Re: [Samba] 3.0 PDC Cannot find root user
Matthew J. DiBattista wrote: What is the error message you are getting? Account does not exist Why do you want root access thru samba? I do *not* want root access through samba. I want to have samba create machines accounts automatically for new clients that are joining the domain. According to all documentation that I have read (regardless of samba version), there needs to be a root account in samba, which is the equivalent of the Domain Administrator in Windows. This is the only account that is authorized to add new machines to the domain. I created this account using smbpasswd -a root, and gave it a password. For what its worth, if the machine account has been manually created in Samba, then the initial logon with root works. It just won't work if the machine account does not exist. If the machine account does not exist, it will give There was an error joining the domain mydomain, the specified account could not be found. However, if I ssh into the server and create the machine account manually, then the same login (root, with the smbpasswd password) works to add the machine. Hopefully this clears things up a bit. Why not just include yourself in the root and wheel group. My regular user account on the linux server is in wheel group. [trimmed rest] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Machine Accounts in Samba3 and OpenLDAP
Hi, Trying to run Samba3 and OpenLDAP.. and have a problem with adding computers to domain while checking logs i found that samba is doing such search : smbldap_search: base = [dc=forbis,dc=lt], filter = [((uid=test$)(objectclas s=sambaSamAccount))], scope = [2] [2004/04/26 09:45:46, 4] passdb/pdb_ldap.c:ldapsam_getsampwnam(1062) ldapsam_getsampwnam: Unable to locate user [test$] count=0 i use smbldap-useradd script to add computers .. and entry is without sambaSamAccount atribute in smbldap-useradd.pl i found comented entry that samba add sambaSamAccoun atribute automaticaly... somehow it do not happens.. Also i tryed to put ldap filter = (uid=%u) entry in my smb.conf file ..also nothing happend samba still searchs in sambaSamAccount Tryed to uncoment this part of code ... script adds sambaSamAccount atribute .. but still cant join domain.. windows message is same The user name could be not find And right now im out of ideas ... any help ? Su pagarba, Ruslanas Cechovskis UAB Forbis inzinerius -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Réf. : [Samba] Machine Accounts in Samba3 and OpenLDAP
Hi, I know, I put a bug with no response, normaly, if you uncomment the part of code ... script adds sambaSamAccount atribute, you can adding computers on two step : first step : you have : windows message is same The user name could be not find - samba try to add the machine account because not found the entry second step : the connection work fine - samba found entry and modify correcly entry (sambaNTPassword, ) --- Stéphane PURNELLE [EMAIL PROTECTED] Service Informatique Corman S.A. Tel : 00 32 087/342467 |-+- | | Ruslanas Cechovskis [EMAIL PROTECTED]| | | Envoyé par : | | | [EMAIL PROTECTED]| | | s.samba.org | | | | | | | | | 26/04/2004 11:15 | | | | |-+- ---| | | |Pour : [EMAIL PROTECTED] | |cc : | |Objet : [Samba] Machine Accounts in Samba3 and OpenLDAP | ---| Hi, Trying to run Samba3 and OpenLDAP.. and have a problem with adding computers to domain while checking logs i found that samba is doing such search : smbldap_search: base = [dc=forbis,dc=lt], filter = [((uid=test$)(objectclas s=sambaSamAccount))], scope = [2] [2004/04/26 09:45:46, 4] passdb/pdb_ldap.c:ldapsam_getsampwnam(1062) ldapsam_getsampwnam: Unable to locate user [test$] count=0 i use smbldap-useradd script to add computers .. and entry is without sambaSamAccount atribute in smbldap-useradd.pl i found comented entry that samba add sambaSamAccoun atribute automaticaly... somehow it do not happens.. Also i tryed to put ldap filter = (uid=%u) entry in my smb.conf file ..also nothing happend samba still searchs in sambaSamAccount Tryed to uncoment this part of code ... script adds sambaSamAccount atribute .. but still cant join domain.. windows message is same The user name could be not find And right now im out of ideas ... any help ? Su pagarba, Ruslanas Cechovskis UAB Forbis inzinerius -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] member server is not resolving usernames anymore
Dear List, from one day to the next I am experiencing problems with my Samba/LDAP-Setup. We have one PDC (Master LDAP), a Slave LDAP and a fileserver. The problem is that I can not change the access rights of a file from a windows client. The fileserver a) does not resolve the SIDs anymore b) does not find the username (if e.g. entered one for adding) The problem seems to be that the fileserver does not resolves via LDAP anymore, but local as the shown search path for the user object is \\fileserver. The weird is that the basic access functionality is still there, so the problem is just with changing a files (or directory) access attributes. Thank you very much for any input and help! Matthias --- /etc/samba/smb.conf (fileserver) [global] workgroup = KERNZEIT netbios name = FILESERVER server string = %h announce version = 5.0 os level = 20 passdb backend = ldapsam:ldap://10.1.1.1 ldap://10.1.1.10; ldap suffix = dc=kernzeit,dc=com ldap machine suffix = ou=smb-machines,ou=NSS,dc=kernzeit,dc=com ldap admin dn = cn=admin,dc=kernzeit,dc=com ldap ssl = no ldap user suffix = dc=kernzeit,dc=com ldap group suffix = ou=groups,ou=nss #LOG STUFF log file = /var/log/samba/log.%m max log size = 1000 log level = 3 syslog = 0 #NETWORK interfaces = 10.1.1.20/16 hosts allow = 10.1. 10.99. bind interfaces only = yes socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 #SECURITY null passwords = no #admin users = @domadmins encrypt passwords = true guest account = nobody obey pam restrictions = no security = domain #password server = LOGIN, APPSERVER password server = LOGIN #FEATURES panic action = /usr/share/samba/panic-action %d nt acl support = yes wins support = no wins proxy = no wins server = 10.1.1.1 dns proxy = no local master = no preferred master = no #DOMAIN STUFF domain master = no domain logons = no #INTERNATIONALIZATION unix charset = iso8859-15 dos charset = cp850 #=== Share Definitions === [temp] path = /data/temp browsable = yes writable = yes directory mask = 770 create mask = 770 nt acl support = yes vfs objects = recycle --- --- /var/log/samba/log.client [2004/04/23 14:42:47, 3] rpc_server/srv_pipe.c:api_rpcTNP(1509) api_rpcTNP: rpc command: SPOOLSS_OPENPRINTEREX checking name: \\fileserver\lf [2004/04/23 14:42:47, 3] rpc_server/srv_spoolss_nt.c:set_printer_hnd_printertype(447) Setting printer type=\\fileserver\lf [2004/04/23 14:42:47, 3] rpc_server/srv_lsa_hnd.c:close_policy_hnd(200) Closed policy [2004/04/23 14:42:47, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(544) free_pipe_context: destroying talloc pool of size 68 [2004/04/23 14:42:47, 3] smbd/process.c:process_smb(890) Transaction 1717 of length 104 [2004/04/23 14:42:47, 3] smbd/process.c:switch_message(685) switch message SMBntcreateX (pid 582) [2004/04/23 14:42:47, 3] smbd/error.c:error_packet(118) error packet at smbd/nttrans.c(498) cmd=162 (SMBntcreateX) NT_STATUS_OBJECT_NAME_NOT_FOUND [2004/04/23 14:42:47, 3] smbd/process.c:process_smb(890) Transaction 1718 of length 104 [2004/04/23 14:42:47, 3] smbd/process.c:switch_message(685) switch message SMBntcreateX (pid 582) [2004/04/23 14:42:47, 3] smbd/error.c:error_packet(118) error packet at smbd/nttrans.c(498) cmd=162 (SMBntcreateX) NT_STATUS_OBJECT_NAME_NOT_FOUND [2004/04/23 14:43:47, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 --- -- Matthias Eichler [EMAIL PROTECTED] kernzeit AG -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Samba 3 in ADS
Hi list -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Software
Microsoft Windows XP Professiornal 2002 Retail price: $270.99 Our low PricGe: $50.00 You Save: $220.00 Adobe Photoshvop 7.0 Retail price: $609.99 Our low Price: $60.00 You Savqe: $550.00 Microsoft Office XP Professional 2002 Retail price: $579.99 Our low Price: $60.00 You SavRe: $510.00 Adobe Illustrator 10 Retainl price: $270.99 Our low Price: $60.00 You Savke: $210.00 Corel Draw Graphics Suite 11 ReFtail price: $270.99 Our low Pricqe: $60.00 You Save: $210.00 Delphi 7 RetaiNl price: $404.99 Our low Price: $60.00 You Save: $335.00 And more!!! Why so cheap? All the software is OEM- MeaninAg that you don't get the box and the manual with your software. All you will receivle is the actual software and your unique registration code. All the softwarce is in the English language for PC. Our offers are unbeatablje and we always update our prices to make sure we provide you with the besVt possible offers. Hurry up and place your ordper, because our supplies are limited. VisiFt us now! http://XLANDA.BIZ/OE017/?affiliate_id=233763campaign_id=601 KTGjxJ EdRQTtr XAZt QRTdxZRYl UthjNT eudCfTF YAzgRxGQ QyIzBh zufKnn RzcKDxO gCxK AXkGOTmHA LqZnyy TEiXRcx VNarDhUa RvXebM LoumbL lojKXOV UTXq DLrVozPpr knwmbi CwxEtIT tuQtoLQm euawpo WhGotU LGVWiqt MAcH TxycMkTbo nbLEqT LXYfQJL MHVfaIFd qzBPBn bvppIq cnTKbGI gxuR jbNpcyVfP uGGWVH rkYbDbp lLqRwypP qBRgQU FLZvhG bdBIvMH xpTN CvgvQFKHW lAceuH PucYaeb CMxouVGd IiyPEo vpXqDy uHRcylf wliy NXVerPJvA UUpzjK OtdrGxa yAyKFVXO tLLoQf -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Can't add Win2k machine to Samba domain (PDC+LDAP)
Hi When I am try to add Win2k to domain, I get a error message: Error when attempting to join the domain MyDOMAIN No mapping between account names and security IDs was done (such messages were in spanish. My Win2k is spanish version) I have the following setup - Linux Red Hat 9 (kernel-2.4.20-8) - Samba 2.2.7a - Samba as PDC using LDAP Already I have done all the instructions in SMB-LDAP PDC HOWTO from IDEALX (http://www.idealx.org/prj/samba/index.en.html) But I have the same trouble. I thin'k this is the relevant logs entries [2004/04/21 21:12:32, 3] rpc_server/srv_pipe.c:api_rpcTNP(1180) api_rpcTNP: pipe 29832 rpc command: SAMR_CREATE_USER [2004/04/21 21:12:32, 3] smbd/sec_ctx.c:push_sec_ctx(282) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2004/04/21 21:12:32, 3] smbd/uid.c:push_conn_ctx(286) push_conn_ctx(100) : conn_ctx_stack_ndx = 0 [2004/04/21 21:12:32, 3] smbd/sec_ctx.c:set_sec_ctx(314) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2004/04/21 21:12:32, 2] passdb/pdb_ldap.c:ldap_open_connection(216) ldap_open_connection: connection opened [2004/04/21 21:12:32, 2] passdb/pdb_ldap.c:ldap_connect_system(250) ldap_connect_system: succesful connection to the LDAP server [2004/04/21 21:12:32, 2] passdb/pdb_ldap.c:ldap_search_one_user(262) ldap_search_one_user: searching for:[((uid=revillam$)(objectclass=sambaAccount))] [2004/04/21 21:12:32, 2] passdb/pdb_ldap.c:get_single_attribute(360) get_single_attribute: [uid] = [revillam$] [2004/04/21 21:12:32, 2] passdb/pdb_ldap.c:init_sam_from_ldap(495) Entry found for user: revillam$ [2004/04/21 21:12:32, 2] passdb/pdb_ldap.c:get_single_attribute(360) get_single_attribute: [pwdLastSet] = [1082585220] [2004/04/21 21:12:32, 2] passdb/pdb_ldap.c:get_single_attribute(360) get_single_attribute: [logonTime] = [0] [2004/04/21 21:12:32, 2] passdb/pdb_ldap.c:get_single_attribute(360) get_single_attribute: [logoffTime] = [2147483647] [2004/04/21 21:12:32, 2] passdb/pdb_ldap.c:get_single_attribute(360) get_single_attribute: [kickoffTime] = [2147483647] [2004/04/21 21:12:32, 2] passdb/pdb_ldap.c:get_single_attribute(360) get_single_attribute: [pwdCanChange] = [1] [2004/04/21 21:12:32, 2] passdb/pdb_ldap.c:get_single_attribute(360) get_single_attribute: [pwdMustChange] = [2147483647] [2004/04/21 21:12:32, 2] passdb/pdb_ldap.c:get_single_attribute(360) get_single_attribute: [cn] = [revillam$] [2004/04/21 21:12:32, 2] passdb/pdb_ldap.c:get_single_attribute(354) get_single_attribute: [homeDrive] = [does not exist] [2004/04/21 21:12:32, 2] passdb/pdb_ldap.c:get_single_attribute(354) get_single_attribute: [smbHome] = [does not exist] [2004/04/21 21:12:32, 2] passdb/pdb_ldap.c:get_single_attribute(354) get_single_attribute: [scriptPath] = [does not exist] [2004/04/21 21:12:32, 2] passdb/pdb_ldap.c:get_single_attribute(354) get_single_attribute: [profilePath] = [does not exist] [2004/04/21 21:12:32, 2] passdb/pdb_ldap.c:get_single_attribute(360) get_single_attribute: [description] = [Computer] [2004/04/21 21:12:32, 2] passdb/pdb_ldap.c:get_single_attribute(354) get_single_attribute: [userWorkstations] = [does not exist] [2004/04/21 21:12:32, 2] passdb/pdb_ldap.c:get_single_attribute(360) get_single_attribute: [rid] = [3424] [2004/04/21 21:12:32, 2] passdb/pdb_ldap.c:get_single_attribute(360) get_single_attribute: [primaryGroupID] = [1201] [2004/04/21 21:12:32, 2] passdb/pdb_ldap.c:init_sam_from_ldap(593) init_sam_from_ldap: User [revillam$] does not ave a uid! I can't understand this last line, because in the previous lines I can read: for:[((uid=revillam$)(objectclass=sambaAccount))] [2004/04/21 21:12:32, 2] passdb/pdb_ldap.c:get_single_attribute(360) get_single_attribute: [uid] = [revillam$] It seems like the uid exits, Or maybe I'm doing something really wrong. Does anyone idea how to solve this ?? By the moment we are not planing a migration to Samba 3.0 stuff. Best regards -- Hardy Beltran Monasterios [EMAIL PROTECTED] Usuario Linux #50949 - http://counter.li.org La Paz, Bolivia -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Printing in 3.0.1
Client: add new printer - network printer - browse for network printers , and here is the problem, the samba isn't shown as a print server, it's displayed in the network browser but not if want to add a new printer. the printers are shown in the normal network browser if I click on the samba server. This was fixed with 3.0.2. From WHATSNEW: * BUG 101: set the SV_TYPE_PRINTQ_SERVER flag in host announcement packet. ~ Daniel --- This message is the property of Time Inc. or its affiliates. It may be legally privileged and/or confidential and is intended only for the use of the addressee(s). No addressee should forward, print, copy, or otherwise reproduce this message in any manner that would allow it to be viewed by any individual not originally listed as a recipient. If the reader of this message is not the intended recipient, you are hereby notified that any unauthorized disclosure, dissemination, distribution, copying or the taking of any action in reliance on the information herein is strictly prohibited. If you have received this communication in error, please immediately notify the sender and delete this message. Thank you. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Printing in 3.0.1
thx, will update to 3.0.2a and report regards manfred Am Montag, 26. April 2004 14:43 schrieb [EMAIL PROTECTED]: Client: add new printer - network printer - browse for network printers , and here is the problem, the samba isn't shown as a print server, it's displayed in the network browser but not if want to add a new printer. the printers are shown in the normal network browser if I click on the samba server. This was fixed with 3.0.2. From WHATSNEW: * BUG 101: set the SV_TYPE_PRINTQ_SERVER flag in host announcement packet. ~ Daniel --- This message is the property of Time Inc. or its affiliates. It may be legally privileged and/or confidential and is intended only for the use of the addressee(s). No addressee should forward, print, copy, or otherwise reproduce this message in any manner that would allow it to be viewed by any individual not originally listed as a recipient. If the reader of this message is not the intended recipient, you are hereby notified that any unauthorized disclosure, dissemination, distribution, copying or the taking of any action in reliance on the information herein is strictly prohibited. If you have received this communication in error, please immediately notify the sender and delete this message. Thank you. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] missing files with linux CIFS client, smbclient OK
In a directory with approximately 300 files, several (dozens) files are missing if the directory is mounted with /sbin/mount.cifs via the Linux CIFS module kernel/fs/cifs/cifs.o. We are using a Redhat Linux Workstation Version 3 with kernel 2.4.21-9.0.3.EL including cifs-1.0.2b. The problem occurs on a Samba server 3.0.2a running Solaris 2.8 as well as using the precompiled Redhat Linux Samba server. If the samba client is changed from CIFS kernel module to smbclient, all files are listed as expected. As far as we can see, the string get_lanman2_dir_entry: out of space is printed in the samba server debug log (only one time using the CIFS module leading to missing files, several times using smbclient where everything is OK). Thanks in advance for a reply. Joerg Behrend University of Cologne Institute of Mathematics -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Samba, best meds
Do you mind? :))) One of the most feared expressions in modern times is ''The computer is down'' The life of man is a journey a journey that must be traveled, however bad the roads or the accommodation. Samba, need cheap super-VIA? http://outsoles.gfd-online.com/cia/?dcent commensurability You can't learn less. When a blind man bears the standard, pity those who follow. http://mesognathic.cheappillz.biz/zz.html tubbed Science is nothing, but trained and organized common sense. Show me someone who has done something worthwhile, and I'll show you someone who has overcome adversity. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Force user and force group?
What does the Force user and Force Group option do under the homes and profiles section of the smb.conf file do? Jose -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Samba 3 PDC+LDAP questions
I waited for Samba 3 to come out to use the PDC+LDAP functionality and I'm glad I did. What an improvement! I have it installed and is working quite well except for a few things. 1. With Samba 2, you couldn't use the Crtl-Alt-Del password change feature. If I remember right, there wasn't a way that Samba could get the old password clear text to check for against the Samba's current password. Is this still true for Samba 3? After logging in, I tried change the password but it said the domain was unavailable but if I logout and try to log back in, I have to use the new password. So, it works but Windows doesn't seem to get the correct response back from the Samba server to know that it worked. It seems like I probably missed a configuration setting. 2. I am using the idealx scripts. I also use Kerberos for storing passwords for the users to be able to login using a shell or imap. They only thing I don't like is have to enable the admin dn in openldap and then putting the password in plain text in the smbldap_conf.pm file. Is there a way around having to do this? Other than that, everything works very well! Keep up the good work! Thanks, Doug -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Issues with Samba 3.0.2 on OSX using ADS.
Can anyone help me with this? -Original Message- From: Huyler, Christopher M Sent: Friday, April 23, 2004 3:47 PM To: [EMAIL PROTECTED] Subject: [Samba] Issues with Samba 3.0.2 on OSX using ADS. We have a Win2K network at work and I've been trying to integrate my Mac 10.3 machine into the network. It seems that once one thing is working, something else is not. I have read through various Mac tutorials found on the web but none seem to solve my problem. Right now I have Active Directory Domain Logons working successfully but Samba will not allow anyone (from Mac/Unix/Windows) to connect. I keep getting the following entries in the /var/log/samba/log.smbd log: [2004/04/23 15:07:03, 0] /SourceCache/samba/samba-56/samba/source/smbd/server.c:main(747) smbd version 3.0.2 started. Copyright Andrew Tridgell and the Samba Team 1992-2004 [2004/04/23 15:07:19, 1] /SourceCache/samba/samba-56/samba/source/smbd/sesssetup.c:reply_spnego_k erberos(173) Failed to verify incoming ticket! I can't figure it out. I'm positive that Kerberos is configured correctly because I can run kinit and klist successfully and I can log in using my domain account. Here is some more info: [EMAIL PROTECTED] root]# net ads leave -S usildc03 -U huych02% Removed 'USFROSX1' from realm 'CA.COM' [EMAIL PROTECTED] root]# net ads testjoin -S usildc03 -U huych02% [2004/04/23 15:33:27, 0] /SourceCache/samba/samba-56/samba/source/libads/kerberos.c:ads_kinit_pas sword(133) kerberos_kinit_password [EMAIL PROTECTED] failed: Client not found in Kerberos database Join to domain is not valid [EMAIL PROTECTED] root]# net ads join -S usildc03 -U huych02% [2004/04/23 15:33:42, 0] /SourceCache/samba/samba-56/samba/source/libads/ldap.c:ads_add_machine_a cct(1086) Warning: ads_set_machine_sd: Unexpected information received Using short domain name -- TANT-A01 Joined 'USFROSX1' to realm 'CA.COM' [EMAIL PROTECTED] root]# net ads testjoin -S usildc03 -U huych02% Join is OK After all that, I still get the reply_spnego_kerberos(173) errors. Any help would be appreciated, I have searched the net up and down and nothing seems to help. Below is a copy of my smb.conf file for reference: [global] netbios name = usfrosx1 workgroup = TANT-A01 server string = Mac OS X security = ads realm = CA.COM password server = USILDC03 USILDC05 encrypt passwords = yes use spnego = yes client use spnego = yes printer admin = @admin, @staff unix charset = UTF-8-MAC display charset = UTF-8-MAC dos charset = 437 guest account = unknown level2 oplocks = no [homes] comment = User Home Directories browseable = no read only = no [public] path = /tmp public = yes writable = no printable = no [printers] path = /tmp printable = yes -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Force user and force group?
Jose Martinez schrieb: What does the Force user and Force Group option do under the homes and profiles section of the smb.conf file do? Jose hi, per default a file is created with the permissions of the creator in a samba share, with force user you can force the creator to be a different user or group, this is helpfull in a few cases i.e if youre using a smb share for apache ( user wwwrun etc ), but use this parameter with care it can break your security and result in miracle permissions behavior. i recommend to read the samba faq, and man smb.conf Regards -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Printing problem, only XP-PRO
Hi, I share a printer and some shares on my samba 3.0.2a-debian server. No fancy domain-logon, just plain workgroup connect (smb.conf below). The problem is, sometimes when i choose to print from my XP-pro machine, the printer don't react... The shares work fine, and i read/write from them, but i can't print. Neither cups, samba or syslog throws any error in the log, and the printjob just halts in the systray. The printer shows itself as ready, but if I try to change any options in the printer preferences, I get a CAN'T SAVE CONFIGURATION error! The problem is solved only upon a samba-restart, and then I print and change options without any problems... until next time I can't print (The log below is from samba after a restart) From XP-home, where i type passwd on each connection to the shares, I print everytime without any problems. Please help Thanks Torben --- smb.conf --- [global] netbios name = SERVER workgroup = NR4 server string = server security = user encrypt passwords = true passdb backend = smbpasswd socket options = IPTOS_LOWDELAY TCP_NODELAY SO_RCVBUF=4096 SO_SNDBUF=4096 dns proxy = no load printers = yes printing = cups printcap name = cups log file = /var/log/samba/samba.log log level = 2 [printers] comment = Printere path = /tmp browseable = yes public = yes guest ok = yes writable = yes printable = yes printer admin = @lpadmin SAMBA LOG [2004/04/26 16:05:54, 2] smbd/reply.c:reply_special(105) netbios connect: name1=NR4 name2=XPPRO [2004/04/26 16:05:54, 2] smbd/reply.c:reply_special(112) netbios connect: local=server remote=xppro, name type = 0 [2004/04/26 16:05:54, 2] smbd/sesssetup.c:setup_new_vc_session(591) setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all old resources. [2004/04/26 16:05:54, 2] smbd/sesssetup.c:setup_new_vc_session(591) setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all old resources. [2004/04/26 16:05:54, 2] auth/auth.c:check_ntlm_password(305) check_ntlm_password: authentication for user [torben] - [torben] - [torben] succeeded -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] should I use idmap?
hi, suppose I have a samba 3 server with ldap backend and all users has both the sambaSamAccount and posixAccount. than it's enough or should I have to use idmap and create a new tree on my ldap server for the unix - windows id mapping? thnaks in advance. -- Levente Si vis pacem para bellum! -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Is it possible to store XP Profiles on Samba 3.0.2 ?
Hello, Can you use Samba to store an XP Pro profile? Yep. Take a look at this: ftp://de.samba.org/samba.org/docs/ http://samba.idealx.org/samba-ldap-howto.pdf matze -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Winbind issues
I just moved from Samba 2.2 to Samba 3. I made the necessary changes to the smb.conf file to work with the new version. Everything works but I noticed when I run wbinfo -u, it not only returns the users on the active directory domain controller, but also the computer accounts. For example, a computer named Admin17 appears as a user under Samba now. This did not happen in version 2.2. The computer accounts also appear when the getent passwd command is run. There are around 200 machines in our domain so this adds quite a bit of listings. Is this an added feature to Samba 3 or do I have the configuration wrong? -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Usermapping with 3.0.3pre2
Hi, I just installed samba 3.0.3pre2 on a FreeBSD 5.2.1-RELEASE Box. It's a ActiveDirectory Member-Server and works so far - with an exception: It seems to me, that the !-Syntax in the user mapping file doesn't work any more. The man-page says, that samba will stop on a matching !unix-user=win-user line, but all my users (even if successfully authenticated) are mapped to the last default-entry smb=*. So to have my users working, I have to have all Shares completely open for all authenticated users... that's not what was intended :-} Is it my fault? I'm new to Samba 3, but with 2.2.8a it worked perfectly... -- Ciao/BSD - Matthias Matthias Schuendehuette msch [at] snafu.de, Berlin (Germany) PGP-Key at pgp.mit.edu and wwwkeys.de.pgp.net ID: 0xDDFB0A5F -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Is it possible to store XP Profiles on Samba 3.0.2 ?
Can you use Samba to store an XP Pro profile?
Yes, you can. Your error message suggests that the profile you are trying to
overwrite does not belong to the current domain. ie: The user SID inside the
NTUser.DAT file for the current user does not match the current SID.
This sounds highly likely.
The question in my mind though is where the Samba server gets a SID
from?
The XP Pro client is authenticating into a AD domain, which is telling
it to store its profile on the Samba server. I have joined the Samba
server to the AD domain in an attempt to coax this into working. But to
no avail. (i.e. the join worked and Samba is now authenticating from
the Windows server ('security=domain') but the SID error still occurs)
Do I need to set some sort of SID on the Samba server to match the
domain portion of the SID in the error message? (which I'm assuming is
the domain SID for the AD domain?)
Can I use 'net getsid' (or somesuch)?
(side question: when using tdbtool's dump command, how can I convert the
SIDs from secrets.tdb into SID-1-. format?)
Mac
Assistant Systems Adminstrator @nibsc.ac.uk
[EMAIL PROTECTED]
Work: +44 1707 641565 Everything else: +44 7956 237670 (anytime)
--
To unsubscribe from this list go to the following URL and read the
instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Is it possible to store XP Profiles on Samba 3.0.2 ?
Can you use Samba to store an XP Pro profile? Yep. Take a look at this: http://samba.idealx.org/samba-ldap-howto.pdf Thanks for the pointers. However, as far as I can see that info is for situations where the XP Pro clients are using the Samba box as the PDC. I'm not. The XP Pro client PC is a member of an AD domain. It's just the profiles that are being stored on Samba. Mac Assistant Systems Adminstrator @nibsc.ac.uk [EMAIL PROTECTED] Work: +44 1707 641565 Everything else: +44 7956 237670 (anytime) -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Windows 2003 Active Directory and Group Access
Hi, thanks for your help - now it works :-))) But there is a new problem. We log on to the linux machine for email and ssh and so on. So the new problem is that a user is now AMATEC+testuser instead simple testuser (for the pam module). But I think we can make a hack to the pam_winbind.so file to add AMATEC+ to the entered username (so a user has not to enter AMATEC+testuser but only testuser). Or is there a better way? Kind regards -Ursprüngliche Nachricht- Von: Alex de Vaal [mailto:[EMAIL PROTECTED] Gesendet: Montag, 26. April 2004 10:40 An: [EMAIL PROTECTED] Betreff: [Samba] Windows 2003 Active Directory and Group Access Hello Franz, I had the same problem with Wk3 groups as valid users on my shares; remove winbind use default domain = yes or set it to winbind use default domain = no Because winbind separator = + your valid group will be valid users = @AMATEC.LOCAL+GG_Entwicklung If you remove winbind separator = + your valid group will be valid users = @AMATEC.LOCAL\GG_Entwicklung I prefer the last one, because my ADS users don't have to logon on the Linux server. My Samba server just acts as a Windows domain member server in ADS. -- Regards, Alex de Vaal. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Netbios Aliases -- problem with too many?
I have inherited a Samba 2.2.8a server with 12 NetBIOS aliases along with a normal NetBIOS name. This was thought to be a good method of partitioning the shares and a way for logical referencing by a project. Admirable goals. However, I am noticing that the WINS registration for some of these NetBIOS aliases seems to get dropped at times. I have people using the alias saying that their share cannot be accessed at times. When I check indeed this is the case the NetBIOS alias does not respond at all. Restarting the samba server seems to correct the problem. In fact, I am having to resort to restarting the server twice a day to prevent this problem. Any ideas as to how to resolve this situation. Thanks Mike Parker Systems Administrator [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Printing in 3.0.1
thx, will update to 3.0.2a and report Unfortunately there is a print segfault bug in 3.0.2a. The 3.0.3pre's and rc's have the patches in if you are so inclined :). If not, this is a post-3.0.2a patch that fixes a common printing crash in 3.0.2a: https://bugzilla.samba.org/attachment.cgi?id=420action=view (bug 1147) ~ Daniel --- This message is the property of Time Inc. or its affiliates. It may be legally privileged and/or confidential and is intended only for the use of the addressee(s). No addressee should forward, print, copy, or otherwise reproduce this message in any manner that would allow it to be viewed by any individual not originally listed as a recipient. If the reader of this message is not the intended recipient, you are hereby notified that any unauthorized disclosure, dissemination, distribution, copying or the taking of any action in reliance on the information herein is strictly prohibited. If you have received this communication in error, please immediately notify the sender and delete this message. Thank you. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Yet Another LDAP Question
Hi All, I know this must have been discussed around here a million times, but I really didn't find this info anywhere else and I'm on a deadline here. I already have an FC1 server with a working LDAP directory in production. The same server runs a Samba PDC, but not with LDAP functionality yet. All I need to know right now is if I have to include some standard user and group accounts, like Adminstrator and such. Also,how do I generate the NT and Lanman password hashes so I can include them in the uses' ldifs? And please, don't point me to that Samba-LDAP howto 'cause it did nothing but confuse me more. Thanks, -- Jean Krebs Fonseca [EMAIL PROTECTED] Total Data Information Solutions www.totaldata.com.br -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Migration succesful , but can't add machine to domain
Well, can anybody help me? -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of LanRol Sent: Monday, April 26, 2004 12:27 AM To: samba Subject: [Samba] Migration succesful , but can't add machine to domain Hi all, I migrate NT4 PDC to SAmba3 tdbsam backend. All users, groups, machineboxes are ok. When I am try to add Win2k to domain, popup the a windows, I type the DOMAIN ADMIN username, password, and I get a failer message: Bad user or password. I think my samba doesn't know where is passwd.tdb in my smb.conf: passdb backend = tdbsam:/etc/samba/passdb.tdb Any idea what is wrong? regards, roland -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: Domain Admin Group privaleges
I thought this was the problem also, but adding the user to the root group did not yield any change. I'm kind of baffled on this one. It sounds as it has to do with the Linux privileges. Try this: When you create a Samba user, the equivalent account is created in the /etc/passwd file. Add the Linux user account to the Linux root group. This will give the user root previliges. Here is some info. from the Samba How To: There is no safe way to provide access on a UNIX/Linux system without providing root level privilege. Provision of root privileges can be done wither by logging onto the Domain as the user root, or by permitting particular users to use a UNIX account that is a member of the UNIX group that has a GID=0 as the primary group in the /etc/passwd database. Users of such accounts can use tools like the NT4 Domain User Manager, and the NT4 Domain Server Manager to manage user and group accounts as well as Domain Member server and client accounts. This level of privilege is also needed to manage share level ACLs. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Yet Another LDAP Question
I don't think you 'have' to, but you'll get more functionality if you do. You should go grab the newest idealx LDAP management scripts, you don't say what version of samba you have, but the scripts are probably newer than what you have if you installed from the RPM that came with the base Fedora install. There's a script in that set called something like smbldap-populate that will create all the users and groups you need for Windows equivilency. You will also want to delete the old ones when you put the new in place. At some point they changed from *.pl to just * for the script names. Make sure you edit the config files in the smbldap-tools package before you start monkeying with them, particularly the LDAP container names and your domain SID. Jean Krebs Fonseca wrote: Hi All, I know this must have been discussed around here a million times, but I really didn't find this info anywhere else and I'm on a deadline here. I already have an FC1 server with a working LDAP directory in production. The same server runs a Samba PDC, but not with LDAP functionality yet. All I need to know right now is if I have to include some standard user and group accounts, like Adminstrator and such. Also,how do I generate the NT and Lanman password hashes so I can include them in the uses' ldifs? And please, don't point me to that Samba-LDAP howto 'cause it did nothing but confuse me more. Thanks, -- Paul Gienger Office:701-281-1884 Applied Engineering Inc. Cell: 701-306-6254 Information Systems Consultant Fax: 701-281-1322 URL: www.ae-solutions.commailto:[EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Winbind issues
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Joe Schmigel wrote: | noticed when I run wbinfo -u, it not only returns the users | on the active directory domain controller, but also the | computer accounts. . Is this an added | feature to Samba 3 or do I have the configuration wrong? It was a necessary change in the winbindd code. cheers, jerry - -- Hewlett-Packard- http://www.hp.com SAMBA Team -- http://www.samba.org GnuPG Key http://www.plainjoe.org/gpg_public.asc ...a hundred billion castaways looking for a home. --- Sting -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFAjVlMIR7qMdg1EfYRAsIfAKCk+e6LQCfTASU5MBqjsDySM+/rcQCfVA5A O1IQXXoEmwmmfChm5VjKws0= =VYWw -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Verified bug in Woody Samba
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 blfs wrote: | OK, so I go to this page: | | https://bugzilla.samba.org/enter_bug.cgi | | Now what? | | Samba 2.2 is not listed. Sorry. Thought you were on 3.0. There is no further development going on for the 2.2 branch. If you can reproduce this against 3.0.x, then let us know. cheers, jerry - -- Hewlett-Packard- http://www.hp.com SAMBA Team -- http://www.samba.org GnuPG Key http://www.plainjoe.org/gpg_public.asc ...a hundred billion castaways looking for a home. --- Sting -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFAjVmpIR7qMdg1EfYRAn6GAJ4gFWmwCHMaECTlBELJEkJQk5Ah8wCgt0Qg /600h394hWThqbgbOs2ixko= =B7zT -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba-3 by Example
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Ernst Pehl wrote: | Hi, | | the Samba-3 by Example-Book should be appear on the | Samba web site by April 14th under the documentation page. But | there is nothing. Where can I get the pdf-file? The PDF is available now. We had some mirroring problems after the server upgrade. I'm working out the last issue with the HTLM version today. cheers, jerry - -- Hewlett-Packard- http://www.hp.com SAMBA Team -- http://www.samba.org GnuPG Key http://www.plainjoe.org/gpg_public.asc ...a hundred billion castaways looking for a home. --- Sting -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFAjVqKIR7qMdg1EfYRAqA0AJ98sQrckcpCoZwPLT9Br6ciuuL4kwCg86V1 /HROQh4wyXXKkgDl+a9Z67k= =R4/z -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Yet Another LDAP Question
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Jean Krebs Fonseca írta:
| Hi All,
|
| I know this must have been discussed around here a million times, but
I really
| didn't find this info anywhere else and I'm on a deadline here.
|
| I already have an FC1 server with a working LDAP directory in
production. The
| same server runs a Samba PDC, but not with LDAP functionality yet.
|
| All I need to know right now is if I have to include some standard
user and
| group accounts, like Adminstrator and such. Also,how do I generate the
NT and
| Lanman password hashes so I can include them in the uses' ldifs?
|
| And please, don't point me to that Samba-LDAP howto 'cause it did
nothing but
| confuse me more.
|
| Thanks,
|
You can use mkntpwd tool to generate LMPassword and NTPassword hashes, I
do so. Attached you will find my root accounts ldif (Passwords removed
;-) ). You will find that it has lots of Objectclasses not necessarily
needed for Unix shell or Samba. Take care to use the Samba3 schema
/usr/share/doc/samba/examples/LDAP/
Anyway if you configure the ldap backend in Samba and SmbLDAP tools,
then a simple pdbedit operation could do the migration to ldapsam.
Cheers
Geza
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.2.3 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFAjVdV/PxuIn+i1pIRAtWAAJ0fMwkhFRsx5wcFQ6bVI1yAFi+n7gCfQik2
7ha1Kgx+WzSrJn6907RnO4w=
=nkZG
-END PGP SIGNATURE-
dn: uid=root,ou=People,dc=kzsdabas,dc=hu
mailHost: mail.kzsdabas.sulinet.hu
objectClass: mailRecipient
objectClass: person
objectClass: organizationalPerson
objectClass: inetOrgPerson
objectClass: posixAccount
objectClass: top
objectClass: kerberosSecurityObject
objectClass: shadowAccount
objectClass: sambaSamAccount
shadowMax: 60
shadowWarning: 7
shadowInactive: 30
loginShell: /bin/bash
uidNumber: 0
homeDirectory: /root
cn: LDAP's Fake root Account
cn: root
sn: LDAP's Fake root Account
displayName: LDAP's Fake root Account
gecos: LDAP's Fake root Account
shadowLastChange: 12013
sambaPwdMustChange: 2147483647
sambaAcctFlags: [U ]
sambaPwdCanChange: 1080799858
sambaLogonTime: 2147483647
sambaNTPassword: **REMOVED*
sambaPwdLastSet: 1080799858
sambaLogoffTime: 2147483647
sambaLMPassword: **REMOVED*
sambaKickoffTime: 2147483647
gidNumber: 4
sambaSID: S-1-5-21-2107120446-224765601-1821260193-500
mail: [EMAIL PROTECTED]
mailForwardingAddress: [EMAIL PROTECTED]
uid: root
krbName: [EMAIL PROTECTED]
sambaPrimaryGroupSID: S-1-5-21-2107120446-224765601-1821260193-512
userPassword: {CRYPT}$1$**REMOVED*
--
To unsubscribe from this list go to the following URL and read the
instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Message (The distribution of your message dated Mon, 26...)
The distribution of your message dated Mon, 26 Apr 2004 16:25:09 -0300 with subject Your information has been postponed because the JAVA-AWT list is held. No action is required from you; your message will be reprocessed automatically once the list owner releases the list. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Yet Another LDAP Question
I believe the README is out of date. Their website says that something like .80 and up work on 3.x. I have used .84 to populate a 3.0.2 server just fine making only configuration changes like server locations, containers, and domain SID. I did have to hack one script for my purposes, but that was only because my primary ldap server is over a greater-latency-than-local-lan link and replication takes a couple seconds. Jean Krebs Fonseca wrote: I have downloaded the updated set of scripts, but the readme file says they should be modified to work with Samba 3 (I have 3.0.2), since they have been made for Samba 2.2 Is this information outdated? On Monday 26 April 2004 15:44, you wrote: I don't think you 'have' to, but you'll get more functionality if you do. You should go grab the newest idealx LDAP management scripts, you don't say what version of samba you have, but the scripts are probably newer than what you have if you installed from the RPM that came with the base Fedora install. There's a script in that set called something like smbldap-populate that will create all the users and groups you need for Windows equivilency. You will also want to delete the old ones when you put the new in place. At some point they changed from *.pl to just * for the script names. Make sure you edit the config files in the smbldap-tools package before you start monkeying with them, particularly the LDAP container names and your domain SID. Jean Krebs Fonseca wrote: Hi All, I know this must have been discussed around here a million times, but I really didn't find this info anywhere else and I'm on a deadline here. I already have an FC1 server with a working LDAP directory in production. The same server runs a Samba PDC, but not with LDAP functionality yet. All I need to know right now is if I have to include some standard user and group accounts, like Adminstrator and such. Also,how do I generate the NT and Lanman password hashes so I can include them in the uses' ldifs? And please, don't point me to that Samba-LDAP howto 'cause it did nothing but confuse me more. Thanks, -- Paul Gienger Office:701-281-1884 Applied Engineering Inc. Cell: 701-306-6254 Information Systems Consultant Fax: 701-281-1322 URL: www.ae-solutions.commailto:[EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] create_canon_ace_lists: unable to map SID
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Mac wrote: | [2004/04/23 10:22:32, 0] smbd/posix_acls.c:create_canon_ace_lists(1380) | create_canon_ace_lists: unable to map SID | S-1-5-21-973294077-3660535-3933214913-1177 to uid or gid. Sounds like bug 1139 which was fixed in 3.0.3rc1. cheers, jerry -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFAjWN7IR7qMdg1EfYRAjM7AJ0cU81QBdVFKGXWT4aBgd9sZ52P2wCeNObi AOpZtRqgKZ2n7hRO1Smx7D8= =oouU -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Migration succesful , but can't add machine to domain
On Mon, Apr 26, 2004 at 12:27:11AM +0200, LanRol wrote: Hi all, I migrate NT4 PDC to SAmba3 tdbsam backend. All users, groups, machineboxes are ok. When I am try to add Win2k to domain, popup the a windows, I type the DOMAIN ADMIN username, password, and I get a failer message: Bad user or password. I think my samba doesn't know where is passwd.tdb in my smb.conf: passdb backend = tdbsam:/etc/samba/passdb.tdb Any idea what is wrong? What do your logs tell you? What do you have for your add machine script = ? Cheers! -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] locking files error
Hello Jim. I server access files from 2.2.8 also here. I have oplocks = no for the share i have them on. This will let more then one open the file but only one can write to it the others have read only access. as far as i know only one person here writes to the file at a time an the others can read/ pull info from the file into other files ect ect. hope this helps. jack malone network admin horizon industries At 09:47 AM 4/21/2004, tom wrote: I have moved my Access DB to Mandrake 9.2 running Samba 2.2.8 I can access the data base from one of my WinXp boxes, but if I try to access it at the same time from another WinXP boxes I get Could Not Lock File I am running a Peer To Peer network not a domain. Any one know how to get around this problem. Thanks -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Migration succesful , but can't add machine to domain
from [EMAIL PROTECTED]
What do your logs tell you?
What do you have for your add machine script = ?
Cheers!
--
my smb.conf is
[global]
workgroup = SOLARSYSTEM
netbios name= Sedna
server string = Samba szerver
wins support= yes
name resolve order = wins lmhosts hosts bcast
socket options = TCP_NODELAY SO_RCVBUF=8192
SO_SNDBUF=8192
os level= 64
local master= yes
preferred master= yes
domain master = yes
domain logons = yes
passdb backend = tdbsam:/etc/samba/passdb.tdb
dos charset = CP852
unix charset= ISO8859-2
case sensitive = no
default case= lower
preserve case = yes
security= user
encrypt passwords = yes
log file= /var/log/samba/log.%m
log level = 3
max log size= 50
hosts allow = 127.0.0.1 172.0.0.0/255.255.255.0
interfaces = eth1 172.0.0.0/255.255.255.0
127.0.0.1
logon path = \\samba\profiles\%U
logon script= %G.cmd
add user script = /usr/sbin/useradd -s /bin/false
'%u'
add group script= /usr/sbin/groupadd '%g' getent
group '%g' |awk -F: '{print $3}'
add user to group script= /usr/bin/gpasswd -a '%u' '%g'
add machine script = /usr/sbin/useradd -d /dev/null -g
machines -s /bin/false -M '%u'
set primary group script= /usr/sbin/usermod -g '%g' '%u'
delete user script = /usr/sbin/userdel '%s'
delete group script = /usr/sbin/groupdel '%g'
delete user from group script = /usr/bin/gpasswd -d '%u' '%g'
...
# smbclient -U% -L localhost
Domain=[SOLARSYSTEM] OS=[Unix] Server=[Samba 3.0.2-SuSE]
Sharename Type Comment
- ---
netlogon Disk login scriptek
installDisk telepitok
works Disk Munkakonyvtar
public Disk Kozos konyvtar
developmentDisk A fejlesztok cuccai
IPC$ IPC IPC Service (Samba szerver)
ADMIN$ IPC IPC Service (Samba szerver)
Domain=[SOLARSYSTEM] OS=[Unix] Server=[Samba 3.0.2-SuSE]
Server Comment
----
SEDNASamba szerver
WorkgroupMaster
----
SOLARSYSTEM SEDNA
# smbclient //sedna/netlogon -u admin
session setup failed: NT_STATUS_LOGON_FAILURE
and log file shows:
[2004/04/26 21:37:17, 3] smbd/sec_ctx.c:push_sec_ctx(256)
push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
[2004/04/26 21:37:17, 3] smbd/uid.c:push_conn_ctx(287)
push_conn_ctx(0) : conn_ctx_stack_ndx = 0
[2004/04/26 21:37:17, 3] smbd/sec_ctx.c:set_sec_ctx(288)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2004/04/26 21:37:17, 3] smbd/sec_ctx.c:pop_sec_ctx(386)
pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
[2004/04/26 21:37:17, 3] auth/auth.c:check_ntlm_password(219)
check_ntlm_password: Checking password for unmapped user
[EMAIL PROTECTED] with the new password interface
[2004/04/26 21:37:17, 3] auth/auth.c:check_ntlm_password(222)
check_ntlm_password: mapped user is: [EMAIL PROTECTED]
[2004/04/26 21:37:17, 3] smbd/sec_ctx.c:push_sec_ctx(256)
push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
[2004/04/26 21:37:17, 3] smbd/uid.c:push_conn_ctx(287)
push_conn_ctx(0) : conn_ctx_stack_ndx = 0
[2004/04/26 21:37:17, 3] smbd/sec_ctx.c:set_sec_ctx(288)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2004/04/26 21:37:17, 3] smbd/sec_ctx.c:pop_sec_ctx(386)
pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
[2004/04/26 21:37:17, 3] auth/auth_sam.c:check_sam_security(200)
check_sam_security: Couldn't find user 'root' in passdb file.
[2004/04/26 21:37:17, 3] auth/auth_winbind.c:check_winbind_security(80)
check_winbind_security: Not using winbind, requested domain [SOLARSYSTEM]
was for this SAM.
[2004/04/26 21:37:17, 2] auth/auth.c:check_ntlm_password(312)
check_ntlm_password: Authentication for user [root] - [root] FAILED with
error NT_STATUS_NO_SUCH_USER
[2004/04/26 21:37:17, 3] smbd/process.c:timeout_processing(1104)
timeout_processing: End of file from client (client has disconnected).
[2004/04/26 21:37:17, 3] smbd/sec_ctx.c:set_sec_ctx(288)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2004/04/26 21:37:17, 2]
[Samba] Re: Yet Another LDAP Question
Paul Gienger [EMAIL PROTECTED] wrote:
I believe the README is out of date. Their website says that something
like .80 and up work on 3.x. I have used .84 to populate a 3.0.2 server
just fine making only configuration changes like server locations,
containers, and domain SID. I did have to hack one script for my
purposes, but that was only because my primary ldap server is over a
greater-latency-than-local-lan link and replication takes a couple seconds.
It relates to my last question: is there any way to for unix-NT
password conversion ?
I need to create ntAccounts from my shadow passwords (crypt-ed) in the
Ldap server. It seems there's no supported way but two problems emerge
in here:
1) you have to ask lots of people to type their passwords again
2) you have no control maintain same password policy
Cheers,
--
Michal Kurowski
perl -e '$_=q#: 13_2: 12/o{: 8_4) (_4: 6/2^-2; 3;-2^\2: 5/7\_/\7: 12m m::#;
y#:#\n#;s#(\D)(\d+)#$1x$2#ge;print'
--
To unsubscribe from this list go to the following URL and read the
instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Can't get SWAT to work...
I have a Red Hat 9 file server and I have been unable to use swat to
configure the smb.conf file.
I have samba-swat installed and the following in /etc/xintetd:
=
# default: off
# description: SWAT is the Samba Web Admin Tool. Use swat \
# to configure your Samba server. To use SWAT, \
# connect to port 901 with your favorite web browser.
service swat
{
disable = no
port= 901
socket_type = stream
wait= no
only_from = 127.0.0.1
user= root
server = /usr/sbin/swat
log_on_failure += USERID
=
I have restarted xinetd.
Should I be able to see swat in the process list?
# ps ax|grep swat
24560 pts/1S 0:00 grep swat
When I go to a browser and go to:
http://serverip:901
nothing happens at all. It just sits there. There is nothing in
/var/log/messages or /var/log/messages/samba/*
Can anyone shed any light on this?
Regards,
Brad
--
To unsubscribe from this list go to the following URL and read the
instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: Yet Another LDAP Question
The UNIX passwords are stored with one-way encryption, so unless you want to brute force them all, there's really no good way to get them from the system. If you have their passwords stored in samba someplace already, like tdbsam or smbpasswd, then you can use the pdbedit command with import and export flags to move the accounts over to ldap. I did this with my 2.2.8a smbpasswd file for testing. In that case I pulled my line out into a temporary passwd file on my testbox and ran something like pdbedit --import=smbpasswd --export=ldap and my user gained the new object class and also had the password set. I would imagine you can do the same with tdbsam, although not on a user-by user basis like I did, but that was for testing anyway. Michal Kurowski wrote: Paul Gienger [EMAIL PROTECTED] wrote: I believe the README is out of date. Their website says that something like .80 and up work on 3.x. I have used .84 to populate a 3.0.2 server just fine making only configuration changes like server locations, containers, and domain SID. I did have to hack one script for my purposes, but that was only because my primary ldap server is over a greater-latency-than-local-lan link and replication takes a couple seconds. It relates to my last question: is there any way to for unix-NT password conversion ? I need to create ntAccounts from my shadow passwords (crypt-ed) in the Ldap server. It seems there's no supported way but two problems emerge in here: 1) you have to ask lots of people to type their passwords again 2) you have no control maintain same password policy Cheers, -- Paul Gienger Office:701-281-1884 Applied Engineering Inc. Cell: 701-306-6254 Information Systems Consultant Fax: 701-281-1322 URL: www.ae-solutions.commailto:[EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Can't get SWAT to work...
Unless you're sitting at the console of the machine and specifying
http://localhost:901 you want to take out the only_from line in your
config file. You will not see it in your process list. Make sure you
restart or HUP your xinetd.
Brad wrote:
I have a Red Hat 9 file server and I have been unable to use swat to
configure the smb.conf file.
I have samba-swat installed and the following in /etc/xintetd:
=
# default: off
# description: SWAT is the Samba Web Admin Tool. Use swat \
# to configure your Samba server. To use SWAT, \
# connect to port 901 with your favorite web browser.
service swat
{
disable = no
port= 901
socket_type = stream
wait= no
only_from = 127.0.0.1
user= root
server = /usr/sbin/swat
log_on_failure += USERID
=
I have restarted xinetd.
Should I be able to see swat in the process list?
# ps ax|grep swat
24560 pts/1S 0:00 grep swat
When I go to a browser and go to:
http://serverip:901
nothing happens at all. It just sits there. There is nothing in
/var/log/messages or /var/log/messages/samba/*
Can anyone shed any light on this?
Regards,
Brad
--
Paul Gienger Office:701-281-1884
Applied Engineering Inc. Cell: 701-306-6254
Information Systems Consultant Fax: 701-281-1322
URL: www.ae-solutions.commailto:[EMAIL PROTECTED]
--
To unsubscribe from this list go to the following URL and read the
instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Workaround found, .Xauthority and SMB, Mounting home directory
Hi, Finally got this working!! I have found a potential Workaround to the following error: /etc/X11/gdm/PreSession/Default: Registering your session with wtmp and utmp /etc/X11/gdm/PreSession/Default: running: /usr/bin/X11/sessreg -a -w /var/log/wtmp -u /var/run/utmp -x /var/gdm/:0.Xservers -h -1 :0 test Xlib: connection to :0.0 refused by server Xlib: No protocol specified Some prerequisites: I'm running Fedora Core 1 ( stock install ) with pam_mount mounting my home directory on the PDC. I'm reluctantly using GDM ( not my favorite but it will do ) Last, I'm using KDE, but GNOME works too. First, I followed suggestions from previous posts, and did a little tweaking on my own, which include the following: a) I've added the following to the user's .bash_profile: export XAUTHORITY=/tmp/.Xauthority export ICEAUTHORITY=/tmp/.ICEauthority b) NOTE: gnome doesn't require this step. I did some editing of my /usr/bin/startkde script to move all .kde and .kderc etc... files OUT of the home directory. From what I can tell, limits in the SMBFS are not allowing kde to start successfully. (sockets??) This is a heavy workaround, but works nicely in our environment. If you would like details on this fix let me know. **Despite these changes, the above mentioned error was still appearing.** **Here is what I've done:** 1) add the following to the file: /etc/X11/gdm/PreSession/Default XHOST=`which xhost 2/dev/null` if [ x$XHOST != x ] ; then echo Executing xhost +localhost.. exec $XHOST +localhost fi I think it's important to add this before the following line: SESSREG=`which sessreg 2/dev/null` ... Essentially, I'm executing the following command: xhost +localhost. I used their conventions for running a command, hence the if statement etc... 2) I'm pretty sure you need to restart GDM. 3) now go ahead and log in. It will work perfectly!!! I don't know enough about X to give you a complete explanation for the fix, but using xhost in this fashion allows any user on the host localhost to connect to the X server. Without it, the connection is refused, hence the error you were getting. I would gladly accept any feedback or comments on this fix. I'm also very curious if anybody else tried running a GUI with their home directory mounted via SMBFS or NFS? I've attempted both and found SMBFS to be a adequate. This issue was the last to get over. Now I must go through and refine different aspects -- Ben Ford Bio-Logic Aqua Technologies 5001 Lower River Rd Grants Pass, OR 97526 800-FOR-MIST (367-6478) [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Is it possible to store XP Profiles on Samba 3.0.2 ?
Mac schrieb: Hi all, Can you use Samba to store an XP Pro profile? I'm running Samba 3.0.2a (compiled from source) on Solaris 9. Compiled it against OpenLDAP 2.1.30 and MIT Kerberos 1.3.3 (both compiled from source from fresh downloads today). Am now trying to get Windows XP Pro to store profiles on to this box. The smbd and nmbd seem to run fine. Every time XP Pro goes to create a user's profile it connects (correctly) to:- \\firesun1\profiles\jsmith but then we get:- [2004/04/26 14:54:11, 1] smbd/service.c:make_connection_snum(705) dltest2 (212.219.217.98) connect to service profiles initially as user jsmith (uid=1935, gid=100) (pid 16145) [2004/04/26 14:54:11, 0] smbd/posix_acls.c:create_canon_ace_lists(1380) create_canon_ace_lists: unable to map SID S-1-5-21-973294077-3660535-3933214913-4632 to uid or gid. and an ugly the security's wrong on the profile sort of message on the XP Pro client. So, simple question. Can you use Samba to store an XP Pro profile? Mac Assistant Systems Adminstrator @nibsc.ac.uk [EMAIL PROTECTED] Work: +44 1707 641565 Everything else: +44 7956 237670 (anytime) for sure samba store profiles from xp, your problem is unable to map SID S-1-5-21-973294077-3660535-3933214913-4632 to uid or gid. regards -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Yet Another LDAP Question
Jean Krebs Fonseca schrieb: Hi All, I know this must have been discussed around here a million times, but I really didn't find this info anywhere else and I'm on a deadline here. I already have an FC1 server with a working LDAP directory in production. The same server runs a Samba PDC, but not with LDAP functionality yet. All I need to know right now is if I have to include some standard user and group accounts, like Adminstrator and such. Also,how do I generate the NT and Lanman password hashes so I can include them in the uses' ldifs? And please, don't point me to that Samba-LDAP howto 'cause it did nothing but confuse me more. Thanks, hi, sorry but you have to mess with ldap, if you have a existing ldap server , you have to integrate samba schema first and then setup users , groups, computers, but this can be done in many ways, i recommend to try ldap tools from idealix also included in the src of samba in a variation, perhaps you can do a dump of your ldap to a testmachine and play around with this scripts having secure your runnig ldap will not be touched. but you will have to read howtos regards -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] should I use idmap?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Farkas Levente wrote: | hi, | suppose I have a samba 3 server with ldap backend and | all users has both the sambaSamAccount and posixAccount. | than it's enough or should I have to use idmap and create a | new tree on my ldap server for the unix - windows id mapping? | thnaks in advance. the idmap options are only used by winbindd for handling trusted users (or possibly the 'winbind enable local accounts' options). I doubt you need them in your case unless you want to support trusts between the Samba domain and other domains. cheers, jerry - -- Hewlett-Packard- http://www.hp.com SAMBA Team -- http://www.samba.org GnuPG Key http://www.plainjoe.org/gpg_public.asc ...a hundred billion castaways looking for a home. --- Sting -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFAjYn1IR7qMdg1EfYRAjY0AKDT35MZgQ9MUZ7CDyONo3RiTw15oACgkL/A x/c/XqaAzBwNuc+4lzBtirc= =l2xF -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Anyone know where I can get Kerberos 1.3.1 RPMs???
From what I have read, the default kerberos (v1.2.7) in Red Hat Linux 9 will not work for Windows 2003 AD authentication/Samba. I have looked and searched and googled for the RPMs. I would even settle for Fedora builds, but I cannot even find those. I anyone has a clue as to where I could find them, it would be appreciated. Thanks in advance -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Performance: Samba 3 vs. Windows 2003
Samba guru's: Our Samba 3 network performance is half that of Windows 2003 Server. I really want to stay with samba/unix, but half the performance? I'm hoping someone can point me in the right direction so we can keep using samba/unix. I'll try to give as much detail without giving pages and pages of benchmark numbers. If someone wants to see numbers, I'll send them: Fileserver is Dell PE2600, Dual Xeon 18GHz, 2GB memory, Gig NIC. System is dual boot RHEL3-AS with an ext3 filesystem and Windows 2003 Server with NTFS. The fileserving disk is a SATA-SCSI RAID enclosure. Bonnie++ and iozone both show that the RAID enclosure can do 80MB/sec writes and 40MB/sec reads on the ext3 in linux. Benchmarks in windows 2003 are very similar. Why it gets faster writes than read, I don't know, and I don't care right now. What I'm worried about is our samba network performance. Clients are Windows XP/2K/NT4 pro with all patches installed and Gig NICs. All the clients can netperf to the server at 60+MB/sec, some even faster. No collisions on the NICs, nothing wrong with the network. There is a cisco Gig switch inbetween the client and the server as well. Here is the bottom line: When the server is running samba 3, the clients get 12-13MB/sec. When the server is running windows 2003, the clients get 24-26MB/sec. Keep in mind the server hardware is exactly the same, the only thing I change is the software. Windows 2003 beets up Samba 3, hands down. However, all this testing is done by just drag and drop, and looking at the clock to time it. Not the best way to do it, but I don't know of another way now, suggestions welcome. The difference is obvious and consistent: 500MB file in samba 3 writes to disk in 42 seconds, but writes to windows 2003 disk in 21 seconds. I can produce the same results on all of our clients any time of the day. I've tried changing the smb.conf socket options (TCP_NODELAY, SO_SNDBUF, etc.) to 65523, 242xxx, whatever. /etc/init.d/smb restart, then try again. No change in performance whatsoever. Still 12-13MB/sec. I've also set other options in smb.conf, such as xmit, write size, read size, but nothing seems to change the fact that samba 3 can't do more than 12-13MB/sec. I've also searched the list, and found some people had success in performance issues by changing the SO_SNDBUF, but they didn't list any benchmark numbers. Maybe they were happy with 12-13MB/sec, but I'm not, especially if something else can get 25MB/sec. Any input is welcome. Alex --- --- Alex Lazarevich | Systems Administrator | Imaging Technology Group Beckman Institute | University of Illinois | www.itg.uiuc.edu --- --- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] build flags profile migration
Hi, I'm having some interesting issues with Samba v3.0.2a and was woundering if anyone has noticed probs in building with the following flags on Redhat 9; --with-ads --with-automount --with-smbmount --with-quotas --with-acl-support --with-msdfs I've also posted this a few times before but was woundering if anyone has figured out a way to gracefully migrate user profiles from a Samba 2.2.7 domain to a Samba 3.0.2a domain (same domain name). -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Can't get SWAT to work...
Thanks Paul. That's all it was. :-) Regards, Brad Paul Gienger wrote: Unless you're sitting at the console of the machine and specifying http://localhost:901 you want to take out the only_from line in your config file. You will not see it in your process list. Make sure you restart or HUP your xinetd. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] warnings when running configure for samba3.0.2a on FreeBSD 5.2.1 Release
Should I do anything to the following ? And how to do it ? Thanks . ___ configure: WARNING: net/if.h: present but cannot be compiled configure: WARNING: net/if.h: check for missing prerequisite headers? configure: WARNING: net/if.h: proceeding with the preprocessor's result configure: WARNING: rpcsvc/yp_prot.h: present but cannot be compiled configure: WARNING: rpcsvc/yp_prot.h: check for missing prerequisite headers? configure: WARNING: rpcsvc/yp_prot.h: proceeding with the preprocessor's result configure: WARNING: sys/mount.h: present but cannot be compiled configure: WARNING: sys/mount.h: check for missing prerequisite headers? configure: WARNING: sys/mount.h: proceeding with the preprocessor's result configure: WARNING: netinet/ip.h: present but cannot be compiled configure: WARNING: netinet/ip.h: check for missing prerequisite headers? configure: WARNING: netinet/ip.h: proceeding with the preprocessor's result -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Migration succesful , but can't add machine to domain
On Mon, 2004-04-26 at 16:38, LanRol wrote:
from [EMAIL PROTECTED]
What do your logs tell you?
What do you have for your add machine script = ?
Cheers!
--
my smb.conf is
[global]
workgroup = SOLARSYSTEM
netbios name= Sedna
server string = Samba szerver
wins support= yes
name resolve order = wins lmhosts hosts bcast
socket options = TCP_NODELAY SO_RCVBUF=8192
SO_SNDBUF=8192
os level = 64
local master= yes
preferred master= yes
domain master = yes
domain logons = yes
passdb backend = tdbsam:/etc/samba/passdb.tdb
dos charset = CP852
unix charset= ISO8859-2
case sensitive = no
default case= lower
preserve case = yes
security= user
encrypt passwords = yes
log file= /var/log/samba/log.%m
log level = 3
max log size= 50
hosts allow = 127.0.0.1 172.0.0.0/255.255.255.0
interfaces = eth1 172.0.0.0/255.255.255.0
127.0.0.1
logon path = \\samba\profiles\%U
logon script= %G.cmd
add user script = /usr/sbin/useradd -s /bin/false
'%u'
add group script= /usr/sbin/groupadd '%g' getent
group '%g' |awk -F: '{print $3}'
add user to group script= /usr/bin/gpasswd -a '%u' '%g'
add machine script = /usr/sbin/useradd -d /dev/null -g
machines -s /bin/false -M '%u'
set primary group script= /usr/sbin/usermod -g '%g' '%u'
delete user script = /usr/sbin/userdel '%s'
delete group script = /usr/sbin/groupdel '%g'
delete user from group script = /usr/bin/gpasswd -d '%u' '%g'
...
# smbclient -U% -L localhost
Domain=[SOLARSYSTEM] OS=[Unix] Server=[Samba 3.0.2-SuSE]
Sharename Type Comment
- ---
netlogon Disk login scriptek
installDisk telepitok
works Disk Munkakonyvtar
public Disk Kozos konyvtar
developmentDisk A fejlesztok cuccai
IPC$ IPC IPC Service (Samba szerver)
ADMIN$ IPC IPC Service (Samba szerver)
Domain=[SOLARSYSTEM] OS=[Unix] Server=[Samba 3.0.2-SuSE]
Server Comment
----
SEDNASamba szerver
WorkgroupMaster
----
SOLARSYSTEM SEDNA
# smbclient //sedna/netlogon -u admin
session setup failed: NT_STATUS_LOGON_FAILURE
and log file shows:
[2004/04/26 21:37:17, 3] smbd/sec_ctx.c:push_sec_ctx(256)
push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
[2004/04/26 21:37:17, 3] smbd/uid.c:push_conn_ctx(287)
push_conn_ctx(0) : conn_ctx_stack_ndx = 0
[2004/04/26 21:37:17, 3] smbd/sec_ctx.c:set_sec_ctx(288)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2004/04/26 21:37:17, 3] smbd/sec_ctx.c:pop_sec_ctx(386)
pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
[2004/04/26 21:37:17, 3] auth/auth.c:check_ntlm_password(219)
check_ntlm_password: Checking password for unmapped user
[EMAIL PROTECTED] with the new password interface
[2004/04/26 21:37:17, 3] auth/auth.c:check_ntlm_password(222)
check_ntlm_password: mapped user is: [EMAIL PROTECTED]
[2004/04/26 21:37:17, 3] smbd/sec_ctx.c:push_sec_ctx(256)
push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
[2004/04/26 21:37:17, 3] smbd/uid.c:push_conn_ctx(287)
push_conn_ctx(0) : conn_ctx_stack_ndx = 0
[2004/04/26 21:37:17, 3] smbd/sec_ctx.c:set_sec_ctx(288)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2004/04/26 21:37:17, 3] smbd/sec_ctx.c:pop_sec_ctx(386)
pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
[2004/04/26 21:37:17, 3] auth/auth_sam.c:check_sam_security(200)
check_sam_security: Couldn't find user 'root' in passdb file.
[2004/04/26 21:37:17, 3] auth/auth_winbind.c:check_winbind_security(80)
check_winbind_security: Not using winbind, requested domain [SOLARSYSTEM]
was for this SAM.
[2004/04/26 21:37:17, 2] auth/auth.c:check_ntlm_password(312)
check_ntlm_password: Authentication for user [root] - [root] FAILED with
error NT_STATUS_NO_SUCH_USER
[2004/04/26 21:37:17, 3] smbd/process.c:timeout_processing(1104)
timeout_processing: End of file from client
[Samba] WINBIND HELP!!!!
HI, I am trying to setup winbind on Samba 3.0.2 running on Red Hat AS 3.0. I have completed most of the steps of setting up winbind successfully but when it came for me to login in using the AD account username and password, it didn't allow me to login. the error message i am getting is incorrect password or check username. During the setup i tested the wbinfo -u command and i was successfully able to query the AD username list from the MS PDC server. if anyone is encountered similar problem i would glad to listen in on how fix this issue. thanks, -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Migration succesful , but can't add machine to domain
To rule out the obvious... Did you perform smbpasswd -a root on the PDC? Did you also add admin users = root in your global section? Just curious are you actually using the network address 172.0.0.0 for your setup? Marcus O. No, I didn't add root to smbpasswd, but i don't want to use smbpasswd, I wanna use tdbsam, as well this case there isn't root in smbpasswd, is there? It isn't in global section. Yes, of course, 172.0.0.0, what is wrong, if I know well, it is a private IP range, like 10.x.x.x, well? Regards, Roland -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
svn commit: samba r366 - branches/tmp/metze-4_0-BUILD/source/build/smb_build
Author: metze
Date: 2004-04-26 08:42:30 + (Mon, 26 Apr 2004)
New Revision: 366
Modified:
branches/tmp/metze-4_0-BUILD/source/build/smb_build/core.m4
branches/tmp/metze-4_0-BUILD/source/build/smb_build/public.m4
Log:
use $SMB_BUILD_CTX-{INPUT} for infos from configure
metze
WebSVN: http://websvn.samba.org/websvn/changeset.php?rep=sambapath=/rev=366nolog=1
svn commit: samba r367 - branches/tmp/metze-4_0-BUILD/source/build/smb_build
Author: metze Date: 2004-04-26 12:32:07 + (Mon, 26 Apr 2004) New Revision: 367 Added: branches/tmp/metze-4_0-BUILD/source/build/smb_build/depend.pl branches/tmp/metze-4_0-BUILD/source/build/smb_build/input.pl Modified: branches/tmp/metze-4_0-BUILD/source/build/smb_build/core.m4 branches/tmp/metze-4_0-BUILD/source/build/smb_build/main.pl branches/tmp/metze-4_0-BUILD/source/build/smb_build/public.m4 Log: a bunch of changes:-) metze WebSVN: http://websvn.samba.org/websvn/changeset.php?rep=sambapath=/rev=367nolog=1
svn commit: samba r368 - branches/tmp
Author: abartlet Date: 2004-04-26 12:47:13 + (Mon, 26 Apr 2004) New Revision: 368 Added: branches/tmp/abartlet-4_0/ Log: Make a branch for my work on Samba4, while I test and intergrate it. Andrew Bartlett WebSVN: http://websvn.samba.org/websvn/changeset.php?rep=sambapath=/rev=368nolog=1
svn commit: samba r369 - in branches/tmp/abartlet-4_0/source: auth include libcli libcli/auth libcli/util smb_server
Author: abartlet Date: 2004-04-26 13:01:12 + (Mon, 26 Apr 2004) New Revision: 369 Added: branches/tmp/abartlet-4_0/source/libcli/auth/ntlm_check.c Modified: branches/tmp/abartlet-4_0/source/auth/auth.c branches/tmp/abartlet-4_0/source/auth/auth.h branches/tmp/abartlet-4_0/source/auth/auth_builtin.c branches/tmp/abartlet-4_0/source/auth/auth_compat.c branches/tmp/abartlet-4_0/source/auth/auth_ntlmssp.c branches/tmp/abartlet-4_0/source/auth/auth_sam.c branches/tmp/abartlet-4_0/source/auth/auth_util.c branches/tmp/abartlet-4_0/source/include/smb.h branches/tmp/abartlet-4_0/source/libcli/auth/ntlmssp.c branches/tmp/abartlet-4_0/source/libcli/auth/ntlmssp.h branches/tmp/abartlet-4_0/source/libcli/auth/ntlmssp_parse.c branches/tmp/abartlet-4_0/source/libcli/auth/ntlmssp_sign.c branches/tmp/abartlet-4_0/source/libcli/config.m4 branches/tmp/abartlet-4_0/source/libcli/util/smbencrypt.c branches/tmp/abartlet-4_0/source/smb_server/password.c branches/tmp/abartlet-4_0/source/smb_server/sesssetup.c Log: Merge NTLMSSP, Auth subsystems from Samba 3.0 to Samba4. Also split out the NTLMSSP server-side code into 'before' and 'after' authentication portions. The idea is that the 'after' will be called from some callback, which will allow async ntlm_auth operation. Andrew Bartlett WebSVN: http://websvn.samba.org/websvn/changeset.php?rep=sambapath=/branches/tmp/abartlet-4_0/sourcerev=369nolog=1
svn commit: samba r370 - branches/SAMBA_3_0/source/smbd
Author: vlendec Date: 2004-04-26 13:11:59 + (Mon, 26 Apr 2004) New Revision: 370 Modified: branches/SAMBA_3_0/source/smbd/close.c Log: The 'it does never happen -- error on close()' does happen when you exceed your quota on an AFS file system. The specific errno was thrown away by close_normal_file(). Thus we returned NT_STATUS_UNSUCCESSFUL and not NT_STATUS_DISK_FULL as we should. Fix that. (Not that this gives more sane Windows app behaviour :-( ) Jerry, jra, could you please look over this one, it's been quite a while since I touch file server code. Volker WebSVN: http://websvn.samba.org/websvn/changeset.php?rep=sambapath=/rev=370nolog=1
svn commit: samba r371 - trunk/source/smbd
Author: vlendec Date: 2004-04-26 13:14:21 + (Mon, 26 Apr 2004) New Revision: 371 Modified: trunk/source/smbd/close.c Log: The 'it does never happen -- error on close()' does happen when you exceed your quota on an AFS file system. The specific errno was thrown away by close_normal_file(). Thus we returned NT_STATUS_UNSUCCESSFUL and not NT_STATUS_DISK_FULL as we should. Fix that. (Not that this gives more sane Windows app behaviour :-( ) Jerry, jra, could you please look over this one, it's been quite a while since I touch file server code. Volker WebSVN: http://websvn.samba.org/websvn/changeset.php?rep=sambapath=/rev=371nolog=1
svn commit: samba-docs r34 - trunk
Author: jht Date: 2004-04-26 21:09:39 + (Mon, 26 Apr 2004) New Revision: 34 Modified: trunk/Makefile.in Log: Adding Samba-Guide HTML file. WebSVN: http://websvn.samba.org/websvn/changeset.php?rep=samba-docspath=/rev=34nolog=1
svn commit: samba-docs r35 - trunk
Author: samba-bugs Date: 2004-04-26 22:00:47 + (Mon, 26 Apr 2004) New Revision: 35 Modified: trunk/Makefile.in Log: fix typos in Makefile WebSVN: http://websvn.samba.org/websvn/changeset.php?rep=samba-docspath=/rev=35nolog=1
svn commit: samba-docs r36 - trunk
Author: jelmer Date: 2004-04-26 22:46:47 + (Mon, 26 Apr 2004) New Revision: 36 Modified: trunk/Makefile.in Log: Put multi-file versions of HOWTO, Guide and Devel-Guide into seperate directories WebSVN: http://websvn.samba.org/websvn/changeset.php?rep=samba-docspath=/rev=36nolog=1
svn commit: samba-docs r37 - trunk
Author: jelmer Date: 2004-04-26 23:05:31 + (Mon, 26 Apr 2004) New Revision: 37 Modified: trunk/Makefile.in Log: Docs successfully build into seperate directories now. Last thing to fix is the paths to the images WebSVN: http://websvn.samba.org/websvn/changeset.php?rep=samba-docspath=/rev=37nolog=1
svn commit: samba-docs r38 - in trunk: . xslt
Author: jelmer Date: 2004-04-26 23:29:19 + (Mon, 26 Apr 2004) New Revision: 38 Modified: trunk/Makefile.in trunk/xslt/expand-sambadoc.xsl Log: Fix path to images. CSS path doesn't work yet - I'll have a look at that tomorrow WebSVN: http://websvn.samba.org/websvn/changeset.php?rep=samba-docspath=/trunkrev=38nolog=1
svn commit: samba-web r16 - trunk
Author: deryck Date: 2004-04-27 02:38:03 + (Tue, 27 Apr 2004) New Revision: 16 Modified: trunk/samba.html Log: added sambaxp announcement and links to slides from talks WebSVN: http://websvn.samba.org/websvn/changeset.php?rep=samba-webpath=/rev=16nolog=1
svn commit: samba-web r17 - trunk
Author: jerry Date: 2004-04-27 03:11:37 + (Tue, 27 Apr 2004) New Revision: 17 Modified: trunk/samba.html Log: removing old 3.0.3pre2 announcement WebSVN: http://websvn.samba.org/websvn/changeset.php?rep=samba-webpath=/rev=17nolog=1
CVS update: cifsvfs/fs/cifs
Date: Tue Apr 27 03:41:08 2004 Author: sfrench Update of /home/cvs/cifsvfs/fs/cifs In directory dp.samba.org:/tmp/cvs-serv24550/fs/cifs Modified Files: connect.c file.c transport.c Added Files: rfc1002pdu.h Log Message: Merge of cifs vfs fixes for large file copy and new rfc1002 header Revisions: rfc1002pdu.hNONE = 1.1 http://www.samba.org/cgi-bin/cvsweb/cifsvfs/fs/cifs/rfc1002pdu.h?rev=1.1 connect.c 1.52 = 1.53 http://www.samba.org/cgi-bin/cvsweb/cifsvfs/fs/cifs/connect.c.diff?r1=1.52r2=1.53 file.c 1.57 = 1.58 http://www.samba.org/cgi-bin/cvsweb/cifsvfs/fs/cifs/file.c.diff?r1=1.57r2=1.58 transport.c 1.32 = 1.33 http://www.samba.org/cgi-bin/cvsweb/cifsvfs/fs/cifs/transport.c.diff?r1=1.32r2=1.33
