexec instead of ps-ing for smbd-s? In my samba 3.0.1pre1 smbstatus gave me the correct username after about an hour of inactivity. Good Luck! Geza Gemes -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.2 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQE/joRu/PxuIn+i1pIRAstNAKCxFtotm2nZY6bCb2wPaKoF2MuCtgCfTjOE W5KuYoiThM3nazrhkfG3Q80= =UP3R -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Migrating /etc/shadow passwords to LDAP
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Dani Pardo írta: | Hi!. Since now, I was using a Workgroup with samba 2.2, and samba | was using /etc/passwd for user accounts (plain text passwords). Now I'm | migrating to LDAP, and I'm looking for a way to migrate the passwords | without every user typing the password again.. | It seems that idealix's scripts (smbldap-migrate-accounts.pl) will | migrate from a previous NT based PDC.. but it's not my case. | Any suggestion? Thanks! | There are the openldap-migration scripts from www.padl.com, they should do the trick. Then there are some scripts in samba/scripts (exact location may differ) with which you could migrate your smbpasswd file. I did it with this tools. Good Luck! Geza Gemes -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.2 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQE/joaW/PxuIn+i1pIRAuPSAJ9teo+szQ5s+TmPuxkNVi1Z8/McagCgmPwr qn5/55yI+y6p51Q6jh+PHCk= =fUDN -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [OT] [Samba] SPAM
Around 300 spam in less than one day. Sure it's not the list fault, but come on. I guess this is not the right place to complain about it. :) Denis J. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] wbinfo -G $GID fails
hi i'm out of knowledge [System] - Samba 3.0 Final - Suse 8.2 - IDMAP Backend = LDAP (Openldap 2.1) everything works fine - getent password/group shows all groups from ldap - in a test machine (XP) all SID's are correctly mapped to users, so i can see DOMAIN\User instead of S-1-5-4-x-x-xxx-RID - logons and so on are working - granting access to files on XP in tab security works with ACL with one exception: I can't grant access on files for _groups_ (users no problem) if i press admit or ok to store the new permissions everything is reseted in the logs i see, that samba is searching for the correct SID (S-1-4-21-xxx-xxx-xxx-512 - DomAdmins) _AND_ for the attribute sambaSamAccount of course, for a groupsid, which is mapped to a unix-group (groupmap) there's no entry with this search criteria !!! so samba can't find an entry in LDAP and fails who uses LDAP and groupmapping and can tell me, how to solve this problem, that i just can grant file-access on ACL-User-Base ??? btw: wbinfo -u $UID correctly maps $UID to $SID, but wbinfo -G $GID returns did not succeed ? but net groupmap list shows the correct groupmapping? thx micha -- Matrix - more than a vision ** Michael Gasch Max Planck Institute for Evolutionary Anthropology Deutscher Platz 6 04103 Leipzig Germany ** -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba 3.0 PDC - WinXP question
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Alecsandru Chirosca rta: | Can someone please tell me why samba PDC only accepts winXP clients | while compiled wih LDAP support (even when the LDAP backend is not used) | ? | | Alecs | What have you done? Mine is having all kind of: Win98 WinNT4 Win2000 WinXP Your config should be realy strange ;-) Regards Geza Gemes -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.2 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQE/joV//PxuIn+i1pIRAqRpAJ4jW1Jvxux9MILY2Ia4c6V4zRXWmACfRXEC 5JJs+m/+wEm22JaL+I1qC50= =+kvM -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Samba 3.0.0 CVS 3.0.1pre2: libads/kerberos_verify.c, line 77: improper member use: keyblock
This has been submitted to https://bugzilla.samba.org/ as Bug 636
I'm trying to build Samba 3.0.0 CVS 3.0.1pre2 under Solaris 8 with
MIT Kerberos 5 1.3.1
OpenLDAP 2.1.22
using the Sun Workshop 6U2 compiler
Arguments to configure are:
configured by ./configure, generated by GNU Autoconf 2.53,
with options \'--with-readline' '--with-libiconv=/usr/local' '--with-ldap' '-
-with-krb5=/usr/local/kerberos' '--with-ldapsam' '--with-automount' '--with-libs
mbclient' '--with-acl-support' '--with-winbind' '--prefix=/usr/local' 'CC=cc' 'C
FLAGS=-xarch=v9a' 'CPPFLAGS=-I/usr/local/include -I/usr/local/openldap/include -
I/usr/local/sasl/include -I/usr/local/kerberos/include -I/usr/local/BerkeleyDB.4
.1/include -I/usr/local/openssl/include' 'LDFLAGS=-L/usr/local/lib/sparcv9 -L/us
r/local/openldap/lib -L/usr/local/sasl/lib -L/usr/local/kerberos/lib -L/usr/loca
l/BerkeleyDB.4.1/lib -L/usr/local/openssl/lib -R/usr/local/lib/sparcv9 -R/usr/lo
cal/openldap/lib -R/usr/local/sasl/lib -R/usr/local/kerberos/lib -R/usr/local/Be
rkeleyDB.4.1/lib -R/usr/local/openssl/lib'\
I get the following error trying to compile libads/kerberos_verify.c
libads/kerberos_verify.c, line 77: improper member use: keyblock
The relevant code below looks okay to me
static krb5_error_code create_keytab(krb5_context context,
krb5_principal host_princ,
char *host_princ_s,
krb5_data password,
krb5_enctype *enctypes,
krb5_keytab *keytab,
char *keytab_name)
{
krb5_keytab_entry entry;
krb5_kvno kvno = 1;
krb5_error_code ret;
krb5_keyblock *key;
int i;
[... lines deleted ...]
entry.keyblock = *key;
The problem is that the structure member name is key, not keyblock.
From krb5.h
typedef struct krb5_keytab_entry_st {
krb5_magic magic;
krb5_principal principal; /* principal of this key */
krb5_timestamp timestamp; /* time entry written to keytable */
krb5_kvno vno; /* key version number */
krb5_keyblock key; /* the secret key */
} krb5_keytab_entry;
Here's a possible patch
--- libads/kerberos_verify.c~ Tue Oct 14 13:28:27 2003
+++ libads/kerberos_verify.cThu Oct 16 08:37:20 2003
@@ -74,7 +74,7 @@
/* this will have to be detected in configure...heimdal
calls it keyblock, MIT calls it key, but it does not
matter we are creating keytabs with MIT */
- entry.keyblock = *key;
+ entry.key = *key;
DEBUG(10,(adding keytab-entry for (%s) with encryption type (%d)\n,
host_princ_s, enctypes[i]));
--
Eric M. Boehm /\ ASCII Ribbon Campaign
[EMAIL PROTECTED] \ / No HTML or RTF in mail
X No proprietary word-processing
Respect Open Standards / \ files in mail
--
To unsubscribe from this list go to the following URL and read the
instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Re: smbfs: sometimes can't read file on windows share
Steve wrote: Let me also add: 1. Nothing of interest to indicate what the problem might be in the logfiles on the linux box or the windows machine. 2. Even if I unmount and remount the share from RedHat, it doesn't change the problem - the file is still unreadable. Anyone seen this before? Steve More data: I _did_ find some error messages of interest in messages on the RH9 system (sorry I missed this earlier): Oct 16 08:29:00 home kernel: smb_open: New York City/CIMG0219.JPG open failed, result=-13 Oct 16 08:29:00 home kernel: smb_open: New York City/CIMG0219.JPG open failed, result=-13 Oct 16 08:29:00 home kernel: smb_readpage_sync: New York City/CIMG0219.JPG open failed, error=-13 Oct 16 08:29:00 home kernel: smb_open: New York City/CIMG0219.JPG open failed, result=-13 Oct 16 08:29:00 home kernel: smb_open: New York City/CIMG0219.JPG open failed, result=-13 Oct 16 08:29:00 home kernel: smb_readpage_sync: New York City/CIMG0219.JPG open failed, error=-13 I can't seem to dig up a list of the samba error messages and what they mean - I guess I can start going through the source, but I just figured someone here would have seen this before. An old post elsewhere which refers to result=-13 says the mount died, but the process is still humming along on my system and it can still read other (not new) files no problem. Anyone? Steve -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Migrating /etc/shadow passwords to LDAP
On Thu, 16 Oct 2003, Gémes Géza wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Dani Pardo írta: | Hi!. Since now, I was using a Workgroup with samba 2.2, and samba | was using /etc/passwd for user accounts (plain text passwords). Now I'm | migrating to LDAP, and I'm looking for a way to migrate the passwords | without every user typing the password again.. | It seems that idealix's scripts (smbldap-migrate-accounts.pl) will | migrate from a previous NT based PDC.. but it's not my case. | Any suggestion? Thanks! | There are the openldap-migration scripts from www.padl.com, they should do the trick. Yep, they do the trick of exporting the posixAccount, the user, se below. Then there are some scripts in samba/scripts (exact location may differ) with which you could migrate your smbpasswd file. I did it with this tools. When I have the (normal) user in LDAP, i must run pdbedit -a or smbpasswd -a user in order to add the needed samba attributes of the ldap samba.schema. Ok, but smbpassword or pbedit ask me to enter the password, and I don't know the passord of my users, so I was wondering if there is any tool to export them.. but I think it's impossible, I'll have to ask all my users to go and type-in their password. -- Dani Pardo, [EMAIL PROTECTED] Enplater S.A -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Is there a way to enforce a single login domain wide
Hallo Douglas Phillipson, am Tue, Oct 14, 2003 at 02:07:13PM -0700 hast du folgendes geschrieben: I just tested the process/uid check theory. Upon initail login the new smbd process is owned by the user but with no activity on any shares it switches to being owned by root in a minute. I guess I could use a script to touch a file with the users login name or uid and just check for that upon login and remove it on logout... Anyone have any better ideas? No sure about this, but when you compiling Samba with wtmp/utmp Support than it should be ossible to look with 'who' who is online in with samba. Greetings Thomas -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] 3.0 Authenticating to Win2003
Samba Version: 3.0.0 Linux Version: Redhat 8 Kernel: 2.4.18-19.8.0smp Kerberos: Mit 1.3.1 Windows Version: 2003 running in mixed mode (though we will be switching to native mode soon) The system was initially set up to hit the NT4 Domain and was authenticating to the domain. The NT 4 domain was upgraded to 2003 running in mixed mode. The Samba server could still authenticate to the domain with security=domain set. We will be switching the 2003 domain over to native mode soon so the the Samba server needs to be able to authenticate to the AD before we can. I downloaded and built MIT Kerberos v1.3.1 and then rebuilt Samba with winbind, msdfs, smbwrapper, smbmount, syslog, and utmp. I set up the smb.conf as shown below I configured my krb5.conf as shown below. I start smbd, nmbd and winbindd The I do a kinit [EMAIL PROTECTED] it prompts me for and I type in my 2003 administrator password and it is happy. klist show a valid (I think) ticket. I then type 'net ads join' and I get the message Joined SRALHOME' to realm 'LFS.MYDOMAIN.ORG' wbinfo -g and wbinfo -u return the user and group info from the 2003 domain wbinfo -t says 'checking the trust secret via RPC calls succeeded. I then go to an XP box that is on the domain where I am logged in as dshare and type in % net use * \\sralhome\dshare It prompts me for a password I try using dshare and I get a 1326 error, logon failure: uknown username or bad password I can find no information in the logs associated with this request. I try 'net use * \\sralhome\dshare /user:dshare' and get the same thing. In the logs I see 'getpwnam lfs.mydomian.org+dshare' followed by 'invalid data size key [SEQNUM/LFS] but later on I see 'Searh for (|(sAMAccountname=dshare) ([EMAIL PROTECTED])) gave 1 replies and it apprears to find my sid and a wchache_save_name_to_sid mapping. It does the several times but each time eventually ends with 'read 0 bytes. Need 1568 more for a full request' read failed on sock 18, pid 7669: EOF. This 'read failed error always occurs after a call to nsswitch/winbindd.c:winbind_client_read(462)' the number is always 462. If I do a 'net view \\sralhome' I get a 'system error 5 has occurred' I can find no evidence of this in the logs either. It seems that I must specify /user in my net use command to see somthing in the log. Of course, I don't really know what to look for other than the username that is requestin the service and this should be included as the logged in user, I think I also am unable to connect to \\sralhome\test which allows guest access using the dshare account either. If I do a 'net view \\sralhome' from the 2003 AD box (logged on as Administrator) it works. The appreance of the logs is as above but dshare is replace with administrator and there are no 'read failed on sock' errors. If I do a 'net use \\sralhome\test from the 2003 AD box (logged on as Administrator) it works. If I do a 'net view \\sralhome\test /user:dshare' it prompts me for a password and then fails. The logs show the use of NTLM CRAP authentication and a NT_STATUS_WRONG_PASSWORD (PAM:4). There were no NTLM CRAP messages in the previous attemps. If I do a 'net view \\sralhome\test /user:[EMAIL PROTECTED] it prompts me for a password and then fails. The logs show the use of NTLM CRAP authentication and a NT_STATUS_NO_SUCH_USER. Now if I go back to the XP machine and try to use the Administrator user instead 'net use \\sralhome\test /user:administrator' The logs show the use of NTLM CRAP authentication and a NT_STATUS_WRONG_PASSWORD (PAM:4). It appears that it is trying to use two different types of authentication depending on where I try my net use command from and if the /user option is selected. I am sort of stumped on where to go now. I am out of ideas on what to look for and where to check. How could the 2003 mixed mode affect this? My next step is probably to set up a 2003 server in native mode and see what happens. smb.conf [global] encrypt passwords = yes workgroup = LFS realm = LFS.MYDOMAIN.ORG netbios name = SRALHOME server string = Home Server security = ads client signing = yes server signing = yes client use spnego = yes #winbind configuration winbind separator = + idmap uid = 1-2 idmap gid = 1-2 winbind enum users = yes winbind enum groups = yes template homedir = /home/%D/$U template shell = /bin/bash log level = 10 log file = /var/log/samba/log.smbd add user script = /usr/sbin/useradd -d /dev/null -g 100 -s /bin/false -M %u delete user script = /usr/sbin/userdel # wins support = No # ldap ssl = no [test] comment = For testing only, please path = /usr/local/samba/tmp read only = No guest ok = Yes [dshare] comment = Dale's test path = /home/dshare read only = No guest ok = No valid users = dshare #dshare is a valid 2003 AD account kbr5.conf [logging] default = FILE:/var/log/krb5libs.log kdc = FILE:/var/log/krb5kdc.log admin_server =
[Samba] Error: Cannot find KDC for requested realm
From searching the web, I found that many people have encountered this problem. The fixes the suggested don't seem to work for me... My smb.conf file looks like this [global] workgroup = OURDOMAIN security = ADS realm = OURDOMAIN.com password server = OURSERVER encrypt passwords = yes add user script = /usr/sbin/useradd %u hosts allow = 192.168.X. 127. winbind uid = 1-2 winbind gid = 1-2 [homes] comment = Home Directories browseable = no writable = yes valid users = %S create mode = 0700 directory mode = 0775 When I try to join the domain I do the following: ./net ads join -w OURDOMAIN -U administrator and the response is this kerberos_kinit_password [EMAIL PROTECTED] failed: Cannot find KDC for requested realm Any solutions/ideas? -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Samba 3: is LDAP required?
I found when runnig configure that the openldap library files are required in order for --with-ads to work. Samba 3.0 will make ldap calls to the AD so this is logical, as a result I've had to install openldap with a null backend in order to get everything to work. -Original Message- From: tvsjr [mailto:[EMAIL PROTECTED] Sent: 15 October 2003 23:31 To: Ron Gage; [EMAIL PROTECTED] Subject: Re: [Samba] Samba 3: is LDAP required? Yes or no - is OpenLDAP required to be on the SAMBA 3.0 server in order for Active Directory support to work? Active Directory support == security = ads. Are you trying to make Samba act as an Active Directory server? If so, then Samba won't do that, you're SOL. If you're trying to make your Samba machine join an Active Directory, no, OpenLDAP is not required. The Active Directory must be running in Mixed or Native mode, not in Native 2003 (2k3 Server only) mode. Terry -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba BBCi at http://www.bbc.co.uk/ This e-mail (and any attachments) is confidential and may contain personal views which are not the views of the BBC unless specifically stated. If you have received it in error, please delete it from your system. Do not use, copy or disclose the information in any way nor act in reliance on it and notify the sender immediately. Please note that the BBC monitors e-mails sent or received. Further communication will signify your consent to this. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Foxpro Test
I have one final data intensive test to run but I think I have it stable. See http://www.drouillard.ca/TipsTricks/Samba/Oplocks.htm for some tips. Also, turn off opportunistic locking on all windows workstations. Larry Nobs - Original Message - From: Richmond Dyes [EMAIL PROTECTED] To: lrnobs [EMAIL PROTECTED] Sent: Thursday, October 16, 2003 10:19 AM Subject: Re: [Samba] Foxpro Test Have you solved this problem? lrnobs wrote: I want to put a Samba server online under RedHat 7.3 to replace an old Novell server. Oplocks is turned off. I ran a test last night with Visual FoxPro code like this: ** do while not flock()request a file lock try again endo get the date and time insert a record into a shared table unlock start over again *** I ran this on seven windows pcs simultaneously. 1. The record insertions would allow one pc to insert multiple records, for example 10 in a row before another computer had a chance to do an insertion. The same test on the Novell server would allow one or two records before it gave another computer a chance for an insertion. 2. After several thousand insertions I had only one pc consuming the time viewable with the top command. I killed that process but the other pcs still were not doing insertions. I killed the process on a second pc and then the rest were free to insert records. How can I make the Samba server distribute time more evenly. I suspect that allowing one pc so much record insertion time to the exclusion of others created my lock up. Thanks, Larry Nobs -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] ldap.h: present but cannot be compiled?? Samba 3.0/.1pre1
Hi all. I am despirately trying to compile samba 3.0 and I get the following error...I have also tried 3.0.1pre1 as well. I have tried sunfreeware.com for ldap, my own package I made, and also the latest ldap from openldap.org... and all produce the following when I try to compile samba... Any ideas? checking for LDAP support... auto checking ldap.h usability... no checking ldap.h presence... yes configure: WARNING: ldap.h: present but cannot be compiled configure: WARNING: ldap.h: check for missing prerequisite headers? configure: WARNING: ldap.h: proceeding with the preprocessor's result checking for ldap.h... yes checking lber.h usability... yes checking lber.h presence... yes checking for lber.h... yes checking for ber_scanf in -llber... no checking for ldap_init in -lldap... yes checking for ldap_domain2hostlist... no checking for ldap_set_rebind_proc... yes checking whether ldap_set_rebind_proc takes 3 arguments... 3 checking for ldap_initialize... no configure: WARNING: libldap is needed for LDAP support checking for Active Directory and krb5 support... yes configure: error: Active Directory Support requires LDAP support -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] If you install Samba via an rpm how do you tell what options are compiled in?
I think I need with-acl-support in Samba 3.0.1 but am unsuer if it is compiled in. How would I be able to tell if installed via RPM? Thanks DSP -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] how to call an executable script each time a file is created or modified
On Wed, Oct 15, 2003 at 11:49:31PM -0700, dave giffin wrote: is it possible to have a samba daemon call an executable script each time a file within one of it shares is modified or a new file is created? I'm looking to develop a file catalogging system for my file server which depends on my software being notified each time a file is modified or a new file created. This allows the modified/new file to be scanned for relavent information. You need to write yourself a Samba VFS module. Start with the sample one shipped with Samba. Jeremy. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Using smbclient -L localhostname
Hello, Someone knows what can I do in order to use correctly smbclient??? I am getting this error: [EMAIL PROTECTED] /]# smbclient -L 63.47.213.xxx added interface ip=63.47.213.xxx bcast=63.47.213.xxx nmask=255.255.255.224 error connecting to 63.47.213.xxx:139 (Connection refused) Error connecting to 63.47.213.xxx (Connection refused) Connection to 63.47.213.xxx failed [EMAIL PROTECTED] /]# Any help is greatly appreciated. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] samba 3.0 problems with word files and possible other msoffice files
We have several problems with word files which I would really like to have solved. The users are getting restless and me too ... Situation : I can not reproduce the problem with my version and config of pc. But we have a group of people which use windows 2000 and msoffice 2000. They use only word with an addon which translates texts (these people are translators). The translator addon hooks in word and allows them to translate parts of the word documents to other languages. The server version is samba 3.0.0 on redhat 7.3 (kernel 2.4.18) Symptoms : - When they save some files they are error messages like : disk is write protected , format the media , invalid filename , etc ... This also happens on files which are not new and it doesn't happen always. - Also frequently these files are staying readonly (also after closing the file). A wild guess : - something is still wrong with the permissions although the unix rights are ok (user is member of group and group has rw rights). Maybe word still see the wrong rights and thinks it can not write. Word does not change the file to readwrite and the file stays readonly. Wrong guess ? - maybe turning off all oplocks is not such a good idea ? Notes : - We turned of all oplocks because of a sometimes not too reliable network was giving file corruption. - I read the faq and saw the explanation on word. This does not seem to be the problem ? All files have alway the same group and the people are member of it. So I guess the changing of rights part is ok. I tried the force group but also tried to turn this of and use ony bit set of the group. Same problems. If someone can shed a light on this we would be very grateful as I don't see a solution for the moment. regards, Christian Here is most of [global] and the problem share : [global] dos charset = CP850 unix charset = UTF-8 display charset = ISO8859-1 workgroup = COMPANY netbios name = FileSRV netbios aliases = netbios scope = server string = Company_name Samba %L [v%v] interfaces = bind interfaces only = No security = USER auth methods = encrypt passwords = Yes update encrypted = No client schannel = Auto server schannel = Auto allow trusted domains = Yes hosts equiv = min passwd length = 6 map to guest = Never null passwords = No obey pam restrictions = Yes password server = * smb passwd file = /etc/samba/smbpasswd private dir = /etc/samba passdb backend = ldapsam:ldap://our.ldapserver.com algorithmic rid base = 1000 root directory = guest account = nobody pam password change = No username map = password level = 0 username level = 0 unix password sync = No restrict anonymous = 0 lanman auth = No ntlm auth = Yes client NTLMv2 auth = No client lanman auth = Yes client plaintext auth = Yes preload modules = /usr/lib/libldap.so.2 log level = 2 syslog = 1 syslog only = No log file = /var/log/samba/log.%m max log size = 50 timestamp logs = Yes debug hires timestamp = No debug pid = No debug uid = No smb ports = 445 139 protocol = NT1 large readwrite = Yes max protocol = NT1 min protocol = NT1 unicode = Yes read bmpx = No read raw = Yes write raw = Yes disable netbios = No acl compatibility = nt pipe support = Yes nt status support = Yes announce version = 4.9 announce as = NT max mux = 50 max xmit = 16644 name resolve order = lmhosts wins host bcast max ttl = 259200 max wins ttl = 518400 min wins ttl = 21600 time server = Yes unix extensions = Yes use spnego = Yes client signing = auto server signing = No client use spnego = Yes change notify timeout = 60 deadtime = 0 getwd cache = Yes keepalive = 300 kernel change notify = Yes lpq cache time = 10 max smbd processes = 0 paranoid server security = Yes max disk size = 0 max open files = 1 read size = 16384 socket options = TCP_NODELAY IPTOS_LOWDELAY SO_KEEPALIVE SO_RCVBUF=8192 SO_SNDBUF=8192 use mmap = Yes hostname lookups = No name cache timeout = 660 load printers = Yes printcap name = cups disable spoolss = No enumports command = addprinter command = deleteprinter command = show add printer wizard = Yes os2 driver map = mangling method = hash2 mangle prefix = 1 mangled stack = 50 stat cache = Yes machine
[Samba] Re: Printing Issues with NT type Clients.
I included a level 4 log of samba when I tried to print from a 2k pro client. I can't find a problem with the log files. I compiled samba with the following switches: --- ./configure \ --bindir=/usr/bin \ --sbindir=/usr/sbin \ --libexecdir=/usr/libexec \ --sysconfdir=/etc \ --mandir=/usr/share/man \ --localstatedir=/var \ --with-fhs \ --with-privatedir=/etc/samba/private \ --with-configdir=/etc/samba \ --datadir=/usr/share \ --libdir=/usr/lib \ --includedir=/usr/include \ --with-automount \ --with-smbmount \ --without-winbind \ --with-quotas \ --with-msdfs \ --with-acl-support \ --with-libsmbclient --- What am I doing wrong. The problem is with the NT clients not being able to print. 9x clients can print just fine. I just don't get it. Please help me. - Level 4 Log File - [2003/10/16 13:02:14, 3] smbd/process.c:process_smb(846) Transaction 1 of length 137 [2003/10/16 13:02:14, 3] smbd/process.c:switch_message(685) switch message SMBnegprot (pid 15952) [2003/10/16 13:02:14, 3] smbd/sec_ctx.c:set_sec_ctx(329) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2003/10/16 13:02:14, 3] smbd/negprot.c:reply_negprot(342) Requested protocol [PC NETWORK PROGRAM 1.0] [2003/10/16 13:02:14, 3] smbd/negprot.c:reply_negprot(342) Requested protocol [LANMAN1.0] [2003/10/16 13:02:14, 3] smbd/negprot.c:reply_negprot(342) Requested protocol [Windows for Workgroups 3.1a] [2003/10/16 13:02:14, 3] smbd/negprot.c:reply_negprot(342) Requested protocol [LM1.2X002] [2003/10/16 13:02:14, 3] smbd/negprot.c:reply_negprot(342) Requested protocol [LANMAN2.1] [2003/10/16 13:02:14, 3] smbd/negprot.c:reply_negprot(342) Requested protocol [NT LM 0.12] [2003/10/16 13:02:14, 3] smbd/negprot.c:reply_negprot(426) Selected protocol NT LM 0.12 [2003/10/16 13:02:14, 3] smbd/process.c:process_smb(846) Transaction 2 of length 203 [2003/10/16 13:02:14, 3] smbd/process.c:switch_message(685) switch message SMBsesssetupX (pid 15952) [2003/10/16 13:02:14, 3] smbd/sec_ctx.c:set_sec_ctx(329) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2003/10/16 13:02:14, 3] smbd/reply.c:reply_sesssetup_and_X(880) Domain=[DREAMLAND] NativeOS=[Windows 2000 2195] NativeLanMan=[Windows 2000 5.0] [2003/10/16 13:02:14, 3] smbd/reply.c:reply_sesssetup_and_X(890) sesssetupX:name=[win9x] [2003/10/16 13:02:14, 4] lib/username.c:map_username(134) Scanning username map /etc/samba/usernames.cfg [2003/10/16 13:02:14, 3] lib/username.c:map_username(168) Mapped user win9x to kirby [2003/10/16 13:02:14, 4] lib/substitute.c:automount_server(183) Home server: paint-roller [2003/10/16 13:02:14, 4] lib/substitute.c:automount_server(183) Home server: paint-roller [2003/10/16 13:02:14, 4] smbd/password.c:smb_password_ok(475) smb_password_ok: Checking SMB password for user kirby [2003/10/16 13:02:14, 4] smbd/password.c:smb_password_ok(499) smb_password_ok: Checking NT MD4 password [2003/10/16 13:02:14, 4] smbd/password.c:smb_password_ok(501) smb_password_ok: NT MD4 password check succeeded [2003/10/16 13:02:14, 3] smbd/sec_ctx.c:push_sec_ctx(297) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2003/10/16 13:02:14, 3] smbd/uid.c:push_conn_ctx(286) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2003/10/16 13:02:14, 3] smbd/sec_ctx.c:set_sec_ctx(329) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2003/10/16 13:02:14, 3] smbd/sec_ctx.c:get_current_groups(172) get_current_groups: user is in 1 groups: 8001 [2003/10/16 13:02:14, 3] smbd/sec_ctx.c:pop_sec_ctx(436) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2003/10/16 13:02:14, 3] smbd/sec_ctx.c:get_current_groups(172) get_current_groups: user is in 1 groups: 8001 [2003/10/16 13:02:14, 3] smbd/password.c:register_vuid(336) uid 8001 registered to name kirby [2003/10/16 13:02:14, 3] smbd/password.c:register_vuid(338) Clearing default real name [2003/10/16 13:02:14, 3] smbd/password.c:register_vuid(340) User name: kirby Real name: [2003/10/16 13:02:14, 3] smbd/process.c:chain_reply(991) Chained message [2003/10/16 13:02:14, 3] smbd/process.c:switch_message(685) switch message SMBtconX (pid 15952) [2003/10/16 13:02:14, 3] smbd/sec_ctx.c:set_sec_ctx(329) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2003/10/16 13:02:14, 4] smbd/reply.c:reply_tcon_and_X(334) Got device type ? [2003/10/16 13:02:14, 3] lib/access.c:check_access(318) check_access: no hostnames in host allow/deny list. [2003/10/16 13:02:14, 2] lib/access.c:check_access(329) Allowed connection from (192.168.0.11) [2003/10/16 13:02:14, 3] smbd/password.c:authorise_login(736) authorise_login: ACCEPTED: validated uid ok as non-guest (user=kirby) [2003/10/16 13:02:14, 3] smbd/service.c:make_connection(487) Connect path is /tmp [2003/10/16 13:02:14, 3] smbd/sec_ctx.c:push_sec_ctx(297) push_sec_ctx(0, 0) :
[Samba] Re: Printing Issues with NT type Clients.
I included a level 4 log of samba when I tried to print from a 2k pro client. I can't find a problem with the log files. I compiled samba with the following switches: --- ./configure \ --bindir=/usr/bin \ --sbindir=/usr/sbin \ --libexecdir=/usr/libexec \ --sysconfdir=/etc \ --mandir=/usr/share/man \ --localstatedir=/var \ --with-fhs \ --with-privatedir=/etc/samba/private \ --with-configdir=/etc/samba \ --datadir=/usr/share \ --libdir=/usr/lib \ --includedir=/usr/include \ --with-automount \ --with-smbmount \ --without-winbind \ --with-quotas \ --with-msdfs \ --with-acl-support \ --with-libsmbclient --- What am I doing wrong. The problem is with the NT clients not being able to print. 9x clients can print just fine. I just don't get it. Please help me. - Level 4 Log File - [2003/10/16 13:02:14, 3] smbd/process.c:process_smb(846) Transaction 1 of length 137 [2003/10/16 13:02:14, 3] smbd/process.c:switch_message(685) switch message SMBnegprot (pid 15952) [2003/10/16 13:02:14, 3] smbd/sec_ctx.c:set_sec_ctx(329) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2003/10/16 13:02:14, 3] smbd/negprot.c:reply_negprot(342) Requested protocol [PC NETWORK PROGRAM 1.0] [2003/10/16 13:02:14, 3] smbd/negprot.c:reply_negprot(342) Requested protocol [LANMAN1.0] [2003/10/16 13:02:14, 3] smbd/negprot.c:reply_negprot(342) Requested protocol [Windows for Workgroups 3.1a] [2003/10/16 13:02:14, 3] smbd/negprot.c:reply_negprot(342) Requested protocol [LM1.2X002] [2003/10/16 13:02:14, 3] smbd/negprot.c:reply_negprot(342) Requested protocol [LANMAN2.1] [2003/10/16 13:02:14, 3] smbd/negprot.c:reply_negprot(342) Requested protocol [NT LM 0.12] [2003/10/16 13:02:14, 3] smbd/negprot.c:reply_negprot(426) Selected protocol NT LM 0.12 [2003/10/16 13:02:14, 3] smbd/process.c:process_smb(846) Transaction 2 of length 203 [2003/10/16 13:02:14, 3] smbd/process.c:switch_message(685) switch message SMBsesssetupX (pid 15952) [2003/10/16 13:02:14, 3] smbd/sec_ctx.c:set_sec_ctx(329) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2003/10/16 13:02:14, 3] smbd/reply.c:reply_sesssetup_and_X(880) Domain=[DREAMLAND] NativeOS=[Windows 2000 2195] NativeLanMan=[Windows 2000 5.0] [2003/10/16 13:02:14, 3] smbd/reply.c:reply_sesssetup_and_X(890) sesssetupX:name=[win9x] [2003/10/16 13:02:14, 4] lib/username.c:map_username(134) Scanning username map /etc/samba/usernames.cfg [2003/10/16 13:02:14, 3] lib/username.c:map_username(168) Mapped user win9x to kirby [2003/10/16 13:02:14, 4] lib/substitute.c:automount_server(183) Home server: paint-roller [2003/10/16 13:02:14, 4] lib/substitute.c:automount_server(183) Home server: paint-roller [2003/10/16 13:02:14, 4] smbd/password.c:smb_password_ok(475) smb_password_ok: Checking SMB password for user kirby [2003/10/16 13:02:14, 4] smbd/password.c:smb_password_ok(499) smb_password_ok: Checking NT MD4 password [2003/10/16 13:02:14, 4] smbd/password.c:smb_password_ok(501) smb_password_ok: NT MD4 password check succeeded [2003/10/16 13:02:14, 3] smbd/sec_ctx.c:push_sec_ctx(297) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2003/10/16 13:02:14, 3] smbd/uid.c:push_conn_ctx(286) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2003/10/16 13:02:14, 3] smbd/sec_ctx.c:set_sec_ctx(329) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2003/10/16 13:02:14, 3] smbd/sec_ctx.c:get_current_groups(172) get_current_groups: user is in 1 groups: 8001 [2003/10/16 13:02:14, 3] smbd/sec_ctx.c:pop_sec_ctx(436) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2003/10/16 13:02:14, 3] smbd/sec_ctx.c:get_current_groups(172) get_current_groups: user is in 1 groups: 8001 [2003/10/16 13:02:14, 3] smbd/password.c:register_vuid(336) uid 8001 registered to name kirby [2003/10/16 13:02:14, 3] smbd/password.c:register_vuid(338) Clearing default real name [2003/10/16 13:02:14, 3] smbd/password.c:register_vuid(340) User name: kirby Real name: [2003/10/16 13:02:14, 3] smbd/process.c:chain_reply(991) Chained message [2003/10/16 13:02:14, 3] smbd/process.c:switch_message(685) switch message SMBtconX (pid 15952) [2003/10/16 13:02:14, 3] smbd/sec_ctx.c:set_sec_ctx(329) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2003/10/16 13:02:14, 4] smbd/reply.c:reply_tcon_and_X(334) Got device type ? [2003/10/16 13:02:14, 3] lib/access.c:check_access(318) check_access: no hostnames in host allow/deny list. [2003/10/16 13:02:14, 2] lib/access.c:check_access(329) Allowed connection from (192.168.0.11) [2003/10/16 13:02:14, 3] smbd/password.c:authorise_login(736) authorise_login: ACCEPTED: validated uid ok as non-guest (user=kirby) [2003/10/16 13:02:14, 3] smbd/service.c:make_connection(487) Connect path is /tmp [2003/10/16 13:02:14, 3] smbd/sec_ctx.c:push_sec_ctx(297) push_sec_ctx(0, 0) :
[Samba] Samba 2.2.8a ldap compile problem with pdb_ldap.c
All, I am trying to compile 2.2.8a with the ldapsam, acl-support pam. The make appears to go ok but the compile part doesn't. At the beginning of the compiles it lists out the flags: Using FLAGS = -O -I./popt -Iinclude -I./include -I./ubiqx -I./smbwrapper -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64 -DLOGFILEBASE=/apps/samba/var -DCONFIGFILE=/apps/samba/lib/smb.conf -DLMHOSTSFILE=/apps/samba/lib/lmhosts -DSWATDIR=/apps/samba/swat -DSBINDIR=/apps/samba/sbin -DLOCKDIR=/apps/samba/var/locks -DCODEPAGEDIR=/apps/samba/lib/codepages -DDRIVERFILE=/apps/samba/lib/printers.def -DBINDIR=/apps/samba/bin -DPIDDIR=/apps/samba/var/locks -DLIBDIR=/apps/samba/lib -DHAVE_INCLUDES_H -DPASSWD_PROGRAM=/usr/bin/passwd -DSMB_PASSWD_FILE=/apps/samba/private/smbpasswd -DTDB_PASSWD_FILE=/apps/samba/private/smbpasswd.tdb Using FLAGS32 = -O -I./popt -Iinclude -I./include -I./ubiqx -I./smbwrapper -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64 -DLOGFILEBASE=/apps/samba/var -DCONFIGFILE=/apps/samba/lib/smb.conf -DLMHOSTSFILE=/apps/samba/lib/lmhosts -DSWATDIR=/apps/samba/swat -DSBINDIR=/apps/samba/sbin -DLOCKDIR=/apps/samba/var/locks -DCODEPAGEDIR=/apps/samba/lib/codepages -DDRIVERFILE=/apps/samba/lib/printers.def -DBINDIR=/apps/samba/bin -DPIDDIR=/apps/samba/var/locks -DLIBDIR=/apps/samba/lib -DHAVE_INCLUDES_H -DPASSWD_PROGRAM=/usr/bin/passwd -DSMB_PASSWD_FILE=/apps/samba/private/smbpasswd -DTDB_PASSWD_FILE=/apps/samba/private/smbpasswd.tdb Using LIBS = -lsec -lgen -lsocket -lnsl -lpam I get the following error messages: passdb/secrets.c: In function `secrets_fetch': passdb/secrets.c:59: warning: assignment discards qualifiers from pointer target type passdb/secrets.c: In function `secrets_store': passdb/secrets.c:74: warning: assignment discards qualifiers from pointer target type passdb/secrets.c:76: warning: assignment discards qualifiers from pointer target type passdb/secrets.c: In function `secrets_delete': passdb/secrets.c:89: warning: assignment discards qualifiers from pointer target type Compiling passdb/pass_check.c Compiling passdb/smbpassfile.c Compiling passdb/machine_sid.c Compiling passdb/pdb_smbpasswd.c Compiling passdb/pampass.c passdb/pampass.c: In function `make_pw_chat': passdb/pampass.c:220: warning: passing arg 1 of `next_token' from incompatible pointer type passdb/pampass.c:231: warning: passing arg 1 of `next_token' from incompatible pointer type passdb/pampass.c: In function `smb_setup_pam_conv': passdb/pampass.c:418: warning: assignment from incompatible pointer type Compiling passdb/pdb_tdb.c Compiling passdb/pdb_ldap.c passdb/pdb_ldap.c: In function `rebindproc_with_state': passdb/pdb_ldap.c:276: `ldap_state' undeclared (first use in this function) passdb/pdb_ldap.c:276: (Each undeclared identifier is reported only once passdb/pdb_ldap.c:276: for each function it appears in.) passdb/pdb_ldap.c: In function `pdb_getsampwnam': passdb/pdb_ldap.c:938: warning: passing arg 2 of `standard_sub_advanced' discards qualifiers from pointer target type *** Error code 1 make: Fatal error: Command failed for target `passdb/pdb_ldap.o' Can anyone help me out? Spike -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Samba Installation Problem
I am trying to install samba 3.0.0 and getting below error when try to run ./configure Please advise. Thanks. #pwd /usr/local/src/samba/3.0.0/source Is this correct place to run .configure ? # ./configure checking for gcc ..no checking for cc no checking for cc no checking for c1 .no configuration errror : no acceptable c compiler found in $PATH. Does it seems to be Linux installation problem ? If yes, what could be ? thanks one more time.. -Logi - Do you Yahoo!? The New Yahoo! Shopping - with improved product search -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Samba Installation Problem
I am trying to install samba 3.0.0 and getting below error when try to run ./configure Please advise. Thanks. #pwd /usr/local/src/samba/3.0.0/source Is this correct place to run .configure ? # ./configure checking for gcc ..no checking for cc no checking for cc no checking for c1 .no configuration errror : no acceptable c compiler found in $PATH. Does it seems to be Linux installation problem ? If yes, what could be ? thanks one more time.. -Logi - Do you Yahoo!? The New Yahoo! Shopping - with improved product search -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Is there a way to enforce a single login domain wide
Im trying a root preexec = some script the script is: #!/bin/sh # exit 1 In the samba log it says: root preexec gave 1 - connection failing Closed connection to service netlogon But I still get logged on. If I change the 1 to a 4 I get root preexec gave 4 - connection failing Closed connection to service netlogon If I change the 1 to a 0 I get no entry in the log and get logged on. The parameter appears to be acknowledged but won't prevent a logon. Any suggestions would be appreciated. DSP Gémes Géza wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Douglas Phillipson írta: | I just tested the process/uid check theory. Upon initail login the new | smbd process is owned by the user but with no activity on any shares it | switches to being owned by root in a minute. I guess I could use a | script to touch a file with the users login name or uid and just check | for that upon login and remove it on logout... | | Anyone have any better ideas? | | DSP | | | Gémes Géza wrote: | | -BEGIN PGP SIGNED MESSAGE- | Hash: SHA1 | | I.M.H.O | | you could write a root prexec script for your netlogon share, wich would | check for runing smbd with the uid of the connection, and return an | error if there is such. And specifying root prexec close = yes on the | netlogon share, you could deny them. | The danger is that because of blocked clients you would got lots of | frustrated clients. | | Good Luck! | | Geza Gemes | | John H Terpstra írta: | | On Mon, 13 Oct 2003, Douglas Phillipson wrote: | | | | | |I didn't get any hits on this. Does that mean it's not possible??? | |Has anyone enforced a single instance login policy somehow? Is | this a | |reasonable question to ask? | | | | | | This is not possible. There is no way to do this with MS Windows 200x | | server - and there is no way to do this with Samba. | | | | - John T. | | | | | |DSP | | | |Douglas Phillipson wrote: | | | | I would like to enforce a policy for a user being only able to login | |once anywhere in the Domain. When you use roaming profiles, the system | |gets confused and leaves the local profile on the client PC if the same | |user logs in on a second machine while they are still loggewd in on the | |first one. This then causes the Samba profile to NOT get updated on | |logout. If a user is currently logged on a domain, I need that user to | |be refused if they logon to a second machine until they logoff the | first | |machine. Is this possible with Samba, or would I use some sort of | logon | |script to query something and force the user off at their second login | |attempt? When this problem occurs you have to reboot the machine and | |remove the users local profile so it will again use the roaming profile | |on the samba DC. Very irritating... | | | | Thanks | | | | DSP | | | | | | | | | | -BEGIN PGP SIGNATURE- | Version: GnuPG v1.2.2 (GNU/Linux) | Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org | | iD8DBQE/i+88/PxuIn+i1pIRAi+fAJ0Yc/e6H8MyKxc0z8s1FnWhLsFVyACgh7vh | G3SEihFi0OPiVpUSvBFZZvA= | =SjHf | -END PGP SIGNATURE- | | | | Maybe if you would try to filter smbstatus output in your root preexec instead of ps-ing for smbd-s? In my samba 3.0.1pre1 smbstatus gave me the correct username after about an hour of inactivity. Good Luck! Geza Gemes -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.2 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQE/joRu/PxuIn+i1pIRAstNAKCxFtotm2nZY6bCb2wPaKoF2MuCtgCfTjOE W5KuYoiThM3nazrhkfG3Q80= =UP3R -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] preexec scripts allowing logon under all conditions in 3.0.1
In an attempt to enforce a single login domain wide. I think preexec scripts will work but when I test a script that returns a 1 the log says I get denied but I still get logged in. Here is the info: --- [netlogon] comment = Network Logon Service preexec close = yes root preexec close = yes preexec = /home/profiles/test.sh root preexec = /home/profiles/test.sh # root preexec = csh -c 'if [ -f /home/%u/.loggedon ] exit 0' path = /home/netlogon guest ok = no writable = no create mask = 0600 directory mask = 0700 -- The script test.sh is just: #!/bin/sh # exit 1 The samba log says: root preexec gave 1 - connection failing Closed connection to service netlogon But I still get logged on. If I change the 1 to a 4 I get root preexec gave 4 - connection failing Closed connection to service netlogon But I still get logged on. If I change the 1 to a 0 I get no entry in the log and get logged on. The parameter appears to be acknowledged but won't prevent a logon. Any suggestions would be appreciated. Regards DSP -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba MS Office
Hi, We have a similar problem and I still haven't figured it out. In our case, Office insists on writing files to a home samba share with permissions set to 0444. When writing a file to a share on a Windows machine, there is no problem. Notepad and any other Windows applications write files with proper permissions (in our case, 0644). Oddly enough, saving Office files on other samba shares with identical parameters in smb.conf doesn't exhibit the same behaviour, only when Office writes a file to the home share do we get this problem with them being read-only. I'm currently at a loss If you can solve this, please email me or post to the list. Thanks, --john campbell On Thu, 2003-10-16 at 03:18, Andreas Unterkircher wrote: Hello! I have a strange probleme with samba (debian sid, 3.0final) and Microsoft Office (in moment 97 is in use, but the same error with Office XP). I didn't found something in the Mailing-Lists-Archive, so I simple ask - Samba is used as PDC with Domain-Logons. When creating a new Document in Microsoft Word and try to save it on a samba share, we always get an error - Word says, that saving this file failed (no more information), than it asks, if we would try to safe again, we click on Yes and than it works!?!? Debugging is fully turned on (level 10), but we only see, that samba says, writing ist ok, but in the first try, it hasn't saved this file! This happens only with the MS Office. I also tried it with (as example) notepad to save a simple txt-file and this makes no problem! If found some informations in the Mailing-List and enabled following things: strict allocate = Yes strict locking = Yes strict sync = Yes But that hasn't solved the Problem. Here is a snap of our smb.conf # Global parameters [global] workgroup = OURSMBDOMAIN security=user name resolve order=wins bcast server string = %h server (Samba %v) interfaces = 192.168.193.0/24 encrypt passwords = true unix password sync = Yes log level = 10 time server = Yes keepalive = 30 guest account = nobody socket options = IPTOS_LOWDELAY TCP_NODELAY SO_SNDBUF=4096 SO_RCVBUF=4096 domain admin group = root, Administrator, @smbusers add user script = /usr/sbin/useradd -g 100 -d /dev/null -s /bin/false -M %u logon path = \\%N\profiles\%U logon script = %U.bat domain logons = Yes os level = 64 preferred master = True domain master = True wins support = Yes printing = cups strict allocate = Yes strict locking = Yes strict sync = Yes unix charset = 850 [office] comment = Office path = /mnt/shares/office public = no force group = +office force create mode = 2510 force directory mode = 2510 security mask = 0267 directory security mask = 0267 writeable = yes create mode = 2770 directory mode = 2770 valid users = @office Thank's for any information! Greetings, Andreas Andreas Unterkircher CUBiT IT Solutions GmbH Albertgasse 43 A-1080 Wien Tel: +43-1-7189880-0 Fax: +43-1-7189880-11 [EMAIL PROTECTED] http://www.cubit.at -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Cann't get Samba 3.0.0 installed on a SuSE 8.2
Hallo, after I got same error messages because of missing Kerberos, I deinstalled heimdal and installed Kerberos 5 (_devel, _libs, _workstation). I also made the necessary changes in the /etc/krb5.conf file and tested the connection with the Active Directory with the kinit [EMAIL PROTECTED] I also synchronized the time and so I get the tickets. Now I wanted to install Samba 3.0.0 on SuSE 8.2 and there the problems which let me stop here started. This are the error message I get when I configure the source code´under SuSE 8.2: linux:~/Desktop/samba/source # ./configure --prefix=/usr/local/samba --with-ldap --with-ads --with-krb5=/us r/kerberos (I have already tried it with a lot of different parameters and without - automatic, but this doesn't seem to be the reason) checking linux/quota.h presence... yes configure: WARNING: linux/quota.h: present but cannot be compiled (why???) configure: WARNING: linux/quota.h: check for missing prerequisite headers? (sorry, but what???) configure: WARNING: linux/quota.h: proceeding with the preprocessor's result (what does this mean???) And when I try to compile (with the error message mentioned above) I get the following messages: linux:~/Desktop/samba/source # make Using FLAGS = -g -O2 -I/usr/kerberos/include -I./popt -Iinclude -I/root/Desktop/samba/so urce/include -I/root/Desktop/samba/source/ubiqx -I/root/Desktop/samba/source/smbwrapper - I. -D_LARGEFILE64_SOURCE -D_FILE_OFFSET_BITS=64 -D_GNU_SOURCE -I/usr/kerberos/include -I/root/Desktop/samba/source LIBS = -lcrypt -lresolv -lnsl -ldl LDSHFLAGS = -shared LDFLAGS = Generating smbd/build_options.c ... Compiling lib/util_str.c (1) lib/util_str.c: In function `strchr_m': lib/util_str.c:1196: warning: return discards qualifiers from pointer target type lib/util_str.c: In function `strrchr_m': lib/util_str.c:1244: warning: return discards qualifiers from pointer target type Compiling lib/clobber.c ... Compiling tdb/tdbutil.c (2) tdb/tdbutil.c: In function `make_tdb_data': tdb/tdbutil.c:45: warning: assignment discards qualifiers from pointer target type tdb/tdbutil.c: In function `tdb_chainlock_with_timeout_internal': tdb/tdbutil.c:59: warning: passing arg 1 of `tdb_set_lock_alarm' discards qualifiers from pointer target type Compiling tdb/tdbback.c ... Compiling smbd/notify_hash.c (3) smbd/notify_hash.c: In function `notify_hash': smbd/notify_hash.c:91: warning: assignment discards qualifiers from pointer target type Compiling smbd/notify_kernel.c ... Compiling libads/kerberos.c (4) libads/kerberos.c: In function `kerberos_kinit_password': libads/kerberos.c:84: warning: passing arg 6 of `krb5_get_init_creds_password' discards qualifiers from pointer target type Compiling libads/util.c ... Compiling nsswitch/winbindd_acct.c (5) nsswitch/winbindd_acct.c: In function `string2group': nsswitch/winbindd_acct.c:224: warning: passing arg 1 of `next_token' from incompatible pointer type Compiling sam/idmap.c ... Compiling client/client.c (6) client/client.c: In function `do_get': client/client.c:694: warning: passing arg 4 of `cli_getattrE' from incompatible pointer type client/client.c: In function `do_put': client/client.c:1070: warning: passing arg 4 of `cli_getattrE' from incompatible pointer type client/client.c: In function `do_host_query': client/client.c:2670: warning: passing arg 1 of `list_servers' discards qualifiers from pointer target type client/client.c: In function `main': client/client.c:2939: warning: passing arg 1 of `lp_set_name_resolve_order' discards qualifiers from pointer target type Compiling client/clitar.c ... Compiling utils/net_ads.c (7) utils/net_ads.c: In function `net_ads_join': utils/net_ads.c:743: warning: assignment discards qualifiers from pointer target type Compiling utils/net_ads_cldap.c ... Compiling utils/net_lookup.c (8) utils/net_lookup.c: In function `net_lookup_kdc': utils/net_lookup.c:212: warning: passing arg 3 of `krb5_locate_kdc' from incompatible pointer type Compiling utils/net_cache.c ... Compiling utils/smbcontrol.c (9) utils/smbcontrol.c: In function `do_printnotify': utils/smbcontrol.c:422: warning: passing arg 3 of `notify_printer_byname' discards qualifiers from pointer target type Linking bin/smbcontrol ... Compiling rpcclient/cmd_spoolss.c (10) rpcclient/cmd_spoolss.c: In function `get_driver_3_param': rpcclient/cmd_spoolss.c:1185: warning: passing arg 1 of `strtok' discards qualifiers from pointer target type Compiling rpcclient/cmd_netlogon.c ... Compiling rpcclient/cmd_reg.c (11) rpcclient/cmd_reg.c: In function `cmd_reg_shutdown': rpcclient/cmd_reg.c:910: warning: passing arg 2 of `getopt' from incompatible pointer type Compiling rpcclient/display_sec.c ... Compiling libsmb/spnego.c (12) libsmb/spnego.c: In function `read_negTokenInit': libsmb/spnego.c:51: warning: passing arg 2 of `asn1_read_OID' from
[Samba] Is wins.dat supposed to list all LMB, or just the DMB?
My network looks like this: internet 192.168.0.0/24 router +++- internal 192.168.5.0/24 ||| router +-+--+- LNB---mswin || (also a | | | client || samba | | || server) | | samba | | samba LNBlinux samba | linux WINS linux mswin client-LNB I wanted to know which boxes were the LMBs and the DMB, so I looked into the wins.dat on the WINS server. But in wins.dat, I only see one line that has MSBROWSE in it: ^A^B__MSBROWSE__^B#01 1066639333 255.255.255.255 e4R Is this supposed to be the DMB? Why the 255.255.255.255 address? I would expect there to be a host address there. Why aren't the LMBs listed in this file? The actual LMBs can be found by running nmblookup on the two subnets: # nmblookup -M -B 192.168.0.255 - querying ^A^B__MSBROWSE__^B on 192.168.0.255 192.168.0.13 ^A^B__MSBROWSE__^B01 192.168.0.100 ^A^B__MSBROWSE__^B01 # nmblookup -M -B 192.168.5.255 - querying ^A^B__MSBROWSE__^B on 192.168.5.255 192.168.5.200 ^A^B__MSBROWSE__^B01 Shouldn't these be registered by the WINS server? How can the LNBs get each others' lists if they can't look up the DMB on the WINS server? How can the DMB find the LMBs if it is not listed on the WINS server? In fact, the LNBs are NOT getting each others' lists: # smbclient -N -L 192.168.5.200 | grep ABCDMEDIA ABCDMEDIAKickin' Media Repository! NOGROUP ABCDMEDIA # smbclient -N -L 192.168.0.13 | grep ABCDMEDIA # As you can see, the LNB on the .5.0/24 network knows about ABCDMEDIA, but the LNB on the .0.0/24 network does not. Obviously something is not configured right. Any suggestions? Dave -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] can't tell if my email is being seen.
i asked a question about syncing unix and samba passwords, and also where the archives were. i haven't seen any answers, so now i'm starting to wonder if the msg got in at all. if nothing else, help me find the archives of this mailing list i looked through all my join email and didn't see where they were. j. -- Jay Scott 512-835-3553[EMAIL PROTECTED] Head of Sun Support, Sr. Operating Systems Specialist Applied Research Labs, Computer Science Div. S224 University of Texas at Austin -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] What version of LDAP is required for Samba 3.0?
I get the following error using the current openldap, or sunfreeware package or my own ldap package: checking for LDAP support... auto checking ldap.h usability... no checking ldap.h presence... yes configure: WARNING: ldap.h: present but cannot be compiled configure: WARNING: ldap.h: check for missing prerequisite headers? configure: WARNING: ldap.h: proceeding with the preprocessor's result checking for ldap.h... yes checking lber.h usability... yes checking lber.h presence... yes checking for lber.h... yes checking for ber_scanf in -llber... no checking for ldap_init in -lldap... yes checking for ldap_domain2hostlist... no checking for ldap_set_rebind_proc... yes checking whether ldap_set_rebind_proc takes 3 arguments... 3 checking for ldap_initialize... no configure: WARNING: libldap is needed for LDAP support checking for Active Directory and krb5 support... yes configure: error: Active Directory Support requires LDAP support Then compiling bails on me. Perhaps I am using an incorrect version of Ldap...or I may need the developement version perhaps? Any ideas? -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] is there a way to enforce a single domain wide login
If I put a preexec script in the [profiles] share that touches a file in the users home dir, then removes it with a postexec script, I can enforce a domain wide single login. That is for about 1 minute. What appears to be happening is the share has a timeout feature that disconnects after about 1 minute and then calls the postexec script which removes the file required to determine if that user is currently logged on. I tried using the deadtime = 0 attribute but it still times out and runs the postexec script. Any suggestions are appreciated... DSP -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Apache auth failing for Active Directory group members
On my web server, I have a .htaccess file set up to restrict access to a folder for specific Active Directory users. The Active Directory domain is imaginatively called AD. Using 'require user ad\brian.cochrane' in .htaccess works great. 'require group ad\domain users' also works. However, 'require group ad\_it' does not work. The user brian.cochrane is a member of both the Domain Users and _IT groups. With .htaccess configured to only allow ad\_IT group members, attempting to access the secured directory as ad\brian.cochrane fails. After 3 attemps I get the usual Authorization Required page from Apache. Nothing regarding the failure is logged by Apache or winbindd. However, /var/log/auth.log shows pam_winbind[4145]: user 'ad\brian.cochrane' granted access. The winbind/samba configuration is otherwise working great. I can restrict access to unix files and directories for specific Active Directory users and groups. I have noticed that the usernames used by Apache's basic authentication mechanism are case sensitive (even though winbind's AD to unix user/group mapping does not appear to be), so I've tried various permutations of case in the .htaccess file and when supplying my credentials. Thinking the leading underscores in the group names were causing a problem, I also added the brian.cochrane user to another AD group called test, but the results were the same. So far, no luck. I have included software version and configuration details below. If there is more information I can provide, I'd be happy to. I am reluctant to upgrade to Debian/testing to see if a newer version of samba, winbind, or the Apache auth_pam module fixes the problem, as this is a production server and downtime is an issue. Has anyone else had this problem? Any known solutions? Any information you can provide is greatly appreciated. Thank you, Brian Cochrane software version details -- OS: Linux 2.4.18 distribution: Debian 3.0/stable samba/winbind package: 2.2.3a-12.3 libapache-mod-auth-pam package: 1.0a-7 winbind config in /etc/samba/smb.conf -- #winbind separator = + winbind uid = 1-2 winbind gid = 1-2 winbind enum users = yes winbind enum groups = yes /etc/pam.d/httpd -- auth required /lib/security/pam_winbind.so accountrequired /lib/security/pam_winbind.so .htaccess -- AuthPAM_Enabled On AuthPAM_FallThrough Off AuthAuthoritative Off AuthType Basic AuthName test #require group ad\_it require user ad\brian.cochrane -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Access denied
I was wondering if anyone had encountered this problem, when adding a Windows XP Pro client to a Samba 3 PDC. The user being used is Administrator, who has RID of 500, and is a member of Domain Admins. Backend is LDAP, and is in working order. smbldap-useradd.pl has been modified, so machine accounts are actually created correctly with it, but it's never actually run by the process. The only relevant log entries, I can find are: _samr_create_user: ACCESS DENIED (granted: 0x0201; required: 0x0010) 001c status: NT_STATUS_ACCESS_DENIED 0008 status: NT_STATUS_ACCESS_DENIED Can anyone enlighten me, what these are about? pgp0.pgp Description: signature -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [OT] [Samba] SPAM
On Thursday 16 October 2003 07:55 am, you wrote: Around 300 spam in less than one day. Sure it's not the list fault, but come on. I guess this is not the right place to complain about it. :) Denis This site got more than 500,00 deivery attempts in the first two days of the latest worm attack. Worms/viruses are a fact of life on the net. Deal with them. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RES: [Samba] Windows Progamams and Samba PDC
On Mon, 8 Sep 2003 [EMAIL PROTECTED] wrote: Hi Samba users ! we set up a samba PDC with a Domain in our school net. Everything works fine and the W2k Clients are joining the domain. But some Programs are not running from the w2k box. On the lokal Machine we need an administrational account in order to install the windows programs. After I log on into the domain I can´t run the programs - it is said, that I have not the rights to access. You should add the Domain Users group for your domain in the Administrators group on your w2k client. Dear John T. I am with the same problem, as I make to add one user of the domain in the Adminitrators group of my w2k client. I have Samba 2.2.3a-12.3. Thanks Rogério. Rogério Oliveira Naressi - email: [EMAIL PROTECTED] IPEF - Instit. de Pesq. e Est. Florestais - http://www.ipef.br Depto de Ciênc. Florestais-ESALQ/USP - http://lcf.esalq.usp.br -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Error: Cannot find KDC for requested realm
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Jonathan Villa wrote: [global] workgroup = OURDOMAIN security = ADS realm = OURDOMAIN.com password server = OURSERVER When I try to join the domain I do the following: ./net ads join -w OURDOMAIN -U administrator and the response is this kerberos_kinit_password [EMAIL PROTECTED] failed: Cannot find KDC for requested realm This is a krb5 lib thing. Either hardcode the KDCs in /etc/krb5.conf or enable DNS SRV lookups in the krb5 libs. Hope this helps. cheers, jerry -- Hewlett-Packard- http://www.hp.com SAMBA Team -- http://www.samba.org GnuPG Key http://www.plainjoe.org/gpg_public.asc You can never go home again, Oatman, but I guess you can shop there. --John Cusack - Grosse Point Blank (1997) -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.1 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQE/j1m5IR7qMdg1EfYRAv5rAJ0TcExUz0rz3Vc67CqAePyHmJZjBQCg8uH/ A3NvHUoYB7tur0YCHP7drcA= =JzZY -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Suggestions for argument for Samba over Windows 2003?
Hi We've recently been through a merger of 2 equal sized Schools, . one School was using Windows 2000 servers and W2K desktops, AD etc . the other was using Samba 2.x servers to control a domain, with mostly Windows 98 desktops. We then worked out what services were running and deliberated on where to run them in the new merged systems. As it turned out, the decision was to go for Windows Server 2003 for email, printing, virus scanning and so on. However Web, Web Proxy, DHCP, DNS etc will continue to live on Unix. The shared network drives might end up on Unix, or Windows. It depends if people need fine-grained ACLs which Windows offers, or maybe even if end-users themselves need to be able to apply the ACLs, rather than IT admins having to do it. The Home directories however, are still a sticking point... I'm currently running a RedHat 9 (which means Samba 2.2.7) on a DELL server. The hardware should be fine to handle the load for the whole school, which comprises about 200 - 250 users. (This server is currently controlling the Samba domain for one of the former schools). We're getting close to making a final determination of whether the Home directories should stay on this box, or move them to a box running Windows Server 2003. I've been using Samba as my Domain Controller with a lot of good results and very little pain for a long time, so my preference is to stay with it (and Unix-like systems). However the new domain will be one controlled by AD, the IT guys from the other School aren't Unix-skilled, and so I need to produce sound technical arguments for keeping Samba, not just my personal preference based on what is familiar/known... Reasons FOR moving the home dirs to Windows 2003 are largely the same ones which got it decided upon in the first place. ie. stability; reliability; complete integration with AD; only one password source and so a single password across servers; that it is adminnable by any IT support staff, not just Unix guys; that it is an officially supported product. The other side of the coin, concerns against keeping it on Unix include that home directories are absolutely vital which MUST NOT break; that a hetrogenous mix of servers must somehow lead to problems which won't arise if all servers run the same OS; that we will have users and/or passwords stored in 2 places, so they will get out of sync, or only Unix guys will be able to fix things, or that we won't be able to use the Windows Admin tools to admin everything, or that end users won't be able to use the Windows change password utils, but will instead have to use a custom web page or something; The advantages for us of Samba, as far as I can see, are that some of our admins have experience in it, know it, and like it; we can restrict access to SMB services based on IP ranges; we can automatically run scripts when shares are mounted/umounted, so we can make truly dynamic shares based on user privs; the new version integrates with AD, so password syncing issues should all go away, at least as far as end users are concerned; we could probably use SWAT to give non-Unix guys admin access; Problem is, that to management types, I dunno if these sorts of reasons are going to outweigh the safety/security of a more homogenous environment. I apologise for the length of this post, but I'd also like to give the people who have coordinated the Samba 3 documentation a huge rap. Documentation isn't fun or sexy, and previously there were lots of small docs, which were correct at the time of writing, and written with good intentions, but which had been superceded and were in many cases erroneous. And at the end of the day, it doesn't matter how brilliant the software is if the only people who know how to utilitise it, are the people who coded it. So the new Samba Project Doco is brilliant! It's big and I'm still ploughing through it, but so far it's doing a great job of explaining the underlying issues and then getting into the technical nitty gritty. It brings you up to speed, so you can then consult the man pages for the exact specifics of what is needed. Congratulations to John/Jerry et al So, anyway, from my reading of the doco so far, it would seem that we could integrate the Unix box one of two ways: . Upgrade it to Samba 3, and have it join the Win 2003 domain. Since the only access we're supporting into the box is SMB, we don't need to worry about setting or syncing the Unix password. I still need some way to create the underlying unix account though, preferably with consistent, rather than randomly assigned uids/gids. I could use normal Unix commands to manually create the Unix accounts, but since I have previously set up an OpenLDAP box and made accounts on it for everyone, I could probably homebrew some sort of web-based makeuser script, and point NSS at it. . leave it on
[Samba] cannot locate roaming profile
Hi all.
I've just installed samba-3.0.1-rc1 as a PDC and I can add computers (
win2k ) to the domain, but when users log on, they get an error:
... windows cannot locate your roaming profile ...
or words to that effect.
My smb.conf is:
# Global parameters
[global]
workgroup = NUS
server string = Samba Server %v
bind interfaces only = true
interfaces = 192.168.0.10/24
passdb backend = tdbsam
pam password change = Yes
unix password sync = Yes
log level = 3
log file = /var/log/samba3/log.%m
max log size = 50
name resolve order = wins lmhosts bcast
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
printcap name = cups
add user script = /usr/sbin/useradd -s /bin/false '%u'
delete user script = /usr/sbin/userdel '%s'
add group script = /usr/sbin/groupadd %g getent group
'%g'|awk -F: '{print $3}'
delete group script = /usr/sbin/groupdel '%g'
add user to group script = /usr/bin/gpasswd -a '%u' '%g'
delete user from group script = /usr/bin/gpasswd -d '%u' '%g'
set primary group script = /usr/sbin/usermod -g '%g' '%u'
domain logons = Yes
os level = 33
preferred master = Yes
domain master = Yes
wins support = Yes
printer admin = @adm
printing = cups
preserve case = No
[homes]
comment = Home Directories
read only = No
browseable = No
[netlogon]
comment = Network Logon Service
path = /usr/local/smb_shares/netlogon
guest ok = Yes
I've read the docs that state that it is not recommended to use roaming
profiles, and I agree. How do I stop windows from trying to locate one?
Thanks!
Dan
--
Daniel Kasak
IT Developer
* NUS Consulting Group*
Level 5, 77 Pacific Highway
North Sydney, NSW, Australia 2060
T: (+61) 2 9922-7676 / F: (+61) 2 9922 7989
email: [EMAIL PROTECTED]
website: http://www.nusconsulting.com.au
--
To unsubscribe from this list go to the following URL and read the
instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] samba 3.0.0 + mysql
Am Die, 2003-10-14 um 16.29 schrieb Fernando Athayde - Eturbo: I configured the samba to function with mysql, this functioning perfect, but it would like that it nao tied the user of mysql with the usuario of/etc/passwd of linux, exists some skill. thanks, Fernando Athayde From Brazil Seems like nobody has skill on mysql with samba sad -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] samba3.0 rpm for SLES7
Does anybody know if there is samba3.0.0 rpm for SLES7 available? Thanks in advance! Josef __ Josef Knoblauch ALLDATA SYSTEMS GmbH Systemtechnik Redlichstraße 2 40239 Düsseldorf Telefon +49-(0)0211/964 - 1560; Telefax +49-(0)0211/964 - 1155 mailto:[EMAIL PROTECTED]; http://www.alldata.de -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Some bugs and problems and question
Hello, I have somme problems or bug with samba 3.0.0. My server is a kernel 2.4.22 with patch bk31 and xfs First problem : In log file, I can read these lines : [2003/10/16 14:58:40, 0] rpc_server/srv_util.c:get_domain_user_groups(371) get_domain_user_groups: primary gid of user [sad] is not a Domain group ! get_domain_user_groups: You should fix it, NT doesn't like that The gidNumber = 221 and the Users group have the gid number 221. The group Users contain the group maping Domain Users Domain Users (S-1-5-21-XX-X-XX-513) - Users Where is the problem ? In the same log, I find : [2003/10/15 12:45:43, 0] lib/util_str.c:safe_strcpy_fn(577) ERROR: NULL dest in safe_strcpy Warning - Cannot open file '%s', Aucun fichier ou répertoire de ce type qsys1: nothing to print rm: Ne peut enlever `%s': Aucun fichier ou répertoire de ce type What's mean ? When Samba 3.0.1 will be released ? Thank you Stéphane Purnelle --- Stéphane PURNELLE [EMAIL PROTECTED] Service Informatique Corman S.A. Tel : 00 32 087/342467 -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Re: Samba 3.0.1pre1 available for download
On Fri, Oct 10, 2003 at 04:48:13PM -0500, Gerald (Jerry) Carter wrote: This is a preview release of the Samba 3.0.1 code base and is provided for testing only. This release is *not* intended for production servers. Use at your own risk. There have been several bug fixes since 3.0.0 that we feel are important to make available to the Samba community for wider testing. Is there an ETA for 3.0.1? -- albert chin ([EMAIL PROTECTED]) -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Samba connections
Is there a limit to the amount of connections made through SAMBA? Using interop for Rational ClearCase SAMBA seems to fall over when the connections total 88! Any ideas why? Regards, Paul Ayres Clearvision-cm (Consultant) -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba connections
On Thu, Oct 16, 2003 at 04:59:50PM +0100, Paul A wrote: Is there a limit to the amount of connections made through SAMBA? Using interop for Rational ClearCase SAMBA seems to fall over when the connections total 88! Any ideas why? What version of Samba on what platform ? Please give more details, this is not even a good request for help, let alone a bug report :-). Cheers, Jeremy. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
printing robustness issue
I'm using VMS samba (2.2.8) to service about 10 print queues to about 100 PCs. Every now and then, something goes wrong with a print operation and the PC and the SMBD process end up in a loop chatting about their predicament. The SMBD process will show 2000-3000 I/O's per second. I haven't been able to track down the exact set of circumstances that causes this loop, has anyone else seen this in a way they could reproduce reliably? If you kill the smbd process, the spooler process on the PC (under XP pro), immediately reconnects to the server and appears to want to retry sending the print job (I make the new smbd start with a higher debug level to see what is going on). The new smbd process doesn't recognize the printer handle and apparently sends a WERR_BADFID error response, to which the PC reacts by repeating the attempt a short time later. The net ammount of I/O from this loop is relatively low, but it never stops until you reboot the machine. - David L. Jones | Phone:(614) 292-6929 Ohio State University| Internet: 140 W. 19th St. Rm. 231a | [EMAIL PROTECTED] Columbus, OH 43210 | [EMAIL PROTECTED] Disclaimer: I'm looking for marbles all day long. PLEASE READ THIS IMPORTANT ETIQUETTE MESSAGE BEFORE POSTING: http://www.catb.org/~esr/faqs/smart-questions.html
CVS update: samba/source/smbd
Date: Thu Oct 16 18:17:42 2003 Author: jra Update of /data/cvs/samba/source/smbd In directory dp.samba.org:/tmp/cvs-serv12491/smbd Modified Files: reply.c Log Message: Fix buggy data_len calculation in echo. Add paranoia debug message. Jeremy. Revisions: reply.c 1.437 = 1.438 http://www.samba.org/cgi-bin/cvsweb/samba/source/smbd/reply.c.diff?r1=1.437r2=1.438
CVS update: samba/source/smbd
Date: Thu Oct 16 20:44:41 2003 Author: jra Update of /data/cvs/samba/source/smbd In directory dp.samba.org:/tmp/cvs-serv29397/smbd Modified Files: ipc.c nttrans.c trans2.c Log Message: Tidyup wrap checking. Jeremy. Revisions: ipc.c 1.188 = 1.189 http://www.samba.org/cgi-bin/cvsweb/samba/source/smbd/ipc.c.diff?r1=1.188r2=1.189 nttrans.c 1.183 = 1.184 http://www.samba.org/cgi-bin/cvsweb/samba/source/smbd/nttrans.c.diff?r1=1.183r2=1.184 trans2.c1.253 = 1.254 http://www.samba.org/cgi-bin/cvsweb/samba/source/smbd/trans2.c.diff?r1=1.253r2=1.254
CVS update: samba/source/smbd
Date: Thu Oct 16 20:44:43 2003 Author: jra Update of /data/cvs/samba/source/smbd In directory dp.samba.org:/tmp/cvs-serv29399/smbd Modified Files: Tag: SAMBA_3_0 ipc.c nttrans.c trans2.c Log Message: Tidyup wrap checking. Jeremy. Revisions: ipc.c 1.180.2.10 = 1.180.2.11 http://www.samba.org/cgi-bin/cvsweb/samba/source/smbd/ipc.c.diff?r1=1.180.2.10r2=1.180.2.11 nttrans.c 1.154.2.32 = 1.154.2.33 http://www.samba.org/cgi-bin/cvsweb/samba/source/smbd/nttrans.c.diff?r1=1.154.2.32r2=1.154.2.33 trans2.c1.217.2.54 = 1.217.2.55 http://www.samba.org/cgi-bin/cvsweb/samba/source/smbd/trans2.c.diff?r1=1.217.2.54r2=1.217.2.55
CVS update: sambaweb
Date: Thu Oct 16 21:31:19 2003 Author: jra Update of /data/cvs/sambaweb In directory dp.samba.org:/tmp/cvs-serv1480 Modified Files: samba.html Log Message: Added link to IT Week test results. Jeremy. Revisions: samba.html 1.212 = 1.213 http://www.samba.org/cgi-bin/cvsweb/sambaweb/samba.html.diff?r1=1.212r2=1.213
CVS update: samba/source/nsswitch
Date: Thu Oct 16 22:03:34 2003 Author: sharpe Update of /data/cvs/samba/source/nsswitch In directory dp.samba.org:/tmp/cvs-serv4347/nsswitch Modified Files: wb_common.c Log Message: Remove DEBUG statement from wb_common.c as it should not be there. Revisions: wb_common.c 1.28 = 1.29 http://www.samba.org/cgi-bin/cvsweb/samba/source/nsswitch/wb_common.c.diff?r1=1.28r2=1.29
CVS update: samba/source
Date: Fri Oct 17 04:59:07 2003 Author: tpot Update of /data/cvs/samba/source In directory dp.samba.org:/tmp/cvs-serv18964 Modified Files: Tag: SAMBA_3_0 configure.in Log Message: Add configure test for krb5_keytab_entry keyblock vs key member. Bug #636. Revisions: configure.in1.300.2.176 = 1.300.2.177 http://www.samba.org/cgi-bin/cvsweb/samba/source/configure.in.diff?r1=1.300.2.176r2=1.300.2.177
