[Samba] Strange auth issue - non-domain member succeeds - domain members fail
So, title pretty much says it all. Now for the setup: Win2k AD controller SAMBA 3.0.0-2 (also tried versions up to the most recent src rpm) Fedora Core 1 I can successfully join the domain as a member server, as verified by deleting the machine account and rejoining. The machine account is correctly recreated. However, I can only access shares, do net view \\server, etc. from a non-domain member. Any attempt to access the samba shares from a domain member results in much thrashing of disks, but then either an access denied or resource no longer available error occurs. I have verified that I can list accounts from the samba system residing on the win2k domain successfully. I've bumped up logging rather a lot, and am getting quite a bit of info, but aren't sure exactly what I should be looking for. I do see entries in the log for the machine which seem to indicate the kerberos token is successfully retrieved, but haven't been able to determine a lot more. Most frustrating is that this was working perfectly (though a couple of other things weren't, with hints that the issues had been fixed in fedora) before the upgrade. However, I had to remove sambe in order to complete the upgrade. I had backed up /etc/samba prior, so I don't fully understand why I couldn't just drop my config back in unless kerberos is broken in fedora. Anyway, at this point, I'd just like some pointers as to what might be relevent within the log files to point me to where I should be looking in my configs and/or libraries. Thanks, Rob -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] smbmount discontinued?
On Fri, 28 Nov 2003, tcg wrote: > On Wednesday 26 November 2003 08:41, Thiago Lima wrote: > > In a past thread I've notice that smbmount (and mount's suport for > > What's quoted is all I see of your post for some strange reason (both in kmail > and evolution). I see no body at all when using sylpheed. Very strange. > But that's not why I'm replying. > I did post a comment to the effect of "smbmount is deprecated", but that was > just my understanding from what happens in the distro I'm using; when I type > "smbmount" it suggests "mount -t smbfs" instead, so my assumption was that > they were deprecating the use of "smbmount" with the replacement syntax of > "mount -t smbfs". Apologies if I misled anyone. > mount is a front-end to smbmount when correctly called with the '-t smbfs' parameters. First: Please note that smbfs is a Linux kernel driver - it is not part of Samba. Samba ships the smbmount/smbmnt, smbumnt/smbumount front-end parsers only. The Samba-Team do no development, and provide no maintenance support for smbfs. If you are having smbfs problems please refer these to the Linux kernel team. The Linux-2.6 kernel has the new replacement for smbfs called cifsfs. - John T. -- John H Terpstra Email: [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] smbmount discontinued?
On Wednesday 26 November 2003 08:41, Thiago Lima wrote: > In a past thread I've notice that smbmount (and mount's suport for What's quoted is all I see of your post for some strange reason (both in kmail and evolution). I see no body at all when using sylpheed. Very strange. But that's not why I'm replying. I did post a comment to the effect of "smbmount is deprecated", but that was just my understanding from what happens in the distro I'm using; when I type "smbmount" it suggests "mount -t smbfs" instead, so my assumption was that they were deprecating the use of "smbmount" with the replacement syntax of "mount -t smbfs". Apologies if I misled anyone. -- Chris Do not reply to the email address. Please use the contact page below for any desired direct replies. Apologies for the inconvenience. realcomputerguy dot com slash contact dot html -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Samba Shares in the Root folder
Thanks to everyone who tried to help me. I still don't quite understand why but the problem seems to have been that my share was under the Root folder: /root/transfer Even though I set full permissions on that folder for the user account "nobody" and set guest account to nobody in smb.conf, I still got permission denied. I set guest account to root and it works. Paul -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] BUG?: 2.2.8a, missing header files for source/passdb/pass_check.c
I'm trying to compile in DFS with the --with-dfs option. There is an #ifdef WITH_DFS and following that, is some header files that are referenced that I can't seem to find any where. Is this a bug, or is this because my operating system doesn't have these files? I'm running OpenBSD 3.4. Here is the first portion of config.status: #! /bin/sh # Generated automatically by configure. # Run this file to recreate the current configuration. # This directory was configured as follows, # on host Vectra: # # usr/ports/net/samba/stable/w-samba-2.2.8a/samba-2.2.8a/source/configure --l ibdir=/usr/local/lib/samba --localstatedir=/var --sbindir=/usr/local/sbin -- disable-cups --with-configdir=/etc/samba --with-lockdir=/var/spool/samba --w ith-piddir=/var/run --with-logfilebase=/var/log/samba --with-privatedir=/etc /samba --with-swatdir=/usr/local/share/swat --with-ssl --with-sslinc=/usr/in clude/ssl --with-ssllib=/usr/lib --with-dce-dfs --with-automount --with-sysl og --with-quotas --with-utmp --with-msdfs --with-libsmbclient --with-acl-sup port --with-dfs --with-krb5=/etc/kerberosV --prefix=/usr/local --sysconfdir= /etc The 2 lines that reference the header files are listed below: #include #include -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] User must change password on next logon
On Sat, 2003-11-29 at 01:01, [EMAIL PROTECTED] wrote: > I have been trying to create some administration guidline to adding users > and groups in a Samba 3.0 PDC. I have most of the task documented. The > problem I run into is where can I set the attribute for a user to change > their password on next logon. If you setup Samba 3.0 to use ldap, you can trivially set the sambaPwdMustChange field to 0. Andrew Bartlett -- Andrew Bartlett [EMAIL PROTECTED] Manager, Authentication Subsystems, Samba Team [EMAIL PROTECTED] Student Network Administrator, Hawker College [EMAIL PROTECTED] http://samba.org http://build.samba.org http://hawkerc.net signature.asc Description: This is a digitally signed message part -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] smbfs size limit
On Sat, 2003-11-29 at 03:38, Stefan G. Weichinger wrote: > Hello, Samba-users, > > please don´t beat me, but I have to ask this question here, as I > haven´t found an answer I can rely on until now. > > I am working on a solution for a backup-problem and one possible > solution could be the use of smbfs/smbmount. > > I am testing that now, mounting a WinXPHome(sorry, testing ...)-share > which is 20GB of size (8GB used) to my linux-box. The linux-box is a > bit more sophisticated (Kernel 2.6.0-test11 - Samba 3.0.0). > > I don´t want to get into details now, just my questions: > > - I am aware of a sizelimit of 2 GB or 4 GB when using smbfs. > What is the limit exactly and where does it come from ? > smbfs in the kernel ? smbmount ? smbfs in the kernel cannot support the large files. smbmount in Samba 3.0 has the patches required to support the large file negotiation (that's the lfs option). > - I read about several patches and stuff, but that was all for older > kernels. Basically I would be happy if it works with kernel 2.4.x. > Could someone point me to the patches? > > I know that this topic ain´t new ... If you cannot use smbclient (really, it is easier!), and you want to patch your kernel, then patch it with the CIFS VFS: http://www.samba.org/samba/Linux_CIFS_client.html However, in your case, you don't even need to go this far - with the 2.6 kernel, CIFS is standard! Just select it just like you have smbfs and NFS. Andrew Bartlett -- Andrew Bartlett [EMAIL PROTECTED] Manager, Authentication Subsystems, Samba Team [EMAIL PROTECTED] Student Network Administrator, Hawker College [EMAIL PROTECTED] http://samba.org http://build.samba.org http://hawkerc.net signature.asc Description: This is a digitally signed message part -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] smbmount discontinued?
On Thu, 2003-11-27 at 00:41, Thiago Lima wrote: > In a past thread I've notice that smbmount (and mount's suport for > it) will be discontinued and smbclient should be used insted. No, this is incorrect. There are a few points that need to be made very clearly: - smbfs is old, and has known restrictions at the 2GB level. There are patches floating around to 'fix' this, but as the only restriction is in the kernel, there is nothing the Samba Team can do about it. (smbmount already contains the client-side helper routines required to support this). The issues of file-size are just one of smbfs' problems. - There is a new in-kernel filesystem called the 'Linux CIFS client' - http://www.samba.org/samba/Linux_CIFS_client.html This filesystem has no 2GB or 4GB restrictions, operates using much newer protocol revisions, and as such only talks to NT/Win2k/Samba servers (no Win9X in particular). - smbclient is the preferred tool for operations that do not need to involve a real kernel filesystem. If you are just shifting files for backups, then you really do not need an in-kernel filesystem. Andrew Bartlett -- Andrew Bartlett [EMAIL PROTECTED] Manager, Authentication Subsystems, Samba Team [EMAIL PROTECTED] Student Network Administrator, Hawker College [EMAIL PROTECTED] http://samba.org http://build.samba.org http://hawkerc.net signature.asc Description: This is a digitally signed message part -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba and the use of smart cards for authentication
On Sat, 2003-11-29 at 08:44, Philip Edelbrock wrote: > I've played a little bit with smart cards and tokens. They are a bit > messy to implement. I didn't like the idea of special software/hardware > installed on the client to get such a system in place. There are some > other ways to do the same thing, though, that may solve a lot of the > issues you may be confronted with. > > For example, you may want to take a look at the RSA-SecurID tokens. [1] I > haven't set up a system with them, but I like how they work. Instead of > being connected by hardware to the client computer, they simply have a > small LCD display of numbers that constantly change every minute. You use > that set of numbers along with a personal code (PIN) as your password to > authenticate with the server. On the server, the authenticator is a PAM > module, so in theory it can be used with Samba, SSH, Apache, whatever can > use PAM! The problem is, Samba cannot use PAM, not for domain logons, and not in without client modifications even for file sharing. You could write an authentication module for Samba that accepted NTLM logins from the clients, and looked up the appropriate one-time-password (much as we currently lookup the long-term password), however MS clients assume that the password does not change, and will transparently reconnect with the old password. If you are lucky, they might pop up a 'wrong password' box, but particularly RPC services don't handle this kind of fault well (printing is a good example). Andrew Bartlett -- Andrew Bartlett [EMAIL PROTECTED] Manager, Authentication Subsystems, Samba Team [EMAIL PROTECTED] Student Network Administrator, Hawker College [EMAIL PROTECTED] http://samba.org http://build.samba.org http://hawkerc.net signature.asc Description: This is a digitally signed message part -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] User must change password on next logon
as far as i know this is current not implemented - Original Message - From: <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Friday, November 28, 2003 3:01 PM Subject: [Samba] User must change password on next logon > I have been trying to create some administration guidline to adding users > and groups in a Samba 3.0 PDC. I have most of the task documented. The > problem I run into is where can I set the attribute for a user to change > their password on next logon. > > Any help is appreciated. > > Terrance Bey > -- > To unsubscribe from this list go to the following URL and read the > instructions: http://lists.samba.org/mailman/listinfo/samba > -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] USRMGR.EXE administration: invalid syntax error message
3.0.1pre3 has failures with usmgr - Original Message - From: "Karel Kulhavý" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Friday, November 28, 2003 5:04 PM Subject: [Samba] USRMGR.EXE administration: invalid syntax error message > I try to admin Samba 3.0.0 and 3.0.1pre3 (tried both versions) NT4.0 > PDC with NT4.0 machine and NT4.0 USRMGR.EXE and get persistent error > message > > 1) The group name could not be found > 2) The user name could not be found > 3) The filename, directory name, or volume label syntax is incorrect. > > Loggin into domain under name: root > > I can see the user and group listing. When I click on a user to see > his details, I get message (2). When I click on a group to see it's details, > I get message (1). When I click on "Add New User" in the menu, I get message > (3). > > I have read mailing list postings indicating this works for other people. Am I > doing something wrong? Is there any specification I should read describing > under what circumstances should USRMGR.EXE administration work? > > Windows on client: NT4.0 (reinstalled from NT3.5 to NT4.0). > Tried also another NT4.0 box with the same result > Tried also XP box and running NT4.0 USRMGR.EXE -- the same result > > Samba: 3.0.0 and 3.0.1pre3 (tried first 3.0.1pre3 and then reinstalled > to 3.0.0 by compiling 3.0.0 and make install 3.0.0 with leaving the same > environment) > > Install path: default (./configure without parameters, path defaults > to /usr/local/samba/) Distribution: gentoo. > > smb.conf contents: > > # Samba config file created using SWAT > # from 127.0.0.1 (127.0.0.1) > # Date: 2003/11/19 15:51:41 > > # Global parameters > [global] > security = user > wins support = no > workgroup = KEVF_D4 > encrypt passwords = yes > domain logons = yes > null passwords = yes > interfaces = eth0 > preferred master = Yes > domain master = Yes > debuglevel = 3 > ldap ssl = no > hosts allow = 195.113.28.0/255.255.254.0 > admin users = admin,prech,root > hide local users = yes > > unix password sync = yes > passwd program = /bin/passwd > passwd chat = *ew*password* %n\n *new*password* %n\n > add user to group script = /usr/local/samba/bin/myaddusertogroup "%u" "%g" > add user script = /usr/sbin/useradd -c 'Samba User' -d /dev/null -g smbusers -s /bin/false %u > add machine script = /usr/sbin/useradd -c 'Machine' -d /dev/null -g machines -s /bin/false %u > add group script = /usr/local/samba/bin/mygroupadd "%g" > delete group script = /usr/local/samba/bin/mygroupdel "%g" > map to guest = Bad User > passdb backend = tdbsam > > logon drive = h: > logon home = \{}\{}oberon\{}%U > logon path = \{}\{}oberon\}{profiles\{}%U > > [netlogon] > path=/usr/local/samba/netlogon > read only = yes > guest ok = yes > browseable = yes > write list = admin prech root > locking = no > public = no > > [homes] > comment = Home Directories > browseable = no > writable = yes > > [admin] > comment = Admin Home > writable = yes > path = /home/admin > > [root] > comment = Root Home > writable = yes > path = /home/admin > > [linux] > comment = Linux Kernel Sources > path = /usr/src/linux > > [profiles] > create mode = 0600 > csc policy = disable > directory mode = 0700 > comment = Profiles > path = /usr/local/samba/profiles/ > profile acls = yes > read only = no > > permissions: > drwxrwxrwt root root /usr/local/samba/profiles > drwxrwxrwt root root /usr/local/samba/netlogon > contents of netlogon: only directory scripts (no ntconfig.pol) > > Group information /etc/group: > domain_users:x:410:root,admin,test > domad:x:412:admin,root > machines:x:408: > smbusers:x:407: > > bash-2.05b# net groupmap list > System Operators (S-1-5-32-549) -> -1 > Replicators (S-1-5-32-552) -> -1 > Guests (S-1-5-32-546) -> -1 > Domain Users (S-1-5-21-xx-yy-zz-513) -> smbusers > Power Users (S-1-5-32-547) -> -1 > Print Operators (S-1-5-32-550) -> -1 > Administrators (S-1-5-32-544) -> -1 > Account Operators (S-1-5-32-548) -> -1 > Domain Admins (S-1-5-21-xx-yy-zz-512) -> domadm > Domain Guests (S-1-5-21-xx-yy-zz-514) -> nobody > Backup Operators (S-1-5-32-551) -> -1 > Users (S-1-5-32-545) -> -1 > > bash-2.05b# pdbedit -Lv root > Unix username:root > NT username: > Account Flags:[U ] > User SID: S-1-5-21-1720464068-1560033322-1864438560-1000 > Primary Group SID:S-1-5-21-1720464068-1560033322-1864438560-1001 > Full Name:root > Home Directory: \{}\{}oberon\{}root > HomeDir Drive:h: > Logon Script: > Profile Path: \{}\{}oberon\}{profiles\{}root > Domain: KEVF_D4 > Account desc: > Workstations: > Munged dial: > Logon time: 0 > Logoff time: Fri, 13 Dec 1901 21:45:51 GMT > Kickoff time: Fri, 13 Dec 1901 21:45:51 GMT > Password last set:Fri, 28 Nov 2003 08:48:20 GMT > Password can change: Fri, 28 Nov 2003 08:48:20 GMT > Password must change: Fri, 13 Dec 1901 21:45:51 GMT > >
Re: [Samba] Linux/Samba for the first time
Another way is to use guest account = root in global and guest ok = yes in the shares (might work in global, too) you want to give full access to. This is crude but it works. After you get experience, you could easily tighten up security, (which you really should do) but it is nice to get things working. Joel On Thu, Nov 27, 2003 at 05:16:19PM +0100, Per Bäckman wrote: > I'm setting up a linux mashine with samba for filesharing to windowsclients. > I use samba 3 and Linux rh9 and swat. > We are just a small group of trusted people. > I need to create a folder with rights for any windowsuser in the workgroup > to: > -connect to and add subfolders and files. > -read all the subfolders and files. > -change in subfolders and files. > Basicly we will store the economysystem, filemaker pro server and > officefiles. > Finally we will back it up to a tape drive or to another media. > Is there no easy way to make a share without restrictions? > > Thanks > Per Bäckman > > > > > -- > To unsubscribe from this list go to the following URL and read the > instructions: http://lists.samba.org/mailman/listinfo/samba > -- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba PDC - Administrator issues
On Fri, 28 Nov 2003 13:56 , Todd Johnson <[EMAIL PROTECTED]> sent: > >Samba PDC is up and running. We are not using roaming profiles. My problem is this. >How do we make the administrator account have administrative priv's locally on the client PC when they login on the DOMAIN? What is happening now is that when the Administrator logs in it just makes a domain accoutn for the Administrator locally but this new account does not have actualy administrator permissions. > >I read about the netgroup tool and its uses but from what I read this is new to 3.0? >We are using smb 2.2.8a. domain admin group = root @domain-admins --- Chris McKeever If you want to reply directly to me, please use cgmckeever--at--prupref---dot---com http://www.prupref.com Prudential Preferred Properties www.prupref.com -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] [OT] Good Gigabit Ethernet Card ...
I'm doing well with the Linksys 32-bit "instant gigabit" card. .It's cheap -- like $ 70 US -- and based on a National Semiconductor Chip for which drivers are included in at least RedHat 9 and Mandrake 9.2. My only complaint is that the Linux drivers don't seem to support Jumbo Frames (although the card supports them under Windows). Linux support for Jumbo Frames was apparently turned off intentionally in the drivers due to stability problems. I have NOT had good luck with a SysKonnect 9821 64-bit card in a 32-bit slot -- although the card is supposed to be compatible with 32-bit PCI slots. Performance data that I've seen show the card achieving 80 MB+/sec on all Linux systems in a 64-bit slot and using Jumbo Frames. But I get segmentation faults when I'm using my firewire drives at the same time. Could be a motherboard issue and not an issue with the SysKonnect Gigabit card. I had switched to SysKonnect because the company claims to heavily support Linux, and its own Linux drivers support Jumbo Frames. When I put the Linksys card back into my Mandrake 9.2 system, all was well again. Andy Liebman In a message dated 11/28/2003 2:56:26 PM Eastern Standard Time, [EMAIL PROTECTED] writes: Greetings ... I hate to ask these questions, but I dought I will get a straight answer from an Salesmen ... I am looking at putting gigabit in as a back bone for a few Linux servers, but I have used an Accton Gigabit ethernet card with RedHat 8.0/9 and found it a little unstable ... do and RedHat users have a suggestion on a good, but not expensive Gigabit card, basicly for a Samba server(s). Thanks Mailed Lee -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Best way to migrate NT4 SAM db to Samba3+LDAP ?
On Sat, 2003-11-29 at 08:56, Emmanuel Lesouef wrote: > Hello list, > > I have seen a few ways to migrate the SAM database of an NT4sp6 to > Samba. > > I saw that some use pwdump while others use net rpc vampire. There should be no reason to use pwdump any more - net rpc vampire can do everything you need. > Which is the best way to translate users, groups and machines from NT to > Samba3 LDAP ? Follow the advice in the HOWTO collection, I suppose :-) Andrew Bartlett -- Andrew Bartlett [EMAIL PROTECTED] Manager, Authentication Subsystems, Samba Team [EMAIL PROTECTED] Student Network Administrator, Hawker College [EMAIL PROTECTED] http://samba.org http://build.samba.org http://hawkerc.net signature.asc Description: This is a digitally signed message part -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] installation error
On Fri, 28 Nov 2003, Pandele Stefan Cristian wrote: > > Hello, > > I tried to install samba 3.0.0. on sa slackware system and within the > "make" process I have this error: > > "Binding bin/smbd :collect2: ld terminated with signal 15 [Terminated] > make : *** [bin/smbd] Error 1." > The only time I have seen this error is with hardware errors. You may have either defective memory or an overheating CPU. - John T. -- John H Terpstra Email: [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] [OT] Good Gigabit Ethernet Card ...
On Fri, 28 Nov 2003, C.Lee Taylor wrote: > Greetings ... > > I hate to ask these questions, but I dought I will get a straight > answer from an Salesmen ... > > I am looking at putting gigabit in as a back bone for a few Linux > servers, but I have used an Accton Gigabit ethernet card with RedHat > 8.0/9 and found it a little unstable ... do and RedHat users have a > suggestion on a good, but not expensive Gigabit card, basicly for a > Samba server(s). I use Intel Gigabit cards without any problems. - John T. -- John H Terpstra Email: [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE: [Samba] [OT] Good Gigabit Ethernet Card ...
Some Linux distro's have problems with some of the gig NIC chipsets. The Netgear GA302T will cause a Red Hat (8 in my case) system to halt randomly. However the Netgear GA622T works well and is stable. Regards Alan -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of C.Lee Taylor Sent: 28 November 2003 19:55 To: [EMAIL PROTECTED] Subject: [Samba] [OT] Good Gigabit Ethernet Card ... Greetings ... I hate to ask these questions, but I dought I will get a straight answer from an Salesmen ... I am looking at putting gigabit in as a back bone for a few Linux servers, but I have used an Accton Gigabit ethernet card with RedHat 8.0/9 and found it a little unstable ... do and RedHat users have a suggestion on a good, but not expensive Gigabit card, basicly for a Samba server(s). Thanks Mailed Lee -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Samba PDC - Administrator issues
Samba PDC is up and running. We are not using roaming profiles. My problem is this. How do we make the administrator account have administrative priv's locally on the client PC when they login on the DOMAIN? What is happening now is that when the Administrator logs in it just makes a domain accoutn for the Administrator locally but this new account does not have actualy administrator permissions. I read about the netgroup tool and its uses but from what I read this is new to 3.0? We are using smb 2.2.8a. Does anyone have any ideas or know the solution? My thanks..and I hope you all had a nice Thanksgiving. Todd -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba and the use of smart cards for authentication
I've played a little bit with smart cards and tokens. They are a bit messy to implement. I didn't like the idea of special software/hardware installed on the client to get such a system in place. There are some other ways to do the same thing, though, that may solve a lot of the issues you may be confronted with. For example, you may want to take a look at the RSA-SecurID tokens. [1] I haven't set up a system with them, but I like how they work. Instead of being connected by hardware to the client computer, they simply have a small LCD display of numbers that constantly change every minute. You use that set of numbers along with a personal code (PIN) as your password to authenticate with the server. On the server, the authenticator is a PAM module, so in theory it can be used with Samba, SSH, Apache, whatever can use PAM! The key fob version costs about $55 each (probably around as much as you paid for your card readers?). [3] Back to smart cards, I've played a little bit with the Cryptoflex tokens by Shlumberger (now Axalto) [4]. The e-gate version allows you to use them in a USB token so you don't need a dedicated reader to use it. The end result is the same, though: you need a PIN and a physical item (card/token) to authenticate. The difference being that the smartcard/usb-token may make it a little easier for the end user provided that all the software on the client box is set up right. With something like the SecurID the end user will need to take the extra step to copy a number from the display on the token into the password box on the computer, but it allows the token to work from any client (and OS) making it much easier for the administrator to deploy. Good luck! Phil [1] http://www.rsasecurity.com/products/securid/hardware_token.html [2] http://www.rsasecurity.com/download/ [3] http://www.streetprices.com/x/search.cgi?query=securid [4] http://www.axalto.com/infosec/cryptoflex_win.html On Fri, 28 Nov 2003, Simon Posnjak wrote: > Hi, > > We have a windows based network. Now we would like to secure all the computers > with the use of smart cards (so that people can log on with a smart card). > For testing purposes we bought some card readers and now we are trying to set > up a testing lab. First problem we ran in to is that we would need W2K Server > for Active Directory and the MS CA. Until now we used Samba for print and > file server, so we thought that we would use Samba also for authentication. I > read a lot of documentation but I didn't find any information about how to > use smart cards for authentication with Samba. Can this be done? Any > information would be deeply appreciated? Thank you. > > Regards Simon > > -- > To unsubscribe from this list go to the following URL and read the > instructions: http://lists.samba.org/mailman/listinfo/samba > -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Best way to migrate NT4 SAM db to Samba3+LDAP ?
Hello list, I have seen a few ways to migrate the SAM database of an NT4sp6 to Samba. I saw that some use pwdump while others use net rpc vampire. Which is the best way to translate users, groups and machines from NT to Samba3 LDAP ? Thanks for your help, -- Emmanuel Lesouef <[EMAIL PROTECTED]> Société Taika -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] [OT] Good Gigabit Ethernet Card ...
Use the intel one for 100% stability. The netgear ones do work and are cheaper, but for core resources, choose Intel. John N. CSI On Fri, 28 Nov 2003, Joe Cipale wrote: > "C.Lee Taylor" wrote: > > > > Greetings ... > > > > I hate to ask these questions, but I dought I will get a straight > > answer from an Salesmen ... > > > > I am looking at putting gigabit in as a back bone for a few Linux > > servers, but I have used an Accton Gigabit ethernet card with RedHat > > 8.0/9 and found it a little unstable ... do and RedHat users have a > > suggestion on a good, but not expensive Gigabit card, basicly for a > > Samba server(s). > > > > Thanks > > Mailed > > Lee > > > > -- > > To unsubscribe from this list go to the following URL and read the > > instr > > Well, > > I may be a tad biased, but you can't go wrong with an Intel Gigabit > card. > If yu can find an (older) 3Com card, that will work as well. > > Joe > -- > #--# > # Penguinix Consulting # > #--# > #Software development, QA and testing. # > #Linux support and training. # > #"Don't fear the penguin!" # > #--# > # Registered Linux user: #309247 http://counter.li.org # > #--# > -- > To unsubscribe from this list go to the following URL and read the > instructions: http://lists.samba.org/mailman/listinfo/samba > -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] [OT] Good Gigabit Ethernet Card ...
intel pro / 1000 MT DUAL or SINGLE i've three ports (SINGLE+DUAL) without any problem on the same server. how much is expensive/cheap? depends on your budget :=) redhat 9.0 + samba 3.0.0 working for 200 user on 24 computers (w2k) -- Ing. Romy Perez Moreno e-mail: [EMAIL PROTECTED], [EMAIL PROTECTED] http://fenix.uam.mx/romy tel: 5318 9067 / 5382-7157 -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] installation error
I see that error when the CPU is getting hot. Segmentation faults, for me, an usual sign of temperature. -- Arturo Busleiman - [ i n t r a R e d e s s r l ] Piedras 264 - 2 A (C1070AAF) - Buenos Aires - ARGENTINA Te.: (54 11) 4342-0049 - http://www.intraredes.com/ mailto:[EMAIL PROTECTED] On Fri, 28 Nov 2003, Pandele Stefan Cristian wrote: > > Hello, > > I tried to install samba 3.0.0. on sa slackware system and within the > "make" process I have this error: > > "Binding bin/smbd :collect2: ld terminated with signal 15 [Terminated] > make : *** [bin/smbd] Error 1." > > Please, tell me what can I do to solve this problem. I tried to find @ > google and I got no answer. > > Thank you a lot. > > > Stefan Pandele > [t] 0723046178 > [e] [EMAIL PROTECTED] > [EMAIL PROTECTED] > [i] www.psc.go.ro > > > > > > > Sentimente.ro - www.sentimente.ro > Peste 50.000 de prieteni te asteapta! > > > > > -- > To unsubscribe from this list go to the following URL and read the > instructions: http://lists.samba.org/mailman/listinfo/samba > > -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] installation error
Hello, I tried to install samba 3.0.0. on sa slackware system and within the "make" process I have this error: "Binding bin/smbd :collect2: ld terminated with signal 15 [Terminated] make : *** [bin/smbd] Error 1." Please, tell me what can I do to solve this problem. I tried to find @ google and I got no answer. Thank you a lot. Stefan Pandele [t] 0723046178 [e] [EMAIL PROTECTED] [EMAIL PROTECTED] [i] www.psc.go.ro Sentimente.ro - www.sentimente.ro Peste 50.000 de prieteni te asteapta! -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] [OT] Good Gigabit Ethernet Card ...
"C.Lee Taylor" wrote: > > Greetings ... > > I hate to ask these questions, but I dought I will get a straight > answer from an Salesmen ... > > I am looking at putting gigabit in as a back bone for a few Linux > servers, but I have used an Accton Gigabit ethernet card with RedHat > 8.0/9 and found it a little unstable ... do and RedHat users have a > suggestion on a good, but not expensive Gigabit card, basicly for a > Samba server(s). > > Thanks > Mailed > Lee > > -- > To unsubscribe from this list go to the following URL and read the > instr Well, I may be a tad biased, but you can't go wrong with an Intel Gigabit card. If yu can find an (older) 3Com card, that will work as well. Joe -- #--# # Penguinix Consulting # #--# #Software development, QA and testing. # #Linux support and training. # #"Don't fear the penguin!" # #--# # Registered Linux user: #309247 http://counter.li.org # #--# -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Samba support
HI I am kameshwar Rao Kadiyala, Working for US Census. We are using Samba extensively. I am Administrator of Version Control and have a small problem using Samba. I will give details of my job and I want your help to fix some problems.(not Samba related) We have PVCS installed on a Unix server(Sun Solaris) and each user has Window / Window NT client. There is a requirement for some files from PVCS to be checked out to a different server(Also Sun Solaris). PVCS has provided a new feature of Web enabling, wherein a user can connect to PVCS thru a browser by means of a link( An applet is created , thru web server user can access the Unix server where PVCS is installed, without actually logging into the Unix server). We mapped other Unix servers thru Samba to the Window drives with some accounts and when we select these drives when checking out, pvcs is able to check out to these Unix servers (different Unix server from the server where PVCS is installed). Everything works very fine till we noticed the checked out file attributes are getting changed. The samba scripts is getting executed and due to which these are getting changed(Sorry, correct me if I am wrong) Is there any way to retain the original file attributes and owner ? Can somebody help me out. My phone number Res. 703 768 3358 Cell703 362 5467 Office 301 763 9131 Thanks in advance Kamesh -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] [OT] Good Gigabit Ethernet Card ...
Greetings ... I hate to ask these questions, but I dought I will get a straight answer from an Salesmen ... I am looking at putting gigabit in as a back bone for a few Linux servers, but I have used an Accton Gigabit ethernet card with RedHat 8.0/9 and found it a little unstable ... do and RedHat users have a suggestion on a good, but not expensive Gigabit card, basicly for a Samba server(s). Thanks Mailed Lee -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Samba as the Trusting Domain
I have my new samba pdc setup as the Trusted Domain to my mths domain and this worked fine. When I try to make my samba domain as a Trusting Domain I get the following error. [EMAIL PROTECTED] init.d]# net rpc trustdom establish mths [2003/11/28 12:10:34, 0] utils/net_rpc.c:rpc_trustdom_establish(1789) Couldn't find domain controller for domain MTHS I can ping my domain PDC fine from my samba pdc. I can ping my nt pdc like ping pdc or ping the pdc with dns like ping pdc.someco.net and I am able to ping the pdc .I am not sure where to start troubleshooting this. Any suggestions would be appreciated. Thanks -Glenn -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Roving profiles - how to power off
Just change the logon path option to "logon path = " with nothing following the equal sign. This will allow profiles to be stored locally on each machine. Patrick Grosswiler Roger wrote: i still have roving profiles enabled on my clients. how can i tell the samba-server, not to offer roving profiles, so they are stored on the machines themselves?? thx Roger -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Network Browsing Therory
Hello all, I am a fanatic user of samba3 but there is still one thing I get troubles with it : network browsing. Here's the scenario : Suppose we have 3 domains (A B C) on 3 different IP subnets on 3 different LAN. Pdcs of domain A and B are samba 3, Domain C is NT4sp6 Domain C PDC is also a wins server and all clients / servers of all domains are configured to register their names on it. Users in domain C can browse all the domains. Users in domains A and B only see their domain. The question is : How can I make users in domains A and B browse other domains ? Of course samba 3 pdcs are also domain master, local master and configured tu use the wins server. Any input ? Thanks a lot, Stef -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Samba and the use of smart cards for authentication
Hi, We have a windows based network. Now we would like to secure all the computers with the use of smart cards (so that people can log on with a smart card). For testing purposes we bought some card readers and now we are trying to set up a testing lab. First problem we ran in to is that we would need W2K Server for Active Directory and the MS CA. Until now we used Samba for print and file server, so we thought that we would use Samba also for authentication. I read a lot of documentation but I didn't find any information about how to use smart cards for authentication with Samba. Can this be done? Any information would be deeply appreciated? Thank you. Regards Simon -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] ACL on a directory
I'm using gentoo-1.4 and Samba 3.0 pdc. And i have problems with display and change of rights of access to directories. My system: Kernel 2.4.20-gentoo-r8 (File systems-> POSIX Access Control Lists it is included), Root file system - reiserfs, shared folders are on ext3 which is mounted with an option acl samba it is compiled with options " - with-acl-support - with-winbind - with-quotas=no - with-ads=no - with-ldap=no - enable-cups=no " In windows property dialog, for files I can see/change permitions. But for directories, names of users and groups are displayed, but all checkbox are not marked. When I try to change rights of access in windows dialogue occur the "Creator Owner" and the "Creator Group", but rights do not change. That it would be clearer I shall explain: I create a directory. $ mkdir /home/samba/public/dir $ ls -l /home/samba/public/ drwxr-xr-x 2 sokoloff users 4096 Nov 28 09:06 dir $ getfacl /home/samba/public/dir getfacl: Removing leading '/' from absolute path names * file: home/samba/public/dir * owner: sokoloff * group: users user:: rwx group:: r-x other:: r-x $ smbcacls //fileservv/public dir added interface ip=192.168.10.220 bcast=192.168.10.255 nmask=255.255.255.0 Password: REVISION:1 OWNER:NEWOFFICE\sokoloff GROUP:NEWOFFICE\Domain Users ACL:NEWOFFICE\sokoloff:ALLOWED/0/FULL ACL:NEWOFFICE\Domain Users:ALLOWED/0/READ ACL:\Everyone:ALLOWED/0/READ Try to change rights from windows: $ getfacl /home/samba/public/dir getfacl: Removing leading '/' from absolute path names * file: home/samba/public/dir * owner: sokoloff * group: users user:: rwx group:: rwx other:: r-x default:user:: rwx default:group:: rw- default:other::--- $ smbcacls //fileservv/public dir added interface ip=192.168.10.220 bcast=192.168.10.255 nmask=255.255.255.0 Password: REVISION:1 OWNER:NEWOFFICE\sokoloff GROUP:NEWOFFICE\Domain Users ACL:NEWOFFICE\sokoloff:ALLOWED/0/FULL ACL:NEWOFFICE\Domain Users:ALLOWED/0/FULL ACL:\Everyone:ALLOWED/0/READ ACL:\Creator Owner:ALLOWED/11/FULL ACL:\Creator Group:ALLOWED/11/RW ACL:\Everyone:ALLOWED/11/ Right after additions of new group, the right for this group are shown. $ smbcacls //fileservv/public dir added interface ip=192.168.10.220 bcast=192.168.10.255 nmask=255.255.255.0 Password: REVISION:1 OWNER:NEWOFFICE\sokoloff GROUP:NEWOFFICE\Domain Users ACL:NEWOFFICE\Domain Admins:ALLOWED/3/READ ACL:NEWOFFICE\sokoloff:ALLOWED/0/FULL ACL:NEWOFFICE\Domain Users:ALLOWED/0/FULL ACL:\Everyone:ALLOWED/0/READ ACL:\Creator Owner:ALLOWED/11/FULL ACL:\Creator Group:ALLOWED/11/RW ACL:\Everyone:ALLOWED/11/ But after I shall try to change rights, they change and cease to be displayed in windows. $ smbcacls -d0 //fileservv/public dir added interface ip=192.168.10.220 bcast=192.168.10.255 nmask=255.255.255.0 Password: REVISION:1 OWNER:NEWOFFICE\sokoloff GROUP:NEWOFFI
[Samba] smbfs size limit
Hello, Samba-users, please don´t beat me, but I have to ask this question here, as I haven´t found an answer I can rely on until now. I am working on a solution for a backup-problem and one possible solution could be the use of smbfs/smbmount. I am testing that now, mounting a WinXPHome(sorry, testing ...)-share which is 20GB of size (8GB used) to my linux-box. The linux-box is a bit more sophisticated (Kernel 2.6.0-test11 - Samba 3.0.0). I don´t want to get into details now, just my questions: - I am aware of a sizelimit of 2 GB or 4 GB when using smbfs. What is the limit exactly and where does it come from ? smbfs in the kernel ? smbmount ? - I read about several patches and stuff, but that was all for older kernels. Basically I would be happy if it works with kernel 2.4.x. Could someone point me to the patches? I know that this topic ain´t new ... thank you for your help. -- best regards, Stefan G. Weichinger mailto:[EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] USRMGR.EXE administration: invalid syntax error message
I try to admin Samba 3.0.0 and 3.0.1pre3 (tried both versions) NT4.0 PDC with NT4.0 machine and NT4.0 USRMGR.EXE and get persistent error message 1) The group name could not be found 2) The user name could not be found 3) The filename, directory name, or volume label syntax is incorrect. Loggin into domain under name: root I can see the user and group listing. When I click on a user to see his details, I get message (2). When I click on a group to see it's details, I get message (1). When I click on "Add New User" in the menu, I get message (3). I have read mailing list postings indicating this works for other people. Am I doing something wrong? Is there any specification I should read describing under what circumstances should USRMGR.EXE administration work? Windows on client: NT4.0 (reinstalled from NT3.5 to NT4.0). Tried also another NT4.0 box with the same result Tried also XP box and running NT4.0 USRMGR.EXE -- the same result Samba: 3.0.0 and 3.0.1pre3 (tried first 3.0.1pre3 and then reinstalled to 3.0.0 by compiling 3.0.0 and make install 3.0.0 with leaving the same environment) Install path: default (./configure without parameters, path defaults to /usr/local/samba/) Distribution: gentoo. smb.conf contents: # Samba config file created using SWAT # from 127.0.0.1 (127.0.0.1) # Date: 2003/11/19 15:51:41 # Global parameters [global] security = user wins support = no workgroup = KEVF_D4 encrypt passwords = yes domain logons = yes null passwords = yes interfaces = eth0 preferred master = Yes domain master = Yes debuglevel = 3 ldap ssl = no hosts allow = 195.113.28.0/255.255.254.0 admin users = admin,prech,root hide local users = yes unix password sync = yes passwd program = /bin/passwd passwd chat = *ew*password* %n\n *new*password* %n\n add user to group script = /usr/local/samba/bin/myaddusertogroup "%u" "%g" add user script = /usr/sbin/useradd -c 'Samba User' -d /dev/null -g smbusers -s /bin/false %u add machine script = /usr/sbin/useradd -c 'Machine' -d /dev/null -g machines -s /bin/false %u add group script = /usr/local/samba/bin/mygroupadd "%g" delete group script = /usr/local/samba/bin/mygroupdel "%g" map to guest = Bad User passdb backend = tdbsam logon drive = h: logon home = \{}\{}oberon\{}%U logon path = \{}\{}oberon\}{profiles\{}%U [netlogon] path=/usr/local/samba/netlogon read only = yes guest ok = yes browseable = yes write list = admin prech root locking = no public = no [homes] comment = Home Directories browseable = no writable = yes [admin] comment = Admin Home writable = yes path = /home/admin [root] comment = Root Home writable = yes path = /home/admin [linux] comment = Linux Kernel Sources path = /usr/src/linux [profiles] create mode = 0600 csc policy = disable directory mode = 0700 comment = Profiles path = /usr/local/samba/profiles/ profile acls = yes read only = no permissions: drwxrwxrwt root root /usr/local/samba/profiles drwxrwxrwt root root /usr/local/samba/netlogon contents of netlogon: only directory scripts (no ntconfig.pol) Group information /etc/group: domain_users:x:410:root,admin,test domad:x:412:admin,root machines:x:408: smbusers:x:407: bash-2.05b# net groupmap list System Operators (S-1-5-32-549) -> -1 Replicators (S-1-5-32-552) -> -1 Guests (S-1-5-32-546) -> -1 Domain Users (S-1-5-21-xx-yy-zz-513) -> smbusers Power Users (S-1-5-32-547) -> -1 Print Operators (S-1-5-32-550) -> -1 Administrators (S-1-5-32-544) -> -1 Account Operators (S-1-5-32-548) -> -1 Domain Admins (S-1-5-21-xx-yy-zz-512) -> domadm Domain Guests (S-1-5-21-xx-yy-zz-514) -> nobody Backup Operators (S-1-5-32-551) -> -1 Users (S-1-5-32-545) -> -1 bash-2.05b# pdbedit -Lv root Unix username:root NT username: Account Flags:[U ] User SID: S-1-5-21-1720464068-1560033322-1864438560-1000 Primary Group SID:S-1-5-21-1720464068-1560033322-1864438560-1001 Full Name:root Home Directory: \{}\{}oberon\{}root HomeDir Drive:h: Logon Script: Profile Path: \{}\{}oberon\}{profiles\{}root Domain: KEVF_D4 Account desc: Workstations: Munged dial: Logon time: 0 Logoff time: Fri, 13 Dec 1901 21:45:51 GMT Kickoff time: Fri, 13 Dec 1901 21:45:51 GMT Password last set:Fri, 28 Nov 2003 08:48:20 GMT Password can change: Fri, 28 Nov 2003 08:48:20 GMT Password must change: Fri, 13 Dec 1901 21:45:51 GMT Cl< -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.o
[Samba] Re: ACL Security-tab missing users and groups
Hi! Yes I did mount the partition. ACL works fine with getfacl / setfacl and other fileutils. It works with Samba too as it reads and writes acl-entries. The problems are, that while adding permissions with windows, I can't get a listing of my users and groups AND that any combination of groups (MYDOM\domuser, MYDOM\Domain Users) is rejected and therefore I am unable to add group permission. With Windows that is. With linux it is possible to add group acls, BUT it seems that the acl inherition doesn't work for groups, only users. bug? # net groupmap list Domain Users (S-1-5-21-82784-3680983439-2218884935-513) -> domuser Domain Admins (S-1-5-21-82784-3680983439-2218884935-512) -> domadmin Domain Computers (S-1-5-21-82784-3680983439-2218884935-515) -> domcompu ... -- Pirkka Hi, did you mount your partition which homes your samba share with acl ? Did you mapped all your groups ? Read the related chapter in the how to not all permission tabs are able to use - Original Message - From: "Pirkka Luukkonen" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Friday, November 28, 2003 1:50 PM Subject: [Samba] ACL Security-tab missing users and groups Hi! I'm using Samba 3.0 pdc with Debian Woody, LDAP and ACL-support. ACL works great, but if I try to ADD an acl-permission via windows security-tab there is none to choose from. It shows that my domain is selected and there are some basic users (Everyone, Authenticated users, CREATOR-OWNER etc.) that can be chosen, but no users or groups of mine. Is this by design or am I missing something here? I can however type the name of the user I want to add to the textfield and it works fine, only group names don't work. -- Pirkka -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] 9x clients printing in B&W with CUPS
Alan Munday wrote: I have a working printing system where clients use the Adobe drivers to print to Samba(3.0)/CUPS(1.19). The 9x clients do not always print the colour for some graphic object types (where XP/2000 clients do). Is this a restriction of this configuration? Regards Alan I think windows client print in RAW mode. You install the correct printer driver on the Windows client, and CUPS will pass it throught to the printer directly, unchanged. Here, the correct printer driver is the same printer driver one would use if the printer was directly connected via a printer port on the 9x client. If it fails to print propery, it is a bug in the 9x printer driver software, and not samba/cups. Cheers James -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Samba Print Server
Hiya, Can someone explain why I am seeing chmod of W32X86/3/PSCRIPT5.DLL failed (Operation not permitted) in the log files. It is a samba 3.0.1pre3 print server, which has the drivers on it for loading to the clients. Here is the log file of errors. Thanx in advanced Kris [2003/11/27 16:29:15, 2] smbd/open.c:open_file(250) aclarke opened file W32X86/3/PSCRIPT.HLP read=Yes write=No (numopen=4) [2003/11/27 16:29:15, 2] smbd/close.c:close_normal_file(228) aclarke closed file W32X86/3/PSCRIPT.HLP (numopen=3) [2003/11/27 16:29:15, 2] smbd/open.c:open_file(250) aclarke opened file W32X86/3/PSCRIPT.HLP read=Yes write=No (numopen=4) [2003/11/27 16:29:15, 2] smbd/open.c:open_file(250) aclarke opened file W32X86/3/PSCRIPT.NTF read=Yes write=No (numopen=5) [2003/11/27 16:29:15, 2] smbd/close.c:close_normal_file(228) aclarke closed file W32X86/3/PSCRIPT.NTF (numopen=4) [2003/11/27 16:29:15, 2] smbd/open.c:open_file(250) aclarke opened file W32X86/3/PSCRIPT.NTF read=Yes write=No (numopen=5) [2003/11/27 16:29:15, 2] smbd/open.c:open_file(250) aclarke opened file W32X86/3/PSCRIPT5.DLL read=Yes write=No (numopen=6) [2003/11/27 16:29:15, 2] smbd/trans2.c:call_trans2setfilepathinfo(3105) chmod of W32X86/3/PSCRIPT5.DLL failed (Operation not permitted) [2003/11/27 16:29:15, 2] smbd/close.c:close_normal_file(228) aclarke closed file W32X86/3/PSCRIPT5.DLL (numopen=5) -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Roving profiles - how to power off
i still have roving profiles enabled on my clients. how can i tell the samba-server, not to offer roving profiles, so they are stored on the machines themselves?? thx Roger -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] PDC+LDAP+Win2k/XP domain logon
Hi, I successfully installed samba 3.0.1pre4 from cvs tree with ldap-2.0.27. I can log in with administrator but can't get my machines (win2k and XP) joined into the domain. Here are some relevant part of the log file. [2003/11/28 15:02:32, 3] rpc_server/srv_pipe.c:api_rpcTNP(1509) api_rpcTNP: rpc command: SAMR_OPEN_DOMAIN [2003/11/28 15:02:32, 3] lib/util_seaccess.c:se_access_check(251) [2003/11/28 15:02:32, 3] lib/util_seaccess.c:se_access_check(252) se_access_check: user sid is S-1-5-21-3516781642-1962875130-3438800523-3004 se_access_check: also S-1-5-21-3516781642-1962875130-3438800523-1401 se_access_check: also S-1-1-0 se_access_check: also S-1-5-2 se_access_check: also S-1-5-11 se_access_check: also S-1-5-21-518063335-3730449020-288107188-1401 [2003/11/28 15:02:32, 2] rpc_server/srv_samr_nt.c:access_check_samr_object(93) _samr_open_domain: ACCESS DENIED (requested: 0x0211) [2003/11/28 15:07:25, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(544) free_pipe_context: destroying talloc pool of size 732 [2003/11/28 15:07:25, 3] smbd/process.c:process_smb(890) Transaction 35 of length 168 [2003/11/28 15:07:25, 3] smbd/process.c:switch_message(685) switch message SMBtrans (pid 2501) [2003/11/28 15:07:25, 3] smbd/ipc.c:reply_trans(530) trans <\PIPE\> data=80 params=0 setup=2 [2003/11/28 15:07:25, 3] smbd/ipc.c:named_pipe(334) named pipe command on <> name [2003/11/28 15:07:25, 3] smbd/ipc.c:api_fd_reply(296) Got API command 0x26 on pipe "samr" (pnum 775c)free_pipe_context: destroying talloc pool of size 0 [2003/11/28 15:07:25, 3] rpc_server/srv_pipe.c:api_rpcTNP(1509) api_rpcTNP: rpc command: SAMR_CREATE_USER [2003/11/28 15:07:25, 2] rpc_server/srv_samr_nt.c:access_check_samr_function(115) _samr_create_user: ACCESS DENIED (granted: 0x0201; required: 0x0010) * smb.conf workgroup = TEST security = user server string = Test Samba 3.0 printcap name = /etc/printcap load printers = yes printing = cups log file = /var/log/samba/%m.log ldap admin dn = "cn=Manager,dc=csw,dc=com" ldap server = 192.168.1.30 ldap suffix = dc=csw,dc=com ldap port = 389 ldap ssl = off passdb backend = ldapsam:ldap://192.168.1.30 ldap delete dn = no ldap user suffix = ou=People ldap group suffix = ou=Groups ldap machine suffix = ou=Computers ldap filter = (&(uid=%u)(objectclass=sambaSamAccount)) add user script = /usr/local/sbin/smbldap-useradd.pl -a %u delete user script = /usr/local/sbin/smbldap-userdel.pl %u add group script = /usr/local/sbin/smbldap-groupadd.pl %g delete group script = /usr/local/sbin/smbldap-groupdel.pl %u add user to group script = /usr/local/sbin/smbldap-groupmod.pl -m %u %g delete user from group script = /usr/local/sbin/smbldap-groupmod.pl -x %u %g set primary group script = /usr/local/sbin/smbldap-usermod.pl -g gid %u add machine script = /usr/local/sbin/smbldap-useradd.pl -w %u debuglevel = 3 max log size = 1 encrypt passwords = yes unix password sync = Yes passwd program = /usr/local/sbin/smbldap-passwd.pl %u passwd chat = *New*password* %n\n *Retype*new*password* %n\n *passwd:*all*authentication*tokens*updated*succ pam password change = yes obey pam restrictions = yes socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 remote announce = 192.168.1.255 local master = yes domain master = yes preferred master = yes domain logons = yes logon script = %U.bat logon path = \\%L\Profiles\%U wins support = yes ... ** At the client side a simple access denied message appears. Any idea would be appreciated. thanks.,FS -- ...Fehér Sándor...---Sandor Feher fejlesztési vezető --- development manager Blue System Kft. --- Blue System Ltd. mailto:[EMAIL PROTECTED] http://www.bluesystem.hu -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] User must change password on next logon
I have been trying to create some administration guidline to adding users and groups in a Samba 3.0 PDC. I have most of the task documented. The problem I run into is where can I set the attribute for a user to change their password on next logon. Any help is appreciated. Terrance Bey -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Just a thought, all this "swen" stuff, this list
> True. This account was new. No one new about it. Openldap and Samba where > the two firsts lists where I posted from it. I automatically started to > get spam. It's not a crazy idea to think conspirationally. It's just a > list, and it's plain easy to attack it. > > I agree, I found that I've been hammered having posted to a number of mail > > lists. I post "frequently", and haven't seen any such thing. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Just a thought, all this "swen" stuff, this list
True. This account was new. No one new about it. Openldap and Samba where the two firsts lists where I posted from it. I automatically started to get spam. It's not a crazy idea to think conspirationally. It's just a list, and it's plain easy to attack it. -- Arturo Busleiman - [ i n t r a R e d e s s r l ] Piedras 264 - 2 A (C1070AAF) - Buenos Aires - ARGENTINA Te.: (54 11) 4342-0049 - http://www.intraredes.com/ mailto:[EMAIL PROTECTED] On Thu, 27 Nov 2003, Alan Munday wrote: > I agree, I found that I've been hammered having posted to a number of mail > lists. > > Alan > > > -Original Message- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On > Behalf Of Initech > Sent: 27 November 2003 19:30 > To: [EMAIL PROTECTED] > Subject: [Samba] Just a thought, all this "swen" stuff, this list > > > > > It seems anyone posting to this list gets a deluge (and I mean a > deluge) of virus infected windows garbage. It's basically enough to > ruin any email address you sign up to the list with; it doesn't matter > if you have a virus scanner integrated with your MTA, I really don't > want to see 200 virus notifications a day because i posted to this > list. I have been getting about 20MB of swen a day since i first > posted here. > > Not to espouse conspiracy theories, but it really seems like this list > is under attack. Can there be sme warning about this on the list > signup page? Like, "Use a throwaway email address for this list", etc. > > I'm not complaining, just that I think some sort of warning is in > order here. This swen stuff is totally out of control. > -- > To unsubscribe from this list go to the following URL and read the > instructions: http://lists.samba.org/mailman/listinfo/samba > > -- > To unsubscribe from this list go to the following URL and read the > instructions: http://lists.samba.org/mailman/listinfo/samba > > -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Linux-clients how to connect/auth on samba?
hi list (or people inside) i've got a server running with samba 3.0 on linux. i have all my clients dual-boot, meaning win and linux installed on them. my samba-server is configured as pdc, with auth.method=smbpasswd. All works fine with my win-clients. I get connected, authenticated and executed all login-scripts! -> nearly perfect! But: linux-clients: - i do: net join -s SERVER -U root, enter my password and get "Successfully joined Domain DOMAIN". - afterwards, i log out and try to login in the form: DOMAIN\user with the accomodate password from smbpasswd. Result: Authentification failure i configured nsswitch.conf and entered the lines concerning winbind into smb.conf. but still: same messages. Does anybody have: - Linux clients, connecting and authenticating on a Samba PDC - perhaps also executing some login-scripts to have the shares on a per-user-base ...or is it even easier to do with ldap or whats wrong?? what do you need to help?? thx in advance -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] ACL Security-tab missing users and groups
Hi! I'm using Samba 3.0 pdc with Debian Woody, LDAP and ACL-support. ACL works great, but if I try to ADD an acl-permission via windows security-tab there is none to choose from. It shows that my domain is selected and there are some basic users (Everyone, Authenticated users, CREATOR-OWNER etc.) that can be chosen, but no users or groups of mine. Is this by design or am I missing something here? I can however type the name of the user I want to add to the textfield and it works fine, only group names don't work. -- Pirkka -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Can samba do this?
Hi all, I don't currently run samba and I'm a bit of a novice at networking. Anyway here is the problem. My office/company has a fair sized windows network - 500 or so machines. For some of my applications linux is far more useful so I want to build a sub-network of 3-6 linux machines and connect to the windows network. The only essential function would be file tranfer in both directions. What is the easiest way to do this? In my head I have a picture of a mini-network of the linux machines, one of which is running samba and is connected directly on a machine on the windows network but this is just a standard XP machine (the one on my desk) not a server. I think that the machine on my desk will be able to see and write to the linux network via network neighbourhood. Will all the linux machines be able to write to the windows network though, or even just to my desktop machine (NTFS discs if that makes a difference)? Thanks for any advice, but can you make it easy start very basic because networking is an entirely new thing for me. Paul PS. I'm digesting _ Hotmail messages direct to your mobile phone http://www.msn.co.uk/msnmobile -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE: [Samba] very low speed local network browsing from win xp clients
Hi: Change this parameters: name resolve order = wins host lmhosts bcast And you must have the correct parameters in resolv.conf and hosts regards. El jue, 27-11-2003 a las 19:12, Buda GÃbor escribiÃ: > Hi There! > > > Thank You for your very quick help. It's nice to see that are so helpfull > people in the world of linux. Thanks! > > I changed my network card's settings to 'half-duplex' on my win XP, but the > machines in the workgroup (and the workgrup 'vorosko' too) appearing very > slow (10-15 seconds). It' the same, that it was before the changes.) My new > smb.conf file: > > [global] > ; domain master = no > ; local master = yes > ; preferred master = yes > passwd program = /usr/bin/passwd %u > printing = bsd > syslog only = no > dns proxy = no > null passwords = yes > protocol = NT1 > name resolve order = bcast host > strict sync = no > socket options = TCP_NODELAY IPTOS_LOWDELAY > character set = iso8859-2 > short preserve case = yes > printcap name = /etc/printcap > invalid users = root > max log size = 1000 > interfaces = 192.168.32.253/255.255.255.0 > debug level = 0 > passwd chat = *Enter\snew\sUNIX\spassword:* %n\n > *Retype\snew\sUNIX\spassword:* %n\n > preserve case = yes > security = user > unix password sync = no > workgroup = vorosko > server string = %h server (Samba %v) > syslog = 0 > client code page = 852 > netbios name = SERVER > guest account = nobody > load printers = no > os level = 33 > ; socket address = 192.168.32.253 > > > > Best regards > Gabor > > > > -Original Message- > > From: James Courtier-Dutton [mailto:[EMAIL PROTECTED] > > Sent: Wednesday, November 26, 2003 1:47 AM > > To: Buda GÃbor > > Cc: [EMAIL PROTECTED] > > Subject: Re: [Samba] very low speed local network browsing > > from win xp clients > > > > > > Buda GÃbor wrote: > > > Hi Everyone there! > > > > > > > > > We have a very annoying problem since several months when > > browsing the > > > local network (workgroup) from win xp clients (from win98 > > clients it's > > > almost OK). The machines in the workgroup appearing very > > slooow (about > > > 15-20 sec), and this value doesn't change even in the 2nd or 3rd > > > browse. We have 1 linux (debian 2.4.21 pre 3) pc, running the samba > > > (2.2312) server, about 15 win98 clients, 60 win xp clients, > > 1 win nt > > > server. When I shutdown our win nt server, the problem > > doesn't change. > > > When I shutdown our samba server, the browsing of our > > workgroup become > > > very fast. > > > > > > Here is my smb.conf file, perhaps You can help me to solve this > > > problem. Thank You. > > > > > I don't know if it will help, but try changing the settings on the > > Network card of the Windows XP clients. > > Go into advanced settings and change "Duplex" from "Auto" to > > "Half Duplex". > > > > I have found that samba functions quite badly with Windows > > clients when > > network packets start getting lost. > > > > You would only need to try the change to "half duplex" on one > > Windows XP > > client to see if it helps for that one client. > > > > I am still investigating ways to improve samba under these > > packet loss > > conditions, but it would be nice to see if changing to "half duplex" > > helps others like it helped me. > > > > Cheers > > James > > > > > > > > > > -- Alejandro Soler Administrador de Sistemas Martina di Trento S.A. Buenos Aires - Argentina [EMAIL PROTECTED] www.martinaditrento.com TEL.: 4000-7200 -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Linux/Samba for the first time
You can add this line to the [share] part in smb.conf: force user = root This will give anay valid user for the share root permissions. Per Bäckman wrote: I'm setting up a linux mashine with samba for filesharing to windowsclients. I use samba 3 and Linux rh9 and swat. We are just a small group of trusted people. I need to create a folder with rights for any windowsuser in the workgroup to: -connect to and add subfolders and files. -read all the subfolders and files. -change in subfolders and files. Basicly we will store the economysystem, filemaker pro server and officefiles. Finally we will back it up to a tape drive or to another media. Is there no easy way to make a share without restrictions? Thanks Per Bäckman -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Send broadcast messages with Samba
Hi ! Is there some way to send broadcast messages with Samba ? I know the command "smbclient -M", but it sends winpopup messages, and I'd like send messages no using windows winpopup, because I don't want let winpopup running all time in workstations. Thanks for any help, Bruno Stella [EMAIL PROTECTED] Setor de Redes - (19) 3031-4165 Secretaria de Informatica Tribunal Regional do Trabalho da 15a. Regiao -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Samba on Sun Solaris v9
We are running Samba version 2.0.7 on Sun Solaris 2.6.We will soon upgrade to Sun Solaris 9. Will our current version of Samba still work? In the binaries section I could not find a sol9 version yet. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Re: How to migrate a complex NT4 network
On Thu, Nov 27, 2003 at 08:11:05PM +0100, Raphaël Berghmans wrote: > Indeed the SAM migration is very simple with vampire. But Samba cannot > made realtime synchronization with a NT4 PDC and how to manage the > modifications. Made a vampire each time a modification has been done on > the PDC is a little bit tricky (with 1600 users, 500 groups and 1700 > machines). My general strategy with this is always: First leave the NT4 domain in place and get *everything* else off the NT machines. This leaves them as DC's and netlogon-providers only. If you are confident enough with Samba, install the basic infrastructure to openldap-replicate, test that. And then, as the very last step, the vampire-migration is probably the easiest part. With a proper WINS setup for the then very short migration period you can safely simply switch off the BDCs without disrupting your domain. Just my 2 cents. Volker -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Linux/Samba for the first time
I'm setting up a linux mashine with samba for filesharing to windowsclients. I use samba 3 and Linux rh9 and swat. We are just a small group of trusted people. I need to create a folder with rights for any windowsuser in the workgroup to: -connect to and add subfolders and files. -read all the subfolders and files. -change in subfolders and files. Basicly we will store the economysystem, filemaker pro server and officefiles. Finally we will back it up to a tape drive or to another media. Is there no easy way to make a share without restrictions? Thanks Per Bäckman -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Problems with shares from a NT4
signature.asc Description: Dette er en digitalt underskrevet brevdel -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Perms must traduct to ACL?
Hi, yes if you wanna use set permissions you have to have acl in your kernel, the usage is different to the related distros, i can confim that it is working with suse 8.2 , 9 ( acl pack installed ) with the samba shares mount with acl ( normally done in fstab ) , i recommend use of ext3-acl and samba 3 Best Regards - Original Message - From: "Andreu Sanchez" <[EMAIL PROTECTED]> To: "Llista Samba" <[EMAIL PROTECTED]> Sent: Friday, November 28, 2003 9:25 AM Subject: [Samba] Perms must traduct to ACL? > -- > To unsubscribe from this list go to the following URL and read the > instructions: http://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Missing files in directory listings
Thanks After deleting files, to get the directory down to 200 files, the problem disapeared, we will try your suggestion, and see if the problem comes back. Thanks Per Bjoern JACKE wrote: > > On 2003-11-27 at 16:00 +0100 Per Kofod sent off: > >When new files are added to the directories, and they do a directory > >listing on their PC's ( Win 2000 pro SP2 and SP3 ), the last 10 files > >are not shown. THis happens both when using "explorer" or doing a `dir` > >in an command prom window. > > try setting "mangling method" to hash2. > > Bjoern -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Perms must traduct to ACL?
Hello, I posted some days ago and after searching more and more i think the problem could be fixed patching the kernel with ACL support, am i right? Here's my problem: I have a samba server running as a domain member in a windows domain controlled by a windows nt4 PDC. Samba has to authenticate users against that nt4 PDC, it works, i also use winbind to map uid and gid to my linux so i can have the tipically "Administrador+DOMAIN Domain Users+DOMAIN fileserver/" perms. All works fine and the only (and terrible) problem is that i can't set permission to files or folders from a windows, i can't add users to a file or folder from the security tab under the properties menu and i have no errors in my log messages. I just get a "access denied" message in the windows machine. I tried several smb.conf setups, share scripts and such and several samba versions, since 2.x to 3.x (included pre versions) That's the problem. If somebody wants to help me it will make my life more easy. Thank you in advance, -- --- | Andreu SÃnchez - http://www.taniz.org/ - Clickety-click! | | Fingerprint = 3ADA 69EF 4E84 DEC8 D219 6863 83F0 513E 06AE 46D1 | | GnuPG key: 06AE46D1 ( pgp.mit.edu - www.keyserver.net ) | --- signature.asc Description: Esta parte del mensaje =?ISO-8859-1?Q?est=E1?= firmada digitalmente -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] join samba3.0 to the domint on samba-tng
Hello samba, I have domain in samba-tng+OpenLdap. I wont join to domain workstation with samba-3.0 In tng machine acount exist: ./rpcclient -S . createuser machineName$ On 3.0 joining to domain ./net join could not initialise lsa pipe could not obtain sid for domain -- Best regards, Alex mailto:[EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba