RE: [Samba] what will be mounted

2003-10-29 Thread Ow Mun Heng
>>when i mount windows, will all partitions be mounted or just C drive...

you have to mount one by one

Cheers, .^.
Mun Heng, Ow/V\
H/M Engineering   /(   )\
Western Digital M'sia  ^^-^^
DID : 03-7870 5168  The Linux Advocate




-Original Message-
From: Vishesh kaul [mailto:[EMAIL PROTECTED]
Sent: Thursday, October 30, 2003 12:45 PM
To: [EMAIL PROTECTED]
Subject: [Samba] what will be mounted



can samba mount the whole windows system on a computer by default..  
suppose id i have 8 partitions on my hard disk (C,D,E,F,G,H,I,J).. when i
mount windows, will all partitions be mounted or just C drive...
 
your only special contact on earth
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba
--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba


RE: [Samba] charsets in samba3

2003-10-29 Thread Andre de Koning
Thanks a mil Jeremy - This is the first answer I recieved.  I actually had
the users rename all the affected files.
Will test now.

Andre

-Original Message-
From: Jeremy Allison [mailto:[EMAIL PROTECTED]
Sent: 30 October 2003 02:19
To: Andre de Koning
Cc: [EMAIL PROTECTED]
Subject: Re: [Samba] charsets in samba3


On Wed, Oct 08, 2003 at 04:10:29PM +0200, Andre de Koning wrote:
> Is there any way to make samba use whatever the default charset was on
samba
> 2.2.x (like 2.2.3?).
>
> I've just upgraded to samba 3 and just about every second file displays
> incorrectly on my windows clients and most of them refuse to open because
of
> this.  THis is causing absolute chaos to the point where I (an avid
windows
> hater) am starting to look at reload all the servers in question with w2k
> server.
>
> I've played around with "dos charset", "unix charset" and "display
charset"
> but have no luck.  I have no clue what this should be set to to make this
> work like they did before with samba 2.2.3 and don't even have a clue what
> options I can choose from - nothing in the man page except one example!
>
> Any help, PLEASE?

Better late than never I hope.

unix charset = ISO8859-1
dos charset = CP850

would be the defaults 2.2.x used.

Jeremy.

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba


Re: AW: [Samba] Help for Samba 3 and Win ADS

2003-10-29 Thread Denis M.J.
Hi Dieter,

There are several things you need to set up on the samba server for AD 
user to have access to it.

* To be in the AD/domain
   - smb.conf with the proper security mode, password server and realm
   - net join the AD
   - make sure the samba machine shows up in the list of trusted 
computers and is properly accessible (DNS and that kind)
   - make sure smbd, nmbd and winbind run
  you can than check the list of users with the command
   $ getent passwd

* To let users access unix services
   - set up nsswitch.conf so passwd and group also use winbind
   - set up pam properly, ie let it use winbind too.
I think this should work. At least that's what the doc says.
I am not really familiar with the error you're getting but it might be 
because you're not using winbind.
Quote from the doc:
"If winbindd is not running, smbd (which calls winbindd) will fall back to
using purely local information from /etc/passwd and /etc/group and no
dynamic mapping will be used."

So make sure winbind is running, the HOWTO explains how to add it to you 
/etc/init.d/samba.
It might vary depending on where you got samba from (official package or 
distribution package).
Chapter 21 is on winbind.

I hope it works out for you.
Denis
Dieter Wilkens wrote:

Hi Denis,

I just tried this but still I can't log on the samba server with a domain user!

If I try to do so I get the error:

[2003/10/29 08:48:37, 0] auth/auth_util.c:make_server_info_info3(1017)
 make_server_info_info3: pdb_init_sam failed!
in the log file of the client on samba server...

Is there anytihng else I have to adjust on the samba server?
I sucessfully joined the domain with ADS and can see the server from my windows 
machine - but as soon as I try to connect I get the error (exept with one user that I 
created on the linux server)!
Any ideas?

Here is my smb.conf

**

#=== Global Settings ===
[global]
   log file = /var/log/samba/log.%m
   server string = %h server (Samba %v)
   socket options = TCP_NODELAY
   encrypt passwords = yes
   security = ads
   realm = 
   workgroup = 
   password server = 
   syslog = 0
#== Shares =
[daten]
comment = Daten auf Debian 
path = /daten
browsable = yes
guest ok = yes

**



-Urspr?ngliche Nachricht-
Von: Denis M.J. [mailto:[EMAIL PROTECTED] 
Gesendet: Dienstag, 28. Oktober 2003 21:52
An: Dieter Wilkens
Cc: [EMAIL PROTECTED]
Betreff: Re: [Samba] Help for Samba 3 and Win ADS

If you're joining the AD you can use the mode ADS with the lines # smb.conf:
   security = ADS
   realm =  your.kerberos.realm
   encrypt passwords = yes
   password server = MYWINPDC
please refer to section 7.4 (Domain Membership - Samba ADS Domain 
Membership) in the HOWTO.



Dieter Wilkens wrote:

 

Thanks for that hint.
I downloaded the HOTO and tried to make everything like descibed there 
but it is still not working ;-(

I set the 'security = domain" the 'workgroup = MYDOMAIN' and the 
'password server = MYWINPDC' in the smb.conf and restartet samba. After 
that I tried the 'net join -S MYWINPDC -UMyAdmin%MyPassword' and get 
the following result:

'realm must be set in smb.conf for ADS join to succeed.
ADS join did not work, faling back to RPC...
Joined domain MYDOMAIN'


   

From the PDC I can see the sambe server in ADS and in the network
   

  

 

neighborhood. If I try to connect samba asks for a username and 
password (should be OK with the DOMAIN-Admin.). So I type in the 
Admin and PAssword but without getting a connection. In the logfile on 
the samba server there are the following lines in
'log.MYWINPDC':

'[2003/10/28 10:18:50, 0] auth/auth_util.c:make_server_info_info3(1017)
make_server_info_info3: pdb_init_sam failed!
[2003/10/28 10:18:50, 0] auth/auth_util.c:make_server_info_info3(1017)
make_server_info_info3: pdb_init_sam failed!
[2003/10/28 10:19:28, 0] auth/auth_util.c:make_server_info_info3(1017)
nake_server_info_info3: pdb_init_sam failed!'
Any ideas wahts going wrong here?

Regards

 Dieter

"Adam Williams" <[EMAIL PROTECTED]> schrieb im Newsbeitrag 
news:[EMAIL PROTECTED]

   

Just started to play around with Samba 3 (on debian 3.0) and a 
win2000 domain. Can anyone help me to integrate the Samba server into 
the win domain? It should act as a file server for the useres and 
groups from


   

win

   

and therefor I need different rights and permissions for the 
shares... Any help is appreciated ;-)


   

See the Samba-HOWTO-Collection available on the Samba website.  It 
covers this in detail.

--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba
  

 



   



 



--
To unsubscribe from this list go to the following URL

[Samba] what will be mounted

2003-10-29 Thread Vishesh kaul

can samba mount the whole windows system on a computer by default..  
suppose id i have 8 partitions on my hard disk (C,D,E,F,G,H,I,J).. when i
mount windows, will all partitions be mounted or just C drive...
 
your only special contact on earth
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba


Re: [Samba] Internet Explorer

2003-10-29 Thread Richard Ssekibuule
Thanks big time for your advice.
The solution is clearer now.
Richard.

On Wednesday 29 October 2003 21:49, rruegner wrote:
> hi,
> i am not sure if i understand you in the right way but
> this are the magic to make squid use transparent
> #transproxy feature, very cool content filtering can be done with
> squidguard #iptables -t nat -A PREROUTING -i eth2 -s ! 10.10.10.2 -p tcp
> --dport 80 -j DNAT --to 10.10.10.2:3128
> #iptables -t nat -A POSTROUTING -o eth2 -s 10.10.10.0/24 -d 10.10.10.2 -j
> SNAT --to 10.10.10.2
> #iptables -A FORWARD -s 10.10.10.0/24 -d 10.10.10.2 -i eth2 -o eth2 -p
> tcp --dport 3128 -j ACCEPT
> for sure you have to enable additional stuff in squid.conf and change
> settings to your need in example above ( study man squid)
> as you know changing settings for ie i think is only allowed for
> powersusers ( but i am not sure at the moment )
> but in fact if your users cant change it they have no permission too.(win
> stuff)
> As i think if you want to give them the permission to change i e settings
> you have to give them
> higher prior on their local workstations.( like superuser etc.)..not
> all users are equal in their needs!
> But as i remember i had never problem with that, if you store their
> profiles in their homes on samba.( when i use this old distro setup )
> But in Version 2.2.5 there is not a valid group mapping between samba /
> unix to windows,
> therefore an for other reason (security ) you should upgrade t samba 3 (
> load it from ftp.suse.com people gd )
> than you can build a nearly equal nt4 pdc with group mapping
> match the groups with that bash script
> #!/bin/bash
>
> net groupmap modify ntgroup="Domain Admins" unixgroup=root
> net groupmap modify ntgroup="Domain Users" unixgroup=users
> net groupmap modify ntgroup="Domain Guests" unixgroup=nobody
> net groupmap modify ntgroup="Administrators" unixgroup=ntadmin
> net groupmap modify ntgroup="Users" unixgroup=users
> net groupmap modify ntgroup="Guests" unixgroup=nobody
> net groupmap modify ntgroup="System Operators" unixgroup=sys
> net groupmap modify ntgroup="Account Operators" unixgroup=ntadmin
> net groupmap modify ntgroup="Backup Operators" unixgroup=bin
> net groupmap modify ntgroup="Print Operators" unixgroup=lp
> net groupmap modify ntgroup="Replicators" unixgroup=daemon
> net groupmap modify ntgroup="Power Users" unixgroup=sys
>
> you can use than USRMGR.EXE for create users groups etc
> in my setup this works finewith nt policies i am able to give
> different users/groups to different proxies and fine tune the content
> filtering ie. example adults and kids
> machine adding on the fly to samba 3 work now too
> study the new faqs for samba.
> note that the out of the boy version from suse is not valid for a good
> working pdc
> ( for 700 users you should use ldap with samba not smbpasswd )
> Good Luck
> Best Regards
>
> - Original Message -
> From: "Richard K Ssekibuule" <[EMAIL PROTECTED]>
> To: <[EMAIL PROTECTED]>
> Sent: Wednesday, October 29, 2003 7:11 PM
> Subject: [Samba] Internet Explorer
>
> > I have successfully setup a samba 2.25 PDC on SuSE8.1 for my 700 users.
> > My problem: These users cannot change their Internet explorer proxy
>
> setting.
>
> > Question: How can I grant rights to change Internet explorer settings
> > without compromising administrative security?
> >
> > My kernel cannot do transparent proxy, but I use squid to schedule users
> > Internet access.
> > The server running squid is different from the one running squid/gateway.
> >
> > Thanks in advance.
> >
> > Richard.
> > --
> > To unsubscribe from this list go to the following URL and read the
> > instructions:  http://lists.samba.org/mailman/listinfo/samba


--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba


[Samba] Transparent migration of user profiles

2003-10-29 Thread kenjie Trillanes
Anybody,

Can I please have some ideas on transparently migrating my user profiles 
(originally from a Win2K PDC) to a Samba 3 PDC (with LDAP) ???. I have 
already done the following:

1) Make my samba3 server a BDC server and used "net rpc vampire" to 
acquire the users (though there seems to be a problem with net vampire 
if your users are in a ldap database).

2) Used the same SID as the former domain.

My requirements are:

1) The users are supposed to retain their local profiles, whenever they 
login (there should be no new profiles created).

Please help

Sincerely,
ATrillanes
--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba


Re: [Samba] Dfs - Load Balancing

2003-10-29 Thread brian
Hi,

I've also an interest in Dfs and plan implementation once I 
have sufccessfully gone to Samba 3.

>1) How does it load balance?  Is it some sort of round robin?
No, its more like autofs using NFS with sym links in the Unix 
world.

What I mean is that you can spread various data over several 
unique volumes and have them appear under the same dir 
structure.  This not only simplifies data management 
in "where are my files again" but it also allows you to 
spread network and disk i/o over several points.  Another 
advantage is that maintanance can be performend on a 
particular data location (ie; Raid) without affecting the 
entire directory or job structure.

All this is very old skewl stuff in the Unix world but is 
kinda new in the Windows world.

One thing to keep in mind is that the initial data request 
goes through the Dfs server in order to establish the mount 
point or network path but after that, subsequent requests go 
directly to that server bypassing the Dfs server.

As for the rest of your Q's, test and document your results.

Bri-
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba


RE: [Samba] File Permission Question

2003-10-29 Thread Ow Mun Heng
>>I need to setup samba so that when a new file is created it
>>is writeable to the entire group, not just the person who created it

Try this...in your smb.conf

create mode = 0665

I'm very bad with octet permissions.. 0665 would be I think something like
drwxrwxr-x



Cheers, .^.
Mun Heng, Ow/V\
H/M Engineering   /(   )\
Western Digital M'sia  ^^-^^
DID : 03-7870 5168  The Linux Advocate




-Original Message-
From: Philip Bubel [mailto:[EMAIL PROTECTED]
Sent: Thursday, October 30, 2003 6:18 AM
To: [EMAIL PROTECTED]
Subject: [Samba] File Permission Question


Hello All,
Got a little problem that I'm hoping somebody can help me solve.  I've
got a samba server set as the office's file server.  We have a large common
share that different people put documents in, and are to be modified by
other people.  I need to setup samba so that when a new file is created it
is writeable to the entire group, not just the person who created it.  Here
is any example.
 
Current:
drwxr-xr-x7 hhaynes  hhaynes  foobar.txt 
 
What I need
drwxrwxr-xhhaynes hr (or whatever the group owning the directory is)
 
If anybody can point me in the right direction it would be most helpful.
Thanks.
 
Philip Bubel
[EMAIL PROTECTED]

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba
--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba


RE: [Samba] Linux -> Win2k

2003-10-29 Thread Ow Mun Heng
>>| Can somebody tell me how or if its possible to sord of map a directory
>>on a | win2k machine to a link or a dir on the linux machine.  Like a
mirror.

Try using smbmount.

Cheers, .^.
Mun Heng, Ow   /V\
H/M Engineering   /(   )\
Western Digital M'sia  ^^-^^
DID : 03-7870 5168  The Linux Advocate




-Original Message-
From: Gémes Géza [mailto:[EMAIL PROTECTED]
Sent: Thursday, October 30, 2003 7:32 AM
To: Niklas Berglund
Cc: [EMAIL PROTECTED]
Subject: Re: [Samba] Linux -> Win2k


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Niklas Berglund írta:
| Hello..
|
| Can somebody tell me how or if its possible to sord of map a directory
on a
| win2k machine to a link or a dir on the linux machine.  Like a mirror.
|
|
| I have a win2k machine (192.168.168.2) and a linux machine (192.168.168.1)
| running samba.
|
| Ive been trying to get samba to do it for me, like this :
|
| smb.conf
| --
|
| [super]
| comment = Superoffice
| path = //192.168.168.2/Super/
| valid users = %S @wheel @users
| invalid users = root bin daemon nobody named www uucp
| writeable = Yes
| create mask = 0777
| force create mode = 0777
|
|
| Im not sure how to properly write the "path=" parameter on thisone.
|
| Can someone help me please?
|
| Regards
| Nick.
|
|
|
I'm really not an expert on the subject, but I've read one of them
writing before on this list about the fact, that samba can access only
files accessible by the host OS, e.g /somedir/someotherdir/...
But I think, that what you are trying could be achieved by using DFS.
I would suggest to read chapter 17 of the Samba Howto Collection.

Good Luck!

Geza Gemes
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.2.2 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQE/oE3o/PxuIn+i1pIRAgbMAJ9CFX/dQyZuSkeBQsT7sP5kI4qKeACfbYvT
A2oN+bsEsZ3Yx4JY8zMx0N8=
=eZvV
-END PGP SIGNATURE-

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba
--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba


Re: [Samba] Dfs - Load Balancing

2003-10-29 Thread Jerry Haltom
I will second this.

On Wed, 2003-10-29 at 19:48, David Chait wrote:
> I am not certain how Samba specifically will handle this, but I can say from
> experience that MS's FRS/DFS implimentation is a dissaster, don't go near it
> if you value your data.
> 
> - Original Message - 
> From: "Nicholas McDowell" <[EMAIL PROTECTED]>
> To: <[EMAIL PROTECTED]>
> Sent: Wednesday, October 29, 2003 5:28 PM
> Subject: [Samba] Dfs - Load Balancing
> 
> 
> > Hi,
> >
> > I was wondering if anyone has had any experience with using the Dfs
> > functionality within Samba.
> >
> > I've been searching for any performance information and or documentation
> > regarding Dfs in particular load balancing i.e.
> >
> > 1) How does it load balance?  Is it some sort of round robin?
> > 2) Is there a limit to the number of servers that can used in the load
> > balance?
> > 3) How many requests per second can Dfs handle?
> >
> > Any information or links would be greatly appreciated.
> >
> > Thanks
> > Nicholas
> >
> >
> >
> >
> >
> >
> > -- 
> > To unsubscribe from this list go to the following URL and read the
> > instructions:  http://lists.samba.org/mailman/listinfo/samba
> >
> >
-- 
Jerry Haltom <[EMAIL PROTECTED]>
Feedback Plus, Inc.

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba


RE: [Samba] share permissions

2003-10-29 Thread Ow Mun Heng
>>How can I add another user or group to Samba so the teacher and student
have full 
>>control over the folder?

Have something like

valid users = user1 user2 <-- should be self explanatory
write list = @teachers  <--this is the groupings (same as *nix Groups)

something likt that

Cheers, .^.
Mun Heng, Ow/V\
H/M Engineering   /(   )\
Western Digital M'sia  ^^-^^
DID : 03-7870 5168  The Linux Advocate




-Original Message-
From: Tom Czachor [mailto:[EMAIL PROTECTED]
Sent: Thursday, October 30, 2003 12:38 AM
To: [EMAIL PROTECTED]
Subject: [Samba] share permissions


I am trying to setup Samba in a classroom so that a student's samba folder
can be accessed via Windows by the student and the teacher. I have Samba
working, but can only get the student access to the folder. How can I add
another user or group to Samba so the teacher and student have full control
over the folder?

Thanks
Tom
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba
--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba


[Samba] Questions on Backup Domain Control

2003-10-29 Thread Larry Liu
John, and the Samba community,

Thanks for all your previous help.

We are writing to clarify a couple of questions that arose from our
reading of Samba 3 Official Documentation - Chapter 6: Backup
Domain Control (see the quoted paragraphs below).

Question 1 / Scenario 1:
Trust Domain Account Relationships

Houston:
PDC (functioning as centralized domain SAM)
|
Trust Domain Account Relationship
|
Denver:
BDC (acting as PDC for local SAM)
CLIENTS (periodically updating machine account information to local SAM)

In this scenario, we interpret the documention to be stating that since
the local
SAM in Denver isn't sending its update information to the Houston PDC;
when
the Houston PDC rsyncs with the Denver BDC, the Denver BDC's SAM will
be overwritten with old machine account data and the result will be a
broken
trust. The suggested improvement is to use a LDAP database rather than
SAM.

Is this a correct interpretation?

Question 2 / Scenario 2:
PDC-BDC Fail Over

Our local network domain has no Trust Domain Relationships configured.
However, the above scenario does raise the question of the best way to
handle
our domain in the event of a  fail over:

San Jose:
PDC (acting as PDC for local SAM)
|
rsync (PDC SAM rsyncs to BDC SAM)
|
BDC (acting as fail over BDC for the local domain)

We have been running various fail-over scenairos in our lab for the last

month. Our only password backend option is tdbsam (no LDAP backend
approved).
When we disconnected the PDC from the network, the BDC continued to
authenticate users, allow logons, run longon scripts, etc.

We were pleased to discover that tests to create/update/add/delete
various
user and machine accounts produced an error message and didn't allow
changes
on the BDC's (read only) SAM (no rsync overwrite issues).

The remaining questions: are client systems also locked out of the BDC's
SAM
for updating their own machine account information until there is a PDC
present
on the domain again?

Worst Case Scenario:
Since rsync goes PDC->BDC, if there was a major hardware failure on the
PDC
and the BDC's role was changed to PDC until the original failed system
was
repaired,  would the new PDC's SAM then allow account updates?
- and -
woud it be a best practice to configure the old PDC to a BDC after it is
repaired
then bring in back online and rsync with the current PDC?



--
>From Samba 3 Official Documentation - Chapter 6: Backup Domain Control
--

Features and Benefits


  The use of a non-LDAP backend SAM database is particularly
problematic because Domain Member servers and workstations
  periodically change the Machine Trust Account password. The
new password is then stored only locally. This means that in the absence

  of a centrally stored accounts database (such as that provided
with an LDAP-based solution) if Samba-3 is running as a BDC, the BDC
  instance of the Domain Member trust account password will not
reach the PDC (master) copy of the SAM. If the PDC SAM is then
  replicated to BDCs, this results in overwriting the SAM that
contains the updated (changed) trust account password with resulting
  breakage of the domain trust.

Machine Accounts Keep Expiring

  This problem will occur when the passdb (SAM) files are copied
from a central server but the local Backup Domain Controller is acting
as
  a PDC. This results in the application of Local Machine Trust
Account password updates to the local SAM. Such updates are not copied
  back to the central server. The newer machine account password
is then over written when the SAM is re-copied from the PDC. The
  result is that the Domain Member machine on start up will find
that its passwords do not match the one now in the database and since
the
  startup security check will now fail, this machine will not
allow logon attempts to proceed and the account expiry error will be
reported.

  The solution is to use a more robust passdb backend, such as
the ldapsam backend, setting up a slave LDAP server for each BDC, and a
  master LDAP server for the PDC.

--

Larry Liu
Robert Inerbickler
Sun Microsystems

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba


Re: [Samba] Dfs - Load Balancing

2003-10-29 Thread David Chait
I am not certain how Samba specifically will handle this, but I can say from
experience that MS's FRS/DFS implimentation is a dissaster, don't go near it
if you value your data.

- Original Message - 
From: "Nicholas McDowell" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Wednesday, October 29, 2003 5:28 PM
Subject: [Samba] Dfs - Load Balancing


> Hi,
>
> I was wondering if anyone has had any experience with using the Dfs
> functionality within Samba.
>
> I've been searching for any performance information and or documentation
> regarding Dfs in particular load balancing i.e.
>
> 1) How does it load balance?  Is it some sort of round robin?
> 2) Is there a limit to the number of servers that can used in the load
> balance?
> 3) How many requests per second can Dfs handle?
>
> Any information or links would be greatly appreciated.
>
> Thanks
> Nicholas
>
>
>
>
>
>
> -- 
> To unsubscribe from this list go to the following URL and read the
> instructions:  http://lists.samba.org/mailman/listinfo/samba
>
>


-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba


[Samba] Dfs - Load Balancing

2003-10-29 Thread Nicholas McDowell
Hi,

I was wondering if anyone has had any experience with using the Dfs
functionality within Samba.

I've been searching for any performance information and or documentation
regarding Dfs in particular load balancing i.e.

1) How does it load balance?  Is it some sort of round robin?
2) Is there a limit to the number of servers that can used in the load
balance?
3) How many requests per second can Dfs handle?

Any information or links would be greatly appreciated.

Thanks
Nicholas






-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba


[Samba] profile migration - resend

2003-10-29 Thread brian
Hi,

I am almost ready to switch over from 2.2.7 to 3 but found 
that a user profile created in 2.2 doesn't work in 3-

ie; 
during login to a Samba 3 server, an error occurs and profile 
modifications are not permitted or recognized.

This may seem trivial but I have 50 users, each with complex 
desktop setups which help them with there daily tasks of CG 
post production (so some of you know the primadonnas that 
this env can breed :).

Does any one know of an elegant solution to profile migration?

If not, this is what I was planning on doing;

To circumvent this, I was planning to use the Windows 
facility of copying 1 profile to another but my problem is 
getting the 2 Samba domains to co-habitate as I set up each 
Samba PDC with its own unique name (for testing and the 
company name is changing so references to the old regime are 
not desired).

How would I get a Samba 2.2.7 PDC with domain name ABC to 
trust another Samba 3.0 PDC with domain name XYZ for the 
purpose of copyinmg 1 profile to another vi Windows?

Bri-
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba


[Samba] Add Printer Wizard

2003-10-29 Thread Jerry Haltom
I'm having a bit of trouble getting a Samba printer set up.

What I have is a postscript capable HP laserjet. It actually has
IPP/HTTP and stuff on it. I need queueing to work, so my clients can't
print to it directly, so what I want to do is:

Get the printer set up on a central CUPs server: done. Printing quality
is perfect from Unix machines. Thank you postscript!

Have samba print to that printer as well, this, I have working, but it's
not pretty. The quality is horrible, and im not sure why. Things are
grainy, blocky, etc. This is printing from a Windows computer (with teh
HP laserJet PS drivers installed). Samba is messing up my image quality!
Not sure what is causing that.

I also can't seem to get the Add Printer Drivers wizard to work right. I
followed the instructions in the 3.0 howto as best as I could. My samba
"admin" user, is named "samba", he has a uid 0. It's stored in LDAP. It
works for joining computers to the domain.

I added "samba" to printer admin, and when I try to loginto a Windows
computer, as this user, and add a driver, I get: Access Denied.

I'm not sure what I'm being denied access too! This user has uid 0.

After setting all this up, can I expect queue's to be consistant? I need
to see, in the Windows queue, unix jobs submitted directly to cups. On
the cup's queue, I'd like to see window's jobs. Also, can samba be made
to spool to cups AS it's receiving from the client? We regularly print
out 900 page jobs, which take 30 pages to print from the client to the
server. If the client has to sit there and spool all 900 pages before
the job can even start, we've doubled our print time! As of now, Windows
will start printing INSTATLY upon receiving data from the client, this
may be more like "buffering" than "spooling". 

Thanks for the prompt assistance.
-- 
Jerry Haltom <[EMAIL PROTECTED]>
Feedback Plus, Inc.

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba


Re: [Samba] charsets in samba3

2003-10-29 Thread Jeremy Allison
On Wed, Oct 08, 2003 at 04:10:29PM +0200, Andre de Koning wrote:
> Is there any way to make samba use whatever the default charset was on samba
> 2.2.x (like 2.2.3?).
> 
> I've just upgraded to samba 3 and just about every second file displays
> incorrectly on my windows clients and most of them refuse to open because of
> this.  THis is causing absolute chaos to the point where I (an avid windows
> hater) am starting to look at reload all the servers in question with w2k
> server.
> 
> I've played around with "dos charset", "unix charset" and "display charset"
> but have no luck.  I have no clue what this should be set to to make this
> work like they did before with samba 2.2.3 and don't even have a clue what
> options I can choose from - nothing in the man page except one example!
> 
> Any help, PLEASE?

Better late than never I hope.

unix charset = ISO8859-1
dos charset = CP850

would be the defaults 2.2.x used.

Jeremy.
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba


[Samba] windows shares duplicate samba shares instead of reporting own shares

2003-10-29 Thread Nathan Speed
Hi,

I've got 3 pc's in a small network. One runs OpenBSD 3.3 with samba 2.2,
one runs windows 98 SE, and the other runs windows xp. The samba machine
has some shares defined in smb.conf. I can get to those shares from
windows.

The problem is that I can't get to any of the shares on the windows
machines. When I am browsing the SMB workgroup, the windows pc's show up
with the right names, but with the shares defined in smb.conf on the samba
machine.

The windows pc's have some shared files and one has a shared printer. When
I am on one of the windows pc's, and I browse the workgroup, I can see the
correct shares for the computer that I am at, but I see the incorrect
shares (the samba shares) for the other windows pc. I can not get to the
actual windows shares. 

What would cause this? I confess I have never taken the time to truly
understand Windows Networking. Please excuse my newbness.

Thanks for reading!
Nathan Speed

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba


Re: [Samba] Linux -> Win2k

2003-10-29 Thread Gémes Géza
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Niklas Berglund írta:
| Hello..
|
| Can somebody tell me how or if its possible to sord of map a directory
on a
| win2k machine to a link or a dir on the linux machine.  Like a mirror.
|
|
| I have a win2k machine (192.168.168.2) and a linux machine (192.168.168.1)
| running samba.
|
| Ive been trying to get samba to do it for me, like this :
|
| smb.conf
| --
|
| [super]
| comment = Superoffice
| path = //192.168.168.2/Super/
| valid users = %S @wheel @users
| invalid users = root bin daemon nobody named www uucp
| writeable = Yes
| create mask = 0777
| force create mode = 0777
|
|
| Im not sure how to properly write the "path=" parameter on thisone.
|
| Can someone help me please?
|
| Regards
| Nick.
|
|
|
I'm really not an expert on the subject, but I've read one of them
writing before on this list about the fact, that samba can access only
files accessible by the host OS, e.g /somedir/someotherdir/...
But I think, that what you are trying could be achieved by using DFS.
I would suggest to read chapter 17 of the Samba Howto Collection.
Good Luck!

Geza Gemes
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.2.2 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQE/oE3o/PxuIn+i1pIRAgbMAJ9CFX/dQyZuSkeBQsT7sP5kI4qKeACfbYvT
A2oN+bsEsZ3Yx4JY8zMx0N8=
=eZvV
-END PGP SIGNATURE-
--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba


[Samba] Linux -> Win2k

2003-10-29 Thread Niklas Berglund
Hello..

Can somebody tell me how or if its possible to sord of map a directory on a
win2k machine to a link or a dir on the linux machine.  Like a mirror.


I have a win2k machine (192.168.168.2) and a linux machine (192.168.168.1)
running samba.

Ive been trying to get samba to do it for me, like this :

smb.conf
--

[super]
comment = Superoffice
path = //192.168.168.2/Super/
valid users = %S @wheel @users
invalid users = root bin daemon nobody named www uucp
writeable = Yes
create mask = 0777
force create mode = 0777


Im not sure how to properly write the "path=" parameter on thisone.

Can someone help me please?

Regards
Nick.



-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba


[Samba] linux and win2k: who is blocking whose messages?

2003-10-29 Thread p
hi all,

i know a whole lot more about MS windows networking than i did this
morning (but it still feels like i don't know much).

the linux samba server is a local, master and preferred browse master.
it's also a WINS server.  linux's IP address is 192.168.0.2.

the win2k machine is 192.168.0.4.

the goal is to browse linux's filesystem from win2k's "computers near
me".  but when i double click "computers near me" i get the error
"testgroup is not accessible.  the network path was not found".

after a bunch more of tinkering, i started to see these hopeful messages
in /var/log/log.smbd:

[2003/10/29 15:26:15, 0] lib/access.c:check_access(328)
  Denied connection from  (192.168.0.4)
[2003/10/29 15:26:15, 1] smbd/process.c:process_smb(883)
  Connection denied from 192.168.0.4
[2003/10/29 15:26:15, 0] lib/access.c:check_access(328)
  Denied connection from  (192.168.0.4)
[2003/10/29 15:26:15, 1] smbd/process.c:process_smb(883)
  Connection denied from 192.168.0.4
[2003/10/29 15:26:28, 0] lib/access.c:check_access(328)
  Denied connection from  (192.168.0.4)

hopeful because now i have something concrete to work with, whereas this
morning it "simply didn't work".

do these logs mean that linux is blocking win2k?  or win2k is blocking
linux?

playing around with win2k, i found 2 things which are related to
security:

1. local area connection properties | TCP/IP | Properties | Advanced |
   Options | IP Security

2. local area connection properties | TCP/IP | Properties | Advanced |
   Options | TCP/IP filtering

unfortunately, by clicking on "properties" of both these items, it
appears that neither one is being used.  so win2k can't be blocking
linux.

on the other hand, i temporarily moved /etc/hosts.deny to a temp file
and put "ALL: ALL" in /etc/hosts.allow.   so linux can't be blocking
win2k.


so who is blocking whom?  anyone have any ideas?

pete



[global]
   workgroup = TESTGROUP
   server string = %h server (Samba %v)
   passdb backend = tdbsam, guest
   passwd program = /usr/bin/passwd %u
   passwd chat = *Enter\snew\sUNIX\spassword:* %n\n *Retype\snew\sUNIX\spassword:* 
%n\n .
   syslog = 0
   max log size = 1000
   name resolve order = lmhosts host wins bcast
   socket options = IPTOS_LOWDELAY TCP_NODELAY SO_SNDBUF=4096 SO_RCVBUF=4096
   os level = 100
   preferred master = Yes
   domain master = Yes
   dns proxy = No
   wins support = Yes
   panic action = /usr/share/samba/panic-action %d
   hosts allow = 192.169.0.4, 192.168.0.3, 192.168.0.2, 127.
   print command = /usr/bin/lpr -r -P%p %s
   lpq command = /usr/bin/lpq-P%p %s
   lprm command = /usr/bin/lprm   -P%p %j
   queuepause command = /usr/sbin/lpc -P%p start

[homes]
   comment = Home Directories
   read only = No
   create mask = 0700
   directory mask = 0700
   browseable = No

[lp]
   path = /var/spool/lpd/samba
   read only = No
   create mask = 0700
   printable = Yes

[cdrom]
   comment = Samba server's CD-ROM
   path = /cdrom
   guest ok = Yes
   locking = No

[tmp]
   comment = temporary files
   path = /tmp
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba


[Samba] File Permission Question

2003-10-29 Thread Philip Bubel
Hello All,
Got a little problem that I'm hoping somebody can help me solve.  I've
got a samba server set as the office's file server.  We have a large common
share that different people put documents in, and are to be modified by
other people.  I need to setup samba so that when a new file is created it
is writeable to the entire group, not just the person who created it.  Here
is any example.
 
Current:
drwxr-xr-x7 hhaynes  hhaynes  foobar.txt 
 
What I need
drwxrwxr-xhhaynes hr (or whatever the group owning the directory is)
 
If anybody can point me in the right direction it would be most helpful.
Thanks.
 
Philip Bubel
[EMAIL PROTECTED]

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba


Re: [Samba] Samba Share ACLs

2003-10-29 Thread John H Terpstra
On Wed, 29 Oct 2003, Douglas Phillipson wrote:

> Please See ACL related questions below...
>
> John H Terpstra wrote:
> > On Wed, 29 Oct 2003 [EMAIL PROTECTED] wrote:
> >
> >
> >>Hi all,
> >>
> >> I have already set up a Samba 3.0 with Openldap as user repository. I have a 
> >> question about share access controls.
> >> Chapter 13.1 of Samba-HOWTO-Collection describes:
> >>
> >> Samba offers a lot of flexibility in file system access management. These are the 
> >> key access control facilities present
> >> in Samba today:
> >> 1) UNIX File and Directory Permissions
> >> 2) Samba Share Definitions
> >> 3) Samba Share ACLs
> >>Just like it is possible in MS Windows NT to set ACLs on shares themselves, so 
> >> it is possible to do this in Samba.
> >>Few people make use of this facility, yet it remains on of the easiest ways to 
> >> a ect access controls (restrictions)
> >>and can often do so with minimum invasiveness compared with other methods.
> >> 4) MS Windows ACLs through UNIX POSIX ACLs
> >>
> >
> >
> >> I have a question about Point 3 Samba Share ACLs. Do I need Linux file
> >> system ACLs in order to be able to define Samba Share ACLs.
> >
> >
> > No, you do not! You need to use the Server Tools, or the Nexus package
> > from Microsoft as documented in the HOWTO.
> >
> Are you saying here that you don't need the ACL patch in linux to do
> ACL's?

No. I am saying that you do NOT need the ACLs patch in order to be able to
set ACLs on shares using the Server Manager tool.

If you want file system ACLs, you DO need the ACLs patch in your kernel.

You asked specifically about ACLs on shares!

- John T.

> >
> >> If not I have problems to define ACLs on shares via Windows Explorer
> >> from a Windows XP Workstation. my environment:
> >
> >
> > Using the files extracted from the SRVTOOLS.EXE installation, in
> > particular the Server Manager, you must edit the permissions on the Shares
> > themselves.
> >
> >
> >> Samba 3.0 compiled --with-acl-spupport installed on Suse Linux Enterprise Server 8
> >> OpenLDAP 2.1.4 as suer repository.
> >> Samba 3.0 is configured as PDC.
> >>
> >> I can log from a Windows XP workstation in Samba Domain. I can connect to shares 
> >> defined in smb.conf.
> >> All defined access controls in smb.conf works fine.
> >
> >
> > You must log on as the Administrator for the Domain (root).
> >
> >
> >> I try to set ACLs on following Share:
> >>
> >> [Test-Share]
> >>   path=/home/Test-Share
> >>   public = yes
> >>   printable = no
> >>   writeable = yes
> >
> Do you have to have "nt acl support = yes" in any share that will have
> it's acl's changed by the "server tools"?
>
> >
> > This is an example of setting share definition controls.
> >
> > - John T.
>

-- 
John H Terpstra
Email: [EMAIL PROTECTED]
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba


[Samba] Samba 2.2.8 and NFS: Redux

2003-10-29 Thread coyote
Hi,

Not having seen any response to a request for help nearly a
week after having submitted my plea, I'm wondering if I'm being too
impatient...  Anyway, Here's the request again... Thanks,

I have a rather unique (at least from reading the archives) 
situation that has me stumped, and I'm hoping the gurus can help.
Here's my problem, I have a Solaris 2.8 server running Samba 2.2.8
which sits on two networks (no routing between networks).  On one
side of the Samba server are 100 PCs running a mix of Win95 and Win98
which have touch screens and no keyboards, that are used as CBT
machines.  These machines are only connected on this local lan and
there are no domain controllers on that lan.  These machines use
NFS to attach disk from the Solaris Samba server.  On the other side
of the Samba server is the corporate network, where the CBT maintainers
have their workstations.  We are using Samba to serve disk to these
maintenance PCs (which run NT4).  The company's domain controllers
are also on this segment.
Now, here's the rub... If Samba daemons are running on the
Samba server, then when the CBT machines, using NFS, attempt to attach
to the disk on the Solaris Samba server, Samba catches the request
for disk attachment and denies access.  Stranger still, it only seems
to affect the Win95 clients, and not the Win98 clients.  I'm very
puzzled and can find no reason why Samba would be picking up a request
on the nfs port.  My only thought is that somehow, the Win95 machines
are attempting to use SMB instead of NFS, but we only see this problem
when the Samba daemons are running.  If Samba is shutdown on the server,
then all CBT machines connect using NFS (as is correct).
Here is a visual of the layout


NT PCs Win95/Win98 PCs
Samba Access   NFS Access  

   |  |
| Admin PC |---| ---  |   --
|  |   | | Solaris |  |---| CBT PC |
   | | Server  |  |   --
   | | 1.Samba |  |   --
   |-| 2.NFS   |--|---| CBT PC |
   | ---  |   --
| Admin PC |---|  |   --
|  |   |  |---| CBT PC |   
   |  |   --
   |
   |
 Domain Servers


Of course, you might ask why we're doing something this crazy, why not 
just use one disk sharing method or the other.  Well, I don't get to
make those decisions, I just implement what is asked for.  One reason
for not using Samba on the CBT side is that we are using domain security
and the CBT's can't see the domain controllers, and have generic userids
that are not set up in the domain.  On the Admin PC side we are 
requiring that all users accessing the server must be authenticated by
the domain.

In anycase, I'm having great difficulty in figuring out what is
happening here.  Any assistance would be most appreciated, and more info
can be provided upon request (as I'm sure I've left something out that
may/may not be important).

TIA,

Clarke Epperly
[EMAIL PROTECTED]

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba


RE: [Samba] Request for ACL experiences

2003-10-29 Thread Paul Eggleton
Douglas Phillipson wrote on Thursday, 30 October 2003 9:14 a.m.:
> I'm having trouble with ACL's and wonder how many others are too.  I
> see conflicting answers and comments about different aspects of ACL's
> from many prople on the list.  I was wondering if ANYONE is
> successfully using ACL's with Samba 3.0 or above.

Yes, we are. Our Red Hat 9 based Samba server is acting as a general
purpose file server for a Windows 2000 Active Directory domain.

> Was your Samba server configured as the DC?

No, our DC is running Windows 2000 Server SP3.

> What client OS were you setting ACL's on the Samba Share with?
> (Win2000, XP) What service pack (SP4 on Win2000???)

Windows 2000 Server SP3.
 
> Did you have to have the ACL kernel patch?

Yes, if you wish to use ACLs on ext2/ext3. XFS is supposed to have
support already, though I have not tried it so I really don't know for
sure.

> Did you need "nt acl support = yes" in each share definition?

No. This option defaults to yes anyway, so you should not need to
specify it at all.

> How did you setup your shares? (Working share Examples are good)

Here's an example:

[media]
comment = Media files
path = /mnt/media
public = yes
writable = yes
create mask = 0774
directory mask = 0774
inherit acls = yes
admin users = Administrator

You need "winbind use default domain = yes" set in your smb.conf for the
"admin users" option to work as specified above.

Note that the exact options you use are highly dependent on what you
want to use the share for. I would strongly recommend you read the
relevant parts of the Samba 3 Howto collection, as well as the share
options documentation in the smb.conf manpage.
 
> Did you have to use the "server Tools" downloaded from microsoft or
> could you simply right click on a file/folder and change the security
> ACL's? 

You can just use the normal permission editing (right
click...Properties).

> How are you verifying the ACL's actually work?  Did you fully test any
> ACL you set through Windows by actually trying to make a user access a
> file to see that his access matched the ACL you set.

Yes, they do work.

> What didn't work with ACL's that you thought should?

Well, Samba can only provide to Windows what is available through POSIX
standard ACLs, which means read, write, execute access bits for the
owner, the group, and all others (the latter represented by "Everyone"
in Windows), plus the same for each ACE. The extended permission types
provided by Windows are not fully supported and this can't really be
fixed at this time, because there is no equivalent functionality in
Unix. In addition, Samba has to fit the normal DOS attributes into the
Unix permissions as well, so you may see odd things happening at the
Windows end. It does work, but the sooner you understand these two
limitations, the better you will understand what is going on when you
try to set permissions from Windows.

Nested groups do not work. If domain user X is a member of domain group
A, and A is a member of domain group B, X will not be seen as a member
of B by Samba even though they will be by Windows.
 
> Are you compareing the windows ACL's to the output of getfacl?

Yes, they are the same, once you understand how the mapping works.
 
> Could you use ACL's to add users to Samba printers?
>
> How did you add Samba printers as Domain resources so you could add
> ACL's to them?  Or did you need to do this?
 
No idea, I have not tried either.

> Did you have to do any setfacl commands in Linux?

No.

> Did you have to run winbind?

Yes.

> Did you have to do any "net groupmap" commands to make ACL's work?

No.

> Were there any commands/configurations you had to use to make ACL's
> work that were not covered in the 3.0 HowTo?

Not that I'm aware of, although it does not discuss enabling ACLs in the
file system last time I checked (I suspect because this is Linux
specific).

BTW I have written an unofficial Samba+ACL Howto of sorts which may make
things a little clearer. If you have any suggestions for that Howto
(which is a little out of date, I admit) please let me know.

http://www.bluelightning.org/linux/samba_acl_howto

Cheers,
Paul
--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba


[Samba] Request for ACL experiences

2003-10-29 Thread Douglas Phillipson
I'm having trouble with ACL's and wonder how many others are too.  I see 
conflicting answers and comments about different aspects of ACL's from 
many prople on the list.  I was wondering if ANYONE is successfully 
using ACL's with Samba 3.0 or above.

Questions I have that I'm sure many are asking are:

Was your Samba server configured as the DC?

What client OS were you setting ACL's on the Samba Share with? (Win2000, 
XP) What service pack (SP4 on Win2000???)

Did you have to have the ACL kernel patch?

Did you need "nt acl support = yes" in each share definition?

How did you setup your shares? (Working share Examples are good)

Did you have to use the "server Tools" downloaded from microsoft or 
could you simply right click on a file/folder and change the security ACL's?

How are you verifying the ACL's actually work?  Did you fully test any 
ACL you set through Windows by actually trying to make a user access a 
file to see that his access matched the ACL you set.

What was the scope of what you could really do with ACL's?

What didn't work with ACL's that you thought should?

Are you compareing the windows ACL's to the output of getfacl?

Could you use ACL's to add users to Samba printers?

How did you add Samba printers as Domain resources so you could add 
ACL's to them?  Or did you need to do this?

Did you have to do any setfacl commands in Linux?

Did you have to run winbind?

Did you have to do any "net groupmap" commands to make ACL's work?

I.E. net groupmap modify ntgroup="Domain Admins" unixgroup=root

Were there any commands/configurations you had to use to make ACL's work 
that were not covered in the 3.0 HowTo?

I think we could use some real world working examples here.  Please be 
VERY explicit and complete with concrete examples.  Assume those reading 
your answers are NOT experts!  If you see any missing questions that you 
think might be useful to using ACL's, please add them!

regards

Doug P

--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba


Re: [Samba] Samba Share ACLs

2003-10-29 Thread Douglas Phillipson
Please See ACL related questions below...

John H Terpstra wrote:
On Wed, 29 Oct 2003 [EMAIL PROTECTED] wrote:


Hi all,

I have already set up a Samba 3.0 with Openldap as user repository. I have a question 
about share access controls.
Chapter 13.1 of Samba-HOWTO-Collection describes:
Samba offers a lot of flexibility in file system access management. These are the key 
access control facilities present
in Samba today:
1) UNIX File and Directory Permissions
2) Samba Share Definitions
3) Samba Share ACLs
   Just like it is possible in MS Windows NT to set ACLs on shares themselves, so it 
is possible to do this in Samba.
   Few people make use of this facility, yet it remains on of the easiest ways to a 
ect access controls (restrictions)
   and can often do so with minimum invasiveness compared with other methods.
4) MS Windows ACLs through UNIX POSIX ACLs


I have a question about Point 3 Samba Share ACLs. Do I need Linux file
system ACLs in order to be able to define Samba Share ACLs.


No, you do not! You need to use the Server Tools, or the Nexus package
from Microsoft as documented in the HOWTO.
Are you saying here that you don't need the ACL patch in linux to do 
ACL's?

If not I have problems to define ACLs on shares via Windows Explorer
from a Windows XP Workstation. my environment:


Using the files extracted from the SRVTOOLS.EXE installation, in
particular the Server Manager, you must edit the permissions on the Shares
themselves.

Samba 3.0 compiled --with-acl-spupport installed on Suse Linux Enterprise Server 8
OpenLDAP 2.1.4 as suer repository.
Samba 3.0 is configured as PDC.
I can log from a Windows XP workstation in Samba Domain. I can connect to shares 
defined in smb.conf.
All defined access controls in smb.conf works fine.


You must log on as the Administrator for the Domain (root).


I try to set ACLs on following Share:

[Test-Share]
  path=/home/Test-Share
  public = yes
  printable = no
  writeable = yes

Do you have to have "nt acl support = yes" in any share that will have 
it's acl's changed by the "server tools"?

This is an example of setting share definition controls.

- John T.
--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba


[Samba] Different SAMBA reaction about file permissions

2003-10-29 Thread Patrice . Lagace
How come am I not able to delete this "aquila_test/toto2" file from our
"data" (see smb.conf below) directory but can delete it (different copy but
same permissions and owners/groups) from our "home" (see smb.conf below)
directory from a "Windows 2000" PC using samba  ( we don`t have this
problem when doing unix commands)

File is on a SUN SunOS 5.8 server

smbd -V
Version 2.0.7

$ ls -ld aquila_test
dr-xrwx---   2 root vim   96 Oct 29 13:54 aquila_test

$ ls -l aquila_test
total 0
-r-xrw   1 ab123456 vis0 Oct 29 11:31 toto.orig
-r-xrw   1 ab123456 vis0 Oct 29 11:31 toto2


c0pmtl01 # groups ab123456
vis vim


$ cat smb.conf

#
# Automated Samba config done by dance on Wednesday October 29 12:02:22 EST
2003
#

#
# Global parameters
#

[global]
workgroup = YYY_XXX
server string = C0 File server Montreal Cluster
browseable = No
NIS homedir = No
log file = /opt/VRTSsamba/var/log.%m
max log size = 50
log level = 1
shared mem size = 4096000
security = server
password server = ABCDEF
guest ok = No
dns proxy = No
local master = No
load printers = No
socket options = TCP_NODELAY

#
# Shares parameters
#

#
[home]
comment = MyHome
path = /home/%N/%u
writable = Yes
browseable = No

#
[data]
comment = Data
path = /data/%N
writable = Yes
browseable = No
inherit permissions = Yes

Patrice Lagacé
Mail: [EMAIL PROTECTED]
Tel: (514) 855-5001 #56101
Administrateur de Système
Gestion Globale de l'infrastructure
Transformation d'entreprise et systèmes
Bombardier Aéronautique


--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba


[Samba] OT pattern match

2003-10-29 Thread Steve
Hi,

This is off topic but maybe someone can reply offline to me..

I'm not getting my patterns to work (hitting my head did not help either)!

We've got files that have variations on ".1.2.3" added to their filenames 
and I'm trying to strip them automatically. They are all tar.gz files so 
that's a matching pattern for all. I want to strip all the dot-numbers 
behind the gz part but am failing miserably.

-- 
Thanks,

Steve 
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba


Re: [Samba] [Fwd: [squid-users] NTLM Authentication Problem]

2003-10-29 Thread rruegner
Hi,
i tried this too with samba 3 and squid  2.5STABLE4  and i cant get it to
work too.
i use the pam modules to match samba and squid users for yet.( but it is not
the  kings way )
Best Regards
- Original Message - 
From: "Jim Richey" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Wednesday, October 29, 2003 7:31 PM
Subject: [Samba] [Fwd: [squid-users] NTLM Authentication Problem]


> I submited this to the Squid list, but I got no response which I assume
> means that no one has any suggestions. Can anyone give me a clue as to
> what I have configured incorrectly. Thanks.
>
>
>  Original Message 
> Subject: [squid-users] NTLM Authentication Problem
> Date: Tue, 28 Oct 2003 11:34:29 -0500
> From: Jim Richey <[EMAIL PROTECTED]>
> To: [EMAIL PROTECTED]
>
>
>
> I'm having a problem getting NTLM authentication working between Squid
> 2.5STABLE4 and Samba 3.0.0 running on Slackware Linux 2.4.18. I've read
the
> archives, faq, how-to, walk-thru, etc, and believe I have everthing
> correctly configured. I'm using the helper that is part of  Samba 3.0,
> not the Squid helper. Basic authentication works fine with the helper,
> but I cannot get ntlmssp working.
>
> I set group read,execute access to the winbind pipe directory and full
> read,write,execute on the pipe itself.
> drwxr-x---2 root squid  72 Oct 27 21:21
winbindd_privileged/
>
> srwxrwxrwx1 root root0 Oct 27 21:21 pipe=
>
> I have samba configured with ads but am not using it. I joined the
> domain with rpc and am using security=domain in smb.conf.
>
> The wbinfo commands work fine:
> #wbinfo -t
> checking the trust secret via RPC calls succeeded
>
> #wbinfo -a TSTDOM\\testuser%testpass
> plaintext password authentication succeeded
> challenge/response password authentication succeeded
>
> I can also authenticate successfully with the helper from the command
line:
> #ntlm_auth --username testuser --password testpass
> NT_STATUS_OK: Success (0x0)
>
> However, when I try to use ntlm authentication from a browser I get this
> in cache.log:
> [2003/10/28 10:43:41, 10] utils/ntlm_auth.c:manage_squid_request(1061)
>  Got 'YR' from squid (length: 2).
> [2003/10/28 10:43:41, 10]
> utils/ntlm_auth.c:manage_squid_ntlmssp_request(312)
>  got NTLMSSP packet:
> [2003/10/28 10:43:41, 10]
> utils/ntlm_auth.c:manage_squid_ntlmssp_request(322)
>  NTLMSSP challenge
>
> IE 6.0 SP1 get's a The page Cannot be displayed error. Mozilla 1.5 gives
the login popup,
> but after entering user id and password returns the Cache Access Denied
page.
>
>
> Squid configured with:
>
> Squid Cache: Version 2.5.STABLE4
> configure options:  --enable-async-io --enable-storeio=ufs,aufs
> --enable-auth=ntlm,basic --enable-removal-policies
> --enable-cache-digests --enable-kill-parent-hack --disable-ident-lookups
>
>
> authentication in squid.conf configured as:
>
> auth_param ntlm program /usr/local/samba/bin/ntlm_auth -d 10
> --helper-protocol=squid-2.5-ntlmssp
> auth_param ntlm children 5
> auth_param ntlm max_challenge_reuses 0
> auth_param ntlm max_challenge_lifetime 2 minutes
> #
> auth_param basic program /usr/local/samba/bin/ntlm_auth -d 10
> --helper-protocol=squid-2.5-basic
> auth_param basic children 5
> auth_param basic realm Highmark Proxy Server
> auth_param basic credentialsttl 2 hours
>
> acl internet proxy_auth REQUIRED
> http_access allow internet
> http_access deny all
>
>
> samba configured with:
> --with-winbind --with-winbind-auth-challenge --with-libsmbclient
> --with-ads --with-krb5=/usr/local
>
>
> smb.conf configuration:
>
> [global]
>   workgroup = TSTDOM
>   netbios name = squidtest
>   server string = squidtest
>   security = domain
>   encrypt passwords = yes
>   smb passwd file = /usr/local/samba/private/smbpasswd
>   load printers = yes
>   log file = /usr/local/samba/var/log.%m
>   max log size = 50
>   password server = pwdserver
>   socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
>   local master = no
>   domain master = no
>   preferred master = no
>   wins support = no
>   idmap uid = 1-65000
>   idmap gid = 1-65000
>   winbind enum users = yes
>   winbind enum groups = yes
>   template homedir = /home/%D/%U
>   template shell = /bin/sh
>   winbind use default domain = yes
>
>
>
>
>
>
>
>
> -- 
> To unsubscribe from this list go to the following URL and read the
> instructions:  http://lists.samba.org/mailman/listinfo/samba
>
>

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba


Re: [Samba] Internet Explorer

2003-10-29 Thread rruegner
hi,
i am not sure if i understand you in the right way but
this are the magic to make squid use transparent
#transproxy feature, very cool content filtering can be done with squidguard
#iptables -t nat -A PREROUTING -i eth2 -s ! 10.10.10.2 -p tcp --dport 80 -j
DNAT --to 10.10.10.2:3128
#iptables -t nat -A POSTROUTING -o eth2 -s 10.10.10.0/24 -d 10.10.10.2 -j
SNAT --to 10.10.10.2
#iptables -A FORWARD -s 10.10.10.0/24 -d 10.10.10.2 -i eth2 -o eth2 -p
tcp --dport 3128 -j ACCEPT
for sure you have to enable additional stuff in squid.conf and change
settings to your need in example above ( study man squid)
as you know changing settings for ie i think is only allowed for powersusers
( but i am not sure at the moment )
but in fact if your users cant change it they have no permission too.(win
stuff)
As i think if you want to give them the permission to change i e settings
you have to give them
higher prior on their local workstations.( like superuser etc.)..not all
users are equal in their needs!
But as i remember i had never problem with that, if you store their profiles
in their homes on samba.( when i use this old distro setup )
But in Version 2.2.5 there is not a valid group mapping between samba / unix
to windows,
therefore an for other reason (security ) you should upgrade t samba 3 (
load it from ftp.suse.com people gd )
than you can build a nearly equal nt4 pdc with group mapping
match the groups with that bash script
#!/bin/bash

net groupmap modify ntgroup="Domain Admins" unixgroup=root
net groupmap modify ntgroup="Domain Users" unixgroup=users
net groupmap modify ntgroup="Domain Guests" unixgroup=nobody
net groupmap modify ntgroup="Administrators" unixgroup=ntadmin
net groupmap modify ntgroup="Users" unixgroup=users
net groupmap modify ntgroup="Guests" unixgroup=nobody
net groupmap modify ntgroup="System Operators" unixgroup=sys
net groupmap modify ntgroup="Account Operators" unixgroup=ntadmin
net groupmap modify ntgroup="Backup Operators" unixgroup=bin
net groupmap modify ntgroup="Print Operators" unixgroup=lp
net groupmap modify ntgroup="Replicators" unixgroup=daemon
net groupmap modify ntgroup="Power Users" unixgroup=sys

you can use than USRMGR.EXE for create users groups etc
in my setup this works finewith nt policies i am able to give
different users/groups to different proxies and fine tune the content
filtering ie. example adults and kids
machine adding on the fly to samba 3 work now too
study the new faqs for samba.
note that the out of the boy version from suse is not valid for a good
working pdc
( for 700 users you should use ldap with samba not smbpasswd )
Good Luck
Best Regards

- Original Message - 
From: "Richard K Ssekibuule" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Wednesday, October 29, 2003 7:11 PM
Subject: [Samba] Internet Explorer


> I have successfully setup a samba 2.25 PDC on SuSE8.1 for my 700 users.
> My problem: These users cannot change their Internet explorer proxy
setting.
>
> Question: How can I grant rights to change Internet explorer settings
> without compromising administrative security?
>
> My kernel cannot do transparent proxy, but I use squid to schedule users
> Internet access.
> The server running squid is different from the one running squid/gateway.
>
> Thanks in advance.
>
> Richard.
> -- 
> To unsubscribe from this list go to the following URL and read the
> instructions:  http://lists.samba.org/mailman/listinfo/samba
>
>

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba


Re: [Samba] DOS Commands and Samba3 don't work

2003-10-29 Thread Gémes Géza
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Bruno Tobias Stella írta:
| Hi !
|
|   I have the follow problem:
|
|   When I access a Shared Directory Samba3 by DOS, in win98
| workstation and execute, for example, "dir file.txt", I receive
| an error message advising that occured a fault in access the
| drive ...
|   I note this only when I execute the DOS command (del and dir)
| with the full file name, and only in win98 workstation, because
| in winXP workstation these commands work rightly.
|
|   Somebody know this problem ?
|
|   Thanks for some help,
|
| Bruno Stella
| [EMAIL PROTECTED]
| Setor de Redes - Secretaria de Informatica
| Tribunal Regional do Trabalho da 15a. Regiao
I would suggest to review your settings regarding
dos charset
unix charset
mangling method
mangle prefix
mangle case
mangling char
mangled names
mangled map
for me everything works well
(I have unix charset = ISO8859-2, dos charset = CP852, others are
default values), except that 8+3 names are very strange. But I can run
any DOS command on the long or on the 8+3 filenames.
Regards,

Geza Gemes
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.2.2 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQE/oABK/PxuIn+i1pIRAnI8AJ9JQc0XOiUrIdqBctFVwHtPYsEnqwCgo4S/
lAJbxAwJXstn14BpGJl0a3E=
=IvxN
-END PGP SIGNATURE-
--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba


[Samba] [Fwd: [squid-users] NTLM Authentication Problem]

2003-10-29 Thread Jim Richey
I submited this to the Squid list, but I got no response which I assume 
means that no one has any suggestions. Can anyone give me a clue as to 
what I have configured incorrectly. Thanks.

 Original Message 
Subject:[squid-users] NTLM Authentication Problem
Date:   Tue, 28 Oct 2003 11:34:29 -0500
From:   Jim Richey <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]


I'm having a problem getting NTLM authentication working between Squid 
2.5STABLE4 and Samba 3.0.0 running on Slackware Linux 2.4.18. I've read the 
archives, faq, how-to, walk-thru, etc, and believe I have everthing 
correctly configured. I'm using the helper that is part of  Samba 3.0, 
not the Squid helper. Basic authentication works fine with the helper, 
but I cannot get ntlmssp working. 

I set group read,execute access to the winbind pipe directory and full 
read,write,execute on the pipe itself.
drwxr-x---2 root squid  72 Oct 27 21:21 winbindd_privileged/

srwxrwxrwx1 root root0 Oct 27 21:21 pipe=

I have samba configured with ads but am not using it. I joined the 
domain with rpc and am using security=domain in smb.conf.

The wbinfo commands work fine:
#wbinfo -t
checking the trust secret via RPC calls succeeded
#wbinfo -a TSTDOM\\testuser%testpass
plaintext password authentication succeeded
challenge/response password authentication succeeded
I can also authenticate successfully with the helper from the command line:
#ntlm_auth --username testuser --password testpass
NT_STATUS_OK: Success (0x0)
However, when I try to use ntlm authentication from a browser I get this 
in cache.log:
[2003/10/28 10:43:41, 10] utils/ntlm_auth.c:manage_squid_request(1061)
Got 'YR' from squid (length: 2).
[2003/10/28 10:43:41, 10] 
utils/ntlm_auth.c:manage_squid_ntlmssp_request(312)
got NTLMSSP packet:
[2003/10/28 10:43:41, 10] 
utils/ntlm_auth.c:manage_squid_ntlmssp_request(322)
NTLMSSP challenge

IE 6.0 SP1 get's a The page Cannot be displayed error. Mozilla 1.5 gives the login popup, 
but after entering user id and password returns the Cache Access Denied page. 

Squid configured with:

Squid Cache: Version 2.5.STABLE4
configure options:  --enable-async-io --enable-storeio=ufs,aufs 
--enable-auth=ntlm,basic --enable-removal-policies 
--enable-cache-digests --enable-kill-parent-hack --disable-ident-lookups

authentication in squid.conf configured as:

auth_param ntlm program /usr/local/samba/bin/ntlm_auth -d 10 
--helper-protocol=squid-2.5-ntlmssp
auth_param ntlm children 5
auth_param ntlm max_challenge_reuses 0
auth_param ntlm max_challenge_lifetime 2 minutes
#
auth_param basic program /usr/local/samba/bin/ntlm_auth -d 10 
--helper-protocol=squid-2.5-basic
auth_param basic children 5
auth_param basic realm Highmark Proxy Server
auth_param basic credentialsttl 2 hours

acl internet proxy_auth REQUIRED
http_access allow internet
http_access deny all
samba configured with:
--with-winbind --with-winbind-auth-challenge --with-libsmbclient 
--with-ads --with-krb5=/usr/local

smb.conf configuration:

[global]
 workgroup = TSTDOM
 netbios name = squidtest
 server string = squidtest
 security = domain
 encrypt passwords = yes
 smb passwd file = /usr/local/samba/private/smbpasswd
 load printers = yes
 log file = /usr/local/samba/var/log.%m
 max log size = 50
 password server = pwdserver
 socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
 local master = no
 domain master = no
 preferred master = no
 wins support = no
 idmap uid = 1-65000
 idmap gid = 1-65000
 winbind enum users = yes
 winbind enum groups = yes
 template homedir = /home/%D/%U
 template shell = /bin/sh
 winbind use default domain = yes






--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba


Re: [Samba] Samba Share ACLs

2003-10-29 Thread John H Terpstra
On Wed, 29 Oct 2003 [EMAIL PROTECTED] wrote:

> Hi all,
>
>  I have already set up a Samba 3.0 with Openldap as user repository. I have a 
> question about share access controls.
>  Chapter 13.1 of Samba-HOWTO-Collection describes:
>
>  Samba offers a lot of flexibility in file system access management. These are the 
> key access control facilities present
>  in Samba today:
>  1) UNIX File and Directory Permissions
>  2) Samba Share Definitions
>  3) Samba Share ACLs
> Just like it is possible in MS Windows NT to set ACLs on shares themselves, so 
> it is possible to do this in Samba.
> Few people make use of this facility, yet it remains on of the easiest ways to a 
> ect access controls (restrictions)
> and can often do so with minimum invasiveness compared with other methods.
>  4) MS Windows ACLs through UNIX POSIX ACLs
>

>  I have a question about Point 3 Samba Share ACLs. Do I need Linux file
>  system ACLs in order to be able to define Samba Share ACLs.

No, you do not! You need to use the Server Tools, or the Nexus package
from Microsoft as documented in the HOWTO.

>  If not I have problems to define ACLs on shares via Windows Explorer
>  from a Windows XP Workstation. my environment:

Using the files extracted from the SRVTOOLS.EXE installation, in
particular the Server Manager, you must edit the permissions on the Shares
themselves.

>  Samba 3.0 compiled --with-acl-spupport installed on Suse Linux Enterprise Server 8
>  OpenLDAP 2.1.4 as suer repository.
>  Samba 3.0 is configured as PDC.
>
>  I can log from a Windows XP workstation in Samba Domain. I can connect to shares 
> defined in smb.conf.
>  All defined access controls in smb.conf works fine.

You must log on as the Administrator for the Domain (root).

>
>  I try to set ACLs on following Share:
>
>  [Test-Share]
>path=/home/Test-Share
>public = yes
>printable = no
>writeable = yes

This is an example of setting share definition controls.

- John T.
-- 
John H Terpstra
Email: [EMAIL PROTECTED]
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba


[Samba] net groupmap modify bug

2003-10-29 Thread Kristyan Osborne
Hi,

After a successful upgrade from samba3alpha19 to samba3.0.1pre1 I am now doing the 
group mapping stage.

The problem I am having is modifying a group in the LDAP directory. I am using net 
groupmap modify ntgroup=staff unixgroup=staff type=domain.

The error it is coming up with is 
[2003/10/29 17:21:39, 2] passdb/pdb_ldap.c:ldapsam_search_one_group(1615)
  ldapsam_search_one_group: searching for:[(&(objectClass=posixGroup)(gidNumber=203))]
net: decode.c:500: ber_scanf: Assertion `(( ber )->ber_opts.lbo_valid==0x2)' failed.
Aborted

Is this a bug in the code or am I doing something silly??

I have attached to the bottom a level 10 debug of the net command

Cheers

-
Kristyan Osborne - IT Technician / Community Manager
Longhill High School
01273 391672 / 304086

--
Computers are like airconditioners: They stop working properly if you open windows.
Win95:   A 32-bit patch for a 16-bit GUI shell running on top of an
 8-bit operating system written for a 4-bit processor by a
 2-bit company who cannot stand 1 bit of competition.



[2003/10/29 17:21:39, 5] passdb/pdb_interface.c:make_pdb_methods_name(431)
  Attempting to find an passdb backend to match ldapsam:ldap://10.108.1.87 (ldapsam)
[2003/10/29 17:21:39, 5] passdb/pdb_interface.c:make_pdb_methods_name(452)
  Found pdb backend ldapsam
[2003/10/29 17:21:39, 2] lib/smbldap.c:smbldap_search_domain_info(1295)
  Searching for:[(&(objectClass=sambaDomain)(sambaDomainName=LONGHILL))]
[2003/10/29 17:21:39, 2] lib/smbldap.c:smbldap_search_suffix(1066)
  smbldap_search_suffix: searching 
for:[(&(objectClass=sambaDomain)(sambaDomainName=LONGHILL))]
[2003/10/29 17:21:39, 10] lib/smbldap.c:smbldap_open_connection(527)
  smbldap_open_connection: ldap://10.108.1.87
[2003/10/29 17:21:39, 2] lib/smbldap.c:smbldap_open_connection(623)
  smbldap_open_connection: connection opened
[2003/10/29 17:21:39, 10] lib/smbldap.c:smbldap_connect_system(750)
  ldap_connect_system: Binding to ldap server ldap://10.108.1.87 as 
"cn=root,dc=longhill,dc=brighton-hove,dc=sch,dc=uk"
[2003/10/29 17:21:39, 3] lib/smbldap.c:smbldap_connect_system(785)
  ldap_connect_system: succesful connection to the LDAP server
[2003/10/29 17:21:39, 4] lib/smbldap.c:smbldap_open(836)
  The LDAP server is succesful connected
[2003/10/29 17:21:39, 5] passdb/pdb_interface.c:make_pdb_methods_name(455)
  pdb backend ldapsam:ldap://10.108.1.87 has a valid init
[2003/10/29 17:21:39, 5] passdb/pdb_interface.c:make_pdb_methods_name(431)
  Attempting to find an passdb backend to match guest (guest)
[2003/10/29 17:21:39, 5] passdb/pdb_interface.c:make_pdb_methods_name(452)
  Found pdb backend guest
[2003/10/29 17:21:39, 5] passdb/pdb_interface.c:make_pdb_methods_name(455)
  pdb backend guest has a valid init
[2003/10/29 17:21:39, 2] passdb/pdb_ldap.c:ldapsam_search_one_group(1615)
  ldapsam_search_one_group: searching 
for:[(&(objectClass=sambaGroupMapping)(|(displayName=staff)(cn=staff)))]
[2003/10/29 17:21:39, 2] passdb/pdb_ldap.c:init_group_from_ldap(1659)
  init_group_from_ldap: Entry found for group: 203
[2003/10/29 17:21:39, 2] passdb/pdb_ldap.c:ldapsam_search_one_group(1615)
  ldapsam_search_one_group: searching 
for:[(&(objectClass=sambaGroupMapping)(sambaSID=S-1-5-21-3582397119-3001034316-1885025900-1407))]
[2003/10/29 17:21:39, 2] passdb/pdb_ldap.c:init_group_from_ldap(1659)
  init_group_from_ldap: Entry found for group: 203
[2003/10/29 17:21:39, 2] passdb/pdb_ldap.c:ldapsam_search_one_group(1615)
  ldapsam_search_one_group: searching for:[(&(objectClass=posixGroup)(gidNumber=203))]
net: decode.c:500: ber_scanf: Assertion `(( ber )->ber_opts.lbo_valid==0x2)' failed.
Aborted



--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba


Re: [Samba] samba3, network printing, additional problems

2003-10-29 Thread rruegner
hi,
i copied suse info, you should have no problems with that printer if you
have newest kernel , cups and samba version

http://hpoj.sourceforge.net/ will give you advice in general

Best Regards

Detailed information about product: DeskJet 5550C
Actual settings:  Architecture=i386  Distribution=8.1  Language=english
Variation=none


Supported: full


Vendor Comment: For most HP OfficeJet printers there is a special driver
package "hp-officeJet". Printing on a HP OfficeJet should work without this
special package but for scanning you need to install and configure this
special package. The package is already compiled for SuSE Linux. Therefore
you don`t need to compile the software by yourself. For documentation see:
file:/usr/share/doc/packages/hp-officeJet/index.html or online under
http://hpoj.sourceforge.net/

Configurations: grayscale 300 dpi (using driver `hpijs`) - used by YaST2 as
default
grayscale 300 dpi draft (using driver `hpijs`)
grayscale 300 dpi (using driver `stp`)
monochrome 300 dpi (using driver `cdj500`)
grayscale 600 dpi (using driver `hpijs`)
grayscale 600 dpi (using driver `stp`)
grayscale 600 dpi (using driver `cdj500`)
color 300 dpi (using driver `hpijs`) - used by YaST2 as default
color 300 dpi draft (using driver `hpijs`)
color 300 dpi (using driver `stp`)
color 300 dpi (using driver `cdj970`)
color 300 dpi (using driver `cdj550`)
color 300 dpi (using driver `cdj500`)
color 600 dpi (using driver `hpijs`) - used by YaST2 as default
color 600 dpi (using driver `stp`)
color 600 dpi (using driver `cdj970`)
photo 1200 dpi (using driver `hpijs`) - used by YaST2 as default

SDB URLs: http://sdb.suse.de/en/sdb/html/jsmeix_print-kompatibel.html









Available detail combinations to product: DeskJet 5550C
  all 9.0 8.2 8.1 8.0 SLES 8 SLD 1.0 SLES 7 7.3 7.2 7.1 7.0 6.4
all - - - - - - - - - - - - -
i386 - - - full  - - - - - - - - -
amd64 - - - - - - - - - - - - -
ia64 - - - - - - - - - - - - -
axp - - - - - - - - - - - - -
s390 - - - - - - - - - - - - -
ppc - - - - - - - - - - - - -
sparc - - - - - - - - - - - - -

At the top all available distributions are listed.
At the left all available hardware architectures are listed: all:  entries
are independend from hardware architecture, i.e. CRT monitors
i386:  convenient PC with Pentium like processor
ia64:  64 bit processor architecture (from Intel, Itanium)
x86_64:  64 bit processor architecture (from AMD, Opteron and Athlon64)
axp:  Alpha processor family
s390:  IBM s390 family
ppc:  PowerPC family
sparc:  SPARC family




- Original Message - 
From: <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Wednesday, October 29, 2003 6:05 PM
Subject: [Samba] samba3, network printing, additional problems


> Hello,
> First of all my thanks to everyone for their suggestions. I'm still
> having an issue getting this network printer going. I'm now getting a
> windows error from explorer.exe, i've checked all the windows system,
> application, and security logs and of course the error is not in them. I
> then turned samba's debug level to 10, reloaded it and tried again to
> access the printer. This error with explorer only occurs when i right
> click on the printer and select properties to add the driver.
> I'd like to use apw but i do need to get this working. Does anyone have
> this particular printer, an hp5550, working in a setting like this? I am
> trying to figure out what specific driver files are needed so i can pass
> them to rpcclient. It looks like the drivers on disk are in some kind of
> compressed form.
> Any suggestions welcome.
> Thanks.
> Dave.
>
>
>
> 
> The best thing to hit the internet in years - Juno SpeedBand!
> Surf the web up to FIVE TIMES FASTER!
> Only $14.95/ month - visit www.juno.com to sign up today!
> -- 
> To unsubscribe from this list go to the following URL and read the
> instructions:  http://lists.samba.org/mailman/listinfo/samba
>

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba


[Samba] multiple nic's

2003-10-29 Thread jaca

Hello

I'd like to use multiple nic's on the same subnet for example eth0 =
192.168.0.20 and eth1 = 192.68.0.21 I put write this to "interface"
option, but it didn't help. Even if I disconnect (cable) first
interface (eth0) my SMB sevrer appears in network but i can't browse
it. What should I change in configuration. I'd like to use multiple
interfaces to improve performance - one is still overload.


-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba


[Samba] Internet Explorer

2003-10-29 Thread Richard K Ssekibuule
I have successfully setup a samba 2.25 PDC on SuSE8.1 for my 700 users.
My problem: These users cannot change their Internet explorer proxy setting. 

Question: How can I grant rights to change Internet explorer settings 
without compromising administrative security? 

My kernel cannot do transparent proxy, but I use squid to schedule users 
Internet access.
The server running squid is different from the one running squid/gateway. 

Thanks in advance. 

Richard. 
--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba


[Samba] DOS Commands and Samba3 don't work

2003-10-29 Thread Bruno Tobias Stella
Hi !

  I have the follow problem:

  When I access a Shared Directory Samba3 by DOS, in win98 
workstation and execute, for example, "dir file.txt", I receive 
an error message advising that occured a fault in access the 
drive ...
  I note this only when I execute the DOS command (del and dir) 
with the full file name, and only in win98 workstation, because 
in winXP workstation these commands work rightly.

  Somebody know this problem ?

  Thanks for some help,

Bruno Stella
[EMAIL PROTECTED]
Setor de Redes - Secretaria de Informatica
Tribunal Regional do Trabalho da 15a. Regiao
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba


Re: [Samba] HELP ME!!!!

2003-10-29 Thread Ge'mes Ge'za
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Remizov Kostya ?rta:
| I ask you, help me!
| Some WinXP and Win98 clients of samba 3.0.0 PDC cannot retrieve user
| members of domain from the domain controller.
| And the log say that those clients did not send any request for it.
| Do you know what the problem in?
|
I had similar problems, but only with win98 clients. Upgraded to
3.0.1pre1. but that didn'T help. Then I submitted bug report 596. Latter
I've found, that it is the same as bug 532. And finally Jeremy Allison
has developed a patch for it, I've applied the patch to samba-3.0.1pre1,
and now it works. I would suggest, to try the mentioned bug reports, or
try to compile from a recent CVS, which should already be patched.
Good Luck!

Geza Gemes
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.2.2 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQE/n/Zs/PxuIn+i1pIRAjCyAKCFQPeT0vHVISojH4TmCayFmqFBqwCfUOMd
GWC1qh/nyhqqJLV894Yvp2c=
=xJLB
-END PGP SIGNATURE-
--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba


[Samba] Winbind usage PDC and Domain menber ?

2003-10-29 Thread Alban Browaeys
This mostly guesses, from posts and mails, i d really appreciate your
views on those items, thanks

Should winbind run on a PDC ?
all account are supposed to exists on it or be managed via add user/ add
machine 

Is winbind recommended on a multi file services network (SMB+NFS+AFS+etc)
and when ACL are used:
from various it seems not , winbind get the name only from the PDC and set
a random id in the idmap, so id differs on pdc and menbers, also between
menbers

ps: and does running winbind on a PDC could get it to map the user to two
id on it : one static created at account genesis and the other when the
PDC use getpwnam , getting the libc to call teh local wibind .
It depend on the order of the "passwd" attributes in /etc/nsswitch but
waht if the admin setted winbind before compat (or unix) ?

I also had a difficult case with a domain menber (samba+winbind) where a
local user had the same name as the domain one:
with "winbind use default domain" set to yes a conflict arise , is there a
rational behind this behing default ? 

For pam:
is the winbind domain separator , only for local domain menber
usage , or should it be setted up same on the PDC ?


Alban



-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba


[Samba] samba3, network printing, additional problems

2003-10-29 Thread awesome-dave1
Hello,
First of all my thanks to everyone for their suggestions. I'm still
having an issue getting this network printer going. I'm now getting a
windows error from explorer.exe, i've checked all the windows system,
application, and security logs and of course the error is not in them. I
then turned samba's debug level to 10, reloaded it and tried again to
access the printer. This error with explorer only occurs when i right
click on the printer and select properties to add the driver. 
I'd like to use apw but i do need to get this working. Does anyone have
this particular printer, an hp5550, working in a setting like this? I am
trying to figure out what specific driver files are needed so i can pass
them to rpcclient. It looks like the drivers on disk are in some kind of
compressed form.
Any suggestions welcome.
Thanks.
Dave.




The best thing to hit the internet in years - Juno SpeedBand!
Surf the web up to FIVE TIMES FASTER!
Only $14.95/ month - visit www.juno.com to sign up today!
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba


Re: [Samba] share permissions

2003-10-29 Thread rruegner
hi , please post more of your setup smb.conf samba version etc
to get qualified answers
Best Regards
- Original Message - 
From: "Tom Czachor" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Wednesday, October 29, 2003 5:37 PM
Subject: [Samba] share permissions


I am trying to setup Samba in a classroom so that a student's samba folder
can be accessed via Windows by the student and the teacher. I have Samba
working, but can only get the student access to the folder. How can I add
another user or group to Samba so the teacher and student have full control
over the folder?

Thanks
Tom
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba


[Samba] help with win2k and linux samba browsing

2003-10-29 Thread p
hi all,

i've spent an incredible amount of time trying to get samba working
between linux (satan, debian testing, samba 3.0.0) and win2k (lucifer)
and i'm at wit's end.  i'm begging for help.

i spent most of the morning reading samba docs, and have gone from
knowing zilch about MS networking to, well, a little something about MS
networking.

my ultimate goal is to be able to click "my network places | computers
near me" from win2k and browse satan's filesystem.  here's what i've
done:

1. account "p" exists on both machines and has same password.  the
   workgroup on both linux and win2k is "testgroup".

2. i want linux to be the WINS server, so i've entered linux's IP
   address in the WINS server box on win2k.

3. i want linux to be the browse master.  i've set:

  workgroup = testgroup
  domain master = yes
  local master = yes
  preferred master = yes
  wins support = yes
  os level = 100

   so samba should win negotiations of who's master.

4. i've gone through diagnostics.txt in the samba documentation.  all
   tests worked fine up till "test 8":

  On the PC type the command "net view \\BIGSERVER".

   when i type this, i see:

  System error 64 has occured.
  The specified network name is no longer avilable.

5. i've gone through each of the fixes listed in diagnostics.txt:

  * fixup the nmbd installation (i *think* this is ok)
  * add linux IP to wins server box.  (check)
  * enable windows name resolution via DNS in the advanced
section of the tcp/ip setup.  (check, i think.  there's no
 box with "enable windows name resolution", but the other boxes
 seem to indicate that DNS is enabled)
  * add BIGSERVER to your lmhosts file.  (if the lmosts file has the
 same format as /etc/hosts, then check)

6. when i double click "my network places" | "computers near me", a pop
   appears that says:

  "Testgroup is not accessible.  The network path was not found."

7. /var/lib/samba/wins.dat looks like win2k at least broadcasted itself
   to linux, although i'm not sure what each entry means:

   VERSION 1 0
   "LUCIFER#00" 1067745381 192.168.0.4 64R
   "LUCIFER#03" 1067745381 192.168.0.4 64R
   "LUCIFER#20" 1067745381 192.168.0.4 64R
   "NAVALLE#00" 1067790845 192.168.0.3  4R
   "NAVALLE#03" 1067790845 192.168.0.3  4R
   "NAVALLE#20" 1067744970 192.168.0.3  4R
   "P#03" 1067745415 192.168.0.4 64R
   "SATAN#00" 1067705724 192.168.0.2 66R
   "SATAN#03" 1067705724 192.168.0.2 66R
   "SATAN#20" 1067705724 192.168.0.2 66R
   "TESTGROUP#00" 1067705724 255.255.255.255 e4R
   "TESTGROUP#1b" 1067705724 192.168.0.2 64R
   "TESTGROUP#1e" 1067705724 255.255.255.255 e4R
   "WORKGROUP#00" 1067743623 255.255.255.255 e4R

8. there is a win98 system on my home network, navalle.  samba seems to
   work great between linux and win98.  i can browse linux from win98
   and vice versa.  this makes me think the problem is with win2k.



i know this is a tremendous post, and i graciously thank you for reading
down this far.  i'm desperate to get this working, and have posted as
thorough a report as i could.  i'd be happy to post any more info that's
required.

thank you VERY much!

pete

# Global parameters
[global]
   server string = %h server (Samba %v)
   # hosts equiv = /etc/samba/hosts.equiv
   # hostname lookups = yes
   passdb backend = tdbsam, guest
   passwd program = /usr/bin/passwd %u
   passwd chat = *Enter\snew\sUNIX\spassword:* %n\n *Retype\snew\sUNIX\spassword:* 
%n\n .
   syslog = 0
   max log size = 1000
   name resolve order = lmhosts host wins bcast
   socket options = IPTOS_LOWDELAY TCP_NODELAY SO_SNDBUF=4096 SO_RCVBUF=4096
   dns proxy = No
   panic action = /usr/share/samba/panic-action %d
   hosts allow = 192.169.0.4, 192.168.0.3, 192.168.0.2, 127.
   print command = /usr/bin/lpr -r -P%p %s
   lpq command = /usr/bin/lpq-P%p %s
   lprm command = /usr/bin/lprm   -P%p %j
   queuepause command = /usr/sbin/lpc -P%p start

   workgroup = testgroup
   domain master = yes
   local master = yes
   preferred master = yes
   wins support = yes
   os level = 100

[homes]
   comment = Home Directories
   read only = No
   create mask = 0700
   directory mask = 0700
   browseable = No

[lp]
   path = /var/spool/lpd/samba
   read only = No
   create mask = 0700
   printable = Yes

[cdrom]
   comment = Samba server's CD-ROM
   path = /cdrom
   guest ok = Yes
   locking = No

[tmp]
   comment = temporary files
   path = /tmp
   read only = yes


-- 
GPG Instructions: http://www.dirac.org/linux/gpg
GPG Fingerprint: B9F1 6CF3 47C4 7CD8 D33E 70A9 A3B9 1945 67EA 951D
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba


Re: [Samba] Problem logon WinXP SP2 to samba domain

2003-10-29 Thread rruegner
Hi ,did it worked before the patch?
is win xp serv pack 2 new? in only know
their so called rollup pack to serv pack 1a
Best Regards
- Original Message - 
From: "ayach-asu" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Wednesday, October 29, 2003 12:08 PM
Subject: [Samba] Problem logon WinXP SP2 to samba domain


> After installation Windows XP SP2, have come in domain Samba 2.2.8.
> After rebooting, at an logon to domain have received a mistake:
> "Windows may not load removed profile".
> The same mistake arises and in Windows 2003 Server.
> 
> Help, please.
> Elje.
> [EMAIL PROTECTED]
> 
> 
> -- 
> To unsubscribe from this list go to the following URL and read the
> instructions:  http://lists.samba.org/mailman/listinfo/samba
> 
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba


Re: [Samba] Samba Share ACLs

2003-10-29 Thread rruegner
Hi , you have to mount acls in fstab
then you can use the partition with samba,
i.e.
/dev/hdd1/files   ext3   defaults,acl  1
1
if you now create a smb share with path = /files
you can set permissions from win clients via right click on the servers
share
but for the different usage of win and unix permissions you can
only see the right permissions with the advanced button...
this is what tested.
note there are some other things with acls you might configure
in the smb.conf ( read the faqs )
and for suse you have to load up their acl packs.
( my test system was suse 8.2 / 9 samba 3 )
Best Regards
- Original Message - 
From: <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Cc: <[EMAIL PROTECTED]>
Sent: Wednesday, October 29, 2003 4:21 PM
Subject: [Samba] Samba Share ACLs


> Hi all,
>
>  I have already set up a Samba 3.0 with Openldap as user repository. I
have a question about share access controls.
>  Chapter 13.1 of Samba-HOWTO-Collection describes:
>
>  Samba offers a lot of flexibility in file system access management. These
are the key access control facilities present
>  in Samba today:
>  1) UNIX File and Directory Permissions
>  2) Samba Share Definitions
>  3) Samba Share ACLs
> Just like it is possible in MS Windows NT to set ACLs on shares
themselves, so it is possible to do this in Samba.
> Few people make use of this facility, yet it remains on of the easiest
ways to a ect access controls (restrictions)
> and can often do so with minimum invasiveness compared with other
methods.
>  4) MS Windows ACLs through UNIX POSIX ACLs
>
>  I have a question about Point 3 Samba Share ACLs. Do I need Linux file
system ACLs in order to be able to define
>  Samba Share ACLs.
>  If not I have problems to define ACLs on shares via Windows Explorer from
a Windows XP Workstation.
>  my environment:
>  Samba 3.0 compiled --with-acl-spupport installed on Suse Linux Enterprise
Server 8
>  OpenLDAP 2.1.4 as suer repository.
>  Samba 3.0 is configured as PDC.
>
>  I can log from a Windows XP workstation in Samba Domain. I can connect to
shares defined in smb.conf.
>  All defined access controls in smb.conf works fine.
>
>  I try to set ACLs on following Share:
>
>  [Test-Share]
>path=/home/Test-Share
>public = yes
>printable = no
>writeable = yes
>
> Thanks
>
> Vahid Asadi
>
>
>
> -- 
> To unsubscribe from this list go to the following URL and read the
> instructions:  http://lists.samba.org/mailman/listinfo/samba
>
>

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba


[Samba] Filename mangling warfare

2003-10-29 Thread Ian Haskin
Does anyone know how to tweak or disable filename mangling in Samba so windows clients 
don't read paths and folder names in 8.3?

I have a few backup VBscripts that used to work by passing the name and path of a 
directory (on a Samba share) as an argument to be read by the script.  Currently, on 
some windows 2k boxes, the full path and folder name are displayed correctly and named 
correctly once copied, on some it's displayed incorrectly but when the script is done 
copying the specified folder it re-creates the original name, and on my new install of 
win xp, the name is displayed incorrectly and the directory (once copied) is named in 
the mangled state. (which is just slightly frustrating!)

I've tried disabling mangling altogether, but then for some reason, the path and 
folder name are truncated at 20 characters... It's just chopped off... But at least 
it's not mangled.. But it's still unusable..

This is driving me nuts... (samba 2.2.8a on Irix)



  Ian Haskin
 
 .Sys-Admin
 .TOPIX
 .http://www.topix.com


á.Ð "Too much caffeine..."

-

Your problems in the bedroom are finally
solved when you hire trained professionals
to remove the raccoons. 

-The Onion

--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba


[Samba] share permissions

2003-10-29 Thread Tom Czachor
I am trying to setup Samba in a classroom so that a student's samba folder can be 
accessed via Windows by the student and the teacher. I have Samba working, but can 
only get the student access to the folder. How can I add another user or group to 
Samba so the teacher and student have full control over the folder?

Thanks
Tom
--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba


Re: [Samba] Automatic Windows Patch Deployment "autoit"

2003-10-29 Thread Nathan Ehresman
On Mon, Oct 27, 2003 at 08:30:10AM -0600, Jerry Haltom wrote:
> THere is one big problem with netlogon scripts that make them impossible
> im most environments: You have to log on as Administrator. Software
> usually requires Administrator to be installed/removed. Having the
> installation run as LocalSystem in the background gets around this (and
> also keeps your users from messing with the procedure).

I too use AutoIt, but just at the time of the initial build of the OS and
apps.  For installing updates I use Lanovation's Prism Pack, which allows
me to install software via login scripts as a non administrator user.
Works great for us to push updates out to a bunch of computer labs.  My
only beef with it is that it doesn't support NTFS ACLs, so it can be a pain
if some app needs a different permission set than it would normally get.

Nathan Ehresman

-- 
nre
:wq
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba


[Samba] Samba 3.0.1Pre1 and windows 2000, domain problem

2003-10-29 Thread Thiago Lima
 
Hi,
 
I'm using samba-3.0.1pre1-1 (rpm)  and I'm trying to make it as a
PDC. 
 
Using WindowsXP Pro I'm able to join the domain I've made in samba. 
 
The problem is that when I try to join the domain using a Win2000
I'm able to join the domain using 'Network Identification->Properties' ,
but when I try to add a user in control-panel from the domain I got the
following error : 
 
"The Trust relationship between this workstation and the primary
domain failed"
 
I'm using samba with smbpasswd (this is a test machine)  and I've
added the machine and user account.
 
I tried to enable netbios over TCP in w2000 to see it it changed
anything, but it made no difference.
 
 
Any tips?
 
 
commands and configuration
 
 /usr/sbin/useradd  -g machines -d /dev/null -c 'test'  jungletres$  -s
/sbin/nologin
 smbpasswd  -a -m jungletres

 
 
Load smb config files from /etc/samba/smb.conf
Processing section "[homes]"
Processing section "[netlogon]"
Processing section "[Profiles]"
Processing section "[printers]"
Processing section "[publico]"
Loaded services file OK.
Server role: ROLE_DOMAIN_PDC
Press enter to see a dump of your service definitions
 
# Global parameters
[global]
workgroup = MYDOMAIN
server string = test server
interfaces = 192.168.0.254/24
passwd program = /usr/bin/passwd %u
passwd chat = *New*UNIX*password* %n\n
*ReType*new*UNIX*password* %n\n
*passwd:*all*authentication*tokens*updated*successfully*
unix password sync = Yes
log file = /var/log/samba/log.%m
max log size = 50
name resolve order = wins hosts lmhosts bcast
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
printcap name = cups
domain logons = Yes
os level = 33
preferred master = Yes
domain master = Yes
dns proxy = No
wins support = Yes
hosts allow = 192.168.0.
printing = cups
 
[homes]
comment = Home Directories
read only = No
browseable = No
 
[netlogon]
comment = Network Logon Service
path = /home/netlogon
guest ok = Yes
share modes = No
 
[Profiles]
path = /home/samba/profiles
guest ok = Yes
browseable = No
 
[printers]
comment = All Printers
path = /var/spool/samba
printable = Yes
browseable = No
 
[publico]
comment = Publico
path = /home/samba/public/
guest ok = Yes

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba


[Samba] Samba Share ACLs

2003-10-29 Thread Vahid . Asadi
Hi all,

 I have already set up a Samba 3.0 with Openldap as user repository. I have a question 
about share access controls.
 Chapter 13.1 of Samba-HOWTO-Collection describes:

 Samba offers a lot of flexibility in file system access management. These are the key 
access control facilities present
 in Samba today:
 1) UNIX File and Directory Permissions
 2) Samba Share Definitions
 3) Samba Share ACLs
Just like it is possible in MS Windows NT to set ACLs on shares themselves, so it 
is possible to do this in Samba.
Few people make use of this facility, yet it remains on of the easiest ways to a 
ect access controls (restrictions)
and can often do so with minimum invasiveness compared with other methods.
 4) MS Windows ACLs through UNIX POSIX ACLs

 I have a question about Point 3 Samba Share ACLs. Do I need Linux file system ACLs in 
order to be able to define
 Samba Share ACLs.
 If not I have problems to define ACLs on shares via Windows Explorer from a Windows 
XP Workstation.
 my environment:
 Samba 3.0 compiled --with-acl-spupport installed on Suse Linux Enterprise Server 8
 OpenLDAP 2.1.4 as suer repository.
 Samba 3.0 is configured as PDC.

 I can log from a Windows XP workstation in Samba Domain. I can connect to shares 
defined in smb.conf.
 All defined access controls in smb.conf works fine.

 I try to set ACLs on following Share:

 [Test-Share]
   path=/home/Test-Share
   public = yes
   printable = no
   writeable = yes

Thanks

Vahid Asadi



-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba


[Samba] Samba for DYNIX 4.4.10

2003-10-29 Thread Zac . Bhana
Can anyone please tell me where I can get the binaries and info on 
installing samba on Dynix 4.4.10?

Cheers
Zac
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba


Re: [Samba] samba 3.0 kerberos question

2003-10-29 Thread Bob Bartels
Axel,

So far this is what I've found out:

Once you modify all the pam.d modules you want to authenticate with by adding 
winbind.so ( ssh, login, su, xdm etc.) and gotten the logins to work... The 
next problem is uid/gui mappings from the AD->unix. Then comes the mounting 
of the users directory from an AD. So far the only solution I've found is to 
use  
http://uranus.it.swin.edu.au/~jn/linux/smbfs/

This loads a daemon that gets userid and passwd from winbind. It then uses 
that info to bascially use smbmount with the login credentials to mount the 
users home dir at login time.

I don't know how to parse the AD to get the actual home directory...At this 
point our home dirs are all going to be DFS$ mounts on the windows servers. I 
need to parse the Active Directory for this and then pipe that info to smbfs.

Then all my AD users should be able to login to our shared unix server and 
find themselves in their unified home directory. I'm sure permission issues 
will be the next hurdle. 

If anyone has a better solution or a howto in the works as to this type of 
scenerio/solution - Windows AD userbase who need to use a unix server for 
research and want a unified homedir/account setup.

Thanks

Bob





> Quoting Andrew Bartlett <[EMAIL PROTECTED]>:
> > On Thu, 2003-10-23 at 06:19, Bob Bartels wrote:
> > > I have successfully joined a machine to a active directory and got a
> >
> > kerberos
> >
> > > session ticket.
> > >
> > > Smbclient //server/share$ -k works and allows me access to the dirs on
> > > a server in the domain in which I authenticated and received a krb
> > > ticket
> >
> > from.
> >
> > > smbmount //server/share$ /localmount -o krb Should work as
> > > well...right??
> >
> > NO!
> >
> > > I get this error when I try it:
> > >
> > > Warning: kerberos support will only work for samba servers
> > > Anonymous login successful
> > > 2348: tree connect failed: ERRDOS - ERRnoaccess (Access denied.)
> > > SMB connection failed
> > >
> > >
> > > Why is this happening and is there a way to mount a sharepoint after
> >
> > getting a
> >
> > > kerberos ticket without having the re-authenticate?
> >
> > Not with smbfs.  It is hoped that the CIFS VFS will get better in this
> > regard.
>
> So is there any solution to use smb shares (on Samba AND Windows Servers)
> as home directories for linux users with all their consequences? I mean
> automatically mount them at boot time, use pam_mkhomedir with them, single
> signon during the logon process, etc.
>
> That's what I was expecting from the release of Samba 3.0, centralized home
> directories for Windows and Linux users in heterogeneous networks resulting
> in dramatically reduced administration efforts and the end of not
> unnecessary redundant information... Kerberos is the key to that scenario.
>
> Regards,
>
> Axel Suppantschitsch.
>
> Dipl.-Ing. (FH) Axel Suppantschitsch
> ---
> FH JOANNEUM Gesellschaft mbH
> University of Applied Sciences
> Department of Information Management
> Operating System Technologies
> Alte Poststrasse 147, A-8020 Graz
> www.fh-joanneum.at

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba


[Samba] can't join W2003 domain with 3.0.0 (krb ticket is OK though)

2003-10-29 Thread christoph.beyer
Hi everyone,

I'm using the production release of 3.0.0 and can not join a W2003 domain:

[printsrv4] /spool/samba-3.0.0/bin $ ./net -d 10 ads join -Uhumpty_dumpty
[2003/10/29 15:35:39, 3] libads/sasl.c:ads_sasl_spnego_bind(191)
  got [EMAIL PROTECTED]
[2003/10/29 15:35:39, 1] libsmb/clikrb5.c:ads_krb5_mk_req(269)
  krb5_cc_get_principal failed (No credentials cache found)
[2003/10/29 15:35:40, 10] libsmb/clikrb5.c:get_krb5_smb_session_key(385)
  Got KRB5 session key of length 16
[2003/10/29 15:35:40, 1] utils/net_ads.c:ads_startup(181)
  ads_connect: Strong authentication required
[2003/10/29 15:35:40, 2] utils/net.c:main(758)
  return code = -1

The krb5 token looks OK:

[printsrv4] /spool/samba-3.0.0/bin $ klist
Ticket cache: FILE:/tmp/krb5cc_0
Default principal: [EMAIL PROTECTED]

Valid starting ExpiresService principal
10/29/03 13:48:09  10/29/03 23:48:18  krbtgt/[EMAIL PROTECTED]
renew until 10/30/03 13:48:09


Kerberos 4 ticket cache: /tmp/tkt0
Principal: [EMAIL PROTECTED]

  Issued  Expires Principal
10/21/03 15:42:14  10/22/03 17:08:35  [EMAIL PROTECTED]
10/21/03 15:42:14  10/22/03 17:08:35  [EMAIL PROTECTED]
10/22/03 15:18:13  10/22/03 17:13:13  [EMAIL PROTECTED]



any hints anyone ???
~christoph


-- 
/*   Christoph Beyer |   Office: Building 2b / 23 *\
 *   DESY|Phone: 040-8998-2317*
 *   - IT -  |  Fax: 040-8998-4060*
\*   22603 Hamburg   | http://www.desy.de */


-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba


[Samba] problem with WINS

2003-10-29 Thread Fabien . LIOU

Hello,


When i do a "nbtstat -a , i get a "Host not found" message.

WINS seems to be correct on the NT4 PDC.
ping is ok
DNS is ok


smb.conf points to the IP address of the WINS server.


When i do the same command to a second samba server which has the same
smb.conf parameters and also is on the same subnet than samba_server1, i get
a correct answer.


What's wrong ?

Do i need to register again ?

Samba version is 2.2.7


Thanks.

Fabien 

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba


Re: [Samba] Compile Problem (krb5)

2003-10-29 Thread Andrew Bartlett
On Wed, 2003-10-29 at 10:17, Schwartz, William H wrote:
> I'm trying to build samba 3 with the ads support and along with that I
> apparently need ldap and krb5.  I have installed openldap, krb5 (had to
> install even though Solaris 9 has krb5 in it, the .h file wasn't there that
> I could find).  Now when building samba I'm getting this error
> 
>  
> 
> 
> 
> Compiling libsmb/clifile.c
> 
> Compiling libsmb/clikrb5.c
> 
> libsmb/clikrb5.c:139:2: #error UNKNOWN_GET_ENCTYPES_FUNCTIONS
> 
> libsmb/clikrb5.c: In function `krb5_locate_kdc':
> 
> libsmb/clikrb5.c:188: error: `krb5_krbhst_handle' undeclared (first use in
> this function)
> 
> libsmb/clikrb5.c:188: error: (Each undeclared identifier is reported only
> once
> 
> libsmb/clikrb5.c:188: error: for each function it appears in.)
> 
> libsmb/clikrb5.c:188: error: parse error before "hnd"
> 
> libsmb/clikrb5.c:189: error: `krb5_krbhst_info' undeclared (first use in
> this function)
> 
> libsmb/clikrb5.c:189: error: `hinfo' undeclared (first use in this function)
> 
> libsmb/clikrb5.c:197: error: `KRB5_KRBHST_KDC' undeclared (first use in this
> function)
> 
> libsmb/clikrb5.c:197: error: `hnd' undeclared (first use in this function)
> 
> make: *** [libsmb/clikrb5.o] Error 1
> 
>  
> 
> I'm stumped no this, i have all my paths set correctly (I think), can anyone
> give me a hand?

I suspect you are mixing your previous installed version of krb5 with
the new one you installed to get the development headers.  

There is also a known issue about --with-krb5 not changing which krb5
implementation is used, if krb5-config is in  your path.

Can you install just the MIT 1.3.1 release of kerberos?  

Andrew Bartlett
 
-- 
Andrew Bartlett [EMAIL PROTECTED]
Manager, Authentication Subsystems, Samba Team  [EMAIL PROTECTED]
Student Network Administrator, Hawker College   [EMAIL PROTECTED]
http://samba.org http://build.samba.org http://hawkerc.net


signature.asc
Description: This is a digitally signed message part
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] Problem logon WinXP SP2 to samba domain

2003-10-29 Thread ayach-asu
After installation Windows XP SP2, have come in domain Samba 2.2.8.
After rebooting, at an logon to domain have received a mistake:
"Windows may not load removed profile".
The same mistake arises and in Windows 2003 Server.

Help, please.
Elje.
[EMAIL PROTECTED]


-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba


[Samba] SID question

2003-10-29 Thread Thomas Otto
Hi List

I get the same SID for local-domain and domain on my PDC.
See this output:
admin1:/data/profiles# net getlocalsid
SID for domain ADMIN1 is: S-1-5-21-3215027423-1217727205-3511383706
admin1:/data/profiles# net rpc info
Domain Name: EXEDIO
Domain SID: S-1-5-21-3215027423-1217727205-3511383706
Sequence number: 1067424880
Num users: 20
Num domain groups: 4
Num local groups: 0
should the 2 SIDs be the same also on BDCs and Domain Member Servers?
and how do i make them equal? at the moment the servers have a different 
  sid by "net getlocalsid". and this sid differs also from the machine 
SID in LDAP

any help is appreciated.

cu tommi
--
Thomas Otto
Dipl. Wirtsch.-Inf.
IT-Administration
exedio GmbH
Förstereistr. 19
D-01099 Dresden
fon +49(0)351 4108-100
fax +49(0)351 4108-199
mob +49(0)177 4209 762
--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba


Re: [Samba] samba 3.0 kerberos question

2003-10-29 Thread Axel Suppantschitsch
Quoting Andrew Bartlett <[EMAIL PROTECTED]>:

> On Thu, 2003-10-23 at 06:19, Bob Bartels wrote:
> > I have successfully joined a machine to a active directory and got a
> kerberos 
> > session ticket.
> > 
> > Smbclient //server/share$ -k works and allows me access to the dirs on a 
> > server in the domain in which I authenticated and received a krb ticket
> from.
> > 
> > smbmount //server/share$ /localmount -o krb Should work as well...right??
> NO!
> > 
> > I get this error when I try it:
> > 
> > Warning: kerberos support will only work for samba servers
> > Anonymous login successful
> > 2348: tree connect failed: ERRDOS - ERRnoaccess (Access denied.)
> > SMB connection failed
> > 
> > 
> > Why is this happening and is there a way to mount a sharepoint after
> getting a 
> > kerberos ticket without having the re-authenticate?
> 
> Not with smbfs.  It is hoped that the CIFS VFS will get better in this
> regard.

So is there any solution to use smb shares (on Samba AND Windows Servers) as
home directories for linux users with all their consequences? I mean
automatically mount them at boot time, use pam_mkhomedir with them, single
signon during the logon process, etc.

That's what I was expecting from the release of Samba 3.0, centralized home
directories for Windows and Linux users in heterogeneous networks resulting in
dramatically reduced administration efforts and the end of not unnecessary
redundant information... Kerberos is the key to that scenario.

Regards,

Axel Suppantschitsch.

Dipl.-Ing. (FH) Axel Suppantschitsch
---
FH JOANNEUM Gesellschaft mbH
University of Applied Sciences
Department of Information Management
Operating System Technologies
Alte Poststrasse 147, A-8020 Graz
www.fh-joanneum.at
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba


[Samba] HELP ME!!!!

2003-10-29 Thread Remizov Kostya
I ask you, help me!
Some WinXP and Win98 clients of samba 3.0.0 PDC cannot retrieve user 
members of domain from the domain controller.
And the log say that those clients did not send any request for it.
Do you know what the problem in?

--
Using M2, Opera's revolutionary e-mail client: http://www.opera.com/m2/
--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba


[Samba] pc75089 ( 194.180.75.89) couldnt find service

2003-10-29 Thread emma emma

I have reinstalled SUSE8.0 and Samba2.2.3a

my network printer installation thru YAST2 was
unsucceful, but achieved only thru KDE Print Manager.

When i attempt a Printtest thru YAST2 it produces no
output.

Although Samba localhost Server displays Active
Connections:

PID: 1297
CLIENT: pc75089
IP ADDRESS: 194.180.75.89

I do not understand why it still gives me these error
pc75089 80.75.89) couldnt find service. When i try to
print thru my Windows server.

I can identify my Samba server on my Windows server.

Can anyone help pls.

Iyke



__
Do you Yahoo!?
Exclusive Video Premiere - Britney Spears
http://launch.yahoo.com/promos/britneyspears/
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba


AW: [Samba] Help for Samba 3 and Win ADS

2003-10-29 Thread Dieter Wilkens
Hi Denis,

I just tried this but still I can't log on the samba server with a domain user!

If I try to do so I get the error:

[2003/10/29 08:48:37, 0] auth/auth_util.c:make_server_info_info3(1017)
  make_server_info_info3: pdb_init_sam failed!

in the log file of the client on samba server...

Is there anytihng else I have to adjust on the samba server?
I sucessfully joined the domain with ADS and can see the server from my windows 
machine - but as soon as I try to connect I get the error (exept with one user that I 
created on the linux server)!

Any ideas?

Here is my smb.conf

**

#=== Global Settings ===
[global]
log file = /var/log/samba/log.%m
server string = %h server (Samba %v)
socket options = TCP_NODELAY
encrypt passwords = yes
security = ads
realm = 
workgroup = 
password server = 
syslog = 0

#== Shares =
[daten]
comment = Daten auf Debian 
path = /daten
browsable = yes
guest ok = yes

**



-Ursprüngliche Nachricht-
Von: Denis M.J. [mailto:[EMAIL PROTECTED] 
Gesendet: Dienstag, 28. Oktober 2003 21:52
An: Dieter Wilkens
Cc: [EMAIL PROTECTED]
Betreff: Re: [Samba] Help for Samba 3 and Win ADS


If you're joining the AD you can use the mode ADS with the lines # smb.conf:
security = ADS
realm =  your.kerberos.realm
encrypt passwords = yes
password server = MYWINPDC

please refer to section 7.4 (Domain Membership - Samba ADS Domain 
Membership) in the HOWTO.



Dieter Wilkens wrote:

>Thanks for that hint.
>I downloaded the HOTO and tried to make everything like descibed there 
>but it is still not working ;-(
>
>I set the 'security = domain" the 'workgroup = MYDOMAIN' and the 
>'password server = MYWINPDC' in the smb.conf and restartet samba. After 
>that I tried the 'net join -S MYWINPDC -UMyAdmin%MyPassword' and get 
>the following result:
>
>'realm must be set in smb.conf for ADS join to succeed.
>ADS join did not work, faling back to RPC...
>Joined domain MYDOMAIN'
>
>  
>
>>>From the PDC I can see the sambe server in ADS and in the network
>>
>>
>neighborhood. If I try to connect samba asks for a username and 
>password (should be OK with the DOMAIN-Admin.). So I type in the 
>Admin and PAssword but without getting a connection. In the logfile on 
>the samba server there are the following lines in
>'log.MYWINPDC':
>
>'[2003/10/28 10:18:50, 0] auth/auth_util.c:make_server_info_info3(1017)
>  make_server_info_info3: pdb_init_sam failed!
>[2003/10/28 10:18:50, 0] auth/auth_util.c:make_server_info_info3(1017)
>  make_server_info_info3: pdb_init_sam failed!
>[2003/10/28 10:19:28, 0] auth/auth_util.c:make_server_info_info3(1017)
>  nake_server_info_info3: pdb_init_sam failed!'
>
>Any ideas wahts going wrong here?
>
>Regards
>
>   Dieter
>
>"Adam Williams" <[EMAIL PROTECTED]> schrieb im Newsbeitrag 
>news:[EMAIL PROTECTED]
>  
>
>>>Just started to play around with Samba 3 (on debian 3.0) and a 
>>>win2000 domain. Can anyone help me to integrate the Samba server into 
>>>the win domain? It should act as a file server for the useres and 
>>>groups from
>>>  
>>>
>win
>  
>
>>>and therefor I need different rights and permissions for the 
>>>shares... Any help is appreciated ;-)
>>>  
>>>
>>See the Samba-HOWTO-Collection available on the Samba website.  It 
>>covers this in detail.
>>
>>--
>>To unsubscribe from this list go to the following URL and read the
>>instructions:  http://lists.samba.org/mailman/listinfo/samba
>>
>>
>
>
>  
>


--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba


Re: [Samba] Re: Failed to compile Samba with SSL

2003-10-29 Thread Andrew Bartlett
On Wed, 2003-10-29 at 15:08, Jamrock wrote:
> "John H Terpstra" <[EMAIL PROTECTED]> wrote in message
> news:[EMAIL PROTECTED]
> > Microsoft Windowss clients do not support SSL. Support for SSL was only
> > ever experimental, has not been maintained, suffered bit rot, and was
> > removed from Samba in Samba-3.0.0.
> 
> 
> Hi John,
> 
> Are you making a distinction between TLS and SSL?  Or is it a distinction
> between Samba and OpenLDAP?  I am a bit confused.  The section of the
> Samba-HOWTO-Collection entitled "Security and sambaSamAccount" speaks of
> using SSL and TLS with the LDAP user backend.

Samba is not changed to make OpenLDAP use SSL - that is a matter of how
the OpenLDAP client libraries are compiled.

Andrew Bartlett

-- 
Andrew Bartlett [EMAIL PROTECTED]
Manager, Authentication Subsystems, Samba Team  [EMAIL PROTECTED]
Student Network Administrator, Hawker College   [EMAIL PROTECTED]
http://samba.org http://build.samba.org http://hawkerc.net


signature.asc
Description: This is a digitally signed message part
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba