[Samba] Re: Request patch for samba 2.2.2
Hello! Well you are asking for a bit tricky questions. Concerning the release of Samba you may install version 2.2.9 or 3.0.4 -- depending on your needs. The vendor of your linux may have an updated rpm package for you. I know it is a bit odd to make the way through the manuals etc, but having got an open source tools this should be understandable... -- Torsten. Udomchai Srisuk (LAD:1Logic) wrote: Dear Sir/Madam, I'm request patch for samba 2.2.2 on Sun Server (Solaris) If you require futher information, Please let me know. Regards. Udomchai S. === PKGINST: samba NAME: SMB based file/printer sharing CATEGORY: system ARCH: sparc VERSION: 2.2.2 BASEDIR: /usr/local VENDOR: Samba Team DESC: File and printer sharing for Windows workstations PSTAMP: nose20011019112615 INSTDATE: Nov 21 2001 06:03 HOTLINE: Please contact your local UNIX support group EMAIL: [EMAIL PROTECTED] STATUS: completely installed FILES:432 installed pathnames 9 shared pathnames 26 directories 40 executables 42471 blocks used (approx) -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Re: Mail Delivery (failure geen_reply@office.casema.nl)
Geachte heer, mevrouw, Dit e-mailadres wordt niet aktief bijgehouden. Indien u rechtstreeks een bestelling wilt plaatsen voor kabelinternet of de beschikbaarheid van kabelinternet bij u thuis wilt controleren, kunt u terecht op onze website www.casema.nl of via onze gratis telefonische ingang 0800-1884. Voor vragen over de status van uw order kunt u terecht op datzelfde gratis telefoonnummer: 0900-8896. Met vriendelijke groet, Casema Klantenservice -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Re: Request patch for samba 2.2.2
On Tue, 8 Jun 2004, Udomchai Srisuk (LAD:1Logic) wrote: I'm request patch for samba 2.2.2 on Sun Server (Solaris) There is no such patch. Since you ask for a patch, you most likely are happy to work with source. You should upgrade to 3.0.4, but if you must continue with the 2.2.x stream, then you should move to 2.2.9. Regards - Richard Sharpe, rsharpe[at]richardsharpe.com, rsharpe[at]samba.org, sharpe[at]ethereal.com, http://www.richardsharpe.com -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] samba ldap with smbldap-tools cant join domain.
On Tue, 2004-06-08 at 23:48, Muhammad Reza wrote: passdb backend = ldapsam:ldap://127.0.0.1/ ldap admin dn = cn=Manager,dc=mragroup,dc=net ldap suffix = dc=mragroup,dc=net ldap group suffix = ou=Groups Currently samba needs the groups to be in the same directory branch as the users. Move your machine accounts from ou=Computers to ou=Users,dc=mragroup,dc=net. I should think that will help. Don't forget to change the pam/nss confs too. ldap user suffix = ou=Users ldap machine suffix = ou=Computers ldap idmap suffix = ou=Users Is there something i missed ? i assumed that samba now can connect to ldap service, and i have an Adminstrator account at ldap DIT and at secret.tdb with right password why still i can join my windows machine ? i even add mahine name to DIT. Please help me, any suggest is very appriciate, and sorry for my poor english regards reza Cheers, lance -- Lance Levsen, Catprint Computing Linux Systems and programming gpg --keyserver wwwkeys.pgp.net --recv-keys 0xF2DA79C8 signature.asc Description: This is a digitally signed message part -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Windows rejects name registration
Dear people of samba, my problem seems to be a firewalled WinXP in our net. Our Samba is the Debian testing (Samba 3.x). It is configured to hold the browsing list and to become master. The nmbd.log shows: [2004/06/09 08:17:38, 0] nmbd/nmbd_incomingdgrams.c:process_local_master_announce(311) process_local_master_announce: Server PRAEPLAB at IP 129.217.168.62 is announcing itself as a local master browser for workgroup EIA and we think we are master. Forcing election. [2004/06/09 08:17:38, 2] nmbd/nmbd_become_lmb.c:unbecome_local_master_browser(280) unbecome_local_master_browser: unbecoming local master for workgroup EIA on subnet 129.217.168.21 [2004/06/09 08:17:38, 0] nmbd/nmbd_become_lmb.c:unbecome_local_master_success(149) * Samba name server NETCHEF has stopped being a local master browser for workgroup EIA on subnet 129.217.168.21 * [2004/06/09 08:17:40, 2] nmbd/nmbd_elections.c:send_election_dgram(41) send_election_dgram: Sending election packet for workgroup EIA on subnet 129.217.168.21 [2004/06/09 08:17:41, 2] nmbd/nmbd_elections.c:send_election_dgram(41) send_election_dgram: Sending election packet for workgroup EIA on subnet 129.217.168.21 [2004/06/09 08:17:41, 2] nmbd/nmbd_elections.c:run_elections(201) run_elections: Won election for workgroup EIA on subnet 129.217.168.21 [2004/06/09 08:17:41, 2] nmbd/nmbd_become_lmb.c:become_local_master_browser(537) become_local_master_browser: Starting to become a master browser for workgroup EIA on subnet 129.217.168.21 [2004/06/09 08:17:44, 2] nmbd/nmbd_elections.c:send_election_dgram(41) send_election_dgram: Sending election packet for workgroup EIA on subnet 129.217.168.21 [2004/06/09 08:17:46, 2] nmbd/nmbd_elections.c:send_election_dgram(41) send_election_dgram: Sending election packet for workgroup EIA on subnet 129.217.168.21 [2004/06/09 08:17:46, 2] nmbd/nmbd_elections.c:check_for_master_browser_fail(108) check_for_master_browser_fail: Forcing election on workgroup EIA subnet 129.217.168.21 [2004/06/09 08:17:47, 2] nmbd/nmbd_elections.c:send_election_dgram(41) send_election_dgram: Sending election packet for workgroup EIA on subnet 129.217.168.21 [2004/06/09 08:17:47, 0] nmbd/nmbd_nameregister.c:register_name_response(130) register_name_response: server at IP 129.217.168.62 rejected our name registration of EIA1d IP 129.217.168.21 with error code 6. [2004/06/09 08:17:47, 0] nmbd/nmbd_become_lmb.c:become_local_master_fail2(417) become_local_master_fail2: failed to register name EIA1d on subnet 129.217.168.21. Failed to become a local master browser. [2004/06/09 08:17:47, 2] nmbd/nmbd_become_lmb.c:unbecome_local_master_browser(280) unbecome_local_master_browser: unbecoming local master for workgroup EIA on subnet 129.217.168.21 [2004/06/09 08:17:47, 0] nmbd/nmbd_namelistdb.c:standard_fail_register(283) standard_fail_register: Failed to register/refresh name EIA1d on subnet 129.217.168.21 [2004/06/09 08:17:50, 2] nmbd/nmbd_elections.c:send_election_dgram(41) send_election_dgram: Sending election packet for workgroup EIA on subnet 129.217.168.21 [2004/06/09 08:17:52, 2] nmbd/nmbd_elections.c:send_election_dgram(41) I think that the PRAEPLAB PC is firewalled, but i have no control over it. Is there any way, to become the local master against this PC? Eventually staying local master by brute force or kicking the bad PC of the net? Thanks in advance Thorsten Witt -- Thorsten Witt Universitaet Dortmund Fachbereich Physik DELTA Experimentelle Physik 1 Raum P2-E0-517 Otto-Hahn-Straße 4 D-44221 Dortmund (Germany) Tel.: +49-(0)231-755-3495/5397 Fax : +49-(0)231-755-3657 email: [EMAIL PROTECTED] http://e1.physik.uni-dortmund.de -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] getent passwd wbinfo -u not working
Hi, remeber, after compiling and installing samba you have to copy the files nsswitch/libnss_winbind.so and nsswitch/libnss_wins.so to /lib/ and ln -sf /lib/libnss_winbind.so /lib/libnss_winbind.so.2 ln -sf /lib/libnss_wins.so /lib/libnss_wins.so.2 then copy nsswitch/pam_winbind.so to /lib/security/ and finally do a ldconfig. you'll have to do these steps manually after each compile and install, as these files are omitted by make install Christoph Sahibzada Junaid Noor schrieb: HI, i had messed up with the pam.d so i did a fresh install. now after this fresh install some how getent passwd and wbinfo -u is not working. the rest of the commands kinit net ads join are ok. [EMAIL PROTECTED] samba]# wbinfo -u Error looking up domain users and getent passwd simply returns me to the prompt after listing the names of the local users and groups any know how whats going on? = Sahibzada Junaid Noor Ph # (+92) (051) 5950 940 Cell # (+92) (0333) 5223586 Qazi plaza,Third Floor,Commerical Market,Chaklala Scheme 3, Rawalpindi Islamic Republic of Pakistan __ Do you Yahoo!? Friends. Fun. Try the all-new Yahoo! Messenger. http://messenger.yahoo.com/ -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] SAMBA and LDAP Schema's
Hi there! I am wanting to get hold of a list of the various schema settings for Samba as a PDC with an LDAP backend database. I need a break down of all the object classes, the attributes and which of the attributes are required/optional. I have taken some of my information from: http://www.samba.org/samba/docs/man/howto/passdb.html#id2532816 under the section on LDAPSAM I have been able to get my system to the point that I can browse the network, open the machine and view the shares. I am then able to log in when I am prompted for a password. The problem that I have is that I cannot get a windows machine to join the domain. I am using IBM/Lotus Domino Server as my LDAP server. I have had to extent the schema to cater for what I think is required. However, it has been a bit hit and miss. Regards Vaughan Rivett http://www.wadzi.biz -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Samba client filesize problems
Filesize problems with samba client on Redhat 9 and W2k machine. The original smbclient did this so I upgraded to the latest, it didn't help. The server is W2k with an NTFS volume, these are video files - the windows software breaks the files at the 2G limit, but for some reason some are reported as 2G others as huge !! One day I might own 25T of disk, but not today. Anyone any ideas ? Thanks, Jon [EMAIL PROTECTED] bin]# smbmount Usage: mount.smbfs service mountpoint [-o options,...] Version 2.2.9 [EMAIL PROTECTED] bin]# uname -a Linux jonspc 2.4.20-8 #1 Thu Mar 13 17:18:24 EST 2003 i686 athlon i386 GNU/Linux [EMAIL PROTECTED] record]# ls -lt total 25793202411 -rwxr-xr-x1 root root 18446744071562071792 Jun 9 02:46 Channel 4 - 2004,06,09 00,23,13_001.mpg -rwxr-xr-x1 root root 2147477442 Jun 9 01:34 Channel 4 - 2004,06,09 00,23,13.mpg -rwxr-xr-x1 root root 894211652 Jun 8 23:39 BBC TWO - 2004,06,08 13,47,17_007.mpg -rwxr-xr-x1 root root 2147464426 Jun 8 23:02 BBC TWO - 2004,06,08 13,47,17_006.mpg -rwxr-xr-x1 root root 18446744071562081966 Jun 8 21:37 BBC TWO - 2004,06,08 13,47,17_005.mpg -rwxr-xr-x1 root root 2147475408 Jun 8 20:11 BBC TWO - 2004,06,08 13,47,17_004.mpg -rwxr-xr-x1 root root 18446744071562073774 Jun 8 18:54 BBC TWO - 2004,06,08 13,47,17_003.mpg -rwxr-xr-x1 root root 18446744071562089104 Jun 8 17:24 BBC TWO - 2004,06,08 13,47,17_002.mpg -rwxr-xr-x1 root root 2147456882 Jun 8 16:07 BBC TWO - 2004,06,08 13,47,17_001.mpg -rwxr-xr-x1 root root 2147476444 Jun 8 14:58 BBC TWO - 2004,06,08 13,47,17.mpg -rwxr-xr-x1 root root 2147470716 Jun 8 02:52 BBC FOUR - 2004,06,08 00,54,21_001.mpg -rwxr-xr-x1 root root 2147483360 Jun 8 01:51 BBC FOUR - 2004,06,08 00,54,21.mpg -rwxr-xr-x1 root root 18446744071562079614 Jun 7 23:01 BBC TWO - 2004,06,07 14,07,54_006.mpg -rwxr-xr-x1 root root 18446744071562080616 Jun 7 21:41 BBC TWO - 2004,06,07 14,07,54_005.mpg -rwxr-xr-x1 root root 2147459392 Jun 7 20:20 BBC TWO - 2004,06,07 14,07,54_004.mpg -rwxr-xr-x1 root root 18446744071562069142 Jun 7 19:01 BBC TWO - 2004,06,07 14,07,54_003.mpg -rwxr-xr-x1 root root 18446744071562082462 Jun 7 17:43 BBC TWO - 2004,06,07 14,07,54_002.mpg -rwxr-xr-x1 root root 2147468096 Jun 7 16:28 BBC TWO - 2004,06,07 14,07,54_001.mpg -rwxr-xr-x1 root root 2147482130 Jun 7 15:17 BBC TWO - 2004,06,07 14,07,54.mpg -rwxr-xr-x1 root root 18446744071562080378 Jun 7 02:40 Channel 4 - 2004,06,07 00,17,59_001x.mpg -rwxr-xr-x1 root root 1643224088 Jun 7 00:12 Channel 4 - 2004,06,06 22,06,18_001.mpg -rwxr-xr-x1 root root 2147474490 Jun 6 23:17 Channel 4 - 2004,06,06 22,06,18.mpg -rwxr-xr-x1 root root 763302994 Jun 4 09:56 five - 2004,06,04 09,33,34.mpg -rwxr-xr-x1 root root 953933946 May 23 23:05 ITV 1 - 2004,05,23 22,35,15.mpg -rwxr-xr-x1 root root 1592166170 May 15 01:02 Sky Travel - 2004,05,15 00,02,25.mpg -rwxr-xr-x1 root root 954005116 May 13 22:34 ITV 1 - 2004,05,13 22,04,40.mpg -rwxr-xr-x1 root root 899231922 May 6 23:38 Channel 4 - 2004,05,06 23,08,26.mpg -rwxr-xr-x1 root root 120173424 May 1 11:11 Cristina millan.mpg -rwxr-xr-x1 root root 2147483315 Apr 18 12:08 BBC ONE - 2004,04,18 11,08,42.mpg -rwxr-xr-x1 root root 526759144 Apr 15 22:02 Channel 4 - 2004,04,15 21,44,43.mpg -rwxr-xr-x1 root root 43353716 Apr 15 21:41 Channel 4 - 2004,04,15 21,39,30.mpg -rwxr-xr-x1 root root 718703370 Apr 11 18:35 Sky Travel - 2004,04,11 18,05,34.mpg -rwxr-xr-x1 root root 35889464 Apr 11 18:02 Sky Travel - 2004,04,11 18,01,06.mpg -rwxr-xr-x1 root root 2147461254 Apr 10 00:17 Sky Travel - 2004,04,09 23,01,13.mpg -rwxr-xr-x1 root root 856571274 Apr 9 01:58 BBC THREE - 2004,04,09 01,29,21.mpg -rwxr-xr-x1 root root 1588864206 Apr 8 00:16 ITV 1 - 2004,04,07 16,38,32_006.mpg -rwxr-xr-x1 root root 18446744071562080022 Apr 7 23:26 ITV 1 - 2004,04,07 16,38,32_005.mpg -rwxr-xr-x1 root root 2147479956 Apr 7 22:18 ITV 1 - 2004,04,07 16,38,32_004.mpg -rwxr-xr-x1 root root 18446744071562071902 Apr 7 20:02 ITV 1 - 2004,04,07 16,38,32_002.mpg -rwxr-xr-x1 root root 18446744071562073792 Apr 7 18:54 ITV 1 - 2004,04,07 16,38,32_001.mpg -rwxr-xr-x1 root root 2147468954 Apr 7 12:41 BBC TWO - 2004,04,07 11,01,30.mpg -rwxr-xr-x1 root root 332269870 Apr 3 07:29 Channel 4 - 2004,04,03 07,18,04.mpg -rwxr-xr-x1 root root 404056246 Apr 3 07:16 Channel 4 - 2004,04,03 07,02,36.mpg -rwxr-xr-x1 root root 662680375 Apr 1 02:01 Channel 4 - 2004,04,01 01,39,16.mpg -rwxr-xr-x1 root root 589524842 Mar 25 06:02 BBC TWO -
Re: [Samba] Weird Domain listings
Paul Espinosa wrote: I'm having an issue with my samba Domains. When I browse to Microsoft Windows Network with either Windows 2000 or WinXP I see two copies of the Domain. I see the proper domain (I'm using Matrix for testing) Matrix and I see another Matrix that appears to have 5 or 6 spaces or a tab appended onto the end. The domain w/o the spaces is the proper one, the one with the spaces doesn't contain any servers or workstation. This seems to have started after upgrading to samba 3.0.4. Has anyone seen this before? And if so what's the solution to this, I don't want my users to get confused. Thanks, Paul Espinosa Hi, I had the same problem. After commenting out the charset options in smb.conf and removing browse.dat and wins.dat, it was solved for me. Remember to stop the smb service befor the changes and start afterwards. Jeremias M. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] install samba problem
I downloaded Samba 3.0.4 rpm for Red Hat 9.0. On install, the system prepares for installation, then closes. Nothing has been installed. I have removed the previous versionm of samba, which made no difference. Any advise will be greatly appreciated. Donald -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] detailed file permissions
hello I have several linux samba servers (mainly 2.2.8) which I'm very satisfied of I'm asked to set NT-like permissions on some files or directories, such as : explicit delete permission, explicit create permission (for example we want to allow users to update files but not to create new ones or delete existing ones) I think posix ACLs don't provide this, and I didn't find any kind of mapping. Is this possible with latest versions (samba 3) ? tia Thierry -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Can you help us....
Hi guys, I am using Redhat Linux ES 3 in my system. When i try to install Samba 3.0.2-7 it is giving a erros stating it is depending on libacl.so.1(ACL_1.0) and libattr.so.1(ATTR_1.0). I have tried these files for download, but i couldnt get it. Can u tell me where can i get these files. And one more problem i am getting in another machine.. when i try to mount a windows machine in my linux machine which has samba 2.2 it is giving following error: 3075: session request to 192.168.31.228 failes (Called name not present) 3075: session request to 192 failed (Called name not present) i am able to mount linux machines.. how to solve this issues... any help will be greatly appreciated... thanks in advance... regards, Vijaya Kumar .V -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] detailed file permissions
We have samba 3.0.3 using posix acls, it does not seem to allow the same functionality of nt acls though - they do map to the nt security dialog which is useful, but only using combinations of rwx. I do not think it is possible to set explicit delete permissions with posix acls. I would be very interested if you find a solution to the (create new but not delete old) issue! Thierry ITTY wrote: hello I have several linux samba servers (mainly 2.2.8) which I'm very satisfied of I'm asked to set NT-like permissions on some files or directories, such as : explicit delete permission, explicit create permission (for example we want to allow users to update files but not to create new ones or delete existing ones) I think posix ACLs don't provide this, and I didn't find any kind of mapping. Is this possible with latest versions (samba 3) ? tia Thierry -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Can anyone help us....
Hi guys, I am using Redhat Linux ES 3 in my system. When i try to install Samba 3.0.2-7 it is giving a erros stating it is depending on libacl.so.1(ACL_1.0) and libattr.so.1(ATTR_1.0). I have tried these files for download, but i couldnt get it. Can u tell me where can i get these files. And one more problem i am getting in another machine.. when i try to mount a windows machine in my linux machine which has samba 2.2 it is giving following error: 3075: session request to 192.168.31.228 failes (Called name not present) 3075: session request to 192 failed (Called name not present) i am able to mount linux machines.. how to solve this issues... any help will be greatly appreciated... thanks in advance... regards, Vijaya Kumar .V - End forwarded message - -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Fw: error on UID
Hi all, I have samba version 3.0.0 installed on soalris box, I get following error on message file and log file of each access, will some one can help me on this error smbd[20339]: [ID 702911 daemon.error] getsmbfilepwent: malformed password entry (uid not number) Babukish -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] web interface to samba file sharing
Hello everyone! I was just wondering if there is such tool that will allow samba file sharing to be done via web interface? So instead of making a remote samba connection to a server on the internet, the person just goes to the server's web page, logs in to samba share and is allowed to upload/download files. Any help or suggestions are welcome ) -- Andrei Mikhailovsky Arhont -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE: [Samba] SAMBA and LDAP Schema's
Not hit and miss! there are complete listings of all schema changes needed in the source code for each release of Samba 3.0 (not sure if this has been static since 3 was released). There are files formatted for OpenLDAP and SunONE LDAP (in the examples directory), you should be able to derive all the info you need from these for any other LDAP server you wish to use, thanks Andy. Hi there! I am wanting to get hold of a list of the various schema settings for Samba as a PDC with an LDAP backend database. I need a break down of all the object classes, the attributes and which of the attributes are required/optional. I have taken some of my information from: http://www.samba.org/samba/docs/man/howto/passdb.html#id2532816 under the section on LDAPSAM I have been able to get my system to the point that I can browse the network, open the machine and view the shares. I am then able to log in when I am prompted for a password. The problem that I have is that I cannot get a windows machine to join the domain. I am using IBM/Lotus Domino Server as my LDAP server. I have had to extent the schema to cater for what I think is required. However, it has been a bit hit and miss. Regards Vaughan Rivett -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] VMWare; WinXP guest can browse every machine except host Debian, and vice versa
The setup: My VMWare host is Debian 2.4.24, and runs Samba 3.0.2a-Debian, on fixed IP address 10.0.0.9. Other computers can see and use services on this server. Samba is browse master and domain master browser for the workgroup. An external host runs dnscache and a tinydns for the local domain. VMWare is 3.2.0 build-2230, configured with bridged networking only (though I previously tried both NAT and host-only). My guest is now WindowsXP (I tried 98 also, same problem as I'll describe). It's in the same workgroup, and has a fixed IP address 10.0.0.11. I'm logged in as administrator, as I haven't created any additional accounts yet. I enabled WINS to the host (in desparation, I don't know what it does). Guest can ping host, and vice versa, and both can do DNS lookups with or without the local domain suffix (same as workgroup name). The problem: Both host and guest can see all other computers on the LAN and use their services, but neither can see or connect to the other. I've run Ethereal on XP and tcpdump on Debian, and packets from nmb lookups and browse requests are visible from both ends, but I always get host not found errors. I can show the dumps if it helps. I'm not seeing errors in the nmb or smb logs. What could possibly be wrong? What more can I do to diagnose it? -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] pdbedit
I have a couple of questions about pdbedit. I am having trouble using pdbedit in shell scripts. First, on a freshly installed system with no-one in the tdbsam database, trying to add multiple machine accounts via a loop construct in a shell script fails with a message that the database can't be found/doesn't exist. I then added root manually just to get the system going, which solves that problem. Once the first user is added, my script seems to get stuck in an infinite loop trying to add the first machine, but I can add a machine manually. Is pdbedit usable in shell scripts? I understand that normal users need a password added, but I can't see why machine accounts can't just be added automatically. Does pdbedit have to be run manually for some reason? Is there some way of initialising the tdbsam database without manually adding a first user? Mick -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] SIDs
I'm wondering where the three 10 digit numbers that make up an SID come from. In other words, the X's in the example below: S-1-5-21-XX-XX-XX-2202 Can these just be made up? Does every SID on a system have to have the same numbers in these positions? Thanks Mick -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] use password server= when security=ADS or not???
Dear list, Im using samba 3.0.4 on a RHL9 server as domain member in a W2k3 ADS (native) environment. The shares on the Samba server are used by XP clients and these clients get the shares via scripting while they logon on the ADS. In the ADS domain there are several ADS servers (on remote locations, connected via routers) that have the same global catalog. This means that an XP client that logon on the ADS will get a response from the fastest server on the network. The XP clients and the Samba domain member are on remote locations and connected to the ADS environment via routers too. The smb.conf file that I use on the Samba domain members doesnt contain the password server statement; this means that samba handles as follows about password server according to the man pages: If the password server option is set to the character '*' (is the same as no password server), then Samba will attempt to auto-locate the Primary or Backup Domain controllers to authenticate against by doing a query for the name WORKGROUP1C and then contacting each server returned in the list of IP addresses from the name resolution source. This means that Samba uses the old NETBIOS name and this is not in our DNS and a broadcast is not allowed on our routers! In the man page of samba also reside about password server the following: The advantage of using security = domain is that if you list several hosts in the password server option then smbd will try each in turn till it finds one that responds. This is useful in case your primary server goes down. Does this also work, when security = ADS? Id like that the samba domain server tries to contact each password server in the list till it finds one that responds. Can you tell me what is preferable? I use Samba 3.0.4 on RHL9 compiled with MIT 1.3.1-7 kerberos and CUPS, Kerberos and winbind is used for authentication against the ADS server. Here is my smb.conf file (only the global section): [global] workgroup = realm = .COM server string = %h server (Samba %v) security = ADS passwd program = /usr/bin/passwd %u passwd chat = *New*password* %n\n *Retype*new*password* %n\n *passwd:*all*authentication*tokens*updated*successfully* unix password sync = Yes log file = /var/log/samba/%m.log max log size = 0 socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 add user script = /usr/sbin/useradd -d /dev/null -g 100 -s /bin/false -M %u add machine script = /usr/sbin/useradd -d /dev/null -g 100 -s /bin/false -M %u domain master = No dns proxy = No idmap uid = 1-2 idmap gid = 1-2 template homedir = /data/hom/%U template shell = /bin/bash printer admin = root, '@.COM\Domain Admins', @.COM\DEP_ADMIN_GERMANY oplocks = No level2 oplocks = No Regards, Alex. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Windows rejects name registration
Hi Thorsten, pls add the following statement to your smb.conf: os level = 128 This let your samba machine win the master browser election. Kind Rgds Jochen --On Mittwoch, 9. Juni 2004 09:41 9r +0200 Thorsten Witt [EMAIL PROTECTED] wrote: Dear people of samba, my problem seems to be a firewalled WinXP in our net. Our Samba is the Debian testing (Samba 3.x). It is configured to hold the browsing list and to become master. The nmbd.log shows: [2004/06/09 08:17:38, 0] nmbd/nmbd_incomingdgrams.c:process_local_master_announce(311) process_local_master_announce: Server PRAEPLAB at IP 129.217.168.62 is announcing itself as a local master browser for workgroup EIA and we think we are master. Forcing election. [2004/06/09 08:17:38, 2] nmbd/nmbd_become_lmb.c:unbecome_local_master_browser(280) unbecome_local_master_browser: unbecoming local master for workgroup EIA on subnet 129.217.168.21 [2004/06/09 08:17:38, 0] nmbd/nmbd_become_lmb.c:unbecome_local_master_success(149) * Samba name server NETCHEF has stopped being a local master browser for workgroup EIA on subnet 129.217.168.21 * [2004/06/09 08:17:40, 2] nmbd/nmbd_elections.c:send_election_dgram(41) send_election_dgram: Sending election packet for workgroup EIA on subnet 129.217.168.21 [2004/06/09 08:17:41, 2] nmbd/nmbd_elections.c:send_election_dgram(41) send_election_dgram: Sending election packet for workgroup EIA on subnet 129.217.168.21 [2004/06/09 08:17:41, 2] nmbd/nmbd_elections.c:run_elections(201) run_elections: Won election for workgroup EIA on subnet 129.217.168.21 [2004/06/09 08:17:41, 2] nmbd/nmbd_become_lmb.c:become_local_master_browser(537) become_local_master_browser: Starting to become a master browser for workgroup EIA on subnet 129.217.168.21 [2004/06/09 08:17:44, 2] nmbd/nmbd_elections.c:send_election_dgram(41) send_election_dgram: Sending election packet for workgroup EIA on subnet 129.217.168.21 [2004/06/09 08:17:46, 2] nmbd/nmbd_elections.c:send_election_dgram(41) send_election_dgram: Sending election packet for workgroup EIA on subnet 129.217.168.21 [2004/06/09 08:17:46, 2] nmbd/nmbd_elections.c:check_for_master_browser_fail(108) check_for_master_browser_fail: Forcing election on workgroup EIA subnet 129.217.168.21 [2004/06/09 08:17:47, 2] nmbd/nmbd_elections.c:send_election_dgram(41) send_election_dgram: Sending election packet for workgroup EIA on subnet 129.217.168.21 [2004/06/09 08:17:47, 0] nmbd/nmbd_nameregister.c:register_name_response(130) register_name_response: server at IP 129.217.168.62 rejected our name registration of EIA1d IP 129.217.168.21 with error code 6. [2004/06/09 08:17:47, 0] nmbd/nmbd_become_lmb.c:become_local_master_fail2(417) become_local_master_fail2: failed to register name EIA1d on subnet 129.217.168.21. Failed to become a local master browser. [2004/06/09 08:17:47, 2] nmbd/nmbd_become_lmb.c:unbecome_local_master_browser(280) unbecome_local_master_browser: unbecoming local master for workgroup EIA on subnet 129.217.168.21 [2004/06/09 08:17:47, 0] nmbd/nmbd_namelistdb.c:standard_fail_register(283) standard_fail_register: Failed to register/refresh name EIA1d on subnet 129.217.168.21 [2004/06/09 08:17:50, 2] nmbd/nmbd_elections.c:send_election_dgram(41) send_election_dgram: Sending election packet for workgroup EIA on subnet 129.217.168.21 [2004/06/09 08:17:52, 2] nmbd/nmbd_elections.c:send_election_dgram(41) I think that the PRAEPLAB PC is firewalled, but i have no control over it. Is there any way, to become the local master against this PC? Eventually staying local master by brute force or kicking the bad PC of the net? Thanks in advance Thorsten Witt -- Thorsten Witt Universitaet Dortmund Fachbereich Physik DELTA Experimentelle Physik 1 Raum P2-E0-517 Otto-Hahn-Straße 4 D-44221 Dortmund (Germany) Tel.: +49-(0)231-755-3495/5397 Fax : +49-(0)231-755-3657 email: [EMAIL PROTECTED] http://e1.physik.uni-dortmund.de -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] SUSE 9.1 Samba
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Kit wrote: | Samba does not use encrypted passwords by default, While this was true under Samba 2.2 and previous releases, Samba 3.0 does enable encrypted passwords by default. - -- cheers, jerry - -- Hewlett-Packard- http://www.hp.com SAMBA Team -- http://www.samba.org GnuPG Key http://www.plainjoe.org/gpg_public.asc ...a hundred billion castaways looking for a home. --- Sting -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFAxweeIR7qMdg1EfYRAg8YAKC53RUryn8WfP8Jpqkv6g/1mLFciACdGSiI jwH5/ZvmfXYrhn34uUA1Fcc= =gSKH -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba client filesize problems
The smbclient (package is usually samba-client in most distros) is different from the mount.smbfs module. What you are using when you are doing a mount of a samba share is using a kernel module which (at least in 2.4) is limited to 2GB. Jonathan Andrews wrote: Filesize problems with samba client on Redhat 9 and W2k machine. The original smbclient did this so I upgraded to the latest, it didn't help. The server is W2k with an NTFS volume, these are video files - the windows software breaks the files at the 2G limit, but for some reason some are reported as 2G others as huge !! One day I might own 25T of disk, but not today. Anyone any ideas ? Thanks, Jon [EMAIL PROTECTED] bin]# smbmount Usage: mount.smbfs service mountpoint [-o options,...] Version 2.2.9 [EMAIL PROTECTED] bin]# uname -a Linux jonspc 2.4.20-8 #1 Thu Mar 13 17:18:24 EST 2003 i686 athlon i386 GNU/Linux [EMAIL PROTECTED] record]# ls -lt total 25793202411 -rwxr-xr-x1 root root 18446744071562071792 Jun 9 02:46 Channel 4 - 2004,06,09 00,23,13_001.mpg -rwxr-xr-x1 root root 2147477442 Jun 9 01:34 Channel 4 - 2004,06,09 00,23,13.mpg -rwxr-xr-x1 root root 894211652 Jun 8 23:39 BBC TWO - 2004,06,08 13,47,17_007.mpg -rwxr-xr-x1 root root 2147464426 Jun 8 23:02 BBC TWO - 2004,06,08 13,47,17_006.mpg -rwxr-xr-x1 root root 18446744071562081966 Jun 8 21:37 BBC TWO - 2004,06,08 13,47,17_005.mpg -rwxr-xr-x1 root root 2147475408 Jun 8 20:11 BBC TWO - 2004,06,08 13,47,17_004.mpg -rwxr-xr-x1 root root 18446744071562073774 Jun 8 18:54 BBC TWO - 2004,06,08 13,47,17_003.mpg -rwxr-xr-x1 root root 18446744071562089104 Jun 8 17:24 BBC TWO - 2004,06,08 13,47,17_002.mpg -rwxr-xr-x1 root root 2147456882 Jun 8 16:07 BBC TWO - 2004,06,08 13,47,17_001.mpg -rwxr-xr-x1 root root 2147476444 Jun 8 14:58 BBC TWO - 2004,06,08 13,47,17.mpg -rwxr-xr-x1 root root 2147470716 Jun 8 02:52 BBC FOUR - 2004,06,08 00,54,21_001.mpg -rwxr-xr-x1 root root 2147483360 Jun 8 01:51 BBC FOUR - 2004,06,08 00,54,21.mpg -rwxr-xr-x1 root root 18446744071562079614 Jun 7 23:01 BBC TWO - 2004,06,07 14,07,54_006.mpg -rwxr-xr-x1 root root 18446744071562080616 Jun 7 21:41 BBC TWO - 2004,06,07 14,07,54_005.mpg -rwxr-xr-x1 root root 2147459392 Jun 7 20:20 BBC TWO - 2004,06,07 14,07,54_004.mpg -rwxr-xr-x1 root root 18446744071562069142 Jun 7 19:01 BBC TWO - 2004,06,07 14,07,54_003.mpg -rwxr-xr-x1 root root 18446744071562082462 Jun 7 17:43 BBC TWO - 2004,06,07 14,07,54_002.mpg -rwxr-xr-x1 root root 2147468096 Jun 7 16:28 BBC TWO - 2004,06,07 14,07,54_001.mpg -rwxr-xr-x1 root root 2147482130 Jun 7 15:17 BBC TWO - 2004,06,07 14,07,54.mpg -rwxr-xr-x1 root root 18446744071562080378 Jun 7 02:40 Channel 4 - 2004,06,07 00,17,59_001x.mpg -rwxr-xr-x1 root root 1643224088 Jun 7 00:12 Channel 4 - 2004,06,06 22,06,18_001.mpg -rwxr-xr-x1 root root 2147474490 Jun 6 23:17 Channel 4 - 2004,06,06 22,06,18.mpg -rwxr-xr-x1 root root 763302994 Jun 4 09:56 five - 2004,06,04 09,33,34.mpg -rwxr-xr-x1 root root 953933946 May 23 23:05 ITV 1 - 2004,05,23 22,35,15.mpg -rwxr-xr-x1 root root 1592166170 May 15 01:02 Sky Travel - 2004,05,15 00,02,25.mpg -rwxr-xr-x1 root root 954005116 May 13 22:34 ITV 1 - 2004,05,13 22,04,40.mpg -rwxr-xr-x1 root root 899231922 May 6 23:38 Channel 4 - 2004,05,06 23,08,26.mpg -rwxr-xr-x1 root root 120173424 May 1 11:11 Cristina millan.mpg -rwxr-xr-x1 root root 2147483315 Apr 18 12:08 BBC ONE - 2004,04,18 11,08,42.mpg -rwxr-xr-x1 root root 526759144 Apr 15 22:02 Channel 4 - 2004,04,15 21,44,43.mpg -rwxr-xr-x1 root root 43353716 Apr 15 21:41 Channel 4 - 2004,04,15 21,39,30.mpg -rwxr-xr-x1 root root 718703370 Apr 11 18:35 Sky Travel - 2004,04,11 18,05,34.mpg -rwxr-xr-x1 root root 35889464 Apr 11 18:02 Sky Travel - 2004,04,11 18,01,06.mpg -rwxr-xr-x1 root root 2147461254 Apr 10 00:17 Sky Travel - 2004,04,09 23,01,13.mpg -rwxr-xr-x1 root root 856571274 Apr 9 01:58 BBC THREE - 2004,04,09 01,29,21.mpg -rwxr-xr-x1 root root 1588864206 Apr 8 00:16 ITV 1 - 2004,04,07 16,38,32_006.mpg -rwxr-xr-x1 root root 18446744071562080022 Apr 7 23:26 ITV 1 - 2004,04,07 16,38,32_005.mpg -rwxr-xr-x1 root root 2147479956 Apr 7 22:18 ITV 1 - 2004,04,07 16,38,32_004.mpg -rwxr-xr-x1 root root 18446744071562071902 Apr 7 20:02 ITV 1 - 2004,04,07 16,38,32_002.mpg -rwxr-xr-x1 root root 18446744071562073792 Apr 7 18:54 ITV 1 - 2004,04,07 16,38,32_001.mpg -rwxr-xr-x1 root root 2147468954 Apr 7 12:41 BBC TWO - 2004,04,07 11,01,30.mpg -rwxr-xr-x1 root root 332269870 Apr 3 07:29 Channel 4 - 2004,04,03 07,18,04.mpg
Re: [Samba] use password server= when security=ADS or not???
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Alex de Vaal wrote: | In the man page of samba also reside about password server | the following: The advantage of using security = domain | is that if you list several hosts in the password server | option then smbd will try each in turn till it finds one | that responds. This is useful in case your primary | server goes down. Does this also work, when security = ADS | ? Id like that the samba domain server | tries to contact each password server in the list | till it finds one that responds. When 'security = ads', Samba uses the password server for any NTLM authentication as well as ldap queries. Krb5 ticket verification is handled by the krb5 libs (outside of Samba). cheers, jerry - -- Hewlett-Packard- http://www.hp.com SAMBA Team -- http://www.samba.org GnuPG Key http://www.plainjoe.org/gpg_public.asc ...a hundred billion castaways looking for a home. --- Sting -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD4DBQFAxwoIIR7qMdg1EfYRAvkDAKDYQO/mAu95G9PiCeJD3tgTb1dO+wCWMrAX /nEyM0szfBeuTK/iEoOCRQ== =WipS -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] pdbedit
Sorry folks, a typo was causing the looping problem. I'd still like to know if pdbedit needs initialising in some way after installation, or if it is ready to go. It still looks like at least one user needs to be added manually before pdbedit can be used in a script. Thanks Mick On Wed, 2004-06-09 at 21:48, Ninti Systems wrote: I have a couple of questions about pdbedit. I am having trouble using pdbedit in shell scripts. First, on a freshly installed system with no-one in the tdbsam database, trying to add multiple machine accounts via a loop construct in a shell script fails with a message that the database can't be found/doesn't exist. I then added root manually just to get the system going, which solves that problem. Once the first user is added, my script seems to get stuck in an infinite loop trying to add the first machine, but I can add a machine manually. Is pdbedit usable in shell scripts? I understand that normal users need a password added, but I can't see why machine accounts can't just be added automatically. Does pdbedit have to be run manually for some reason? Is there some way of initialising the tdbsam database without manually adding a first user? Mick -- -- Ninti Systems: Smart IT Solutions Michael Hall Mobile: 0429 095 392 Ph/Fax: 08 8953 1442 Email: office at ninti dot com dot au Web:http://ninti.com.au -- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] printing to WinXP
Hi All! I know, this question already was many time, but i can't find it on internet. I have: First host: Linux slackware-9.1 with samba-2.2.8a. Second host: WinXP Home Edition with shared printer (with no password). Both computers connected in local net. When i printing from linux to winxp by typing command: # /usr/bin/smbspool smb://prodavec/ml-1430 1 1 1 1 -- i get NT_STATUS_ACCESS_DENIED. But other peoples say, that it must print out one blank page. Please, say me, what i need to do? Thanks. -- Wed Jun 9 20:07:55 ALMST 2004 -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] authentification in ads2003
Hello, *This msg was already sent yesterday on this ml, but some i found some faults in the mail.* **If anyone can help me... the only thing i'm thinking now is to throw away the servers** I installed Samba 3.0.4 + kerberos 5 + winbind to make the debian woody server joining the Active directory service. Everything seems to be ok, except the authentification. If i try to go to the share of the linux server from a windows box, it asks me the password. And of course, no way to log in. Here is the config: *nsswitch.conf* passwd: compat winbind group: compat winbind shadow: compat hosts: files dns networks: files protocols: db files services: db files ethers: db files rpc:db files netgroup: nis *samba* [global] workgroup = TEST realm = CAR.BE.TEST.COM.LOCAL server string = %h server (Samba %v) ; wins support = no ; wins server = w.x.y.z dns proxy = no ; name resolve order = lmhosts host wins bcast use spnego = yes log file = /var/log/samba/log.%m max log size = 1000 ; syslog only = no syslog = 0 panic action = /usr/share/samba/panic-action %d # separate domain and username with '+', like DOMAIN+username winbind separator = + # use uids from 1 to 2 for domain users idmap uid = 1-2 # use gids from 1 to 2 for domain groups idmap gid = 1-2 # allow enumeration of winbind users and groups winbind enum users = yes winbind enum groups = yes security = ADS encrypt passwords = yes passdb backend = tdbsam guest obey pam restrictions = yes password server = car-pdc netbios name = rantanplan ; guest account = nobody invalid users = root ; unix password sync = no ; passwd program = /usr/bin/passwd %u# passwd chat = *Enter\snew\sUNIX\spassword:* %n\n *Retype\snew\sUNIX\spassword:* %n\n . ; pam password change = no ; load printers = yes ; preserve case = yes ; short preserve case = yes ; include = /home/samba/etc/smb.conf.%m # SO_RCVBUF=8192 SO_SNDBUF=8192 socket options = TCP_NODELAY ; message command = /bin/sh -c '/usr/bin/linpopup %f %m %s; rm %s' ; domain master = auto idmap uid = 1-2 idmap gid = 1-2 ; template shell = /bin/bash [admin] comment = Administration Directory path = /home/benoit admin users = TEST+bmo browseable = yes public = no writable = yes guest only = no valid users = TEST+bmo *kerberos* [libdefaults] default_realm = CAR.BE.TEST.COM [realms] CAR.BE.TEST.COM = { kdc = car-pdc.car.be.test.com default_domain = car.be.test.com } #[domain_realms] #.kerberos.server=CAR.BE.TEST.COM # The following krb5.conf variables are only for MIT Kerberos. default_tgs_enctypes = des3-hmac-sha1 des-cbc-crc des-cbc-md5 default_tkt_enctypes = des3-hmac-sha1 des-cbc-crc des-cbc-md5 permitted_enctypes = des3-hmac-sha1 des-cbc-crc des-cbc-md5 krb4_config = /etc/krb.conf krb4_realms = /etc/krb.realms kdc_timesync = 1 ccache_type = 4 forwardable = true proxiable = true v4_instance_resolve = false v4_name_convert = { host = { rcmd = host ftp = ftp } plain = { something = something-else } } [login] krb4_convert = true krb4_get_tickets = true *winbind* (logs) 2004/06/07 13:38:57, 1] nsswitch/winbindd_util.c:add_trusted_domain(180) Added domain CAR CAR.BE.TEST.COM.LOCAL S-0-0 [2004/06/07 13:38:57, 1] libsmb/clikrb5.c:ads_krb5_mk_req(306) krb5_cc_get_principal failed (No credentials cache found) [2004/06/07 13:38:57, 1] nsswitch/winbindd_util.c:add_trusted_domain(180) Added domain BUILTIN S-1-5-32 [2004/06/07 13:38:57, 1] nsswitch/winbindd_util.c:add_trusted_domain(180) Added domain RANTANPLAN S-1-5-21-837388855-3362161430-1770541169 I found also some trace in the log.smbd smbd version 3.0.4 started. Copyright Andrew Tridgell and the Samba Team 1992-2004 [2004/06/09 10:29:16, 0] lib/util_sock.c:get_peer_addr(978) getpeername failed. Error was Transport endpoint is not connected [2004/06/09 10:34:28, 0] smbd/server.c:main(757) All commands like kinit, net ads join, wbinfo -u (-g), getent etc works. From the linux server, no problem to go to the shares of the domain controller (wich is a windows 2003 server). Do i have to make the keytab for kerberos by myself for each ssamba server, or does it create itself whith the net ads join cmd? Any help would be welcome. Regards, Benoit -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] install samba problem
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Donald wrote: | I downloaded Samba 3.0.4 rpm for Red Hat 9.0. On install, | the system prepares for installation, then closes. | Nothing has been installed. I have removed the previous versionm | of samba, which made no difference. | | Any advise will be greatly appreciated. I would suggest turning on more verbose output to rpm when installing the package (i.i rpm -Uvvh samba-3.0.4-1_rh9.i386.rpm). Might help give you an idea of whats failing. cheers, jerry - -- Hewlett-Packard- http://www.hp.com SAMBA Team -- http://www.samba.org GnuPG Key http://www.plainjoe.org/gpg_public.asc ...a hundred billion castaways looking for a home. --- Sting -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFAxxCoIR7qMdg1EfYRAm77AKCeDO8i4yk8VyXepuF2M2IUljNwzACfZLc1 8qqaUZH44vAyUQWzJbxlkJk= =0fle -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba, LDAP and machine account weirdness....
On Wed, 2004-06-09 at 06:34, Chris Bradshaw wrote: Hi I am using Samba 3.0.2 with LDAP as the passdb backend for both user accounts and for machine accounts. I have noticed something which looks a bit strange. It seems that at least some machines (I don't think all machines, but can't be sure as of yet) appear to be having sambaPwdCanChange and sambaPwdLastChange modified in their account entry in the LDAP tree. I thought that the only time any machine account attributes would be added/altered is when the machine account is initially added. No, machines will change their password regularly. I noticed this issue, and added a check/hack to make such a change (which does not actually change the password) a no-op. One machine seems to be having these attributes in its machine account altered every 15 minutes.other machines seem to only have this occur once or twice. Another strange thing I have noticed is that for all of these machines, both the sambaLMPassword and sambaNTPassword hashes are identical.I thought that these would/should always be different (open to correction on this ;-) For historical reasons, Samba sets the NT and LM passwords to the new NT machine account password, on a machine password change. Everything seems to work OK, but this is generating some load on our LDAP servers (master and replicas) and also I am concerned that perhaps we have been hacked or perhaps a Windoze virus is causing this to happen. However, I am not aware of any viruses which attack an NT domain server and cause machine accounts to be altered.besides, the virus would need to know a login/password with sufficient privilege to update the machine account via samba. Could this be a hack or a virus? Or is there any setting in Windoze (registry or something) which would cause a machine to try to update its machine account in some way? Or is there anything else which might cause this (eg: a difference in the time on samba and LDAP servers?)? Sorry if this seems a but vague and lacking any more detail, but I am baffled myself. Upgrade to the latest Samba, where this is fixed (that is, my hack avoids the load issues). I wonder if the fixes for the MS04-11 issues might also have fixed this. Andrew Bartlett signature.asc Description: This is a digitally signed message part -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba just Slow with AutoCad?
Hi. Does your new system use ReiserFS? When these ~20 second delays happen, can you see if there's a spike of System CPU time useage on the server? I've not heard of it happening over a network share, but some poorly behaved applications can trigger a 'feature', (actually, a performance optimization) with ReiserFS on Newer (2.6) kernels that will make the kernel spin it's wheels for a number of seconds. If this might be the case for you, you can disable it by mounting a ReiserFS volume with a nolargeio=1 option. (If you want to test this, it appears to to be safe to remount. That is, mount /home -o remount,nolargeio=1 As an example.) On Tue, Jun 08, 2004 at 12:26:25PM -0600, Brian Merrell wrote: I just came across some very interesting information. We samba running on an old HP PIII 900. I just plugged it back in and we opened some backup files we had on it. It works just fine with AutoCad. Linux gatekeeper 2.4.26 #5 Mon Apr 19 07:15:24 MDT 2004 i686 Pentium III (Coppermine) GenuineIntel GNU/Linux Samba Version 2.2.8a Our new machine is a Dual Opteron machine. Linux fileserv 2.6.5-gentoo-r1 #3 Sat May 29 13:32:03 MDT 2004 x86_64 5 GNU/Linux Samba Version Version 3.0.2a The difference is that I need the hard drive space on our new server versus the 40 gigs we have on the older machine. The smb.conf file on the old machine is very very basic: [global] workgroup = TRISTATE security = SHARE [backup] path = /usr/backup writeable = Yes guest ok = Yes - Original Message - From: Brian Merrell [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Tuesday, June 08, 2004 12:07 PM Subject: Re: [Samba] Samba just Slow with AutoCad? Terry, Thanks a lot for your reply. We're really trying to solve this problem. Brian, 1. Which release of AutoCAD are you using? Autodesk Land Desktop 2004 2004.0.0 Service Pack 1 2. Are the support files for AutoCAD on the client or the server? On the clients. 3. Are you using cups? No. 4. Is it true that your plotter settings are not being saved with the drawing? Was this true when you were using a windows server? They are being saved with the drawings. They were also being saved with the drawings on the windows server. (the windows server was actually just another client that shared it's HD). 5. Normally when AutoCAD is opening the print dialog box in an existing drawing, it is trying to find the printer that was used by the last session of Autocad. If it can't find that printer, it produces the printer none. Are you loading your printers from the server such that each client has the identical printer name? First of all, you're right. The print dialog only produces the printer none when it's a new drawing. Otherwise, it saves the print settings. But we still experience a delay independant of whether we are printing from a new drawing or an existing one. The printers aren't on the server, and we do not have identical printer name. 6. Are the network directories being used by AutoCAD the same as being used by the other programs that don't exhibit the long save times? No. AutoCad drawings are stored on a seperate harddrive and a different directory. However, after reading this e-mail I moved a TIF image to the autocad directory and opened them from Adobe Photoshop. I then modified and saved the drawing and there was no delay. There was also no delay for opening a print dialog. The problem continues to be only with AutoCad. We use AutoCAD 2000, 2002, 2004 with RH E3.0 and Samba 3.0.2-6.3E with no delays in saving or printing and have achieved better performance than the previous W2k server. With a little more information we might be able to assist in finding the bottleneck. Terry -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Bob Turner Sent: Tuesday, June 08, 2004 10:45 AM To: 'Brian Merrell'; [EMAIL PROTECTED] Subject: RE: [Samba] Samba just Slow with AutoCad? Brian I might suggest a couple of setting changes on your XP machines: 1) Open services and stop/disable Web Client 2) Open windows explorer, go to toolsfolder options, click the View tab, and uncheck the Automatically search for network folders and printers (I'm assuming Windows XP Professional on these settings) Restart and try your printers again. Bob -Original Message- From: Brian Merrell [mailto:[EMAIL PROTECTED] Sent: Tuesday, June 08, 2004 9:50 AM To: [EMAIL PROTECTED] Subject: Re: [Samba] Samba just Slow with AutoCad? Thanks for your response Jerry. Yes. These are all windows XP machines. We have about four printers here in the office (all HP hehe). Only two computers have McAfee Firewalls
Re: [Samba] authentification in ads2003
Hi, i got that working on woddy, but against a win2000 ADS. How? - fetched the latest soure of MIT-kerberos from mit-server and installed in /usr/local, as the version comming with woody is to old , it does not support the neede enc-types. - fetched samba-3.0.5-pre2 from svn and compiled it against the kerberos in /usr/local, and installed it. - deleted all old databases of samba - delete the samba-server from the ADS and rejoin it. i found for me that in nsswitch.conf the lines passwd: compat winbind group: compat winbind will not work, replace compat with files this way you should be able to get it working, but no garanty. Christoph Benoit Moeremans schrieb: Hello, *This msg was already sent yesterday on this ml, but some i found some faults in the mail.* **If anyone can help me... the only thing i'm thinking now is to throw away the servers** I installed Samba 3.0.4 + kerberos 5 + winbind to make the debian woody server joining the Active directory service. Everything seems to be ok, except the authentification. If i try to go to the share of the linux server from a windows box, it asks me the password. And of course, no way to log in. Here is the config: *nsswitch.conf* passwd: compat winbind group: compat winbind shadow: compat hosts: files dns networks: files protocols: db files services: db files ethers: db files rpc:db files netgroup: nis *samba* [global] workgroup = TEST realm = CAR.BE.TEST.COM.LOCAL server string = %h server (Samba %v) ; wins support = no ; wins server = w.x.y.z dns proxy = no ; name resolve order = lmhosts host wins bcast use spnego = yes log file = /var/log/samba/log.%m max log size = 1000 ; syslog only = no syslog = 0 panic action = /usr/share/samba/panic-action %d # separate domain and username with '+', like DOMAIN+username winbind separator = + # use uids from 1 to 2 for domain users idmap uid = 1-2 # use gids from 1 to 2 for domain groups idmap gid = 1-2 # allow enumeration of winbind users and groups winbind enum users = yes winbind enum groups = yes security = ADS encrypt passwords = yes passdb backend = tdbsam guest obey pam restrictions = yes password server = car-pdc netbios name = rantanplan ; guest account = nobody invalid users = root ; unix password sync = no ; passwd program = /usr/bin/passwd %u# passwd chat = *Enter\snew\sUNIX\spassword:* %n\n *Retype\snew\sUNIX\spassword:* %n\n . ; pam password change = no ; load printers = yes ; preserve case = yes ; short preserve case = yes ; include = /home/samba/etc/smb.conf.%m # SO_RCVBUF=8192 SO_SNDBUF=8192 socket options = TCP_NODELAY ; message command = /bin/sh -c '/usr/bin/linpopup %f %m %s; rm %s' ; domain master = auto idmap uid = 1-2 idmap gid = 1-2 ; template shell = /bin/bash [admin] comment = Administration Directory path = /home/benoit admin users = TEST+bmo browseable = yes public = no writable = yes guest only = no valid users = TEST+bmo *kerberos* [libdefaults] default_realm = CAR.BE.TEST.COM [realms] CAR.BE.TEST.COM = { kdc = car-pdc.car.be.test.com default_domain = car.be.test.com } #[domain_realms] #.kerberos.server=CAR.BE.TEST.COM # The following krb5.conf variables are only for MIT Kerberos. default_tgs_enctypes = des3-hmac-sha1 des-cbc-crc des-cbc-md5 default_tkt_enctypes = des3-hmac-sha1 des-cbc-crc des-cbc-md5 permitted_enctypes = des3-hmac-sha1 des-cbc-crc des-cbc-md5 krb4_config = /etc/krb.conf krb4_realms = /etc/krb.realms kdc_timesync = 1 ccache_type = 4 forwardable = true proxiable = true v4_instance_resolve = false v4_name_convert = { host = { rcmd = host ftp = ftp } plain = { something = something-else } } [login] krb4_convert = true krb4_get_tickets = true *winbind* (logs) 2004/06/07 13:38:57, 1] nsswitch/winbindd_util.c:add_trusted_domain(180) Added domain CAR CAR.BE.TEST.COM.LOCAL S-0-0 [2004/06/07 13:38:57, 1] libsmb/clikrb5.c:ads_krb5_mk_req(306) krb5_cc_get_principal failed (No credentials cache found) [2004/06/07 13:38:57, 1] nsswitch/winbindd_util.c:add_trusted_domain(180) Added domain BUILTIN S-1-5-32 [2004/06/07 13:38:57, 1] nsswitch/winbindd_util.c:add_trusted_domain(180) Added domain RANTANPLAN S-1-5-21-837388855-3362161430-1770541169 I found also some trace in the log.smbd smbd version 3.0.4 started. Copyright Andrew Tridgell and the Samba Team 1992-2004 [2004/06/09 10:29:16, 0] lib/util_sock.c:get_peer_addr(978) getpeername failed. Error was Transport endpoint is not connected [2004/06/09 10:34:28, 0] smbd/server.c:main(757) All commands like kinit, net ads join, wbinfo -u (-g),
[Samba] Samba 3.0 and winpopup?
Hello, all. I want to send a message to Windwos clients, a la smbclient -M, from my Samba 3.x box. Is this possible? I seem to recall (and apt-get seems to agree) that smbclient has been deprecated; however, I can't find the winpopup functionality in the net command. I suppose I could just compile the source for smbclient, and hope that it works, but if there's a right way to do it, that's the way I'd prefer to go. Thanks much, Ken D'Ambrosio Sr. SysAdmin, Xanoptix, Inc. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Problem IDMAP Domain Member - PDC
hi im using precompiled samba v. 3.0.4 packages from SuSE 9.1 DVDs all services (ldapsam, winbind, ... ) are compiled in user mapping on the PDC SERVER (SID-RID to UID) work fine the domain member server FILESERV gets the local accounts via nsswitch from the ldap backend of SERVER (tested with getent passwd) he also gets and checks the samba users and passwords against the PDC (if i connect from a client to FILESERV), so he has no local password/user backend if i create a new folder from (win xp) client on FILESERV i just see SID-(G)RID and not user xyzif if i create a new folder from (win xp) client on SERVER i user xyz the interesting parts of smb.conf on FILESERV are [global] workgroup = NEVAN netbios name = FILESERV server string = NevanFS01 on Samba Version: %v username map = /etc/samba/username.map log level = 5 log file = /var/lib/samba/log.%m max log size = 1 passdb backend = ldapsam:ldap://server:389; ldap passwd sync = yes ldap suffix = dc=eva,dc=mpg,dc=de ldap admin dn = cn=manager,dc=eva,dc=mpg,dc=de #ldap filter = ((objectclass=sambaSamAccount)(uid=%u)) ldap machine suffix = ou=machines ldap user suffix = ou=users ldap group suffix = ou=groups ldap replication sleep = 2000 idmap backend = ldap:ldap://server:389 ldap idmap suffix = ou=idmap idmap uid = 1000-5000 idmap gid = 1000-5000 # interfaces = eth0 lo # bind interfaces only = yes guest ok = no guest account = Guest security = domain local master = no os level = 32 domain master = no domain logons = no encrypt passwords = yes password server = server socket options = SO_KEEPALIVE IPTOS_LOWDELAY TCP_NODELAY wins support = yes dns proxy = no local user/group accounts are from 0 (root) and 500 - 600 i also changed idmap uid = 1000-5000 idmap gid = 1000-5000 to idmap uid = 0-5000 idmap gid = 0-5000 but he cannot resolve SIDs i just wonder, if theres a way around winbind? because i already red the docs but can't get it working (see log) please help thx LOG (wbinfo -S 667) -- [2004/06/09 19:22:06, 3] nsswitch/winbindd_misc.c:winbindd_interface_version(261) [11062]: request interface version [2004/06/09 19:22:06, 3] nsswitch/winbindd_misc.c:winbindd_priv_pipe_dir(297) [11062]: request location of privileged pipe [2004/06/09 19:22:06, 5] nsswitch/winbindd.c:winbind_client_read(465) read failed on sock 19, pid 11062: EOF [2004/06/09 19:22:06, 3] nsswitch/winbindd_sid.c:winbindd_uid_to_sid(303) [11062]: uid to sid 667 [2004/06/09 19:22:06, 5] lib/smbldap.c:smbldap_search(932) smbldap_search: base = [ou=idmap,dc=eva,dc=mpg,dc=de], filter = [((objectClass=sambaIdmapEntry)(uidNumber=667))], scope = [2] [2004/06/09 19:22:06, 0] sam/idmap_ldap.c:ldap_get_sid_from_id(525) ldap_get_sid_from_id: mapping not found for uidNumber: 667 [2004/06/09 19:22:06, 1] nsswitch/winbindd_sid.c:winbindd_uid_to_sid(356) Could not convert uid 667 to rid -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Smbd hangs entire machine forcing reset
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 [EMAIL PROTECTED] wrote: | When I copy a massive amount of files (~50GB) to | the Samba server from a Windows 2K client, somewhere | during that process (seemingly around 2 hours into the copy | each time), my Linux box COMPLETELY locks up. I must | hard reset it. Matthew, This sounds more like a kernel bug or hardware issue. a user-space app should not be able to cause the kernel to lock. cheers, jerry - -- Hewlett-Packard- http://www.hp.com SAMBA Team -- http://www.samba.org GnuPG Key http://www.plainjoe.org/gpg_public.asc ...a hundred billion castaways looking for a home. --- Sting -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFAxyKrIR7qMdg1EfYRAtK/AKC2iEO2o2ieuZTYa1TanLPHQ+SU4gCeMZ9P Ayas5mn/RPQStlOZ1I3c+BA= =NCpL -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: Antwort: Re: [Samba] requiresignorseal
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 [EMAIL PROTECTED] wrote: | | I also tested with 3.0.5pre1, and I also have to change | the regvalue, otherwise I get the error, that there is no | domain controller or the computer account is unknowen. I've not seen any other reports of this. Are you sure its not a local configuration error ? cheers, jerry - -- Hewlett-Packard- http://www.hp.com SAMBA Team -- http://www.samba.org GnuPG Key http://www.plainjoe.org/gpg_public.asc ...a hundred billion castaways looking for a home. --- Sting -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFAxyN7IR7qMdg1EfYRAt6aAJ9FEqLv59nxKDFj5+s85xfKGYq4ZwCeIVgX dfxMzPegBY2xUL/xrIFWl4c= =FCIr -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re[2]: [Samba] pdbedit
Well, i used pdbedit in my GUI-usermanager... and that is an bash script-based proggy... so yeah i guess u can use it in scripts. (very easyly) i don't get the part about, pdbedit needs to initialised ? as long your samba is configed right, pdbedit will follow.. (atleast that is the idea). - Collen Blijenberg (Montessori Lyceum Herman Jordan) Wednesday, June 9, 2004, 2:59:49 PM, you wrote: NS Sorry folks, a typo was causing the looping problem. NS I'd still like to know if pdbedit needs initialising in some way after NS installation, or if it is ready to go. It still looks like at least one NS user needs to be added manually before pdbedit can be used in a script. NS Thanks NS Mick NS On Wed, 2004-06-09 at 21:48, Ninti Systems wrote: I have a couple of questions about pdbedit. I am having trouble using pdbedit in shell scripts. First, on a freshly installed system with no-one in the tdbsam database, trying to add multiple machine accounts via a loop construct in a shell script fails with a message that the database can't be found/doesn't exist. I then added root manually just to get the system going, which solves that problem. Once the first user is added, my script seems to get stuck in an infinite loop trying to add the first machine, but I can add a machine manually. Is pdbedit usable in shell scripts? I understand that normal users need a password added, but I can't see why machine accounts can't just be added automatically. Does pdbedit have to be run manually for some reason? Is there some way of initialising the tdbsam database without manually adding a first user? Mick NS -- NS -- NS Ninti Systems: Smart IT Solutions NS Michael Hall NS Mobile: 0429 095 392 NS Ph/Fax: 08 8953 1442 NS Email: office at ninti dot com dot au NS Web:http://ninti.com.au NS -- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Re: Excel could not save
Jeremy Allison [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] On Mon, Jun 07, 2004 at 10:55:52AM +0800, [EMAIL PROTECTED] wrote: Hi, My user always report that they have problem with Excel file, they sometimes cannot save the file and excel reported File did not save message. I have no idea what is the problem. They are using MS office 97, 2000 on win98 to win2000. Server is running Samba3.0.4 on RH8, kernel 2.4.20. Smb.conf as following: I have a patch that may fix this issue. Mail me if you are familiar with building Samba from source code and I'll pass it on to you. I'm looking for testers to make sure this works correctly in the next version of Samba (3.0.5). Thanks, Jeremy. -- Jeremy, Could you let us know the nature of the problem? I am trying to get my Excel spread sheets to work properly. Thanks. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] use password server= when security=ADS or not???
On 9 Jun 2004 at 8:00, Gerald (Jerry) Carter wrote: | In the man page of samba also reside about password server | the following: The advantage of using security = domain | is that if you list several hosts in the password server | option then smbd will try each in turn till it finds one | that responds. This is useful in case your primary | server goes down. Does this also work, when security = ADS | ? I d like that the samba domain server | tries to contact each password server in the list | till it finds one that responds. When 'security = ads', Samba uses the password server for any NTLM authentication as well as ldap queries. Krb5 ticket verification is handled by the krb5 libs (outside of Samba). Right. I'm using winbind (which is the Samba-3 NTLM authentication daemon) in my configuration, so in my case it is better to specify at password server all the DNS names of my ADS servers instead of leaving it blank? I know that Krb5 ticket is handled by the krb5 libs. I have no krb5.conf specified, so it uses the DNS for resolving the KDC servers (the ADS servers create SRV records in DNS for each KDC in the realm) In my case password server= is not specified in smb.conf. I see however sometimes strange things in winbindd.log on a remote Samba domain member server that it can't find sometimes the LDAP server, port 445 and port 139, because the connection to the ADS server is sometimes very slow (is a router connection). I was wondering if it is better to specify all the ADS servers in the realm at password server=, so it is looking for the other servers in the realm if the connection to an ADS server is slow. Winbindd.log == [2004/06/08 19:28:41, 1] libads/ldap.c:ads_connect(222) Failed to get ldap server info [2004/06/08 19:28:50, 1] lib/util_sock.c:open_socket_out(757) timeout connecting to 10.2.20.240:445 [2004/06/08 19:29:07, 1] libsmb/cliconnect.c:cli_start_connection(1388) session request to NHADM01 failed (Call timed out: server did not respond after 1 milliseconds) [2004/06/08 19:29:15, 1] lib/util_sock.c:open_socket_out(757) timeout connecting to 10.2.20.240:139 [2004/06/08 19:29:15, 1] libsmb/cliconnect.c:cli_connect(1297) Error connecting to 10.2.20.240 (Operation already in progress) [2004/06/08 19:29:15, 1] libsmb/cliconnect.c:cli_start_connection(1377) cli_full_connection: failed to connect to *SMBSERVER20 (10.2.20.240) [2004/06/08 19:29:34, 1] libsmb/cliconnect.c:cli_start_connection(1408) failed negprot [2004/06/08 19:29:43, 1] lib/util_sock.c:open_socket_out(757) timeout connecting to 10.2.20.240:445 [2004/06/08 19:29:52, 1] lib/util_sock.c:open_socket_out(757) timeout connecting to 10.2.20.240:139 [2004/06/08 19:29:52, 1] libsmb/cliconnect.c:cli_connect(1297) Error connecting to 10.2.20.240 (Operation already in progress) [2004/06/08 19:29:52, 1] libsmb/cliconnect.c:cli_start_connection(1377) cli_full_connection: failed to connect to NHADM0120 (10.2.20.240) [2004/06/08 19:30:02, 0] rpc_client/cli_pipe.c:rpc_api_pipe(424) cli_pipe: return critical error. Error was Call timed out: server did not respond after 1 milliseconds [2004/06/08 19:30:35, 1] libads/ldap.c:ads_connect(222) Failed to get ldap server info [2004/06/08 19:30:39, 1] nsswitch/winbindd_user.c:winbindd_getpwuid(246) could not lookup sid S-1-5-21-1130960580-3026470530-2041411792-1380 [2004/06/08 19:30:39, 1] nsswitch/winbindd_user.c:winbindd_getpwuid(246) could not lookup sid S-1-5-21-1130960580-3026470530-2041411792-1380 [2004/06/08 19:30:59, 1] libads/ldap.c:ads_connect(222) Failed to get ldap server info [2004/06/08 19:31:11, 1] lib/util_sock.c:open_socket_out(757) timeout connecting to 10.2.20.240:445 and somewhat later. [2004/06/08 20:45:00, 1] nsswitch/winbindd_group.c:winbindd_getgroups(1032) user 'root' does not exist [2004/06/08 20:46:00, 1] nsswitch/winbindd_group.c:winbindd_getgroups(1032) user 'root' does not exist [2004/06/08 20:46:28, 1] nsswitch/winbindd_group.c:winbindd_getgroups(1032) user 'root' does not exist [2004/06/08 20:55:00, 1] nsswitch/winbindd_group.c:winbindd_getgroups(1032) user 'root' does not exist [2004/06/08 21:01:00, 1] nsswitch/winbindd_group.c:winbindd_getgroups(1032) user 'root' does not exist [2004/06/08 21:01:00, 1] nsswitch/winbindd_group.c:winbindd_getgroups(1032) user 'root' does not exist [2004/06/08 21:05:00, 1] nsswitch/winbindd_group.c:winbindd_getgroups(1032) user 'root' does not exist [2004/06/08 21:15:01, 1] nsswitch/winbindd_group.c:winbindd_getgroups(1032) user 'root' does not exist [2004/06/08 21:15:53, 1] nsswitch/winbindd_group.c:winbindd_getgroups(1032) user 'root' does not exist [2004/06/08 21:16:28, 1] nsswitch/winbindd_group.c:winbindd_getgroups(1032) user 'root' does not exist [2004/06/08 21:25:00, 1] nsswitch/winbindd_group.c:winbindd_getgroups(1032) user 'root' does not exist which is normal... (in 3.0.4) ;-) Regards, Alex. -- To
Re: [Samba] Samba just Slow with AutoCad?
Yes I am user reiserFS on the AutoCad Shares (Jerry, are you?) The older machine is running ext3. The CPU usage goes up, but I definately wouldn't call it a spike. It goes to about 1% which is probably normal. I did use the nolargeio=1 option and it did increase performance.. but.. I tried timing the time it takes to save. It takes the older machine about 1.25 seconds to save a 606KB drawing and it takes ~3 seconds for the new fancy machine. Could this be due to ReiserFS? - Original Message - From: Rashkae [EMAIL PROTECTED] To: Brian Merrell [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Sent: Wednesday, June 09, 2004 7:56 AM Subject: Re: [Samba] Samba just Slow with AutoCad? Hi. Does your new system use ReiserFS? When these ~20 second delays happen, can you see if there's a spike of System CPU time useage on the server? I've not heard of it happening over a network share, but some poorly behaved applications can trigger a 'feature', (actually, a performance optimization) with ReiserFS on Newer (2.6) kernels that will make the kernel spin it's wheels for a number of seconds. If this might be the case for you, you can disable it by mounting a ReiserFS volume with a nolargeio=1 option. (If you want to test this, it appears to to be safe to remount. That is, mount /home -o remount,nolargeio=1 As an example.) On Tue, Jun 08, 2004 at 12:26:25PM -0600, Brian Merrell wrote: I just came across some very interesting information. We samba running on an old HP PIII 900. I just plugged it back in and we opened some backup files we had on it. It works just fine with AutoCad. Linux gatekeeper 2.4.26 #5 Mon Apr 19 07:15:24 MDT 2004 i686 Pentium III (Coppermine) GenuineIntel GNU/Linux Samba Version 2.2.8a Our new machine is a Dual Opteron machine. Linux fileserv 2.6.5-gentoo-r1 #3 Sat May 29 13:32:03 MDT 2004 x86_64 5 GNU/Linux Samba Version Version 3.0.2a The difference is that I need the hard drive space on our new server versus the 40 gigs we have on the older machine. The smb.conf file on the old machine is very very basic: [global] workgroup = TRISTATE security = SHARE [backup] path = /usr/backup writeable = Yes guest ok = Yes - Original Message - From: Brian Merrell [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Tuesday, June 08, 2004 12:07 PM Subject: Re: [Samba] Samba just Slow with AutoCad? Terry, Thanks a lot for your reply. We're really trying to solve this problem. Brian, 1. Which release of AutoCAD are you using? Autodesk Land Desktop 2004 2004.0.0 Service Pack 1 2. Are the support files for AutoCAD on the client or the server? On the clients. 3. Are you using cups? No. 4. Is it true that your plotter settings are not being saved with the drawing? Was this true when you were using a windows server? They are being saved with the drawings. They were also being saved with the drawings on the windows server. (the windows server was actually just another client that shared it's HD). 5. Normally when AutoCAD is opening the print dialog box in an existing drawing, it is trying to find the printer that was used by the last session of Autocad. If it can't find that printer, it produces the printer none. Are you loading your printers from the server such that each client has the identical printer name? First of all, you're right. The print dialog only produces the printer none when it's a new drawing. Otherwise, it saves the print settings. But we still experience a delay independant of whether we are printing from a new drawing or an existing one. The printers aren't on the server, and we do not have identical printer name. 6. Are the network directories being used by AutoCAD the same as being used by the other programs that don't exhibit the long save times? No. AutoCad drawings are stored on a seperate harddrive and a different directory. However, after reading this e-mail I moved a TIF image to the autocad directory and opened them from Adobe Photoshop. I then modified and saved the drawing and there was no delay. There was also no delay for opening a print dialog. The problem continues to be only with AutoCad. We use AutoCAD 2000, 2002, 2004 with RH E3.0 and Samba 3.0.2-6.3E with no delays in saving or printing and have achieved better performance than the previous W2k server. With a little more information we might be able to assist in finding the bottleneck. Terry -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Bob Turner Sent: Tuesday, June 08, 2004 10:45 AM To: 'Brian Merrell'; [EMAIL PROTECTED] Subject: RE: [Samba] Samba just Slow with
[Samba] Problem with authenticating a computer to a samba share
Hi, I have a Win2k Server Active Directory Domain Controller, and an Exchange server running on the same machine. I want to use NTBACKUP to back up the mailboxes to a Samba machine running as ADC slave. This doesn't work, and I get the message Username DOMAIN\MACHINE$ is invalid on this system in the Samba logs. How can I make MACHINE known to Samba? Since MACHINE is the domain controller, I can't add it to the ADC host list, and it's the one that supplies the passwords... Anyone seen/done this before? Thanks a lot in advance, Björn -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
AW: [Samba] Samba just Slow with AutoCad?
Hi, we had a similar problem with a reiserfs partition an SGI´s FailSafe , it took to long to save a internal database of failsafe because of this the ha services moved from one node to the other and back again (until we stoped failsafe) after we changed the partition to ext2 /ext3 this problem dissapeared. Maybe this could be the same reason. just a thought. -Ursprüngliche Nachricht- Von: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Auftrag von Brian Merrell Gesendet: Mittwoch, 9. Juni 2004 17:09 An: [EMAIL PROTECTED] Betreff: Re: [Samba] Samba just Slow with AutoCad? Yes I am user reiserFS on the AutoCad Shares (Jerry, are you?) The older machine is running ext3. The CPU usage goes up, but I definately wouldn't call it a spike. It goes to about 1% which is probably normal. I did use the nolargeio=1 option and it did increase performance.. but.. I tried timing the time it takes to save. It takes the older machine about 1.25 seconds to save a 606KB drawing and it takes ~3 seconds for the new fancy machine. Could this be due to ReiserFS? - Original Message - From: Rashkae [EMAIL PROTECTED] To: Brian Merrell [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Sent: Wednesday, June 09, 2004 7:56 AM Subject: Re: [Samba] Samba just Slow with AutoCad? Hi. Does your new system use ReiserFS? When these ~20 second delays happen, can you see if there's a spike of System CPU time useage on the server? I've not heard of it happening over a network share, but some poorly behaved applications can trigger a 'feature', (actually, a performance optimization) with ReiserFS on Newer (2.6) kernels that will make the kernel spin it's wheels for a number of seconds. If this might be the case for you, you can disable it by mounting a ReiserFS volume with a nolargeio=1 option. (If you want to test this, it appears to to be safe to remount. That is, mount /home -o remount,nolargeio=1 As an example.) On Tue, Jun 08, 2004 at 12:26:25PM -0600, Brian Merrell wrote: I just came across some very interesting information. We samba running on an old HP PIII 900. I just plugged it back in and we opened some backup files we had on it. It works just fine with AutoCad. Linux gatekeeper 2.4.26 #5 Mon Apr 19 07:15:24 MDT 2004 i686 Pentium III (Coppermine) GenuineIntel GNU/Linux Samba Version 2.2.8a Our new machine is a Dual Opteron machine. Linux fileserv 2.6.5-gentoo-r1 #3 Sat May 29 13:32:03 MDT 2004 x86_64 5 GNU/Linux Samba Version Version 3.0.2a The difference is that I need the hard drive space on our new server versus the 40 gigs we have on the older machine. The smb.conf file on the old machine is very very basic: [global] workgroup = TRISTATE security = SHARE [backup] path = /usr/backup writeable = Yes guest ok = Yes - Original Message - From: Brian Merrell [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Tuesday, June 08, 2004 12:07 PM Subject: Re: [Samba] Samba just Slow with AutoCad? Terry, Thanks a lot for your reply. We're really trying to solve this problem. Brian, 1. Which release of AutoCAD are you using? Autodesk Land Desktop 2004 2004.0.0 Service Pack 1 2. Are the support files for AutoCAD on the client or the server? On the clients. 3. Are you using cups? No. 4. Is it true that your plotter settings are not being saved with the drawing? Was this true when you were using a windows server? They are being saved with the drawings. They were also being saved with the drawings on the windows server. (the windows server was actually just another client that shared it's HD). 5. Normally when AutoCAD is opening the print dialog box in an existing drawing, it is trying to find the printer that was used by the last session of Autocad. If it can't find that printer, it produces the printer none. Are you loading your printers from the server such that each client has the identical printer name? First of all, you're right. The print dialog only produces the printer none when it's a new drawing. Otherwise, it saves the print settings. But we still experience a delay independant of whether we are printing from a new drawing or an existing one. The printers aren't on the server, and we do not have identical printer name. 6. Are the network directories being used by AutoCAD the same as being used by the other programs that don't exhibit the long save times? No. AutoCad drawings are stored on a seperate harddrive and a different directory. However, after reading this e-mail I moved a TIF image to the autocad directory and opened them
[Samba] RE: XP Joining domain
Hi Derek. What's interesting about these errors is that the Join seems to succeed, but that the machine password in the smbpasswd file is not modified. We're still using the 2.2.x stream of samba, and I've been meaning to try the 3.0.x versions, but haven't gotten around to it yet. I hope my suggestions still apply to the version of samba you're using. At first blush, it looks like you're having some permissions problems editing the smbpasswd file and creating the machine account passwd for the XP machine joining the domain. Let me review items you've tried 1) Manually creating unix account and adding machine account to smbpasswd file with smbpasswd -am xptest$ (your unix passwd entry looked fine) 2) The unix root account has an smbpasswd, and you're using that when prompted. (We've never been able to get domain admins to join machines (because smbpasswd file is writable by only root) 3) It does look like the smbpasswd machine account has been disabled - have you tried re-enabling it and rejoining the machine? Smbpasswd -e xptest$ Because the smbpasswd file doesn't get modified, I suspect some kind of permissions problem. When trying to join the domain, have you already connected to the samba server using a different set of credentials? In our version of samba, only one set of credentials is allowed - try doing a 'net use /delete *' (or something like that) from the PC to be sure you haven't unwittingly opened a connection to the samba server before trying to join the domain. Good luck-- Sam Barasch Computer Systems Support Dept. of Biostatistics University of Wisconsin in Madison -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Derek Harkness Sent: Monday, June 07, 2004 11:20 AM To: [EMAIL PROTECTED] Subject: [Samba] XP Joining domain I'm attempting to join a Samba 3.0.4 domain on a Debian linux box, with a Windows XP client. Problems 1) Can only get the join to work if I use the root account. On Win2k I can use any account in the Domain Admins group. 2) The join succeeds, the unix account and the smb account are created but the smb account is disabled, and the password contains all s. Joining the domain works fine from Win2k. I've tried adjusting the Signing entries. I tried manually creating the machine accounts, and I get a can't access machine account error on login. Any thoughts? Thanks! Derek This world is a comedy to those who think and a tragedy to those who feel. My lack of knowledge is only exceeded by my lack of concern. --Anonymous GE Engineer -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Re: XP Joining domain
I think I found the problem. Late yesterday afternoon I discovered that useradd on Linux works differently then useradd on Solaris. I'm migration from Samba 2.2 on Sun to Samba 3.0 on Linux. When useradd on Solaris adds a new user it finds the last uid number and increments it. The Linux version just finds the first unused in the password file, this became a problem because some of my user information is in the local password file and some is in ldap. So the Linux useradd was adding duplication uid numbers. This was easily corrected, and XP started working just fine. The interesting thing here is that win2k never had a problem. So I'm guessing that XP does a bit more checking when it joins the domain. Thanks so much for everyone's help!! Derek On Jun 9, 2004, at 12:00 PM, Sam Barasch wrote: Hi Derek. What's interesting about these errors is that the Join seems to succeed, but that the machine password in the smbpasswd file is not modified. We're still using the 2.2.x stream of samba, and I've been meaning to try the 3.0.x versions, but haven't gotten around to it yet. I hope my suggestions still apply to the version of samba you're using. At first blush, it looks like you're having some permissions problems editing the smbpasswd file and creating the machine account passwd for the XP machine joining the domain. Let me review items you've tried 1) Manually creating unix account and adding machine account to smbpasswd file with smbpasswd -am xptest$ (your unix passwd entry looked fine) 2) The unix root account has an smbpasswd, and you're using that when prompted. (We've never been able to get domain admins to join machines (because smbpasswd file is writable by only root) 3) It does look like the smbpasswd machine account has been disabled - have you tried re-enabling it and rejoining the machine? Smbpasswd -e xptest$ Because the smbpasswd file doesn't get modified, I suspect some kind of permissions problem. When trying to join the domain, have you already connected to the samba server using a different set of credentials? In our version of samba, only one set of credentials is allowed - try doing a 'net use /delete *' (or something like that) from the PC to be sure you haven't unwittingly opened a connection to the samba server before trying to join the domain. Good luck-- Sam Barasch Computer Systems Support Dept. of Biostatistics University of Wisconsin in Madison -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Derek Harkness Sent: Monday, June 07, 2004 11:20 AM To: [EMAIL PROTECTED] Subject: [Samba] XP Joining domain I'm attempting to join a Samba 3.0.4 domain on a Debian linux box, with a Windows XP client. Problems 1) Can only get the join to work if I use the root account. On Win2k I can use any account in the Domain Admins group. 2) The join succeeds, the unix account and the smb account are created but the smb account is disabled, and the password contains all s. Joining the domain works fine from Win2k. I've tried adjusting the Signing entries. I tried manually creating the machine accounts, and I get a can't access machine account error on login. Any thoughts? Thanks! Derek This world is a comedy to those who think and a tragedy to those who feel. My lack of knowledge is only exceeded by my lack of concern. --Anonymous GE Engineer When the people fear the government you have tyranny... when the government fears the people you have liberty. --Thomas Jefferson PGP.sig Description: This is a digitally signed message part -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba just Slow with AutoCad?
The time it takes to save seems to get worse the longer drawing is open and being used. We're already back to seeing 10 second saves this morning. I will probably try using ext3 instead of reiserFS this weekend, unless someone out there has AutoCad working fine with reiserFS this is my best guess as to what the problem is. - Original Message - From: Brian Merrell [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Wednesday, June 09, 2004 9:09 AM Subject: Re: [Samba] Samba just Slow with AutoCad? Yes I am user reiserFS on the AutoCad Shares (Jerry, are you?) The older machine is running ext3. The CPU usage goes up, but I definately wouldn't call it a spike. It goes to about 1% which is probably normal. I did use the nolargeio=1 option and it did increase performance.. but.. I tried timing the time it takes to save. It takes the older machine about 1.25 seconds to save a 606KB drawing and it takes ~3 seconds for the new fancy machine. Could this be due to ReiserFS? - Original Message - From: Rashkae [EMAIL PROTECTED] To: Brian Merrell [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Sent: Wednesday, June 09, 2004 7:56 AM Subject: Re: [Samba] Samba just Slow with AutoCad? Hi. Does your new system use ReiserFS? When these ~20 second delays happen, can you see if there's a spike of System CPU time useage on the server? I've not heard of it happening over a network share, but some poorly behaved applications can trigger a 'feature', (actually, a performance optimization) with ReiserFS on Newer (2.6) kernels that will make the kernel spin it's wheels for a number of seconds. If this might be the case for you, you can disable it by mounting a ReiserFS volume with a nolargeio=1 option. (If you want to test this, it appears to to be safe to remount. That is, mount /home -o remount,nolargeio=1 As an example.) On Tue, Jun 08, 2004 at 12:26:25PM -0600, Brian Merrell wrote: I just came across some very interesting information. We samba running on an old HP PIII 900. I just plugged it back in and we opened some backup files we had on it. It works just fine with AutoCad. Linux gatekeeper 2.4.26 #5 Mon Apr 19 07:15:24 MDT 2004 i686 Pentium III (Coppermine) GenuineIntel GNU/Linux Samba Version 2.2.8a Our new machine is a Dual Opteron machine. Linux fileserv 2.6.5-gentoo-r1 #3 Sat May 29 13:32:03 MDT 2004 x86_64 5 GNU/Linux Samba Version Version 3.0.2a The difference is that I need the hard drive space on our new server versus the 40 gigs we have on the older machine. The smb.conf file on the old machine is very very basic: [global] workgroup = TRISTATE security = SHARE [backup] path = /usr/backup writeable = Yes guest ok = Yes - Original Message - From: Brian Merrell [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Tuesday, June 08, 2004 12:07 PM Subject: Re: [Samba] Samba just Slow with AutoCad? Terry, Thanks a lot for your reply. We're really trying to solve this problem. Brian, 1. Which release of AutoCAD are you using? Autodesk Land Desktop 2004 2004.0.0 Service Pack 1 2. Are the support files for AutoCAD on the client or the server? On the clients. 3. Are you using cups? No. 4. Is it true that your plotter settings are not being saved with the drawing? Was this true when you were using a windows server? They are being saved with the drawings. They were also being saved with the drawings on the windows server. (the windows server was actually just another client that shared it's HD). 5. Normally when AutoCAD is opening the print dialog box in an existing drawing, it is trying to find the printer that was used by the last session of Autocad. If it can't find that printer, it produces the printer none. Are you loading your printers from the server such that each client has the identical printer name? First of all, you're right. The print dialog only produces the printer none when it's a new drawing. Otherwise, it saves the print settings. But we still experience a delay independant of whether we are printing from a new drawing or an existing one. The printers aren't on the server, and we do not have identical printer name. 6. Are the network directories being used by AutoCAD the same as being used by the other programs that don't exhibit the long save times? No. AutoCad drawings are stored on a seperate harddrive and a different directory. However, after reading this e-mail I moved a TIF image to the autocad directory and opened them from Adobe Photoshop. I then modified and saved the drawing and there was no delay.
[Samba] Automated response from the Paragon Software (SHDD) Support Service
___English___ Dear Customer, This is an automated response from the Paragon Software Support Service. Please do not reply this message. Your e-mail message has been successfully received. Please be patient, your request will be processed within two-three business days and will be replied. Our support hours are Monday-Friday 11.00-19.00 GMT+3. You can find both technical, as well as general, product information, in the following areas: 1) The Paragon Software web site (http://www.penreader.com). Useful links: Dictionaries http://www.penreader.com/technologies/Dictionaries.html Localization http://www.penreader.com/technologies/Localization.html Gameshttp://www.penreader.com/technologies/Games.html Utilitieshttp://www.penreader.com/technologies/Utilities.html Handwriting http://www.penreader.com/technologies/Handwriting.html News http://www.penreader.com/company/news.html 2) Your Getting Started Manual 3) Help files that were installed with the product If you paid for software online and do not know, how to get your purchase, please, check Your e-mail box. There must be a message from e-care System of Paragon Software with a link, password and login, where you can download a program. Paragon Software (Smart Handheld Devices Division) phones - +7 (095) 408-61-79, 408-76-77 e-mail: [EMAIL PROTECTED] Web - http://www.penreader.com Russian_ , Paragon Software. , . - . : - 11.00-19.00 GMT+3. : 1)web- (http://www.penreader.com/ru/index.html); : http://www.penreader.com/ru/technologies/Dictionaries.html http://www.penreader.com/ru/technologies/Localization.html http://www.penreader.com/ru/technologies/Games.html http://www.penreader.com/ru/technologies/Utilities.html http://www.penreader.com/ru/technologies/Handwriting.html http://www.penreader.com/ru/company/news.html 2) ; 3) Help files. - , ,, e-mail . Paragon Software, , , . Paragon Software (Smart Handheld Devices Division) +7 (095) 408-61-79, 408-76-77 e-mail: [EMAIL PROTECTED] Web - http://www.penreader.com/ru/index.html 11.03.2004 You wrote/ : [EMAIL PROTECTED] Please have a look at the attached file. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] bundled version not configured?
I am trying to backup files from a linux box to a windows box. The linux seems to be bundles with Samba2.2.8. It also seems not to work as I can't start the daemon or even find some of the expected files. Is it likely it was never installed or configured? How do I get it running or is it better to download a new version and should I uninstall first? How? -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba just Slow with AutoCad?
On Wed, Jun 09, 2004 at 10:18:22AM -0600, Brian Merrell wrote: I tried timing the time it takes to save. It takes the older machine about 1.25 seconds to save a 606KB drawing and it takes ~3 seconds for the new fancy machine. Could this be due to ReiserFS? In my experience, and by every benchmark measure I've seen so far, ReiserFS performance is far superior to ext3. The problem I mentioned that gets fixed with nolargeio option is a bizare abnomally. Reportedly, it affects older versions of Kmail and the Linux version of NeverWinter Nights. I thought it would be worth trying. Since that was obviously not the problem, I'll let the real Samba experts take back the floor :) -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RES: [Samba] authentification in ads2003
I also have made this configuration working with w2k, the problem is related do enc-types used by w2k3. I have seen a lot of people complaining about the same issue. Can the samba gurus help the community ??? What are the right configuration to put a Samba 3.0.x working as a Active Directory 2003 member and be accessible through \\samba name\share name ?! Please Jerry Carter, Andrew Batlett e other, gave us some light... -Mensagem original- De: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Em nome de Christoph Scheeder Enviada em: quarta-feira, 9 de junho de 2004 11:05 Para: Benoit Moeremans Cc: [EMAIL PROTECTED] Assunto: Re: [Samba] authentification in ads2003 Hi, i got that working on woddy, but against a win2000 ADS. How? - fetched the latest soure of MIT-kerberos from mit-server and installed in /usr/local, as the version comming with woody is to old , it does not support the neede enc-types. - fetched samba-3.0.5-pre2 from svn and compiled it against the kerberos in /usr/local, and installed it. - deleted all old databases of samba - delete the samba-server from the ADS and rejoin it. i found for me that in nsswitch.conf the lines passwd: compat winbind group: compat winbind will not work, replace compat with files this way you should be able to get it working, but no garanty. Christoph Benoit Moeremans schrieb: Hello, *This msg was already sent yesterday on this ml, but some i found some faults in the mail.* **If anyone can help me... the only thing i'm thinking now is to throw away the servers** I installed Samba 3.0.4 + kerberos 5 + winbind to make the debian woody server joining the Active directory service. Everything seems to be ok, except the authentification. If i try to go to the share of the linux server from a windows box, it asks me the password. And of course, no way to log in. Here is the config: *nsswitch.conf* passwd: compat winbind group: compat winbind shadow: compat hosts: files dns networks: files protocols: db files services: db files ethers: db files rpc:db files netgroup: nis *samba* [global] workgroup = TEST realm = CAR.BE.TEST.COM.LOCAL server string = %h server (Samba %v) ; wins support = no ; wins server = w.x.y.z dns proxy = no ; name resolve order = lmhosts host wins bcast use spnego = yes log file = /var/log/samba/log.%m max log size = 1000 ; syslog only = no syslog = 0 panic action = /usr/share/samba/panic-action %d # separate domain and username with '+', like DOMAIN+username winbind separator = + # use uids from 1 to 2 for domain users idmap uid = 1-2 # use gids from 1 to 2 for domain groups idmap gid = 1-2 # allow enumeration of winbind users and groups winbind enum users = yes winbind enum groups = yes security = ADS encrypt passwords = yes passdb backend = tdbsam guest obey pam restrictions = yes password server = car-pdc netbios name = rantanplan ; guest account = nobody invalid users = root ; unix password sync = no ; passwd program = /usr/bin/passwd %u# passwd chat = *Enter\snew\sUNIX\spassword:* %n\n *Retype\snew\sUNIX\spassword:* %n\n . ; pam password change = no ; load printers = yes ; preserve case = yes ; short preserve case = yes ; include = /home/samba/etc/smb.conf.%m # SO_RCVBUF=8192 SO_SNDBUF=8192 socket options = TCP_NODELAY ; message command = /bin/sh -c '/usr/bin/linpopup %f %m %s; rm %s' ; domain master = auto idmap uid = 1-2 idmap gid = 1-2 ; template shell = /bin/bash [admin] comment = Administration Directory path = /home/benoit admin users = TEST+bmo browseable = yes public = no writable = yes guest only = no valid users = TEST+bmo *kerberos* [libdefaults] default_realm = CAR.BE.TEST.COM [realms] CAR.BE.TEST.COM = { kdc = car-pdc.car.be.test.com default_domain = car.be.test.com } #[domain_realms] #.kerberos.server=CAR.BE.TEST.COM # The following krb5.conf variables are only for MIT Kerberos. default_tgs_enctypes = des3-hmac-sha1 des-cbc-crc des-cbc-md5 default_tkt_enctypes = des3-hmac-sha1 des-cbc-crc des-cbc-md5 permitted_enctypes = des3-hmac-sha1 des-cbc-crc des-cbc-md5 krb4_config = /etc/krb.conf krb4_realms = /etc/krb.realms kdc_timesync = 1 ccache_type = 4 forwardable = true proxiable = true v4_instance_resolve = false v4_name_convert = { host = { rcmd = host ftp = ftp } plain = { something = something-else } } [login] krb4_convert = true krb4_get_tickets = true *winbind*
RES: [Samba] Problem with authenticating a computer to a samba sh are
What do you mean with ADC Slave, security=ads in smb.conf ? -Mensagem original- De: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Em nome de Björn Giesler Enviada em: quarta-feira, 9 de junho de 2004 12:32 Para: [EMAIL PROTECTED] Assunto: [Samba] Problem with authenticating a computer to a samba share Hi, I have a Win2k Server Active Directory Domain Controller, and an Exchange server running on the same machine. I want to use NTBACKUP to back up the mailboxes to a Samba machine running as ADC slave. This doesn't work, and I get the message Username DOMAIN\MACHINE$ is invalid on this system in the Samba logs. How can I make MACHINE known to Samba? Since MACHINE is the domain controller, I can't add it to the ADC host list, and it's the one that supplies the passwords... Anyone seen/done this before? Thanks a lot in advance, Björn -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba = Esta mensagem pode conter informação confidencial e/ou privilegiada. Se você não for o destinatário ou a pessoa autorizada a receber esta mensagem, não deverá utilizar, copiar, alterar, divulgar a informação nela contida ou tomar qualquer ação baseada nessas informações. Se você recebeu esta mensagem por engano, por favor avise imediatamente o remetente, respondendo o e-mail e em seguida apague-o. Agradecemos sua cooperação. This message may contain confidential and/or privileged information. If you are not the addressee or authorized to receive this for the addressee, you must not use, copy, disclose, change, take any action based on this message or any information herein. If you have received this message in error, please advise the sender immediately by reply e-mail and delete this message. Thank you for your cooperation. = -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] smbldap - backup
Hi, I'm wondering what is the best option to backup the ldap backend of my samba server without having to bring ldap offline? Until now, I didn't find a lot of documentation about best practices on this subject. Does anybody here have a suggestion? Thank you. Etienne-Hugues Fortin -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Winbind Authentication Problem
Had planned to use LDAP and replace an NT4 domain, but trouble with a software vendor (long story) means we need to keep the NT4 domain and use winbind for share authentication for the next few months. So, I religiously followed the TOSHARG winbind chapter, stopping short of making changes to /etc/pam.d files. I can browse and see shares from the Samba box via KDE's LAN browser, but authentication doesn't work. When browsing from a Windows box, I don't even get that far. I have set up several Samba boxes, but never used Winbind before, so I expect I'm missing something simple here. Using Samba 3.0.4-5 rpms compiled by Sernet (SuSE) on SuSE Pro 9.0 with all updates. Factoids: The box appears in NT4's Server Manager highlighted (so it's a domain member server as far as the domain is concerned.) Net Neighborhood on a Windows box shows an icon for the Samba server. From the Samba box running smbclient -L SHIRAZ generates a password prompt (doesn't matter what I put in) and then an error session setup failed: NT_STATUS_CANT_ACCESS_DOMAIN_INFO From a Windows machine on the network, doing a Start Run \\SHIRAZ [Enter] generates an error dialog box that reads: configuration information could not be read from the domain controller, either because the machine is unavailable, or access has been denied. The /var/log/messages file on the Samba server shows (I'm editing here): nsswitch/winbindd_util.c:get_trust_pw(1024) could not fetch trust account password for my domain MCCM Here's /etc/pam.d/samba: #%PAM-1.0 auth required pam_unix.so account required pam_unix.so Here's smb.conf (may wordwrap): [global] workgroup = MCCM interfaces = 127.0.0.1 172.22.6.0/24 192.168.20.0/24 192.168.21.0/24 eth0 bind interfaces only = true # printing = cups # printcap name = cups # load printers = yes winbind separator = '\' idmap uid = 1-2 idmap gid = 1-2 winbind enum users = yes winbind enum groups = yes template shell = /bin/bash template homedir = /home/%D/%U security = domain password server = * wins server = 172.22.6.11 encrypt passwords = yes [Accounting] comment = Company Financial Reports path = /data/Company/Accounting valid users = @Accounting read only = Yes [AcctPrivate] comment = Accounting Department Use Only path = /data/Company/AcctPrivate valid users = @Accounting-Private [Billing] comment = Billing Department Working Files path = /data/Company/Billing valid users = @Billing [IT_Dept] comment = Techie Stuff You May Need path = /data/Company/IT_Dept valid users = @Domain Users [IT_Private] comment = For IT Department Use Only path = /data/Company/IT_Private valid users = @IT_Dept [Lab] comment = For Lab Department Use Only path = /data/Company/Lab valid users = @Lab [LabPrivate] comment = Lab Management Use Only path = /data/Company/LabPrivate valid users = @Lab # Change valid users to head of lab! [Public] comment = Public Documents path = /data/Company/Public valid users = @Domain Users [Research] comment = For Research Department Use Only path = /data/Company/Public valid users = @Domain Users # Correct valid users to members of research local group. And here's nsswitch.conf: passwd: files winbind shadow: files group: files winbind passwd: compat ldap group: compat ldap hosts: files dns wins networks: files dns services: files protocols: files rpc:files ethers: files netmasks: files netgroup: files publickey: files bootparams: files automount: files nis aliases:files All ideas gratefully accepted! Thanks! Mark -- _ A Message From... L. Mark Stone Reliable Networks of Maine, LLC 477 Congress Street, 5th Floor Portland, ME 04101 Tel: (207) 772-5678 Web: http://www.RNoME.com -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] security = ads: problem join XP Pro?
Hi, I've configured Samba 3.0.4 with Openldap 2.1.22 to use my samba server as a PDC. At first, I had some problem with the user administrator. I've then found the workaround a few days ago. Now that this is fixed, I'm trying to join a XP Pro workstation to my domain. I've done multiple test and never succeeded. I'm always getting XP Pro to complain about not being able to find a domain and talking about a SRV entry in my DNS (which is dynamic as required when using dhcp at the same time). So, this morning, in a desesperate attempt, I changed security = ads to security = domain and retry to join the domain from XP Pro. To my surprise, it worked fine. I've reread the documentation and it's still saying that we should use security = domain when our server is acting as a BDC, not a PDC. I still have to do more test tonight to see if everything is working but right now, I'm more curious to understand why my samba server (which is now acting as a BDC) is accepting a join request while it's not when it's acting as a PDC. Is that normal? Should I keep my server in security = domain mode? Thank you. Etienne-Hugues Fortin -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: RES: [Samba] Problem with authenticating a computer to a samba sh are
Am 09.06.2004 um 19:55 schrieb Estevam Henrique Carvalho: What do you mean with ADC Slave, security=ads in smb.conf ? Yes, exactly. Encrypt passwords=yes, password server=MACHINE from my previous mail. Regards, Björn -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] security = ads: problem join XP Pro?
Does your DNS server have the following entries: If not it won't work. _ldap._tcp.fsklaw.net. 600 IN SRV 0 100 389 server.fsklaw.net. _ldap._tcp.Default-First-Site-Name._sites.fsklaw.net. 600 IN SRV 0 100 389 server.fsklaw.net. _ldap._tcp.pdc._msdcs.fsklaw.net. 600 IN SRV 0 100 389 server.fsklaw.net. _ldap._tcp.gc._msdcs.fsklaw.net. 600 IN SRV 0 100 3268 server.fsklaw.net. _ldap._tcp.Default-First-Site-Name._sites.gc._msdcs.fsklaw.net. 600 IN SRV 0 100 3268 server.fsklaw.net. _ldap._tcp.dddc-59fe-434d-8cca-f00ca06b564d.domains._msdcs.fsklaw.net. 600 IN SRV 0 100 389 server.fsklaw.net. gc._msdcs.fsklaw.net. 600 IN A 192.168.62.1 42254cae-00e0-4814-a063-af2189b41e2b._msdcs.fsklaw.net. 600 IN CNAME server.fsklaw.net. _kerberos._tcp.dc._msdcs.fsklaw.net. 600 IN SRV 0 100 88 server.fsklaw.net. _kerberos._tcp.Default-First-Site-Name._sites.dc._msdcs.fsklaw.net. 600 IN SRV 0 100 88 server.fsklaw.net. _ldap._tcp.dc._msdcs.fsklaw.net. 600 IN SRV 0 100 389 server.fsklaw.net. _ldap._tcp.Default-First-Site-Name._sites.dc._msdcs.fsklaw.net. 600 IN SRV 0 100 389 server.fsklaw.net. _kerberos._tcp.fsklaw.net. 600 IN SRV 0 100 88 server.fsklaw.net. _kerberos._tcp.Default-First-Site-Name._sites.fsklaw.net. 600 IN SRV 0 100 88 server.fsklaw.net. _gc._tcp.fsklaw.net. 600 IN SRV 0 100 3268 server.fsklaw.net. _gc._tcp.Default-First-Site-Name._sites.fsklaw.net. 600 IN SRV 0 100 3268 server.fsklaw.net. _kerberos._udp.fsklaw.net. 600 IN SRV 0 100 88 server.fsklaw.net. _kpasswd._tcp.fsklaw.net. 600 IN SRV 0 100 464 server.fsklaw.net. _kpasswd._udp.fsklaw.net. 600 IN SRV 0 100 464 server.fsklaw.net. fsklaw.net. 600 IN A 192.168.61.1 gc._msdcs.fsklaw.net. 600 IN A 192.168.61.1 Etienne-Hugues Fortin wrote: Hi, I've configured Samba 3.0.4 with Openldap 2.1.22 to use my samba server as a PDC. At first, I had some problem with the user administrator. I've then found the workaround a few days ago. Now that this is fixed, I'm trying to join a XP Pro workstation to my domain. I've done multiple test and never succeeded. I'm always getting XP Pro to complain about not being able to find a domain and talking about a SRV entry in my DNS (which is dynamic as required when using dhcp at the same time). So, this morning, in a desesperate attempt, I changed security = ads to security = domain and retry to join the domain from XP Pro. To my surprise, it worked fine. I've reread the documentation and it's still saying that we should use security = domain when our server is acting as a BDC, not a PDC. I still have to do more test tonight to see if everything is working but right now, I'm more curious to understand why my samba server (which is now acting as a BDC) is accepting a join request while it's not when it's acting as a PDC. Is that normal? Should I keep my server in security = domain mode? Thank you. Etienne-Hugues Fortin -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] smbldap - backup
Hi, Really more of an openldap question... however That's true but I assume that anybody that is using Samba with ldap would benefit knowing this. You can do 'slapcat' from the command line of your ldap box and it will output the data in an ldif format. Redirect that into a file for backing up. You would probably want to get your openldap configuration directory (typically /etc/openldap on linux servers where you didn't compile from source). If you ever needed to restore from that file you pipe it into a slapadd command and you're done restoring. I didn't realized that slapcat was really showing everything in a format that was usable for a future import (slapadd). I'll go to bed a little bit more knowledgable about ldap. That's good. Hopefully it will be useful for somebody else as well. Thank you Paul for your fast answer. Etienne-Hugues -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] security = ads: problem join XP Pro?
Does your DNS server have the following entries: If not it won't work. It's the first time I'm seeing this list. I know that XP Pro was asking for something like _ldap._tcp.domainname but even googling on this didn't helped me getting what you just sent. I'll add this to my DNS. Just to make sure everything is clear, I have to replace the first fsklwaw.net with my own domain and then, I'm replacing the server.fsklaw.net with my fully qualified hostname for my samba server acting as the PDC. Everything else would stay identical. Is that right? Etienne-Hugues _ldap._tcp.fsklaw.net. 600 IN SRV 0 100 389 server.fsklaw.net. _ldap._tcp.Default-First-Site-Name._sites.fsklaw.net. 600 IN SRV 0 100 389 server.fsklaw.net. _ldap._tcp.pdc._msdcs.fsklaw.net. 600 IN SRV 0 100 389 server.fsklaw.net. _ldap._tcp.gc._msdcs.fsklaw.net. 600 IN SRV 0 100 3268 server.fsklaw.net. _ldap._tcp.Default-First-Site-Name._sites.gc._msdcs.fsklaw.net. 600 IN SRV 0 100 3268 server.fsklaw.net. _ldap._tcp.dddc-59fe-434d-8cca-f00ca06b564d.domains._msdcs.fsklaw.net. 600 IN SRV 0 100 389 server.fsklaw.net. gc._msdcs.fsklaw.net. 600 IN A 192.168.62.1 42254cae-00e0-4814-a063-af2189b41e2b._msdcs.fsklaw.net. 600 IN CNAME server.fsklaw.net. _kerberos._tcp.dc._msdcs.fsklaw.net. 600 IN SRV 0 100 88 server.fsklaw.net. _kerberos._tcp.Default-First-Site-Name._sites.dc._msdcs.fsklaw.net. 600 IN SRV 0 100 88 server.fsklaw.net. _ldap._tcp.dc._msdcs.fsklaw.net. 600 IN SRV 0 100 389 server.fsklaw.net. _ldap._tcp.Default-First-Site-Name._sites.dc._msdcs.fsklaw.net. 600 IN SRV 0 100 389 server.fsklaw.net. _kerberos._tcp.fsklaw.net. 600 IN SRV 0 100 88 server.fsklaw.net. _kerberos._tcp.Default-First-Site-Name._sites.fsklaw.net. 600 IN SRV 0 100 88 server.fsklaw.net. _gc._tcp.fsklaw.net. 600 IN SRV 0 100 3268 server.fsklaw.net. _gc._tcp.Default-First-Site-Name._sites.fsklaw.net. 600 IN SRV 0 100 3268 server.fsklaw.net. _kerberos._udp.fsklaw.net. 600 IN SRV 0 100 88 server.fsklaw.net. _kpasswd._tcp.fsklaw.net. 600 IN SRV 0 100 464 server.fsklaw.net. _kpasswd._udp.fsklaw.net. 600 IN SRV 0 100 464 server.fsklaw.net. fsklaw.net. 600 IN A 192.168.61.1 gc._msdcs.fsklaw.net. 600 IN A 192.168.61.1 Etienne-Hugues Fortin wrote: Hi, I've configured Samba 3.0.4 with Openldap 2.1.22 to use my samba server as a PDC. At first, I had some problem with the user administrator. I've then found the workaround a few days ago. Now that this is fixed, I'm trying to join a XP Pro workstation to my domain. I've done multiple test and never succeeded. I'm always getting XP Pro to complain about not being able to find a domain and talking about a SRV entry in my DNS (which is dynamic as required when using dhcp at the same time). So, this morning, in a desesperate attempt, I changed security = ads to security = domain and retry to join the domain from XP Pro. To my surprise, it worked fine. I've reread the documentation and it's still saying that we should use security = domain when our server is acting as a BDC, not a PDC. I still have to do more test tonight to see if everything is working but right now, I'm more curious to understand why my samba server (which is now acting as a BDC) is accepting a join request while it's not when it's acting as a PDC. Is that normal? Should I keep my server in security = domain mode? Thank you. Etienne-Hugues Fortin -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] security = ads: problem join XP Pro?
Are you running any windows servers in your setup or just one samba box and the clients? Assuming the latter, which sounds like you unless I'm badly mis-reading you here, you don't *need* any special DNS entries to make things work. Perhaps you could attach your smb.conf file? It sounds like your security parameter is way out of whack, which could be causing your issues. security = domain is for when you have a functioning NT network to add this machine to that holds your login info. I've successfully added a 3.0 machine to a 2.2.x network and then not had to do any passdb setup on it. security = ads is for configuring authentication against an existing 2000 (/2003?) AD network, which you haven't mentioned here. You probably want (from TOSHaRG): preferred master = yes domain master = yes local master = yes security = user domain logons = yes Etienne-Hugues Fortin wrote: Does your DNS server have the following entries: If not it won't work. It's the first time I'm seeing this list. I know that XP Pro was asking for something like _ldap._tcp.domainname but even googling on this didn't helped me getting what you just sent. I'll add this to my DNS. Just to make sure everything is clear, I have to replace the first fsklwaw.net with my own domain and then, I'm replacing the server.fsklaw.net with my fully qualified hostname for my samba server acting as the PDC. Everything else would stay identical. Is that right? Etienne-Hugues _ldap._tcp.fsklaw.net. 600 IN SRV 0 100 389 server.fsklaw.net. _ldap._tcp.Default-First-Site-Name._sites.fsklaw.net. 600 IN SRV 0 100 389 server.fsklaw.net. _ldap._tcp.pdc._msdcs.fsklaw.net. 600 IN SRV 0 100 389 server.fsklaw.net. _ldap._tcp.gc._msdcs.fsklaw.net. 600 IN SRV 0 100 3268 server.fsklaw.net. _ldap._tcp.Default-First-Site-Name._sites.gc._msdcs.fsklaw.net. 600 IN SRV 0 100 3268 server.fsklaw.net. _ldap._tcp.dddc-59fe-434d-8cca-f00ca06b564d.domains._msdcs.fsklaw.net. 600 IN SRV 0 100 389 server.fsklaw.net. gc._msdcs.fsklaw.net. 600 IN A 192.168.62.1 42254cae-00e0-4814-a063-af2189b41e2b._msdcs.fsklaw.net. 600 IN CNAME server.fsklaw.net. _kerberos._tcp.dc._msdcs.fsklaw.net. 600 IN SRV 0 100 88 server.fsklaw.net. _kerberos._tcp.Default-First-Site-Name._sites.dc._msdcs.fsklaw.net. 600 IN SRV 0 100 88 server.fsklaw.net. _ldap._tcp.dc._msdcs.fsklaw.net. 600 IN SRV 0 100 389 server.fsklaw.net. _ldap._tcp.Default-First-Site-Name._sites.dc._msdcs.fsklaw.net. 600 IN SRV 0 100 389 server.fsklaw.net. _kerberos._tcp.fsklaw.net. 600 IN SRV 0 100 88 server.fsklaw.net. _kerberos._tcp.Default-First-Site-Name._sites.fsklaw.net. 600 IN SRV 0 100 88 server.fsklaw.net. _gc._tcp.fsklaw.net. 600 IN SRV 0 100 3268 server.fsklaw.net. _gc._tcp.Default-First-Site-Name._sites.fsklaw.net. 600 IN SRV 0 100 3268 server.fsklaw.net. _kerberos._udp.fsklaw.net. 600 IN SRV 0 100 88 server.fsklaw.net. _kpasswd._tcp.fsklaw.net. 600 IN SRV 0 100 464 server.fsklaw.net. _kpasswd._udp.fsklaw.net. 600 IN SRV 0 100 464 server.fsklaw.net. fsklaw.net. 600 IN A 192.168.61.1 gc._msdcs.fsklaw.net. 600 IN A 192.168.61.1 Etienne-Hugues Fortin wrote: Hi, I've configured Samba 3.0.4 with Openldap 2.1.22 to use my samba server as a PDC. At first, I had some problem with the user administrator. I've then found the workaround a few days ago. Now that this is fixed, I'm trying to join a XP Pro workstation to my domain. I've done multiple test and never succeeded. I'm always getting XP Pro to complain about not being able to find a domain and talking about a SRV entry in my DNS (which is dynamic as required when using dhcp at the same time). So, this morning, in a desesperate attempt, I changed security = ads to security = domain and retry to join the domain from XP Pro. To my surprise, it worked fine. I've reread the documentation and it's still saying that we should use security = domain when our server is acting as a BDC, not a PDC. I still have to do more test tonight to see if everything is working but right now, I'm more curious to understand why my samba server (which is now acting as a BDC) is accepting a join request while it's not when it's acting as a PDC. Is that normal? Should I keep my server in security = domain mode? Thank you. Etienne-Hugues Fortin -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- Paul Gienger Office:701-281-1884 Applied Engineering Inc. Cell: 701-306-6254 Information Systems Consultant Fax: 701-281-1322 URL: www.ae-solutions.commailto:[EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Need Information
Dear Sir / Madam, Hello I am now a day working on Samba Server 2.2.x to act Like PDC Server. i am very much work but when i use windows 2000 for its client it wont works it register it self but after i reboot system its says that no Windows cannot find that Domain or Domain is available or your machine is not register...etc So Kindly help me in this meter as soon as possible. Best Regards M-Usman _ Linux.Net --Open Source to everyone Powered by Linare Corporation http://www.linare.com/ -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Error Joining Domain
hello im trying to setup a test PDC using SAMBA 3 and used one example from samba docs and encountered this problem, by the way my test client runs on win2k prof: Windows Error!! A duplicate name exists on the network i can not log-in and i cannot browse my PDC and shared folders. then i run smbclient -L localhost %U on the PDC and it showed three server names, 3 workgroups and three master, all including the PDC. the other win2k clients are configured in workgroup for the meantime before i join them to the domain but this error appears. its the 1st time im trying to join the pc on the domain. heres my sample smb.conf [global] workgroup = CUBAO passwd chat = *New*Password* \ %n\n*Re-enter*new*password* %n\n *Password*changed* username map = /etc/samba/smbusers syslog = 0 name resolve order = wins bcast hosts printcap name = CUPS show add printer wizard = No add user script = /usr/sbin/useradd -m %u delete user script = /usr/sbin/userdel -r %u add group script = /usr/sbin/groupadd %g delete group script = /usr/sbin/groupdel %g add user to group script = /usr/sbin/usermod -G %g %u add machine script = /usr/sbin/useradd \ -s /bin/false -d /dev/null %u logon script = scripts\login.bat logon path = logon drive = X: domain logons = Yes preferred master = Yes wins support = Yes printing = CUPS any ideas thanks.. mike -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] security = ads: problem join XP Pro?
Hi Paul, It's the second option that I'm having. I'm pretty sure security = user will fix the problem. Is it me or in previous version of samba, security = user was for workgroup only? Below is my smb.conf. Note that I've changed the security to reflect what you suggested but it was exactly the same before except for the security = ads that was there. It's has now became a very long file based on the various documents that I read, trying to figure what was my problem. However, now that I made a lot of cleanup in the file and regrouped the settings by section, I think it make sense. Thank you for your time. Etienne-Hugues [global] ;unix charset = LOCALE workgroup = cyberspicace netbios name = fs01 server string = fs01 socket options = TCP_NODELAY SO_SNDBUF=8192 SO_RCVBUF=8192 wins support = yes ;PDC and master browser settings os level = 64 preferred master = yes local master = yes domain master = yes domain logons = yes ;security and logging settings security = user encrypt passwords = yes unix password sync = yes passdb backend = ldapsam:ldap://fs01.cyberspicace.com username map = /etc/samba/smbusers log level = 1 syslog = 0 log file = /var/log/samba/%m max log size = 50 smb ports = 139 445 ;security - interface interfaces = eth0 192.168.1.0/24 lo 127/8 bind interfaces only = yes ;services name resolve order = wins bcast hosts time server = yes printcap name = CUPS printing = cups show add printer wizard = yes ;various scripts passwd program = /var/lib/samba/sbin/smbldap-passwd.pl -o %u passwd chat = *new*password* %n\n *new*password* %n\n *successfully* add user script = /var/lib/samba/sbin/smbldap-useradd.pl -a -m '%u' delete user script = /var/lib/samba/sbin/smbldap-userdel.pl %u add group script = /var/lib/samba/sbin/smbldap-groupadd.pl -p '%g' delete group script = /var/lib/samba/sbin/smbldap-groupdel.pl '%'g add user to group script = /var/lib/samba/sbin/smbldap-groupmod.pl -m '%u' '%g' delete user from group script = /var/lib/samba/sbin/smbldap-groupmod.pl -x '%u' '%g' set primary group script = /var/lib/samba/sbin/smbldap-usermod.pl -g '%g' '%u' add machine script = /var/lib/samba/sbin/smbldap-useradd.pl -w '%u' logon script = scripts\logon.bat logon path = \\%L\profiles\%U logon drive = X: ;access admin users = @Domain Admins printer admin = @Domain Admins ;ldap backend ldap suffix = dc=cyberspicace,dc=com ldap machine suffix = ou=People ldap user suffix = ou=People ldap group suffix = ou=Groups ldap idmap suffix = ou=Idmap ldap admin dn = cn=Manager,dc=cyberspicace,dc=com idmap backend = ldap:ldap://fs01.cyberspicace.com idmap uid = 1-2 idmap gid = 1-2 map acl inherit = Yes include = /etc/samba/shares.conf Are you running any windows servers in your setup or just one samba box and the clients? Assuming the latter, which sounds like you unless I'm badly mis-reading you here, you don't *need* any special DNS entries to make things work. Perhaps you could attach your smb.conf file? It sounds like your security parameter is way out of whack, which could be causing your issues. security = domain is for when you have a functioning NT network to add this machine to that holds your login info. I've successfully added a 3.0 machine to a 2.2.x network and then not had to do any passdb setup on it. security = ads is for configuring authentication against an existing 2000 (/2003?) AD network, which you haven't mentioned here. You probably want (from TOSHaRG): preferred master = yes domain master = yes local master = yes security = user domain logons = yes -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Reasonable Throughput
One thing that it seems hard to define is what a reasonable expectation of throughput on a 100Mbps Ethernet that a samba server should be running at. Currently, I seem to be getting about 4.8Mbps for a single client (NetBench). There is a switch between the server and the client I was testing with. Thoughts? Thanks, JMS -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] security = ads: problem join XP Pro?
Where are you getting with adding the machines? You should get a posix user added with machinename$ for the uid, then that user will be modified to include the sambaSamAccount data. I would suggest these for 'official' resources: http://us2.samba.org/samba/docs/man/howto/samba-pdc.html* *and http://us2.samba.org/samba/docs/man/guide/ ** there are a couple of comments below: [global] ;unix charset = LOCALE workgroup = cyberspicace netbios name = fs01 server string = fs01 socket options = TCP_NODELAY SO_SNDBUF=8192 SO_RCVBUF=8192 wins support = yes ;PDC and master browser settings os level = 64 preferred master = yes local master = yes domain master = yes domain logons = yes ;security and logging settings security = user encrypt passwords = yes unix password sync = yes passdb backend = ldapsam:ldap://fs01.cyberspicace.com username map = /etc/samba/smbusers log level = 1 syslog = 0 log file = /var/log/samba/%m max log size = 50 smb ports = 139 445 ;security - interface interfaces = eth0 192.168.1.0/24 lo 127/8 bind interfaces only = yes not necessarily related to your problem, but you could probably do away with these if you're on a protected LAN. Lets try to not be any more restrictive than we have to, at least not while testing. ;services name resolve order = wins bcast hosts time server = yes printcap name = CUPS printing = cups show add printer wizard = yes ;various scripts passwd program = /var/lib/samba/sbin/smbldap-passwd.pl -o %u passwd chat = *new*password* %n\n *new*password* %n\n *successfully* add user script = /var/lib/samba/sbin/smbldap-useradd.pl -a -m '%u' delete user script = /var/lib/samba/sbin/smbldap-userdel.pl %u add group script = /var/lib/samba/sbin/smbldap-groupadd.pl -p '%g' delete group script = /var/lib/samba/sbin/smbldap-groupdel.pl '%'g add user to group script = /var/lib/samba/sbin/smbldap-groupmod.pl -m '%u' '%g' delete user from group script = /var/lib/samba/sbin/smbldap-groupmod.pl -x '%u' '%g' set primary group script = /var/lib/samba/sbin/smbldap-usermod.pl -g '%g' '%u' add machine script = /var/lib/samba/sbin/smbldap-useradd.pl -w '%u' You didn't mention, did you configure the smbldap-tools package? I would assume that you did, but covering all the bases here. logon script = scripts\logon.bat logon path = \\%L\profiles\%U logon drive = X: ;access admin users = @Domain Admins printer admin = @Domain Admins ;ldap backend ldap suffix = dc=cyberspicace,dc=com ldap machine suffix = ou=People ldap user suffix = ou=People ldap group suffix = ou=Groups ldap idmap suffix = ou=Idmap ldap admin dn = cn=Manager,dc=cyberspicace,dc=com Did you store the password for the admin dn with smbpasswd -w ... idmap backend = ldap:ldap://fs01.cyberspicace.com idmap uid = 1-2 idmap gid = 1-2 Don't need these unless you're using winbind. map acl inherit = Yes include = /etc/samba/shares.conf Are you running any windows servers in your setup or just one samba box and the clients? Assuming the latter, which sounds like you unless I'm badly mis-reading you here, you don't *need* any special DNS entries to make things work. Perhaps you could attach your smb.conf file? It sounds like your security parameter is way out of whack, which could be causing your issues. security = domain is for when you have a functioning NT network to add this machine to that holds your login info. I've successfully added a 3.0 machine to a 2.2.x network and then not had to do any passdb setup on it. security = ads is for configuring authentication against an existing 2000 (/2003?) AD network, which you haven't mentioned here. You probably want (from TOSHaRG): preferred master = yes domain master = yes local master = yes security = user domain logons = yes -- Paul Gienger Office:701-281-1884 Applied Engineering Inc. Cell: 701-306-6254 Information Systems Consultant Fax: 701-281-1322 URL: www.ae-solutions.commailto:[EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] smbldap - backup
I would recommend reading Jerry's LDAP System Administration book - Chapter 5 specifically the section on creating a replica and then using the replica in read-only mode to do the export so the data doesn't change under you... my $.02 Bill On Wed, 9 Jun 2004, Etienne-Hugues Fortin wrote: Hi, Really more of an openldap question... however That's true but I assume that anybody that is using Samba with ldap would benefit knowing this. You can do 'slapcat' from the command line of your ldap box and it will output the data in an ldif format. Redirect that into a file for backing up. You would probably want to get your openldap configuration directory (typically /etc/openldap on linux servers where you didn't compile from source). If you ever needed to restore from that file you pipe it into a slapadd command and you're done restoring. I didn't realized that slapcat was really showing everything in a format that was usable for a future import (slapadd). I'll go to bed a little bit more knowledgable about ldap. That's good. Hopefully it will be useful for somebody else as well. Thank you Paul for your fast answer. Etienne-Hugues -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: RES: [Samba] authentification in ads2003
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Estevam Henrique Carvalho wrote: | I also have made this configuration working with w2k, the | problem is related do enc-types used by w2k3. I have seen | a lot of people complaining about the same issue. Can the samba | gurus help the community ??? What are the right configuration | to put a Samba 3.0.x working as a Active Directory 2003 | member and be accessible through \\samba name\share name ?! | | Please Jerry Carter, Andrew Batlett e other, gave us | some light... | ... |[realms] |CAR.BE.TEST.COM = { |kdc = car-pdc.car.be.test.com |default_domain = car.be.test.com |} |#[domain_realms] |#.kerberos.server=CAR.BE.TEST.COM | |# The following krb5.conf variables are only for MIT Kerberos. |default_tgs_enctypes = des3-hmac-sha1 des-cbc-crc des-cbc-md5 |default_tkt_enctypes = des3-hmac-sha1 des-cbc-crc des-cbc-md5 |permitted_enctypes = des3-hmac-sha1 des-cbc-crc des-cbc-md5 I never set these three options any more. I fact, my entire krb5.conf consists of: - [libdefaults] ~dns_fallback = true - It's probably the permitted_enctypes line that is causing problems. cheers, jerry - -- Hewlett-Packard- http://www.hp.com SAMBA Team -- http://www.samba.org GnuPG Key http://www.plainjoe.org/gpg_public.asc ...a hundred billion castaways looking for a home. --- Sting -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFAx2zvIR7qMdg1EfYRAhWgAKDrDFs/WAqvORDU0uXNWIsc8n42cACgnShz cJWYHIbZpG8rbUxNiBXKSQI= =o3ev -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Change OpenLdap to Oracle OID
Any know if i can migrate Samba Users And computers account´s from OpenLdap to OID and use OID with Samba??? Regards -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Can't print multiple copies from XP to Samba 2.2.8a on Linux, hp 932c
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Chris Kratz wrote: | When we hook the printer directly to a xp machine, printing | multiple copies does work, but printing over the network to | samba will only ever print a single copy no matter what. Make sure that you've initialized the printer data for that queue on the Samba box. Also make sure that you can print multiple copies after to a a local version of the printer even after unselecteding the Enmable Advanced Printer Features checkbox in the advanced tab of the printer properties window. It could be that this feature only works with EMF jobs and not standard RAW/PCL/PS. Just a guess. cheers, jerry -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFAx26rIR7qMdg1EfYRApmUAKDpNKjDKSlk4EAlDVNS5uCNw87yrwCeJ5PU X08DmaEyNfxss+UuAabsgMA= =4yCt -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RES: RES: [Samba] Problem with authenticating a computer to a sam ba sh are
Have you ran net ads join -U w2k admin user name ? Did the machine name appear under Computer OU in the Active Directory ? Could you, from the same Win box that runs NTBACKUP, run \\samba-server ? What are the results for the commands wbinfo -u, wbinfo -g, wbinfo -t ? Before run NTBACKUP, have you mapped the samba share(s) with a valid domain user ? -Mensagem original- De: Björn Giesler [mailto:[EMAIL PROTECTED] Enviada em: quarta-feira, 9 de junho de 2004 15:54 Para: Estevam Henrique Carvalho Cc: [EMAIL PROTECTED] Assunto: Re: RES: [Samba] Problem with authenticating a computer to a samba sh are Am 09.06.2004 um 19:55 schrieb Estevam Henrique Carvalho: What do you mean with ADC Slave, security=ads in smb.conf ? Yes, exactly. Encrypt passwords=yes, password server=MACHINE from my previous mail. Regards, Björn = Esta mensagem pode conter informação confidencial e/ou privilegiada. Se você não for o destinatário ou a pessoa autorizada a receber esta mensagem, não deverá utilizar, copiar, alterar, divulgar a informação nela contida ou tomar qualquer ação baseada nessas informações. Se você recebeu esta mensagem por engano, por favor avise imediatamente o remetente, respondendo o e-mail e em seguida apague-o. Agradecemos sua cooperação. This message may contain confidential and/or privileged information. If you are not the addressee or authorized to receive this for the addressee, you must not use, copy, disclose, change, take any action based on this message or any information herein. If you have received this message in error, please advise the sender immediately by reply e-mail and delete this message. Thank you for your cooperation. = -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Need help configuring Samba3/LDAP PDC
Hello all, I'm following along in chapter 6 of John Terpstra's Samba 3 By Example and I've got everything working great up until the point where I join the machine to the new domain (step 17 on page 155). The command *net rpc join -U Administrator* fails with the errors below. palpatine:/var/lib/samba/sbin # net -d 4 rpc join -U Administrator [2004/06/09 15:13:35, 3] param/loadparm.c:lp_load(3881) lp_load: refreshing parameters [2004/06/09 15:13:35, 3] param/loadparm.c:init_globals(1309) Initialising global parameters [2004/06/09 15:13:35, 3] param/params.c:pm_process(566) params.c:pm_process() - Processing configuration file /etc/samba/smb.conf [2004/06/09 15:13:35, 3] param/loadparm.c:do_section(3379) Processing section [global] doing parameter unix charset = LOCALE doing parameter workgroup = GXT doing parameter netbios name = GXTPDC [2004/06/09 15:13:35, 4] param/loadparm.c:handle_netbios_name(2723) handle_netbios_name: set global_myname to: GXTPDC doing parameter interfaces = eth0, lo doing parameter bind interfaces only = Yes doing parameter passdb backend = ldapsam:ldap://ldap.gxt.com doing parameter username map = /etc/samba/smbusers doing parameter log level = 1 doing parameter syslog = 0 doing parameter log file = /var/log/samba/%m doing parameter max log size = 50 doing parameter smb ports = 139 445 doing parameter name resolve order = wins bcast hosts doing parameter time server = Yes doing parameter printcap name = CUPS doing parameter show add printer wizard = No doing parameter add user script = /var/lib/samba/sbin/smbldap-useradd.pl -a -m '%u' doing parameter delete user script = /var/lib/samba/sbin/smbldap-userdel.pl '%u' doing parameter add group script = /var/lib/samba/sbin/smbldap-groupadd.pl -p '%g' doing parameter delete group script = /var/lib/samba/sbin/smbldap-groupdel.pl '%g' doing parameter add user to group script = /var/lib/samba/sbin/smbldap-groupmod.pl -m '%u' '%g' doing parameter delete user from group script = /var/lib/samba/sbin/smbldap-groupmod.pl -x '%u' '%g' doing parameter set primary group script = /var/lib/samba/sbin/smbldap-usermod.pl -g '%g' '%u' doing parameter add machine script = /var/lib/samba/sbin/smbldap-useradd.pl -w '%u' doing parameter shutdown script = /var/lib/samba/scripts/shutdown.sh doing parameter abort shutdown script = /sbin/shutdown -c doing parameter logon script = scripts\logon.bat doing parameter logon path = \\%L\profiles\%U doing parameter logon drive = X: doing parameter domain logons = Yes doing parameter preferred master = Yes doing parameter wins support = Yes doing parameter ldap suffix = dc=gxt,dc=com doing parameter ldap machine suffix = ou=people doing parameter ldap user suffix = ou=people doing parameter ldap group suffix = ou=groups doing parameter ldap idmap suffix = ou=idmap doing parameter ldap admin dn = cn=admin,dc=gxt,dc=com doing parameter idmap backend = ldap://ldap.gxt.com doing parameter idmap uid = 1-2 doing parameter idmap gid = 1-2 doing parameter map acl inherit = Yes doing parameter printing = cups doing parameter printer admin = Administrator [2004/06/09 15:13:35, 4] param/loadparm.c:lp_load(3913) pm_process() returned Yes [2004/06/09 15:13:35, 2] lib/interface.c:add_interface(79) added interface ip=172.17.0.240 bcast=172.17.3.255 nmask=255.255.252.0 [2004/06/09 15:13:35, 2] lib/interface.c:add_interface(79) added interface ip=127.0.0.1 bcast=127.255.255.255 nmask=255.0.0.0 [2004/06/09 15:13:35, 3] libsmb/cliconnect.c:cli_start_connection(1373) Connecting to host=GXTPDC [2004/06/09 15:13:35, 3] lib/util_sock.c:open_socket_out(735) Connecting to 172.17.0.240 at port 445 [2004/06/09 15:13:35, 4] lib/time.c:get_serverzone(122) Serverzone is 18000 [2004/06/09 15:13:35, 4] rpc_client/cli_netlogon.c:cli_net_req_chal(45) cli_net_req_chal: LSA Request Challenge from GXTPDC to GXTPDC: 1F9217647828E59B [2004/06/09 15:13:35, 4] libsmb/credentials.c:cred_session_key(59) cred_session_key [2004/06/09 15:13:35, 4] libsmb/credentials.c:cred_create(90) cred_create [2004/06/09 15:13:35, 4] rpc_client/cli_netlogon.c:cli_net_auth2(102) cli_net_auth2: srv:\\GXTPDC acct:GXTPDC$ sc:6 mc: GXTPDC chal B3BA8E48EB059670 neg: 400701ff [2004/06/09 15:13:35, 3] rpc_client/cli_netlogon.c:cli_nt_setup_creds(283) cli_nt_setup_creds: auth2 challenge failed NT_STATUS_ACCESS_DENIED [2004/06/09 15:13:35, 3] libsmb/trusts_util.c:just_change_the_password(43) just_change_the_password: unable to setup creds (NT_STATUS_ACCESS_DENIED)! [2004/06/09 15:13:35, 1] utils/net_rpc.c:run_rpc_command(141) rpc command function failed! (NT_STATUS_ACCESS_DENIED) Password: [2004/06/09 15:14:11, 3] libsmb/cliconnect.c:cli_start_connection(1373) Connecting to host=GXTPDC [2004/06/09 15:14:11, 3] lib/util_sock.c:open_socket_out(735) Connecting to 172.17.0.240 at port 445 [2004/06/09 15:14:11, 3] libsmb/cliconnect.c:cli_session_setup_spnego(705) Doing spnego session setup (blob
Re: [Samba] Need help configuring Samba3/LDAP PDC
Aaron Ogden wrote: Hello all, I'm following along in chapter 6 of John Terpstra's Samba 3 By Example and I've got everything working great up until the point where I join the machine to the new domain (step 17 on page 155). The command *net rpc join -U Administrator* fails with the errors below. palpatine:/var/lib/samba/sbin # net -d 4 rpc join -U Administrator [2004/06/09 15:13:35, 3] param/loadparm.c:lp_load(3881) lp_load: refreshing parameters [2004/06/09 15:13:35, 3] param/loadparm.c:init_globals(1309) Initialising global parameters [2004/06/09 15:13:35, 3] param/params.c:pm_process(566) params.c:pm_process() - Processing configuration file /etc/samba/smb.conf [2004/06/09 15:13:35, 3] param/loadparm.c:do_section(3379) Processing section [global] doing parameter unix charset = LOCALE doing parameter workgroup = GXT doing parameter netbios name = GXTPDC [2004/06/09 15:13:35, 4] param/loadparm.c:handle_netbios_name(2723) handle_netbios_name: set global_myname to: GXTPDC doing parameter interfaces = eth0, lo doing parameter bind interfaces only = Yes doing parameter passdb backend = ldapsam:ldap://ldap.gxt.com doing parameter username map = /etc/samba/smbusers doing parameter log level = 1 doing parameter syslog = 0 doing parameter log file = /var/log/samba/%m doing parameter max log size = 50 doing parameter smb ports = 139 445 doing parameter name resolve order = wins bcast hosts doing parameter time server = Yes doing parameter printcap name = CUPS doing parameter show add printer wizard = No doing parameter add user script = /var/lib/samba/sbin/smbldap-useradd.pl -a -m '%u' doing parameter delete user script = /var/lib/samba/sbin/smbldap-userdel.pl '%u' doing parameter add group script = /var/lib/samba/sbin/smbldap-groupadd.pl -p '%g' doing parameter delete group script = /var/lib/samba/sbin/smbldap-groupdel.pl '%g' doing parameter add user to group script = /var/lib/samba/sbin/smbldap-groupmod.pl -m '%u' '%g' doing parameter delete user from group script = /var/lib/samba/sbin/smbldap-groupmod.pl -x '%u' '%g' doing parameter set primary group script = /var/lib/samba/sbin/smbldap-usermod.pl -g '%g' '%u' doing parameter add machine script = /var/lib/samba/sbin/smbldap-useradd.pl -w '%u' doing parameter shutdown script = /var/lib/samba/scripts/shutdown.sh doing parameter abort shutdown script = /sbin/shutdown -c doing parameter logon script = scripts\logon.bat doing parameter logon path = \\%L\profiles\%U doing parameter logon drive = X: doing parameter domain logons = Yes doing parameter preferred master = Yes doing parameter wins support = Yes doing parameter ldap suffix = dc=gxt,dc=com doing parameter ldap machine suffix = ou=people doing parameter ldap user suffix = ou=people doing parameter ldap group suffix = ou=groups doing parameter ldap idmap suffix = ou=idmap doing parameter ldap admin dn = cn=admin,dc=gxt,dc=com doing parameter idmap backend = ldap://ldap.gxt.com doing parameter idmap uid = 1-2 doing parameter idmap gid = 1-2 doing parameter map acl inherit = Yes doing parameter printing = cups doing parameter printer admin = Administrator [2004/06/09 15:13:35, 4] param/loadparm.c:lp_load(3913) pm_process() returned Yes [2004/06/09 15:13:35, 2] lib/interface.c:add_interface(79) added interface ip=172.17.0.240 bcast=172.17.3.255 nmask=255.255.252.0 [2004/06/09 15:13:35, 2] lib/interface.c:add_interface(79) added interface ip=127.0.0.1 bcast=127.255.255.255 nmask=255.0.0.0 [2004/06/09 15:13:35, 3] libsmb/cliconnect.c:cli_start_connection(1373) Connecting to host=GXTPDC [2004/06/09 15:13:35, 3] lib/util_sock.c:open_socket_out(735) Connecting to 172.17.0.240 at port 445 [2004/06/09 15:13:35, 4] lib/time.c:get_serverzone(122) Serverzone is 18000 [2004/06/09 15:13:35, 4] rpc_client/cli_netlogon.c:cli_net_req_chal(45) cli_net_req_chal: LSA Request Challenge from GXTPDC to GXTPDC: 1F9217647828E59B [2004/06/09 15:13:35, 4] libsmb/credentials.c:cred_session_key(59) cred_session_key [2004/06/09 15:13:35, 4] libsmb/credentials.c:cred_create(90) cred_create [2004/06/09 15:13:35, 4] rpc_client/cli_netlogon.c:cli_net_auth2(102) cli_net_auth2: srv:\\GXTPDC acct:GXTPDC$ sc:6 mc: GXTPDC chal B3BA8E48EB059670 neg: 400701ff [2004/06/09 15:13:35, 3] rpc_client/cli_netlogon.c:cli_nt_setup_creds(283) cli_nt_setup_creds: auth2 challenge failed NT_STATUS_ACCESS_DENIED [2004/06/09 15:13:35, 3] libsmb/trusts_util.c:just_change_the_password(43) just_change_the_password: unable to setup creds (NT_STATUS_ACCESS_DENIED)! [2004/06/09 15:13:35, 1] utils/net_rpc.c:run_rpc_command(141) rpc command function failed! (NT_STATUS_ACCESS_DENIED) Password: [2004/06/09 15:14:11, 3] libsmb/cliconnect.c:cli_start_connection(1373) Connecting to host=GXTPDC [2004/06/09 15:14:11, 3] lib/util_sock.c:open_socket_out(735) Connecting to 172.17.0.240 at port 445 [2004/06/09 15:14:11, 3] libsmb/cliconnect.c:cli_session_setup_spnego(705) Doing
RE: [Samba] Reasonable Throughput
On 100mbit networks I regularly get speeds of 9.1MBps (Samba or FTP have equal speeds which is good). This is common even when using low end network cards like the Realtek 8139. Comparably with the same hardware and WinXP involved on at least one side of the link I get 5.4MBps. Last year I had the opportunity to do some real world throughput testing using some fairly high end gear. Both machines were connected with Intel Pro1000 network cards through a 3com switch. Using a P4 workstation running Windows 2000 and a Xeon server running Samba 3.0a I achieved a throughput of 440MBps, the theoretical maximum of the hardware (3ware Escalade raid controller). Using the same server and workstation I could only push 200MBps. This speed was achieved under the Airbox TV broadcast software sucking down multiple MPEG2 streams off the RAID array. I also ran Netbench to verify the throughput speeds. If you are experiencing lower throughput than this the first place to look is cabling. Also be wary of the Davicom and Macronix network cards as I often found specimens that were sub standard and could only push 5MBps. Also the switch is a contributing factor so try crossing over and comparing speeds. Tom -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Josh Skains Sent: Thursday, 10 June 2004 7:48 a.m. To: [EMAIL PROTECTED] Subject: [Samba] Reasonable Throughput One thing that it seems hard to define is what a reasonable expectation of throughput on a 100Mbps Ethernet that a samba server should be running at. Currently, I seem to be getting about 4.8Mbps for a single client (NetBench). There is a switch between the server and the client I was testing with. Thoughts? Thanks, JMS -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Password trouble with LDAP (eDirectory)
Hi Bruce, Thanks for your replys. I got i working.. allmost Think i forgot a few things such as a root account in LDAP and adminstrator account in /etc/passwd. There is a little thing with join'ed workstations. I can only login as root, login's on other accounts get a WRONG PASSWORD message in the log ? Windows 9x works great on all accounts. //Erik [EMAIL PROTECTED] wrote: Sorry, I have no idea what is causing this problem. I wish you luck in resolving the problem. Bruce From: Erik Holst Trans [EMAIL PROTECTED] To: [EMAIL PROTECTED], [EMAIL PROTECTED] Subject: Re: [Samba] Password trouble with LDAP (eDirectory) Date: Mon, 07 Jun 2004 11:28:02 +0200 - Original Message Follows - Hi, I just tied to lower the sambaPwdMustChange value, and then the windows client correctly says the password is expired, and prompts for a new one. But the update fails because the server still does't accept the password (the old one) So the sambaPwdMustChange shold be fine. Below is the Administrator LDAP entry. I am know that the home path's are wrong, but that shold not have anything to do with my problem. BTW. the Samba version is 3.0.4 Best regards Erik Holst Trans version: 1 # LDIF Export for: uid=Administrator,o=it-trans # Generated by phpLDAPadmin on June 7, 2004 11:17 am # Server: SLSS (ldap://127.0.0.1) # Search Scope: base # Total Entries: 1 # Entry 1: uid=Administrator,o=it-trans dn:uid=Administrator,o=it-trans sambaPrimaryGroupSID: S-1-5-21-511030576-2330128811-1600862552-512 sambaSID: S-1-5-21-511030576-2330128811-1600862552-2996 sambaHomePath: \\SLSS\homes sambaHomeDrive: H: sambaKickoffTime: 2147483647 sambaLogoffTime: 2147483647 sambaLogonTime: 0 sambaPwdMustChange: 2147483647 sambaPwdCanChange: 1086598595 sambaPwdLastSet: 1086598595 sambaAcctFlags: [U] sambaNTPassword: 2D20D252A479F485CDF5E171D93985BF sambaLMPassword: 598DDCE2660D3193AAD3B435B51404EE loginShell: /bin/bash homeDirectory: /home/ gecos: Netbios Domain Administrator gidNumber: 512 uidNumber: 0 uid: Administrator sn: Administrator objectClass: inetOrgPerson objectClass: sambaSamAccount objectClass: posixAccount objectClass: shadowAccount objectClass: organizationalPerson objectClass: Person objectClass: ndsLoginProperties objectClass: Top cn: Administrator ACL: 2#entry#[Public]#messageServer ACL: 2#entry#[Root]#groupMembership ACL: 2#entry#[Root]#networkAddress ACL: 2#subtree#uid=Administrator,o=it-trans#[All Attributes Rights] ACL: 6#entry#uid=Administrator ,o=it-trans#loginScript ACL: 6#entry#uid=Administrator ,o=it-trans#printJobConfiguration [EMAIL PROTECTED] wrote: From: Erik Holst Trans [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: [Samba] Password trouble with LDAP (eDirectory) Date: Mon, 07 Jun 2004 02:25:03 +0200 When i try to logon as a user with the correct password, access is denied and the log says check_ntlm_password: Authentication for user [administrator] - [administrator] FAILED with error NT_STATUS_NO_SUCH_USER Just a quick thought ... has the password expired? Check ldap attribute sambaPwdMustChange. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: Excel could not save
On Wed, Jun 09, 2004 at 10:04:42AM -0400, Jamrock wrote: Could you let us know the nature of the problem? I am trying to get my Excel spread sheets to work properly. It looks like a timing issue in the client that causes Execl files to be opened in read-only mode. Opening them again usually fixes it. I think I've fixed this in current SVN but I'm getting people to test first. Jeremy. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Samba and USB Hard Drive
I am trying to get a usb drive to be shared via Samba. When ever a client logs in they are prompted for the Guest accounts password. All other samba shares are set up the same (via webadmin) and they all work fine. Any ideas? Thank you, Phillip -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Terpstra Samba Workshops - Seattle, WA. 6/10-11
Hello Samba List- Apologies for the late notice on this. We have seats available for John H. Terpstra's Samba workshops on Thursday and Friday this week in Seattle, WA. He is conducting Samba 101 and Advanced Samba Thursday and Windows NT4/200X Migration to Samba-3 on Friday. Attendees receive a copy of Samba-3 By Example as part of the workshop(s). You can view class information here: http://freedomtechnologycenter.org/classes/samba/ We are extending special discounts to Samba.org list members. Contact me at any time at 866-643-3733 or direct at 650-814-4899 to enroll. Class beings promptly at 9:00am each day until 5:30pm. Classroom location is as follows: Computer Classrooms in Seattle - Allied Business Systems Yarrow Bay Office Park - Quad One North 10604 NE 38th Place, Suite 118 Kirkland, WA 98033 (425) 576-9747 Thank you, Alex -- Alex Monteiro Program Manager - Freedom Technology Center Toll Free: 866-643-3733 Fax: 650-964-4268 Offering the world's best in Open Source training. http://www.freedomtechnologycenter.org -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Samba 3.0.5 pre1 cannot ad windows xp machine to domain
Hi all, I can add my W2K machines to the Samba 3.0.5pre1 with no problems, but I can not add my XP machines. Existing XP machines work fine, but when I try to add new XP machine it does not work. Here is my smb.conf and pc from the log.smbd Thanks -Glenn [global] netbios name = HSFNP01 workgroup = MTHCS security = user os level = 64 domain master = yes local master = yes preferred master = yes time server = yes ;passdb backend = tdbsam passdb backend = tdbsam unix extensions = yes encrypt passwords = yes domain logons = yes logon script = logon.bat logon drive = H: logon home = \\%L\%U logon path = socket options = SO_KEEPALIVE IPTOS_LOWDELAY TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 wins support = no wins server = 10.100.0.10 veto files = /*.eml/*.nws/riched20.dll/ lanman auth = yes add user script = /usr/sbin/useradd -m %u delete user script = /usr/sbin/userdel -r %u add group script = /usr/sbin/groupadd %g delete group script = /usr/sbin/groupdel %g add user script = /usr/sbin/useradd -d /dev/null -g 502 -c 'Machine Account' -s /bin/false -M %u oplocks = yes load printers = yes printing = cups printer admin = Administrator, @ntadmin idmap uid = 15000-2 idmap gid = 15000-2 winbind separator = - winbind use default domain = No [netlogon] path = /smbsrvr/netlogon/scripts guest ok = yes write list = ntadmin [homes] comment = Home Directories browseable = no read only = no hide dot files = yes veto files = /*.mp3/*.exe/*.com/*.js/*.bat/*.cmd/*.wsh/*.lnk/*.scr/*.zip/.*/ dos file times = yes [C$] valid users = @root path = /smbsrvr read only = no create mask = 0770 directory mask = 0770 force group = +ntadmin force directory mode = 0770 dos file times = yes [Apps] read only = no path = /smbsrvr/Apps [Students] path = /smbsrvr/Students read only = no create mask = 0770 directory mask = 0770 force group = +HSSTUDENTS force create mode = 0770 force directory mode = 0770 dos filetimes = yes [AdminTools$] path = /smbsrvr/AdminTools read only = no create mask = 0770 directory mask = 0770 force group = Domain Administrators force create mode = 0770 force directory mode = 0770 dos filetimes = yes [printers] comment = All Printers path = /var/spool/samba printable = yes browseable = no guest ok = yes [print$] comment = Printer Drivers path = /var/lib/samba/drivers browseable = yes guest ok = no read only = yes write list = root, @ntadmin [%G] path = /home/groups/%G/ read only = no force group = %G [home$] writeable = yes write list = +ntadmin,@MTHS-Domain Admins,@ntadmin,@root path = /home force directory mode = 0770 force group = +ntadmin dos file times = yes create mask = 0770 directory mask = 0770 valid users = +ntadmins,+root,@MTHS-Domain Admins,@ntadmin,@root [ezaudit] path = /smbsrvr/ezaudit read only = no browseable = yes available = yes write list = +HSBUILDING,+HSSTAFF,+HSSTUDENTS admin users = +ntadmin,+wheel [HSGUIDANCE] path = /smbsrvr/Guidance writelist = +HSGUIDANCE read only = no create mask = 0770 directory mask = 0770 force group = +HSGUIDANCE force create mode = 0770 force directory mode = 0770 dos filetimes = yes [HS PRINCIPAL] path = /smbsrvr/hsprincipal writelist = +HSPRINCIPAL read only = no create mask = 0770 directory mask = 0770 force group = +HSPRINCIPAL force create mode = 0770 force directory mode = 0770 dos filetimes = yes [CIP] path = /smbsrvr/CIP writelist = +HSSTAFF read only = no create mask = 0770 directory mask = 0770 force group = +HSSTAFF force create mode = 0770 force directory mode = 0770 dos filetimes = yes [POISE ISSUES] path = /smbsrvr/Poise Issues writelist = +BUILDING SECRETARIES read only = no create mask = 0770 directory mask = 0770 force group = +BUILDING SECRETARIES force create mode = 0770 force directory mode = 0770 dos filetimes = yes [HSDISCIPLINE] path = /smbsrvr/Discipline writelist = +BUILDING SECRETARIES read only = no create mask = 0770 directory mask = 0770 force group = +BUILDING SECRETARIES force create mode = 0770 force directory mode = 0770 dos filetimes = yes [YEARBOOK] path = /smbsrvr/yearbook writelist = +HSYEARBOOK read only = no create mask = 0770 directory mask = 0770 force group = +HSYEARBOOK force create mode = 0770 force directory mode = 0770 dos filetimes = yes [INSTALL] comment = Mt. Healthy Software path = /smbsrvr/Install read only = No guest only = Yes [ADMINTOOLS$] path = /smbsrvr/AdminTools writelist = +ntadmin read only = no create mask = 0770 directory mask = 0770 force group = +ntadmin force create mode = 0770 dos filetimes = yes [2004/06/09 20:34:13, 0] lib/util_sock.c:send_smb(630) Error writing 4 bytes to client. -1. (Connection reset by peer) [2004/06/09 20:37:41, 0] lib/util_sock.c:get_peer_addr(978) getpeername failed. Error was Transport endpoint is not connected [2004/06/09 20:37:41, 0] lib/util_sock.c:get_peer_addr(978) getpeername failed. Error was Transport endpoint is not connected [2004/06/09 20:37:41, 0]
[Samba] URGENT : Installation Problem
PRE-INSTALLATION OS : HP-UX 11i We can use samba-3.0.4.tar.gz transfer to Unix server on a folder call samba using root (administrator account) . We use tar -xvf samba-3.0.4.tar. to unzip the file. A folder is created name samba-3.0.4. it folder consists of files docs , packaging , source testsuite , make , manifest , README , roadmap , examples , pcp , swat , COPYING , make-install , Read-Manifest-Now , REVISION , WHATSNEW INSTALLATION We use make install command on /path but fail , error message don't know how to make install . What way to carry on the installation of samba ? PLEASE HELP ? Hope to get answer as fast as possible !!! Any expert we can refer to ? - Do you Yahoo!? Friends. Fun. Try the all-new Yahoo! Messenger -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] SWAT - Could not connect to port 901
On Wed, 2004-06-09 at 20:09, Bruce wrote: I'm using Suse 9.1 professional. I've got Samba *almost* up and running. But, I'm a newbie and need Swat to configure a few things. I've gone to /etc/services and made sure that I have the entry swat 901/tcp I have checked /etc/xinetd.d/swat and added port = 901 and changed it to disable = no I have gone through the steps in the documentation on setting up swat. It all looks correct. But when I try to run the program, I get the message: An error occured while loading localhost:901 Could not connect to host localhost (Port 901) I have all the files installed. I get the same response whether I use localhost or 127.0.0.1. I have restarted xinetd. I'm not using a firewall. This is all behind a NAT router that serves as our firewall. When I give the iptables -nL command, I get: Chain Input policy Accept Chain Forward policy Accept Chain Output policy Accept I ran netstat -a and got 230 lines. There was no reference to 901. I have even gotten Samba and Swat running twice before. Does anyone know what is wrong? After you edited the files... did you restart xinetd? signature.asc Description: This is a digitally signed message part -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Clustered Samba print shares
I hope someone can shed some light on this. I've posted this before but I'm still looking for an answer. Basically, I'm looking for help in configuring Samba 3.02a in an active/passive cluster (failover). Currently I have two nodes running Solaris 8. Only one is active at a time. The active node is running Samba. It's netbios name is printserver1. Printerserver1 is also DNS name of the virtual IP that I failover between nodes. I added this node to our NT 4.0 domain and all is well. The print spool directory is a shared disk that is also failed over between nodes. The failover process itself (using VCS) works fine and is fairly quick. However, I currently have the second nodes Netbios name set to Printerserver2. This was because I ran into issues trying to use the same name as the other node. At one point, I tried coping over the secrets.tdb file from Printerserver1 to Printerserver2 and then failing over the cluster. This didn't work either (bad secret when running wbinfo -t). What am I missing? Seems like some of you have had success with this? Thanks, Tim -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] macromedia homesite cannot browse share - no path
Hello, I have my samba share running and I can access everything just fine from my windows XP work station. However I have a problem with macromedia homesite. I can see but not open the share because homesite thinks I do not have access. I have captured the network traffic with a sniffer and it seems the path is a problem.. Here is a snip of my network traffic where 192.168.0.9 is my linux sever and 192.168.0.20 is my work station: 192.168.0.20 192.168.0.9 SMB Tree Connect AndX Request, Path: \\SERVER\IPC$ 192.168.0.9 192.168.0.20 SMB Tree Connect AndX Response 192.168.0.20 192.168.0.9 SMB Tree Connect AndX Request, Path: \ 192.168.0.20 192.168.0.9 SMB Tree Connect AndX Response, Error: STATUS_ACCESS_DENIED It seems the Path: \ is the problem. Does anyone know where this path is pointing to or any way of helping me understand what is happening? Kind Regards, Rimian -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
svn commit: samba r1096 - trunk/source/smbd
Author: jra Date: 2004-06-09 21:03:38 + (Wed, 09 Jun 2004) New Revision: 1096 Modified: trunk/source/smbd/open.c Log: Fix errno being incorrectly set. Noticed by Richard. Jeremy. WebSVN: http://websvn.samba.org/websvn/changeset.php?rep=sambapath=/rev=1096nolog=1
svn commit: samba r1097 - branches/SAMBA_3_0/source/smbd
Author: jra Date: 2004-06-09 21:03:50 + (Wed, 09 Jun 2004) New Revision: 1097 Modified: branches/SAMBA_3_0/source/smbd/open.c Log: Fix errno being incorrectly set. Noticed by Richard. Jeremy. WebSVN: http://websvn.samba.org/websvn/changeset.php?rep=sambapath=/rev=1097nolog=1
svn commit: samba r1098 - branches/SAMBA_4_0/source/torture/raw
Author: jra Date: 2004-06-10 01:08:54 + (Thu, 10 Jun 2004) New Revision: 1098 Modified: branches/SAMBA_4_0/source/torture/raw/chkpath.c Log: Extended raw chkpath to catch regressions. Jeremy. WebSVN: http://websvn.samba.org/websvn/changeset.php?rep=sambapath=/rev=1098nolog=1
svn commit: samba-web r91 - trunk/support
Author: deryck Date: 2004-06-10 04:50:23 + (Thu, 10 Jun 2004) New Revision: 91 Removed: trunk/support/guatemala.html Modified: trunk/support/countries.html trunk/support/germany.html trunk/support/greece.html trunk/support/hongkong.html trunk/support/hungary.html trunk/support/us.html Log: Removing non-replying support providers, and added two new companies (US/Germany). WebSVN: http://websvn.samba.org/websvn/changeset.php?rep=samba-webpath=/rev=91nolog=1