[Samba] Maximum Length Of Printer Name

[Jeramy Eling]

Hi All,

Just a quick question, what is the max length of a printer name in samba? I am 
currently running samba 3.0.4 and keep receiving the following message:-
May 13 07:28:09 gandalf1 smbd[2316]: [2004/05/13 07:28:09, 0] 
lib/util_str.c:safe_strcpy_fn(602) 
May 13 07:28:09 gandalf1 smbd[2316]: ERROR: string overflow by 1 (32 - 31) in 
safe_strcpy [\\gandalf1\MirrorsA4PicklistPrinter]
The message only appears to affect printers which have name of 32 characters or more.
It doesn't cause any issues but it would be good if I could sort it and tidy the log 
file up. Any help would be much appreciated.
Thanks In Advance
Jez

--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] Virus Alert

[isvw]

The mail message (file: your_document.pif) you sent to [EMAIL PROTECTED] contains a 
virus. (on mail.dmoch.de)
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] Abi99-FreeAtLast

[Abi99-FreeAtLast]

Vielen Dank, dass Du Dich an den Webmaster von Abi99-FreeAtLast.de 
gewendet hast. Die e-Mail wird in Kürze bearbeitet.

Viele Gruesse!
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

AW: [Samba] SID History Mechanism / Trust Accounts

[Laurenz, Dirk]

Hello,



  

|
-|Hello everybody,
-|
-|1. Question
-|When migration from an nt4 style domain to a new samba 3 
-|style domain with ldapsam ,
-|it is necessary to preserve the old SIDs of the user to keep the users
-|in touch with the old servers. M$ calles this SID history, which means
-|that the old SID is added to new accounts in an AD. 
-|Does samba have any equal mechanism?

so far i found out, that there's an LDAP Attribute sambaSIDList
on the subversion server http://tinyurl.com/3edtz.
Is this the attribute, which cares about the SID history?
It's important to know thanks.


-|
-|2. Question
-|Does net rpc vampire preserve domain trust accounts?

The second question is still interesting

Regards,



Dirk Laurenz
Systems Engineer
PSO - Professional Service Organisation
Fujitsu Siemens Computers
Hildesheimer Strasse 25
30880 Laatzen
Germany

Telephone:  +49 (511) 84 89 - 18 08
Telefax:+49 (511) 84 89 - 25 18 08
Mobile: +49 (170) 22 10 781
Email:  mailto:[EMAIL PROTECTED]
Internet:   http://www.fujitsu-siemens.com
 
http://www.fujitsu-siemens.de/rl/servicesupport/itdienstleistungen/compe
tencecenter.html

***
 
--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] Net groupmap Question.

[Jay Knotts]

Samba users -
On redhat linux machine,
I'm unable to map unix groups to nt groups.
The net groupmap command returns no such object.
The net groupmap list returns an empty list.

I'm using ldapsam backend.

It seems that the nt groups must added to the ldap directory first for this
to work.
This workstation is just a workgroup server. 

How does one add groups to the ldapsam backend? Via ldif file?

Any links on this would be appreciated.

Thanks
Jay
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] Re: Yet Another LDAP Question

[Michal Kurowski]

Ryan Novosielski [EMAIL PROTECTED] wrote:
> What you CAN do is use PAM_smbpass, with the migrate flag, and migrate all
> of the UNIX passwords this way. This way, when a user logs in via UNIX or
> Samba, their password makes it into the Samba password file. You never
> actually have to turn on password encryption via smbpasswd, 'far as I
> know, but this will give you a list of NT hashes to work with to then
> convert.
> 
> Does this help at all?

Sorry, not in here - we've got Slackware machines without PAM.

-- 
Michal Kurowski
perl -e '$_=q#: 13_2: 12/o{>: 8_4) (_4: 6/2^-2; 3;-2^\2: 5/7\_/\7: 12m m::#;
y#:#\n#;s#(\D)(\d+)#$1x$2#ge;print'

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] Re: humble plea - once more

[Michal Kurowski]

Ryan Novosielski [EMAIL PROTECTED] wrote:
> Not true. Use "update encrypted = yes" or PAM_smbpass. That's what I did.
> Works great. You don't get DIRECTLY to LDAP that way, but you do get the
> passwords hashed from UNIX.

Thanks a lot, but do I get it right ?

I've got my unix passwords crypted in the Ldap server, I turn samba on
(with "update encrypted = yes" and "encrypt  passwords = no") and
users on  XP machines are able to log in immediately ?

Are you sure NT passwords in the Ldap server will be updated this way ?
  

-- 
Michal Kurowski
perl -e '$_=q#: 13_2: 12/o{>: 8_4) (_4: 6/2^-2; 3;-2^\2: 5/7\_/\7: 12m m::#;
y#:#\n#;s#(\D)(\d+)#$1x$2#ge;print'

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Windows Read Only attribute, and Microsoft Excel.

[alaslavic]

Tried, but I can only fix the files after they have been opened by excel.
If i reset the permissions beforehand, the problem still happens the first
time you open excel.  I'm really stumped...

Alex Laslavic
Havertys Tech Services

Jim <[EMAIL PROTECTED]> wrote on 05/12/2004 07:07:29 PM:

> Could you do a chown or chmod -R for recursively would that let you fix
> all of the files with out having to do each one by hand?
>
>  probably not what you are looking for.
>
>
>
> Jim
>
>
> On Wed, 2004-05-12 at 11:20, [EMAIL PROTECTED] wrote:
> >
> >
> > I have recently started migrating a Win2k fileserver to a Samba 3.0.2a
> > server.  Running in full ADS mode, with winbind enabled for
authentication
> > against our Win2k PDC.  I am also running as much of the ACL support as
I
> > can.
> >
> > The problem I am encountering involves excel documents.  The documents
are
> > migrated from the Win2k server, to the Samba server, and are retaining
all
> > of the ACL's during the move.  The problem is, if somebody opens the
excel
> > document from a windows client (excel 2000), and then saves it, the
file is
> > saved (or re-written actually) with changed permissions.  The owner is
> > changed to the person who modified the document, which is ok, but the
> > permissons are changed to "470" on the file, and shows up in windows as
> > Read Only to everybody, even if they are part of an ACL that has RWX.
> >
> > If the owner removes the Read Only checkbox in windows, or, if I modify
the
> > permissions for the owner to RWX in linux, the file will be "fixed"
> > permanently, even after subsequent edits / changes of owner.
> >
> > It doesn't happen to newly created excel documents, only to the
migrated
> > ones.  Once the migrated file is "fixed" the problem never comes up
again
> > on that file.
> >
> > Can anybody think of whats happening here, or suggest anything I can do
> > about it?  I have a few hundred-thousand excel documents to move, so
fixing
> > this manually is not an option.
> >
> > Thanks
> >
> > --alex
>

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Re: [Samba] preexec script problem

[ip.guy]

i guess my original post wasn't clear.
i wanted to grab the FULLNAME of the user, not the username (%U)
well, here is the script, adding that to smb.conf will pull the FULLNAME 
of the user from the SID file on a PDC and make a dir in /samba/test/

preexec = fullname=`getent passwd | grep %U \
| awk -F: '{print $5}' \
| sed -e 's/ /_/g'` ; mkdir $fullname
thanks to all that replied.

-ipguy



Buchan Milne wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
|
| hi all
|
| i'm running into a little problem when using preexec scripts for the
creation
| of dir's on my samba server
|
| script
| ---
| #! /bin/sh
| name=`getent passwd | grep %U | awk -F: '{print $5}'`
| mkdir /samba/test/"$name"
| ---
|
| snip of smb.conf
| ---
| [test]
| path = /samba/test
| preexec = /root/script
| browseable = Yes
| writeable = Yes
| valid users = @mygroup
| force group = @mygroup
| create mask = 0770
| force create mode = 770
| ---
|
| anyone have any idea why the dir is not created under "/samba/test" ?
|
Your users don't have permission to run the scrippt /root/script, and/or
they don't have permission to run create files in /samba/test (or both).
You could just do:

public=no
preexec = mkdir /samba/test %U
or, if you don't want arbitrary users to create arbitrary directories in
/samba/test, rather do:
root preexec = mkdir /samba/test/%U && chown %U:%G /samba/test/%U

(it's a waste writing an external script for something that fits into
samba's 256 character limit on configuration entries ...).
Regards,
Buchan
P.S. you should also consider using 'getent passwd $USER' instead of
'getent passwd|grep $USER', the former is faster, will only return one
entry, and won't return any incorrect entries ...
- --
Buchan Milne  Senior Support Technician
Obsidian Systems  http://www.obsidian.co.za
B.EngRHCE (803004789010797)
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.2.4 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
iD8DBQFAokkVrJK6UGDSBKcRAgEgAJ4+4LzW0UHgQtOpHSo/v30bnEDNRACeNkEK
/BsCDKolQBWb9zxyjkancds=
=HOMD
-END PGP SIGNATURE-
--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Re: [Samba] ou=computers ???

[Yohann Fourteau]

See at #987 bug.
There is a workarround :
The work arround is to configure nssldap user suffix to a suffix
containing both
users and machines entries in its scope (but it's not very usefull...).

Ex : you have people in  ou=users,dc=toto,dc=com
and  machines in ou=computers,dc=toto,dc=com

And the user suffix in nssldap configuration set up to : dc=toto,dc=com

With that, you can have in your smb.conf :
ldap user suffix = ou=Users
ldap machine suffix = ou=Computers



Yohann F.




users and machines entries in its scope (but it's not very usefull...).


Le mar 11/05/2004 à 22:10, Ross Becker a écrit :

> This is a known problem. The developers have only commented that you
> 
> should use the same container for machines as for people in samba 3.0.x 
> thus far. I have filed this as bug #1292, but thus far there has been no 
> official word on a fix.
> 
> https://bugzilla.samba.org/show_bug.cgi?id=1292
> 
> Cheers
>   Ross Becker
> Francesco Defilippo wrote:
> 
> > Hi everybody,
> >
> > why in the new 3.0.3/4 when a new windows machine join on domain
> > samba search (in ldap backend) on ou=Users and not in ou=computers?
> >
> >
> > my smb.conf:
> >
> >ldap passwd sync = Yes
> >ldap admin dn = "cn=ldap manager,dc=intra,dc=local"
> >ldap suffix = dc=intra,dc=local
> >ldap group suffix = ou=Groups
> >ldap user suffix = ou=Users
> >ldap machine suffix = ou=Computers
> >ldap idmap suffix = ou=Users
> >
> >
> >
> >
> >
> >SysNet - via Dossi,8 27100 Pavia Tel: +390382573859 Fax: +390382476497
> >

-- 
Yohann F.
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] Re: Patch for unix extensions

[Jeremy Allison]

On Wed, May 12, 2004 at 04:34:30PM -0400, Rohit Kumar Mehta wrote:
> Hi guys, I know Jon Newbigin made a post about this quite a while back
> 
> http://lists.samba.org/archive/samba-technical/2002-December/026141.html
> 
> and there was some discussion of a security risk.
> 
> We are using the patch in Samba 2.2.9 in order make a link from smbfs 
> mounted
> /home/user/.gnome -> /tmp/username/.gnome (or somesuch gnomism)
> 
> Does anyone know the status of this in Samba 3?  I could not find a 
> working patch,
> so I have disabled the ensure_link_is_safe function in smbd/trans2.c 
> manually,
> by inserting a return 0 before some logic.  Since I am not very familiar 
> with the
> code, I am not comfortable with this in our production environment.  
> This seems to
> enable us to do what we want for the time being. (migrate from Win2K DC 
> / Samba 2.2.9
> exported home directories to Win2K3 ADS / Samba 3.0.4 exported home 
> directories)
> 
> I would grateful for any advice or information on this matter.

Funny how these things go :-). I'm currently working on this exact
issue in the Samba 3.0.x codebase - UNIX symlinks will be much
better supported in the 3.0.5 release.

Jeremy.
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Re: [Samba] starnge Auth problem in w2k Domain with ADS

[Gerald (Jerry) Carter]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
I've just uploaded a patch to the bug report at

~   https://bugzilla.samba.org/show_bug.cgi?id=1315

that should fix the winbindd failure people are
experiencing in 3.0.4.  It fixes things for me here, but
i would appreciate some more testing.  Let me know how it
goes


cheers, jerry
- --
Hewlett-Packard- http://www.hp.com
SAMBA Team -- http://www.samba.org
GnuPG Key   http://www.plainjoe.org/gpg_public.asc
"...a hundred billion castaways looking for a home." --- Sting
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.2.4 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFAooscIR7qMdg1EfYRAvq8AKCKaCEvgh0SOv/TsI5Jdi1SdJ4bPACfW3fj
GFQsQ7/6SkI6uAQ7zocmlDA=
=0aiv
-END PGP SIGNATURE-
--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] Patch for unix extensions

[Rohit Kumar Mehta]

Hi guys, I know Jon Newbigin made a post about this quite a while back

http://lists.samba.org/archive/samba-technical/2002-December/026141.html

and there was some discussion of a security risk.

We are using the patch in Samba 2.2.9 in order make a link from smbfs 
mounted
/home/user/.gnome -> /tmp/username/.gnome (or somesuch gnomism)

Does anyone know the status of this in Samba 3?  I could not find a 
working patch,
so I have disabled the ensure_link_is_safe function in smbd/trans2.c 
manually,
by inserting a return 0 before some logic.  Since I am not very familiar 
with the
code, I am not comfortable with this in our production environment.  
This seems to
enable us to do what we want for the time being. (migrate from Win2K DC 
/ Samba 2.2.9
exported home directories to Win2K3 ADS / Samba 3.0.4 exported home 
directories)

I would grateful for any advice or information on this matter.

Thanks,

Rohit

--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] Re: How to tunnel Samba via ssh from Windows XP without having to disable local NetBIOS

[Mike Beaton]

> This is mentioned in William Mark Smith's instructions on Joe Cheswick's 
pages 
(http://research.lumeta.com/ches/cheap/tunnelsolution.html , which I 
referenced in my initial post)

That'll be Bill Cheswick, sorry Bill.






















-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

RE: [Samba] i cannot find kinit

[Aden, Steve]

Kinit is the following location on my system: /usr/kerberos/bin/kinit

You can use the locate command to find it. "locate kinit"

It is part of the krb5-workstation rpm. If you don't have it installed,
install it and re-login to get a new shell. It should then be in your
path.


Privileged/Confidential Information may be contained in this message. If you are not 
the addressee indicated in this message (or responsible for delivery of the message to 
such person), you may not copy or deliver this message to anyone. In such case, you 
should destroy this message and kindly notify the sender by reply email. Opinions, 
conclusions and other information contained in this message that do not relate to 
official business shall be understood as neither given nor endorsed by ITS

-Original Message-
From: Sahibzada Junaid Noor [mailto:[EMAIL PROTECTED] 
Sent: Wednesday, May 12, 2004 3:07 AM
To: samba
Subject: [Samba] i cannot find kinit


 the name of my active directory domain is

 niit.edu.pk

so what should i write in this parameter

  default_relam = YOUR.KERBEROS.REALM

also while trying to join the domain i eecute this
command

 kinit [EMAIL PROTECTED]

My shell gives me the error cannot find kinit.
can any one tell me where in my file system can i find
kinit

Regards


=

  Sahibzada Junaid Noor  
  Ph   #  (+92) (051) 5950 940
  Cell #   (+92) (0333) 5223586
  Qazi plaza,Third Floor,Commerical Market,Chaklala Scheme 3,
  Rawalpindi
  Islamic Republic of Pakistan 









__
Do you Yahoo!?
Yahoo! Movies - Buy advance tickets for 'Shrek 2'
http://movies.yahoo.com/showtimes/movie?mid=1808405861 
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba


_
This message was content-scanned by IXC Shield 
Powered by GatewayDefender - BG0a02801b.0001.mml
--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] Re: How to tunnel Samba via ssh from Windows XP without having to disable local NetBIOS

[Mike Beaton]

I've been working with Paul Gardiner to try to replicate this solution at 
least once, and it now officially works for someone else. However, up to now I 
left out one important step... (sorry)

On your MS Loopback adapter, go to "Properties / TCP/IP Properties / 
Advanced... / WINS" & select "Disable NetBIOS over TCP/IP".

This is mentioned in William Mark Smith's instructions on Joe Cheswick's pages 
(http://research.lumeta.com/ches/cheap/tunnelsolution.html , which I 
referenced in my initial post), but I left it off my own instructions by 
mistake.

Also:

netstat -ano
tasklist /svc

is useful for finding out who has bound which port in Windows. 

222.222.222.222:139 should not be bound until you have a tunnel up, at which 
point it should be bound by your ssh program (and not by System, that is BAD).


-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Re: [Samba] i cannot find kinit

[Tom Skeren]

Assuming the name of the server is like server.niit.edu.pk then use the 
following.  If the server name is niit, dropp the niit.

default_realm = niit.edu.pk
password server = kerberos.niit.edu.pk
as for kinit use
kinit [EMAIL PROTECTED] case sensitive.  If that doesn't work, 
kill winbindd and restart with a level 10 debug and trace where the 
error is in winbindd.log.

Sahibzada Junaid Noor wrote:

the name of my active directory domain is

niit.edu.pk

so what should i write in this parameter

 default_relam = YOUR.KERBEROS.REALM

also while trying to join the domain i eecute this
command
kinit [EMAIL PROTECTED]

My shell gives me the error cannot find kinit.
can any one tell me where in my file system can i find
kinit
Regards

=

 Sahibzada Junaid Noor  
 Ph   #  (+92) (051) 5950 940
 Cell #   (+92) (0333) 5223586
 Qazi plaza,Third Floor,Commerical Market,Chaklala Scheme 3,
 Rawalpindi
 Islamic Republic of Pakistan 







	
		
__
Do you Yahoo!?
Yahoo! Movies - Buy advance tickets for 'Shrek 2'
http://movies.yahoo.com/showtimes/movie?mid=1808405861 
 



--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Re: [Samba] How to display the folder names in Japanese?

[Tom Skeren]

The C$ stuff is not Japanese share names.  All NT partictions (drive 
letters) have administrative shares that use that notation.  C$ is c:\ etc.
Try this

mount_smbfs //[EMAIL PROTECTED]/sharename /(some directory on the 
bsd box you want to mount to), and see what happens.  If it errors out 
you'll have a log file to start backtracking the error.

Bull TORS wrote:

Hi,

I have a FreeBSD-Current and I wanted to access the shares in our Windows NT.
What I did:
Since I only wanted to Access the only Data Server that we have in our 
ethernet LAN I tried in kterm the following,
 #smbutil view //[EMAIL PROTECTED]
The result is,
ShareType   Comment
---
NETLOGON disk   Logon server share
ADMIN$   disk   Remote Admin
REPL$disk
IPC$ pipe   Remote IPC
C$   disk   Default share
G$   disk   Default share
H$   disk   Default share

As you can see the folder names which are supposed to be in Japanese comes out 
as C$, G$, H$...
My kterm can of course input/display Japanese characters...without any 
problems...
man smbutil does not give me any option how to display the proper 
characters...
Any help, pointers, advice would really be great...

Thank you and hoping for your replies...

Bull TORS
 



--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] Windows Read Only attribute, and Microsoft Excel.

[alaslavic]

I have recently started migrating a Win2k fileserver to a Samba 3.0.2a
server.  Running in full ADS mode, with winbind enabled for authentication
against our Win2k PDC.  I am also running as much of the ACL support as I
can.

The problem I am encountering involves excel documents.  The documents are
migrated from the Win2k server, to the Samba server, and are retaining all
of the ACL's during the move.  The problem is, if somebody opens the excel
document from a windows client (excel 2000), and then saves it, the file is
saved (or re-written actually) with changed permissions.  The owner is
changed to the person who modified the document, which is ok, but the
permissons are changed to "470" on the file, and shows up in windows as
Read Only to everybody, even if they are part of an ACL that has RWX.

If the owner removes the Read Only checkbox in windows, or, if I modify the
permissions for the owner to RWX in linux, the file will be "fixed"
permanently, even after subsequent edits / changes of owner.

It doesn't happen to newly created excel documents, only to the migrated
ones.  Once the migrated file is "fixed" the problem never comes up again
on that file.

Can anybody think of whats happening here, or suggest anything I can do
about it?  I have a few hundred-thousand excel documents to move, so fixing
this manually is not an option.

Thanks

--alex

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] Understanding Samba Shares

[Steven Sheeley]

I've searched every archive and read the documentation and I still can not figure out 
how to do this.

I've recently installed Debian 3.0 (woody) on a box and have setup Samba on it.  I can 
see it from my WinXP box just 
fine and I have a user on the Debian box that's the same as my user name and PW on the 
WinXP box. I can read/write and 
do everything from my 'Home' share automatically setup by samba and that's working 
just fine.

Where I am dropping the ball is in creating another share that I as normal user can 
write to.  I do my web page work 
on my WinXP system and want to share the /var/www directory so that I can directly 
open my php and html files with my 
editor on the WinXP system and not have to maintain two copies or more, elsewhere and 
FTP them back and forth.

I've setup the share using the examples I've found on the net and I can see the share 
and even read the files there, 
but I can not write to them.

The /var/www directory is owned by group www-data, of which my normal user on the 
Debian machine is a member of.

I'm completely stuck here, can anyone point me in the write [get it?  ;-)] direction 
so that I can read and write to 
that shared 
dir with my WinXP box?

Thanks in advance
Steve

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Re: [Samba] schannel issue on samba 3.0.3

[Gerald (Jerry) Carter]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Ralf Tomczak wrote:
| Hi there,
|
| I've seen a strange thing not reported yet AFAIK.
| We have W2K DCs with SP3 with Samba 3.0.2a everything works
| fine in regard to winbind, but with Samba 3.0.3 winbind
| produces schannel len 24 errors and 'wbinfo -t' and
| 'id DOMAIN\userid'  doesn't work. Note that wbinfo -u|g works
| well and a join was successful as well. I tried to tune my
| krb5.conf but in the end I disabled 'client schannel' in
| smb.conf. Does anyone know what is going wrong exactly? Is
| there a reasonable security risk?
Looks like this is bug shows up when the DC doesn't support
128 bit encryption in the NTLMSSP negotiate flags.
If you turn on 128 bit encryption, it woks fine.
And for the record, the only way I could reproduce
this bug was to use a completly unpatched, windows 2000
DC.
What service packs, patches, or registry changes have been
made to your DC to not support 128 bit encrpytion?  Or is the
a US vs. non-US service pack issue ?  Trying to figure out
how to reproduce this against my 2ksp4 DC's.


cheers, jerry
- --
Hewlett-Packard- http://www.hp.com
SAMBA Team -- http://www.samba.org
GnuPG Key   http://www.plainjoe.org/gpg_public.asc
"...a hundred billion castaways looking for a home." --- Sting
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.2.4 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFAolcHIR7qMdg1EfYRAkf+AKC+iYdSvYZMx5NhwsPWCKLjUamUegCfWxOU
WrpHWZC+WoE3AgJciMwkIoc=
=bEvJ
-END PGP SIGNATURE-
--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Re: [Samba] preexec script problem

[Buchan Milne]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
|
| hi all
|
| i'm running into a little problem when using preexec scripts for the
creation
| of dir's on my samba server
|
| script
| ---
| #! /bin/sh
| name=`getent passwd | grep %U | awk -F: '{print $5}'`
| mkdir /samba/test/"$name"
| ---
|
| snip of smb.conf
| ---
| [test]
| path = /samba/test
| preexec = /root/script
| browseable = Yes
| writeable = Yes
| valid users = @mygroup
| force group = @mygroup
| create mask = 0770
| force create mode = 770
| ---
|
| anyone have any idea why the dir is not created under "/samba/test" ?
|
Your users don't have permission to run the scrippt /root/script, and/or
they don't have permission to run create files in /samba/test (or both).
You could just do:

public=no
preexec = mkdir /samba/test %U
or, if you don't want arbitrary users to create arbitrary directories in
/samba/test, rather do:
root preexec = mkdir /samba/test/%U && chown %U:%G /samba/test/%U

(it's a waste writing an external script for something that fits into
samba's 256 character limit on configuration entries ...).
Regards,
Buchan
P.S. you should also consider using 'getent passwd $USER' instead of
'getent passwd|grep $USER', the former is faster, will only return one
entry, and won't return any incorrect entries ...
- --
Buchan Milne  Senior Support Technician
Obsidian Systems  http://www.obsidian.co.za
B.EngRHCE (803004789010797)
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.2.4 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
iD8DBQFAokkVrJK6UGDSBKcRAgEgAJ4+4LzW0UHgQtOpHSo/v30bnEDNRACeNkEK
/BsCDKolQBWb9zxyjkancds=
=HOMD
-END PGP SIGNATURE-
--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] samba compilation OS X

[bo ca]

Hi
I've tried to compile samba 3.0.4 for OS X (10.2.8) to no avail, I had 
an Error - an undefined type krb5_krbhst_handle.

Now what?

And how do I use / install the compiled package??

Your site does not provide any support for OS X nor does it indicate 
which tar.gz work with it.

Thanks in advance

Rob

(UNIX newbie)
*
Roberto E. Carletti, lic. iur.
Fach 1876
8032 Zurich
Switzerland
Tel. / Fax  +41 (0)1 271 53 08
Mobile   +41 (0)76 450 58 13
--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Failed to verify ticket ?

[Gerald (Jerry) Carter]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Yohann Ferreira wrote:

|  Failed to verify incoming ticket!

| Here's my krb5.conf :
|
| [logging]
| default = FILE:/var/log/kerberos/krb5libs.log
| kdc = FILE:/var/log/kerberos/krb5kdc.log
| admin_server = FILE:/var/log/kerberos/kadmind.log
|
| [libdefaults]
| ticket_lifetime = 24000
| default_realm = DRAF.FC
...
| default_tgs_enctypes = des-cbc-crc des-cbc-md5
| default_tkt_enctypes = des-cbc-crc des-cbc-md5
| permitted_enctypes = des-cbc-crc des-cbc-md5
Use either MIT 1.3.x and Heimdal 0.6.1 or later and
remove the previous three lines from your krb5.conf


cheers, jerry
- --
Hewlett-Packard- http://www.hp.com
SAMBA Team -- http://www.samba.org
GnuPG Key   http://www.plainjoe.org/gpg_public.asc
"...a hundred billion castaways looking for a home." --- Sting
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.2.4 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFAoj41IR7qMdg1EfYRAg2DAJwNbP3BBozBUOVlIhkb7v1yuiMUEACgoh2F
fhC5GSgjynuVVEPxqcPLOrQ=
=s/c6
-END PGP SIGNATURE-
--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

RE: [Samba] Logging domain Logon/Logoff

[Michael Eklund]

Thanks for your reply.  I did this but wasn't happy with the solution.
Sure seems to me that this is something that you should be able to log
with the samba server. Then there always is the source code

Regards,

Mike E.

> -Original Message-
> From: Ryan Novosielski [mailto:[EMAIL PROTECTED] 
> Sent: Wednesday, May 12, 2004 3:45 AM
> To: Michael Eklund
> Cc: [EMAIL PROTECTED]
> Subject: Re: [Samba] Logging domain Logon/Logoff
> 
> 
> One that you could do is a preexec/postexec type thing. We 
> did this once before. I believe you could have the pre-exec 
> be on something like the netlogon share. I can't remember 
> exactly how we used to do this on our site. Remind me and I 
> will look it up if this hint does not help.
> 
>  _  _ _  _ ___  _  _  _
> |Y#| |  | |\/| |  \ |\ |  |  | Ryan Novosielski - Jr. UNIX 
> Systems Admin 
> |$&| |__| |  | |__/ | \| _|  | [EMAIL PROTECTED] - 973/972.0922 
> |(2-0922)
> \__/ Univ. of Med. and Dent. | IST/ACS - NJMS Medical Science 
> Bldg - C630
> 
> On Mon, 3 May 2004, Michael Eklund wrote:
> 
> > Has anyone run accross a way to log domain logon/logoffs?
> >
> > Thanks,
> >
> > Mike
> > --
> > To unsubscribe from this list go to the following URL and read the
> > instructions:  http://lists.samba.org/mailman/listinfo/samba
> >
> 

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

RE: [Samba] Failed to verify ticket ?

[Aden, Steve]

I have found that putting the port numbers after the server names seems to make things 
work better.

Example:

[realms]
  TESTLAB.LOCAL = {
  kdc = ADS.TESTLAB.LOCAL:88
  admin_server = ADS.TESTLAB.LOCAL:749
  default_domain = TESTLAB.LOCAL
  }

[domain_realms]
  .testlab.local = TESTLAB.LOCAL
  testlab.local = TESTLAB.LOCAL

[appdefaults]
  pam = {
debug = false
ticket_lifetime = 36000
renew_lifetime = 36000
forwardable = true
krb4_convert = false
  }

Good Luck,
Steve Aden


Privileged/Confidential Information may be contained in this message. If you are not 
the addressee indicated in this message (or responsible for delivery of the message to 
such person), you may not copy or deliver this message to anyone. In such case, you 
should destroy this message and kindly notify the sender by reply email. Opinions, 
conclusions and other information contained in this message that do not relate to 
official business shall be understood as neither given nor endorsed by ITS

-Original Message-
From: Yohann Ferreira [mailto:[EMAIL PROTECTED] 
Sent: Wednesday, May 12, 2004 10:17 AM
To: [EMAIL PROTECTED]
Subject: [Samba] Failed to verify ticket ?


Hi !

My problem is that :
[2004/05/12 16:07:30, 1] smbd/sesssetup.c:reply_spnego_kerberos(173)
  Failed to verify incoming ticket!
[2004/05/12 16:07:30, 1] smbd/sesssetup.c:reply_spnego_kerberos(173)
  Failed to verify incoming ticket!
[2004/05/12 16:07:39, 1] smbd/sesssetup.c:reply_spnego_kerberos(173)
  Failed to verify incoming ticket!
[2004/05/12 16:07:59, 0] lib/util_sock.c:read_socket_data(342)
  read_socket_data: recv failure for 4. Error = Connection reset by peer
[2004/05/12 16:07:59, 1] smbd/service.c:close_cnum(887)
  saisie-srag (10.143.31.100) closed connection to service tmp

A w2k client can't log on my samba server.

Here's my krb5.conf :

[logging]
default = FILE:/var/log/kerberos/krb5libs.log
kdc = FILE:/var/log/kerberos/krb5kdc.log
admin_server = FILE:/var/log/kerberos/kadmind.log

[libdefaults]
ticket_lifetime = 24000
default_realm = DRAF.FC
default_tgs_enctypes = des-cbc-crc des-cbc-md5
default_tkt_enctypes = des-cbc-crc des-cbc-md5
permitted_enctypes = des-cbc-crc des-cbc-md5

#default_tgs_enctypes = des3-hmac-sha1 des-cbc-crc
#default_tkt_enctypes = des3-hmac-sha1 des-cbc-crc
#permitted_enctypes = des3-hmac-sha1 des-cbc-crc

dns_lookup_realm = false
dns_lookup_kdc = false
kdc_req_checksum_type = 2
checksum_type = 2
ccache_type = 1
forwardable = true
proxiable = true

[realms]
DRAF.FC = {
kdc = draffc3.draf.fc
default_domain = DRAFFCOMTE
}

[domain_realm]
.draf.fc = DRAF.FC

[kdc]
profile = /etc/kerberos/krb5kdc/kdc.conf

[pam]
debug = false
ticket_lifetime = 36000
renew_lifetime = 36000
forwardable = true
krb4_convert = false

[appdefaults]
pam = {
debug = true
ticket_lifetime = 36000
renew_lifetime = 36000
forwardable = true
krb4_convert = true
afs_cells = draffc3.draf.fc
hosts = draffc3.draf.fc
max_timeout = 30
timeout_shift = 2
initial_timeout = 1
}

[login]
krb4_convert = false
krb4_get_tickets = false

Any idea about my misconfiguration in Kerberos, everyone ?

Please, just answer me for that and I'll let you breath !

Thanks for reading

Bertram

_
Trouvez l'âme soeur sur MSN Rencontres http://g.msn.fr/FR1000/9551

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba


_
This message was content-scanned by IXC Shield 
Powered by GatewayDefender - BG0a047a5d.0001.mml
--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

RE: [Samba] starnge Auth problem in w2k Domain with ADS

[Aden, Steve]

I too have similar problems that haven't been answered. I have kerberos
functioning and I can kinit a user on the samba box and access a Windows
share, but cannot connect from a Windows workstation to a samba share
that has share permissions on it (file permissions are set to 777 for
testing). The problem I see in the logs is related to rid's and sid's.
The logs (set to level 10) shows the kerberos ticket is decrypted, but
later the rid and sid are displayed and do not match the rid and sid of
the user connecting to the share. Since they don't match the actual
user, they don't match the any of the sid's in the ACL for the share,
which then denies access to the share. Same result on 3.0.2a and 3.0.3.
I have not yet tried 3.0.4.

Maybe you have the same problem.

My post:
http://groups.google.com/groups?hl=en&lr=&threadm=1FxIM-8aM-21%40gated-a
t.bofh.it&rnum=4&prev=/groups%3Fhl%3Den%26lr%3D%26q%3DAden%2Bsamba

Jerry was kind enough to make a couple of suggestions, but they did not
solve the problem.

Steve Aden


Privileged/Confidential Information may be contained in this message. If you are not 
the addressee indicated in this message (or responsible for delivery of the message to 
such person), you may not copy or deliver this message to anyone. In such case, you 
should destroy this message and kindly notify the sender by reply email. Opinions, 
conclusions and other information contained in this message that do not relate to 
official business shall be understood as neither given nor endorsed by ITS

-Original Message-
From: Gerald (Jerry) Carter [mailto:[EMAIL PROTECTED] 
Sent: Wednesday, May 12, 2004 9:37 AM
To: Anders Berg
Cc: [EMAIL PROTECTED]; Christoph Scheeder
Subject: Re: [Samba] starnge Auth problem in w2k Domain with ADS


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Anders Berg wrote:
| Hi Christoph,
|
| you have come to the wrong group. Not that this
| question does not belong here, its just that nobody is
| willing to answer it!
|
| 4 questions so far in May have been about this topic
| (mine: http://lists.samba.org/archive/samba/2004-May/085521.html) ,
| and many  more earlier months. And there are surprisingly
| few replys.
|
| I _don't_ think it's because it's a RTFM question, or is
| adressed in  such detail so many times that people just can't
| be bothered answering it. I think its because they don't wanna
| touch it (they meaning the people  that have written/worked with
| these parts of Samba)!
...
| I used both Heimdal 0.6.2 (I have a 2003 server I auth.
| gainst, and the  Samba docs say that Heimdal must be used with 2003.)
| and the MIT 1.3.3  kerbos and both 3.0.3 and 3.0.4 Samba.
|
| I see that one person has sendt a "Me too" mail in reply
| to you already. :)
|
| Will the real Samba community please stand up?!

I'll assume that your not just trolling for an answer.

For the record, you will always have better luck with
MIT krb5 1.3.x and Heimdal 0.6.1 or later.  Both supprt
the type 23 enc type used by Windows 200x.

There are a couple of likely reasons why you are prompted
for a password:

(a) the krb5 ticket cannot be verfied (possibly due to
an improper kerberos setup on the Samba box)
(b) getpwnam() fails for the user (see logs for instances
of 'Gwt_Pwnam did not')

If you can connect to the share using the server's IP
address but IP address, this is indicative of a krb5
configuration error somewhere.  When usiong the IP address,
the client will revert to the NTLMSSP mechanism during
session setup (rather than sending a krb5 ticket).



cheers, jerry
- --
Hewlett-Packard- http://www.hp.com
SAMBA Team -- http://www.samba.org
GnuPG Key   http://www.plainjoe.org/gpg_public.asc
"...a hundred billion castaways looking for a home." --- Sting
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.2.4 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFAoiiBIR7qMdg1EfYRAqEfAKDUJcAixHjuvoZE4vGL1YYk4oMLXgCgofYP
dSNA4Je5YQ0MIiY6dTeHyS0=
=mqvS
-END PGP SIGNATURE-
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba


_
This message was content-scanned by IXC Shield 
Powered by GatewayDefender - BH09f02c59.0001.mml
--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] Problem with Win2k Group Policy with Samba 3.0.2 PDC

[Alistair James]

Hi,

I am having an annoying problem with adding a group policy to a
Samba 3.0.2 PDC domain, running ona Suse 9 box with Win2k client
machines.

Using 'poledit' from Windows 2000 server, I can add a user or
computer policy for an individual user or computer, and this will
work when placed in my [netlogon] directory, but if I try to
create a group policy, by using 'Add Group', then amending the
properties, this group policy is ignored when I login on a client
machine.

This does not appear to work for any groups (Domain User, Domain
Admin or my created group 'Students', which is mapped to the
unixgroup 'students').

All my groups appear in the poledit 'Browse' window, and
'smbstatus' shows a member of 'students' has indeed logged in.

Any idea what may be wrong? Is this something I cannot do in
Samba 3 with a Win2k client?

Cheers,

--
Alistair James
Engineering Computing Support Group
University of Oxford
--

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] Failed to verify ticket ?

[Yohann Ferreira]

Hi !

My problem is that :
[2004/05/12 16:07:30, 1] smbd/sesssetup.c:reply_spnego_kerberos(173)
 Failed to verify incoming ticket!
[2004/05/12 16:07:30, 1] smbd/sesssetup.c:reply_spnego_kerberos(173)
 Failed to verify incoming ticket!
[2004/05/12 16:07:39, 1] smbd/sesssetup.c:reply_spnego_kerberos(173)
 Failed to verify incoming ticket!
[2004/05/12 16:07:59, 0] lib/util_sock.c:read_socket_data(342)
 read_socket_data: recv failure for 4. Error = Connection reset by peer
[2004/05/12 16:07:59, 1] smbd/service.c:close_cnum(887)
 saisie-srag (10.143.31.100) closed connection to service tmp
A w2k client can't log on my samba server.

Here's my krb5.conf :

[logging]
default = FILE:/var/log/kerberos/krb5libs.log
kdc = FILE:/var/log/kerberos/krb5kdc.log
admin_server = FILE:/var/log/kerberos/kadmind.log
[libdefaults]
ticket_lifetime = 24000
default_realm = DRAF.FC
default_tgs_enctypes = des-cbc-crc des-cbc-md5
default_tkt_enctypes = des-cbc-crc des-cbc-md5
permitted_enctypes = des-cbc-crc des-cbc-md5
#default_tgs_enctypes = des3-hmac-sha1 des-cbc-crc
#default_tkt_enctypes = des3-hmac-sha1 des-cbc-crc
#permitted_enctypes = des3-hmac-sha1 des-cbc-crc
dns_lookup_realm = false
dns_lookup_kdc = false
kdc_req_checksum_type = 2
checksum_type = 2
ccache_type = 1
forwardable = true
proxiable = true
[realms]
DRAF.FC = {
kdc = draffc3.draf.fc
default_domain = DRAFFCOMTE
}
[domain_realm]
.draf.fc = DRAF.FC
[kdc]
profile = /etc/kerberos/krb5kdc/kdc.conf
[pam]
debug = false
ticket_lifetime = 36000
renew_lifetime = 36000
forwardable = true
krb4_convert = false
[appdefaults]
pam = {
debug = true
ticket_lifetime = 36000
renew_lifetime = 36000
forwardable = true
krb4_convert = true
afs_cells = draffc3.draf.fc
hosts = draffc3.draf.fc
max_timeout = 30
timeout_shift = 2
initial_timeout = 1
}
[login]
krb4_convert = false
krb4_get_tickets = false
Any idea about my misconfiguration in Kerberos, everyone ?

Please, just answer me for that and I'll let you breath !

Thanks for reading

Bertram

_
Trouvez l'âme soeur sur MSN Rencontres http://g.msn.fr/FR1000/9551
--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] samba master problems

[phil]

HI,

I have been experiencing problems for the last few days.
One of our systems rebooted itself, and for some reason became the 
Master on our Samba network.
This resulted in the loss of the workgroup when going through network 
neirgbourhood/my network places etc.
I restarted samba on our serversleaving the 'master' system off 
thenetwork. 
Now when I run smbclient there is no master defined.

In the log.nmb there is this error
 -process_get_backup_list_request: Cannot find workgroup RUWPA on 
subnet UNICAST_SUBNET

Everything seems to be working fine apart from this...
using run then //ruwpa-space works fine...and users with the drives 
attached previously are ok.

Any pointers would be gratefully received.

Phil.





-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Permissions 101

[Gerald (Jerry) Carter]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Tim Booher wrote:

| Hello. I have a Security = share

| My wife is only able to get read permissions to
| this directory, she is a member of
| Myserver\myadmins, but that doesn't seem to help.
| I am new to this and very confused. Can anyone help? I
| have, of course, added the users to the smbpasswd.
I would recommend that you use security = user.



cheers, jerry
- --
Hewlett-Packard- http://www.hp.com
SAMBA Team -- http://www.samba.org
GnuPG Key   http://www.plainjoe.org/gpg_public.asc
"...a hundred billion castaways looking for a home." --- Sting
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.2.4 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFAoilhIR7qMdg1EfYRAjDeAJoDYkRART50G41gFg33xH8CpPpffQCg5eX7
wVQF+f8qHHYzngjuH/ujbJY=
=azr6
-END PGP SIGNATURE-
--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Re: [Samba] starnge Auth problem in w2k Domain with ADS

[Gerald (Jerry) Carter]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Anders Berg wrote:
| Hi Christoph,
|
| you have come to the wrong group. Not that this
| question does not belong here, its just that nobody is
| willing to answer it!
|
| 4 questions so far in May have been about this topic
| (mine: http://lists.samba.org/archive/samba/2004-May/085521.html) ,
| and many  more earlier months. And there are surprisingly
| few replys.
|
| I _don't_ think it's because it's a RTFM question, or is
| adressed in  such detail so many times that people just can't
| be bothered answering it. I think its because they don't wanna
| touch it (they meaning the people  that have written/worked with
| these parts of Samba)!
...
| I used both Heimdal 0.6.2 (I have a 2003 server I auth.
| gainst, and the  Samba docs say that Heimdal must be used with 2003.)
| and the MIT 1.3.3  kerbos and both 3.0.3 and 3.0.4 Samba.
|
| I see that one person has sendt a "Me too" mail in reply
| to you already. :)
|
| Will the real Samba community please stand up?!
I'll assume that your not just trolling for an answer.

For the record, you will always have better luck with
MIT krb5 1.3.x and Heimdal 0.6.1 or later.  Both supprt
the type 23 enc type used by Windows 200x.
There are a couple of likely reasons why you are prompted
for a password:
(a) the krb5 ticket cannot be verfied (possibly due to
an improper kerberos setup on the Samba box)
(b) getpwnam() fails for the user (see logs for instances
of 'Gwt_Pwnam did not')
If you can connect to the share using the server's IP
address but IP address, this is indicative of a krb5
configuration error somewhere.  When usiong the IP address,
the client will revert to the NTLMSSP mechanism during
session setup (rather than sending a krb5 ticket).


cheers, jerry
- --
Hewlett-Packard- http://www.hp.com
SAMBA Team -- http://www.samba.org
GnuPG Key   http://www.plainjoe.org/gpg_public.asc
"...a hundred billion castaways looking for a home." --- Sting
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.2.4 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFAoiiBIR7qMdg1EfYRAqEfAKDUJcAixHjuvoZE4vGL1YYk4oMLXgCgofYP
dSNA4Je5YQ0MIiY6dTeHyS0=
=mqvS
-END PGP SIGNATURE-
--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Re: [Samba] HP-UX 11i and Inability to run Samba 3.0.x

[Gerald (Jerry) Carter]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Ryan Novosielski wrote:

| Thanks a lot -- I've been trying to get our machines upgraded
| to 3.0.x lately, and I have been running into that
| buffer error and this PANIC over and over. The funny thing
| is it SEEMS to work OK (and a fair amount faster
| than 2.2.x) and then under a moderate load, the whole
| thing starts to flake out and become unresponsive,
| slow, and unreliable -- often remedied by a restart to an
| extent. A fellow staff member actually cron'd a
| stop/start at 15 minute intervals to attempt to limp along.
|
| I would be happy to provide any testing assistance that I
| can. We have gotten a lot out of Samba and would certainly
| be willing to help give back.
Thanks Ryan,

If you could send me a level 10 debug log surround thing
crash, that would be a start.  I think this is just a
byte ordering bug similar to the one that was fixed in
the printing code a couple of months ago.


cheers, jerry
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.2.4 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFAoib9IR7qMdg1EfYRAiWTAJ43ppSloDyK7k1NIYFp873JDiz7MgCgyyVw
VJkzy0S8pxHBiYtxvnnrZS8=
=BX5c
-END PGP SIGNATURE-
--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] SID History Mechanism / Trust Accounts

[Laurenz, Dirk]

Hello everybody,

1. Question
When migration from an nt4 style domain to a new samba 3 style domain with ldapsam ,
it is necessary to preserve the old SIDs of the user to keep the users
in touch with the old servers. M$ calles this SID history, which means
that the old SID is added to new accounts in an AD. 
Does samba have any equal mechanism?

2. Question
Does net rpc vampire preserve domain trust accounts?


Regards D.Laurenz


Mit freundlichem Gruß,



Dirk Laurenz
Systems Engineer
PSO - Professional Service Organisation
Fujitsu Siemens Computers
Hildesheimer Strasse 25
30880 Laatzen
Germany

Telephone:  +49 (511) 84 89 - 18 08
Telefax:+49 (511) 84 89 - 25 18 08
Mobile: +49 (170) 22 10 781
Email:  mailto:[EMAIL PROTECTED]
Internet:   http://www.fujitsu-siemens.com

http://www.fujitsu-siemens.de/rl/servicesupport/itdienstleistungen/competencecenter.html
***
 
--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Re: [Samba] How to display the folder names in Japanese?

[Gerald (Jerry) Carter]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Bull TORS wrote:
| Hi,
|
| I have a FreeBSD-Current and I wanted to access the shares in our
Windows NT.
| What I did:
| Since I only wanted to Access the only Data Server that we have in our
| ethernet LAN I tried in kterm the following,
|   #smbutil view //[EMAIL PROTECTED]
smbutil is not part of Samba.  It is maintained separately by the
FreeDSB developers.


cheers, jerry
- --
Hewlett-Packard- http://www.hp.com
SAMBA Team -- http://www.samba.org
GnuPG Key   http://www.plainjoe.org/gpg_public.asc
"...a hundred billion castaways looking for a home." --- Sting
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.2.4 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFAoiQSIR7qMdg1EfYRAiJ/AJ47YtUxjc/j6FB8vS39ixZ8or1O5gCgnxW0
EXYqaQRSuEk1b8MKFGNqqKo=
=cNNL
-END PGP SIGNATURE-
--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Re: [Samba] starnge Auth problem in w2k Domain with ADS

[Yohann Ferreira]

Too bad, it's not working for me...

But no problem, I'll try the next samba versions until it matchs !

Rock isn't over, Samba Team ! (And will never be !)

Bertram

From: Anders Berg <[EMAIL PROTECTED]>
To: Christoph Scheeder 
<[EMAIL PROTECTED]>,[EMAIL PROTECTED]
Subject: Re: [Samba] starnge Auth problem in w2k Domain with ADS
Date: Wed, 12 May 2004 11:40:29 +0200

Hi Christoph,

you have come to the wrong group.
Not that this question does not belong here, its just that nobody is 
willing to answer it!

4 questions so far in May have been about this topic (mine: 
http://lists.samba.org/archive/samba/2004-May/085521.html) , and many more 
earlier months.
And there are surprisingly few replys.

I _don't_ think it's because it's a RTFM question, or is adressed in such 
detail so many times that people just can't be bothered answering it.
I think its because they don't wanna touch it (they meaning the people that 
have written/worked with these parts of Samba)!

The best reference I have been able to find so far, in my 6 day quest, to 
do the same thing as you want to do is:
http://www.linuxquestions.org/questions/showthread.php?s=&threadid=161506

But this did not work for me... Though it is apperently working for some. 
Some go so far as to say thet samba can't do what you want we want it to do 
in our case.

I used both Heimdal 0.6.2 (I have a 2003 server I auth. against, and the 
Samba docs say that Heimdal must be used with 2003.) and the MIT 1.3.3 
kerbos and both 3.0.3 and 3.0.4 Samba.

I see that one person has sendt a "Me too" mail in reply to you already. :)

Will the real Samba community please stand up?!

YS
Anders Berg
At 10:37 12.05.2004 +0200, Christoph Scheeder wrote:
Hi,
my Situation:
a w2k-server set in mixed mode as ADS-Server,a debian machine with
latest stable samba compiled self with ADS-support.
samba machine joined to ADS-Domain succesfully, winbindd installed and
configured, all w2k users and groups visible on samba-server.
Browsing and connecting to w2k-server and samba-server from the samba
server with smbclient and -k option works fine for all accounts in the
w2k-domain and the localy on the samba server defined users.
If i try to access the samba server from a w2k-client in the domain i
get a prompt for user and password. If i supply a domain-account i get
a failure, if i supply a local samba-server-account all works fine.
Where should i look to solve this problem?
C.Scheeder
--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba




*
Denne fotnoten bekrefter at denne e-postmeldingen ble
skannet av MailSweeper og funnet fri for virus.
*
This footnote confirms that this email message has been swept by
MailSweeper for the presence of computer viruses.
*
--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba
_
Hotmail : un compte GRATUIT qui vous suit partout et tout le temps ! 
http://g.msn.fr/FR1000/9493

--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] ezmlm response

[suse-linux-s-return-]

¡Hola! Soy el programa ezmlm. Me ocupo de la lista de correo
[EMAIL PROTECTED]


Estoy trabajando para mi propietario, a quien se puede localizar
en [EMAIL PROTECTED]

Aquí hay una lista de las direcciones comando disponibles:

Mande un correo a las siguientes direcciones-comando para obtener
información y FAQ de esta lista:

   <[EMAIL PROTECTED]>
   <[EMAIL PROTECTED]>


Para recibir los mensajes desde el número 123 al 145 (con un
máximo de 100 por petición), escriba a:

   <[EMAIL PROTECTED]>

Para obtener un índice con los campos "Asunto" y "Autor" para los
mensajes del 123 al 456, debe escribir a:

   <[EMAIL PROTECTED]>

Para recibir todos los mensajes con el mismo "Asunto" que el
mensaje 12345, mande un mensaje en blanco a:

   <[EMAIL PROTECTED]>


En realidad no es necesario que los mensajes estén en blanco,
pero si no lo están ignoraré su contenido. Sólo es importante la
DIRECCIÓN a la que se envía.

Usted puede suscribir una dirección alternativa, por ejemplo,
para "[EMAIL PROTECTED]", simplemente añada un guión y su
dirección (con '=' en lugar de '@') después del comando:

   <[EMAIL PROTECTED]>

Para cancelar la suscripción de esta dirección, escriba a:

<[EMAIL PROTECTED]>


--- Comandos administrativos para la lista suse-linux-s ---

Puedo gestionar automáticamente peticiones administrativas. Por
favor, no envíe este tipo de peticiones a la lista. Envíelas a la
dirección-comando adecuada:

Para obtener ayuda y una descripción de los comandos disponibles,
mande un mensaje a:

   <[EMAIL PROTECTED]>

Para suscribirse a la lista, mande un mensaje a:

   <[EMAIL PROTECTED]>

Para eliminar su dirección de la lista, simplemente mande un
mensaje a la dirección que hay en la cabecera
``List-Unsubscribe'' de cualquier mensaje de la lista. Si usted
no ha cambiado su dirección desde que se suscribió, también puede
enviar un mensaje a:

   <[EMAIL PROTECTED]>


Para añadir o eliminar direcciones, le enviaré un mensaje de
confirmación a esa dirección. Cuando lo reciba, pulse el botón
'Responder' para completar la transacción.

Si necesita contactar con el propietario de la lista, por favor,
mande un mensaje a:

<[EMAIL PROTECTED]>

Por favor, incluya una lista de mensajes REENVIADOS con TODAS LAS
CABECERAS intactas para que sea más fácil ayudarle.

--- Le adjunto una copia de la petición que he recibido.

Return-Path: <[EMAIL PROTECTED]>
Received: (qmail 3474 invoked from network); 12 May 2004 12:30:04 -
Received: from unknown (HELO hermes.suse.de) (195.135.221.8)
  by 0 with SMTP; 12 May 2004 12:30:04 -
Received: from scanhost.suse.de (scanhost.suse.de [10.0.0.5])
by hermes.suse.de (Postfix) with ESMTP id 5D3CB68D80
for <[EMAIL PROTECTED]>; Wed, 12 May 2004 14:30:04 +0200 (CEST)
Received: by scanhost.suse.de (Postfix, from userid 0)
id 52A7855629; Wed, 12 May 2004 14:30:04 +0200 (CEST)
Delivered-To: virus-quarantine
X-Quarantine-id: 
Received: from Cantor.suse.de (ns.suse.de [195.135.220.2]) (using TLSv1
  with cipher EDH-RSA-DES-CBC3-SHA (168/168 bits)) (No client
  certificate requested) by hermes.suse.de (Postfix) with ESMTP id
  3C53C68F51 for <[EMAIL PROTECTED]>; Wed, 12 May 2004 14:26:39
  +0200 (CEST)
Received: from kerberos.suse.cz (ns.suse.cz [82.208.2.84]) (using TLSv1
  with cipher EDH-RSA-DES-CBC3-SHA (168/168 bits)) (No client
  certificate requested) by Cantor.suse.de (Postfix) with ESMTP id
  86A9D596C0C for <[EMAIL PROTECTED]>; Wed, 12 May 2004
  14:26:21 +0200 (CEST)
Received: from suse.com (181.Red-80-32-57.pooles.rima-tde.net
  [80.32.57.181]) by kerberos.suse.cz (SuSE CR ESMTP Mailer) with ESMTP
  id 8357F4FBD9 for <[EMAIL PROTECTED]>; Wed, 12 May 2004
  14:26:06 +0200 (MEST)
From: [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Subject: Is that your password?
Date: Wed, 12 May 2004 14:26:15 +0200
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Message-Id: <[EMAIL PROTECTED]>
X-AMaViS-Alert: INFECTED, message contains virus: Worm.SomeFool.P
X-Converted-To-Plain-Text: from multipart/mixed by demime 1.1d
X-Converted-To-Plain-Text: Alternative section used was text/plain

Can you confirm it?

[the SUSE virus scanner removed an attachment of type application/octet-stream which 
had a name of part6.zip]
[if you need the message in its original form including all attachments, please ask 
the SENDER for a version free of viruses]
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

RE: [Samba] preexec script problem

[daniel . jarboe]

> i'm running into a little problem when using preexec scripts for the
> creation
> of dir's on my samba server
> 
> script
> ---
> #! /bin/sh
> name=`getent passwd | grep %U | awk -F: '{print $5}'`
> mkdir /samba/test/"$name"
> ---
> 
> snip of smb.conf
> ---
> [test]
> path = /samba/test
> preexec = /root/script
> browseable = Yes
> writeable = Yes
> valid users = @mygroup
> force group = @mygroup
> create mask = 0770
> force create mode = 770
> ---
> 
> anyone have any idea why the dir is not created under "/samba/test" ?
> 
> -ipuy

%U will be substituted within smb.conf, not your script.  You could do
something like preexec = /root/script %U in smb.conf, and then
name=`getent passwd | grep $1 ...

Will your users be able to create directories in /samba/test/ (this dir
is group writable and owned by group mygroup?).  Is it your intention
that one user will be able to read/write/delete another user's files?

~ Daniel











---

This message is the property of Time Inc. or its affiliates. It may be
legally privileged and/or confidential and is intended only for the use
of the addressee(s). No addressee should forward, print, copy, or
otherwise reproduce this message in any manner that would allow it to be
viewed by any individual not originally listed as a recipient. If the
reader of this message is not the intended recipient, you are hereby
notified that any unauthorized disclosure, dissemination, distribution,
copying or the taking of any action in reliance on the information
herein is strictly prohibited. If you have received this communication
in error, please immediately notify the sender and delete this message.
Thank you.

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

RE: [Samba] Poor performance with Mac OS X Panther clients

[ww m-pubsyssamba]

Hi Nathan,

all I can say is we are also testing Mac OS X with Samba (on Solaris)
and with slightly more typical numbers of files per directory are not seeing
any simliar issues.
In principal it does not surprise me that it is much slower on your OS X
client than on your Linux or Windows clients. When you open a folder in
your Linux or Windows file browser all they will need to do is request a 
file listing. On the other hand an OS X client will read the resourse fork 
(meta data) for each file to give it the correct application association and 
icon in the finder.
Does your customer not see a similar problem when the files are stored on
a Windows file server? I would expect they would (that is if they are
mounting from the Windows server over SMB not AFP which may prove quicker).

no answer but hope this helps,

thanks Andy.



Here's my setup: 

- Single Mac OS X Panther client w/ latest patches.
- Single Windows NT4 w/ latest SPs client.
- Debian stable Samba server(2.2.3a-13) w/ custom 2.4.26 kernel.
Oplocks enabled.
- Cisco 2950
- All nodes 100Mb and everything on the same switch.
- HP DL360 w/ 2.8GHz hyper-threaded processor and 1GB of memory.
- HP MSA1000 SAN.
- XFS filesystems w/ ACL support.

My client is moving their data over to a fail-over Samba setup backended
with the HP SAN. They have several directories with approx. 5000 to
1 files. The files were moved into the directories on the new file
server from a Mac OS X client in order to preserve the Mac OS metadata.

Viewing these directories from explorer.exe on the Windows client, from
the Terminal on OSX using ls, and from a Linux laptop using smbclient
and ls is stellar. Very quick. Viewing these directories from within the
OSX Finder causes the smbd process to spike to approx. 45% to 55% and
stay there for approx. 10 seconds or however long it takes the Finder to
render all of the icons for the files in the directory. Scrolling the
Finder while the icons are being rendered causes the CPU to jump again.
Depending on how many screens you scroll through in Finder, you can
cause smbd to jump to 99% and stay there for several minutes. We are
still in pre-deployment but the CPU spike is making the client nervous
about what will happen when we start to load many Mac OS X client onto
the server. 

I'm not an expert on the SMB protocol but I've captured packet dumps
from a fresh share mount and directory view from both the Windows NT4
client and the Mac OS X client and it looks to me like the NT4 client is
doing the directory contents lookups with a single "FIND_FIRST2, \*" and
a corresponding return packet from the server with the listing of the
directory contents whereas the Mac OS X Finder client appears to be
doing a FIND_FIRST2 call for every file, including metadata files, in
the directory. This would seem to be supported by a strace of the smbd
process which shows tons and tons of getdents32 calls. 

My gut says that this is a problem with OSX's Finder and not Samba but,
understandably, my client doesn't care...they just want it fixed. Is
there a known work-around for the performance issue with Mac OS X Finder
clients? Do I need to tweak something on the server? On the client? I've
search the Samba archives and not found much mention of this issue and
I've Googled around for information from Apple's end and drawn a blank
there too.

Thanks ahead of time for any insight that you can provide. 

-- 
Nathan R. Valentine <[EMAIL PROTECTED]>

BBCi at http://www.bbc.co.uk/

This e-mail (and any attachments) is confidential and may contain personal views which 
are not the views of the BBC unless specifically
stated.
If you have received it in error, please delete it from your system. Do not use, copy 
or disclose the information in any way nor act in
reliance on it and notify the sender immediately. Please note that the BBC monitors 
e-mails sent or received.
Further communication will signify your consent to this.
--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Re: [Samba] starnge Auth problem in w2k Domain with ADS

[Anders Berg]

Hi Christoph,

you have come to the wrong group.
Not that this question does not belong here, its just that nobody is 
willing to answer it!

4 questions so far in May have been about this topic (mine: 
http://lists.samba.org/archive/samba/2004-May/085521.html) , and many more 
earlier months.
And there are surprisingly few replys.

I _don't_ think it's because it's a RTFM question, or is adressed in such 
detail so many times that people just can't be bothered answering it.
I think its because they don't wanna touch it (they meaning the people that 
have written/worked with these parts of Samba)!

The best reference I have been able to find so far, in my 6 day quest, to 
do the same thing as you want to do is:
http://www.linuxquestions.org/questions/showthread.php?s=&threadid=161506

But this did not work for me... Though it is apperently working for some. 
Some go so far as to say thet samba can't do what you want we want it to do 
in our case.

I used both Heimdal 0.6.2 (I have a 2003 server I auth. against, and the 
Samba docs say that Heimdal must be used with 2003.) and the MIT 1.3.3 
kerbos and both 3.0.3 and 3.0.4 Samba.

I see that one person has sendt a "Me too" mail in reply to you already. :)

Will the real Samba community please stand up?!

YS
Anders Berg
At 10:37 12.05.2004 +0200, Christoph Scheeder wrote:
Hi,
my Situation:
a w2k-server set in mixed mode as ADS-Server,a debian machine with
latest stable samba compiled self with ADS-support.
samba machine joined to ADS-Domain succesfully, winbindd installed and
configured, all w2k users and groups visible on samba-server.
Browsing and connecting to w2k-server and samba-server from the samba
server with smbclient and -k option works fine for all accounts in the
w2k-domain and the localy on the samba server defined users.
If i try to access the samba server from a w2k-client in the domain i
get a prompt for user and password. If i supply a domain-account i get
a failure, if i supply a local samba-server-account all works fine.
Where should i look to solve this problem?
C.Scheeder
--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba




*
Denne fotnoten bekrefter at denne e-postmeldingen ble
skannet av MailSweeper og funnet fri for virus.
*
This footnote confirms that this email message has been swept by
MailSweeper for the presence of computer viruses.
*
--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

RE: [Samba] starnge Auth problem in w2k Domain with ADS

[Yohann Ferreira]

Hi !
I'm having the same problem when I want to access my shares on the samba ADS 
member server.
I, too, have successfully joined the domain and I can log on the domain 
using a 2000 user account from the samba itself.
But as for you, I am prompted for a user and pass when accessing my shares 
from a 2000 client in the network neighborhood.

Be strong, we are two in this mess...

Thanks for reading

Bertram


From: Christoph Scheeder <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
Subject: [Samba] starnge Auth problem in w2k Domain with ADS
Date: Wed, 12 May 2004 10:37:51 +0200
Hi,
my Situation:
a w2k-server set in mixed mode as ADS-Server,a debian machine with
latest stable samba compiled self with ADS-support.
samba machine joined to ADS-Domain succesfully, winbindd installed and
configured, all w2k users and groups visible on samba-server.
Browsing and connecting to w2k-server and samba-server from the samba
server with smbclient and -k option works fine for all accounts in the
w2k-domain and the localy on the samba server defined users.
If i try to access the samba server from a w2k-client in the domain i
get a prompt for user and password. If i supply a domain-account i get
a failure, if i supply a local samba-server-account all works fine.
Where should i look to solve this problem?
C.Scheeder
--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba
_
MSN Search, le moteur de recherche qui pense comme vous !  
http://search.msn.fr/

--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Re: [Samba] smbd log meesages

[Ryan Novosielski]

I see the same thing. Anyone know what they are? (of course I have other
issues, but that's another story)

 _  _ _  _ ___  _  _  _
|Y#| |  | |\/| |  \ |\ |  |  | Ryan Novosielski - Jr. UNIX Systems Admin
|$&| |__| |  | |__/ | \| _|  | [EMAIL PROTECTED] - 973/972.0922 (2-0922)
\__/ Univ. of Med. and Dent. | IST/ACS - NJMS Medical Science Bldg - C630

On Mon, 10 May 2004, Mark wrote:

> Can someone please explain what these messages mean. I am running 3.0.2a
> with no issues at all. I just happened to be looking through the logs
> and notice the messages.
>
>
> [2004/05/10 03:53:23, 0] rpc_server/srv_pipe.c:api_pipe_netsec_process(1371)
>failed to decode PDU
> [2004/05/10 03:53:23, 0] rpc_server/srv_pipe_hnd.c:process_request_pdu(605)
>process_request_pdu: failed to do schannel processing.
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  http://lists.samba.org/mailman/listinfo/samba
>
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Re: [Samba] XP profiles problem - Samba 3.0.3 & LDAP

[Ryan Novosielski]

Disregard that -- I misunderstood you; I thought you were using the domain
admin param in smb.conf.

 _  _ _  _ ___  _  _  _
|Y#| |  | |\/| |  \ |\ |  |  | Ryan Novosielski - Jr. UNIX Systems Admin
|$&| |__| |  | |__/ | \| _|  | [EMAIL PROTECTED] - 973/972.0922 (2-0922)
\__/ Univ. of Med. and Dent. | IST/ACS - NJMS Medical Science Bldg - C630

On Tue, 4 May 2004, John Arthur wrote:

>
> [EMAIL PROTECTED] profiles]# ls -la
> total 16
> drwxr-xrwt4 root Domain Admins 4096 May  4 13:03 .
> drwxr-xr-x4 root Domain Admins 4096 May  4 10:05 ..
> drwx--   13 debraDomain Users 4096 May  4 12:52 debra
> drwx--   14 root Domain Users 4096 May  4 13:14 john
>
> As you can see Debra's profile is created with the correct ownership(?) but
> John's is created as owner "Administrator/root".
>
> Now the only difference is that John is a Member of "Domain Admins" although
> both john & debra's primary group is 513 "Domain Users"
>
>
> [profiles]
> # chmod 1757 /domain/profiles
> path = /domain/profiles
> csc policy = disable
> profile acls = yes
> writeable = yes
> browseable = no
> create mask = 0600
> directory mask = 0700
>
>
> The next issue is unless I set the policy "Do not check check for user
> ownership of Roaming profile folders" to 'enabled' ie no checking. Debra can
> not access her remote profile (even though she is the owner) while john can
> access his.
>
> Can anybody shed some light on this issue.
>
> Regards John
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  http://lists.samba.org/mailman/listinfo/samba
>
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Re: [Samba] XP profiles problem - Samba 3.0.3 & LDAP

[Ryan Novosielski]

Domain Admins, AFAIK, perform all actions as root. You can verify this in
smb.conf.

 _  _ _  _ ___  _  _  _
|Y#| |  | |\/| |  \ |\ |  |  | Ryan Novosielski - Jr. UNIX Systems Admin
|$&| |__| |  | |__/ | \| _|  | [EMAIL PROTECTED] - 973/972.0922 (2-0922)
\__/ Univ. of Med. and Dent. | IST/ACS - NJMS Medical Science Bldg - C630

On Tue, 4 May 2004, John Arthur wrote:

>
> [EMAIL PROTECTED] profiles]# ls -la
> total 16
> drwxr-xrwt4 root Domain Admins 4096 May  4 13:03 .
> drwxr-xr-x4 root Domain Admins 4096 May  4 10:05 ..
> drwx--   13 debraDomain Users 4096 May  4 12:52 debra
> drwx--   14 root Domain Users 4096 May  4 13:14 john
>
> As you can see Debra's profile is created with the correct ownership(?) but
> John's is created as owner "Administrator/root".
>
> Now the only difference is that John is a Member of "Domain Admins" although
> both john & debra's primary group is 513 "Domain Users"
>
>
> [profiles]
> # chmod 1757 /domain/profiles
> path = /domain/profiles
> csc policy = disable
> profile acls = yes
> writeable = yes
> browseable = no
> create mask = 0600
> directory mask = 0700
>
>
> The next issue is unless I set the policy "Do not check check for user
> ownership of Roaming profile folders" to 'enabled' ie no checking. Debra can
> not access her remote profile (even though she is the owner) while john can
> access his.
>
> Can anybody shed some light on this issue.
>
> Regards John
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  http://lists.samba.org/mailman/listinfo/samba
>
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Logging domain Logon/Logoff

[Ryan Novosielski]

One that you could do is a preexec/postexec type thing. We did this once
before. I believe you could have the pre-exec be on something like the
netlogon share. I can't remember exactly how we used to do this on our
site. Remind me and I will look it up if this hint does not help.

 _  _ _  _ ___  _  _  _
|Y#| |  | |\/| |  \ |\ |  |  | Ryan Novosielski - Jr. UNIX Systems Admin
|$&| |__| |  | |__/ | \| _|  | [EMAIL PROTECTED] - 973/972.0922 (2-0922)
\__/ Univ. of Med. and Dent. | IST/ACS - NJMS Medical Science Bldg - C630

On Mon, 3 May 2004, Michael Eklund wrote:

> Has anyone run accross a way to log domain logon/logoffs?
>
> Thanks,
>
> Mike
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  http://lists.samba.org/mailman/listinfo/samba
>
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] starnge Auth problem in w2k Domain with ADS

[Christoph Scheeder]

Hi,
my Situation:
a w2k-server set in mixed mode as ADS-Server,a debian machine with
latest stable samba compiled self with ADS-support.
samba machine joined to ADS-Domain succesfully, winbindd installed and
configured, all w2k users and groups visible on samba-server.
Browsing and connecting to w2k-server and samba-server from the samba
server with smbclient and -k option works fine for all accounts in the
w2k-domain and the localy on the samba server defined users.
If i try to access the samba server from a w2k-client in the domain i
get a prompt for user and password. If i supply a domain-account i get
a failure, if i supply a local samba-server-account all works fine.
Where should i look to solve this problem?
C.Scheeder
--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Can I reconfigure Samba share without restart smb service?

[Mike Stewart]

I read somewhere that Samba re-reads its config file every minute or so.  I
think one of my servers (2.2.0a) does this but the other (2.2.8a) seems to
take longer.

- Original Message - 
From: "Ryan Novosielski" <[EMAIL PROTECTED]>
To: "ww m-pubsyssamba" <[EMAIL PROTECTED]>
Cc: <[EMAIL PROTECTED]>
Sent: Wednesday, May 12, 2004 9:23 AM
Subject: Re: [Samba] Can I reconfigure Samba share without restart smb
service?


> AFAIK, Samba will notice a change on its own as well.
>
>  _  _ _  _ ___  _  _  _
> |Y#| |  | |\/| |  \ |\ |  |  | Ryan Novosielski - Jr. UNIX Systems Admin
> |$&| |__| |  | |__/ | \| _|  | [EMAIL PROTECTED] - 973/972.0922 (2-0922)
> \__/ Univ. of Med. and Dent. | IST/ACS - NJMS Medical Science Bldg - C630
>
> On Fri, 30 Apr 2004, ww m-pubsyssamba wrote:
>
> > Everytime I add or remove some samba shares, I must restart smb service
to take effect. Is there anyway to reconfig it without restart?
> >
> >
> > >> Yes there is, you must "kill -HUP" your parent smbd process, either
work out which pid it is from running ps -aef (-aux or whatever
> > for your UNIX platform) or cat /sambainstalldir/var/locks/smbd.pid file
which contains the PID, then "kill -HUP YourPID"
> > For already established client connections they may not see the changes
until they disconnect but for new connections your
> > smb.conf/share changes will be visable,
> >
> > cheers Andy.
> >
> > <<
> >
> > BBCi at http://www.bbc.co.uk/
> >
> > This e-mail (and any attachments) is confidential and may contain
personal views which are not the views of the BBC unless specifically
> > stated.
> > If you have received it in error, please delete it from your system. Do
not use, copy or disclose the information in any way nor act in
> > reliance on it and notify the sender immediately. Please note that the
BBC monitors e-mails sent or received.
> > Further communication will signify your consent to this.
> > --
> > To unsubscribe from this list go to the following URL and read the
> > instructions:  http://lists.samba.org/mailman/listinfo/samba
> >
> -- 
> To unsubscribe from this list go to the following URL and read the
> instructions:  http://lists.samba.org/mailman/listinfo/samba
>
>


---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.680 / Virus Database: 442 - Release Date: 10/05/2004


-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] [error]

[info]

Your mail [subject: 0i09u5rug08r89589gjrg]
(B
(BBAD TYPE!! 
(B
(B-- 
(BTo unsubscribe from this list go to the following URL and read the
(Binstructions:  http://lists.samba.org/mailman/listinfo/samba

Re: [Samba] remove machine account

[Ryan Novosielski]

This works for me. If need be, remove the account by hand if you are using
smbpasswd as your backend.

 _  _ _  _ ___  _  _  _
|Y#| |  | |\/| |  \ |\ |  |  | Ryan Novosielski - Jr. UNIX Systems Admin
|$&| |__| |  | |__/ | \| _|  | [EMAIL PROTECTED] - 973/972.0922 (2-0922)
\__/ Univ. of Med. and Dent. | IST/ACS - NJMS Medical Science Bldg - C630

On Fri, 30 Apr 2004, James Amen Atayi wrote:

> Hallo!
>
>  How please to remove a win2k machine account.
>  I tried smbpasswd -x machine$ without succes.
>
>  The thing is that I changed the machine domaine to workgroup. And
>  now I'm trying to put again the machine in the domaine but that
>  can't be done.
>  I'm getting an error message that the logon informations are in
>  conflict with existing logon informations.
>
>  Thank a lot for helping
>
>  James
>
>
>
>
>
> 
> http://www.epost.de - das Kommunikationsportal der Deutschen Post
>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  http://lists.samba.org/mailman/listinfo/samba
>
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] WINS / port 445 question

[Kit]

Some information about Windows Direct Hosting (port 445) can be found at:

 

http://support.microsoft.com/default.aspx?scid=kb;en-us;Q204279

 

Here you will see that, by disabling port 445 (direct hosting), all traffic
reverts back to NBT.

 

 

>From what I can see, Direct Hosting is no more than SMB over TCP/IP, instead
of using NBT (NetBIOS over TCP) as an intermediary transport.

 

Blocking Direct Hosting should not break anything (it is merely a
'short-cut') but, once it gets implemented, it should reduce overhead on
server and network.

 

Kit

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Re: [Samba] problem conpiling snprintf.c

[Ryan Novosielski]

FWIW, you did not provide a version number of Samba.

 _  _ _  _ ___  _  _  _
|Y#| |  | |\/| |  \ |\ |  |  | Ryan Novosielski - Jr. UNIX Systems Admin
|$&| |__| |  | |__/ | \| _|  | [EMAIL PROTECTED] - 973/972.0922 (2-0922)
\__/ Univ. of Med. and Dent. | IST/ACS - NJMS Medical Science Bldg - C630

On Wed, 28 Apr 2004, Cawley, Michele (3598) wrote:

> >From Michele Cawley
> problem: tring to install on a HPUX v11 system. make install comming back
> with below error.
>
>
> Using LIBS = -lgen -lsec  -lnsl
> Compiling lib/snprintf.c
> lib/snprintf.c:792: conflicting types for `snprintf'
> /usr/local/lib/gcc-lib/hppa2.0n-hp-hpux11.00/3.1/include/stdio.h:493:
> previous d
> eclaration of `snprintf'
> *** Error exit code 1
>
> Stop.
>
>
> regards
>
> Michele
>
>
> 
> Please note as of 31st March 2004 we will not be accepting any email to
> Digifone.com addresses. From this date please send all emails to O2.com.
> This E-mail is from O2. The E-mail and any files
> transmitted with it are confidential and may also be privileged and intended
> solely for the use of the individual or entity to whom they are addressed.
> Any unauthorised direct or indirect dissemination, distribution or copying
> of this message and any attachments is strictly prohibited. If you have
> received the E-mail in error please notify [EMAIL PROTECTED] or
>   telephone ++ 353 1 6095000.
>
> *
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  http://lists.samba.org/mailman/listinfo/samba
>
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Samba 3.0.3: Still cant change password after KB828741

[Ryan Novosielski]

I'm prety sure this was fixed in 3.0.4, not 3.0.3.

 _  _ _  _ ___  _  _  _
|Y#| |  | |\/| |  \ |\ |  |  | Ryan Novosielski - Jr. UNIX Systems Admin
|$&| |__| |  | |__/ | \| _|  | [EMAIL PROTECTED] - 973/972.0922 (2-0922)
\__/ Univ. of Med. and Dent. | IST/ACS - NJMS Medical Science Bldg - C630

On Thu, 29 Apr 2004, Brandon Turner wrote:

> I just downloaded and installed Samba 3.0.3 and it still doesn't fix the
> problem caused by the windows update discussed in KB828741.  Still
> getting the message "You do not have permission to change your password"
> on some boxes, or "The system cannot change your password because the
> domain DOMAIN is not available" on others.  Uninstalling the update
> still works, however this is not an option for some, including us.
>
> Could someone please help to resolve this?  Anyone know of a patch?  I
> can't afford to wait until the next Samba release.
>
> Thanks,
> Brandon
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  http://lists.samba.org/mailman/listinfo/samba
>
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

RE: [Samba] Windows XP Pro and Samba (file saving)

[Ryan Novosielski]

U, is it just me or did you not ask a question?

 _  _ _  _ ___  _  _  _
|Y#| |  | |\/| |  \ |\ |  |  | Ryan Novosielski - Jr. UNIX Systems Admin
|$&| |__| |  | |__/ | \| _|  | [EMAIL PROTECTED] - 973/972.0922 (2-0922)
\__/ Univ. of Med. and Dent. | IST/ACS - NJMS Medical Science Bldg - C630

On Sun, 9 May 2004, Jason Oakley wrote:

> No ideas then anyone?
> ---
>
> Couldn't get the password sync to work with the unix passwords, so created
> them by hand.
>
> Logon script:
> C:\Windows\logon.bat
>
> @Echo off
> \\spooty\waulok\logon.bat
>
>
> $ cat logon.bat
> @Echo off
> if not exist s: net use s: \\spooty\shared
> if not exist m: net use m: \\spooty\mp3z
> if not exist u: net use u: \\spooty\waulok
> if not exist w: net use w: \\spooty\webcam
> net time \\spooty /set /yes
>
>
> # This is the main Samba configuration file. You should read the
> # smb.conf(5) manual page in order to understand the options listed
> # here. Samba has a huge number of configurable options (perhaps too
> # many!) most of which are not shown in this example
> #
> # Any line which starts with a ; (semi-colon) or a # (hash)
> # is a comment and is ignored. In this example we will use a #
> # for commentry and a ; for parts of the config file that you
> # may wish to enable
> #
> # NOTE: Whenever you modify this file you should run the command "testparm"
> # to check that you have not many any basic syntactic errors.
> #
> #=== Global Settings =
> [global]
>
> # workgroup = NT-Domain-Name or Workgroup-Name, eg: REDHAT4
> workgroup = thematrix
>
> # server string is the equivalent of the NT Description field
> server string = Inside The Matrix
> netbios name = spooty
>
> nt acl support = no
>
> # This option is important for security. It allows you to restrict
> # connections to machines which are on your local network. The
> # following example restricts access to two C class networks and
> # the "loopback" interface. For more examples of the syntax see
> # the smb.conf man page
> ;   hosts allow = 192.168.1. 192.168.2. 127.
> hosts allow = 192.168.0. 127.
>
> # If you want to automatically load your printer list rather
> # than setting them up individually then you'll need this
> load printers = yes
>
> # you may wish to override the location of the printcap file
> ;   printcap name = /etc/printcap
>
> # on SystemV system setting printcap name to lpstat should allow
> # you to automatically obtain a printer list from the SystemV spool
> # system
> ;   printcap name = lpstat
>
> # It should not be necessary to specify the print system type unless
> # it is non-standard. Currently supported print systems include:
> # bsd, sysv, plp, lprng, aix, hpux, qnx
> ;   printing = bsd
>
> # Uncomment this if you want a guest account, you must add this to /etc/passwd
> # otherwise the user "nobody" is used
> ;  guest account = pcguest
>
> # this tells Samba to use a separate log file for each machine
> # that connects
> log file = /var/log/samba/log.%m
>
> syslog = 0
> # Put a capping on the size of the log files (in Kb).
> max log size = 50
>
> # Some tweaks to speed it up (hopefully)
> getwd cache = yes
> read raw = no
> log level = 1
> write raw = no
> case sensitive = no
> preserve case = yes
> short preserve case = yes
> mangled names = no
>
>
>
> # Security mode. Most people will want user level security. See
> # security_level.txt for details.
> security = user
>
> # Use password server option only with security = server
> # The argument list may include:
> #   password server = My_PDC_Name [My_BDC_Name] [My_Next_BDC_Name]
> # or to auto-locate the domain controller/s
> #   password server = *
> ;   password server = 
>
> # Note: Do NOT use the now deprecated option of "domain controller"
> # This option is no longer implemented.
>
> # You may wish to use password encryption. Please read
> # ENCRYPTION.txt, Win95.txt and WinNT.txt in the Samba documentation.
> # Do not enable this option unless you have read those documents
>encrypt passwords = yes
> update encrypted = yes
> unix password sync = yes
> passwd program = /usr/bin/passwd
>
> # Using the following line enables you to customise your configuration
> # on a per machine basis. The %m gets replaced with the netbios name
> # of the machine that is connecting
> ;   include = /usr/local/etc/smb.conf.%m
>
> # Most people will find that this option gives better performance.
> # See speed.txt and the manual pages for details
> # You may want to add the following on a Linux system:
> # SO_RCVBUF=8192 SO_SNDBUF=8192
> socket options = TCP_NODELAY IPTOS_THROUGHPUT SO_RCVBUF=8192 SO_SNDBUF=8192
>
> # Configure Samba to use multiple interfaces
> # If you have multiple network interfaces then you must list them
> # here. See the man page for details.
> ;   interfaces = 192.168.12.2/24 192.168.13.2/24
> interfaces = 192.168.0.2
>
> # Browser Control Options:
> #

Re: [Samba] Can I reconfigure Samba share without restart smb service?

[Ryan Novosielski]

AFAIK, Samba will notice a change on its own as well.

 _  _ _  _ ___  _  _  _
|Y#| |  | |\/| |  \ |\ |  |  | Ryan Novosielski - Jr. UNIX Systems Admin
|$&| |__| |  | |__/ | \| _|  | [EMAIL PROTECTED] - 973/972.0922 (2-0922)
\__/ Univ. of Med. and Dent. | IST/ACS - NJMS Medical Science Bldg - C630

On Fri, 30 Apr 2004, ww m-pubsyssamba wrote:

> Everytime I add or remove some samba shares, I must restart smb service to take 
> effect. Is there anyway to reconfig it without restart?
>
>
> >> Yes there is, you must "kill -HUP" your parent smbd process, either work out 
> >> which pid it is from running ps -aef (-aux or whatever
> for your UNIX platform) or cat /sambainstalldir/var/locks/smbd.pid file which 
> contains the PID, then "kill -HUP YourPID"
> For already established client connections they may not see the changes until they 
> disconnect but for new connections your
> smb.conf/share changes will be visable,
>
> cheers Andy.
>
> <<
>
> BBCi at http://www.bbc.co.uk/
>
> This e-mail (and any attachments) is confidential and may contain personal views 
> which are not the views of the BBC unless specifically
> stated.
> If you have received it in error, please delete it from your system. Do not use, 
> copy or disclose the information in any way nor act in
> reliance on it and notify the sender immediately. Please note that the BBC monitors 
> e-mails sent or received.
> Further communication will signify your consent to this.
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  http://lists.samba.org/mailman/listinfo/samba
>
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Windows printer drivers and Samba

[Ryan Novosielski]

Read the printing chapter in the Samba HOWTO. It is very well written and
it would be a shame if you didn't take the time to read it. ;)

 _  _ _  _ ___  _  _  _
|Y#| |  | |\/| |  \ |\ |  |  | Ryan Novosielski - Jr. UNIX Systems Admin
|$&| |__| |  | |__/ | \| _|  | [EMAIL PROTECTED] - 973/972.0922 (2-0922)
\__/ Univ. of Med. and Dent. | IST/ACS - NJMS Medical Science Bldg - C630

On Wed, 28 Apr 2004, Stephen Kuhn wrote:

> Sorry ain't been on the list for a while...but I've lost all my archived
> mails and need to get the following done on both 2.2.8a and 3.0.2:
>
> * Printer is on linux box
> * Need to have drivers for Windows on linux box
> * Need to have Windows machines able to get drivers from linux box
>
> I recall there was some way to get this done - or have I drank too much
> beer?
>
> stephen kuhn - owner
> ==
> illawarra computer services
> a kuhn media australia company
> http://kma.0catch.com
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  http://lists.samba.org/mailman/listinfo/samba
>
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Re: [Samba] humble plea - once more

[Ryan Novosielski]

Not true. Use "update encrypted = yes" or PAM_smbpass. That's what I did.
Works great. You don't get DIRECTLY to LDAP that way, but you do get the
passwords hashed from UNIX.

 _  _ _  _ ___  _  _  _
|Y#| |  | |\/| |  \ |\ |  |  | Ryan Novosielski - Jr. UNIX Systems Admin
|$&| |__| |  | |__/ | \| _|  | [EMAIL PROTECTED] - 973/972.0922 (2-0922)
\__/ Univ. of Med. and Dent. | IST/ACS - NJMS Medical Science Bldg - C630

On Tue, 27 Apr 2004, Adam Tauno Williams wrote:

> > Asked this question with absolutely no response - seems it's a high
> > volume list ;-)
>
> This has been answered many times.
>
> > Is there no way for unix crypt password -> ntPassword conversion ?
>
> No.
>
> > Just too strange - someone must have met the problem of moving
> > existing unix users to NT domain before.
>
> Yep.  You make everyone change their password.
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  http://lists.samba.org/mailman/listinfo/samba
>
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Re: Yet Another LDAP Question

[Ryan Novosielski]

What you CAN do is use PAM_smbpass, with the migrate flag, and migrate all
of the UNIX passwords this way. This way, when a user logs in via UNIX or
Samba, their password makes it into the Samba password file. You never
actually have to turn on password encryption via smbpasswd, 'far as I
know, but this will give you a list of NT hashes to work with to then
convert.

Does this help at all?

 _  _ _  _ ___  _  _  _
|Y#| |  | |\/| |  \ |\ |  |  | Ryan Novosielski - Jr. UNIX Systems Admin
|$&| |__| |  | |__/ | \| _|  | [EMAIL PROTECTED] - 973/972.0922 (2-0922)
\__/ Univ. of Med. and Dent. | IST/ACS - NJMS Medical Science Bldg - C630

On Mon, 26 Apr 2004, Michal Kurowski wrote:

> Paul Gienger [EMAIL PROTECTED] wrote:
> > I believe the README is out of date.  Their website says that something
> > like .80 and up work on 3.x.  I have used .84 to populate a 3.0.2 server
> > just fine making only configuration changes like server locations,
> > containers, and domain SID.  I did have to hack one script for my
> > purposes, but that was only because my primary ldap server is over a
> > greater-latency-than-local-lan link and replication takes a couple seconds.
> >
>
> It relates to my last question: is there any way to for unix->NT
> password conversion ?
>
> I need to create ntAccounts from my shadow passwords (crypt-ed) in the
> Ldap server. It seems there's no supported way but two problems emerge
> in here:
>
> 1) you have to ask lots of people to type their passwords again
> 2) you have no control maintain same password policy
>
> Cheers,
>
> --
> Michal Kurowski
> perl -e '$_=q#: 13_2: 12/o{>: 8_4) (_4: 6/2^-2; 3;-2^\2: 5/7\_/\7: 12m m::#;
> y#:#\n#;s#(\D)(\d+)#$1x$2#ge;print'
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  http://lists.samba.org/mailman/listinfo/samba
>
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Re: [Samba] smbldap: odd ownership of un-tarred files

[Ryan Novosielski]

tar files hold onto the UID/GID that owned the files upon tarring. Samba
always untar's on my systems as UID 783, presumably because someone (but
WHO?) who puts together the Samba packages is UID 783 on the system on
which the tar's are built.

Unless you are answering a more complicated question that I can't seem to
grasp at the moment, in which case, forgive me.

 _  _ _  _ ___  _  _  _
|Y#| |  | |\/| |  \ |\ |  |  | Ryan Novosielski - Jr. UNIX Systems Admin
|$&| |__| |  | |__/ | \| _|  | [EMAIL PROTECTED] - 973/972.0922 (2-0922)
\__/ Univ. of Med. and Dent. | IST/ACS - NJMS Medical Science Bldg - C630

On Sat, 24 Apr 2004, Bill Gurley wrote:

> I've just been setting up a new server with RHEL 3, samba 3 with LDAP
> authentication and using the smbldap-tools ver. 0.8.4.  I've finally got
> things working, but just noticed something odd.
>
> I have so far only created myself as a user, with uid=1000 and gid=513.
>
> As root, I obtained the latest gzip file for squirrelmail and untar'd
> it.  The odd thing is that the directory created by un-taring this file
> is owned as follows:
>
> drwxr-sr-x   16 gurley   1000   4096 Oct  1  2003 squirrelmail-1.4.2
>
> I tried unzipping other random gz files and find that they acquire
> random ownerships above 1000, instead of the expected root.root!
>
> What's going on?  Have I messed something up?
>
>
> -Bill-
>
> -
>   Bill Gurley, Technical Director  |
>   Department of Chemistry  |Consider Linux and
>   Univ. of Tennessee, Knoxville|Open Source Software!
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  http://lists.samba.org/mailman/listinfo/samba
>
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Help! - need to Start multiple samba smbd/nmbd daemons

[Ryan Novosielski]

My best guess is that you have the ability to set the lock directory for
the two different smbd/nmbd's, either within smb.conf, on the command
line, or either one. I don't know if you thought of this already, but
that's what it seems like to me. Check smb.conf's man page to see if this
is possible.

 _  _ _  _ ___  _  _  _
|Y#| |  | |\/| |  \ |\ |  |  | Ryan Novosielski - Jr. UNIX Systems Admin
|$&| |__| |  | |__/ | \| _|  | [EMAIL PROTECTED] - 973/972.0922 (2-0922)
\__/ Univ. of Med. and Dent. | IST/ACS - NJMS Medical Science Bldg - C630

On Fri, 23 Apr 2004, Dignard, Norman wrote:

> We're trying to dual home samba onto 2 windows domains.  We're created 2 separate 
> smb.conf files each having it's own domain specific info. The only differences 
> between them are
> - different workgroups
> - different interfaces to bind too
> - different socket addressees (matches the interface)
> - and different WINS server IPs.
>
> We are using the security = domain model.
>
> We've successfully joined each domain by swapping in the applicable smb.conf file 
> and then running the smbpasswd command to join the domain .. both came back 
> successful.
>
> Now we're trying to start the smbd and nmbd daemons by using the -s switch to bind 
> each daemon to a specific interface by pointing to the applicable smb.conf file
> (ie. /opt/samba/bin/nmbd -D -s /etc/opt/samba/smb.conf.engdev)  however it looks 
> like we can only start one smbd or nmbd daemon at a time as only one .pid lock file 
> is allowed.
> Ref smbd log file output:
> [2004/04/23 12:35:57, 0] smbd/server.c:(793)
>   smbd version 2.2.8a based HP CIFS Server A.01.10 started.
>   Copyright Andrew Tridgell and the Samba Team 1992-2002
> [2004/04/23 12:35:57, 0] lib/pidfile.c:(85)
>   ERROR: smbd is already running. File /var/opt/samba/locks/smbd.pid exists and 
> process id 25569 is running.
>
> Is there a way to start multiple smbd/nmbd daemons so that we can multi-home samba?
>
> Any help appreciated
> Regards
> Norman Dignard
>
> Nav Canada Technical Systems Center
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  http://lists.samba.org/mailman/listinfo/samba
>
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] Re: Browse lists & 3.0.x

[Simon Hobson]

Jonathan Johnson wrote:

Make sure they are all in the same workgroup or domain. If some
are in a domain and some are in a workgroup, give the domain and workgroup
the same name. Without going into a technical explanation of the difference
between domains and workgroups, suffice to say that if they have the same
name, your life will be easier.
I was advised only a week ago by the guy setting up our new server 
that we should not do this, so the new domain set up has a different 
name to any of the workgroups. He said we would have lots of problems 
if the domain has the same name as a workgroup. Do you have any 
pointers to where I can find out about these issues ?

This is with Samba 2.2.5-suse, part of their SLOX package - I'm 'in 
discussions' with them about the issues of changing it to Samba 3.

Simon

--
Simon Hobson, Technology Specialist
Colony Gift Corporation Limited
Lindal in Furness, Ulverston, Cumbria, LA12 0LD
Tel 01229 461100, Fax 01229 461101
Registered in England No. 1499611
Regd. Office : 100 New Bridge Street, London, EC4V 6JA.
--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Re: [Samba] create_canon_ace_lists: unable to map SID

[Ryan Novosielski]

Oooh, this one sounds like profile acls or something like that? I don't
have it in front of me, but take a look for acl and profile in the man
page for smb.conf.

 _  _ _  _ ___  _  _  _
|Y#| |  | |\/| |  \ |\ |  |  | Ryan Novosielski - Jr. UNIX Systems Admin
|$&| |__| |  | |__/ | \| _|  | [EMAIL PROTECTED] - 973/972.0922 (2-0922)
\__/ Univ. of Med. and Dent. | IST/ACS - NJMS Medical Science Bldg - C630

On Fri, 23 Apr 2004, Mac wrote:

> >
> >>
> >>The searching I've done so far suggests that I might be able to workaround this 
> >>with:-
> >>
> >>nt acl support = no
> >>
>
> That hasn't helped.  So I'm still getting:-
>
> [2004/04/23 12:42:13, 1] smbd/service.c:make_connection_snum(705)
>   dltest2 (212.219.217.98) connect to service profiles initially as user jsmith 
> (uid=1935, gid=100) (pid 12038)
> [2004/04/23 12:42:13, 0] smbd/posix_acls.c:create_canon_ace_lists(1380)
>   create_canon_ace_lists: unable to map SID 
> S-1-5-21-973294077-3660535-3933214913-4632 to uid or gid.
>
>
> accompanied by :-
>
>
>   Windows did not load your roaming profile and is attempting
>   to log you on with your local profile. Changes to the profile
>   will not be copied to the server when you logoff. Windows did
>   not load your profile because a server copy of the profile folder
>   already exists that does not have the correct security. Either the
>   current user or the Administrator's group must be the owner of the
>   folder. Contact your network administrator.
>
>
> on the Windows XP Pro client.
>
> Any suggestions?
>
>
>
>Mac
>   Assistant Systems Adminstrator @nibsc.ac.uk
> [EMAIL PROTECTED]
>Work: +44 1707 641565  Everything else: +44 7956 237670 (anytime)
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  http://lists.samba.org/mailman/listinfo/samba
>
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Does the PDC needs a "Machine Account" in its domain ?

[Ryan Novosielski]

No. What would it need that for?

 _  _ _  _ ___  _  _  _
|Y#| |  | |\/| |  \ |\ |  |  | Ryan Novosielski - Jr. UNIX Systems Admin
|$&| |__| |  | |__/ | \| _|  | [EMAIL PROTECTED] - 973/972.0922 (2-0922)
\__/ Univ. of Med. and Dent. | IST/ACS - NJMS Medical Science Bldg - C630

On Fri, 23 Apr 2004, Raul Chirea wrote:

> Does the PDC needs a "Machine Account" in its domain ?
>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  http://lists.samba.org/mailman/listinfo/samba
>
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] i cannot find kinit

[Sahibzada Junaid Noor]

 the name of my active directory domain is

 niit.edu.pk

so what should i write in this parameter

  default_relam = YOUR.KERBEROS.REALM

also while trying to join the domain i eecute this
command

 kinit [EMAIL PROTECTED]

My shell gives me the error cannot find kinit.
can any one tell me where in my file system can i find
kinit

Regards


=

  Sahibzada Junaid Noor  
  Ph   #  (+92) (051) 5950 940
  Cell #   (+92) (0333) 5223586
  Qazi plaza,Third Floor,Commerical Market,Chaklala Scheme 3,
  Rawalpindi
  Islamic Republic of Pakistan 









__
Do you Yahoo!?
Yahoo! Movies - Buy advance tickets for 'Shrek 2'
http://movies.yahoo.com/showtimes/movie?mid=1808405861 
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba