RE: [Samba] what will be mounted
>>when i mount windows, will all partitions be mounted or just C drive... you have to mount one by one Cheers, .^. Mun Heng, Ow/V\ H/M Engineering /( )\ Western Digital M'sia ^^-^^ DID : 03-7870 5168 The Linux Advocate -Original Message- From: Vishesh kaul [mailto:[EMAIL PROTECTED] Sent: Thursday, October 30, 2003 12:45 PM To: [EMAIL PROTECTED] Subject: [Samba] what will be mounted can samba mount the whole windows system on a computer by default.. suppose id i have 8 partitions on my hard disk (C,D,E,F,G,H,I,J).. when i mount windows, will all partitions be mounted or just C drive... your only special contact on earth -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE: [Samba] charsets in samba3
Thanks a mil Jeremy - This is the first answer I recieved. I actually had the users rename all the affected files. Will test now. Andre -Original Message- From: Jeremy Allison [mailto:[EMAIL PROTECTED] Sent: 30 October 2003 02:19 To: Andre de Koning Cc: [EMAIL PROTECTED] Subject: Re: [Samba] charsets in samba3 On Wed, Oct 08, 2003 at 04:10:29PM +0200, Andre de Koning wrote: > Is there any way to make samba use whatever the default charset was on samba > 2.2.x (like 2.2.3?). > > I've just upgraded to samba 3 and just about every second file displays > incorrectly on my windows clients and most of them refuse to open because of > this. THis is causing absolute chaos to the point where I (an avid windows > hater) am starting to look at reload all the servers in question with w2k > server. > > I've played around with "dos charset", "unix charset" and "display charset" > but have no luck. I have no clue what this should be set to to make this > work like they did before with samba 2.2.3 and don't even have a clue what > options I can choose from - nothing in the man page except one example! > > Any help, PLEASE? Better late than never I hope. unix charset = ISO8859-1 dos charset = CP850 would be the defaults 2.2.x used. Jeremy. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: AW: [Samba] Help for Samba 3 and Win ADS
Hi Dieter, There are several things you need to set up on the samba server for AD user to have access to it. * To be in the AD/domain - smb.conf with the proper security mode, password server and realm - net join the AD - make sure the samba machine shows up in the list of trusted computers and is properly accessible (DNS and that kind) - make sure smbd, nmbd and winbind run you can than check the list of users with the command $ getent passwd * To let users access unix services - set up nsswitch.conf so passwd and group also use winbind - set up pam properly, ie let it use winbind too. I think this should work. At least that's what the doc says. I am not really familiar with the error you're getting but it might be because you're not using winbind. Quote from the doc: "If winbindd is not running, smbd (which calls winbindd) will fall back to using purely local information from /etc/passwd and /etc/group and no dynamic mapping will be used." So make sure winbind is running, the HOWTO explains how to add it to you /etc/init.d/samba. It might vary depending on where you got samba from (official package or distribution package). Chapter 21 is on winbind. I hope it works out for you. Denis Dieter Wilkens wrote: Hi Denis, I just tried this but still I can't log on the samba server with a domain user! If I try to do so I get the error: [2003/10/29 08:48:37, 0] auth/auth_util.c:make_server_info_info3(1017) make_server_info_info3: pdb_init_sam failed! in the log file of the client on samba server... Is there anytihng else I have to adjust on the samba server? I sucessfully joined the domain with ADS and can see the server from my windows machine - but as soon as I try to connect I get the error (exept with one user that I created on the linux server)! Any ideas? Here is my smb.conf ** #=== Global Settings === [global] log file = /var/log/samba/log.%m server string = %h server (Samba %v) socket options = TCP_NODELAY encrypt passwords = yes security = ads realm = workgroup = password server = syslog = 0 #== Shares = [daten] comment = Daten auf Debian path = /daten browsable = yes guest ok = yes ** -Urspr?ngliche Nachricht- Von: Denis M.J. [mailto:[EMAIL PROTECTED] Gesendet: Dienstag, 28. Oktober 2003 21:52 An: Dieter Wilkens Cc: [EMAIL PROTECTED] Betreff: Re: [Samba] Help for Samba 3 and Win ADS If you're joining the AD you can use the mode ADS with the lines # smb.conf: security = ADS realm = your.kerberos.realm encrypt passwords = yes password server = MYWINPDC please refer to section 7.4 (Domain Membership - Samba ADS Domain Membership) in the HOWTO. Dieter Wilkens wrote: Thanks for that hint. I downloaded the HOTO and tried to make everything like descibed there but it is still not working ;-( I set the 'security = domain" the 'workgroup = MYDOMAIN' and the 'password server = MYWINPDC' in the smb.conf and restartet samba. After that I tried the 'net join -S MYWINPDC -UMyAdmin%MyPassword' and get the following result: 'realm must be set in smb.conf for ADS join to succeed. ADS join did not work, faling back to RPC... Joined domain MYDOMAIN' From the PDC I can see the sambe server in ADS and in the network neighborhood. If I try to connect samba asks for a username and password (should be OK with the DOMAIN-Admin.). So I type in the Admin and PAssword but without getting a connection. In the logfile on the samba server there are the following lines in 'log.MYWINPDC': '[2003/10/28 10:18:50, 0] auth/auth_util.c:make_server_info_info3(1017) make_server_info_info3: pdb_init_sam failed! [2003/10/28 10:18:50, 0] auth/auth_util.c:make_server_info_info3(1017) make_server_info_info3: pdb_init_sam failed! [2003/10/28 10:19:28, 0] auth/auth_util.c:make_server_info_info3(1017) nake_server_info_info3: pdb_init_sam failed!' Any ideas wahts going wrong here? Regards Dieter "Adam Williams" <[EMAIL PROTECTED]> schrieb im Newsbeitrag news:[EMAIL PROTECTED] Just started to play around with Samba 3 (on debian 3.0) and a win2000 domain. Can anyone help me to integrate the Samba server into the win domain? It should act as a file server for the useres and groups from win and therefor I need different rights and permissions for the shares... Any help is appreciated ;-) See the Samba-HOWTO-Collection available on the Samba website. It covers this in detail. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL
[Samba] what will be mounted
can samba mount the whole windows system on a computer by default.. suppose id i have 8 partitions on my hard disk (C,D,E,F,G,H,I,J).. when i mount windows, will all partitions be mounted or just C drive... your only special contact on earth -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Internet Explorer
Thanks big time for your advice. The solution is clearer now. Richard. On Wednesday 29 October 2003 21:49, rruegner wrote: > hi, > i am not sure if i understand you in the right way but > this are the magic to make squid use transparent > #transproxy feature, very cool content filtering can be done with > squidguard #iptables -t nat -A PREROUTING -i eth2 -s ! 10.10.10.2 -p tcp > --dport 80 -j DNAT --to 10.10.10.2:3128 > #iptables -t nat -A POSTROUTING -o eth2 -s 10.10.10.0/24 -d 10.10.10.2 -j > SNAT --to 10.10.10.2 > #iptables -A FORWARD -s 10.10.10.0/24 -d 10.10.10.2 -i eth2 -o eth2 -p > tcp --dport 3128 -j ACCEPT > for sure you have to enable additional stuff in squid.conf and change > settings to your need in example above ( study man squid) > as you know changing settings for ie i think is only allowed for > powersusers ( but i am not sure at the moment ) > but in fact if your users cant change it they have no permission too.(win > stuff) > As i think if you want to give them the permission to change i e settings > you have to give them > higher prior on their local workstations.( like superuser etc.)..not > all users are equal in their needs! > But as i remember i had never problem with that, if you store their > profiles in their homes on samba.( when i use this old distro setup ) > But in Version 2.2.5 there is not a valid group mapping between samba / > unix to windows, > therefore an for other reason (security ) you should upgrade t samba 3 ( > load it from ftp.suse.com people gd ) > than you can build a nearly equal nt4 pdc with group mapping > match the groups with that bash script > #!/bin/bash > > net groupmap modify ntgroup="Domain Admins" unixgroup=root > net groupmap modify ntgroup="Domain Users" unixgroup=users > net groupmap modify ntgroup="Domain Guests" unixgroup=nobody > net groupmap modify ntgroup="Administrators" unixgroup=ntadmin > net groupmap modify ntgroup="Users" unixgroup=users > net groupmap modify ntgroup="Guests" unixgroup=nobody > net groupmap modify ntgroup="System Operators" unixgroup=sys > net groupmap modify ntgroup="Account Operators" unixgroup=ntadmin > net groupmap modify ntgroup="Backup Operators" unixgroup=bin > net groupmap modify ntgroup="Print Operators" unixgroup=lp > net groupmap modify ntgroup="Replicators" unixgroup=daemon > net groupmap modify ntgroup="Power Users" unixgroup=sys > > you can use than USRMGR.EXE for create users groups etc > in my setup this works finewith nt policies i am able to give > different users/groups to different proxies and fine tune the content > filtering ie. example adults and kids > machine adding on the fly to samba 3 work now too > study the new faqs for samba. > note that the out of the boy version from suse is not valid for a good > working pdc > ( for 700 users you should use ldap with samba not smbpasswd ) > Good Luck > Best Regards > > - Original Message - > From: "Richard K Ssekibuule" <[EMAIL PROTECTED]> > To: <[EMAIL PROTECTED]> > Sent: Wednesday, October 29, 2003 7:11 PM > Subject: [Samba] Internet Explorer > > > I have successfully setup a samba 2.25 PDC on SuSE8.1 for my 700 users. > > My problem: These users cannot change their Internet explorer proxy > > setting. > > > Question: How can I grant rights to change Internet explorer settings > > without compromising administrative security? > > > > My kernel cannot do transparent proxy, but I use squid to schedule users > > Internet access. > > The server running squid is different from the one running squid/gateway. > > > > Thanks in advance. > > > > Richard. > > -- > > To unsubscribe from this list go to the following URL and read the > > instructions: http://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Transparent migration of user profiles
Anybody, Can I please have some ideas on transparently migrating my user profiles (originally from a Win2K PDC) to a Samba 3 PDC (with LDAP) ???. I have already done the following: 1) Make my samba3 server a BDC server and used "net rpc vampire" to acquire the users (though there seems to be a problem with net vampire if your users are in a ldap database). 2) Used the same SID as the former domain. My requirements are: 1) The users are supposed to retain their local profiles, whenever they login (there should be no new profiles created). Please help Sincerely, ATrillanes -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Dfs - Load Balancing
Hi, I've also an interest in Dfs and plan implementation once I have sufccessfully gone to Samba 3. >1) How does it load balance? Is it some sort of round robin? No, its more like autofs using NFS with sym links in the Unix world. What I mean is that you can spread various data over several unique volumes and have them appear under the same dir structure. This not only simplifies data management in "where are my files again" but it also allows you to spread network and disk i/o over several points. Another advantage is that maintanance can be performend on a particular data location (ie; Raid) without affecting the entire directory or job structure. All this is very old skewl stuff in the Unix world but is kinda new in the Windows world. One thing to keep in mind is that the initial data request goes through the Dfs server in order to establish the mount point or network path but after that, subsequent requests go directly to that server bypassing the Dfs server. As for the rest of your Q's, test and document your results. Bri- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE: [Samba] File Permission Question
>>I need to setup samba so that when a new file is created it >>is writeable to the entire group, not just the person who created it Try this...in your smb.conf create mode = 0665 I'm very bad with octet permissions.. 0665 would be I think something like drwxrwxr-x Cheers, .^. Mun Heng, Ow/V\ H/M Engineering /( )\ Western Digital M'sia ^^-^^ DID : 03-7870 5168 The Linux Advocate -Original Message- From: Philip Bubel [mailto:[EMAIL PROTECTED] Sent: Thursday, October 30, 2003 6:18 AM To: [EMAIL PROTECTED] Subject: [Samba] File Permission Question Hello All, Got a little problem that I'm hoping somebody can help me solve. I've got a samba server set as the office's file server. We have a large common share that different people put documents in, and are to be modified by other people. I need to setup samba so that when a new file is created it is writeable to the entire group, not just the person who created it. Here is any example. Current: drwxr-xr-x7 hhaynes hhaynes foobar.txt What I need drwxrwxr-xhhaynes hr (or whatever the group owning the directory is) If anybody can point me in the right direction it would be most helpful. Thanks. Philip Bubel [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Linux -> Win2k
>>| Can somebody tell me how or if its possible to sord of map a directory >>on a | win2k machine to a link or a dir on the linux machine. Like a mirror. Try using smbmount. Cheers, .^. Mun Heng, Ow /V\ H/M Engineering /( )\ Western Digital M'sia ^^-^^ DID : 03-7870 5168 The Linux Advocate -Original Message- From: Gémes Géza [mailto:[EMAIL PROTECTED] Sent: Thursday, October 30, 2003 7:32 AM To: Niklas Berglund Cc: [EMAIL PROTECTED] Subject: Re: [Samba] Linux -> Win2k -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Niklas Berglund írta: | Hello.. | | Can somebody tell me how or if its possible to sord of map a directory on a | win2k machine to a link or a dir on the linux machine. Like a mirror. | | | I have a win2k machine (192.168.168.2) and a linux machine (192.168.168.1) | running samba. | | Ive been trying to get samba to do it for me, like this : | | smb.conf | -- | | [super] | comment = Superoffice | path = //192.168.168.2/Super/ | valid users = %S @wheel @users | invalid users = root bin daemon nobody named www uucp | writeable = Yes | create mask = 0777 | force create mode = 0777 | | | Im not sure how to properly write the "path=" parameter on thisone. | | Can someone help me please? | | Regards | Nick. | | | I'm really not an expert on the subject, but I've read one of them writing before on this list about the fact, that samba can access only files accessible by the host OS, e.g /somedir/someotherdir/... But I think, that what you are trying could be achieved by using DFS. I would suggest to read chapter 17 of the Samba Howto Collection. Good Luck! Geza Gemes -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.2 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQE/oE3o/PxuIn+i1pIRAgbMAJ9CFX/dQyZuSkeBQsT7sP5kI4qKeACfbYvT A2oN+bsEsZ3Yx4JY8zMx0N8= =eZvV -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Dfs - Load Balancing
I will second this. On Wed, 2003-10-29 at 19:48, David Chait wrote: > I am not certain how Samba specifically will handle this, but I can say from > experience that MS's FRS/DFS implimentation is a dissaster, don't go near it > if you value your data. > > - Original Message - > From: "Nicholas McDowell" <[EMAIL PROTECTED]> > To: <[EMAIL PROTECTED]> > Sent: Wednesday, October 29, 2003 5:28 PM > Subject: [Samba] Dfs - Load Balancing > > > > Hi, > > > > I was wondering if anyone has had any experience with using the Dfs > > functionality within Samba. > > > > I've been searching for any performance information and or documentation > > regarding Dfs in particular load balancing i.e. > > > > 1) How does it load balance? Is it some sort of round robin? > > 2) Is there a limit to the number of servers that can used in the load > > balance? > > 3) How many requests per second can Dfs handle? > > > > Any information or links would be greatly appreciated. > > > > Thanks > > Nicholas > > > > > > > > > > > > > > -- > > To unsubscribe from this list go to the following URL and read the > > instructions: http://lists.samba.org/mailman/listinfo/samba > > > > -- Jerry Haltom <[EMAIL PROTECTED]> Feedback Plus, Inc. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE: [Samba] share permissions
>>How can I add another user or group to Samba so the teacher and student have full >>control over the folder? Have something like valid users = user1 user2 <-- should be self explanatory write list = @teachers <--this is the groupings (same as *nix Groups) something likt that Cheers, .^. Mun Heng, Ow/V\ H/M Engineering /( )\ Western Digital M'sia ^^-^^ DID : 03-7870 5168 The Linux Advocate -Original Message- From: Tom Czachor [mailto:[EMAIL PROTECTED] Sent: Thursday, October 30, 2003 12:38 AM To: [EMAIL PROTECTED] Subject: [Samba] share permissions I am trying to setup Samba in a classroom so that a student's samba folder can be accessed via Windows by the student and the teacher. I have Samba working, but can only get the student access to the folder. How can I add another user or group to Samba so the teacher and student have full control over the folder? Thanks Tom -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Questions on Backup Domain Control
John, and the Samba community, Thanks for all your previous help. We are writing to clarify a couple of questions that arose from our reading of Samba 3 Official Documentation - Chapter 6: Backup Domain Control (see the quoted paragraphs below). Question 1 / Scenario 1: Trust Domain Account Relationships Houston: PDC (functioning as centralized domain SAM) | Trust Domain Account Relationship | Denver: BDC (acting as PDC for local SAM) CLIENTS (periodically updating machine account information to local SAM) In this scenario, we interpret the documention to be stating that since the local SAM in Denver isn't sending its update information to the Houston PDC; when the Houston PDC rsyncs with the Denver BDC, the Denver BDC's SAM will be overwritten with old machine account data and the result will be a broken trust. The suggested improvement is to use a LDAP database rather than SAM. Is this a correct interpretation? Question 2 / Scenario 2: PDC-BDC Fail Over Our local network domain has no Trust Domain Relationships configured. However, the above scenario does raise the question of the best way to handle our domain in the event of a fail over: San Jose: PDC (acting as PDC for local SAM) | rsync (PDC SAM rsyncs to BDC SAM) | BDC (acting as fail over BDC for the local domain) We have been running various fail-over scenairos in our lab for the last month. Our only password backend option is tdbsam (no LDAP backend approved). When we disconnected the PDC from the network, the BDC continued to authenticate users, allow logons, run longon scripts, etc. We were pleased to discover that tests to create/update/add/delete various user and machine accounts produced an error message and didn't allow changes on the BDC's (read only) SAM (no rsync overwrite issues). The remaining questions: are client systems also locked out of the BDC's SAM for updating their own machine account information until there is a PDC present on the domain again? Worst Case Scenario: Since rsync goes PDC->BDC, if there was a major hardware failure on the PDC and the BDC's role was changed to PDC until the original failed system was repaired, would the new PDC's SAM then allow account updates? - and - woud it be a best practice to configure the old PDC to a BDC after it is repaired then bring in back online and rsync with the current PDC? -- >From Samba 3 Official Documentation - Chapter 6: Backup Domain Control -- Features and Benefits The use of a non-LDAP backend SAM database is particularly problematic because Domain Member servers and workstations periodically change the Machine Trust Account password. The new password is then stored only locally. This means that in the absence of a centrally stored accounts database (such as that provided with an LDAP-based solution) if Samba-3 is running as a BDC, the BDC instance of the Domain Member trust account password will not reach the PDC (master) copy of the SAM. If the PDC SAM is then replicated to BDCs, this results in overwriting the SAM that contains the updated (changed) trust account password with resulting breakage of the domain trust. Machine Accounts Keep Expiring This problem will occur when the passdb (SAM) files are copied from a central server but the local Backup Domain Controller is acting as a PDC. This results in the application of Local Machine Trust Account password updates to the local SAM. Such updates are not copied back to the central server. The newer machine account password is then over written when the SAM is re-copied from the PDC. The result is that the Domain Member machine on start up will find that its passwords do not match the one now in the database and since the startup security check will now fail, this machine will not allow logon attempts to proceed and the account expiry error will be reported. The solution is to use a more robust passdb backend, such as the ldapsam backend, setting up a slave LDAP server for each BDC, and a master LDAP server for the PDC. -- Larry Liu Robert Inerbickler Sun Microsystems -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Dfs - Load Balancing
I am not certain how Samba specifically will handle this, but I can say from experience that MS's FRS/DFS implimentation is a dissaster, don't go near it if you value your data. - Original Message - From: "Nicholas McDowell" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Wednesday, October 29, 2003 5:28 PM Subject: [Samba] Dfs - Load Balancing > Hi, > > I was wondering if anyone has had any experience with using the Dfs > functionality within Samba. > > I've been searching for any performance information and or documentation > regarding Dfs in particular load balancing i.e. > > 1) How does it load balance? Is it some sort of round robin? > 2) Is there a limit to the number of servers that can used in the load > balance? > 3) How many requests per second can Dfs handle? > > Any information or links would be greatly appreciated. > > Thanks > Nicholas > > > > > > > -- > To unsubscribe from this list go to the following URL and read the > instructions: http://lists.samba.org/mailman/listinfo/samba > > -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Dfs - Load Balancing
Hi, I was wondering if anyone has had any experience with using the Dfs functionality within Samba. I've been searching for any performance information and or documentation regarding Dfs in particular load balancing i.e. 1) How does it load balance? Is it some sort of round robin? 2) Is there a limit to the number of servers that can used in the load balance? 3) How many requests per second can Dfs handle? Any information or links would be greatly appreciated. Thanks Nicholas -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] profile migration - resend
Hi, I am almost ready to switch over from 2.2.7 to 3 but found that a user profile created in 2.2 doesn't work in 3- ie; during login to a Samba 3 server, an error occurs and profile modifications are not permitted or recognized. This may seem trivial but I have 50 users, each with complex desktop setups which help them with there daily tasks of CG post production (so some of you know the primadonnas that this env can breed :). Does any one know of an elegant solution to profile migration? If not, this is what I was planning on doing; To circumvent this, I was planning to use the Windows facility of copying 1 profile to another but my problem is getting the 2 Samba domains to co-habitate as I set up each Samba PDC with its own unique name (for testing and the company name is changing so references to the old regime are not desired). How would I get a Samba 2.2.7 PDC with domain name ABC to trust another Samba 3.0 PDC with domain name XYZ for the purpose of copyinmg 1 profile to another vi Windows? Bri- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Add Printer Wizard
I'm having a bit of trouble getting a Samba printer set up. What I have is a postscript capable HP laserjet. It actually has IPP/HTTP and stuff on it. I need queueing to work, so my clients can't print to it directly, so what I want to do is: Get the printer set up on a central CUPs server: done. Printing quality is perfect from Unix machines. Thank you postscript! Have samba print to that printer as well, this, I have working, but it's not pretty. The quality is horrible, and im not sure why. Things are grainy, blocky, etc. This is printing from a Windows computer (with teh HP laserJet PS drivers installed). Samba is messing up my image quality! Not sure what is causing that. I also can't seem to get the Add Printer Drivers wizard to work right. I followed the instructions in the 3.0 howto as best as I could. My samba "admin" user, is named "samba", he has a uid 0. It's stored in LDAP. It works for joining computers to the domain. I added "samba" to printer admin, and when I try to loginto a Windows computer, as this user, and add a driver, I get: Access Denied. I'm not sure what I'm being denied access too! This user has uid 0. After setting all this up, can I expect queue's to be consistant? I need to see, in the Windows queue, unix jobs submitted directly to cups. On the cup's queue, I'd like to see window's jobs. Also, can samba be made to spool to cups AS it's receiving from the client? We regularly print out 900 page jobs, which take 30 pages to print from the client to the server. If the client has to sit there and spool all 900 pages before the job can even start, we've doubled our print time! As of now, Windows will start printing INSTATLY upon receiving data from the client, this may be more like "buffering" than "spooling". Thanks for the prompt assistance. -- Jerry Haltom <[EMAIL PROTECTED]> Feedback Plus, Inc. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] charsets in samba3
On Wed, Oct 08, 2003 at 04:10:29PM +0200, Andre de Koning wrote: > Is there any way to make samba use whatever the default charset was on samba > 2.2.x (like 2.2.3?). > > I've just upgraded to samba 3 and just about every second file displays > incorrectly on my windows clients and most of them refuse to open because of > this. THis is causing absolute chaos to the point where I (an avid windows > hater) am starting to look at reload all the servers in question with w2k > server. > > I've played around with "dos charset", "unix charset" and "display charset" > but have no luck. I have no clue what this should be set to to make this > work like they did before with samba 2.2.3 and don't even have a clue what > options I can choose from - nothing in the man page except one example! > > Any help, PLEASE? Better late than never I hope. unix charset = ISO8859-1 dos charset = CP850 would be the defaults 2.2.x used. Jeremy. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] windows shares duplicate samba shares instead of reporting own shares
Hi, I've got 3 pc's in a small network. One runs OpenBSD 3.3 with samba 2.2, one runs windows 98 SE, and the other runs windows xp. The samba machine has some shares defined in smb.conf. I can get to those shares from windows. The problem is that I can't get to any of the shares on the windows machines. When I am browsing the SMB workgroup, the windows pc's show up with the right names, but with the shares defined in smb.conf on the samba machine. The windows pc's have some shared files and one has a shared printer. When I am on one of the windows pc's, and I browse the workgroup, I can see the correct shares for the computer that I am at, but I see the incorrect shares (the samba shares) for the other windows pc. I can not get to the actual windows shares. What would cause this? I confess I have never taken the time to truly understand Windows Networking. Please excuse my newbness. Thanks for reading! Nathan Speed -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Linux -> Win2k
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Niklas Berglund írta: | Hello.. | | Can somebody tell me how or if its possible to sord of map a directory on a | win2k machine to a link or a dir on the linux machine. Like a mirror. | | | I have a win2k machine (192.168.168.2) and a linux machine (192.168.168.1) | running samba. | | Ive been trying to get samba to do it for me, like this : | | smb.conf | -- | | [super] | comment = Superoffice | path = //192.168.168.2/Super/ | valid users = %S @wheel @users | invalid users = root bin daemon nobody named www uucp | writeable = Yes | create mask = 0777 | force create mode = 0777 | | | Im not sure how to properly write the "path=" parameter on thisone. | | Can someone help me please? | | Regards | Nick. | | | I'm really not an expert on the subject, but I've read one of them writing before on this list about the fact, that samba can access only files accessible by the host OS, e.g /somedir/someotherdir/... But I think, that what you are trying could be achieved by using DFS. I would suggest to read chapter 17 of the Samba Howto Collection. Good Luck! Geza Gemes -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.2 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQE/oE3o/PxuIn+i1pIRAgbMAJ9CFX/dQyZuSkeBQsT7sP5kI4qKeACfbYvT A2oN+bsEsZ3Yx4JY8zMx0N8= =eZvV -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Linux -> Win2k
Hello.. Can somebody tell me how or if its possible to sord of map a directory on a win2k machine to a link or a dir on the linux machine. Like a mirror. I have a win2k machine (192.168.168.2) and a linux machine (192.168.168.1) running samba. Ive been trying to get samba to do it for me, like this : smb.conf -- [super] comment = Superoffice path = //192.168.168.2/Super/ valid users = %S @wheel @users invalid users = root bin daemon nobody named www uucp writeable = Yes create mask = 0777 force create mode = 0777 Im not sure how to properly write the "path=" parameter on thisone. Can someone help me please? Regards Nick. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] linux and win2k: who is blocking whose messages?
hi all, i know a whole lot more about MS windows networking than i did this morning (but it still feels like i don't know much). the linux samba server is a local, master and preferred browse master. it's also a WINS server. linux's IP address is 192.168.0.2. the win2k machine is 192.168.0.4. the goal is to browse linux's filesystem from win2k's "computers near me". but when i double click "computers near me" i get the error "testgroup is not accessible. the network path was not found". after a bunch more of tinkering, i started to see these hopeful messages in /var/log/log.smbd: [2003/10/29 15:26:15, 0] lib/access.c:check_access(328) Denied connection from (192.168.0.4) [2003/10/29 15:26:15, 1] smbd/process.c:process_smb(883) Connection denied from 192.168.0.4 [2003/10/29 15:26:15, 0] lib/access.c:check_access(328) Denied connection from (192.168.0.4) [2003/10/29 15:26:15, 1] smbd/process.c:process_smb(883) Connection denied from 192.168.0.4 [2003/10/29 15:26:28, 0] lib/access.c:check_access(328) Denied connection from (192.168.0.4) hopeful because now i have something concrete to work with, whereas this morning it "simply didn't work". do these logs mean that linux is blocking win2k? or win2k is blocking linux? playing around with win2k, i found 2 things which are related to security: 1. local area connection properties | TCP/IP | Properties | Advanced | Options | IP Security 2. local area connection properties | TCP/IP | Properties | Advanced | Options | TCP/IP filtering unfortunately, by clicking on "properties" of both these items, it appears that neither one is being used. so win2k can't be blocking linux. on the other hand, i temporarily moved /etc/hosts.deny to a temp file and put "ALL: ALL" in /etc/hosts.allow. so linux can't be blocking win2k. so who is blocking whom? anyone have any ideas? pete [global] workgroup = TESTGROUP server string = %h server (Samba %v) passdb backend = tdbsam, guest passwd program = /usr/bin/passwd %u passwd chat = *Enter\snew\sUNIX\spassword:* %n\n *Retype\snew\sUNIX\spassword:* %n\n . syslog = 0 max log size = 1000 name resolve order = lmhosts host wins bcast socket options = IPTOS_LOWDELAY TCP_NODELAY SO_SNDBUF=4096 SO_RCVBUF=4096 os level = 100 preferred master = Yes domain master = Yes dns proxy = No wins support = Yes panic action = /usr/share/samba/panic-action %d hosts allow = 192.169.0.4, 192.168.0.3, 192.168.0.2, 127. print command = /usr/bin/lpr -r -P%p %s lpq command = /usr/bin/lpq-P%p %s lprm command = /usr/bin/lprm -P%p %j queuepause command = /usr/sbin/lpc -P%p start [homes] comment = Home Directories read only = No create mask = 0700 directory mask = 0700 browseable = No [lp] path = /var/spool/lpd/samba read only = No create mask = 0700 printable = Yes [cdrom] comment = Samba server's CD-ROM path = /cdrom guest ok = Yes locking = No [tmp] comment = temporary files path = /tmp -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] File Permission Question
Hello All, Got a little problem that I'm hoping somebody can help me solve. I've got a samba server set as the office's file server. We have a large common share that different people put documents in, and are to be modified by other people. I need to setup samba so that when a new file is created it is writeable to the entire group, not just the person who created it. Here is any example. Current: drwxr-xr-x7 hhaynes hhaynes foobar.txt What I need drwxrwxr-xhhaynes hr (or whatever the group owning the directory is) If anybody can point me in the right direction it would be most helpful. Thanks. Philip Bubel [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba Share ACLs
On Wed, 29 Oct 2003, Douglas Phillipson wrote: > Please See ACL related questions below... > > John H Terpstra wrote: > > On Wed, 29 Oct 2003 [EMAIL PROTECTED] wrote: > > > > > >>Hi all, > >> > >> I have already set up a Samba 3.0 with Openldap as user repository. I have a > >> question about share access controls. > >> Chapter 13.1 of Samba-HOWTO-Collection describes: > >> > >> Samba offers a lot of flexibility in file system access management. These are the > >> key access control facilities present > >> in Samba today: > >> 1) UNIX File and Directory Permissions > >> 2) Samba Share Definitions > >> 3) Samba Share ACLs > >>Just like it is possible in MS Windows NT to set ACLs on shares themselves, so > >> it is possible to do this in Samba. > >>Few people make use of this facility, yet it remains on of the easiest ways to > >> a ect access controls (restrictions) > >>and can often do so with minimum invasiveness compared with other methods. > >> 4) MS Windows ACLs through UNIX POSIX ACLs > >> > > > > > >> I have a question about Point 3 Samba Share ACLs. Do I need Linux file > >> system ACLs in order to be able to define Samba Share ACLs. > > > > > > No, you do not! You need to use the Server Tools, or the Nexus package > > from Microsoft as documented in the HOWTO. > > > Are you saying here that you don't need the ACL patch in linux to do > ACL's? No. I am saying that you do NOT need the ACLs patch in order to be able to set ACLs on shares using the Server Manager tool. If you want file system ACLs, you DO need the ACLs patch in your kernel. You asked specifically about ACLs on shares! - John T. > > > >> If not I have problems to define ACLs on shares via Windows Explorer > >> from a Windows XP Workstation. my environment: > > > > > > Using the files extracted from the SRVTOOLS.EXE installation, in > > particular the Server Manager, you must edit the permissions on the Shares > > themselves. > > > > > >> Samba 3.0 compiled --with-acl-spupport installed on Suse Linux Enterprise Server 8 > >> OpenLDAP 2.1.4 as suer repository. > >> Samba 3.0 is configured as PDC. > >> > >> I can log from a Windows XP workstation in Samba Domain. I can connect to shares > >> defined in smb.conf. > >> All defined access controls in smb.conf works fine. > > > > > > You must log on as the Administrator for the Domain (root). > > > > > >> I try to set ACLs on following Share: > >> > >> [Test-Share] > >> path=/home/Test-Share > >> public = yes > >> printable = no > >> writeable = yes > > > Do you have to have "nt acl support = yes" in any share that will have > it's acl's changed by the "server tools"? > > > > > This is an example of setting share definition controls. > > > > - John T. > -- John H Terpstra Email: [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Samba 2.2.8 and NFS: Redux
Hi, Not having seen any response to a request for help nearly a week after having submitted my plea, I'm wondering if I'm being too impatient... Anyway, Here's the request again... Thanks, I have a rather unique (at least from reading the archives) situation that has me stumped, and I'm hoping the gurus can help. Here's my problem, I have a Solaris 2.8 server running Samba 2.2.8 which sits on two networks (no routing between networks). On one side of the Samba server are 100 PCs running a mix of Win95 and Win98 which have touch screens and no keyboards, that are used as CBT machines. These machines are only connected on this local lan and there are no domain controllers on that lan. These machines use NFS to attach disk from the Solaris Samba server. On the other side of the Samba server is the corporate network, where the CBT maintainers have their workstations. We are using Samba to serve disk to these maintenance PCs (which run NT4). The company's domain controllers are also on this segment. Now, here's the rub... If Samba daemons are running on the Samba server, then when the CBT machines, using NFS, attempt to attach to the disk on the Solaris Samba server, Samba catches the request for disk attachment and denies access. Stranger still, it only seems to affect the Win95 clients, and not the Win98 clients. I'm very puzzled and can find no reason why Samba would be picking up a request on the nfs port. My only thought is that somehow, the Win95 machines are attempting to use SMB instead of NFS, but we only see this problem when the Samba daemons are running. If Samba is shutdown on the server, then all CBT machines connect using NFS (as is correct). Here is a visual of the layout NT PCs Win95/Win98 PCs Samba Access NFS Access | | | Admin PC |---| --- | -- | | | | Solaris | |---| CBT PC | | | Server | | -- | | 1.Samba | | -- |-| 2.NFS |--|---| CBT PC | | --- | -- | Admin PC |---| | -- | | | |---| CBT PC | | | -- | | Domain Servers Of course, you might ask why we're doing something this crazy, why not just use one disk sharing method or the other. Well, I don't get to make those decisions, I just implement what is asked for. One reason for not using Samba on the CBT side is that we are using domain security and the CBT's can't see the domain controllers, and have generic userids that are not set up in the domain. On the Admin PC side we are requiring that all users accessing the server must be authenticated by the domain. In anycase, I'm having great difficulty in figuring out what is happening here. Any assistance would be most appreciated, and more info can be provided upon request (as I'm sure I've left something out that may/may not be important). TIA, Clarke Epperly [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Request for ACL experiences
Douglas Phillipson wrote on Thursday, 30 October 2003 9:14 a.m.: > I'm having trouble with ACL's and wonder how many others are too. I > see conflicting answers and comments about different aspects of ACL's > from many prople on the list. I was wondering if ANYONE is > successfully using ACL's with Samba 3.0 or above. Yes, we are. Our Red Hat 9 based Samba server is acting as a general purpose file server for a Windows 2000 Active Directory domain. > Was your Samba server configured as the DC? No, our DC is running Windows 2000 Server SP3. > What client OS were you setting ACL's on the Samba Share with? > (Win2000, XP) What service pack (SP4 on Win2000???) Windows 2000 Server SP3. > Did you have to have the ACL kernel patch? Yes, if you wish to use ACLs on ext2/ext3. XFS is supposed to have support already, though I have not tried it so I really don't know for sure. > Did you need "nt acl support = yes" in each share definition? No. This option defaults to yes anyway, so you should not need to specify it at all. > How did you setup your shares? (Working share Examples are good) Here's an example: [media] comment = Media files path = /mnt/media public = yes writable = yes create mask = 0774 directory mask = 0774 inherit acls = yes admin users = Administrator You need "winbind use default domain = yes" set in your smb.conf for the "admin users" option to work as specified above. Note that the exact options you use are highly dependent on what you want to use the share for. I would strongly recommend you read the relevant parts of the Samba 3 Howto collection, as well as the share options documentation in the smb.conf manpage. > Did you have to use the "server Tools" downloaded from microsoft or > could you simply right click on a file/folder and change the security > ACL's? You can just use the normal permission editing (right click...Properties). > How are you verifying the ACL's actually work? Did you fully test any > ACL you set through Windows by actually trying to make a user access a > file to see that his access matched the ACL you set. Yes, they do work. > What didn't work with ACL's that you thought should? Well, Samba can only provide to Windows what is available through POSIX standard ACLs, which means read, write, execute access bits for the owner, the group, and all others (the latter represented by "Everyone" in Windows), plus the same for each ACE. The extended permission types provided by Windows are not fully supported and this can't really be fixed at this time, because there is no equivalent functionality in Unix. In addition, Samba has to fit the normal DOS attributes into the Unix permissions as well, so you may see odd things happening at the Windows end. It does work, but the sooner you understand these two limitations, the better you will understand what is going on when you try to set permissions from Windows. Nested groups do not work. If domain user X is a member of domain group A, and A is a member of domain group B, X will not be seen as a member of B by Samba even though they will be by Windows. > Are you compareing the windows ACL's to the output of getfacl? Yes, they are the same, once you understand how the mapping works. > Could you use ACL's to add users to Samba printers? > > How did you add Samba printers as Domain resources so you could add > ACL's to them? Or did you need to do this? No idea, I have not tried either. > Did you have to do any setfacl commands in Linux? No. > Did you have to run winbind? Yes. > Did you have to do any "net groupmap" commands to make ACL's work? No. > Were there any commands/configurations you had to use to make ACL's > work that were not covered in the 3.0 HowTo? Not that I'm aware of, although it does not discuss enabling ACLs in the file system last time I checked (I suspect because this is Linux specific). BTW I have written an unofficial Samba+ACL Howto of sorts which may make things a little clearer. If you have any suggestions for that Howto (which is a little out of date, I admit) please let me know. http://www.bluelightning.org/linux/samba_acl_howto Cheers, Paul -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Request for ACL experiences
I'm having trouble with ACL's and wonder how many others are too. I see conflicting answers and comments about different aspects of ACL's from many prople on the list. I was wondering if ANYONE is successfully using ACL's with Samba 3.0 or above. Questions I have that I'm sure many are asking are: Was your Samba server configured as the DC? What client OS were you setting ACL's on the Samba Share with? (Win2000, XP) What service pack (SP4 on Win2000???) Did you have to have the ACL kernel patch? Did you need "nt acl support = yes" in each share definition? How did you setup your shares? (Working share Examples are good) Did you have to use the "server Tools" downloaded from microsoft or could you simply right click on a file/folder and change the security ACL's? How are you verifying the ACL's actually work? Did you fully test any ACL you set through Windows by actually trying to make a user access a file to see that his access matched the ACL you set. What was the scope of what you could really do with ACL's? What didn't work with ACL's that you thought should? Are you compareing the windows ACL's to the output of getfacl? Could you use ACL's to add users to Samba printers? How did you add Samba printers as Domain resources so you could add ACL's to them? Or did you need to do this? Did you have to do any setfacl commands in Linux? Did you have to run winbind? Did you have to do any "net groupmap" commands to make ACL's work? I.E. net groupmap modify ntgroup="Domain Admins" unixgroup=root Were there any commands/configurations you had to use to make ACL's work that were not covered in the 3.0 HowTo? I think we could use some real world working examples here. Please be VERY explicit and complete with concrete examples. Assume those reading your answers are NOT experts! If you see any missing questions that you think might be useful to using ACL's, please add them! regards Doug P -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba Share ACLs
Please See ACL related questions below... John H Terpstra wrote: On Wed, 29 Oct 2003 [EMAIL PROTECTED] wrote: Hi all, I have already set up a Samba 3.0 with Openldap as user repository. I have a question about share access controls. Chapter 13.1 of Samba-HOWTO-Collection describes: Samba offers a lot of flexibility in file system access management. These are the key access control facilities present in Samba today: 1) UNIX File and Directory Permissions 2) Samba Share Definitions 3) Samba Share ACLs Just like it is possible in MS Windows NT to set ACLs on shares themselves, so it is possible to do this in Samba. Few people make use of this facility, yet it remains on of the easiest ways to a ect access controls (restrictions) and can often do so with minimum invasiveness compared with other methods. 4) MS Windows ACLs through UNIX POSIX ACLs I have a question about Point 3 Samba Share ACLs. Do I need Linux file system ACLs in order to be able to define Samba Share ACLs. No, you do not! You need to use the Server Tools, or the Nexus package from Microsoft as documented in the HOWTO. Are you saying here that you don't need the ACL patch in linux to do ACL's? If not I have problems to define ACLs on shares via Windows Explorer from a Windows XP Workstation. my environment: Using the files extracted from the SRVTOOLS.EXE installation, in particular the Server Manager, you must edit the permissions on the Shares themselves. Samba 3.0 compiled --with-acl-spupport installed on Suse Linux Enterprise Server 8 OpenLDAP 2.1.4 as suer repository. Samba 3.0 is configured as PDC. I can log from a Windows XP workstation in Samba Domain. I can connect to shares defined in smb.conf. All defined access controls in smb.conf works fine. You must log on as the Administrator for the Domain (root). I try to set ACLs on following Share: [Test-Share] path=/home/Test-Share public = yes printable = no writeable = yes Do you have to have "nt acl support = yes" in any share that will have it's acl's changed by the "server tools"? This is an example of setting share definition controls. - John T. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Different SAMBA reaction about file permissions
How come am I not able to delete this "aquila_test/toto2" file from our "data" (see smb.conf below) directory but can delete it (different copy but same permissions and owners/groups) from our "home" (see smb.conf below) directory from a "Windows 2000" PC using samba ( we don`t have this problem when doing unix commands) File is on a SUN SunOS 5.8 server smbd -V Version 2.0.7 $ ls -ld aquila_test dr-xrwx--- 2 root vim 96 Oct 29 13:54 aquila_test $ ls -l aquila_test total 0 -r-xrw 1 ab123456 vis0 Oct 29 11:31 toto.orig -r-xrw 1 ab123456 vis0 Oct 29 11:31 toto2 c0pmtl01 # groups ab123456 vis vim $ cat smb.conf # # Automated Samba config done by dance on Wednesday October 29 12:02:22 EST 2003 # # # Global parameters # [global] workgroup = YYY_XXX server string = C0 File server Montreal Cluster browseable = No NIS homedir = No log file = /opt/VRTSsamba/var/log.%m max log size = 50 log level = 1 shared mem size = 4096000 security = server password server = ABCDEF guest ok = No dns proxy = No local master = No load printers = No socket options = TCP_NODELAY # # Shares parameters # # [home] comment = MyHome path = /home/%N/%u writable = Yes browseable = No # [data] comment = Data path = /data/%N writable = Yes browseable = No inherit permissions = Yes Patrice Lagacé Mail: [EMAIL PROTECTED] Tel: (514) 855-5001 #56101 Administrateur de Système Gestion Globale de l'infrastructure Transformation d'entreprise et systèmes Bombardier Aéronautique -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] OT pattern match
Hi, This is off topic but maybe someone can reply offline to me.. I'm not getting my patterns to work (hitting my head did not help either)! We've got files that have variations on ".1.2.3" added to their filenames and I'm trying to strip them automatically. They are all tar.gz files so that's a matching pattern for all. I want to strip all the dot-numbers behind the gz part but am failing miserably. -- Thanks, Steve -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] [Fwd: [squid-users] NTLM Authentication Problem]
Hi, i tried this too with samba 3 and squid 2.5STABLE4 and i cant get it to work too. i use the pam modules to match samba and squid users for yet.( but it is not the kings way ) Best Regards - Original Message - From: "Jim Richey" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Wednesday, October 29, 2003 7:31 PM Subject: [Samba] [Fwd: [squid-users] NTLM Authentication Problem] > I submited this to the Squid list, but I got no response which I assume > means that no one has any suggestions. Can anyone give me a clue as to > what I have configured incorrectly. Thanks. > > > Original Message > Subject: [squid-users] NTLM Authentication Problem > Date: Tue, 28 Oct 2003 11:34:29 -0500 > From: Jim Richey <[EMAIL PROTECTED]> > To: [EMAIL PROTECTED] > > > > I'm having a problem getting NTLM authentication working between Squid > 2.5STABLE4 and Samba 3.0.0 running on Slackware Linux 2.4.18. I've read the > archives, faq, how-to, walk-thru, etc, and believe I have everthing > correctly configured. I'm using the helper that is part of Samba 3.0, > not the Squid helper. Basic authentication works fine with the helper, > but I cannot get ntlmssp working. > > I set group read,execute access to the winbind pipe directory and full > read,write,execute on the pipe itself. > drwxr-x---2 root squid 72 Oct 27 21:21 winbindd_privileged/ > > srwxrwxrwx1 root root0 Oct 27 21:21 pipe= > > I have samba configured with ads but am not using it. I joined the > domain with rpc and am using security=domain in smb.conf. > > The wbinfo commands work fine: > #wbinfo -t > checking the trust secret via RPC calls succeeded > > #wbinfo -a TSTDOM\\testuser%testpass > plaintext password authentication succeeded > challenge/response password authentication succeeded > > I can also authenticate successfully with the helper from the command line: > #ntlm_auth --username testuser --password testpass > NT_STATUS_OK: Success (0x0) > > However, when I try to use ntlm authentication from a browser I get this > in cache.log: > [2003/10/28 10:43:41, 10] utils/ntlm_auth.c:manage_squid_request(1061) > Got 'YR' from squid (length: 2). > [2003/10/28 10:43:41, 10] > utils/ntlm_auth.c:manage_squid_ntlmssp_request(312) > got NTLMSSP packet: > [2003/10/28 10:43:41, 10] > utils/ntlm_auth.c:manage_squid_ntlmssp_request(322) > NTLMSSP challenge > > IE 6.0 SP1 get's a The page Cannot be displayed error. Mozilla 1.5 gives the login popup, > but after entering user id and password returns the Cache Access Denied page. > > > Squid configured with: > > Squid Cache: Version 2.5.STABLE4 > configure options: --enable-async-io --enable-storeio=ufs,aufs > --enable-auth=ntlm,basic --enable-removal-policies > --enable-cache-digests --enable-kill-parent-hack --disable-ident-lookups > > > authentication in squid.conf configured as: > > auth_param ntlm program /usr/local/samba/bin/ntlm_auth -d 10 > --helper-protocol=squid-2.5-ntlmssp > auth_param ntlm children 5 > auth_param ntlm max_challenge_reuses 0 > auth_param ntlm max_challenge_lifetime 2 minutes > # > auth_param basic program /usr/local/samba/bin/ntlm_auth -d 10 > --helper-protocol=squid-2.5-basic > auth_param basic children 5 > auth_param basic realm Highmark Proxy Server > auth_param basic credentialsttl 2 hours > > acl internet proxy_auth REQUIRED > http_access allow internet > http_access deny all > > > samba configured with: > --with-winbind --with-winbind-auth-challenge --with-libsmbclient > --with-ads --with-krb5=/usr/local > > > smb.conf configuration: > > [global] > workgroup = TSTDOM > netbios name = squidtest > server string = squidtest > security = domain > encrypt passwords = yes > smb passwd file = /usr/local/samba/private/smbpasswd > load printers = yes > log file = /usr/local/samba/var/log.%m > max log size = 50 > password server = pwdserver > socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 > local master = no > domain master = no > preferred master = no > wins support = no > idmap uid = 1-65000 > idmap gid = 1-65000 > winbind enum users = yes > winbind enum groups = yes > template homedir = /home/%D/%U > template shell = /bin/sh > winbind use default domain = yes > > > > > > > > > -- > To unsubscribe from this list go to the following URL and read the > instructions: http://lists.samba.org/mailman/listinfo/samba > > -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Internet Explorer
hi, i am not sure if i understand you in the right way but this are the magic to make squid use transparent #transproxy feature, very cool content filtering can be done with squidguard #iptables -t nat -A PREROUTING -i eth2 -s ! 10.10.10.2 -p tcp --dport 80 -j DNAT --to 10.10.10.2:3128 #iptables -t nat -A POSTROUTING -o eth2 -s 10.10.10.0/24 -d 10.10.10.2 -j SNAT --to 10.10.10.2 #iptables -A FORWARD -s 10.10.10.0/24 -d 10.10.10.2 -i eth2 -o eth2 -p tcp --dport 3128 -j ACCEPT for sure you have to enable additional stuff in squid.conf and change settings to your need in example above ( study man squid) as you know changing settings for ie i think is only allowed for powersusers ( but i am not sure at the moment ) but in fact if your users cant change it they have no permission too.(win stuff) As i think if you want to give them the permission to change i e settings you have to give them higher prior on their local workstations.( like superuser etc.)..not all users are equal in their needs! But as i remember i had never problem with that, if you store their profiles in their homes on samba.( when i use this old distro setup ) But in Version 2.2.5 there is not a valid group mapping between samba / unix to windows, therefore an for other reason (security ) you should upgrade t samba 3 ( load it from ftp.suse.com people gd ) than you can build a nearly equal nt4 pdc with group mapping match the groups with that bash script #!/bin/bash net groupmap modify ntgroup="Domain Admins" unixgroup=root net groupmap modify ntgroup="Domain Users" unixgroup=users net groupmap modify ntgroup="Domain Guests" unixgroup=nobody net groupmap modify ntgroup="Administrators" unixgroup=ntadmin net groupmap modify ntgroup="Users" unixgroup=users net groupmap modify ntgroup="Guests" unixgroup=nobody net groupmap modify ntgroup="System Operators" unixgroup=sys net groupmap modify ntgroup="Account Operators" unixgroup=ntadmin net groupmap modify ntgroup="Backup Operators" unixgroup=bin net groupmap modify ntgroup="Print Operators" unixgroup=lp net groupmap modify ntgroup="Replicators" unixgroup=daemon net groupmap modify ntgroup="Power Users" unixgroup=sys you can use than USRMGR.EXE for create users groups etc in my setup this works finewith nt policies i am able to give different users/groups to different proxies and fine tune the content filtering ie. example adults and kids machine adding on the fly to samba 3 work now too study the new faqs for samba. note that the out of the boy version from suse is not valid for a good working pdc ( for 700 users you should use ldap with samba not smbpasswd ) Good Luck Best Regards - Original Message - From: "Richard K Ssekibuule" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Wednesday, October 29, 2003 7:11 PM Subject: [Samba] Internet Explorer > I have successfully setup a samba 2.25 PDC on SuSE8.1 for my 700 users. > My problem: These users cannot change their Internet explorer proxy setting. > > Question: How can I grant rights to change Internet explorer settings > without compromising administrative security? > > My kernel cannot do transparent proxy, but I use squid to schedule users > Internet access. > The server running squid is different from the one running squid/gateway. > > Thanks in advance. > > Richard. > -- > To unsubscribe from this list go to the following URL and read the > instructions: http://lists.samba.org/mailman/listinfo/samba > > -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] DOS Commands and Samba3 don't work
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Bruno Tobias Stella írta: | Hi ! | | I have the follow problem: | | When I access a Shared Directory Samba3 by DOS, in win98 | workstation and execute, for example, "dir file.txt", I receive | an error message advising that occured a fault in access the | drive ... | I note this only when I execute the DOS command (del and dir) | with the full file name, and only in win98 workstation, because | in winXP workstation these commands work rightly. | | Somebody know this problem ? | | Thanks for some help, | | Bruno Stella | [EMAIL PROTECTED] | Setor de Redes - Secretaria de Informatica | Tribunal Regional do Trabalho da 15a. Regiao I would suggest to review your settings regarding dos charset unix charset mangling method mangle prefix mangle case mangling char mangled names mangled map for me everything works well (I have unix charset = ISO8859-2, dos charset = CP852, others are default values), except that 8+3 names are very strange. But I can run any DOS command on the long or on the 8+3 filenames. Regards, Geza Gemes -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.2 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQE/oABK/PxuIn+i1pIRAnI8AJ9JQc0XOiUrIdqBctFVwHtPYsEnqwCgo4S/ lAJbxAwJXstn14BpGJl0a3E= =IvxN -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] [Fwd: [squid-users] NTLM Authentication Problem]
I submited this to the Squid list, but I got no response which I assume means that no one has any suggestions. Can anyone give me a clue as to what I have configured incorrectly. Thanks. Original Message Subject:[squid-users] NTLM Authentication Problem Date: Tue, 28 Oct 2003 11:34:29 -0500 From: Jim Richey <[EMAIL PROTECTED]> To: [EMAIL PROTECTED] I'm having a problem getting NTLM authentication working between Squid 2.5STABLE4 and Samba 3.0.0 running on Slackware Linux 2.4.18. I've read the archives, faq, how-to, walk-thru, etc, and believe I have everthing correctly configured. I'm using the helper that is part of Samba 3.0, not the Squid helper. Basic authentication works fine with the helper, but I cannot get ntlmssp working. I set group read,execute access to the winbind pipe directory and full read,write,execute on the pipe itself. drwxr-x---2 root squid 72 Oct 27 21:21 winbindd_privileged/ srwxrwxrwx1 root root0 Oct 27 21:21 pipe= I have samba configured with ads but am not using it. I joined the domain with rpc and am using security=domain in smb.conf. The wbinfo commands work fine: #wbinfo -t checking the trust secret via RPC calls succeeded #wbinfo -a TSTDOM\\testuser%testpass plaintext password authentication succeeded challenge/response password authentication succeeded I can also authenticate successfully with the helper from the command line: #ntlm_auth --username testuser --password testpass NT_STATUS_OK: Success (0x0) However, when I try to use ntlm authentication from a browser I get this in cache.log: [2003/10/28 10:43:41, 10] utils/ntlm_auth.c:manage_squid_request(1061) Got 'YR' from squid (length: 2). [2003/10/28 10:43:41, 10] utils/ntlm_auth.c:manage_squid_ntlmssp_request(312) got NTLMSSP packet: [2003/10/28 10:43:41, 10] utils/ntlm_auth.c:manage_squid_ntlmssp_request(322) NTLMSSP challenge IE 6.0 SP1 get's a The page Cannot be displayed error. Mozilla 1.5 gives the login popup, but after entering user id and password returns the Cache Access Denied page. Squid configured with: Squid Cache: Version 2.5.STABLE4 configure options: --enable-async-io --enable-storeio=ufs,aufs --enable-auth=ntlm,basic --enable-removal-policies --enable-cache-digests --enable-kill-parent-hack --disable-ident-lookups authentication in squid.conf configured as: auth_param ntlm program /usr/local/samba/bin/ntlm_auth -d 10 --helper-protocol=squid-2.5-ntlmssp auth_param ntlm children 5 auth_param ntlm max_challenge_reuses 0 auth_param ntlm max_challenge_lifetime 2 minutes # auth_param basic program /usr/local/samba/bin/ntlm_auth -d 10 --helper-protocol=squid-2.5-basic auth_param basic children 5 auth_param basic realm Highmark Proxy Server auth_param basic credentialsttl 2 hours acl internet proxy_auth REQUIRED http_access allow internet http_access deny all samba configured with: --with-winbind --with-winbind-auth-challenge --with-libsmbclient --with-ads --with-krb5=/usr/local smb.conf configuration: [global] workgroup = TSTDOM netbios name = squidtest server string = squidtest security = domain encrypt passwords = yes smb passwd file = /usr/local/samba/private/smbpasswd load printers = yes log file = /usr/local/samba/var/log.%m max log size = 50 password server = pwdserver socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 local master = no domain master = no preferred master = no wins support = no idmap uid = 1-65000 idmap gid = 1-65000 winbind enum users = yes winbind enum groups = yes template homedir = /home/%D/%U template shell = /bin/sh winbind use default domain = yes -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba Share ACLs
On Wed, 29 Oct 2003 [EMAIL PROTECTED] wrote: > Hi all, > > I have already set up a Samba 3.0 with Openldap as user repository. I have a > question about share access controls. > Chapter 13.1 of Samba-HOWTO-Collection describes: > > Samba offers a lot of flexibility in file system access management. These are the > key access control facilities present > in Samba today: > 1) UNIX File and Directory Permissions > 2) Samba Share Definitions > 3) Samba Share ACLs > Just like it is possible in MS Windows NT to set ACLs on shares themselves, so > it is possible to do this in Samba. > Few people make use of this facility, yet it remains on of the easiest ways to a > ect access controls (restrictions) > and can often do so with minimum invasiveness compared with other methods. > 4) MS Windows ACLs through UNIX POSIX ACLs > > I have a question about Point 3 Samba Share ACLs. Do I need Linux file > system ACLs in order to be able to define Samba Share ACLs. No, you do not! You need to use the Server Tools, or the Nexus package from Microsoft as documented in the HOWTO. > If not I have problems to define ACLs on shares via Windows Explorer > from a Windows XP Workstation. my environment: Using the files extracted from the SRVTOOLS.EXE installation, in particular the Server Manager, you must edit the permissions on the Shares themselves. > Samba 3.0 compiled --with-acl-spupport installed on Suse Linux Enterprise Server 8 > OpenLDAP 2.1.4 as suer repository. > Samba 3.0 is configured as PDC. > > I can log from a Windows XP workstation in Samba Domain. I can connect to shares > defined in smb.conf. > All defined access controls in smb.conf works fine. You must log on as the Administrator for the Domain (root). > > I try to set ACLs on following Share: > > [Test-Share] >path=/home/Test-Share >public = yes >printable = no >writeable = yes This is an example of setting share definition controls. - John T. -- John H Terpstra Email: [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] net groupmap modify bug
Hi, After a successful upgrade from samba3alpha19 to samba3.0.1pre1 I am now doing the group mapping stage. The problem I am having is modifying a group in the LDAP directory. I am using net groupmap modify ntgroup=staff unixgroup=staff type=domain. The error it is coming up with is [2003/10/29 17:21:39, 2] passdb/pdb_ldap.c:ldapsam_search_one_group(1615) ldapsam_search_one_group: searching for:[(&(objectClass=posixGroup)(gidNumber=203))] net: decode.c:500: ber_scanf: Assertion `(( ber )->ber_opts.lbo_valid==0x2)' failed. Aborted Is this a bug in the code or am I doing something silly?? I have attached to the bottom a level 10 debug of the net command Cheers - Kristyan Osborne - IT Technician / Community Manager Longhill High School 01273 391672 / 304086 -- Computers are like airconditioners: They stop working properly if you open windows. Win95: A 32-bit patch for a 16-bit GUI shell running on top of an 8-bit operating system written for a 4-bit processor by a 2-bit company who cannot stand 1 bit of competition. [2003/10/29 17:21:39, 5] passdb/pdb_interface.c:make_pdb_methods_name(431) Attempting to find an passdb backend to match ldapsam:ldap://10.108.1.87 (ldapsam) [2003/10/29 17:21:39, 5] passdb/pdb_interface.c:make_pdb_methods_name(452) Found pdb backend ldapsam [2003/10/29 17:21:39, 2] lib/smbldap.c:smbldap_search_domain_info(1295) Searching for:[(&(objectClass=sambaDomain)(sambaDomainName=LONGHILL))] [2003/10/29 17:21:39, 2] lib/smbldap.c:smbldap_search_suffix(1066) smbldap_search_suffix: searching for:[(&(objectClass=sambaDomain)(sambaDomainName=LONGHILL))] [2003/10/29 17:21:39, 10] lib/smbldap.c:smbldap_open_connection(527) smbldap_open_connection: ldap://10.108.1.87 [2003/10/29 17:21:39, 2] lib/smbldap.c:smbldap_open_connection(623) smbldap_open_connection: connection opened [2003/10/29 17:21:39, 10] lib/smbldap.c:smbldap_connect_system(750) ldap_connect_system: Binding to ldap server ldap://10.108.1.87 as "cn=root,dc=longhill,dc=brighton-hove,dc=sch,dc=uk" [2003/10/29 17:21:39, 3] lib/smbldap.c:smbldap_connect_system(785) ldap_connect_system: succesful connection to the LDAP server [2003/10/29 17:21:39, 4] lib/smbldap.c:smbldap_open(836) The LDAP server is succesful connected [2003/10/29 17:21:39, 5] passdb/pdb_interface.c:make_pdb_methods_name(455) pdb backend ldapsam:ldap://10.108.1.87 has a valid init [2003/10/29 17:21:39, 5] passdb/pdb_interface.c:make_pdb_methods_name(431) Attempting to find an passdb backend to match guest (guest) [2003/10/29 17:21:39, 5] passdb/pdb_interface.c:make_pdb_methods_name(452) Found pdb backend guest [2003/10/29 17:21:39, 5] passdb/pdb_interface.c:make_pdb_methods_name(455) pdb backend guest has a valid init [2003/10/29 17:21:39, 2] passdb/pdb_ldap.c:ldapsam_search_one_group(1615) ldapsam_search_one_group: searching for:[(&(objectClass=sambaGroupMapping)(|(displayName=staff)(cn=staff)))] [2003/10/29 17:21:39, 2] passdb/pdb_ldap.c:init_group_from_ldap(1659) init_group_from_ldap: Entry found for group: 203 [2003/10/29 17:21:39, 2] passdb/pdb_ldap.c:ldapsam_search_one_group(1615) ldapsam_search_one_group: searching for:[(&(objectClass=sambaGroupMapping)(sambaSID=S-1-5-21-3582397119-3001034316-1885025900-1407))] [2003/10/29 17:21:39, 2] passdb/pdb_ldap.c:init_group_from_ldap(1659) init_group_from_ldap: Entry found for group: 203 [2003/10/29 17:21:39, 2] passdb/pdb_ldap.c:ldapsam_search_one_group(1615) ldapsam_search_one_group: searching for:[(&(objectClass=posixGroup)(gidNumber=203))] net: decode.c:500: ber_scanf: Assertion `(( ber )->ber_opts.lbo_valid==0x2)' failed. Aborted -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] samba3, network printing, additional problems
hi, i copied suse info, you should have no problems with that printer if you have newest kernel , cups and samba version http://hpoj.sourceforge.net/ will give you advice in general Best Regards Detailed information about product: DeskJet 5550C Actual settings: Architecture=i386 Distribution=8.1 Language=english Variation=none Supported: full Vendor Comment: For most HP OfficeJet printers there is a special driver package "hp-officeJet". Printing on a HP OfficeJet should work without this special package but for scanning you need to install and configure this special package. The package is already compiled for SuSE Linux. Therefore you don`t need to compile the software by yourself. For documentation see: file:/usr/share/doc/packages/hp-officeJet/index.html or online under http://hpoj.sourceforge.net/ Configurations: grayscale 300 dpi (using driver `hpijs`) - used by YaST2 as default grayscale 300 dpi draft (using driver `hpijs`) grayscale 300 dpi (using driver `stp`) monochrome 300 dpi (using driver `cdj500`) grayscale 600 dpi (using driver `hpijs`) grayscale 600 dpi (using driver `stp`) grayscale 600 dpi (using driver `cdj500`) color 300 dpi (using driver `hpijs`) - used by YaST2 as default color 300 dpi draft (using driver `hpijs`) color 300 dpi (using driver `stp`) color 300 dpi (using driver `cdj970`) color 300 dpi (using driver `cdj550`) color 300 dpi (using driver `cdj500`) color 600 dpi (using driver `hpijs`) - used by YaST2 as default color 600 dpi (using driver `stp`) color 600 dpi (using driver `cdj970`) photo 1200 dpi (using driver `hpijs`) - used by YaST2 as default SDB URLs: http://sdb.suse.de/en/sdb/html/jsmeix_print-kompatibel.html Available detail combinations to product: DeskJet 5550C all 9.0 8.2 8.1 8.0 SLES 8 SLD 1.0 SLES 7 7.3 7.2 7.1 7.0 6.4 all - - - - - - - - - - - - - i386 - - - full - - - - - - - - - amd64 - - - - - - - - - - - - - ia64 - - - - - - - - - - - - - axp - - - - - - - - - - - - - s390 - - - - - - - - - - - - - ppc - - - - - - - - - - - - - sparc - - - - - - - - - - - - - At the top all available distributions are listed. At the left all available hardware architectures are listed: all: entries are independend from hardware architecture, i.e. CRT monitors i386: convenient PC with Pentium like processor ia64: 64 bit processor architecture (from Intel, Itanium) x86_64: 64 bit processor architecture (from AMD, Opteron and Athlon64) axp: Alpha processor family s390: IBM s390 family ppc: PowerPC family sparc: SPARC family - Original Message - From: <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Wednesday, October 29, 2003 6:05 PM Subject: [Samba] samba3, network printing, additional problems > Hello, > First of all my thanks to everyone for their suggestions. I'm still > having an issue getting this network printer going. I'm now getting a > windows error from explorer.exe, i've checked all the windows system, > application, and security logs and of course the error is not in them. I > then turned samba's debug level to 10, reloaded it and tried again to > access the printer. This error with explorer only occurs when i right > click on the printer and select properties to add the driver. > I'd like to use apw but i do need to get this working. Does anyone have > this particular printer, an hp5550, working in a setting like this? I am > trying to figure out what specific driver files are needed so i can pass > them to rpcclient. It looks like the drivers on disk are in some kind of > compressed form. > Any suggestions welcome. > Thanks. > Dave. > > > > > The best thing to hit the internet in years - Juno SpeedBand! > Surf the web up to FIVE TIMES FASTER! > Only $14.95/ month - visit www.juno.com to sign up today! > -- > To unsubscribe from this list go to the following URL and read the > instructions: http://lists.samba.org/mailman/listinfo/samba > -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] multiple nic's
Hello I'd like to use multiple nic's on the same subnet for example eth0 = 192.168.0.20 and eth1 = 192.68.0.21 I put write this to "interface" option, but it didn't help. Even if I disconnect (cable) first interface (eth0) my SMB sevrer appears in network but i can't browse it. What should I change in configuration. I'd like to use multiple interfaces to improve performance - one is still overload. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Internet Explorer
I have successfully setup a samba 2.25 PDC on SuSE8.1 for my 700 users. My problem: These users cannot change their Internet explorer proxy setting. Question: How can I grant rights to change Internet explorer settings without compromising administrative security? My kernel cannot do transparent proxy, but I use squid to schedule users Internet access. The server running squid is different from the one running squid/gateway. Thanks in advance. Richard. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] DOS Commands and Samba3 don't work
Hi ! I have the follow problem: When I access a Shared Directory Samba3 by DOS, in win98 workstation and execute, for example, "dir file.txt", I receive an error message advising that occured a fault in access the drive ... I note this only when I execute the DOS command (del and dir) with the full file name, and only in win98 workstation, because in winXP workstation these commands work rightly. Somebody know this problem ? Thanks for some help, Bruno Stella [EMAIL PROTECTED] Setor de Redes - Secretaria de Informatica Tribunal Regional do Trabalho da 15a. Regiao -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] HELP ME!!!!
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Remizov Kostya ?rta: | I ask you, help me! | Some WinXP and Win98 clients of samba 3.0.0 PDC cannot retrieve user | members of domain from the domain controller. | And the log say that those clients did not send any request for it. | Do you know what the problem in? | I had similar problems, but only with win98 clients. Upgraded to 3.0.1pre1. but that didn'T help. Then I submitted bug report 596. Latter I've found, that it is the same as bug 532. And finally Jeremy Allison has developed a patch for it, I've applied the patch to samba-3.0.1pre1, and now it works. I would suggest, to try the mentioned bug reports, or try to compile from a recent CVS, which should already be patched. Good Luck! Geza Gemes -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.2 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQE/n/Zs/PxuIn+i1pIRAjCyAKCFQPeT0vHVISojH4TmCayFmqFBqwCfUOMd GWC1qh/nyhqqJLV894Yvp2c= =xJLB -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Winbind usage PDC and Domain menber ?
This mostly guesses, from posts and mails, i d really appreciate your views on those items, thanks Should winbind run on a PDC ? all account are supposed to exists on it or be managed via add user/ add machine Is winbind recommended on a multi file services network (SMB+NFS+AFS+etc) and when ACL are used: from various it seems not , winbind get the name only from the PDC and set a random id in the idmap, so id differs on pdc and menbers, also between menbers ps: and does running winbind on a PDC could get it to map the user to two id on it : one static created at account genesis and the other when the PDC use getpwnam , getting the libc to call teh local wibind . It depend on the order of the "passwd" attributes in /etc/nsswitch but waht if the admin setted winbind before compat (or unix) ? I also had a difficult case with a domain menber (samba+winbind) where a local user had the same name as the domain one: with "winbind use default domain" set to yes a conflict arise , is there a rational behind this behing default ? For pam: is the winbind domain separator , only for local domain menber usage , or should it be setted up same on the PDC ? Alban -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] samba3, network printing, additional problems
Hello, First of all my thanks to everyone for their suggestions. I'm still having an issue getting this network printer going. I'm now getting a windows error from explorer.exe, i've checked all the windows system, application, and security logs and of course the error is not in them. I then turned samba's debug level to 10, reloaded it and tried again to access the printer. This error with explorer only occurs when i right click on the printer and select properties to add the driver. I'd like to use apw but i do need to get this working. Does anyone have this particular printer, an hp5550, working in a setting like this? I am trying to figure out what specific driver files are needed so i can pass them to rpcclient. It looks like the drivers on disk are in some kind of compressed form. Any suggestions welcome. Thanks. Dave. The best thing to hit the internet in years - Juno SpeedBand! Surf the web up to FIVE TIMES FASTER! Only $14.95/ month - visit www.juno.com to sign up today! -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] share permissions
hi , please post more of your setup smb.conf samba version etc to get qualified answers Best Regards - Original Message - From: "Tom Czachor" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Wednesday, October 29, 2003 5:37 PM Subject: [Samba] share permissions I am trying to setup Samba in a classroom so that a student's samba folder can be accessed via Windows by the student and the teacher. I have Samba working, but can only get the student access to the folder. How can I add another user or group to Samba so the teacher and student have full control over the folder? Thanks Tom -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] help with win2k and linux samba browsing
hi all, i've spent an incredible amount of time trying to get samba working between linux (satan, debian testing, samba 3.0.0) and win2k (lucifer) and i'm at wit's end. i'm begging for help. i spent most of the morning reading samba docs, and have gone from knowing zilch about MS networking to, well, a little something about MS networking. my ultimate goal is to be able to click "my network places | computers near me" from win2k and browse satan's filesystem. here's what i've done: 1. account "p" exists on both machines and has same password. the workgroup on both linux and win2k is "testgroup". 2. i want linux to be the WINS server, so i've entered linux's IP address in the WINS server box on win2k. 3. i want linux to be the browse master. i've set: workgroup = testgroup domain master = yes local master = yes preferred master = yes wins support = yes os level = 100 so samba should win negotiations of who's master. 4. i've gone through diagnostics.txt in the samba documentation. all tests worked fine up till "test 8": On the PC type the command "net view \\BIGSERVER". when i type this, i see: System error 64 has occured. The specified network name is no longer avilable. 5. i've gone through each of the fixes listed in diagnostics.txt: * fixup the nmbd installation (i *think* this is ok) * add linux IP to wins server box. (check) * enable windows name resolution via DNS in the advanced section of the tcp/ip setup. (check, i think. there's no box with "enable windows name resolution", but the other boxes seem to indicate that DNS is enabled) * add BIGSERVER to your lmhosts file. (if the lmosts file has the same format as /etc/hosts, then check) 6. when i double click "my network places" | "computers near me", a pop appears that says: "Testgroup is not accessible. The network path was not found." 7. /var/lib/samba/wins.dat looks like win2k at least broadcasted itself to linux, although i'm not sure what each entry means: VERSION 1 0 "LUCIFER#00" 1067745381 192.168.0.4 64R "LUCIFER#03" 1067745381 192.168.0.4 64R "LUCIFER#20" 1067745381 192.168.0.4 64R "NAVALLE#00" 1067790845 192.168.0.3 4R "NAVALLE#03" 1067790845 192.168.0.3 4R "NAVALLE#20" 1067744970 192.168.0.3 4R "P#03" 1067745415 192.168.0.4 64R "SATAN#00" 1067705724 192.168.0.2 66R "SATAN#03" 1067705724 192.168.0.2 66R "SATAN#20" 1067705724 192.168.0.2 66R "TESTGROUP#00" 1067705724 255.255.255.255 e4R "TESTGROUP#1b" 1067705724 192.168.0.2 64R "TESTGROUP#1e" 1067705724 255.255.255.255 e4R "WORKGROUP#00" 1067743623 255.255.255.255 e4R 8. there is a win98 system on my home network, navalle. samba seems to work great between linux and win98. i can browse linux from win98 and vice versa. this makes me think the problem is with win2k. i know this is a tremendous post, and i graciously thank you for reading down this far. i'm desperate to get this working, and have posted as thorough a report as i could. i'd be happy to post any more info that's required. thank you VERY much! pete # Global parameters [global] server string = %h server (Samba %v) # hosts equiv = /etc/samba/hosts.equiv # hostname lookups = yes passdb backend = tdbsam, guest passwd program = /usr/bin/passwd %u passwd chat = *Enter\snew\sUNIX\spassword:* %n\n *Retype\snew\sUNIX\spassword:* %n\n . syslog = 0 max log size = 1000 name resolve order = lmhosts host wins bcast socket options = IPTOS_LOWDELAY TCP_NODELAY SO_SNDBUF=4096 SO_RCVBUF=4096 dns proxy = No panic action = /usr/share/samba/panic-action %d hosts allow = 192.169.0.4, 192.168.0.3, 192.168.0.2, 127. print command = /usr/bin/lpr -r -P%p %s lpq command = /usr/bin/lpq-P%p %s lprm command = /usr/bin/lprm -P%p %j queuepause command = /usr/sbin/lpc -P%p start workgroup = testgroup domain master = yes local master = yes preferred master = yes wins support = yes os level = 100 [homes] comment = Home Directories read only = No create mask = 0700 directory mask = 0700 browseable = No [lp] path = /var/spool/lpd/samba read only = No create mask = 0700 printable = Yes [cdrom] comment = Samba server's CD-ROM path = /cdrom guest ok = Yes locking = No [tmp] comment = temporary files path = /tmp read only = yes -- GPG Instructions: http://www.dirac.org/linux/gpg GPG Fingerprint: B9F1 6CF3 47C4 7CD8 D33E 70A9 A3B9 1945 67EA 951D -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Problem logon WinXP SP2 to samba domain
Hi ,did it worked before the patch? is win xp serv pack 2 new? in only know their so called rollup pack to serv pack 1a Best Regards - Original Message - From: "ayach-asu" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Wednesday, October 29, 2003 12:08 PM Subject: [Samba] Problem logon WinXP SP2 to samba domain > After installation Windows XP SP2, have come in domain Samba 2.2.8. > After rebooting, at an logon to domain have received a mistake: > "Windows may not load removed profile". > The same mistake arises and in Windows 2003 Server. > > Help, please. > Elje. > [EMAIL PROTECTED] > > > -- > To unsubscribe from this list go to the following URL and read the > instructions: http://lists.samba.org/mailman/listinfo/samba > -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba Share ACLs
Hi , you have to mount acls in fstab then you can use the partition with samba, i.e. /dev/hdd1/files ext3 defaults,acl 1 1 if you now create a smb share with path = /files you can set permissions from win clients via right click on the servers share but for the different usage of win and unix permissions you can only see the right permissions with the advanced button... this is what tested. note there are some other things with acls you might configure in the smb.conf ( read the faqs ) and for suse you have to load up their acl packs. ( my test system was suse 8.2 / 9 samba 3 ) Best Regards - Original Message - From: <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Cc: <[EMAIL PROTECTED]> Sent: Wednesday, October 29, 2003 4:21 PM Subject: [Samba] Samba Share ACLs > Hi all, > > I have already set up a Samba 3.0 with Openldap as user repository. I have a question about share access controls. > Chapter 13.1 of Samba-HOWTO-Collection describes: > > Samba offers a lot of flexibility in file system access management. These are the key access control facilities present > in Samba today: > 1) UNIX File and Directory Permissions > 2) Samba Share Definitions > 3) Samba Share ACLs > Just like it is possible in MS Windows NT to set ACLs on shares themselves, so it is possible to do this in Samba. > Few people make use of this facility, yet it remains on of the easiest ways to a ect access controls (restrictions) > and can often do so with minimum invasiveness compared with other methods. > 4) MS Windows ACLs through UNIX POSIX ACLs > > I have a question about Point 3 Samba Share ACLs. Do I need Linux file system ACLs in order to be able to define > Samba Share ACLs. > If not I have problems to define ACLs on shares via Windows Explorer from a Windows XP Workstation. > my environment: > Samba 3.0 compiled --with-acl-spupport installed on Suse Linux Enterprise Server 8 > OpenLDAP 2.1.4 as suer repository. > Samba 3.0 is configured as PDC. > > I can log from a Windows XP workstation in Samba Domain. I can connect to shares defined in smb.conf. > All defined access controls in smb.conf works fine. > > I try to set ACLs on following Share: > > [Test-Share] >path=/home/Test-Share >public = yes >printable = no >writeable = yes > > Thanks > > Vahid Asadi > > > > -- > To unsubscribe from this list go to the following URL and read the > instructions: http://lists.samba.org/mailman/listinfo/samba > > -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Filename mangling warfare
Does anyone know how to tweak or disable filename mangling in Samba so windows clients don't read paths and folder names in 8.3? I have a few backup VBscripts that used to work by passing the name and path of a directory (on a Samba share) as an argument to be read by the script. Currently, on some windows 2k boxes, the full path and folder name are displayed correctly and named correctly once copied, on some it's displayed incorrectly but when the script is done copying the specified folder it re-creates the original name, and on my new install of win xp, the name is displayed incorrectly and the directory (once copied) is named in the mangled state. (which is just slightly frustrating!) I've tried disabling mangling altogether, but then for some reason, the path and folder name are truncated at 20 characters... It's just chopped off... But at least it's not mangled.. But it's still unusable.. This is driving me nuts... (samba 2.2.8a on Irix) Ian Haskin .Sys-Admin .TOPIX .http://www.topix.com á.Ð "Too much caffeine..." - Your problems in the bedroom are finally solved when you hire trained professionals to remove the raccoons. -The Onion -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] share permissions
I am trying to setup Samba in a classroom so that a student's samba folder can be accessed via Windows by the student and the teacher. I have Samba working, but can only get the student access to the folder. How can I add another user or group to Samba so the teacher and student have full control over the folder? Thanks Tom -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Automatic Windows Patch Deployment "autoit"
On Mon, Oct 27, 2003 at 08:30:10AM -0600, Jerry Haltom wrote: > THere is one big problem with netlogon scripts that make them impossible > im most environments: You have to log on as Administrator. Software > usually requires Administrator to be installed/removed. Having the > installation run as LocalSystem in the background gets around this (and > also keeps your users from messing with the procedure). I too use AutoIt, but just at the time of the initial build of the OS and apps. For installing updates I use Lanovation's Prism Pack, which allows me to install software via login scripts as a non administrator user. Works great for us to push updates out to a bunch of computer labs. My only beef with it is that it doesn't support NTFS ACLs, so it can be a pain if some app needs a different permission set than it would normally get. Nathan Ehresman -- nre :wq -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Samba 3.0.1Pre1 and windows 2000, domain problem
Hi, I'm using samba-3.0.1pre1-1 (rpm) and I'm trying to make it as a PDC. Using WindowsXP Pro I'm able to join the domain I've made in samba. The problem is that when I try to join the domain using a Win2000 I'm able to join the domain using 'Network Identification->Properties' , but when I try to add a user in control-panel from the domain I got the following error : "The Trust relationship between this workstation and the primary domain failed" I'm using samba with smbpasswd (this is a test machine) and I've added the machine and user account. I tried to enable netbios over TCP in w2000 to see it it changed anything, but it made no difference. Any tips? commands and configuration /usr/sbin/useradd -g machines -d /dev/null -c 'test' jungletres$ -s /sbin/nologin smbpasswd -a -m jungletres Load smb config files from /etc/samba/smb.conf Processing section "[homes]" Processing section "[netlogon]" Processing section "[Profiles]" Processing section "[printers]" Processing section "[publico]" Loaded services file OK. Server role: ROLE_DOMAIN_PDC Press enter to see a dump of your service definitions # Global parameters [global] workgroup = MYDOMAIN server string = test server interfaces = 192.168.0.254/24 passwd program = /usr/bin/passwd %u passwd chat = *New*UNIX*password* %n\n *ReType*new*UNIX*password* %n\n *passwd:*all*authentication*tokens*updated*successfully* unix password sync = Yes log file = /var/log/samba/log.%m max log size = 50 name resolve order = wins hosts lmhosts bcast socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 printcap name = cups domain logons = Yes os level = 33 preferred master = Yes domain master = Yes dns proxy = No wins support = Yes hosts allow = 192.168.0. printing = cups [homes] comment = Home Directories read only = No browseable = No [netlogon] comment = Network Logon Service path = /home/netlogon guest ok = Yes share modes = No [Profiles] path = /home/samba/profiles guest ok = Yes browseable = No [printers] comment = All Printers path = /var/spool/samba printable = Yes browseable = No [publico] comment = Publico path = /home/samba/public/ guest ok = Yes -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Samba Share ACLs
Hi all, I have already set up a Samba 3.0 with Openldap as user repository. I have a question about share access controls. Chapter 13.1 of Samba-HOWTO-Collection describes: Samba offers a lot of flexibility in file system access management. These are the key access control facilities present in Samba today: 1) UNIX File and Directory Permissions 2) Samba Share Definitions 3) Samba Share ACLs Just like it is possible in MS Windows NT to set ACLs on shares themselves, so it is possible to do this in Samba. Few people make use of this facility, yet it remains on of the easiest ways to a ect access controls (restrictions) and can often do so with minimum invasiveness compared with other methods. 4) MS Windows ACLs through UNIX POSIX ACLs I have a question about Point 3 Samba Share ACLs. Do I need Linux file system ACLs in order to be able to define Samba Share ACLs. If not I have problems to define ACLs on shares via Windows Explorer from a Windows XP Workstation. my environment: Samba 3.0 compiled --with-acl-spupport installed on Suse Linux Enterprise Server 8 OpenLDAP 2.1.4 as suer repository. Samba 3.0 is configured as PDC. I can log from a Windows XP workstation in Samba Domain. I can connect to shares defined in smb.conf. All defined access controls in smb.conf works fine. I try to set ACLs on following Share: [Test-Share] path=/home/Test-Share public = yes printable = no writeable = yes Thanks Vahid Asadi -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Samba for DYNIX 4.4.10
Can anyone please tell me where I can get the binaries and info on installing samba on Dynix 4.4.10? Cheers Zac -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] samba 3.0 kerberos question
Axel, So far this is what I've found out: Once you modify all the pam.d modules you want to authenticate with by adding winbind.so ( ssh, login, su, xdm etc.) and gotten the logins to work... The next problem is uid/gui mappings from the AD->unix. Then comes the mounting of the users directory from an AD. So far the only solution I've found is to use http://uranus.it.swin.edu.au/~jn/linux/smbfs/ This loads a daemon that gets userid and passwd from winbind. It then uses that info to bascially use smbmount with the login credentials to mount the users home dir at login time. I don't know how to parse the AD to get the actual home directory...At this point our home dirs are all going to be DFS$ mounts on the windows servers. I need to parse the Active Directory for this and then pipe that info to smbfs. Then all my AD users should be able to login to our shared unix server and find themselves in their unified home directory. I'm sure permission issues will be the next hurdle. If anyone has a better solution or a howto in the works as to this type of scenerio/solution - Windows AD userbase who need to use a unix server for research and want a unified homedir/account setup. Thanks Bob > Quoting Andrew Bartlett <[EMAIL PROTECTED]>: > > On Thu, 2003-10-23 at 06:19, Bob Bartels wrote: > > > I have successfully joined a machine to a active directory and got a > > > > kerberos > > > > > session ticket. > > > > > > Smbclient //server/share$ -k works and allows me access to the dirs on > > > a server in the domain in which I authenticated and received a krb > > > ticket > > > > from. > > > > > smbmount //server/share$ /localmount -o krb Should work as > > > well...right?? > > > > NO! > > > > > I get this error when I try it: > > > > > > Warning: kerberos support will only work for samba servers > > > Anonymous login successful > > > 2348: tree connect failed: ERRDOS - ERRnoaccess (Access denied.) > > > SMB connection failed > > > > > > > > > Why is this happening and is there a way to mount a sharepoint after > > > > getting a > > > > > kerberos ticket without having the re-authenticate? > > > > Not with smbfs. It is hoped that the CIFS VFS will get better in this > > regard. > > So is there any solution to use smb shares (on Samba AND Windows Servers) > as home directories for linux users with all their consequences? I mean > automatically mount them at boot time, use pam_mkhomedir with them, single > signon during the logon process, etc. > > That's what I was expecting from the release of Samba 3.0, centralized home > directories for Windows and Linux users in heterogeneous networks resulting > in dramatically reduced administration efforts and the end of not > unnecessary redundant information... Kerberos is the key to that scenario. > > Regards, > > Axel Suppantschitsch. > > Dipl.-Ing. (FH) Axel Suppantschitsch > --- > FH JOANNEUM Gesellschaft mbH > University of Applied Sciences > Department of Information Management > Operating System Technologies > Alte Poststrasse 147, A-8020 Graz > www.fh-joanneum.at -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] can't join W2003 domain with 3.0.0 (krb ticket is OK though)
Hi everyone, I'm using the production release of 3.0.0 and can not join a W2003 domain: [printsrv4] /spool/samba-3.0.0/bin $ ./net -d 10 ads join -Uhumpty_dumpty [2003/10/29 15:35:39, 3] libads/sasl.c:ads_sasl_spnego_bind(191) got [EMAIL PROTECTED] [2003/10/29 15:35:39, 1] libsmb/clikrb5.c:ads_krb5_mk_req(269) krb5_cc_get_principal failed (No credentials cache found) [2003/10/29 15:35:40, 10] libsmb/clikrb5.c:get_krb5_smb_session_key(385) Got KRB5 session key of length 16 [2003/10/29 15:35:40, 1] utils/net_ads.c:ads_startup(181) ads_connect: Strong authentication required [2003/10/29 15:35:40, 2] utils/net.c:main(758) return code = -1 The krb5 token looks OK: [printsrv4] /spool/samba-3.0.0/bin $ klist Ticket cache: FILE:/tmp/krb5cc_0 Default principal: [EMAIL PROTECTED] Valid starting ExpiresService principal 10/29/03 13:48:09 10/29/03 23:48:18 krbtgt/[EMAIL PROTECTED] renew until 10/30/03 13:48:09 Kerberos 4 ticket cache: /tmp/tkt0 Principal: [EMAIL PROTECTED] Issued Expires Principal 10/21/03 15:42:14 10/22/03 17:08:35 [EMAIL PROTECTED] 10/21/03 15:42:14 10/22/03 17:08:35 [EMAIL PROTECTED] 10/22/03 15:18:13 10/22/03 17:13:13 [EMAIL PROTECTED] any hints anyone ??? ~christoph -- /* Christoph Beyer | Office: Building 2b / 23 *\ * DESY|Phone: 040-8998-2317* * - IT - | Fax: 040-8998-4060* \* 22603 Hamburg | http://www.desy.de */ -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] problem with WINS
Hello, When i do a "nbtstat -a , i get a "Host not found" message. WINS seems to be correct on the NT4 PDC. ping is ok DNS is ok smb.conf points to the IP address of the WINS server. When i do the same command to a second samba server which has the same smb.conf parameters and also is on the same subnet than samba_server1, i get a correct answer. What's wrong ? Do i need to register again ? Samba version is 2.2.7 Thanks. Fabien -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Compile Problem (krb5)
On Wed, 2003-10-29 at 10:17, Schwartz, William H wrote: > I'm trying to build samba 3 with the ads support and along with that I > apparently need ldap and krb5. I have installed openldap, krb5 (had to > install even though Solaris 9 has krb5 in it, the .h file wasn't there that > I could find). Now when building samba I'm getting this error > > > > > > Compiling libsmb/clifile.c > > Compiling libsmb/clikrb5.c > > libsmb/clikrb5.c:139:2: #error UNKNOWN_GET_ENCTYPES_FUNCTIONS > > libsmb/clikrb5.c: In function `krb5_locate_kdc': > > libsmb/clikrb5.c:188: error: `krb5_krbhst_handle' undeclared (first use in > this function) > > libsmb/clikrb5.c:188: error: (Each undeclared identifier is reported only > once > > libsmb/clikrb5.c:188: error: for each function it appears in.) > > libsmb/clikrb5.c:188: error: parse error before "hnd" > > libsmb/clikrb5.c:189: error: `krb5_krbhst_info' undeclared (first use in > this function) > > libsmb/clikrb5.c:189: error: `hinfo' undeclared (first use in this function) > > libsmb/clikrb5.c:197: error: `KRB5_KRBHST_KDC' undeclared (first use in this > function) > > libsmb/clikrb5.c:197: error: `hnd' undeclared (first use in this function) > > make: *** [libsmb/clikrb5.o] Error 1 > > > > I'm stumped no this, i have all my paths set correctly (I think), can anyone > give me a hand? I suspect you are mixing your previous installed version of krb5 with the new one you installed to get the development headers. There is also a known issue about --with-krb5 not changing which krb5 implementation is used, if krb5-config is in your path. Can you install just the MIT 1.3.1 release of kerberos? Andrew Bartlett -- Andrew Bartlett [EMAIL PROTECTED] Manager, Authentication Subsystems, Samba Team [EMAIL PROTECTED] Student Network Administrator, Hawker College [EMAIL PROTECTED] http://samba.org http://build.samba.org http://hawkerc.net signature.asc Description: This is a digitally signed message part -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Problem logon WinXP SP2 to samba domain
After installation Windows XP SP2, have come in domain Samba 2.2.8. After rebooting, at an logon to domain have received a mistake: "Windows may not load removed profile". The same mistake arises and in Windows 2003 Server. Help, please. Elje. [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] SID question
Hi List I get the same SID for local-domain and domain on my PDC. See this output: admin1:/data/profiles# net getlocalsid SID for domain ADMIN1 is: S-1-5-21-3215027423-1217727205-3511383706 admin1:/data/profiles# net rpc info Domain Name: EXEDIO Domain SID: S-1-5-21-3215027423-1217727205-3511383706 Sequence number: 1067424880 Num users: 20 Num domain groups: 4 Num local groups: 0 should the 2 SIDs be the same also on BDCs and Domain Member Servers? and how do i make them equal? at the moment the servers have a different sid by "net getlocalsid". and this sid differs also from the machine SID in LDAP any help is appreciated. cu tommi -- Thomas Otto Dipl. Wirtsch.-Inf. IT-Administration exedio GmbH Förstereistr. 19 D-01099 Dresden fon +49(0)351 4108-100 fax +49(0)351 4108-199 mob +49(0)177 4209 762 -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] samba 3.0 kerberos question
Quoting Andrew Bartlett <[EMAIL PROTECTED]>: > On Thu, 2003-10-23 at 06:19, Bob Bartels wrote: > > I have successfully joined a machine to a active directory and got a > kerberos > > session ticket. > > > > Smbclient //server/share$ -k works and allows me access to the dirs on a > > server in the domain in which I authenticated and received a krb ticket > from. > > > > smbmount //server/share$ /localmount -o krb Should work as well...right?? > NO! > > > > I get this error when I try it: > > > > Warning: kerberos support will only work for samba servers > > Anonymous login successful > > 2348: tree connect failed: ERRDOS - ERRnoaccess (Access denied.) > > SMB connection failed > > > > > > Why is this happening and is there a way to mount a sharepoint after > getting a > > kerberos ticket without having the re-authenticate? > > Not with smbfs. It is hoped that the CIFS VFS will get better in this > regard. So is there any solution to use smb shares (on Samba AND Windows Servers) as home directories for linux users with all their consequences? I mean automatically mount them at boot time, use pam_mkhomedir with them, single signon during the logon process, etc. That's what I was expecting from the release of Samba 3.0, centralized home directories for Windows and Linux users in heterogeneous networks resulting in dramatically reduced administration efforts and the end of not unnecessary redundant information... Kerberos is the key to that scenario. Regards, Axel Suppantschitsch. Dipl.-Ing. (FH) Axel Suppantschitsch --- FH JOANNEUM Gesellschaft mbH University of Applied Sciences Department of Information Management Operating System Technologies Alte Poststrasse 147, A-8020 Graz www.fh-joanneum.at -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] HELP ME!!!!
I ask you, help me! Some WinXP and Win98 clients of samba 3.0.0 PDC cannot retrieve user members of domain from the domain controller. And the log say that those clients did not send any request for it. Do you know what the problem in? -- Using M2, Opera's revolutionary e-mail client: http://www.opera.com/m2/ -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] pc75089 ( 194.180.75.89) couldnt find service
I have reinstalled SUSE8.0 and Samba2.2.3a my network printer installation thru YAST2 was unsucceful, but achieved only thru KDE Print Manager. When i attempt a Printtest thru YAST2 it produces no output. Although Samba localhost Server displays Active Connections: PID: 1297 CLIENT: pc75089 IP ADDRESS: 194.180.75.89 I do not understand why it still gives me these error pc75089 80.75.89) couldnt find service. When i try to print thru my Windows server. I can identify my Samba server on my Windows server. Can anyone help pls. Iyke __ Do you Yahoo!? Exclusive Video Premiere - Britney Spears http://launch.yahoo.com/promos/britneyspears/ -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
AW: [Samba] Help for Samba 3 and Win ADS
Hi Denis, I just tried this but still I can't log on the samba server with a domain user! If I try to do so I get the error: [2003/10/29 08:48:37, 0] auth/auth_util.c:make_server_info_info3(1017) make_server_info_info3: pdb_init_sam failed! in the log file of the client on samba server... Is there anytihng else I have to adjust on the samba server? I sucessfully joined the domain with ADS and can see the server from my windows machine - but as soon as I try to connect I get the error (exept with one user that I created on the linux server)! Any ideas? Here is my smb.conf ** #=== Global Settings === [global] log file = /var/log/samba/log.%m server string = %h server (Samba %v) socket options = TCP_NODELAY encrypt passwords = yes security = ads realm = workgroup = password server = syslog = 0 #== Shares = [daten] comment = Daten auf Debian path = /daten browsable = yes guest ok = yes ** -Ursprüngliche Nachricht- Von: Denis M.J. [mailto:[EMAIL PROTECTED] Gesendet: Dienstag, 28. Oktober 2003 21:52 An: Dieter Wilkens Cc: [EMAIL PROTECTED] Betreff: Re: [Samba] Help for Samba 3 and Win ADS If you're joining the AD you can use the mode ADS with the lines # smb.conf: security = ADS realm = your.kerberos.realm encrypt passwords = yes password server = MYWINPDC please refer to section 7.4 (Domain Membership - Samba ADS Domain Membership) in the HOWTO. Dieter Wilkens wrote: >Thanks for that hint. >I downloaded the HOTO and tried to make everything like descibed there >but it is still not working ;-( > >I set the 'security = domain" the 'workgroup = MYDOMAIN' and the >'password server = MYWINPDC' in the smb.conf and restartet samba. After >that I tried the 'net join -S MYWINPDC -UMyAdmin%MyPassword' and get >the following result: > >'realm must be set in smb.conf for ADS join to succeed. >ADS join did not work, faling back to RPC... >Joined domain MYDOMAIN' > > > >>>From the PDC I can see the sambe server in ADS and in the network >> >> >neighborhood. If I try to connect samba asks for a username and >password (should be OK with the DOMAIN-Admin.). So I type in the >Admin and PAssword but without getting a connection. In the logfile on >the samba server there are the following lines in >'log.MYWINPDC': > >'[2003/10/28 10:18:50, 0] auth/auth_util.c:make_server_info_info3(1017) > make_server_info_info3: pdb_init_sam failed! >[2003/10/28 10:18:50, 0] auth/auth_util.c:make_server_info_info3(1017) > make_server_info_info3: pdb_init_sam failed! >[2003/10/28 10:19:28, 0] auth/auth_util.c:make_server_info_info3(1017) > nake_server_info_info3: pdb_init_sam failed!' > >Any ideas wahts going wrong here? > >Regards > > Dieter > >"Adam Williams" <[EMAIL PROTECTED]> schrieb im Newsbeitrag >news:[EMAIL PROTECTED] > > >>>Just started to play around with Samba 3 (on debian 3.0) and a >>>win2000 domain. Can anyone help me to integrate the Samba server into >>>the win domain? It should act as a file server for the useres and >>>groups from >>> >>> >win > > >>>and therefor I need different rights and permissions for the >>>shares... Any help is appreciated ;-) >>> >>> >>See the Samba-HOWTO-Collection available on the Samba website. It >>covers this in detail. >> >>-- >>To unsubscribe from this list go to the following URL and read the >>instructions: http://lists.samba.org/mailman/listinfo/samba >> >> > > > > -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: Failed to compile Samba with SSL
On Wed, 2003-10-29 at 15:08, Jamrock wrote: > "John H Terpstra" <[EMAIL PROTECTED]> wrote in message > news:[EMAIL PROTECTED] > > Microsoft Windowss clients do not support SSL. Support for SSL was only > > ever experimental, has not been maintained, suffered bit rot, and was > > removed from Samba in Samba-3.0.0. > > > Hi John, > > Are you making a distinction between TLS and SSL? Or is it a distinction > between Samba and OpenLDAP? I am a bit confused. The section of the > Samba-HOWTO-Collection entitled "Security and sambaSamAccount" speaks of > using SSL and TLS with the LDAP user backend. Samba is not changed to make OpenLDAP use SSL - that is a matter of how the OpenLDAP client libraries are compiled. Andrew Bartlett -- Andrew Bartlett [EMAIL PROTECTED] Manager, Authentication Subsystems, Samba Team [EMAIL PROTECTED] Student Network Administrator, Hawker College [EMAIL PROTECTED] http://samba.org http://build.samba.org http://hawkerc.net signature.asc Description: This is a digitally signed message part -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba