[Samba] OT: fyi, spam

[Martin Pool]

Just as background information: our spam filter caught 14000 attempted
spams in the last two weeks.  Suggestions on blocking more are welcome
but the vast majority is already blocked.  I think we removed the
@samba.org whitelist.

-- 
Martin


signature.asc
Description: Digital signature
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Re: [Samba] My story installing Samba-LDAP PDC (it has a happy ending)

[Beast]

On Wed, 14 Jan 2004 22:13:11 -0400
Vegeta <[EMAIL PROTECTED]> wrote:

Hi, tks for sharing. Better post in some web page so other can find it as reference. 
In fact, I was going to make 'working' and clean documentation to make samba work with 
ldap backend. I've try it many times and last week it seems i make a great movement, 
all features i've tested works!!.

However this week I've been try to create same environment but it only work once, so i 
can not claim that my setup will work any time (weird, eh?:-)

The key for adding machine trust (manualy or "on the fly") is in :
ldap filter = (uid=%u)

It also make ldap log 'pretty' :

filter="(&(uid=TBIRD$)(objectClass=sambaSamAccount))" 

not like before :

filter="(&(&(uid=administrator)(objectClass=sambaSamAccount))(objectClass=sambaSamAccount))"

 
But I need some clarification from samba team (Jerry?) whether we can use this filter 
without breaking any other functions or not, because they must be has strong reason 
using default filter.

However, this filter *solved* most of my problem, thanks!


For id map stuff, imo it did not necessary when not using winbind, since there's 
already clear mapping between unix uid and sid.

For administartor account, you need to have sid 500 and groupsid 512, this is what we 
have in NT (try using pwdump).

I'll try ou=computer and several other combination also (ie. base 
ou=site,dc=dom,dc=com) and let you know. Btw, 'drop in' replacement of existing NT 
domain is works for me (without needing to rejoin ws and using users old password).


--beast

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] FW: Daemon error

[mkiai]

Hi,

I have configured Samba on a Solaris 9 machine. I intend to use shared
directories on the Solaris machine from Windows 95,98,2000, XP machines on
the windows 2000 network.

The samba daemon smbd will not start and returns an error 'bind failed on
port 139 socket_addr = 0.0.0.0. Error = Address already in use'. I have
searched for use of this address and no other process is using the address.
I have even removed the inetd.conf reference.

I am able to view the solaris-samba machine on the network neighbourhood.
However, when I try to access it authentication is required. How do I remove
the authentication requirement?

Mike Kiai,
Nairobi, Kenya.

===


Nairobi Stock Exchange Ltd
P.o. Box 43633 Tel.230692
Nation Centre 1st Floor
Kimathi Street Nairobi
E-Mail: [EMAIL PROTECTED]
Website: www.nse.co.ke


-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

RE: [Samba] samba: problem in copying directories with many files

[Mitch Crane]

> -Original Message-
> From: Jeremy Allison [mailto:[EMAIL PROTECTED]
> Sent: Wednesday, January 14, 2004 11:33 PM
> To: Mitch Crane
> Cc: 'Jeremy Allison'; [EMAIL PROTECTED]
> Subject: Re: [Samba] samba: problem in copying directories with many files
> 
> Ok - the problem is this looks like a smbfs problem, not a Samba
> server problem. The Samba Team doesn't maintain smbfs - one of our
> members (Steve French from IBM) has written and maintains cifsvfs,
> the replacement for smbfs. I don't think we can promise to fix any
> smbfs problem as we aren't the maintainers.

I see. I can also reproduce the symptoms, btw, with:
smbclient //some-server/some-share -U user%pass -c 'dir foo/*' | wc -l

Though I see the missing entries less frequently (which is why I originally
thought smbclient was ok).




--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Re: [Samba] LDAP + samba + unix authentication

[Beast]

On Wed, 14 Jan 2004 13:16:37 -0800
Adalid Bruno <[EMAIL PROTECTED]> wrote:

> Hi,
> After a lot of trial and error I managed to get ldap + samba 3 running. 
> Samba now authenticates through ldap. But somehow the difference between 
> a unix and a samba login still exists.
> 
> I use smbldap-useradd.pl to create an ldap entry. There are two options:
> With the "-a" option the entry contains the objectClass  
> "sambaSamAccount", and a lot of Windows related attributes.
> Without the mentioned option, the program creates an entry with 
> objectClass "posixAccount" and the normal nss attributes.
> 
> Through smb.conf I have defined smbpasswd to use smbldap-useradd.pl to 
> update the passwd in the ldap directory.
> 
> So, now I still have to have two entries per user in the ldap directory 
What do you mean with 2 entries? 2 separate dn?
Why not putting on same entry?

> because with the sambaSamAccount userPasswd is {SHA}encrypted  and with 
> the posixAccount the userPasswd is {CRYPT} encrypted. Though two entries 

Afaik, no userPasswd in samba schema, from where you got it?


> in LDAP is much more maintainable than anything I have seen before, I 
> still have the idea that things can be solved  more gracefull, with one 
> entry and an automised password sync between unix and samba.
> 
> Any suggestions?

Since you're using custom scenario, you have to made customs "passwd program" to 
update both entries.
Don't forget to set "unix password sync" to yes.


> 
> 
> Robert,
> 
> Have you tried SCO Vintella for the password authentication?

No, thank you :-)

--beast

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] Re: My story installing Samba-LDAP PDC (it has a happyending)

[Clay]

Vegata,

I really appreciate you sharing your literal hell trying to get this to
work

I have been trying to accomplish the same thing. I am running into the same
headaches with getting W2K machines to join the domain. I want to say thanks
for your post. I am eager to get back to work and try to get W2K and NT4
accounts into the domain.

Again, thanks for the posteven if it was long

Clay


"Vegeta" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]
> Craig White wrote:
>
> > On Wed, 2004-01-14 at 19:13, Vegeta wrote:
> >
> >> I expect this story could help others trying to do the same I am doing.
> >> The next battle will be configuring a BDC, but that will be another
day.
> >>
> > --
> > The truth is, with 3.0.0 on RH AS 3, I got it running, ldap backend,
> > with a BDC and master/slave LDAP servers. It was hard.
> >
> Ouch.
>
> > The documentation in the How-to is sufficient. But it seems more like an
> > extended man page than a how-to. The problem is that there are so many
> > different ways these tools are used that there is absolutely no way the
> > documentation can have the exact instructions for what you are trying to
> > set up.
> >
> Maybe you are right. But the documentation does have mistakes when it
comes
> to LDAP. Most of the information is correct and you are right it does look
> more like an extended man page (although the smb.conf man page is very
very
> useful).
>
> > John is apparently writing a book of example setups - which might be
> > what you are looking for.
> >
> Probably. But at least I finally reached my first goal. Since BDC support
> was inexistent in Samba 2.2.x probably all the documentation applies to
> 3.0.x.
>
> > The truth of the matter regarding machine accounts and LDAP (probably
> > for the other backends as well) is that even with 2.x.x samba, machine
> > accounts were located in the same data tree with the users. You
> > certainly can tell smbldap-tools and samba and nsswitch.conf to put
> > computer accounts in ou=Computers,dc=domain,dc=org but when it comes
> > time that the OS needs to verify their existence/passwords/trust - they
> > aren't gonna be found.
> My only problem was adding a new computer. When I moved an existing
computer
> to ou=Computers I was still able to login. What I could not do was adding
> another computer.
>
> >
> > I don't know when it will be fixed to track with what would be our
> > expectations...perhaps one of the developers will clue us in.
> >
> > In the meantime, your post - though well intentioned was way too long to
> > actually seriously consider digesting.
> Actually, i did not expect it to be so long. I expected to fail earlier
but
> everything worked. I tried to detail everything so it was easier for
others
> to find out what I did wrong and help me.
> Since everything worked all right I saw the thing was kind of a step by
step
> guide to do what I wanted to do.
>
>
> >
> > Craig
> >
> VS
>
> -- 
> To unsubscribe from this list go to the following URL and read the
> instructions:  http://lists.samba.org/mailman/listinfo/samba
>


---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.554 / Virus Database: 346 - Release Date: 12/20/2003



-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Re: [Samba] samba: problem in copying directories with many files

[Jeremy Allison]

On Tue, Jan 13, 2004 at 06:55:15AM -0500, Mitch Crane wrote:
> 
> That's why I added that no one from the samba team had acknowledged it--I
> wasn't sure you guys were aware of it, just that some people were. I only
> joined the samba list about 2 weeks ago (mainly in search of a solution for
> this problem) yet I've seen four reports of this problem (including this one
> and mine) or something similar.

Ok - the problem is this looks like a smbfs problem, not a Samba
server problem. The Samba Team doesn't maintain smbfs - one of our
members (Steve French from IBM) has written and maintains cifsvfs,
the replacement for smbfs. I don't think we can promise to fix any
smbfs problem as we aren't the maintainers.

Jeremy.
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] How to map Sco openserver 5.0.4 with Windows 2000 server

[siddareddy sureshnath reddy]

Hello,

   I have a Sco openserver 5.0.4 running in one machine. i have a cobol 
application running in sco. Data is storing in text files. I have another 
system running Win 2000 server. I want to put the unix machine text files in 
windows. How can i make the  communication Sco Openserver 5.0.4 with Windows 
2000 server. Can you help me out how i can proceed.

Thanks and Regards,
Suresh Reddy
_
Marriage? http://www.bharatmatrimony.com/cgi-bin/bmclicks1.cgi?74 Join 
BharatMatrimony.com and get married.
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] XP client missing ACK when manipulating directory

[Werner]

I'm running Samba 3.0.1 on a Linux 2.6.1 kernel and I'm seeing a problem 
of the XP client missing an ack, the server having to resend, and then the 
process repeats.   This _ONLY_ happens when touching files in a 
directory, such as clicking on an icon, then clicking on another one 
causes this problem.  If I drag the file and copy it across, I don't see 
the problem.  Here's a tcpdump trace:

22:03:29.843411 vampire.mydomain.com.microsoft-ds > phantom.mydomain.com.1870: P 
7548549:7548867(318) ack 61270 win 5840 (DF)
22:03:29.843835 phantom.mydomain.com.1870 > vampire.mydomain.com.microsoft-ds: P 
61270:61538(268) ack 7548867 win 63684 (DF)
22:03:29.883965 vampire.mydomain.com.microsoft-ds > phantom.mydomain.com.1870: . ack 
61538 win 5840 (DF)
Notice 4 second pause
22:03:33.994546 vampire.mydomain.com.microsoft-ds > phantom.mydomain.com.1870: P 
7548867:7548977(110) ack 61538 win 5840 (DF)
22:03:33.995168 phantom.mydomain.com.1870 > vampire.mydomain.com.microsoft-ds: P 
61538:61622(84) ack 7548977 win 63574 (DF)
22:03:33.995188 vampire.mydomain.com.microsoft-ds > phantom.mydomain.com.1870: . ack 
61622 win 5840 (DF)


This identical problem is happening on multiple clients, but it is not
happening with the same clients to a Solaris 9 server, just the Linux server.

Any thoughts?
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] Re: My story installing Samba-LDAP PDC (it has a happy ending)

[Vegeta]

Craig White wrote:

> On Wed, 2004-01-14 at 19:13, Vegeta wrote:
> 
>> I expect this story could help others trying to do the same I am doing.
>> The next battle will be configuring a BDC, but that will be another day.
>> 
> --
> The truth is, with 3.0.0 on RH AS 3, I got it running, ldap backend,
> with a BDC and master/slave LDAP servers. It was hard.
> 
Ouch.

> The documentation in the How-to is sufficient. But it seems more like an
> extended man page than a how-to. The problem is that there are so many
> different ways these tools are used that there is absolutely no way the
> documentation can have the exact instructions for what you are trying to
> set up.
> 
Maybe you are right. But the documentation does have mistakes when it comes
to LDAP. Most of the information is correct and you are right it does look
more like an extended man page (although the smb.conf man page is very very
useful).

> John is apparently writing a book of example setups - which might be
> what you are looking for.
> 
Probably. But at least I finally reached my first goal. Since BDC support
was inexistent in Samba 2.2.x probably all the documentation applies to
3.0.x.

> The truth of the matter regarding machine accounts and LDAP (probably
> for the other backends as well) is that even with 2.x.x samba, machine
> accounts were located in the same data tree with the users. You
> certainly can tell smbldap-tools and samba and nsswitch.conf to put
> computer accounts in ou=Computers,dc=domain,dc=org but when it comes
> time that the OS needs to verify their existence/passwords/trust - they
> aren't gonna be found.
My only problem was adding a new computer. When I moved an existing computer
to ou=Computers I was still able to login. What I could not do was adding
another computer.

> 
> I don't know when it will be fixed to track with what would be our
> expectations...perhaps one of the developers will clue us in.
> 
> In the meantime, your post - though well intentioned was way too long to
> actually seriously consider digesting.
Actually, i did not expect it to be so long. I expected to fail earlier but
everything worked. I tried to detail everything so it was easier for others
to find out what I did wrong and help me.
Since everything worked all right I saw the thing was kind of a step by step
guide to do what I wanted to do.


> 
> Craig
> 
VS

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Re: [Samba] editing important files with running samba

[Craig White]

On Wed, 2004-01-14 at 19:28, kent E. wrote:

> advice on how to properly edit things.. 
---
make a backup first - if you have to ask, you clearly don't know what
you're doing.

/etc/group and /etc/passwd aren't designed to look pretty. They are
designed for fast parsing for the necessary information.

Learn to trust the wisdom of the planners of the Unix system structure
and design - a lot and lot of people that can think rings around me
created it.

Craig

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Re: [Samba] My story installing Samba-LDAP PDC (it has a happy ending)

[Craig White]

On Wed, 2004-01-14 at 19:13, Vegeta wrote:

> I expect this story could help others trying to do the same I am doing. The
> next battle will be configuring a BDC, but that will be another day.
> 
--
The truth is, with 3.0.0 on RH AS 3, I got it running, ldap backend,
with a BDC and master/slave LDAP servers. It was hard.

The documentation in the How-to is sufficient. But it seems more like an
extended man page than a how-to. The problem is that there are so many
different ways these tools are used that there is absolutely no way the
documentation can have the exact instructions for what you are trying to
set up.

John is apparently writing a book of example setups - which might be
what you are looking for.

The truth of the matter regarding machine accounts and LDAP (probably
for the other backends as well) is that even with 2.x.x samba, machine
accounts were located in the same data tree with the users. You
certainly can tell smbldap-tools and samba and nsswitch.conf to put
computer accounts in ou=Computers,dc=domain,dc=org but when it comes
time that the OS needs to verify their existence/passwords/trust - they
aren't gonna be found.

I don't know when it will be fixed to track with what would be our
expectations...perhaps one of the developers will clue us in.

In the meantime, your post - though well intentioned was way too long to
actually seriously consider digesting.

Craig

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] editing important files with running samba

[kent E.]

hello to all...

does anyone here worry about the look of their
/etc/passwd
/etc/group

for me, yes i do.. i wanted to separate the users with pc accounts.. but
would my network go crazy if i will reset some of the gid and uid and
also i've noticed that the file 
/etc/samba/smbpasswd is also somehow link to the /etc/group ... any 

advice on how to properly edit things.. 
tia

kent

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] Notification

[Spamserver]

* eManager Notification **

Recipient, Content filter has detected a sensitive e-mail.

Source mailbox: "[EMAIL PROTECTED]"
Destination mailbox(es): "[EMAIL PROTECTED]"

*** End of message ***
Received: from 208.8.92.60 by jupiter.INSIDEAI.COM (InterScan E-Mail VirusWall NT); 
Wed, 14 Jan 2004 21:16:00 -0500
Received: from lists.samba.org ([66.70.73.150]) by viruswall.ai-logix.com
  (Post.Office MTA v3.5.3 release 223 ID# 0-0U10L2S100V35)
  with ESMTP id com for <[EMAIL PROTECTED]>;
  Wed, 14 Jan 2004 21:17:45 -0500
Received: from dp.samba.org (localhost [127.0.0.1])
by lists.samba.org (Postfix) with ESMTP id 089B82C4C5
for <[EMAIL PROTECTED]>; Thu, 15 Jan 2004 02:15:48 + (GMT)
X-Original-To: [EMAIL PROTECTED]
Delivered-To: [EMAIL PROTECTED]
Received: from main.gmane.org (main.gmane.org [80.91.224.249])
by lists.samba.org (Postfix) with ESMTP id 28DE52C01B
for <[EMAIL PROTECTED]>; Thu, 15 Jan 2004 02:13:34 + (GMT)
Received: from list by main.gmane.org with local (Exim 3.35 #1 (Debian))
id 1Agx0q-Oh-00
for <[EMAIL PROTECTED]>; Thu, 15 Jan 2004 03:13:36 +0100
X-Injected-Via-Gmane: http://gmane.org/
To: [EMAIL PROTECTED]
Received: from sea.gmane.org ([80.91.224.252])
by main.gmane.org with esmtp (Exim 3.35 #1 (Debian))
id 1Agx0p-OZ-00 for <[EMAIL PROTECTED]>;
Thu, 15 Jan 2004 03:13:35 +0100
Received: from news by sea.gmane.org with local (Exim 3.35 #1 (Debian))
id 1Agx0p-0003Py-00 for <[EMAIL PROTECTED]>;
Thu, 15 Jan 2004 03:13:35 +0100
From: Vegeta <[EMAIL PROTECTED]>
Date: Wed, 14 Jan 2004 22:13:11 -0400
Lines: 743
Message-ID: <[EMAIL PROTECTED]>
Mime-Version: 1.0
Content-Type: text/plain; charset=iso-8859-1
X-Complaints-To: [EMAIL PROTECTED]
User-Agent: KNode/0.7.2
X-Spam-Checker-Version: SpamAssassin 2.61 (1.212.2.1-2003-12-09-exp) on 
dp.samba.org
X-Spam-Status: No, hits=-4.9 required=3.5 tests=BAYES_00 autolearn=ham 
version=2.61
X-Spam-Level: 
Subject: [Samba] My story installing Samba-LDAP PDC (it has a happy ending)
X-BeenThere: [EMAIL PROTECTED]
X-Mailman-Version: 2.1.3
Precedence: list
List-Id: General questions regarding Samba 
List-Unsubscribe: ,

List-Archive: 
List-Post: 
List-Help: 
List-Subscribe: ,

Sender: [EMAIL PROTECTED]
Errors-To: [EMAIL PROTECTED]
Content-Transfer-Encoding: quoted-printable
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] Notification

[Spamserver]

* eManager Notification **

Recipient, Content filter has detected a sensitive e-mail.

Source mailbox: "[EMAIL PROTECTED]"
Destination mailbox(es): "[EMAIL PROTECTED]"

*** End of message ***
Received: from 208.8.92.60 by jupiter.INSIDEAI.COM (InterScan E-Mail VirusWall NT); 
Wed, 14 Jan 2004 21:15:09 -0500
Received: from lists.samba.org ([66.70.73.150]) by viruswall.ai-logix.com
  (Post.Office MTA v3.5.3 release 223 ID# 0-0U10L2S100V35)
  with ESMTP id com for <[EMAIL PROTECTED]>;
  Wed, 14 Jan 2004 21:16:55 -0500
Received: from dp.samba.org (localhost [127.0.0.1])
by lists.samba.org (Postfix) with ESMTP id 40AFE2C43E
for <[EMAIL PROTECTED]>; Thu, 15 Jan 2004 02:14:57 + (GMT)
X-Original-To: [EMAIL PROTECTED]
Delivered-To: [EMAIL PROTECTED]
Received: from main.gmane.org (main.gmane.org [80.91.224.249])
by lists.samba.org (Postfix) with ESMTP id 28DE52C01B
for <[EMAIL PROTECTED]>; Thu, 15 Jan 2004 02:13:34 + (GMT)
Received: from list by main.gmane.org with local (Exim 3.35 #1 (Debian))
id 1Agx0q-Oh-00
for <[EMAIL PROTECTED]>; Thu, 15 Jan 2004 03:13:36 +0100
X-Injected-Via-Gmane: http://gmane.org/
To: [EMAIL PROTECTED]
Received: from sea.gmane.org ([80.91.224.252])
by main.gmane.org with esmtp (Exim 3.35 #1 (Debian))
id 1Agx0p-OZ-00 for <[EMAIL PROTECTED]>;
Thu, 15 Jan 2004 03:13:35 +0100
Received: from news by sea.gmane.org with local (Exim 3.35 #1 (Debian))
id 1Agx0p-0003Py-00 for <[EMAIL PROTECTED]>;
Thu, 15 Jan 2004 03:13:35 +0100
From: Vegeta <[EMAIL PROTECTED]>
Date: Wed, 14 Jan 2004 22:13:11 -0400
Lines: 743
Message-ID: <[EMAIL PROTECTED]>
Mime-Version: 1.0
Content-Type: text/plain; charset=iso-8859-1
X-Complaints-To: [EMAIL PROTECTED]
User-Agent: KNode/0.7.2
X-Spam-Checker-Version: SpamAssassin 2.61 (1.212.2.1-2003-12-09-exp) on 
dp.samba.org
X-Spam-Status: No, hits=-4.9 required=3.5 tests=BAYES_00 autolearn=ham 
version=2.61
X-Spam-Level: 
Subject: [Samba] My story installing Samba-LDAP PDC (it has a happy ending)
X-BeenThere: [EMAIL PROTECTED]
X-Mailman-Version: 2.1.3
Precedence: list
List-Id: General questions regarding Samba 
List-Unsubscribe: ,

List-Archive: 
List-Post: 
List-Help: 
List-Subscribe: ,

Sender: [EMAIL PROTECTED]
Errors-To: [EMAIL PROTECTED]
Content-Transfer-Encoding: quoted-printable
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] My story installing Samba-LDAP PDC (it has a happy ending)

[Vegeta]

OK.

I am starting to believe that Samba 3.0.x is not stable.
At least, the documentation for Samba as PDC with OpenLDAP backend (which is
what I have been trying to do for four days) is crap.
All the documentation for 3.0.x is mixed with 2.2.x. Most documents start as
instructions for 3.0.x but put a lot of information that doesn't apply to
3.0.x, but 2.2.x.
People in the mailing list sometimes give answers that apply to 2.2.x.
Some people tell me there is a bug that prevents the use of ou=Computers for
machine accounts. Some people say they have no problems.
Some people say I have to have Administrator with uid=0, some people tell me
it must not be 0.
Everyone says smbldap-tools work great, but they always give me strange
errors.

I'm starting again, this time with 3.0.2pre1.


I'm going to use Samba-HOWTO-Collection.pdf as the main guide for general
samba configuration and
http://www.unav.es/cti/ldap-smb/smb-ldap-3-howto.html for LDAP configuration
(even though I know they have errors regarding 3.0.x).

I'm running SuSE 9.0 on an x86 machine. I have my openldap server running
without problem. At the moment is has no samba information except the
inclusion of the samba.schema in the slapd.conf.
I'm using the JXplorer tool to add/modify/delete directory information.
My LDAP base is dc=ica,dc=luz,dc=ve.
The server is listening without SSL (port 389) on interface 127.0.0.1
(localhost) interface and listening LDAPS (with SSL, port 636) on all
interfaces (I know this is deprecated in favor of StartTLS, but this
configuration works well for me).


1. Samba 3.0.1 compiled and installed without problems with the following
commands:

./configure --prefix=/opt/samba-3.0.2pre1 --with-ldap --with-quotas 
--with-winbind --with-libsmbclient --with-fhs --with-smbmount

make

make install

2. The first step is configuring the smb.conf file.
I read the documentation and I think I understand most parts of it.
The only example in Section 5.3 (Domain Control  Example Configuration) is
for a tdbsam backend, which I am not interested in. I use a similar
configuration, configuration but using information from Section 11.4.4
(Account Information Databases - ldapsam) and previous experience.

My first version of smb.conf is:
START smb.conf--
[global]
#Only allow hosts in my network
hosts allow = 172.17.6.0/255.255.255.0
netbios name = BOA
workgroup = ICALUZ
security = user
encrypt passwords = yes
preferred master = yes
domain master = yes
local master = yes
domain logons = yes
unix charset = "ISO-8859-1"

os level = 33

ldap suffix = dc=ica,dc=luz,dc=ve
ldap admin dn = "cn=Manager,dc=ica,dc=luz,dc=ve"

idmap backend = ldap:ldap://localhost
idmap gid = 1-2
idmap uid = 1-2
ldap idmap suffix = ou=Idmap

passdb backend = ldapsam:ldap://localhost
ldap ssl = off
ldap delete dn = no
ldap user suffix = ou=Personas
ldap group suffix = ou=Grupos
ldap machine suffix = ou=Personas
#ldap machine suffix = ou=Computadoras
#ldap filter = (&(uid=%u)(objectclass=sambaSamAccount))
ldap filter = (uid=%u)

logon path = \\%N\profiles\%u
logon drive = H:
logon home = \\homeserver\%u\winprofile
#logon home = \\%N\%u
logon script = logon.cmd

#logging
log level = 2
log file = /var/lib/samba/%m.log

[netlogon]
path = /var/lib/samba/netlogon
read only = yes
write list = domadmin

[profiles]
path = /var/lib/samba/profiles
read only = no
create mask = 0644
directory mask = 0755

[test]
path=/tmp
writeable=yes
public=yes
END smb.conf--
Differences with respect to the documentation:
hosts allow: only computers from my network can connect to the server.
The order of some directives is changed because I like it better this way.
It aparently doesn't matter (if there is a mistake, please corerct me).

unix charset: My native language is Spanish and it is common to have files
with accented letters. The smb-ldap3-howto (which is from Spain) recommends
using CP850, but it did not work for me. ISO-8859-1 works great.

ldap ssl: I do not use SSL because the LDAP server is in the same machine as
samba.

ldap machine suffix: The documentation (Ssmba Howto Collection - SHC) says
one should
use ou=Computers (ou=Computadoras in spanish). I have this commented and am
using ou=Personas (equivalent to ou=People) since a lot of people say there
is a bug in Samba 3.0.x that prevents it from searching ou=Computers tree.
I do not know if this is fixed in Samba 3.0.2pre1,I'll test that later if
everything else goes fine.

ldap filter: the documentation (example 11.4.1 in SHC) says one should use
(&(uid=%u)(objectclass=sambaSamAccount)), but I found out in previous
installations that it doesn't work, at least when you use smbpasswd -a,
because at that time entries do not have the sambaSamAccount class and are
filtered out. ldap filter =&(uid=%u) workd for me last time so that's what
I'm using.

I do not yet understand what Idmap does. I read it maps Unix group and user
IDs ti Windows user and group SIDs. I am somewhat confused because

[Samba] Samba 3.0.0 nt acl

[Wayne D. Vass]

What's up dude!  Ya posting on Samba's usergroup now!  How's it going dude.
Congrats on certifying on Solaris 8 n 9!


---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.561 / Virus Database: 353 - Release Date: 1/13/2004

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] cypercafe solution , samba, distros anyone expierience needed

[rruegner]

Hi sambatistas,
today i was asked to renew a cybercafes network.
As yet it is not clear if we will switch to linux in a whole.
Has sombody of you did this before ,and is willing to share some
advices with a setup with samba and windows.
I thougt about a solution in which every win clients
profile is loaded from a mastercopyprofile in samba, and 
after the the user has ended it gets deleted in total.
The result should be a clean fresh profile everytime at login on the win client 
machine ( win2000).
The default loginusersame ( with only guest group permission ) should be like the win 
computers networkname.
After a session had ended the inlogged time should 
be only printed out to the servers printer.
I thought about a script which should do this invoked by 
root preexec and root postexec at opening ( closing )netlogon share.
Does this sound like a good idea to you?
The other side may be we will switch to linux on the clients too (what i would 
preffer) does anybody know a prebuild distro or software for this , kind of debian 
maybe ?( freshmeat was not very full looking to such stuff ).
My thought also go to a thin client solution ,
or using knoppix on the clients and give access to the server via , nis ldap ore else.
Has anybody of you allready done such stuff ?
Any help would be nice
Best Regards  
--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] Re: Logging Detail

[Mike McMullen]

> Hi all,
> 
> I am using Samba 2.2.7-security-rollup-fix on a few RH7.3
> systems. 
> 
> I need to configure the logging to show what user/pc is accessing
> what file.
> 
> I've been through the How-Tos at Samba.org and read the section
> on configuring logging detail but either I'm too tired or too stupid
> (both viable options ;-) ) to figure out which level I need to get this
> information.
> 
> Can anyone tell me what level of logging I need to set to get this?
> 
> I did this way back 3 years ago on RH7.0 systems but that info
> has long since been flushed from mental cache.
> 
> TIA,
> 
> Mike
> 

After further dinking around I see I can get copious amounts of info
most of which I don't need. Kind of like life in general.

Is there a way to get customized logs so that I get an entry of the
form:

   

It would be a bonus if I could tell if the file was read or written.

Any help with this appreciated and pointers to docs welcome.

Mike




-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] Logging Detail

[Mike McMullen]

Hi all,

I am using Samba 2.2.7-security-rollup-fix on a few RH7.3
systems. 

I need to configure the logging to show what user/pc is accessing
what file.

I've been through the How-Tos at Samba.org and read the section
on configuring logging detail but either I'm too tired or too stupid
(both viable options ;-) ) to figure out which level I need to get this
information.

Can anyone tell me what level of logging I need to set to get this?

I did this way back 3 years ago on RH7.0 systems but that info
has long since been flushed from mental cache.

TIA,

Mike


-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] Queries regarding domain groups

[Ross Saad]

Hi,

I'm trying to understand the way Samba maps groups to Windows.

Linux version 2.4.17 (gcc version 2.96 2731 (Red Hat Linux 7.1 2.96-98))
Samba Version 2.2.7a

Basically, what I'm trying to do involves setting up certain groups on the
Windows domain and assigning them to users.
Using VB and ADSI, I can get a list of all groups and all users on the
domain. However, it doesn't seem possible to create groups on the domain or
to retrieve a user's groups.

I understand that groups and group info on the server are stored in
/etc/group. Some of these groups are in the list that I can retrieve,
together with some Windows groups, eg. Print Operators. Where do the Windows
groups come from?

In /etc/group it seems as though users have been assigned to groups, but I
can't retrieve a user's group(s) from Windows. Also, I notice that our
smb.conf doesn't have a section for domain admin group or domain guest
group. Would it help my cause from Windows to add these in? How can I assign
domain administrator that will be recognised through Windows and will this
administrator be able to perform my intent?

Is it possible to achieve any of this given the system over here? I've read
that Samba 3 has new support for Windows group mapping, although I'm not
sure if group creation and administration will be possible through Windows.

Any help is much appreciated.

Thanks,
Ross

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] SAMBA + LDAP: can login to domain

[Andrei Mikhailovsky]

Hello,

I've tried to integrate samba 3.0.1 and LDAP 2.1.23 using the guide 
provided from http://www.hilinski.net/samba/. While the ldap+samba user 
authentication seems to work fine, I can't join the Domain from a 
Windows 2000 Client. The Domain is found and Name/Password Credentials 
are asked. I enter root and password and I get an error:

Login Failure: Unknow username or bad password

Even thought I've added the workstation account by using 
smbldap-useradd.pl 

I get an ldif entry as follows:

dn: uid=MOZG$,ou=computers,dc=company,dc=com
objectClass: top
objectClass: inetOrgPerson
objectClass: posixAccount
cn: MOZG$
sn: MOZG$
uid: MOZG$
uidNumber: 1104
gidNumber: 553
homeDirectory: /dev/null
loginShell: /bin/false
description: Computer
Even though the smbldap-useradd.pl script didnt' give any erros, I have 
a feeling that the workstation account should contain more entries. Am I 
missing something?

I've also tried to use other method of creating workstaion account (as 
described in the Samba official docs.

root# /usr/sbin/useradd -g machines -d /dev/null -c "machine nickname" \
   -s /bin/false machine_name$
and

root# smbpasswd -a -m machine_name

This way I get more entries in the workstation entry, but I am still 
unable to connect with Domain Controller. The ldif i get using the 
second method:

dn: uid=MOZG$,ou=computers,dc=company,dc=com
uid: MOZG$
sambaSID: S-1-5-21-3830420305-2497394645-3910713721-3208
sambaPrimaryGroupSID: S-1-5-21-3830420305-2497394645-3910713721-515
displayName: MOZG
sambaPwdCanChange: 1074118064
sambaPwdMustChange: 2147483647
sambaLMPassword: EE2BBDC5C55719A7AAD3B435B51404EE
sambaNTPassword: 40514E8515A8690E3D94E8679434BEF6
sambaPwdLastSet: 1074118064
sambaAcctFlags: [W  ]
objectClass: sambaSamAccount
objectClass: account
Can you tell me what am I doing wrong?

Thanks for any help )

--
Andrei Mikhailovsky
--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Re: [Samba] samba 2.2.8a PDC LDAP CTRL+ALT+DEL password change, not chaning Unix password

[Gémes Géza]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi,

With

unix password sync = No
ldap password sync = No
you wont get any passwd syncronisation. If you use the later you
wouldn't need any other passwd related parameters, since it uses the
LDAP EXOP operation supported on OpenLDAP 2.0.x-2.2.x I think.
Regards,

Geza

| I am running samba 2.2.8a with ldap PDC. From windows machine If I change
| password by process CTL+ALT+DEL key its changing only windows password.
|
| from command line  smbldap-passwd.pl  script changing the both UNIX and
| samba password.
|
| any idea why its not changing UNIX password?
|
| Thanks
| SR
|
| Here my smb.conf file
|
| encrypt passwords = Yes
|  min passwd length = 5
|  null passwords = No
|  password server =
|  smb passwd file = /etc/samba/smbpasswd
|  pam password change = Yes
|  passwd program = /usr/local/sbin/smbldap-passwd.pl %u
|  passwd chat = *New*UNIX*password* %n\n *ReType*new*UNIX*password*
| %n\n*passwd:*all*authentication*tokens*updated*successfully*
|  passwd chat debug = Yes
|  password level = 0
|  unix password sync = No
|  machine password timeout = 604800
|
| my smbldap-passwd.pl  file
| ===
| use FindBin;
| use FindBin qw($RealBin);
| use lib "$RealBin/";
|
| use smbldap_tools;
| use smbldap_conf;
|
| my $user;
| my $oldpass;
| my $ret;
|
| my $arg;
|
| foreach $arg (@ARGV) {
|  if ($< != 0) {
|   die "Only root can specify parameters\n";
|  } else {
|   if ( ($arg eq '-?') || ($arg eq '--help') ) {
|print "Usage: $0 [username]\n";
|print "  -?, --help   show this help message\n";
|exit (6);
|   } elsif (substr($arg,0) ne '-')  {
|$user = $arg;
|   }
|   $oldpass = 1;
|  }
| }
|
| if (!defined($user)) {
|  $user=$ENV{"USER"};
| }
|
| # test existence of user in LDAP
| my $dn_line;
| if (!defined($dn_line = get_user_dn($user))) {
| print "$0: user $user doesn't exist\n";
| exit (10);
| }
|
| my $dn = get_dn_from_line($dn_line);
|
| my $samba = is_samba_user($user);
|
| print "Changing password for $user\n";
|
| # non-root user
| if (!defined($oldpass)) {
| # prompt for current password
|  system "stty -echo";
|  print "(current) UNIX password: ";
|  chomp($oldpass=);
|  print "\n";
|  system "stty echo";
|
|  if (!is_user_valid($user, $dn, $oldpass)) {
|  print "Authentication failure\n";
|  exit (10);
|  }
| }
|
| # prompt for new password
|
| my $pass;
| my $pass2;
|
| system "stty -echo";
| print "New password : ";
| chomp($pass=);
| print "\n";
| system "stty echo";
|
| system "stty -echo";
| print "Retype new password : ";
| chomp($pass2=);
| print "\n";
| system "stty echo";
|
| if ($pass ne $pass2) {
| print "New passwords don't match!\n";
| exit (10);
| }
|
| # only modify smb passwords if smb user
| if ($samba == 1) {
| if (!$with_smbpasswd) {
| # generate LanManager and NT clear text passwords
|  if ($mk_ntpasswd eq '') {
|  print "Either set \$with_smbpasswd = 1 or specify \$mk_ntpasswd\n";
|  exit(1);
|  }
|  my $ntpwd = `$mk_ntpasswd '$pass'`;
| chomp(my $lmpassword = substr($ntpwd, 0, index($ntpwd, ':')));
| chomp(my $ntpassword = substr($ntpwd, index($ntpwd, ':')+1));
|
| # change nt/lm passwords
|  my $tmpldif =
| "$dn_line
| changetype: modify
| replace: lmpassword
| lmpassword: $lmpassword
| -
| changetype: modify
| replace: ntpassword
| ntpassword: $ntpassword
| -
|
| ";
|  die "$0: error while modifying password for $user\n"
|  unless (do_ldapmodify($tmpldif) == 0);
|  undef $tmpldif;
| }
| else {
|  if ($< != 0) {
|  my $FILE="|$smbpasswd -s >/dev/null";
|  open (FILE, $FILE) || die "$!\n";
|  print FILE < /dev/null";
| if ($ret == 0) {
| print "all authentication tokens updated successfully\n";
| } else {
| return $ret;
| }
|
| exit 0;
|
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.2.3 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFABbRi/PxuIn+i1pIRAgvMAKCj8zTdIOScHjyU73Hva74F/038sACdE3sV
lVEKI7LhGuejdmLlCNdABRw=
=F7eU
-END PGP SIGNATURE-
--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] permission bits clobbered

[Panko, Kevin]

A file is chmod 600.  It gets opened on Windows, and it gets changed to 644.
Now the secrets are exposed to all users.  This is bad!

This happens if the user does:

N:\> echo foobar > secretfile

But it does stay at chmod 600 if he does (append instead of truncate):

N:\> echo foobar >> secretfile

Why does this happen?
The "create mask" parameter is set to 644.  I do not think this should apply
to files that already exist, but only to files that are created.

Samba version is 2.2.8a.
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Re: [Samba] signing failures during smbclient tar operation: SMB signature check failed

[Fran Fabrizio]

[next time I won't hit send before finishing my thought, sorry]

The interesting thing is that:

# smbclient snapper\\dfs  -U Administrator -E -W CISWINNET
-D home -d3 -Tqca /tmp/test.tar

produces

\home\faculty\bryant\bryantback-brblt\Images\backups\backup20010502.zip
of size 15593375 bytes as a tar file backup20010502.zipnread=0
[2004/01/14 15:05:10, 3] client/clitar.c:do_atar(693)
  nread=65520

[snip]

[2004/01/14 15:05:12, 3] client/clitar.c:do_atar(693)
  nread=11597040
[2004/01/14 15:05:12, 1] libsmb/smb_signing.c:signing_good(205)
  signing_good: SMB signature check failed on seq 7!
[2004/01/14 15:05:12, 0] libsmb/clientgen.c:cli_receive_smb(121)
  SMB Signature verification failed on incoming packet!
[2004/01/14 15:05:12, 0] client/clitar.c:do_atar(698)
  Error reading file
\home\faculty\bryant\bryantback-brblt\Images\backups\backup20010502.zip
: Server packet had invalid SMB signature!

whereas

# smbclient snapper\\dfs  -U Administrator -E -W CISWINNET
-D home\\faculty\\bryant\\bryantback-brblt\\Images\\backups -d3 -Tqca
/tmp/test.tar

works fine.  So it's not the particular file that causes it to fail, but
perhaps when it hits a certain threshold for total amount of data?

Should I be taking this to one of the more technical lists?

Thanks,
Fran


-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Question regarding guest account =

[Andrew Bartlett]

On Wed, Jan 14, 2004 at 02:41:49PM +0100, Tarjei Huse wrote:
> Hi, and thanks for a very quick answer!
> 
> A small followup:
> 
> >>b) It also seems that the guestuser must have a sambaSid that ends in 
> >>501, else samba will not find the user, correct?
> >>
> >>
> >
> >We make up an account if you don't supply one, and we will get nasty
> >side-effects if you don't give it a RID of 501
> >  
> >
> I've seen the sideeffects :-(
> Where would the user be stored? I'm using a ldap sam, btw.

If you wnat to create the user (overriding our internal backup
creation) then put it into LDAP like any other user, justh with the
right name and SID.

> And how can I set the users password if he/she is not created ?

You never set the password (nor do you set a null password) on the
guest user.  We handle that internally

> Also, if the default guest account is set to nobody (without me using 
> the parameter), and I have a user nobody in my sam. will samba use this 
> user? Should I remove it?

If it is correctly setup, Samba will use it.

> >>c) Also, if I want a guest user that can log on to my domain without a 
> >>password, but who will not have any access to shares etc, should I then 
> >>use this "guest" user or should I create a special user for this?
> >>
> >>
> >Use this account.  This is done (if you want to match win2k behaviour)
> >with the 'map to guest = bad user' parameter.
> >  
> >
> A bit many this there, you men the account I created, not the special 
> guest user , right?
> 
map to guest will use the 'guest account', specified in smb.conf.

Andrew Bartlett
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] LDAP + samba + unix authentication

[Adalid Bruno]

Hi,
After a lot of trial and error I managed to get ldap + samba 3 running. 
Samba now authenticates through ldap. But somehow the difference between 
a unix and a samba login still exists.

I use smbldap-useradd.pl to create an ldap entry. There are two options:
With the "-a" option the entry contains the objectClass  
"sambaSamAccount", and a lot of Windows related attributes.
Without the mentioned option, the program creates an entry with 
objectClass "posixAccount" and the normal nss attributes.

Through smb.conf I have defined smbpasswd to use smbldap-useradd.pl to 
update the passwd in the ldap directory.

So, now I still have to have two entries per user in the ldap directory 
because with the sambaSamAccount userPasswd is {SHA}encrypted  and with 
the posixAccount the userPasswd is {CRYPT} encrypted. Though two entries 
in LDAP is much more maintainable than anything I have seen before, I 
still have the idea that things can be solved  more gracefull, with one 
entry and an automised password sync between unix and samba.

Any suggestions?


Robert,
Have you tried SCO Vintella for the password authentication?

http://www.sco.com/products/authentication/

You can doanload the software for free as a 60-eval copy at

http://www.sco.com/download/

Please let me know if it works, and what do we need to do to make it to 
work.

Thanks,
-adalid
--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Re: [Samba] disappearing files

[jonlists]

To reply to my own message, I have finally found something in the logs 
that indicates a permission denied error, as follows: 

when attempting to read the directory, on one entry the following shows: 

get_lanman2_dir_entry: Couldn't stat [Filename in directory structure] 
(Permission Denied) 

At the samba/share level, things should be okay. At the unix file system 
level, like I said, the user is the owner of the file. 

Ideas? 

Jon Johnston
Creative Business Solutions
IBM, Lotus, Microsoft Consultants
http://www.cbsol.com
952-544-1108 

[EMAIL PROTECTED] wrote on 01/14/2004 
02:49:35 PM:

> Samba 2.2.7-3.7.2 on Redhat 7.3 
> 
> Have a samba server setup that has been running for over a year now. 

> fairly simple configuration - it is functioning as a stand=alone server 
> with smbpasswd backend. Everything has been working properly until 
> recently - now randomly some directories do not display their contents. 
> There are files in the directory, I've checked the ownership/rights on 
the 
> files themselves - the logged in user owns the files, and the directory. 

> They have rights to the Samba share by the "valid users" parameter. 
> 
> The directory (in this case) that isn't showing up is three levels deep: 

> 
> /Sambashare
> /ME
> /Tempstuff < this directory of files isn't showing 
up. 
> 
> 
> I've set the log level to 10, and I'm not seeing anything glaring going 
on 
> there, either. I cannot upgrade this server to 3.0x, otherwise, I'd 
> probably go in that direction. 
> 
> Any thoughts are greatly appreciated. 
> 
> Jon Johnston
> Creative Business Solutions
> IBM, Lotus, Microsoft Consultants
> http://www.cbsol.com
> 952-544-1108 
> -- 
> To unsubscribe from this list go to the following URL and read the
> instructions:  http://lists.samba.org/mailman/listinfo/samba
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] "share modes" parameter

[Eddie]

Hello,

I was updating our configuration files after upgrading from 2.2.8 to 3.0,
and I noticed that the new default smb.conf file has "share modes = no"
under the [netlogon] section (where as this was not present before)

What does this do, and more importantly, what bad things might happen if one
does not specific this (and thus the default share modes + yes applies) for
the [netlogon] share?

(the man page for smb.conf states that "You should NEVER turn this parameter
off as many Windows applications will break if you do so.")

Thanks,
Eddie



-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] LDAP + samba + unix authentication

[Adalid Bruno]

http://www.sco.com/products/authentication/

--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] signing failures during smbclient tar operation: SMB signature check failed

[Fran Fabrizio]

(Samba 3.0.1, RedHat 9, share is a w2k3, security = ADS)

Here is a snippet of debug level 3 output of an smbclient tar operation,
with error at the end.  Command is:

# smbclient snapper\\dfs  -U Administrator -E -W CISWINNET
-D home -d3 -Tqca /tmp/test.tar

[2004/01/14 15:05:10, 3] lib/util.c:dos_clean_name(549)
  dos_clean_name
[\home\faculty\bryant\bryantback-brblt\Images\backups\backup20010502.zip]
[2004/01/14 15:05:10, 3] client/clitar.c:do_atar(673)
  file
\home\faculty\bryant\bryantback-brblt\Images\backups\backup20010502.zip
attrib 0x80
[2004/01/14 15:05:10, 3] client/clitar.c:do_atar(686)
  getting file
\home\faculty\bryant\bryantback-brblt\Images\backups\backup20010502.zip
of size 15593375 bytes as a tar file backup20010502.zipnread=0
[2004/01/14 15:05:10, 3] client/clitar.c:do_atar(693)
  nread=65520
[2004/01/14 15:05:10, 3] client/clitar.c:do_atar(693)
  nread=131040
[2004/01/14 15:05:10, 3] client/clitar.c:do_atar(693)
  nread=196560
[2004/01/14 15:05:10, 3] client/clitar.c:do_atar(693)
  nread=262080

[snip]

[2004/01/14 15:05:12, 3] client/clitar.c:do_atar(693)
  nread=11597040
[2004/01/14 15:05:12, 1] libsmb/smb_signing.c:signing_good(205)
  signing_good: SMB signature check failed on seq 7!
[2004/01/14 15:05:12, 0] libsmb/clientgen.c:cli_receive_smb(121)
  SMB Signature verification failed on incoming packet!
[2004/01/14 15:05:12, 0] client/clitar.c:do_atar(698)
  Error reading file
\home\faculty\bryant\bryantback-brblt\Images\backups\backup20010502.zip
: Server packet had invalid SMB signature!
[2004/01/14 15:05:12, 0] client/clitar.c:do_atar(733)
  Didn't get entire file. size=15593375, nread=11597040
[2004/01/14 15:05:12, 3] client/clitar.c:do_atar(770)
  (7059.76 kb/s) (average 4832.78 kb/s)

This is a 15M file, and it's failing about 11.5M into it.  What 


-- 

Fran Fabrizio
Senior Systems Analyst
Department of Computer and Information Sciences
University of Alabama - Birmingham
[EMAIL PROTECTED]
(205) 934-0653

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] Problems with smbldap-tools 0.8.2 and Samba 3

[Áncor González Sosa]

I'm having problems using smbldap-tools 0.8.2 from idealix,
I'm using the following entry in my smb.conf file:
add machine script = smbldap-useradd.pl -w -g 553 %u
Then, while I try to add a workstation to my domain, the script
adds a posixAccount, and then I get this error:
 --
[2004/01/14 18:15:49, 1] passdb/pdb_ldap.c:ldapsam_modify_entry(1173)
 ldapsam_modify_entry: Failed to add user 
dn=uid=nodo03$,ou=Computers,dc=guaydil,dc=prv with: Already exists

[2004/01/14 18:15:49, 0] passdb/pdb_ldap.c:ldapsam_add_sam_account(1575)
 ldapsam_add_sam_account: failed to modify/add user with uid = nodo03$ 
(dn = uid=nodo03$,ou=Computers,dc=guaydil,dc=prv)
[2004/01/14 18:15:49, 0] pc_server/srv_samr_nt.c:_samr_create_user(2330)
 could not add user/computer nodo03$ to passdb.  Check permissions?
 --

This is the problematic (I think) piece of smbldap-useradd.pl

 ## Here the posixAccount is added 
 if (!add_posix_machine ($userName, $userUidNumber, $userGidNumber)) {
   die "$0: error while adding posix account\n";
 }
 if (!$with_smbpasswd) {

   ### The script "executes" this branch, so nothing is done. It expects
   ### Samba to add the sambaSAMAccount, but I think that Samba fails to
   ### do it because already exists the posixAccount (with the same uid)
   # (jtournier)
   # Objectclass sambaSAMAccount is now added directly by samba when
joigning the domain (for samba3)
   #if (!add_samba_machine_mkntpwd($userName, $userUidNumber)) {
   #  die "$0: error while adding samba account\n";
   #}
 } else {
   # The script never executes this branch

   if (!add_samba_machine($userName)) {
 die "$0: error while adding samba account\n";
   }
After the error, I have this (pretty useless) object in my LDAP tree
(NODO03 is the machine name):
dn: uid=nodo03$,ou=Computers,dc=guaydil,dc=prv
objectClass: top
objectClass: inetOrgPerson
objectClass: posixAccount
cn: nodo03$
sn: nodo03$
uid: nodo03$
uidNumber: 1002
gidNumber: 553
homeDirectory: /dev/null
loginShell: /bin/false
description: Computer
structuralObjectClass: inetOrgPerson
entryUUID: b343498a-db14-1027-8c44-bf8a7f8d59ff
creatorsName: cn=Manager,dc=guaydil,dc=prv
createTimestamp: 20040114193632Z
entryCSN: 2004011419:36:32Z#0x0001#0#
modifiersName: cn=Manager,dc=guaydil,dc=prv
modifyTimestamp: 20040114193632Z
If I try to manually add the account "as Samba would do it", I get
the same error that can be read in the Samba logs:
servidor:~# smbpasswd -a -m nodo03$
ldapsam_modify_entry: Failed to add user dn=
uid=nodo03$,ou=Computers,dc=guaydil,dc=prv with: Already exists
ldapsam_add_sam_account: failed to modify/add user with uid = nodo03$ (dn =
uid=nodo03$,ou=Computers,dc=guaydil,dc=prv)
Failed to add entry for user nodo03$.
Failed to modify password entry for user nodo03$
Any idea?

--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Samba PDC and Automatic Printer Install

[alaslavic]

In your smb.conf, you have the option "use client driver" set to "yes".
When it is "yes", it will not allow you to set the driver.  You need to
delete the "use client driver" line, reload samba and it should work.

Alex Laslavic
Havertys Tech Services

[EMAIL PROTECTED] wrote on 01/14/2004
10:35:11 AM:

> Hello,
> I am trying to install automatic printer driver download and install.
> I am running Samba 3, as a PDC, on RedHat 7.3.
>
> It seems everything is setup correctly, although I cannot get the
rpcclient
> to 'see' my printer.
> Please notice these two printers listed below ar the same (lp & HP2300).
>
>
> [EMAIL PROTECTED] log]# rpcclient -U=root localhost
> Password:
>
> rpcclient $> enumprinters
> flags:[0x80]
> name:[\\mercury\HP2300]
> description:[\\mercury\HP2300,,HP2300]
> comment:[HP2300]
>
> flags:[0x80]
> name:[\\mercury\lp]
> description:[\\mercury\lp,,]
> comment:[]
>
> rpcclient $> enumdrivers
>
>
>
> [Windows NT x86]
> Printer Driver Info 1:
> Driver Name: [HP LaserJet 2300 Series PCL 6]
>
>
> [Windows NT x86]
> Printer Driver Info 1:
> Driver Name: [HP LaserJet 2300 Series PCL 6]
>
>
> rpcclient $> setdriver "lp" "HP LaserJet 2300 Series PCL 6"
> SetPrinter call failed!
> result was WERR_ACCESS_DENIED
> rpcclient $> setdriver "HP2300" "HP LaserJet 2300 Series PCL 6"
> SetPrinter call failed!
> result was WERR_ACCESS_DENIED
> rpcclient $>
>
>
> Snip from my smb.conf:
> [printers]
> comment = HP LaserJet
> path = /var/spool/samba
> printer admin = root
> guest ok = Yes
> printable = Yes
> printing = cups
> use client driver = Yes
> browseable = No
>
> [print$]
> comment = Printer Download
> path = /var/spool/samba/W32X86/3
> valid users = maldrich, root
> admin users = maldrich, root
> write list = root
> read only = No
> guest ok = Yes
>
> [lp]
> path = /var/spool/samba
> printer admin = root
> read only = No
> guest ok = Yes
> printable = Yes
> printer name = lp
> use client driver = Yes
> oplocks = No
> share modes = Yes
>
> On the client side (Windows XP Pro), I can see both printers from Network
> Neighborhood,
> , Printers & Faxes. Both of them are in 'Error' status.
>
> Does anyone have an idea why this operation is continuosly failing?
>
> Why do I get WERR_ACCESS_DENIED from SetPrinter?
>
> Thanks
> Mike
>
>
> And thanks to Kurt for getting me this far
>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  http://lists.samba.org/mailman/listinfo/samba
>

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] disappearing files

[jonlists]

Samba 2.2.7-3.7.2 on Redhat 7.3 

Have a samba server setup that has been running for over a year now. 
fairly simple configuration - it is functioning as a stand=alone server 
with smbpasswd backend. Everything has been working properly until 
recently - now randomly some directories do not display their contents. 
There are files in the directory, I've checked the ownership/rights on the 
files themselves - the logged in user owns the files, and the directory. 
They have rights to the Samba share by the "valid users" parameter. 

The directory (in this case) that isn't showing up is three levels deep: 

/Sambashare
/ME
/Tempstuff < this directory of files isn't showing up. 


I've set the log level to 10, and I'm not seeing anything glaring going on 
there, either. I cannot upgrade this server to 3.0x, otherwise, I'd 
probably go in that direction. 

Any thoughts are greatly appreciated. 

Jon Johnston
Creative Business Solutions
IBM, Lotus, Microsoft Consultants
http://www.cbsol.com
952-544-1108 
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] mounting smbfs from a Solaris 7 box

[Knoll, Steve]

Has any Sun Solaris samba admin ever attempted to mount to a WindowsNT server?  
Unfortunately after several attempts and some elaborate syntax I can not get this to 
work.  I do not see that Sun supports smbfs as Linux does.  If anyone has any ideas or 
tricks please drop me a line.
 
Thanks,

Steve Knoll 
Intersil Corporation
PAT Systems Group
* (email) < mailto:[EMAIL PROTECTED]>
* (voice) 1(321)729-5871
* (fax) 1(321)729-1194 

 
--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Spam reduction suggestion

[Wm. Dean Dufresne]

Mailing list programs need to incorporate reverse lookup... Unless that
wouldn't work.

On 1/14/04 10:59 AM, "Don Koch" <[EMAIL PROTECTED]> wrote:

> The real problem is that all of the recent spam on this list has
> a From value from samba.org - more precisely samba at samba.org.
> 
> The easiest way to reduce spam on this list is to remove samba at samba.org
> from the user whitelist.  Actually, the entire domain is whitelisted; maybe
> that should be changed.  Another alternative is adding samba at samba.org to
> the blacklist; after all, "samba" shouldn't be sending mail to itself.




-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] SAMBA+LDAP+PAM

[Gilberto Nunes]

Hello guys

 How can I configure the pam librarys to use properly ldap for
samba-3.0.1?

-- 
Gilberto Nunes
Suporte Rede Bonja - Bom Jesus/Ielusc
Fone: 433-0155 - ramal 235
www.ielusc.br - [EMAIL PROTECTED]
Linux User nº 199930
ICQ #136176504
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] Good young girls want to play pranks!

[Isabella]

.::: PERFECT XXX HARDCORE :::... 

http://dot.hoha.ru/perfect/
^   ^
CLICK HERE TO START WATCHING!

Tired of those sites that only give you a few crappy feeds to watch, and they

never change or update them? Well you won`t find that here! 
Project "PERFECT XXX HARDCORE" has Full Length , high quality photos and video with 
sounds
that can be watched full screen !  
Hot lesbians, latinas , blondes , brunnetes, wild blowjobs, horny sex babes, 
threesomes and all ready for
instant download. This is the closest thing to an online porn video and photo  
lirbrary - but you keep our movies. Join now and get the best Quality XXX 
Porn Movies an Photos!
You'll never find a site on the net like this one. Satisfaction guaranteed!
GET INSTANT ACCESS TO OUR PEREFCT XXX HARDCORE
100% Exclusive Hardcore
Content - Updated Constantly - Live Sex Shows And More
http://dot.hoha.ru/perfect/
^   ^
CLICK HERE TO START WATCHING!

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] Another Samba and Mac OS 10.3 Question

[AndyLiebman]

I have a different Samba and Mac OS 10.3 question. I have a small network in 
my office with a Linux box acting as a file server, mostly Windows XP clients, 
and a couple of Macs. When I create Samba shares on the Linux box, I have no 
problem getting my Windows XP users to be able to read and write to the 
shares. The login name and password on the XP boxes are the same as the 
corresponding Linux AND Samba usernames and passwords -- and all users are in the same 
common group called "writers"

>From the Mac, however, it's a different story. Mac users can mount the Samba 
shares and gain READ access, but they are UNABLE TO WRITE to the shares. 
Again, the Mac usernames and passwords are the SAME as the corresponding Linux and 
Samba usernames and passwords. 

Is there something that I have to do on the Mac to allow users to write to 
the common shares? 

By the way, I'm using Samba 3.0.0. I'll upgrade to 3.0.1 when there's a 
Mandrake rpm. 

Here's my smb.conf file:

[global]
   workgroup = WRITERS
   netbios name = WRITERSPACE
   server string = WRITERSPACE %v 
   map to gues = Bad User
   log file = /var/log/samba3/log.%m
   max log size = 50
   printcap name = cups
   dns proxy = No
   wins support = Yes
   printer admin = @adm
   printing = cups

[homes]
   comment = Home Directories
   read only = No
   browseable = No 

[printers]
   Not relevant here

[print$]
   Not relevant here

[pdf-generator]
   Not relevant here

[InProgress]
comment = Stories
path = /home/raid/InProgress
write list = @staffwriters
read only = No
guest ok = Yes
# Option 1 Use the following line to make all new files editable by all users
#   inherit permissions = yes

# Option 2 Use the following two lines to make all new files editable by all 
users
 create mask = 0775
 directory mask = 0775
# Option 3 Use the following 2 lines to get Mac users to be able to write to 
directory as well as PC Users
#   force user = theboss
#   force group = staffwriters 


I would prefer to use Option 2 or maybe Option 1 but they don't seem to work 
with the Mac. Option 3 does give Mac Users read/write access, but there are 
reasons why I don't want to use it.

Any ideas about getting the Macs to cooperate with Option 2 or 1? 

Thanks in advance

Andy Liebman
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] Samba 2.2.8a with Solaris 8 & NIS

[Spike Burkhardt]

All,

  The basic info is that I'm running Samba 2.2.8a on a Solaris 8 machine
with NIS.  The hostname is altair and is a NIS slave.  As a standard
practice every employee get's a NIS account and altair is their samba
home.  NIS is set to compatibility mode in /etc/nsswitch.conf.  Samba
security is set to server.  It appears that for users to map to their
samba share, we need to have an entry for them in the netgroup file.
The side effect of this is that they also get command line access which
we don't want.  Does anyone have a solution for this problem?

TIA,

Spike
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Samba and Mac OSX 10.3

[Anthony Hess]

If you mean login as in authenticate the whole machine off of a Samba
server, the key variable there is whether you are using LDAP or not as the
backend of said server.  If thats the case, then yes - you can feel free
to email me off list and Ill tell you what I know (not much, but Im sure I
can point you to the proper resources).  Its not a Samba thing at that
point, but rather an LDAP thing.

If you just mean mount the drive, then read on...

If you don't mind some Applescript (I don't really know it - but if my
instructions aren't clear just email me off list) I have a solution for
you.

Fire up the applescript editor and put this into it:

tell application "Finder"
activate
mount volume "smb://username:[EMAIL PROTECTED]/share/"
end tell

Where you put the appropriate information into the volume info.  Then save
it as an executable, then put it into the login items.  Not pretty, but it
works.  You can take out the username/password information if you want it
to ask for it every time the machine fires up the script.

There are probably other ways to do this, but this is something that has
worked since early versions of OS X so I haven't bothered to look around.
Under Panther I do believe you can put an smb mount share in using the
Netinfo manager, but I haven't ever done this (since said ugly workaround
gets the job done and I haven't bothered to fix it).

--
Anthony Hess
Support Systems Analyst, Sr.
CoEM Computer Services

On Wed, 14 Jan 2004, Wayne Dozier(Samba) wrote:

> Is there a way to set up a mac running panther to ask or a
> login to the samba server every time it boots?  I have
> looked everywhere and cannot find something that would
> work.  any help would be appreciated.
>
> Wayne
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  http://lists.samba.org/mailman/listinfo/samba
>
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] Samba and Mac OSX 10.3

[Wayne Dozier(Samba)]

Is there a way to set up a mac running panther to ask or a 
login to the samba server every time it boots?  I have 
looked everywhere and cannot find something that would 
work.  any help would be appreciated.

Wayne
--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] Re: Domain group not working in valid users

[Kenneth Porter]

Thanks. Copied to Fedora bugzilla:

http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=113495

-- 
Kenneth Porter
http://www.sewingwitch.com/ken/

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Difference Between Domain and ADS security In Reference to Realms

[John H Terpstra]

On Wed, 14 Jan 2004, Harmon, Leigh wrote:

>
> Hi,
>
> I've been researching which type of security to use with Samba 3.0.1 and I still
> don't understand what the difference is between "security=DOMAIN" versus
> "security=ADS."  I complied Samba to include ADS support, and I initially chose
> "security=DOMAIN."  When I use the "net" command I can add it to my domain.
> However, if I set "realm=our.ads.realm" and do the same "net" command, then I
> get a message saying that server was added to the realm.  What is the difference
> between adding the Samba server to the realm using "security=DOMAIN" versus
> adding it to the realm using "security=ADS?"

"security = DOMAIN" causes Samba to work with your Active Directory domain
as if it is an NT4 server - using remote procedure call (RPC)
authentication. This requires NetBIOS over TCP/IP.

"security = ADS" causes Samba to communicate with Active Directory using
Kerberos authentication protocols and does not require NetBIOS over TCP/IP
support.

- John T.
-- 
John H Terpstra
Email: [EMAIL PROTECTED]
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] Printer in Win2k

[samba_list]

 Hi, 

 There are two Win2k boxes on my network that are experiencing long
delays (more than 10 minutes) when someone try to print something on
my 
Samba-shared printer. 
 I´ve configured smb.conf with security = ads option.   
 Below are some log file lines that report errors on the
authentication: 

[2004/01/12 17:05:08, 1]
smbd/sesssetup.c:reply_spnego_kerberos(218) 
Username FSADM02$ is invalid on this system   

 [2004/01/14 10:28:49, 0]   
lib/util_sock.c:get_socket_addr(919)
getpeername failed. Error was Transport endpoint is not connected
   

[2004/01/14 10:28:49, 0]
lib/util_sock.c:write_socket(413)   
write_socket: Error writing 4 bytes to socket 16: 
ERRNO = Connection reset by peer   
-
Why is the station trying to log in using its   
computer name instead of user ? Why all computers   
on my network are working fine with Samba but these 
two are not ? 

Thanks for help.

Lindolfo Rodrigues

--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Win XP Pro / Linux PDC

[Art Powell]

Damn details will get you everytime in this business :).


--Original Message--
From: "Antony Gelberg" <[EMAIL PROTECTED]>
Date: Wednesday, January 14th, 2004 7:48 AM CST
To: "Antony Gelberg" <[EMAIL PROTECTED]>,"Craig White" <[EMAIL PROTECTED]>
Subject: Re: [Samba] Win XP Pro / Linux PDC

Ok, fixed it!  It was a typo in my addmachine script - the group was
machines, not machine.  I found it after starting the daemons with -d 3.

Antony




-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Ripe woman

[Sam Hart]

Check the headers on the original message. It's being detected by 
SpamAssassin as having spammy-qualities... however the fact it's on a 
known mailing list (samba's) usually pushes it way under the limit ;-)

I complained about it a day or two ago too (check for the "offtopic" posts 
from me). Short of whomever maintains these mail severs adjusting the 
SpamAssassin checks so that the "PORN" ones outweigh the whitelists, there 
aint much to do...

* On 04-01-14, claudio wrote:

> This list can't be moderated?
> 
> Only porno spams are the things missing:(
> 
> 
> 
> Isabella wrote:
> 
> >COME ON HERE: http://zone.hoha.ru/allstrip
> >
> >What can be better than hard fuck? Here you will see how it should be done by all 
> >rules! 
> >Ripe girls are ready to start it even now! 
> >
> >Kathy took soft yet dick in her hands and by few movements made it hard as stone! 
> >Here it is - power and skill of the ripe woman! But if she had only skilful hands, 
> >she hardly could be here! 
> >Tight-assed and lustfull - what she is! She will not think long and her desires 
> >will hold the reins!
> >100% Cock Hungry Girls - real girls that love to fuck and suck a dick until they 
> >get covered in cum!
> >  
> >
> 
> 

-- 
Sam Hart
University/Work addr. <[EMAIL PROTECTED]>
Personal addr. <[EMAIL PROTECTED]>
Alternative <[EMAIL PROTECTED]>
end

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] Difference Between Domain and ADS security In Reference to Realms

[Harmon, Leigh]

Hi,

I've been researching which type of security to use with Samba 3.0.1 and I still
don't understand what the difference is between "security=DOMAIN" versus
"security=ADS."  I complied Samba to include ADS support, and I initially chose
"security=DOMAIN."  When I use the "net" command I can add it to my domain.
However, if I set "realm=our.ads.realm" and do the same "net" command, then I
get a message saying that server was added to the realm.  What is the difference
between adding the Samba server to the realm using "security=DOMAIN" versus
adding it to the realm using "security=ADS?"

Thanks!!
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Re: [Samba] adding printers from netlogon script

[Andrew Gaffney]

Uwe Laverenz wrote:
Andrew Gaffney schrieb:

Is there no way to add printers from a netlogon script without the 
user being a Power User or higher?


Of course there is: we do this with the tool "con2prt.exe" from the 
"Zero Admin Kit" from M$:

http://www.microsoft.com/windows/zak/

You should install the "con2prt.exe" somewhere on the Windows client 
machine to a location that is included in $PATH.

In your login script you simply call the programm like this:

con2prt /f /cd \\\

Possible options for con2prt:

  /?  - displays usage.
  /h  - displays usage.
  /f  - deletes all existing printer connections.
  /c  - connects to \\printserver\share printer.
  /cd - connects to \\printserver\share printer and sets it as the
default printer.
Oh: could you please stop top-posting and full-quoting when writing to 
this mailing list? Thank you.
That looks very interesting. I'll check it out. As for the top-posting, I normally 
bottom-post, but someone started top-posting very early in the thread and I *hate* mixing 
botton- and top-posting. As for the full quoting...I was sending most of the emails late 
at night ;)

--
Andrew Gaffney
System Administrator
Skyline Aeronautics, LLC.
776 North Bell Avenue
Chesterfield, MO 63005
636-357-1548
--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Réf. : [Samba] samba 2.2.8a PDC LDAP CTRL+ALT+DEL password change, not chaning Unix password

[stephane . purnelle]

Hi,

Why you spécifie :

 smb passwd file = /etc/samba/smbpasswd
 pam password change = Yes

If you use LDAP ?
It's the interaction between  LDAP and these parameter which cause the
problem.

---
Stéphane PURNELLE [EMAIL PROTECTED]
Service Informatique   Corman S.A.   Tel : 00 32 087/342467


   
  
"Sundaram Ramasamy" <[EMAIL PROTECTED]>
   
Envoyé par :   Pour :  
<[EMAIL PROTECTED]>, <[EMAIL PROTECTED]> 
[EMAIL PROTECTED]cc :[EMAIL PROTECTED] 

.samba.org Objet : 
 [Samba] samba 2.2.8a PDC LDAP CTRL+ALT+DEL password change,  
   not chaning 
Unix password 
   
  
14/01/2004 16:01   
  
   
  
   
  




Hi,

I am running samba 2.2.8a with ldap PDC. From windows machine If I change
password by process CTL+ALT+DEL key its changing only windows password.

from command line  smbldap-passwd.pl  script changing the both UNIX and
samba password.

any idea why its not changing UNIX password?

Thanks
SR

Here my smb.conf file

encrypt passwords = Yes
 min passwd length = 5
 null passwords = No
 password server =
 smb passwd file = /etc/samba/smbpasswd
 pam password change = Yes
 passwd program = /usr/local/sbin/smbldap-passwd.pl %u
 passwd chat = *New*UNIX*password* %n\n *ReType*new*UNIX*password*
%n\n*passwd:*all*authentication*tokens*updated*successfully*
 passwd chat debug = Yes
 password level = 0
 unix password sync = No
 machine password timeout = 604800

my smbldap-passwd.pl  file
===
use FindBin;
use FindBin qw($RealBin);
use lib "$RealBin/";

use smbldap_tools;
use smbldap_conf;

my $user;
my $oldpass;
my $ret;

my $arg;

foreach $arg (@ARGV) {
 if ($< != 0) {
  die "Only root can specify parameters\n";
 } else {
  if ( ($arg eq '-?') || ($arg eq '--help') ) {
   print "Usage: $0 [username]\n";
   print "  -?, --help   show this help message\n";
   exit (6);
  } elsif (substr($arg,0) ne '-')  {
   $user = $arg;
  }
  $oldpass = 1;
 }
}

if (!defined($user)) {
 $user=$ENV{"USER"};
}

# test existence of user in LDAP
my $dn_line;
if (!defined($dn_line = get_user_dn($user))) {
print "$0: user $user doesn't exist\n";
exit (10);
}

my $dn = get_dn_from_line($dn_line);

my $samba = is_samba_user($user);

print "Changing password for $user\n";

# non-root user
if (!defined($oldpass)) {
# prompt for current password
 system "stty -echo";
 print "(current) UNIX password: ";
 chomp($oldpass=);
 print "\n";
 system "stty echo";

 if (!is_user_valid($user, $dn, $oldpass)) {
 print "Authentication failure\n";
 exit (10);
 }
}

# prompt for new password

my $pass;
my $pass2;

system "stty -echo";
print "New password : ";
chomp($pass=);
print "\n";
system "stty echo";

system "stty -echo";
print "Retype new password : ";
chomp($pass2=);
print "\n";
system "stty echo";

if ($pass ne $pass2) {
print "New passwords don't match!\n";
exit (10);
}

# only modify smb passwords if smb user
if ($samba == 1) {
if (!$with_smbpasswd) {
# generate LanManager and NT clear text passwords
 if ($mk_ntpasswd eq '') {
 print "Either set \$with_smbpasswd = 1 or specify \$mk_ntpasswd\n";
 exit(1);
 }
 my $ntpwd = `$mk_ntpasswd '$pass'`;
chomp(my $lmpassword = substr($ntpwd, 0, index($ntpwd, ':')));
chomp(my $ntpassword = substr($ntpwd, index($ntpwd, ':')+1));

# change nt/lm passwords
 my $tmpldif =
"$dn_line
changetype: modify
replace: lmpassword
lmpassword: $lmpassword
-
changetype: modify
replace: ntpassword
ntpassword: $ntpassword
-

";
 die "$0: error while modifying password for $user\n"
 unless (do_ldapmodify($tmpldif) == 0);
 undef $tmpldif;
}
else {
 if ($< != 0) {
 my $FILE="|$smbpasswd -s >/dev/null";
 open (FILE, $FILE) || die "$!\n";
 print FILE < /dev/null";
if ($ret == 0) {
print "all authentication tokens updated succes

Re: [Samba] Samba 3 and LDAP

[Ryan Novosielski]

If you have not already, check out the Samba-3 HOWTO. It is excellent, and
has come a long way since the 2.2 days.

 _  _ _  _ ___  _  _  _
|Y#| |  | |\/| |  \ |\ |  |  | Ryan Novosielski - Jr. UNIX Systems Admin
|$&| |__| |  | |__/ | \| _|  | [EMAIL PROTECTED] - 973/972.0922 (2-0922)
\__/ Univ. of Med. and Dent. | IST/ACS - NJMS Medical Science Bldg - C630

On Mon, 12 Jan 2004, K. Hawkes wrote:

> Hey all,
>
> I hope you all had a pleasent holiday season (okay so I'm a week or so
> late... I've been in hibernation ).
>
> Now, does anyone out there know where I can get documentation on running
> Samba 3 as a PDC using LDAP as a backend - I know I'll get plenty of URLs,
> so to narrow things down a little, I'm competant with Samba 2.2.x and have
> no clue about LDAP, yet we're looking at going LDAP so we can make our PDC
> (and stand-alone servers) all use the same set of passwords (as we operate a
> reasonably large site with about 1600 users and 400 PC's). Currently we're
> using rsync to sync password files but this isn't an ideal solution as we
> need passwords that sync using a central database (so a single password
> change ANYWHERE on site takes effect).
>
> So - anyone know of any good websites that detail that kind of setup? I have
> a few already and I've configured LDAP (or so I thought) and I can't connect
> to it - it keeps saying 'incorrect credentials' - despite my passwords being
> set correctly. For those of you on RH9 - when you installed the OpenLDAP
> kit, does it use plaintext passwords or encrypted by default?
>
> I guess I'm out of my depth here but I decided to give it a go anyway - any
> good suggestions or places to start (assuming that I have a test system I
> can install everything from total scratch on)?
>
> Thanking you all in advance,
>
> Mr. K. Hawkes
>
> "You look back upon choices you've made, you wonder 'what if' and wonder if
> you should have done it differently... but then you'd not be you anymore,
> you'd be someone else, asking the same set of questions." - Anon
>
> -BEGIN PGP SIGNATURE-
> Version: PGPfreeware 7.0.3 for non-commercial use 
>
> iQEVAwUBPHjfdSBHjRAjzresAQHZpgf/ZKpt2Nl+8EmIJwT/rLFtx8yhFFKdqVk6
> pQGsgeOGN1ZI5kSOU6FBeWkyVS3YKLV6UHhvHVm1MQuBwPyfnjhQGj+OuI9jQPoc
> qTFb0TRQivOQoOeJq1PfIFcl53RrvRUOFAl8+jdKqZo/IFARdllknkCMTZirvp5l
> M+7/4a/ua2rx8d46zab1RF5YYNHRjyJRXD913FHty5VXCX31DJ55nAho30lOKOPC
> TNT+zzO1UC/J+keWSjxSSV3wPeOiOgtUtI5FiuXJmv1IXzsxjogGCTd0HUJ/04mR
> H623bEhl8M8yF/x6seCNKpHDkDQjoL+ddlQGVezdgbg3z7Jd7Y6VKA==
> =/whC
> -END PGP SIGNATURE-
>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  http://lists.samba.org/mailman/listinfo/samba
>
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] dtsession PAM error

[Klinger, John (N-CSC)]

This may be OT, since I don't think is related to samba, but since we
just made pam.conf changes for samba, we are on the top of the suspect
list.

Ocassionally, we are getting a running error in a .dt/errorlog stating:


dtsession: pam_start status = 4

This *quickly* fills up the disk, as it is written many, many times per
second. It occurs on both Samba clients and servers, but doesn't start
until after the system has been running for quite a while. We've been
unable to pin down what is causing it.

I've been doing net searches but have yet to find any pointers. Samba
code searches have not illuminated anything either.
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Manual creation of machine trust and comments on Samba books

[John H Terpstra]

On Wed, 14 Jan 2004, Beast wrote:

>
> I just receive a copy of the official samba 3 howto, to be honest i'm
> rather disapoint with the content and layout. Well with free online
> version, i can't complaint, but with 'paid' version maybe i can complain
> to the author :-).

Go on, complain. I have been listening to your contribution to this list
for some time. Did you check what we started out with by any chance?

As the primary author, now that the book is in print, I too can see many
areas where it can be improved. So far however, I have not seen a rush of
new, vital, contributed material. This is a community project you know. Up
to this point I have rejected only 2 submissions for inclusion out of over
50 instances of feedback. those 2 were inaccurate. All other feedback has
resulted in change/addition to the document.

> Most of the contents are still the old documentation with few 'little'
> updation for samba3. Imo, its better if it can be rewrite from scratch
> focusing on samba3 only. Ie, it should focusing on ldapbackend instead
> on other backend.

The document I started with was the Samba-HOWTO-Collection.pdf that
shipped with Samba-2.2.x. It was 88 pages. That is it. Everything else in
the book is recently added material. Where was your input when we were
begging for help, for ideas, for needs, and for input etc.? I spent 7
months writing to get this to where it is. What we have in the book and in
the Samba-HOWTO-Collection is just a start!

I have just finished writing the "Samba-3 by Example" book. This book
provides detailed sample networks, discusses the needs of each, and
provides a step-by-step fully worked example. If you follow the examples
you will have a completly functioning network.

Rome was not built in one day. :)

> The definitive guide books (imo) should contains following chapter :
> 1. Installation and other compile options.
> 2. Setup and configuration with real world working config and screenshot if possible 
> on server and client side.
> 3. Performance tuning and optimization (server and client, including related s/w , 
> ie. openldap)
> 4. Troubleshooting.
> 5. Index.

Great. Please start writing. Send me your material. I will do everything I
can to include ANYTHING that can help to document Samba so that others do
not have to endure pain.

> Enough with my complain, now from chapter 6, page 69:
> Manual creation of machine trust account, it focus on smbpasswd/tdbsam backend only, 
> not ldap.

Ok. But in the LDAP section I tried to provide information so that you do
not need to add machine accounts manually. I agree this can be better
documented. When will you be able to send me your suggested notes for
inclusion?

> I have valid posixaccount entry in ldap :
> [EMAIL PROTECTED] samba]# smbpasswd -a -m tbird
> ldapsam_modify_entry: Failed to add user dn= uid=tbird$,ou=people,dc=indorama,dc=com 
> with: Already exists
>
> ldapsam_add_sam_account: failed to modify/add user with uid = tbird$ (dn = 
> uid=tbird$,ou=people,dc=indorama,dc=com)
> Failed to add entry for user tbird$.
> Failed to modify password entry for user tbird$

It is a little difficult to diagnose what information is in your LDAP
database for the machine 'tbird', without you showing me.

Have you already tried to add the machine to the network?

What steps led up to this?

Cheers,
John T.
-- 
John H Terpstra
Email: [EMAIL PROTECTED]
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] Spam reduction suggestion

[Don Koch]

The real problem is that all of the recent spam on this list has
a From value from samba.org - more precisely samba at samba.org.

The easiest way to reduce spam on this list is to remove samba at samba.org
from the user whitelist.  Actually, the entire domain is whitelisted; maybe
that should be changed.  Another alternative is adding samba at samba.org to
the blacklist; after all, "samba" shouldn't be sending mail to itself.

-- 
Don Koch
[EMAIL PROTECTED]

Not speaking for Cognex Corporation.


-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

RE: [Samba] Pool printing via cups and notification via samba

[Thiago Lima]

 Use a class of printers in cups and then write a perl script to parse
cups logfile to get the user and printer. Then send a smb message to the
user telling what printer has been choose.

regards
thiago lima.


> -Original Message-
> From: 
> [EMAIL PROTECTED] 
> [mailto:[EMAIL PROTECTED]
> rg] On Behalf Of Jason Balicki
> Sent: Wednesday, January 14, 2004 1:21 PM
> To: [EMAIL PROTECTED]
> Subject: [Samba] Pool printing via cups and notification via samba
> 
> 
> Hello,
> 
> I've been thinking about setting up some sort of pool 
> printing, where a job can be sent and the system can decide 
> which printer to send it to.
> 
> I know that with cups I can define a pool, but I'd like to 
> have samba print a notification as to which printer cups sent 
> the job to.
> 
> The rationale is:  I have multiple printers, each under a 
> maintenance agreement.  I have some printers that are way 
> under their image count on the agreement, and others that are 
> over.  So, I'd like to have the system automatically route 
> the jobs evenly so that the image counts can even up.  (For 
> those of you who don't know:  if we're under on our image 
> counts that means we're paying for service we're not getting, 
> if we're over that means we have to pay an overage charge per 
> image printed.)
> 
> One problem I've got is that I can't put them all in the
> same room (I don't have the space), but they are all on the 
> same floor, and making people walk to them would be good for them.  :)
> 
> The other problem is how do I get cups to tell samba which 
> printer has printed so that I can notify the user (either 
> with the messenger service or email) where their job printed.
> 
> I haven't looked into this too deeply yet, but I wanted to
> get a general feel for if it was possible, or better yet
> find someone who's already done it and will now reply with 
> "Yeah, and here are my config files...".
> 
> Thanks,
> 
> --J(K)
> 
> -- 
> To unsubscribe from this list go to the following URL and read the
> instructions:  http://lists.samba.org/mailman/listinfo/samba
> 

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] smbd process has high CPU utilization

[Peter Wu]

Hello,

I installed samba 3.01 on my Gentoo Linux box. Recently, I find a strange
problem that after I manipulate the shares on the samba server, which is
my Linux box, from my Windows XP Pro workstation, the smbd process does
not quit even after the file manipulation is done. 

When I was using Samba 2.2.8, I never saw such problem. Can anybody shed
some light? Thanks!


--
Peter Wu 
Powered by Microsoft Windows [Version 5.2.3790]
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] Re: samba 2.2.8a PDC LDAP CTRL+ALT+DEL password change, not chaning Unix password

[Sundaram Ramasamy]

I don't thinsk so, Its not chaning the userpasswod value at all.
-SR

- Original Message - 
From: "Dragan Krnic" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Cc: <[EMAIL PROTECTED]>
Sent: Wednesday, January 14, 2004 10:24 AM
Subject: Re: samba 2.2.8a PDC LDAP CTRL+ALT+DEL password change, not chaning
Unix password


> > I am running samba 2.2.8a with ldap PDC. From windows
> > machine If I change password by process CTL+ALT+DEL
> > key its changing only windows password.
> >
> > from command line  smbldap-passwd.pl script changing
> > the both UNIX and samba password.
> >
> > any idea why its not changing UNIX password?
>
> Case sensitivity perhaps?
>

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] Samba PDC and Automatic Printer Install

[Michael Aldrich]

Hello,
I am trying to install automatic printer driver download and install.
I am running Samba 3, as a PDC, on RedHat 7.3.

It seems everything is setup correctly, although I cannot get the rpcclient
to 'see' my printer.
Please notice these two printers listed below ar the same (lp & HP2300).


[EMAIL PROTECTED] log]# rpcclient -U=root localhost
Password:

rpcclient $> enumprinters
flags:[0x80]
name:[\\mercury\HP2300]
description:[\\mercury\HP2300,,HP2300]
comment:[HP2300]

flags:[0x80]
name:[\\mercury\lp]
description:[\\mercury\lp,,]
comment:[]

rpcclient $> enumdrivers



[Windows NT x86]
Printer Driver Info 1:
Driver Name: [HP LaserJet 2300 Series PCL 6]


[Windows NT x86]
Printer Driver Info 1:
Driver Name: [HP LaserJet 2300 Series PCL 6]


rpcclient $> setdriver "lp" "HP LaserJet 2300 Series PCL 6"
SetPrinter call failed!
result was WERR_ACCESS_DENIED
rpcclient $> setdriver "HP2300" "HP LaserJet 2300 Series PCL 6"
SetPrinter call failed!
result was WERR_ACCESS_DENIED
rpcclient $>


Snip from my smb.conf:
[printers]
comment = HP LaserJet
path = /var/spool/samba
printer admin = root
guest ok = Yes
printable = Yes
printing = cups
use client driver = Yes
browseable = No

[print$]
comment = Printer Download
path = /var/spool/samba/W32X86/3
valid users = maldrich, root
admin users = maldrich, root
write list = root
read only = No
guest ok = Yes

[lp]
path = /var/spool/samba
printer admin = root
read only = No
guest ok = Yes
printable = Yes
printer name = lp
use client driver = Yes
oplocks = No
share modes = Yes

On the client side (Windows XP Pro), I can see both printers from Network
Neighborhood,
, Printers & Faxes. Both of them are in 'Error' status.

Does anyone have an idea why this operation is continuosly failing?

Why do I get WERR_ACCESS_DENIED from SetPrinter?

Thanks
Mike


And thanks to Kurt for getting me this far


-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Re: [Samba] SMB Signature verification failed on incoming packet

[Fran Fabrizio]

Since posting this yesterday, I've been googling a great deal and
there's almost nothing out there for this particular error message. 
Does anyone have even a general idea of what type of error messages
these are?  I'm completely at a loss of what to check - I've never seen
it where smbclient works until it hits a certain file (also, to update
the error, it died at a different file a little further along last
night).

Thanks,
Fran

On Tue, 2004-01-13 at 17:44, Fran Fabrizio wrote:
> My setup is Samba/smbclient version 3.0.1 on linux RedHat 9. 
> \\snapper\dfs is a dfs share on snapper, a Win2k3 Active Directory
> server.  My smb.conf contains:
> 
> [global]
> realm = ciswinnet.cis.uab.edu
> workgroup=CISWINNET
> security = ADS
> encrypt passwords = yes
> password server = snapper.cis.uab.edu
> client use spnego = yes
> 
> I am trying to run the following command:
> 
> smbclient snapper\\dfs  -U Administrator -E -W CISWINNET
> -D home -d0 -Tqca /tmp/junk.tar &
> 
> This command starts tarring up the contents of \\snapper\dfs\home until
> a very predictable point, when it fails with the error "SMB Signature
> verification failed on incoming packet!"
> 
> I start the command, and it happily runs for about 3 minutes and then...
> 
> [2004/01/13 17:39:21, 0] libsmb/clientgen.c:cli_receive_smb(121)
>   SMB Signature verification failed on incoming packet!
> [2004/01/13 17:39:21, 0] client/clitar.c:do_atar(698)
>   Error reading file
> \home\faculty\bryant\bryantback-brblt\Images\backups\backup20011126.zip
> : Server packet had invalid SMB signature!
> [2004/01/13 17:39:21, 0] client/clitar.c:do_atar(733)
>   Didn't get entire file. size=50316714, nread=46322640
> [2004/01/13 17:39:21, 0] client/clitar.c:do_atar(654)
>   Server packet had invalid SMB signature! opening remote file
> \home\faculty\bryant\bryantback-brblt\Images\backups\b
> (\home\faculty\bryant\bryantback-brblt\Images\backups\)
> [2004/01/13 17:39:21, 0] client/clitar.c:do_atar(654)
>   Server packet had invalid SMB signature! opening remote file
> \home\faculty\bryant\bryantback-brblt\Images\backups\b
> (\home\faculty\bryant\bryantback-brblt\Images\backups\)
> Server packet had invalid SMB signature! listing
> \home\faculty\bryant\bryantback-brblt\Images\c\*
> Server packet had invalid SMB signature! listing
> \home\faculty\bryant\bryantback-brblt\Images\f\*
> ...and so on for the rest of the \\snapper\dfs\home directory
> 
> It always happens with the file
> \home\faculty\bryant\bryantback-brblt\Images\backups\backup20011126.zip
> and then continues to fail out for the rest of the files in the
> directory. 
> 
> I'm don't think Kerberos is coming into play here since I'm providing my
> authentication on the command line, but that's just a guess.  Any
> pointers as to what's going wrong here? 
> 
> The end goal is to backup our dfs share via the Amanda backup software,
> and this command that I am running is exactly the one that Amanda is
> trying to run, and seeing the errors that I've outlined here.
> 
> Thanks,
> Fran
> 
> -- 
> 
> Fran Fabrizio
> Senior Systems Analyst
> Department of Computer and Information Sciences
> University of Alabama - Birmingham
> [EMAIL PROTECTED]
> (205) 934-0653
-- 

Fran Fabrizio
Senior Systems Analyst
Department of Computer and Information Sciences
University of Alabama - Birmingham
[EMAIL PROTECTED]
(205) 934-0653

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] Re: samba 2.2.8a PDC LDAP CTRL+ALT+DEL password change, not chaning Unix password

[Dragan Krnic]

> I am running samba 2.2.8a with ldap PDC. From windows 
> machine If I change password by process CTL+ALT+DEL 
> key its changing only windows password.
>
> from command line  smbldap-passwd.pl script changing 
> the both UNIX and samba password.
>
> any idea why its not changing UNIX password?

Case sensitivity perhaps?
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] Pool printing via cups and notification via samba

[Jason Balicki]

Hello,

I've been thinking about setting up some sort of pool printing,
where a job can be sent and the system can decide which printer
to send it to.

I know that with cups I can define a pool, but I'd like to have
samba print a notification as to which printer cups sent the
job to.

The rationale is:  I have multiple printers, each under a
maintenance agreement.  I have some printers that are way
under their image count on the agreement, and others that
are over.  So, I'd like to have the system automatically
route the jobs evenly so that the image counts can even
up.  (For those of you who don't know:  if we're under
on our image counts that means we're paying for service
we're not getting, if we're over that means we have to
pay an overage charge per image printed.)

One problem I've got is that I can't put them all in the
same room (I don't have the space), but they are all on the
same floor, and making people walk to them would be good for
them.  :)

The other problem is how do I get cups to tell samba which
printer has printed so that I can notify the user (either
with the messenger service or email) where their job printed.

I haven't looked into this too deeply yet, but I wanted to
get a general feel for if it was possible, or better yet
find someone who's already done it and will now reply with
"Yeah, and here are my config files...".

Thanks,

--J(K)

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] Winbind Problem ("Authentication service cannot retrieve authentication info.")

[Arnst, Rainer]

Hi,

I am using Samba 3.0.1 / Debian Sid. I got winbind to work (Win2k3 ADS
environment) up to a point. I can list users and groups with "wbinfo -u"
and "getent passwd" works as well. I added "auth sufficient
pam_winbind.so" to /etc/pam.d/login. When I try to login into an ADS
account, access is denied with this message

"Authentication service cannot retrieve authentication info."

Any comments would be very welcome. I followed the instructions of the
samba documentation, but found nothing which would help me in this case.

Thanks in advance.

Regards,
Rainer

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] samba 2.2.8a PDC LDAP CTRL+ALT+DEL password change, not chaning Unix password

[Sundaram Ramasamy]

Hi,

I am running samba 2.2.8a with ldap PDC. From windows machine If I change
password by process CTL+ALT+DEL key its changing only windows password.

from command line  smbldap-passwd.pl  script changing the both UNIX and
samba password.

any idea why its not changing UNIX password?

Thanks
SR

Here my smb.conf file

encrypt passwords = Yes
 min passwd length = 5
 null passwords = No
 password server =
 smb passwd file = /etc/samba/smbpasswd
 pam password change = Yes
 passwd program = /usr/local/sbin/smbldap-passwd.pl %u
 passwd chat = *New*UNIX*password* %n\n *ReType*new*UNIX*password*
%n\n*passwd:*all*authentication*tokens*updated*successfully*
 passwd chat debug = Yes
 password level = 0
 unix password sync = No
 machine password timeout = 604800

my smbldap-passwd.pl  file
===
use FindBin;
use FindBin qw($RealBin);
use lib "$RealBin/";

use smbldap_tools;
use smbldap_conf;

my $user;
my $oldpass;
my $ret;

my $arg;

foreach $arg (@ARGV) {
 if ($< != 0) {
  die "Only root can specify parameters\n";
 } else {
  if ( ($arg eq '-?') || ($arg eq '--help') ) {
   print "Usage: $0 [username]\n";
   print "  -?, --help   show this help message\n";
   exit (6);
  } elsif (substr($arg,0) ne '-')  {
   $user = $arg;
  }
  $oldpass = 1;
 }
}

if (!defined($user)) {
 $user=$ENV{"USER"};
}

# test existence of user in LDAP
my $dn_line;
if (!defined($dn_line = get_user_dn($user))) {
print "$0: user $user doesn't exist\n";
exit (10);
}

my $dn = get_dn_from_line($dn_line);

my $samba = is_samba_user($user);

print "Changing password for $user\n";

# non-root user
if (!defined($oldpass)) {
# prompt for current password
 system "stty -echo";
 print "(current) UNIX password: ";
 chomp($oldpass=);
 print "\n";
 system "stty echo";

 if (!is_user_valid($user, $dn, $oldpass)) {
 print "Authentication failure\n";
 exit (10);
 }
}

# prompt for new password

my $pass;
my $pass2;

system "stty -echo";
print "New password : ";
chomp($pass=);
print "\n";
system "stty echo";

system "stty -echo";
print "Retype new password : ";
chomp($pass2=);
print "\n";
system "stty echo";

if ($pass ne $pass2) {
print "New passwords don't match!\n";
exit (10);
}

# only modify smb passwords if smb user
if ($samba == 1) {
if (!$with_smbpasswd) {
# generate LanManager and NT clear text passwords
 if ($mk_ntpasswd eq '') {
 print "Either set \$with_smbpasswd = 1 or specify \$mk_ntpasswd\n";
 exit(1);
 }
 my $ntpwd = `$mk_ntpasswd '$pass'`;
chomp(my $lmpassword = substr($ntpwd, 0, index($ntpwd, ':')));
chomp(my $ntpassword = substr($ntpwd, index($ntpwd, ':')+1));

# change nt/lm passwords
 my $tmpldif =
"$dn_line
changetype: modify
replace: lmpassword
lmpassword: $lmpassword
-
changetype: modify
replace: ntpassword
ntpassword: $ntpassword
-

";
 die "$0: error while modifying password for $user\n"
 unless (do_ldapmodify($tmpldif) == 0);
 undef $tmpldif;
}
else {
 if ($< != 0) {
 my $FILE="|$smbpasswd -s >/dev/null";
 open (FILE, $FILE) || die "$!\n";
 print FILE < /dev/null";
if ($ret == 0) {
print "all authentication tokens updated successfully\n";
} else {
return $ret;
}

exit 0;

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] Notification

[Spamserver]

* eManager Notification **

Recipient, Content filter has detected a sensitive e-mail.

Source mailbox: "[EMAIL PROTECTED]"
Destination mailbox(es): Isabella "[EMAIL PROTECTED]"

*** End of message ***
Received: from 208.8.92.60 by jupiter.INSIDEAI.COM (InterScan E-Mail VirusWall NT); 
Wed, 14 Jan 2004 09:48:12 -0500
Received: from lists.samba.org ([66.70.73.150]) by viruswall.ai-logix.com
  (Post.Office MTA v3.5.3 release 223 ID# 0-0U10L2S100V35)
  with ESMTP id com for <[EMAIL PROTECTED]>;
  Wed, 14 Jan 2004 09:49:57 -0500
Received: from dp.samba.org (localhost [127.0.0.1])
by lists.samba.org (Postfix) with ESMTP id 9A8FD2C754
for <[EMAIL PROTECTED]>; Wed, 14 Jan 2004 14:48:00 + (GMT)
X-Original-To: [EMAIL PROTECTED]
Delivered-To: [EMAIL PROTECTED]
Received: from dns.mediaservice.net (dns.mediaservice.net [213.254.16.2])
by lists.samba.org (Postfix) with SMTP id D79392C06F
for <[EMAIL PROTECTED]>; Wed, 14 Jan 2004 14:47:09 + (GMT)
Received: (qmail 23681 invoked from network); 14 Jan 2004 14:51:33 -
Received: from charon.mediaservice.net (HELO mediaservice.net) (213.254.16.254)
by dns.mediaservice.net with SMTP; 14 Jan 2004 14:51:33 -
Message-ID: <[EMAIL PROTECTED]>
Date: Wed, 14 Jan 2004 15:46:06 +0100
From: claudio <[EMAIL PROTECTED]>
User-Agent: Mozilla/5.0 (Windows; U; Win98; en-US;
rv:1.4) Gecko/20030624 Netscape/7.1 (ax)
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: Isabella <[EMAIL PROTECTED]>
Subject: Re: [Samba] Ripe woman
References: <[EMAIL PROTECTED]>
In-Reply-To: <[EMAIL PROTECTED]>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
X-Spam-Checker-Version: SpamAssassin 2.61 (1.212.2.1-2003-12-09-exp) on 
dp.samba.org
X-Spam-Status: No, hits=0.0 required=3.5 tests=none autolearn=ham version=2.61
X-Spam-Level: 
Cc: 
X-BeenThere: [EMAIL PROTECTED]
X-Mailman-Version: 2.1.3
Precedence: list
List-Id: General questions regarding Samba 
List-Unsubscribe: ,

List-Archive: 
List-Post: 
List-Help: 
List-Subscribe: ,

Sender: [EMAIL PROTECTED]
Errors-To: [EMAIL PROTECTED]
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] Notification

[Spamserver]

* eManager Notification **

Recipient, Content filter has detected a sensitive e-mail.

Source mailbox: "[EMAIL PROTECTED]"
Destination mailbox(es): Isabella "[EMAIL PROTECTED]"

*** End of message ***
Received: from 208.8.92.60 by jupiter.INSIDEAI.COM (InterScan E-Mail VirusWall NT); 
Wed, 14 Jan 2004 09:47:52 -0500
Received: from lists.samba.org ([66.70.73.150]) by viruswall.ai-logix.com
  (Post.Office MTA v3.5.3 release 223 ID# 0-0U10L2S100V35)
  with ESMTP id com for <[EMAIL PROTECTED]>;
  Wed, 14 Jan 2004 09:49:38 -0500
Received: from dp.samba.org (localhost [127.0.0.1])
by lists.samba.org (Postfix) with ESMTP id E97CC2C64B
for <[EMAIL PROTECTED]>; Wed, 14 Jan 2004 14:47:40 + (GMT)
X-Original-To: [EMAIL PROTECTED]
Delivered-To: [EMAIL PROTECTED]
Received: from dns.mediaservice.net (dns.mediaservice.net [213.254.16.2])
by lists.samba.org (Postfix) with SMTP id D79392C06F
for <[EMAIL PROTECTED]>; Wed, 14 Jan 2004 14:47:09 + (GMT)
Received: (qmail 23681 invoked from network); 14 Jan 2004 14:51:33 -
Received: from charon.mediaservice.net (HELO mediaservice.net) (213.254.16.254)
by dns.mediaservice.net with SMTP; 14 Jan 2004 14:51:33 -
Message-ID: <[EMAIL PROTECTED]>
Date: Wed, 14 Jan 2004 15:46:06 +0100
From: claudio <[EMAIL PROTECTED]>
User-Agent: Mozilla/5.0 (Windows; U; Win98; en-US;
rv:1.4) Gecko/20030624 Netscape/7.1 (ax)
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: Isabella <[EMAIL PROTECTED]>
Subject: Re: [Samba] Ripe woman
References: <[EMAIL PROTECTED]>
In-Reply-To: <[EMAIL PROTECTED]>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
X-Spam-Checker-Version: SpamAssassin 2.61 (1.212.2.1-2003-12-09-exp) on 
dp.samba.org
X-Spam-Status: No, hits=0.0 required=3.5 tests=none autolearn=ham version=2.61
X-Spam-Level: 
Cc: 
X-BeenThere: [EMAIL PROTECTED]
X-Mailman-Version: 2.1.3
Precedence: list
List-Id: General questions regarding Samba 
List-Unsubscribe: ,

List-Archive: 
List-Post: 
List-Help: 
List-Subscribe: ,

Sender: [EMAIL PROTECTED]
Errors-To: [EMAIL PROTECTED]
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Ripe woman

[claudio]

This list can't be moderated?

Only porno spams are the things missing:(



Isabella wrote:

COME ON HERE: http://zone.hoha.ru/allstrip

What can be better than hard fuck? Here you will see how it should be done by all rules! 
Ripe girls are ready to start it even now! 

Kathy took soft yet dick in her hands and by few movements made it hard as stone! 
Here it is - power and skill of the ripe woman! But if she had only skilful hands, she hardly could be here! 
Tight-assed and lustfull - what she is! She will not think long and her desires will hold the reins!
100% Cock Hungry Girls - real girls that love to fuck and suck a dick until they get covered in cum!
 

--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] Re: High load average and client timeouts

[Dragan Krnic]

> I am setting up a proof-of-concept backup server at my 
> office.  The end idea is for a dozen or so of our ~200 
> workstations to dump images (like PowerQuest 
> DeployCenter, not JPEG) to a 2Tb RAID5 at reasonable
> speeds.

Your backup program is a bit less general than a tar
which I use, but perhaps you can make some analogy with
my comments below and apply it to your case. Basically
I think your problem is that continuous writing to an 
smb-share is rather fragile. If your backup problem 
allows you to output data to stdout, then you might 
attach it to an rsh or rexec filter with buffering 
software on the Linux side. Read my comment.

> One nagging question is what would the "real" server's 
> performance be?  We have spec'd dual Athlon MP 2200+ 
> CPUs, a 3ware 7506-12 controller with 12  200gb 
> Western Digital drives, and 4gb of RAM. (Whole thing 
> is $6,000!!)  Thing is, I don't think the RAID would 
> be much faster (writing) than the existing IDE drive.  
> I'd hate to blow six grand and find out it doesn't 
> perform any better.

I can speculate what a "real" server would do, but 
I've been doing something like that for a long time 
with a similar workstation, SuSE 8.2, P4/3G, 2GB RAM, 
480 GB 4-way IDE stripe and never bothered to look at 
load numbers because it works so smoothly. 25 admin 
shares are being backed up simultaneously every 
workday but without affecting interactivity of
remote sessions. The built-in Gbit NIC is using 
up all 100 Mbps that the switch passes on to it 
plus about 20 MB/s from a samba PDC via a Gbit 
link, so there is an aggregate max speed of about 
32 MB/s. Never any aborts.

The trick is probably in the little buffering filter
(xt) between the backup tool and the disk. This is 
more efficient both because the reading part accepts 
incoming data without delay and because the writing 
part only writes data to disk once a high mark is 
reached so when it starts writing it flushes data
in one big chunk, which reduces fragmentation.

The downside is that I'm using 32 MB RAM per backup
session, so you need more memory. The buffer size 
is settable to a multiple of 64 KB between 10 and 
(SHMMAX/64KB - 3). 512 works fine for me but less 
would probably work decently too.

I use tar as backup tool. All shares are smbmount'd
under /mnt so backing the data up is basically

 for share in $( /tars/$share ) &
 done

Well, there's a little more for logging (2>/logs/$share)
and incrementation (find . -mtime -o -ctime | tar -T -...)
but I didn't want to clutter the simple example. 

The filter xt has optional arguments 
-i infile, -o outfile, -s KBchunk, -n numchunks, 
-t sleeptime. Defaults are stdin, stdout, 64 KB, 10, 1. 

I also use it to transfer backups to tape. It can read 
from the stripe at about 130 MB/s and the tape can 
accept about 80 MB/s, if no other I/O takes place, but 
combining the two reduces the speed to about 35 MB/s so
that on average only about 50 MB/s are obtained. A "real" 
server not limited to 32-bit/33MHz PCI could probably 
do a little better.

> System specs:
>   Linux 2.4.22 (custom)
>   Slackware 9.1
>   Samba 3.0.1
>   2.2Ghz Intel Celeron
>   60gb Maxtor 6Y060L0 on UltraATA/133
>   128mb RAM, 256mb swap
> # Will try to add RAM next week
>   On-board Intel Pro/1000 (Gigabit) NIC
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] Notification

[Spamserver]

* eManager Notification **

Recipient, Content filter has detected a sensitive e-mail.

Source mailbox: "[EMAIL PROTECTED]"
Destination mailbox(es): "[EMAIL PROTECTED]"

*** End of message ***
Received: from 208.8.92.60 by jupiter.INSIDEAI.COM (InterScan E-Mail VirusWall NT); 
Wed, 14 Jan 2004 09:13:03 -0500
Received: from lists.samba.org ([66.70.73.150]) by viruswall.ai-logix.com
  (Post.Office MTA v3.5.3 release 223 ID# 0-0U10L2S100V35)
  with ESMTP id com for <[EMAIL PROTECTED]>;
  Wed, 14 Jan 2004 09:14:48 -0500
Received: from dp.samba.org (localhost [127.0.0.1])
by lists.samba.org (Postfix) with ESMTP id B341B2C64E
for <[EMAIL PROTECTED]>; Wed, 14 Jan 2004 14:12:51 + (GMT)
X-Original-To: [EMAIL PROTECTED]
Delivered-To: [EMAIL PROTECTED]
Received: from [217.0.50.250] (pD90032FA.dip.t-dialin.net [217.0.50.250])
by lists.samba.org (Postfix) with ESMTP id 10BCC2C12C
for <[EMAIL PROTECTED]>; Wed, 14 Jan 2004 14:11:42 + (GMT)
Date: Wed, 14 Jan 2004 17:11:46 -0500
From: Webmaster <[EMAIL PROTECTED]>
X-Mailer: The Bat! (v2.00.6) Personal
X-Priority: 3 (Normal)
Message-ID: <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
MIME-Version: 1.0
X-Spam-Checker-Version: SpamAssassin 2.61 (1.212.2.1-2003-12-09-exp) on 
dp.samba.org
X-Spam-Status: No, hits=-81.6 required=3.5 tests=BAYES_99,CLICK_BELOW,
DATE_IN_FUTURE_06_12,HTML_FONTCOLOR_BLUE,HTML_FONTCOLOR_UNKNOWN,
HTML_FONTCOLOR_UNSAFE,HTML_LINK_CLICK_HERE,HTML_MESSAGE,
RCVD_IN_BL_SPAMCOP_NET,RCVD_IN_DSBL,RCVD_IN_DYNABLOCK,RCVD_IN_NJABL,
RCVD_IN_NJABL_DIALUP,RCVD_IN_SORBS,USER_IN_WHITELIST autolearn=no 
version=2.61
X-Spam-Level: 
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
X-Content-Filtered-By: Mailman/MimeDel 2.1.3
Cc: 
Subject: [Samba] 3 sites for Unfetered !
X-BeenThere: [EMAIL PROTECTED]
X-Mailman-Version: 2.1.3
Precedence: list
List-Id: General questions regarding Samba 
List-Unsubscribe: ,

List-Archive: 
List-Post: 
List-Help: 
List-Subscribe: ,

Sender: [EMAIL PROTECTED]
Errors-To: [EMAIL PROTECTED]
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] Notification

[Spamserver]

* eManager Notification **

Recipient, Content filter has detected a sensitive e-mail.

Source mailbox: "[EMAIL PROTECTED]"
Destination mailbox(es): "[EMAIL PROTECTED]"

*** End of message ***
Received: from 208.8.92.60 by jupiter.INSIDEAI.COM (InterScan E-Mail VirusWall NT); 
Wed, 14 Jan 2004 09:12:43 -0500
Received: from lists.samba.org ([66.70.73.150]) by viruswall.ai-logix.com
  (Post.Office MTA v3.5.3 release 223 ID# 0-0U10L2S100V35)
  with ESMTP id com for <[EMAIL PROTECTED]>;
  Wed, 14 Jan 2004 09:14:28 -0500
Received: from dp.samba.org (localhost [127.0.0.1])
by lists.samba.org (Postfix) with ESMTP id 9C9D82C295
for <[EMAIL PROTECTED]>; Wed, 14 Jan 2004 14:12:31 + (GMT)
X-Original-To: [EMAIL PROTECTED]
Delivered-To: [EMAIL PROTECTED]
Received: from [217.0.50.250] (pD90032FA.dip.t-dialin.net [217.0.50.250])
by lists.samba.org (Postfix) with ESMTP id 10BCC2C12C
for <[EMAIL PROTECTED]>; Wed, 14 Jan 2004 14:11:42 + (GMT)
Date: Wed, 14 Jan 2004 17:11:46 -0500
From: Webmaster <[EMAIL PROTECTED]>
X-Mailer: The Bat! (v2.00.6) Personal
X-Priority: 3 (Normal)
Message-ID: <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
MIME-Version: 1.0
X-Spam-Checker-Version: SpamAssassin 2.61 (1.212.2.1-2003-12-09-exp) on 
dp.samba.org
X-Spam-Status: No, hits=-81.6 required=3.5 tests=BAYES_99,CLICK_BELOW,
DATE_IN_FUTURE_06_12,HTML_FONTCOLOR_BLUE,HTML_FONTCOLOR_UNKNOWN,
HTML_FONTCOLOR_UNSAFE,HTML_LINK_CLICK_HERE,HTML_MESSAGE,
RCVD_IN_BL_SPAMCOP_NET,RCVD_IN_DSBL,RCVD_IN_DYNABLOCK,RCVD_IN_NJABL,
RCVD_IN_NJABL_DIALUP,RCVD_IN_SORBS,USER_IN_WHITELIST autolearn=no 
version=2.61
X-Spam-Level: 
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
X-Content-Filtered-By: Mailman/MimeDel 2.1.3
Cc: 
Subject: [Samba] 3 sites for Unfetered !
X-BeenThere: [EMAIL PROTECTED]
X-Mailman-Version: 2.1.3
Precedence: list
List-Id: General questions regarding Samba 
List-Unsubscribe: ,

List-Archive: 
List-Post: 
List-Help: 
List-Subscribe: ,

Sender: [EMAIL PROTECTED]
Errors-To: [EMAIL PROTECTED]
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] 3 sites for Unfetered !

[Webmaster]

We wish you Merry Christmas and Happy New Year! 

And have prepared an exclusive holiday present for you ! 

STRIP TRENDS: What can be better than hard teen fuck? 
Here you will see how this should be done by all rules! 

Get it! 
http://zone.hoha.ru/strip
^^^  ^^^  ^^^  ^^^
Click here to join


ASIAN TEEN CHERRIES: Seducible and quick with excitement.
You won't have to wait too long! Relax and enjoy.

Get it! 
http://zone.hoha.ru/asian
^^^  ^^^  ^^^  ^^^
Click here to join


ASIAN TRANS: Asiantrans - is one of the last steps
of PERVERSION and of course one of the delightest one.

Get it! 
http://zone.hoha.ru/trans
^^^  ^^^  ^^^  ^^^
Click here to join

Get 3 sites with one instant access!


http://zone.hoha.ru/unsubscribe
^^^  ^^^  ^^^  ^^^
Click here to unsubscribe


-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] Samba 3.0.1: Problems with downloading printer driver

[Simon Kämpflein]

Hi,

I've a problem with Samba 3.0.1: printing with cups works fine when I
install the driver on windows (2000/NT) manual. But setting up a print$
share for downloading the drivers on the fly doesn't work. I installed
the drivers with cupsaddsmb, which seems to work fine. No error is shown
(even with -v). When I try to install the driver on windows it says that
the server hasn't any drivers and I should install them manual. Showing
the printer properties with right click on the printer doesn't work,
too. The following error shows up in the samba log:
[2004/01/14 10:37:14, 0] lib/util_str.c:safe_strcpy_fn(595)
  ERROR: string overflow by 1 (17 - 16) in safe_strcpy
[FBA2-100-0030051FDEFC]
FBA2-100-0030051FDEFC seems to be something like the name of the
printer, I saw it under windows, too.
When I use Samba 2.2.8a with the same configuration, everything works fine.

smb.conf:
# Global parameters
[global]
encrypt passwords = Yes
map to guest = Bad User
log file = /usr/local/samba2/log.%m
printer admin = root
guest ok = Yes
printing = cups
[printers]
comment = All Printers
path = /tmp
create mask = 0700
printable = Yes
browseable = No
[print$]
comment = Printer Driver Download Area
path = /usr/local/samba/drivers
write list = root
The System is an old one with libc-2.1.3 and cups-1.1.20.

Simon



--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Re: [Samba] suse 8.2 Samba 3(samba3-3.0.2pre1-20) LDAP PDC :Cannot Log onto Domain Member Workstation After Joining Domain

[Sundaram Ramasamy]

Tarjei,

thanks, your right my sid was wrong.
SID fixed my problem.

-SR
- Original Message - 
From: "Tarjei Huse" <[EMAIL PROTECTED]>
To: "Sundaram Ramasamy" <[EMAIL PROTECTED]>
Cc: <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]>
Sent: Wednesday, January 14, 2004 7:36 AM
Subject: Re: [Samba] suse 8.2 Samba 3(samba3-3.0.2pre1-20) LDAP PDC :Cannot
Log onto Domain Member Workstation After Joining Domain


> Hi,
>
> >Successfully I was able to joining Windows 2000 Professional to samba 3
> >domain (TUX_NET). After that I was not able to login to domain from
> >windows 2000 machine.
> >
> >
> Hi, take a look at the sambasid of your  nobody user. I belive that the
> gues user has to have a sid ending in 501.
>
> If I am not wrong, this is also an error in the smbldap-populate script
> that idealx uses. (Therefore I crosspost)
>
> th
>
> >I have tried with three different samba 3 versions, same result.
> >
> >
> >My configuration:
> >SuSE 8.2
> >Samba 3pre2
> >
> >Is there any problem with my configuration? I am attaching machine log
> >file also.
> >
> >
> >
> ># extended LDIF
> >#
> ># LDAPv3
> ># base <> with scope sub
> ># filter: (objectclass=*)
> ># requesting: ALL
> >#
> >
> ># sfgroup.com
> >dn: dc=sfgroup,dc=com
> >objectClass: dcObject
> >objectClass: organization
> >dc: sfgroup
> >o: sfgroup
> >
> ># People, sfgroup.com
> >dn: ou=People,dc=sfgroup,dc=com
> >objectClass: organizationalUnit
> >ou: People
> >
> ># Groups, sfgroup.com
> >dn: ou=Groups,dc=sfgroup,dc=com
> >objectClass: organizationalUnit
> >ou: Groups
> >
> ># nobody, People, sfgroup.com
> >dn: uid=nobody,ou=People,dc=sfgroup,dc=com
> >cn: nobody
> >sn: nobody
> >objectClass: inetOrgPerson
> >objectClass: sambaSAMAccount
> >objectClass: posixAccount
> >gidNumber: 514
> >uid: nobody
> >homeDirectory: /dev/null
> >sambaPwdLastSet: 0
> >sambaLogonTime: 0
> >sambaLogoffTime: 2147483647
> >sambaKickoffTime: 2147483647
> >sambaPwdCanChange: 0
> >sambaPwdMustChange: 2147483647
> >sambaHomePath: \\rishi\homes
> >sambaHomeDrive: _HOMEDRIVE_
> >sambaProfilePath: \\_PDCNAME_\profiles\
> >sambaPrimaryGroupSID: S-1-5-21-3516781642-1962875130-3438800523-514
> >sambaLMPassword: NO PASSWORDX
> >sambaNTPassword: NO PASSWORDX
> >loginShell: /bin/false
> >uidNumber: 99
> >sambaAcctFlags: [U ]
> >sambaSID: S-1-5-21-3516781642-1962875130-3438800523-514
> >
> ># Domain Admins, Groups, sfgroup.com
> >dn: cn=Domain Admins,ou=Groups,dc=sfgroup,dc=com
> >objectClass: posixGroup
> >objectClass: sambaGroupMapping
> >gidNumber: 512
> >cn: Domain Admins
> >memberUid: Administrator
> >description: Netbios Domain Administrators
> >sambaSID: S-1-5-21-3516781642-1962875130-3438800523-512
> >sambaGroupType: 2
> >displayName: Domain Admins
> >
> ># Domain Users, Groups, sfgroup.com
> >dn: cn=Domain Users,ou=Groups,dc=sfgroup,dc=com
> >objectClass: posixGroup
> >objectClass: sambaGroupMapping
> >gidNumber: 513
> >cn: Domain Users
> >description: Netbios Domain Users
> >sambaSID: S-1-5-21-3516781642-1962875130-3438800523-513
> >sambaGroupType: 2
> >displayName: Domain Users
> >memberUid: root
> >memberUid: admin
> >memberUid: testuser
> >memberUid: sun
> >
> ># Domain Guests, Groups, sfgroup.com
> >dn: cn=Domain Guests,ou=Groups,dc=sfgroup,dc=com
> >objectClass: posixGroup
> >objectClass: sambaGroupMapping
> >gidNumber: 514
> >cn: Domain Guests
> >description: Netbios Domain Guests Users
> >sambaSID: S-1-5-21-3516781642-1962875130-3438800523-514
> >sambaGroupType: 2
> >displayName: Domain Guests
> >
> ># Administrators, Groups, sfgroup.com
> >dn: cn=Administrators,ou=Groups,dc=sfgroup,dc=com
> >objectClass: posixGroup
> >objectClass: sambaGroupMapping
> >gidNumber: 544
> >cn: Administrators
> >description: Netbios Domain Members can fully administer the
> >computer/sambaDom
> > ainName
> >sambaSID: S-1-5-21-3516781642-1962875130-3438800523-544
> >sambaGroupType: 2
> >displayName: Administrators
> >
> ># Users, Groups, sfgroup.com
> >dn: cn=Users,ou=Groups,dc=sfgroup,dc=com
> >objectClass: posixGroup
> >objectClass: sambaGroupMapping
> >gidNumber: 545
> >cn: Users
> >description: Netbios Domain Ordinary users
> >sambaSID: S-1-5-21-3516781642-1962875130-3438800523-545
> >sambaGroupType: 2
> >displayName: users
> >
> ># Guests, Groups, sfgroup.com
> >dn: cn=Guests,ou=Groups,dc=sfgroup,dc=com
> >objectClass: posixGroup
> >objectClass: sambaGroupMapping
> >gidNumber: 546
> >cn: Guests
> >memberUid: nobody
> >description: Netbios Domain Users granted guest access to the
> >computer/sambaDo
> > mainName
> >sambaSID: S-1-5-21-3516781642-1962875130-3438800523-546
> >sambaGroupType: 2
> >displayName: Guests
> >
> ># Power Users, Groups, sfgroup.com
> >dn: cn=Power Users,ou=Groups,dc=sfgroup,dc=com
> >objectClass: posixGroup
> >objectClass: sambaGroupMapping
> >gidNumber: 547
> >cn: Power Users
> >description: Netbios Domain Members can share directories and printers
> >sambaSID: S-1-5-21-3516781642-1962875130-3438800523-547
> >sambaGroupT

Re: [Samba] Win XP Pro / Linux PDC

[Antony Gelberg]

Ok, fixed it!  It was a typo in my addmachine script - the group was
machines, not machine.  I found it after starting the daemons with -d 3.

Antony


-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

RE: [Samba] How do I get Winbind accounts in LDAP?

[Ganguly, Sapan]

John,

OK, I took out the "winbind uid" and "winbind gid" lines.

Here is what I have in /lib, how do I know which is the appropriate version
name?  I've tried these ones. 

-rwxr-xr-x   1 root other 751048 Dec 11 13:36 libnss_winbind.so
lrwxrwxrwx   1 root other 17 Dec  4 14:20 libnss_winbind.so.1 ->
libnss_winbind.so
lrwxrwxrwx   1 root other 17 Dec  4 14:19 libnss_winbind.so.2 ->
libnss_winbind.so
lrwxrwxrwx   1 root other 17 Dec  4 14:20 nss_winbind.so.1 ->
libnss_winbind.so
lrwxrwxrwx   1 root other 17 Dec  4 14:21 nss_winbind.so.2 ->
libnss_winbind.so

I've done everything else too but my login still hangs at the "password:"
prompt after I have typed the password in.  Although when I did a 'getent
group' it did pause for a few seconds several times during the listing, that
may just be because we have a lot of NT groups.  'getent passwd' worked fine
and listed all the unix users as well as all the NT users in a split second.
My /etc/nsswitch.conf is configured and I have done the 'smbpasswd -w'
command to put my LDAP password into secets.tdb.

Here is what I get in my pamlog, as you can see, it does say "access
granted" on the last line.  I think the first line is me killing the telnet
session of a previous attempt. 

Jan 14 13:29:55 sun001 pam_winbind[15352]: [ID 571141 auth.debug]
libpam_winbind:pam_sm_close_sessio
n handler
Jan 14 13:29:59 sun001 login: [ID 634615 auth.debug]
pam_authtok_get:pam_sm_authenticate: flags = 0
Jan 14 13:30:05 sun001 login: [ID 378613 auth.debug] pam_dhkeys: user
ganguly not found
Jan 14 13:30:05 sun001 login: [ID 896952 auth.debug] pam_unix_auth: entering
pam_sm_authenticate()
Jan 14 13:30:05 sun001 login: [ID 219349 auth.debug] pam_unix_auth: user
ganguly not found
Jan 14 13:30:05 sun001 pam_winbind[15369]: [ID 572310 auth.info] Verify user
`ganguly'
Jan 14 13:30:05 sun001 pam_winbind[15369]: [ID 614614 auth.notice] user
'ganguly' granted acces
Jan 14 13:30:05 sun001 login[15369]: [ID 509786 auth.debug] roles
pam_sm_authenticate, service = tel
net user = ganguly ruser = not set rhost = 192.168.224.90

Does anyone have any ideas on what the problem could be?  According to this
log access is granted right?  So why does it just sit there at "password:"?

Thanks,
Sapan

-Original Message-
From: John H Terpstra [mailto:[EMAIL PROTECTED] 
Sent: 13 January 2004 16:39
To: Ganguly, Sapan 
Cc: '[EMAIL PROTECTED]'
Subject: RE: [Samba] How do I get Winbind accounts in LDAP?


On Tue, 13 Jan 2004, Ganguly, Sapan  wrote:

>
> John,
>
> Any ideas?  When I try to log in it seems to get past the PAM stuff 
> but then it just sits there, I don't get a prompt.  I've enabled debug 
> on all the modules in pam.conf, should I post the log files?

You should get rid of the "winbind uid" and "winbind gid" parameters as they
have been superceded by "idmap uid" and "idmap gid".

Did you install the libnss_winbind.so module you built (it's in the
~samba/sources/nsswitch directory) as /lib/nss_winbind.so and link it to the
appropriate version name?

Have you modified in /etc/nsswitch.conf the following:

passwd: files winbind
group: files winbind


Do you obtain correct domain account information from:

getent passwd

and

getent group

You will need to install the LDAP admin password into your Samba secrets.tdb
file. The command that does that is:

smbpasswd -w 'secret_password'

PAM provides authentication, NSS (name service switch) does Identity
resolution. It is the instrument that will permit the LDAP database to be
populated via winbind.

I hope this helps.

Cheers,
John T.

>
> Sapan
>
> -Original Message-
> From: Ganguly, Sapan
> Sent: 08 January 2004 17:39
> To: 'John H Terpstra'; Ganguly, Sapan
> Cc: '[EMAIL PROTECTED]'
> Subject: RE: [Samba] How do I get Winbind accounts in LDAP?
>
>
>
> John,
>
> Wbinfo -u lists all my NT user and wbinfo -g lists all my NT groups.
>
> Here is a copy of my smb.conf, I took it from a working Redhat 9.0 
> machine I built.
>
> [global]
>
> # LDAP stuff for the idmap backend
>
> ldap admin dn = cn=root,dc=uk,dc=trt,dc=thales
> ldap suffix = dc=uk,dc=trt,dc=thales
> ldap idmap suffix = ou=idmap
>
> # Winbind stuff
>
> winbind separator = -
> idmap uid = 1-2
> winbind uid = 1-2
> idmap gid = 1-2
> winbind gid = 1-2
> winbind enum users = yes
> winbind enum groups = yes
> winbind use default domain = yes
> #template homedir = /home/%D/%U
> #template homedir = /home/%U
> template homedir = /mnt/spare/%U
> template shell = /bin/bash
> idmap backend = ldap:ldap://lnxs001
>
> # workgroup = NT-Domain-Name or Workgroup-Name
>workgroup = DOMAIN
>
> # server string is the equivalent of the NT Description field
>server string = SUN001
>
> # if you want to automatically load your printer list rather # than 
> setting them up individually then you'll need this
>printcap name = /etc/printcap
>load printers = yes
>
> # this tell

Re: [Samba] Question regarding guest account =

[Tarjei Huse]

Hi, and thanks for a very quick answer!

A small followup:

b) It also seems that the guestuser must have a sambaSid that ends in 
501, else samba will not find the user, correct?
   

We make up an account if you don't supply one, and we will get nasty
side-effects if you don't give it a RID of 501
 

I've seen the sideeffects :-(
Where would the user be stored? I'm using a ldap sam, btw.
And how can I set the users password if he/she is not created ?

Also, if the default guest account is set to nobody (without me using 
the parameter), and I have a user nobody in my sam. will samba use this 
user? Should I remove it?

c) Also, if I want a guest user that can log on to my domain without a 
password, but who will not have any access to shares etc, should I then 
use this "guest" user or should I create a special user for this?
   

Use this account.  This is done (if you want to match win2k behaviour)
with the 'map to guest = bad user' parameter.
 

A bit many this there, you men the account I created, not the special 
guest user , right?

Many thanks for your answers.
Tarjei

Andrew Bartlett
 

--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Question regarding guest account =

[Andrew Bartlett]

On Wed, Jan 14, 2004 at 02:25:17PM +0100, Tarjei Huse wrote:
> Hi,
> 
> I experiemented a bit with the guest account parameter the other day, 
> and I some questions:
> 
> a) It seems to me that if you turn this parameter on, the user will be 
> used when someone browses the domain without beeing a domain member, is 
> this a true observation?
> (Don't answer this one, I checked the manual and it said yes).

It is also used by existing domain members, for the logon process.

> b) It also seems that the guestuser must have a sambaSid that ends in 
> 501, else samba will not find the user, correct?

We make up an account if you don't supply one, and we will get nasty
side-effects if you don't give it a RID of 501

> c) Also, if I want a guest user that can log on to my domain without a 
> password, but who will not have any access to shares etc, should I then 
> use this "guest" user or should I create a special user for this?

Use this account.  This is done (if you want to match win2k behaviour)
with the 'map to guest = bad user' parameter.

Andrew Bartlett
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] Question regarding guest account =

[Tarjei Huse]

Hi,

I experiemented a bit with the guest account parameter the other day, 
and I some questions:

a) It seems to me that if you turn this parameter on, the user will be 
used when someone browses the domain without beeing a domain member, is 
this a true observation?
(Don't answer this one, I checked the manual and it said yes).
b) It also seems that the guestuser must have a sambaSid that ends in 
501, else samba will not find the user, correct?

c) Also, if I want a guest user that can log on to my domain without a 
password, but who will not have any access to shares etc, should I then 
use this "guest" user or should I create a special user for this?

I think the questions are quite basic, but I just wanted to check that I 
am correct.

Tarjei

--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] Question regarding guest account =

[Tarjei Huse]

Hi,

I experiemented a bit with the guest account parameter the other day, 
and I some questions:

a) It seems to me that if you turn this parameter on, the user will be 
used when someone browses the domain without beeing a domain member, is 
this a true observation?
(Don't answer this one, I checked the manual and it said yes).
b) It also seems that the guestuser must have a sambaSid that ends in 
501, else samba will not find the user, correct?

c) Also, if I want a guest user that can log on to my domain without a 
password, but who will not have any access to shares etc, should I then 
use this "guest" user or should I create a special user for this?

I think the questions are quite basic, but I just wanted to check that I 
am correct.

Tarjei

--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] Question regarding guest account =

[Tarjei Huse]

Hi,

I experiemented a bit with the guest account parameter the other day, 
and I some questions:

a) It seems to me that if you turn this parameter on, the user will be 
used when someone browses the domain without beeing a domain member, is 
this a true observation?
(Don't answer this one, I checked the manual and it said yes).
b) It also seems that the guestuser must have a sambaSid that ends in 
501, else samba will not find the user, correct?

c) Also, if I want a guest user that can log on to my domain without a 
password, but who will not have any access to shares etc, should I then 
use this "guest" user or should I create a special user for this?

I think the questions are quite basic, but I just wanted to check that I 
am correct.

Tarjei

--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Samba3+LDAP configuration... PLEASEEE

[Tarjei Huse]

Hi,

Go to samba.idealx.org and you'll find a howto and a script to generate 
what you need.
th

Áncor González Sosa wrote:

I've spended days trying to get a Samba3 PDC configuration. It almost works now,
but I have experimented a lot of problems and now my configuration is still FAR
from perfect.
I have no more time left so I'm looking for somebody to share his/her
configuration files with me. That is what I'm setting:
   Samba 3.0.0 PDC with LDAP backend.

   The same LDAP users and groups as valid Unix users/groups (posixAccounts and
   posixGroups), so I can login in Linux clients using the LDAP as user
   database (I have nsswitch and PAM_LDAP properly configured in the PDC).
   Windows2000 Pro and Linux clients

   I want to manage de users and groups in the domain with usrmgr.exe from M$.

Well, I think that's all. I would like somebody out there with this
configuration working to send me his/her:
   LDAP schema,

   LDAP tree (slapcat output),

   smb.conf,

   scripts used to add user, remove machine, etc.

   /etc/passwd and /etc/group (though these files should be clean of 
   Samba stuff),

   any other thing envolved in some way in the server configuration.

Of course, I don't need the whole tree (just some users and groups, including
root/administrator), but you can send it to me if you don't mind. I don't need
real usernames, domain name or passwords. Please, send me EVERYTHING, don't tell
me things like "I use the default scripts", just send me your scripts and
files.
Of course, you don't have to send the files to the list, just to my address.
Well, that's all, I think. I need this working as soon as possible and I can't
spend hours fixing a lot of small mistakes in my LDAP/Samba 3 configuration.
Thank you VERY much.

Greetings
 

--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Re: [Samba] suse 8.2 Samba 3(samba3-3.0.2pre1-20) LDAP PDC :Cannot Log onto Domain Member Workstation After Joining Domain

[Tarjei Huse]

Hi,

Successfully I was able to joining Windows 2000 Professional to samba 3
domain (TUX_NET). After that I was not able to login to domain from
windows 2000 machine.
 

Hi, take a look at the sambasid of your  nobody user. I belive that the 
gues user has to have a sid ending in 501.

If I am not wrong, this is also an error in the smbldap-populate script 
that idealx uses. (Therefore I crosspost)

th

I have tried with three different samba 3 versions, same result.

My configuration:
SuSE 8.2
Samba 3pre2
Is there any problem with my configuration? I am attaching machine log
file also.


# extended LDIF
#
# LDAPv3
# base <> with scope sub
# filter: (objectclass=*)
# requesting: ALL
#
# sfgroup.com
dn: dc=sfgroup,dc=com
objectClass: dcObject
objectClass: organization
dc: sfgroup
o: sfgroup
# People, sfgroup.com
dn: ou=People,dc=sfgroup,dc=com
objectClass: organizationalUnit
ou: People
# Groups, sfgroup.com
dn: ou=Groups,dc=sfgroup,dc=com
objectClass: organizationalUnit
ou: Groups
# nobody, People, sfgroup.com
dn: uid=nobody,ou=People,dc=sfgroup,dc=com
cn: nobody
sn: nobody
objectClass: inetOrgPerson
objectClass: sambaSAMAccount
objectClass: posixAccount
gidNumber: 514
uid: nobody
homeDirectory: /dev/null
sambaPwdLastSet: 0
sambaLogonTime: 0
sambaLogoffTime: 2147483647
sambaKickoffTime: 2147483647
sambaPwdCanChange: 0
sambaPwdMustChange: 2147483647
sambaHomePath: \\rishi\homes
sambaHomeDrive: _HOMEDRIVE_
sambaProfilePath: \\_PDCNAME_\profiles\
sambaPrimaryGroupSID: S-1-5-21-3516781642-1962875130-3438800523-514
sambaLMPassword: NO PASSWORDX
sambaNTPassword: NO PASSWORDX
loginShell: /bin/false
uidNumber: 99
sambaAcctFlags: [U ]
sambaSID: S-1-5-21-3516781642-1962875130-3438800523-514
# Domain Admins, Groups, sfgroup.com
dn: cn=Domain Admins,ou=Groups,dc=sfgroup,dc=com
objectClass: posixGroup
objectClass: sambaGroupMapping
gidNumber: 512
cn: Domain Admins
memberUid: Administrator
description: Netbios Domain Administrators
sambaSID: S-1-5-21-3516781642-1962875130-3438800523-512
sambaGroupType: 2
displayName: Domain Admins
# Domain Users, Groups, sfgroup.com
dn: cn=Domain Users,ou=Groups,dc=sfgroup,dc=com
objectClass: posixGroup
objectClass: sambaGroupMapping
gidNumber: 513
cn: Domain Users
description: Netbios Domain Users
sambaSID: S-1-5-21-3516781642-1962875130-3438800523-513
sambaGroupType: 2
displayName: Domain Users
memberUid: root
memberUid: admin
memberUid: testuser
memberUid: sun
# Domain Guests, Groups, sfgroup.com
dn: cn=Domain Guests,ou=Groups,dc=sfgroup,dc=com
objectClass: posixGroup
objectClass: sambaGroupMapping
gidNumber: 514
cn: Domain Guests
description: Netbios Domain Guests Users
sambaSID: S-1-5-21-3516781642-1962875130-3438800523-514
sambaGroupType: 2
displayName: Domain Guests
# Administrators, Groups, sfgroup.com
dn: cn=Administrators,ou=Groups,dc=sfgroup,dc=com
objectClass: posixGroup
objectClass: sambaGroupMapping
gidNumber: 544
cn: Administrators
description: Netbios Domain Members can fully administer the
computer/sambaDom
ainName
sambaSID: S-1-5-21-3516781642-1962875130-3438800523-544
sambaGroupType: 2
displayName: Administrators
# Users, Groups, sfgroup.com
dn: cn=Users,ou=Groups,dc=sfgroup,dc=com
objectClass: posixGroup
objectClass: sambaGroupMapping
gidNumber: 545
cn: Users
description: Netbios Domain Ordinary users
sambaSID: S-1-5-21-3516781642-1962875130-3438800523-545
sambaGroupType: 2
displayName: users
# Guests, Groups, sfgroup.com
dn: cn=Guests,ou=Groups,dc=sfgroup,dc=com
objectClass: posixGroup
objectClass: sambaGroupMapping
gidNumber: 546
cn: Guests
memberUid: nobody
description: Netbios Domain Users granted guest access to the
computer/sambaDo
mainName
sambaSID: S-1-5-21-3516781642-1962875130-3438800523-546
sambaGroupType: 2
displayName: Guests
# Power Users, Groups, sfgroup.com
dn: cn=Power Users,ou=Groups,dc=sfgroup,dc=com
objectClass: posixGroup
objectClass: sambaGroupMapping
gidNumber: 547
cn: Power Users
description: Netbios Domain Members can share directories and printers
sambaSID: S-1-5-21-3516781642-1962875130-3438800523-547
sambaGroupType: 2
displayName: Power Users
# Account Operators, Groups, sfgroup.com
dn: cn=Account Operators,ou=Groups,dc=sfgroup,dc=com
objectClass: posixGroup
objectClass: sambaGroupMapping
gidNumber: 548
cn: Account Operators
description: Netbios Domain Users to manipulate users accounts
sambaSID: S-1-5-21-3516781642-1962875130-3438800523-548
sambaGroupType: 2
displayName: Account Operators
# Server Operators, Groups, sfgroup.com
dn: cn=Server Operators,ou=Groups,dc=sfgroup,dc=com
objectClass: posixGroup
objectClass: sambaGroupMapping
gidNumber: 549
cn: Server Operators
description: Netbios Domain Server Operators
sambaSID: S-1-5-21-3516781642-1962875130-3438800523-549
sambaGroupType: 2
displayName: Server Operators
# Print Operators, Groups, sfgroup.com
dn: cn=Print Operators,ou=Groups,dc=sfgroup,dc=com
objectClass: posixGroup
objectClass: sambaGroupMapping
gidNumber: 550
cn: Print Operators
d

[Samba] Notification

[Spamserver]

* eManager Notification **

Recipient, Content filter has detected a sensitive e-mail.

Source mailbox: "[EMAIL PROTECTED]"
Destination mailbox(es): "[EMAIL PROTECTED]"

*** End of message ***
Received: from 208.8.92.60 by jupiter.INSIDEAI.COM (InterScan E-Mail VirusWall NT); 
Wed, 14 Jan 2004 07:21:00 -0500
Received: from lists.samba.org ([66.70.73.150]) by viruswall.ai-logix.com
  (Post.Office MTA v3.5.3 release 223 ID# 0-0U10L2S100V35)
  with ESMTP id com for <[EMAIL PROTECTED]>;
  Wed, 14 Jan 2004 07:22:46 -0500
Received: from dp.samba.org (localhost [127.0.0.1])
by lists.samba.org (Postfix) with ESMTP id 4A5532C637
for <[EMAIL PROTECTED]>; Wed, 14 Jan 2004 12:20:49 + (GMT)
X-Original-To: [EMAIL PROTECTED]
Delivered-To: [EMAIL PROTECTED]
Received: from [145.249.26.136] (unknown [145.249.26.136])
by lists.samba.org (Postfix) with ESMTP id 26D062C0F1
for <[EMAIL PROTECTED]>; Wed, 14 Jan 2004 12:19:26 + (GMT)
Date: Wed, 14 Jan 2004 15:19:34 -0500
From: Isabella <[EMAIL PROTECTED]>
X-Mailer: The Bat! (v2.00.6) Personal
X-Priority: 3 (Normal)
Message-ID: <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
MIME-Version: 1.0
X-Spam-Checker-Version: SpamAssassin 2.61 (1.212.2.1-2003-12-09-exp) on 
dp.samba.org
X-Spam-Status: No, hits=-85.6 required=3.5 tests=BAYES_90,
DATE_IN_FUTURE_06_12,MIME_MISSING_BOUNDARY,RCVD_IN_BL_SPAMCOP_NET,
RCVD_IN_DSBL,RCVD_IN_NJABL,RCVD_IN_NJABL_PROXY,RCVD_IN_SORBS,
RCVD_IN_SORBS_HTTP, RCVD_IN_SORBS_SOCKS, USER_IN_WHITELIST autolearn=no 
version=2.61
X-Spam-Level: 
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
X-Content-Filtered-By: Mailman/MimeDel 2.1.3
Cc: 
Subject: [Samba] Ripe woman
X-BeenThere: [EMAIL PROTECTED]
X-Mailman-Version: 2.1.3
Precedence: list
List-Id: General questions regarding Samba 
List-Unsubscribe: ,

List-Archive: 
List-Post: 
List-Help: 
List-Subscribe: ,

Sender: [EMAIL PROTECTED]
Errors-To: [EMAIL PROTECTED]
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] Problem adding smb accounts on 3.0.1/ldap

[Ian Potter]

I am setting up a Samba 3 server with ldap support- packages from Debian
backports.org- but have run into a problem setting up the samba
attributes. If there is a user existing in the local /etc/passwd file then
smbpasswd -a correctly sets up the samba user in the ldap directory.
However, if I preload the posixAccount and other data for a user using an
ldif import then attempt to use smbpasswd to add the samba attributes it
fails.

Setting sambaSamAccount, sambaSID and sambaPrimaryGroupSID in the ldif
file seems to fix the problem but I didn't realise that this necessary.Or
is there a problem with smbpasswd?


smb.conf


# Global parameters
[global]
domain logons = yes
workgroup = BSTORE
netbios name = TEST-SERVER2
server string = LDAP/Samba Development Server
security = user
encrypt passwords = Yes
#   obey pam restrictions = Yes
passdb backend = ldapsam:ldap://test-server2.liv.buildstore.co.uk/
# smbpasswd -x delete the entire dn-entry
ldap delete dn = no
ldap passwd sync = yes
ldap ssl = start tls
ldap suffix = dc=buildstore,dc=co,dc=uk
ldap machine suffix = ou=machines
ldap user suffix = ou=users
ldap group suffix = ou=groups
ldap admin dn = "cn=manager,dc=buildstore,dc=co,dc=uk"
ldap filter = (&(uid=%u)(objectclass=sambaSamAccount))
logon drive = h:
logon home = \\%L\%U
logon path = \\%L\profiles\%U\
logon script = users.bat
passwd program = /usr/bin/passwd %u
passwd chat = *Enter\snew\sUNIX\spassword:* %n\n
*Retype\snew\sUNIX\spassword:* %n\n .
add user script = /usr/local/sbin/create-machine-account.sh %u
syslog = 0
log file = /var/log/samba/log.%m
max log size = 1000
dns proxy = No

testuser ldif

dn: uid=testuser, ou=users,dc=buildstore,dc=co,dc=uk
objectClass: inetOrgPerson
objectClass: posixAccount
objectClass: top
objectClass: shadowAccount
objectClass: organizationalPerson
objectClass: inetLocalMailRecipient
uid: testuser
cn: LDAP TestUser
sn: TestUser
givenname: LDAP
title: Admin
departmentNumber: IT
mobile: 0779-789-6552
postalAddress: Kingsthorne Park$Houstoun Industrial Est$Livingston
telephoneNumber: 01506-409-245
facsimileTelephoneNumber: 0870-870-9992
userpassword: {MD5}F5rUXGziy5fPECniEgRugQ==
labeleduri: http://intranet.liv.buildstore.co.uk/~testuser/
mail: [EMAIL PROTECTED]
mailRoutingAddress: [EMAIL PROTECTED]
loginShell: /bin/bash
uidNumber: 529
gidNumber: 100
homeDirectory: /home/liv/users/testuser/
gecos: testuser_gecos-field
description: Not Available
localityName: Livingston

Output of smbpasswd -a testuser -D 5
test-server2:~# ldapmodify -D "cn=manager,dc=buildstore,dc=co,dc=uk" -w
hydra62 -x -a -f ./testuser.ldif.bak
adding new entry "uid=testuser, ou=users,dc=buildstore,dc=co,dc=uk"

test-server2:~# smbpasswd -a testuser -D 5
Netbios name list:-
my_netbios_names[0]="TEST-SERVER2"
New SMB password:
Retype new SMB password:
Trying to load: ldapsam:ldap://test-server2.liv.buildstore.co.uk/
Attempting to register passdb backend ldapsam
Successfully added passdb backend 'ldapsam'
Attempting to register passdb backend ldapsam_compat
Successfully added passdb backend 'ldapsam_compat'
Attempting to register passdb backend smbpasswd
Successfully added passdb backend 'smbpasswd'
Attempting to register passdb backend tdbsam
Successfully added passdb backend 'tdbsam'
Attempting to register passdb backend guest
Successfully added passdb backend 'guest'
Attempting to find an passdb backend to match
ldapsam:ldap://test-server2.liv.buildstore.co.uk/ (ldapsam)
Found pdb backend ldapsam
Searching for:[(&(objectClass=sambaDomain)(sambaDomainName=BSTORE))]
smbldap_search_suffix: searching
for:[(&(objectClass=sambaDomain)(sambaDomainName=BSTORE))]
StartTLS issued: using a TLS connection
smbldap_open_connection: connection opened
ldap_connect_system: succesful connection to the LDAP server
The LDAP server is succesful connected
pdb backend ldapsam:ldap://test-server2.liv.buildstore.co.uk/ has a valid
init
Attempting to find an passdb backend to match guest (guest)
Found pdb backend guest
pdb backend guest has a valid init
smbldap_search_suffix: searching
for:[(&(&(uid=testuser)(objectclass=sambaSamAccount))(objectclass=sambaSamAccount))]
ldapsam_getsampwnam: Unable to locate user [testuser] count=0
Finding user testuser
Trying _Get_Pwnam(), username as lowercase is testuser
Get_Pwnam_internals did find user [testuser]!
ldapsam_search_one_group: searching
for:[(&(objectClass=sambaGroupMapping)(gidNumber=100))]
init_group_from_ldap: Entry found for group: 100
smbldap_search_suffix: searching
for:[(&(&(uid=testuser)(objectclass=sambaSamAccount))(objectclass=sambaSamAccount))]
smbldap_search_suffix: searching
for:[(&(sambaSID=S-1-5-21-3851587022-395417704-477425307-2058)(objectclass=sambaSamAccount))]
smbldap_search_suffix: searching
for:[(&(uid=testuser)(objectclass=sambaSam

[Samba] Notification

[Spamserver]

* eManager Notification **

Recipient, Content filter has detected a sensitive e-mail.

Source mailbox: "[EMAIL PROTECTED]"
Destination mailbox(es): "[EMAIL PROTECTED]"

*** End of message ***
Received: from 208.8.92.60 by jupiter.INSIDEAI.COM (InterScan E-Mail VirusWall NT); 
Wed, 14 Jan 2004 07:20:28 -0500
Received: from lists.samba.org ([66.70.73.150]) by viruswall.ai-logix.com
  (Post.Office MTA v3.5.3 release 223 ID# 0-0U10L2S100V35)
  with ESMTP id com for <[EMAIL PROTECTED]>;
  Wed, 14 Jan 2004 07:22:13 -0500
Received: from dp.samba.org (localhost [127.0.0.1])
by lists.samba.org (Postfix) with ESMTP id 92EDD2C340
for <[EMAIL PROTECTED]>; Wed, 14 Jan 2004 12:20:16 + (GMT)
X-Original-To: [EMAIL PROTECTED]
Delivered-To: [EMAIL PROTECTED]
Received: from [145.249.26.136] (unknown [145.249.26.136])
by lists.samba.org (Postfix) with ESMTP id 26D062C0F1
for <[EMAIL PROTECTED]>; Wed, 14 Jan 2004 12:19:26 + (GMT)
Date: Wed, 14 Jan 2004 15:19:34 -0500
From: Isabella <[EMAIL PROTECTED]>
X-Mailer: The Bat! (v2.00.6) Personal
X-Priority: 3 (Normal)
Message-ID: <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
MIME-Version: 1.0
X-Spam-Checker-Version: SpamAssassin 2.61 (1.212.2.1-2003-12-09-exp) on 
dp.samba.org
X-Spam-Status: No, hits=-85.6 required=3.5 tests=BAYES_90,
DATE_IN_FUTURE_06_12,MIME_MISSING_BOUNDARY,RCVD_IN_BL_SPAMCOP_NET,
RCVD_IN_DSBL,RCVD_IN_NJABL,RCVD_IN_NJABL_PROXY,RCVD_IN_SORBS,
RCVD_IN_SORBS_HTTP, RCVD_IN_SORBS_SOCKS, USER_IN_WHITELIST autolearn=no 
version=2.61
X-Spam-Level: 
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
X-Content-Filtered-By: Mailman/MimeDel 2.1.3
Cc: 
Subject: [Samba] Ripe woman
X-BeenThere: [EMAIL PROTECTED]
X-Mailman-Version: 2.1.3
Precedence: list
List-Id: General questions regarding Samba 
List-Unsubscribe: ,

List-Archive: 
List-Post: 
List-Help: 
List-Subscribe: ,

Sender: [EMAIL PROTECTED]
Errors-To: [EMAIL PROTECTED]
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] Ripe woman

[Isabella]

COME ON HERE: http://zone.hoha.ru/allstrip

What can be better than hard fuck? Here you will see how it should be done by all 
rules! 
Ripe girls are ready to start it even now! 

Kathy took soft yet dick in her hands and by few movements made it hard as stone! 
Here it is - power and skill of the ripe woman! But if she had only skilful hands, she 
hardly could be here! 
Tight-assed and lustfull - what she is! She will not think long and her desires will 
hold the reins!
100% Cock Hungry Girls - real girls that love to fuck and suck a dick until they get 
covered in cum!
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] Hiding client icons from netrok neighbour.

[ads smb]

I have installed smb server on Redhat 9 server having windows 95/98/XP clients.
I am havinng 2 ethrnet cards having 2 separate networks Network 1  and Network 2.
 
1) Client icons of Network 1 should be visible to all clients of Network 1 in their 
network neighbour.
2) Client icons of Network 2 should not be visible to network neighbour of clients of 
Network 2 as well as neighbour of clients of Network 1.
 
Is it possible? and if so How it can be achieved.
Help appreciated.
Thanks.


-
Do you Yahoo!?
Yahoo! Hotjobs: Enter the "Signing Bonus" Sweepstakes
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] Re: Samba 3, Windows XP SP1

[Marcin Giedz]

Darin Bawden wrote:

> Hello everyone,
> I am having a problem I can't find an answer to.
> Background:  We had a RH 7.3/8.0 box with samba 2.2.7.  Workstations were
> Windows 2000.  We have 5 roaming users with laptops.  when the roaming
> users would go home, they were able to log into the laptops without the
> presence of the domain (an yes, they were logging into the domain user at
> home).
> Current problem:  Running RH 9.0 with samba 3.0 (I have not installed
> the 3.01 path yet).  Workstations are all Windows XP with SP1.   We
> still have 5 laptop users.  When they go home, however, they are not able
> to
> log into the computer without the domain.  it tells them the domain is not
> available.
>I have tried all the reg hacks; I have tried the local security policy
> fix; I have tried adding a local user with the same name; I have added the
> address for the server to the Wins setting in windows.
> Nothing seems to work.
> 
> Can someone please lead me in the correct direction?  I'm pulling out
> what's left of my hair.
> 
> thanks
> 
> Darin
> 

Samba 3.0.2pre2 as PDC + XP Professional with latest updates from microsoft
web page. In this configuration I can logon to PDC. 

I've also tried with Win2000k SP4 Proffesional and XP Home Edition (with
TweakUI) -> no results. Simply can't logon to domain.

Marcin

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] samba Digest, Vol 13, Issue 21

[petera]

I will be out of the office starting from Dec 02 till Jan. 12th, 2004. If it is urgent 
please send e-mail to [EMAIL PROTECTED] and someone will assist you. Thanks.

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] samba Digest, Vol 13, Issue 21

[peter]

I will be out of the office starting from Dec 02 till Jan. 12th, 2004. If it is urgent 
please send e-mail to [EMAIL PROTECTED] and someone will assist you. Thanks.

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] Exist any method to restrict the Admin Domain to access the root resources?

[root]

Hi,

I try the username map in the smb.conf, and put the next line:
root = donadmin

How restrict this Admin Domain (donadmin) to access the resources of the root:

[EMAIL PROTECTED]:/]# /usr/local/samba/bin/smbclient //192.168.0.1/root -U donadmin%any
smb: \> mkdir testing
smb: \> exit

[EMAIL PROTECTED]:/]# ls -ld testing/
drwxr-xr-x   2 root other512 Jan 13 13:14 testing/

[EMAIL PROTECTED]:/]# rmdir testing/
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] ordinary user mapped to root, need to known the root smbpasswd

[root]

Hi

When any ordinary user is mapped to root, 
in the process of Making a Domain Member,
the password of the ordinary user is no
valid, and the valid is the root password
of the smbpasswd not the /etc/passwd.

Can use the ordinary user password for authentication?

Thanks.
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] SAMBA 2.2.8a PDC with OpenLDAP automatcally adding machine account

[Sundaram Ramasamy]

Hi,

I am trying add w2k machine to my samba 2.28a PDC, but it's not creating
machine account auotmatically.

Here is my configuration:

   add user script = /usr/local/sbin/smbldap-useradd.pl -w -d /dev/null -g
"Domain Computers" -s /bin/false
ldap server = 127.0.0.1
ldap port = 389
ldap suffix = "dc=sfgroup,dc=com"
ldap filter = (&(uid=%u)(objectclass=sambaAccount))
ldap admin dn = "cn=Manager,dc=sfgroup,dc=com"
ldap ssl = no
ldap del only sam attr = No

This command work from command line:

  /usr/local/sbin/smbldap-useradd.pl -w -d /dev/null -g "Domain Computers"
-s /bin/false ramas$

log message  :
==
 Initializing connection to 127.0.0.1 on port 389
[2004/01/12 20:08:29, 2] passdb/pdb_ldap.c:ldap_open_connection(217)
  ldap_open_connection: connection opened
[2004/01/12 20:08:29, 0] passdb/pdb_ldap.c:ldap_connect_system(316)
  ldap_connect_system: Binding to ldap server as
"cn=Manager,dc=sfgroup,dc=com"
[2004/01/12 20:08:29, 2] passdb/pdb_ldap.c:ldap_connect_system(331)
  ldap_connect_system: succesful connection to the LDAP server
[2004/01/12 20:08:29, 2] passdb/pdb_ldap.c:ldap_search_one_user(343)
  ldap_search_one_user: searching
for:[(&(uid=ramas$)(objectclass=sambaAccount))]
[2004/01/12 20:08:29, 0] passdb/pdb_ldap.c:pdb_getsampwnam(940)
  LDAP search "(&(uid=ramas_)(objectclass=sambaAccount))" returned 0
entries.
[2004/01/12 20:08:29, 3] smbd/sec_ctx.c:pop_sec_ctx(436)
  pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
[2004/01/12 20:08:29, 3] smbd/reply.c:smb_create_user(543)
  smb_create_user: Running the command `/usr/local/sbin/smbldap-useradd.pl
-w -d /dev/null -g "Domain Computers" -s /bin/false' gave 1
[2004/01/12 20:08:29, 0]
rpc_server/srv_samr_nt.c:_api_samr_create_user(1934)
  User ramas$ does not exist in system password file (usually
/etc/passwd). Cannot add account without a valid local system user.

[2004/01/12 20:08:29, 5] rpc_parse/parse_prs.c:prs_debug(60)
  00 samr_io_r_create_user
[2004/01/12 20:08:29, 6] rpc_parse/parse_prs.c:prs_debug(60)
  00 smb_io_pol_hnd user_pol


SR

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] SAMBA 2.2.8a PDC with OpenLDAP automatcally adding machine account

[Sundaram Ramasamy]

Hi,

I am trying add w2k machine to my samba 2.28a PDC, but it's not creating
machine account auotmatically.

Here is my configuration:

   add user script = /usr/local/sbin/smbldap-useradd.pl -w -d /dev/null -g
"Domain Computers" -s /bin/false
ldap server = 127.0.0.1
ldap port = 389
ldap suffix = "dc=sfgroup,dc=com"
ldap filter = (&(uid=%u)(objectclass=sambaAccount))
ldap admin dn = "cn=Manager,dc=sfgroup,dc=com"
ldap ssl = no
ldap del only sam attr = No

This command work from command line:

  /usr/local/sbin/smbldap-useradd.pl -w -d /dev/null -g "Domain Computers"
-s /bin/false ramas$

log message  :
==
 Initializing connection to 127.0.0.1 on port 389
[2004/01/12 20:08:29, 2] passdb/pdb_ldap.c:ldap_open_connection(217)
  ldap_open_connection: connection opened
[2004/01/12 20:08:29, 0] passdb/pdb_ldap.c:ldap_connect_system(316)
  ldap_connect_system: Binding to ldap server as
"cn=Manager,dc=sfgroup,dc=com"
[2004/01/12 20:08:29, 2] passdb/pdb_ldap.c:ldap_connect_system(331)
  ldap_connect_system: succesful connection to the LDAP server
[2004/01/12 20:08:29, 2] passdb/pdb_ldap.c:ldap_search_one_user(343)
  ldap_search_one_user: searching
for:[(&(uid=ramas$)(objectclass=sambaAccount))]
[2004/01/12 20:08:29, 0] passdb/pdb_ldap.c:pdb_getsampwnam(940)
  LDAP search "(&(uid=ramas_)(objectclass=sambaAccount))" returned 0 entries.
[2004/01/12 20:08:29, 3] smbd/sec_ctx.c:pop_sec_ctx(436)
  pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
[2004/01/12 20:08:29, 3] smbd/reply.c:smb_create_user(543)
  smb_create_user: Running the command `/usr/local/sbin/smbldap-useradd.pl
-w -d /dev/null -g "Domain Computers" -s /bin/false' gave 1
[2004/01/12 20:08:29, 0] rpc_server/srv_samr_nt.c:_api_samr_create_user(1934)
  User ramas$ does not exist in system password file (usually
/etc/passwd). Cannot add account without a valid local system user.

[2004/01/12 20:08:29, 5] rpc_parse/parse_prs.c:prs_debug(60)
  00 samr_io_r_create_user
[2004/01/12 20:08:29, 6] rpc_parse/parse_prs.c:prs_debug(60)
  00 smb_io_pol_hnd user_pol


SR
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] smbclient

[Nic le Roux]

Last line of output when running "smbclient //cupsipp/print$ -k -U nicl -d 
10"

Any Idea what this could be or how to resolve ?
Not realy any info on Google I could find

[2004/01/14 11:16:51, 10] intl/lang_tdb.c:lang_tdb_init(135)
  lang_tdb_init: /usr/lib/samba/en_US.UTF-8.msg: No such file or directory
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Win XP Pro / Linux PDC

[Antony Gelberg]

On Tue, Jan 13, 2004 at 10:15:49AM -0700, Craig White wrote:
> On Tue, 2004-01-13 at 09:52, Art Powell wrote:
> > In XP, you have to make some changes to the security policy. On the XP
> > client, go to the "Control Panel" and then "Administrative Tools" and
> > then open the "Local Security Settings" and the open the "Local Options"
> > and then the "Security Options" folder. The following should be
> > DISABLED:
> > 
> > Domain Member: Digitally encrypt or sign secure channel data
> > Domain Member: Digitally encrypt secure data channel
> > Domain Member: Digitally sign secure data channel.
> > 
> > Reboot your machine, and it should now be able to join the domain.
> > 
> > This was a problem in SAMBA 2.x. Let me know if it works, I am
> > interested to see if it is still a problem in SAMBA 3.x (my guess is
> > yes, due to difference in the way XP authenticates.).
> 
> actually, the answer is no on my setup Samba 3.0.0 PDC, this is not
> necessary (hooray) but on Samba 2.2.x PDC, it is necessary.
> 
> Craig

I'm runing 3.0.0 as a PDC.  I'd really appreciate a copy of your
smb.conf, to see what the relevant differences are.

Antony
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Win XP Pro / Linux PDC

[Antony Gelberg]

On Tue, Jan 13, 2004 at 10:52:35AM -0600, Art Powell wrote:
> In XP, you have to make some changes to the security policy. On the XP
> client, go to the "Control Panel" and then "Administrative Tools" and
> then open the "Local Security Settings" and the open the "Local Options"
> and then the "Security Options" folder. The following should be
> DISABLED:
> 
> Domain Member: Digitally encrypt or sign secure channel data
> Domain Member: Digitally encrypt secure data channel
> Domain Member: Digitally sign secure data channel.
> 
> Reboot your machine, and it should now be able to join the domain.
> 
> This was a problem in SAMBA 2.x. Let me know if it works, I am
> interested to see if it is still a problem in SAMBA 3.x (my guess is
> yes, due to difference in the way XP authenticates.).

Sadly, no.  I still get "the user name could not be found".  I'm using
v3.0.0-debian.  I have disabled:
Digitally encrypt or sign secure channel data (always).
Digitally encrypt secure channel data (when possible).
Digitally encrypt sign channel data (when possible).
Disable machine account password changes.

As an aside, google searching seems to disagree on the exact options
that need disabling.  It would be good if someone can confirm the
minimal set.

I noticed that the attached smb.conf in my original didn't get through
(I guess the list strips attachments?), so I've pasted it below,
together with my referenced /usr/local/sbin/addmachine script.  I'd
appreciate any feedback on problems that are contained within.

Antony

---
/etc/samba/smb.conf
---

Sample configuration file for the Samba suite for Debian GNU/Linux.
#
#
# This is the main Samba configuration file. You should read the
# smb.conf(5) manual page in order to understand the options listed
# here. Samba has a huge number of configurable options most of which
# are not shown in this example
#
# Any line which starts with a ; (semi-colon) or a # (hash)
# is a comment and is ignored. In this example we will use a #
# for commentary and a ; for parts of the config file that you
# may wish to enable
#
# NOTE: Whenever you modify this file you should run the command
# "testparm" to check that you have not many any basic syntactic
# errors.
#

#=== Global Settings ===

[global]

## Browsing/Identification ###

# Change this to the workgroup/NT-domain name your Samba server will
# part of
   workgroup = chhausmann

# server string is the equivalent of the NT Description field
   server string = %h server (Samba %v)

# Windows Internet Name Serving Support Section:
# WINS Support - Tells the NMBD component of Samba to enable its WINS
# Server
;   wins support = no

# WINS Server - Tells the NMBD components of Samba to be a WINS Client
# Note: Samba can be either a WINS Server, or a WINS Client, but NOT
# both
;   wins server = w.x.y.z

# This will prevent nmbd to search for NetBIOS names through DNS.
   dns proxy = no

# What naming service and in what order should we use to resolve host
# names
# to IP addresses
;   name resolve order = lmhosts host wins bcast


 Debugging/Accounting 

# This tells Samba to use a separate log file for each machine
# that connects
   log file = /var/log/samba/log.%m

# Put a capping on the size of the log files (in Kb).
   max log size = 1000

# If you want Samba to only log through syslog then set the following
# parameter to 'yes'.
;   syslog only = no

# We want Samba to log a minimum amount of information to syslog.
# Everything
# should go to /var/log/samba/log.{smbd,nmbd} instead. If you want to
# log
# through syslog you should set the following parameter to something
# higher.
   syslog = 0

# Do something sensible when Samba crashes: mail the admin a backtrace
   panic action = /usr/share/samba/panic-action %d


### Authentication ###

# "security = user" is always a good idea. This will require a Unix
# account
# in this server for every user accessing the server. See
# /usr/share/doc/samba-doc/htmldocs/ServerType.html in the samba-doc
# package for details.
   security = user

# You may wish to use password encryption.  See the section on
# 'encrypt passwords' in the smb.conf(5) manpage before enabling.
   encrypt passwords = true

# If you are using encrypted passwords, Samba will need to know what
# password database type you are using.
   passdb backend = tdbsam guest

   obey pam restrictions = yes

;   guest account = nobody
;   invalid users = root

# This boolean parameter controls whether Samba attempts to sync the
# Unix
# password with the SMB password when the encrypted SMB password in the
# passdb is changed.
   unix password sync = yes

# For Unix password sync to work on a Debian GNU/Linux system, the
# following
# parameters must be set (thanks to Augustin Luton
# <[EMAIL PROTECTED]> for
# sending the correct chat script for the passwd program in Debian
# Potato).
   passwd program = /usr/bin/passwd %u
   passwd chat = 

[Samba] Manual creation of machine trust and comments on Samba books

[Beast]

I just receive a copy of the official samba 3 howto, to be honest i'm rather disapoint 
with the content and layout. Well with free online version, i can't complaint, but 
with 'paid' version maybe i can complain to the author :-).

Most of  the contents are still the old documentation with few 'little' updation for 
samba3. Imo, its better if it can be rewrite from scratch focusing on samba3 only.
Ie, it should focusing on ldapbackend instead on other backend.

The definitive guide books (imo) should contains following chapter :
1. Installation and other compile options.
2. Setup and configuration with real world working config and screenshot if possible 
on server and client side.
3. Performance tuning and optimization (server and client, including related s/w , ie. 
openldap)
4. Troubleshooting.
5. Index.

Enough with my complain, now from chapter 6, page 69:
Manual creation of machine trust account, it focus on smbpasswd/tdbsam backend only, 
not ldap.
I have valid posixaccount entry in ldap :
[EMAIL PROTECTED] samba]# smbpasswd -a -m tbird
ldapsam_modify_entry: Failed to add user dn= uid=tbird$,ou=people,dc=indorama,dc=com 
with: Already exists

ldapsam_add_sam_account: failed to modify/add user with uid = tbird$ (dn = 
uid=tbird$,ou=people,dc=indorama,dc=com)
Failed to add entry for user tbird$.
Failed to modify password entry for user tbird$




 

 


--beast

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Re: [Samba] adding printers from netlogon script

[Uwe Laverenz]

Andrew Gaffney schrieb:

Is there no way to add printers from a netlogon script without the user 
being a Power User or higher?
Of course there is: we do this with the tool "con2prt.exe" from the 
"Zero Admin Kit" from M$:

http://www.microsoft.com/windows/zak/

You should install the "con2prt.exe" somewhere on the Windows client 
machine to a location that is included in $PATH.

In your login script you simply call the programm like this:

con2prt /f /cd \\\

Possible options for con2prt:

  /?  - displays usage.
  /h  - displays usage.
  /f  - deletes all existing printer connections.
  /c  - connects to \\printserver\share printer.
  /cd - connects to \\printserver\share printer and sets it as the
default printer.
Oh: could you please stop top-posting and full-quoting when writing to 
this mailing list? Thank you.

cu,
Uwe
--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Logoff Script

[Andre Luis Fogagnoli]

I think is specify on Group Policy, but I don't know any think about.
I read in some articles on internet, if is use Active Directory it's
work on Group Policy else (if NT Domain) it's specify on Gina. But I
don't know what is this...

On Tue, 2004-01-13 at 15:09, John H Terpstra wrote:
> Andre,
> 
> How does Windows handle a logoff script?
> 
> - John T.
> -- 
> John H Terpstra
> Email: [EMAIL PROTECTED]
> 
> __
> How I can specify my logoff script in smb.conf?
> 
> thx...
-- 
Andre Luis Fogagnoli
Bastion Security Systems 
http://www.bastion.com.br 
tel://+5511.5049.0100


signature.asc
Description: This is a digitally signed message part
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] Notification

[Spamserver]

* eManager Notification **

Recipient, Content filter has detected a sensitive e-mail.

Source mailbox: "[EMAIL PROTECTED]"
Destination mailbox(es): "[EMAIL PROTECTED]"

*** End of message ***
Received: from 208.8.92.60 by jupiter.INSIDEAI.COM (InterScan E-Mail VirusWall NT); 
Wed, 14 Jan 2004 05:30:25 -0500
Received: from lists.samba.org ([66.70.73.150]) by viruswall.ai-logix.com
  (Post.Office MTA v3.5.3 release 223 ID# 0-0U10L2S100V35)
  with ESMTP id com for <[EMAIL PROTECTED]>;
  Wed, 14 Jan 2004 05:32:09 -0500
Received: from dp.samba.org (localhost [127.0.0.1])
by lists.samba.org (Postfix) with ESMTP id C276E2C296
for <[EMAIL PROTECTED]>; Wed, 14 Jan 2004 10:30:11 + (GMT)
X-Original-To: [EMAIL PROTECTED]
Delivered-To: [EMAIL PROTECTED]
Received: from [217.225.40.251] (pD9E128FB.dip.t-dialin.net [217.225.40.251])
by lists.samba.org (Postfix) with ESMTP id 20F182C05E
for <[EMAIL PROTECTED]>; Wed, 14 Jan 2004 10:29:12 + (GMT)
Date: Wed, 14 Jan 2004 13:29:25 -0500
From: Elena Balkina <[EMAIL PROTECTED]>
X-Mailer: The Bat! (v2.00.6) Personal
X-Priority: 3 (Normal)
Message-ID: <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
MIME-Version: 1.0
X-Spam-Checker-Version: SpamAssassin 2.61 (1.212.2.1-2003-12-09-exp) on 
dp.samba.org
X-Spam-Status: No, hits=-82.9 required=3.5 tests=BAYES_99,CLICK_BELOW,
DATE_IN_FUTURE_06_12,HTML_50_60,HTML_FONTCOLOR_UNSAFE,HTML_FONT_BIG,
HTML_LINK_CLICK_HERE,HTML_MESSAGE,RCVD_IN_DSBL,RCVD_IN_DYNABLOCK,
RCVD_IN_NJABL,RCVD_IN_NJABL_DIALUP,RCVD_IN_SORBS,USER_IN_WHITELIST 
autolearn=no version=2.61
X-Spam-Level: 
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
X-Content-Filtered-By: Mailman/MimeDel 2.1.3
Cc: 
Subject: [Samba] Teens for unfetered !
X-BeenThere: [EMAIL PROTECTED]
X-Mailman-Version: 2.1.3
Precedence: list
List-Id: General questions regarding Samba 
List-Unsubscribe: ,

List-Archive: 
List-Post: 
List-Help: 
List-Subscribe: ,

Sender: [EMAIL PROTECTED]
Errors-To: [EMAIL PROTECTED]
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba