[Samba] Odpowiedz z ZUS
Plik NIE zostal przyjety do przetwarzania w ZUS Blad: Zla struktura wiadomosci e-mail. Uwagi: - Trescia listu MUSI byc zawartosc pliku w formacie KSI. - Prosze zwrocic uwage na ustawienia programu do wysylania wiadomosci e-mail. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] A mail with Subject < Mail Delivery (failure leekwc@sp.edu.sg) > has been filtered off
This is a notification email from gateway server which filters mail with attachment of potentially dangerous extensions. The filtered mail has your email address as sender, thus the virus-protection gateway is notifying you of the filtering done. . If the filtered mail was sent by a virus-infected computer that spoofed your email address as sender, please ignore it. No further action is needed. . If you indeed wanted to send a mail with attachment, please use other extensions. If you are SP staff, please refer to Electronic Advisor for more details. If you are SP student, please refer to Student Intranet Server. If you are external parties, please contact the intended recipient in SP for advice. . The filtered mail had the following details: Subject: < Mail Delivery (failure [EMAIL PROTECTED]) > Sender: < [EMAIL PROTECTED] > Recipient: < [EMAIL PROTECTED] > Name of file attachment : < message.scr > Virus name (if any): < [EMAIL PROTECTED] > . If the "virus name" is "Filter file extension". Please ignore it. . If staff has any further question or doubt, please email to "CIS - Virus Task Group". -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] SWAT connecting to wrong IP
Hi, I am having a problem with swat. Everything works, except the status page. Looking in the swat log it says: ### START # [2004/04/21 08:08:32, 5] lib/gencache.c:gencache_init(59) Opening cache file at /var/cache/samba/gencache.tdb [2004/04/21 08:08:32, 5] tdb/tdbutil.c:tdb_log(724) tdb(unnamed): tdb_brlock failed (fd=7) at offset 4 rw_type=1 lck_type=13: Resource temporarily unavailable [2004/04/21 08:08:32, 10] lib/gencache.c:gencache_get(264) Returning valid cache entry: key = NBT/LINUX-1#20, value = 10.0.0.1:0,192.168.1.19:0, timeout = Wed Apr 21 08:17:45 2004 [2004/04/21 08:08:32, 5] libsmb/namecache.c:namecache_fetch(201) name LINUX-1#20 found. [2004/04/21 08:08:32, 3] lib/util_sock.c:open_socket_out(710) Connecting to 10.0.0.1 at port 445 ### END # Now, 10.0.0.1 does not even exist in our subnet which is 192.168.1.*. There was once a time where our subnet for a brief period of time was 10.0.0.* but not anymore. Which cache file do I have to delete to make swat forget the 10.0.0.1 address? Thanks in advance, jules -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] print to windows client's print dialog box?
The normal way to print to a windows station's LPT1 printer is to share it out and have samba server print directly to it. But, It doesn't give the user the oppotunity to select a different printer using the print dialog box. Does someone know of an add-on that would transfer the file from samba server (linux) to the client machine, then pop up the print box and let the user choose the printer? Thanks, -Eric Wood -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] WinXP failed to join samba PDC
Hello All, I am using samba 3.0 and already registering the machine account, user account both in unix and samba, Testing using Windows 98 success. Testing to joining Windows XP to samba failed, with Error:"Domain cannot be contacted" and if success to contact domain, using root account and root password to first time joining to domain cannot recognized, i also have been set the windows XP registry regarding SignorSeal ...value. Please give me the clue... Thanks Eko Subagio -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] net join fails (No such Object ?)
Hi, I am trying to configure winbind on redhat 9, using samba 3.
I would like to join a machine that already has an existing Active Directory account
to our Domain.
Unfortunately, the command "net join -U(our Administrator account) fails.
Text in brackets () has been replaced to hide specific information.
Here is the output of "net join -U (Administrator account)
[2004/04/21 13:11:55, 0] libads/ldap.c:ads_add_machine_acct(1006)
Host account for id010393 already exists - modifying old account
[2004/04/21 13:11:55, 0] libads/ldap.c:ads_join_realm(1342)
ads_add_machine_acct: No such object
ads_join_realm: No such object
ADS join did not work, falling back to RPC...
[2004/04/21 13:11:56, 0] utils/net_rpc_join.c:net_rpc_join_newstyle(286)
error setting trust account password: NT_STATUS_ACCESS_DENIED
Unable to join domain (DOMAIN).
Has anyone experience this before ? I will be happy to document a solution if anyone
has one.
Thanks,
Ian McNally
System Configuration:
I have installed
samba-3.0.2a-1_rh9.i386.rpm
krb5-devel-1.2.7-10.i386.rpm
krb5-devel-1.2.7-10.i386.rpm
krb5-workstation-1.2.7-10.i386.rpm
I have configured Kerebos such that kinit (Adminstrator account)@(DOMAIN) succeeds.
Klist returns this output :
Ticket cache: FILE:/tmp/krb5cc_0
Default principal: (Adminuser)@(DOMAIN)
Valid starting ExpiresService principal
04/21/04 12:36:45 04/21/04 22:36:45 krbtgt/(Domain)@(Domain)
Kerberos 4 ticket cache: /tmp/tkt0
klist: You have no tickets cached
Contents of /etc/samba/smb.conf
workgroup = (DOMAIN)
encrypt passwords = yes
smb passwd file = /etc/samba/smbpasswd
security = ADS
winbind separator = +
idmap uid = 1-2
idmap gid = 1-2
winbind enum users = yes
winbind enum groups = yes
realm = (DOMAIN)
password server = (KDC).(DOMAIN)
Contents of /etc/krb5.conf
[logging]
default = FILE:/var/log/krb5libs.log
kdc = FILE:/var/log/krb5kdc.log
admin_server = FILE:/var/log/kadmind.log
[libdefaults]
ticket_lifetime = 24000
default_realm = (DOMAIN)
dns_lookup_realm = yes
dns_lookup_kdc = yes
default_etypes = des-cbc-crc des-cbc-md5
default_etypes_des = des-cbc=crc des-cbc-md5
[realms]
(DOMAIN) = {
kdc = (KDC)
default_domain = (domain)
}
[domain_realm]
.(domain) = (DOMAIN)
(domain) = (DOMAIN)
[kdc]
profile = /var/kerberos/krb5kdc/kdc.conf
[logging]
default = FILE:/var/log/krb5.log
[appdefaults]
pam = {
debug = false
ticket_lifetime = 36000
renew_lifetime = 36000
forwardable = true
krb4_convert = false
}
Please Note:
This communication has been sent on behalf of The Royal Automobile Club of
Queensland Limited (RACQ). The information contained in this communication
may be privileged and confidential. If you are not the intended recipient,
any use, disclosure or copying of this communication is expressly
prohibited. If you have received this communication in error, please delete
it immediately. RACQ and its associated entities do not warrant or
represent that this communication (including any enclosed files) is free
from electronic viruses, faults or defects.
If this is a commercial electronic message within the meaning of the Spam
Act(2003), you may indicate that you do not wish to receive any further
commercial electronic messages from RACQ by sending an e-mail to
[EMAIL PROTECTED] with your details or by contacting RACQ on 131905
--
To unsubscribe from this list go to the following URL and read the
instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Panic in Samba 3.0.3Pre2
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Marcus White wrote: | I've also noticed this behavior with RHL9 and Samba 3.0.2a.. | It occurred each time I attempted to install a Samba networked | printer on a Windows 98se workstation. Steps taken: Different bug. I think you are referring to BUG 1147. cheers, jerry - -- Hewlett-Packard- http://www.hp.com SAMBA Team -- http://www.samba.org GnuPG Key http://www.plainjoe.org/gpg_public.asc "...a hundred billion castaways looking for a home." --- Sting -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.1 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFAheRyIR7qMdg1EfYRAo8WAKCMOCw/ulm7nLIAEe1MbRB7gFsLmgCeNj1W e+p5TzTe+yDmEpSyMWfMkIM= =eYqJ -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Incorrect function error with Win XP client
Hi all, First posting so bear with me if I'm asking something previously answered - can't find a easy way of searhcing the archives. We've been using samba 2.2.8 on Solaris 8 for some time but only with NT & 2000 clients. About to roll out XP but we're getting errors attempting to access files and dirs on a successfully mapped share, i.e.. We can map a drive successfully using XP, and can even get a directory listing as long as my cwd is not the shared drive. Any command I try while sitting in the root of the mapped drive fails with a simple "Incorrect function" or "The current directory is invalid." error depending on whether the command attempts to access files in the mapped drive or not. I tried earlier versions of Samba and found that if I downgraded to 2.2.4 it worked ok but 2.2.6 failed, as did 3.0.2. All versions have been compiled with on the Solaris 8 system with gcc 2.95.3. Any help greatly appreciated. Thanks, Gavin Example: C:\WINNT>net use * \\aklxp061\resp_dnld /user:airnz-nz\xgregg The password or user name is invalid for \\aklxp061\resp_dnld. Enter the password for 'airnz-nz\xgregg' to connect to 'aklxp061': Drive Y: is now connected to \\aklxp061\resp_dnld. The command completed successfully. C:\WINNT>dir y: Volume in drive Y is resp_dnld Volume Serial Number is 16C7-4204 Directory of Y:\ 13/11/2003 12:58 p.m. . 19/04/2004 02:25 p.m. .. 16/04/2004 12:19 p.m. FlightBase 05/09/2003 07:30 a.m. mop 04/04/2004 11:17 p.m. archive 24/06/2003 02:41 p.m. outbound 0 File(s) 0 bytes 6 Dir(s) 3,583,246,336 bytes free C:\WINNT>y: Y:\>dir Incorrect function. Y:\>net use The current directory is invalid. Y:\>whoami The current directory is invalid. Y:\>c: C:\WINNT>net use New connections will not be remembered. Status Local RemoteNetwork --- OK Y:\\aklxp061\resp_dnld Microsoft Windows Network OK Z:\\aklss902\varMicrosoft Windows Network The command completed successfully. C:\WINNT> CAUTION - This message may contain privileged and confidential information intended only for the use of the addressee named above. If you are not the intended recipient of this message you are hereby notified that any use, dissemination, distribution or reproduction of this message is prohibited. If you have received this message in error please notify Air New Zealand immediately. Any views expressed in this message are those of the individual sender and may not necessarily reflect the views of Air New Zealand. _ For more information on the Air New Zealand Group, visit us online at http://www.airnewzealand.com _ -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Panic in Samba 3.0.3Pre2
On Tue, 2004-04-20 at 16:36, Gerald (Jerry) Carter wrote: > Jeramy Eling wrote: > > > [2004/04/20 15:21:02, 0] lib/util.c:smb_panic2(1406) > >BACKTRACE: 27 stack frames: > > #0 smbd(smb_panic2+0x128) [0x81cb288] > > #1 smbd(smb_panic+0x19) [0x81cb159] > > #2 smbd [0x81b96f2] > > #3 /lib/tls/libc.so.6 [0x420275c8] > > #4 /lib/tls/libc.so.6(malloc+0x8b) [0x4207335b] > ^^ > > #5 smbd(tdb_unpack+0x13b) [0x81e0b8b] > > #6 smbd [0x81f10ce] > > #7 smbd [0x81f1cd6] > > #8 smbd(get_a_printer+0x126) [0x81f3026] > > #9 smbd(_spoolss_getprinterdataex+0x1be) [0x8131dce] > > This points towards a heap corruption bug. Doesn't > ring a bell. Cna you reproduce this at will ? If > so what do I need to do ? > > 3.0.3rc1 will be out later today we hope. And while > I can't say that for sure that this bug is addressed, > you should test. We will also be spending a good bit > of time stressing this release under valgrind before > we hit 3.0.3. > > > -- > cheers, jerry > -- > Hewlett-Packard- http://www.hp.com > SAMBA Team -- http://www.samba.org > GnuPG Key http://www.plainjoe.org/gpg_public.asc > "...a hundred billion castaways looking for a home." --- Sting I've also noticed this behavior with RHL9 and Samba 3.0.2a.. It occurred each time I attempted to install a Samba networked printer on a Windows 98se workstation. Steps taken: 1) Installed and modified KDE's "pdfdistiller" script into /usr/local/sbin 2) cd /usr/lib/cups/backend 3) ln -s /usr/local/sbin/pdfdistiller pdf 4) d/l & copied Adobe distiller.ppd file to /usr/share/cups/model 5) d/l & installed CUPS & Adobe postscript drivers to /usr/lib/cups/drivers 6) Restarted CUPS and Samba 7) Used lpadmin to created pdfwriter "printer" 8) Used cupsaddsmb to install pdfwriter drivers 9) From W98se PC: right click on "pdfwriter" printer icon. Select "Install". The installer errors out. 10) The smbd error is noted in client machine error log. Ideas? Suggestions? Marcus O. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba 3.0.3rc1 available for download
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 For some reason mozilla, decided to stop signing mail. Nevertheless, the release is legit. signatures for the tarball and RPMS are done using the Samba release key as usual. cheers, jerry - - | This is the first release candidate of the Samba 3.0.3 code | base and is provided for testing only. A release candidate | (RC) means that we are close to the final, stable release and | in provided for Quality Assurance (QA) purposes. This release | is *not* intended for production servers. Use at your own risk. | | There have been several bug fixes since the 3.0.2a release that | we feel are important to make available to the Samba community | for wider testings. See the "Changes" section for details on | exact updates. | | Common bugs fixed in this RC include: | | o Delays in winbindd startup caused by unnecessary | connections to trusted domain controllers. | o Various small memory leaks. | o Winbindd failing due to expired Kerberos tickets. | | New features introduced in this preview release include: | | o Support for local nested groups via winbindd. | o Specifying options to be passed directly to | the CUPS libraries. | | The source code can be downloaded from: | | http://download.samba.org/samba/ftp/rc/ | | The uncompressed tarball and patch file have been signed | using GnuPG. The Samba public key is available at | | http://download.samba.org/samba/ftp/samba-pubkey.asc | | Links to binary packages can be found on the | | http://www.samba.org/samba/samba.html | | The release notes are also available in the same | directory. | | As always, all bugs are our responsibility. | |--Enjoy |The Samba Team - -- - -- Hewlett-Packard- http://www.hp.com SAMBA Team -- http://www.samba.org GnuPG Key http://www.plainjoe.org/gpg_public.asc "...a hundred billion castaways looking for a home." --- Sting -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.1 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFAhdZ0IR7qMdg1EfYRAivFAJ9XMnCHxNDQt182KYhrZTDtVJbAxgCguDw1 ZGizhfbnNnwaeWXO5JmaaUQ= =/rzd -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Samba 3.0.3rc1 available for download
This is the first release candidate of the Samba 3.0.3 code base and is provided for testing only. A release candidate (RC) means that we are close to the final, stable release and in provided for Quality Assurance (QA) purposes. This release is *not* intended for production servers. Use at your own risk. There have been several bug fixes since the 3.0.2a release that we feel are important to make available to the Samba community for wider testings. See the "Changes" section for details on exact updates. Common bugs fixed in this RC include: o Delays in winbindd startup caused by unnecessary connections to trusted domain controllers. o Various small memory leaks. o Winbindd failing due to expired Kerberos tickets. New features introduced in this preview release include: o Support for local nested groups via winbindd. o Specifying options to be passed directly to the CUPS libraries. The source code can be downloaded from: http://download.samba.org/samba/ftp/rc/ The uncompressed tarball and patch file have been signed using GnuPG. The Samba public key is available at http://download.samba.org/samba/ftp/samba-pubkey.asc Links to binary packages can be found on the http://www.samba.org/samba/samba.html The release notes are also available in the same directory. As always, all bugs are our responsibility. --Enjoy The Samba Team -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] How to re-introduce a Samba server into a Win/NT domain?
Hello. I'm hoping that you will provide some help with a Samba problem that I'm experiencing. We have an Alphaserver that has been functioning as the Samba-server in a Windows/NT Domain for about 5 years now. It was set up by an engineer here at Raytheon Missile Systems Company and he left the company about 2 years ago. I've inherited the administration of it. Last week the Alphaserver's unix (TRU-64 V 4.0F) boot-drive crashed and a replacement disk was built from a (5 day old) backup tape. Samba did not work after that and I'm quite sure - from the error-messages - that it's because the Alphaserver's NT-machine-account's password is out-of-sync with what the PC/winNT side remembers it to be "last set to". I can not get Samba to run as it had been running all of these years - i.e.: with "security = domain" and "password server = * " specified in the smb.conf file. I can get Samba up and running with "security = server" and "password server = PDC,BDC,Alphaserver". But the Samba-functionality ceases after a while, even though the Samba-daemons are still running. How can I remove the Alphaserver from the NT Domain and thereby delete its machine-account, so that I can then add it back into the Domain with a new machine account-name and associated machine-account-password? (I'd like to also go back to using "security = domain" in the smb.conf file.) I have read the html help files but nothing there referrences taking an existing Samba-server out of a Windows Domain and then adding it back in again in order to re-set the machine-accountname and its password. Any help light that you could shed on this issue would be greatly appreciated. Sincerely, Bob Shaffo -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] not force-user'ing while printing?
Hello Andrew et al,... On Tue, 13 Apr 2004 08:00:32 + Andrew Bartlett <[EMAIL PROTECTED]> wrote: > > workaround which might not be necessary. So, in case someone > > knows about this problem, I'd be thankful for any inspiration, > > and even a "force-doesn't-work-there" would be _very_ > > appreciated. > > Because the actual printing is done over IPC$, the per-share > options don't work. I think they should, so file a bug at > bugzilla.samba.org. Aah, okay. Thanks a lot for your hint at first; so I will get some work done to work-around this problem in my case. Anyhow, just filed a bug on that issue. Thanks and bye, Kris -- Kristian Rink -- Programmierung/Systembetreuung planConnect GmbH * Strehlener Str. 12 - 14 * 01069 Dresden 0176 24472771 * [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] SID versus user-group name in Property windows
I have a weird issue when I wanna see Security Tab in the file property's. I dont see the user and group name's but only their SID. See pictures but when I add users and group acl on this file, I get their user and group name. If I close and reopen the propetu of this file, I get again the SID Someone know how to fix this issue?? My file server is a domain member of the PDC My PDC is on LDAP I use LDAP-auth on the file server this is my config on the file server [global] workgroup = DOMAINNAME server string = Samba Server security = server password server = PDCSERV log file = /var/log/samba/%m.log max log size = 50 socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 load printers = No dns proxy = No #ldap ssl = no passdb backend = ldapsam:ldap://PDCSERV ldap suffix = dc=company,dc=com ldap machine suffix = ou=machines ldap user suffix = ou=People ldap group suffix = ou=Group ldap admin dn = cn=manager,dc=company,dc=com debuglevel = 10 -- Daniel ChÃnard Croesus Finansoft Inc. 2 Place Laval, Suite 510 Laval, Quebec Canada H7N 5N6 Site Web: www.croesus.com [EMAIL PROTECTED] Tel: +1 450-662-6101, 145 Fax: +1 450-662-3629 Please Note: The Light at the End of The Tunnel will be turned off until further notice due to budget cutbacks. --The Managemen -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Samba 3.0.2a - Erroneously rejects NTLMv2 but accepts NTLM
Hello experts, I¹ll try and keep this brief but detailed (if that¹s possible.). I¹m sure I don¹t understand the technologies sufficiently but I believe I¹m seeing counter-intuitive behavior with my Samba 3 setup. What I want is nice, tight Win 2K3 security. What I¹ve got is ADS integration, including domain user authentication using winbind, but I can¹t get the security level right. Problem summary: -- Samba 3.0.2a on Solaris 9 is configured with ADS security. Lanman and NTLM authentication is prohibited. Clients requesting NTLMv2 authentication result in NT_STATUS_ACCESS_DENIED, even though the log suggests authentication is successful. Clients requesting NTLM authentication are accepted and authenticated. Also, cannot establish initial SMB session when packet signing enforced. (log not provided) Any feedback would be appreciated. Adrian Newby smb.conf --- # Global parameters [global] workgroup = PRUDENTRX realm = PRUDENTRX.COM server string = Build server security = ADS lanman auth = No ntlm auth = No client NTLMv2 auth = Yes client lanman auth = No client plaintext auth = No log level = 10 ldap ssl = no idmap uid = 1-2 idmap gid = 1-2 template homedir = /export/home/windows/%D/%U template shell = /bin/bash winbind separator = # [mirrors] comment = Mirrors of commonly-accessed external sites path = /distributions/mirrors == The log fragments below show a failed NTLMv2 authentication. Even thought the client is Admit Mac under OS X, identical results are obtained with Windows XP. == log.smbd (debug level 3) -- [2004/04/16 09:31:59, 3] smbd/oplock.c:init_oplocks(1226) open_oplock_ipc: opening loopback UDP socket. [2004/04/16 09:31:59, 3] smbd/oplock.c:init_oplocks(1257) open_oplock ipc: pid = 18230, global_oplock_port = 33139 [2004/04/16 09:31:59, 3] smbd/process.c:process_smb(890) Transaction 0 of length 72 [2004/04/16 09:31:59, 2] smbd/reply.c:reply_special(105) netbios connect: name1=NEUTRINOname2=SUPERNOVA [2004/04/16 09:31:59, 2] smbd/reply.c:reply_special(112) netbios connect: local=neutrino remote=supernova, name type = 0 [2004/04/16 09:31:59, 3] smbd/process.c:process_smb(890) Transaction 1 of length 51 [2004/04/16 09:31:59, 3] smbd/process.c:switch_message(685) switch message SMBnegprot (pid 18230) [2004/04/16 09:31:59, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2004/04/16 09:31:59, 3] smbd/negprot.c:reply_negprot(455) Requested protocol [NT LM 0.12] [2004/04/16 09:31:59, 3] smbd/negprot.c:reply_nt1(329) using SPNEGO [2004/04/16 09:31:59, 3] smbd/negprot.c:reply_negprot(532) Selected protocol NT LM 0.12 [2004/04/16 09:32:35, 3] smbd/process.c:process_smb(890) Transaction 2 of length 174 [2004/04/16 09:32:35, 3] smbd/process.c:switch_message(685) switch message SMBsesssetupX (pid 18230) [2004/04/16 09:32:35, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2004/04/16 09:32:35, 3] smbd/sesssetup.c:reply_sesssetup_and_X(638) wct=12 flg2=0xc803 [2004/04/16 09:32:35, 3] smbd/sesssetup.c:reply_sesssetup_and_X_spnego(518) Doing spnego session setup [2004/04/16 09:32:35, 3] smbd/sesssetup.c:reply_sesssetup_and_X_spnego(549) NativeOS=[MacOS 10.3.3] NativeLanMan=[ADmitMac] PrimaryDomain=[] [2004/04/16 09:32:35, 3] smbd/sesssetup.c:reply_spnego_negotiate(427) Got OID 1 3 6 1 4 1 311 2 2 10 [2004/04/16 09:32:35, 3] smbd/sesssetup.c:reply_spnego_negotiate(430) Got secblob of size 32 [2004/04/16 09:32:35, 3] libsmb/ntlmssp.c:debug_ntlmssp_flags(62) Got NTLMSSP neg_flags=0x20a80281 [2004/04/16 09:32:35, 3] smbd/process.c:process_smb(890) Transaction 3 of length 300 [2004/04/16 09:32:35, 3] smbd/process.c:switch_message(685) switch message SMBsesssetupX (pid 18230) [2004/04/16 09:32:35, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2004/04/16 09:32:35, 3] smbd/sesssetup.c:reply_sesssetup_and_X(638) wct=12 flg2=0xc803 [2004/04/16 09:32:35, 3] smbd/sesssetup.c:reply_sesssetup_and_X_spnego(518) Doing spnego session setup [2004/04/16 09:32:35, 3] smbd/sesssetup.c:reply_sesssetup_and_X_spnego(549) NativeOS=[MacOS 10.3.3] NativeLanMan=[ADmitMac] PrimaryDomain=[] [2004/04/16 09:32:35, 3] libsmb/ntlmssp.c:ntlmssp_server_auth(616) Got user=[anewby] domain=[PRUDENTRX] workstation=[SUPERNOVA] len1=24 len2=44 [2004/04/16 09:32:35, 3] auth/auth.c:check_ntlm_password(219) check_ntlm_password: Checking password for unmapped user [EMAIL PROTECTED] with the new password interface [2004/04/16 09:32:35, 3] auth/auth.c:check_ntlm_password(222) check_ntlm_password: mapped user is: [EMAIL PROTECTED] [2004/04/16 09:32:35, 3] smbd/sec_ctx.c:push_sec_ctx(256) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2004/04/16 09:32:35, 3] smbd/uid.c:pu
Re: [Samba] group name with space
On Tue, Apr 20, 2004 at 11:44:52PM +0200, LanRol wrote: > Hi all, > > linux:~ # net rpc vampire -S sun -U admin%admin > Fetching DOMAIN database > SAM_DELTA_DOMAIN_INFO not handled > Creating unix group: 'Domain Admins' > groupadd: Domain Admins is a not a valid group name > Creating unix group: 'Domain Users' > groupadd: Domain Users is a not a valid group name > > and if i try > > # groupadd 'abc def' > groupadd: Domain Users is a not a valid group name > > why? Can I add this group? Maybe. If groupadd "Domain Users" doesn't work, you can map "Domain Users" to something like users with the "net groupmap modify" command. man net for more info. Search for groupmap. Most commonly, I use: net groupmap list net groupmap modify Cheers! -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] which print tool: CUPS vs BSD?
On Tue, Apr 20, 2004 at 01:57:34PM -0700, Joe Cipale wrote: > Which printing mnechansim works best with Samba? CUPS or BSD? I suspect > that BSD support in Samba is not the greatest. Without any other requirements listed, I'd say CUPS. CUPS also support BSD ;) -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Winbindd can't load Idmap OU with SID-uid mappings
I'm running Samba 3.0.2a on Solaris 9. My shop also runs Active Directory on W2K (SP4). In an attempt to build a single sign-on solution, I thought I'd get Samba to allow Windows 2000 users to telnet/rlogin/ftp to my UNIX boxes without requiring those users to have a UNIX account. The Samba dox claim this is possible, because winbindd will map the AD account SID to a UNIX userid, and will store that mapping in the winbindd_idmap.tdb file. This works just fine. AD users can map drives and can connect to the UNIX box through telnet, rlogin, or ftp. They do not need a UNIX account. Problem solved? Not quite. I have many UNIX boxes, and because the Samba shares are NFS-mounted to these boxes, I have to ensure that the SID-uid mapping is consistent across all machines. Samba will do this by keeping the mapping in an OU created in the AD tree. I created that OU, and called it Idmap. For the life of me, though, I can't get Samba to store the mapping in the OU. It continues to store it in the winbindd_idmap file. My Solaris box is running Solaris 9, with patch 113476-13, MIT Kerberos 1.3.1, and OpenLDAP 2.2.5 (because Samba needs the LDAP stuff to compile). Samba was configured with these options: ./configure --prefix=/opt/samba\ --with-syslog\ --with-utmp \ --with-codepagedir=/var/samba/code \ --with-configdir=/var/samba/conf \ --with-lockdir=/var/samba/lock \ --with-privatedir=/var/samba/private \ --with-swatdir=/var/samba/swat \ --with-logfilebase=/var/samba/log\ --datadir=/var/samba/share \ --localstatedir=/var/samba/var \ --sharedstatedir=/var/samba/com \ --sysconfdir=/var/samba/etc \ --with-acl-support \ --with-krb5=/opt/kerberos\ --with-winbind \ --with-ldap \ --with-ldapsam The global portion of my smb.conf is: [global] workgroup = AD_DOMAIN realm = INTERNAL_DOMAIN.COM server string = Test server security = ADS password server = ad1.internal_domain.com ad2.internal_domain.com lanman auth = No ntlm auth = No client NTLMv2 auth = Yes client lanman auth = No client plaintext auth = No log level = 2 disable netbios = Yes name resolve order = host load printers = No os level = 0 lm announce = No preferred master = No local master = No domain master = No dns proxy = No ldap suffix = dc=internal_domain,dc=com ldap idmap suffix = ou=Idmap,dc=internal_domain,dc=com ldap admin dn = cn=Administrator,ou=Users,dc=internal_domain,dc=com ldap ssl = no idmap uid = 1-2 idmap gid = 1-2 template shell = /bin/ksh winbind separator = + hosts allow = 198.161.66., 192.168.100. wide links = No I know the problem isn't with pam.conf or nsswitch.conf, since my AD users can connect to the Solaris box without any problems. When I try to connect, I get this error message on the Samba server: 'failed to bind to server with dn= cn=Administrator,ou=Users,dc=internal_domain,dc=com Error: Can't contact LDAP server' Well, I know the LDAP server works. Running both 'wbinfo -u' and 'getent passwd' shows the AD accounts. Am I missing something obvious here? Erwin Fritz Network Administrator Gilbert Laustsen Jung Associates Ltd. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] group name with space
Hi all, linux:~ # net rpc vampire -S sun -U admin%admin Fetching DOMAIN database SAM_DELTA_DOMAIN_INFO not handled Creating unix group: 'Domain Admins' groupadd: Domain Admins is a not a valid group name Creating unix group: 'Domain Users' groupadd: Domain Users is a not a valid group name and if i try # groupadd 'abc def' groupadd: Domain Users is a not a valid group name why? Can I add this group? regards, Roland 173539771 -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Sambe max file size on RH9
Glen Starrett wrote: Paul Gienger wrote: Glen Starrett wrote: I'm getting a "max file size exceeded" when copying from knoppix 3.3. to RH9 over a samba share when the file gets to be >2G in size.This is samba 3.0.2a on server, 3.0.2-Debian on client. Are you using smbmount on one side (i.e. mount -t smbfs. )? The smbmount program was supposedly using an old samba codebase that didn't yet go over 2GB. I've had this problem writing to a Win2k box from a RedHat 9 box running 2.2.8a before. If not using a mount point, by what method were you copying? Yes, I'm using smbmount (via mount -t smbfs... as you indicated). I'm not sure how else I would connect, "net use" isn't supported yet apparently. Is there another app I should be using to connect? You could try to use the smbclient and operate that ftp like syntax, although if you're doing something like I was, which was creating a tar file on the mount, that doesn't help you much. Of course you could always go the route of using nfs since you're going between two nix boxes here. I believe I read that the error is actually in the kernel.org source tree, and not necessarily in any distributions particular tree. Could anyone confirm that statement with more authority? -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Sambe max file size on RH9
Paul Gienger wrote: Glen Starrett wrote: I'm getting a "max file size exceeded" when copying from knoppix 3.3. to RH9 over a samba share when the file gets to be >2G in size. This is samba 3.0.2a on server, 3.0.2-Debian on client. Are you using smbmount on one side (i.e. mount -t smbfs. )? The smbmount program was supposedly using an old samba codebase that didn't yet go over 2GB. I've had this problem writing to a Win2k box from a RedHat 9 box running 2.2.8a before. If not using a mount point, by what method were you copying? Yes, I'm using smbmount (via mount -t smbfs... as you indicated). I'm not sure how else I would connect, "net use" isn't supported yet apparently. Is there another app I should be using to connect? Regards, -- Glen Starrett -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Automounter issues on Samba Server
I am having a problem with automounter failures on my Solaris Samba server. There is an automount path on the server that looks something like this: /dir1/dir2/dir3/dir4 Each dirN is an automount point with its own map. Dir4 contains some data, and some links to other automount points in /net Frequently (more than once per day, on a bad day), the automounter gets confused, or something, and will no longer mount *some* mount points in /net. More factoids follow: - This only happens on the Samba server. - The failed mount points are not always the same, but are always symlinked from .../dir4. - During these failures, the automounter is still working for other directories in /net, .../dir4, and elsewhere - The mount points in /net that are hung are still visible, but are not mounted, which is even more odd since -nobrowse is set for /net - they should not be visible at all if they are not mounted. - Stopping and restarted the automounter, using /etc/init.d/autofs *usually* resolves the problem temporarily. After about 5 or 6 times, however, this no longer works, and the entire system needs to be rebooted. - The system is an Ultra II, running Solaris 2.6 and Samba 2.2.8a Has anybody else experienced anything like this? Any ideas why it happens, or how to solve it? -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Sambe max file size on RH9
Glen Starrett wrote: I'm getting a "max file size exceeded" when copying from knoppix 3.3. to RH9 over a samba share when the file gets to be >2G in size. This is samba 3.0.2a on server, 3.0.2-Debian on client. Are you using smbmount on one side (i.e. mount -t smbfs. )? The smbmount program was supposedly using an old samba codebase that didn't yet go over 2GB. I've had this problem writing to a Win2k box from a RedHat 9 box running 2.2.8a before. If not using a mount point, by what method were you copying? -- Paul Gienger Office:701-281-1884 Applied Engineering Inc. Cell: 701-306-6254 Information Systems Consultant Fax: 701-281-1322 URL: www.ae-solutions.commailto:[EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] which print tool: CUPS vs BSD?
Which printing mnechansim works best with Samba? CUPS or BSD? I suspect that BSD support in Samba is not the greatest. Regards, Joe -- #--# # Penguinix Consulting # #--# #Software development, QA and testing. # #Linux support and training. # #"Don't fear the penguin!" # #--# # Registered Linux user: #309247 http://counter.li.org # #--# -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] invalid slot: works with 3.0.2a, not with 3.0.3pre
Andreas wrote: [EMAIL PROTECTED] samba]# ls -la /mnt/smbfs ls: /mnt/smbfs: Invalid slot This happens only with the 3.0.3pre series here. 3.0.2a works. This is probably fixed in 3.0.3rc1 (due out soon). cheers, jerry -- Hewlett-Packard- http://www.hp.com SAMBA Team -- http://www.samba.org GnuPG Key http://www.plainjoe.org/gpg_public.asc "...a hundred billion castaways looking for a home." --- Sting -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Socket Errors
I'm trying to figure out what this error means. I've looked all over the groups and though there are people with the same errors, no one seems to know what the error is. I'm running Samba 3.0.2 with OpenLDAP 2.0.27. It might be related to Kerberos or to SSL. I've looked through my NMBD and SMBD logs and found very little as to what the problem could be. I've tried various things in my smb.conf like turing off file locking (oplock) and level2oplocks as some of the groups mentioned that this might be the cause. Any thoughts? I can forward more info if needed. Apr 20 13:27:22 bd4 smbd[30280]: [2004/04/20 13:27:22, 0] lib/util_sock.c:write_socket_data(388) Apr 20 13:27:22 bd4 smbd[30280]: write_socket_data: write failure. Error = Connection reset by peer Apr 20 13:27:22 bd4 smbd[30280]: [2004/04/20 13:27:22, 0] lib/util_sock.c:write_socket(413) Apr 20 13:27:22 bd4 smbd[30280]: write_socket: Error writing 4 bytes to socket 16: ERRNO = Connection reset by peer Apr 20 13:27:22 bd4 smbd[30280]: [2004/04/20 13:27:22, 0] lib/util_sock.c:send_smb(605) Apr 20 13:27:22 bd4 smbd[30280]: Error writing 4 bytes to client. -1. (Connection reset by peer) smb.conf: [global] workgroup = BARDELCA netbios name = BD4 server string = security = DOMAIN encrypt passwords = Yes null passwords = yes passdb backend = ldapsam:ldap://dc2.bardel.ca ldap suffix = dc=bardel,dc=ca ldap machine suffix = cn=Computers,ou=Systems,sambaDomainName=BARDELCA,dc=bardel,dc=ca ldap user suffix = cn=Users,ou=People,sambaDomainName=BARDELCA,dc=bardel,dc=ca #ldap group suffix = cn=Group,ou=Groups,sambaDomainName=BARDELCA,dc=bardel,dc=ca ldap filter = (&(uid=%u)(objectclass=sambaSamAccount)) ldap admin dn = "cn=Manager,dc=bardel,dc=ca" ldap ssl = no log level = 1 log file = /var/log/samba/%m.log max log size = 0 preferred master = No local master = No domain master = No dns proxy = No #hosts allow = 192.168.1. interfaces = eth0 #include = /etc/samba/smb.conf.%m wins server = 192.168.2.17 admin users = administrator, root oplocks = False level2oplocks = False socket options = TCP_NODELAY IPTOS_LOWDELAY SO_KEEPALIVE SO_RCVBUF=8192 SO_SNDBUF=8192 guest account = nobody -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Sambe max file size on RH9
I'm getting a "max file size exceeded" when copying from knoppix 3.3. to RH9 over a samba share when the file gets to be >2G in size.This is samba 3.0.2a on server, 3.0.2-Debian on client. I googled a bit, and the more recent one (2003) directed the user to get a build that was built on their Linux 2.4 system. I installed from an RPM I downloaded for RH9 (3.0.2a), I assume that was built on RH9, but should I rebuild it from source? Is there something else that could be the problem? I didn't find any references to a max file size option, and I've created files > 2G on my RH box as a test. I'm trying to use dd from knoppix to back up my laptop HDD... so far it seems to work well, but the drive size is 10G. Right now I'm proceeding by splitting the file but I' concerned because I haven't fully tested that path yet. Any help is appreciated. -- Glen Starrett -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Dumb Point 'n Shoot Printer Driver Question
L. Mark Stone wrote: So here's the Dumb Question: Is it necessary that Samba > be a DC for point 'n shoot printer driver installation to > work? Can Samba be a standalone server and have this work? Standalone, domain member or domain controller are all valid configuration for acting as a print server. cheers, jerry -- Hewlett-Packard- http://www.hp.com SAMBA Team -- http://www.samba.org GnuPG Key http://www.plainjoe.org/gpg_public.asc "...a hundred billion castaways looking for a home." --- Sting -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Panic in Samba 3.0.3Pre2
Jeramy Eling wrote: [2004/04/20 15:21:02, 0] lib/util.c:smb_panic2(1406) BACKTRACE: 27 stack frames: #0 smbd(smb_panic2+0x128) [0x81cb288] #1 smbd(smb_panic+0x19) [0x81cb159] #2 smbd [0x81b96f2] #3 /lib/tls/libc.so.6 [0x420275c8] #4 /lib/tls/libc.so.6(malloc+0x8b) [0x4207335b] ^^ #5 smbd(tdb_unpack+0x13b) [0x81e0b8b] #6 smbd [0x81f10ce] #7 smbd [0x81f1cd6] #8 smbd(get_a_printer+0x126) [0x81f3026] #9 smbd(_spoolss_getprinterdataex+0x1be) [0x8131dce] This points towards a heap corruption bug. Doesn't ring a bell. Cna you reproduce this at will ? If so what do I need to do ? 3.0.3rc1 will be out later today we hope. And while I can't say that for sure that this bug is addressed, you should test. We will also be spending a good bit of time stressing this release under valgrind before we hit 3.0.3. -- cheers, jerry -- Hewlett-Packard- http://www.hp.com SAMBA Team -- http://www.samba.org GnuPG Key http://www.plainjoe.org/gpg_public.asc "...a hundred billion castaways looking for a home." --- Sting -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Winbind and Trusted Domain User
Hi, I'm using Samba-3.0.2 as a ADS member. It works fine, but i would like to have a user in domain 2 ( DOMAIN-2\test ) to share the same HomeDir of another user in domain 1 ( DOMAIN-1\test ). There is a trust relationship between DOMAIN-1 and DOMAIN-2, and this Samba server is registered in DOMAIN-1 ADS (net ads join -S DOMAIN-1.COM.BR). "wbinfo -u" shows DOMAIN-2\alex DOMAIN-2\alfred DOMAIN-2\michelle DOMAIN-2\test DOMAIN-2\adm-ext DOMAIN-2\alfred DOMAIN-2\test Thanks Fabio -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] WINS question..last question
Hello everyone. Last question. :) Been reading my samba 3 book here for the past bit an was hoping to clarify a few things on my setup. Basically, in order to get my samba 3 server up, running and acting as a WINS server was pretty straightforward. The other half is getting the setup correct, as far as a local master browser, preferred master etc. As I was reading the book and continuing to test, I noticed a few things that caught my attention. I'll post some log snips and proceed from there. [2004/04/20 08:57:22, 0] nmbd/nmbd_become_dmb.c:become_domain_master_query_success(225) become_domain_master_query_success: There is already a domain master browser at IP 192.168.1.20 for workgroup COURTESY registered on subnet 192.168.1.50. This is the first one. I realized that the NT box we have on our network is the 192.168.1.20 box. The 192.168.1.50 IP address belongs to the IP address of the samba 3 box I just setup. Now, currently we are in a workgroup, not a domain. So the NT box is the domain master browser. Should it stay that way for now? Like I said before, it is going to be replaced within the next month with a samba PDC box. I can see that the samba box is working correctly, as far as a WINS server. But I want to ensure that it will work correctly when we test VPN connections to our corporate network and are able to browse the network using my network places. In order to do so, I have set the following in my smb.conf: wins support = yes os level = 255 However, should I set the following options as well? preferred master = yes local master = yes Not sure about domain master. Last long entry: [2004/04/20 12:47:12, 1] nmbd/nmbd_incomingrequests.c:process_node_status_request(328) process_node_status_request: status request for name COURTESY<1b> from IP 192.168.1.50 on subnet UNICAST_SUBNET - name not f ound. [2004/04/20 12:47:17, 0] nmbd/nmbd_browsesync.c:domain_master_node_status_fail(247) domain_master_node_status_fail: Doing a node status request to the domain master browser for workgroup COURTESY at IP 192.168.1.50 failed. Cannot sync browser lists. I'm guessing, because it is not set as the domain master, it is failing? Still working on this one. I see the jist of what is going on, it's just a matter now of fully understanding how to get everything to work and gel correctly. I appreciate the help. Jason -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Upgrade & directory permissions
That's correct. Just play with the umask setting in the smb.conf file so that the end result is what u need. That is what happened in our situation as well. If you want it to be 770.. and u notice its ending up at 755, play with the smb.conf umask to obtain the value of 770. Jose -Original Message- From: EXT-Auleta, Michael [mailto:[EMAIL PROTECTED] Sent: Tuesday, April 20, 2004 2:29 PM To: [EMAIL PROTECTED]; [EMAIL PROTECTED] Subject: RE: [Samba] Upgrade & directory permissions I don't want to open up the directory & file permissions for security reasons. We set the gid bit on the directories so any new files or directories that get created underneath get created with the correct group ownership. The permissions on the directories are 770 and the users are members of the group owner of the directories. -Original Message- From: Jose Martinez [mailto:[EMAIL PROTECTED] Sent: Tuesday, April 20, 2004 2:03 PM To: EXT-Auleta, Michael; [EMAIL PROTECTED] Subject: RE: [Samba] Upgrade & directory permissions What is the umask setting in the smb.conf file for your shares. I know I had to play with the umask setting to get it to work on mine. Sometimes, the umask setting doesn't even make sense, however I just set them to what I needed the end result to be. Not sure if the /etc/bashrc setting plus this setting is what is causing my weird umask setting, but its all working like I like it now. In addition, we have a different type of setup where the user owns his home directory, however the admins group is the group owner of the directory, not the users group. So every 20 minutes I have a quick script that goes out there and changes the group ownership of any new file created to the admins group for group for group ownership. We do this so that the admins can modify any file under the home directories and profiles. Example of umask setting: [Profiles] path = /home/profiles browseable = no guest ok = yes writable = yes create mask = 707 nt acl support = yes profile acls = yes Jose -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of EXT-Auleta, Michael Sent: Tuesday, April 20, 2004 1:30 PM To: [EMAIL PROTECTED] Subject: [Samba] Upgrade & directory permissions I've just upgraded the version of Samba we're running from 2.2.2 to 3.0.2a and am seeing an issue with permissions on directories. Users can still map the shares that are set up, but cannot access the directories within those shares. This is also not consistent; it's not happening to all users. Our environment: Samba 3.0.2a Domain Authentication to a Win2K server No Winbind Solaris 8 on a Sun E3000 server I'm inclined to back out the upgrade, but if there's a quick fix I'd prefer to implement that. Any ideas? Mike Mike Auleta Boeing IDS, Philadelphia 610-591-3916 Who's the more foolish, the fool or the fool who's following him? -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba and W2K AD
FitzGerald, AJ wrote: Hello All, Your typical problemI am trying to configure Samba-3.0.2-6.3E on RedHat Linux. I have spent days trying to get this working. What I would like to do is provide the ability to connect to Samba shares from Windows, more specific, WinXP. What I want to avoid is having to manage user accounts on both the Windows or AD side and the Unix side, thus having authentication handled by AD. As I understand, to do this you set the security in the smb.conf to Domain. Below I have shown my smb.conf file. So far the only way I have been able to get this to work is by setting security=server and password server = ADservername. I have been searching high and low and can't find anything, most all for earlier versions of Samba. One problem is the correct usage of "net join" I have seen is used so many different ways I don't know which is correct but I have been successful in adding the samba server to the domain using "net join -S ADservername -U adminuserID". Here is my smb.conf... [global] workgroup = domainname realm = domainname.com server string = Samba Server log file = /var/log/samba/%m.log max log size = 50 security = domain password server = ADservername (have also tried *) encrypt passwords = yes unix password sync = Yes passwd program = /usr/bin/passwd %u passwd chat = *New*UNIX*password* %n\n *ReType*new*UNIX*password* %n\n *passwd:*all*authentication*tokens*updated*successfully* socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 local master = no os level = 33 wins support = no wins server = winsservername dns proxy = no [Test] comment = Home Directories browseable = no writable = yes public = yes guest ok = yes When I try to run wbinfo -u , after adding the server to the domain successfully, I get "Error looking up domain users." For kicks if I actually try to map to the samba share from an XP desktop I have got one of two errors - no logon server available or - no trust established In the winbind log I get "NT_STATUS_ACCESS_DENIED". I have even bought the O'Reilly book Using Samba, followed the sample setup and still the same problem. Disconcerting I can find concrete answers or examples from such an awesome tool once it works. I am starting to think there is a problem on the AD side of things. Any help would be greatly appreciated. What you really want to do is to configure your kerberos, then use security = ads. do a kinit [EMAIL PROTECTED], supply the password and then do net ads join to join the AD domain... That should work :o) Good luck /Thomas -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Re: Machine trust account confusion
"JB" <[EMAIL PROTECTED]> wrote in message news:[EMAIL PROTECTED] > The result is that I have a samba PDC setup with a single workstation > that authenticates users off the PDC and everyone has proper access. > However, I can place a laptop on the network with no trust account, and > using since I log onto it with the same username and password, I can > browse the domain resources as if I had authenticated off of the PDC. That's right. The laptop can connect to resources in "workgroup mode", like simple peer-to-peer networking. Having a domain just allows you to centralize the authentication. It allows, for example, a user to log on from any machine that has a trust account, even without a local user account on that machine. You can restrict access by IP address of course. I suppose you could use fixed addresses for your workstations and then use dhcp to give out addresses in a range that samba won't accept. That would fool them for a while. Mark -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Virus encontrado em mensagem enviada "Mail Delivery (failure mariangela@aganp.go.gov.br)"
Atencao: [EMAIL PROTECTED] Um Virus foi encontrado numa mensagem de Email que acabou de ser enviada por voce. Este scanner de Email a interceptou e impediu a mensagem de chegar no seu destino. O Virus foi reportado como sendo: the W32/[EMAIL PROTECTED] virus !!! Por favor atualize seu antivirus ou contate o seu suporte tecnico o mais rapido possivel pois voce tem um virus no seu computador. Sua mensagem foi enviada com o seguinte envelope: REMETENTE:[EMAIL PROTECTED] DESTINATARIO: [EMAIL PROTECTED] ... e com o seguinte cabecalho: From:[EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: Mail Delivery (failure [EMAIL PROTECTED]) Date:Tue, 20 Apr 2004 16:13:34 -0300 A mensagem original foi armazenada em: perseus.aganp.go.gov.br:/var/spool/qmailscan/quarantine onde o Administrador de Segurança em Redes pode efetuar maiores diagnosticos nela. O scanner de Email reportou o seguinte enquanto varria a mensagem: --- ---uvscan results --- Scanning /var/spool/qmailscan/perseus.aganp.go.gov.br108248848740631098/* Scanning file /var/spool/qmailscan/perseus.aganp.go.gov.br108248848740631098/1082488490.31133-0.perseus.aganp.go.gov.br Scanning file /var/spool/qmailscan/perseus.aganp.go.gov.br108248848740631098/1082488490.31133-1.perseus.aganp.go.gov.br Scanning file /var/spool/qmailscan/perseus.aganp.go.gov.br108248848740631098/message.scr /var/spool/qmailscan/perseus.aganp.go.gov.br108248848740631098/message.scr Found the W32/[EMAIL PROTECTED] virus !!! Scanning /var/spool/qmailscan/working/new/perseus.aganp.go.gov.br108248848740631098 Scanning file /var/spool/qmailscan/working/new/perseus.aganp.go.gov.br108248848740631098 /var/spool/qmailscan/working/new/perseus.aganp.go.gov.br108248848740631098 Found the W32/Netsky.p.eml!exe virus !!! --- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Samba and W2K AD
Hello All, Your typical problemI am trying to configure Samba-3.0.2-6.3E on RedHat Linux. I have spent days trying to get this working. What I would like to do is provide the ability to connect to Samba shares from Windows, more specific, WinXP. What I want to avoid is having to manage user accounts on both the Windows or AD side and the Unix side, thus having authentication handled by AD. As I understand, to do this you set the security in the smb.conf to Domain. Below I have shown my smb.conf file. So far the only way I have been able to get this to work is by setting security=server and password server = ADservername. I have been searching high and low and can't find anything, most all for earlier versions of Samba. One problem is the correct usage of "net join" I have seen is used so many different ways I don't know which is correct but I have been successful in adding the samba server to the domain using "net join -S ADservername -U adminuserID". Here is my smb.conf... [global] workgroup = domainname realm = domainname.com server string = Samba Server log file = /var/log/samba/%m.log max log size = 50 security = domain password server = ADservername (have also tried *) encrypt passwords = yes unix password sync = Yes passwd program = /usr/bin/passwd %u passwd chat = *New*UNIX*password* %n\n *ReType*new*UNIX*password* %n\n *passwd:*all*authentication*tokens*updated*successfully* socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 local master = no os level = 33 wins support = no wins server = winsservername dns proxy = no [Test] comment = Home Directories browseable = no writable = yes public = yes guest ok = yes When I try to run wbinfo -u , after adding the server to the domain successfully, I get "Error looking up domain users." For kicks if I actually try to map to the samba share from an XP desktop I have got one of two errors - no logon server available or - no trust established In the winbind log I get "NT_STATUS_ACCESS_DENIED". I have even bought the O'Reilly book Using Samba, followed the sample setup and still the same problem. Disconcerting I can find concrete answers or examples from such an awesome tool once it works. I am starting to think there is a problem on the AD side of things. Any help would be greatly appreciated. AJ FitzGerald SA/DBA Five Mile Capital Phone: 203-905-0929 *** None of the information contained in this email message constitutes or should be construed as investment advice or as an offer to sell or as a solicitation of an offer to buy any security. The information contained in the e-mail message is intended for the exclusive use of its intended addressee and may contain confidential or proprietary information. If you received this transmission in error, please notify the sender by reply e-mail and delete the message and any attachments. Any use, disclosure, or distribution of any part of this message by any unintended recipient is strictly prohibited. *** -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Upgrade & directory permissions
I don't want to open up the directory & file permissions for security reasons. We set the gid bit on the directories so any new files or directories that get created underneath get created with the correct group ownership. The permissions on the directories are 770 and the users are members of the group owner of the directories. -Original Message- From: Jose Martinez [mailto:[EMAIL PROTECTED] Sent: Tuesday, April 20, 2004 2:03 PM To: EXT-Auleta, Michael; [EMAIL PROTECTED] Subject: RE: [Samba] Upgrade & directory permissions What is the umask setting in the smb.conf file for your shares. I know I had to play with the umask setting to get it to work on mine. Sometimes, the umask setting doesn't even make sense, however I just set them to what I needed the end result to be. Not sure if the /etc/bashrc setting plus this setting is what is causing my weird umask setting, but its all working like I like it now. In addition, we have a different type of setup where the user owns his home directory, however the admins group is the group owner of the directory, not the users group. So every 20 minutes I have a quick script that goes out there and changes the group ownership of any new file created to the admins group for group for group ownership. We do this so that the admins can modify any file under the home directories and profiles. Example of umask setting: [Profiles] path = /home/profiles browseable = no guest ok = yes writable = yes create mask = 707 nt acl support = yes profile acls = yes Jose -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of EXT-Auleta, Michael Sent: Tuesday, April 20, 2004 1:30 PM To: [EMAIL PROTECTED] Subject: [Samba] Upgrade & directory permissions I've just upgraded the version of Samba we're running from 2.2.2 to 3.0.2a and am seeing an issue with permissions on directories. Users can still map the shares that are set up, but cannot access the directories within those shares. This is also not consistent; it's not happening to all users. Our environment: Samba 3.0.2a Domain Authentication to a Win2K server No Winbind Solaris 8 on a Sun E3000 server I'm inclined to back out the upgrade, but if there's a quick fix I'd prefer to implement that. Any ideas? Mike Mike Auleta Boeing IDS, Philadelphia 610-591-3916 Who's the more foolish, the fool or the fool who's following him? -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Samba acting as BDC for a windows 2003 Domain
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi There Does anybody knew/tested if it is been possible to make a Backup Domain controler for a windows 2003 Domain controler? Or do I have to use samba-tng ? With ldap backend and disabled smb signing? what can be replicated between them? the Group Policy? Logon Scripts? Shares? Best Regards, Mark Nicolas -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (GNU/Linux) iD8DBQFAhWs0oKtmDMYNuGsRAoz1AKCKjNyQl49Ww3iI3ZQAvPbnazlUPgCdGhVA sDuCS6rrYi3DUzCMIrjwJ+s= =Vvbt -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Upgrade & directory permissions
What is the umask setting in the smb.conf file for your shares. I know I had to play with the umask setting to get it to work on mine. Sometimes, the umask setting doesn't even make sense, however I just set them to what I needed the end result to be. Not sure if the /etc/bashrc setting plus this setting is what is causing my weird umask setting, but its all working like I like it now. In addition, we have a different type of setup where the user owns his home directory, however the admins group is the group owner of the directory, not the users group. So every 20 minutes I have a quick script that goes out there and changes the group ownership of any new file created to the admins group for group for group ownership. We do this so that the admins can modify any file under the home directories and profiles. Example of umask setting: [Profiles] path = /home/profiles browseable = no guest ok = yes writable = yes create mask = 707 nt acl support = yes profile acls = yes Jose -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of EXT-Auleta, Michael Sent: Tuesday, April 20, 2004 1:30 PM To: [EMAIL PROTECTED] Subject: [Samba] Upgrade & directory permissions I've just upgraded the version of Samba we're running from 2.2.2 to 3.0.2a and am seeing an issue with permissions on directories. Users can still map the shares that are set up, but cannot access the directories within those shares. This is also not consistent; it's not happening to all users. Our environment: Samba 3.0.2a Domain Authentication to a Win2K server No Winbind Solaris 8 on a Sun E3000 server I'm inclined to back out the upgrade, but if there's a quick fix I'd prefer to implement that. Any ideas? Mike Mike Auleta Boeing IDS, Philadelphia 610-591-3916 Who's the more foolish, the fool or the fool who's following him? -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] WINS question..More questions
Just thought I would build upon my original post. The reason the need for a WINS server, is that we are beginning to put up VPN connections to branch offices. In order for our BO's to be able to browse our corporate network, we need to put a WINS server...thus, I put up a samba server, enabling WINS. Right now, the company has one NT server, acting as th domain master. However, this box is going to be replaced by a Samba PDC in the near future. For now though, I need to get a WINS server up and running. Anyway, I edited smb.conf and put the following info in: wins support = yes os level = 65 local master = yes When I take a look at the log.nmbd file, here are some interesting things I see: [2004/04/20 09:23:50, 0] nmbd/nmbd_become_lmb.c:become_local_master_stage2(396) * Samba name server OXYGEN is now a local master browser for workgroup COURTESY on subnet 192.168.1.50 * [2004/04/20 09:23:50, 1] nmbd/nmbd_incomingrequests.c:process_node_status_request(328) process_node_status_request: status request for name COURTESY<1b> from IP 192.168.1.50 on subnet UNICAST_SUBNET - name not f ound. Now, im trying to figure out a couple of things: 1) what this error message is, and if there are problems fix it. 2) Whether or not my WINS server is working properly. Just thought i'd post additional informatio here. Also, just picked up the "Official Samba 3 HOWTO" book and reading it as I type. I appreciate the help. Jason Morning everyone. Just have a quick question regarding WINS on samba-3.0.3. Running FreeBSD 4.9, with samba-3.0.3 built from the ports tree. The only thing I needed from this particular server at this time, was it to function as a WINS server for our company. I went ahead and did the basics, as setting the netbios name as well as saying 'yes' to wins support. However, I cannot tell if it is working correctly. The reason I say this is that, I have not changed any of thw Windows 2000 desktop machines to point to the WINS server in their TCP/IP properties. So im trying to figure out what could be wrong, if anything and how to figure out if it is working correctly. Any ideas on what I could be missing? I appreciate it. Jason -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Upgrade & directory permissions
I've just upgraded the version of Samba we're running from 2.2.2 to 3.0.2a and am seeing an issue with permissions on directories. Users can still map the shares that are set up, but cannot access the directories within those shares. This is also not consistent; it's not happening to all users. Our environment: Samba 3.0.2a Domain Authentication to a Win2K server No Winbind Solaris 8 on a Sun E3000 server I'm inclined to back out the upgrade, but if there's a quick fix I'd prefer to implement that. Any ideas? Mike Mike Auleta Boeing IDS, Philadelphia 610-591-3916 Who's the more foolish, the fool or the fool who's following him? -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Windows Client-side Caching Issue
Wys Richard-ERW009 schrieb: Has anyone seen the following issue? Users were reporting that their local disk drive was being filled up by the Offline Cache store. This is a hidden directory called "CSC". The (local site) desktop support agents determined that the local offline cache folder was growing even if no changes were made to the server-based files by a fixed amount. The fixed amount varied by user. When each user synchronizes without any changes being made to the server-based files the local free space would decrease by the fixed amount. We could not isolate which files are causing the problem because the CSC folder does map directly to the server-based files names. It is somewhat "cryptic". User Environment: Windows XP SP1 and Windows 2000 SP3 Home Directories are stored on a (HPUX) server running CIFS Server 2.2.8a Does Samba 3.x fix this problem? Regards, Richard there is a parameter which might help csc policy (S) This stands for client-side caching policy, and specifies how clients capable of offline caching will cache the files in the share. The valid values are: manual, documents, programs, disable. These values correspond to those used on Windows servers. For example, shares containing roaming profiles can have offline caching disabled using csc policy = disable. Default: csc policy = manual Example: csc policy = programs -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] invalid slot: works with 3.0.2a, not with 3.0.3pre
On Tue, Apr 13, 2004 at 03:05:08PM -0300, Andreas wrote: > [EMAIL PROTECTED] samba]# mount //buildmaster/andreas -o username=andreas -t smbfs > /mnt/smbfs > added interface ip=10.0.17.30 bcast=10.0.23.255 nmask=255.255.248.0 > error connecting to 10.0.16.6:445 (Connection refused) > Password: > [EMAIL PROTECTED] samba]# ls -la /mnt/smbfs > ls: /mnt/smbfs: Invalid slot This happens only with the 3.0.3pre series here. 3.0.2a works. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] printer server
Alexandre Carlos schrieb: I trying to share a printer using samba, but is not working. I already share the files but the printer didn't workout. I'm using CUPS. Can anyone help me solve this problem? The configuration of smb.conf for printing is: [global] workgroup = GRUPO netbios name = LINUX server string = Servidor Samba interfaces = eth0 security = SHARE encrypt passwords = Yes obey pam restrictions = Yes pam password change = Yes passwd program = /usr/bin/passwd %u passwd chat = *New*password* %n\n *Retype*new*password* %n\n *passwd:*all*authentication*tokens*updated*successfully* unix password sync = Yes log file = /var/log/samba/%m.log max log size = 0 socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 dns proxy = No printcap name = /etc/printcap printing = cups load printers = yes [printers] comment = All Printers path = /var/spool/samba guest ok = Yes printable = Yes browseable = No guest ok = yes public = yes create mode = 0777 security = server writable = no [HP8100] path = /var/spool/samba valid users = %S create mask = 0700 printable = Yes printing = cups print command = lpr -r -h -P %p %s printer name = HP LaserJet 8100 browseable = No guest ok = yes add machine script = public = yes writable = yes load printers = yes hosts allow = 172.16.4.127 I would like to know if i would have to edit any another file, like /etc/printcap or /etc/cups/cups.conf did you print from linux allready? did you check your cupds log? your definition of the printer is ugly look at this example [print$] comment = printer driver area path = /var/lib/samba/drivers browsable = yes read only = yes guest ok = yes write list = @"Domain Admins" [printers] comment = All Printers path = /var/spool/samba guest ok = Yes printable = Yes browseable = no read only = No [pdfwriter] comment = PDF File Generator path = /var/spool/samba printable = yes guest ok = Yes browseable = yes default devmode = Yes read only = No printer admin = rruegner -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Windows Client-side Caching Issue
Has anyone seen the following issue? Users were reporting that their local disk drive was being filled up by the Offline Cache store. This is a hidden directory called "CSC". The (local site) desktop support agents determined that the local offline cache folder was growing even if no changes were made to the server-based files by a fixed amount. The fixed amount varied by user. When each user synchronizes without any changes being made to the server-based files the local free space would decrease by the fixed amount. We could not isolate which files are causing the problem because the CSC folder does map directly to the server-based files names. It is somewhat "cryptic". User Environment: Windows XP SP1 and Windows 2000 SP3 Home Directories are stored on a (HPUX) server running CIFS Server 2.2.8a Does Samba 3.x fix this problem? Regards, Richard -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba + pdb_mysql - password hashes disappearing?
After catching a mention of this in another topic, I tried changing
things so pass last set time column and pass can change time column both
returned a real number instead of 0, and it works now.
On Mon, 2004-04-19 at 16:13, Andrew Gray wrote:
> This is using samba-3.0.2a, as downloaded from us2.samba.org today (19th
> of April), on Debian Linux.
>
> I have setup and gotten mostly-working the MySQL PDB for Samba. It
> queries the database correctly, pulls in the data, etc.
>
> However, when I connect as a user, I get:
> [2004/04/19 15:56:23, 3] libsmb/ntlm_check.c:ntlm_password_check(182)
> ntlm_password_check: NO NT password stored for user grayaw.
> [2004/04/19 15:56:23, 3] libsmb/ntlm_check.c:ntlm_password_check(294)
> ntlm_password_check: NEITHER LanMan nor NT password supplied for user
> grayaw
>
> Finding this odd (since the hashes are in the database, and correct), I
> added a lot of debugging, specifically in row_to_sam_account in
> passdb/pdb_mysql.c at line 105:
>
> if (pdb_gethexpwd(row[20], temp))
> {
> DEBUG(0, ("Got LANMAN password %s\n", temp));
> pdb_set_lanman_passwd(u, temp, PDB_SET);
> }
>
> (I have done the same things with the LANMAN and NT hashes throughout -
> same results with both, but only listing LANMAN for brevity). This
> outputs in the log file the expected line ("Got LANMAN password of 8 binary characters that are my LANMAN hash, as pulled from the
> database, followed by leftovers from the SELECT statement which
> shouldn't be an issue since the copies are byte-number-restricted later
> on)).
>
> I then added a couple lines into passdb/pdb_get_set.c,
> pdb_set_lanman_password, line 958:
>
>if (pwd) {
>sampass->private.lm_pw = data_blob(pwd, LM_HASH_LEN);
> DEBUG(0, ("Setting LANMAN password %s in %08x\n", pwd,
> sampass));
> DEBUG(0, ("Trying to get it back: %08x\n",
> pdb_get_lanman_passwd(sampass)));
>
> This is to the verify it is setting the password, and able to retrieve
> it. I get the correct lines in the logfile ("Setting LANMAN password
> in 08394fd8", then "Trying to get it back: 08397808").
>
> Curiousier and curiousier. I added debug lines to auth/auth_sam.c,
> sam_password_ok, line 56:
>
> DEBUG(0, ("Attempting to retrieve passwords for user '%s' from
> %08x.\n", username,sampass));
> lm_pw = pdb_get_lanman_passwd(sampass);
> nt_pw = pdb_get_nt_passwd(sampass);
>
> DEBUG(0, ("Got %08x and %08x\n", lm_pw, nt_pw));
>
> Here I get: "Attempting to retrieve passwords for user 'grayaw' from
> 08394fd8." (correct) and "Got and ."
>
> Huh? The passwords were set, and retrievable with the exact same
> functions right after the set. So I am very confused. It would seem
> the password entries are being wiped out, somehow, someway, but I'm not
> familiar enough with the source to begin tracking this down.
>
> I've searched google, this mailing list, etc. and can't find any
> reference to this problem. Any assistance would be appreciated.
>
> --
> Andrew Gray
> Systems Administrator
> College of Engineering
> University of Nevada, Las Vegas
--
Andrew Gray
Systems Administrator
College of Engineering
University of Nevada, Las Vegas
--
To unsubscribe from this list go to the following URL and read the
instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] WINS question
Morning everyone. Just have a quick question regarding WINS on samba-3.0.3. Running FreeBSD 4.9, with samba-3.0.3 built from the ports tree. The only thing I needed from this particular server at this time, was it to function as a WINS server for our company. I went ahead and did the basics, as setting the netbios name as well as saying 'yes' to wins support. However, I cannot tell if it is working correctly. The reason I say this is that, I have not changed any of thw Windows 2000 desktop machines to point to the WINS server in their TCP/IP properties. So im trying to figure out what could be wrong, if anything and how to figure out if it is working correctly. Any ideas on what I could be missing? I appreciate it. Jason -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Panic in Samba 3.0.3Pre2
> Apr 20 15:21:02 gandalf2 smbd[6891]: BACKTRACE: 27 stack frames: > Apr 20 15:21:02 gandalf2 smbd[6891]:#0 smbd(smb_panic2+0x128) > [0x81cb288] > Apr 20 15:21:02 gandalf2 smbd[6891]:#1 smbd(smb_panic+0x19) > [0x81cb159] > Apr 20 15:21:02 gandalf2 smbd[6891]:#2 smbd [0x81b96f2] > Apr 20 15:21:02 gandalf2 smbd[6891]:#3 /lib/tls/libc.so.6 [0x420275c8] > Apr 20 15:21:02 gandalf2 smbd[6891]:#4 /lib/tls/libc.so.6(malloc+0x8b) > [0x4207335b] > Apr 20 15:21:02 gandalf2 smbd[6891]:#5 smbd(tdb_unpack+0x13b) > [0x81e0b8b] > Apr 20 15:21:02 gandalf2 smbd[6891]:#6 smbd [0x81f10ce] > Apr 20 15:21:02 gandalf2 smbd[6891]:#7 smbd [0x81f1cd6] > Apr 20 15:21:02 gandalf2 smbd[6891]:#8 smbd(get_a_printer+0x126) Are there any messages earlier, like "Removing file and stopping this process" ? ~ Daniel --- This message is the property of Time Inc. or its affiliates. It may be legally privileged and/or confidential and is intended only for the use of the addressee(s). No addressee should forward, print, copy, or otherwise reproduce this message in any manner that would allow it to be viewed by any individual not originally listed as a recipient. If the reader of this message is not the intended recipient, you are hereby notified that any unauthorized disclosure, dissemination, distribution, copying or the taking of any action in reliance on the information herein is strictly prohibited. If you have received this communication in error, please immediately notify the sender and delete this message. Thank you. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Dumb Point 'n Shoot Printer Driver Question
Just finished TOSHARG (again) and S3 By Example. All of the examples I saw that featured point 'n shoot printer driver installation on Windows clients have Samba performing as a domain controller. So here's the Dumb Question: Is it necessary that Samba be a DC for point 'n shoot printer driver installation to work? Can Samba be a standalone server and have this work? Thanks! Mark -- _ A Message From... L. Mark Stone Reliable Networks of Maine, LLC 477 Congress Street, 5th Floor Portland, ME 04101 Tel: (207) 772-5678 Web: http://www.rnome.com -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Machine trust account confusion
I have looked for an answer to this in many locations, but I am still confused about the use of machine trust accounts. It was my understanding, backed by a samba book, that in order for someone in a domain to access a resource, they must have a valid account on the domain AND be using a machine that has a trust account setup on the samba PDC. However, my experience and another samba book say that they only need a valid user account to use the resources. The result is that I have a samba PDC setup with a single workstation that authenticates users off the PDC and everyone has proper access. However, I can place a laptop on the network with no trust account, and using since I log onto it with the same username and password, I can browse the domain resources as if I had authenticated off of the PDC. I am hoping someone can explain this to me, I want to deploy a samba PDC in a larger environment, but I do not want a user to be able to see private resources just by knowing someone's username and pass, I want them to have to come from a trusted machine also. Here is my smb.conf [global] netbios name = HERAKLES workgroup = STS server string = Samba Server %v security = user encrypt passwords = yes username map = /etc/samba/smbusers smb passwd file = /etc/samba/private/smbpasswd add user script = /usr/sbin/useradd -d /dev/null -g 100 -s /bin/false -M %u local master = yes os level = 65 preferred master = yes domain master = yes domain logons = yes logon script = logon.bat time server = yes wins support = yes interfaces = eth1 hosts allow = 192.168.10. socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 log level = 3 log file = /var/log/samba/log.%m [netlogon] path = /export/samba/netlogon writable = no browsable = no [Shared Business Docs] copy = template path = /export/samba/shareddocs comment = Shared Business Documents writable = yes Regards, -John [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Net-BIOS Name Parameter in smb.conf...
Harold Patton schrieb: I am using Zone Alarm firewall. It is blocking access to 67.65.22.215. I don't know what or who this is. How do I find out who this is? I may or may not want to allow them access. Thank you. Harold Hi this is no zone alarm helpdesk, but i can tell you zonealarm is not working good with samba and many other stuff, i recommend use an other firewall. Regards -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] printer server
I trying to share a printer using samba, but is not working. I already share the files but the printer didn't workout. I'm using CUPS. Can anyone help me solve this problem? The configuration of smb.conf for printing is: [global] workgroup = GRUPO netbios name = LINUX server string = Servidor Samba interfaces = eth0 security = SHARE encrypt passwords = Yes obey pam restrictions = Yes pam password change = Yes passwd program = /usr/bin/passwd %u passwd chat = *New*password* %n\n *Retype*new*password* %n\n *passwd:*all*authentication*tokens*updated*successfully* unix password sync = Yes log file = /var/log/samba/%m.log max log size = 0 socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 dns proxy = No printcap name = /etc/printcap printing = cups load printers = yes [printers] comment = All Printers path = /var/spool/samba guest ok = Yes printable = Yes browseable = No guest ok = yes public = yes create mode = 0777 security = server writable = no [HP8100] path = /var/spool/samba valid users = %S create mask = 0700 printable = Yes printing = cups print command = lpr -r -h -P %p %s printer name = HP LaserJet 8100 browseable = No guest ok = yes security = server public = yes writable = yes load printers = yes hosts allow = 172.16.4.127 I would like to know if i would have to edit any another file, like /etc/printcap or /etc/cups/cups.conf -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Latest windows patches have screwed up samba
Jason Balicki schrieb: Others have posted already about this, but so far nobody in the know has responded: I am getting an invalid error message when changing user passwords from the client machine (for example, by using ctl-alt-del and selecting "change password") from at least one Windows XP pro workstation (my own -- I have yet to escelate this further, in case I figure out that it's something simple.) When I attempt to change the password I get the message: "The system cannot change your password now because the domain FMDOM is not available." FMDOM is, of course, the name of my domain. However, the password is sucessfully changed. In my workstation log I get multiple entries (log level is set to 10) of: [2004/04/20 09:09:59, 0] passdb/passdb.c:pdb_free_sam(210) pdb_free_sam: SAM_ACCOUNT was NULL With only the time changing. There are four entries for each time I try changing the password. I set my log level to 10 and changed my password, I'm including log.nmbd and log.smbd in case it helps. Please request these files from me, I don't want to post unsolicited attachments to the list. I also have a tcp dump produced using ethereal of the time period the password change is taking place. I will provide this upon request. Thanks for any help, and I will post results back to the list (provided there are any) for those of you who are also experiencing this issue. TIA, --J(K) Hi, i have serveral win xp and 2000 clients upgraded to all possible patches of ms no Problem with samba apears but i use ldap backend or smbpasswd Regards -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Samba 3 problem with users not being able to log on from some machines but they can logon from others
SMB.conf file is attached Thanks to all for helping out Jose -Original Message- From: RRuegner [mailto:[EMAIL PROTECTED] Sent: Tuesday, April 20, 2004 12:11 PM To: [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Subject: Re: [Samba] Samba 3 problem with users not being able to log on from some machines but they can logon from others Jose Martinez schrieb: > Any help would be GREATLY appreciated on this matter, as I am pulling my > hair out. > > I have a Samba PDC running 3.0.2-6.3E. > > My problem I am experiencing is that I can have the same user (lets say > John) be able to log in from workstation A. Sometimes, that user can not log > into another workstation (say workstation B) on the domain. Yet other users > can log into that workstation B with no problem. I am getting an error > "Make sure your user name and password in the domain are correct." etc etc > etc. We know the username/password is ok because that same user can log into > another machine with no problem. > > Clients are Windows 2000 and Windows XP. PDC Operating system is Red Hat > Enterprise ES 3.0. > > Can anyone PLEASE assist here! Thank you in advance. > > Jose > > *** > Jose V. Martinez II > 678-859-5339 > [EMAIL PROTECTED] hi, your smb.conf and some logs will be helpfull Regards #=== Global Settings = [global] # workgroup = NT-Domain-Name or Workgroup-Name workgroup = rtpopsdom netbios name = rtpopssrv # For proper logging off of workstations deadtime = 1 # server string is the equivalent of the NT Description field server string = Operations RTP Samba Node admin users = @admins printer admin = @admins # This option is important for security. It allows you to restrict # connections to machines which are on your local network. The # following example restricts access to two C class networks and # the "loopback" interface. For more examples of the syntax see # the smb.conf man page hosts allow = 9. 10. # if you want to automatically load your printer list rather # than setting them up individually then you'll need this ; printcap name = /etc/printcap ; load printers = yes # It should not be necessary to spell out the print system type unless # yours is non-standard. Currently supported print systems include: # bsd, sysv, plp, lprng, aix, hpux, qnx ; printing = bsd # Uncomment this if you want a guest account, you must add this to /etc/passwd # otherwise the user "nobody" is used ; guest account = pcguest # this tells Samba to use a separate log file for each machine # that connects log file = /var/log/samba/log.%m # Put a capping on the size of the log files (in Kb). max log size = 50 log level = 1 # Security mode. Most people will want user level security. See # security_level.txt for details. security = user # Use password server option only with security = server ; password server = # Password Level allows matching of _n_ characters of the password for # all combinations of upper and lower case. password level = 8 username level = 8 # You may wish to use password encryption. Please read # ENCRYPTION.txt, Win95.txt and WinNT.txt in the Samba documentation. # Do not enable this option unless you have read those documents encrypt passwords = true smb passwd file = /etc/samba/smbpasswd # The following are needed to allow password changing from Windows to # update the Linux system password also. # NOTE: Use these with 'encrypt passwords' and 'smb passwd file' above. # NOTE2: You do NOT need these to allow workstations to change only #the encrypted SMB passwords. They allow the Unix password #to be kept in sync with the SMB password. unix password sync = Yes passwd program = /usr/bin/passwd %u passwd chat = *New*UNIX*password* %n\n *ReType*new*UNIX*password* %n\n *passwd:*all*authentication*tokens*updated*successfully* # Unix users can map to different SMB User names ; username map = /etc/samba/smbusers # Using the following line enables you to customise your configuration # on a per machine basis. The %m gets replaced with the netbios name # of the machine that is connecting ; include = /etc/samba/smb.conf.%m # Most people will find that this option gives better performance. # See speed.txt and the manual pages for details socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 # Add user sript for machines add machine script = /usr/sbin/useradd -d /dev/null -g workstations -c "Machine Account" -s /bin/false -M %u # Configure Samba to use multiple interfaces # If you have multiple network interfaces then you must list them # here. See the man page for details. interfaces = 9.44.50.37 # Configure remote browse list synchronisation here # request announcement to, or browse list sync from: # a specific host or from / to a whole subnet (see below) ; remote browse sync = 192.168.3.25 192.168.5.255 # Cause this host to announce i
Re: [Samba] [ntdom] Domain User to Local Admins
Hanno Semnet schrieb: Hi! I am running a SuSE Linux Standard Sever 8 as PDC. Most of the things are running really fine, but I have one problem: I want the Domain Users to be Local admins on the clients. Domain Admins are already in Local Admins, but without the Domain Users there, the User cant install software there. I searched the net, but found nothing. Hope Somebody can help me. Samba version is 2.2.4 I think. Greetings! Hanno hi, you should extremly quick push samba to the current version, and than mess around with failures after you got upgraded , get suses samba rpm at ftp:/ftp.suse.com people gd Regards -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba 3 problem with users not being able to log on from some machines but they can logon from others
Jose Martinez schrieb: Any help would be GREATLY appreciated on this matter, as I am pulling my hair out. I have a Samba PDC running 3.0.2-6.3E. My problem I am experiencing is that I can have the same user (lets say John) be able to log in from workstation A. Sometimes, that user can not log into another workstation (say workstation B) on the domain. Yet other users can log into that workstation B with no problem. I am getting an error "Make sure your user name and password in the domain are correct." etc etc etc. We know the username/password is ok because that same user can log into another machine with no problem. Clients are Windows 2000 and Windows XP. PDC Operating system is Red Hat Enterprise ES 3.0. Can anyone PLEASE assist here! Thank you in advance. Jose *** Jose V. Martinez II 678-859-5339 [EMAIL PROTECTED] hi, your smb.conf and some logs will be helpfull Regards -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] INTERNAL ERROR: Signal 11
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Tim Gibson wrote: | Hi, | | I am getting the following error in my logs: | | lib/fault.c:fault_report(37) INTERNAL ERROR: Signal | 11 in pid 15629 (3.0.2a) Please read the appendix | Bugs of the Samba HOWTO collection : 1 Time(s) | | Everything appears to be working, but I would like to | know what is going on. There also doesn't seem to be a | Bugs appendix in the Samba HOWTO. There have been a couple of seg faults fixes post 3.0.2a. The most common is in bug 1147 (printing crash). cheers, jerry - -- Hewlett-Packard- http://www.hp.com SAMBA Team -- http://www.samba.org GnuPG Key http://www.plainjoe.org/gpg_public.asc "...a hundred billion castaways looking for a home." --- Sting -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.1 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFAhP68IR7qMdg1EfYRAm9xAJ942Z7dn2HRvK+eQh9ta3xzOFV5XwCbBDPl HvJtBuwHScOKwuhJ2/hxP74= =H3f1 -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] LDAP Q: What for use Containers
Zitat von Schlomo Schapiro <[EMAIL PROTECTED]>: > Hi, > > well, on NDS and Netware you could give file system access rights to a > container and then all users in that container would inherit these rights. > BTW, Windows and AD also cannot do this. My assumptions: Samba can not doe this as nss/the resolver libs cannot do this. Even worse: for the same reason you can't have truely nested groups (though samba does support that a bit). I wish, someone would tell me, I'm wrong. Regards, Malte Mueller > > Basically it is a way to not use groups but assign information to objects > based on their position in the LDAP tree. I can imagine many more uses, > e.g. default servers, logon servers, share access rights, ... > > The point is, is there any use of the hierarchical structure of the LDAP > directory for Samba ? Or does Samba use the LDAP dir only like flat file > or SQL DB ? > > AFAIK there is not yet much or maybe any support for such settings, but I > want to discuss why not and wether others find it a useful thing to have. > > Regards, > Schlomo > > On Tue, 20 Apr 2004, Paul Gienger wrote: > -- Powered by EWE TEL -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] LDAP Q: What for use Containers
> well, on NDS and Netware you could give file system access rights to a > container and then all users in that container would inherit these rights. > BTW, Windows and AD also cannot do this. This just doesn't conceptually exist in a windows domain; but you might be able to use dynamic groups in OpenLDAP to fake it. Dynamic groups are assembled by the DSA based on a variety of criteria, which could I suppose, include being the leaf of a given container. > Basically it is a way to not use groups but assign information to objects > based on their position in the LDAP tree. I can imagine many more uses, > e.g. default servers, logon servers, share access rights, ... > The point is, is there any use of the hierarchical structure of the LDAP > directory for Samba ? Or does Samba use the LDAP dir only like flat file > or SQL DB ? Samba uses LDAP via a password database, so in many ways it treats them all the same. But you can do alot in the DSA to streamline things. > AFAIK there is not yet much or maybe any support for such settings, but I > want to discuss why not and wether others find it a useful thing to have. I'd suggest digging into dynamic groups, overlays, etc... in very recent version of OpenLDAP and see if you can achieve what you want. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Net-BIOS Name Parameter in smb.conf...
I am using Zone Alarm firewall. It is blocking access to 67.65.22.215. I don't know what or who this is. How do I find out who this is? I may or may not want to allow them access. Thank you. Harold -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Re: Important m$6h?3p
Hei Dette er en bekreftelse på at din henvendelse er motatt. Vi vil besvare den så fort som mulig, senest innen 3 virkedager. Vennligst ikke besvar denne meldingen. Med vennlig hilsen Tele2 Kundeservice >>> samba 04/20/04 16:59 >>> Please r564g!he4a56a3haafdogu#mfn3o SCR attachment detected and blocked This message contained attachments that have been blocked by Guinevere. Please see your system administrator for more details . -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Problems with NT passwords using Samba3 and LDAP
Jose, I finally figured out my problem yesterday and it ended up being the value set in the pwdLastSet field in the LDAP database. If this entry was set to 0 then that user would be unable to login. If you are able to get your users to login by rejoining their workstation to the domain then that may not be the issue. Try running smbclient -L localhost -U brokenuser on the server and see if it authenticates them. If it doesn't then check the pwdLastSet field and make sure it's not set to 0. I found this to only be an issue with Samba 3. Another thing to try is open up two ldap records, one that works and one that doesn't, and simply look at what's different between the two. That's how I was able to find my problem. Hope this helps. Thanks, Chris -Original Message- From: Jose Martinez [mailto:[EMAIL PROTECTED] Sent: Tuesday, April 20, 2004 9:17 AM To: [EMAIL PROTECTED] Subject: Re: [Samba] Problems with NT passwords using Samba3 and LDAP Chris Have you been able to find a fix to your problem. I have a similar situation in where I can have one user be able to login fine from multiple workstations but cant from say one or 2 others. However, I know those couple problematic workstations are ok because other users can login with no problem to those "problematic" machines. My fix has been to remove the workstation from the domain and readd it. This is a horrible fix because of the amount of boxes we have. Also, I am realizing that even though it fixes the problem temporarily, it does not fix it forever because another user might experience the same problem. Very confusing. Please let me know if you have found a fix. Jose [EMAIL PROTECTED] "Chris Snider" <[EMAIL PROTECTED]> wrote in message news:<[EMAIL PROTECTED]>... I'm at my wits end here so hopefully someone can help me. Currently I have a Redhat 9.0 box running Samba 2.2.7 with openldap 2.0.27 as a PDC Domain logins work great with this setup. I can add, remove, modify computers and users all day long without a glitch. I do not store usernames in the local smbpasswd or passwd files. User information is stored in ou=Users,dc=mydomain,dc=com Group information is stored in ou=Groups,dc=mydomain,dc=com Computer information is stored in ou=Computers,dc=mydomain,dc=com My problem appeared when I attempted to create the same setup using Samba 3.0.2a. Here is what I did. 1. I created a working PDC using Samba 2.2.7 and openldap 2.0.27 on RH9. I was able to login as user bsmith from a W2k machine called bob-smith. 2. I then compiled Samba 3.0.2a from source making sure I added the "--with-ldapsam" flag 3. Configure --with-acl-support --with-ldapsam --prefix=/usr --localstatedir=/var --with-configdir=/etc/samba --with-privatedir=/etc/samba/private --with-lockdir=/var/lock --with-piddir=/var/run --with-logfilebase=/var/log --with-smbmount --with-utmp --with-syslog 4. Make 5. Make install No errors were generated during the compile. 6. Made the changes to my smb.conf file to allow for the ldapsam_compat mode.(see smb.conf at the end of this message) 7. Edited the samba.schema file to use the Version 2 schema and copied it to /etc/openldap/schema/ 8. Installed the new version of smbldap tools which came bundled with Samba 3.0.2a 9. Ran the smbpasswd -w password to store my Manager password in the secrets.tdb file 10. Started smbd -D and nmbd -D Everything to this point seems to work fine When I attempt to login as user bsmith from a computer(bob-smith) I get a "bad username or password" message. I checked the /var/logs/samba/bob-smith.log and this is what I see. [2004/04/16 12:27:01, 2] smbd/sesssetup.c:setup_new_vc_session(591) setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all old resources. [2004/04/16 12:27:01, 2] smbd/sesssetup.c:setup_new_vc_session(591) setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all old resources. [2004/04/16 12:27:01, 2] lib/smbldap.c:smbldap_open_connection(626) smbldap_open_connection: connection opened [2004/04/16 12:27:09, 2] passdb/pdb_ldap.c:init_sam_from_ldap(462) init_sam_from_ldap: Entry found for user: nobody [2004/04/16 12:27:10, 0] passdb/pdb_ldap.c:ldapsam_search_one_group(1668) ldapsam_search_one_group: Problem during the LDAP search: LDAP error: (No such object) [2004/04/16 12:27:10, 0] passdb/pdb_ldap.c:ldapsam_search_one_group(1668) ldapsam_search_one_group: Problem during the LDAP search: LDAP error: (No such object) [2004/04/16 12:27:10, 2] rpc_parse/parse_prs.c:netsec_decode(1575) netsec_decode: FAILED: packet sequence number: [2004/04/16 12:27:10, 2] lib/util.c:dump_data(1830) [000] 87 F0 07 93 7D 17 F1 80 }... [2004/04/16 12:27:10, 2] rpc_parse/parse_prs.c:netsec_decode(1577) should be: [2004/04/16 12:27:10, 2] lib/util.c:dump_data(1830) [000] 00 00 00 00 80 00 00 00 [2004/04/16 12:27:10, 0] rpc_server
[Samba] Panic in Samba 3.0.3Pre2
Hi All, I hope someone can help me with this problem. I recently moved my Windows Print server to Linux (Red Hat 9.0, Samba 3.0.2) due to stability problems, however since i had a constant smbd panics I reverted back to my Windows 2000 server much to the disappointment of my manager and director. Having posted to this list someone suggested an upgrade to 3.0.3pre2 which solved their issues, I have now tried this and the problem would appear to keep returning. I have the server configured, and running in a test environment and all is well, I started loading my print drivers on, and checking my syslog revealed that the smbd was yet again panicing and bombing out with the following message:- Apr 20 15:21:02 gandalf2 smbd[6891]: [2004/04/20 15:21:02, 0] lib/fault.c:fault_report(36) Apr 20 15:21:02 gandalf2 smbd[6891]: === Apr 20 15:21:02 gandalf2 smbd[6891]: [2004/04/20 15:21:02, 0] lib/fault.c:fault_report(37) Apr 20 15:21:02 gandalf2 smbd[6891]: INTERNAL ERROR: Signal 11 in pid 6891 (3.0.3pre2) Apr 20 15:21:02 gandalf2 smbd[6891]: Please read the appendix Bugs of the Samba HOWTO collection Apr 20 15:21:02 gandalf2 smbd[6891]: [2004/04/20 15:21:02, 0] lib/fault.c:fault_report(39) Apr 20 15:21:02 gandalf2 smbd[6891]: === Apr 20 15:21:02 gandalf2 smbd[6891]: [2004/04/20 15:21:02, 0] lib/util.c:smb_panic2(1398) Apr 20 15:21:02 gandalf2 smbd[6891]: PANIC: internal error Apr 20 15:21:02 gandalf2 smbd[6891]: [2004/04/20 15:21:02, 0] lib/util.c:smb_panic2(1406) Apr 20 15:21:02 gandalf2 smbd[6891]: BACKTRACE: 27 stack frames: Apr 20 15:21:02 gandalf2 smbd[6891]:#0 smbd(smb_panic2+0x128) [0x81cb288] Apr 20 15:21:02 gandalf2 smbd[6891]:#1 smbd(smb_panic+0x19) [0x81cb159] Apr 20 15:21:02 gandalf2 smbd[6891]:#2 smbd [0x81b96f2] Apr 20 15:21:02 gandalf2 smbd[6891]:#3 /lib/tls/libc.so.6 [0x420275c8] Apr 20 15:21:02 gandalf2 smbd[6891]:#4 /lib/tls/libc.so.6(malloc+0x8b) [0x4207335b] Apr 20 15:21:02 gandalf2 smbd[6891]:#5 smbd(tdb_unpack+0x13b) [0x81e0b8b] Apr 20 15:21:02 gandalf2 smbd[6891]:#6 smbd [0x81f10ce] Apr 20 15:21:02 gandalf2 smbd[6891]:#7 smbd [0x81f1cd6] Apr 20 15:21:02 gandalf2 smbd[6891]:#8 smbd(get_a_printer+0x126) [0x81f3026] Apr 20 15:21:02 gandalf2 smbd[6891]:#9 smbd(_spoolss_getprinterdataex+0x1be) [0x8131dce] Apr 20 15:21:02 gandalf2 smbd[6891]:#10 smbd [0x811de3b] Apr 20 15:21:02 gandalf2 smbd[6891]:#11 smbd(api_rpcTNP+0x159) [0x814eba9] Apr 20 15:21:02 gandalf2 smbd[6891]:#12 smbd(api_pipe_request+0xaf) [0x814e96f] Apr 20 15:21:02 gandalf2 smbd[6891]:#13 smbd [0x8148056] Apr 20 15:21:02 gandalf2 smbd[6891]:#14 smbd [0x81483a9] Apr 20 15:21:02 gandalf2 smbd[6891]:#15 smbd [0x81485eb] Apr 20 15:21:02 gandalf2 smbd[6891]:#16 smbd [0x81487ec] Apr 20 15:21:02 gandalf2 smbd[6891]:#17 smbd(write_to_pipe+0xf2) [0x8148742] Apr 20 15:21:02 gandalf2 smbd[6891]:#18 smbd [0x808a58e] Apr 20 15:21:02 gandalf2 smbd[6891]:#19 smbd(reply_trans+0x54b) [0x808af5b] Apr 20 15:21:02 gandalf2 smbd[6891]:#20 smbd [0x80cb4ac] Apr 20 15:21:02 gandalf2 smbd[6891]:#21 smbd [0x80cb679] Apr 20 15:21:02 gandalf2 smbd[6891]:#22 smbd(process_smb+0x8f) [0x80cb88f] Apr 20 15:21:02 gandalf2 smbd[6891]:#23 smbd(smbd_process+0x167) [0x80cc4d7] Apr 20 15:21:02 gandalf2 smbd[6891]:#24 smbd(main+0x4d9) [0x82384a9] Apr 20 15:21:02 gandalf2 smbd[6891]:#25 /lib/tls/libc.so.6(__libc_start_main+0xe4) [0x42015574] Apr 20 15:21:02 gandalf2 smbd[6891]:#26 smbd(chroot+0x31) [0x8077521] Apr 20 15:21:02 gandalf2 smbd[6891]: Apr 20 15:21:02 gandalf2 smbd[6916]: [2004/04/20 15:21:02, 0] smbd/connection.c:register_message_flags(220) Apr 20 15:21:02 gandalf2 smbd[6916]: register_message_flags: tdb_fetch failed I understand that 3.0.3pre2 is a development version but I would appreciate some feed back on this issue, any suggestions to what may be causing it and any ideas as to how I can solve it. Thanks All Jez -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Latest windows patches have screwed up samba
Others have posted already about this, but so far nobody in the know has responded: I am getting an invalid error message when changing user passwords from the client machine (for example, by using ctl-alt-del and selecting "change password") from at least one Windows XP pro workstation (my own -- I have yet to escelate this further, in case I figure out that it's something simple.) When I attempt to change the password I get the message: "The system cannot change your password now because the domain FMDOM is not available." FMDOM is, of course, the name of my domain. However, the password is sucessfully changed. In my workstation log I get multiple entries (log level is set to 10) of: [2004/04/20 09:09:59, 0] passdb/passdb.c:pdb_free_sam(210) pdb_free_sam: SAM_ACCOUNT was NULL With only the time changing. There are four entries for each time I try changing the password. I set my log level to 10 and changed my password, I'm including log.nmbd and log.smbd in case it helps. Please request these files from me, I don't want to post unsolicited attachments to the list. I also have a tcp dump produced using ethereal of the time period the password change is taking place. I will provide this upon request. Thanks for any help, and I will post results back to the list (provided there are any) for those of you who are also experiencing this issue. TIA, --J(K) -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] [ntdom] Domain User to Local Admins
Hi! I am running a SuSE Linux Standard Sever 8 as PDC. Most of the things are running really fine, but I have one problem: I want the Domain Users to be Local admins on the clients. Domain Admins are already in Local Admins, but without the Domain Users there, the User cant install software there. I searched the net, but found nothing. Hope Somebody can help me. Samba version is 2.2.4 I think. Greetings! Hanno -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Reiser4 and ACLs?
> -Original Message- > From: Ken D'Ambrosio [mailto:[EMAIL PROTECTED] > While I know that ReiserFS 4.x > does, indeed, have the hooks for ACLs, it won't much matter if Samba > isn't making use of them. Does anyone know if/when Samba and Reiser4 > will live in ACL-based harmony? Samba is pretty filesystem-agnostic. My guess is, if ReiserFS 4.x supports ACLs in the same way as existing filesystems, through libacl, then it should work with Samba. As for whether this functionality exists yet, you'll have to ask the ReiserFS folks about that. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Samba 3 problem with users not being able to log on from some machines but they can logon from others
Any help would be GREATLY appreciated on this matter, as I am pulling my hair out. I have a Samba PDC running 3.0.2-6.3E. My problem I am experiencing is that I can have the same user (lets say John) be able to log in from workstation A. Sometimes, that user can not log into another workstation (say workstation B) on the domain. Yet other users can log into that workstation B with no problem. I am getting an error "Make sure your user name and password in the domain are correct." etc etc etc. We know the username/password is ok because that same user can log into another machine with no problem. Clients are Windows 2000 and Windows XP. PDC Operating system is Red Hat Enterprise ES 3.0. Can anyone PLEASE assist here! Thank you in advance. Jose *** Jose V. Martinez II 678-859-5339 [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Windows 2003 Server and Active Directory
Derek, Thank you so much for you willingness to help me out I truly appreciate it. I would love to see your conf file if that wouldn't be a problem. The PDC will be a Win 2k3 small business edition server and all the clients are 2k and XP pro. The last time I used samba was version 2.0.x and I always used it as the PDC never a member server, so to say I'm rusty would be an understatement ... LOL! Thank you again, Marc Ford, MCSE 2k, Linux+ Network Engineer [EMAIL PROTECTED] -Original Message- From: Derek Ragona [mailto:[EMAIL PROTECTED] Sent: Monday, April 19, 2004 6:08 PM To: Mark Ford Subject: Re: [Samba] Windows 2003 Server and Active Directory Marc, I just did a similar install using FreeBSD 5.2.1 and Samba 3.0.3, installed using the latest port. It works great, but there are a few hiccups. The winbind integretion doesn't seem to work as documented. The UNIX side still needed accounts to work, although it does authenticate to the Win2k ADS. Ihave the accounts created "on the fly" on the UNIX side and that works great. If you need more details, email me. -Derek At 05:02 PM 4/19/2004, you wrote: I am currently in need of turning my old Server into a data tank I don't want to buy another copy of server 2k or 2k3 I would like to use Linux and samba how ever I'm not sure if samba will work in an Active Directory Network or not can any one clear this up for me? Thank you, Marc Ford [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Samba 2.2.7a to Samba 3.0.2a
Hello List, I'm planning a migration from Samba 2.2.7a to 3.0.2a, samba is actually running on Solaris 8.0 on a sun E450. Now, Looking at the smb.conf (the global parameters) what should I take care of? # Global parameters [global] domain logons = yes security = user wins support = yes create mask = 0600 directory mask = 0700 log file = /var/samba/log.%m log level = 1 max log size = 0 interfaces = 10.52.1.1 10.42.1.1 domain master = Yes security mask = 0777 level2oplocks = no encrypt passwords = Yes dont descend = /proc,/dev,/etc,/usr printing = SYSV server string = Samba Server workgroup = hosts allow = 127. 10. 172.16. netbios name = ### socket options = TCP_NODELAY IPTOS_LOWDELAY SO_KEEPALIVE SO_RCVBUF=16384 SO_SNDBUF=16384 local master = Yes min passwd length = 6 os level = 99 oplocks = no use client driver = yes At the same question, this machine should be a domain controller (PDC?) and the preferable server, Should I take care of this in any manner? Obviously, if you can see any improvement that I could apply on Samba3.0.2a to make it work faster, I'm more than happy to do it :) Cheers!!! Pablo.- --- Outgoing mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.657 / Virus Database: 422 - Release Date: 13/04/2004 -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: RES: [Samba] Samba 3.0.2a with ADS w2k3 Active Directory, enctype s
Ok, if you're using MIT 1.3.3, you shouldn't need the default_tgs_enctypes = des-cbc-crc des-cbc-md5 default_tkt_enctypes = des-cbc-crc des-cbc-md5 lines. It should be fine without them...if it's still not, you probably need to send me an ethereal trace. Jim McDonough IBM Linux Technology Center Samba Team 6 Minuteman Drive Scarborough, ME 04074 USA [EMAIL PROTECTED] [EMAIL PROTECTED] Phone: (207) 885-5565 IBM tie-line: 776-9984 Estevam Henrique Carvalho <[EMAIL PROTECTED]> 04/20/2004 11:04 AM To Jim McDonough/Portland/[EMAIL PROTECTED], "Duran Munoz, Pedro" <[EMAIL PROTECTED]> cc samba <[EMAIL PROTECTED]>, [EMAIL PROTECTED] Subject RES: [Samba] Samba 3.0.2a with ADS w2k3 Active Directory, enctype s Hi Jim, I did what the doc says but the problem is the same. Does anybody saw this work ? I mean, is the Samba 3.0.2a+Kerberos MIT 1.3.3 able to be accessed by a WXP, W2K or W2K3 machine, using Kerberos tickets generated in a Windows 2003 KDC (W2K3 AD) ? Thanks -Mensagem original- De: Jim McDonough [mailto:[EMAIL PROTECTED] Enviada em: segunda-feira, 19 de abril de 2004 17:07 Para: Duran Munoz, Pedro Cc: Estevam Henrique Carvalho; samba; [EMAIL PROTECTED] Assunto: RE: [Samba] Samba 3.0.2a with ADS w2k3 Active Directory, enctypes This is a bug in Win2k3. See knowledgebase KB833708. The KB article itself isn't correct, because it states that if you request des-cbc-crc you'll get des-cbc-md5 tickets, but in reality you get rc4-hmac tickets. The KB article points you to a hotfix or a registry setting. Jim McDonough IBM Linux Technology Center Samba Team 6 Minuteman Drive Scarborough, ME 04074 USA [EMAIL PROTECTED] [EMAIL PROTECTED] Phone: (207) 885-5565 IBM tie-line: 776-9984 "Duran Munoz, Pedro" <[EMAIL PROTECTED]> Sent by: [EMAIL PROTECTED] 04/19/2004 09:42 AM To "Estevam Henrique Carvalho" <[EMAIL PROTECTED]> cc samba <[EMAIL PROTECTED]> Subject RE: [Samba] Samba 3.0.2a with ADS w2k3 Active Directory, enctypes Saludos / Best Regards Pedro Durán Muñoz Hello Henrique Actually I have the same problem as you. Firts I had tried an ADS w2k3 and Samba 3.0.2a integration without any success ( Only works IP NTML protocol, kerberos does not works ( hostaname instead IP address)) . After I tried w2k and Samba 3.0.2a integration and works fine. But I need an ADS w2k3 and Samba integration and for the moment does not works. We need the Samba team help for solve this issue ASAP, Is it possible for us Samba Team? -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Estevam Henrique Carvalho Sent: Monday, April 19, 2004 1:59 PM To: samba Subject: [Samba] Samba 3.0.2a with ADS w2k3 Active Directory, enctypes Hi people, I have a Linux box running Samba 3.0.2a in ADS mode MIT Kerberos 1.3.3. My W2K e WXP users can't access the linux box by netbios name, the only access that works is by IP address, I know that's caused because access thought IP address don't make use of Kerberos. The most strange for me it's that the same environment works fine with a W2K Active Directory, I read in same list the problem was the kerberos 1.2.x, then I changed to 1.3.3, but the problem remains. I also have tried the following combinations of parameters in the krb5.conf Test 1 - No permitted_enctypes [libdefaults] default_realm = HOME.EHC # The following krb5.conf variables are only for MIT Kerberos. default_tgs_enctypes = des-cbc-crc des-cbc-md5 default_tkt_enctypes = des-cbc-crc des-cbc-md5 #permitted_enctypes = des-cbc-crc des-cbc-md5 Result [2004/04/18 10:38:34, 10] libads/kerberos_verify.c:ads_verify_ticket(323) ads_verify_ticket: enc type [18] failed to decrypt with error Bad encryption type [2004/04/18 10:38:34, 10] libads/kerberos_verify.c:ads_verify_ticket(323) ads_verify_ticket: enc type [17] failed to decrypt with error Bad encryption type [2004/04/18 10:38:34, 10] libads/kerberos_verify.c:ads_verify_ticket(323) ads_verify_ticket: enc type [16] failed to decrypt with error Bad encryption type [2004/04/18 10:38:34, 10] libads/kerberos_verify.c:ads_verify_ticket(323) ads_verify_ticket: enc type [23] failed to decrypt with error Bad encryption type [2004/04/18 10:38:34, 10] libads/kerberos_verify.c:ads_verify_ticket(323) ads_verify_ticket: enc type [1] failed to decrypt with error Bad encryption type [2004/04/18 10:38:34, 3] libads/kerberos_verify.c:ads_verify_ticket(323) ads_verify_ticket: enc type [3] failed to decrypt with error Decrypt integrity check failed [2004/04/18 10:38:34, 10] libads/kerberos_verify.c:ads_verify_ticket(323) ads_verify_ticket: enc type [2] failed to decrypt with error Bad encryption type [2004/04/18 10:38:34, 10] passdb/secrets.c:secrets_named_mutex_release(710) secrets_named_mutex: released mutex for r
Re: [Samba] LDAP Q: What for use Containers
Hi, well, on NDS and Netware you could give file system access rights to a container and then all users in that container would inherit these rights. BTW, Windows and AD also cannot do this. Basically it is a way to not use groups but assign information to objects based on their position in the LDAP tree. I can imagine many more uses, e.g. default servers, logon servers, share access rights, ... The point is, is there any use of the hierarchical structure of the LDAP directory for Samba ? Or does Samba use the LDAP dir only like flat file or SQL DB ? AFAIK there is not yet much or maybe any support for such settings, but I want to discuss why not and wether others find it a useful thing to have. Regards, Schlomo On Tue, 20 Apr 2004, Paul Gienger wrote: > > > Schlomo Schapiro wrote: > > >Hi, > > > >I am planning a Samba3+LDAP installation and was wondering about the use > >of putting users into different containers on the LDAP server (similar to > >what people do on NDS/eDirectory). > > > >Is it possible to then assign rights, options, ... to the containers and > >have the users inherit these rights ? > > > > > What type of 'rights, options,...' are you looking for here? Perhaps > you are looking for a feature that could be given via groups, but more > specifics are necessary. > > >Having worked a lot in a Novell environment I of course got used to the > >convenience of assigning rights to containers. > > > >Is there currently any support for this in Samba ? > > > >Is there something planned to facilitate this feature ? I guess it will > >also have to go with the host file system ... > > > >Any input appreciated, > > > >Schlomo > > > > > > > > -- Regards, Schlomo -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] LDAP Q: What for use Containers
Schlomo Schapiro wrote: Hi, I am planning a Samba3+LDAP installation and was wondering about the use of putting users into different containers on the LDAP server (similar to what people do on NDS/eDirectory). Is it possible to then assign rights, options, ... to the containers and have the users inherit these rights ? What type of 'rights, options,...' are you looking for here? Perhaps you are looking for a feature that could be given via groups, but more specifics are necessary. Having worked a lot in a Novell environment I of course got used to the convenience of assigning rights to containers. Is there currently any support for this in Samba ? Is there something planned to facilitate this feature ? I guess it will also have to go with the host file system ... Any input appreciated, Schlomo -- Paul Gienger Office:701-281-1884 Applied Engineering Inc. Cell: 701-306-6254 Information Systems Consultant Fax: 701-281-1322 URL: www.ae-solutions.commailto:[EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RES: [Samba] Samba 3.0.2a with ADS w2k3 Active Directory, enctype s
Hi Jim, I did what the doc says but the problem is the same. Does anybody saw this work ? I mean, is the Samba 3.0.2a+Kerberos MIT 1.3.3 able to be accessed by a WXP, W2K or W2K3 machine, using Kerberos tickets generated in a Windows 2003 KDC (W2K3 AD) ? Thanks -Mensagem original- De: Jim McDonough [mailto:[EMAIL PROTECTED] Enviada em: segunda-feira, 19 de abril de 2004 17:07 Para: Duran Munoz, Pedro Cc: Estevam Henrique Carvalho; samba; [EMAIL PROTECTED] Assunto: RE: [Samba] Samba 3.0.2a with ADS w2k3 Active Directory, enctypes This is a bug in Win2k3. See knowledgebase KB833708. The KB article itself isn't correct, because it states that if you request des-cbc-crc you'll get des-cbc-md5 tickets, but in reality you get rc4-hmac tickets. The KB article points you to a hotfix or a registry setting. Jim McDonough IBM Linux Technology Center Samba Team 6 Minuteman Drive Scarborough, ME 04074 USA [EMAIL PROTECTED] [EMAIL PROTECTED] Phone: (207) 885-5565 IBM tie-line: 776-9984 "Duran Munoz, Pedro" <[EMAIL PROTECTED]> Sent by: [EMAIL PROTECTED] 04/19/2004 09:42 AM To "Estevam Henrique Carvalho" <[EMAIL PROTECTED]> cc samba <[EMAIL PROTECTED]> Subject RE: [Samba] Samba 3.0.2a with ADS w2k3 Active Directory, enctypes Saludos / Best Regards Pedro Durán Muñoz Hello Henrique Actually I have the same problem as you. Firts I had tried an ADS w2k3 and Samba 3.0.2a integration without any success ( Only works IP NTML protocol, kerberos does not works ( hostaname instead IP address)) . After I tried w2k and Samba 3.0.2a integration and works fine. But I need an ADS w2k3 and Samba integration and for the moment does not works. We need the Samba team help for solve this issue ASAP, Is it possible for us Samba Team? -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Estevam Henrique Carvalho Sent: Monday, April 19, 2004 1:59 PM To: samba Subject: [Samba] Samba 3.0.2a with ADS w2k3 Active Directory, enctypes Hi people, I have a Linux box running Samba 3.0.2a in ADS mode MIT Kerberos 1.3.3. My W2K e WXP users can't access the linux box by netbios name, the only access that works is by IP address, I know that's caused because access thought IP address don't make use of Kerberos. The most strange for me it's that the same environment works fine with a W2K Active Directory, I read in same list the problem was the kerberos 1.2.x, then I changed to 1.3.3, but the problem remains. I also have tried the following combinations of parameters in the krb5.conf Test 1 - No permitted_enctypes [libdefaults] default_realm = HOME.EHC # The following krb5.conf variables are only for MIT Kerberos. default_tgs_enctypes = des-cbc-crc des-cbc-md5 default_tkt_enctypes = des-cbc-crc des-cbc-md5 #permitted_enctypes = des-cbc-crc des-cbc-md5 Result [2004/04/18 10:38:34, 10] libads/kerberos_verify.c:ads_verify_ticket(323) ads_verify_ticket: enc type [18] failed to decrypt with error Bad encryption type [2004/04/18 10:38:34, 10] libads/kerberos_verify.c:ads_verify_ticket(323) ads_verify_ticket: enc type [17] failed to decrypt with error Bad encryption type [2004/04/18 10:38:34, 10] libads/kerberos_verify.c:ads_verify_ticket(323) ads_verify_ticket: enc type [16] failed to decrypt with error Bad encryption type [2004/04/18 10:38:34, 10] libads/kerberos_verify.c:ads_verify_ticket(323) ads_verify_ticket: enc type [23] failed to decrypt with error Bad encryption type [2004/04/18 10:38:34, 10] libads/kerberos_verify.c:ads_verify_ticket(323) ads_verify_ticket: enc type [1] failed to decrypt with error Bad encryption type [2004/04/18 10:38:34, 3] libads/kerberos_verify.c:ads_verify_ticket(323) ads_verify_ticket: enc type [3] failed to decrypt with error Decrypt integrity check failed [2004/04/18 10:38:34, 10] libads/kerberos_verify.c:ads_verify_ticket(323) ads_verify_ticket: enc type [2] failed to decrypt with error Bad encryption type [2004/04/18 10:38:34, 10] passdb/secrets.c:secrets_named_mutex_release(710) secrets_named_mutex: released mutex for replay cache mutex [2004/04/18 10:38:34, 3] libads/kerberos_verify.c:ads_verify_ticket(330) ads_verify_ticket: krb5_rd_req with auth failed (Bad encryption type) [2004/04/18 10:38:34, 1] smbd/sesssetup.c:reply_spnego_kerberos(173) Failed to verify incoming ticket! Test 2 - all enctypes that I know [libdefaults] default_realm = HOME.EHC # The following krb5.conf variables are only for MIT Kerberos. default_tgs_enctypes = des-cbc-crc des-cbc-md5 default_tkt_enctypes = des-cbc-crc des-cbc-md5 permitted_enctypes = aes256-cts-hmac-sha1-96 aes128-cts-hmac-sha1-96 arcfour-hmac arcfour-hmac-exp arcfour-hmac-md5 des des-cbc-crc des-cbc-md4 des-cbc-md5 des-cbc-raw des-cbc-rawv des-hmac-sha1 des3-cbc-raw des3-cbc-sha1 des3-cbc-sh
Re: [Samba] directory permissions & smb.conf
Hi Marcus simply mistake is use of valid users on share conf. This clause block any another users to access it and is useful for restrictive configs. First choice to create best access system is not use valid users and write list but create proper setup of linux passwd and groups items. Samba automatic work with this acces rights when user is logged to share. > [Electrical] > writable = yes > path = /share/share/Electrical User on linux can own more groups needed to work. But when you use directory ass owwner root and group Xxx when user connect to your share have write access then new files created by it have user owner not root and primary user group not group by updir! Then new files is not accessible for another users of share if you not set proper create mode mask and gruops... Samba default setup is set for user security not group. You must understand linux file system rights for best setup samba. If need help write bye. - Original Message - From: "marcusv" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Tuesday, April 20, 2004 9:56 AM Subject: [Samba] directory permissions & smb.conf > Hi there guys. > > I'm new to the list. > I have googled and yahooed, and been to several other mailing list to > see if I can find help there. > But with no luck. > > I'm trying to setup a share for several departments for our company. > So when I installed RedHat 9.0 I created a 30Gb partition. > > Please bare with me as I explain what I would like to do. > I have a directory > drwxrwx5 rootsiemagelec4096 Apr 15 13:46 share > within this directory. > drwsrwx---3 rootsiemagelec4096 Apr 19 15:43 share > within this directory. > drwxrwx5 rootsiemagelec4096 Apr 15 13:46 Electrical > drwxrwx5 rootMarketing4096 Apr 15 13:46 Marketing > drwxrwx5 rootCapital4096 Apr 15 13:46 Capital > > So meaning that if you have access to the 2nd share directory and you > belong to siemagelec you will only be able to access [read/write to the > Electrical folder] > This works,But it does not work for any of the other folders E.G > > Marketing > Capital > > Unless I change the group for the /share directory. as well as the group > for the /share/share directory. > > Now I'm not to sure what group these directories belong to.? and if I > should leave it as root. > > Or is it possible to create another group, lets call it siemag, and in > stead of adding users to this group, add groups to it. > > smb.conf file > [Electrical] > writable = yes > valid user = @siemagelec > write list = @siemagelec > path = /share/share/Electrical > > [Marketing] > writable = yes > valid user = @marketing > write list = @marketing > path = /share/share/Marketing > > [Capital] > writable = yes > valid user = @capital > write list = @capital > path = /share/share/Capital > > PS* I belong to all three groups. > Any assistance/pointers would be appreciated. > > Marcus Van Wyk > -- > To unsubscribe from this list go to the following URL and read the > instructions: http://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] LDAP Q: What for use Containers
Hi, I am planning a Samba3+LDAP installation and was wondering about the use of putting users into different containers on the LDAP server (similar to what people do on NDS/eDirectory). Is it possible to then assign rights, options, ... to the containers and have the users inherit these rights ? I observed that e.g. SuSE Enterprise server and other SuSE products put all users in the same context, thereby using the LDAP only as a better flat-file storage. Having worked a lot in a Novell environment I of course got used to the convenience of assigning rights to containers. Is there currently any support for this in Samba ? Is there something planned to facilitate this feature ? I guess it will also have to go with the host file system ... Any input appreciated, Schlomo -- Regards, Schlomo -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Vijay - samba profile copy error.
Hi, We have a Samba Domain controller running on Samba 2.2.3a-6 It was running perfectly fine until a week ago , and then suddendly some people are unable to login to the server and their profile does not get loaded. The error given is profile cannot be copied. etc etc. The errors in /var/log/samba for all the machines is as under : 2004/04/20 11:31:40, 0] lib/util_sock.c:matchname(900) sys_gethostbyname(garg): lookup failure. [2004/04/20 11:31:40, 0] lib/util_sock.c:get_socket_name(967) Matchname failed on garg 172.16.0.60 [2004/04/20 11:32:08, 0] smbd/service.c:make_connection(248) garg (172.16.0.60) couldn't find service netlogon [2004/04/20 11:47:49, 0] lib/util_sock.c:matchname(900) sys_gethostbyname(garg): lookup failure. [2004/04/20 11:47:49, 0] lib/util_sock.c:get_socket_name(967) Matchname failed on garg 172.16.0.60 [2004/04/20 11:58:08, 0] lib/util_sock.c:matchname(900) sys_gethostbyname(garg): lookup failure. [2004/04/20 11:58:08, 0] lib/util_sock.c:get_socket_name(967) Matchname failed on garg 172.16.0.60 [2004/04/20 12:10:42, 0] rpc_server/srv_netlog.c:api_net_sam_logon(206) api_net_sam_logon: Failed to marshall NET_R_SAM_LOGON. [2004/04/20 12:10:42, 0] rpc_server/srv_pipe.c:api_rpcTNP(1200) api_rpcTNP: api_netlog_rpc: NET_SAMLOGON failed. [2004/04/20 12:10:47, 0] lib/util_sock.c:matchname(900) sys_gethostbyname(garg): lookup failure. [2004/04/20 12:10:47, 0] lib/util_sock.c:get_socket_name(967) Matchname failed on garg 172.16.0.60 [2004/04/20 12:46:53, 0] lib/util_sock.c:matchname(900) sys_gethostbyname(garg): lookup failure. [2004/04/20 12:46:53, 0] lib/util_sock.c:get_socket_name(967) Matchname failed on garg 172.16.0.60 This is the same for all the machines. I checked teh dns entries, dhcp enteries , everything is allright. I am unable to understand anything on this. Kindly help. Regards, Vijay. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Re: md5 fail on large file
I have switched back to samba 2.2.8a (compiled from source) on linux 2.6.5: same behaviour. Marco Berizzi wrote: > Me again. I have upgraded to linux kernel > 2.6.5. However this problem hasn't gone away. > The md5 check is fine, coping the same file > from NT4TSE to a Windoze 2000sp4. > Coping the same file from a windoze 2000sp4 > to the samba share is ok. So the problem is > between NT4TSE and samba. > > NT4TSE --> SAMBA = KO > WIN2k --> SAMBA = OK > NT4TSE --> WIN2K = OK > > Can anybody help me? > Marco Berizzi wrote: > > Hello everybody. > > > > I'm experimenting this problem with > > samba 3.0.2a and linux 2.4.25 with > > ReiserFS. > > When I copy (put) a large file (5GB) > > from a Windows NT terminal server sp6a > > to the samba-linux box, the md5sum is > > different between the two file. Files > > size are identical. > > I'm using this command to copy these > > files from windows to samba: > > > > xcopy f:\ \\mimas\backup\exchange /e /c /h /r > > > > I have also tried to delete the old > > files from the samba share, but nothing > > change: I always get two different md5sum. > > With smaller files (400MB) md5sum is > > identical. > > When I transfer this large file with ftp > > (proftpd 1.2.9 on Linux), md5sum is ok. > > > > These two systems are connected to a 3COM > > 100bit/s switch. No collision/no error are > > detected at linux side box. Samba doesn't > > log anything relevant. No kernel error. > > Nothing. Samba box is running Slackware 9.1 > > + kernel 2.4.25 + samba 3.0.2a compiled > > from sources. > > > > Hints? > > > > PS: Please CC me I'm not subscribed to this list. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Re: samba 3.0.x / roaming profiles / NT MD4 problems (SOLVED/samba bug?)
Follow-up to myself ;-) First, the problem also exists with the smbpasswd and the ldapsamcompat backends. I've "fixed" the problem by putting "map to guest = Never" in the smb.conf, this still shows an NT MD4 password checking failed in the logs, but I don't get the profiles error anymore. Maybe this is a bug in samba? Logon and logoff now works perfectly with roaming profiles. --Wim Wim Vandersmissen wrote: Hi, I'm setting up a new sambserver, migrating from 2.2.8a with ldap backend to 3.0.x (3.0.2a and 3.0.3pre2 tested) with openldap 2.1.26 backend and using sambaSamAccount I'm experiencing the following problem: - Roaming profiles sometimes work, sometimes not (most of the time not) and show erratic behaviour like removing the local copy (without having the DeleteRoamingCache key in my registry) on a windows XP with SP1 joined to the domain I think I've pinpointed the problem to NT MD4 password checking (libsmb/ntlm_check.c:ntlm_password_check(322)) With debug on 100 and DEBUG_PASSWORD on it shows the following: [2004/04/10 22:23:49, 4] libsmb/ntlm_check.c:ntlm_password_check(322) ntlm_password_check: Checking NT MD4 password [2004/04/10 22:23:49, 100] libsmb/ntlm_check.c:smb_pwd_check_ntlmv1(67) Part password (P16) was | [2004/04/10 22:23:49, 100] lib/util.c:dump_data(1864) [000] AB A4 5E 23 42 B3 27 7E 03 0C DB 4F 97 48 B6 0E ..^#B.'~ ...O.H.. Password from client was | [2004/04/10 22:23:49, 100] lib/util.c:dump_data(1864) [000] 22 63 62 8E 2A BD 54 16 D1 0F EE 6C 0F B5 F7 46 "cb.*.T. ...l...F [010] 4E BB D2 52 74 EB B2 09 N..Rt... Given challenge was | [2004/04/10 22:23:49, 100] lib/util.c:dump_data(1864) [000] CE 8D D3 56 F8 7E 7D 7A ...V.~}z Value from encryption was | [2004/04/10 22:23:49, 100] lib/util.c:dump_data(1864) [000] 22 63 62 8E 2A BD 54 16 D1 0F EE 6C 0F B5 F7 46 "cb.*.T. ...l...F [010] 4E BB D2 52 74 EB B2 09 N..Rt... [2004/04/10 22:23:49, 4] auth/auth_sam.c:sam_account_ok(82) sam_account_ok: Checking SMB password for user testing It does that 3 times correctly, I guess it checks the authentication when the user logs on. Now a minute later it checks again, I guess for connecting to the profiles share? but now it fails. What results in Windows XP telling me that it can't find the profiles directory. [2004/04/10 22:25:22, 4] libsmb/ntlm_check.c:ntlm_password_check(322) ntlm_password_check: Checking NT MD4 password [2004/04/10 22:25:22, 100] libsmb/ntlm_check.c:smb_pwd_check_ntlmv1(67) Part password (P16) was | [2004/04/10 22:25:22, 100] lib/util.c:dump_data(1864) [000] AB A4 5E 23 42 B3 27 7E 03 0C DB 4F 97 48 B6 0E ..^#B.'~ ...O.H.. Password from client was | [2004/04/10 22:25:22, 100] lib/util.c:dump_data(1864) [000] EE 15 48 95 A2 6C D6 7A 14 C7 00 85 FE 20 D9 92 ..H..l.z . .. [010] B4 D0 21 FC F0 FB 7D 61 ..!...}a Given challenge was | [2004/04/10 22:25:22, 100] lib/util.c:dump_data(1864) [000] EC F9 F7 3E EE 20 47 E5 ...>. G. Value from encryption was | [2004/04/10 22:25:22, 100] lib/util.c:dump_data(1864) [000] E7 DE 31 72 F0 E2 E1 97 40 2B 15 86 CA 4E 2A 4F ..1r @+...N*O [010] 1D 32 DD 66 AC EA 8B 3C .2.f...< [2004/04/10 22:25:22, 3] libsmb/ntlm_check.c:ntlm_password_check(338) ntlm_password_check: NT MD4 password check failed for user testing When I edit libsmb/ntlm_check.c to always return a NT_STATUS_OK instead of a NT_STATUS_WRONG_PASSWORD the last check ofcourse works and the roaming profiles work perfectly. (but that isn't very secure ;) This is my current config, but I've used various mutations of it without success ;) Please let me know if you need any more information. Thanks, --Wim Vandersmissen # Global parameters [global] dos charset = CP850 unix charset = UTF-8 display charset = LOCALE workgroup = THEONEW netbios name = OROCHIMARU netbios aliases = netbios scope = server string = %h interfaces = bind interfaces only = No security = USER auth methods = encrypt passwords = Yes update encrypted = No client schannel = Auto server schannel = Auto allow trusted domains = Yes hosts equiv = min passwd length = 5 use cracklib = No map to guest = Bad Password null passwords = No obey pam restrictions = No password server = * smb passwd file = /usr/local/samba/private/smbpasswd private dir = /usr/local/samba/private passdb backend = ldapsam:ldap://localhost algorithmic rid base = 1000 root directory = guest account = nobody pam password change = No passwd program = passwd chat = *new*password* %n\n *new*password* %n\n *changed* passwd chat debug = No pas
Re: [Samba] Sync UNIX and SMB users
Hi, you can use the pam_smbpass module for that. User's password will be written to the Samba password system when a user logs on. Unfortunately the stock pam_smbpass module will update the password only once (e.g. only when the Samba password is EMPTY). I modified the pam_smbpass module to always update the Samba password, ask me if you need this feature. (NCP is the password source here and I need to keep the Samba password in-sync with it). Schlomo On Mon, 19 Apr 2004, Tim Mektrakarn wrote: > Hi, > > I'm new to Samba so I apologize if this topic has been covered in the past. > > I want to sync my UNIX users from /etc/shadow to my Samba users in > /etc/samba/smbpasswd > > How can I do this automatically? > > Thanks! > > Tim Mektrakarn > Systems Engineer > Loud Packet, Inc. > 27455 Tierra Alta Way, Suite A > Temecula, CA 92590 > Mobile: 909.757.5129 > Office: 714.263.9090 > Fax: 714.263.9001 > Email: [EMAIL PROTECTED] > Website: www.loudpacket.com > > *** http://www.VoIP-Forums.com *** > *** http://www.SIP-Forums.com *** > > > > -- Regards, Schlomo -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Ugrade from 2.2.8a to 3.0.2a fails with "PANIC: internal error"
Tried to upgrade our Solaris 8 domain controller from Samba 2.2.8a to Samba 3.0.2a. I get loads of errors in the log files then "PANIC: internal error". I removed all files in var/locks before upgrading. Below is what is in log.nmbd. Any one got any idea what is going wrong? [2004/04/20 10:33:07, 0] nmbd/nmbd.c:main(664) Netbios nameserver version 3.0.2a started. Copyright Andrew Tridgell and the Samba Team 1994-2004 [2004/04/20 10:33:07, 0] lib/charcnv.c:init_iconv(134) Conversion from UCS-2LE to UTF-8 not supported [2004/04/20 10:33:07, 0] lib/charcnv.c:init_iconv(134) Conversion from UTF-8 to UCS-2LE not supported [2004/04/20 10:33:07, 0] lib/charcnv.c:init_iconv(134) Conversion from UTF-8 to 646 not supported [2004/04/20 10:33:07, 0] lib/charcnv.c:init_iconv(134) Conversion from UTF-8 to CP850 not supported [2004/04/20 10:33:07, 0] lib/charcnv.c:init_iconv(134) Conversion from UTF-8 to UTF8 not supported [2004/04/20 10:33:07, 0] lib/charcnv.c:init_iconv(134) Conversion from 646 to UTF-8 not supported [2004/04/20 10:33:07, 0] lib/charcnv.c:init_iconv(134) Conversion from CP850 to UTF-8 not supported [2004/04/20 10:33:07, 0] lib/charcnv.c:init_iconv(134) Conversion from UTF8 to UTF-8 not supported [2004/04/20 10:33:07, 0] lib/charcnv.c:init_iconv(134) Conversion from UCS-2LE to UTF-8 not supported [2004/04/20 10:33:07, 0] lib/charcnv.c:init_iconv(134) Conversion from UTF-8 to UCS-2LE not supported [2004/04/20 10:33:07, 0] lib/charcnv.c:init_iconv(134) Conversion from UTF-8 to 646 not supported [2004/04/20 10:33:07, 0] lib/charcnv.c:init_iconv(134) Conversion from UTF-8 to CP850 not supported [2004/04/20 10:33:07, 0] lib/charcnv.c:init_iconv(134) Conversion from UTF-8 to UTF8 not supported [2004/04/20 10:33:07, 0] lib/charcnv.c:init_iconv(134) Conversion from 646 to UTF-8 not supported [2004/04/20 10:33:07, 0] lib/charcnv.c:init_iconv(134) Conversion from CP850 to UTF-8 not supported [2004/04/20 10:33:07, 0] lib/charcnv.c:init_iconv(134) Conversion from UTF8 to UTF-8 not supported [2004/04/20 10:33:07, 0] nmbd/asyncdns.c:start_async_dns(150) started asyncdns process 21525 [2004/04/20 10:33:07, 0] lib/charcnv.c:convert_string_allocate(473) convert_string_allocate: Conversion not supported. [2004/04/20 10:33:07, 0] lib/charcnv.c:convert_string_allocate(473) convert_string_allocate: Conversion not supported. [2004/04/20 10:33:07, 0] lib/charcnv.c:convert_string_allocate(473) convert_string_allocate: Conversion not supported. [2004/04/20 10:33:07, 0] lib/charcnv.c:convert_string_allocate(473) convert_string_allocate: Conversion not supported. [2004/04/20 10:33:07, 0] lib/charcnv.c:convert_string_allocate(473) convert_string_allocate: Conversion not supported. [2004/04/20 10:33:07, 0] lib/charcnv.c:convert_string_allocate(473) convert_string_allocate: Conversion not supported. [2004/04/20 10:33:07, 0] lib/charcnv.c:convert_string_allocate(473) convert_string_allocate: Conversion not supported. [2004/04/20 10:33:07, 0] lib/charcnv.c:convert_string_allocate(473) convert_string_allocate: Conversion not supported. [2004/04/20 10:33:07, 0] lib/charcnv.c:convert_string_allocate(473) convert_string_allocate: Conversion not supported. [2004/04/20 10:33:07, 0] lib/charcnv.c:convert_string_allocate(473) convert_string_allocate: Conversion not supported. [2004/04/20 10:33:07, 0] lib/charcnv.c:convert_string_allocate(473) convert_string_allocate: Conversion not supported. [2004/04/20 10:33:07, 0] lib/charcnv.c:convert_string_allocate(473) convert_string_allocate: Conversion not supported. [2004/04/20 10:33:07, 0] lib/charcnv.c:convert_string_allocate(473) convert_string_allocate: Conversion not supported. [2004/04/20 10:33:07, 0] lib/fault.c:fault_report(36) === [2004/04/20 10:33:07, 0] lib/fault.c:fault_report(37) INTERNAL ERROR: Signal 11 in pid 21524 (3.0.2a) Please read the appendix Bugs of the Samba HOWTO collection [2004/04/20 10:33:07, 0] lib/fault.c:fault_report(39) === [2004/04/20 10:33:07, 0] lib/util.c:smb_panic(1400) PANIC: internal error -- Michael Keightley <[EMAIL PROTECTED]>Tel: +44 131 240 3137 Systems Manager, Quadstone Limited,Fax: +44 131 220 4492 16 Chester Street, Edinburgh EH3 7RA, Scotland http://www.quadstone.com -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Drop User from Samba
Hi Mariusz, I have same matter and just kill the appropriate SMB process ID for ex, you can type: kill 1112 to reject user2 Mariusz Woźniak <[EMAIL PROTECTED]> Sent by: To: [EMAIL PROTECTED] [EMAIL PROTECTED] cc: .samba.orgSubject: [Samba] Drop User from Samba 04/20/04 03:00 PM Please respond to Mariusz Woźniak How can i drop active connection to samba ? netstat -a: tcp0 0 Mordor:netbios-ssn 192.168.1.8:1062 ESTABLISHED tcp0 0 Mordor:netbios-ssn 192.168.1.9:1025 ESTABLISHED smbstatus: Samba version 2.2.7a-security-rollup-fix Service uid gid pid machine -- Program nobody nobody user1 (192.168.1.8) Mon Apr 19 06:06:50 2004 Program user2user21112 user2 (192.168.1.9) Tue Apr 20 06:49:41 2004 Locked files: PidDenyMode Access R/WOplock Name -- DENY_NONE 0x1 RDONLY EXCLUSIVE+BATCH /home/SRV/Montaz/magazyn.INI Tue Apr 20 08:24:51 2004 1112 DENY_WRITE 0x1 RDONLY NONE /home/SRV/P/magazyn.exe Tue Apr 20 08:47:44 2004 i want to reject/drop/kick/disconnect etc. user2. How can i do this (via samba commands, ipchains, iptables or what ?) I need reject user2 (not blocking magazyn.exe. copy to samba new magazyn.exe then user2 can again connect to samba, all this operations must be without changes to other samba users) and leave user as he is right now. -- Pozdrowienia, Mariusz mailto:[EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Drop User from Samba
How can i drop active connection to samba ? netstat -a: tcp0 0 Mordor:netbios-ssn 192.168.1.8:1062 ESTABLISHED tcp0 0 Mordor:netbios-ssn 192.168.1.9:1025 ESTABLISHED smbstatus: Samba version 2.2.7a-security-rollup-fix Service uid gid pid machine -- Program nobody nobody user1 (192.168.1.8) Mon Apr 19 06:06:50 2004 Program user2user21112 user2 (192.168.1.9) Tue Apr 20 06:49:41 2004 Locked files: PidDenyMode Access R/WOplock Name -- DENY_NONE 0x1 RDONLY EXCLUSIVE+BATCH /home/SRV/Montaz/magazyn.INI Tue Apr 20 08:24:51 2004 1112 DENY_WRITE 0x1 RDONLY NONE /home/SRV/P/magazyn.exe Tue Apr 20 08:47:44 2004 i want to reject/drop/kick/disconnect etc. user2. How can i do this (via samba commands, ipchains, iptables or what ?) I need reject user2 (not blocking magazyn.exe. copy to samba new magazyn.exe then user2 can again connect to samba, all this operations must be without changes to other samba users) and leave user as he is right now. -- Pozdrowienia, Mariusz mailto:[EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] directory permissions & smb.conf
Hi there guys. I'm new to the list. I have googled and yahooed, and been to several other mailing list to see if I can find help there. But with no luck. I'm trying to setup a share for several departments for our company. So when I installed RedHat 9.0 I created a 30Gb partition. Please bare with me as I explain what I would like to do. I have a directory drwxrwx5 rootsiemagelec4096 Apr 15 13:46 share within this directory. drwsrwx---3 rootsiemagelec4096 Apr 19 15:43 share within this directory. drwxrwx5 rootsiemagelec4096 Apr 15 13:46 Electrical drwxrwx5 rootMarketing4096 Apr 15 13:46 Marketing drwxrwx5 rootCapital4096 Apr 15 13:46 Capital So meaning that if you have access to the 2nd share directory and you belong to siemagelec you will only be able to access [read/write to the Electrical folder] This works,But it does not work for any of the other folders E.G Marketing Capital Unless I change the group for the /share directory. as well as the group for the /share/share directory. Now I'm not to sure what group these directories belong to.? and if I should leave it as root. Or is it possible to create another group, lets call it siemag, and in stead of adding users to this group, add groups to it. smb.conf file [Electrical] writable = yes valid user = @siemagelec write list = @siemagelec path = /share/share/Electrical [Marketing] writable = yes valid user = @marketing write list = @marketing path = /share/share/Marketing [Capital] writable = yes valid user = @capital write list = @capital path = /share/share/Capital PS* I belong to all three groups. Any assistance/pointers would be appreciated. Marcus Van Wyk -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Premission
On 19 Apr 2004 at 15:15, Mike Stewart wrote: Hello Mike thank you for your Time Yes this is the solution. Manfred > Hi Manfred, I had the same requirement for accessing ALL the user's home > folders. This is the entry I have for the share in smb.conf It works OK > for me. > > [private] > comment = Access for Backup of *Central Server* > path = /home > admin users = mike, ray > browseable = Yes > > > Hope this helps > > Mike -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
