Re: [Samba] SOLVED Samba 3.0.0, CUPS support - Unable to open printcap file cups for read!
Fran Fabrizio wrote: I'm still having print problems. I'm beginning to wonder if it's my version of CUPS rather than Samba. When I print from my Windows Samba clients, the job shows up in the /var/spool/cups directory, and CUPS web admin says the job completed, but it never prints anything. Same thing from linux samba clients works fine (i.e. if I do 'smbclient //ds119b/myprinter' and then 'print /etc/printcap', it works fine). I had the same probleme here. I use RedHat 8.0, cups 1.1.19 and samba 3.00 (the rpm from samba.org for RedHat8) cups was working fine, but the printcap problem was reported in the samba-logs. So I have got the srpm-samba3.00 from samba.org and rebuild the whole thing - the problem is gone... -- Carsten Buechner EDAG-Wolfsburg| Phone:+49-05361-799181 Schweriner Str. 4 | FAX: +49-05361-799134 38444 Wolfsburg | eMail:[EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] samba linking Linux and OSX -- weird permissions
Greetings! Samba works great for mounting OSX shares on Linux, or vice versa. However, when I mount an OSX share on Linux, I get weird switches in ownership and permissions. Take these examples from two Linux machines (one and two), running Debian sid and Samba 3.0.0final-1, mounting a directory on an OSX 10.3. First, what the OSX machine shows through an ssh session: [osx:~/Desktop] liontooth% l total 352 -rwxr-xr-x 1 liontooth wheel 13780 9 Dec 22:34 Convert to QuickTime for Anvil.app -rw-r--r-- 1 liontooth staff 0 28 Nov 23:04 Three -rw-r--r-- 1 liontooth staff 0 24 Nov 20:02 One lrwxr-xr-x 1 liontooth staff 16 16 Dec 23:14 storage - /Volumes/Storage Second, what the first Linux machine shows on the mounted volume: [EMAIL PROTECTED]:/mnt/osx/Desktop# l total 18 -rwxr--r--1 root root13780 Dec 9 22:34 Convert to QuickTime for Anvil.app -rwxr--r--1 root root0 Nov 28 23:04 Three -rwxr--r--1 root root0 Nov 24 20:02 One drwxr-xr-x1 root root 4096 Dec 16 22:42 storage This doesn't cause any problems -- the symlink works, for instance. Third, this is what the second Linux machine shows: [EMAIL PROTECTED]:/mnt/bighoss/Desktop# l total 1048576 -rwxr-xr-x1 504 root13780 Dec 9 22:34 Convert to QuickTime for Anvil.app -rw-r--r--1 504 dialout 0 Nov 28 23:04 Three -rw-r--r--1 504 dialout 0 Nov 24 20:02 One lrwxr-xr-x1 504 dialout16 Dec 16 23:14 storage - /Volumes/Storage This is a problem -- the symlink doesn't work. On the machine called two, there are in fact no users with UID 504 and no user dialout. While it may be that OSX is messing up, my question is this: Which files on my Linux machines could be controlling what I see on the OSX system? Since my two Linux machines give me completely different results, I have to conclude there are control files on Linux that somehow govern this behavior. BTW, I have a different problem going the other way -- mounting a Linux share on OSX. In that case, the available space on the Linux machine is set far too low. Let's say I actually have 20GB of free space on the mounted share; OSX shows 1.4GB is available. Any suggestions? Cheers, David -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] A domain controller for the domain could not be contacted (2.2.3a-12.3 for Debian)
Patrick Shoaf wrote: I am running on RedHat, but everything should be same on server side. Try adding the following lines into the smb.conf file: password level = 8 username level = 8 encrypt passwords = yes smb passwd file = /etc/samba/smbpasswd unix password sync = yes pam password change = yes obey pam restrictions = yes I added your parameters to the config file and also created an additional shared called [unsafe] from which i can easier get the config file when i want to email it. When i want to join the domain with an Windows XP Version 2002 Professional Service Pack 1 i still get the following error: A domain controller for the domain HAWAR3 could not be contacted. Ensure that the domain name is typed correctly. If the name is correct click Details for troubleshooting When i click on details: Note: This information is intended for a network administrator. If you are not your network's administrator, notify the administrator that you received this information, which has been recorded in the file C:\WINDOWS\debug\dcdiag.txt. The domain name HAWAR3 might be a NetBIOS domain name. If this is the case, verify that the domain name is properly registered with WINS. If you are certain that the name is not a NetBIOS domain name, then the following information can help you troubleshoot your DNS configuration. The following error occurred when DNS was queried for the service location (SRV) resource record used to locate a domain controller for domain HAWAR3: The error was: DNS name does not exist. (error code 0x232B RCODE_NAME_ERROR) The query was for the SRV record for _ldap._tcp.dc._msdcs.HAWAR3 Common causes of this error include the following: - The DNS SRV record is not registered in DNS. - One or more of the following zones do not include delegation to its child zone: HAWAR3 . (the root zone) For information about correcting this problem, click Help. Screenshots: - http://www.nergens.org/samba/ComputerNameChanges.PNG - http://www.nergens.org/samba/ComputerProperties.PNG Attached is my smb.conf Eduard Witteveen [global] ;changes after comments of Patrick Shoaf password level = 8 username level = 8 encrypt passwords = yes smb passwd file = /etc/samba/smbpasswd unix password sync = yes pam password change = yes obey pam restrictions = yes ;basic server settings workgroup = HAWAR3 netbios name = nemo server string = Samba %h PDC running %v socket options = TCP_NODELAY IPTOS_LOWDELAY SO_SNDBUF=8192 SO_RCVBUF=8192 ;PDC and master browser settings os level = 64 preferred master = yes local master = yes domain master = yes ;security and logging settings security = user # encrypt passwords = yes log file = /var/log/samba/log.%m log level = 2 # max log size = 50 # hosts allow = 127.0.0.1 192.168.1.0/255.255.255.0 ;user profiles and home directory logon home = \\%L\%U\ logon drive = H: logon path = \\%L\profiles\%U logon script = netlogon.bat ;sync passwords unix password sync = yes passwd program = /usr/bin/passwd %u passwd chat = *New*UNIX*password* %n\n *Retype*new*UNIX*password* %n\n *Enter*new*UNIX*password* %n\n *Retype*new*UNIX*password* %n\n *passwd: *all*authentication*tokens*updated*successfully* ; new machines add user script = /usr/sbin/useradd -d /dev/null -g machines -s /bin/false -M %u # shares [unsafe] path = /etc/samba comment = Unsafe Config Share, has to be removed browseable = yes writeable = yes [homes] comment = Home Directories browseable = no writeable = yes [profiles] path = /home/samba/profiles writeable = yes browseable = no create mask = 0600 -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Re: Samba-3.0 groupmapping problem
[EMAIL PROTECTED] wrote: Hi, first thank for this answer :o) What do you meen by : You must have the posixAccount LDAP definition in the LDAP directory. Having it /etc/group won't help at all... That's why you have a «No such object» error in Samba logs. Sorry, I meant « posixGroup » in the LDAP directory. Then, when the group is defined in LDAP (and not in /etc/group), you can associate (ie. groupmap) an SID with the posixGroup. Tu peux aussi me contacter sur ma BAL [EMAIL PROTECTED] pour continuer en Français. Cdt, J. -- Jérôme Fenal - Consultant Unix/SAN/Logiciel Libre Groupe Expert Managed Services - LogicaCMG France http://www.logicacmg.com/fr/ - mailto:jerome.fenal AT logicacmg.com -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Re: INTERNAL ERROR: Signal 11
[EMAIL PROTECTED] wrote: Hello everybody, I just installed a samba-3.0.1 from sources, and I have an INTERNAL ERROR when I launch smbd, nmbd or even swat (from inetd) to try to configure something. I use a slackware 9.1 with glibc-2.3.2 The glibc seems to be the problem, because when I jump back on a 2.3.1, I can launch swat without this bug. Can someone help me to fix that ? Could you quickly test your server's memory with memtest86 ? Signal 11 is often a sign of failing memory hardware. Cdt, Jérôme -- Jérôme Fenal - Consultant Unix/SAN/Logiciel Libre Groupe Expert Managed Services - LogicaCMG France http://www.logicacmg.com/fr/ - mailto:jerome.fenal AT logicacmg.com -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Antwort: Re: [Samba] XP stops nearly all networkservices after joining Samba3 domain
Hello Jerry, Yes, 3.0.1 fixed that problem. Thank you very much. Greetings Stefan -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 [EMAIL PROTECTED] wrote: | I setup samba3.0.1pre3+ldap as PDC. NT and 2k Workstation | work. I can add xp clients to the domain. But when then | the user logs in, the xp stops nearly all services after | the authentication: | | login-, workstation-, browser-,audio- etc. service | | When I login as domainadmin,go to the Services, switch | the logonservice from automatic to manual, then login again | as domaiadmin, start manual the logonservice, logoff ,then | I'm able to login without problems. | | Has anyone an idear what this could be?? This might be the LsaQueryInfo(3) bug I fixed yesterday. Try the SAMBA_3_0_RELEASE branch and l et me know. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: password - ldap questions
ldap passwd sync = yes fixed it, thnx regards Otto Schakenbos PC-Support TFX IT-Service AG Fronackerstrasse 33-35 71332 Waiblingen GERMANY Jérôme Fenal wrote: Adam Williams wrote: [snip] I'm using the smbldap-passwd.pl tool. If i use this tool directly from the command line it does update the userpassword just fine. (using the same syntax as in the smb.conf. When i turn sync unix passwords then the domain stops working (domain not foud) That shouldn't happen. Don't you mean unix password sync Also have a look at « ldap passwd sync = » : http://www.samba.org/samba/docs/man/smb.conf.5.html#LDAPPASSWDSYNC Regards, Jérôme -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] A domain controller for the domain could not be contacted (2.2.3a-12.3 for Debian)
The error was: DNS name does not exist. (error code 0x232B RCODE_NAME_ERROR) The query was for the SRV record for _ldap._tcp.dc._msdcs.HAWAR3 Common causes of this error include the following: - The DNS SRV record is not registered in DNS. It seems your workstation tries to locate the DC by doing a dns query, what is not currently supported by Samba. What is your workstation node type set to? Regards, Fabien Chevalier -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba Variables and TCP/IP Throughput
Perhaps your TCP window is too small You should try the following global settings: read size = 65535 max xmit = 65535 socket options = TCP_NODELAY SO_SNDBUF=65535 SO_RCVBUF=65535 Rgds Per [EMAIL PROTECTED] wrote: Hi, I am trying to optimize my gigabit network. I have two Intel 1000 MT Gigabit Server Adapters, which support Jumbo Frames -- as well as a Switch that supports Jumbo Frames. However, I am observing some strange behavior in my file transfers from Windows XP to Linux and I am wondering if it has anything to do with the way the Samba variables are set on my Linux box? The strange behavior is that when I set both NICs to use Jumbo Frames [MTU=9014 on the Windows side (includes IP headers) , 9000 on the Linux side (doesn't include the headers], I am getting about half the throughput that I get when I set both NICs to use the standard MTU of 1514/1500. I see the same behavior even if I take the switch out of the system and connect the Windows XP and Linux machines directly to each other (crossover cable not required for computer-to-computer connection with these NICs -- and by the way all of my cables are CAT6). On the Linux side, I am using Samba 3.0.0 on Mandrake Linux 9.2 with all of Mandrake's current updates -- kernel = 2.4.22-21enterprisemdk. The Linux machine is a P4-3.06 Ghz with 1 GB of RAM -- running in hyperthreading mode. I am wondering if any of the Samba socket options settings like tcp_nodelay, so_sndbuf=8192 or so_rcvbuf=8192 are affecting my throughput -- particularly when I am using Jumbo Frames? And are there any other Samba settings that might be interacting in a negative way with my TCP/IP and NIC driver settings that are causing me to get lower throughput with Jumbo Frames instead of higher throughput (which is what I am told I should be getting). Any guidance would be appreciated. I have purchased The Official Samba 3 HOW-TO and Reference Guide but it really isn't very helpful when it comes to understanding how to tune these options and how various socket options settings interact with other network settings and hardware. Andy Liebman Resolute Films 119 Braintree Street, Suite 410 Boston, MA 02134 Tel: 617-782-0479 Cell: 617-308-0488 Fax: 617-782-1071 -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] A domain controller for the domain could not be contacted (2.2.3a-12.3 for Debian)
Fabien Chevalier wrote: It seems your workstation tries to locate the DC by doing a dns query, what is not currently supported by Samba. What is your workstation node type set to? Could you rephrase your question? I dont know how i found out what the node type of my workstations is. (after some googling i tried looking in the registry for the key HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Netbt\Parameters NodeType, but i couldnt find the entry) Eduard Witteveen -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] A domain controller for the domain could not be contacted (2.2.3a-12.3 for Debian)
Le Wednesday 17 December 2003 12:39, Eduard Witteveen a écrit : Fabien Chevalier wrote: It seems your workstation tries to locate the DC by doing a dns query, what is not currently supported by Samba. What is your workstation node type set to? Could you rephrase your question? I dont know how i found out what the node type of my workstations is. Please send your ipconfig /all. I suppose something's wrong in your network settings. Are you using Dhcp or static Ip? Regards, Fabien Chevalier -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] How much space is needed to install samba??
Dear samba support team, I am very interested to use samba for talking between Windows machine and Unix machine. May I know how much space is needed to install samba on the server? Thanks for your great feedback. Regards, Alex --- This is a PRIVATE message. If you are not the intended recipient, please delete without copying and kindly advise us by e-mail of the mistake in delivery. NOTE: Regardless of content, this e-mail shall not operate to bind CSAM to any order or other contract unless pursuant to explicit written agreement or government initiative expressly permitting the use of e-mail for such purpose. --- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] help: samba server don't work in embeded linux
hi all, I want to use samba as a file server in some embeded enviroment, becase I have only 8M flash to hold file system of linux, so I have to put samba files into harddisk. we mount the harddisk as /mnt/c,mkdir samba in /mnt/c, and mkdir bin,lib,log,pid,codepage in /mnt/c/samba. we put smbd,nmbd in /mnt/c/samba/bin we put all the lib files needed in /mnt/c/samba/lib and make all the symbolic links of them in /lib. we put all the codepage files in /mnt/c/samba/codepage. the smb.conf is like below, # Global parameters [global] workgroup = gydw netbios name = et2000 security = share guest ok = yes encrypt passwords = yes code page directory = /mnt/c/smaba/codepage log file= /mnt/c/smaba/log/%m.log lock dir= /mnt/c/smaba/lock pid directory = /mnt/c/smaba/pid [data] comment = data path = /mnt/c/dvbs/data guest only= Yes -- I start them like below: /mnt/c/samba/bin/nmbd -D /mnt/c/samba/bin/smbd -D but when I try to run command \\et2000 in win2000, it says the network name is no longer usable. the log is like below, [1970/01/01 00:01:39, 0] ../lib/util_sec.c:assert_gid(114) Failed to set gid privileges to (-1,65534) now set to (0,0) uid=(0,0) [1970/01/01 00:01:39, 0] ../lib/util.c:smb_panic(1094) PANIC: failed to set gid ... many repeat [1970/01/01 00:01:39, 0] ../lib/util_sec.c:assert_gid(114) Failed to set gid privileges to (-1,65534) now set to (0,0) uid=(0,0) [1970/01/01 00:01:39, 0] ../lib/util.c:smb_panic(1094) PANIC: failed to set gid I don't know why, can anybody help me? or anybody can tell me which files and directories are nessasory to run a samba server? thanks very much! __ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] A domain controller for the domain could not be contacted (2.2.3a-12.3 for Debian)
Fabien Chevalier wrote: Please send your ipconfig /all. I attached the output I suppose something's wrong in your network settings. Are you using Dhcp or static Ip? Dhcp. (look in the output) The linux server (nemo) has ip-number 10.0.0.152 Eduard Witteveen Windows IP Configuration Host Name . . . . . . . . . . . . : SHARED-PC Primary Dns Suffix . . . . . . . : Node Type . . . . . . . . . . . . : Hybrid IP Routing Enabled. . . . . . . . : No WINS Proxy Enabled. . . . . . . . : No Ethernet adapter Local Area Connection: Connection-specific DNS Suffix . : Description . . . . . . . . . . . : Realtek RTL8139/810x Family Fast Ethernet NIC Physical Address. . . . . . . . . : 00-E0-4C-48-3E-AB Dhcp Enabled. . . . . . . . . . . : Yes Autoconfiguration Enabled . . . . : Yes IP Address. . . . . . . . . . . . : 10.0.0.156 Subnet Mask . . . . . . . . . . . : 255.255.255.0 Default Gateway . . . . . . . . . : 10.0.0.138 DHCP Server . . . . . . . . . . . : 10.0.0.10 DNS Servers . . . . . . . . . . . : 194.134.0.97 194.134.5.55 Primary WINS Server . . . . . . . : 10.0.0.10 Lease Obtained. . . . . . . . . . : Dienstag, 16. Dezember 2003 10:38:39 Lease Expires . . . . . . . . . . : Dienstag, 23. Dezember 2003 10:38:39 -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE: [Samba] can not overwrite files but can delete.
What I should have mentioned but failed to, was this is an intermitting problem (a developers favorite kind I'm sure). What's worse, and this just sounds so so wrong; doing a 'copy paste' will produce the error more often than doing a 'drag and drop'. Perhaps it is just coincidence, but i get the feeling it is not. We discovered this when I had asked the user to demonstrate the problem to me as I had not been able to recreate it. He came over and did a copy/paste whereas I was dragging and dropping the same files from one window to another without issue prior to having the user demonstrate the procedure he uses. 3-6 times out of 10 copy/pasting will throw the error. (Cannont copy file3.bat: Cannot find the specified file. Make sure you specify the correct path and filename.) 1-2 times out of 10 drag/drop will throw the error. Is there anything in common with the failures? The same filenames failing? Or a same group of other filenames present in the directory when a new copy/paste fails? The only thing I can think of is a upper/lower-case (if you have w95/98 clients) or filename mangling problem. The default mangling method changed for 3, but it should _reduce_ problems like these if that is indeed the culprit. Anything unusual in the logs? ~ Daniel --- This message is the property of Time Inc. or its affiliates. It may be legally privileged and/or confidential and is intended only for the use of the addressee(s). No addressee should forward, print, copy, or otherwise reproduce this message in any manner that would allow it to be viewed by any individual not originally listed as a recipient. If the reader of this message is not the intended recipient, you are hereby notified that any unauthorized disclosure, dissemination, distribution, copying or the taking of any action in reliance on the information herein is strictly prohibited. If you have received this communication in error, please immediately notify the sender and delete this message. Thank you. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] A domain controller for the domain could not be contacted (2.2.3a-12.3 for Debian)
Le Wednesday 17 December 2003 13:20, Eduard Witteveen a écrit : Fabien Chevalier wrote: Please send your ipconfig /all. I attached the output I suppose something's wrong in your network settings. Are you using Dhcp or static Ip? Dhcp. (look in the output) The linux server (nemo) has ip-number 10.0.0.152 Eduard Witteveen Ok, thanks. I think your Samba server hasn't been registered to your wins server, thus when trying to join the domain, your workstation falls back to dns...which obviously fails. Try to add wins server = 10.0.0.10 to your smb.conf, and let us know if it works... Good luck, Fabien Chevalier -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Winbindd
The message I got from Jerry Carter yesterday says that Winbindd is only required for trust accounts between 2 domains. I was confused also, the documentation seems to lead one to the contrary. -- Kent L. Nasveschuk [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE: [Samba] How much space is needed to install samba??
I am very interested to use samba for talking between Windows machine and Unix machine. May I know how much space is needed to install samba on the server? Thanks for your great feedback. Depends on what you mean, but if you just install the binaries, I would guess less then 10MB. ### This message has been scanned by F-Secure Anti-Virus for Microsoft Exchange. For more information, connect to http://www.F-Secure.com/ -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba 3.0.1 Available for Download
Beast wrote: Tuesday, December 16, 2003, 7:16:35 AM, Gerald wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 In an attempt to avoid the holiday rush common to software releases, the Samba Team is proud to announce the availability of the first patch release of the Samba 3.0 code base. Anyone having success story using this version? I'm having weird problem. I can not joint Win-2k/WinXP-Pro with ldapsam (open ldap 2.2.22). I got XP to join with this version :-) I think you should start by setting your openldap loglevel to 256 and see if you have any access denied errors. If you do, they have to be fixed first. Then try setting smbpasswd for admin. Also, if you want a good, working ldif, download the smbldap tools from samba.idealx.org and run smbldap-poplulate.pl. BUT: Remember to edit smbldap_conf.pm first, esp set the sid to the sid you're using. Also: It's a good idea to edit the file so you can look at the resulting ldif and not add it directly to the ldapdatabase. Tarjei With W2000 error says bad username or password, with WXP access denied. I'm trying to create clean ldif entry with only having 2 account, but still no luck, both cretae machine trust 'on the fly' or manual create machine account. Admin user has given SID-500/sambaPrimaryGroupSID=512 and uid/gid=0 [EMAIL PROTECTED] samba]# net groupmap list Domain Admins (S-1-5-21-3005840292-418818142-688599051-512) - root Domain Users (S-1-5-21-3005840292-418818142-688599051-513) - domuser Domain Guests (S-1-5-21-3005840292-418818142-688599051-514) - domguest log from ldap and samba did not give anything usefull (for me at least :) .. [2003/12/16 18:53:21, 5] rpc_parse/parse_prs.c:prs_uint32(634) 0048 uni_str_len: 0006 [2003/12/16 18:53:21, 5] rpc_parse/parse_prs.c:dbg_rw_punival(806) 004c buffer : T.R.G.2.0... [2003/12/16 18:53:21, 5] rpc_parse/parse_prs.c:prs_uint8s(721) 0058 data: b5 59 ba 7f a7 fc dc 08 [2003/12/16 18:53:21, 5] rpc_parse/parse_prs.c:prs_debug(81) 00 net_io_r_auth [2003/12/16 18:53:21, 5] rpc_parse/parse_prs.c:prs_uint8s(721) data: b8 f5 ff bf 45 c3 1b 08 [2003/12/16 18:53:21, 5] rpc_parse/parse_prs.c:prs_ntstatus(664) 0008 status: NT_STATUS_ACCESS_DENIED [2003/12/16 18:53:21, 5] rpc_server/srv_pipe.c:api_rpcTNP(1535) api_rpcTNP: called NETLOGON successfully [2003/12/16 18:53:21, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(544) free_pipe_context: destroying talloc pool of size 46 [2003/12/16 18:53:21, 5] rpc_parse/parse_prs.c:prs_debug(81) 00 smb_io_rpc_hdr hdr ... If anyone got working setup, please share smb.config and ldif entry if possible :-) Big thanks. --beast -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] SWAT won't work.
On Wednesday 17 December 2003 12:23 am, Phillip Tilleman wrote: It is configured under xinetd. It looks like this. # default: off # description: SWAT is the Samba Web Admin Tool. Use swat \ # to configure your Samba server. To use SWAT, \ # connect to port 901 with your favorite web browser. service swat { disable = no port= 901 socket_type = stream wait= no only_from = localhost ^^^ I think this only allows connections from localhost which might not be what you want. user= root server = /usr/local/samba/bin/swat ^^^ Is this the correct path for swat? log_on_failure += USERID } What else would you suggest? Remember I'm using Red Hat 7.3. That might help. Phillip -Original Message- From: Greg Dickie [mailto:[EMAIL PROTECTED] Sent: Tuesday, December 16, 2003 8:33 PM To: Phillip Tilleman; [EMAIL PROTECTED] Subject: Re: [Samba] SWAT won't work. Swat runs as a separate service, not under the webserver. You need to have it configured in inetd or xinetd. Greg On Tuesday 16 December 2003 22:06, Phillip Tilleman wrote: Ok, here is the problem. Samba is working, I can access it from a account I created from a windows XP machine. So that is good. But I can't get swat to work when I go to my browser windows explorer and go to http://192.168.1.125 http://192.168.1.125/ :901 (which is my static IP address for the machine). Of course with out port 901. But nothing happens when I try to open it. I do have my web server up and going, infact I have a squirl mail up and running. So I know the httpd is up. I'm running Red Hat 7.3 and running samba 3.1. I tried to telnet from the actual machine with samba on it to telnet 192.168.1.125:901 and it says telnet: 127.0.0.1:901: Name or service not known so it's not working. I think that is the problem. How do I get it so httpd service will interact with port 901 and make samba work? Help is appreciated, I'm trying to get samba up and running for a non-profit org. that can not afford to buy windows 2000 server and pay for it, and pay for the 5 licenses we will have to buy. HELP is much appreciated. THANKS Phillip -- Greg Dickie just a guy [EMAIL PROTECTED] -- Greg Dickie just a guy Maximum Throughput -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] SAMBA 3.0.1 for Debian
Le Tuesday 16 December 2003 10:26, Michael Knigge a écrit : All, does someone has 3.0.1 Debian Packages ready? Thank you, Michael I got some home built for Sarge, I you're interested... Regards, Fabien Chevalier -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Samba BDC doesn't talk to LDAP slave on same machine
Hello, I can't get my BDC to talk to the LDAP slave running on the same machine. Replication between slave and master works but samba on the BDC doesn't appear to be communicating with the slave LDAP server. Everything off the PDC works fine. -- smb.conf on BDC -- [global] workgroup = WarehamPS encrypt passwords = Yes time offset = 60 time server = Yes socket options = TCP_NODELAY security = user logon script = netlogon.bat writable = Yes dns proxy = no directory mask = 02770 preferred master = yes netbios name = Decas2 server string = RedHat 8.0 Samba LDAP passdb backend = ldapsam:ldap://172.16.0.3 ldap://127.0.0.1; ldap passwd sync = Yes machine password timeout = 604800 passwd program = /usr/local/samba/bin/smbpasswd %u passwd chat = *Enter\snew\sUNIX\spassword:* %n\n *Retype\snew\sUnix\spassword:* %n\n log file = /var/log/samba.%m debug level = 2 max log size = 50 add user script = /usr/local/sbin/smbldap-useradd.pl %u delete user script = /usr/local/sbin/smbldap-useradd.pl %u add group script = /usr/local/sbin/smbldap-groupadd.pl delete group script = /usr/local/sbin/smbldap-groupdel.pl add machine script = /usr/local/samba/bin/smbpasswd -a -m %u logon script = netlogon.bat logon path = logon drive = H: logon home = domain logons = Yes os level = 64 domain master = No dns proxy = Yes admin users = @domain_admins wins support = no wins server = 172.16.0.3 wins proxy = no name resolve order = wins hosts bcast ldap suffix = dc=tow,dc=net ldap machine suffix = ou=Computers ldap user suffix = ou=Users ldap group suffix = ou=Groups ldap admin dn = cn=admin,dc=tow,dc=net ldap ssl = no [homes] comment = Home Directories read only = no browseable = no writable = yes path = %H # valid users = %S hide files = /.*/ [netlogon] comment = Netlogon share path = /usr/local/samba/netlogon locking = no browseable = no read only = yes write list = @domain_admins [programs] comment = Programs path = /accounts/programs [printers] comment = All Printers path = /var/spool/samba read only = Yes printable = Yes browseable = No -- slapd.conf ond BDC -- # $OpenLDAP: pkg/ldap/servers/slapd/slapd.conf,v 1.8.8.4 2000/08/26 17:06:18 kurt Exp $ include /usr/local/etc/openldap/schema/core.schema include /usr/local/etc/openldap/schema/cosine.schema include /usr/local/etc/openldap/schema/inetorgperson.schema include /usr/local/etc/openldap/schema/nis.schema include /usr/local/etc/openldap/schema/samba.schema databaseldbm suffix dc=tow,dc=net rootdn cn=admin,dc=tow,dc=net rootpw {SSHA}bbcOI00dfOOJdNCsuFfWf8forJC/Q2P8 directory /usr/local/var/openldap-slurp/wareham updatedncn=admin,dc=tow,dc=net updateref ldap://172.16.0.3; schemacheck on lastmod on # Indices to maintain #index objectClass eq index objectClass,uid,uidNumber,gidNumber eq #index cn,mail,surname,givenname eq,subinitial index cn,snpres,eq,sub access to dn=.*dc=tow,dc=net by self write by * read access to attrs=userPassword,sambaNTPassword,sambaLMPassword by dn=cn=root,ou=Users,dc=tow,dc=net write by self write # by anonymousauth by * none -- LDAP.conf on BDC -- # $OpenLDAP: pkg/ldap/libraries/libldap/ldap.conf,v 1.9 2000/09/04 19:57:01 kurt Exp $ # # LDAP Defaults # # See ldap.conf(5) for details # This file should be world readable but not world writable. BASEdc=tow,dc=net URI ldap://172.16.151.254 host172.16.151.254 172.16.0.20 ldap_version 3 #SIZELIMIT 12 #TIMELIMIT 15 #DEREF never -- Kent L. Nasveschuk [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Logging Pring Jobs
I found the general log that was recommended in /var/spool/lpd/printer/acct however someone mentioned the %j feature that would allow the printing of the file name. Where do I configure this, so that the acct file reflects that? Or let me pose this idea...does anyone know of any 3rd party gpl software to do the trick if I can't use smb? -Bodhi It is fate to be born free, It is a privilege to live free, It is a responsibility to die free. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] reliant-unix-5.45 samba-3.0.0
Hello to the list, Is there anyone who had successfull compiled samba-3.0.0 on reliant-unix 5.45 , with latest supported gcc3.0.2. We need that , because we are changing to ads with smb signing , so we need samba 3.0.0 . It was really a pain to get the gcc running under reliant , but now the really problems begin... Thanks in advance for your efforts kind regardsmartin schreiber Siemens Business Services CCN-ITS Betrieb Wien GUD Gudrunstrasse 11 A-1101 Wien Martin Schreiber Phone +43 5 1707 47565 Server-Administration Fax +43 5 1707 57560 mailto:[EMAIL PROTECTED] http://www.sbs.at -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] A domain controller for the domain could not be contacted (2.2.3a-12.3 for Debian)
Fabien Chevalier wrote: I think your Samba server hasn't been registered to your wins server, thus when trying to join the domain, your workstation falls back to dns...which obviously fails. Try to add wins server = 10.0.0.10 to your smb.conf, and let us know if it works... No. I've attached my current configuration file. When i try to join the domain i still get the same error message(and no logfile). Please let me know what to do next. [global] ;changes after comments of Fabien Chevalier wins server = 10.0.0.10 ;changes after comments of Patrick Shoaf password level = 8 username level = 8 encrypt passwords = yes smb passwd file = /etc/samba/smbpasswd unix password sync = yes pam password change = yes obey pam restrictions = yes ;basic server settings workgroup = HAWAR3 netbios name = nemo server string = Samba %h PDC running %v socket options = TCP_NODELAY IPTOS_LOWDELAY SO_SNDBUF=8192 SO_RCVBUF=8192 ;PDC and master browser settings os level = 64 preferred master = yes local master = yes domain master = yes ;security and logging settings security = user # encrypt passwords = yes log file = /var/log/samba/log.%m log level = 2 # max log size = 50 # hosts allow = 127.0.0.1 192.168.1.0/255.255.255.0 ;user profiles and home directory logon home = \\%L\%U\ logon drive = H: logon path = \\%L\profiles\%U logon script = netlogon.bat ;sync passwords unix password sync = yes passwd program = /usr/bin/passwd %u passwd chat = *New*UNIX*password* %n\n *Retype*new*UNIX*password* %n\n *Enter*new*UNIX*password* %n\n *Retype*new*UNIX*password* %n\n *passwd: *all*authentication*tokens*updated*successfully* ; new machines add user script = /usr/sbin/useradd -d /dev/null -g machines -s /bin/false -M %u # shares [unsafe] path = /etc/samba comment = Unsafe Config Share, has to be removed browseable = yes writeable = yes [homes] comment = Home Directories browseable = no writeable = yes [profiles] path = /home/samba/profiles writeable = yes browseable = no create mask = 0600 -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba Variables and TCP/IP Throughput
Thanks for the reply. Do you know (and if so, caan you tell me) what the relationship is between these Samba settings and Linux settings such as net.core.rmem_default (or _max), net.core.wmem_default (or _max), net.ipv4.tcp_rmem and net.ipv4.tcp_wmem. Do the Samba options override the Linux socket options, or do they act as another layer of limits and buffers? Perhaps your TCP window is too small You should try the following global settings: read size = 65535 max xmit = 65535 socket options = TCP_NODELAY SO_SNDBUF=65535 SO_RCVBUF=65535 Rgds Per [EMAIL PROTECTED] wrote: Hi, I am trying to optimize my gigabit network. I have two Intel 1000 MT Gigabit Server Adapters, which support Jumbo Frames -- as well as a Switch that supports Jumbo Frames. However, I am observing some strange behavior in my file transfers from Windows XP to Linux and I am wondering if it has anything to do with the way the Samba variables are set on my Linux box? The strange behavior is that when I set both NICs to use Jumbo Frames [MTU=9014 on the Windows side (includes IP headers) , 9000 on the Linux side (doesn't include the headers], I am getting about half the throughput that I get when I set both NICs to use the standard MTU of 1514/1500. I see the same behavior even if I take the switch out of the system and connect the Windows XP and Linux machines directly to each other (crossover cable not required for computer-to-computer connection with these NICs -- and by the way all of my cables are CAT6). On the Linux side, I am using Samba 3.0.0 on Mandrake Linux 9.2 with all of Mandrake's current updates -- kernel = 2.4.22-21enterprisemdk. The Linux machine is a P4-3.06 Ghz with 1 GB of RAM -- running in hyperthreading mode. I am wondering if any of the Samba socket options settings like tcp_nodelay, so_sndbuf=8192 or so_rcvbuf=8192 are affecting my throughput -- particularly when I am using Jumbo Frames? And are there any other Samba settings that might be interacting in a negative way with my TCP/IP and NIC driver settings that are causing me to get lower throughput with Jumbo Frames instead of higher throughput (which is what I am told I should be getting). Any guidance would be appreciated. I have purchased The Official Samba 3 HOW-TO and Reference Guide but it really isn't very helpful when it comes to understanding how to tune these options and how various socket options settings interact with other network settings and hardware. Andy Liebman Resolute Films 119 Braintree Street, Suite 410 Boston, MA 02134 Tel: 617-782-0479 Cell: 617-308-0488 Fax: 617-782-1071 -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE: [Samba] I'm confused. What is winbindd supposed to get me?
Along these same lines, I don't have winbind running as of yet (in part due to time constraints and in part due a bit of confusion of winbind configuration) but am still able to interact w/ my W2K domain. The only negative is that the connections to Samba from XP clients is very slow, taking up to a minute for the connection to be made. I'm assuming/hoping that getting winbind up and running will resolve this. -dG -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: Tuesday, December 16, 2003 8:09 PM To: [EMAIL PROTECTED] Subject: [Samba] I'm confused. What is winbindd supposed to get me? I've got a Samba member server as part of a Windows NT domain. User accounts have the same name in both domain. I was having all sorts of trouble when winbindd was running with wierd groups showing up. I happened to screw up the winbindd configuration without noticing causing it to crash, but I ran snmd and nmbd anyway and suddenly everything started working perfectly. The docs say you MUST run winbindd. I'm confused. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE: [Samba] I'm confused. What is winbindd supposed to get me?
One thing that I am not clear on as of yet, is how winbind will handle the fact that I have duplicate users on both my Linux machines and on my W2K domain, user1 in AD and user1 in /etc/passwd -dG -Original Message- From: Greg Dickie [mailto:[EMAIL PROTECTED] Sent: Tuesday, December 16, 2003 8:40 PM To: [EMAIL PROTECTED]; [EMAIL PROTECTED] Subject: Re: [Samba] I'm confused. What is winbindd supposed to get me? Hi, winbind is used to import accounts from a windows machine. If all your accounts already exist on the samba machine then you don't need winbind. If you had a disjoint set of users on the samba machine and the windows machine then you would be able to see the union set by using winbind. Does that help at all? Greg On Tuesday 16 December 2003 20:09, [EMAIL PROTECTED] wrote: I've got a Samba member server as part of a Windows NT domain. User accounts have the same name in both domain. I was having all sorts of trouble when winbindd was running with wierd groups showing up. I happened to screw up the winbindd configuration without noticing causing it to crash, but I ran snmd and nmbd anyway and suddenly everything started working perfectly. The docs say you MUST run winbindd. I'm confused. -- Greg Dickie just a guy [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba 3.0.1 Available for Download
I had a problem similar to this that Gerry has been working on. Please turn the log level up to 5 and try again then grep the log file for 'incorrect password'. If its there then its the same problem and rumor has it there is a patch. You can also try going back to 3.0.0, that version always seemed to work for me. Greg On Wednesday 17 December 2003 12:05 am, Beast wrote: Tuesday, December 16, 2003, 7:16:35 AM, Gerald wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 In an attempt to avoid the holiday rush common to software releases, the Samba Team is proud to announce the availability of the first patch release of the Samba 3.0 code base. Anyone having success story using this version? I'm having weird problem. I can not joint Win-2k/WinXP-Pro with ldapsam (open ldap 2.2.22). With W2000 error says bad username or password, with WXP access denied. I'm trying to create clean ldif entry with only having 2 account, but still no luck, both cretae machine trust 'on the fly' or manual create machine account. Admin user has given SID-500/sambaPrimaryGroupSID=512 and uid/gid=0 [EMAIL PROTECTED] samba]# net groupmap list Domain Admins (S-1-5-21-3005840292-418818142-688599051-512) - root Domain Users (S-1-5-21-3005840292-418818142-688599051-513) - domuser Domain Guests (S-1-5-21-3005840292-418818142-688599051-514) - domguest log from ldap and samba did not give anything usefull (for me at least :) .. [2003/12/16 18:53:21, 5] rpc_parse/parse_prs.c:prs_uint32(634) 0048 uni_str_len: 0006 [2003/12/16 18:53:21, 5] rpc_parse/parse_prs.c:dbg_rw_punival(806) 004c buffer : T.R.G.2.0... [2003/12/16 18:53:21, 5] rpc_parse/parse_prs.c:prs_uint8s(721) 0058 data: b5 59 ba 7f a7 fc dc 08 [2003/12/16 18:53:21, 5] rpc_parse/parse_prs.c:prs_debug(81) 00 net_io_r_auth [2003/12/16 18:53:21, 5] rpc_parse/parse_prs.c:prs_uint8s(721) data: b8 f5 ff bf 45 c3 1b 08 [2003/12/16 18:53:21, 5] rpc_parse/parse_prs.c:prs_ntstatus(664) 0008 status: NT_STATUS_ACCESS_DENIED [2003/12/16 18:53:21, 5] rpc_server/srv_pipe.c:api_rpcTNP(1535) api_rpcTNP: called NETLOGON successfully [2003/12/16 18:53:21, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(544) free_pipe_context: destroying talloc pool of size 46 [2003/12/16 18:53:21, 5] rpc_parse/parse_prs.c:prs_debug(81) 00 smb_io_rpc_hdr hdr ... If anyone got working setup, please share smb.config and ldif entry if possible :-) Big thanks. --beast -- Greg Dickie just a guy Maximum Throughput -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Printer prints, but reports opening
We have a samba 2.2.3a-12.3 for Debian running, and something odd in printing. We use CUPs as linux print server. When we print from a w2k station, prints come out the printer, but the printer window reports a cycle of messages: - initializing printer - opening printer - failed to open, retrying what can be the cause? parts of the smb.conf: == [global] printcap name = lpstat disable spoolss = No show add printer wizard = No printing = cups print command = lp -d %p -o raw %s lprm command = cancel %p-%j [printers] comment = All Printers path = /tmp create mask = 0700 printable = Yes browseable = No [copier_E0] comment = Xerox copier E0 path = /tmp read only = No guest ok = Yes printable = Yes print command = lp -d '%p' -o raw %s lpq command = lpstat -a %p lprm command = cancel '%p'-%j printer name = lpe0xerox use client driver = Yes oplocks = No -- Ric Exterkate, Department of Radiotherapy, University Medical Center Utrecht, Heidelberglaan 100, 3584 CX Utrecht, The Netherlands E-mail:[EMAIL PROTECTED] Phone:+31-30-2507156 Fax:+31-30-2581226 -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] mounting samba shares on linux with non-ascii dirs
Give up on the Linux smbfs kernel module (which isn't part of Samba BTW, but part of the Linux kernel), and try the Linux cifsfs module instead. See: http://www.samba.org/samba/Linux_CIFS_client.html Is it possible to build or download the cifs module w/o affecting kernel sources? I mean we have strait binary installation of RH9 and kernel is the same as in distibution. Or it is really need to change something inside default RH9 kernel? It may not solve your problems, but if it doesn't you can go to your local Linux kernel mailing list, or thelinux-cifs-client mailing list for help. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Samba Statistics Tool?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi, does anybody knows a good tool to present management-aware statistics of samba? thanks for your help! Yoshi - -- - Jochen Schmidt [EMAIL PROTECTED] Mi||enux GmbHmobile: +49.175.5752483 Lilienthalstraße 2 phone: +49.711.88770.300 70825 Stuttgart-Korntal fax: +49.711.88770.349 -= linux without limits -=- http://linux.zSeries.org/ =- PGP Fingerprint: 6F9A 85CE 78EA 7EF1 B2BA 3559 8FA1 2B13 098D 20B5 -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.3 (GNU/Linux) iD8DBQE/4G2oj6ErEwmNILURAhKxAJ9emSnhQvjYmJadGK94zTtuFas9HQCfZR9c 05wF6ZszdQeY//F7fbwIq0I= =Q/K3 -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] I'm confused. What is winbindd supposed to get me?
They are seen as different users. Thats the thing if you have all the same users in AD and /etc/passwd then you don't need winbind. Greg On Wednesday 17 December 2003 08:51 am, David Gadoury wrote: One thing that I am not clear on as of yet, is how winbind will handle the fact that I have duplicate users on both my Linux machines and on my W2K domain, user1 in AD and user1 in /etc/passwd -dG -Original Message- From: Greg Dickie [mailto:[EMAIL PROTECTED] Sent: Tuesday, December 16, 2003 8:40 PM To: [EMAIL PROTECTED]; [EMAIL PROTECTED] Subject: Re: [Samba] I'm confused. What is winbindd supposed to get me? Hi, winbind is used to import accounts from a windows machine. If all your accounts already exist on the samba machine then you don't need winbind. If you had a disjoint set of users on the samba machine and the windows machine then you would be able to see the union set by using winbind. Does that help at all? Greg On Tuesday 16 December 2003 20:09, [EMAIL PROTECTED] wrote: I've got a Samba member server as part of a Windows NT domain. User accounts have the same name in both domain. I was having all sorts of trouble when winbindd was running with wierd groups showing up. I happened to screw up the winbindd configuration without noticing causing it to crash, but I ran snmd and nmbd anyway and suddenly everything started working perfectly. The docs say you MUST run winbindd. I'm confused. -- Greg Dickie just a guy [EMAIL PROTECTED] -- Greg Dickie just a guy Maximum Throughput -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba Variables and TCP/IP Throughput
I believe samba just does setsockopt or ioctl on the sockets. Do you get any errors on the interfaces in jumbo? Does your switch support jumbo? Setting use sendfile=yes will help alot on read speeds from samba. On the windows side check the settings. I think the e1000 has some adaptive spacing setting that kills throughput. Also some things to check on the linux side. e1000 module options like rxIntDelay, etc. You will not get much more performance out of jumbo unless your CPUs are maxed but you should not get less. What kind of numbers are you seeing? hope this helps. Greg On Wednesday 17 December 2003 08:23 am, [EMAIL PROTECTED] wrote: Thanks for the reply. Do you know (and if so, caan you tell me) what the relationship is between these Samba settings and Linux settings such as net.core.rmem_default (or _max), net.core.wmem_default (or _max), net.ipv4.tcp_rmem and net.ipv4.tcp_wmem. Do the Samba options override the Linux socket options, or do they act as another layer of limits and buffers? Perhaps your TCP window is too small You should try the following global settings: read size = 65535 max xmit = 65535 socket options = TCP_NODELAY SO_SNDBUF=65535 SO_RCVBUF=65535 Rgds Per [EMAIL PROTECTED] wrote: Hi, I am trying to optimize my gigabit network. I have two Intel 1000 MT Gigabit Server Adapters, which support Jumbo Frames -- as well as a Switch that supports Jumbo Frames. However, I am observing some strange behavior in my file transfers from Windows XP to Linux and I am wondering if it has anything to do with the way the Samba variables are set on my Linux box? The strange behavior is that when I set both NICs to use Jumbo Frames [MTU=9014 on the Windows side (includes IP headers) , 9000 on the Linux side (doesn't include the headers], I am getting about half the throughput that I get when I set both NICs to use the standard MTU of 1514/1500. I see the same behavior even if I take the switch out of the system and connect the Windows XP and Linux machines directly to each other (crossover cable not required for computer-to-computer connection with these NICs -- and by the way all of my cables are CAT6). On the Linux side, I am using Samba 3.0.0 on Mandrake Linux 9.2 with all of Mandrake's current updates -- kernel = 2.4.22-21enterprisemdk. The Linux machine is a P4-3.06 Ghz with 1 GB of RAM -- running in hyperthreading mode. I am wondering if any of the Samba socket options settings like tcp_nodelay, so_sndbuf=8192 or so_rcvbuf=8192 are affecting my throughput -- particularly when I am using Jumbo Frames? And are there any other Samba settings that might be interacting in a negative way with my TCP/IP and NIC driver settings that are causing me to get lower throughput with Jumbo Frames instead of higher throughput (which is what I am told I should be getting). Any guidance would be appreciated. I have purchased The Official Samba 3 HOW-TO and Reference Guide but it really isn't very helpful when it comes to understanding how to tune these options and how various socket options settings interact with other network settings and hardware. Andy Liebman Resolute Films 119 Braintree Street, Suite 410 Boston, MA 02134 Tel: 617-782-0479 Cell: 617-308-0488 Fax: 617-782-1071 -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- Greg Dickie just a guy Maximum Throughput -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] authentification problem (2.2.8)
Hello Friends, I want to connect agly WXPPro to a unix 5.8 machine via samba 2.2.8. I use encrypt passwords = yes and, of course, I modified registry windows. It doesn't work ! Below a transcript of session log.agly. Many thanks for your help. -- [2003/12/17 11:48:51, 3] smbd/process.c:process_smb(846) Transaction 1 of length 137 [2003/12/17 11:48:51, 3] smbd/process.c:switch_message(685) switch message SMBnegprot (pid 1690) [2003/12/17 11:48:51, 3] smbd/sec_ctx.c:set_sec_ctx(329) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2003/12/17 11:48:51, 3] smbd/negprot.c:reply_negprot(342) Requested protocol [PC NETWORK PROGRAM 1.0] [2003/12/17 11:48:51, 3] smbd/negprot.c:reply_negprot(342) Requested protocol [LANMAN1.0] [2003/12/17 11:48:51, 3] smbd/negprot.c:reply_negprot(342) Requested protocol [Windows for Workgroups 3.1a] [2003/12/17 11:48:51, 3] smbd/negprot.c:reply_negprot(342) Requested protocol [LM1.2X002] [2003/12/17 11:48:51, 3] smbd/negprot.c:reply_negprot(342) Requested protocol [LANMAN2.1] [2003/12/17 11:48:51, 3] smbd/negprot.c:reply_negprot(342) Requested protocol [NT LM 0.12] [2003/12/17 11:48:51, 3] smbd/negprot.c:reply_negprot(426) Selected protocol NT LM 0.12 [2003/12/17 11:48:51, 3] smbd/process.c:process_smb(846) Transaction 2 of length 207 [2003/12/17 11:48:51, 3] smbd/process.c:switch_message(685) switch message SMBsesssetupX (pid 1690) [2003/12/17 11:48:51, 3] smbd/sec_ctx.c:set_sec_ctx(329) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2003/12/17 11:48:51, 3] smbd/reply.c:reply_sesssetup_and_X(880) Domain=[AGLY] NativeOS=[Windows 2002 2600 Service Pack 1] NativeLanMan=[Windows 2002 5.1] [2003/12/17 11:48:51, 3] smbd/reply.c:reply_sesssetup_and_X(890) sesssetupX:name=[frontin] [2003/12/17 11:48:51, 1] smbd/password.c:pass_check_smb(545) Couldn't find user 'frontin' in passdb. [2003/12/17 11:48:51, 2] smbd/reply.c:reply_sesssetup_and_X(997) NT Password did not match for user 'frontin'! [2003/12/17 11:48:51, 2] smbd/reply.c:reply_sesssetup_and_X(1007) Defaulting to Lanman password for frontin [2003/12/17 11:48:51, 1] smbd/password.c:pass_check_smb(545) Couldn't find user 'frontin' in passdb. [2003/12/17 11:48:51, 1] smbd/reply.c:reply_sesssetup_and_X(1023) Rejecting user 'frontin': authentication failed [2003/12/17 11:48:51, 3] smbd/error.c:error_packet(94) error string = No such file or directory [2003/12/17 11:48:51, 3] smbd/error.c:error_packet(113) error packet at smbd/reply.c(1025) cmd=115 (SMBsesssetupX) NT_STATUS_LOGON_FAILURE [2003/12/17 11:48:51, 3] smbd/process.c:timeout_processing(1066) end of file from client [2003/12/17 11:48:51, 3] smbd/sec_ctx.c:set_sec_ctx(329) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2003/12/17 11:48:51, 2] smbd/server.c:exit_server(511) Closing connections [2003/12/17 11:48:51, 3] smbd/connection.c:yield_connection(48) Yielding connection to [2003/12/17 11:48:51, 3] smbd/server.c:exit_server(545) Server exit (normal exit) Jean Frontin System team I R I T Université Paul-Sabatier 118, rte de Narbonne 31062 Toulouse cedex 04 France tel (33)(0)5 61 55 63 03 mail [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] emergency- machines kicked off network after PDC 2.2.8-3.0.0 upgrade
After upgrading our PDC to 3.0.0 last night(and confirming logins worked properly)...this morning, we had two machines report errors says the machine account does not exist or has been changed. Last night, users- even ones who had not been on that particular workstation before- were able to login on at least 6 out of 30-40 workstations. All configuration files were moved over, including the secrets file- logins worked just fine. Searches on google turn up nothing helpful, and attempts to use smbpasswd have failed. I just attempted to add a new machine(well, a machine that was added to the old PDC, after we sync'd config+pw files) to the domain, and received: # smbpasswd -m czar Failed to find entry for user czar$ The entry does in fact exist in /etc/passwd and /etc/shadow. I then tried pdbedit -a -m -u czar When I went to the system and tried to re-add it to the domain, it claimed the domain did not exist or could not be contacted. To eliminate iptables from the problem, even though 137-139 tcp+udp were open, I shut it down. No change. The upgrading doc mentions nothing that would help us in this extremely straightforward(machine trust accounts) issue...I've found it to be severely lacking. This is extremely disappointing... Brett -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Netbios ?
I am trying a netstat | grep netbios and receive nothing back. I tried netstat | grep 139 and nothing as well. I have the correct netbios ports in /etc/services. Does anyone know to make this show up with a netstat or have those services running? I believe this may be my problem with the mapping of samba shares to the client. Any help would be appreciated, Dan -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Printer prints, but reports opening
Thanks for the quick respons Jason Balicki wrote: what can be the cause? I've had this before. It's usually one of or a combination of: 1) not having a machine account This all set, machine accounts for all systems parts of the smb.conf: == [global] printcap name = lpstat You say you're using cups, but your printcap is lpstat. I'm not an expert, but I'm using cups and my printcap name is set to cups. I will try, but in several documents about priting in samba, you see one of both versions [printers] comment = All Printers path = /tmp create mask = 0700 printable = Yes browseable = No Add use client driver = yes and guest ok=no here. OK [copier_E0] comment = Xerox copier E0 path = /tmp read only = No guest ok = Yes printable = Yes print command = lp -d '%p' -o raw %s lpq command = lpstat -a %p lprm command = cancel '%p'-%j printer name = lpe0xerox use client driver = Yes oplocks = No I don't understand why you need this. If this printer is defined in cups, it should be loaded already. That's what the all printers share is for. Do you have a load printers = yes in your global? If not, add it. Unless you've got weird requirements, this section is redundant and unnecessary. The [copier_E0] section is because I don't want to advertise all printers in the CUPS system. Therefore I make all printers in theri own section available Ric -- Ric Exterkate, Department of Radiotherapy, University Medical Center Utrecht, Heidelberglaan 100, 3584 CX Utrecht, The Netherlands E-mail:[EMAIL PROTECTED] Phone:+31-30-2507156 Fax:+31-30-2581226 -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Netbios ?
netstat -an | grep 139 [ Rick Brown ][ (404) 894-6175 ] [ Office of Information Technology ][[EMAIL PROTECTED] ] [ Georgia Institute of Technology ][ 258 4th street. Atlanta, GA ] On Wed, 17 Dec 2003, COUNTERMAN, DANIEL (CONTRACTOR) wrote: I am trying a netstat | grep netbios and receive nothing back. I tried netstat | grep 139 and nothing as well. I have the correct netbios ports in /etc/services. Does anyone know to make this show up with a netstat or have those services running? I believe this may be my problem with the mapping of samba shares to the client. Any help would be appreciated, Dan -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE: [Samba] combining local users or smbpasswd users and NTDOMAIN usersin LDAP
Lets see. So are you going to be getting rid of the NT Domain? If not, why not just setup LDAP authentication on the linux box through PAM with the help of a few other modules. It creates a local account based on the authentication success. Works great for me. This also promotes centralized user administration. Is that what you are going after? If not, I apologize for giving you the wrong info. Please clarify if I am wrong here. Thanks Russ -Original Message- From: Craig White [mailto:[EMAIL PROTECTED] Sent: Tuesday, December 16, 2003 9:24 PM To: Smb_List (E-mail) Subject: [Samba] combining local users or smbpasswd users and NTDOMAIN usersin LDAP My last question went unanswered - probably because of the confused way that I asked it. I have a new samba server - joined to domain - running LDAP - imported the local users with the migration script into LDAP - life is good. Now I want to import the Users and Groups from my domain on WinNT - I found the migration scripts (RH 9 AS 3 - SMB 3.0.0) I import them and they will undoubtedly number from 1000+ and my local users uid start at 500. Local users don't have Samba designations - Samba Users don't have local accounts - I want accounts to be both local (local home directory, mail accounts etc.) and to be Samba enabled too (Domain - profilePath - homePath - logonScript) - Do then use migration samba supplied script to import local users instead of the script supplied with openldap which made them local accounts? Do users created using the samba supplied migration scripts get the local account information too? Craig -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE: [Samba] A domain controller for the domain could not be contacted(2.2.3a-12.3 for Debian)
You need to make sure that your node type is hybrid or you will not be able to contact the samba server. I have had this problem before and that is how I fixed it. Russ -Original Message- From: Fabien Chevalier [mailto:[EMAIL PROTECTED] Sent: Wednesday, December 17, 2003 3:53 AM To: Eduard Witteveen Cc: [EMAIL PROTECTED] Subject: Re: [Samba] A domain controller for the domain could not be contacted(2.2.3a-12.3 for Debian) Le Wednesday 17 December 2003 12:39, Eduard Witteveen a écrit : Fabien Chevalier wrote: It seems your workstation tries to locate the DC by doing a dns query, what is not currently supported by Samba. What is your workstation node type set to? Could you rephrase your question? I dont know how i found out what the node type of my workstations is. Please send your ipconfig /all. I suppose something's wrong in your network settings. Are you using Dhcp or static Ip? Regards, Fabien Chevalier -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] red cross through samba drives on W2k
We have a samba 2.2.3a-12.3 and our workstations are w2k On some systems, the drives of the samba server appear with a red cross. When accessing the drive, everything is available, one can walk through directories, open and save files: nothing wrong. But still there is this red cross. Does anyone know? regards Ric -- Ric Exterkate, Department of Radiotherapy, University Medical Center Utrecht, Heidelberglaan 100, 3584 CX Utrecht, The Netherlands E-mail:[EMAIL PROTECTED] Phone:+31-30-2507156 Fax:+31-30-2581226 -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba 3.0.1 Available for Download
Wednesday, December 17, 2003, 6:13:13 PM, Tarjei wrote: I got XP to join with this version :-) Congratulations... I think you should start by setting your openldap loglevel to 256 and That's the default log level. see if you have any access denied errors. If you do, they have to be fixed first. Then try setting smbpasswd for admin. Also, if you want a I go grep 'filter=' ldap.log and then run that filter manually, all results are correct. good, working ldif, download the smbldap tools from samba.idealx.org and run smbldap-poplulate.pl. BUT: Remember to edit smbldap_conf.pm first, esp set the sid to the sid you're using. I prefer handcrafted ldif, butl i'll give a try on smbldaptools. Also: It's a good idea to edit the file so you can look at the resulting ldif and not add it directly to the ldapdatabase. Tks for sharing... Tarjei --beast -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Netbios ?
OK, that worked. Now, I am even more confused. Here is what I am receiving, the error message on the Windows 2000 client on the side of the firewall: remote computer is not available), the Windows XP client is on the other side of the firewall, (the error message is: The specified network name is no longer available). I am able to ping both the IP address and server name of the CIFS/Samba server. I cannot perform the mapping, via Map Drive, then I connect as different user name and I enter a user id that I setup with smbpasswd (testcifs). Then I receive both these messages, I have searched message lists and the web for documentation on these errors, and I am unable to find anything that works. I appreciate your help very much. -Dan -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Rick Brown Sent: Wednesday, December 17, 2003 10:45 AM To: [EMAIL PROTECTED] Subject: Re: [Samba] Netbios ? netstat -an | grep 139 [ Rick Brown ][ (404) 894-6175 ] [ Office of Information Technology ][[EMAIL PROTECTED] ] [ Georgia Institute of Technology ][ 258 4th street. Atlanta, GA ] On Wed, 17 Dec 2003, COUNTERMAN, DANIEL (CONTRACTOR) wrote: I am trying a netstat | grep netbios and receive nothing back. I tried netstat | grep 139 and nothing as well. I have the correct netbios ports in /etc/services. Does anyone know to make this show up with a netstat or have those services running? I believe this may be my problem with the mapping of samba shares to the client. Any help would be appreciated, Dan -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Netbios ?
All I am after is a simple mount of the drives from the UNIX server to the Windows (2000, XP) client. I only want to map the drive using UNIX password/CIFS password verification, which I should be prompted for. If anyone has a step-by-step document or instructions of how to accomplish this, that would be appreciated, I am unable for some reason to map to the clients. I am running HP-UX 11.00. Thanks, Dan -Original Message- From: COUNTERMAN, DANIEL (CONTRACTOR) Sent: Wednesday, December 17, 2003 11:18 AM To: 'Rick Brown'; [EMAIL PROTECTED] Subject: RE: [Samba] Netbios ? OK, that worked. Now, I am even more confused. Here is what I am receiving, the error message on the Windows 2000 client on the side of the firewall: remote computer is not available), the Windows XP client is on the other side of the firewall, (the error message is: The specified network name is no longer available). I am able to ping both the IP address and server name of the CIFS/Samba server. I cannot perform the mapping, via Map Drive, then I connect as different user name and I enter a user id that I setup with smbpasswd (testcifs). Then I receive both these messages, I have searched message lists and the web for documentation on these errors, and I am unable to find anything that works. I appreciate your help very much. -Dan -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Rick Brown Sent: Wednesday, December 17, 2003 10:45 AM To: [EMAIL PROTECTED] Subject: Re: [Samba] Netbios ? netstat -an | grep 139 [ Rick Brown ][ (404) 894-6175 ] [ Office of Information Technology ][[EMAIL PROTECTED] ] [ Georgia Institute of Technology ][ 258 4th street. Atlanta, GA ] On Wed, 17 Dec 2003, COUNTERMAN, DANIEL (CONTRACTOR) wrote: I am trying a netstat | grep netbios and receive nothing back. I tried netstat | grep 139 and nothing as well. I have the correct netbios ports in /etc/services. Does anyone know to make this show up with a netstat or have those services running? I believe this may be my problem with the mapping of samba shares to the client. Any help would be appreciated, Dan -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Building Samba 3.0.1 on Solaris8 x86
Good day, I just tried building Samba 3.0.1 on a generic Solaris8 x86 box with ACL support as the only configure option and the build fails quite early. Has anyone experienced a similar problem? This is a very vanilla build, using gcc 3.0. * server# make Using FLAGS = -O -Iinclude -I/opt/src/samba-3.0.1/source/include -I/opt/src/samba-3.0.1/source/ubiqx -I/opt/src/samba-3.0.1/source/smbwrapper -I. -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64 -I/opt/src/samba-3.0.1/source LIBS = -lsendfile -lsec -lgen -lresolv -lsocket -lnsl LDSHFLAGS = -G LDFLAGS = Compiling dynconfig.c In file included from nsswitch/winbind_nss_solaris.h:28, from nsswitch/winbind_nss.h:34, from nsswitch/winbind_nss_config.h:79, from nsswitch/winbind_client.h:1, from include/includes.h:836, from dynconfig.c:21: /usr/include/nss_dbdefs.h:375: parse error before projid_t /usr/include/nss_dbdefs.h:400: parse error before '}' token /usr/include/nss_dbdefs.h:419: field `key' has incomplete type *** Error code 1 make: Fatal error: Command failed for target `dynconfig.o' * Any help is warmly welcome! -- === Mathieu Nantel - RHCE,CCNA Ecopia BioSciences Systems Manager (514) 336-2724 x434 [EMAIL PROTECTED] === [*] Please avoid sending me Word/Excel/PowerPoint attachments. ` See: http://www.fsf.org/philosophy/no-word-attachments.html === -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] samba wins server, wins client and no wins client
Hi, I configured my samba server as a PDC and wins server. If I declare a workstation as a winsclient, the PDC is visible on network neighborhood and to logon is possible If a laptop or a PC have no wins settings, the PDC is not visible and no logon is possible. Samba 3.0.1 on RedHat 8.0, ldap backend The PDC and wins server is the same computer Why ? --- Stéphane PURNELLE [EMAIL PROTECTED] Service Informatique Corman S.A. Tel : 00 32 087/342467 -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] getent passwd doesn't list domain users
__ Hi all, I've configured samba 3.0 as a domain memeber in NT 4.0 domain. Server has been added to the domain, without any problems, BUT, for three days, I'm not able to find a way how to use NT domain resourses for this samba server. I can list domain users and groups with wbinfo command from but getent passwd lists only the local users. Does anyone know where can be the problem? Thanks Vasek -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE: [Samba] getent passwd doesn't list domain users
Did you remember to edit /etc/nsswitch.conf, I always forget that. passwd: files winbind shadow: files group: files winbind -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: 17 December 2003 16:29 To: [EMAIL PROTECTED] Subject: [Samba] getent passwd doesn't list domain users __ Hi all, I've configured samba 3.0 as a domain memeber in NT 4.0 domain. Server has been added to the domain, without any problems, BUT, for three days, I'm not able to find a way how to use NT domain resourses for this samba server. I can list domain users and groups with wbinfo command from but getent passwd lists only the local users. Does anyone know where can be the problem? Thanks Vasek -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Overriding winbind template shell
Folks, I have Samba 3.0 running on SuSE 9.0 using winbindd to authenticate my users. Everthing works properly. I have set the template shell for winbind to /bin/false as I don't want to give everyone shell access to the server. However, there are some users that require shell access. How can I set a real shell for those domain users that need a shell on the machine ? What's the procedure for overriding the winbind default of /bin false for selected users? Thanks, -C __ Do you Yahoo!? New Yahoo! Photos - easier uploading and sharing. http://photos.yahoo.com/ -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Solaris Winbind LDAP pam_mkhomedir.so
OK, I definitely know that winbind is working now, I tried logging in at the console and a message comes up - Pam_winbind[413]: user 'nt_user' granted access But that is as far as it goes, I don't get a shell prompt. I eventually have to do a 'stop + A' and reboot the machine, from now on I'll do a 'telnet localhost' to test it. Here is what my pam.conf looks like, can you see any errors? # #ident @(#)pam.conf 1.2002/01/23 SMI # # Copyright 1996-2002 Sun Microsystems, Inc. All rights reserved. # Use is subject to license terms. # # PAM configuration # # Unless explicitly defined, all services use the modules # defined in the other section. # # Modules are defined with relative pathnames, i.e., they are # relative to /usr/lib/security/$ISA. Absolute path names, as # present in this file in previous releases are still acceptable. # # Authentication management # # login service (explicit because of pam_dial_auth) # login auth requisite pam_authtok_get.so.1 login auth sufficient pam_dhkeys.so.1 login auth sufficient pam_unix_auth.so.1 login auth sufficient pam_dial_auth.so.1 login auth sufficient /usr/lib/security/pam_winbind.so.1 try_first_pass # # rlogin service (explicit because of pam_rhost_auth) # rlogin auth sufficient pam_rhosts_auth.so.1 rlogin auth requisite pam_authtok_get.so.1 rlogin auth sufficient pam_dhkeys.so.1 rlogin auth sufficient pam_unix_auth.so.1 rlogin auth sufficient /usr/lib/security/pam_winbind.so.1 try_first_pass # # rsh service (explicit because of pam_rhost_auth, # and pam_unix_auth for meaningful pam_setcred) # rsh auth sufficient pam_rhosts_auth.so.1 rsh auth required pam_unix_auth.so.1 # # PPP service (explicit because of pam_dial_auth) # ppp auth requisite pam_authtok_get.so.1 ppp auth required pam_dhkeys.so.1 ppp auth required pam_unix_auth.so.1 ppp auth required pam_dial_auth.so.1 # # Default definitions for Authentication management # Used when service name is not explicitly mentioned for authenctication # other auth requisite pam_authtok_get.so.1 other auth sufficient pam_dhkeys.so.1 other auth sufficient pam_unix_auth.so.1 other auth sufficient /usr/lib/security/pam_winbind.so.1 try_first_pass # # passwd command (explicit because of a different authentication module) # passwd auth required pam_passwd_auth.so.1 # # cron service (explicit because of non-usage of pam_roles.so.1) # cronaccount requiredpam_projects.so.1 cronaccount requiredpam_unix_account.so.1 # # Default definition for Account management # Used when service name is not explicitly mentioned for account management # other account requisite pam_roles.so.1 other account sufficient pam_projects.so.1 other account sufficient pam_unix_account.so.1 other account sufficient /usr/lib/security/pam_winbind.so.1 # # Default definition for Session management # Used when service name is not explicitly mentioned for session management # other session requiredpam_unix_session.so.1 other session sufficient /usr/lib/security/pam_winbind.so.1 #other session sufficient /usr/lib/security/pam_mkhomedir.so.1 umask=0022 # # Default definition for Password management # Used when service name is not explicitly mentioned for password management # other password required pam_dhkeys.so.1 other password requisite pam_authtok_get.so.1 other password requisite pam_authtok_check.so.1 other password required pam_authtok_store.so.1 # # Support for Kerberos V5 authentication (uncomment to use Kerberos) # #rlogin auth optional pam_krb5.so.1 try_first_pass #login auth optional pam_krb5.so.1 try_first_pass #other auth optional pam_krb5.so.1 try_first_pass #cron account optionalpam_krb5.so.1 #other account optionalpam_krb5.so.1 #other session optionalpam_krb5.so.1 #other password optional pam_krb5.so.1 try_first_pass -Original Message- From: Ganguly, Sapan [mailto:[EMAIL PROTECTED] Sent: 15 December 2003 08:23 To: '[EMAIL PROTECTED]' Cc: '[EMAIL PROTECTED]' Subject: [Samba] Solaris Winbind LDAP pam_mkhomedir.so Dear list, How do I test whether I have access to my winbind LDAP backend from my Solaris 9 machine? My LDAP database is held on a Redhat 9.0 machine also running Samba 3.0.0. I know winbind works because getent and wbinfo show up my NT users and groups. I would also like to have people log into my Solaris 9 machine with their NT usernames, I have this working on Redhat already but Solaris is proving to be a little more tricky. I've copied a pam.conf from another post on this mailing list but when I try to log in with an NT user name the process just hangs
Re: [Samba] emergency- machines kicked off network after PDC 2.2.8-3.0.0 upgrade
On Wed, 17 Dec 2003, Brett Dikeman wrote: After upgrading our PDC to 3.0.0 last night(and confirming logins worked properly)...this morning, we had two machines report errors says the machine account does not exist or has been changed. Last night, users- even ones who had not been on that particular workstation before- were able to login on at least 6 out of 30-40 workstations. All configuration files were moved over, including the secrets file- logins worked just fine. Searches on google turn up nothing helpful, and attempts to use smbpasswd have failed. I just attempted to add a new machine(well, a machine that was added to the old PDC, after we sync'd config+pw files) to the domain, and received: # smbpasswd -m czar Failed to find entry for user czar$ The entry does in fact exist in /etc/passwd and /etc/shadow. I then tried pdbedit -a -m -u czar When I went to the system and tried to re-add it to the domain, it claimed the domain did not exist or could not be contacted. To eliminate iptables from the problem, even though 137-139 tcp+udp were open, I shut it down. No change. The upgrading doc mentions nothing that would help us in this extremely straightforward(machine trust accounts) issue...I've found it to be severely lacking. This is extremely disappointing... Well, since I am the one who put the confusion into the HOWTO, perhaps I should try to help you. Please execute: testparm -s myconfig I would like you to send me the myconfig file this creates, as well as the console output from running the command. Please email this to me off-line. - John T. -- John H Terpstra Email: [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] samba 3.0.1 policies
Hi, We are considering samba 3.0.1 as a replacement for our old-hag Windows NT4.0 Server PDC. However, we do want some policy control, and from the samba 3.0.0 documentation (23.3), it says the only current functional policy is the password expirey. Is this still true in samba 3.0.1? Can an NT4.0 server be a backup domain controller to samba 3.0.1 PDC? That way we can keep the NT4 machine around and create the NTConfig.POL on that machine, and store it on the samba 3 PDC. Is that possible? Is there any way that samba 3 PDC (NT4/2K/XP clients) can run a script on a client either during logon or logoff events? Or is this a policy thing? Thanks in advance, Alex --- --- Alex Lazarevich | Systems Administrator | Imaging Technology Group Beckman Institute - University of Illinois [EMAIL PROTECTED] | (217)244-1565 | www.itg.uiuc.edu --- --- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba 3.0.1 Available for Download
Beast wrote: Wednesday, December 17, 2003, 6:13:13 PM, Tarjei wrote: I got XP to join with this version :-) Congratulations... I think you should start by setting your openldap loglevel to 256 and That's the default log level. see if you have any access denied errors. If you do, they have to be fixed first. Then try setting smbpasswd for admin. Also, if you want a I go grep 'filter=' ldap.log and then run that filter manually, all results are correct. But that does not show you if the samba admin dn has access to write anywhere. Check for write denied errors. Also, the eventlog on the xpbox is a good place to start looking. th good, working ldif, download the smbldap tools from samba.idealx.org and run smbldap-poplulate.pl. BUT: Remember to edit smbldap_conf.pm first, esp set the sid to the sid you're using. I prefer handcrafted ldif, butl i'll give a try on smbldaptools. Also: It's a good idea to edit the file so you can look at the resulting ldif and not add it directly to the ldapdatabase. Tks for sharing... Tarjei --beast -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] FIXED : known problem joining a Samba 3.0.1 domain
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Just a heads up, There is a bug in 3.0.1 that will cause Win2k (no SP and possibly up to SP2, but apparently not SP3/4) to fail to join a Samba domain. The problem was a bug in the lanman session key generation. The proposed patch that should correct it can be found at http://samba.org/samba/ftp/patches/jerry/post-3.0.1/lm_key.patch (might need to wait for the samba.org mirrors to sync up). cheers, jerry -- Hewlett-Packard- http://www.hp.com SAMBA Team -- http://www.samba.org GnuPG Key http://www.plainjoe.org/gpg_public.asc If we're adding to the noise, turn off this song --Switchfoot (2003) -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.1 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQE/4I7KIR7qMdg1EfYRAhETAKC/JuJUnAh79/fMU6dy4NUh86MY7gCg2KLp ZYg+WCFWfJwnHEUqrrUmCoI= =CJ/7 -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE: RE: [Samba] getent passwd doesn't list domain users
Try putting - winbind use default domain = yes In your smb.conf -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: 17 December 2003 16:51 To: Ganguly, Sapan Subject: Odp: RE: [Samba] getent passwd doesn't list domain users Yes I did. I edited pam.d/login and system-auth, as well. any other idea? I'll appreciate all of them... V. Ganguly, Sapan [EMAIL PROTECTED] alesgroup.com Komu '[EMAIL PROTECTED]' 17.12.2003 17:30 [EMAIL PROTECTED], '[EMAIL PROTECTED]' [EMAIL PROTECTED] Kopie Pedmt RE: [Samba] getent passwd doesn't list domain users Did you remember to edit /etc/nsswitch.conf, I always forget that. passwd: files winbind shadow: files group: files winbind -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: 17 December 2003 16:29 To: [EMAIL PROTECTED] Subject: [Samba] getent passwd doesn't list domain users __ Hi all, I've configured samba 3.0 as a domain memeber in NT 4.0 domain. Server has been added to the domain, without any problems, BUT, for three days, I'm not able to find a way how to use NT domain resourses for this samba server. I can list domain users and groups with wbinfo command from but getent passwd lists only the local users. Does anyone know where can be the problem? Thanks Vasek -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] samba 3.0.1 policies
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Alexander Lazarevich wrote: Hi, We are considering samba 3.0.1 as a replacement for our old-hag Windows NT4.0 Server PDC. However, we do want some policy control, and from the samba 3.0.0 documentation (23.3), it says the only current functional policy is the password expirey. Is this still true in samba 3.0.1? That's misleading a little. Storing a policy file (ntconfig.pol) on the [netlogon] share has been supported for years. This is client initiated. Can an NT4.0 server be a backup domain controller to samba 3.0.1 PDC? Nope, but I don;t think you need that . Is there any way that samba 3 PDC (NT4/2K/XP clients) can run a script on a client either during logon or logoff events? Or is this a policy thing? Logon yes (see 'logon script' in smb.conf(5)). Logoff would have to be some kind of client tool. - -- cheers, jerry -- Hewlett-Packard- http://www.hp.com SAMBA Team -- http://www.samba.org GnuPG Key http://www.plainjoe.org/gpg_public.asc If we're adding to the noise, turn off this song --Switchfoot (2003) -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.1 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQE/4I+4IR7qMdg1EfYRAn+lAJ9qk0dflFTJhKwFvFFV6NDkC4fwIQCfVA26 Vw706SayNc8qHYFjLm6VVXM= =2T27 -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] emergency- machines kicked off network after PDC 2.2.8-3.0.0 upgrade
The upgrading doc mentions nothing that would help us in this extremely straightforward(machine trust accounts) issue...I've found it to be severely lacking. This is extremely disappointing... I'm not a Samba developer, but I do work on several other development projects. When people complain, I usually suggest that if they want it better, perhaps they should do it themselves. If you dont like the upgrading doc, once you get your problem solved, perhaps you should consider suggesting a plan to rewrite it? You can return a bit of the favor the Samba team has done for all of us by writing such a wonderful program, and perhaps help out the next person who wants to upgrade and ends up in your situation... Just my $.02 Terry -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Winbindd
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Kent L. Nasveschuk wrote: The message I got from Jerry Carter yesterday says that Winbindd is only required for trust accounts between 2 domains. I was confused also, the documentation seems to lead one to the contrary. I was referring to winbindd running on a Samba DC. The best rule of thumb is * a Samba DC is authoritative for its own accounts (the ones in the passdb). winbindd in this case is used to deal with users/groups from trusted domains. * a Samba server that is a member of a Samba domain (and is sharing unix accounts via NIS, etc..) should run winbindd and set 'winbind trusted domains only = yes' to force the SID mapping to use local accounts rather than allocating new ones for users/groups in its own domain * a Samba server that is a member of a Windows domain should run winbindd to allocate IDs for users/groups in its own domain and trusted domains. Hope this helps. - -- cheers, jerry -- Hewlett-Packard- http://www.hp.com SAMBA Team -- http://www.samba.org GnuPG Key http://www.plainjoe.org/gpg_public.asc If we're adding to the noise, turn off this song --Switchfoot (2003) -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.1 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQE/4JHaIR7qMdg1EfYRAlQJAJ4jP2rkKkS2t8lGTAsf2D76UATPogCgxhDb /m04VH7wOelcLiGVliYgZ5A= =bOT8 -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE: RE: [Samba] getent passwd doesn't list domain users
--- Ganguly, Sapan [EMAIL PROTECTED] wrote: Try putting - winbind use default domain = yes In your smb.conf Also, make sure all your symlinks are good especially the ones in /lib. For example: lrwxrwxrwx1 root root 19 2003-12-01 17:48 libnss_winbind.so - libnss_winbind.so.2 lrwxrwxrwx1 root root 32 2003-12-01 17:48 libnss_winbind.so.2 - /usr/local/lib/libnss_winbind.so __ Do you Yahoo!? New Yahoo! Photos - easier uploading and sharing. http://photos.yahoo.com/ -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Questions about winbind idmap ldap
I use winbind to authenticate users on my linux machines so that I don't have to create separate linux Ids for everyone. I store the idmap in an LDAP database. If you want to do this too then create an LDAP database, I use OpenLDAP. If you want to know how to do this then let me know and I'll see if I can remember. Here is what my smb.conf looks like, it should give you a few clues. Don't forget to put the ldap password into secrets.tdb by 'smbpasswd -w'. You do need to follow the Samba HOWTO for some of the LDAP stuff, like where to put the samba.schema and how to initialize the LDAP database. # Global parameters [global] workgroup = NTDOMAIN server string = REDHAT9 log file = /var/log/samba/log.%m max log size = 50 socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 local master = No dns proxy = No ldap suffix = dc=example,dc=com ldap machine suffix = dc=example,dc=com ldap user suffix = dc=example,dc=com ldap group suffix = dc=example,dc=com ldap idmap suffix = ou=idmap,dc=example,dc=com ldap admin dn = cn=admin,dc=example,dc=com idmap backend = ldap:ldap://localhost idmap uid = 1-2 idmap gid = 1-2 template homedir = /home/%U template shell = /bin/bash winbind separator = - winbind use default domain = Yes [homes] comment = Home Directories read only = No browseable = No [printers] comment = All Printers path = /var/spool/samba printable = Yes browseable = No [public] path = /public read only = No guest ok = Yes /etc/nsswitch.conf should have lines that look like this - passwd: files winbind shadow: files group: files winbind My /etc/pam.d/login looks like this - (Note: pam_mkhomedir.so automatically makes home directories, you may not want that, it puts them in 'template homedir' which is specified in smb.conf) #%PAM-1.0 auth required pam_securetty.so auth sufficient pam_UNIX.so use_first_pass auth required pam_stack.so service=system-auth auth required pam_nologin.so accountrequired pam_stack.so service=system-auth password required pam_stack.so service=system-auth sessionrequired pam_stack.so service=system-auth sessionrequired pam_mkhomedir.so umask=0022 sessionoptional pam_console.so My /etc/pam.d/gdm looks like this - #%PAM-1.0 auth required pam_env.so auth required pam_stack.so service=system-auth auth required pam_nologin.so accountrequired pam_stack.so service=system-auth password required pam_stack.so service=system-auth sessionrequired pam_stack.so service=system-auth sessionoptional pam_console.so sessionrequired pam_mkhomedir.so skel=/etc/skel umask=0022 /etc/pam.d/system-auth looks like this - #%PAM-1.0 # This file is auto-generated. # User changes will be destroyed the next time authconfig is run. authrequired /lib/security/$ISA/pam_env.so authsufficient/lib/security/$ISA/pam_unix.so likeauth nullok authsufficient/lib/security/$ISA/pam_smb_auth.so use_first_pass nolocal authrequired /lib/security/$ISA/pam_deny.so account required /lib/security/$ISA/pam_unix.so passwordrequired /lib/security/$ISA/pam_cracklib.so retry=3 type= passwordsufficient/lib/security/$ISA/pam_unix.so nullok use_authtok md5 shadow passwordrequired /lib/security/$ISA/pam_deny.so session required /lib/security/$ISA/pam_limits.so session required /lib/security/$ISA/pam_unix.so -Original Message- From: Gints Neimanis [mailto:[EMAIL PROTECTED] Sent: 14 December 2003 13:07 To: [EMAIL PROTECTED] Subject: [Samba] Questions about winbind idmap ldap We are using W2K domain with Samba3 servers. The implementation of samba servers with winbind authentication was successful. Now we are looking for winbind idmap ldap backend for distributing winbind users ID's, and I have following question: 1. Do I need put all users from W2K domain to LDAP by hand (with export - import tools)? 2. Or it is possible to automatically put successfully authenticated users to LDAP directory with some of useradd script? 3. Is any other documentation excepted SAMBA3 HOWTO, with closer look to winbind idmap LDAP? Regards, Gints Neimanis -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] samba 3.0.1 policies
On Wed, 17 Dec 2003, Gerald (Jerry) Carter wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Alexander Lazarevich wrote: Hi, We are considering samba 3.0.1 as a replacement for our old-hag Windows NT4.0 Server PDC. However, we do want some policy control, and from the samba 3.0.0 documentation (23.3), it says the only current functional policy is the password expirey. Is this still true in samba 3.0.1? That's misleading a little. Storing a policy file (ntconfig.pol) on the [netlogon] share has been supported for years. This is client initiated. If we replace our NT4 PDC with samba 3 PDC, then how do we make a change to the policy (NTConfig.pol)? If the NT4 PDC is gone, we can't edit it there. Samba docs talk about editreg tool, but it also says: do not be surprised if this feature does not materialize. Has editreg materialized? This is why I'm thinking we need NT4 BDC around, so that we can edit the policy, then move that new policy to samba 3 NETLOGON. Thanks! Alex -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba 3.0.1 Available for Download
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Beast wrote: Anyone having success story using this version? I'm having weird problem. I can not joint Win-2k/WinXP-Pro with ldapsam (open ldap 2.2.22). With W2000 error says bad username or password, with WXP access denied. I'm trying to create clean ldif entry with only having 2 account, but still no luck, both cretae machine trust 'on the fly' or manual create machine account. Please try this patch. We stuffed the lanman session key generation in 3.0.1. However, I've only seen this affect unpatched Windows 2000 clients (no SP). http://samba.org/samba/ftp/patches/jerry/post-3.0.1/lm_key.patch (might need to wait for it to show up on mirrors). - -- cheers, jerry -- Hewlett-Packard- http://www.hp.com SAMBA Team -- http://www.samba.org GnuPG Key http://www.plainjoe.org/gpg_public.asc If we're adding to the noise, turn off this song --Switchfoot (2003) -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.1 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQE/4Id6IR7qMdg1EfYRAq2ZAJ4wVvIM7NhZOhE16RnT96RRBGrqiACguB47 EaX38QdmISMFId7j9hJQTIA= =3Bhe -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Odp: RE: RE: [Samba] getent passwd doesn't list domain users
Yes both of those thinks are probably ok. I've just one link, but it should be enought : ...lrwxrwxrwx1 root root 17 Nov 5 12:04 /lib/libnss_winbind.so.2 - libnss_winbind.so in a log log.mycomputer where mycomputer is a machine from which I'm trying access the samba server via srvmgr is a following record ..[2003/12/17 16:27:57, 2] auth/auth.c:check_ntlm_password(309) check_ntlm_password: Authentication for user [VUlik] - [VUlik] FAILED with error NT_STATUS_NO_SUCH_USER and there is my smb.conf [global] dos charset = UTF-8 display charset = UTF-8 workgroup = MYDOMAIN server string = Backup Server interfaces = eth0, 172.17.1.x/24 security = DOMAIN auth methods = guest, sam, winbind obey pam restrictions = Yes passdb backend = tdbsam:/usr/local/samba/private/passdb.tdb, \ smbpasswd:/usr/local/samba/private/smbpasswd log level = 3 log file = /var/log/samba/log.%m name resolve order = hosts lmhosts wins bcast socket options = TCP_NODELAY IPTOS_LOWDELAY SO_RCVBUF=8192 SO_SNDBUF=8192 add machine script = /usr/sbin/useradd -n -d /dev/null -c -s /bin/false -M %u os level = 0 preferred master = No local master = No domain master = No wins server = 172.17.1.x idmap uid = 1-2 idmap gid = 1-2 winbind cache time = 15 winbind use default domain = Yes admin users = root, MYDOMAIN\vulik I'm really helpless Joe Blow [EMAIL PROTECTED] hoo.com Komu Odeslal: [EMAIL PROTECTED] samba-bounces+vul Kopie ik=cz.soluziona.c [EMAIL PROTECTED] Pedmt g RE: RE: [Samba] getent passwd doesn't list domain users 17.12.2003 18:27 --- Ganguly, Sapan [EMAIL PROTECTED] wrote: Try putting - winbind use default domain = yes In your smb.conf Also, make sure all your symlinks are good especially the ones in /lib. For example: lrwxrwxrwx1 root root 19 2003-12-01 17:48 libnss_winbind.so - libnss_winbind.so.2 lrwxrwxrwx1 root root 32 2003-12-01 17:48 libnss_winbind.so.2 - /usr/local/lib/libnss_winbind.so __ Do you Yahoo!? New Yahoo! Photos - easier uploading and sharing. http://photos.yahoo.com/ -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Winbind-Cyrus-Outlook
I have been using Winbind for some time. We are now looking to use IMAP to replace Exchange. Currently we have configured Winbind to join our domain. Shares work fine and the ability to assign rights from the command line work fine for domain users is fine. The problem is that when outlook sends the user name and password to Winbind and PAM it bails out. When I see the users in Linux they are listed as DOMAIN+username. When Outlook passes the name and password it sends it as domain+username. How can I get Winbind to pass the proper case. It's a sure thing that Micro$oft won't provide me a fix. Has anyone else run into this? Regards. Tim -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Winbindd
* a Samba server that is a member of a Windows domain should run winbindd to allocate IDs for users/groups in its own domain and trusted domains. In my specific situation, the UNIX id's are set up first so they don't conflict with legacy systems/GIDs/UIDs, NT user names match the UNIX user names and users maintain their own UNIX and NT passwords separately ie. it's up to them to make them the same. Is this specific situation, winbindd is going to do more harm than good, if I understand correctly. Right? If it's only a member server then it would have to be getting its information from the resource domain BDC and by the definition above this information is all wrong (other than the username and password) so it would be pointless. Or am I missing something? Where does PAM fit into this? -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] One last try...winbind Solaris 9
I'm still stuck on the logging in part of winbind on Solaris 9. I've applied the required patch to the OS that is mentioned in the HOWTO and tried various other things. When I login at a command line console with a NT username and password I get a message (I've configured syslog.conf) saying that I've been granted access by pam_winbind but that is as far as it goes. I get no shell prompt or anything. Any ideas? What else can I do to get more information about what is going on? Thanks, Sapan -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: Samba freezing network
Hello, [EMAIL PROTECTED], Dienstag, 16. Dezember 2003, 16:58 you wrote: DGac My server is a pdc on debian linux and is running with a windows 2000 DGac member server that is hosting software for a flower shop. The windows DGac servers and all the workstations are freezing about twice an hour and stay DGac froze for about 2-5 minutes. They do not lock up at the same time but DGac usually after the windows server locks they lock because they are trying DGac to gather data from this flower software. If I remove the network cable DGac from the debian pdc it does not lock up any more. The windows server and DGac workstations have been there for at least a year and the debian box was DGac just introduced then they started having the problems. I replaced the DGac network card after letting the two servers ping back and forth and there DGac were errors, after I replaced the network card in the debian machine there DGac were no more errors but the windows box still locks up. smb.conf? browsing setup? ip-conflicts? -- best regards, Stefan G. Weichinger mailto:[EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE: RE: RE: [Samba] getent passwd doesn't list domain users
Try putting both links in anyway, it says you have to in the HOWTO. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: 17 December 2003 17:45 To: Joe Blow Cc: [EMAIL PROTECTED]; [EMAIL PROTECTED] Subject: Odp: RE: RE: [Samba] getent passwd doesn't list domain users Yes both of those thinks are probably ok. I've just one link, but it should be enought : ...lrwxrwxrwx1 root root 17 Nov 5 12:04 /lib/libnss_winbind.so.2 - libnss_winbind.so in a log log.mycomputer where mycomputer is a machine from which I'm trying access the samba server via srvmgr is a following record ..[2003/12/17 16:27:57, 2] auth/auth.c:check_ntlm_password(309) check_ntlm_password: Authentication for user [VUlik] - [VUlik] FAILED with error NT_STATUS_NO_SUCH_USER and there is my smb.conf [global] dos charset = UTF-8 display charset = UTF-8 workgroup = MYDOMAIN server string = Backup Server interfaces = eth0, 172.17.1.x/24 security = DOMAIN auth methods = guest, sam, winbind obey pam restrictions = Yes passdb backend = tdbsam:/usr/local/samba/private/passdb.tdb, \ smbpasswd:/usr/local/samba/private/smbpasswd log level = 3 log file = /var/log/samba/log.%m name resolve order = hosts lmhosts wins bcast socket options = TCP_NODELAY IPTOS_LOWDELAY SO_RCVBUF=8192 SO_SNDBUF=8192 add machine script = /usr/sbin/useradd -n -d /dev/null -c -s /bin/false -M %u os level = 0 preferred master = No local master = No domain master = No wins server = 172.17.1.x idmap uid = 1-2 idmap gid = 1-2 winbind cache time = 15 winbind use default domain = Yes admin users = root, MYDOMAIN\vulik I'm really helpless Joe Blow [EMAIL PROTECTED] hoo.com Komu Odeslal: [EMAIL PROTECTED] samba-bounces+vul Kopie ik=cz.soluziona.c [EMAIL PROTECTED] Pedmt g RE: RE: [Samba] getent passwd doesn't list domain users 17.12.2003 18:27 --- Ganguly, Sapan [EMAIL PROTECTED] wrote: Try putting - winbind use default domain = yes In your smb.conf Also, make sure all your symlinks are good especially the ones in /lib. For example: lrwxrwxrwx1 root root 19 2003-12-01 17:48 libnss_winbind.so - libnss_winbind.so.2 lrwxrwxrwx1 root root 32 2003-12-01 17:48 libnss_winbind.so.2 - /usr/local/lib/libnss_winbind.so __ Do you Yahoo!? New Yahoo! Photos - easier uploading and sharing. http://photos.yahoo.com/ -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] INTERNAL ERROR: Signal 11
Hi, On Wed, Dec 17, 2003 at 04:29:26AM +0100, [EMAIL PROTECTED] wrote: Hello everybody, [...] Here is a screeshot of /var/samba/log.swat, I know, 4:14 am is not a good time to make samba works correctly ;) === [2003/12/17 04:14:51, 0] lib/fault.c:fault_report(37) INTERNAL ERROR: Signal 11 in pid 4626 (3.0.1) Please read the appendix Bugs of the Samba HOWTO collection [2003/12/17 04:14:51, 0] lib/fault.c:fault_report(39) === [2003/12/17 04:14:51, 0] lib/util.c:smb_panic(1400) PANIC: internal error [2003/12/17 04:14:51, 0] lib/util.c:smb_panic(1408) BACKTRACE: 25 stack frames: #0 swat(smb_panic+0x181) [0x80b962d] #1 swat [0x80a9f4e] #2 swat [0x80a9f97] #3 /lib/libc.so.6 [0x400a4988] #4 /lib/libc.so.6 [0x40091f24] #5 /lib/libc.so.6(iconv+0x132) [0x40091602] #6 swat [0x80c3b8a] #7 swat(smb_iconv+0x36) [0x80c3bcc] #8 swat [0x80a7d01] #9 swat(convert_string+0x14b) [0x80a8011] #10 swat [0x80b5605] #11 swat(init_doschar_table+0x29) [0x80b5653] #12 swat(init_iconv+0x1a2) [0x80a7c07] #13 swat(lazy_initialize_conv+0x23) [0x80a7a61] #14 swat(convert_string_allocate+0x5e) [0x80a809d] #15 swat(push_ucs2_allocate+0x30) [0x80a8ab5] #16 swat(unix_strupper+0x19) [0x80a8533] #17 swat(strupper_m+0x60) [0x80b3738] #18 swat(set_global_myname+0x56) [0x80b7646] #19 swat [0x806405c] #20 swat(lp_load+0xa5) [0x806a00e] #21 swat [0x8061818] #22 swat(main+0xf1) [0x8063887] #23 /lib/libc.so.6(__libc_start_main+0xc6) [0x40090d06] #24 swat(chroot+0x31) [0x805ee11] I get similar errors with samba3.0.1 and samba3.0.0, but it effects the other parts of samba. (The machine work correctly no segfault or signal 11 so far with other apps.) I will post some 'INTERNAL ERRORS': [2003/12/16 11:58:50, 0] lib/fault.c:fault_report(37) INTERNAL ERROR: Signal 11 in pid 7122 (3.0.1rc2) Please read the appendix Bugs of the Samba HOWTO collection [2003/12/16 11:58:50, 0] lib/fault.c:fault_report(39) === [2003/12/16 11:58:50, 0] lib/util.c:smb_panic(1400) PANIC: internal error [2003/12/16 11:58:50, 0] lib/util.c:smb_panic(1408) BACKTRACE: 17 stack frames: #0 /usr/sbin/smbd(smb_panic+0x1ab) [0x81b047e] #1 /usr/sbin/smbd [0x819f131] #2 /usr/sbin/smbd [0x819f192] #3 /lib/libc.so.6 [0x4018f498] #4 /lib/libc.so.6(__libc_free+0x7f) [0x401d6edf] #5 /usr/sbin/smbd(CloseDir+0x21) [0x8085cbc] #6 /usr/sbin/smbd [0x80845d9] #7 /usr/sbin/smbd(dptr_close+0xb0) [0x80846cc] #8 /usr/sbin/smbd [0x80ab584] #9 /usr/sbin/smbd(reply_trans2+0x804) [0x80b2eee] #10 /usr/sbin/smbd [0x80c638f] #11 /usr/sbin/smbd [0x80c643f] #12 /usr/sbin/smbd(process_smb+0x1eb) [0x80c678b] #13 /usr/sbin/smbd(smbd_process+0x170) [0x80c72ce] #14 /usr/sbin/smbd(main+0x7b4) [0x821a260] #15 /lib/libc.so.6(__libc_start_main+0xc6) [0x4017bda6] #16 /usr/sbin/smbd(ldap_msgfree+0x7d) [0x8076cb1] .. [2003/12/16 12:01:59, 0] lib/util.c:smb_panic(1408) BACKTRACE: 29 stack frames: #0 /usr/sbin/smbd(smb_panic+0x1ab) [0x81b047e] #1 /usr/sbin/smbd [0x819f131] #2 /usr/sbin/smbd [0x819f192] #3 /lib/libc.so.6 [0x4018f498] #4 /lib/libc.so.6 [0x401d84df] #5 /lib/libc.so.6(__libc_realloc+0x100) [0x401d7020] #6 /usr/sbin/smbd(Realloc+0x91) [0x81af58a] #7 /usr/sbin/smbd(convert_string_allocate+0x3bb) [0x819cfd1] #8 /usr/sbin/smbd(push_ucs2_allocate+0x4e) [0x819d8ae] #9 /usr/sbin/smbd(unix_strupper+0x24) [0x819d1c8] #10 /usr/sbin/smbd(strupper_m+0x6b) [0x81a9a71] #11 /usr/sbin/smbd [0x817c35b] #12 /usr/sbin/smbd(secrets_fetch_trusted_domain_password+0x38) [0x817c5f3] #13 /usr/sbin/smbd(is_trusted_domain+0x5e) [0x81ec0ee] #14 /usr/sbin/smbd(make_user_info_map+0xbb) [0x81e95d3] #15 /usr/sbin/smbd [0x81ec723] #16 /usr/sbin/smbd [0x80f298c] #17 /usr/sbin/smbd(ntlmssp_update+0x1ea) [0x80f1d5b] #18 /usr/sbin/smbd(auth_ntlmssp_update+0x3d) [0x81eca8d] #19 /usr/sbin/smbd [0x80a7bb9] #20 /usr/sbin/smbd [0x80a7ee7] #21 /usr/sbin/smbd(reply_sesssetup_and_X+0x193) [0x80a817a] #22 /usr/sbin/smbd [0x80c638f] #23 /usr/sbin/smbd [0x80c643f] #24 /usr/sbin/smbd(process_smb+0x1eb) [0x80c678b] #25 /usr/sbin/smbd(smbd_process+0x170) [0x80c72ce] #26 /usr/sbin/smbd(main+0x7b4) [0x821a260] #27 /lib/libc.so.6(__libc_start_main+0xc6) [0x4017bda6] #28 /usr/sbin/smbd(ldap_msgfree+0x7d) [0x8076cb1] ... [2003/12/16 12:25:37, 0] lib/fault.c:fault_report(39) === [2003/12/16 12:25:37, 0] lib/util.c:smb_panic(1400) PANIC: internal error [2003/12/16 12:25:37, 0] lib/util.c:smb_panic(1408) BACKTRACE: 17 stack frames: #0 /usr/sbin/smbd(smb_panic+0x1ab) [0x81b047e] #1 /usr/sbin/smbd [0x819f131] #2 /usr/sbin/smbd [0x819f192]
[Samba] smbclient null-password behavior differs between 3.0 and 2.2.8a
When I made the move to 3.0, I noticed that smbclient no longer works with null passwords. Am I missing something? I read the FAQ, which suggests that the server is rejecting the null password. But I know that null passwords work fine for the 2.2.8a client, so the server is not the issue. The FAQ recommends smbclient -L host -U%, but I don't want to set the username to null. I want a non-null username with a null password. I traced the packets on the two smbclients, and I see several differences. The command I ran was: smbclient //g4-box-1/dood -I 192.168.5.90 -U dood I used the same command on both 2.2.8a and 3.0 systems. Here are the differences I saw in the packets: 1. client sends Extended Security Negotiation: Extended security negotiation is supported on 3.0, but not on 2.2.8a 2. 2.2.8a client sends ANSI Password, Unicode Password, and uppercased-account name. Meanwhile, 3.0 client doesn't send either passwords, and sends a lowercased-account name. I think this is actually the key here. 3. the primary domain sent by 2.2.8a is the client's default domain, while the primary domain sent by 3.0 is the domain of the share being accessed 4. 2.2.8a sends SMB Command: Session Setup AndX (0x73) and gets response NT Status: STATUS_SUCCESS (0x) 3.0 sends same command and gets response NT Status: STATUS_LOGON_FAILURE (0xc06d) Any suggestions how to get 3.0 to work with null passwords? Thanks, Dave -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Security mode 0x03: smbclient-2.2.8a sends password, 3.0 doesn't
I'm having trouble accessing a share using smbclient-3.0. The same share (served by a samba server on linux) is accessible from the same account using smbclient-2.2.8a. Here is the command I'm using to access the share: smbclient '//adventure/dood' -I 192.168.5.11 -U dood The server's smb.conf file includes the following three lines: security = user encrypt passwords = yes null passwords = yes If I change the 'encrypt passwords' to '= no', smbclient-3.0 works fine. The problem is that I have the exact same problem on hosts over which I have no control of the smb.conf file, for example Mac OS X 10.3. 10.3 appears to have the same behavior as my linux samba host with the above three lines in the smb.conf. When I analyze the packets sent between the client and the server, I see the following difference in the frames (see attatchments for full frame decode): samba-2.2.8a sending encrypted null password: Byte Count (BCC): 69 ANSI Password: 4C0154EFEF076CCBAE3A6256E351DF5A... Unicode Password: B30B73818904C5A7111948521702F985... Account: DOOD Primary Domain: ABCD samba-3.0 sending no password: Byte Count (BCC): 26 Account: dood Primary Domain: WORKGROUP Note that the primary domain is also different: 3.0 uses the default domain WORKGROUP, while 2.2.8a uses the default domain of the client (ABCD). What can I do on the CLIENT side to make smbclient-3.0 send the encrypted null password? Thanks, Dave -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] RH8 Packages
The samba 3.0.1 RPM for RH 8.0 seems to require two different openssl packages. It requires libssl.so.4 and libcrypto.so.2. The first is in openssl 0.9.7 and the second in openssl 0.9.6. Am I missing something? Which versions of those shared libs are actually required? -- Matt McParland -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Re: Samba 3.0 PDC, exchange 5.5 installing service pack 4 fails.
We have had very similar problems. I don't have a solution yet but hopefully this will just confirm the issue. In our production environment we are using samba 2.2.5 and we can not successfully install SP4 for exchange on Windows 2000. I have been trying successive versions of Samba to see if they fix this problem and none so far have. Currently I am testing with 3.0.1pre3. We are just in the middle of going back to exchange 5.5 on NT 4 Server but if you are having this problem than I imagine we will too. I will let you know. If anyone else has come across this problem and solved it or has any other ideas to try I would like to know. Glenn Arnold wrote: I created a brand new nt 4.0 server with exchange 5.5 server in my samba 3.0 pdc domain with no problems. The exchange server runs fine under the samba 3.0 pdc, but when I try to install exchange 5.5 sp4 on the exchange server the service pack gives me an Dr. Watson error. The exchange service pack makes it through the copying of the service pack files and then modifies the registry settings for exchange directory service and information store. Then service pack starts these services and tries to modify the registry for other services and then the sp bombs with Dr. Watson error. For grins I removed the exchange server out of the samba domain and readded to old nt 4.0 domain and reinstalled exchange. Then I reapplied exchange 5.5 service pack. The service pack installed fine under the NT 4.0 domain with no problems which it should since it is native Microsoft. Then I removed the exchange box and re-added back into the samba 3.0 domain and reinstalled exchange which the installs went fine. Try to install Service Pack 4 for Exchange and it bomb again during the modifying the registry. I believe that I was able to do this with samba 2.7 and it worked fine. I realize need to start look at a Linux e-mail solution, but I would like to switch to Samba first and then look at switching the e-mail later. One thing would be helpful is if someone could point me to an article on how to switch the service account exchange user id and password. So, I could apply the service pack into the NT 4.0 domain and then add the server back to the samba 3.0 pdc or if some one has experienced this problem give me so help here. Which I realize this situation is unique. Here is Dr. Watson error and smb.conf. Thanks in advance for help! -Glenn [global] netbios name = fs1 workgroup = domain security = user os level = 64 domain master = yes local master = yes preferred master = yes time server = yes passdb backend = tdbsam smbpasswd unix extensions = yes encrypt passwords = yes domain logons = yes logon script = logon.bat logon drive = H: logon home = \\%L\%u logon path = socket options = SO_KEEPALIVE IPTOS_LOWDELAY TCP_NODELAY wins support = yes #character set = ISO8859-15 #client code page = 850 veto files = /*.eml/*.nws/riched20.dll/ lanman auth = yes add machine script = /usr/sbin/useradd -s /bin/false -d /dev/null %u ;add machine script = /usr/sbin/useradd -d /dev/null -g 502 \ -s /bin/false -M %u ;add user script = /usr/bin/sudo /usr/sbin/useradd -d /dev/null -g ntmach -c 'Machine Account' -s /bin/false -M %u oplocks = yes load printers = yes printing = cups printcap name = cups [netlogon] path = /smbsrvr/netlogon/scripts guest ok = yes write list = ntadmin [homes] comment = Home Directories browseable = no read only = no hide dot files = yes veto files = /*.mp3/*.exe/*.com/*.js/*.bat/*.cmd/*.wsh/*.lnk/*.scr/.*/ dos file times = yes [C$] valid users = @root path = /smbsrvr read only = no create mask = 0770 directory mask = 0770 force group = +ntadmin force directory mode = 0770 dos file times = yes [Apps] path = /smbsrvr/Apps read only = no create mask = 0770 directory mask = 0770 force create mode = 0770 force directory mode = 0770 dos filetimes = yes guest ok = no guest account = 220836E browseable = yes available = yes write list = +HSSTAFF,+HSSTUDENTS inherit permissions = no root preexec close = no short preserve case = no case sensitive = no strict locking = no set directory = no guest only = no status = no follow symlinks = no map system = no locking = no only user = no sync always = no fake oplocks = no blocking locks = no hide dot files = no mangled names = no msdfs root = no strip dot = no map hidden = no posix locking = no fake directory create times = no strict sync = no level2 oplocks = no strict allocate = no dos filemode = no share modes = no wide links = no preexec close = no map archive = no hide unreadable = no mangle case = no preserve case = no dos filetime resolution = no oplock contention limit = 0 max connections = 0 write cache size = 0 [Students] path = /smbsrvr/Students read only = no create mask = 0770 directory mask = 0770 force group = +HSSTUDENTS force create mode = 0770 force directory mode = 0770 dos filetimes = yes [AdminTools$] path = /smbsrvr/AdminTools read only = no create mask = 0770 directory mask = 0770
[Samba] Using Squid + Samba3 + Winbind
I've just setup a squid server using the above software. NTLM authentication works 90% of the time with no user intervention. I'm noticing that occasionally I'm getting a popup asking for a username and password. I've looked that the winbind logs, and the only thing I notice is: [2003/12/17 14:38:00, 1] nsswitch/winbindd_group.c:winbindd_getgroups(959) user 'root' does not exist My user is MASTER\SWC, so I don't think I'm causing it. I also don't see any errors regarding my username and/or authentication. I'm not able to cause the popup to appear, so I'm not sure where to begin troubleshooting... (smb.conf debug = 5 currently). If I do a wbinfo -t it works fine, BTW. Any ideas??? -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: Samba 3.0 PDC, exchange 5.5 installing service pack 4 fails.
Gents, If this is a reproducible problem, did you file a bug report on https://bugzilla.samba.org? If you have not, then our developers will never act on it - they have been trained to deal with bugs that have noted priority in the bug tracking system. This keeps them so busy that they do not have time to randomly select more work to do from the mailing list. - John T. On Wed, 17 Dec 2003, Dan wrote: We have had very similar problems. I don't have a solution yet but hopefully this will just confirm the issue. In our production environment we are using samba 2.2.5 and we can not successfully install SP4 for exchange on Windows 2000. I have been trying successive versions of Samba to see if they fix this problem and none so far have. Currently I am testing with 3.0.1pre3. We are just in the middle of going back to exchange 5.5 on NT 4 Server but if you are having this problem than I imagine we will too. I will let you know. If anyone else has come across this problem and solved it or has any other ideas to try I would like to know. Glenn Arnold wrote: I created a brand new nt 4.0 server with exchange 5.5 server in my samba 3.0 pdc domain with no problems. The exchange server runs fine under the samba 3.0 pdc, but when I try to install exchange 5.5 sp4 on the exchange server the service pack gives me an Dr. Watson error. The exchange service pack makes it through the copying of the service pack files and then modifies the registry settings for exchange directory service and information store. Then service pack starts these services and tries to modify the registry for other services and then the sp bombs with Dr. Watson error. For grins I removed the exchange server out of the samba domain and readded to old nt 4.0 domain and reinstalled exchange. Then I reapplied exchange 5.5 service pack. The service pack installed fine under the NT 4.0 domain with no problems which it should since it is native Microsoft. Then I removed the exchange box and re-added back into the samba 3.0 domain and reinstalled exchange which the installs went fine. Try to install Service Pack 4 for Exchange and it bomb again during the modifying the registry. I believe that I was able to do this with samba 2.7 and it worked fine. I realize need to start look at a Linux e-mail solution, but I would like to switch to Samba first and then look at switching the e-mail later. One thing would be helpful is if someone could point me to an article on how to switch the service account exchange user id and password. So, I could apply the service pack into the NT 4.0 domain and then add the server back to the samba 3.0 pdc or if some one has experienced this problem give me so help here. Which I realize this situation is unique. Here is Dr. Watson error and smb.conf. Thanks in advance for help! -Glenn [global] netbios name = fs1 workgroup = domain security = user os level = 64 domain master = yes local master = yes preferred master = yes time server = yes passdb backend = tdbsam smbpasswd unix extensions = yes encrypt passwords = yes domain logons = yes logon script = logon.bat logon drive = H: logon home = \\%L\%u logon path = socket options = SO_KEEPALIVE IPTOS_LOWDELAY TCP_NODELAY wins support = yes #character set = ISO8859-15 #client code page = 850 veto files = /*.eml/*.nws/riched20.dll/ lanman auth = yes add machine script = /usr/sbin/useradd -s /bin/false -d /dev/null %u ;add machine script = /usr/sbin/useradd -d /dev/null -g 502 \ -s /bin/false -M %u ;add user script = /usr/bin/sudo /usr/sbin/useradd -d /dev/null -g ntmach -c 'Machine Account' -s /bin/false -M %u oplocks = yes load printers = yes printing = cups printcap name = cups [netlogon] path = /smbsrvr/netlogon/scripts guest ok = yes write list = ntadmin [homes] comment = Home Directories browseable = no read only = no hide dot files = yes veto files = /*.mp3/*.exe/*.com/*.js/*.bat/*.cmd/*.wsh/*.lnk/*.scr/.*/ dos file times = yes [C$] valid users = @root path = /smbsrvr read only = no create mask = 0770 directory mask = 0770 force group = +ntadmin force directory mode = 0770 dos file times = yes [Apps] path = /smbsrvr/Apps read only = no create mask = 0770 directory mask = 0770 force create mode = 0770 force directory mode = 0770 dos filetimes = yes guest ok = no guest account = 220836E browseable = yes available = yes write list = +HSSTAFF,+HSSTUDENTS inherit permissions = no root preexec close = no short preserve case = no case sensitive = no strict locking = no set directory = no guest only = no status = no follow symlinks = no map system = no locking = no only user = no sync always = no fake oplocks = no blocking locks = no hide dot files = no mangled names = no msdfs root = no strip dot = no map
RE: [Samba] Security mode 0x03: smbclient-2.2.8a sends password, 3.0 doesn't
Don't know why by I had to use a \n before the yes. Now it worked. regards -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] rg] On Behalf Of David Wuertele Sent: Wednesday, December 17, 2003 5:23 PM To: [EMAIL PROTECTED] Subject: [Samba] Security mode 0x03: smbclient-2.2.8a sends password,3.0 doesn't I'm having trouble accessing a share using smbclient-3.0. The same share (served by a samba server on linux) is accessible from the same account using smbclient-2.2.8a. Here is the command I'm using to access the share: smbclient '//adventure/dood' -I 192.168.5.11 -U dood The server's smb.conf file includes the following three lines: security = user encrypt passwords = yes null passwords = yes If I change the 'encrypt passwords' to '= no', smbclient-3.0 works fine. The problem is that I have the exact same problem on hosts over which I have no control of the smb.conf file, for example Mac OS X 10.3. 10.3 appears to have the same behavior as my linux samba host with the above three lines in the smb.conf. When I analyze the packets sent between the client and the server, I see the following difference in the frames (see attatchments for full frame decode): samba-2.2.8a sending encrypted null password: Byte Count (BCC): 69 ANSI Password: 4C0154EFEF076CCBAE3A6256E351DF5A... Unicode Password: B30B73818904C5A7111948521702F985... Account: DOOD Primary Domain: ABCD samba-3.0 sending no password: Byte Count (BCC): 26 Account: dood Primary Domain: WORKGROUP Note that the primary domain is also different: 3.0 uses the default domain WORKGROUP, while 2.2.8a uses the default domain of the client (ABCD). What can I do on the CLIENT side to make smbclient-3.0 send the encrypted null password? Thanks, Dave -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Winbindd
On Wed, 2003-12-17 at 08:56, [EMAIL PROTECTED] wrote: * a Samba server that is a member of a Windows domain should run winbindd to allocate IDs for users/groups in its own domain and trusted domains. In my specific situation, the UNIX id's are set up first so they don't conflict with legacy systems/GIDs/UIDs, NT user names match the UNIX user names and users maintain their own UNIX and NT passwords separately ie. it's up to them to make them the same. Is this specific situation, winbindd is going to do more harm than good, if I understand correctly. Right? If it's only a member server then it would have to be getting its information from the resource domain BDC and by the definition above this information is all wrong (other than the username and password) so it would be pointless. Or am I missing something? Where does PAM fit into this? The PAM configuration files direct how authentication should be handled . Should it (application, login, etc...) authenticate of the local system or winbind etc -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] juggling with file ownership
Hi I have implemented a samba file server shared by around 60 odd people. The typical scenario that I want to achieve is this. 1) Every person has his own folder. He has read and write permission to that folder. 2) Everybody should be able to write to the folder of every other user. 3) The files written into the folder should only be viewed,deleted etc by the owner of that folder and nobody else. For that I have created a group say users and added all the users in that group. I gave the following permissions. drwxrwxr-t3 abcdef users 4096 Dec 18 00:38 abcdef here abcdef is one of the users and users is the name of the group. Now any other user will be able to copy file into this folder. At the same time any user will not be able to delete the file because folder abcdef has a sticky bit set. Only the person who copied the file and abcdef will be able to delete file from the folder abcdef. But if a person create a directory inside abcdef then the case will be different. Suppose a user efghij creates a folder named test inside the folder of abcdef, then it will be something like this.. drwxr-xr-t2 efghij users 4096 Dec 17 00:00 New Folder In this case the owner of folder New folder and all the files inside it is efghij. In this case abcdef will not be able to delete files from inside New Folder even though the folder belongs to him.. I was trying to find some solution by which any folder that is created inside abcdef will automatically have the owner set as abcdef. This will solve all my problem, there does not seem to be any option available for that.. Setting the parent folder permission to 6775 does not solve the problem. The files and folders created inside abcdef still has the ownership of the user who created it, not of abcdef.. Another option suggested is force user option but in that case every operation will be run as that user which will mean that any user will be able to delete file etc from that folder, something that I do not want. Please help me if there any way by which I can achieve my requirement. Thanks in Advance Gaurav -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] krb5_get_credentials failed
Using Samba 3.0.1 packages from samba.org on RH 8.0 kernel 2.4.20. I'm trying to get winbindd configured so that we can do single-sign on across Win2k file servers and Samba file servers with ADS. I've configured Samba to do shares but it prompts for username/password unless the user/pass exists in smbpassword. 'net ads join' was successful and secrets.tdb was modified. The computer account shows up in ADS. There is a unix account created for the computer accont (computer-name$). Unfortunately, I only had temporary access to create computer accounts. To remove and add the computer account again (running net ads join again) would require many phone calls. I'm not sure if that part of the process is failing. It appears not, since the command executes with no error output and secrets.tdb is modified. I'm able to get kerberos tickets from the command line with kinit, but winbind seems to have trouble connecting to ADS and 'wbinfo -u' doesn't work. I've included configuration files and what I thought was the relevant part of the log. smb.conf: [global] workgroup = DOMAIN realm = REALM server string = fileserver security = ADS password server = pdc log level = 1 log file = /var/log/samba/%m.log max log size = 0 preferred master = No local master = No domain master = No enhanced browsing = No dns proxy = No idmap uid = 1-2 idmap gid = 1-2 winbind separator = + winbind use default domain = Yes krb5.conf: [logging] default = FILE:/var/log/krb5libs.log kdc = FILE:/var/log/krb5kdc.log admin_server = FILE:/var/log/kadmind.log [libdefaults] default_realm = REALM [realms] REALM = { kdc = pdc } [domain_realm] .pdc = REALM Relevant parts of winbindd.log: [2003/12/17 14:37:30, 5] nsswitch/winbindd_cm.c:cm_open_connection(178) connecting to pdc from fileserver with kerberos principal [EMAIL PROTECTED] [2003/12/17 14:37:30, 2] libsmb/cliconnect.c:cli_session_setup_spnego(665) Doing spnego session setup (blob length=106) [2003/12/17 14:37:30, 3] libsmb/cliconnect.c:cli_session_setup_spnego(690) got OID=1 2 840 48018 1 2 2 [2003/12/17 14:37:30, 3] libsmb/cliconnect.c:cli_session_setup_spnego(690) got OID=1 2 840 113554 1 2 2 [2003/12/17 14:37:30, 3] libsmb/cliconnect.c:cli_session_setup_spnego(690) got OID=1 2 840 113554 1 2 2 3 [2003/12/17 14:37:30, 3] libsmb/cliconnect.c:cli_session_setup_spnego(690) got OID=1 3 6 1 4 1 311 2 2 10 [2003/12/17 14:37:30, 3] libsmb/cliconnect.c:cli_session_setup_spnego(697) got [EMAIL PROTECTED] [2003/12/17 14:37:30, 2] libsmb/cliconnect.c:cli_session_setup_kerberos(509) Doing kerberos session setup [2003/12/17 14:37:30, 1] libsmb/clikrb5.c:ads_krb5_mk_req(276) krb5_get_credentials failed for [EMAIL PROTECTED] (Ticket expired) [2003/12/17 14:37:30, 4] nsswitch/winbindd_cm.c:cm_open_connection(185) failed kerberos session setup with NT_STATUS_UNSUCCESSFUL [2003/12/17 14:37:30, 5] nsswitch/winbindd_cm.c:cm_open_connection(219) anonymous connection attempt to pdc from fileserver -- Matt McParland -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Still having groupmap problems
I have two samba servers on two separate subnets that are comprising a single domain, and one of the samba servers is also the LDAP server. I've gotten everything configured except that I can't use the groupmap command. When I run: net groupmap add sid=SID-512 ntgroup=Domain Admins unixgroup=dom_admin type=domain I get this error over and over again (and increasing the log level via smbcontrol doesn't seem to provide any more information): ldapsam_search_one_group: Problem during the LDAP search: LDAP error: invalid DN (Invalid DN syntax) I also see this message every so often in the syslogs of both samba servers: passdb/pdb_ldap.c:ldapsam_search_one_group(1612) ldapsam_search_one_group: Problem during the LDAP search: LDAP error: invalid DN (Invalid DN syntax)ldapsam_search_one_group: Query was: ou=Groups,dc=domain, ((objectClass=sambaGroupMapping)(gidNumber=65534)) Are the samba servers trying to get group mappings from each other? Is gidNumber=65534 being used because the group mapping isn't setup? Can someone give me any advice on things to try to find the problem with my group map actions? Any help would be appreciated. Rob -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Re: Security mode 0x03: smbclient-2.2.8a sends password, 3.0 doesn't
Thiago Don't know why by I had to use a \n before the yes. Now it Thiago worked. I don't understand --- if you are referring to the smb.conf file, it works fine for me already. It is smbclient-3.0 that doesn't work. Dave -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Re: Security mode 0x03: smbclient-2.2.8a sends password, 3.0 doesn't
I'm very sorry, I've sent the wrong message to the list. regards and my deepest apoligize. thiago lima. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] rg] On Behalf Of David Wuertele Sent: Wednesday, December 17, 2003 6:19 PM To: [EMAIL PROTECTED] Subject: [Samba] Re: Security mode 0x03: smbclient-2.2.8a sends password, 3.0 doesn't Thiago Don't know why by I had to use a \n before the yes. Now it Thiago worked. I don't understand --- if you are referring to the smb.conf file, it works fine for me already. It is smbclient-3.0 that doesn't work. Dave -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Unable to create keytab in samba 3.0.1
List- I have several samba 3.0.0 file/print servers running in a Windows 2000 AD domain. I do not use winbind; but have an LDAP database for Unix UID's with nss_ldap. I have MIT krb5-1.3.1. When I have tried to upgrade these machines to samba 3.0.1, clients get prompted for a user name and password when trying to connect. I have seen others with this problem, but none of their fixes have worked for me. I also get this message in the log files: setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all old resources. [2003/12/17 14:01:00, 3] smbd/sesssetup.c:reply_sesssetup_and_X_spnego(471) Doing spnego session setup [2003/12/17 14:01:00, 3] smbd/sesssetup.c:reply_sesssetup_and_X_spnego(502) NativeOS=[Windows 2000 2195] NativeLanMan=[Windows 2000 5.0] PrimaryDomain=[] [2003/12/17 14:01:00, 3] smbd/sesssetup.c:reply_spnego_negotiate(380) Got OID 1 2 840 48018 1 2 2 [2003/12/17 14:01:00, 3] smbd/sesssetup.c:reply_spnego_negotiate(380) Got OID 1 2 840 113554 1 2 2 [2003/12/17 14:01:00, 3] smbd/sesssetup.c:reply_spnego_negotiate(380) Got OID 1 3 6 1 4 1 311 2 2 10 [2003/12/17 14:01:00, 3] smbd/sesssetup.c:reply_spnego_negotiate(383) Got secblob of size 1214 [2003/12/17 14:01:00, 10] passdb/secrets.c:secrets_named_mutex(697) secrets_named_mutex: got mutex for replay cache mutex [2003/12/17 14:01:00, 10] libads/kerberos_verify.c:create_keytab(56) creating keytab: MEMORY: [2003/12/17 14:01:00, 3] libads/kerberos_verify.c:setup_keytab(147) unable to create MEMORY: keytab (Unknown Key table type) [2003/12/17 14:01:00, 3] libads/kerberos_verify.c:ads_verify_ticket(280) ads_verify_ticket: unable to setup keytab [2003/12/17 14:01:00, 1] smbd/sesssetup.c:reply_spnego_kerberos(172) Failed to verify incoming ticket! [2003/12/17 14:01:00, 3] smbd/error.c:error_packet(118) error packet at smbd/sesssetup.c(173) cmd=115 (SMBsesssetupX) NT_STATUS_LOGON_FAILURE I haven't found anything that has helped. If I reinstall samba 3.0.0 and restart samba, everything works normally. I am using the same configure options for both source trees. I have also tried applying the patch sent out by Jerry today. I have Slackware 9.1. Can anyone tell me what is going wrong? I get some warnings while compiling the source, but I get the same warnings when compiling 3.0.0, so I don't think that is it. -Chris -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Machine accounts searching People
Using Samba 3.0.1 as PDC with LDAP backend under SuSE 8.2. When I try to add a machine account at my windows NT workstation using user 'root' and password, - which I have added to ldap using: smbldap-useradd.pl -a root -u 0 I get message on NT 'The machine account for this computer either does not exist or is inaccessible'. The /var/log/messages show that the machine account was indeed added successfully, but the subsequent searches are looking for my machine name 'silver$' under cn=People. Any ideas why? Curtis Grote Memorial Hospital slapd[18277]: ACCEPT from IP=127.0.0.1:33778 (IP=:: 389) slapd[18277]: conn=24 op=0 BIND dn=cn=admin,dc=pmmc,dc=com method=128 slapd[18277]: conn=24 op=0 AUTHZ dn=cn=admin,dc=pmmc,dc=com mech=simple ssf=0 slapd[18277]: conn=24 op=0 RESULT tag=97 err=0 text= slapd[18278]: conn=24 op=1 ADD dn=uid=silver$,ou=Computers,dc=pmmc,dc=com slapd[18278]: conn=24 op=1 RESULT tag=105 err=0 text= slapd[18277]: conn=24 op=2 UNBIND slapd[18277]: conn=24 fd=27 closed slapd[18275]: conn=23 fd=26 closed slapd[18275]: conn=19 fd=25 closed slapd[18278]: conn=18 op=5 SRCH base=ou=People,dc=pmmc,dc=com scope=2 filter=((objectClass=posixAccount)(uid=silver$)) slapd[18278]: conn=18 op=5 SEARCH RESULT tag=101 err=0 nentries=0 text= slapd[18277]: conn=18 op=6 SRCH base=ou=People,dc=pmmc,dc=com scope=2 filter=((objectClass=posixAccount)(uid=SILVER$)) slapd[18277]: conn=18 op=6 SEARCH RESULT tag=101 err=0 nentries=0 text= slapd[18278]: conn=17 op=9 SRCH base=dc=pmmc,dc=com scope=2 filter=(((uid=SILVER$)(objectClass=sambaSamAccount))(objectClass=sambaSamAccount)) slapd[18278]: conn=17 op=9 SEARCH RESULT tag=101 err=0 nentries=0 text= slapd[18277]: conn=17 op=10 SRCH base=ou=Groups,dc=pmmc,dc=com scope=2 filter=((objectClass=sambaGroupMapping)(|(displayName=SILVER$)(cn=SILVER$))) slapd[18277]: conn=17 op=10 SEARCH RESULT tag=101 err=0 nentries=0 text= slapd[18278]: conn=18 op=7 SRCH base=ou=Groups,dc=pmmc,dc=com scope=2 filter=((objectClass=posixGroup)(cn=SILVER$)) slapd[18278]: conn=18 op=7 SEARCH RESULT tag=101 err=0 nentries=0 text= slapd[18275]: conn=17 fd=7 closed slapd[18275]: conn=18 fd=24 closed security = user encrypt passwords = Yes # Domain Master settings preferred master = yes domain master = yes local master = yes domain logons = yes logon path = \\%N\profiles\%u logon drive = X: logon home = \\kemosabe\%u\winprofile logon script = login.cmd debug level = 2 idmap backend = ldap:ldap://localhost idmap uid = 1-2 idmap gid = 1-2 winbind enum users = no winbind enum groups = no passdb backend = ldapsam:ldap://kemosabe.pmmc.com ldap admin dn=cn=admin,dc=pmmc,dc=com ldap ssl = off ldap delete dn = no ldap passwd sync = yes ldap suffix = dc=pmmc,dc=com ldap user suffix = ou=People ldap group suffix = ou=Groups ldap machine suffix = ou=Computers ldap filter = ((uid=%u)(objectclass=sambaSamAccount)) ldap idmap suffix = dc=pmmc,dc=com passwd program = /home/sambaldap/smbldap-passwd.pl '%u' add user script = /home/sambaldap/smbldap-useradd.pl -m '%u' delete user script = /home/sambaldap/smbldap-userdel.pl '%u' add group script = /home/sambaldap/smbldap-groupadd.pl '%g' delete group script = /home/sambaldap/smbldap-groupdel.pl '%g' add user to group script = /home/sambaldap/smbldap-groupmod.pl -m '%u' '%g' delete user from group script = /home/sambaldap/smbldap-groupmod.pl -x '%u' '%g' set primary group script = /home/sambaldap/smbldap-usermod.pl -g '%g' '%u' add machine script = /home/sambaldap/smbldap-useradd.pl -a -w -d /dev/null -g 553 -c 'Machine Account' -s /bin/false %m -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] samba 3.0.1 policies
Hi, what is the problem with orktools editing the policies? I discovered no problem with my running samba 3 pdc Please describe your problem Regards - Original Message - From: Alexander Lazarevich [EMAIL PROTECTED] To: Samba Mailing List [EMAIL PROTECTED] Sent: Wednesday, December 17, 2003 6:34 PM Subject: Re: [Samba] samba 3.0.1 policies On Wed, 17 Dec 2003, Gerald (Jerry) Carter wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Alexander Lazarevich wrote: Hi, We are considering samba 3.0.1 as a replacement for our old-hag Windows NT4.0 Server PDC. However, we do want some policy control, and from the samba 3.0.0 documentation (23.3), it says the only current functional policy is the password expirey. Is this still true in samba 3.0.1? That's misleading a little. Storing a policy file (ntconfig.pol) on the [netlogon] share has been supported for years. This is client initiated. If we replace our NT4 PDC with samba 3 PDC, then how do we make a change to the policy (NTConfig.pol)? If the NT4 PDC is gone, we can't edit it there. Samba docs talk about editreg tool, but it also says: do not be surprised if this feature does not materialize. Has editreg materialized? This is why I'm thinking we need NT4 BDC around, so that we can edit the policy, then move that new policy to samba 3 NETLOGON. Thanks! Alex -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Upgrade from 2.2.8a to 3.0.1 issues
Greetings, Yesterday, I attempted to migrate my existing samba file server, running 2.2.8a on Linux (2.4.23), which provides file sharing services to a Windows NT domain with approximately 150 users. It has been working well for over a year now, and other upgrades have gone off without a hitch. The samba server connects to a windows NT PDC. The relevent snip from my smb.conf file is: [global] workgroup = HYDRA netbios name = FILESERVER server string = Hydra Samba File Server encrypt passwords = Yes log file = /usr/local/samba/var/log.%m max log size = 50 dns proxy = No wins server = 10.1.2.20 hosts allow = 10. security = domain password server = * browseable = No With 2.2.8a (and previous versions), I was able to start smbd and nmbd and use: /usr/local/samba/bin/smbpasswd -r godzilla -U root%password -j HYDRA Which informs me that I have joined the HYDRA domain and my users are then able to authenticate via the Windows NT PDC. After the upgrade to 3.0.1, which uses the same smb.conf file, I now use the net join command: net join -U root%password which also tells me that I've joined the HYDRA domain, but users are unable to authenticate. With no -j flag, I receive no error. With -j 2 enabled, I receive the following error message: [2003/12/16 20:23:57, 1] utils/net_ads.c:ads_startup(181) ads_connect: Connection refused If I force RPC connection types with net rpc join, I receive: [2003/12/16 20:25:12, 2] lib/util_sock.c:open_socket_out(742) error connecting to 10.1.2.20:445 (Connection refused) The IP address of the Windows PDC, which does password authentication, is correct. In both 2.2.8a and 3.0.1, Samba was built with a default call to ./configure, without any arguments. Anyone have any comments or suggestions? Thank you in advance. Jason -- Jason Nugent, BSc [EMAIL PROTECTED] http://malhavoc.homeunix.com -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] help: samba server don't work, log says: PANIC: failed to set gid
hi all, when i try to connnect to my smaba server from a win2000 workstation, it says the using network name is no longer usable. the log is like below: ... [1970/01/01 00:00:39, 10] ../lib/util.c:dump_data(1541) [000] 4D 5C E0 48 6D A0 99 2B CC 9F 15 9C AF E6 74 3B M\.Hm..+ ..t; [1970/01/01 00:00:39, 10] ../lib/util.c:dump_data(1549) [010] CB 61 96 1F 8B ED DD 3B 5C 5C 31 37 32 2E 39 36 .a.; \\172.96 [1970/01/01 00:00:39, 10] ../lib/util.c:dump_data(1549) [020] 2E 33 33 2E 31 34 37 5C 49 50 43 24 00 3F 3F 3F .33.147\ IPC$.??? [1970/01/01 00:00:39, 10] ../lib/util.c:dump_data(1549) [030] 3F 3F 00 ??. [1970/01/01 00:00:39, 3] ../smbd/process.c:switch_message(685) switch message SMBtconX (pid 97) [1970/01/01 00:00:39, 3] ../smbd/sec_ctx.c:set_sec_ctx(329) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [1970/01/01 00:00:39, 5] ../smbd/uid.c:change_to_root_user(217) change_to_root_user: now uid=(0,0) gid=(0,0) [1970/01/01 00:00:39, 4] ../smbd/reply.c:reply_tcon_and_X(334) Got device type ? [1970/01/01 00:00:39, 10] ../lib/access.c:check_access(304) check_access: allow = , deny = [1970/01/01 00:00:39, 10] ../lib/username.c:user_in_list(456) user_in_list: checking user in list [1970/01/01 00:00:39, 3] ../smbd/password.c:authorise_login(855) authorise_login: ACCEPTED: guest account and guest ok (nobody) [1970/01/01 00:00:39, 10] ../lib/username.c:user_in_list(456) user_in_list: checking user nobody in list [1970/01/01 00:00:39, 10] ../smbd/service.c:make_connection(356) make_connection: share is set read only. [1970/01/01 00:00:39, 10] ../lib/username.c:user_in_list(456) user_in_list: checking user nobody in list [1970/01/01 00:00:39, 10] ../lib/username.c:user_in_list(456) user_in_list: checking user nobody in list [1970/01/01 00:00:39, 10] ../lib/username.c:user_in_list(456) user_in_list: checking user nobody in list [1970/01/01 00:00:39, 3] ../smbd/service.c:make_connection(487) Connect path is /tmp [1970/01/01 00:00:39, 3] ../smbd/sec_ctx.c:push_sec_ctx(297) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [1970/01/01 00:00:39, 3] ../smbd/uid.c:push_conn_ctx(286) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [1970/01/01 00:00:39, 3] ../smbd/sec_ctx.c:set_sec_ctx(329) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [1970/01/01 00:00:39, 0] ../lib/util_sec.c:assert_gid(114) Failed to set gid privileges to (-1,65534) now set to (0,0) uid=(0,0) [1970/01/01 00:00:39, 0] ../lib/util.c:smb_panic(1094) PANIC: failed to set gid can anybody help me? the version of my samba server is 2.2.8. __ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Domain account
Hi Craig Greats..!! It's works now, and I can sleep well tonight...:) Thanks for your bright explanations, it's so helpful to me. Many Thanks, Dede Nurmansyah -Original Message- From: Craig White [mailto:[EMAIL PROTECTED] Sent: Wednesday, December 17, 2003 11:54 AM To: Dede NURMANSYAH Cc: [EMAIL PROTECTED] Subject:RE: [Samba] Domain account Never works right if you log in to server with one account and then you try to join machine to network using different account - once you have made connection to Samba as another user, you cannot then connect again using root or Administrator. Try logging out of Windows computer - logging back in and then joining machine to domain user: root password: root-password-in-smbpasswd domain: domain name Craig -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: Samba 3.0 PDC, exchange 5.5 installing service pack 4 fails.
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Dan wrote: We have had very similar problems. I don't have a solution yet but hopefully this will just confirm the issue. In our production environment we are using samba 2.2.5 and we can not successfully install SP4 for exchange on Windows 2000. I have been trying successive versions of Samba to see if they fix this problem and none so far have. Currently I am testing with 3.0.1pre3. We are just in the middle of going back to exchange 5.5 on NT 4 Server but if you are having this problem than I imagine we will too. I will let you know. If anyone else has come across this problem and solved it or has any other ideas to try I would like to know. Let me know if you are still having problems and we'll see if we can't work it out. I know Jeremy is pretty bug on making sure Exchange servers in a Samba domain function as expected. cheers, jerry -- Hewlett-Packard- http://www.hp.com SAMBA Team -- http://www.samba.org GnuPG Key http://www.plainjoe.org/gpg_public.asc If we're adding to the noise, turn off this song --Switchfoot (2003) -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.1 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQE/4R4AIR7qMdg1EfYRAvnhAJ41BEmSYbcUi9nBiITCJWtmLfazJwCaA51U tUfXSDwrNGSQQwdGnAwbKNM= =Vd7t -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] It would seem to be simple but it's got me scratching my head
Samba 3.0.0 - RH AS 3 # ./smbldap-groupshow.pl Computers No such object at /usr/local/sbin//smbldap_tools.pm line 590, DATA line 283. # ./smbldap-usershow.pl cnassa dn: uid=cnassa,ou=People,o=Mullen,c=US Why can't I get the groups to work correctly, I do have a 'Computers' group? This same problem is causing a bunch of errors when I try to net rpc vampire - it can't add the groups but it adds the users. section from smbldap_conf.pm # Where are stored Users # Ex: $usersdn = ou=Users,$suffix; for ou=Users,dc=IDEALX,dc=ORG #$usersou = q(Users); $usersou = q(People); $usersdn = ou=$usersou,$suffix; # Where are stored Computers # Ex: $computersdn = ou=Computers,$suffix; for ou=Computers,dc=IDEALX,dc=ORG $computersou = q(Computers); $computersdn = ou=$computersou,$suffix; # Where are stored Groups # Ex $groupsdn = ou=Groups,$suffix; for ou=Groups,dc=IDEALX,dc=ORG $groupsou = q(Groups); $groupsdn = ou=$groupsou,$suffix; # Default scope Used $scope = sub; Craig -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba Variables and TCP/IP Throughput
So, here's the answer to the puzzle... I did as Per suggested -- set the so_sndbuf and so_rcvbuf to 65535 each, as well as read size and max xmit to the same. And low and behold, the throughput between my Windows XP box and my Linux Box's Firewire RAID 5 arrays went from around 20 MB/sec to around 30 MB/sec. And when I raised all those values by another factor of 4 (up to 262140 for each one) my throughput increased to around 36-37 MB/sec. Raising those values further didn't seem to make any difference. And, and, and, ... at the 262140 level, now I was able to set the MTUs to 4088 on the Windows side and 4074 on the Linux side (4K Jumbo Frames). While throughput essentially remained the same as what I was getting with a standard 1514/1500 MTU, I was happy that it didn't DROP by 50 percent, as it did before when I was trying to use 4K and 9K Jumbo Frames with the buffers set to 8092. And although throughput didn't go UP with the 4K frames, the CPU usage in each machine was pretty much cut in half. That made my Windows XP video editing applications happy. Incidentally, I still get a serious DROP in throughput, about 50 percent, if I try to use 9K Jumbo Frames -- even with those big buffers (I even tried up to 1 MB buffers). Perhaps that could be due to the fact that both my Windows and Linux boxes only have 32-bit PCI slots. I should add a few other notes. First, I am using Intel Gigabit Server NICs because they seem to have good Linux drivers -- and the Intel Tech Support folks were totally blown away by the fact that a few variables in a Samba configuration file could affect network throughput so dramatically. Alas, Samba is a mystery to many folks in this world -- myself included. Second, after hours of playing with TCP/IP settings on both the Windows and Linux sides -- TcpWindowSize in Windows, and a bunch of wmem, rmem, and mem values in Linux -- I came to the conclusion that none of my changes gave me any improvement over the default configurations of both operating systems (at least the way Linux is configured in Mandrake 9.2). Before I started tweaking, I had tried all sorts of Window sizes using the program Iperf on both ends -- and found pretty much that I got to the maximum throughput (a pure bandwidth of about 780 Mbits) at about 64K TCPWindows. But both OS's must do that by default, so tweaking was a waste of time in my case, where I have a fast LAN with almost zero latency. Finally, I have to say that I am impressed with the Intel Gigabit Server Ethernet adapters. The Intel e1000 drivers (not the eepro1000 driver that came with my Mandrake 9.2 distribution) give you fantastic flexibility in both Linux and Windows. For instance, the driver has a number of methods to let you choose whether the NIC interrupts the CPU each time it receives or transmits a packet, or whether the NIC stores up lots of packets and interrupts less frequently. Playing around with that and other settings in the driver allowed me to trade a 15 percent reduction in maximum throughput (and a slight increase in latency) for a 75 percent reduction in CPU usage! Which let my Windows video editing application flawlessly playback uncompressed video through some hardware that's also vying for attention on the PCI bus. Without the ability to do this kind of tweaking, my video editing application was getting interrupted too often to work properly. Surely there are other real time applications that can benefit from such control. I certainly had a happier experience with the Intel NIC than with either Linksys or SysKonnect NICs -- although I hear the SysKonnect NICs are a little faster than most. Hope all this information is useful to somebody out there. As a last word, of course my switch supports Jumbo Frames. I'm trying out a fairly new SMC switch, the SMC8508T. It's fast, cheap and out of control... No just kidding. It's fast and cheap (around $ 140 US) and as far as I can see it's the only switch any where near that price that supports Jumbo Frames. Says so right on the box. It's an unmanaged switch. But I know it's not the switch that's caused my original problems with Jumbo Frames, because I had the same problems when I took the switch out of the system and connected the computers directly. And that's still the case with the 9K Jumbo Frames. Finally, I put use sendfile=yes in my samba configuration file. But what does it do??? I suppose I should at least try taking it out and seeing what it does. Thanks for your suggestions. It's because of people like you that Linux keeps getting better, and Linux users keep getting better results. Andy In a message dated 12/17/2003 10:10:10 AM Eastern Standard Time, [EMAIL PROTECTED] writes: I believe samba just does setsockopt or ioctl on the sockets. Do you get any errors on the interfaces in jumbo? Does your switch support jumbo? Setting use sendfile=yes will help alot on read speeds from samba. On the
[Samba] Problem migrating from 2.2.8a to 3.0.1
I have a Samba 2.2.8a PDC running that I would like to upgrade to 3.0.1. I also have to BDCs and was trying to convert them to 3 before I started on the PDC and found out I was out of commission because of some kind of error. So. I installed 3 on the two BDCs along with OpenLDAP 2.1 and set everything up. The LDAP/Samba combo works fine, I can connect with out a problem as a Stand_Alone_Role. But then, I run the net rpc getsid command to get the PDCs SID and it gives me a Unable to find a suitable server error. Is there a way I can manually enter the domain SID? Help would be greatly appreciated! Thanks, Mike BDC config # Global parameters [global] workgroup = DCS server string = Tallmadge Server passdb backend = ldapsam:ldap://localhost lanman auth = No log level = 3 log file = /var/log/samba/log.%m max log size = 50 name resolve order = wins lmhosts bcast time server = Yes socket options = TCP_NODELAY IPTOS_LOWDELAY SO_SNDBUF=8192 SO_RCVBUF=8192 os level = 70 preferred master = No local master = No domain master = No wins server = 192.168.5.20 --This is also the Samba 2.2 PDC ldap suffix = dc=dcs ldap machine suffix = ou=Computers ldap user suffix = ou=Users ldap group suffix = ou=Groups ldap idmap suffix = ou=IDMap ldap admin dn = cn=sambauser,dc=dcs ldap ssl = start tls idmap backend = ldap idmap uid = 4-5 idmap gid = 4-5 hosts allow = 127.0.0.1, 192.168.5.0/255.255.255.192, 192.168.5.128/255.255.255.192, 192.168.5.192/255.255.255.192 LDAP Domain SID entry # DCS, dcs dn: sambaDomainName=DCS,dc=dcs sambaDomainName: DCS sambaSID: S-1-5-21-657526034-1340598581-4100531696 sambaAlgorithmicRidBase: 1000 objectClass: sambaDomain # search result search: 2 result: 0 Success # numResponses: 2 # numEntries: 1 -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] check_winbind_security: Not using winbind..samba-3.0.1
Can anyone advise as to why Samba is not using winbind? check_winbind_security: Not using winbind, requested domain was for this SAM. I can wbinfo -g -u getent group | passwd for domain users. Tim [global] workgroup = TUX realm = TUX.AK server string = Samba Server %v security = ADS auth methods = winbind obey pam restrictions = Yes password server = ipaddress log level = 3 log file = /usr/local/samba/var/log.%m max log size = 100 name resolve order = wins lmhosts bcast socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 printcap name = cups add user script = /usr/sbin/useradd -s /bin/false '%u' os level = 0 preferred master = No local master = No domain master = No dns proxy = No wins server = ipaddress idmap uid = 1-2 idmap gid = 1-2 template shell = /bin/bash winbind use default domain = Yes printer admin = '@Domain Admins' printing = cups -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] user name with a dot not working
On Tue, 16 Dec 2003, Robert Nedbal wrote: Hello, I'm having problems with user names containing a dot. For example j.smith. I always use j_smith . This works without mapping and does the same. Regards, Uli. In our network we have Win2K PDC and a Samba server. smb.conf contains this: [global] security = domain password server = MYSERVER username map = /etc/samba/smbusers [myshare] valid users = j.smith write list = j.smith etc... /etc/samba/smbusers file contains this: jsmith = j.smith And Linux box with Samba server has an account for user 'jsmith' (/home/jsmith). So I'm trying to map 'j.smith' (windows user name) to 'jsmith' (linux user name). But the problem is that when I try to access shares on samba server I get NT_STATUS_WRONG_PASSWORD. I'm sure the password is entered correctly. [EMAIL PROTECTED] me]$ smbclient //SAMBASRV/webpages -U 'j.smith' added interface ip=10.92.32.33 bcast=10.92.255.255 nmask=255.255.0.0 Password: Domain=[MYDOMAIN] OS=[Unix] Server=[Samba 2.2.7a-security-rollup-fix] tree connect failed: NT_STATUS_WRONG_PASSWORD and in a log file on samba server I see: [2003/12/16 17:53:39, 0] smbd/password.c:authorise_login(863) authorise_login: rejected invalid user nobody ^ -- this is strange! (why nobody?) The same error I get from windows clients. When I intentionally enter wrong password, I get in log file this: [2003/12/16 17:11:50, 0] smbd/password.c:domain_client_validate(1619) domain_client_validate: unable to validate password for user J.SMITH in domain MYDOMAIN to Domain controller MYSERVER. Error was NT_STATUS_WRONG_PASSWORD. When I inetntionally enter wrong user name, I get in log file this: [2003/12/16 17:12:02, 0] smbd/password.c:domain_client_validate(1619) domain_client_validate: unable to validate password for user X.SMITH in domain MYDOMAIN to Domain controller MYSERVER. Error was NT_STATUS_NO_SUCH_USER. When I remove 'jsmith = j.smith' from /etc/samba/smbusers and change unix user to 'j.smith', everythig starts working. But I would like to use on Linux usernames without a dot. Thanks for your help, any ideas? Best regards, Robert -- Robert Nedbal - Czech Technical University in Prague, Czech Republic email: [EMAIL PROTECTED] http://www.sh.cvut.cz/~robik/ /* Debuggers are evil. Never ever trust them. */ -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba +-+ | Peter Ulrich Kruppa | | - Wuppertal - | | Germany | +-+ -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] winXP pro and Samba 2.2.7 network w/win95/98 systems
hello, Need advise I've been attempting to get a winXP system added into the network of win95/98 systems and a Samba 2.2.7 server (redhat 7.3) current version of Samba version 2.2.7a-security-rollup-fix the win95/98 systems work fine. the winXP has trouble .. 1) It can not see the samba server OR other systems in the network neighborhoods. (it CAN ping the IPs tho .. ) I've read the book - and am stumped. What to look for??? 2) attempted to replicate network on an off production network - unpatched version of winXP - got it to see the server in the network neighborhood (don't know how) BUT - get error Server not accessible again, I am stumped.. please advise or point to references which may help. thanks here is my smb.conf #=== Global Settings = [global] smb passwd file = /etc/samba/smbpasswd add user script = /usr/sbin/useradd -d /dev/null -g machines -c 'Machine Account' -s /bin/false -M %u # -d = home dir, -g group, -c comment, -s shell, -M userhome dir will NOT be created pam password change = yes encrypt passwords = yes wins support = true max log size = 0 obey pam restrictions = yes directory mode = 775 security = user passwd program = /usr/bin/passwd %u printing = lprng create mode = 775 dns proxy = no only user = yes socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 valid users = @samba root preexec = /usr/bin/ntlogon -u %U -g %G -o %a -d /var/lib/samba/netl ogon \ chmod 644 /var/lib/samba/netlogon/%U.bat; printcap name = /etc/printcap invalid users = root logon script = %U.bat passwd chat = *New*password* %n\n *Retype*new*password* %n\n *passwd:*al l*authentication*tokens*updated*successfully* domain admin group = compadm user = @samba domain logons = yes unix password sync = Yes workgroup = MP server string = MP Server log file = /var/log/samba/%m.log delete readonly = yes netbios name = server load printers = yes root postexec = rm -f /var/lib/samba/netlogon/%U.bat os level = 33 write list = @samba logon home = \\server\%U [homes] comment = Home Directories browseable = no writable = yes valid users = %S create mode = 0664 directory mode = 0775 # If you want users samba doesn't recognize to be mapped to a guest user ; map to guest = bad user # Un-comment the following and create the netlogon directory for Domain Logons [netlogon] comment = Network Logon Service path = /usr/local/samba/lib/netlogon guest ok = yes writable = no share modes = no # NOTE: If you have a BSD-style print system there is no need to # specifically define each individual printer [printers] comment = All Printers path = /var/spool/samba browseable = no # Set public = yes to allow user 'guest account' to print guest ok = no writable = no printable = yes [data] path = /usr/data force group = samba __ Do you Yahoo!? New Yahoo! Photos - easier uploading and sharing. http://photos.yahoo.com/ -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] doubt
i just want to know how samba works. how the commands from Windows are received by Samba. i want to know the process of Samba working with windows ie. how the commands are received and how they are processed. in what structure the command is recieved by Samba server? how can a samba server receives message from windows? -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] It would seem to be simple but it's got me scratching my head
Craig, A few pointers might help you. I had to sweat my way through this stuff so I can document it for my new book. This gave me one of those rare moments when I started with totally clean systems and set everything up on an isolated network. A real tease! 1. Beware of the ldap.conf file that has: nss_base_group ou=Group,dc=abmas,dc=biz?one when it should be: nss_base_group ou=Groups,dc=abmas,dc=biz?one That extra s caught me too. It's oly one character though! :) 2. Do not use the Computers container for machine accounts. It breaks. You can totally avoid the problem by just using the People container. There is apparently a Samba/LDAP search bug there. Jerry did warn me, but I had to prove it for myself! :( The symptom of the bug is that Samba (LDAP) can not find the trust account for the workstation (same for BDCs). 3. Current CVS (and 3.0.1) has apparanetly a bug that prevents Workstations from logging onto the domain for the first time. I down-graded to CVS December 1st, and I could log on. Then I updated to current CVS and it works fine. This bug bites only when a machine first joins the domain. Rejoins work fine. 4. As for the vampire process - make sure that the back-end you use can create accounts that have spaces and/or upper-case characters in the name. If your backend can't handle this you must create a work-around that intercepts the illegal name and mangles it to something that is legal for the underlying backend. I hope these comments prove a little helpful - if not too late. Cheers, John T. On Wed, 17 Dec 2003, Craig White wrote: Answering my own question...Group / Groups - what's an 's' between friends - made me crazy. Anyway - got net rpc vampire completely in. At the end of the 'slurp' I got this one message... SAM_DELTA_DOMAIN_INFO not handled My google searches makes me think that this is about Upper case User names which ultimately won't be a problem because those logins will go bye bye anyway... Any other reason to worry because of that message? Craig On Wed, 2003-12-17 at 20:47, Craig White wrote: Samba 3.0.0 - RH AS 3 # ./smbldap-groupshow.pl Computers No such object at /usr/local/sbin//smbldap_tools.pm line 590, DATA line 283. # ./smbldap-usershow.pl cnassa dn: uid=cnassa,ou=People,o=Mullen,c=US Why can't I get the groups to work correctly, I do have a 'Computers' group? This same problem is causing a bunch of errors when I try to net rpc vampire - it can't add the groups but it adds the users. section from smbldap_conf.pm # Where are stored Users # Ex: $usersdn = ou=Users,$suffix; for ou=Users,dc=IDEALX,dc=ORG #$usersou = q(Users); $usersou = q(People); $usersdn = ou=$usersou,$suffix; # Where are stored Computers # Ex: $computersdn = ou=Computers,$suffix; for ou=Computers,dc=IDEALX,dc=ORG $computersou = q(Computers); $computersdn = ou=$computersou,$suffix; # Where are stored Groups # Ex $groupsdn = ou=Groups,$suffix; for ou=Groups,dc=IDEALX,dc=ORG $groupsou = q(Groups); $groupsdn = ou=$groupsou,$suffix; # Default scope Used $scope = sub; Craig -- John H Terpstra Email: [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
CVS update: samba4/source/librpc/rpc
Date: Wed Dec 17 21:37:34 2003 Author: tridge Update of /home/cvs/samba4/source/librpc/rpc In directory dp.samba.org:/tmp/cvs-serv30438 Modified Files: dcerpc_util.c Log Message: fixed a segv in RPC-* when debug level 2 thanks to Kai for spotting this! Revisions: dcerpc_util.c 1.16 = 1.17 http://www.samba.org/cgi-bin/cvsweb/samba4/source/librpc/rpc/dcerpc_util.c.diff?r1=1.16r2=1.17
CVS update: samba/source/libsmb
Date: Wed Dec 17 21:57:26 2003 Author: jra Update of /data/cvs/samba/source/libsmb In directory dp.samba.org:/tmp/cvs-serv1969/libsmb Modified Files: Tag: SAMBA_3_0 ntlmssp.c Log Message: Add in comments explaining NTLMv2 selection. Use lm session key if that's all there is. Jeremy. Revisions: ntlmssp.c 1.4.2.28 = 1.4.2.29 http://www.samba.org/cgi-bin/cvsweb/samba/source/libsmb/ntlmssp.c.diff?r1=1.4.2.28r2=1.4.2.29