[Samba] Samba Connection Problem
I've just set up samba for a small LAN. I'm running samba 2.2.7 on RH 8. Now I have a real problem that I have no clue on. I have VERY intermittent connectivity to the Samba server. If I left a computer (Windows 98) idle for a while, and then try to browse the contents in the Samba server, I will get this error domain is unavailable or The specified network name is no longer available. Sometimes it just freeze the computer. I have to restart the computer and reconnect to Samba again. Sometimes it connects and give me the proper info, sometimes not. Browsing is also screwed up. When I go into Windows Explorer, it takes a minute or so to update the contents. Sometimes stopping and restarting samba does the trick; sometimes it makes it worse. This is very frustrating! Does anyone have the same problem? Any suggestion on how to fix this?! Your advice and help are much appreciated. Please e-mail your suggestion to [EMAIL PROTECTED] Thanks Lawrence -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba Installation Problem
Hi Guess, if you want to compile (install) Samba 3 from the source you need to install a C-Compiler first (because Samba is written in C-Programming-Language). I'm not quite sure if theres a precompiled Pakage of Samba 3 yet. (like Sambaxxx.rpm, ...) Visit http://www.gnu.org/software/gcc/gcc.html and get your latest version of gcc first! Marco P.S. if gcc is allready installed your PATH-Variable is set wrong, therefore it can't find it. Guess Logi schrieb: I am trying to install samba 3.0.0 and getting below error when try to run ./configure Please advise. Thanks. #pwd /usr/local/src/samba/3.0.0/source Is this correct place to run .configure ? # ./configure checking for gcc ..no checking for cc no checking for cc no checking for c1 .no configuration errror : no acceptable c compiler found in $PATH. Does it seems to be Linux installation problem ? If yes, what could be ? thanks one more time.. -Logi -- # # # Marco Lechner # # dienstlich: # Netzwerkbeauftragter # Physische Geographie # Uni Heidelberg # Im Neuenheimer Feld 348 # 69120 Heidelberg # 06221 / 54-4584 # [EMAIL PROTECTED] # # -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] NET_SAMLOGON issue
Hi all, I'm having a little trouble with my Samba setup. :-( I hope some SMB protocol guru will be able to say to me what's going wrong! I must apologize as it's a bit long and heavy in your mailbox, but this is not a trivial issue and i think it requires some explanations to be fully understood. So let's go! Here is my setup: - I use Samba 3.0.1-pre1 as PDC. Domain is called DC-SORRAL. - Domain members are Win2K server and WinXP. - SAM backend is ldapsam_compat. - I can log on as a domain user in both Win2K and WinXP==-Roaming users work Ok. Note: smb.conf is given as attachment So i would say a 'common LDAP Samba 3 setup' is up and running. But now i need to go a bit further. I'm trying to have a third party Windows software (called HummingBird DM - that's a proprietary electronic document management System) to authenticate it's users using the Samba PDC. It's supposed to run with Windows NT4 SP4 or later as domain controller, so... I suppose it should run with Samba 3. (Tell me if i'm wrong :-)). HummmingBird DM uses a domain account which is in our case 'zzAdmin' with password '55nm08dk55nm08dk'. I can log on zzAdmin without issue, but when i tell HummingBird's wizard to use the account 'zzAdmin' the wizard fails and sends back to me a wrong user name / wrong password error. So i turn debugging level to 255, defined DEBUG_PASSWORD in auth_sam.c and recompile the whole, and restart Samba. Then i begin to analyse the log file: (note: full log file is gziped as attachment - chosen parts are given below, as the whole is ~6000 lines long) --SNIP-- [2003/10/14 16:40:37, 5] rpc_server/srv_pipe.c:api_pipe_request(1454) Requested \PIPE\NETLOGON [2003/10/14 16:40:37, 4] rpc_server/srv_pipe.c:api_rpcTNP(1488) api_rpcTNP: NETLOGON op 0x2 - created /tmp/in_NETLOGON_2.10.prs [2003/10/14 16:40:37, 3] rpc_server/srv_pipe.c:api_rpcTNP(1495) api_rpcTNP: rpc command: NET_SAMLOGON --SNIP-- It seems Hummingbird wants to authenticate itself...good news!! --SNIP-- [2003/10/14 16:40:37, 5] rpc_parse/parse_prs.c:prs_uint32(634) 00e4 uni_str_len: 0007 [2003/10/14 16:40:37, 5] rpc_parse/parse_prs.c:dbg_rw_punival(806) 00e8 buffer : z.z.A.d.m.i.n. [2003/10/14 16:40:37, 9] rpc_parse/parse_prs.c:prs_debug(81) f6 smb_io_unistr2 uni_wksta_name [2003/10/14 16:40:37, 5] rpc_parse/parse_prs.c:prs_uint32(634) 00f8 uni_max_len: 000c [2003/10/14 16:40:37, 5] rpc_parse/parse_prs.c:prs_uint32(634) 00fc undoc : [2003/10/14 16:40:37, 5] rpc_parse/parse_prs.c:prs_uint32(634) 0100 uni_str_len: 000c [2003/10/14 16:40:37, 5] rpc_parse/parse_prs.c:dbg_rw_punival(806) 0104 buffer : D.C.-.S.O.R.R.A.L.-.0.6. [2003/10/14 16:40:37, 9] rpc_parse/parse_prs.c:prs_debug(81) 00011c smb_io_string2 nt_chal_resp [2003/10/14 16:40:37, 5] rpc_parse/parse_prs.c:prs_uint32(634) 011c str_max_len: 0020 [2003/10/14 16:40:37, 5] rpc_parse/parse_prs.c:prs_uint32(634) 0120 undoc : [2003/10/14 16:40:37, 5] rpc_parse/parse_prs.c:prs_uint32(634) 0124 str_str_len: 0020 [2003/10/14 16:40:37, 5] rpc_parse/parse_prs.c:prs_string2(960) 0128 buffer : 5.5.n.m.0.8.d.k.5.5.n.m.0.8.d.k. [2003/10/14 16:40:37, 9] rpc_parse/parse_prs.c:prs_debug(81) 000148 smb_io_string2 lm_chal_resp [2003/10/14 16:40:37, 5] rpc_parse/parse_prs.c:prs_uint32(634) 0148 str_max_len: 000e [2003/10/14 16:40:37, 5] rpc_parse/parse_prs.c:prs_uint32(634) 014c undoc : [2003/10/14 16:40:37, 5] rpc_parse/parse_prs.c:prs_uint32(634) 0150 str_str_len: 000e [2003/10/14 16:40:37, 5] rpc_parse/parse_prs.c:prs_string2(960) 0154 buffer : 55NM08DK55NM08 [2003/10/14 16:40:37, 5] rpc_parse/parse_prs.c:prs_uint16(605) 0162 validation_level: 0003 --SNIP-- HummingBird sends us zzAdmin...seems clever :-) HummingBird sends us a clear text password...quite strangeas the debugging string 'nt_chal_resp' would make us think it is rather a NTLM challenge response. --SNIP-- sam_password_ok: Checking NTLMv2 password with domain [DC-SORRAL] [2003/10/14 16:40:37, 100] auth/auth_sam.c:smb_pwd_check_ntlmv2(131) Part password (P16) was | [2003/10/14 16:40:37, 100] lib/util.c:dump_data(1825) [000] 83 0D 28 64 3B F5 66 10 23 F9 14 15 80 08 95 40 ..(d;.f. #..@ Password from client was | [2003/10/14 16:40:37, 100] lib/util.c:dump_data(1825) [000] 35 00 35 00 6E 00 6D 00 30 00 38 00 64 00 6B 00 5.5.n.m. 0.8.d.k. [010] 35 00 35 00 6E 00 6D 00 30 00 38 00 64 00 6B 00 5.5.n.m. 0.8.d.k. Variable data from client was | [2003/10/14 16:40:37, 100] lib/util.c:dump_data(1825) [000] 35 00 35 00 6E 00 6D 00 30 00 38 00 64 00 6B 00 5.5.n.m.
Re: [Samba] NET_SAMLOGON issue
On Fri, 2003-10-17 at 03:08, Fabien Chevalier wrote: Hi all, I'm having a little trouble with my Samba setup. :-( I hope some SMB protocol guru will be able to say to me what's going wrong! I must apologize as it's a bit long and heavy in your mailbox, but this is not a trivial issue and i think it requires some explanations to be fully understood. We like e-mails like this. To everybody else on the list: Try to do as good a job as this when preparing your questions! So let's go! Here is my setup: - I use Samba 3.0.1-pre1 as PDC. Domain is called DC-SORRAL. - Domain members are Win2K server and WinXP. - SAM backend is ldapsam_compat. - I can log on as a domain user in both Win2K and WinXP==-Roaming users work Ok. Note: smb.conf is given as attachment So i would say a 'common LDAP Samba 3 setup' is up and running. But now i need to go a bit further. I'm trying to have a third party Windows software (called HummingBird DM - that's a proprietary electronic document management System) to authenticate it's users using the Samba PDC. It's supposed to run with Windows NT4 SP4 or later as domain controller, so... I suppose it should run with Samba 3. (Tell me if i'm wrong :-)). It very much depends what parts of Samba 3.0 it's using. In this case, you hit something that doesn't work, but can easily be made to work. HummmingBird DM uses a domain account which is in our case 'zzAdmin' with password '55nm08dk55nm08dk'. I can log on zzAdmin without issue, but when i tell HummingBird's wizard to use the account 'zzAdmin' the wizard fails and sends back to me a wrong user name / wrong password error. So i turn debugging level to 255, defined DEBUG_PASSWORD in auth_sam.c and recompile the whole, and restart Samba. Then i begin to analyse the log file: (note: full log file is gziped as attachment - chosen parts are given below, as the whole is ~6000 lines long) The full log didn't make it. Can you send it to me personally? --SNIP-- [2003/10/14 16:40:37, 5] rpc_server/srv_pipe.c:api_pipe_request(1454) Requested \PIPE\NETLOGON [2003/10/14 16:40:37, 4] rpc_server/srv_pipe.c:api_rpcTNP(1488) api_rpcTNP: NETLOGON op 0x2 - created /tmp/in_NETLOGON_2.10.prs [2003/10/14 16:40:37, 3] rpc_server/srv_pipe.c:api_rpcTNP(1495) api_rpcTNP: rpc command: NET_SAMLOGON --SNIP-- It seems Hummingbird wants to authenticate itself...good news!! --SNIP-- [2003/10/14 16:40:37, 5] rpc_parse/parse_prs.c:prs_string2(960) 0128 buffer : 5.5.n.m.0.8.d.k.5.5.n.m.0.8.d.k. And here is your password. --SNIP-- HummingBird sends us zzAdmin...seems clever :-) HummingBird sends us a clear text password...quite strangeas the debugging string 'nt_chal_resp' would make us think it is rather a NTLM challenge response. Yes, we would normally expect a challenge-response in that field. --SNIP-- So this is what i thought of. Samba treats the cleartext string an NTLMv2 challenge response...which makes HummingBird fail to authenticate. It took me a few days to find the issue, and to review the 6000+ lines of log, as i was a complete newbie with the SMB protocol. Given that, you have done very well. So i would like now if possible the opinion of more knowledged people about NT internals... as i cannot pursue my analysis any further without external help (I did not find any usefull information on NT RPCS). What i would like to know is: - if my analysis is right It seems so. - if it is a bug in HummingBird DM auth mechanism No, they just call standard MS functions. IMAP on exchange is rumoured to do the same. - if it is a bad assumption in Samba (Is SAM_NETLOGON RPC always using NTLMv2?) Samba has never seen this before. - if it is an unimplemented dark NT feature in Samba ;-) ...and of course if it is fixable. Given we have the plain-text password, it's quite easy to fix. Can I have that full log, and an ethereal trace if possible, by private mail? An idea for a patch is attached. I have not tested it - it's just so you know what I'm looking at. Bonus points if it actually works :-) Andrew Bartlett -- Andrew Bartlett [EMAIL PROTECTED] Manager, Authentication Subsystems, Samba Team [EMAIL PROTECTED] Student Network Administrator, Hawker College [EMAIL PROTECTED] http://samba.org http://build.samba.org http://hawkerc.net signature.asc Description: This is a digitally signed message part -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Updating 2.2.8a to 3.0.0 (LDAP)
Hi, we have Samba 2.2.8a+LDAP 2.0.27 domain controllers running on our Debian servers and I'm preparing the update to Samba 3.0.0. Everything seems to work fine so far, except that I get some error messages that I don't understand. Could someone please explain them to me? Should I wait for the next Samba release before switching to 3.x? The error messages: When a user logs into the domain controlled W2K machine: [2003/10/17 09:00:11, 0] rpc_server/srv_pipe.c:api_pipe_netsec_process(1357) failed to decode PDU [2003/10/17 09:00:11, 0] rpc_server/srv_pipe_hnd.c:process_request_pdu(605) process_request_pdu: failed to do schannel processing. When the user logs out (occurs ~20 times): [2003/10/17 09:01:27, 0] lib/smbldap.c:smbldap_open(799) smbldap_open: cannot access LDAP when not root.. ...followed by this messages (occurs ~20 times): [2003/10/17 09:01:27, 0] passdb/pdb_ldap.c:ldapsam_search_one_group(1612) ldapsam_search_one_group: Problem during the LDAP search: LDAP error: (Insufficient access)smbldap_open: cannot access LDAP when not root.. Thanks for your help! Uwe -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Windows Progamams and Samba PDC
Hi, you should update to samba 3, and make a group mapping from unix root group to domain administrators and local administrators i use this script i.e. #!/bin/bash net groupmap modify ntgroup=Domain Admins unixgroup=root net groupmap modify ntgroup=Domain Users unixgroup=users net groupmap modify ntgroup=Domain Guests unixgroup=nobody net groupmap modify ntgroup=Administrators unixgroup=ntadmin net groupmap modify ntgroup=Users unixgroup=users net groupmap modify ntgroup=Guests unixgroup=nobody net groupmap modify ntgroup=System Operators unixgroup=sys net groupmap modify ntgroup=Account Operators unixgroup=ntadmin net groupmap modify ntgroup=Backup Operators unixgroup=bin net groupmap modify ntgroup=Print Operators unixgroup=lp net groupmap modify ntgroup=Replicators unixgroup=daemon net groupmap modify ntgroup=Power Users unixgroup=sys then this problem is fixed Best Regards - Original Message - From: Rogério Oliveira Naressi [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Monday, September 08, 2003 8:01 PM Subject: RES: [Samba] Windows Progamams and Samba PDC On Mon, 8 Sep 2003 [EMAIL PROTECTED] wrote: Hi Samba users ! we set up a samba PDC with a Domain in our school net. Everything works fine and the W2k Clients are joining the domain. But some Programs are not running from the w2k box. On the lokal Machine we need an administrational account in order to install the windows programs. After I log on into the domain I can´t run the programs - it is said, that I have not the rights to access. You should add the Domain Users group for your domain in the Administrators group on your w2k client. Dear John T. I am with the same problem, as I make to add one user of the domain in the Adminitrators group of my w2k client. I have Samba 2.2.3a-12.3. Thanks Rogério. Rogério Oliveira Naressi - email: [EMAIL PROTECTED] IPEF - Instit. de Pesq. e Est. Florestais - http://www.ipef.br Depto de Ciênc. Florestais-ESALQ/USP - http://lcf.esalq.usp.br -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Windows caching User Information ????
hello i experienced something very strange (for me): i stopped all samba instances on my linux box including ldap-server, because authentication is only done by it but i was still able to login to the domain from a windows xp workstation authentication succeeded (with the right user/password information) i tested it 10 times for different users and even if i switch off the linux box !!! if i typed wrong user/pass information, i was not able to login. of course, all profiles and so on could not be found if i loged in, but the user was authenticated right who could explain it to me plz? thx micha -- Matrix - more than a vision ** Michael Gasch Max Planck Institute for Evolutionary Anthropology Deutscher Platz 6 04103 Leipzig Germany ** -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Updating 2.2.8a to 3.0.0 (LDAP)
On Fri, 2003-10-17 at 17:24, Uwe Laverenz wrote: Hi, we have Samba 2.2.8a+LDAP 2.0.27 domain controllers running on our Debian servers and I'm preparing the update to Samba 3.0.0. Everything seems to work fine so far, except that I get some error messages that I don't understand. Could someone please explain them to me? Should I wait for the next Samba release before switching to 3.x? The error messages: When a user logs into the domain controlled W2K machine: [2003/10/17 09:00:11, 0] rpc_server/srv_pipe.c:api_pipe_netsec_process(1357) failed to decode PDU [2003/10/17 09:00:11, 0] rpc_server/srv_pipe_hnd.c:process_request_pdu(605) process_request_pdu: failed to do schannel processing. These may well be normal - we don't implement the 'schanel' protocol in completely the same way microsoft does, and so we force the client to restart it's authentication each time it connects. I think this is a symptom of that. When the user logs out (occurs ~20 times): [2003/10/17 09:01:27, 0] lib/smbldap.c:smbldap_open(799) smbldap_open: cannot access LDAP when not root.. ...followed by this messages (occurs ~20 times): [2003/10/17 09:01:27, 0] passdb/pdb_ldap.c:ldapsam_search_one_group(1612) ldapsam_search_one_group: Problem during the LDAP search: LDAP error: (Insufficient access)smbldap_open: cannot access LDAP when not root.. These are bugs, you may wish to try 3.0.1pre1, which I think resolves some of these. Thanks for your help! Uwe -- Andrew Bartlett [EMAIL PROTECTED] Manager, Authentication Subsystems, Samba Team [EMAIL PROTECTED] Student Network Administrator, Hawker College [EMAIL PROTECTED] http://samba.org http://build.samba.org http://hawkerc.net signature.asc Description: This is a digitally signed message part -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Windows caching User Information ????
On Fri, 2003-10-17 at 17:32, Michael Gasch wrote: hello but i was still able to login to the domain from a windows xp workstation authentication succeeded (with the right user/password information) i tested it 10 times for different users and even if i switch off the linux box !!! who could explain it to me plz? As you say, windows caches login info. I think system policies can control some of this. Andrew Bartlett -- Andrew Bartlett [EMAIL PROTECTED] Manager, Authentication Subsystems, Samba Team [EMAIL PROTECTED] Student Network Administrator, Hawker College [EMAIL PROTECTED] http://samba.org http://build.samba.org http://hawkerc.net signature.asc Description: This is a digitally signed message part -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] help - Mapping shares asks for passwords...
Hi everybody I have a samba-LDAP server that authenticate all users in my network. It works fine. Thers is no share on this server. here i have samba 2.2.8a I have another samba server that do fileserver only (shares). here, samba 2.2.3a. On my samba-LDAP server i created a machine account for the fileserver. On the file server, i activated the following: domain = MYWORKGROUP netbios name = MYHOSTNAME security = domain password server = IP_OF_PDC encrypt password = yes then i did, smbpasswd -j MYWORKGROUP -r NETBIOSNAME_OF_PDC -U root%password and it joined domain successfully. When all the users get authenticate to the samba-ldap server, a logon script is executed that maps all the shares found in the fileserver to some network drives. My problem is that if my user get authenficate by the ldap server correctly, the filesever asks for password for that user which is very strange because the file server is a member of the domain. Could someone in the big world please help me ... A+ SS __ Do you Yahoo!? The New Yahoo! Shopping - with improved product search http://shopping.yahoo.com -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] winbinb problem related to kerberos.
I've a little stupid problem with winbindd
when I start it I can read in winbind log:
[2003/10/17 10:17:47, 1] nsswitch/winbindd_util.c:add_trusted_domain(149)
Added domain GRANDI_STAZIONI GSTAZIONI.IT
[2003/10/17 10:17:47, 1] libsmb/clikrb5.c:ads_krb5_mk_req(269)
krb5_cc_get_principal failed (No credentials cache found)
[2003/10/17 10:17:47, 0] libads/kerberos.c:ads_kinit_password(133)
kerberos_kinit_password HOST/[EMAIL PROTECTED] failed: Client not found
in Kerberos database
[2003/10/17 10:17:47, 1] nsswitch/winbindd_ads.c:ads_cached_connection(64)
ads_connect for domain GRANDI_STAZIONI failed: Operations error
[2003/10/17 10:17:47, 1] nsswitch/winbindd_util.c:add_trusted_domains(206)
scanning trusted domain list
[2003/10/17 10:17:47, 1] nsswitch/winbindd_util.c:add_trusted_domain(149)
Added domain GSTEST S-1-5-21-602162358-220523388-725345543
[2003/10/17 10:17:47, 1] nsswitch/winbindd_util.c:add_trusted_domains(206)
scanning trusted domain list
from my smb.conf:
[global]
encrypt passwords = Yes
winbind separator = +
winbind cache time = 10
template homedir = /home/%D/%U
template shell = /bin/bash
idmap uid = 1-2
idmap gid = 1-2
winbind uid = 1-2
winbind gid = 1-2
winbind enum users = yes
winbind enum groups = yes
winbind use default domain = yes
workgroup = GRANDI_STAZIONI
server string = norad
security = ads
log file = /var/log/samba/log.%m
max log size = 50
password server = MASTER BDC
realm = GSTAZIONI.IT
passdb backend = tdbsam
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
wins server = 192.168.5.1 192.168.0.1
wins proxy = yes
dns proxy = yes
[public]
comment = none
writeable = yes
public = yes
browseable = yes
path = /home/samba
read only = No
create mask = 0777
directory mask = 0777
guest ok = No
Note that I've successfully created a machine account into the domain with
the command: net ads join -U administrator.
from my krb5.conf:
[libdefaults]
default_realm = GSTAZIONI.IT
default_tgs_enctypes = des3-hmac-sha1 des-cbc-crc des-cbc-md5
default_tkt_enctypes = des3-hmac-sha1 des-cbc-crc des-cbc-md5
permitted_enctypes = des3-hmac-sha1 des-cbc-crc des-cbc-md5
krb4_config = /etc/krb.conf
krb4_realms = /etc/krb.realms
kdc_timesync = 1
ccache_type = 4
forwardable = true
proxiable = true
v4_instance_resolve = false
v4_name_convert = {
host = {
rcmd = host
ftp = ftp
}
plain = {
something = something-else
}
}
[realms]
GSTAZIONI.IT = {
kdc = 192.168.5.1:88
kdc = 192.168.0.1:88
}
[domain_realm]
.gstazioni.it = GSTAZIONI.IT
gstazioni.it = GSTAZIONI.IT
[login]
krb4_convert = true
krb4_get_tickets = true
which thing cause this problem ?
how to solve ?
another problem is that I can list users and group with the net ads users
command, but not with wbinfo, why ?
Thank in advance,
Best regards.
Federico
--
To unsubscribe from this list go to the following URL and read the
instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Updating 2.2.8a to 3.0.0 (LDAP)
Andrew Bartlett schrieb: These may well be normal - we don't implement the 'schanel' protocol in completely the same way microsoft does, and so we force the client to restart it's authentication each time it connects. I think this is a symptom of that. Ok, so that's nothing to worry about... These are bugs, you may wish to try 3.0.1pre1, which I think resolves some of these. I just tried 3.0.1pre1 and it throws the same error messages. But it doesn't seem to have any influences to the Windows-users. Thank you, Uwe -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Samba very, VERY slow ...
Hello ! I've installed serveral servers under Linux in my association with samba on it, without any problem. But, for the latest application we need to use, samba has to share about 800 borland data files. All goes right, but the systeme (P3-800Mhz-256Mo RAM for 8 users) is very, VERY slow (about 40 second to open the application). I've take a look at the system use, even when a client open a session, and : - the processor is use about ... 3% (97%free) !!! - Mem : 23Mo used...233Mo free !!! - average load : about 0,01 !!! I've putlog level = 0, correct wins server adress, socket options = TCP_NODELAY and my share is : [c] comment = Disk C path = /home/c browseable = yes admin users = guest nobody # I know, it's bad ;-)) but requiered by the appli writable = yes public = yes create mode = 777 Any help would be welcome ! Eric MAISONOBE -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Rückruf: [Samba] samba3.0 rpm for SLES7
Knoblauch, Josef möchte die Nachricht [Samba] samba3.0 rpm for SLES7 zurückrufen. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Samba very, VERY slow ...
All goes right, but the systeme (P3-800Mhz-256Mo RAM for 8 users) is very, VERY slow (about 40 second to open the application). Stab in the dark - Could it be because of network bottleneck?? I'm running on a 10MB/s network, it's also slow to load files.. but maybe not as slow as 40seconds. How big are the files? Maybe you can perform a rough estimate of the network transfer speed. (not sure how though) :( Cheers, .^. Mun Heng, Ow/V\ H/M Engineering /( )\ Western Digital M'sia ^^-^^ DID : 03-7870 5168 The Linux Advocate -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Samba very, VERY slow ...
On Fri, 17 Oct 2003, Ow Mun Heng wrote: All goes right, but the systeme (P3-800Mhz-256Mo RAM for 8 users) is very, VERY slow (about 40 second to open the application). Stab in the dark - Could it be because of network bottleneck?? I'm running on a 10MB/s network, it's also slow to load files.. but maybe not as slow as 40seconds. How big are the files? Maybe you can perform a rough estimate of the network transfer speed. (not sure how though) :( I had that on one machine with 2.2.6 (I think) coinsodentally that one was a P3-866-256Mb. Ran fine once it had started and by the time I had time to look into what was happenening I was upgrading the machines to 3.0.0 anyway. (which btw starts very nearly instantly) Cheers, .^. Mun Heng, Ow/V\ H/M Engineering /( )\ Western Digital M'sia ^^-^^ DID : 03-7870 5168 The Linux Advocate -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Error: Cannot find KDC for requested realm
You must authenticate using kinit first, and then net ads join with no arguments. then start winbindd and smb. I've posted extensively about this - search the archives. -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Jonathan Villa wrote: [global] workgroup = OURDOMAIN security = ADS realm = OURDOMAIN.com password server = OURSERVER When I try to join the domain I do the following: ./net ads join -w OURDOMAIN -U administrator and the response is this kerberos_kinit_password [EMAIL PROTECTED] failed: Cannot find KDC for requested realm This is a krb5 lib thing. Either hardcode the KDCs in /etc/krb5.conf or enable DNS SRV lookups in the krb5 libs. Hope this helps. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE: [Samba] RE: SPAM
I have to say I've had a massive increase (like 200 hundred swen.A mails in the last 24 hours) since I (re)joined the samba list. I don't think its a fault of the list, but I'm curious as to why I've had such an increase. I used to get about 1 virussed mail a month before I joined. Its irritating, but it would be naive of me to blame this list. Gavs -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Tool for administrating Samba Users from Win-Clients
hey some of you know the tool nexus, which allows win 9x workstations to administrate an NT PDC i'm looking for a tool like the NT User- and Servermanager for NT based Win Clients for some of our administrators to add/delete users on our _SAMBA_ PDC (e.g. an gui for samba windows based) has anybody seen that? thx micha -- Matrix - more than a vision ** Michael Gasch Max Planck Institute for Evolutionary Anthropology Deutscher Platz 6 04103 Leipzig Germany ** -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Error: Cannot find KDC for requested realm
On Fri, 2003-10-17 at 20:43, Gavin Davenport wrote: You must authenticate using kinit first, and then net ads join with no arguments. then start winbindd and smb. No, this isn't required. If you don't kinit first, 'net' does it for you, using the password is asks for. The issue is exactly as jerry points out - the kerberos libs can't find the KDC, and without that, we can go nowhere. I've posted extensively about this - search the archives. -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Jonathan Villa wrote: [global] workgroup = OURDOMAIN security = ADS realm = OURDOMAIN.com password server = OURSERVER When I try to join the domain I do the following: ./net ads join -w OURDOMAIN -U administrator and the response is this kerberos_kinit_password [EMAIL PROTECTED] failed: Cannot find KDC for requested realm This is a krb5 lib thing. Either hardcode the KDCs in /etc/krb5.conf or enable DNS SRV lookups in the krb5 libs. Hope this helps. -- Andrew Bartlett [EMAIL PROTECTED] Manager, Authentication Subsystems, Samba Team [EMAIL PROTECTED] Student Network Administrator, Hawker College [EMAIL PROTECTED] http://samba.org http://build.samba.org http://hawkerc.net signature.asc Description: This is a digitally signed message part -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Spaem Mails abschalten
Hallo liebe Samba Freunde, Nichts persönlich gegen irgendjemanden hier, aber irgendjemand der meine MailAdresse hat hat einen Virus Namens Worm/Gibe.C.1 . Bitte tut mir einen gefallen. Alle bitte Antivir und Ad-aware installieren. Auch der Betreiber dieser Subscribe Liste, denn der hat auch meine E-Mail Adresse. mfg Markus F. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] samba 3.0 problems with word files and possible other msoffice files
A follow-up on my own message. :-) I tried a few other things yesterday. A problem is also (like another poster said) that I don't see a difference in rights of some directories. With one dir word doesn't save the files and with another it does. So I have 2 directories in problem_share : problem_share|dir/dir1 -- word doesn't save the files (memory or disk space msword error) problem_share|dir/dir2 -- word saves without problem both dirs have the same rights. Now I tried this : - enabled all oplocks problem_share|dir/dir1 -- word saves the file ! but takes a long time to finalize (it looks like word has crashed but returns after approx 30s a 1min) problem_share|dir/dir2 -- word saves without problem (no delays) Finally I tried this : - enabled all oplocks and copied the files to a new directory Till now I heard no problems. Let's see how it behaves today and next week. The disk config is 4 disks in raid 5 with raid ctrl. I described the problem with 1 problem dir but there were also other directories with problems. Christian -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Migrating /etc/shadow passwords to LDAP
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Date: Thu, 16 Oct 2003 12:25:48 +0200 (CEST) From: Dani Pardo [EMAIL PROTECTED] Subject: [Samba] Migrating /etc/shadow passwords to LDAP To: [EMAIL PROTECTED] Message-ID: [EMAIL PROTECTED] Content-Type: TEXT/PLAIN; charset=US-ASCII Hi!. Since now, I was using a Workgroup with samba 2.2, and samba was using /etc/passwd for user accounts (plain text passwords). Now I'm migrating to LDAP, and I'm looking for a way to migrate the passwords without every user typing the password again.. It seems that idealix's scripts (smbldap-migrate-accounts.pl) will migrate from a previous NT based PDC.. but it's not my case. Any suggestion? Thanks! If you're running samba-2.2.x compiled with LDAP support, you probably want to read this article: http://www.mandrakesecure.net/en/docs/samba-pdc.php The next article (http://www.mandrakesecure.net/en/docs/samba-ldap-advanced.php) also has some tricks to make life easier, so read it before you start ... Regards, Buchan - -- |--Another happy Mandrake Club member--| Buchan MilneMechanical Engineer, Network Manager Cellphone * Work+27 82 472 2231 * +27 21 8828820x202 Stellenbosch Automotive Engineering http://www.cae.co.za GPG Key http://ranger.dnsalias.com/bgmilne.asc 1024D/60D204A7 2919 E232 5610 A038 87B1 72D6 AC92 BA50 60D2 04A7 -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.2 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQE/j9earJK6UGDSBKcRAsVKAKCX/OnZi2SQCCTyKSKNaplxQeP+aACbBciC jnfJO1M5T67Giff+lUjy838= =05bW -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Problems with Trust Relationship
Hey All, I'm having problems with a Trust relationship between our Win 2002 PDC and our Samba PDC. Here are the details: (names have been changed to protect the innocent...!) Win 2002 PDC: WINPDC, IP 1.2.3.4 Client in Windows Domain: CLIENT Samba PDC in Domain TEST: SMBPDC I use Start - Run - \\SMBPDC on a machine in our Windows 2000 Domain and got an error saying \\SMBPDC, A device attached to the system is not functioning. The following is a debug level 3 output from the smbd log on our Samba server in the Test Domain: [2003/10/17 12:54:03, 3] smbd/uid.c:push_conn_ctx(287) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2003/10/17 12:54:03, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2003/10/17 12:54:03, 3] smbd/sec_ctx.c:pop_sec_ctx(386) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2003/10/17 12:54:03, 3] libsmb/namequery_dc.c:rpc_dc_name(147) rpc_dc_name: Returning DC WINPDC (1.2.3.4) for domain HOLLAND [2003/10/17 12:54:03, 3] libsmb/cliconnect.c:cli_start_connection(1290) Connecting to host=WINPDC [2003/10/17 12:54:03, 3] lib/util_sock.c:open_socket_out(690) Connecting to 1.2.3.4 at port 445 [2003/10/17 12:54:03, 3] rpc_client/cli_pipe.c:rpc_api_pipe(457) Bind NACK received on pipe c000! [2003/10/17 12:54:03, 2] rpc_client/cli_pipe.c:cli_nt_establish_netlogon(1578) rpc bind to \PIPE\NETLOGON failed [2003/10/17 12:54:03, 0] auth/auth_domain.c:connect_to_domain_password_server(115) connect_to_domain_password_server: unable to setup the NETLOGON credentials to machine WINPDC. Error was : NT_STATUS_UNSUCCESSFUL. [2003/10/17 12:54:03, 3] libsmb/cliconnect.c:cli_start_connection(1290) Connecting to host=WINPDC [2003/10/17 12:54:03, 3] lib/util_sock.c:open_socket_out(690) Connecting to 1.2.3.4 at port 445 [2003/10/17 12:54:03, 3] rpc_client/cli_pipe.c:rpc_api_pipe(457) Bind NACK received on pipe c00d! [2003/10/17 12:54:03, 2] rpc_client/cli_pipe.c:cli_nt_establish_netlogon(1578) rpc bind to \PIPE\NETLOGON failed [2003/10/17 12:54:03, 0] auth/auth_domain.c:connect_to_domain_password_server(115) connect_to_domain_password_server: unable to setup the NETLOGON credentials to machine WINPDC. Error was : NT_STATUS_UNSUCCESSFUL. [2003/10/17 12:54:03, 3] libsmb/cliconnect.c:cli_start_connection(1290) Connecting to host=WINPDC [2003/10/17 12:54:03, 3] lib/util_sock.c:open_socket_out(690) Connecting to 1.2.3.4 at port 445 [2003/10/17 12:54:03, 3] rpc_client/cli_pipe.c:rpc_api_pipe(457) Bind NACK received on pipe 3! [2003/10/17 12:54:03, 2] rpc_client/cli_pipe.c:cli_nt_establish_netlogon(1578) rpc bind to \PIPE\NETLOGON failed [2003/10/17 12:54:03, 0] auth/auth_domain.c:connect_to_domain_password_server(115) connect_to_domain_password_server: unable to setup the NETLOGON credentials to machine WINPDC. Error was : NT_STATUS_UNSUCCESSFUL. [2003/10/17 12:54:04, 0] auth/auth_domain.c:domain_client_validate(167) domain_client_validate: Domain password server not available. [2003/10/17 12:54:04, 2] auth/auth.c:check_ntlm_password(309) check_ntlm_password: Authentication for user [pquinney] - [pquinney] FAILED with error NT_STATUS_UNSUCCESSFUL [2003/10/17 12:54:04, 3] smbd/process.c:timeout_processing(1099) timeout_processing: End of file from client (client has disconnected). If I try and add a user in the Samba domain to the list of users on the permissions for a share on the Windows PDC I get the same A device attached to the system is not functioning. Can anyone help? Thanks, Phil. - Email provided by http://www.ntlhome.com/ -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Correct behavior for home drives?????
Hello all, In getting ready to roll out samba 3, I came across some behavior that may or may not be a bug. My clients are mixed win98 / winxp. Roaming is enabled as we frequently have interns that do not have a dedicated computer. When an intern logs into an xp machine and saves a file to their home drive (H:), and then has to log into a 98 machine, everything is fine, the file is accessable. The problem shows up when the intern goes back to an xp machine. The file saved on H: is no longer accessable as their home drive mapping has changed. The first time the intern logs on to the xp machine the home drive is mapped to \\samba3\intern. When the intern logs into the 98 box the home drive is mapped to \\samba3\intern. When the intern logs back into an xp box the home drive gets mapped to \\samba3\intern\.profile. This is by no means a show stopper for me as I can simply work around it by dropping the '.profile' from the 'logon home' option, I was just wondering if this was normal behavior? Pertinent part of the smb.conf [global] netbios name = samba3 server string = TestPDC workgroup = wrkgrp os level = 99 preferred master = yes domain master = yes local master = yes security = user encrypt passwords = yes interfaces = 192.168.0.5/24 hosts allow = 192.168.0. 127.0.0. add machine script = /usr/sbin/useradd -d /dev/null -g 103 -s /bin/ false %u'$' domain logons = yes logon path = \\%N\profiles\/%U logon drive = H: logon home = \\%N\%U\.profile logon script = scripts\%U.bat -= Jesse =- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] WinXP SP2: problem loggint into domain
I have applied the registry patch: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\netlogon\ parameters RequireSignOrSeal=dword: Fine add my machine to the domain (Samba 2.2.8-3.0.0). When I reboot machine and login to the domain from a Windows XP Professional SP2 I get the following message: Windows cannon connect to the domain, either because the domain controller is down or otherwise unavailable, or because your computer account was not found. Help me. Victor. [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] 'Last Change Time' generation for smbpasswd
In the docs it is noted that the Last Change Time in smbpasswd is: This field consists of the time the account was last modified. It consists of the characters 'LCT-' (standing for Last Change Time) followed by a numeric encoding of the UNIX time in seconds since the epoch (1970) that the last change was made. What is the numeric encoding used? I'd like to be able to generate this apart from using smbpasswd. I google'd a bit for this but didn't turn up much other then links pointing back to the docs. Thanks -Bill - This mail sent through IMP: http://horde.org/imp/ -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] If you install Samba via an rpm how do you tell what options are compiled in?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Douglas Phillipson wrote: | I think I need with-acl-support in Samba 3.0.1 but am | unsuer if it is compiled in. How would I be able to tell | if installed via RPM? smbd -b cheers, jerry ~ -- ~ Hewlett-Packard- http://www.hp.com ~ SAMBA Team -- http://www.samba.org ~ GnuPG Key http://www.plainjoe.org/gpg_public.asc ~ You can never go home again, Oatman, but I guess you can shop there. ~--John Cusack - Grosse Point Blank (1997) -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.1 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQE/j+00IR7qMdg1EfYRAjfAAKCZ2EqyncYyGF5QwQbaJVpQc5RXhQCffsWk Z0xkpSWX4LdVZHsDwfnpjVs= =6pkP -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] list all current active workstations?
Hi folks, i'm searching for a easy-going way to list all active workstations in the domain. Does anyone know how i can handle this problem? thx, livius -- May the force be with you GPG-Key: 0xED67BD7B Your next PC will be controlled by Bill Gates: www.notcpa.org -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] list all current active workstations?
If they all have machine accounts use the Server Manager tool from NT4 and they will have a blue icon rather than a greyed out one. Phil. Hi folks, i'm searching for a easy-going way to list all active workstations in the domain. Does anyone know how i can handle this problem? thx, livius -- May the force be with you GPG-Key: 0xED67BD7B Your next PC will be controlled by Bill Gates: www.notcpa.org -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Samba 2.2.8a --with-pam Solaris PAM_LDAP
Hi All, I was wondering if anybody has had similar issues? 1. Why will the --with-pam option work when only encrypt passwords = no in the smb.conf file? 2. Is their a way to set encrypt passwords = yes in the smb.conf and still use the --with-pam option? I'm running Samba 2.2.8a with the following ./configure... ./configure --prefix=/opt/samba \ --with-configdir=/opt/samba/etc \ --with-privatedir=/opt/samba/etc/private \ --with-lockdir=/opt/samba/var/locks \ --with-piddir=/opt/samba/var/locks \ --with-logfilebase=/opt/samba/var/log \ --without-readline \ --enable-shared=yes \ --enable-static=no \ --with-acl-support \ --without-winbind \ --with-pam My goal is to have a Windows 2000 Professional workstation login to a domain based environment to utilize roaming profiles. From what I can digest, it seems the Windows 2000 Professional only works when encrypt passwords = yes in the smb.conf file. When connecting to a Samba server using a Mac OS X client just for testing purposes, with encrypt passwords = no and --with-pam enabled... a test user can authenticate against the Samba Server via PAM then PAM_LDAP with great success :) In the worst case, I would really appreciate it if you could direct me to where I could modify any piece of the samba code to allow pam even with encrypt passwords = yes? BTW, the Samba team has really made great software! -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Errors till I do wbinfo -t
Hello, I have set up samba-3.0.0 on a rh9.0 box. I am using it to authenticate users for squid 2.5. No problems, all works well. The samba server join the windows 2000 native domain as an ADS member. The only thing is, in /var/log/messages I have this : oct 17 16:03:50 prx-test winbindd[914]: cli_nt_session_open: cli_nt_create failed on pipe \NETLOGON to machine XDMCS03. Error was NT_STATUS_PIPE_NOT_AVAILABLE several times, till I enter the command wbinfo -t two times. The first time I get : [EMAIL PROTECTED] root]# wbinfo -t checking the trust secret via RPC calls failed error code was NT_STATUS_PIPE_NOT_AVAILABLE (0xc0ac) And the second time : [EMAIL PROTECTED] root]# wbinfo -t checking the trust secret via RPC calls succeeded After that, no more messages from winbind in /var/log/messages. As anyone an idea? Thx in advance. Pierre-Emmanuel -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] The Official Samba 3 How-To and Reference Guide
I pre-ordered the book from Amazon and their shipping estimate was October 6, 2003. It hasn't shipped yet. Any idea when it'll be ready to go? Dan -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] rpcclient-style call for windows messenger service (WinPopup)?
Can Samba be used to generated WinPopUp RPC calls on TCP port 135? I am familiar with using the smbclient -M command to send messages using the Win Popup protocol, otherwise known as Windows Messenger Service, or what a Microsoft user does from a DOS prompt as a net send command. WinPopup can be generated either via Microsoft file sharing protocols, using the smbclient -M method in Samba, or it can be generated with a Microsoft RPC call (through TCP port 135). In Samba, I would think that this can be done with rpcclient. However, I have not been able to figure out how to do it. Can anyone tell me how to construct an rpcclient request that mimics the net send command using Microsoft's RPC? From packet traces, the net send command issues RPC calls across the network to TCP port 135. I am working on a UNIX based script that will detect when a Microsoft OS has some virus/worm then and using Windows Messenger Service via Samba to notify the user that the system has been compromised. Unfortunately, the smbclient -M method requires that the recipient have Microsoft file sharing enabled (via ports 139, 445, and/or others) -- and that is not always the case. However, unless the user has disabled Messenger Service and/or RPC, I would think that using rpcclient to generate a message via the RPC service on TCP port 135 should work (I just don't know how to do that). Thanks. Clarke Morledge College of William and Mary Information Technology - Network Engineering Jones Hall (Room 18) Williamsburg VA 23187 -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Re: higher ascii characaters in smbusers, success!
Hi, Am Tue, 14 Oct 2003 09:19:26 -0400 hat Erik Soderquist [EMAIL PROTECTED] geschrieben: Space is up front, first character, and I'm not permitted to change it :( Too bad. Did you check the bugs section in the man page for your version of smbmount, if this limitation still applies? Maybe you can pass the password in the environment variable as suggested. These are my current versions. I don't know how to check the version of smbfs, but though it was part of the samba package. Yes, you're right. My bad. In this context samba always seems to mean client and server. I had remembered otherwise, maybe incorrectly maybe efforts have been joined since. # uname -a Linux mcitylinux 2.4.20-8smp #1 SMP Thu Mar 13 17:45:54 EST 2003 i686 i686 i386 GNU/Linux # smbd -V Version 2.2.7a [snip] Regards, Torge -- Using M2, Opera's revolutionary e-mail client: http://www.opera.com/m2/ -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Using Samba 3.0.0 with NIS+
Is NIS+ still a valid option for Samba authentication in 3.0? In some of the 2001 mailing lists: http://marc.theaimsgroup.com/?l=samba-technicalm=99897903907577w=2, they state that it will not be supported. Do this directions still apply? http://marc.theaimsgroup.com/?l=sambam=99802402319667w=2 I am working on migrating to OpenLDAP, but I need something in place in the meantime. Sending passwords in the clear is an option, but we prefer not to rely on the NT domain for reliability and security is a big factor in authenicating off the NT side. Thank you, Wendy -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Suggestions for argument for Samba over Windows 2003?
Hi I'm currently running a RedHat 9 (which means Samba 2.2.7) on a DELL server. The hardware should be fine to handle the load for the whole school, which comprises about 200 - 250 users. (This server is currently controlling the Samba domain for one of the former schools). So, anyway, from my reading of the doco so far, it would seem that we could integrate the Unix box one of two ways: . Upgrade it to Samba 3, and have it join the Win 2003 domain. Since the only access we're supporting into the box is SMB, we don't need to worry about setting or syncing the Unix password. I still need some way to create the underlying unix account though, preferably with consistent, rather than randomly assigned uids/gids. I could use normal Unix commands to manually create the Unix accounts, but since I have previously set up an OpenLDAP box and made accounts on it for everyone, I could probably homebrew some sort of web-based makeuser script, and point NSS at it. . leave it on Samba 2.2.7, leave it off the whole domain thingo, set security=server and point the password server at one of the AD boxes, and touch wood. Even if we don't have 2 passwords and password syncing, we still have a small issue of having 2 sets of accounts, and needing to create/delete accounts in 2 places. If you were living in northern Germany, I would invite you to come to my site, so we could discuss that with a working setup at hands. I am running at this school a setup with a PDC (1GHz HP, 1GB RAM) and a BDC (similar, but P4) with a user base of about 7000. Only about 1500 are active users, as user-accounts are created by a perl script, 40 accounts per class. Every user has of course his/her own homedirectory and as far as I know, all users are more satisfied with this network as they were before (Netware, W2k Advanced Server). We had a license of w2k advanced server and I am glad that I never gave it a try, though I never had set up a samba-PDC before (I just told them it was no problem :-)) I am just about to switch completely to samba3.0.1pre1 (I know it's not for productive, but we don't produce here anything ;-) ) and it seems to be worth it for the smaller load concerning ldap. The CPU-load wasn't a problem, but I always had to have an eye on it, sometimes it was at 100%, as many users log in at the same moment in school-environments. In my Opinion masses of accounts are better handled by some scripts than by GUI and I find it easier to write those scripts on unix. Further more, OpenLDAP is better documented and more standard-conformant, its easier to extend it with my own schemas (For problem-reporting and management, login-script storage) plus standard schemas for mail-routing. Difficulties with samba will occour, but they do as well with Windows whatsoever, be it 2000, XP or 2003. Actually, few people here know that the servers are running Linux/Samba... Sincerely, Malte Müller -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] netbios and samba
Hi all Bear with me on this one... We have a problem connecting to a specific port via Oracle TNSPING There are two PC's in our office that are on the same network as the server (i.e. my desktop PC can not get to the server) The server has multiple network interfaces, the primary is a gigabit fibre card on IP xx.16. The secondary is a megabit card on IP xx.80 The tnsping command fails when run against the hostname. But when run against the IP address xx.16 it works When run against the IP address xx.80 it fails again. From the client PC's 'ping -a xx.16' returns hostname HC_LIVE 'ping -a xx.80' returns hostname HC_LIVE Both commands get a good responce. xx.16 is the primary IP address on the server. There is no DNS server on either the client PC's or the server. I have been lead to believe that the case of the servername (HC_LIVE) is important as it shows that the names are being passed by Netbios as opposed to DNS. - Is this correct? Assuming so, I had a look at the netstat from the server an extract from netstat -A is shown below: f189c3e25600 udp4 0 0 hc_live.sing.netbi *.* f189c3e25400 udp4 0 0 10.70.0.80.netbios *.* f189c3e25300 udp4 0 0 hc_live.sing.netbi *.* f189c459c900 udp4 0 0 10.70.0.80.netbios *.* f189c6bbd800 udp4 0 0 loopback.57393 *.* f189c609d000 udp4 0 0 loopback.57456 *.* f189c3a31d00 udp4 0 0 loopback.48500 *.* This looks as though netbios has associated itself with the xx.80 address. - Is this correct? Why does the command not get access to the port it requires when the xx.80 address on the server is used? How do I associate the netbios name HC_LIVE with the xx.80 address - stop/start the nmb, reboot...? (this is a live box so any change with out a reboot would be nice.) Do you need any more information? All comments welcome! Best regards, Ian -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Samba 3.0, Red Hat 9, and Kerberos issues with Windows Server 2003
OK, I've put together a quick-and-dirty fix to make a Red Hat 9/Samba 3 box talk to a Windows 2k3 box. This works for me, and it's not too terribly ugly: Download the SRPMS for Krb5 1.3.1 for the newest Red Hat beta, Severn. You'll also need the SRPMS for e2fsprogs. Build e2fsprogs and update your system. Build Krb5 1.3.1. Uninstall all Krb5 components (server, workstation, debug, devel) except krb5-libs-1.2.7-14 (openssl dependency) Install new krb5 components. You should end up with all krb5 components (don't really need debug) at 1.3.1, with an additional copy of krb5-libs-1.2.7-14. Download Samba 3.0.1pre1 SRPM. rpm -v samba-3.0.1pre1.src.rpm Edit /usr/src/redhat/SPECS/samba3.spec In the CFLAGS settings, add --with-krb5=/usr/lib rpmbuild -bb samba3.spec Go to /usr/src/redhat/RPMS/i386 Install the Samba 3.0.1pre1 RPM there. kinit username password smbclient -k //yourwin2k3box/c$ And you're done. It's not pretty, and it may not be the best idea for a crucial system, but it does work (the builds don't even complain about too many problems!) Any suggestions/improvements would be appreciated. Terry -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Using Samba 3.0.0 with NIS+
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 [EMAIL PROTECTED] wrote: | Is NIS+ still a valid option for Samba authentication in 3.0? In | some of the 2001 mailing lists: | I am working on migrating to OpenLDAP, but I need something in | place in the meantime. Sending passwords in the clear is an | option, but we prefer not to rely on the NT domain for reliability | and security is a big factor in authenicating off the NT side. only the NIS+ passdb module was removed. Clear text authenticiation will still function. cheers, jerry ~ -- ~ Hewlett-Packard- http://www.hp.com ~ SAMBA Team -- http://www.samba.org ~ GnuPG Key http://www.plainjoe.org/gpg_public.asc ~ You can never go home again, Oatman, but I guess you can shop there. ~--John Cusack - Grosse Point Blank (1997) -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.1 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQE/kBmCIR7qMdg1EfYRAu7nAJ9PPu+QzPc5ibDErLhzJpSiB0uoNgCeKhfH /SrkuF2z32FQmyD+JVtj9Bw= =aQrA -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] exchange server and amba 3 integration
Hi, The decision has been made to use Exchange 2K server despite my efforts in suggesting Cyrus Imap with Sendmail. Has any one used or have suggestions on using an Exchange 2K Mail server with Samba 3 as the only PDC? My ?s; 1) Is the 2K Exchange Server integration as simple as having a 2K machine joining a Samba PDC? 2) I use smbpasswd as a backend as I am migrating from 2.2.7a but should I use a different passwd backend like tdsam or ldapsam too make this integration easier? 3) I don't have ldap yet but what are the issues in migrating from tdsam to ldapsam? Any feedback is greatly appreciated, Bri- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] shared files not locked - samba culprit or clients?
On Fri, Oct 17, 2003 at 06:10:35PM +0200, Tom Lazar wrote: hello, i have a question concerning the locking feature of samba (both 2.2.8 and 3.0.0) that i haven't found answered in the documentation. at this point i am not sure, whether it's a bug in samba, the client applications or simply a misunderstanding of the locking feature itself on my part - at any rate it's a pressing problem, as my clients are losing both their data as well as their faith in the server! This was a bug in 3.0.0, has been fixed in the 3.0.1 CVS tree and in the 3.0.1 pre release. I posted the patch on this list, sorry for the problem. If you can't find it in the archives (look for read only Excel file) mail me and I'll look it up. Jeremy. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Quick question... Is this a bad idea?
This would give full root access through samba, but is this a dumb idea? [root] comment = ROOT path = / read only = yes browsable = no valid users = DATANAT.COM+BAW force user = root Thanks! -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Samba compiled with LDAP support?
Are the 2.2.8a Debian Samba packaes provided by the Samba team compiled with LDAP support? I figured they would be, but when I try to configure a LDAP option in smb.conf, I get an error in log.smbd like this: [2003/10/17 11:58:12, 0] param/loadparm.c:map_parameter(2093) Unknown parameter encountered: ldap server To me, that looks like LDAP support was not compiled into the binary. Is that so? Rob -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] nobody logon but guest ok = no
I have an annoying problem with my new (and first) SAMBA PDC deployment. Valid users are being connected to the root directory / of my server as nobody. The only way you can discover the user is to troll the log file. Here is my config file as pertains to users: [global] - encrypt passwords=yes ; wins support=yes ; security=user ; domain logons=yes ; oplocks=no ; level2oplocks=no ; logon path=\\%L\profiles\%u\%m ; logon script=logon.bat ; logon drive=S: ; logon home=\\%L\%u\.win_profile\%m ; invalid users = nobody root bin daemon adm sync shutdown ; add user script=/usr/sbin/useradd -d /dev/nu.. -g 100 -s /bin/false -M %u ; log file = /etc/samba/smblog-%m.txt ; log level=2 [netlogon] - path=/usr/local/samba/lib/netlogon ; writable=no ; browsable=no [profiles] - path=/ovs/samba-ntprof ; writable=yes ; browsable=no ; create mask = 0600 ; directory mask = 0700 [homes] - read only=no ; browsable=no ; guest ok=no ; map archive = yes Here is my logon.bat: net use s: /home ; net time \\cap file:///\\cap /set /yes Here is a slice of the log when the user gets mapped to nobody: [2003/10/14 14:22:34, 2] smbd/reply.c:reply_sesssetup_and_X(1007) Defaulting to Lanman password for lgroos [2003/10/14 14:22:34, 1] smbd/service.c:make_connection(636) a18 (192.168.1.48) connect to service netlogon as user lgroos (uid=517, gid=700) (pid 3331) -- then there is the common exchange between the logon.bat file - 5 groups of open_file(246) and close_normal_file(229) groupings every thing is fine at this point and then, for no reason I understand (being a SAMBA newbie) I get this: -- [2003/10/14 14:22:35, 1] smbd/service.c:make_connection(636) a18 (192.168.1.48) connect to service nobody as user lgroos (uid=517, gid=700) (pid 3331) and the logon.bat file gets opened and closed. I've dug around and can not find out what is going on. I have just added nobody to my invalid users list as a final attempt to stop this behavior. To my knowledge the clients are not logging out to cause this to happen. These are all Win98 clients. I have yet to implement policies, but the computers had policies at one point. They do not now. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Suggestions for argument for Samba over Windows 2003?
On Friday 17 October 2003 00:32, Andy Jones wrote: We then worked out what services were running and deliberated on where to run them in the new merged systems. As it turned out, the decision was to go for Windows Server 2003 for email, printing, virus scanning and so on. However Web, Web Proxy, DHCP, DNS etc will continue to live on Unix. First a disclaimer - although I've set up many Windows PDC's/Exchange Servers, etc. and now several Samba PDC installations they have all been for small businesses. Only one of the clients was sizeable enough to install a BDC. With a Windows AD and also Exchange (you didn't specify which email server app) you may as well hand over the DNS, and possibly the DHCP, reigns over to the Windows guys as well as I believe (maybe wrongly so) that although you can allow dynamic updates from the clients they will not be secure. Plus you have to screw with all of those _ service zones. Maybe I'm all wet and it all works OK (I would like that to be the case), but I think there's a possible trap in the current assignment division. Unless the plan is Exchange with Outlook for the groupware capabilities it would be much more preferable to put the email on the nix boxes. However the new domain will be one controlled by AD, the IT guys from the other School aren't Unix-skilled, and so I need to produce sound technical arguments for keeping Samba, not just my personal preference based on what is familiar/known... The dangers of monoculture might be brought up. If something did take out every Windows box you could still get some work done with the nix boxes. With every system/user getting authenticated by the AD there would be no cost savings from a CAL viewpoint. Reasons FOR moving the home dirs to Windows 2003 are largely the same ones which got it decided upon in the first place. ie. stability; reliability; complete integration with AD; only one password source and so a single password across servers; This would not be affected if you used winbind on the Samba box. that it is adminnable by any IT support staff, not just Unix guys; Are the Windows boxes adminable by any IT support staff, not just the Windows guys? that it is an officially supported product. Maybe it's just my experience but I've been on the horn to Redmond a few times and when you really have a Windows problem Google is a much better friend than Microsoft. So, anyway, from my reading of the doco so far, it would seem that we could integrate the Unix box one of two ways: . Upgrade it to Samba 3, and have it join the Win 2003 domain. Since the only access we're supporting into the box is SMB, we don't need to worry about setting or syncing the Unix password. Gets my vote. I still need some way to create the underlying unix account though, preferably with consistent, rather than randomly assigned uids/gids. Doesn't Winbind handle all of this? If you got the email task with Cyrus then you may need to manually set up the Cyrus accounts. . leave it on Samba 2.2.7, leave it off the whole domain thingo, set security=server and point the password server at one of the AD boxes, and touch wood. Doesn't sound pretty. -- Chris Do not reply to the email address. Please use the contact page below for any desired direct replies. Apologies for the inconvenience. realcomputerguy dot com slash contact dot html -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] exchange server and amba 3 integration
On Friday 17 October 2003 12:19, [EMAIL PROTECTED] wrote: Has any one used or have suggestions on using an Exchange 2K Mail server with Samba 3 as the only PDC? I think that Exchange 2k requires AD. -- Chris Do not reply to the email address. Please use the contact page below for any desired direct replies. Apologies for the inconvenience. realcomputerguy dot com slash contact dot html -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: Samba 3.0.1pre1 available for download
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Albert Chin wrote: | On Fri, Oct 10, 2003 at 04:48:13PM -0500, Gerald (Jerry) Carter wrote: | |This is a preview release of the Samba 3.0.1 code |base and is provided for testing only. This release |is *not* intended for production servers. Use at |your own risk. There have been several bug fixes |since 3.0.0 that we feel are important to make |available to the Samba community for wider testing. | | | Is there an ETA for 3.0.1? 4 weeks maybe? Just a guess. cheers, jerry -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.1 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQE/j+16IR7qMdg1EfYRApcuAKDCcKv+Io0AutkxSIXpUvNQmp0UQQCgnREy C7ttyeHK8UsJyF3ZhubclMM= =kF88 -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] smbmount
Hello, This might be the wrong list, but I figured I'd give it a shot b/c it deals with smbmount. I have been mounting Windows shares via smbmount and recently moved those mounts to automount. I set them up in /etc/auto.misc and they mount ok sometimes, yet most of the time the atomount hangs. First here is a listing of my windows mounts in /etc/auto.misc: #/etc/auto.misc # towelie -rw,soft,acdirmin=3 mrhankey:/home/towelie epicrap -fstype=smbfs,username=withheld,password=withheld ://NTServer/epicor I've tried with ipaddress and names and have the same results with each. When I hang is if I just cd /misc/epicrap or if I ls -l /misc/epicrap I can then break out with a [Ctrl]+[C] and retry, and it works. I do the same with my nfs shares and they work right away each time (IE: ls -l /misc/towelie shows me a listing each time). I realize thats probably b/c its nfs to another *nix server. Just wondering if anyone knows about any tweaks for me to try. I have tried adding the following to my smbmount statement in /etc/auto.misc: rsize=8192,wsize=8192,soft,timeo=1,retry=y but still have the same results. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] [Fwd: Apache auth failing for Active Directory group members]
I sent this message to the list yesterday, but I believe it was before I had fully joined the list...so I'm not sure if it got through. My apologies if this is a repeat. On my web server, I have a .htaccess file set up to restrict access to a folder for specific Active Directory users. The Active Directory domain is imaginatively called AD. Using 'require user ad\brian.cochrane' in .htaccess works great. 'require group ad\domain users' also works. However, 'require group ad\_it' does not work. The user brian.cochrane is a member of both the Domain Users and _IT groups. With .htaccess configured to only allow ad\_IT group members, attempting to access the secured directory as ad\brian.cochrane fails. After 3 attemps I get the usual Authorization Required page from Apache. Nothing regarding the failure is logged by Apache or winbindd. However, /var/log/auth.log shows pam_winbind[4145]: user 'ad\brian.cochrane' granted access. The winbind/samba configuration is otherwise working great. I can restrict access to unix files and directories for specific Active Directory users and groups. I have noticed that the usernames used by Apache's basic authentication mechanism are case sensitive (even though winbind's AD to unix user/group mapping does not appear to be), so I've tried various permutations of case in the .htaccess file and when supplying my credentials. Thinking the leading underscores in the group names were causing a problem, I also added the brian.cochrane user to another AD group called test, but the results were the same. So far, no luck. I have included software version and configuration details below. If there is more information I can provide, I'd be happy to. I am reluctant to upgrade to Debian/testing to see if a newer version of samba, winbind, or the Apache auth_pam module fixes the problem, as this is a production server and downtime is an issue. Has anyone else had this problem? Any known solutions? Any information you can provide is greatly appreciated. Thank you, Brian Cochrane software version details -- OS: Linux 2.4.18 distribution: Debian 3.0/stable samba/winbind package: 2.2.3a-12.3 libapache-mod-auth-pam package: 1.0a-7 winbind config in /etc/samba/smb.conf -- #winbind separator = + winbind uid = 1-2 winbind gid = 1-2 winbind enum users = yes winbind enum groups = yes /etc/pam.d/httpd -- auth required /lib/security/pam_winbind.so accountrequired /lib/security/pam_winbind.so .htaccess -- AuthPAM_Enabled On AuthPAM_FallThrough Off AuthAuthoritative Off AuthType Basic AuthName test #require group ad\_it require user ad\brian.cochrane -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] implementing ldap and samba
Mr, You can find many good hints to this from the following: http://us1.samba.org/samba/docs/Samba-HOWTO-Collection.pdf You should look at chapter 10. - John T. On Tue, 14 Oct 2003, Mr eric salayon wrote: gurus, i want to implement ldap authentication server and also a samba server, but in different computer. Is it possible? How should go with this? tnx in advance! eric __ Do you Yahoo!? The New Yahoo! Shopping - with improved product search http://shopping.yahoo.com -- John H Terpstra Email: [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] samba-3.0.0/source/ 1GB+ after compiling
Hello,
I am running solaris 7 on a sparcstation 5. We want to test out the pdc
capablities on this test machine before we deploy this on our network. I
installed gcc version 3.2.2. untared the source and did
./configure ; make
everything seemed to go fine, but the source dir is over a gig in size
now. I did make install, and ran out of disk space. this is what it was
trying to install, these binaries are all between 20 and 57 MB. This can't
be right? can it?
{SUPERUSER}-builder:/usr/local/samba/bin-89 ls -la
total 451624
drwxrwxr-x 2 root other512 Oct 17 08:48 .
drwxrwxr-x 10 root other512 Oct 17 08:51 ..
-rwxr-xr-x 1 root other 4522 Oct 17 08:48 findsmb
-rwxr-xr-x 1 root other57557216 Oct 17 08:44 net
-rwxr-xr-x 1 root other 418864 Oct 17 08:48 profiles
-rwxr-xr-x 1 root other36132828 Oct 17 08:43 smbclient
-rwxr-xr-x 1 root other26744244 Oct 17 08:46 smbcontrol
-rwxr-xr-x 1 root other3452 Oct 17 08:44 smbspool
-rwxr-xr-x 1 root other26121616 Oct 17 08:46 smbstatus
-rwxr-xr-x 1 root other 4899 Oct 17 08:48 smbtar
-rwxr-xr-x 1 root other 689392 Oct 17 08:46 tdbbackup
-rwxr-xr-x 1 root other24540384 Oct 17 08:45 testparm
-rwxr-xr-x 1 root other23756052 Oct 17 08:45 testprns
Thanks for your help,
Alex
--
To unsubscribe from this list go to the following URL and read the
instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Edirectory and Samba - Call for Documentation
Would the kind soul who has Samba working against eDirectory please email me off-list with the steps (details please) of how you made it work. I would like to add this to the Samba-HOWTO-Collection. Cheers, John T. On Wed, 15 Oct 2003, Troy.A Johnson wrote: I am also interesting in good docs on this... anyone got any? Is it in the grand howto? :-) Troy Joe Stuart [EMAIL PROTECTED] 10/15/03 08:27AM I was wondering if anyone has gotten samba to authenticate to Edirectory? If so is there any good docs anywhere online on how to do it? I've done some searching, but can't seem to find a whole lot. Thanks -- John H Terpstra Email: [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Some simple (I hope) questions
On Tue, 14 Oct 2003, Joshua Tarplin wrote: I'm new to Samba, and I have a few minor questions for which I need answers before I start this grandiose adventure in connectivity. I current have a small home network, consisting of: (1) Mandrake Linux 9.1 workstation (1) Windows 2000 Pro workstation (1) Windows XP Pro file/print server (1) LinkSys 4-port (ethernet) router My goal is to be able to use Samba to access the files in and the printers attached to the Windows XP server from my Linux workstation. The impression I'm getting from everyone I ask is that Samba was designed to allow Windows-based workstations to access fioles/printers on Linux/Unix servers. If this is the case, then I'm sunk. Samba provides a facility to allow your Linux/UNIX system to print to a Windows attached printer. The utility it will use is called smbprint. - John T. I would appreciate any and all advice you can offer in this situation. Much thanks in advance... Joshua Tarplin, MCSE [EMAIL PROTECTED] _ Fretting that your Hotmail account may expire because you forgot to sign in enough? Get Hotmail Extra Storage today! http://join.msn.com/?PAGE=features/es -- John H Terpstra Email: [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Can't login to domain after joining
I have RH 9 running samba 3 with an ldapsam db backend. I've managed to join the domain (as seen in previous missives), but now can't log in. I have done the requiresignorseal hack, but still no dice. The LDAP query that is being passed seems to be of interest. After a successful lookup of the sambaDomain entry, it tries to find this: conn=1 op=2 SRCH base=dc=octigabay,dc=com scope=2 filter=((?=undefined)(objectClass=sambaSamAccount)) Needless to say, that doesn't look quite right. Any ideas? --JB signature.asc Description: This is a digitally signed message part -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] QUESTION: security=ads vs. security=domain
On Wed, 15 Oct 2003 [EMAIL PROTECTED] wrote: Can someone explain to me what ADS buys me over Domain for a member server? We just started implementing Samba 3.0 and want to understand what the new ADS security buys us. Have you read the Samba-HOWTO-Collection.pdf that ships with Samba-3.0.x? It might answer your question. Quote: 4.3.4 ADS Security Mode (User Level Security) Both Samba-2.2, and Samba-3 can join an Active Directory domain. This is possible if the domain is run in native mode. Active Directory in native mode perfectly allows NT4-style Domain Members. This is contrary to popular belief. Active Directory in native mode prohibits only the use of Backup Domain Controllers running MS Windows NT4. If you are using Active Directory, starting with Samba-3 you can join as a native AD member. Why would you want to do that? Your security policy might prohibit the use of NT-compatible authentication protocols. All your machines are running Windows 2000 and above and all use Kerberos. In this case Samba as an NT4-style domain would still require NT-compatible authentication data. Samba in AD-member mode can accept Kerberos tickets. - John T. -- John H Terpstra Email: [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba 3.x client - Samba 2.2.x server authentication?
Ken, In case you have not received a reply: Add to your smb.conf [globals] idmap uid = 15000-2 idmap gid = 15000-2 That should solve your problem. - John T. On Wed, 15 Oct 2003 [EMAIL PROTECTED] wrote: Hey, all. I've upgraded my workstation (Debian) to the Debian Samba 3.x install. I decided to start from scratch with my smb.conf, because I didn't know enough to be wary of what parameters were deleted, etc. So I put password server = sambapdc into my smb.conf, and figured it would Just Work. No dice. A glance at the log file shows [2003/10/15 12:11:08, 1] sam/idmap_tdb.c:db_idmap_init(331) idmap gid range missing or invalid idmap will be unable to map foreign SIDs Some Googling showed this to be some sort of issue with the passdb backend (which Debian set to smbpasswd guest), so I commented it out, thinking it might be conflicting with the password server directive. Nothing doing. Any hints? Thanks, Ken D'Ambrosio Sr. SysAdmin, Xanoptix, Inc. P.S. I have to assume that this has already been mentioned, but the smb.conf manpage -- at least in the Debian version that I have -- has almost none of the directives listed; an obvious editing boo-boo... -- John H Terpstra Email: [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba 3.0 + OpenLDAP 2.1 Saga (LDAP Attacks!)
On Wed, 15 Oct 2003, Sorisio, Chris wrote: Oh Wise Ones, For the past two days, I have contested with the Samba documentation and other sources of lore in a vain attempt to achieve Samba/LDAP integration. My test system is running RedHat 9 with updates applied, along with OpenLDAP OpenSSL from redhat-rawhide, and the Samba 3.0.1pre1 RPM from the Samba website. A couple of questions: The HOWTOs instruct one to slapadd a file which, among other entries, contains: # Setting up container for groups dn: ou=Groups,dc=quenya,dc=org objectclass: top objectclass: organizationalUnit ou: People Is it intentional that the container group setup references 'ou: People' or is that a typo? That is a typo. Sorry. It will be fixed in the next exciting edition of the Samba-HOWTO-Collection. :) Thanks for the heads up. - John T. I've gotten as far as having Samba try to add a machine or user account. Before I started again from scratch, I was as far as getting errors like: Failed initialise SAM_ACCOUNT for user Failed to modify password entry for user But everything else seemed to work - it was binding to the LDAP server, etc. Any ideas? Are the LDIF's in the HOWTO all that are necessary to setup an LDAP server for use with Samba 3? Sincerely, Chris -- John H Terpstra Email: [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] odd system in findsmb output
Does anyone know why I might see the following output from 'findsmb'? Notice the unknown system on a completely different subnet. Would this normally be seen if someone brought in a system with a static IP on a different subnet and connected it to the network? IP ADDR NETBIOS NAME WORKGROUP/OS/VERSION - 152.163.0.0 unknown name Unknown Workgroup 192.168.0.2 PDC *[DOM] [Unix] [Samba 2.2.7a] 192.168.0.3 SYS1 [DOM] [Windows 5.0] [Windows 2000 LAN Manager] 192.168.0.4 SYS2 [DOM] [Windows 5.0] [Windows 2000 LAN Manager] Thanks for any assistance. -- Chris Do not reply to the email address. Please use the contact page below for any desired direct replies. Apologies for the inconvenience. realcomputerguy dot com slash contact dot html -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] samba-3.0.0/source/ 1GB+ after compiling
On Fri, 17 Oct 2003, Alex Shine wrote:
Hello,
I am running solaris 7 on a sparcstation 5. We want to test out the pdc
capablities on this test machine before we deploy this on our network. I
installed gcc version 3.2.2. untared the source and did
./configure ; make
everything seemed to go fine, but the source dir is over a gig in size
now. I did make install, and ran out of disk space. this is what it was
trying to install, these binaries are all between 20 and 57 MB. This can't
be right? can it?
Looks like you compiled with the -g option. Suggest you remove that and
strip the binaries.
- John T.
{SUPERUSER}-builder:/usr/local/samba/bin-89 ls -la
total 451624
drwxrwxr-x 2 root other512 Oct 17 08:48 .
drwxrwxr-x 10 root other512 Oct 17 08:51 ..
-rwxr-xr-x 1 root other 4522 Oct 17 08:48 findsmb
-rwxr-xr-x 1 root other57557216 Oct 17 08:44 net
-rwxr-xr-x 1 root other 418864 Oct 17 08:48 profiles
-rwxr-xr-x 1 root other36132828 Oct 17 08:43 smbclient
-rwxr-xr-x 1 root other26744244 Oct 17 08:46 smbcontrol
-rwxr-xr-x 1 root other3452 Oct 17 08:44 smbspool
-rwxr-xr-x 1 root other26121616 Oct 17 08:46 smbstatus
-rwxr-xr-x 1 root other 4899 Oct 17 08:48 smbtar
-rwxr-xr-x 1 root other 689392 Oct 17 08:46 tdbbackup
-rwxr-xr-x 1 root other24540384 Oct 17 08:45 testparm
-rwxr-xr-x 1 root other23756052 Oct 17 08:45 testprns
Thanks for your help,
Alex
--
John H Terpstra
Email: [EMAIL PROTECTED]
--
To unsubscribe from this list go to the following URL and read the
instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] samba-3.0.0/source/ 1GB+ after compiling
I don't know how I could have added the -g option. I typed the commands
just like this
./configure ; make
I didn't add any switches. Does it have something to do with the
precompiled version of gcc I installed? How do I remove the -g option?
Thanks,
Alex
At 12:35 PM 10/17/2003, John H Terpstra wrote:
On Fri, 17 Oct 2003, Alex Shine wrote:
Hello,
I am running solaris 7 on a sparcstation 5. We want to test out the pdc
capablities on this test machine before we deploy this on our network. I
installed gcc version 3.2.2. untared the source and did
./configure ; make
everything seemed to go fine, but the source dir is over a gig in size
now. I did make install, and ran out of disk space. this is what it was
trying to install, these binaries are all between 20 and 57 MB. This can't
be right? can it?
Looks like you compiled with the -g option. Suggest you remove that and
strip the binaries.
- John T.
{SUPERUSER}-builder:/usr/local/samba/bin-89 ls -la
total 451624
drwxrwxr-x 2 root other512 Oct 17 08:48 .
drwxrwxr-x 10 root other512 Oct 17 08:51 ..
-rwxr-xr-x 1 root other 4522 Oct 17 08:48 findsmb
-rwxr-xr-x 1 root other57557216 Oct 17 08:44 net
-rwxr-xr-x 1 root other 418864 Oct 17 08:48 profiles
-rwxr-xr-x 1 root other36132828 Oct 17 08:43 smbclient
-rwxr-xr-x 1 root other26744244 Oct 17 08:46 smbcontrol
-rwxr-xr-x 1 root other3452 Oct 17 08:44 smbspool
-rwxr-xr-x 1 root other26121616 Oct 17 08:46 smbstatus
-rwxr-xr-x 1 root other 4899 Oct 17 08:48 smbtar
-rwxr-xr-x 1 root other 689392 Oct 17 08:46 tdbbackup
-rwxr-xr-x 1 root other24540384 Oct 17 08:45 testparm
-rwxr-xr-x 1 root other23756052 Oct 17 08:45 testprns
Thanks for your help,
Alex
--
John H Terpstra
Email: [EMAIL PROTECTED]
--
To unsubscribe from this list go to the following URL and read the
instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] (no subject)
Received: from ([63.172.68.228]) HELO=qqcs by avsia.com (Wildcat! SMTP v5.6.450.8) with SMTP id 52241671; Fri, 17 Oct 2003 15:16:52 -0500 -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] The Official Samba 3 How-To and Reference Guide
On Fri, 17 Oct 2003, Dan Shadix wrote: I pre-ordered the book from Amazon and their shipping estimate was October 6, 2003. It hasn't shipped yet. Any idea when it'll be ready to go? The book has left the Prentice Hall Printers and should by now be in their distribution warehouse. It is my understanding that Amazon will start shipping around Oct 24th. - John T. -- John H Terpstra Email: [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] samba-3.0.0/source/ 1GB+ after compiling
On Fri, 17 Oct 2003, Alex Shine wrote:
I don't know how I could have added the -g option. I typed the commands
just like this
./configure ; make
I didn't add any switches. Does it have something to do with the
precompiled version of gcc I installed? How do I remove the -g option?
Check out what is in the CFLAGS line in the Makefile that got generated.
- John T.
Thanks,
Alex
At 12:35 PM 10/17/2003, John H Terpstra wrote:
On Fri, 17 Oct 2003, Alex Shine wrote:
Hello,
I am running solaris 7 on a sparcstation 5. We want to test out the pdc
capablities on this test machine before we deploy this on our network. I
installed gcc version 3.2.2. untared the source and did
./configure ; make
everything seemed to go fine, but the source dir is over a gig in size
now. I did make install, and ran out of disk space. this is what it was
trying to install, these binaries are all between 20 and 57 MB. This can't
be right? can it?
Looks like you compiled with the -g option. Suggest you remove that and
strip the binaries.
- John T.
{SUPERUSER}-builder:/usr/local/samba/bin-89 ls -la
total 451624
drwxrwxr-x 2 root other512 Oct 17 08:48 .
drwxrwxr-x 10 root other512 Oct 17 08:51 ..
-rwxr-xr-x 1 root other 4522 Oct 17 08:48 findsmb
-rwxr-xr-x 1 root other57557216 Oct 17 08:44 net
-rwxr-xr-x 1 root other 418864 Oct 17 08:48 profiles
-rwxr-xr-x 1 root other36132828 Oct 17 08:43 smbclient
-rwxr-xr-x 1 root other26744244 Oct 17 08:46 smbcontrol
-rwxr-xr-x 1 root other3452 Oct 17 08:44 smbspool
-rwxr-xr-x 1 root other26121616 Oct 17 08:46 smbstatus
-rwxr-xr-x 1 root other 4899 Oct 17 08:48 smbtar
-rwxr-xr-x 1 root other 689392 Oct 17 08:46 tdbbackup
-rwxr-xr-x 1 root other24540384 Oct 17 08:45 testparm
-rwxr-xr-x 1 root other23756052 Oct 17 08:45 testprns
Thanks for your help,
Alex
--
John H Terpstra
Email: [EMAIL PROTECTED]
--
John H Terpstra
Email: [EMAIL PROTECTED]
--
To unsubscribe from this list go to the following URL and read the
instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] System error 1314 has occurred
Hello all, I am using Samba on a Debian GNU/Linux box. I am trying to create a netlogon.bat file that will execute whenever a user logs in to the domain. However, I am getting a strange error message on the client workstations. The following is the netlogon.bat: echo Setting Current Time... net time \\xavier /set /yes echo Mapping Network Drives to Samba Server Xavier... net use Z: \\xavier\home\samba\profiles\%U PAUSE __ However, I get the following error messages when the user logs in to the domain: Setting Current Time... C:\Documents and Settings\jarednet time \\xavier /set /yes Current time at \\xavier is 10/17/2003 1:51 PM System error 1314 has occurred. A required privilege is not held by the client. C:\Documents and Settings\jaredecho Mapping Network Drives to Samba Server Xavi er... Mapping Network Drives to Samba Server Xavier... C:\Documents and Settings\jarednet use Z: \\xavier\home\samba\profiles\U System error 67 has occurred. The network name cannot be found. _ Here is my smb.conf: Sample configuration file for the Samba suite for Debian GNU/Linux. Id: smb.conf,v 1.2.4.6 2002/03/13 #Global Settings === [global] #basic server settings workgroup = wolverine netbios name = xavier server string = Samba PDC running %v socket options = TCP_NODELAY IPTOS_LOWDELAY SO_SNDBUF=8192 SO_RCVBUF=8192 domain logons = yes #PDC and master browser settings os level = 64 preferred master = 64 local master = yes domain master = yes #security and logging settings security = user encrypt passwords = yes log file = /var/log/samba/log.%m log level = 2 max log size = 50 #user profiles and home directory logon home = \\%L\%U logon drive = Z: logon script = netlogon.bat logon path = \\%L\profiles\%U #keeping user accounts in sync unix password sync = yes passwd program = /usr/bin/passwd %u passwd chat = *New*UNIX*password* %n\n *Retype*new*UNIX*password* %n\n *Enter*new*UNIX*password* %n\n *Retype*new*UNIX*password* %n\n *passwd: *all* authentication*tokens*updated*successfully* #setting up the time server in order for clients to sync w/ server time server = yes #===shares=== [homes] comment = Home Directories browseable = no writeable = yes [netlogon] comment = Network Logon Service path = /home/netlogon read only = yes browseable = no write list = jared [profiles] path = /home/samba/profiles writeable = yes browseable = no create mask = 0600 directory mask = 0700 To me, it looks like everything should be working, but apparently, I am unable to sync the time with the Samba server, and I am unable to map the drive automatically. Is there anyone that might have an idea about what to do? I would appreciate it! -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] System error 1314 has occurred
On Fri, 17 Oct 2003 [EMAIL PROTECTED] wrote: Hello all, I am using Samba on a Debian GNU/Linux box. I am trying to create a netlogon.bat file that will execute whenever a user logs in to the domain. However, I am getting a strange error message on the client workstations. The following is the netlogon.bat: echo Setting Current Time... net time \\xavier /set /yes echo Mapping Network Drives to Samba Server Xavier... net use Z: \\xavier\home\samba\profiles\%U PAUSE __ However, I get the following error messages when the user logs in to the domain: Setting Current Time... C:\Documents and Settings\jarednet time \\xavier /set /yes Current time at \\xavier is 10/17/2003 1:51 PM System error 1314 has occurred. A required privilege is not held by the client. By default MS Windows NT/2KX/XP systems do NOT allow normal usres to reset the system time. To permit this you must use the appropriate tool n your Windows client to assign the privilidge to set the system time to Domain users. - John T. C:\Documents and Settings\jaredecho Mapping Network Drives to Samba Server Xavi er... Mapping Network Drives to Samba Server Xavier... C:\Documents and Settings\jarednet use Z: \\xavier\home\samba\profiles\U System error 67 has occurred. The network name cannot be found. _ Here is my smb.conf: Sample configuration file for the Samba suite for Debian GNU/Linux. Id: smb.conf,v 1.2.4.6 2002/03/13 #Global Settings === [global] #basic server settings workgroup = wolverine netbios name = xavier server string = Samba PDC running %v socket options = TCP_NODELAY IPTOS_LOWDELAY SO_SNDBUF=8192 SO_RCVBUF=8192 domain logons = yes #PDC and master browser settings os level = 64 preferred master = 64 local master = yes domain master = yes #security and logging settings security = user encrypt passwords = yes log file = /var/log/samba/log.%m log level = 2 max log size = 50 #user profiles and home directory logon home = \\%L\%U logon drive = Z: logon script = netlogon.bat logon path = \\%L\profiles\%U #keeping user accounts in sync unix password sync = yes passwd program = /usr/bin/passwd %u passwd chat = *New*UNIX*password* %n\n *Retype*new*UNIX*password* %n\n *Enter*new*UNIX*password* %n\n *Retype*new*UNIX*password* %n\n *passwd: *all* authentication*tokens*updated*successfully* #setting up the time server in order for clients to sync w/ server time server = yes #===shares=== [homes] comment = Home Directories browseable = no writeable = yes [netlogon] comment = Network Logon Service path = /home/netlogon read only = yes browseable = no write list = jared [profiles] path = /home/samba/profiles writeable = yes browseable = no create mask = 0600 directory mask = 0700 To me, it looks like everything should be working, but apparently, I am unable to sync the time with the Samba server, and I am unable to map the drive automatically. Is there anyone that might have an idea about what to do? I would appreciate it! -- John H Terpstra Email: [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] System error 1314 has occurred
On Friday 17 October 2003 16:22, [EMAIL PROTECTED] wrote: net time \\xavier /set /yes System error 1314 has occurred. A required privilege is not held by the client. Probably because ordinary users don't have the required permissions to set the clock. I only use net time to set the sync the clock on the DOS based OS's which don't have any such security issues. By running an ntp daemon on the server you can sync NT based systems using Win32time. -- Chris Do not reply to the email address. Please use the contact page below for any desired direct replies. Apologies for the inconvenience. realcomputerguy dot com slash contact dot html -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] WinXP SP2: problem loggint into domain
On Fri, 17 Oct 2003, ayach-asu wrote: I have applied the registry patch: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\netlogon\ parameters RequireSignOrSeal=dword: Fine add my machine to the domain (Samba 2.2.8-3.0.0). When I reboot machine and login to the domain from a Windows XP Professional SP2 I get the following message: Windows cannon connect to the domain, either because the domain controller is down or otherwise unavailable, or because your computer account was not found. Help me. Your best solution is to update to samba-3.0.1pre1. This will avoid the need to apply registry changes. Also, make sure that you have used the SWAT wizard to enable your Samba server as a Domain Controller. - John T. -- John H Terpstra Email: [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba very, VERY slow ...
Eric, Suggest you replace the ethernet card and/or the network cable. Sounds like a hardware issue. - John T. On Fri, 17 Oct 2003, Eric Maisonobe wrote: Hello ! I've installed serveral servers under Linux in my association with samba on it, without any problem. But, for the latest application we need to use, samba has to share about 800 borland data files. All goes right, but the systeme (P3-800Mhz-256Mo RAM for 8 users) is very, VERY slow (about 40 second to open the application). I've take a look at the system use, even when a client open a session, and : - the processor is use about ... 3% (97%free) !!! - Mem : 23Mo used...233Mo free !!! - average load : about 0,01 !!! I've putlog level = 0, correct wins server adress, socket options = TCP_NODELAY and my share is : [c] comment = Disk C path = /home/c browseable = yes admin users = guest nobody # I know, it's bad ;-)) but requiered by the appli writable = yes public = yes create mode = 777 Any help would be welcome ! Eric MAISONOBE -- John H Terpstra Email: [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba 3: is LDAP required?
On Wed, 15 Oct 2003, tvsjr wrote: Yes or no - is OpenLDAP required to be on the SAMBA 3.0 server in order for Active Directory support to work? Active Directory support == security = ads. Are you trying to make Samba act as an Active Directory server? If so, then Samba won't do that, you're SOL. If you're trying to make your Samba machine join an Active Directory, no, OpenLDAP is not required. The Active Directory must be running in Mixed or Native mode, not in Native 2003 (2k3 Server only) mode. Not quite! Samba-3.0.x can join a Win2K3 AD Domain that is in Native Mode. This is documented in the Samba-HOWTO-Collection.pdf available with Samba-3 in the chapter on Domain Membership. PS: You can obtain this document from: http://us1.samba.org/samba/docs/Samba-HOWTO-Collection.pdf It is also available from Amazon.Com as The Official Samba-3 HOWTO and Reference Guide for those who want a hard copy. The book has more information in it than the HOWTO. - John T. -- John H Terpstra Email: [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Using User Manager for Domains against a Samba PDC
On Wed, 15 Oct 2003, Jared Rypka-Hauer wrote: Is there a way to use User Manger for Domains against a Samba PDC? I'm running Samba 2.2.8 on Suse 8.0 with a Win2k workstation as a testbed. I can open UMfD and view all users as well as all groups, however when trying to change group memberships or add users, I am given the message incorrect function. I can present logs, etc, if that's needed. I do not recall if this works with Samba-2.2.x series. It will work with Samba-3.0.x series. Any chance of updating to 3.0.1pre1? - John T. -- John H Terpstra Email: [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] how to call an executable script each time a file is created or modified
On Wed, 15 Oct 2003, dave giffin wrote: is it possible to have a samba daemon call an executable script each time a file within one of it shares is modified or a new file is created? Yes. You will need to write a VFS module to do that. Suggest you start with Samba-3.0.1pre CVS code. Look in the directory: ~samba/sources/modules There are a few sample modules in that directory that will give you the idea. I'm looking to develop a file catalogging system for my file server which depends on my software being notified each time a file is modified or a new file created. You will need to craft your own module. Please do contribute your solution to add to the choices already there. - John T. This allows the modified/new file to be scanned for relavent information. :) __ Do you Yahoo!? The New Yahoo! Shopping - with improved product search http://shopping.yahoo.com -- John H Terpstra Email: [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba 3.0 PDC - WinXP question
On Thu, 16 Oct 2003, Alecsandru Chirosca wrote: Can someone please tell me why samba PDC only accepts winXP clients while compiled wih LDAP support (even when the LDAP backend is not used) ? I do not have that problem at my end. I use tdbsam and Windows clients are perfectly happy with it. Perhaps you could send me your smb.conf file? - John T. -- John H Terpstra Email: [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] cannot locate roaming profile
On Fri, 17 Oct 2003, Daniel Kasak wrote:
Hi all.
I've just installed samba-3.0.1-rc1 as a PDC and I can add computers (
win2k ) to the domain, but when users log on, they get an error:
... windows cannot locate your roaming profile ...
or words to that effect.
My smb.conf is:
# Global parameters
[global]
workgroup = NUS
server string = Samba Server %v
bind interfaces only = true
interfaces = 192.168.0.10/24
passdb backend = tdbsam
pam password change = Yes
unix password sync = Yes
log level = 3
log file = /var/log/samba3/log.%m
max log size = 50
name resolve order = wins lmhosts bcast
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
printcap name = cups
add user script = /usr/sbin/useradd -s /bin/false '%u'
delete user script = /usr/sbin/userdel '%s'
add group script = /usr/sbin/groupadd %g getent group
'%g'|awk -F: '{print $3}'
delete group script = /usr/sbin/groupdel '%g'
add user to group script = /usr/bin/gpasswd -a '%u' '%g'
delete user from group script = /usr/bin/gpasswd -d '%u' '%g'
set primary group script = /usr/sbin/usermod -g '%g' '%u'
domain logons = Yes
os level = 33
preferred master = Yes
domain master = Yes
wins support = Yes
printer admin = @adm
printing = cups
preserve case = No
To disable roaming profile usage add:
logon drive =
logon home =
ie: leave the field after the '=' blank.
PS: Also make sure that the user in pdbedit -Lv 'username' does not
specify a profile path.
[homes]
comment = Home Directories
read only = No
browseable = No
[netlogon]
comment = Network Logon Service
path = /usr/local/smb_shares/netlogon
guest ok = Yes
I've read the docs that state that it is not recommended to use roaming
profiles, and I agree. How do I stop windows from trying to locate one?
Oh? What documentation says that you should not use roaming profiles? I'd
like to know where we slipped up!
- John T.
--
John H Terpstra
Email: [EMAIL PROTECTED]
--
To unsubscribe from this list go to the following URL and read the
instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Upgrading to samba3.0.0 from samba3-alpha23 -- can no longer authenticate
Hello, I've just upgraded from samba3-alpha23 to samba3.0.0 release. I'm running samba with an LDAP backend and I used the convertSambaAccount conversion script, and now the latest 3.0.0 ldap schema. The problem I have is that no Windows user can authenticate against their home directory, or any other machine. I don't understand how this happens all of the sudden, given that alpha23 had no problems with authentication. Is there anything else I need to know about rids, SIDS, UID/GID mappings? When I try to join a Win2k machine to the domain I get the error: No mapping between account names and security IDs was done. Do I need to use an idmap backend entry in smb.conf ? I tried that and still have the same problem. Authentication just doesn't work. Why ? The smb.conf did not change. Anybody that had similar problems ? -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] How install samba-swat-2.2.3a-6.i386.rpm ???
Hello, I have downloaded samba-swat-2.2.3a-6.i386.rpm , What can I do in order to install it ? What directory I need to install in ? Any help is greatly appreciated. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Edirectory and Samba - Call for Documentation
On Sat, 2003-10-18 at 04:49, John H Terpstra wrote: Would the kind soul who has Samba working against eDirectory please email me off-list with the steps (details please) of how you made it work. I would like to add this to the Samba-HOWTO-Collection. We have a bug out against this. It only works against Samba 2.2, unless versions of edirectory differ in the RFC complience. Bug #330 Also, it's not possible (as far as I know, at this stage, we should work with novell on this) to use the 'windows password' that is already stored by edirectory for Novell's CIFS server. Andrew Bartlett -- Andrew Bartlett [EMAIL PROTECTED] Manager, Authentication Subsystems, Samba Team [EMAIL PROTECTED] Student Network Administrator, Hawker College [EMAIL PROTECTED] http://samba.org http://build.samba.org http://hawkerc.net signature.asc Description: This is a digitally signed message part -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] How install samba-swat-2.2.3a-6.i386.rpm ???
On Fri, 17 Oct 2003, Angel Simbaqueba wrote:
Hello,
I have downloaded samba-swat-2.2.3a-6.i386.rpm ,
What can I do in order to install it ?
What directory I need to install in ?
rpm -Uvh samba-swat-2.2.3a-6.i386.rpm
That should do the trick. Then you need to enable SWAT in /etc/inetd.conf
or /etc/xinetd.d/{swat,samba}.
Best is to enable swat using the Red Hat 'chkconfig' tool.
Any help is greatly appreciated.
Hope that helps.
-= John T.
--
John H Terpstra
Email: [EMAIL PROTECTED]
--
To unsubscribe from this list go to the following URL and read the
instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] samba3 and 2003 server integration
Hi, Is it possible to have a Windows 2003 server as the PDC and corresponding Exchange server while having domain members being Samba 3? I read in the how to that it can be done with a 2000 PDC but not sure about 2003 PDC. This way, I reached a compermise with my client as to having 2003 mail server/PDC while using open source stuff for the high speed file serving production end. I may even have to use ldap and sendmail anyways for the production end which is Linux/Irix based but the glue between Openldap AD and Sendmail Exchange will be fun. Any feedback is appreciated as usual, Bri- PS Is any of this stuff regarding interoperability in the how to or how to book (that I ordered :) -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] samba3 and 2003 server integration
At 07:28 PM 10/17/2003 -0400, [EMAIL PROTECTED] wrote: Hi, Is it possible to have a Windows 2003 server as the PDC and corresponding Exchange server while having domain members being Samba 3? Yes, I've done it. There are some tricks to get Red Hat 9 to talk to Win 2k3 (having to do with the MIT Kerberos libraries) if that's your distro of choice. The big trick is to ensure that your Active Directory is running in Native Mode - NOT Native 2003 Mode (won't work). Keep in mind that, if you have already upgraded to Native 2003 mode, you can't revert to Native mode (AFAIK). Terry -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] samba3 and 2003 server integration
On Fri, 17 Oct 2003 [EMAIL PROTECTED] wrote: Hi, Is it possible to have a Windows 2003 server as the PDC and corresponding Exchange server while having domain members being Samba 3? Yes. I read in the how to that it can be done with a 2000 PDC but not sure about 2003 PDC. Does it specifically say 2000? Or does it say 200x? This way, I reached a compermise with my client as to having 2003 mail server/PDC while using open source stuff for the high speed file serving production end. It will work. I may even have to use ldap and sendmail anyways for the production end which is Linux/Irix based but the glue between Openldap AD and Sendmail Exchange will be fun. Good luck with this part. Any feedback is appreciated as usual, Oooo. The feedback could be interesting! :) Bri- PS Is any of this stuff regarding interoperability in the how to or how to book (that I ordered :) Yes. Chapter 6 of the book (7 of the HOWTO) deals with domain membership. - John T. -- John H Terpstra Email: [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Ext3+acl vs XFS
Software: - Samba 3.0 (Stable) - OpenLDAP 2.0.27 - Windows 2000 clients I'd like to impliment full-blown nt-style permissions on my existing Samba (with LDAP backend) server / shares. (i.e. file properties-- security: different groups / users, with different permissions etc. etc.) Now I've dug around and found that this can be supported either via ext2/3 + some ACL patch (anyone got a link?), or xfs. My two main questions regarding this are.. a) Does it actually work? b) In terms of overhead / resource utilization, which is better? Also, for those of you using ldap as a backend: in my situation, I'm using ldap as the master information store for all machines in a heterogenous environment (Windows, Linux, BSD, etc.). Has anyone figured out a way to strip Samba accounts of posix attributes? A'la user bob in the ldap tree is a valid user for windows machines joined to the domain, but will not be a valid user (or show up in standard nss_ldap/pam_ldap posixAccount queries to the ldap store) on unix/linux machines. Granted, that's a pretty tall order, as to the best of my understanding the samba ldap attributes are highly dependant on the posix attributes. Thanks for your help folks, and constant thanks to the Samba team for saving me the torture of dealing with Windows :) -- Cybr0t McWhulf -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] (no subject)
Received: from ([63.172.68.228]) HELO=wcyflzdb by avsia.com (Wildcat! SMTP v5.6.450.8) with SMTP id 52326140; Fri, 17 Oct 2003 15:18:16 -0500 -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Samba 3.0.0 issue
I am haveiing asmall problem with samba 3.0.0 as a PDC. The machine joins the domain fine and but when I try to on sign the domain i get an error message saying that Windows can not sign onto the domain, A device is not functioning properly. I have a couple laptops (1 Win 2k and 2 WIN XP) that work fine with it and device manager on the desktop (Win XP) in question says that every thing is fine. Why is windows crapping itself? Help! -- Joe Daily [EMAIL PROTECTED] [EMAIL PROTECTED] qnetjoe on AOL and yahoo instant messanger [EMAIL PROTECTED] on MSN messanger may the source be with you.. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Samba 3.0.0 issue
I am haveiing asmall problem with samba 3.0.0 as a PDC. The machine joins the domain fine and but when I try to on sign the domain i get an error message saying that Windows can not sign onto the domain, A device is not functioning properly. I have a couple laptops (1 Win 2k and 2 WIN XP) that work fine with it and device manager on the desktop (Win XP) in question says that every thing is fine. Why is windows crapping itself? Help! -- Joe Daily [EMAIL PROTECTED] [EMAIL PROTECTED] qnetjoe on AOL and yahoo instant messanger [EMAIL PROTECTED] on MSN messanger may the source be with you.. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Samba Installation question
I wan to download samba from samba.org. If I have installed Linux 8.0, do i need to remove smaba stuff ( pkg, other files ) before i insall new version from web ?. I heard Linux does come with samba by default. OR Is it okay to just install new version even though we have older version which came with Linux ? Any input would be appreciated. -Logi - Do you Yahoo!? The New Yahoo! Shopping - with improved product search -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba 3.0.0 issue
On Fri, 17 Oct 2003, Joe Daily wrote: I am haveiing asmall problem with samba 3.0.0 as a PDC. The machine joins the domain fine and but when I try to on sign the domain i get an error message saying that Windows can not sign onto the domain, A device is not functioning properly. I have a couple laptops (1 Win 2k and 2 WIN XP) that work fine with it and device manager on the desktop (Win XP) in question says that every thing is fine. Why is windows crapping itself? Please send me you smb.conf off-line and I'll help you with it. - John T. -- John H Terpstra Email: [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba Installation question
On Fri, 17 Oct 2003, Guess Logi wrote: I wan to download samba from samba.org. If I have installed Linux 8.0, do i need to remove smaba stuff ( pkg, other files ) before i insall new version from web ?. I heard Linux does come with samba by default. You should be able to download and install the samba-team package. Doing so should auto-uninstall the Red Hat packages. If not, then you can always uninstall the original RPMs. OR Is it okay to just install new version even though we have older version which came with Linux ? Yes. Any input would be appreciated. Any amount of input is available at standard hourly rates and a minumum of 4 hours per billing. :) - John T. -- John H Terpstra Email: [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba 3.0.0 issue
My smb.conf and logs are availbe at http://qnetalpha.com/linux/samba/ -- Joe Daily [EMAIL PROTECTED] [EMAIL PROTECTED] qnetjoe on AOL and yahoo instant messanger [EMAIL PROTECTED] on MSN messanger may the source be with you.. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba 3.0.0 issue
My smb.conf and logs are availbe at http://qnetalpha.com/linux/samba/ -- Joe Daily [EMAIL PROTECTED] [EMAIL PROTECTED] qnetjoe on AOL and yahoo instant messanger [EMAIL PROTECTED] on MSN messanger may the source be with you.. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba 3.0.0 issue
On Fri, 17 Oct 2003, Joe Daily wrote: My smb.conf and logs are availbe at http://qnetalpha.com/linux/samba/ Please send me output of: testparm -s foobar ie: email me your foobar file please. - John T. -- John H Terpstra Email: [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] SMB client signing?
I'm having a bit of trouble getting a share to mount: [EMAIL PROTECTED] samba]# kinit tvsjr Password for [EMAIL PROTECTED]: password [EMAIL PROTECTED] samba]# smbclient -k //server01/e$ smb: \ quit [EMAIL PROTECTED] samba]# mount -t smbfs -o username=tvsjr,krb //server01/e$ /data Warning: kerberos support will only work for samba servers cli_negprot: SMB signing is mandatory and we have disabled it. 2054: protocol negotiation failed SMB connection failed [EMAIL PROTECTED] samba]# My smb.conf: [global] realm = HOME.TVSJR.COM encrypt passwords = yes password server = SERVER01 workgroup = HOME security = ADS client use spnego = yes client signing = yes server signing = yes I'm trying to mount a share from a Windows 2K, XP, or 2k3 box. Any suggestions? Thanks, Terry -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Speed problem connecting to samba over Internet
I have a samba file share configured on RH7.3. smb.conf is below. I have a stunnel running with: stunnel -d -r localhost:139 I'm connecting to this from Windows using instructions as per here: http://www.cheswick.com/ches/cheap/tunnelsolution.html , which is basically stunnel running in Windows stunnelling port 139 on a local IP to on my remote server, so that I can access the share via (in windows speak) \\localIP\test It all works fine, but it takes a lng time to make connections. Once a connection is established, the speed is fine - a single 12Mb file takes about 90 seconds to transfer from the server. Through windows explorer, ten 1k files take about 15 seconds to transfer (pretty slow). Through a Windows text editor though, a single 1k text file takes about 8 seconds to open, and about 10 seconds to save - operations that would both be instantaneous on the local disk. TIA for any tips/advice. (I can't connect directly to the server because my ISP has port 139 blocked) James smb.conf: [global] workgroup = S1 encrypt passwords = yes [test] comment = test path = /some/path/to/some/webspace read only = no guest ok = no -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
CVS update: samba/source
Date: Fri Oct 17 14:43:09 2003 Author: jelmer Update of /home/cvs/samba/source In directory dp.samba.org:/tmp/cvs-serv5591/source Modified Files: Tag: SAMBA_3_0 Makefile.in Log Message: CP* modules are not related to development Revisions: Makefile.in 1.468.2.186 = 1.468.2.187 http://www.samba.org/cgi-bin/cvsweb/samba/source/Makefile.in.diff?r1=1.468.2.186r2=1.468.2.187
CVS update: samba/source/include
Date: Fri Oct 17 15:02:38 2003 Author: jmcd Update of /home/cvs/samba/source/include In directory dp.samba.org:/tmp/cvs-serv8372/include Added Files: rpc_epmapper.h Log Message: Add endpoint mapper rpc definitions Revisions: rpc_epmapper.h NONE = 1.1 http://www.samba.org/cgi-bin/cvsweb/samba/source/include/rpc_epmapper.h?rev=1.1
CVS update: samba/source/rpc_parse
Date: Fri Oct 17 15:03:46 2003 Author: jmcd Update of /home/cvs/samba/source/rpc_parse In directory dp.samba.org:/tmp/cvs-serv8464/rpc_parse Added Files: parse_epmapper.c Log Message: Add (un)marshalling code for endpoint mapper map operation Revisions: parse_epmapper.cNONE = 1.1 http://www.samba.org/cgi-bin/cvsweb/samba/source/rpc_parse/parse_epmapper.c?rev=1.1
CVS update: samba/source/include
Date: Fri Oct 17 15:07:24 2003 Author: jmcd Update of /home/cvs/samba/source/include In directory dp.samba.org:/tmp/cvs-serv8958/include Modified Files: smb.h ntdomain.h Log Message: Add epmapper pipe Revisions: smb.h 1.494 = 1.495 http://www.samba.org/cgi-bin/cvsweb/samba/source/include/smb.h.diff?r1=1.494r2=1.495 ntdomain.h 1.86 = 1.87 http://www.samba.org/cgi-bin/cvsweb/samba/source/include/ntdomain.h.diff?r1=1.86r2=1.87
CVS update: samba/source
Date: Fri Oct 17 15:07:53 2003 Author: jmcd Update of /home/cvs/samba/source In directory dp.samba.org:/tmp/cvs-serv8995 Modified Files: Makefile.in Log Message: Add endpoint mapper parse code Revisions: Makefile.in 1.723 = 1.724 http://www.samba.org/cgi-bin/cvsweb/samba/source/Makefile.in.diff?r1=1.723r2=1.724
CVS update: samba/source/passdb
Date: Fri Oct 17 16:27:26 2003 Author: jerry Update of /data/cvs/samba/source/passdb In directory dp.samba.org:/tmp/cvs-serv18486/passdb Modified Files: pdb_gums.c Log Message: * fix some compile warnings in the gums code * add server support for DsEnumerateDomainTrusts() Revisions: pdb_gums.c 1.1 = 1.2 http://www.samba.org/cgi-bin/cvsweb/samba/source/passdb/pdb_gums.c.diff?r1=1.1r2=1.2
CVS update: samba/source/rpc_server
Date: Fri Oct 17 16:27:26 2003 Author: jerry Update of /data/cvs/samba/source/rpc_server In directory dp.samba.org:/tmp/cvs-serv18486/rpc_server Modified Files: srv_netlog.c srv_netlog_nt.c Log Message: * fix some compile warnings in the gums code * add server support for DsEnumerateDomainTrusts() Revisions: srv_netlog.c1.88 = 1.89 http://www.samba.org/cgi-bin/cvsweb/samba/source/rpc_server/srv_netlog.c.diff?r1=1.88r2=1.89 srv_netlog_nt.c 1.74 = 1.75 http://www.samba.org/cgi-bin/cvsweb/samba/source/rpc_server/srv_netlog_nt.c.diff?r1=1.74r2=1.75
