Re: [Samba] Samba 3 doesn't compile - the saga continues...
On Sat, 2003-11-08 at 12:53, Ron Gage wrote: > Please see my post from 24 hours ago for the background on my efforts to get > Samba to run. > > I received instructions to modify include/includes.h to change the #include > to #include . Needless to say, this solved nothing > other than a bunch of harmless warnings. It also caused a different warning to > spew forth eternally from gcc, and more importantly, it didn't fix the > underlying problem. You should remove all references to . This is fixed in Samba 3.0.1pre2. > In short, what the hell is going on here? Samba has ALWAYS been known to > cleanly compile under Slackware. Tridge, do you need a copy of Slackware to > test against? > > Here is the latest set of warnings and errors preventing Samba 3 from compiling > on Slackware 9.1... The 'build farm' (build.samba.org) is what we use to test portability. There is a Slackware 9.0 box, and it builds the current code fine. Andrew Bartlett -- Andrew Bartlett [EMAIL PROTECTED] Manager, Authentication Subsystems, Samba Team [EMAIL PROTECTED] Student Network Administrator, Hawker College [EMAIL PROTECTED] http://samba.org http://build.samba.org http://hawkerc.net signature.asc Description: This is a digitally signed message part -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Samba 3.0.1pre2 available for download
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 This is another preview release of the Samba 3.0.1 code base and is provided for testing only. This release is *not* intended for production servers. Use at your own risk. There have been several bug fixes since 3.0.0 that we feel are important to make available to the Samba community for wider testing. The source code can be downloaded from : ~ http://download.samba.org/samba/ftp/pre/ The uncompressed tarball and patch file have been signed using GnuPG. The Samba public key is available at ~ http://download.samba.org/samba/ftp/samba-pubkey.asc Binary packages are available at ~ http://download.samba.org/samba/ftp/Binary_Packages/ A simplified version of the CVS log of updates since 3.0.1pre1 can be found in the the download directory under the name ChangeLog-3.0.1pre1-3.0.0pre2. The release notes are also available in the same directory. As always, all bugs are our responsibility. ~ --Enjoy ~ The Samba Team -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.1 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQE/rGpiIR7qMdg1EfYRAvmQAKDEFCLtSLOJGocwbEepM6wDI2EVfQCgtMRr UjqaHweh6Nn8iq3qId1Osds= =WAE8 -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba with Domain User accounts
On Fri, 07 Nov 2003 15:08 , anth jaz <[EMAIL PROTECTED]> sent: >I am trying to find an option to M$ file server under Linux. Everything to this point >is M$. Whether anybody goes for it or not, I would like to put the option out there for choice. One of the important necessities is that this doesn't become any more complicated for the EU. As soon as you say Linux to the bosses they think more complex for the user and the users have trouble enough logging in to there computers. I am a Linux newbie trying to become more efficient. At present, I am using RH9, Samba 3, and have security = Domain and have joined the domain successfully. I have a user joe created on the Linux/Samba server and when user joe logs onto his Win2k computer on the NT domain he can access the Samba share I have configured like this: > >[share] >path = /test >public = no >writable = yes >printable = no >valid users = joe jon art >create mask = 0765 > >Unless users "joe, jon, and art" are created on the Linux box, the user gets prompted >for network authentication: > >Connect As: >Password: > >I also have set "password server = *" and I still get promted for authentication. I >enter a vaild domain user account but not one that I have added to the Linux box and it will not take it. I also tried using >"password server = x.x.x.x" where x.x.x.x was PDC and BDC and had the same results. > >I have also set the following: >unix password sync = Yes >passwd program = /usr/bin/passwd %u > >I don't want anybody to have to do this, since they do not have to do this now (all >windoze 2k & NT). There are a lot of users and equally a lot of passwords on the domain and it isn't very efficient to add every user to the Linux box. Is there a way to get around this. Have the Linux server communicate with the PDC or BDC since it is a member of the domain? > >If that is even possible can I then give joe "read only", jon & art "read & write", >and "deny" everybody else access to the "test dir." > > With the 2.2.x version there was windbind, which would communicate with the PDC and pull the user accounts. I believe there is something similiar with 3.0 net vampire (or something to that effect, if not still windbind)... The howto at samba.org (dont have the exact address), is very resourcefull to these types of issues. Prudential Preferred Properties www.prupref.com -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba 2.2.3a and Windows Sychronization
i'm currently on version 2.2.7a and it is exhibiting this same behavior. I also have problems with quicken accessing data on a share. I am a single user, but when I exit and it prompts to make a backup, it says that it cannot access the file. -Lynch -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Samba 3 doesn't compile - the saga continues...
Please see my post from 24 hours ago for the background on my efforts to get Samba to run. I received instructions to modify include/includes.h to change the #include to #include . Needless to say, this solved nothing other than a bunch of harmless warnings. It also caused a different warning to spew forth eternally from gcc, and more importantly, it didn't fix the underlying problem. In short, what the hell is going on here? Samba has ALWAYS been known to cleanly compile under Slackware. Tridge, do you need a copy of Slackware to test against? Here is the latest set of warnings and errors preventing Samba 3 from compiling on Slackware 9.1... Compiling smbd/server.c In file included from include/includes.h:902, from smbd/server.c:23: include/safe_string.h:124:1: warning: "pstrcat" redefined In file included from include/includes.h:337, from smbd/server.c:23: /usr/include/ap_compat.h:300:1: warning: this is the location of the previous definition Linking bin/smbd /usr/lib/libkrb5.a(cc_file.o)(.text+0x1d90): In function `krb5_fcc_generate_new': /root/samba/krb5-1.3.1/src/lib/krb5/ccache/cc_file.c:2063: warning: the use of `mktemp' is dangerous, better use `mkstemp' tdb/tdbutil.o(.text+0x103a): In function `tdb_search_keys': tdb/tdbutil.c:791: undefined reference to `ap_fnmatch' collect2: ld returned 1 exit status make: *** [bin/smbd] Error 1 Yes, I know the warning about mktemp is from MIT-krb5. I'm not concerned about that. It's the Samba generated warnings and errors that have me concerned. -- Ronald R. Gage MCP, LPIC1, A+, Net+ Pontiac, Michigan This message was sent using webmail provided by www.rongage.org -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] XP Pro machines cannot print or reconnect maps
Hi, I'm fairly new to administering Samba, and I'm using the version that came with RedHat 9.0, so here goes Using Window ME clients I can map drives to my home directory, access files and print on the (server) printer. However, using Windows XP Pro I can browse to the Samba server and map a drive and access files, but once the XP machine is rebooted it fails to reconnect to the mapped drive. The printer is visible and appears to accept print jobs (i.e no client errors), however nothing prints out. I've seen a couple of posts very similar to this one, but with no replies - there must be people out there successully using Samba with XP!! Thanks, Stephen. -- Stephen A Readman e: [EMAIL PROTECTED] w: www.msrsolutions.co.uk -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Two instances, two interfaces
Hello everyone, I have server with two subnets on two interfaces: 192.168.1.x @eth1, 192.168.2.x @eth2. I need Samba to work with two completely different config files: for first subnet, as a workgroup member, for second - as a domain controller for Win9x clients. Each subnet have to be invisible for others The way I've tried to do it didn't work: 1) making 2 virtual servers with 1 main config with "netbios aliases" option and including two config files for each "Server", 2) running two instances of smbd & nmbd, each with separate config. I think it can be a good idea, but if I run: [EMAIL PROTECTED]:~# smbd -D -s config1 [EMAIL PROTECTED]:~# nmbd -D -s config1 [EMAIL PROTECTED]:~# smbd -D -s config2 [EMAIL PROTECTED]:~# nmbd -D -s config2, Samba will run only with the first config. All other tries when one instance of smbd/nmbd is running fails. Slackware 9.1, Samba 3.0. Thanks for help, Wojtek Michalski -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Samba with Domain User accounts
I am trying to find an option to M$ file server under Linux. Everything to this point is M$. Whether anybody goes for it or not, I would like to put the option out there for choice. One of the important necessities is that this doesn't become any more complicated for the EU. As soon as you say Linux to the bosses they think more complex for the user and the users have trouble enough logging in to there computers. I am a Linux newbie trying to become more efficient. At present, I am using RH9, Samba 3, and have security = Domain and have joined the domain successfully. I have a user joe created on the Linux/Samba server and when user joe logs onto his Win2k computer on the NT domain he can access the Samba share I have configured like this: [share] path = /test public = no writable = yes printable = no valid users = joe jon art create mask = 0765 Unless users "joe, jon, and art" are created on the Linux box, the user gets prompted for network authentication: Connect As: Password: I also have set "password server = *" and I still get promted for authentication. I enter a vaild domain user account but not one that I have added to the Linux box and it will not take it. I also tried using "password server = x.x.x.x" where x.x.x.x was PDC and BDC and had the same results. I have also set the following: unix password sync = Yes passwd program = /usr/bin/passwd %u I don't want anybody to have to do this, since they do not have to do this now (all windoze 2k & NT). There are a lot of users and equally a lot of passwords on the domain and it isn't very efficient to add every user to the Linux box. Is there a way to get around this. Have the Linux server communicate with the PDC or BDC since it is a member of the domain? If that is even possible can I then give joe "read only", jon & art "read & write", and "deny" everybody else access to the "test dir." Need a new email address that people can remember Check out the new EudoraMail at http://www.eudoramail.com -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba 2.2 -> 3.0.0 upgrade: questions + Internet Connection Wizard / Identities
On Fri, 7 Nov 2003 10:38 , Jeff Jones <[EMAIL PROTECTED]> sent: >> Yes. You should have saved the Domain SID before migration, then restored >> it on Samba-3 using the net utility. That way your clients would have been >> quite happy. > > >Ah, ok. Is there a document explaining how to save and restore the SID? I >saved the contents of /etc/samba before performing the upgrade. Can I still >extract the SID and restore it into my Samba 3? I still have some client >boxes I haven't joined to the new domain. > >Is there any other way, at this point, to allow my domain users write access >to their identities / accounts without them being administrators? A way of >moving forward with my new SID? if you still have the old /etc/samba/secret.tdb file, you can grab the SID out of that. > >Why isn't Windows allowing the users access to their internet settings / >identities, even though they're in the new domain and the users' profiles >have been reloaded from the server? Is there any way to fix it? > >Thanks again, >Jeff > > >- Original Message - >From: "John H Terpstra" [EMAIL PROTECTED]> >To: "Jeferee" [EMAIL PROTECTED]> >Cc: [EMAIL PROTECTED]> >Sent: Friday, November 07, 2003 1:15 AM >Subject: Re: [Samba] Samba 2.2 -> 3.0.0 upgrade: questions + Internet >Connection Wizard / Identities > > >> On Thu, 6 Nov 2003, Jeferee wrote: >> >> > Hello, >> > >> > I just upgraded from Samba 2.2.7 to Samba 3.0.0 on RedHat 9. I did this >> > by uninstalling the 2.2.7 samba RPM's and then applying the Samba 3.0.0 >> > RPM from samba.org, then putting my local changes back into smb.conf. >> > I have also migrated my smb users from smbpasswd to tdbsam with the >> > pdbedit utility as discussed in the HOWTO. >> > >> > It seems I have to rejoin my client boxes (windows 2000 pro) to the >> > domain in order to log in, and then I have to blow away my local users >> > on each client machines to allow the roving profiles to be reloaded at >> > login. >> > >> > Also, I have had to add the following to my smb.conf file to use tdbsam >> > successfully. >> > >> > logon home = \\%L\%U >> > logon path = \\%L\%U\profile >> > >> > I had to do this in order to get the correct string to come up in >> > pdbedit -Lv for the "Home Directory" and "Profile Path" variables (the >> > defaults cuased %N to show in place of the server name) - when I used >> > 'smbpasswd' as the backend pdbedit -Lv showed proper values and things >> > worked OK. >> > >> > I also had to mess around a bit with 'net groupmap' modify/list to get >> > the standard Windows groups to map properly to UNIX groups, as discussed >> > in the HOWTO. These seemed to work fine under 2.2.7. >> > >> > Everything seems to work OK now, except for the following problems. >> > Can anyone tell me what I did wrong upgrading with respect to the >> > following 3 issues: >> > >> > 1) I have to rejoin each client Windows 2000 box to the domain or logins >> > fail (says the client is not in the domain) - did the machines' SIDs >> > change for some reason? Server SID? >> >> Yes. You should have saved the Domain SID before migration, then restored >> it on Samba-3 using the net utility. That way your clients would have been >> quite happy. >> >> > >> > 2) I have to blow away local roving profiles, then log in to get the >> > roving profiles to reload from the server - error says the profile for >> > that user already exists on the server, but has the 'wrong security'. >> > Loads temp settings. SID problem? >> >> Correct. See comment for Q1. >> >> > >> > 3) After rejoining and reloading, regular Domain Users do not have the >> > ability to change their Internet Connection Settings - The "Internet >> > Connection Wizard" icon recreates at each login, and when the user tries >> > to access it, they get an access denied error. Changes to internet >> > settings from IE are not recorded, and it complains about 'no >> > identities'. The users are properly listed in the "Domain Users" group. >> > If I put the user (or Domain Users) in the Admininistrator group on the >> > client boxes, he successfully gets his previously set settings (home >> > page, etc) at login. >> >> Yes. Correct. >> >> > Thank you, and great job on 3.0! >> >> Glad to hear that the documentation was useful. Want to send me any >> updates for it? >> >> Cheers, >> John T. >> -- >> John H Terpstra >> Email: [EMAIL PROTECTED] >> >-- >To unsubscribe from this list go to the following URL and read the >instructions: http://lists.samba.org/mailman/listinfo/samba > Prudential Preferred Properties www.prupref.com -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Printing with CUPS
John All built OK. Just a few notes for anyone else needing to do this. There seem to be few rpm's for CUPS post 1.1.17 and those src rpms available led to multiple dependencies. I resorted to building from the current stable release from the cups.org site. I used 1.1.19. Compile and build worked fine though it is not clear that the libcups.so was included (but it was). Recompiling Samba was OK though I needed to --force the install of the rebuild. Now to get the drivers sorted. Thanks for your help. Alan -Original Message- From: John H Terpstra [mailto:[EMAIL PROTECTED] Sent: 07 November 2003 15:42 To: Alan Munday Cc: [EMAIL PROTECTED] Subject: Re: [Samba] Printing with CUPS On Fri, 7 Nov 2003, Alan Munday wrote: > I've just been trying to get my Samba 3.0.0-2 build to work with CUPS. > > The rpm I downloaded from the Samba site was not compiled with CUPS library > support. Which is why I am assuming that having added printing = cups in my > conf file things are not working. > > If I use the source rpm can I force the build to include CUPS library > support ? > > Or do I have to build from scratch? Alan, A few simple steps will get you the results you are after: 1. Install a recent version of CUPS (1.1.18 or later) 2. Make sure that you install the cups-devel package 3. Obtain the Samba-Team samba source RPM 4. Rebuild Samba: Red Hat: rpmbuild --rebuild samba-3.0.0-.src.rpm SuSE: rpm --rebuild samba-3.0.0-.src.rpm The binary RPMs will find their way to: Red Hat: /usr/src/redhat/RPMS/i386 SuSE:/usr/src/packages/RPMS/i386 I hope this helps. - John T. -- John H Terpstra Email: [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] XP logins and Samba-3
Afternoon everyone, I'm running RH 9.0 as a PDC with Samba 3.0. I've set the smb.conf as near identical as I can with my old redhat server, running samba 2.2.7. In the past, we were running W2K desktops/laptops. Mobile users, when not connected to the network, were still able to log into the "domain". Now, we're running XP Pro. When the users log into the network, everything's fine. However, when not connected to the network, the users can't log into the computer under their local, non-roaming profile. The pop-up window tells me the domain is not available. Could this problem be a result of using Samba-3 instead of 2.2.7? If so, does anyone know of a way around this (besides reverting back to the old version of Samba)? Thanks Darin -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba 2.2.3a and Windows Sychronization
This problem with offline sync in 2.2.3a is fixed since samba 2.2.4. DB -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE: [Samba] samba 3011
Thanks guys. Next problem joining the domain went well as per you directions, but when I configure my win2k machine at start up to log on the domain I get this error message " The system can not log you on due to the following error" "A device attached to the system is not functioning please try again or consult your sys admin". If I log chose the "log to this computer " option it works fine I can even browse my home folder on the server. F,Ruiz. -Original Message- From: rruegner [mailto:[EMAIL PROTECTED] Sent: Monday, November 03, 2003 5:14 PM To: Francisco Ruiz; [EMAIL PROTECTED] Subject: Re: [Samba] samba 3011 did you smbpasswd -a ? - Original Message - From: "Francisco Ruiz" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Monday, November 03, 2003 11:38 PM Subject: [Samba] samba 3011 > I've set up my 7.3 RH Linux box with samba 3011 to be the PDC. I'm trying to > get my win2k machine to join that domain and I get " Unknown user name or > bad password" I have already set up the machine account the user name and > password are good. Any Ideas? > > > F,Ruiz. > > -- > To unsubscribe from this list go to the following URL and read the > instructions: http://lists.samba.org/mailman/listinfo/samba > -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba 2.2.3a and Windows Synchronization
On Fri, 7 Nov 2003, BN wrote: > Hello > > I am running SuSE 8.0 and Samba 2.2.3a. I have a laptop that I want to use > offline, and have enabled the synchronization utility in Windows XP. This > works fine with the Windows NT server, but when going offline i get "Access > Denied" trying to open the synchronized versions of the files on the Samba > server. > > Can anyone help me..? You will need to add to your smb.conf file [globals]: log level = 5 log file = /var/log/samba/%m.log max log size = 0 Then try to synchronize the files and see what is reported in the log file produced. - John T. -- John H Terpstra Email: [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Samba 2.2.3a and Windows Synchronization
Hello I am running SuSE 8.0 and Samba 2.2.3a. I have a laptop that I want to use offline, and have enabled the synchronization utility in Windows XP. This works fine with the Windows NT server, but when going offline i get "Access Denied" trying to open the synchronized versions of the files on the Samba server. Can anyone help me..? -- Best Regards, BN - [E A Rosengrens AS] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] File Locking
Hi, I'm running smbd 2.2.8. I'm a little green when it comes to file locking with samba. I have two users that access a single data file on a FreeBSD box. It's a moneydance data file and obviously it gets messed-up if two users are writing to it at the same time. Is there a way with samba to stop a second instance of the file from being opened, something like a "File In Use" message for a user if the file is already in use? Thanks, Robert [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] ODD PAM ERROR
I have set up winbind, made the nsswitch settings, joined the current NT Domain, got back the message that said "Welcome to Domain". When I try to access the PC, it brings up IPC$ and wants a password. The log for that workstation says "PAM: UNKNOWN PAM ERROR (9) during Account Management for User: Domain+USERNAME!" Then it says "PAM: Account Validation Failed - Rejecting User Domain+USERNAME!" Does anyone have any helpful ideas? -- Brandon Lederer Linux Administrator Cashflow Billing Solutions (402) 898-2600 x334 **CONFIDENTIALITY STATEMENT** This e-mail (including attachments) is covered by the Electronic Communications Privacy Act, 18 U.S.C. 2510-2521, is confidential and may be legally privileged. It is intended for the use of the individual or entity to which it is addressed and may contain information that is privileged, confidential, and exempt from disclosure under applicable law. If the reader of this email is not the intended recipient, or agent responsible for delivering or copying of this communication, you are hereby notified that any retention, dissemination, distribution, or copying of this communication is strictly prohibited. If you have received this communication in error, please reply to the sender that you have received the message in error, then delete it. Thank you. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba 2.2 -> 3.0.0 upgrade: questions + Internet Connection Wizard / Identities
On Fri, 7 Nov 2003, Jeff Jones wrote: > > Yes. You should have saved the Domain SID before migration, then restored > > it on Samba-3 using the net utility. That way your clients would have been > > quite happy. > > > Ah, ok. Is there a document explaining how to save and restore the SID? I > saved the contents of /etc/samba before performing the upgrade. Can I still > extract the SID and restore it into my Samba 3? I still have some client > boxes I haven't joined to the new domain. The SID is stored in the secrets.tdb file. If your server name is the same as it was on the 2.2.x configuration, then you can shutdown your samba, save all /etc/samba files and the tdb files in the cache area, replace secrets.tdb and smb.conf, start samba and then use the "net" utility to get the SID. I know this is messy, but it saves the need to go back to the old version. Of course, you will then need to stop samba and restore the new files. Then you can change the SID using the "net" utility. > Is there any other way, at this point, to allow my domain users write access > to their identities / accounts without them being administrators? A way of > moving forward with my new SID? You can use the "profiles" tool to replace the old SID in the profiles with the new domain SID. > Why isn't Windows allowing the users access to their internet settings / > identities, even though they're in the new domain and the users' profiles > have been reloaded from the server? Is there any way to fix it? Sorry. You'd need to provide more information on this. Best to debug what is happening. I do not have time to help with that right now. - John T. > > Thanks again, > Jeff > > > - Original Message - > From: "John H Terpstra" <[EMAIL PROTECTED]> > To: "Jeferee" <[EMAIL PROTECTED]> > Cc: <[EMAIL PROTECTED]> > Sent: Friday, November 07, 2003 1:15 AM > Subject: Re: [Samba] Samba 2.2 -> 3.0.0 upgrade: questions + Internet > Connection Wizard / Identities > > > > On Thu, 6 Nov 2003, Jeferee wrote: > > > > > Hello, > > > > > > I just upgraded from Samba 2.2.7 to Samba 3.0.0 on RedHat 9. I did this > > > by uninstalling the 2.2.7 samba RPM's and then applying the Samba 3.0.0 > > > RPM from samba.org, then putting my local changes back into smb.conf. > > > I have also migrated my smb users from smbpasswd to tdbsam with the > > > pdbedit utility as discussed in the HOWTO. > > > > > > It seems I have to rejoin my client boxes (windows 2000 pro) to the > > > domain in order to log in, and then I have to blow away my local users > > > on each client machines to allow the roving profiles to be reloaded at > > > login. > > > > > > Also, I have had to add the following to my smb.conf file to use tdbsam > > > successfully. > > > > > > logon home = \\%L\%U > > > logon path = \\%L\%U\profile > > > > > > I had to do this in order to get the correct string to come up in > > > pdbedit -Lv for the "Home Directory" and "Profile Path" variables (the > > > defaults cuased %N to show in place of the server name) - when I used > > > 'smbpasswd' as the backend pdbedit -Lv showed proper values and things > > > worked OK. > > > > > > I also had to mess around a bit with 'net groupmap' modify/list to get > > > the standard Windows groups to map properly to UNIX groups, as discussed > > > in the HOWTO. These seemed to work fine under 2.2.7. > > > > > > Everything seems to work OK now, except for the following problems. > > > Can anyone tell me what I did wrong upgrading with respect to the > > > following 3 issues: > > > > > > 1) I have to rejoin each client Windows 2000 box to the domain or logins > > > fail (says the client is not in the domain) - did the machines' SIDs > > > change for some reason? Server SID? > > > > Yes. You should have saved the Domain SID before migration, then restored > > it on Samba-3 using the net utility. That way your clients would have been > > quite happy. > > > > > > > > 2) I have to blow away local roving profiles, then log in to get the > > > roving profiles to reload from the server - error says the profile for > > > that user already exists on the server, but has the 'wrong security'. > > > Loads temp settings. SID problem? > > > > Correct. See comment for Q1. > > > > > > > > 3) After rejoining and reloading, regular Domain Users do not have the > > > ability to change their Internet Connection Settings - The "Internet > > > Connection Wizard" icon recreates at each login, and when the user tries > > > to access it, they get an access denied error. Changes to internet > > > settings from IE are not recorded, and it complains about 'no > > > identities'. The users are properly listed in the "Domain Users" group. > > > If I put the user (or Domain Users) in the Admininistrator group on the > > > client boxes, he successfully gets his previously set settings (home > > > page, etc) at login. > > > > Yes. Correct. > > > > > Thank you, and great job on 3.0! > > > > Glad to hear that the documentation was useful. Want
[Samba] (no subject)
-- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] pam_krb5.so in pam.d/login
Does using the pam_krb module give the authenticated user a valid kerberoes ticket upon loggin into the domain? Instead of doing kinit from the shell? Tim On Tue, 2003-11-04 at 10:53, Thron Havens wrote: > I know what everyone is busy and there are a lot of requests here but can > someone give me any ideas why I can't get private shares to work? Right now > I get prompted with a logon and password but I cannot connect. Under my > share config I have used "user(s) = user-name" valid users = user-name" and > "username = user-name" None of them will let me in. > > > > I'm running samba 2.5 on a FreeBSD box using winbind to do authentication > with my PDC/BDC and I'm able to configure global shares that everyone on the > NT network can access. > > > > SMB.conf > > workgroup = domain-name > > netbios name = comp-name > > server string = comp-name > > security = domain > > log file = /var/log/sambalog.%m > > encrypt passwords = yes > > local master = no > > os level = 0 > > domain master = no > > preferred master = no > > wins support = no > > wins server = 0.0.0.0 > > wins proxy = no > > dns proxy = no > > log level = 3 > > max log size = 1 > > load printers = no > > > > > > winbind uid = 1-2 > > winbind gid = 1-2 > > winbind enum users = yes > > winbind enum groups = yes > > winbind separator = . > > winbind use default domain = yes > > template homedir = /usr/share/%U > > template shell = /bin/false > > password server = * > > name resolve order = hosts lmhosts wins bcast > > nt acl support = yes > > > > [share] > > comment = temporary file space > > path = path > > browsable = yes > > read only = no > > public = yes > > printable = no > > writeable = yes > > > > [temp] > > comment = another share > > path = /usr/report > > username = user-name > > browsable = yes > > read only = no > > #public = yes > > printable = no > > writeable = yes > > > > Pam.conf > > auth requiredpam_nologin.so > no_warn > > auth sufficient pam_winbind.so > > auth sufficient pam_opie.so > no_warn no_fake_prompts > > auth requisitepam_opieaccess.sono_warn > allow_local > > #authsufficient pam_krb5.so > no_warn try_first_pass > > #authsufficient pam_ssh.so > no_warn try_first_pass > > auth requiredpam_unix.so > no_warn try_first_pass > > > > # account > > #account requiredpam_krb5.so > > account sufficient pam_winbind.so > > account requiredpam_unix.so > > > > # session > > #session optional pam_ssh.so > > session requiredpam_permit.so > > > > # password > > password requiredpam_permit.so > > > > > > Thanks > > > > Thron > > -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] File Locking
Hi, I'm running smbd 2.2.8. I'm a little green when it comes to file locking with samba. I have two users that access a single data file on a FreeBSD box. It's a moneydance data file and obviously it gets messed-up if two users are writing to it at the same time. Is there a way with samba to stop a second instance of the file from being opened, something like a "File In Use" message for a user if the file is already in use? Thanks, Robert [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba 2.2 -> 3.0.0 upgrade: questions + Internet Connection Wizard / Identities
> Yes. You should have saved the Domain SID before migration, then restored > it on Samba-3 using the net utility. That way your clients would have been > quite happy. Ah, ok. Is there a document explaining how to save and restore the SID? I saved the contents of /etc/samba before performing the upgrade. Can I still extract the SID and restore it into my Samba 3? I still have some client boxes I haven't joined to the new domain. Is there any other way, at this point, to allow my domain users write access to their identities / accounts without them being administrators? A way of moving forward with my new SID? Why isn't Windows allowing the users access to their internet settings / identities, even though they're in the new domain and the users' profiles have been reloaded from the server? Is there any way to fix it? Thanks again, Jeff - Original Message - From: "John H Terpstra" <[EMAIL PROTECTED]> To: "Jeferee" <[EMAIL PROTECTED]> Cc: <[EMAIL PROTECTED]> Sent: Friday, November 07, 2003 1:15 AM Subject: Re: [Samba] Samba 2.2 -> 3.0.0 upgrade: questions + Internet Connection Wizard / Identities > On Thu, 6 Nov 2003, Jeferee wrote: > > > Hello, > > > > I just upgraded from Samba 2.2.7 to Samba 3.0.0 on RedHat 9. I did this > > by uninstalling the 2.2.7 samba RPM's and then applying the Samba 3.0.0 > > RPM from samba.org, then putting my local changes back into smb.conf. > > I have also migrated my smb users from smbpasswd to tdbsam with the > > pdbedit utility as discussed in the HOWTO. > > > > It seems I have to rejoin my client boxes (windows 2000 pro) to the > > domain in order to log in, and then I have to blow away my local users > > on each client machines to allow the roving profiles to be reloaded at > > login. > > > > Also, I have had to add the following to my smb.conf file to use tdbsam > > successfully. > > > > logon home = \\%L\%U > > logon path = \\%L\%U\profile > > > > I had to do this in order to get the correct string to come up in > > pdbedit -Lv for the "Home Directory" and "Profile Path" variables (the > > defaults cuased %N to show in place of the server name) - when I used > > 'smbpasswd' as the backend pdbedit -Lv showed proper values and things > > worked OK. > > > > I also had to mess around a bit with 'net groupmap' modify/list to get > > the standard Windows groups to map properly to UNIX groups, as discussed > > in the HOWTO. These seemed to work fine under 2.2.7. > > > > Everything seems to work OK now, except for the following problems. > > Can anyone tell me what I did wrong upgrading with respect to the > > following 3 issues: > > > > 1) I have to rejoin each client Windows 2000 box to the domain or logins > > fail (says the client is not in the domain) - did the machines' SIDs > > change for some reason? Server SID? > > Yes. You should have saved the Domain SID before migration, then restored > it on Samba-3 using the net utility. That way your clients would have been > quite happy. > > > > > 2) I have to blow away local roving profiles, then log in to get the > > roving profiles to reload from the server - error says the profile for > > that user already exists on the server, but has the 'wrong security'. > > Loads temp settings. SID problem? > > Correct. See comment for Q1. > > > > > 3) After rejoining and reloading, regular Domain Users do not have the > > ability to change their Internet Connection Settings - The "Internet > > Connection Wizard" icon recreates at each login, and when the user tries > > to access it, they get an access denied error. Changes to internet > > settings from IE are not recorded, and it complains about 'no > > identities'. The users are properly listed in the "Domain Users" group. > > If I put the user (or Domain Users) in the Admininistrator group on the > > client boxes, he successfully gets his previously set settings (home > > page, etc) at login. > > Yes. Correct. > > > Thank you, and great job on 3.0! > > Glad to hear that the documentation was useful. Want to send me any > updates for it? > > Cheers, > John T. > -- > John H Terpstra > Email: [EMAIL PROTECTED] > -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Outlook + attached files
i understand it this way, network is a win domain with win server, smb as fileserver connected there is an exchange server. if users open outlook and attach a file which is in smb fileserver and dont send at once, i.e. they write big mails which take time, the attachment brakes ( is not longer avialiable in outlook) but can reattached any time ,this works fine if the files are on a win server ( so has to do with smb) if the user want to send , i guess it is a timeout problem , outlook is preparing the attached file in tmp file etc something like this it is an interesting thing to debug - Original Message - From: "Jeremy Allison" <[EMAIL PROTECTED]> To: "Chris Jones" <[EMAIL PROTECTED]> Cc: "'rruegner'" <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]> Sent: Friday, November 07, 2003 6:28 PM Subject: Re: [Samba] Outlook + attached files > On Fri, Nov 07, 2003 at 10:33:49AM -0600, Chris Jones wrote: > > Problem only started occuring when their files got moved onto the new samba > > fileserver and its not just effecting one user but all that are on the new > > server. People still on old windows fileserver are uneffected. > > What exactly is the difference in behaviour in between the > Samba served outlook and the Windows served one. I'm trying > to understand the problem here. > > Jeremy. > > -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Outlook + attached files
i guess now that outlook moves attached files in kind of tmp folder if it stays to long open the connect brakes. i have to read a little bout the problem to give a better answer, but i think must be a kind of timeout - Original Message - From: "Chris Jones" <[EMAIL PROTECTED]> To: "'rruegner'" <[EMAIL PROTECTED]>; "Chris Jones" <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]> Sent: Friday, November 07, 2003 5:33 PM Subject: RE: [Samba] Outlook + attached files > Problem only started occuring when their files got moved onto the new samba > fileserver and its not just effecting one user but all that are on the new > server. People still on old windows fileserver are uneffected. > > -Original Message- > From: rruegner [mailto:[EMAIL PROTECTED] > Sent: Friday, November 07, 2003 10:05 AM > To: Chris Jones; [EMAIL PROTECTED] > Subject: Re: [Samba] Outlook + attached files > > > hi, sounds mor like a problem of outlook which version do you use, have you > looked > at technet if ms knows your failure, > do a test with a file stored on a networked windows client, > if you have same failure here its outlook > Regards > - Original Message - > From: "Chris Jones" <[EMAIL PROTECTED]> > To: <[EMAIL PROTECTED]> > Sent: Friday, November 07, 2003 4:14 PM > Subject: [Samba] Outlook + attached files > > > > I am not sure where to begin to look into how to solve this problem. > > > > I've setup a samba 3.0.0 Fileserver moved all of my users files over to > it, > > works great thanks developers=). I've encountered a few documented > problems > > such as the Excel saving over another file thing(already been patched I > > belive). And a few I can't find anything on. > > > > One specifically is causing me some grief. We use exchange in our > > organization, outlook is the email client. If a user attaches a file and > > that email sits around for a while, say they attach the file first then > > write a 10 page email, it some how causes outlook to go berserk and won't > > let you do anything with the email (send, save, delete). If they attach > the > > files and send it right away it works fine, its only if the file has been > > attached for a while. I've found that when it goes berserk I need only > > remove the attachment and reattach the file to get it back to normal > > functionality. I've glanced over the section on Oplocks and I'm not sure > if > > I'm looking in the right direction. The files being attached are from the > > home shares in which case the user is the only one with access to the > file. > > We do use an active virus scanner that has not caused any issues in the > past > > but just something of mention. I'm not sure if I should continue to look > > into oplocks or am I even thinking in the right direction? Below is my > > smb.conf. > > > > Thanks > > Chris > > > > # Global parameters > > [global] > > unix charset = CP850 > > workgroup = workgroup > > realm = workgroup.COM > > netbios aliases = fileserver > > server string = Samba Server %v > > security = ADS > > log file = /var/log/samba/log.%m > > max log size = 50 > > max xmit = 65535 > > socket options = TCP_NODELAY SO_RCVBUF=16384 SO_SNDBUF=16384 > > printcap name = lpstat > > os level = 33 > > preferred master = No > > dns proxy = No > > wins server = > > ldap passwd sync = Yes > > idmap uid = 1-2 > > idmap gid = 1-2 > > template homedir = /home/users/%U > > template shell = /bin/bash > > winbind separator = + > > read only = No > > printing = cups > > > > [homes] > > comment = Home Directories > > browseable = No > > directory mask = 0775 > > -- > > To unsubscribe from this list go to the following URL and read the > > instructions: http://lists.samba.org/mailman/listinfo/samba > > > > -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] File/Folder Synchronization Access Failure Pblm
I have read through the archives, and found 1 other posting with this specific problem. I have a laptop runnin Win 2k Pro, and a server running RH 9, with the latest Samba 2.x installed. I have it configured and I can map a network drive and configure it for offline access without a problem. I have no problem accessing the files offline, but when I log back into the network, the synchronization tells me that access is denied to the files that have changes. I have set the permissions on the file (temporarily) to 777 with the same result. has anyone else encountered/fixed this problem? thanks in advance, Lynch -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Outlook + attached files
The problem is just with an attached file from the samba server. If the email with the attached file is left open for a period of time( I havn't been able to determin exactly how long) It causes the outlook message to behave abnormally in the sense that if you try to save a draft message, send the message or delete the message It produces an error that says something along the lines of Outlook has performed an illegal operation. But its not the usual illegal opperation error, just a small box with an ok that you can click ok and go back to the message. It will continue to do this until you remove the attachment and reattach it. It only occures with files served from the Samba server, which is why I'm askin what to look at to try to resolve the problem. Log files for the users computer all are normal, nothing out of the ordinary. I've read through the section on Oplocks and am still grasping how they work, Do you think they could be at all related? Would shutting off Oplocks potentially help or would it cause more problems. Am I even barking up the right tree? Since its related to period of time a user leaves the message with attachment open is there anyway I can try to log this, if so what would I look for in the logs? Thanks Chris -Original Message- From: Jeremy Allison [mailto:[EMAIL PROTECTED] Sent: Friday, November 07, 2003 11:29 AM To: Chris Jones Cc: 'rruegner'; [EMAIL PROTECTED] Subject: Re: [Samba] Outlook + attached files On Fri, Nov 07, 2003 at 10:33:49AM -0600, Chris Jones wrote: > Problem only started occuring when their files got moved onto the new samba > fileserver and its not just effecting one user but all that are on the new > server. People still on old windows fileserver are uneffected. What exactly is the difference in behaviour in between the Samba served outlook and the Windows served one. I'm trying to understand the problem here. Jeremy. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] User Logon Problem
I have a Samba 3.0 PDC talking to an LDAP server, but I can't get a user to log in on a Windows 2000 client. I see this in the log file: [2003/11/07 11:37:20, 1] auth/auth_util.c:make_server_info_sam(818) User tester in passdb, but getpwnam() fails! [2003/11/07 11:37:20, 0] auth/auth_sam.c:check_sam_security(459) check_sam_security: make_server_info_sam() failed with 'NT_STATUS_NO_SUCH_USER' So the user is found in the LDAP database, but there's obviously something else that needs to be done. I checked the web, but the only case where this was mentioned didn't provide much information. How do I solve this problem? Rob -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Outlook + attached files
On Fri, Nov 07, 2003 at 10:33:49AM -0600, Chris Jones wrote: > Problem only started occuring when their files got moved onto the new samba > fileserver and its not just effecting one user but all that are on the new > server. People still on old windows fileserver are uneffected. What exactly is the difference in behaviour in between the Samba served outlook and the Windows served one. I'm trying to understand the problem here. Jeremy. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: Réf. : [Samba] Net groupmap fails
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Kent L. Nasveschuk wrote: | Did run a lower debug level -d 2 which gave me a clue that there was no | objectclass sambaGroupMapping. There shoudl be no match it you haven't added a group mapping entry. You've bypassed the problem but not helped me to figure out why it was failing in this place. cheers, jerry - -- ~ -- ~ Hewlett-Packard- http://www.hp.com ~ SAMBA Team -- http://www.samba.org ~ GnuPG Key http://www.plainjoe.org/gpg_public.asc ~ "If we're adding to the noise, turn off this song" --Switchfoot (2003) -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.1 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQE/q9GYIR7qMdg1EfYRAoGjAJ4xKnOC12vNc8Ylr5Sg9p6ANXL6RwCfVSR+ HvFxGmmg90drgJGAoeUEz4o= =e+IK -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] samba + user/host authentification
hi, i'm using suse 7.3 with samba 2.2.8 as PDC and openldap for authentification in network with wfw-, winnt-, w2k-clients. everything works fine. because not every client has the same configuration (same progs, same path's, hardware...), i got problems, if a user dosn't login from his ordinary workstation, his roaming-profile doesn't work fine. now, how can i force users only login from special machines (only to machines which have the same installation). example: userA only login to ms-workstion1 userBlogin to ms-ws1,ms-ws2 userClogin to ms-ws3,ms--ws4 userD only login to ms-ws4 i tried to configure a user restriction about PAM with 'pam_access.so' in /etc/pam.d/samba and its config file 'access.conf', but it didn't work. but restrictions for login,ssh, ftp etc. via PAM and 'pam_access.so' works. maybe i have to set some values for the users in LDAP, but i don't know what. the answer is probable quit easy, but i've got no more ideas. any ideas, many thanks. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: Réf. : [Samba] Net groupmap fails
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 John H Terpstra wrote: |>Does matter here. net group map doesn't run them and this was supposed to "does not". Sorry for the typo. |>for you anyways. And in this case the group already |>existed. | | | It matters if you do a "net rpc vampire", which does | call the "add X scripts". Right. I know this. I've worked on that code a fair amount. :-) But that is not what we are doing here. Let's not confuse the issue. | Please note that I specifically said that the "groupadd" | utility does not permit uppercase of spaces. Linux works | fine with groups that have up to 32 characters, even | with uppercase and spaces. ok. but i'll point out that you are confusing the issue again. Let's stay on topic here. We are dealing with ldap posixGroups here. ciao, jerry - -- ~ -- ~ Hewlett-Packard- http://www.hp.com ~ SAMBA Team -- http://www.samba.org ~ GnuPG Key http://www.plainjoe.org/gpg_public.asc ~ "If we're adding to the noise, turn off this song" --Switchfoot (2003) -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.1 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQE/q8r2IR7qMdg1EfYRApYDAJwNkDvotJj3bjAufwtp4vZ+LbOXSwCZAYg9 e+k0mFmgYx3mse2+80NmWmA= =q3hV -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: Réf. : [Samba] Net groupmap fails
Did run a lower debug level -d 2 which gave me a clue that there was no objectclass sambaGroupMapping. Kent On Fri, 2003-11-07 at 11:09, Gerald (Jerry) Carter wrote: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA1 > > John H Terpstra wrote: > > |>Should work as far as I can tell. try running > |> > |>~ net groupmap add ntgroup="Domain Admins" \ > |>~ unixgroup="Domain Admins" rid=512 --debuglevel=10 > |> > |>and see if you get any clues. > | > | > | Hint: Make sure that you have all your "add scripts" > | in place. Also, make sure that these scripts can handle > | object names that have > upper case characters and/or > | spaces in them. > > Does matter here. net group map doesn't run them > for you anyways. And in this case the group already > existed. > > | PS: groupadd does NOT permit spaces or upper case > | characters in a group name. > > In the unix group name? or the nt group name? > I know the ntgroup name is fine. If the unix group > name won't accept spaces, then this is a bug. > (which is why I asked for a log to start with). > > > > > ciao, jerry > - -- > ~ -- > ~ Hewlett-Packard- http://www.hp.com > ~ SAMBA Team -- http://www.samba.org > ~ GnuPG Key http://www.plainjoe.org/gpg_public.asc > ~ "If we're adding to the noise, turn off this song" --Switchfoot (2003) > -BEGIN PGP SIGNATURE- > Version: GnuPG v1.2.1 (GNU/Linux) > Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org > > iD8DBQE/q8OvIR7qMdg1EfYRAsyGAKDtVsl4h/vIi+E1ZuMjuV368esfwwCgxZ8W > gDyTYIou+TeI+46od+gdbxU= > =YkeB > -END PGP SIGNATURE- -- Kent L. Nasveschuk <[EMAIL PROTECTED]> -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Outlook + attached files
Problem only started occuring when their files got moved onto the new samba fileserver and its not just effecting one user but all that are on the new server. People still on old windows fileserver are uneffected. -Original Message- From: rruegner [mailto:[EMAIL PROTECTED] Sent: Friday, November 07, 2003 10:05 AM To: Chris Jones; [EMAIL PROTECTED] Subject: Re: [Samba] Outlook + attached files hi, sounds mor like a problem of outlook which version do you use, have you looked at technet if ms knows your failure, do a test with a file stored on a networked windows client, if you have same failure here its outlook Regards - Original Message - From: "Chris Jones" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Friday, November 07, 2003 4:14 PM Subject: [Samba] Outlook + attached files > I am not sure where to begin to look into how to solve this problem. > > I've setup a samba 3.0.0 Fileserver moved all of my users files over to it, > works great thanks developers=). I've encountered a few documented problems > such as the Excel saving over another file thing(already been patched I > belive). And a few I can't find anything on. > > One specifically is causing me some grief. We use exchange in our > organization, outlook is the email client. If a user attaches a file and > that email sits around for a while, say they attach the file first then > write a 10 page email, it some how causes outlook to go berserk and won't > let you do anything with the email (send, save, delete). If they attach the > files and send it right away it works fine, its only if the file has been > attached for a while. I've found that when it goes berserk I need only > remove the attachment and reattach the file to get it back to normal > functionality. I've glanced over the section on Oplocks and I'm not sure if > I'm looking in the right direction. The files being attached are from the > home shares in which case the user is the only one with access to the file. > We do use an active virus scanner that has not caused any issues in the past > but just something of mention. I'm not sure if I should continue to look > into oplocks or am I even thinking in the right direction? Below is my > smb.conf. > > Thanks > Chris > > # Global parameters > [global] > unix charset = CP850 > workgroup = workgroup > realm = workgroup.COM > netbios aliases = fileserver > server string = Samba Server %v > security = ADS > log file = /var/log/samba/log.%m > max log size = 50 > max xmit = 65535 > socket options = TCP_NODELAY SO_RCVBUF=16384 SO_SNDBUF=16384 > printcap name = lpstat > os level = 33 > preferred master = No > dns proxy = No > wins server = > ldap passwd sync = Yes > idmap uid = 1-2 > idmap gid = 1-2 > template homedir = /home/users/%U > template shell = /bin/bash > winbind separator = + > read only = No > printing = cups > > [homes] > comment = Home Directories > browseable = No > directory mask = 0775 > -- > To unsubscribe from this list go to the following URL and read the > instructions: http://lists.samba.org/mailman/listinfo/samba > -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: Réf. : [Samba] Net groupmap fails
When I ran smbldap_populate.pl the objectclass sambaGroupMapping was not present.I don't know if it is supposed to be created or not but when I used ldapmodify with and a file that contained: dn: cn=Domain Admins,ou=Groups,o=30GreatNeck,dc=home,dc=net add: objectclass objectclass: sambaGroupMapping sambaSID: S-1-5-21-739112995-4084651483-89095900-512 sambaGroupType: 2 Now when I run net groupmap list I get Domain Admins (S-1-5-21...512) => 512 Guess I will have to do that with all of the groups created by smbldap-populate.pl. found at archive: http://www.mail-archive.com/[EMAIL PROTECTED]/msg21134.html Am I doing this right? On Fri, 2003-11-07 at 10:31, Gerald (Jerry) Carter wrote: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA1 > > Kent L. Nasveschuk wrote: > > | [EMAIL PROTECTED]:~# /usr/local/samba/bin/net groupmap add ntgroup="Domain > | Admins" unixgroup="Domain Admins" rid=512 > | Can't lookup UNIX group Domain Admins > | > | Is there something with initial compiling samba 3.0.0 that would disable > | this? All the documentation that I've seen makes it look so easy, but I > | can't get it to work. > > Should work as far as I can tell. try running > > ~ net groupmap add ntgroup="Domain Admins" \ > ~ unixgroup="Domain Admins" rid=512 --debuglevel=10 > > and see if you get any clues. > > > > cheers, jerry > - -- > ~ -- > ~ Hewlett-Packard- http://www.hp.com > ~ SAMBA Team -- http://www.samba.org > ~ GnuPG Key http://www.plainjoe.org/gpg_public.asc > ~ "You can never go home again, Oatman, but I guess you can shop there." > ~--John Cusack - "Grosse Point Blank" (1997) > > -BEGIN PGP SIGNATURE- > Version: GnuPG v1.2.1 (GNU/Linux) > Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org > > iD8DBQE/q7rgIR7qMdg1EfYRApNLAJ9Vl+zRDF6dcF/ILcLBXx1KUyEniQCg2jm8 > awcVVG2Haash31wV5FKIRvo= > =AzvU > -END PGP SIGNATURE- -- Kent L. Nasveschuk <[EMAIL PROTECTED]> -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Cannot join domain: unable to find suitable driver
Hi everybody! I just installed the latest samba release, I'm trying to attach it to a Win2K based domain, I'm guiding myself with samba-howto collection, more accurate..with chapter 21 winbind: use of domain accounts. In the point 21.5.3.4: Join the samba server to the pdc domain I execute in the command line the following: root#:/usr/local/samba/bin/net rpc join -S PDC -U and I get the following error: "Unable to find a suitable driver" Already modified the smb.conf file and the krb5.conf file. Any idea that must generating this error? -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: Réf. : [Samba] Net groupmap fails
On Fri, 7 Nov 2003, Gerald (Jerry) Carter wrote: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA1 > > John H Terpstra wrote: > > |>Should work as far as I can tell. try running > |> > |>~ net groupmap add ntgroup="Domain Admins" \ > |>~ unixgroup="Domain Admins" rid=512 --debuglevel=10 > |> > |>and see if you get any clues. > | > | > | Hint: Make sure that you have all your "add scripts" > | in place. Also, make sure that these scripts can handle > | object names that have > upper case characters and/or > | spaces in them. > > Does matter here. net group map doesn't run them > for you anyways. And in this case the group already > existed. It matters if you do a "net rpc vampire", which does call the "add X scripts". > | PS: groupadd does NOT permit spaces or upper case > | characters in a group name. > > In the unix group name? or the nt group name? > I know the ntgroup name is fine. If the unix group > name won't accept spaces, then this is a bug. > (which is why I asked for a log to start with). Please note that I specifically said that the "groupadd" utility does not permit uppercase of spaces. Linux works fine with groups that have up to 32 characters, even with uppercase and spaces. It is the "groupadd" utility that is broken in Linux distributions. This utility is part of the shadow-utils package.I wrote to the maintainer a long time back but have not had any reply. I also tried to pursue this through other avenues who simply told me to "suck it up - lower case is the UNIX way!". :) Go figure! - John T. -- John H Terpstra Email: [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Samba <- Winbind -> Windows 2003 ADS Questions
Hi everyone, I'm relatively new to Samba - at least for more in-depth installations. Big Thank-You from my company to the brilliant developers responsible for this software. We have our Samba server integrated with our Windows 2003 AD domain users via Winbind - a working installation with some issues described below. getent passwd works as the many docs show (one entry below): MYCOMPANY+jsmith:x:10890:1:John Smith:/home/MYCOMPANY/jsmith:/bin/bash When logged on to a Windows XP machine as MYCOMPANY\jsmith and attempting to connect to the smith share, access is denied. A check of the logs with level=10 shows that XP is passing MYCOMPANY.ORG+jsmith, and I'm therefore required to use the format MYCOMPANY.ORG+jsmith as a valid user. This is inconsistent with the various documents I've seen on the procedure which show the format for valid users as MYCOMPANY+jsmith Additionally, I'm trying to set up home directories on this Samba box, and so I had to create a directory: /home/MYCOMPANY.ORG/jsmith (note my smb.conf entry: template homedir = /home/%D/%U)You'll note from the 'getent passwd' output above that the home is actually listed as /home/MYCOMPANY/jsmith. So, the result is that if I log into the console as MYCOMPANY+jsmith , it looks for /home/MYCOMPANY/jsmith, and if I connect to the homes share via Samba, it looks for /home/MYCOMPANY.ORG/jsmith . Not the way I'd like it to be. I've been through various documentation sources (my desk is quite out of control with Samba docs), so I apologize if a reason and solution is clearly documented somewhere. I spent the last hour searching and I cannot find a solution. Perhaps someone here can assist me. Many Thanks, Kel Way Samba 3 from source (latest as of yesterday) krb5-1.3.1-6 openldap-2.1.22-6 Fedora Core .95 Severn krb.conf: [logging] default = FILE:/var/log/krb5libs.log kdc = FILE:/var/log/krb5kdc.log admin_server = FILE:/var/log/kadmind.log [libdefaults] ticket_lifetime = 24000 default_realm = MYCOMPANY.ORG default_tgs_enctypes = des-cbc-md5 default_tkt_enctypes = des-cbc-md5 forwardable = true proxiable = true dns_lookup_realm = true dns_lookup_kdc = true [realms] MYCOMPANY.ORG = { kdc = nash-dc-01.mycompany.org:88 admin_server = nash-dc-01.mycompany.org:749 default_domain = mycompany.org } [domain_realm] .mycompany.org = MYCOMPANY.ORG mycompany.org = MYCOMPANY.ORG [kdc] profile = /var/kerberos/krb5kdc/kdc.conf [appdefaults] pam = { debug = false ticket_lifetime = 36000 renew_lifetime = 36000 forwardable = true krb4_convert = false } Snip from smb.conf: [global] log level = 10 realm = MYCOMPANY.ORG security = ADS encrypt passwords = yes workgroup = MYCOMPANY password server = nash-dc-01.mycompany.org # winbind config winbind separator = + idmap uid = 1-2 idmap gid = 1-2 winbind enum users = yes winbind enum groups = yes template homedir = /home/%D/%U template shell = /bin/bash #client use spnego = yes #winbind use default domain = yes server string = Nashville File and Print Server log file = /var/log/samba/%m.log # Put a capping on the size of the log files (in Kb). max log size = 50 socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 local master = no wins server = 209.93.144.12 dns proxy = no [homes] comment = Home Directories browseable = no writable = yes create mask = 0700 [myshare] comment = Mary's and Fred's stuff path = /maryfred valid users = MYCOMPANY.ORG+jsmith public = no writable = yes printable = no create mask = 0765 -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba 3.0.1pre1 winbind / getent problems
Selon Buchan Milne <[EMAIL PROTECTED]>: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA1 > > > > Date: Wed, 5 Nov 2003 21:48:18 +0100 > > From: Thomas Sillard <[EMAIL PROTECTED]> > > Subject: [Samba] Samba 3.0.1pre1 winbind / getent problems > > To: [EMAIL PROTECTED] > > Message-ID: <[EMAIL PROTECTED]> > > Content-Type: text/plain; charset="us-ascii" > > > > Hi, > > > > I've got some problems with winbind and ADS Domain Membership stuff. > > I've joined the domain without problems with "kinit [EMAIL PROTECTED]" and > > "net ads join", i can see the machine account in AD with ldapbrowser. > > Klist give me three tickets, as say in the documentation, OK. > > I created the idmap entry in my openldap (with samba3 schema), OK. > > I've set the ldap admin password in the secrets.tdb, OK (ldap idmap). > > Starting service smb3, OK. > > Starting service winbind3, OK. > > wbinfo -u and wbinfo - g give me the list of users and groups correctly, > > wbinfo -a user%passord works fine, OK. > > > > BUT > > > > When i try a "getent passwd" or "getent group", i don't have the windows > > users. I can't see or connect to the shares on the linux box with > windows file > > explorer (it prompts me a user/password). It works fine with samba > 2.2.7a. > > I've installed the samba3 mandrake package, wich suffixes all libs and > > executables with the samba version's number (eg. for libnss_winbind.so -> > > libnss_winbind3.so, smbpasswd -> smbpasswd3). > > Only the default packages. Since you're running on 9.1, you either are > running cooker packages on 9.1 (not suggested, since cooker/9.2 have > openldap-2.1.x and kerberos 1.3.x) or you rebuilt the SRPM. > I'm running 9.1 with openldap-2.0.27 and kerberos-1.2.7. Will it be better with openldap-2.1.x and kerberos-1.3.x ? > If you rebuilt the SRPM, you might as well add the '--with system' > switch when you build it, and you will get 'samba-3.0.1' packages > without suffixes. > Ok, great, i'll try to rebuild with "--with system" to replace the 2.2.7 packages with the 3.0.1pre1. > > > > What's the problem ? Where is my error ? Is the mdk version suffixing > > can be the source of the problem ? > > I am quite sure I tested this, and that it worked, but that was quite a > while ago, and I didn't have much time availble to test it then. If it > doesn't work for you, I can introduce alternatives for the winbind files > (as we have on 9.2 for the client binaries). > It works now with a ln -s /lib/libnss_winbind3.so /lib/libnss_winbind.so.2 and a ldconfig after. "ldap idmap backend" works fine also and i can share the ldap idmap database with my two samba servers (same ids on the two boxes, a RH7.3 and MDK 9.1). The only problem now is that my log files (with log level = 1 in smb.conf) are full of lines like these : nov 7 15:27:24 smb1 winbindd[17179]: [2003/11/07 15:27:24, 0] nsswitch/winbindd.c:process_loop(715) nov 7 15:27:24 smb1 winbindd[17179]: process_loop: Invalid request size from pid 17533: 1304 bytes sent, should be 1568 What's this ? > Unfortunately I don't have a production AD network to test on, so any > feedback on improvements to the Mandrake packages with regard to winbind > would be appreciated (and any other aspects, but I have two samba+ldap > networks, one currently running 2.2.8a and one running 3.0.1pre1). > > Regards, > Buchan > > - -- > |--Another happy Mandrake Club member--| > Buchan MilneMechanical Engineer, Network Manager > Cellphone * Work+27 82 472 2231 * +27 21 8828820x202 > Stellenbosch Automotive Engineering http://www.cae.co.za > GPG Key http://ranger.dnsalias.com/bgmilne.asc > 1024D/60D204A7 2919 E232 5610 A038 87B1 72D6 AC92 BA50 60D2 04A7 > -BEGIN PGP SIGNATURE- > Version: GnuPG v1.2.3 (GNU/Linux) > Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org > > iD8DBQE/q7iSrJK6UGDSBKcRAo/iAKCX3vLJUzKqvk/+PoqjSNV/dGbygwCeITy0 > 5D6rU06FJbb4ZtaxEsZhdMU= > =mz26 > -END PGP SIGNATURE- > > -- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: Réf. : [Samba] Net groupmap fails
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 John H Terpstra wrote: |>Should work as far as I can tell. try running |> |>~ net groupmap add ntgroup="Domain Admins" \ |>~ unixgroup="Domain Admins" rid=512 --debuglevel=10 |> |>and see if you get any clues. | | | Hint: Make sure that you have all your "add scripts" | in place. Also, make sure that these scripts can handle | object names that have > upper case characters and/or | spaces in them. Does matter here. net group map doesn't run them for you anyways. And in this case the group already existed. | PS: groupadd does NOT permit spaces or upper case | characters in a group name. In the unix group name? or the nt group name? I know the ntgroup name is fine. If the unix group name won't accept spaces, then this is a bug. (which is why I asked for a log to start with). ciao, jerry - -- ~ -- ~ Hewlett-Packard- http://www.hp.com ~ SAMBA Team -- http://www.samba.org ~ GnuPG Key http://www.plainjoe.org/gpg_public.asc ~ "If we're adding to the noise, turn off this song" --Switchfoot (2003) -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.1 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQE/q8OvIR7qMdg1EfYRAsyGAKDtVsl4h/vIi+E1ZuMjuV368esfwwCgxZ8W gDyTYIou+TeI+46od+gdbxU= =YkeB -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Outlook + attached files
hi, sounds mor like a problem of outlook which version do you use, have you looked at technet if ms knows your failure, do a test with a file stored on a networked windows client, if you have same failure here its outlook Regards - Original Message - From: "Chris Jones" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Friday, November 07, 2003 4:14 PM Subject: [Samba] Outlook + attached files > I am not sure where to begin to look into how to solve this problem. > > I've setup a samba 3.0.0 Fileserver moved all of my users files over to it, > works great thanks developers=). I've encountered a few documented problems > such as the Excel saving over another file thing(already been patched I > belive). And a few I can't find anything on. > > One specifically is causing me some grief. We use exchange in our > organization, outlook is the email client. If a user attaches a file and > that email sits around for a while, say they attach the file first then > write a 10 page email, it some how causes outlook to go berserk and won't > let you do anything with the email (send, save, delete). If they attach the > files and send it right away it works fine, its only if the file has been > attached for a while. I've found that when it goes berserk I need only > remove the attachment and reattach the file to get it back to normal > functionality. I've glanced over the section on Oplocks and I'm not sure if > I'm looking in the right direction. The files being attached are from the > home shares in which case the user is the only one with access to the file. > We do use an active virus scanner that has not caused any issues in the past > but just something of mention. I'm not sure if I should continue to look > into oplocks or am I even thinking in the right direction? Below is my > smb.conf. > > Thanks > Chris > > # Global parameters > [global] > unix charset = CP850 > workgroup = workgroup > realm = workgroup.COM > netbios aliases = fileserver > server string = Samba Server %v > security = ADS > log file = /var/log/samba/log.%m > max log size = 50 > max xmit = 65535 > socket options = TCP_NODELAY SO_RCVBUF=16384 SO_SNDBUF=16384 > printcap name = lpstat > os level = 33 > preferred master = No > dns proxy = No > wins server = > ldap passwd sync = Yes > idmap uid = 1-2 > idmap gid = 1-2 > template homedir = /home/users/%U > template shell = /bin/bash > winbind separator = + > read only = No > printing = cups > > [homes] > comment = Home Directories > browseable = No > directory mask = 0775 > -- > To unsubscribe from this list go to the following URL and read the > instructions: http://lists.samba.org/mailman/listinfo/samba > -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Samba 3.0.0 can't join ADS domain
My apologies to anyone else who might have replied to the original post. After posting I got heavily spammed with bogus M$ Support emails that filled up my mailbox. --- Tom Dickson <[EMAIL PROTECTED]> wrote: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA1 > > net ads join doesn't say anything sometimes. > > Does kinit [EMAIL PROTECTED] work correctly? Yes. > > If it does, try bumping up the log level to 5 or 10 > and try again. Ran at level 5. Among the more interesting messages is [2003/11/07 09:35:20, 3] libads/ldap.c:ads_connect(218) Connected to LDAP server 10.4.1.13 [2003/11/07 09:35:20, 1] libads/ldap.c:ads_connect(222) Failed to get ldap server info [2003/11/07 09:35:20, 5] passdb/secrets.c:secrets_fetch_trust_account_password(262) secrets_fetch failed! [2003/11/07 09:35:20, 4] libsmb/namequery.c:get_dc_list(1350) get_dc_list: returning 1 ip addresses in an ordered list [2003/11/07 09:35:20, 4] libsmb/namequery.c:get_dc_list(1351) get_dc_list: 10.4.1.13:389 [2003/11/07 09:35:20, 5] libsmb/namecache.c:namecache_status_fetch(308) namecache_status_fetch: no entry for NBT/MYWKGRP.MYDOMAIN.COM#1C.20.10.4.1.13 found. [2003/11/07 09:35:20, 5] libsmb/nmblib.c:send_udp(744) Sending a packet of len 50 to (10.4.1.13) on port 137 [2003/11/07 09:35:22, 5] libsmb/nmblib.c:send_udp(744) Sending a packet of len 50 to (10.4.1.13) on port 137 [2003/11/07 09:35:24, 5] nsswitch/winbindd_cm.c:cm_check_for_native_mode_win2k(424) cm_check_for_native_mode_win2k: Could not open a connection to MYWKGRP.MYDOMAIN.COM for PIPE_LSARPC (NT_STATUS_DOMAIN_CONTROLLER_NOT_FOUND) [2003/11/07 09:35:24, 3] nsswitch/winbindd_util.c:add_trusted_domain(142) add_trusted_domain: MYWKGRP.MYDOMAIN.COM is a mixed (or NT4) mode domain (Editor's note: the domain used to be mixed-mode but has since been converted to native mode. Don't know why this shows up this way.) [2003/11/07 09:35:24, 1] nsswitch/winbindd_util.c:add_trusted_domain(149) Added domain MYWKGRP MYWKGRP.MYDOMAIN.COM [2003/11/07 09:35:24, 3] nsswitch/winbindd_ads.c:alternate_name(931) ads: alternate_name > > Also, you should be able to ping the FQDN of the ADS > server, etc. Yes. > > Also, you may want to try with the newer krb5 libs > (1.3.1) as there are > some issues with the older ones. > -BEGIN PGP SIGNATURE- > Version: GnuPG v1.2.2-nr2 (Windows 2000) > Comment: Using GnuPG with Mozilla - > http://enigmail.mozdev.org > > iD8DBQE/qBQJ2dxAfYNwANIRAnwOAJ4+UNUfXAtF1gsdalrfOmpDOCAtuwCfTDkS > RhwJR+kmyUz+cY2THsR1Ces= > =WVlD > -END PGP SIGNATURE- > > -- > To unsubscribe from this list go to the following > URL and read the > instructions: http://lists.samba.org/mailman/listinfo/samba __ Do you Yahoo!? Protect your identity with Yahoo! Mail AddressGuard http://antispam.yahoo.com/whatsnewfree -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] CUPS vs lprng
I serve about 50 printers via Samba. Here are my experiences - LPRng - This backend I have found to be much stronger than CUPS, but I didn't use it for any server side processing. All drivers had to be installed from some other workstation. In my case, installing drivers for all OS's would only work from an XP machine, not Win2K. Otherwise, this worked very well. CUPS- I migrated to ESP PrintPro about 3 months ago. PrintPro made obtaining all the correct drivers and backends much simpler (there is only one, instead of CUPS + ESP GS + cupsomatic + HPIJS + etc,etc...). It seems to provide better naming of the jobs, displays user name and job on the printer display menu when printing, and can add printers via the cusaddsmb feature, which works A LOT better for remote site management. Plus there is the web based printer administration, and with ESP there is a GUI app that works pretty well. CUPS was easier to load balance amongst servers as well. On new printers, the jobs seem to process faster than with LPRng also. We have several HP 4300/4200 series printers that start printing instantaneously, even during high traffic periods. Overall, Linux print servers have kicked the snot out of NT print servers, and CUPS is much nicer and more complete to work with than LPRng. Installing print drivers locally becomes unsustainable if you have any significant number of users or printers. My thoughts would be to stay well clear of this. Your mileage may vary. -Chris On Thu, 2003-11-06 at 15:55, Douglas Phillipson wrote: > Could I get some opinions on which type of Samba based printing is > easier, CUPS or LPRNG, or just bybass Samba altogether. I'm looking at > the Printing HOWTO by Kurt Pfeifle (Printing Support in Samba 3.0) and > both look really complex. Anyone out there have any experience with > printing services in Samba? Should I just stay away from samba printing > and go direct to Network printers? What are the advantages of a samba > print server as opposed to installing printer drivers on the client and > printing to a network printer? > > Any opinions are appreciated > > Regards > > DSP -- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: Réf. : [Samba] Net groupmap fails
On Fri, 7 Nov 2003, Gerald (Jerry) Carter wrote: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA1 > > Kent L. Nasveschuk wrote: > > | [EMAIL PROTECTED]:~# /usr/local/samba/bin/net groupmap add ntgroup="Domain > | Admins" unixgroup="Domain Admins" rid=512 > | Can't lookup UNIX group Domain Admins > | > | Is there something with initial compiling samba 3.0.0 that would disable > | this? All the documentation that I've seen makes it look so easy, but I > | can't get it to work. > > Should work as far as I can tell. try running > > ~ net groupmap add ntgroup="Domain Admins" \ > ~ unixgroup="Domain Admins" rid=512 --debuglevel=10 > > and see if you get any clues. Hint: Make sure that you have all your "add scripts" in place. Also, make sure that these scripts can handle object names that have upper case characters and/or spaces in them. PS: groupadd does NOT permit spaces or upper case characters in a group name. - John T. -- John H Terpstra Email: [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: Réf. : [Samba] Net groupmap fails
On Fri, 7 Nov 2003, Kent L. Nasveschuk wrote: > Stephanie, > Thank you for your help. I tryed what you suggest but no luck.. I get > this: > > [EMAIL PROTECTED]:~# /usr/local/samba/bin/net groupmap add ntgroup="Domain > Admins" unixgroup="Domain Admins" rid=512 > Can't lookup UNIX group Domain Admins > > Is there something with initial compiling samba 3.0.0 that would disable > this? All the documentation that I've seen makes it look so easy, but I > can't get it to work. No. You need to add scripts that will work on your system for entries like: add machine script add user script add group script Here are the minimal entries for my current network configuration: add user script = /usr/sbin/useradd -m %u delete user script = /usr/sbin/userdel -r %u add group script = /usr/sbin/groupadd %g delete group script = /usr/sbin/groupadd %g add user to group script = /usr/sbin/usermod -G %g %u add machine script = /usr/sbin/useradd -s /bin/false -d /dev/null %u I hope this helps you. Note: The Linux "groupadd" utility will NOT allow you to add a group that has upper case characters or spaces in it! Cheers, John T. > > On Fri, 2003-11-07 at 06:48, [EMAIL PROTECTED] wrote: > > try /usr/local/samba/bin/net groupmap add ntgroup="Domain > > Admins" unixgroup="Domain Admins" rid=512 > > > > dn: cn=Domain Admins,ou=Groups,o=30GreatNeck,dc=home,dc=net > > objectClass: posixGroup > > > > This group is the unix group. > > > > --- > > StÃphane PURNELLE [EMAIL PROTECTED] > > Service Informatique Corman S.A. Tel : 00 32 087/342467 > > > > > > > > "Kent L. Nasveschuk" <[EMAIL PROTECTED]> > > Envoyà par : Pour : > > Samba List Server <[EMAIL PROTECTED]> > > [EMAIL PROTECTED]cc : > > .samba.org Objet : > > [Samba] Net groupmap fails > > > > > > 07/11/2003 12:31 > > > > > > > > > > > > > > I have yet to get group mapping to work in samba 3.0. Getting very > > frustrated. > > > > I'm using openldap 2.1.23 as the backend database for samba 3.0.0. I've > > added the base domain groups as posixAccounts to the LDAP database using > > smbldap-populate.pl. > > > > [EMAIL PROTECTED]:/usr/local/etc/openldap# ldapsearch -xv -b > > "o=30greatneck,dc=home,dc=net" > > > > # Administrator, Users, 30GreatNeck, home.net > > dn: uid=Administrator,ou=Users,o=30GreatNeck,dc=home,dc=net > > cn: Administrator > > sn: Administrator > > objectClass: inetOrgPerson > > objectClass: sambaSAMAccount > > objectClass: posixAccount > > gidNumber: 512 > > uid: Administrator > > uidNumber: 998 > > homeDirectory: /accounts > > sambaPwdLastSet: 0 > > sambaLogonTime: 0 > > sambaLogoffTime: 2147483647 > > sambaKickoffTime: 2147483647 > > sambaPwdCanChange: 0 > > sambaPwdMustChange: 2147483647 > > sambaHomePath: \\Lnxsrv2\accounts > > sambaHomeDrive: H: > > sambaProfilePath: \\Lnxsrv2\profiles\ > > sambaPrimaryGroupSID: S-1-5-21-739112995-4084651483-89095900-512 > > sambaLMPassword: XXX > > sambaNTPassword: XXX > > sambaAcctFlags: [U ] > > sambaSID: S-1-5-21-739112995-4084651483-89095900-2996 > > loginShell: /bin/false > > gecos: Netbios Domain Administrator > > > > > > # nobody, Users, 30GreatNeck, home.net > > dn: uid=nobody,ou=Users,o=30GreatNeck,dc=home,dc=net > > cn: nobody > > sn: nobody > > objectClass: inetOrgPerson > > objectClass: sambaSAMAccount > > objectClass: posixAccount > > gidNumber: 514 > > uid: nobody > > uidNumber: 999 > > homeDirectory: /dev/null > > sambaPwdLastSet: 0 > > sambaLogonTime: 0 > > sambaLogoffTime: 2147483647 > > sambaKickoffTime: 2147483647 > > sambaPwdCanChange: 0 > > sambaPwdMustChange: 2147483647 > > sambaHomePath: \\Lnxsrv2\accounts > > sambaHomeDrive: H: > > sambaProfilePath: \\Lnxsrv2\profiles\ > > sambaPrimaryGroupSID: S-1-5-21-739112995-4084651483-89095900-514 > > sambaLMPassword: NO PASSWORDX > > sambaNTPassword: NO PASSWORDX > > sambaAcctFlags: [NU ] > > sambaSID: S-1-5-21-739112995-4084651483-89095900-2998 > > loginShell: /bin/false > > > > # Domain Admins, Groups, 30GreatNeck, home.net > > > > # Domain Admins, Groups, 30GreatNeck, home.net > > dn: cn=Domain Admins,ou=Groups,o=30GreatNeck,dc=home,dc=net > > objectClass: posixGroup > > gidNumber: 512 > > cn: Domain Admins > > memberUid: Administrator > > description: Netbios Domain Administrators (need smb.conf configuration) > > > > # Domain Users, Groups, 30GreatNeck, home.net > > dn: cn=Domain Users,ou=Groups,o=30GreatNeck,dc=home,dc=net > > objectClass: posixGroup > > gidNumber: 513 > > cn: Domain Users > > description: Netbios Domain Users (not implemented yet) > > memberUid: kent > > > > # Domain Guests, Groups, 30GreatNeck, home.net > > dn: cn=Domain Guests,ou=Grou
Re: [Samba] Problems With MDB in Linux/Samba
Vitor, Please read the Samba-HOWTO-Collection.pdf chapter on "File and Record Locking". It has the information you need to know. You will see that the same problems affect pure Windows environments also. Just do a google search to verify this. Cheers, John T. On Fri, 7 Nov 2003, Vitor Alexandre S. Marinho wrote: > I have a linux Red Hat 9.0 with samba and i create a share and put a MDB > archive in this share. So, i have an application installed in client and it > access the MDB in Linux. But all the time i have problems in my application > acessing this MDB. If i put the MDB with a share with windows, i don´t have > problems. What´s happen? > Any suggest is OK :-) > Thanks a lot > Vitor > > -- John H Terpstra Email: [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Help Joining and NT domain
Hey All, I just compiled and installed Samba 3.0.0 on a solaris 9 box. I am having problems joining our domain. I added the machine name to the PDC and the ran the following command. net join -I 1.1.1.1 -U administrator And then I get the following: [2003/11/07 09:13:47, 0] rpc_client/cli_netlogon.c:cli_nt_setup_creds(249) cli_nt_setup_creds: request challenge failed [2003/11/07 09:13:47, 0] utils/net_rpc_join.c:net_rpc_join_newstyle(326) Error domain join verification: NT_STATUS_INVALID_COMPUTER_NAME Any Ideas? I have looked at the logs on the NT server and see nothing! Thanks for the help! Jon -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Printing with CUPS
On Fri, 7 Nov 2003, Alan Munday wrote: > I've just been trying to get my Samba 3.0.0-2 build to work with CUPS. > > The rpm I downloaded from the Samba site was not compiled with CUPS library > support. Which is why I am assuming that having added printing = cups in my > conf file things are not working. > > If I use the source rpm can I force the build to include CUPS library > support ? > > Or do I have to build from scratch? Alan, A few simple steps will get you the results you are after: 1. Install a recent version of CUPS (1.1.18 or later) 2. Make sure that you install the cups-devel package 3. Obtain the Samba-Team samba source RPM 4. Rebuild Samba: Red Hat: rpmbuild --rebuild samba-3.0.0-.src.rpm SuSE: rpm --rebuild samba-3.0.0-.src.rpm The binary RPMs will find their way to: Red Hat: /usr/src/redhat/RPMS/i386 SuSE:/usr/src/packages/RPMS/i386 I hope this helps. - John T. -- John H Terpstra Email: [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba 3.0.0 & OpenBSD 3.3: ldap.h not found
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Jyri wrote: | Hi! | | I'm trying to install Samba 3.0.0 into an OpenBSD 3.3 server. I have | copied ldap.h from OpenLDAP 2.1.22 distribution to /usr/local/include. | However, configure does not seem to find it: | | checking for LDAP support... auto | checking ldap.h usability... no | checking ldap.h presence... no | checking for ldap.h... no | | I get the same result with ./configure --libdir=/usr/local/lib | --includedir=/usr/local/include. | | I have also tried making symlink from /usr/local/include/ldap.h to | /usr/include/ldap.h but this makes no difference. | | It seems I have the same problem with lber.h which is also located in | /usr/local/include: | | checking lber.h usability... no | checking lber.h presence... no | checking for lber.h... no | configure: WARNING: ldap.h is needed for LDAP support | | Any ideas how to make this work? Thanks in advance! Check the config.log for the source of the error. Might be missing a library or something. Does OpenBSD require the -lrsolv lib still? (vague memories of this) cheers, jerry - -- ~ -- ~ Hewlett-Packard- http://www.hp.com ~ SAMBA Team -- http://www.samba.org ~ GnuPG Key http://www.plainjoe.org/gpg_public.asc ~ "If we're adding to the noise, turn off this song" --Switchfoot (2003) -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.1 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQE/q7zuIR7qMdg1EfYRAj/WAJ9gAmXlq4s1WREZILvAen8EiTGZZgCeIztS kGwAhPg2/brhkCB7301DD0U= =Ldoc -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Groups & LDAP
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Milos Webmail wrote: | I'm running samba+ldap on my RH 2.1 AS and I'm getting this errot when I | try to list groups: | | | | [EMAIL PROTECTED] etc]# net groupmap list | | [2003/11/07 15:49:10, 0] passdb/pdb_ldap.c:ldapsam_setsamgrent(2048) | | ldapsam_setsamgrent: LDAP search failed: No such object smbd is searching for "(objectclass=sambaGroupMapping)" cheers, jerry - -- ~ -- ~ Hewlett-Packard- http://www.hp.com ~ SAMBA Team -- http://www.samba.org ~ GnuPG Key http://www.plainjoe.org/gpg_public.asc ~ "If we're adding to the noise, turn off this song" --Switchfoot (2003) -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.1 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQE/q7ySIR7qMdg1EfYRAgGGAJ0XxkvO+2Lk8vGBA67iCnuTmQUgxwCeMk6u CHUlS5/g+/Z8jxxt7+COmhY= =YZYe -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Problems with migrating profiles
Rob, Please read the Samba-HOWTO-Collection.pdf chapters on Policies and Profile Management. Windows NT/2Kx/XP stores the domain and/or machine SID in the profile. There are two ways to solve the problem you have: 1) Change the SID of your Samba-3 installation to match that of the old server. You need to extract that Domain SID using the smbpasswd tool (if your old system was running Samba-2.x, or is running NT4/2Kx). You can update the SID of your Samba-3 installation using the "net" utility. _OR_ 2) Change the SIDs stored in the profiles. The tool to use is called "profiles". Cheers, John T. On Fri, 7 Nov 2003, Rob Fulton wrote: > Not strictly a Samba question but hopefully someone has a solution. We run > samba as a pdc for an office network of 2000/XP machines, the machines is > old and dying, I have installed samba 3 on a new server and given this a > different domain name. > > I can join machines to the new domain no problem, I can create new samba users and > log in with them on the machines, the > problem is when I try to migrate users off the old domain to the new > domain. I create the new account on the new domain and then copy their > profile from their windows machine onto the new controller. > > The profile I copy across will not work for the user correctly unless I add the user > to > the local Admin group on their machines, the user is unable to customise > their desktop and any customisations that were in their profile are not > activated, ther start bar is locked and unable to be unlocked and no > history is saved between logouts. I have looked at policy stuff but it's > not obvious why migrating the profile, and specifically ntuser.dat, causes > the profile to break and require admin rights. > > If anyone has any suggestions as to how to fix this or a better way of > migrating from one server to the next please let me know > > Cheers > > Rob Fulton > > -- John H Terpstra Email: [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Migrating from Samba2.2.8a+LDAP+PDC to Samba3+ldapsam
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 > Message: 28 > Date: Wed, 05 Nov 2003 20:52:44 +0100 > From: G?mes G?za <[EMAIL PROTECTED]> > Subject: Re: [Samba] Migrating from Samba2.2.8a+LDAP+PDC to > Samba3+ldapsam > To: Sebasti?n Abate <[EMAIL PROTECTED]> > Cc: [EMAIL PROTECTED] > Message-ID: <[EMAIL PROTECTED]> > Content-Type: text/plain; charset=ISO-8859-1; format=flowed > > Hi I did something like this, Mandrake 9.1, the steps to the success where: > 1. edit /etc/samba3/smb.conf to suit your old setup: Workgroup, Netbios > name, shares, ldap settings etc > 2. stop samba-2 > 3. copy /etc/samba/secrets.tdb to /etc/samba3 > 4. start samba-3 > 5. run net3 getlocalsid, and save the result to a file > 6. stop samba-3 > 7. remove /etc/samba3/secrets.tdb > 8. start samba-3 > 9. run net3 setlocalsid previously saved SID Instead of steps 2-9, you can extract the SID using smbpasswd -X , and import it with 'net3 setlocalsid ' > 10. run smbpasswd3 -w password, just like you did with samba-2 > You could say, that steps 6-10 are needless, maybe you are right, but I > felt more comfortable using a samba3 generated tdb file. > 11. dump your ldap database to ldif format > 12. run /usr/share/samba3/scripts/convertSambaAccount --input > your-old-ldif-file --output your-modified-ldif-file --sid > your-previously saved domain SID > 13. comment out samba schema from /etc/openldap/slapd.conf, and include > the new samba3 schema > 14. stop ldap > 15. delete everything from /var/lib/ldap, making a backup would be advisable > 16. start ldap > 17. import your-modified-ldif-file to ldap Instead of steps 11-17, you can instead: /usr/share/samba3/scripts/convertSambaAccount --input \ your-old-ldif-file --output your-modified-ldif-file --sid \ your-previously saved domain SID --changetype modify # ldapmodify -x -D "ldap admin dn" -W -ZZ -f your-modified-ldif-file This method allows you to have changes propogated to slave servers, and allows you to have less down time. Also, once you have done this, you will need to add group mappings for all the primary groups of your users etc. Note, I haven't migrated our production network, only done it on my test network ... Feedback welcome as always, and you guys might want to add some notes on the Mandrake community wiki at http://mandrake.vmlinuz.ca Regards, Buchan - -- |--Another happy Mandrake Club member--| Buchan MilneMechanical Engineer, Network Manager Cellphone * Work+27 82 472 2231 * +27 21 8828820x202 Stellenbosch Automotive Engineering http://www.cae.co.za GPG Key http://ranger.dnsalias.com/bgmilne.asc 1024D/60D204A7 2919 E232 5610 A038 87B1 72D6 AC92 BA50 60D2 04A7 -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.3 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQE/q7vfrJK6UGDSBKcRAu8nAKCpDOkRGg02zOmq+L0FfiECR6J6zQCfS9Qh OvjkBeAIJgRt5i0rEW3YI+g= =q6fl -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba 3 ACL's not Shown for Directories
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Müller, Thorsten wrote: | | I use samba 3 on a Redhat 8 box. | My clients are WintNT, Win2k and WinXP systems. | I want to have ACL to simulate NTFS Security for my clients. | This works without problems for files, | But not for directories. | When i create directories and have a look at the Security | Tab on the Windows Properties they show me no security | information (Read, Write, Full permission) | even if getfacl shows me information (see down). | I tried several options in smb.conf but nothing seems to help. | I also tried to set serveral values for the mask with setfacl. I remember a bug that prevented displaying acl's if the uid/gid<->SId mapping failed. I think this was resolved in 3.0.1pre1 but you might want to just try the CVS tree or wait until 3.0.1pre2 due out later today. cheers, jerry - -- ~ -- ~ Hewlett-Packard- http://www.hp.com ~ SAMBA Team -- http://www.samba.org ~ GnuPG Key http://www.plainjoe.org/gpg_public.asc ~ "You can never go home again, Oatman, but I guess you can shop there." ~--John Cusack - "Grosse Point Blank" (1997) -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.1 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQE/q7uaIR7qMdg1EfYRAsabAJ9MaqP2EHPDJdthQ8Cj+f/aYnlgsQCfXNR9 uHCzOR6TS7VL4pc8kmDiHJw= =nvxZ -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Change samba and Unix password from Windows 98
Romildo, Yes. This is possible. There are several ways this can be done. Check the man pages for smb.conf. In particular you should check the guidance on the smb.conf paramters: passwd chat unix password sync passwd program obey pam restrictions Also check out the documentation on the PAM module pam_smbpasswd.so These will give you some insight into the controls you may use. When you get this configured correctly a user will be able press Ctrl-Alt-Del on a workstation to change their password globally. Cheers, John T. On Fri, 7 Nov 2003 [EMAIL PROTECTED] wrote: > Hello. > > I have a small network of Windows 98 machines and > a Linux machine running Samba 3.0.0, which is > working as a file and printer server, and PDC. > > Is there the possibility of changing the samba > and Linux passwords of users from the client > machine (Windows 98) in a single operation, > without the user having to explicitly login > into the server for that. > > Currently users in this network is told to > login into the server and change their > Linux password (with passwd command) and > their Samba password (with smbpaswd command). > I want an easier way of doing that. > > Any clues? > > Romildo > -- John H Terpstra Email: [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: Réf. : [Samba] Net groupmap fails
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Kent L. Nasveschuk wrote: | [EMAIL PROTECTED]:~# /usr/local/samba/bin/net groupmap add ntgroup="Domain | Admins" unixgroup="Domain Admins" rid=512 | Can't lookup UNIX group Domain Admins | | Is there something with initial compiling samba 3.0.0 that would disable | this? All the documentation that I've seen makes it look so easy, but I | can't get it to work. Should work as far as I can tell. try running ~ net groupmap add ntgroup="Domain Admins" \ ~ unixgroup="Domain Admins" rid=512 --debuglevel=10 and see if you get any clues. cheers, jerry - -- ~ -- ~ Hewlett-Packard- http://www.hp.com ~ SAMBA Team -- http://www.samba.org ~ GnuPG Key http://www.plainjoe.org/gpg_public.asc ~ "You can never go home again, Oatman, but I guess you can shop there." ~--John Cusack - "Grosse Point Blank" (1997) -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.1 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQE/q7rgIR7qMdg1EfYRApNLAJ9Vl+zRDF6dcF/ILcLBXx1KUyEniQCg2jm8 awcVVG2Haash31wV5FKIRvo= =AzvU -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Integrating a Linux desktop into a Windows Domain environment
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 > Message: 35 > Date: Wed, 5 Nov 2003 15:33:27 -0600 (CST) > From: "Distribution Lists" <[EMAIL PROTECTED]> > Subject: [Samba] Integrating a Linux desktop into a Windows Domain > environment > To: [EMAIL PROTECTED] > Message-ID: > <[EMAIL PROTECTED]> > > Content-Type: text/plain;charset=iso-8859-1 > > Can someone give me some pointers to documentation, concepts on how to > integrate Linux desktop into a Windows domain environment to access shared > drives / printers. I wonder what other peoples experiences were as well. > > If possible I want to setup Linux/Samba in such to replicate what an > Windows workstation does, authenticate with a domain controller then be > able to seamlessly access shares. You may want to take a look at this paper I presented a while ago, on integrating Mandrake 9.0 into a Windows domain (only the basics of winbind setup). http://ranger.dnsalias.com/mandrake/samba/Integrating%20Linux%20into%20Windows%20Networks.pdf Mandrake supports winbind authentication during installation since 9.0, and since 9.2 you can configure it after installation using 'drakauth'. This doesn't currently support AD, however it should in the next release when we have samba3 in main (in contrib for 9.2). Regards, Buchan - -- |--Another happy Mandrake Club member--| Buchan MilneMechanical Engineer, Network Manager Cellphone * Work+27 82 472 2231 * +27 21 8828820x202 Stellenbosch Automotive Engineering http://www.cae.co.za GPG Key http://ranger.dnsalias.com/bgmilne.asc 1024D/60D204A7 2919 E232 5610 A038 87B1 72D6 AC92 BA50 60D2 04A7 -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.3 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQE/q7mqrJK6UGDSBKcRAmkvAJsHojkkwCqk/TM6mfsVaWMAtPt43gCfYNS4 D9pBUnLv9duBT6etCx/QEyM= =VPoS -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba 3.0.1pre1 winbind / getent problems
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 > Date: Wed, 5 Nov 2003 21:48:18 +0100 > From: Thomas Sillard <[EMAIL PROTECTED]> > Subject: [Samba] Samba 3.0.1pre1 winbind / getent problems > To: [EMAIL PROTECTED] > Message-ID: <[EMAIL PROTECTED]> > Content-Type: text/plain; charset="us-ascii" > > Hi, > > I've got some problems with winbind and ADS Domain Membership stuff. > I've joined the domain without problems with "kinit [EMAIL PROTECTED]" and > "net ads join", i can see the machine account in AD with ldapbrowser. > Klist give me three tickets, as say in the documentation, OK. > I created the idmap entry in my openldap (with samba3 schema), OK. > I've set the ldap admin password in the secrets.tdb, OK (ldap idmap). > Starting service smb3, OK. > Starting service winbind3, OK. > wbinfo -u and wbinfo - g give me the list of users and groups correctly, > wbinfo -a user%passord works fine, OK. > > BUT > > When i try a "getent passwd" or "getent group", i don't have the windows > users. I can't see or connect to the shares on the linux box with windows file > explorer (it prompts me a user/password). It works fine with samba 2.2.7a. > I've installed the samba3 mandrake package, wich suffixes all libs and > executables with the samba version's number (eg. for libnss_winbind.so -> > libnss_winbind3.so, smbpasswd -> smbpasswd3). Only the default packages. Since you're running on 9.1, you either are running cooker packages on 9.1 (not suggested, since cooker/9.2 have openldap-2.1.x and kerberos 1.3.x) or you rebuilt the SRPM. If you rebuilt the SRPM, you might as well add the '--with system' switch when you build it, and you will get 'samba-3.0.1' packages without suffixes. > > What's the problem ? Where is my error ? Is the mdk version suffixing > can be the source of the problem ? I am quite sure I tested this, and that it worked, but that was quite a while ago, and I didn't have much time availble to test it then. If it doesn't work for you, I can introduce alternatives for the winbind files (as we have on 9.2 for the client binaries). Unfortunately I don't have a production AD network to test on, so any feedback on improvements to the Mandrake packages with regard to winbind would be appreciated (and any other aspects, but I have two samba+ldap networks, one currently running 2.2.8a and one running 3.0.1pre1). Regards, Buchan - -- |--Another happy Mandrake Club member--| Buchan MilneMechanical Engineer, Network Manager Cellphone * Work+27 82 472 2231 * +27 21 8828820x202 Stellenbosch Automotive Engineering http://www.cae.co.za GPG Key http://ranger.dnsalias.com/bgmilne.asc 1024D/60D204A7 2919 E232 5610 A038 87B1 72D6 AC92 BA50 60D2 04A7 -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.3 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQE/q7iSrJK6UGDSBKcRAo/iAKCX3vLJUzKqvk/+PoqjSNV/dGbygwCeITy0 5D6rU06FJbb4ZtaxEsZhdMU= =mz26 -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Outlook + attached files
I am not sure where to begin to look into how to solve this problem. I've setup a samba 3.0.0 Fileserver moved all of my users files over to it, works great thanks developers=). I've encountered a few documented problems such as the Excel saving over another file thing(already been patched I belive). And a few I can't find anything on. One specifically is causing me some grief. We use exchange in our organization, outlook is the email client. If a user attaches a file and that email sits around for a while, say they attach the file first then write a 10 page email, it some how causes outlook to go berserk and won't let you do anything with the email (send, save, delete). If they attach the files and send it right away it works fine, its only if the file has been attached for a while. I've found that when it goes berserk I need only remove the attachment and reattach the file to get it back to normal functionality. I've glanced over the section on Oplocks and I'm not sure if I'm looking in the right direction. The files being attached are from the home shares in which case the user is the only one with access to the file. We do use an active virus scanner that has not caused any issues in the past but just something of mention. I'm not sure if I should continue to look into oplocks or am I even thinking in the right direction? Below is my smb.conf. Thanks Chris # Global parameters [global] unix charset = CP850 workgroup = workgroup realm = workgroup.COM netbios aliases = fileserver server string = Samba Server %v security = ADS log file = /var/log/samba/log.%m max log size = 50 max xmit = 65535 socket options = TCP_NODELAY SO_RCVBUF=16384 SO_SNDBUF=16384 printcap name = lpstat os level = 33 preferred master = No dns proxy = No wins server = ldap passwd sync = Yes idmap uid = 1-2 idmap gid = 1-2 template homedir = /home/users/%U template shell = /bin/bash winbind separator = + read only = No printing = cups [homes] comment = Home Directories browseable = No directory mask = 0775 -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] joining machines into a samba domain
Hello, I'm testing samba3 to shutdown our existing NT4 Domain. OS=UL1 Samba3 OpenLdap as backend All users and machine account are in a ldap backend (posix & samba). We will create the account manually into ldap before we went to a windows client (W2kPro) and join them manually into the domain. Witch users can join machines to the domain from a windows client directly? At the moment just the "ldap admin dn = cn=root,dc=xy,dc=com" user can join machines to the domain. When I try to do this with an other account, who has the ACL rights from LDAP to write into, and is also member of the Group "DomainAdmin" (SID--512), I become the error message "LoginFailure: unknown user or bad password" on the windows client. What are nessesary skills for a useraccount to join machines into a samba3 domain? Is it really just the PDC ldap admin dn , who has enough rights to do that? Regards Manuel Piessnegger -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Users unable to change their passwords using 200/XP change password dialouge.
I've just found out today that my system won't let users (2000 and XP clients) change their passwords. >From their consoles they get permission denied messages. Looking at the logs its clearly a Samba/PAM interaction issue but all looks OK in the pam.d directory. I've spent a few hours searching online but can't find anything that match's this scenario. Extract from users log follows: Nov 6 15:30:30 c2gs01 samba(pam_unix)[25685]: session closed for user root Nov 6 15:35:59 c2gs01 smbd[25869]: [2003/11/06 15:35:59, 0] auth/pampass.c:smb_pam_chauthtok(692) Nov 6 15:35:59 c2gs01 smbd[25869]: PAM: UNKNOWN PAM ERROR (19) for User: mariah Nov 6 15:35:59 c2gs01 smbd[25869]: [2003/11/06 15:35:59, 0] auth/pampass.c:smb_pam_passchange(848) Nov 6 15:35:59 c2gs01 smbd[25869]: smb_pam_passchange: PAM: Password Change Failed for user mariah! Nov 6 15:35:59 c2gs01 smbd[25869]: [2003/11/06 15:35:59, 0] auth/pampass.c:smb_pam_chauthtok(692) Nov 6 15:35:59 c2gs01 smbd[25869]: PAM: UNKNOWN PAM ERROR (19) for User: mariah Nov 6 15:35:59 c2gs01 smbd[25869]: [2003/11/06 15:35:59, 0] auth/pampass.c:smb_pam_passchange(848) Nov 6 15:35:59 c2gs01 smbd[25869]: smb_pam_passchange: PAM: Password Change Failed for user mariah! Nov 6 15:35:59 c2gs01 smbd[25869]: [2003/11/06 15:35:59, 0] auth/pampass.c:smb_pam_chauthtok(692) Nov 6 15:35:59 c2gs01 smbd[25869]: PAM: UNKNOWN PAM ERROR (19) for User: mariah Nov 6 15:35:59 c2gs01 smbd[25869]: [2003/11/06 15:35:59, 0] auth/pampass.c:smb_pam_passchange(848) Nov 6 15:35:59 c2gs01 smbd[25869]: smb_pam_passchange: PAM: Password Change Failed for user mariah! Nov 6 15:35:59 c2gs01 smbd[25869]: [2003/11/06 15:35:59, 0] auth/pampass.c:smb_pam_chauthtok(692) Nov 6 15:35:59 c2gs01 smbd[25869]: PAM: UNKNOWN PAM ERROR (19) for User: mariah Nov 6 15:35:59 c2gs01 smbd[25869]: [2003/11/06 15:35:59, 0] auth/pampass.c:smb_pam_passchange(848) Nov 6 15:35:59 c2gs01 smbd[25869]: smb_pam_passchange: PAM: Password Change Failed for user mariah! Any help would be appreciated. regards Alan -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] (no subject)
-- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Groups & LDAP
I'm running samba+ldap on my RH 2.1 AS and I'm getting this errot when I try to list groups: [EMAIL PROTECTED] etc]# net groupmap list [2003/11/07 15:49:10, 0] passdb/pdb_ldap.c:ldapsam_setsamgrent(2048) ldapsam_setsamgrent: LDAP search failed: No such object [2003/11/07 15:49:10, 0] passdb/pdb_ldap.c:ldapsam_enum_group_mapping(2113) ldapsam_enum_group_mapping: Unable to open passdb regards, pchammer -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Permissions
Hi Group, I set up samba3.0 to work as ADS-Member-Server. I created a share called /test and chown group to gg_test to it. Access to share works without any problems. I also can add files and directories to this share. When I now make ln -l, the files I added got the group-permissions "Domain Users" and not gg_test, as I expected. Do someone know a solution? Thanks in advance. Regards Dominik Brosch -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] test
test -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: Réf. : [Samba] Net groupmap fails
Stephanie, Thank you for your help. I tryed what you suggest but no luck.. I get this: [EMAIL PROTECTED]:~# /usr/local/samba/bin/net groupmap add ntgroup="Domain Admins" unixgroup="Domain Admins" rid=512 Can't lookup UNIX group Domain Admins Is there something with initial compiling samba 3.0.0 that would disable this? All the documentation that I've seen makes it look so easy, but I can't get it to work. On Fri, 2003-11-07 at 06:48, [EMAIL PROTECTED] wrote: > try /usr/local/samba/bin/net groupmap add ntgroup="Domain > Admins" unixgroup="Domain Admins" rid=512 > > dn: cn=Domain Admins,ou=Groups,o=30GreatNeck,dc=home,dc=net > objectClass: posixGroup > > This group is the unix group. > > --- > StÃphane PURNELLE [EMAIL PROTECTED] > Service Informatique Corman S.A. Tel : 00 32 087/342467 > > > > > "Kent L. Nasveschuk" <[EMAIL PROTECTED]> > > Envoyà par : Pour : > Samba List Server <[EMAIL PROTECTED]> > [EMAIL PROTECTED]cc : > > .samba.org Objet : >[Samba] Net groupmap fails > > > > > 07/11/2003 12:31 > > > > > > > > > > I have yet to get group mapping to work in samba 3.0. Getting very > frustrated. > > I'm using openldap 2.1.23 as the backend database for samba 3.0.0. I've > added the base domain groups as posixAccounts to the LDAP database using > smbldap-populate.pl. > > [EMAIL PROTECTED]:/usr/local/etc/openldap# ldapsearch -xv -b > "o=30greatneck,dc=home,dc=net" > > # Administrator, Users, 30GreatNeck, home.net > dn: uid=Administrator,ou=Users,o=30GreatNeck,dc=home,dc=net > cn: Administrator > sn: Administrator > objectClass: inetOrgPerson > objectClass: sambaSAMAccount > objectClass: posixAccount > gidNumber: 512 > uid: Administrator > uidNumber: 998 > homeDirectory: /accounts > sambaPwdLastSet: 0 > sambaLogonTime: 0 > sambaLogoffTime: 2147483647 > sambaKickoffTime: 2147483647 > sambaPwdCanChange: 0 > sambaPwdMustChange: 2147483647 > sambaHomePath: \\Lnxsrv2\accounts > sambaHomeDrive: H: > sambaProfilePath: \\Lnxsrv2\profiles\ > sambaPrimaryGroupSID: S-1-5-21-739112995-4084651483-89095900-512 > sambaLMPassword: XXX > sambaNTPassword: XXX > sambaAcctFlags: [U ] > sambaSID: S-1-5-21-739112995-4084651483-89095900-2996 > loginShell: /bin/false > gecos: Netbios Domain Administrator > > > # nobody, Users, 30GreatNeck, home.net > dn: uid=nobody,ou=Users,o=30GreatNeck,dc=home,dc=net > cn: nobody > sn: nobody > objectClass: inetOrgPerson > objectClass: sambaSAMAccount > objectClass: posixAccount > gidNumber: 514 > uid: nobody > uidNumber: 999 > homeDirectory: /dev/null > sambaPwdLastSet: 0 > sambaLogonTime: 0 > sambaLogoffTime: 2147483647 > sambaKickoffTime: 2147483647 > sambaPwdCanChange: 0 > sambaPwdMustChange: 2147483647 > sambaHomePath: \\Lnxsrv2\accounts > sambaHomeDrive: H: > sambaProfilePath: \\Lnxsrv2\profiles\ > sambaPrimaryGroupSID: S-1-5-21-739112995-4084651483-89095900-514 > sambaLMPassword: NO PASSWORDX > sambaNTPassword: NO PASSWORDX > sambaAcctFlags: [NU ] > sambaSID: S-1-5-21-739112995-4084651483-89095900-2998 > loginShell: /bin/false > > # Domain Admins, Groups, 30GreatNeck, home.net > > # Domain Admins, Groups, 30GreatNeck, home.net > dn: cn=Domain Admins,ou=Groups,o=30GreatNeck,dc=home,dc=net > objectClass: posixGroup > gidNumber: 512 > cn: Domain Admins > memberUid: Administrator > description: Netbios Domain Administrators (need smb.conf configuration) > > # Domain Users, Groups, 30GreatNeck, home.net > dn: cn=Domain Users,ou=Groups,o=30GreatNeck,dc=home,dc=net > objectClass: posixGroup > gidNumber: 513 > cn: Domain Users > description: Netbios Domain Users (not implemented yet) > me
[Samba] Problems With MDB in Linux/Samba
I have a linux Red Hat 9.0 with samba and i create a share and put a MDB archive in this share. So, i have an application installed in client and it access the MDB in Linux. But all the time i have problems in my application acessing this MDB. If i put the MDB with a share with windows, i don´t have problems. What´s happen? Any suggest is OK :-) Thanks a lot Vitor -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Printing with CUPS
I've just been trying to get my Samba 3.0.0-2 build to work with CUPS. The rpm I downloaded from the Samba site was not compiled with CUPS library support. Which is why I am assuming that having added printing = cups in my conf file things are not working. If I use the source rpm can I force the build to include CUPS library support ? Or do I have to build from scratch? thanks Alan -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: RE [Samba] Samba 3, recycle vfs and symbolic links
Great!! MS-DSF was really the solution! Thanks a lot for all the help... Regards Roger Jochem - Original Message - From: "Tom Dickson" <[EMAIL PROTECTED]> To: "samba mailing list" <[EMAIL PROTECTED]> Sent: Thursday, November 06, 2003 3:59 PM Subject: RE [Samba] Samba 3, recycle vfs and symbolic links > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA1 > > Perhaps using a MS-DFS share would be more useful in this case? This > would allow three real shares: \\server\accounting \\server\personal > \\server\public which would appear as \\server\users\accounting > \\server\users\personal \\server\users\public. > > See http://samba.org/~jht/HOWTO/Samba-HOWTO-Collection.pdf for more > information on MS-DFS > > - -Tom Dickson > > Hello! > > I recently upgraded my samba system with samba 3, and now I'm starting > to use the recycle vfs, that I was not using in my previous > instalations. My problem is the following: > > I have normaly 3 shares for each user, one is prived, one is for the > group (accounting, human resources, etc..) and the last one is public > (all can access). > > In the machines, normally using Windows 98, I create one mapped drive > tho the users prived share, and each prived share has a symbolic link to > the group share and the public share (ln -s /home/accounting > accounting). The problem is that when the user goes through the symbolic > link from the prived share to the group share, for instance, and deletes > a file, the .recycle directory is created in the prived share, but is > empty (the file doesnÂt goes to the .recycle folder). > > Any ideas of how I can solve this problem? I really would keep just one > mapped driver per user, to make things easier for my users. > > Regards > > Roger Jochem > SBS - SC > Brazil > -BEGIN PGP SIGNATURE- > Version: GnuPG v1.2.2-nr2 (Windows 2000) > Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org > > iD8DBQE/qov92dxAfYNwANIRAth/AKCqWPGtYiJshiECbzP+4EgcU3X8/ACgltp+ > 36V5DguV5HWvBMKhGGLw8mo= > =xJbV > -END PGP SIGNATURE- > > -- > To unsubscribe from this list go to the following URL and read the > instructions: http://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Net groupmap fails
I have yet to get group mapping to work in samba 3.0. Getting very frustrated. I'm using openldap 2.1.23 as the backend database for samba 3.0.0. I've added the base domain groups as posixAccounts to the LDAP database using smbldap-populate.pl. [EMAIL PROTECTED]:/usr/local/etc/openldap# ldapsearch -xv -b "o=30greatneck,dc=home,dc=net" # Administrator, Users, 30GreatNeck, home.net dn: uid=Administrator,ou=Users,o=30GreatNeck,dc=home,dc=net cn: Administrator sn: Administrator objectClass: inetOrgPerson objectClass: sambaSAMAccount objectClass: posixAccount gidNumber: 512 uid: Administrator uidNumber: 998 homeDirectory: /accounts sambaPwdLastSet: 0 sambaLogonTime: 0 sambaLogoffTime: 2147483647 sambaKickoffTime: 2147483647 sambaPwdCanChange: 0 sambaPwdMustChange: 2147483647 sambaHomePath: \\Lnxsrv2\accounts sambaHomeDrive: H: sambaProfilePath: \\Lnxsrv2\profiles\ sambaPrimaryGroupSID: S-1-5-21-739112995-4084651483-89095900-512 sambaLMPassword: XXX sambaNTPassword: XXX sambaAcctFlags: [U ] sambaSID: S-1-5-21-739112995-4084651483-89095900-2996 loginShell: /bin/false gecos: Netbios Domain Administrator # nobody, Users, 30GreatNeck, home.net dn: uid=nobody,ou=Users,o=30GreatNeck,dc=home,dc=net cn: nobody sn: nobody objectClass: inetOrgPerson objectClass: sambaSAMAccount objectClass: posixAccount gidNumber: 514 uid: nobody uidNumber: 999 homeDirectory: /dev/null sambaPwdLastSet: 0 sambaLogonTime: 0 sambaLogoffTime: 2147483647 sambaKickoffTime: 2147483647 sambaPwdCanChange: 0 sambaPwdMustChange: 2147483647 sambaHomePath: \\Lnxsrv2\accounts sambaHomeDrive: H: sambaProfilePath: \\Lnxsrv2\profiles\ sambaPrimaryGroupSID: S-1-5-21-739112995-4084651483-89095900-514 sambaLMPassword: NO PASSWORDX sambaNTPassword: NO PASSWORDX sambaAcctFlags: [NU ] sambaSID: S-1-5-21-739112995-4084651483-89095900-2998 loginShell: /bin/false # Domain Admins, Groups, 30GreatNeck, home.net # Domain Admins, Groups, 30GreatNeck, home.net dn: cn=Domain Admins,ou=Groups,o=30GreatNeck,dc=home,dc=net objectClass: posixGroup gidNumber: 512 cn: Domain Admins memberUid: Administrator description: Netbios Domain Administrators (need smb.conf configuration) # Domain Users, Groups, 30GreatNeck, home.net dn: cn=Domain Users,ou=Groups,o=30GreatNeck,dc=home,dc=net objectClass: posixGroup gidNumber: 513 cn: Domain Users description: Netbios Domain Users (not implemented yet) memberUid: kent # Domain Guests, Groups, 30GreatNeck, home.net dn: cn=Domain Guests,ou=Groups,o=30GreatNeck,dc=home,dc=net objectClass: posixGroup gidNumber: 514 cn: Domain Guests description: Netbios Domain Guests Users (not implemented yet) # Administrators, Groups, 30GreatNeck, home.net dn: cn=Administrators,ou=Groups,o=30GreatNeck,dc=home,dc=net objectClass: posixGroup gidNumber: 544 cn: Administrators description: Netbios Domain Members can fully administer the computer/sambaDom ainName (not implemented yet) # Users, Groups, 30GreatNeck, home.net dn: cn=Users,ou=Groups,o=30GreatNeck,dc=home,dc=net objectClass: posixGroup gidNumber: 545 cn: Users description: Netbios Domain Ordinary users (not implemented yet) # Guests, Groups, 30GreatNeck, home.net dn: cn=Guests,ou=Groups,o=30GreatNeck,dc=home,dc=net objectClass: posixGroup gidNumber: 546 cn: Guests memberUid: nobody description: Netbios Domain Users granted guest access to the computer/sambaDo mainName (not implemented yet) # Power Users, Groups, 30GreatNeck, home.net dn: cn=Power Users,ou=Groups,o=30GreatNeck,dc=home,dc=net objectClass: posixGroup gidNumber: 547 cn: Power Users description: Netbios Domain Members can share directories and printers (not im plemented yet) # Account Operators, Groups, 30GreatNeck, home.net dn: cn=Account Operators,ou=Groups,o=30GreatNeck,dc=home,dc=net objectClass: posixGroup gidNumber: 548 cn: Account Operators description: Netbios Domain Users to manipulate users accounts (not implemente d yet) # Server Operators, Groups, 30GreatNeck, home.net dn: cn=Server Operators,ou=Groups,o=30GreatNeck,dc=home,dc=net objectClass: posixGroup gidNumber: 549 cn: Server Operators description: Netbios Domain Server Operators (need smb.conf configuration) # Print Operators, Groups, 30GreatNeck, home.net dn: cn=Print Operators,ou=Groups,o=30GreatNeck,dc=home,dc=net objectClass: posixGroup gidNumber: 550 cn: Print Op
Re: [Samba] Change samba and Unix password from Windows 98
if you have a valid smb.conf you can set passwords with usrmgr and if you have synced with passwd this work also from client using ctrl-alt-del on win2k - Original Message - From: <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Friday, November 07, 2003 10:31 AM Subject: [Samba] Change samba and Unix password from Windows 98 > Hello. > > I have a small network of Windows 98 machines and > a Linux machine running Samba 3.0.0, which is > working as a file and printer server, and PDC. > > Is there the possibility of changing the samba > and Linux passwords of users from the client > machine (Windows 98) in a single operation, > without the user having to explicitly login > into the server for that. > > Currently users in this network is told to > login into the server and change their > Linux password (with passwd command) and > their Samba password (with smbpaswd command). > I want an easier way of doing that. > > Any clues? > > Romildo > -- > To unsubscribe from this list go to the following URL and read the > instructions: http://lists.samba.org/mailman/listinfo/samba > > -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba 3 and MMC (Microsoft Management Console)
Hi nils , to use usmgr you have to need valid entries in your smb.conf this is example conf for suse 8.2 samba 3 , study the entries, and look after their relatency in man smb.conf you can create and delete users and groups, and modify group membership for users machine creation is done in the example on the fly in a group Machines you have to do a group match between linux and win you should update to samba 3, and make a group mapping from unix root group to domain administrators and local administrators i use this script i.e. #!/bin/bash net groupmap modify ntgroup="Domain Admins" unixgroup=root net groupmap modify ntgroup="Domain Users" unixgroup=users net groupmap modify ntgroup="Domain Guests" unixgroup=nobody net groupmap modify ntgroup="Administrators" unixgroup=ntadmin net groupmap modify ntgroup="Users" unixgroup=users net groupmap modify ntgroup="Guests" unixgroup=nobody net groupmap modify ntgroup="System Operators" unixgroup=sys net groupmap modify ntgroup="Account Operators" unixgroup=ntadmin net groupmap modify ntgroup="Backup Operators" unixgroup=bin net groupmap modify ntgroup="Print Operators" unixgroup=lp net groupmap modify ntgroup="Replicators" unixgroup=daemon net groupmap modify ntgroup="Power Users" unixgroup=sys glibc-locale has to be installed and if you have this in /etc/sysconfig/language for german umlauts ! ## Path: System/Environment/Language ## Description: ## Type: string(POSIX,ca_ES.ISO-8859-1,ca_ES.UTF-8,cs_CZ.ISO-8859-2,cs_CZ.UTF-8,da_DE @euro,da_DK.ISO-8859-1,da_DK.UTF-8,[EMAIL PROTECTED],de_DE.ISO-8859-1,de_DE.UTF-8,e l_GR.ISO-8859-7,el_GR.UTF-8,en_GB.ISO-8859-1,en_GB.UTF-8,[EMAIL PROTECTED],en_IE.IS O-8859-1,en_US.ISO-8859-1,[EMAIL PROTECTED],es_ES.ISO-8859-1,es_ES.UTF-8,[EMAIL PROTECTED] ,fr_FR.ISO-8859-1,fr_FR.UTF-8,[EMAIL PROTECTED],gl_ES.ISO-8859-1,gl_ES.utf-8,hr_HR. ISO-8859-2,hu_HU.ISO-8859-2,hu_HU.UTF-8,[EMAIL PROTECTED],it_IT.ISO-8859-1,it_IT.UT F-8,ja_JP.eucJP,ja_JP.UTF-8,lt_LT.ISO-8859-13,lt_LT.UTF-8,[EMAIL PROTECTED],nl_NL.I SO-8859-1,nl_NL.UTF-8,ru_RU.ISO-8859-5,ru_RU.KOI8R,ru_RU.UTF-8,sk_SK.ISO-885 9-2,sk_SK.UTF-8,tr_TR.ISO-8859-9,tr_TR.UTF-8,ko_KR.eucKR,ko_KR.UTF-8,zh_TW.B ig5,zh_TW.UTF-8,zh_CN.GB2312,zh_CN.UTF-8) ## Default: "" # # # Local users will get RC_LANG as their default language, i.e. the # environment variable $LANG . $LANG is the default of all $LC_*-variables, # as long as $LC_ALL is not set, which overrides all $LC_-variables. # Root uses this variable only if ROOT_USES_LANG is set to "yes". # RC_LANG="[EMAIL PROTECTED]" ## Type: string ## Default: "" # # This variable will override all LC-variables!! # Again, ROOT_USES_LANG must be set to "yes", if an effect on the superuser # account is desired. # RC_LC_ALL="[EMAIL PROTECTED]" ## Type: string ## Default: "" # # This defines the locale in which messages of programs and # libraries with i18n-support should appear if a translated # message catalog for the library or the program is installed. # This also provides localized yes/no answers. # RC_LC_MESSAGES="" ## Type: string ## Default: "" # # This defines the locale for character handling and classification. # The libc uses this value in language dependent function calls, such # as e.g. uppercase/lowercase mapping of foreign characters. # RC_LC_CTYPE="" ## Type: string(POSIX) ## Default: POSIX # # This defines the locale for sorting strings and characters. # It is used by the libc to obtain the alphabetical order of characters # (e.g. for string comparisons). # # To keep bash and possibly other apps from misbehaviour, you should # probably keep this at POSIX and set it only for the apps that need it. # RC_LC_COLLATE="" ## Type: string ## Default: "" # # This defines the locale for date and time output formats. # i.e.: 06/09/1999 vs. 09.06.1999 # RC_LC_TIME="" ## Type: string ## Default: "" # # This defines the locale for formatting and reading numbers. # i.e.: 1,234.56 vs. 1.234,56 # RC_LC_NUMERIC="" ## Type: string ## Default: "" # # This defines the locale for formatting and reading money values. # RC_LC_MONETARY="" ## Type: string(ctype) ## Default: ctype # # This defines if the user "root" should use the locale settings # which are defined here. # Value "ctype" means that root uses just LC_CTYPE. # ROOT_USES_LANG="yes" installed the packs like this (from Ftp suse.com people gd ) rpm -U --force --nodeps ldapsmb-1.2-0.noarch.rpm rpm -U --force --nodeps libsmbclient-3.0.0-0.i586.rpm rpm -U --force --nodeps libsmbclient-devel-3.0.0-0.i586.rpm rpm -U --force --nodeps samba3-3.0.0-0.i586.rpm rpm -U --force --nodeps samba3-3.0.0-0.src.rpm rpm -U --force --nodeps samba3-cifsmount-3.0.0-0.i586.rpm rpm -U --force --nodeps samba3-client-3.0.0-0.i586.rpm rpm -U --force --nodeps samba3-doc-3.0.0-0.i586.rpm rpm -U --force --nodeps samba3-pdb-3.0.0-0.i586.rpm rpm -U --force --nodeps samba3-python-3.0.0-0.i586.rpm rpm -U --force --nodeps samba3-utils-3.0.0-0.i586.rpm rpm -U
Re: [Samba] Windows 2000 and 98SE at same time
Hi, for sure this is possible, but note win98 cannot be a real member of a domain, but you can include netlogon scripts and a few other features for this clients. Try example smb.conf included in all sources of samba, study this list, use samba version 3 Best Regards - Original Message - From: "Igor Cabral Corrêa" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Friday, November 07, 2003 3:53 AM Subject: [Samba] Windows 2000 and 98SE at same time > Hi, > > It´s possible to do configure Samba to create an Windows domain where is > possible to log in using Win 98SE and Win 2000 clients simultaneously? > Someone could explain or give a pointer for some reference on how to do it? > > Thanks for attention, > Igor C. Corrêa > > -- > To unsubscribe from this list go to the following URL and read the > instructions: http://lists.samba.org/mailman/listinfo/samba > > -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Samba 3.0.0 & OpenBSD 3.3: ldap.h not found
Hi! I'm trying to install Samba 3.0.0 into an OpenBSD 3.3 server. I have copied ldap.h from OpenLDAP 2.1.22 distribution to /usr/local/include. However, configure does not seem to find it: checking for LDAP support... auto checking ldap.h usability... no checking ldap.h presence... no checking for ldap.h... no I get the same result with ./configure --libdir=/usr/local/lib --includedir=/usr/local/include. I have also tried making symlink from /usr/local/include/ldap.h to /usr/include/ldap.h but this makes no difference. It seems I have the same problem with lber.h which is also located in /usr/local/include: checking lber.h usability... no checking lber.h presence... no checking for lber.h... no configure: WARNING: ldap.h is needed for LDAP support Any ideas how to make this work? Thanks in advance! - Jyri -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] authentication question: pptp tunnels for cisco vpn 3000
On Sat, 2003-11-01 at 11:35, Justin Kreger wrote: > I have a Cisco VPN Concentrator 3000, It has the ability to auth PPTP > tunnels off of a WinNT Domain controler. Well, I to use my samba3 box > instead of a WinNT box. I have samba3 running off of an LDAP back end. > Anyway, I setup the VPN Concentrator to auth off of the samba box, and > when I test it with the test option, and it works, but when I try to > auth a pptp tunnel, it fails saying the password is wrong. Any ideas? > My vote is for the stupid concentrator to meet some thermite or a metal > baseball batt. Any idea what protocols it is using? Is this a product on WinNT or CISCO's own OS? I suspect it's using radius, for connection to Microsoft's RADIUS server, but it certainly could get more interesting. Get a network trace, and see what's going on. I seem to have got myself into the VPN authentication game (see my paper at http://hawkerc.net/staff/abartlet/comp3700/final-report.pdf for what I've been up to), so I'm interesting in making the various combinations here work. I'll shortly be working on (or working with another developer on) a plugin for FreeRADIUS to make it authenticate against an MS domain (or a Samba domain for that matter). Andrew Bartlett -- Andrew Bartlett [EMAIL PROTECTED] Manager, Authentication Subsystems, Samba Team [EMAIL PROTECTED] Student Network Administrator, Hawker College [EMAIL PROTECTED] http://samba.org http://build.samba.org http://hawkerc.net signature.asc Description: This is a digitally signed message part -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Problems with migrating profiles
Not strictly a Samba question but hopefully someone has a solution. We run samba as a pdc for an office network of 2000/XP machines, the machines is old and dying, I have installed samba 3 on a new server and given this a different domain name. I can join machines to the new domain no problem, I can create new samba users and log in with them on the machines, the problem is when I try to migrate users off the old domain to the new domain. I create the new account on the new domain and then copy their profile from their windows machine onto the new controller. The profile I copy across will not work for the user correctly unless I add the user to the local Admin group on their machines, the user is unable to customise their desktop and any customisations that were in their profile are not activated, ther start bar is locked and unable to be unlocked and no history is saved between logouts. I have looked at policy stuff but it's not obvious why migrating the profile, and specifically ntuser.dat, causes the profile to break and require admin rights. If anyone has any suggestions as to how to fix this or a better way of migrating from one server to the next please let me know Cheers Rob Fulton -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Change samba and Unix password from Windows 98
Hello. I have a small network of Windows 98 machines and a Linux machine running Samba 3.0.0, which is working as a file and printer server, and PDC. Is there the possibility of changing the samba and Linux passwords of users from the client machine (Windows 98) in a single operation, without the user having to explicitly login into the server for that. Currently users in this network is told to login into the server and change their Linux password (with passwd command) and their Samba password (with smbpaswd command). I want an easier way of doing that. Any clues? Romildo -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba 3 and MMC (Microsoft Management Console)
On Fri, 7 Nov 2003, Nils Kalchhauser wrote: > "rruegner" <[EMAIL PROTECTED]> wrote (Thu, 6 Nov 2003 23:44:30 +0100): > > It works in parts but not in a whole cause its to deep inbound in active > > directory. > > So giving advice to use them would be no real advice for a stable use of > > samba > > Samba 3 can act as win nt 4 pdc and admined via > > with usrmgr and srvmgr without trouble > > thanks for your answers... > > I tried srvtools.exe too, but the user manager has "New User..." greyed > out and editing an existing user just does not work. however, listing the > exsting users with their real names works. > > now some of you suggest that the nt4 usermgr really works nice... what can > be done with it? If you logon using the administrator (root) account and log onto the Domain you should be able to administer uses and groups using the NT4 Domain User Manager. If this does not work, it means your configuration if whacky. - John T. -- John H Terpstra Email: [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba 2.2 -> 3.0.0 upgrade: questions + Internet Connection Wizard / Identities
On Thu, 6 Nov 2003, Jeferee wrote: > Hello, > > I just upgraded from Samba 2.2.7 to Samba 3.0.0 on RedHat 9. I did this > by uninstalling the 2.2.7 samba RPM's and then applying the Samba 3.0.0 > RPM from samba.org, then putting my local changes back into smb.conf. > I have also migrated my smb users from smbpasswd to tdbsam with the > pdbedit utility as discussed in the HOWTO. > > It seems I have to rejoin my client boxes (windows 2000 pro) to the > domain in order to log in, and then I have to blow away my local users > on each client machines to allow the roving profiles to be reloaded at > login. > > Also, I have had to add the following to my smb.conf file to use tdbsam > successfully. > > logon home = \\%L\%U > logon path = \\%L\%U\profile > > I had to do this in order to get the correct string to come up in > pdbedit -Lv for the "Home Directory" and "Profile Path" variables (the > defaults cuased %N to show in place of the server name) - when I used > 'smbpasswd' as the backend pdbedit -Lv showed proper values and things > worked OK. > > I also had to mess around a bit with 'net groupmap' modify/list to get > the standard Windows groups to map properly to UNIX groups, as discussed > in the HOWTO. These seemed to work fine under 2.2.7. > > Everything seems to work OK now, except for the following problems. > Can anyone tell me what I did wrong upgrading with respect to the > following 3 issues: > > 1) I have to rejoin each client Windows 2000 box to the domain or logins > fail (says the client is not in the domain) - did the machines' SIDs > change for some reason? Server SID? Yes. You should have saved the Domain SID before migration, then restored it on Samba-3 using the net utility. That way your clients would have been quite happy. > > 2) I have to blow away local roving profiles, then log in to get the > roving profiles to reload from the server - error says the profile for > that user already exists on the server, but has the 'wrong security'. > Loads temp settings. SID problem? Correct. See comment for Q1. > > 3) After rejoining and reloading, regular Domain Users do not have the > ability to change their Internet Connection Settings - The "Internet > Connection Wizard" icon recreates at each login, and when the user tries > to access it, they get an access denied error. Changes to internet > settings from IE are not recorded, and it complains about 'no > identities'. The users are properly listed in the "Domain Users" group. > If I put the user (or Domain Users) in the Admininistrator group on the > client boxes, he successfully gets his previously set settings (home > page, etc) at login. Yes. Correct. > Thank you, and great job on 3.0! Glad to hear that the documentation was useful. Want to send me any updates for it? Cheers, John T. -- John H Terpstra Email: [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba 3 and MMC (Microsoft Management Console)
"rruegner" <[EMAIL PROTECTED]> wrote (Thu, 6 Nov 2003 23:44:30 +0100): > It works in parts but not in a whole cause its to deep inbound in active > directory. > So giving advice to use them would be no real advice for a stable use of > samba > Samba 3 can act as win nt 4 pdc and admined via > with usrmgr and srvmgr without trouble thanks for your answers... I tried srvtools.exe too, but the user manager has "New User..." greyed out and editing an existing user just does not work. however, listing the exsting users with their real names works. now some of you suggest that the nt4 usermgr really works nice... what can be done with it? thanks, Nils -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba 3/ADC/Winbind problem
Selon Ron Smith <[EMAIL PROTECTED]>: > > Cannot access any samba shares on the linux machine, from > > the samba system itself, or any windows client. > > > > smbclient -k //sol/tmp > > session setup failed: NT_STATUS_LOGON_FAILURE > [...] > > obey pam restrictions = Yes > Try to set this to "no", it works for me. Thomas -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Printing from Linux (Redhat 9) to a win2k shared printer
I'm trying to use a Kyocera-Mita FS-1010 printer conencted on a Win2000 workstation. I can list the shares on the win2k station using smbclient and I can mount shares from it. When I'm trying to print a test page I get the following error: "ERRDOS - ERRbadaccess opening remote file testprint.ps". I am using the postscript driver. I hope someone can give me a hint :). Thanx! __ Do you Yahoo!? Protect your identity with Yahoo! Mail AddressGuard http://antispam.yahoo.com/whatsnewfree -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] connection limit using 3.0.0 ???
Hi, My users get sometimes this weird message, when trying to log in. "The domain WHATEVER is not available" My PDC has these errors in smbd.log [2003/11/07 10:35:57, 1] smbd/conn.c:conn_new(103) ERROR! Out of connection structures [2003/11/07 10:35:57, 0] smbd/service.c:make_connection_snum(352) Couldn't find free connection. Windows box event entry: Event Type: Failure Audit Logon Failure: Reason: An unexpected error occurred during logon What is going on? I saw such errors in lists, but in 2.2.2 time... Any fix/solution? samba has LDAP backend and when the error occured, there was about 320 logons and 250 smb threads. system redhat 8. regards, Rauno Tuul -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Samba 2.2 -> 3.0.0 upgrade: questions + Internet Connection Wizard / Identities
Hello, I just upgraded from Samba 2.2.7 to Samba 3.0.0 on RedHat 9. I did this by uninstalling the 2.2.7 samba RPM's and then applying the Samba 3.0.0 RPM from samba.org, then putting my local changes back into smb.conf. I have also migrated my smb users from smbpasswd to tdbsam with the pdbedit utility as discussed in the HOWTO. It seems I have to rejoin my client boxes (windows 2000 pro) to the domain in order to log in, and then I have to blow away my local users on each client machines to allow the roving profiles to be reloaded at login. Also, I have had to add the following to my smb.conf file to use tdbsam successfully. logon home = \\%L\%U logon path = \\%L\%U\profile I had to do this in order to get the correct string to come up in pdbedit -Lv for the "Home Directory" and "Profile Path" variables (the defaults cuased %N to show in place of the server name) - when I used 'smbpasswd' as the backend pdbedit -Lv showed proper values and things worked OK. I also had to mess around a bit with 'net groupmap' modify/list to get the standard Windows groups to map properly to UNIX groups, as discussed in the HOWTO. These seemed to work fine under 2.2.7. Everything seems to work OK now, except for the following problems. Can anyone tell me what I did wrong upgrading with respect to the following 3 issues: 1) I have to rejoin each client Windows 2000 box to the domain or logins fail (says the client is not in the domain) - did the machines' SIDs change for some reason? Server SID? 2) I have to blow away local roving profiles, then log in to get the roving profiles to reload from the server - error says the profile for that user already exists on the server, but has the 'wrong security'. Loads temp settings. SID problem? 3) After rejoining and reloading, regular Domain Users do not have the ability to change their Internet Connection Settings - The "Internet Connection Wizard" icon recreates at each login, and when the user tries to access it, they get an access denied error. Changes to internet settings from IE are not recorded, and it complains about 'no identities'. The users are properly listed in the "Domain Users" group. If I put the user (or Domain Users) in the Admininistrator group on the client boxes, he successfully gets his previously set settings (home page, etc) at login. Thank you, and great job on 3.0! Jeff Jones -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Unable to access my home share on samba 3 and win nt4, was able to do it with samba 2.2.2
Hi Guys, I just upgrade my samba sever (from 2.2.2 to 3.0 on Solaris 8, with winbind and win nt4 as a PDC) samba is a member of the domain, and I can access all my share with authenticaion. But I setup my home share: [global] workgroup = Domain3 realm = WIN2KTEST.CH server string = samba %v security = DOMAIN log file = /opt/samba/var/log.%m max log size = 1000 name resolve order = host wins bcast wins server = 10.10.14.9, 10.10.16.8 ldap ssl = no remote announce = 10.10.14.9 idmap uid = 1-2 idmap gid = 1-2 template homedir = /home/%u [homes] path = /home/%u read only = No browseable = No And with that I always get that error on my log: [2003/11/07 08:27:51, 0] smbd/service.c:make_connection_snum(670) '/home/Domain1\bi9yj' does not exist or is not a directory, when connecting to [bi9yj] By the way their is a trust on my pdc between the ddomain Domain1 and Domain3 and it works for my other shares Any clue how to solve it ? Thanks, Arno ** DISCLAIMER - E-MAIL --- The information contained in this E-Mail is intended for the named recipient(s). It may contain certain privileged and confidential information, or information which is otherwise protected from disclosure. If you are not the intended recipient, you must not copy,distribute or take any action in reliance on this information ** -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Fwd: Re: [Samba] Samba + Radius]
Original Message Subject: Re: [Samba] Samba + Radius From:"Rogelio Dela Cruz" <[EMAIL PROTECTED]> Date:Thu, November 6, 2003 11:15 am To: "Dariush Forouher" <[EMAIL PROTECTED]> -- Hi Dariush, This is exactly what I want to do, pls. do. Thanks a lot in advance. Regards, Ogie. > > On Wed, 5 Nov 2003, Rogelio Dela Cruz wrote: > >> Is there any possibility that I can configure Samba to authenticate to a Radius server (FreeRadius)? I want to do accounting stuff to the Samba users. > > We do windows accounting via a small program which runs in background on every client and reports logon and logoff times to a daemon process. This daemon writes the information into an mysql database that is also used by a parallel running radiusd. This way has the advantage that you don't have to worry about a lot of false entries which would appear if you log every auth attempt. I'll mail this stuff if this is what you are looking for. > > ciao > Dariush > > -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Windows 2000 and 98SE at same time
On Fri, 7 Nov 2003, [iso-8859-1] Igor Cabral Corrêa wrote: > Hi, > > It´s possible to do configure Samba to create an Windows domain where is > possible to log in using Win 98SE and Win 2000 clients simultaneously? > Someone could explain or give a pointer for some reference on how to do it? Suggest you read the Samba-HOWTO-Collection.pdf, it available from: http://us1.samba.org/samba/docs/Samba-HOWTO-Collection.pdf Read the chapter on "Security Modes and Server Types", Domain Control, and Domain Membership. - John T. -- John H Terpstra Email: [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba