Re: [Samba] Getting ACLs to work with Samba 3.0.2a
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Dear John, 1. Make sure that your file system is mounted with ACLs support It is. mount reports: /dev/md4 on /home type reiserfs (rw,acl) and the line in /etc/fstab is: /dev/md4/home reiserfs defaults,acl 1 2 2. Make sure that your Samba-3 has been correctly compiled. smbd -b | grep ACL HAVE_SYS_ACL_H HAVE_POSIX_ACLS Looks good. 3. Ensure that the user account you log into Windows with has the right under UNIX to modify ACLS. I tried with the root-Account, which maps to Administrator on Windows as well as with a regular User-Account on a file in its home-directory. I have created users on unix with the shell set to /bin/false so they cannot log in locally, and then created the appropriate samba-accounts with pdbedit. Nonetheless, even root does see the permissions on the files (and their owners), but is unable to modify them (permission denied, even on files owned by root and with 777-unix-permissions). Sincerely, - -- Michael Frotscher Institute of Inorganic and Applied Chemistry University of Hamburg, Germany -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.3 (GNU/Linux) iD8DBQFAUCPP/f+kgY+d9bQRAkvKAKDVJBceFqjozCklnMFlCIxFhkkVQACfamO2 tpWXydru9y/qa6QhwT7lMrs= =b2vq -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Disabling Machine Account password change
Matthieu Le Corre schrieb: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Le mercredi 10 Mars 2004 16:39, Florian Thiel a écrit : Hello! Hello ... i think i've the same problem [...] This seems to be a problem with Win2K changing machine account passwords every 30 days (according to MSDN). The server saves the password, the client resets it and domain logon is impossible ever after. can you give me the URL reference where you see it ! i'm interested on the subject ! Here it is: http://support.microsoft.com/default.aspx?scid=kb;%5BLN%5D;175468 It also proposes a bunch of solutions. Now I want to disable this password changing. It is possible with a Windows PDC using group policy (at least that's what Windows Admins told me). I found for Samba it's hardcoded in the sources. Would it be possible to make that an option for smb.conf? I'm not a C programming professional so I'm afraid of hacking the Samba source (especially with no similiar examples in the sources). Is there someone working on that kind of thing or are there any implications I do not know about? Can you give me the location on the source where you see that For samba-2.2.3a (the debian package) it is in source/rpc_server/srv_reg_net.c The string is in line 140 (RefusePasswordChange). This is the name of the registry entry that (according to the MSDN article) has to be set on the PDC in order to disable password changing. It seems to me that samba returns NT_STATUS_NO_SUCH_FILE. It should be configurable to return the value 1 (don't know in what format). mayby i've two solution ... 1) juste backup the old passwd on your samba server en reinject it every night hmm, dirty hack! 2) a more clean ways to do :P : use gpedit.msc on your win2k workstation ( mmc componant) go to windows parameter security setting local policies security options and enable prevent system maintenance of computer account password . not sur of the result ... but you can try ;) We set the registry entry (see MSDN article) locally for a bunch of machines. The problem is that we're deling with about 700 machines spread out in the whole city. We are not able to disable the hard drive protection remotely, so this would be tedious. I would really like a clean centralized solution. HTH, Florian -- Florian Thiel - Medienzentrum Kassel Systembetreuung Internet- und Kommunikationstechnik Kasseler Schulen am Netz - http://www.medienzentrum-kassel.de -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Disabling Machine Account password change
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Le jeudi 11 Mars 2004 09:52, Florian Thiel a écrit : For samba-2.2.3a (the debian package) it is in source/rpc_server/srv_reg_net.c The string is in line 140 (RefusePasswordChange). This is the name of the registry entry that (according to the MSDN article) has to be set on the PDC in order to disable password changing. It seems to me that samba returns NT_STATUS_NO_SUCH_FILE. It should be configurable to return the value 1 (don't know in what format). hums it seems to be only the existence of the reg keys but i don't kown if samba know how to deal with this if keys registered to 1 mayby i've two solution ... 1) juste backup the old passwd on your samba server en reinject it every night hmm, dirty hack! sure ... but centralized one ;) - -- Matthieu Le Corre -- CIE -- UFR sciences Université de Nantes 02-51-12-58-65 -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (GNU/Linux) iD8DBQFAUDJjHj6Gj+ly9W4RAnMgAJ9LfSSf9yxTOQchi3fEpE6Ovg/Z8QCgjfL2 i0FLiSYGlSeyUjr3Bg33gsg= =hpoj -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Wierd error while trying to join a domain
Hi, David Chait [EMAIL PROTECTED] schrieb am 10.03.04 21:32:56: Platform: RHEL 3 Version: 3.02a For some reason whenever I try to join our domain by using either RH's binary or a custom compiled src.rpm, I get the following: [EMAIL PROTECTED] samba]# net join -U dchait dchait password: realm must be set in in smb.conf for ADS join to succeed. ^ That should be the answer. Please post the [global] part of your smb.conf Stefan -- * in-put GbR - Das Linux-Systemhaus Stefan-Michael Günther Moltkestraße 49 D-76133 Karlsruhe Tel./Fax : +49 (0)721 / 83044 - 98/93 http://www.in-put.de/ * __ Extra-Konto: 2,50 %* Zinsen p. a. ab dem ersten Euro! Nur hier mit 25 Euro-Tankgutschein ExtraPramie! https://extrakonto.web.de/?mc=021110 -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] No full administrator-permissions on local machines with samba 3 domain login
Am Mittwoch, 10. März 2004 22:11 schrieb Andrew Bartlett: Correct. But that is being worked on. However, your implication is incorrect. It is the windows client that expands the groups, so if you are correctly a 'domain admin', then you automatically become part of the 'local administrators'. Make sure your group mapping is really correct. Andrew Bartlett ok - we solved the problem. the problem was the one above. we did not have the right groupmapping. thnaks for support -- Jörn Fenzel -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] No error on change to password below configured length
Hello! Our users change their passwords using the original Win2K password change mechanisms (Ctrl+Alt+Del - Change Password). If one of the users changes his password and the new one is shorter then 5 characters it is rejected. This appears in the logfile and that's OK so far but the users don't get notified. They think the password has changed and use the new one. Why is that? Could it be this is a config thing? We're using Samba 2.2.3a on Debian GNU/Linux. Regards, Florian Thiel -- Florian Thiel - Medienzentrum Kassel Systembetreuung Internet- und Kommunikationstechnik Kasseler Schulen am Netz - http://www.medienzentrum-kassel.de -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] samba document files
Hi. On my Samba machine i have word processors like OpenOffice org and Abiword that i use for preparing my documents . When i want to view these files on a microsoft windows machine i see complex text that is not readeable(not user friendly). What can i really do to see that these documents can be read on a micrsoft windows machine. Thanks Rgds, Segie -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
AW: [Samba] No error on change to password below configured length
I would set the 'Minimum Password Length' in the 'Local Policy Settings' of the Clients to the same value as in linux. So if in Linux your users need = 5 chars, set Minimum Password Length also to 5. cheers, Stumpfl Markus -Ursprüngliche Nachricht- Von: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Im Auftrag von Florian Thiel Gesendet: Donnerstag, 11. März 2004 11:43 An: Samba Mailinglist Betreff: [Samba] No error on change to password below configured length Hello! Our users change their passwords using the original Win2K password change mechanisms (Ctrl+Alt+Del - Change Password). If one of the users changes his password and the new one is shorter then 5 characters it is rejected. This appears in the logfile and that's OK so far but the users don't get notified. They think the password has changed and use the new one. Why is that? Could it be this is a config thing? We're using Samba 2.2.3a on Debian GNU/Linux. Regards, Florian Thiel -- Florian Thiel - Medienzentrum Kassel Systembetreuung Internet- und Kommunikationstechnik Kasseler Schulen am Netz - http://www.medienzentrum-kassel.de -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
AW: [Samba] samba document files
well, not really samba related but: in OO, etc.: 'Save As...' -- and set the filetype to 'Microsoft *' * = Excel, Word, etc. Markus -Ursprüngliche Nachricht- Von: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Im Auftrag von geralds Gesendet: Donnerstag, 11. März 2004 12:34 An: [EMAIL PROTECTED] Betreff: [Samba] samba document files Hi. On my Samba machine i have word processors like OpenOffice org and Abiword that i use for preparing my documents . When i want to view these files on a microsoft windows machine i see complex text that is not readeable(not user friendly). What can i really do to see that these documents can be read on a micrsoft windows machine. Thanks Rgds, Segie -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Samba Trainers
Hi Can anyone recommend a Samba Trainer, to give a 2 day introductory Course in Ireland ? Rgds Rob -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Samba Help
Dear All, I am new user of Solaris and want to install the samba on sol 9, I had install the samba on SCO Open Server but unable to install the Samba on Solaris. Please help me out in this regards. Thanks Best Regards Waseem Afzal Cell: +92-42-303-7573453 -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] samba 3.0.2a (ported from 2.2.8a) with LDAP failed to add machine account
Hi all! Domain is up and running. I can add users and they can change passwords. Problem occurred when I tried to add machine account. add machine script works fine (unix user created) but samba can not modify entry. LDAP permissions are proper. If you have any idea welcomed. Thank you Here is the log: [2004/03/10 14:33:08, 3] passdb/pdb_ldap.c:ldapsam_add_sam_account(1595) ldapsam_add_sam_account: Adding new user [2004/03/10 14:33:08, 2] passdb/pdb_ldap.c:init_ldap_from_sam(769) init_ldap_from_sam: Setting entry for user: hive$ [2004/03/10 14:33:08, 1] passdb/pdb_ldap.c:ldapsam_modify_entry(1214) ldapsam_modify_entry: Failed to add user dn= uid=hive$,ou=Computers,ou=accounts,o=isma with: Already exists [2004/03/10 14:33:08, 0] passdb/pdb_ldap.c:ldapsam_add_sam_account(1633) ldapsam_add_sam_account: failed to modify/add user with uid = hive$ (dn = uid=hive$,ou=Computers,ou=accounts,o=isma) [2004/03/10 14:33:08, 0] rpc_server/srv_samr_nt.c:_samr_create_user(2250) could not add user/computer hive$ to passdb. Check permissions? smb.conf [global] dos charset = CP866 unix charset = koi8-r display charset = koi8-r workgroup = ISMA-TEST netbios name = BDC-SRV server string = Samba Server 3.0.2a testing interfaces = eth1 bind interfaces only = Yes min passwd length = 4 map to guest = Bad User passdb backend = ldapsam:ldap://192.168.10.156 guest account = guest passwd program = /usr/local/sbin/smbldap-passwd.pl %u passwd chat = *New*password* %n\n *new*password* %n\n passwd chat timeout = 1 unix password sync = Yes log level = 3 log file = /var/log/samba/log.%m max log size = 50 socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 add machine script = /usr/local/sbin/smbldap-useradd.pl -w -d /dev/null -g 'Domain Computers' -c 'Machine Account' -s /bin/false %u logon script = %U.bat logon path = \\%N\%U\.2kXPprofiles logon home = \\%N\%U\.9xMeprofiles domain logons = Yes os level = 255 preferred master = Yes domain master = Yes dns proxy = No wins server = 192.168.77.3 ldap suffix = ou=accounts,o=isma ldap machine suffix = ou=Computers ldap user suffix = ou=Users ldap group suffix = ou=Groups ldap filter = ((uid=%u)(objectclass=sambaSamAccount)) ldap admin dn = cn=admin,ou=accounts,o=isma ldap ssl = no ldap passwd sync = Yes [homes] comment = Home Directories read only = No browseable = No [printers] comment = All Printers path = /var/spool/samba printable = Yes browseable = No [test] path = /home read only = No [netlogon] path = /opt/samba/netlogon admin users = admin read only = No browseable = No -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba Trainers
Hello, Murray, Donnerstag, 11. März 2004, 12:46 you wrote: MRr Hi MRr Can anyone recommend a Samba Trainer, MRr to give a 2 day introductory Course in Ireland ? Depends on what you pay ;) Just joking, you will prefer someone around the corner ... -- best regards, Stefan G. Weichinger mailto:[EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] samba 3.0.2a (ported from 2.2.8a) with LDAP failed to add machine account
* zergio [EMAIL PROTECTED] nulis: This: ldap filter = ((uid=%u)(objectclass=sambaSamAccount)) change to: # ldap filter = ((uid=%u)(objectclass=sambaSamAccount)) --beast -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba and LDAP backend - howto docs problems?
Craig White wrote: I can tell by the volume of your messages that you feel that you have a message worthy of delivery but I don't agree. You have bundled a lot of your frustration with learning LDAP into Samba and Samba doesn't require you to use LDAP at all. Obviously it doesn't require you to use LDAP, however Samba supports LDAP, and if this is the case it is not unreasonable to expect setting it up to be reasonably straightforward. If you want easy, if you want total consistency so someone without knowledge can follow your footsteps 6 months from now, you should be implementing Windows. This is the exact problem. There is another product out there that got usability right. Yes, Samba is more secure, more flexible, and more reliable, but if it cannot be set up properly, then the benefits are not accessible to people. Had you had a working knowledge of LDAP, your criticisms might be of some value but in light of the fact that you really want to vent about LDAP and how it integrates, it's meaning is lost on this samba message base. As the person who integrated mod_ldap into Apache httpd, I feel that I have quite a significant knowledge of LDAP thank you. Don't simply assume anybody with a different opinion on how something should work automatically makes them ignorant. Regards, Graham -- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba and LDAP backend - howto docs problems?
John H Terpstra wrote: 3. Just sending configuration files can actually aggrevate someone's problem. Example configuration files must be sent with clear Do this, then this, then this ... type guidance. Access to a working configuration file is probably the fastest way I find to learn a new product or service. I can look at the config file, and ask how exactly does this work, and from it get virtually all the answers I need. The fact that there is no complete smb.conf example form Samba + LDAP was a huge hinderance to my quest to get the thing right. Excessive documentation is one of the biggest problems I have found with software projects, both open source and commercial. People begin skim reading them because they just go on too long, or by the time you've reached chapter 14, you forgot that little snippet of information that was mentioned in chapter 2. Regards, Graham -- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] samba 3.0.2a (ported from 2.2.8a) with LDAP failed to add machine account
Beast ?: * zergio [EMAIL PROTECTED] nulis: This: ldap filter = ((uid=%u)(objectclass=sambaSamAccount)) change to: # ldap filter = ((uid=%u)(objectclass=sambaSamAccount)) --beast According to man smb.conf if ldap filter is not set then dafault used Default: /ldap filter/ = ((uid=%u)(objectclass=sambaAccount)) However, I use new samba.schema and there is no sambaAccount, thus ldap gives NO SUCH USER. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] add machine script problem
Hello I set up a Samba 3 PDC with ldap backend. I created an script that adds machine accounts. First it adds the machine account to /etc/passwd and then it creates the user in ldap with smbpasswd -a -m machine. If I run the script by hand, it works and the account has been added. After that I can join the domain without any problems. Now I want to make this machine account creation on the fly. So I added the script to smb.conf as add user script = /path/to/createmachineaccount.sh. If I try to join a domain with a workstation that hasn't any account, the script creates the machine account but on error occurs that I can't log in because the account doesn't exist. After that if I try to join again, the logon process works because it found the machine account. So I have to join every workstation twice, first for user creation and second for joining the domain. Why doesn't this work in one step? On our old samba 2.2.8a PDC with ldap backend, the whole things worked with the same machine add script. I welcome any suggestions. best regards Lukas -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] samba 3.0.2a (ported from 2.2.8a) with LDAP failed to add machine account
* zergio [EMAIL PROTECTED] nulis: Beast ?: * zergio [EMAIL PROTECTED] nulis: This: ldap filter = ((uid=%u)(objectclass=sambaSamAccount)) change to: # ldap filter = ((uid=%u)(objectclass=sambaSamAccount)) --beast According to man smb.conf if ldap filter is not set then dafault used Default: /ldap filter/ = ((uid=%u)(objectclass=sambaAccount)) man page can be wrong ;-p Quoting jerry of samba team : quote My opinion is that the 'ldap filter' option in smb.conf should never be set. There are 2 many different LDAP searches now being done (group mapping, users, etc...) and we don't use that option consistently internally anyways. Best to leave it alone IMO. /quote However, I use new samba.schema and there is no sambaAccount, thus ldap gives NO SUCH USER. Have you try it first? mine not: Mar 11 13:13:46 jambu slapd[1397]: conn=101167 op=6 SRCH base=ou=jakarta,dc=indorama,dc=com scope=2 filter=((uid=jktjalan)(objectClass=sambaSamAccount)) --beast -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] add machine script problem
* Lukas Meyer [EMAIL PROTECTED] nulis: Hello I set up a Samba 3 PDC with ldap backend. I created an script that adds machine accounts. First it adds the machine account to /etc/passwd and then it creates the user in ldap with smbpasswd -a -m machine. If I run the script by hand, it works and the account has been added. After that I can join the domain without any problems. Now I want to make this machine account creation on the fly. So I added the script to smb.conf as add user script = /path/to/createmachineaccount.sh. If I try to join a domain with a workstation that hasn't any account, the script creates the machine account but on error occurs that I can't log in because the account doesn't exist. After that if I try to join again, the logon process works because it found the machine account. IMO it was because samba can not 'see' changes in ldap. You have to set sleep time in add machine script? btw, why not putting posix account in ldap directory intead of file? --beast -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba and LDAP backend - howto docs problems?
* Graham Leggett [EMAIL PROTECTED] nulis: Excessive documentation is one of the biggest problems I have found with software projects, both open source and commercial. People begin skim reading them because they just go on too long, or by the time you've reached chapter 14, you forgot that little snippet of information that was mentioned in chapter 2. Yes, we need a samba quick start guide, which must conform to the latest release. Who will take this project? ;-) Regards, Graham -- --beast -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Having problems uninstalling Samba 2.2.7a in RH 9
On Wednesday 10 Mar 2004 11:07 pm, Keith Williams wrote: Dear all, Many months ago John Terpstra took time and helped this newby get samba 3.0 installed and working really well on my server at the time. Unfortunately the server died on me. Now I have a new one I am attemping to install Samba 3 on but i get this conflict with version 2.2.7a that came with RH 9. I can not remove it. I have tried several methods and it still there cause 3.0 will not install. Here is the error I get: snip Red Hat packages samba as three .rpm files, so you need to do something like: # rpm -qa | grep samba which gives you: samba-common-2.2.7a-7.9.0 samba-client-2.2.7a-7.9.0 samba-2.2.7a-7.9.0 then remove all of these: # for f in samba-client samba samba-common; do rpm -e $f; done (if any of these fail re-run them in the order of the dependencies, i think the above is right...) then try installing the samba-3.0.2a-1 package you will need to back up your smb.conf and any other files (.tdb files for example) that you already have configured on this server. You may also want to upgrade Red Hat 9 to Fedora Core 1 before you do this, as Red Hat 9 will be unsupported from the end of next month. I'm not sure offhand if FC1 still has the three samba packages, as I always don't install it and then compile/install it from source. Hope this helps, edd -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] ldapsam_compat backend hosed in v3.0.2
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Graham Leggett wrote: | Hi all, | | In an attempt to get the old v2.2 Samba behaviour to work, I | tried to enable the ldapsam_compat mode in passwd backend. | | Win2k cannot connect, username and password not accepted. | | The LDAP logs reveal that Samba is trying to make the | following search: | | (((uid=minfrin)(objectClass=sambaSamAccount))(objectClass=sambaAccount)) | | This search returns users who have both the old v2.2 | objectclass _and_ the new v3.0 objectclass at the same time, | which is nobody if standard tools for editing v2.2 LDAP | entries are used. Do you have 'ldap filter' set ? Best not to. Also, please check the level 10 Samba debug logs and see the surrounding conditions with this search That would be helpful to know. cheers, jerry - -- Hewlett-Packard- http://www.hp.com SAMBA Team -- http://www.samba.org GnuPG Key http://www.plainjoe.org/gpg_public.asc If we're adding to the noise, turn off this song --Switchfoot (2003) -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.1 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFAUGG+IR7qMdg1EfYRAniFAKCmZ9zJpDWYZwxiY2llWkv/xW72FgCgpYWC aj3hmxvQajiOjsrReNLQv4M= =vzQs -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re[2]: [Samba] Samba Gigabit very very slow?
DF That's because Realtek 8169 sucks royally. German readers might wanna check DF test results in c't 4/2004. (or 3?) DF 8169 failed every test: thruput, stability, CPU usage. Don't think it caused by 8169. Got the same problem with different 3com gigabit card (tg3 and sk98lin). Tested with 3com and D-Link gigabit switches. There is definitely a problem with Samba/IpStack. Each separate client (even if he is the only one) has a low speed while overal bandwidth can be good. -- Best regards, Alexandermailto:[EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Please help me with configuring samba as Dfs root !
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 M. Vancl wrote: | Hi, | | I have configured samba 3.0.2 as Dfs root but it seems smbd dont translate | symlink to remote share name. | All targeted shares are from testing workstation directly accessible. ... | pokus - msdfs:prog01t\\share The link should actually look like (on backslash). pokus - msdfs:prog01t\share The docs say to use '\\' (and escaped backslash) when you invoke ln to create the link. You should only have only backslash in the final link. Hope this helps. cheers, jerry -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.1 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFAUGOeIR7qMdg1EfYRAlgdAJsGQ+bWjcmBVtOar2W2ssEQilQT3QCgv3Vc ziF+vMrKg1i+9CkQ8aBZk3c= =rPbF -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] add machine script problem
Beast wrote: * Lukas Meyer [EMAIL PROTECTED] nulis: Hello I set up a Samba 3 PDC with ldap backend. I created an script that adds machine accounts. First it adds the machine account to /etc/passwd and then it creates the user in ldap with smbpasswd -a -m machine. If I run the script by hand, it works and the account has been added. After that I can join the domain without any problems. Now I want to make this machine account creation on the fly. So I added the script to smb.conf as add user script = /path/to/createmachineaccount.sh. If I try to join a domain with a workstation that hasn't any account, the script creates the machine account but on error occurs that I can't log in because the account doesn't exist. After that if I try to join again, the logon process works because it found the machine account. IMO it was because samba can not 'see' changes in ldap. You have to set sleep time in add machine script? btw, why not putting posix account in ldap directory intead of file? --beast Hello I added a sleep time to the add machine script but there's no success. How do you mean putting a posix account in ldap instead of file? If I add a posix account to the machine-account, what file won't I need? regards lm -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Limit user access to one worksation at a time
On Wed, Mar 10, 2004 at 10:41:18AM +0700, Beast wrote: How about userWorkstations attribute? It will only allow login from one WS, which will restrict login more than once. You mean, if I list all workstations available to this user, I will also get this feature of a single login at the same time? -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Disabling Machine Account password change
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Florian Thiel wrote: | We set the registry entry (see MSDN article) locally for a bunch of | machines. The problem is that we're deling with about 700 machines | spread out in the whole city. We are not able to disable the hard drive | protection remotely, so this would be tedious. | | I would really like a clean centralized solution. The MS kb artcile mentions the RefusrPasswordChange reg value. You could add this to the hardcoded registry paths than Samba supports. cheers, jerry - -- Hewlett-Packard- http://www.hp.com SAMBA Team -- http://www.samba.org GnuPG Key http://www.plainjoe.org/gpg_public.asc If we're adding to the noise, turn off this song --Switchfoot (2003) -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.1 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFAUGZZIR7qMdg1EfYRArrXAJ9UOKaRzynsPe48X/KdUapT6qLUcACgprPl 9h8paSVd6HpD6oqgdXN5tTo= =ftM0 -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba and LDAP backend - howto docs problems?
* Fernando Pintabona [EMAIL PROTECTED] nulis: here: http://www.amazon.com/exec/obidos/tg/detail/-/0131472216/qid=1079009247/sr=1-1/ref=sr_1_1/103-1507164-4910244?v=glances=books A really good place to start ;) I agree, but its 384 pages is not that quick ;-p something like : http://www.openldap.org/doc/admin22/quickstart.html really quick (and dirty), but works ;) --beast -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Samba3 tar.gz install ERROR (again)
I know I already asked this question before, but I had some problems with my mail and I have to ask again (sorry) Please help me... I´m trying to compile samba3 with mysql on Redhat9 and I get the following error with this command line: ./configure --with-expsam=xml,mysql --with-pam --with-pam_smbpass configure: error: --with-pam specified but no PAM headers found and ./configure --with-expsam=xml,mysql --with-pam_smbpass configure: error: No security/pam_appl.h found and ./configure --with-expsam=xml,mysql checking configure summary... configure: error: summary failure. Aborting config PLEASE SOMEONE HELP ME -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] AD user not honouring local group membership
hello list, Without going into details I cannot currently use winbind for AD group data with Samba 3.0.x running on Solaris. I Would like to use winbindd for reading user accounts from AD and then have those AD accounts as members of local (LDAP eventually) groups. I have taken a test user UserAW6 which is visible to Solaris via winbind and added them to a group PrnAdm in /etc/group. I have mapped the UNIX group to a Windows group with net groupmap and then permissioned a directory to the NTGroup from a Windows client system. From the UNIX command line I can su to UserAW6 and can access the folder as expected, but from my Windows client I cannot access the directory because I get access is denied error! My /etc/nsswitch.conf has the following entries for passwd and group passwd files,winbind group files The following winbind related settings are in my smb.conf winbind separator = + winbind cache time = 300 winbind use default domain = Yes template shell = /bin/sh template homedir = /tmp idmap uid = 1-60 idmap gid = 1-60 winbind enum groups = no winbind enum users = yes allow trusted domains = no Why does Samba ignore my AD account's membership of a local UNIX group? Is what I'm attempting possible/supported within Samba, any suggestions? I'm running Samba 3.0.2a on Solaris 8. thanks in advance, Andy. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Limit user access to one worksation at a time
* Andreas [EMAIL PROTECTED] nulis: On Wed, Mar 10, 2004 at 10:41:18AM +0700, Beast wrote: How about userWorkstations attribute? It will only allow login from one WS, which will restrict login more than once. You mean, if I list all workstations available to this user, I will also get this feature of a single login at the same time? Yes if it is only one, but no if more than one... --beast -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba and LDAP backend - howto docs problems?
On Wed, Mar 10, 2004 at 05:03:58PM +0200, Graham Leggett wrote: The functionality provided by smbldap-tools should be built into Samba from scratch, I don't see why there is such a need to jump through hoops like this. Hmm, wait a minute. The thing is that there are two sources of user information in this case. Samba takes care of theirs, but there is also the unix source of user information (like homeDir, uidnumber, gidnumber, etc). I think samba is just being careful to not disturb the unix part (for example, it requires ldap delete dn to be true to completely delete the user dn instead of only the samba attributes). This philosophy has its merits: only touch what is yours. But it can lead to dificulties down the road, yes. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] add machine script problem
* Lukas Meyer [EMAIL PROTECTED] nulis: Hello I added a sleep time to the add machine script but there's no success. IMO you really turn on log level to 5 or higher and check also ldap.log file. If it's slave ldap server, then set ldap replication sleep option. How do you mean putting a posix account in ldap instead of file? If I add a posix account to the machine-account, what file won't I need? I mean using pam/nss ldap, you won't need to store account in /etc/passwd anymore. --beast -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba and LDAP backend - howto docs problems?
On Wed, Mar 10, 2004 at 06:31:42PM +0200, Graham Leggett wrote: I learn however that this is _not_ so - if nss_ldap is not configured correctly, Samba + LDAP won't work. Which leads me on to ask: Why does Samba not read the LDAP configuration from ldap.conf by default, instead of asking for the same information a second time? Because I may be not using nss_ldap at all. I could be storing users in /etc/passwd as usual and only the samba attributes in LDAP. Flexibility, which comes at a price :) This is also a security issue - the root DN password for the LDAP server is stored twice. It is also a usability issue - six months from now is my replacement going to know that the LDAP password needs to be set in two places? Of course not. There is some other discussion going on which relates to this and is password policies. In the future samba may not need the ldap root password. 2) Too Much Rope When users / groups / etc are added to Samba via the normal Windows based admin tools, Samba allows the user to specify a script to do the job. This as a virtually infinitely flexible solution. But the average (99% of cases) system administrator does not need an infinitely flexible system, but rather a system that will get the job done with as little fuss as possible, and in as standard a way as possible, so that third party LDAP database editing tools need not be modified for this particular system's quirks. Perhaps a standard script included in the samba package and already configured in smb.conf would help? -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Trouble mounting a windows share from Linux
I have Fedora Core 1 workstations configured with winbind logging onto our NT domain. Everything is going well except that I cannot seem to figure out how to connect to a windows home directory on a Win2000 server. Here is the scenario: W2K server with home directories for each user: Each user has modify permissions to their share Administrator has full control First off, I need to somehow connect the workstations to these shares after the user logs in. I can successfully connect to them with smbclient, but I need a much more user friendly connection, such as a mount point using smbmount. My attempts to use smbmount have failed, and I was a bit discouraged when I read through the man page and noted that smbmount is for Linux smb filesystems. Does that mean that smbmount will only work with a samba server, not an NT server? Furthermore, I want to figure out a way to autoconnect to these shares upon login. I am hoping that winbind would provide some functionality here since it maps the SIDs to UIDs. I am hoping someone might be able to help me out here. If this kind of connection cannot not be done to at least some extent, it will be a show stopper for deploying Linux in our LAN because all students must have access to their home directories (they carry assignments and projects from elementary all the way to graduation). Unfortunately, I cannot create separate Linux NFS or SMB home directories for these machines because then the students will not have access to their files from windows machines. :-( -- Shawn Iverson Technology Associate New Castle Community School Corporation 765-593-6691 [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba and LDAP backend - howto docs problems?
On Wed, Mar 10, 2004 at 07:33:46PM +0200, Graham Leggett wrote: Your not obligated to use smbldap-tools, but I won't argue with you on that one. I'm not a big fan. Are there alternatives? Yes, more or less polished, for example: http://lam.sourceforge.net/ -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba and LDAP backend - howto docs problems?
On Wed, Mar 10, 2004 at 05:59:14PM +, John H Terpstra wrote: What Samba should do by default is read LDAP parameters from ldap.conf, with the option to override the parameters if the admin so chooses, thus making Samba easy and straightforward for the admin to use out the box. You are assuming that Samba only needs to work with OpenLDAP. You are also assuming that ALL OpenLDAP configurations use the same directory structure. Too many assumptions. How can we implement a universal solution? What must we do to arrive at nirvana? That's something a vendor could/should do, perhaps. The vendor knows where he puts the configuration files, what they look like, etc. Out of the review process for the Samba-3 by Example book has come incessant requests (demand) for better documentation on OpenLDAP. A book called OpenLDAP by Example is presently being written. hey, great :) I hope you also touch BDB issues :) -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] samba 3.0.2a (ported from 2.2.8a) with LDAP failed to add machine account
Beast ?: * zergio [EMAIL PROTECTED] nulis: Beast ?: * zergio [EMAIL PROTECTED] nulis: This: ldap filter = ((uid=%u)(objectclass=sambaSamAccount)) change to: # ldap filter = ((uid=%u)(objectclass=sambaSamAccount)) --beast According to man smb.conf if ldap filter is not set then dafault used Default: /ldap filter/ = ((uid=%u)(objectclass=sambaAccount)) man page can be wrong ;-p Quoting jerry of samba team : quote My opinion is that the 'ldap filter' option in smb.conf should never be set. There are 2 many different LDAP searches now being done (group mapping, users, etc...) and we don't use that option consistently internally anyways. Best to leave it alone IMO. /quote However, I use new samba.schema and there is no sambaAccount, thus ldap gives NO SUCH USER. Have you try it first? mine not: Mar 11 13:13:46 jambu slapd[1397]: conn=101167 op=6 SRCH base=ou=jakarta,dc=indorama,dc=com scope=2 filter=((uid=jktjalan)(objectClass=sambaSamAccount)) --beast I've tried to set ldap filter to NULL string with swat - It didn't work. When I deleted the string from smb.conf file and restarted smbd a machine successfully joined the domain. I appreciate you help. Thank you very much! -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] add machine script problem
Am Donnerstag, 11. März 2004 13:28 schrieb Lukas Meyer: Hello I set up a Samba 3 PDC with ldap backend. I created an script that adds machine accounts. First it adds the machine account to /etc/passwd and then it creates the user in ldap with smbpasswd -a -m machine. If I run the script by hand, it works and the account has been added. After that I can join the domain without any problems. Now I want to make this machine account creation on the fly. So I added the script to smb.conf as add user script = /path/to/createmachineaccount.sh. If I try to join a domain with a workstation that hasn't any account, the script creates the machine account but on error occurs that I can't log in because the account doesn't exist. After that if I try to join again, the logon process works because it found the machine account. So I have to join every workstation twice, first for user creation and second for joining the domain. Why doesn't this work in one step? On our old samba 2.2.8a PDC with ldap backend, the whole things worked with the same machine add script. I welcome any suggestions. best regards Lukas hi lucas, can U please support me with the addmachine script ? we want to do the same - but i don't really know how. maybe we find the the little failure together. thanks for your support. best regards -- Jörn Fenzel -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] (no subject)
n 10 Mar 2004, Vlad Sokol [EMAIL PROTECTED] wrote: Hello samba-csadmin, I have some problem. I hope that you will help me: When I'm copying files with russian name to Linux computer than this file can't be used on Linux. I've already configured Samba with neded properties. I use Samba ver 2.2.7. Can you tell what is the problem? -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] LDAP issue, access denied adding machine to domain, and LDAP user can't make unix-login on the box.
Hi, I have a LDAP backend for my Samba 3.0.2, and everything seems to work except adding XP machines to the domain, and unix logins with a ldap client. Since this mail is very long, I have created a small index, so you don't get exhaustet in the middle of all the logs... ;) 1. LDAP user-creation 2. Group info 3. pam/nss info 4. smb.conf [global] 5. Log from trying to add machine to domain 6. Log fror trying to unix-login the user 7. conclution 1) I create new users through a webinterface where i have created test3 as a domain admin and a ldap search returns the following attributes on test3: uidnumber: 10009 sambasid: S-1-5-21-2409322033-11024189-1315579533-21018 cn: test3 displayname: test3 sn: test3 uid: test3 loginshell: /bin/bash homedirectory: /samba/home/test3 gidnumber: 512 objectclass: inetOrgPerson objectclass: sambaSAMAccount objectclass: posixAccount sambahomepath: \\LOGIN\homes sambahomedrive: H: sambaacctflags: [U ] sambadomainname: SKOLE1 sambalogonscript: \\LOGIN\logonScript\test3.bat sambaprofilepath: \\LOGIN\test3\.profile sambaprimarygroupsid: S-1-5-21-2409322033-11024189-1315579533-512 sambalmpassword: 07E9BB454DCA7EBCAAD3B435B51404EE sambantpassword: C3F7CE8E37AB104169F3313FF2C6AC6A userpassword: {MD5}WnsFSpsqzAhNDorh9YhDpA== I can validate the user with smbclient -L localhost -U test3 but NOT login the user in linux! 2) A net groupmap list return the interesting parts like: Domain Admins (S-1-5-21-2409322033-11024189-1315579533-512) - admin Domain Computers (S-1-5-21-2409322033-11024189-1315579533-553) - Domain Computers And all the admin tools seems to work as well, smbpasswd, and the smbldat tools in /usr/local/sbin seems to work (I can create new users with smbldap-useradd.pl)! and ls -l /usr/local/sbin returns: -rwxr-xr-x1 root staff 2 Feb 12 16:22 mkntpwd -rwxr-xr-x1 root staff4367 Feb 10 21:05 smbldap-groupadd.pl -rwxr-xr-x1 root staff2324 Feb 10 21:05 smbldap-groupdel.pl -rwxr-xr-x1 root staff7869 Feb 10 21:05 smbldap-groupmod.pl -rwxr-xr-x1 root staff1884 Feb 10 21:05 smbldap-groupshow.pl -rwxr-xr-x1 root staff7158 Feb 10 21:05 smbldap-migrate-accounts.pl -rwxr-xr-x1 root staff4974 Feb 10 21:05 smbldap-migrate-groups.pl -rwxr-xr-x1 root staff5599 Feb 10 21:05 smbldap-passwd.pl -rwxr-xr-x1 root staff8995 Feb 10 21:05 smbldap-populate.pl -rw-r--r--1 root staff5521 Feb 10 21:05 smbldap-tools.spec -rwxr-x--x1 root admin 16100 Mar 2 18:45 smbldap-useradd.pl -rwxr-x--x1 root staff 16162 Mar 2 18:37 smbldap-useradd.pl~ -rwxr-xr-x1 root staff2950 Feb 10 21:05 smbldap-userdel.pl -rwxr-xr-x1 root staff 15085 Feb 10 21:05 smbldap-usermod.pl -rwxr-xr-x1 root staff1826 Feb 10 21:05 smbldap-usershow.pl -rwxr-x-wx1 root admin3842 Mar 4 20:21 smbldap_conf.pm -rwxr-x-wx1 root admin3844 Mar 4 20:17 smbldap_conf.pm~ -rw-r--r--1 root staff 18882 Feb 10 21:05 smbldap_tools.pm 3) I suspect nss/pam as the problem, but I don't know how to solve it... My /etc/nsswitch.conf : passwd: files ldap group: files ldap shadow: files ldap hosts: files dns networks: files protocols: db files services: db files ethers: db files rpc:db files netgroup: nis 4) - SMB.CONF - [global] workgroup = SKOLE1 passdb backend = ldapsam:ldap://127.0.0.1/ ldap suffix = dc=login ldap machine suffix = ou=machines ldap user suffix = ou=people ldap group suffix = ou=groups ldap admin dn = cn=admin,dc=login ldap passwd sync = yes ldap delete dn = yes ldap filter = ((uid=%u)(objectclass=sambaSamAccount)) ldap ssl = no passwd chat debug = Yes passwd program =/usr/local/bin/smbldap-passwd.pl -o %u passwd chat = *new*password* %n\n *new*password:* %n\ *successfully* socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 add machine script = /usr/local/sbin/smbldap-useradd.pl -a -w %m add user script = /usr/local/sbin/smbldap-useradd.pl -a %u delete user script = /usr/local/sbin/smbldap-useradd.pl -d %u add group script = /usr/local/sbin/smbldap-useradd.pl -a -g %g delete group script = /usr/local/sbin/smbldap-useradd.pl -d -g %g add user to group script = /usr/local/sbin/smbldap-useradd.pl -j -u %u -g %g delete user from group script = /usr/local/sbin/smbldap-useradd.pl -j -u %u -g %g set primary group script = /usr/local/sbin/smbldap-useradd.pl -m -u %u -gid %g server string = thePri Samba Server netbios name = THEPRI #printcap name = cups load printers = no #printing = cups log file = /var/log/samba/%m.log log level = 3 max log size = 5000 security = user encrypt passwords = true socket options = TCP_NODELAY
[Samba] Tdb_fetch failed
Just deployed samba print server. Print jobs are going thru but getting: Mar 11 08:11:53 printsrv smbd[2017]: [2004/03/11 08:11:53, 0] smbd/connection.c: register_message_flags(220) Mar 11 08:11:53 printsrv smbd[2017]: register_message_flags: tdb_fetch failed Mail list archive thread said to use tdbbackup. What good will that do? What should I look for in tdbbackup -v? Should I delete those tdb that are corrupt and restart? Lee. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Re:samba
Set in smb.conf client code page = 866 character set =KOI8-R If your locale is ru_RU.koi8r it should work -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re:[Samba] LDAP issue, access denied adding machine to domain, and LDAP user can't make unix-login on the box.
I think you need to delete sting: ldap filter = ((uid=%u)(objectclass=sambaSamAccount)) I got similar problem with adding machine account. Stated above helped, thank to @[EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Disabling Machine Account password change
Gerald (Jerry) Carter schrieb: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Florian Thiel wrote: | We set the registry entry (see MSDN article) locally for a bunch of | machines. The problem is that we're deling with about 700 machines | spread out in the whole city. We are not able to disable the hard drive | protection remotely, so this would be tedious. | | I would really like a clean centralized solution. The MS kb artcile mentions the RefusrPasswordChange reg value. You could add this to the hardcoded registry paths than Samba supports. Yes, that's the idea. The problem is that I'm not feeling able to do this on my own. Is there a samba developer around? I think it shouldn't be too hard if you know the structures. I'm not even sure what value Windows expect in return... Florian -- Florian Thiel - Medienzentrum Kassel Systembetreuung Internet- und Kommunikationstechnik Kasseler Schulen am Netz - http://www.medienzentrum-kassel.de -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] AD user not honouring local group membership
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ww m-pubsyssamba wrote: | hello list, | | | Without going into details I cannot currently use winbind | for AD group data with Samba 3.0.x running on Solaris. | | I Would like to use winbindd for reading user accounts | from AD and then have those AD accounts as members | of local (LDAP eventually) groups. This isn't supported currently since smbd takes some shortcuts to get user groups when using winbindd. You only alternative is to replicate the user and group accounts into /etc/passwd and /etc/group and manage them like standard UNIX accounts. It would not be impossible to support mixing winbind users and /etc/groups. But it is non-trivial and any solution would require a fair amount of testing to ensure that it did not introduce regressions from soem of the other necessary behavior. cheers, jerry - -- Hewlett-Packard- http://www.hp.com SAMBA Team -- http://www.samba.org GnuPG Key http://www.plainjoe.org/gpg_public.asc If we're adding to the noise, turn off this song --Switchfoot (2003) -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.1 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFAUHuuIR7qMdg1EfYRApW+AJ0eGGnhX8g6SzbG3FEYXGZZUhp45gCdHm0U QLN/14JOyobPQgjTr5IyrUE= =oihK -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Groups not listed in USERMGR.EXE
Dear list, I'm using samba 3.0.2a on a RedHat Linux server. Samba is configured as being a PDC. When I use the usermanager from SRVTOOLS.EXE on my W2K workstation I don't see any groups listed in the window below the userlist. Also when I look at the properties of on of the user (who is member of more than one group) I only see that a primary group is assigned, the one in /etc/passwd. The member of and the not member of windows are empty. Anyone seen this behaviour before? The configuration lines concerning users and groups in my smb.conf are: username map = /etc/samba/smbusers add user script = /usr/sbin/useradd -n -d /home/%u -g users -c 'User Account' -s /sbin/nologin -m %u add machine script = /usr/sbin/useradd -n -d /dev/null -g users -c Machine -s /sbin/nologin -M %u$ delete group script = /usr/sbin/groupdel %g delete user script = /usr/sbin/userdel -r %u set primary group script = /usr/sbin/usermod -g %g %u add user to group script = /usr/sbin/usermod -G %g %u delete user from group script = /usr/bin/gpasswd -d %u %g TIA, Erik Hoitinga web: http://users.skynet.be/fanzel -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] how to user full name and description of User manager for domain???
Full name and description is not asocciated with adduser script samba, how add it??? Regards Marcelo Mujica Adrián -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] The Openldap-2.2.X and Samba-3.0.X Howto
I have created this howto which includes all steps from downloading up to configuring an openldap (with gssapi auths) and samba servers (The process includes how to build Berkeley db, Heimdal, Cyrus Sasl and your own Certificate Authority). I hope it is usefull to the comunity. http://www.math.gatech.edu/~dijuremo/ldap/ If you have any suggestions or find any errors please let me know. Thanks, Diego -- Diego Julian Remolina System Administrator School of Mathematics Georgia Institute of Technology -- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Trouble mounting a windows share from Linux
First off, I need to somehow connect the workstations to these shares after the user logs in. I can successfully connect to them with smbclient, but I need a much more user friendly connection, such as a mount point using smbmount. My attempts to use smbmount have failed, What does failed mean? Didn't work at all, permission problem, or what? and I was a bit discouraged when I read through the man page and noted that smbmount is for Linux smb filesystems. Does that mean that smbmount will only work with a samba server, not an NT server? Well, I' m sure that I have used smbmount to connect to Windows servers in the past. Stefan -- * in-put GbR - Das Linux-Systemhaus Stefan-Michael Günther Moltkestraße 49 D-76133 Karlsruhe Tel./Fax : +49 (0)721 / 83044 - 98/93 http://www.in-put.de/ * ___ ... and the winner is... WEB.DE FreeMail! - Deutschlands beste E-Mail ist zum 39. Mal Testsieger (PC Praxis 03/04) http://f.web.de/?mc=021191 -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Trouble mounting a windows share from Linux
Right at the end of smbmount man page, you have an example using mount. SMB type of filesystem is the way linux sees a SAMBA (or NT domain/workgroup )share. You may want to try specifying the domain also. Fernando P On Thu, 2004-03-11 at 16:21, =?iso-8859-1?Q? Stefan=20G=FCnther ?= wrote: First off, I need to somehow connect the workstations to these shares after the user logs in. I can successfully connect to them with smbclient, but I need a much more user friendly connection, such as a mount point using smbmount. My attempts to use smbmount have failed, What does failed mean? Didn't work at all, permission problem, or what? and I was a bit discouraged when I read through the man page and noted that smbmount is for Linux smb filesystems. Does that mean that smbmount will only work with a samba server, not an NT server? Well, I' m sure that I have used smbmount to connect to Windows servers in the past. Stefan -- * in-put GbR - Das Linux-Systemhaus Stefan-Michael Günther Moltkestraße 49 D-76133 Karlsruhe Tel./Fax : +49 (0)721 / 83044 - 98/93 http://www.in-put.de/ * ___ ... and the winner is... WEB.DE FreeMail! - Deutschlands beste E-Mail ist zum 39. Mal Testsieger (PC Praxis 03/04) http://f.web.de/?mc=021191 -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba3.0.2a, MS Office (Excel), Save problem.
On Mon, 1 Mar 2004 [EMAIL PROTECTED] wrote: Hi all, I've done a brief search of the list archieves and cannot find any solutions to this problem, so I'll post my story and hopefuly someone will have a better answer. Brief Description: This problem has now occured with a number of users, running different versions of Office (see below). When saving documents, Office seems to set the read-only bit. The problem is best shown with Excel, which when saving a spredsheet, reports the following error: The Document was saved succesfully, but Excel cannot re-open it because of a sharing violation. Please Close the Document and try again. More details: I use Excel in all my examples here, since I personally have only been able to get the bug to occur when using Excel, but others have reported it occuring in Word aswell. When opening the document in Excel, the permissions are fine, however when saving, for some reason excel sets the read-only bit, which gets translated in linux permissions to -r--rw-rw-. We are using extended ACLs, and Office always seems to muck arround with those bits anyhow. [ - snip - section with extra info ] The only thing I can think of thats worth noting in the above splattering of info is the acl on abc_sales.xls, the group:113:rwx, there is NO gid 113. A search of the LDAP directory AND of /etc/passwd reveals no gid 113, and noone belonging to any gid 113. (maybe a clue?). (oh, and no, that acl line wasn't there before Excel came along and screwed it). Products: The problem appears in Office 97, Office 2002, Office XP, and Office 2003. [ - snip - some more info ] Why is it happening? In my deployment of Samba 3.0.2a to two production environments I came across this problem. I am not using ACLs in the underlying filesystem (ext3fs) on our Linux servers but files saved by Excel and Word (Office XP/2003) were getting Unix modes of 0444 (only the read flag set). In my case I was able to boil the problem down to the following combination of options: profile acls = yes nt acl support = yes If both of these are set for a share (nt acl support is enabled for all shares by default), Excel and Word will reset the file permissions to read-only for files saved. I suspect this has to do with Office applications trying to change the ACLs on files they manipulate. Regards, /Jonas Olsson -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Trouble mounting a windows share from Linux
Le jeu 11/03/2004 à 16:26, Fernando Pintabona a écrit : Right at the end of smbmount man page, you have an example using mount. SMB type of filesystem is the way linux sees a SAMBA (or NT domain/workgroup )share. You may want to try specifying the domain also. Fernando P On Thu, 2004-03-11 at 16:21, =?iso-8859-1?Q? Stefan=20G=FCnther ?= wrote: First off, I need to somehow connect the workstations to these shares after the user logs in. I can successfully connect to them with smbclient, but I need a much more user friendly connection, such as a mount point using smbmount. My attempts to use smbmount have failed, What does failed mean? Didn't work at all, permission problem, or what? whithout your smbmount command line syntax and the error message, nobody can do anything for you. -- *** [EMAIL PROTECTED] OpenPGP public key: http://www.amakuru.net/dmorel.asc 28192ef126bc871757cb7d97f4a44536 signature.asc Description: Ceci est une partie de message =?ISO-8859-1?Q?num=E9riquement?= =?ISO-8859-1?Q?_sign=E9e=2E?= -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] downloading printer drivers from W98 client
Hi I've got some problems with the download of Adobe PostScript printer drivers on a Windows 98 client : On the server side (Red Hat 9 / Samba 3.0.1 / Cups 1.1.17) : I installed succesfully my printers with Cups and they work fine on Linux I ran cupsaddsmb tool to copy the Adobe files in the [print$] directory which gives this result : ./W32X86/2 : cupsdrvr.dllcups.hlpcupsui.dllhp2200.ppd hp2300.ppd ./WIN40 : ADFONTS.DLLDEFPRTR2.PPDICONLIB.DLLPSMON.DLL ./WIN40/0 : ADOBEPS4.DRVADOBEPS4.HLPhp2200.PPDhp2300.PPD On the client side (Windows 98) : I install the printer via the Network Neighbourhood but only the ADOBEPS4.DRV file is copied from the server and Windows can't print the Test Page. If I manually install the Adobe Drivers on the client, I can use the printer. I think that there is an error while the files are copied to the client but I found no information in Samba's log and Cups logs. I don't understand what's going on, can someone help me ? Thank you all and sorry for my bad english : ) Norbert GOMES IUFM Orléans-Tours Service Informatique -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Non-primary group permissions
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 gibbs, simon wrote: | Hi, | | I have a problem that if I set a file or directory group owner, users | that are members of this group cannot access it unless this is | their primary group. | | This is using samba 3.0.2a - all user and group info is coming from | winbind. Just out of curiousity, could you try the patch included at https://bugzilla.samba.org/show_bug.cgi?id=1165. Mail me directly and let me know if that works. Thanks. cheers, jerry - -- Hewlett-Packard- http://www.hp.com SAMBA Team -- http://www.samba.org GnuPG Key http://www.plainjoe.org/gpg_public.asc If we're adding to the noise, turn off this song --Switchfoot (2003) -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.1 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFAUJAWIR7qMdg1EfYRAsCYAJ9P0jF60mtsvk//lHJ/XFW4YiqQgQCdHzqD JHjMOVOnXBCSSgH4C/4l2Co= =sFyN -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] samba 3 ldap pdc
On Thu, 2004-03-11 at 00:51, Lukas Meyer wrote: Hi list! I set up a new Samba 3 PDC with ldap backend. In our network, there already exists an old samba 2.2.8 PDC with ldap backend. Now I have two PDC named DOMAIN1 and DOMAIN2. Because in our network, there are a lot of windows NT4 and W2k workstations that are loggin on to DOMAIN1, I don't want to join every workstation to DOMAIN2. Is it possible to shut down DOMAIN1, and configure the new PDC DOMAIN2 as DOMAIN1 so the workstations don't have to join again btw wouldn't get new profiles? I migrated all workstation and user accounts to the new one, so every workstation and user has also access to the new PDC. Or exists any other method of migrating to the new PDC? The big problem is that I want to keep the profiles of every user. I am a bit surprised by this question since it would seem that someone that has already set up LDAP on both samba 2.2x 3 has a pretty good working knowledge of the differences in schema/attributes of the two and could probably slapcat their LDAP from the 2.2x version (machine accounts) - find replace fix the changes and import them into the LDAP store for 3.0.x Obviously the DOMAIN NAME, localSID, GID's etc will differ and those must also be fixed. There is a section about conversion from 2.2x to 3.0.x in the how-to Craig -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] smb.conf
This is just a quick question, what is the difference between + and @ when using groups for say valid users or write list ex valid users = +staff valid users = @staff -- Kent L. Nasveschuk [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Samba 3.0.2a+LDAP+PDC
Hi! I'm trying to get samba and LDAP work together but there is some problems. I'm using Samba 3.0.2a prebuild binaries (RH9) and openldap-2.0.27. (I've tried also to compile samba myself and the result is same) Everything goes fine, I can change password for users with smbldap-passwd, add users, delete users which are located in LDAP -directory. Everything seems to be ok. While trying to add W2K machine in a domain there's following error in the curacao2.log (my w2k ws logfile) and windows says : The following error occurred attempting to join the domain DOMAIN : The remote procedure call failed [2004/03/11 18:24:50, 0] lib/fault.c:fault_report(36) === [2004/03/11 18:24:50, 0] lib/fault.c:fault_report(37) INTERNAL ERROR: Signal 11 in pid 14468 (3.0.2a) Please read the appendix Bugs of the Samba HOWTO collection [2004/03/11 18:24:50, 0] lib/fault.c:fault_report(39) === [2004/03/11 18:24:50, 0] lib/util.c:smb_panic(1400) PANIC: internal error [2004/03/11 18:24:50, 0] lib/util.c:smb_panic(1408) BACKTRACE: 27 stack frames: #0 smbd(smb_panic+0x11c) [0x81c3c3c] #1 smbd [0x81b2372] #2 /lib/tls/libc.so.6 [0x420275c8] #3 smbd(smbldap_make_mod+0xb5) [0x822c125] #4 smbd [0x819d916] #5 smbd [0x819f55e] #6 smbd [0x8197658] #7 smbd(pdb_update_sam_account+0x2e) [0x81989fe] #8 smbd [0x813b4cb] #9 smbd(_samr_set_userinfo2+0x15b) [0x813c4eb] #10 smbd [0x813275e] #11 smbd(api_rpcTNP+0x159) [0x814b109] #12 smbd(api_pipe_request+0xaf) [0x814aecf] #13 smbd [0x81445c6] #14 smbd [0x8144919] #15 smbd [0x8144b5b] #16 smbd [0x8144d5c] #17 smbd(write_to_pipe+0xf2) [0x8144cb2] #18 smbd [0x8089cde] #19 smbd(reply_trans+0x54b) [0x808a6ab] #20 smbd [0x80c8466] #21 smbd [0x80c8639] #22 smbd(process_smb+0x8f) [0x80c884f] #23 smbd(smbd_process+0x167) [0x80c9497] #24 smbd(main+0x4bf) [0x822fc1f] #25 /lib/tls/libc.so.6(__libc_start_main+0xe4) [0x42015574] #26 smbd(ldap_msgfree+0x8d) [0x8076f21] [2004/03/11 18:24:50, 1] smbd/ipc.c:api_fd_reply(292) api_fd_reply: INVALID PIPE HANDLE: 7255 Other smb-tools stuff works fine and I'm 100% sure that my configurations are correct but something happens when trying to join domain. If someone has idea what could be wrong it would be nice because I've spent too much time for this at the moment. /Markus -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Trouble mounting a windows share from Linux
On Thursday, March 11, 2004 10:27 AM, Fernando Pintabona said: Right at the end of smbmount man page, you have an example using mount. SMB type of filesystem is the way linux sees a SAMBA (or NT domain/workgroup )share. You may want to try specifying the domain also. Fernando P Sorry, I could not find an example on the man page on this particular machine. snip What does failed mean? Didn't work at all, permission problem, or what? Aplologies for not posting the output. Here it is: Using smbclient works: [EMAIL PROTECTED] shawn]$ smbclient //testtech/shawn -U shawn Password: smb: \ ls . DA0 Thu Mar 11 11:53:32 2004 .. DA0 Thu Mar 11 11:53:32 2004 New Folder D0 Thu Mar 11 11:53:32 2004 49580 blocks of size 65536. 48830 blocks available smb: \ quit Using smbmount fails. I am unsure how to install smbmnt as suid root: [EMAIL PROTECTED] shawn]$ smbmount //testtech/shawn /home/shawn/mnt username=shawn uid=shawn gid=shawn fmask=0755 gmask=0755 workgroup=tech rw Password: smbmnt must be installed suid root for direct user mounts (503,503) smbmnt failed: 1 Attempted as root: [EMAIL PROTECTED] root]# smbmount //testtech/shawn /home/shawn/mnt username=shawn uid=root gid=root fmask=0755 gmask=0755 workgroup=tech rw Password: 4606: session setup failed: ERRDOS - ERRnoaccess (Access denied.) SMB connection failed -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Trouble mounting a windows share from Linux
Sorry, my memory failed... I really meant when you execute smbmount with no parameters. :) and not the man page. Fernando p On Thu, 2004-03-11 at 18:55, Shawn Iverson wrote: On Thursday, March 11, 2004 10:27 AM, Fernando Pintabona said: Right at the end of smbmount man page, you have an example using mount. SMB type of filesystem is the way linux sees a SAMBA (or NT domain/workgroup )share. You may want to try specifying the domain also. Fernando P Sorry, I could not find an example on the man page on this particular machine. snip What does failed mean? Didn't work at all, permission problem, or what? Aplologies for not posting the output. Here it is: Using smbclient works: [EMAIL PROTECTED] shawn]$ smbclient //testtech/shawn -U shawn Password: smb: \ ls . DA0 Thu Mar 11 11:53:32 2004 .. DA0 Thu Mar 11 11:53:32 2004 New Folder D0 Thu Mar 11 11:53:32 2004 49580 blocks of size 65536. 48830 blocks available smb: \ quit Using smbmount fails. I am unsure how to install smbmnt as suid root: [EMAIL PROTECTED] shawn]$ smbmount //testtech/shawn /home/shawn/mnt username=shawn uid=shawn gid=shawn fmask=0755 gmask=0755 workgroup=tech rw Password: smbmnt must be installed suid root for direct user mounts (503,503) smbmnt failed: 1 Attempted as root: [EMAIL PROTECTED] root]# smbmount //testtech/shawn /home/shawn/mnt username=shawn uid=root gid=root fmask=0755 gmask=0755 workgroup=tech rw Password: 4606: session setup failed: ERRDOS - ERRnoaccess (Access denied.) SMB connection failed -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] downloading printer drivers from W98 client
Norbert Gomes norbert.gomes at orleans-tours.iufm.fr Thu Mar 11 16:06:56 GMT 2004 Hi I've got some problems with the download of Adobe PostScript printer drivers on a Windows 98 client : On the server side (Red Hat 9 / Samba 3.0.1 / Cups 1.1.17) : I installed succesfully my printers with Cups and they work fine on Linux I ran cupsaddsmb tool to copy the Adobe files in the [print$] directory which gives this result : ./W32X86/2 : cupsdrvr.dllcups.hlpcupsui.dllhp2200.ppd hp2300.ppd ./WIN40 : ADFONTS.DLLDEFPRTR2.PPDICONLIB.DLLPSMON.DLL ./WIN40/0 : ADOBEPS4.DRVADOBEPS4.HLPhp2200.PPDhp2300.PPD On the client side (Windows 98) : I install the printer via the Network Neighbourhood but only the ADOBEPS4.DRV file is copied from the server and Windows can't print the Test Page. If I manually install the Adobe Drivers on the client, I can use the printer. Could you post the complete output of cupsaddsmb -v, please? (Remember to replace that root or other password that shows up there) Cheers, Kurt -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Limit user access to one worksation at a time
On Wednesday 10 March 2004 04:41, Beast wrote: * Andreas [EMAIL PROTECTED] nulis: On Tue, Mar 09, 2004 at 10:12:56PM +0100, Wim Bakker wrote: Is there a mechanism in samba available to limit access to workstations by users to only one at a time? This is, that any given user can only be logged in at one workstation at a time. I was looking for this also, but it seems there isn't one. What some folks suggested was to use a root preexec script attached to the netlogon share and them run smbstatus and figure it out from there. How about userWorkstations attribute? It will only allow login from one WS, which will restrict login more than once. This is working only with ldap password backend I suppose? I will try to move the whole system to a ldap password backend, necessary anyway to have smba bdc's in the future. wb -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Getting ACLs to work with Samba 3.0.2a
On Wednesday 10 March 2004 15:51, John H Terpstra wrote: On Wed, 10 Mar 2004, Michael Frotscher wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hmm, nobody got an idea on what it could be? Yes. 1. Make sure that your file system is mounted with ACLs support example: (from my /etc/fstab) /dev/hda6 /export reiserfsacl,user_xattr 1 2 2. Make sure that your Samba-3 has been correctly compiled. The easiest test is: smbd -b | grep ACL Correct output is: HAVE_SYS_ACL_H HAVE_POSIX_ACLS 3. Ensure that the user account you log into Windows with has the right under UNIX to modify ACLS. The coreutils package should have been patched for acl's too, as well as the kernel. Allso take care of the e2fsprogs package version 1.27 should be patched for acl support too. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Trouble mounting a windows share from Linux
-Original Message- From: Shawn Iverson Sent: Thursday, March 11, 2004 2:07 PM To: '[EMAIL PROTECTED]' Cc: [EMAIL PROTECTED] Subject: RE: [Samba] Trouble mounting a windows share from Linux On Thursday, March 11, 2004 1:07 PM Fernando Pintabona wrote: Sorry, my memory failed... I really meant when you execute smbmount with no parameters. :) and not the man page. Fernando p Ahh...it works great when using mount instead of smbmount. Thanks! I can't believe I overlooked that. Next questions: Is there a way that I can have this share mounted during login without prompting for a password and still keep the share secure to the user? After all, the user did just enter their password during login. Perhaps I could add something to .bashrc? Unfortunately, I must do this without exposing the user's password as plain text in any form. BTW, does smbmount encrypt the password? -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Trouble mounting a windows share from Linux
Using smbmount fails. I am unsure how to install smbmnt as suid root: chmod u+s /usr/bin/smbmount Hm, suid root -not a really good idea ... [EMAIL PROTECTED] root]# smbmount //testtech/shawn /home/shawn/mnt username=shawn uid=root gid=root fmask=0755 gmask=0755 workgroup=tech rw Password: 4606: session setup failed: ERRDOS - ERRnoaccess (Access denied.) SMB connection failed -- Did you add root to smbpasswd? Maybe the reason,why it fails. Is it really necessary that your user are able to mount the shares manually or is it acceptable for you that the user shares are mounted automatically when the computer starts? If second option is ok for you, you shoudl have a look at how SuSE deals with this problem. SuSE uses a file called smbfstab in /etc/samba: # service moint-point options ;//fjall/test /data/test username=tridge,password=foobar This file is used for a start script (/etc/init.d/smbfs) which mounts all smb filesystems during system start. Hope that helps a bit, Stefan -- * in-put GbR - Das Linux-Systemhaus Stefan-Michael Günther Moltkestraße 49 D-76133 Karlsruhe Tel./Fax : +49 (0)721 / 83044 - 98/93 http://www.in-put.de/ * _ Der WEB.DE Virenschutz schuetzt Ihr Postfach vor dem Wurm Beagle.A-J! Kostenfrei fuer FreeMail Nutzer. http://f.web.de/?mc=021158 -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Problem since switching to 3.0.2/3.0.2a
Dear Samba Team, I have recently upgraded from Samba 2.2.8a to Samba 3.0.2 where I first noticed the issue. I have also installed 3.0.2a to check if the problem I found may have already been fixed before submitting this issue. Here's the problem: After migrating and switching from passdb backend smbpasswd to the new tdbsam backend, I started having problems with user's profiles. I was getting error messages about not being able to download the user's profile from the server and such. So upon checking the profile directory on the server, I noticed that there was a directory there named %u which had never been there before. I used User Manager for domains (after authenticating to the Samba domain as root), and found that the user's profile was actually being stored in the tdbsam database with the %u at the end of the User Profile Path instead of making the substitution to the actual username. My workaround for now is to use user manager and manually switch the %u in the user profile for each user to the actual username. I believe the fix would be to change the behavior of pdbedit so that when the database is migrated from smbpasswd to tdbsam (or whatever other databases that may apply) that the pdbedit program actually substitute the %u to the actual username as it populates the destination database. The smbpasswd program should also do this when it creates a new user account. I have been a long time user of Samba and really appreciate all the hard work that all of you do there. Thank you for making such a wonderful tool. Keep up the great work! Best regards, Arnold Andrews Sr. Systems Administrator Seagate Technology -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] DVD Case CD Sleeve Prices (Updated)
We've updated our prices! Here is just a sample: Black DVD Cases --- $0.1952 Each for 25 DVD Cases $0.1171 Each for 10,000 DVD Cases White Paper CD Sleeves with 4 Window and Flap --- $0.065 Each for 50 Sleeves $0.017 Each for 20,000 Sleeves * Call for larger quantities Visit http://securedisc.com for many more items at very low prices: - CD-Rs - $27.00 for 100! - DVD-R - $99.00 for 100! - CD Hubs - $3.75 per 100! - CD Mailers - $4.50 per 100! - and more... Thanks, Danny Vidal General Manager SecureDisc.com, Inc. 7938 South 3500 East Salt Lake City, Utah 84121 Salt Lake City 801-453-0238 Toll Free 1-(877)-347-2758 Fax 801-880-2544 e-mail [EMAIL PROTECTED] http://securedisc.com * Prices are FOB Ogden, Utah 84404. We respect your preference to not receive further e-mail from us. To remove your name from our list, please send a message to [EMAIL PROTECTED] and it will be promptly honored. You may also remove your name by directing your browser to the following URL: http://securedisc.com/[EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] smb.conf
Quoting Kent L. Nasveschuk kent-at-wareham.k12.ma.us |Samba| [EMAIL PROTECTED]: This is just a quick question, what is the difference between + and @ when using groups for say valid users or write list ex valid users = +staff valid users = @staff Per /usr/share/samba/swat/help/smb.conf.5.html (SuSE 9.0)... A name starting with a '@' is interpreted as an NIS netgroup first (if your system supports NIS), and then as a UNIX group if the name was not found in the NIS netgroup database. A name starting with '+' is interpreted only by looking in the UNIX group database. A name starting with '' is interpreted only by looking in the NIS netgroup database (this requires NIS to be working on your system). The characters '+' and '' may be used at the start of the name in either order so the value +group means check the UNIX group database, followed by the NIS netgroup database, and the value +group means check the NIS netgroup database, followed by the UNIX group database (the same as the '@' prefix). HTH Mike -- SuSE 9.0 Pro (2.4.21-192-default) with samba-2.2.8a-107 -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Winbind Kerberos Problem? - Getting Wrong User SID
I am having trouble getting users connected to shares after setting ACL permissions on the share (removing the Everyone group and adding specific users). I have no problem with wbinfo, getent, or net join commands. I can also kinit a user and use smbclient -k to connect to windows shares from the samba server. I have removed ncsd from the system to make sure it can't run. BTW, the user can connect if the share is access via the IP address of the samba server which forces the authentication back to NTLM (?) rather than using kerberos. Any help would be greatly appreciated. I cannot figure out where the incorrect sid is coming from or why this is happening. Thank you, Steve Aden Configuration: Samba 3.0.2a on Fedora Core1 (exact same problem running Samba on RH9) joined as a domain member. Windows 2000 (Service Pack 4) ADS Turning up the logging to 10, I see the following in the log: [2004/03/11 14:14:50, 10] lib/util_seaccess.c:se_access_check(234) se_access_check: requested access 0x0002, for NT token with 7 entries and first sid S-1-5-21-74637098-2648309090-1386157172-21006. [2004/03/11 14:14:50, 3] lib/util_seaccess.c:se_access_check(251) [2004/03/11 14:14:50, 3] lib/util_seaccess.c:se_access_check(252) se_access_check: user sid is S-1-5-21-74637098-2648309090-xx-21006 -wrong sid se_access_check: also S-1-5-21-74637098-2648309090-xx-21001 se_access_check: also S-1-1-0 se_access_check: also S-1-5-2 se_access_check: also S-1-5-11 se_access_check: also S-1-5-21-1202660629-1292428093-xx-513 se_access_check: also S-1-5-32-545 se_access_check: ACE 0: type 0, flags = 0x00, SID = S-1-5-21-1202660629-129242 8093-xx-512 mask = 1f01ff, current desired = 2 se_access_check: ACE 1: type 0, flags = 0x00, SID = S-1-5-21-1202660629-129242 8093-xx-1586 mask = 1301bf, current desired = 2 [2004/03/11 14:14:50, 5] lib/util_seaccess.c:se_access_check(315) se_access_check: access (2) denied. The problem here is that the user sid does not match the actual sid of the user and displayed on the workstation the user is logged into. This is verified with the Microsoft reskit command whoami /all. Above the user sid being checked ends with 21006. The actual sid ends with 1586. The sid list for the share near the end actually contains the sid ending in 1586, but obviously doesn't match the incorrect sid of the user. wbinfo -s S-1-5-21-74637098-2648309090-xx-21006 Could not lookup sid wbinfo -s S-1-5-21-1202660629-1292428093-xx-512 = DOMAIN_testgirl (This is correct) I notice some other strange things that may be related. Running getent passwd | grep -i mysambaserver I get DOMAIN_HOST/mysambaserver:x:... Running getent passwd | grep -i mywindowsserver I get DOMAIN_MYWINDOWSSERVER$:x:... I don't know why these would be different. Joining the samba server to ADS appears to append HOST/ to the name? Also my other computer names have a $ at the end of the name. Also, most of the log files are being created under their IP addresses, instead of the computer name. smb.conf [global] log level = 10 passdb:10 auth:10 winbind:10 adminusers= DOMAIN_myaccount addsharecommand = /usr/share/doc/samba-3.0.2a/examples/misc/modify_samba_config.pl deletesharecommand= /usr/share/doc/samba-3.0.2a/examples/misc/modify_samba_config.pl maxlogsize= 50 winsserver= 172.16.X.X idmapuid = 1-2 dnsproxy = yes realm = DOMAIN.COM winbind enum groups = yes logfile = /var/log/samba/log.%m socketoptions = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 workgroup = DOMAIN netbios name = MYSAMBASERVER changesharecommand= /usr/share/doc/samba-3.0.2a/examples/misc/modify_samba_config.pl winbindseparator = _ serverstring = Samba 3 Server encryptpasswords = yes security = ADS winbind enum users = yes idmapgid = 1-2 ## Section - [testgirl$] [testgirl$] comment = path = /shares/testgirl * krb5.conf [libdefaults] default_realm = DOMAIN.COM default_etypes = des-cbc-crc des-cbc-md5 default_etypes_des = des-cbc-crc des-cbc-md5 default_tgs_enctypes = des-cbc-crc des-cbc-md5 default_tkt_enctypes = des-cbc-crc des-cbc-md5 kdc_req_checksum_type = 2 dns_lookup_realm = false dns_lookup_kdc = true forwardable = true proxiable = true checksum_type = 2 ccache_type = 1 [realms] DOMAIN.COM= { kdc = myw2kadsserver.domain.com:88 admin_server = myw2kadsserver.domain.com:749 default_domain = domain.com } [domain_realms] .domain.com =
[Samba] WINBIND setup ?
HI, I am trying to setup WINBIND on my Red Hat Linux AS box and I have completed most of the steps but I am encountering come problem when I am joining the samba server to the PDC domain. Below is the syntax I am using: #Smbpasswd -j DOMAIN -r PDC -U Administrator See 'net join' for this functionality Thanks, -- Puneet Talwar Unix Administrator -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Samba 3.0.2a, Winbindd, and Secure Shell
I use ssh to log on to a Linux/390 system based on Redhat 7.2. I cannot log in - password not accepted. I can log in as root. Do I need to modify /etc/pam.d/ssh in the same way I modified /etc/pam.d/login? Should pam_nologin.so be before or after pam_winbind.so in the /etc/pam.d/login file? I have seen examples both ways. Mine is after. Thanks, _/) Tom Shilson ~GEDW VM System Services Aloha Tel: 651-733-7591 tshilson at mmm dot com Fax: 651-736-7689 -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Undeliverable message returned to sender
This message was created automatically by mail delivery software. Delivery failed for the following recipients(s): [EMAIL PROTECTED] The message you sent contained an attachment which the recipient has chosen to block. Usually these sort of attachments are blocked to prevent malicious software from being sent to the recipient in question. The name(s) of the blocked file(s) follow: application.pif To send this file, please place it in a compressed archive using WinZip (http://www.winzip.com) or the archive software of your choice. - Original Message Header - Received: by mail10-ash (MessageSwitch) id 1079041677972073_20712; Thu, 11 Mar 2004 21:47:57 + (UCT) Received: from ati.com (unknown [81.180.131.15]) by mail10-ash.bigfish.com (Postfix) with ESMTP id 1E87D1D4C0A for [EMAIL PROTECTED]; Thu, 11 Mar 2004 21:47:20 + (UCT) From: [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: Re: Your software Date: Thu, 11 Mar 2004 23:47:25 +0200 MIME-Version: 1.0 Content-Type: multipart/mixed; boundary==_NextPart_000_0003_55D3.128E X-Priority: 3 X-MSMail-Priority: Normal Message-Id: [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] force user vs read list
I am in the process of expanding access to a share that currently has the following configuration: [uniqname] comment = Unique comment path = /path/to/the/stuff public = no writable = yes printable = no valid users = user1,user2,user3 force user = cooluser I want to add read-only access to an additional set of users. The smb.conf man page and the Samba-HOWTO are not clear (to me) about the precedence of the force user option versus the read list option - if I add user4 to a read list parameter entry, will they also get logged on as that user and have write permissions (as determined by the underlying filesystem)? I wanted to ask before even trying just to make sure that any discovery isn't later deemed a bug and changed. If the force user overrides the read list, I suppose I can just set up an alternate share pointing to the samba path that is read only with a different set of valid users, but that just feels so kludgey... The samba version in use is 2.2.8a, but I will be upgrading to 3.0.2a in the very near future, in case there is any difference. Thanks in advance for any help. Bill Knox Lead Operating Systems Programmer/Analyst The MITRE Corporation -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] homes on Samba
When you specify the homes share in Samba, where does it store the users home directory at? -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Samba File Server - AD-MIT KDC Trust
Hi, I have a large client who has an MIT Kerberos realm set up. According to MS guidelines, they have also set up a one way trust between their AD domain and their MIT realm so that their users could continue using their MIT kerberos login and password to access kerberized services on their network. Essentially, users log into their PCs using their MIT names/passwords but can access servers bound to AD or outside AD in the MIT kerberos realm. I want to replace a windows 2000 domain member file server with a samba file server for this client. I have bound the samba server to the domain using net ads join but it can't seem to log into the server from clients. With the windows server, the clients who have logged into their machines with MIT credentials transparently get AD credentials and can access their files. Am I barking up the wrong tree here? Is this supposed to work in Samba 3? If so, can anyone give me tips? thanks Aaron -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] force user vs read list
On Thu, 11 Mar 2004, William R. Knox wrote: I am in the process of expanding access to a share that currently has the following configuration: [uniqname] comment = Unique comment path = /path/to/the/stuff public = no writable = yes printable = no valid users = user1,user2,user3 force user = cooluser The 'force user' directive means that at the point of connection the real users identity is lost and the user now is 'cooluser'. I want to add read-only access to an additional set of users. The smb.conf man page and the Samba-HOWTO are not clear (to me) about the precedence of the force user option versus the read list option - if I add user4 to a read list parameter entry, will they also get logged on as that user and have write permissions (as determined by the underlying filesystem)? I wanted to ask before even trying just to make sure that any discovery isn't later deemed a bug and changed. This is a poor solution. The 'force user' and 'force group' directives have serious side-effects and should be avoided if possible, A better way to handle this is to use directory permissions to control who can write and who can read. In this case you could set the directory as read only to 'others' and writable to the group that owns the directory. Then, if you set the SGID bit on the directory all files created within it will always be owned by the group that owns the directory. Alternately, as documented in the Samba-HOWTO-Collection you could jst as well use Share level permissions to limit which groups can write and who gets read-only access. In fact, you can ensure that no-one except members of those groups can even access the share. If you use Share level permissions (ACLs) then you do not need to set in smb.conf the 'valid users' parameter either. If the force user overrides the read list, I suppose I can just set up an alternate share pointing to the samba path that is read only with a different set of valid users, but that just feels so kludgey... The samba version in use is 2.2.8a, but I will be upgrading to 3.0.2a in the very near future, in case there is any difference. The Samba-HOWTO-Collection is available from: http://www.samba.org/samba/docs/Samba-HOWTO-Collection.pdf The chapter File, Directory and Share Access Controls applies to both Samba-2.2.x and Samba-3. - John T. -- John H Terpstra Email: [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] homes on Samba
On Thu, 11 Mar 2004, Delagarza, Gilbert wrote: When you specify the homes share in Samba, where does it store the users home directory at? Please refer to the man page for smb.conf. - John T. -- John H Terpstra Email: [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] HP, Sybase and DM Review Invite You to a Web Seminar
HP, Sybase and DM Review present Converting Compliance Cost into Business Advantage A Roadmap to Real-Time Data Analysis Date: March 18, 2004 Time: 1:00 p.m. - 2:00 p.m. EST Compliance with industry and government regulations is a mandatory cost of doing business. Architecting systems to handle reporting requirements often on five to ten year's worth of detailed business data can seem like a zero-ROI proposition, except to avoid fines for non-compliance. Not so, says experts from HP, Sybase and BearingPoint. HP and Sybase present a one-hour Webcast featuring Jane Griffin, BearingPoint Enterprise Solutions group managing director, that offers a roadmap to converting your compliance reporting costs into real business advantage. Jane Griffin of BearingPoint moderates this one- hour seminar, which offers a roadmap to converting your compliance reporting costs into real business advantage. Presentations will include real-world case study examples and will address topics, such as: - Bridging information silos to create a single view of enterprise data - Dramatically reducing complexity, storage and maintenance costs - Improving business efficiency through best practice analysis - Increasing the speed of query response To register visit: http://www.dmreview.com/eletters/clickReg.cfm?URLID=3713 To unsubscribe send a blank e-mail to [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] winbindd problem - STATUS_BUFFER_OVERFLOW (0x80000005)
I had the same problem. Error and all. What turned out to be my problem was that i was using gentoo and building things for a pentium4, which gcc3.2 makes bad binaries for. So changed everything to build for a pentium3 and the problem was solved. I don't know if this applies to you, but something to be aware of none the less. bryce Daniel Meyer wrote: I did some more tests and this is what i learned: - I did a similar setup in our lab, also with a w2k server (ads in mixed mode), a firewall (same type as in the real world scenario), and identical linux/samba setup - That lab-setup works just fine, so it is not a compilation issue or errors in the samba.conf - exactly the same smb.conf/krb5.conf on the real world system gives the same error as before. The only thing i changed is the name of ads, realm and password-server. So it looks like either a problem with the firewall between the samba server and the windows dc, or some problem with the dc itself. I rather doubt that the problem is on the firewall side, both lab and real world firewall are the same model, same software, and both have all ip traffic between samba and dc permitted. Does anyone have an idea what and where i can check on the windows side? Its a windows 2000 server, servicepack 4, english installation... nothing fancy... Some more research. Removing the firewall doesnt change anything, so i dont think the firewall is causing my problem. I re-checked the windows server, and saw its a SP3 box, my lab-Server had sp4. I'll check again with an sp3 lab-server. But so far, i'm still stuck with the following error: root# net rpc join -U administrator -w DOMAIN -S WINDOWS-DC Password: [2004/03/11 16:51:54, 0] utils/net_rpc_join.c:net_rpc_join_newstyle(326) Error domain join verification (reused connection): STATUS_BUFFER_OVERFLOW Unable to join domain DOMAIN. Joining with net ads join... works, but then wbinfo fails again. Danny -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Samba, Win98 and Outlook?
Samba is merely participating in the WORKGROUP domain. When the Win98 machine is logged on as the equivalent user in the Samba smbpasswd file, smtp e-mail through Outlook prompts for a username/password and does not connect to the netwrk mail server. This seems to me to be a newbie question, but alas, I cannot find an article covering that topic. Any comments on this are welcome. What does Outlook smtp e-mail have to do with a local file sharing setup anyway? Befuddled. __ Do you Yahoo!? Yahoo! Search - Find what youre looking for faster http://search.yahoo.com -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE: [Samba] homes on Samba
I find that it is going to the /home directory but I get an access denied. Why is that? -Original Message- From: John H Terpstra [mailto:[EMAIL PROTECTED] Sent: Thursday, March 11, 2004 4:17 PM To: Delagarza, Gilbert Cc: [EMAIL PROTECTED] Subject: Re: [Samba] homes on Samba On Thu, 11 Mar 2004, Delagarza, Gilbert wrote: When you specify the homes share in Samba, where does it store the users home directory at? Please refer to the man page for smb.conf. - John T. -- John H Terpstra Email: [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE: [Samba] homes on Samba
On Thu, 11 Mar 2004, Delagarza, Gilbert wrote: I find that it is going to the /home directory but I get an access denied. Why is that? Send me your smb.conf file and I will check the reason. - John T. -Original Message- From: John H Terpstra [mailto:[EMAIL PROTECTED] Sent: Thursday, March 11, 2004 4:17 PM To: Delagarza, Gilbert Cc: [EMAIL PROTECTED] Subject: Re: [Samba] homes on Samba On Thu, 11 Mar 2004, Delagarza, Gilbert wrote: When you specify the homes share in Samba, where does it store the users home directory at? Please refer to the man page for smb.conf. - John T. -- John H Terpstra Email: [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Re: AIX 5.2 / ACL support
OK, after reading carefully the howto-collection, it seems that it is a problem of the filesystem's ACL of AIX. On Linux I used the default ACL entry of XFS. On AIX I'm still searching a mean to inherit extended ACLs... Zylo [EMAIL PROTECTED] a écrit dans le message news: [EMAIL PROTECTED] Hello, I am testing the ACL support on AIX, and I have some results I do not understand. Config : AIX 5.2, samba 3.0.2a, compiled with gcc 2.9 and --with-acl-support. I create a share test : [test] path = /usr/tests/testpartage read only = No inherit permissions = Yes inherit acls = YesOn Unix side, I put the ACLs :attributes:base permissions owner(test): rwxgroup(testtoto): rwxothers: ---extended permissionsenabledpermit rwx u:totoThen I create, whith a widows client , a directory doss and a file txt.txt. The ACL are :/usr/tests/testpartage#aclget txt.txtattributes:base permissions owner(test): rwxgroup(testtoto): rw-others: ---extended permissionsdisabled /usr/tests/testpartage#aclget dossattributes:base permissionsowner(test): rwxgroup(testtoto): rwx others: ---extended permissionsdisabledThis behaviour seems not consistant in comparison with linux/XFS/ACLs.Is that normal ?If you have any idea, thanx in advance ! -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Incorrect WINS response?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 I have a test unit that has the following network configuration: eth0 inet addr:10.73.0.105 Bcast:10.73.255.255 Mask:255.255.0.0 eth1 inet addr:10.111.0.1 Bcast:10.255.255.255 Mask:255.0.0.0 with the following routes: Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 10.73.0.0 0.0.0.0 255.255.0.0 U 0 0 0 eth0 10.111.0.0 0.0.0.0 255.255.0.0 U 0 0 0 eth1 127.0.0.0 0.0.0.0 255.0.0.0U 0 0 0 lo 0.0.0.0 10.73.0.1 0.0.0.0 UG0 0 0 eth0 When I do a net lookup netbiosname from another machine on the 10.73 network (10.73.0.119) returns: tdickson root # nmblookup netbiosname querying netbiosname on 10.73.255.255 10.111.0.1 netbiosname00 However, if I change the netmask on eth1 to 255.255.0.0 it returns the correct answer, 10.73.0.105. It looks like nmbd is getting confused when there are overlapping network masks. Is this a feature, or is the network configuration I have simply not supported? - -Tom -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFAUPFU2dxAfYNwANIRAurrAJ9mEqs0j1cbZmC86xCoRjgETDztIQCcDI4l HIR4JDYJIzG8LSK5PRl/Hlg= =wjZD -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Groups not listed in USERMGR.EXE
Dear list, I'm using samba 3.0.2a on a RedHat Linux server. Samba is configured as being a PDC. When I use the usermanager from SRVTOOLS.EXE on my W2K workstation I don't see any groups listed in the window below the userlist. Also when I look at the properties of on of the user (who is member of more than one group) I only see that a primary group is assigned, the one in /etc/passwd. The member of and the not member of windows are empty. Anyone seen this behaviour before? The configuration lines concerning users and groups in my smb.conf are: username map = /etc/samba/smbusers add user script = /usr/sbin/useradd -n -d /home/%u -g users -c 'User Account' -s /sbin/nologin -m %u add machine script = /usr/sbin/useradd -n -d /dev/null -g users -c Machine -s /sbin/nologin -M %u$ delete group script = /usr/sbin/groupdel %g delete user script = /usr/sbin/userdel -r %u set primary group script = /usr/sbin/usermod -g %g %u add user to group script = /usr/sbin/usermod -G %g %u delete user from group script = /usr/bin/gpasswd -d %u %g TIA, Erik Hoitinga web: http://users.skynet.be/fanzel -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] port 445 on samba 2.2.8a
yo all, i got a generaly question... what is port 445 is needed for , and also, i wonder if samba 2.2.8a supports it. Thank you, all good pplz :) -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba File Server - AD-MIT KDC Trust
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Check out this page from Microsoft, it may help with what you need: http://www.microsoft.com/windows2000/techinfo/planning/security/kerbsteps.asp Hope this helps. Michael Brown -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (GNU/Linux) iD8DBQFAUPT2yEfMczxaHdsRAjO+AJ4pJR3nPj7DDni6ZJjv59KmiFgfaACfZlwF dXrjEGUi5w0EJlujNX8T9yE= =3xxW -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba File Server - AD-MIT KDC Trust
Right, they have the trust set up like this article explains. But, from what I have read, samba does not behave like normal kerberized unix servers (as they describe here). What I mean by this is, you can't just put a keytab on a unix machine running samba an expect that machine to accept kerberos credentials from a KDC. Please correct me if I am wrong. It would be nice to just throw a keytab on there and be done with it... Aaron On Mar 11, 2004, at 6:23 PM, Michael Brown wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Check out this page from Microsoft, it may help with what you need: http://www.microsoft.com/windows2000/techinfo/planning/security/ kerbsteps.asp Hope this helps. Michael Brown -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (GNU/Linux) iD8DBQFAUPT2yEfMczxaHdsRAjO+AJ4pJR3nPj7DDni6ZJjv59KmiFgfaACfZlwF dXrjEGUi5w0EJlujNX8T9yE= =3xxW -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Samba4 configuration
Hi, I'm interested in exploring the Samba4 project. I managed to compile (RedHat) without any issue but when it came to execution I realized that there is configuration need that I don't have a clue about it. Can any one share with me the black magic of Samba4 configuration, or at least his smb.conf and the command line used for execution. Daniel -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Newbe samba confusion - windows to samba to lpd which driver does the translation?
I'm trying hard to understand some very basic samba working. If I'm asking the question in the wrong list could somebody kindly re-direct me. When a print job is sent from a windows machine to a printer on a linux samba server there are a number of 'drivers' (actually just translators) involved: First the windows machine puts the text and or graphics through the windows 'driver' and a job is spooled to the windows queue. At this stage I assume we have printer codes in the spool queue? Next the data is past across the network to a samba spool queue /var/spool/samba. Next the samba server demon picks up this data and passes it to the linux printing system and yet another set of 'drivers' gs lpdomatic hpijs etc. process the data an it is spooled ready to be finally to be passed to an actual device driver /dev/lp0 or whatever. First question is this simplified picture correct? I think it is because I have a working Epson printer setup which works just fine. If so then how on earth is the data not translated twice? Is the 'magic filter' clever enough to identify that raw data is being passed from samba to lpd? Last question I never see anything in /var/spool/samba is this because this is just a buffer? Of have I got it all wrong? Finally where is the big picture documented? I have read the Linus printing HOWTO and the distributed Samba docs. I don't wish to be grumpy but this is all far too deep for understanding no matter how determined. When I eventually get to understand it all I promise to publish a diagram. Thanks for being patient with a geriatric newbe ;} -- Open WebMail Project (http://openwebmail.org) -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Newbe samba confusion - windows to samba to lpd which driver does the translation?
On Fri, 12 Mar 2004, Charles Bradshaw wrote: I'm trying hard to understand some very basic samba working. If I'm asking the question in the wrong list could somebody kindly re-direct me. When a print job is sent from a windows machine to a printer on a linux samba server there are a number of 'drivers' (actually just translators) involved: First the windows machine puts the text and or graphics through the windows 'driver' and a job is spooled to the windows queue. At this stage I assume we have printer codes in the spool queue? Next the data is past across the network to a samba spool queue /var/spool/samba. Next the samba server demon picks up this data and passes it to the linux printing system and yet another set of 'drivers' gs lpdomatic hpijs etc. process the data an it is spooled ready to be finally to be passed to an actual device driver /dev/lp0 or whatever. First question is this simplified picture correct? I think it is because I have a working Epson printer setup which works just fine. If so then how on earth is the data not translated twice? Is the 'magic filter' clever enough to identify that raw data is being passed from samba to lpd? Last question I never see anything in /var/spool/samba is this because this is just a buffer? Of have I got it all wrong? Finally where is the big picture documented? I have read the Linus printing HOWTO and the distributed Samba docs. I don't wish to be grumpy but this is all far too deep for understanding no matter how determined. When I eventually get to understand it all I promise to publish a diagram. Check the Classical Printing chapter of the Samba-HOWTO-Collection. http://www.samba.org/samba/docs/Samba-HOWTO-Collection.pdf Thanks for being patient with a geriatric newbe ;} We were all there once. Now we are geriatric oldies! :) - John T. -- John H Terpstra Email: [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] (fwd from Bob.Jacobs@dot.pima.gov) Daemon Errors
- Forwarded message from Bob Jacobs [EMAIL PROTECTED] - From: Bob Jacobs [EMAIL PROTECTED] Subject: Daemon Errors Date: Thu, 11 Mar 2004 15:58:07 -0700 To: '[EMAIL PROTECTED]' [EMAIL PROTECTED] X-Mailer: Internet Mail Service (5.5.2653.19) X-Spam-Status: No, hits=-0.9 required=3.2 tests=BAYES_30 autolearn=ham version=2.63 I'm receiving [ID 702911 daemon.errror] on certain hours of the day. It states, (write_socket_data: write failure. Error = Broken pipe. Do you know why I'm getting these errors and what will fix them. Thanks. Bob Jacobs Pima County Department of Transportation Technical Services Division (520) 740-6784 - End forwarded message - -- Martin -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Samba 2.2 vs Samba 3
Yo dudes I have tried to implement both samba 2.2 and 3 i the company i working at, i had 30 workstations that used samba as a PDC.. i got three groups for the shares and i binded users for some groups. ok, one thing that i can say is the Samba 3 was VERY slow in comparence of Samba 2.2, when someone tried to enter a share it took allot of time until the share opened (could take like 15-20 secs, think what my boss told me when my server is working slow.), in samba 2.2 it took less then a second (btw, the server is AMD 2600 XP). It looks like there was a problem with the password validations (didn't used smbpasswd), it took a lots of time to authenticate, but when i switched to smbpasswd it staied slow Well Pplz, tell me what you think... :-) -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Trouble mounting a windows share from Linux
On Thursday, March 11, 2004 3:05 PM Stefan Günther wrote: chmod u+s /usr/bin/smbmount Hm, suid root -not a really good idea ... Can sudo be used instead? [EMAIL PROTECTED] root]# smbmount //testtech/shawn /home/shawn/mnt username=shawn uid=root gid=root fmask=0755 gmask=0755 workgroup=tech rw Password: 4606: session setup failed: ERRDOS - ERRnoaccess (Access denied.) SMB connection failed -- Did you add root to smbpasswd? Maybe the reason,why it fails. I'm not using samba as a domain controller, so I don't think that this applies. Using mount -t smbfs... works, though. I think my typo above had something to do with it (gmask instead of dmask) because I can use smbmount now. Is it really necessary that your user are able to mount the shares manually or is it acceptable for you that the user shares are mounted automatically when the computer starts? If second option is ok for you, you shoudl have a look at how SuSE deals with this problem. SuSE uses a file called smbfstab in /etc/samba: # service moint-point options ;//fjall/test /data/test username=tridge,password=foobar This file is used for a start script (/etc/init.d/smbfs) which mounts all smb filesystems during system start. Well, since many users will be using these computers and there is no way of knowing which user may sit down at a machine, this will not work. I need something that will work for all users when they log in, and I cannot have the password in plain text anywhere, not even in a file. What I need is a pam_exec module that will execute a mount command and substitute the username and password in the command. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] gnu mapi lib
Hi just a small info related to the kroupware project someone announced this at their list today perhaps sombody i interested in this http://www.sourcextreme.com/projects/outlook/mapi/ Regards -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] php_ldap has race conditions
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 I have high hopes for this product but last I checked, there was a major flaw in php_ldap. As a student, I remember having an online disagreement with a professional developer. It went something like this: His point was that one could use ldap_modify to safely modify entries in an LDAP database. He made this point profusely for several weeks at the end of which he was very much embarrassed and asked me to not make a point of it publicly. I agreed as I was out to prove my point not eliminate someone's job. I had to point out that the modification commands for php_ldap were prototyped all wrong if this were the case. Basically put, if a command cannot perform a search and modify all in one, then there is risk of two ~ or more writes from different sources occurring simultaneously. One should never assume that one has exclusive access to *any* database unless they are willing to supply the means to ensure it, i.e. a lock. I made this point by cutting and pasting the command prototypes from the manual and showing that one could not 1. Acquire and 2. Modify an entry in one command given those prototypes. You can't modify something if you don't know what it is RIGHT NOW. Now one *can* implement a semaphore and check it prior to access in php but it won't mean anything to someone accessing via a program or perl script etc. The only way around this problem that I know of is to use php to call the ldap client binarys, i.e. ldapadd, ldapmodify etc. I'm suspicious of them also, though. Jim C. P.S. I look forward to being wrong about this but a review of the docs shows that I am probably not. See below. | ldap_modify() function is used to modify the existing entries in the LDAP directory. The structure of the entry is same as in ldap_add(). OK, so: | bool ldap_add ( resource link_identifier, string dn, array entry) Where, according to the doc, 'resource link_identifier' is the connection, 'string dn' is who to bind as and 'array entry' is the modified data. No ability to specify *what* to modify so we will have to perform a separate action to retrieve this. In the meantime the data has been changed by another process, perhaps. Allow me to further illustrate: If Jon's email address is the old one update it to the new one. This activity cannot be safely performed because using PHP you have to implement it in a two step process creating a potential race condition. perl_ldap is purported to be free of race conditions. Andreas wrote: | On Wed, Mar 10, 2004 at 07:33:46PM +0200, Graham Leggett wrote: | |Your not obligated to use smbldap-tools, but I won't argue with you on |that one. I'm not a big fan. | |Are there alternatives? | | | Yes, more or less polished, for example: | http://lam.sourceforge.net/ | - -- - - | I can be reached on the following messenger services: | |---| | MSN: [EMAIL PROTECTED] AIM: WyteLi0n ICQ: 123291844 | |---| | Y!: j_c_llings Jabber: [EMAIL PROTECTED]| - - -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.3-nr1 (Windows XP) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFAUQl757L0B7uXm9oRAqNbAJ9o7im8LkPOAiREcE71cIBm8zzgjwCghWgd 6cLFgzjYbZ6GwIAQHWN7o/c= =1ZcQ -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Re: Getting ACLs to work with Samba 3.0.2a
Hello Michael, hello list. I have similar problems getting ACL's to work with samba. So far I have found out the following: Setup1: Suse (SLES8) with suse kernel 2.4.19, samba 3.0.2a from sernet.de (all tests John mentioned below succeeded) and reiserfs and xfs as filesystems. Setup2: Gentoo with kernel 2.6.0 and samba 3.0.2 self compiled with xfs as filesystem. One additional difference is that Setup2 is the PDC with LDAP backend and Setup one has joined the domain as member server (interestingly I see netbiosnameofserver/username instead of domainname/username from the permissions tab). Setup1 can: -access all shares as expected. -create files and directories with normal permissions from explorer. -delete additional groups/users through explorer. -add/delete additional groups/users with setfacl. Setup1 cannot: -add additional groups/users to files/folders through explorer. -newly created files do not inherit additional groups/users. Setup2 can: -hmm, everything is just fine ;) seems like the old suse kernel doesn't play well with ACL's. greetings Paul BTW: Is there any document/ table describing how NT acl's map to POSIX acl's. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba3.0.2a, MS Office (Excel), Save problem.
On Thu, Mar 11, 2004 at 04:32:57PM +0100, Jonas Olsson wrote: In my deployment of Samba 3.0.2a to two production environments I came across this problem. I am not using ACLs in the underlying filesystem (ext3fs) on our Linux servers but files saved by Excel and Word (Office XP/2003) were getting Unix modes of 0444 (only the read flag set). In my case I was able to boil the problem down to the following combination of options: profile acls = yes nt acl support = yes If both of these are set for a share (nt acl support is enabled for all shares by default), Excel and Word will reset the file permissions to read-only for files saved. I suspect this has to do with Office applications trying to change the ACLs on files they manipulate. Hmmm - setting profile acls = yes when you have no ACL support enabled in the filesystem would not seem to be a good idea I'll take a look and see if I can reproduce this. Thanks very much in tracking down the problem this precisely ! Cheers, Jeremy. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: Getting ACLs to work with Samba 3.0.2a
On Fri, Mar 12, 2004 at 02:09:14AM +0100, paul k wrote: BTW: Is there any document/ table describing how NT acl's map to POSIX acl's. Here is an OpenOffice presentation describing how this works. Jeremy. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba