Re: [Samba] How to tell if option "with-acl-support" is compiledinSolaris smbd?
Do I need any additional package installed in Solaris 9 before I compile Samba "with-acl-support"? Thanks, Hai >>> Tom Dickson <[EMAIL PROTECTED]> 12/24/03 21:49 PM >>> -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 I don't see WITH_ACL so I'm going to guess no. Hai Wu wrote: | Thanks. I am still not sure whether option "with-acl-support" has been compiled in the smbd. -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.3 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQE/6l5LRliD/69byygRAiZ/AJ4sCALIyZP8omzEIjpGRsKOzmftrQCfZCz/ ew4CkRRfgzlRuHghBpjhrD4= =DnD+ -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] How to tell if option "with-acl-support" is compiledin Solaris smbd?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 I don't see WITH_ACL so I'm going to guess no. Hai Wu wrote: | Thanks. I am still not sure whether option "with-acl-support" has been compiled in the smbd. -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.3 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQE/6l5LRliD/69byygRAiZ/AJ4sCALIyZP8omzEIjpGRsKOzmftrQCfZCz/ ew4CkRRfgzlRuHghBpjhrD4= =DnD+ -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] How to tell if option "with-acl-support" is compiledin Solaris smbd?
Thanks. I am still not sure whether option "with-acl-support" has been compiled in the smbd. The following is the output: Build environment: Built by:[EMAIL PROTECTED] Built on:Tue Dec 23 15:00:40 CST 2003 Built using: gcc Build host: SunOS hxwu-dt-tt 5.9 Generic_112233-08 sun4u sparc SUNW,Sun-Blade-100 SRCDIR: /space/hxwu/swinstall/samba-3.0.1/source BUILDDIR:/space/hxwu/swinstall/samba-3.0.1/source Paths: SBINDIR: /usr/local/samba/sbin BINDIR: /usr/local/samba/bin SWATDIR: /usr/local/samba/swat CONFIGFILE: /usr/local/samba/lib/smb.conf LOGFILEBASE: /usr/local/samba/var LMHOSTSFILE: /usr/local/samba/lib/lmhosts LIBDIR: /usr/local/samba/lib SHLIBEXT: so LOCKDIR: /usr/local/samba/var/locks PIDDIR: /usr/local/samba/var/locks SMB_PASSWD_FILE: /usr/local/samba/private/smbpasswd PRIVATE_DIR: /usr/local/samba/private System Headers: HAVE_SYS_ACL_H HAVE_SYS_FCNTL_H HAVE_SYS_FILIO_H HAVE_SYS_IOCTL_H HAVE_SYS_IPC_H HAVE_SYS_MMAN_H HAVE_SYS_MODE_H HAVE_SYS_MOUNT_H HAVE_SYS_PARAM_H HAVE_SYS_RESOURCE_H HAVE_SYS_SELECT_H HAVE_SYS_SHM_H HAVE_SYS_SOCKET_H HAVE_SYS_SOCKIO_H HAVE_SYS_STATFS_H HAVE_SYS_STATVFS_H HAVE_SYS_STAT_H HAVE_SYS_SYSCALL_H HAVE_SYS_SYSLOG_H HAVE_SYS_TERMIO_H HAVE_SYS_TIME_H HAVE_STROPTS_H HAVE_SYSLOG_H HAVE_TERMIOS_H HAVE_TERMIO_H HAVE_UNISTD_H HAVE_UTIME_H UTMP Options: HAVE_GETUTMPX HAVE_UTMPX_H HAVE_UTMP_H HAVE_UT_UT_EXIT HAVE_UT_UT_ID HAVE_UT_UT_NAME HAVE_UT_UT_PID HAVE_UT_UT_TIME HAVE_UT_UT_TYPE HAVE_UT_UT_USER PUTUTLINE_RETURNS_UTMP WITH_UTMP HAVE_* Defines: HAVE_ADDRTYPE_IN_KRB5_ADDRESS HAVE_AP_OPTS_USE_SUBKEY HAVE_ATEXIT HAVE_BER_SCANF HAVE_BZERO HAVE_CHMOD HAVE_CHOWN HAVE_CHROOT HAVE_COMPILER_WILL_OPTIMIZE_OUT_FNS HAVE_CONNECT HAVE_CREAT64 HAVE_CRYPT HAVE_CUPS HAVE_DIRENT_D_OFF HAVE_DLCLOSE HAVE_DLERROR HAVE_DLOPEN HAVE_DLSYM HAVE_DUP2 HAVE_ENDNETGRENT HAVE_ERRNO_DECL HAVE_EXECL HAVE_EXPLICIT_LARGEFILE_SUPPORT HAVE_FCHMOD HAVE_FCHOWN HAVE_FCNTL_LOCK HAVE_FCVT HAVE_FOPEN64 HAVE_FSEEKO64 HAVE_FSTAT HAVE_FSTAT64 HAVE_FSYNC HAVE_FTELLO64 HAVE_FTRUNCATE HAVE_FTRUNCATE64 HAVE_FTRUNCATE_EXTEND HAVE_FUNCTION_MACRO HAVE_GETCWD HAVE_GETDENTS HAVE_GETGRENT HAVE_GETGRNAM HAVE_GETMNTENT HAVE_GETNETGRENT HAVE_GETRLIMIT HAVE_GETSPNAM HAVE_GETTIMEOFDAY_TZ HAVE_GLOB HAVE_GRANTPT HAVE_GSSAPI HAVE_GSS_DISPLAY_STATUS HAVE_ICONV HAVE_IFACE_IFCONF HAVE_IMMEDIATE_STRUCTURES HAVE_INITGROUPS HAVE_INNETGR HAVE_KRB5 HAVE_KRB5_AUTH_CON_SETUSERUSERKEY HAVE_KRB5_ENCRYPT_DATA HAVE_KRB5_FREE_KTYPES HAVE_KRB5_GET_PERMITTED_ENCTYPES HAVE_KRB5_KEYTAB_ENTRY_KEY HAVE_KRB5_LOCATE_KDC HAVE_KRB5_MK_REQ_EXTENDED HAVE_KRB5_PRINCIPAL2SALT HAVE_KRB5_PRINC_COMPONENT HAVE_KRB5_SET_DEFAULT_TGS_KTYPES HAVE_KRB5_SET_REAL_TIME HAVE_KRB5_STRING_TO_KEY HAVE_KRB5_TKT_ENC_PART2 HAVE_KRB5_USE_ENCTYPE HAVE_LDAP HAVE_LDAP_DOMAIN2HOSTLIST HAVE_LDAP_INIT HAVE_LDAP_INITIALIZE HAVE_LDAP_SET_REBIND_PROC HAVE_LIBCOM_ERR HAVE_LIBGEN HAVE_LIBGSSAPI_KRB5 HAVE_LIBK5CRYPTO HAVE_LIBKRB5 HAVE_LIBLBER HAVE_LIBLDAP HAVE_LIBNSL HAVE_LIBPAM HAVE_LIBRESOLV HAVE_LIBSEC HAVE_LIBSENDFILE HAVE_LIBSOCKET HAVE_LINK HAVE_LLSEEK HAVE_LONGLONG HAVE_LSEEK64 HAVE_LSTAT64 HAVE_MEMMOVE HAVE_MEMORY_KEYTAB HAVE_MEMSET HAVE_MKNOD HAVE_MKTIME HAVE_MMAP HAVE_NATIVE_ICONV HAVE_NL_LANGINFO HAVE_OPEN64 HAVE_PASSWD_PW_AGE HAVE_PASSWD_PW_COMMENT HAVE_PATHCONF HAVE_PIPE HAVE_POLL HAVE_PREAD HAVE_PREAD64 HAVE_PUTUTLINE HAVE_PUTUTXLINE HAVE_PWRITE HAVE_PWRITE64 HAVE_RAND HAVE_RANDOM HAVE_READDIR64 HAVE_READLINK HAVE_REALPATH HAVE_RENAME HAVE_ROOT HAVE_SECURE_MKSTEMP HAVE_SELECT HAVE_SENDFILEV HAVE_SENDFILEV64 HAVE_SETBUFFER HAVE_SETGROUPS HAVE_SETLINEBUF HAVE_SETLOCALE HAVE_SETNETGRENT HAVE_SETPGID HAVE_SETSID HAVE_SHMGET HAVE_SIGACTION HAVE_SIGPROCMASK HAVE_SIGSET HAVE_SIG_ATOMIC_T_TYPE HAVE_SNPRINTF HAVE_SNPRINTF_DECL HAVE_SOCKLEN_T_TYPE HAVE_SOLARIS_ACLS HAVE_SRAND HAVE_SRANDOM HAVE_STAT64 HAVE_STAT_ST_BLKSIZE HAVE_STAT_ST_BLOCKS HAVE_STRCASECMP HAVE_STRCHR HAVE_STRDUP HAVE_STRERROR HAVE_STRFTIME HAVE_STRLCAT HAVE_STRLCPY HAVE_STRPBRK HAVE_STRTOUL HAVE_STRUCT_DIRENT64 HAVE_STRUCT_FLOCK64 HAVE_SYMLINK HAVE_SYSCALL HAVE_SYSCONF HAVE_SYSLOG HAVE_UNIXSOCKET HAVE_UPDWTMP HAVE_UPDWTMPX HAVE_USLEEP HAVE_UTIMBUF HAVE_UTIME HAVE_UTIMES HAVE_UX_UT_SYSLEN HAVE_VA_COPY HAVE_VOLATILE HAVE_VSNPRINTF HAVE_VSNPRINTF_DECL HAVE_VSYSLOG HAVE_WAITPID HAVE_YP_GET_DEFAULT_DOMAIN HAVE__ACL HAVE
Re: [Samba] How to tell if option "with-acl-support" is compiled in Solaris smbd?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 smbd -b - -Tom Hai Wu wrote: | How can I tell if option "with-acl-support" is compiled in Solaris smbd? | | Here's the output using ldd: | bash-2.05$ ldd /usr/local/samba/sbin/smbd | libldap.so.2 => /usr/lib/libldap.so.2 | liblber.so.2 => /usr/lib/liblber.so.2 | libgssapi_krb5.so.2 => /usr/lib/libgssapi_krb5.so.2 | libkrb5.so.3 => /usr/lib/libkrb5.so.3 | libk5crypto.so.3 => /usr/lib/libk5crypto.so.3 | libcom_err.so.3 => /usr/lib/libcom_err.so.3 | libsocket.so.1 =>/usr/lib/libsocket.so.1 | libnsl.so.1 => /usr/lib/libnsl.so.1 | libresolv.so.2 =>/usr/lib/libresolv.so.2 | libcups.so.2 => /usr/lib/libcups.so.2 | libpam.so.1 => /usr/lib/libpam.so.1 | libsendfile.so.1 => /usr/lib/libsendfile.so.1 | libsec.so.1 => /usr/lib/libsec.so.1 | libgen.so.1 => /usr/lib/libgen.so.1 | libdl.so.1 =>/usr/lib/libdl.so.1 | libiconv.so.2 => /usr/local/lib/libiconv.so.2 | libc.so.1 => /usr/lib/libc.so.1 | libgcc_s.so.1 => /usr/local/lib/libgcc_s.so.1 | libmp.so.2 =>/usr/lib/libmp.so.2 | libcmd.so.1 => /usr/lib/libcmd.so.1 | /usr/platform/SUNW,Sun-Blade-100/lib/libc_psr.so.1 | | If it is NOT compiled in Solaris, how can I get it compiled? I ran ../configure --with-acl-support when I configured samba, and the whole process did not error out. | | Thanks, | Hai -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.3 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQE/6lOCRliD/69byygRAojQAKCBHioUw723obttNAHXUHQ5RKw2UgCfa/Gn QzAVihkgk9Qm4NrPrv1c76k= =SS1+ -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE: [Samba] info required
Hiya, Me thinks your teacher was telly porkies. Samba 3 can not act as an Active Directory. You can do some policies but this has to be done though an NT 4 syle policy file. ACL will work aslong as the underlying filesystem can support them. If you want to find out how samba works, I suggest you buy a book or look at the Samba-HOWTO. Cheers - Kristyan Osborne - IT Technician Longhill High School 01273 391672 / 304086 -Original Message- From: [EMAIL PROTECTED] on behalf of Sahibzada Junaid Noor Sent: Wed 24/12/2003 22:02 To: [EMAIL PROTECTED] Cc: Subject: [Samba] info required Hi, ok i was told by my teacher that the newer version of samba i.e. version 3 will be a perfect clone of active directory and it will have all the features that active directory domains have. so tell me if this is true. can a samba version 3 server act like a ACTIVE directory based windows domain controller? and also if u can tell me that the domain policies defined by a windows active directory domain controller will remain undisturbed if it is replaced by a samba server. like if i was restricted from accessing the networl folder of one of my teacher which contains the question paper for tomorrow exam , will i still be unable to access it or the permissions will go crazy and i would be able to access it. plz inform me more about how the concept of a active directory domain and permissions have been incorporated or not incorporated into the new version of samba waiting for ur replies Sahibzada Junaid Noor Ph # (+92) (051) 5950 940 Cell # (+92) (0333) 5223586 Qazi plaza,Third Floor,Commerical Market,Chaklala Scheme 3, Rawalpindi Islamic Republic of Pakistan - Do you Yahoo!? Yahoo! Photos - Get your photo on the big screen in Times Square -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] How to tell if option "with-acl-support" is compiled in Solaris smbd?
How can I tell if option "with-acl-support" is compiled in Solaris smbd? Here's the output using ldd: bash-2.05$ ldd /usr/local/samba/sbin/smbd libldap.so.2 => /usr/lib/libldap.so.2 liblber.so.2 => /usr/lib/liblber.so.2 libgssapi_krb5.so.2 => /usr/lib/libgssapi_krb5.so.2 libkrb5.so.3 => /usr/lib/libkrb5.so.3 libk5crypto.so.3 => /usr/lib/libk5crypto.so.3 libcom_err.so.3 => /usr/lib/libcom_err.so.3 libsocket.so.1 =>/usr/lib/libsocket.so.1 libnsl.so.1 => /usr/lib/libnsl.so.1 libresolv.so.2 =>/usr/lib/libresolv.so.2 libcups.so.2 => /usr/lib/libcups.so.2 libpam.so.1 => /usr/lib/libpam.so.1 libsendfile.so.1 => /usr/lib/libsendfile.so.1 libsec.so.1 => /usr/lib/libsec.so.1 libgen.so.1 => /usr/lib/libgen.so.1 libdl.so.1 =>/usr/lib/libdl.so.1 libiconv.so.2 => /usr/local/lib/libiconv.so.2 libc.so.1 => /usr/lib/libc.so.1 libgcc_s.so.1 => /usr/local/lib/libgcc_s.so.1 libmp.so.2 =>/usr/lib/libmp.so.2 libcmd.so.1 => /usr/lib/libcmd.so.1 /usr/platform/SUNW,Sun-Blade-100/lib/libc_psr.so.1 If it is NOT compiled in Solaris, how can I get it compiled? I ran ../configure --with-acl-support when I configured samba, and the whole process did not error out. Thanks, Hai -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] info required
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Samba 3.0.1 + OpenLDAP can emulate many if not all of the functionality of ADS. Permissions and ACLs definitly work, but may take some research getting used to. Please see the Samba HOWTO, which is very detailed: http://us1.samba.org/samba/docs/man/ - -Tom Sahibzada Junaid Noor wrote: | Hi, | | ok i was told by my teacher that the newer version of samba i.e. version 3 will be a perfect clone of active directory and it will have all the features that active directory domains have. | | so tell me if this is true. can a samba version 3 server act like a ACTIVE directory based windows domain controller? | | and also if u can tell me that the domain policies defined by a windows active directory domain controller will remain undisturbed if it is replaced by a samba server. | | like if i was restricted from accessing the networl folder of one of my teacher which contains the question paper for tomorrow exam , will i still be unable to access it | or the permissions will go crazy and i would be able to access it. | | plz inform me more about how the concept of a active directory domain and permissions have been incorporated or not incorporated into the new version of samba | | waiting for ur replies | | | | Sahibzada Junaid Noor | Ph # (+92) (051) 5950 940 | Cell # (+92) (0333) 5223586 | Qazi plaza,Third Floor,Commerical Market,Chaklala Scheme 3, | Rawalpindi | Islamic Republic of Pakistan | | | | | | | - | Do you Yahoo!? | Yahoo! Photos - Get your photo on the big screen in Times Square -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.3 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQE/6i//RliD/69byygRAp5+AJ4s0RbYZ1ObRfLPXiAUF8pg8P0IcQCfcBI8 4xKgG8e9ldVCx+by7FIPfaU= =c4cH -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] info required
Hi, ok i was told by my teacher that the newer version of samba i.e. version 3 will be a perfect clone of active directory and it will have all the features that active directory domains have. so tell me if this is true. can a samba version 3 server act like a ACTIVE directory based windows domain controller? and also if u can tell me that the domain policies defined by a windows active directory domain controller will remain undisturbed if it is replaced by a samba server. like if i was restricted from accessing the networl folder of one of my teacher which contains the question paper for tomorrow exam , will i still be unable to access it or the permissions will go crazy and i would be able to access it. plz inform me more about how the concept of a active directory domain and permissions have been incorporated or not incorporated into the new version of samba waiting for ur replies Sahibzada Junaid Noor Ph # (+92) (051) 5950 940 Cell # (+92) (0333) 5223586 Qazi plaza,Third Floor,Commerical Market,Chaklala Scheme 3, Rawalpindi Islamic Republic of Pakistan - Do you Yahoo!? Yahoo! Photos - Get your photo on the big screen in Times Square -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Linux Kernel 2.6.0 specifics?
Are there any compile options for the 2.6.0 kernel I should be aware of? Obviously I need to compile in support for smbfs, but I'm having some issues where when the windows machine reboots my linux client's mounts of that systems shares arent coming back. I need to unmount/remount them. Thanks -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] ntlm_auth problem in Squid 2.5
On Thu, 2003-12-18 at 19:18, [EMAIL PROTECTED] wrote: > Hi! > > I have a problem with the ntlm_auth helper (samba-3.0.2) under squid. I > got the following from the cache.log: > Login for user [EMAIL PROTECTED] failed due to [winbind client > not aut > horized to use winbindd_pam_auth_crap. Ensure permissions on > /var/cache/samba/w > inbindd_privileged are set correctly.] > [2003/12/18 15:36:48, 0] > utils/ntlm_auth.c:manage_squid_ntlmssp_request(375) > NTLMSSP BH: NT_STATUS_ACCESS_DENIED > > squid.conf settings are: > > auth_param ntlm program /usr/bin/ntlm_auth > --helper-protocol=squid-2.5-ntlmssp -d 10 > auth_param ntlm children 5 > auth_param ntlm max_challenge_reuses 0 > auth_param ntlm max_challenge_lifetime 2 minutes Just checking - squid is running as user and group squid? > I don't understand why it would complain about the winbindd_privileged > directory when I've changed the permissions to it as follows: > > drwxr-x---2 root squid 72 Dec 18 14:54 > winbindd_privileged/ This looks correct. > I'm not sure what the line "not authorized to use winbindd_pam_auth_crap" > means. I've searched with Google.com but still no solution. I guess this > is the place to go. It means something isn't right with those permissions. Andrew Bartlett -- Andrew Bartlett [EMAIL PROTECTED] Manager, Authentication Subsystems, Samba Team [EMAIL PROTECTED] Student Network Administrator, Hawker College [EMAIL PROTECTED] http://samba.org http://build.samba.org http://hawkerc.net signature.asc Description: This is a digitally signed message part -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Forcing Users to change passwords.
On Wed, 2003-12-24 at 22:01, Andrew Bartlett wrote: > On Fri, 2003-12-12 at 21:23, Todd O'Bryan wrote: > > Does anyone know of an add-on you can use with a Windows domain to > > check the security of the password before it allows a change? With a > > terminal server system I had, the server complained if the password was > > too close to a dictionary word, too close to the student login, 7 > > digits (i.e., looked like a phone number), etc. > > > > I'm sure my students (I teach high school, too) have picked really bad > > passwords, too, but I have no good way to enforce the picking of good > > ones. > > > > Todd > > > > On Dec 12, 2003, at 3:30 AM, Ross McInnes (Systems) wrote: > > > > > i totally agree. unfortunatly my user base is mostly 16-18 year olds. > > > getting them to put anything other than thier football team, phone > > > number > > > or boyfriend/girlfriend's name is quite a task in it self. > > > > > Charming, aren't they ;-) > > I build my samba with: > > #!/bin/sh > LIBS="-lcrack" CFLAGS="-g" ./configure --with-utmp --with-pam > --with-quotas --with-tdbsam --with-ldapsam --with-syslog > > And use the attached patch to enforce 'cracklib' strength passwords. This time, it's attached (I hope). > We can't include this directly in Samba, as cracklib is not under a > GPL-compatible licence :-( > > Andrew Bartlett -- Andrew Bartlett [EMAIL PROTECTED] Manager, Authentication Subsystems, Samba Team [EMAIL PROTECTED] Student Network Administrator, Hawker College [EMAIL PROTECTED] http://samba.org http://build.samba.org http://hawkerc.net signature.asc Description: This is a digitally signed message part -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] firewalling SMB (and other protocols)
I looked around and couldn't find a page on firewalling samba. So I did the homework and wrote one: http://travcom.tripod.com/firewalls_and_protocols.html Please send me (directly or CC) any technical suggestions, as I will probably not read the list for very long. Concerned about your privacy? Follow this link to get FREE encrypted email: https://www.hushmail.com/?l=2 Free, ultra-private instant messaging with Hush Messenger https://www.hushmail.com/services.php?subloc=messenger&l=434 Promote security and make money with the Hushmail Affiliate Program: https://www.hushmail.com/about.php?subloc=affiliate&l=427 -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Re: Fwd: Re: smbpasswd fails to add machine account with ldapsam
Chris, I am experiencing the same behaviour using samba 3.0.1. I have had to uncomment the lines in smbldap-useradd.pl in order for the machine accounts to be added with a sambaSAMAccount objectclass. Samba is not adding the objectclass when joining the domain as the comment in the section states it should, but the change then allows the subsequent lookup for People (which I agree with you should really be Computers) to work. Is this the way you have your PDC under LDAP working? Did you file a bug report? I would be very interested to hear how you are doing with your project as I have been struggling with this for a couple of months now and have finally gotten the machine accounts to be added thanks to your post. I'm running under SuSE 8.2 Curtis Grote Memorial Hospital On Tue, 18 Nov 2003 13:51:43 +0100, Christoph Rudorff wrote: > ,--- Weitergeleitete Nachricht (Anfang) > > Betreff: Re: [Samba] smbpasswd fails to add machine account with > ldapsam Absender: Christoph Rudorff > Datum: Mon, 17 Nov 2003 19:58:19 +0100 Newsgruppe: linux.samba > > Pirkka Luukkonen wrote: > > > Hi! > > > > I am seeing other users with the same problem as I have. > > confirmed. > > > My samba also fails to add machine accounts. > > Here it works (samba 3.0.0 Mandrake 9.2). I can create machine accounts > on the fly. But if I switch to ldap backend, joining a domain fails. > Windows finally says: "account not found" (english to german to english > translation). > > But samba called the smbldap-useradd.pl and it made the correct entry > to ldap - posixAccount, no sambaSamAccount. The related lines are > commented out in the Perl script: "# Objectclass sambaSAMAccount is now > added directly by samba when joigning the domain (for samba3)" - > obviously not. > > > Ok, samba adds at the correct place but how about lookup? Even if I > enter some nonsense values to all suffixes, samba always ask > "ou=People". > > I guess its time for a bug report. > > > chris > > `--- Weitergeleitete Nachricht (Ende) -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] OS X Panther and Samba 3 give me no access to a 2003 share :(
I can't mount any windows 2003 share with Samba 3 included in OS X 10.3. I suppose that the problem is Kerberos but I just don't know how to correct my configuration (on win2k3 and/or OS X). Here's an example of what I get if I try to mount a share: osxcli:~ root# mount_smbfs -U testusr1 -W TESTW2K3 //main/testusr1 /mountpt mount_smbfs: No credentials cache found krb5_cc_get_principal Password: mount_smbfs: tree connect phase failed: syserr = Permission denied File system permissions (as well as share permissions) are properly configured and, above all, even if I try to connect with -U administrator (with admin password) I get that kind of error :( -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Unknown printer driver
I'm still struggling with trying to get a new printer working. When I try to configure it, I get errors" [EMAIL PROTECTED] samba]# rpcclient localhost -Uroot% -c 'enumdrivers' [Windows 4.0] Printer Driver Info 1: Driver Name: [hp_lp] [Windows NT x86] Printer Driver Info 1: Driver Name: [hp_lp] [EMAIL PROTECTED] samba]# rpcclient localhost -Uroot% -c 'getdriver hp_lp' [Windows NT x86] Printer Driver Info 3: Version: [2] Driver Name: [hp_lp] Architecture: [Windows NT x86] Driver Path: [\\hermes\print$\W32X86\2\ADOBEPS5.DLL] Datafile: [\\hermes\print$\W32X86\2\hp_lp.PPD] Configfile: [\\hermes\print$\W32X86\2\ADOBEPSU.DLL] Helpfile: [\\hermes\print$\W32X86\2\ADOBEPSU.HLP] Monitorname: [] Defaultdatatype: [RAW] result was WERR_UNKNOWN_PRINTER_DRIVER Also, when I try to add the printer from my Windows/XP box, I get an error saying that the appropriate driver is not installed. Anybody have any ideas? -- Gary Thomas <[EMAIL PROTECTED]> -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] colon caracter in filename
Hello, When browsing (with a windows client) in a Samba share with colon caracters (:) in filenames, for example "Institution.2003-12-03.09:34:28", de filenames are mangled. I know filenames with colon caracters are not allowed in the Windows environment. But is there a way that the above mentioned example of filename "Institution.2003-12-03.09:34:28" will be better represent without mangling ? Hans van Reenen -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] UTMP logging in Samba 3.0.1 does not have hostnames
Yes it was running 2.2.8a but I had patched it as per the advice of one of the good guys that monitor this discussion list. The patch was in session.c as follows: Replace the following line hostname = client_addr(); with hostname = client_name(); if (strequal(hostname,"UNKNOWN")) hostname = client_addr(); Ciao SK Tom Crane <[EMAIL PROTECTED]> Sent by: To: [EMAIL PROTECTED] [EMAIL PROTECTED]cc: s.samba.org Subject: Re: [Samba] UTMP logging in Samba 3.0.1 does not have hostnames 23/12/2003 20:59 > Hi, > > I was testing Samba 3.0.1 as a logon server on a Solaris 9 Sparc box. > I compiled Samba using gcc 3.3 with the following options: > > configure --prefix=/local/samba-3.0.1 --enable-static --with-nis > --with-quotas --with-syslog --with-msdfs --with-utmp > > I set utmp = yes in the smb.conf file > > The samba server does create login entries but minus the hostname > entries. The following lists the after and before login entries: > > With Samba 3.0.1 > > mackensj smb/1 Tue Dec 23 11:22 - 11:24 (00:02) > regoa smb/2 Tue Dec 23 11:22 - 11:24 (00:02) > cunningg smb/2 Tue Dec 23 11:21 - 11:21 (00:00) Two sessions both on smb/2 - this must be a bug?? > > With Samba 2.2.8a I was getting the following: > > ochomoj smb/6docsdp100Mon Dec 22 23:11 - 23:59 (00:47) > wichmanr smb/7unchs25 Mon Dec 22 23:07 - 23:07 (00:00) > regoa smb/4gefpq198 Mon Dec 22 22:59 - 00:46 (01:46) Were you definitely running 2.2.8a? My understanding is it only logs by IP address... or am I missing something here??? Regards Tom -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Forcing Users to change passwords.
On Fri, 2003-12-12 at 21:23, Todd O'Bryan wrote: > Does anyone know of an add-on you can use with a Windows domain to > check the security of the password before it allows a change? With a > terminal server system I had, the server complained if the password was > too close to a dictionary word, too close to the student login, 7 > digits (i.e., looked like a phone number), etc. > > I'm sure my students (I teach high school, too) have picked really bad > passwords, too, but I have no good way to enforce the picking of good > ones. > > Todd > > On Dec 12, 2003, at 3:30 AM, Ross McInnes (Systems) wrote: > > > i totally agree. unfortunatly my user base is mostly 16-18 year olds. > > getting them to put anything other than thier football team, phone > > number > > or boyfriend/girlfriend's name is quite a task in it self. > > Charming, aren't they ;-) I build my samba with: #!/bin/sh LIBS="-lcrack" CFLAGS="-g" ./configure --with-utmp --with-pam --with-quotas --with-tdbsam --with-ldapsam --with-syslog And use the attached patch to enforce 'cracklib' strength passwords. We can't include this directly in Samba, as cracklib is not under a GPL-compatible licence :-( Andrew Bartlett -- Andrew Bartlett [EMAIL PROTECTED] Manager, Authentication Subsystems, Samba Team [EMAIL PROTECTED] Student Network Administrator, Hawker College [EMAIL PROTECTED] http://samba.org http://build.samba.org http://hawkerc.net signature.asc Description: This is a digitally signed message part -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Forcing Users to change passwords.
On Thu, 2003-12-11 at 00:28, Ross McInnes (Systems) wrote: > Recently we were audited and as part of that they looked at our systems > and policies etc and produced a report. > > As part of that report they mentioned about forcing users to change thier > passwords every 90 days or so. Samba 3.0 allows this, use pdbedit to set the "max password age" to the number of seconds in 90 days. pdbedit -P "maximum password age" --value=7776000 > They also mentioned about disabling accounts after 3 login attempts. There is (slow) work to implement this, I know jra gets very excited about it every now and then, but it's currently still at patch stage, see efforts on the samba-technical list archives. > Im pretty sure both can be done on NT, but id rather stick with rh and > samba thanks ever so much. > > Can samba does these things? even if its a tinkering kind of job? Samba can do most things, it's just a matter of how much tinkering ;-) Andrew Bartlett -- Andrew Bartlett [EMAIL PROTECTED] Manager, Authentication Subsystems, Samba Team [EMAIL PROTECTED] Student Network Administrator, Hawker College [EMAIL PROTECTED] http://samba.org http://build.samba.org http://hawkerc.net signature.asc Description: This is a digitally signed message part -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] RPC Net Vampire sambaNTPassword hash missing ?
On Wed, 2003-12-10 at 11:14, Charles Hamel wrote: > Hi > > I just tried to import the users/machine/groups from a NT4 PDC, it > imported everything fine with the group mappings, only one thing > messing, the password hashes, they are all XXX (sambaLMPassword and > sambaNTPassword attributes). I am running RH9.0 with OpenLDAP 2.0.27 > with nssldap. Am I missing something ? Which version of Samba? Are there any 'interesting' settings applied to the DC? Did you join as a BDC? We have found the NT will not give us the password hashes, if it thinks we are not connecting 'securely'. Andrew Bartlett -- Andrew Bartlett [EMAIL PROTECTED] Manager, Authentication Subsystems, Samba Team [EMAIL PROTECTED] Student Network Administrator, Hawker College [EMAIL PROTECTED] http://samba.org http://build.samba.org http://hawkerc.net signature.asc Description: This is a digitally signed message part -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] using more than one ldap server in smb.conf
On Fri, 2003-12-12 at 01:31, Stefan Weigel wrote: > Hi! > I'm trying to get Samba running to accept more than one ldap server in > smb.conf. I applied this patch > (http://groups.google.com/groups?q=smb.conf+second+ldap+server&hl=en&lr=&ie=UTF-8&oe=UTF-8&selm=ar08ok%241pjt%241%40FreeBSD.csie.NCTU.edu.tw&rnum=5) > to the samba (2.2.5) sources, but samba doesn't query the second ldap server I > specified in smb.conf. > Is there a version that can handle multiple ldap serverr ? Samba 3.0 allows multiple ldap servers. The documentation in Samba 3.0.1 should indicate how to make this work. Andrew Bartlett -- Andrew Bartlett [EMAIL PROTECTED] Manager, Authentication Subsystems, Samba Team [EMAIL PROTECTED] Student Network Administrator, Hawker College [EMAIL PROTECTED] http://samba.org http://build.samba.org http://hawkerc.net signature.asc Description: This is a digitally signed message part -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] "Account Unknown" problem (Samba3 domain users in WinNT permissions)
Hello, I'm suffering a estrange problem in a WinNT-Samba3 environment. I have two servers: WinNT4 (PDC of domain A-DOMAIN) and Samba3 (PDC of B-DOMAIN). A-DOMAIN and B-DOMAIN trust each other (I had followed the procedures described in HOWTO Chapter 16 successfully). The problem arises when I assign permission in WinNT server's folders (A-DOMAIN) for users in the Samba domain (B-DOMAIN). I can add users of the B-DOMAIN in the Permissions dialog, but after accepting changes, the next time that I open the Permission dialog the previously added users appears as "B-DOMAIN/Account Unknown" instead of the their original name. The estrange thing is that the permission access defined works fine: the problem seems to affect only to visualization. I have searched through the archives and found several mails with the same or similar problem, but referring to old Samba releases (I'm using Samba 3.0.1rc1) and giving no convincing solution. For example: http://lists.samba.org/archive/samba-ntdom/1999-September/006794.html) http://lists.samba.org/archive/samba-ntdom/2000-November/016126.html http://groups.google.com/groups?q=%22account+unknown%22+samba&hl=es&lr=&ie=U TF-8&selm=Pine.GSO.4.21.0003061606200.268-10%40timon&rnum=5 Is there any solution to this problem in Samba3 (or, at least, an indication of what the cause could be)? Thanks! -- Fermín -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Woody debs
Hello! Some days ago I've uploaded Debain Woody targeted Samba 3.0.1 debs, they should be on all mirrors already. Have fun. Simo. -- Simo Sorce- [EMAIL PROTECTED] Samba Team- http://www.samba.org Italian Site - http://samba.xsec.it -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] ADS and Winbind ... Can't access with Samba host name ...
Fernando Ruza wrote: Still with the problem. I have tested with the version 3.0.0 and right, I can see the shares however cannot connect to the home shares or shares with valid users option in smb.conf. Besides this version cannot substitute correctly the %D %u %U %S variables. I have written them in the comment option of a share and I can see that the values are not correct. %D gives me the samba hostname, %S gives me "IPC_" That is a know bug of Samba 3.0.0, and I am sure it has been fix. If suggest you comment out "valid users" for Samba 3.0.0, if that is your problem. Trying with version 3.0.1 cannot see no shares. Trying with version 3.0.1rc2, it's the same like 3.0.0, but it seems that some variables are correct like %u but %U is empty. I don't know is very strange. It worked once with this version after I changed the password for the Administrator of my PDC/KDC and the user I use to test the shares however in the next reboot of the WinXP client machine it already doesn't work again. I have see something similar, but could not put my finger on it, but I think that was because of multi server, client and Samba restarts with internels in flux state ... if everthing was started clean, I seemed not to have problems like this with Samba 3.0.1 as a PDC. I think that doing samba 3 be a member of AD is not working properly. Does anyone got it ?? Could make a howto ? Samba 3.0.1 as a domain member of Win2K3 AD, I have had problems, which I have not been able to fix, so I am staying with Samba 3.0.1 as PDC. Samba 3.0.0 as a domain member of Win2K3 AD, works fine, but I need the other fixes that have gone into Samba 3.0.1, so Samba 3.0.0 is still on my testing system until I can find the problem with Samba 3.0.1 or the next upgrade ... Thanks Mailed Lee -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Re: myob
Nic, Have you read the chapter in file and record locking in the Samba-HOWTO-Collection? http://www.samba.org/samba/docs/Samba-HOWTO-Collection.pdf You need to disable oplock support on the share. oplocks = False level2 oplocks = False Chapter 14 of the HOWTO also documents Windows registry settings you may have to set in order to protect the MYOB files. Above all, make certain that your hardware is not defective. Too many file corruption problems are due to bad networking cards, and bad HUBs. Also, absolutely do NOT use force user and force group - they will cause you problems. Follow the chapter on File, Directory and Share Access Controls instead. The solution is to decide what group and user you want to own the files. Then on the directory do: chown -R user_name.group_name directory_name chmod ug+s directory_name This sets the super-user bit on the directory so all files created will be owned by that user and group. This has much lower impact than doing force user/group. PS: force user = 'user_name', not Yes/No! Same for force group. I hope this helps. Cheers, John T. On Wed, 24 Dec 2003, Newtrend I.T. Specialists wrote: > HI THERE > > thankyou for taking the time to help me i do rreally apreciate it > > the code i am using looks like this > > [myob] > > path = /etc/myob > writable = yes > guest = ok > public = yes > force user = yes > force group = yes > > the shar is there and is ok but the problem is in with myob the file keeps > on corrupting after a while with multiple users plugged in , i am told that > this is because of myobs lock file system where a lock file is created for > evey user that logs on, but samba doesnt like it is there any special > commands i can use to give every one total and full access all at the same > time > > kind regards nic > -- John H Terpstra Email: [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
