[Samba] access share
Dear lists ; How to access share file from W2K machine that connect to ADS , from SAMBA-3.0.4 ? regards reza -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] samba + ldap authentication
Hi all! I have authentication problems with samba + ldap. When I populate the list through smbldap-populate.pl a administrator account was created. I asume this is the same account as rootdn cn=Manager,dc=dbb,dc=su,dc=se. With the same password, right? Ldap seams to be ok and when I do [EMAIL PROTECTED]:/usr/local/samba/bin# ./net groupmap list Domain Admins (S-1-5-21-1027936538-659792286-2162639956-512) - wheel Domain Users (S-1-5-21-1027936538-659792286-2162639956-513) - smbusers Domain Guests (S-1-5-21-1027936538-659792286-2162639956-514) - smbguests Administrators (S-1-5-21-1027936538-659792286-2162639956-544) - 544 users (S-1-5-21-1027936538-659792286-2162639956-545) - 545 Guests (S-1-5-21-1027936538-659792286-2162639956-546) - 546 Power Users (S-1-5-21-1027936538-659792286-2162639956-547) - 547 Account Operators (S-1-5-21-1027936538-659792286-2162639956-548) - 548 Server Operators (S-1-5-21-1027936538-659792286-2162639956-549) - 549 Print Operators (S-1-5-21-1027936538-659792286-2162639956-550) - 550 Backup Operators (S-1-5-21-1027936538-659792286-2162639956-551) - 551 Replicator (S-1-5-21-1027936538-659792286-2162639956-552) - 552 Domain Computers (S-1-5-21-1027936538-659792286-2162639956-553) - 553 Everything seams to be ok When I do a ./net rpc group LIST global -U administrator Password: same password as for rootdn The username or password was not correct. I have the same password in secret.tdb as in slapd.conf Isn't administrator=Manager? If not, what's the standard password for administrator then and how could that account have access to the ldap database? I also tried to use ./net rpc group LIST global -U Manager with the same result. Please help me understand how it works. I think I'm very close now. I'm very grateful of all kinds of help in this matter If I log that command with -d 255 I recieve [EMAIL PROTECTED]:/usr/local/samba/bin# ./net rpc group LIST global -U administrator -d 255 [2004/06/10 08:47:13, 5] lib/debug.c:debug_dump_status(360) INFO: Current debug levels: all: True/255 tdb: False/0 printdrivers: False/0 lanman: False/0 smb: False/0 rpc_parse: False/0 rpc_srv: False/0 rpc_cli: False/0 passdb: False/0 sam: False/0 auth: False/0 winbind: False/0 vfs: False/0 idmap: False/0 quota: False/0 [2004/06/10 08:47:13, 3] param/loadparm.c:lp_load(3810) lp_load: refreshing parameters [2004/06/10 08:47:13, 3] param/loadparm.c:init_globals(1300) Initialising global parameters [2004/06/10 08:47:13, 3] param/params.c:pm_process(566) params.c:pm_process() - Processing configuration file /etc/samba/smb.conf [2004/06/10 08:47:13, 3] param/loadparm.c:do_section(3322) Processing section [global] doing parameter ldap ssl = start_tls doing parameter idmap gid = 15000-2 doing parameter delete user from group script = /usr/local/sbin/smbldap-groupmod -x %u %g doing parameter allow hosts = 130.237.179.0/24 doing parameter netbios name = s2 [2004/06/10 08:47:13, 4] param/loadparm.c:handle_netbios_name(2700) handle_netbios_name: set global_myname to: S2 doing parameter printing = cups doing parameter ldap passwd sync = yes doing parameter idmap uid = 15000-2 doing parameter logon script = logon.bat doing parameter local master = Yes doing parameter workgroup = DBB doing parameter os level = 255 doing parameter ldap admin dn = cn=Manager,dc=dbb,dc=su,dc=se doing parameter update encrypted = Yes doing parameter printcap name = cups doing parameter add machine script = /usr/local/sbin/smbldap-useradd -w %u doing parameter winbind separator = + doing parameter load printers = yes doing parameter ldap user suffix = ou=Users doing parameter add group script = /usr/local/sbin/smbldap-groupadd -p %g doing parameter socket options = TCP_NODELAY IPTOS_LOWDELAY SO_SNDBUF=8192 SO_RCVBUF=8192 doing parameter add user to group script = /usr/local/sbin/smbldap-groupmod -m %u %g doing parameter logon drive = H: doing parameter username map = /etc/samba/smbusers doing parameter domain master = Yes doing parameter encrypt passwords = Yes doing parameter passdb backend = ldapsam:ldap://s2.dbb.su.se doing parameter logon home = \\%L\%U\.profile doing parameter wins support = Yes doing parameter ldap delete dn = Yes doing parameter server string = Samba PDC running %v doing parameter ldap machine suffix = ou=Computers doing parameter ldap group suffix = ou=Groups doing parameter path = /home/Users doing parameter ldap suffix = dc=dbb,dc=su,dc=se doing parameter logon path = \\%L\profiles\%U doing parameter add user script = /usr/local/sbin/smbldap-useradd -m %u doing parameter set primary group script = /usr/local/sbin/smbldap-usermod -g %g %u doing parameter preferred master = Yes doing parameter ldap idmap suffix = ou=Users doing parameter domain logons = Yes [2004/06/10 08:47:13, 4] param/loadparm.c:lp_load(3842) pm_process() returned Yes [2004/06/10
Re: [Samba] samba + ldap authentication
Peter Nyberg wrote: Hi all! I have authentication problems with samba + ldap. When I populate the list through smbldap-populate.pl a administrator account was created. I asume this is the same account as rootdn cn=Manager,dc=dbb,dc=su,dc=se. With the same password, right? No. Administrator is just plain unix and samba account. Why not just set new password for this account ? --beast -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Samba and WINS
Hi there, We are using Samba 2.2.5 as a WINS server within my department, which is spread accross several subnets. This works most of the time, however if for some reason the samba server is down for an extended period, then the master browsers on the subnets other than it's subnet lose contact with it and have to be re-booted, to re-gain contact and therefore for all machines to be visible to each other. Is it possible to have another machine that would be a backup WINS server, also running samba so that network browsing would continue to work as long as one of the machines was up ? Thanks, Phill. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] SWin98se 4GB+ files
Hi Does anyone know if its possible to read and write files larger than 4GB from Win98se client on a simple Samba file server ? I believe that its the Fat32 file system rather than Win98se which limits the file size - but I'm not 100% sure. Also, are there any issues with which file system to use under linux ? I'm inclined to use the latest stable releases Debian 3.0r2 and Samba 3.0.4 - is this a good combination and are there any oddities I should look out for ? Thanks Peter Ball -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Dropouts
hi there, we are using samba 3.0.4 with ldap as primary domain controler and as wins server, which provides windows xp clients. the ldap server is running on a separate machine. it works great. after boot the users can logon and connect to all shares very fast. but during a long session (1h or more) if the user wants to reconnect to shares, it take a very long time (5-10s) to get a response from the server. after this dropout there are no connection problems again for a while. this problem causes that word or outlook hangs and the user are very frustrated. for this problem i have no solution, because during the clients try to reconnect there are no log entries in the samba log till the connection succeed with: esmt-00078 (192.168.80.108) connect to service preuss initially as user preuss (uid=20113, gid=100) (pid 15669) any ideas thx tom esmt-00078 (192.168.80.108) connect to service public initially as user preuss (uid=20113, gid=100) (pid 15930) [2004/06/04 15:06:31, 0] smbd/connection.c:register_message_flags(220) register_message_flags: tdb_fetch failed [2004/06/04 15:07:01, 0] smbd/connection.c:register_message_flags(220) register_message_flags: tdb_fetch failed [2004/06/04 15:07:02, 1] smbd/service.c:close_cnum(801) esmt-00096 (192.168.80.215) closed connection to service profile$ [2004/06/04 15:07:02, 1] smbd/service.c:close_cnum(801) esmt-00096 (192.168.80.215) closed connection to service system$ [2004/06/04 15:10:00, 0] rpc_server/srv_pipe.c:api_pipe_netsec_process(1397) failed to decode PDU [2004/06/04 15:10:00, 0] rpc_server/srv_pipe_hnd.c:process_request_pdu(605) process_request_pdu: failed to do schannel processing. [2004/06/04 15:15:13, 1] smbd/service.c:make_connection_snum(619) esmt-00078 (192.168.80.108) connect to service preuss initially as user preuss (uid=20113, gid=100) (pid 15669) [2004/06/04 15:15:13, 1] smbd/service.c:close_cnum(801) esmt-00078 (192.168.80.108) closed connection to service preuss [2004/06/04 15:15:13, 1] smbd/service.c:close_cnum(801) esmt-00078 (192.168.80.108) closed connection to service public [2004/06/04 15:21:54, 0] lib/util_sock.c:get_peer_addr(978) getpeername failed. Error was Transport endpoint is not connected [2004/06/04 15:21:54, 0] lib/util_sock.c:write_socket_data(413) write_socket_data: write failure. Error = Connection reset by peer [2004/06/04 15:21:54, 0] lib/util_sock.c:write_socket(438) write_socket: Error writing 4 bytes to socket 24: ERRNO = Connection reset by peer [2004/06/04 15:21:54, 0] lib/util_sock.c:send_smb(630) Error writing 4 bytes to client. -1. (Connection reset by peer) [2004/06/04 15:22:35, 0] lib/util_sock.c:get_peer_addr(978) getpeername failed. Error was Transport endpoint is not connected [2004/06/04 15:22:36, 0] lib/util_sock.c:get_peer_addr(978) getpeername failed. Error was Transport endpoint is not connected [2004/06/04 15:22:36, 0] lib/util_sock.c:write_socket_data(413) write_socket_data: write failure. Error = Connection reset by peer [2004/06/04 15:22:36, 0] lib/util_sock.c:write_socket(438) write_socket: Error writing 4 bytes to socket 24: ERRNO = Connection reset by peer [2004/06/04 15:22:36, 0] lib/util_sock.c:send_smb(630) Error writing 4 bytes to client. -1. (Connection reset by peer) [2004/06/04 15:24:14, 1] smbd/service.c:make_connection_snum(619) esmt-00097 (192.168.80.137) connect to service netlogon initially as user schroeder (uid=20240, gid=100) (pid 15570) [2004/06/04 15:24:21, 1] smbd/service.c:make_connection_snum(619) esmt-00073 (192.168.80.103) connect to service prn_00019 initially as user werner (uid=20133, gid=100) (pid 15623) [2004/06/04 15:24:23, 0] smbd/connection.c:register_message_flags(220) register_message_flags: tdb_fetch failed [2004/06/04 15:24:23, 0] smbd/connection.c:register_message_flags(220) -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] samba + ldap authentication
Hi again! I did the following: [EMAIL PROTECTED]:/usr/local/sbin# smbldap-passwd.pl administrator Changing password for administrator New password : xx Retype new password : xxx [EMAIL PROTECTED]:/usr/local/samba/bin# ./net rpc group LIST global -U administrator Password: xxx The username or password was not correct. Isn't this the correct way of doing it? Peter Nyberg Institutionen för Biokemi och Biofysik (DBB) Sv.Arrhenius vägen 12 106 91 Stockholm Tel: 08-16 24 69 Mobil: 070 339 24 69 Fax 08 153679 Quoting Beast [EMAIL PROTECTED]: Peter Nyberg wrote: Hi all! I have authentication problems with samba + ldap. When I populate the list through smbldap-populate.pl a administrator account was created. I asume this is the same account as rootdn cn=Manager,dc=dbb,dc=su,dc=se. With the same password, right? No. Administrator is just plain unix and samba account. Why not just set new password for this account ? --beast -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] samba + ldap authentication
here's an output. I don't know if one can see anything wrong here. I don't have the account administrator in the /etc/passwd. Only in ldap. [EMAIL PROTECTED]:/usr/local/sbin# ./smbldap-usershow.pl administrator dn: uid=Administrator,ou=Users,dc=dbb,dc=su,dc=se cn: Administrator sn: Administrator objectClass: inetOrgPerson,sambaSamAccount,posixAccount gidNumber: 512 uid: Administrator uidNumber: 998 homeDirectory: /home/Users/ sambaPwdLastSet: 0 sambaLogonTime: 0 sambaLogoffTime: 2147483647 sambaKickoffTime: 2147483647 sambaPwdCanChange: 0 sambaPwdMustChange: 2147483647 sambaHomePath: \\s2\home\Users sambaHomeDrive: H: sambaProfilePath: \\s2\home\profiles\ sambaPrimaryGroupSID: S-1-5-21-1027936538-659792286-2162639956-512 sambaLMPassword: XXX sambaNTPassword: XXX sambaAcctFlags: [U ] sambaSID: S-1-5-21-1027936538-659792286-2162639956-2996 loginShell: /bin/false gecos: Netbios Domain Administrator Peter Nyberg Institutionen för Biokemi och Biofysik (DBB) Sv.Arrhenius vägen 12 106 91 Stockholm Tel: 08-16 24 69 Mobil: 070 339 24 69 Fax 08 153679 Quoting Beast [EMAIL PROTECTED]: Peter Nyberg wrote: Hi all! I have authentication problems with samba + ldap. When I populate the list through smbldap-populate.pl a administrator account was created. I asume this is the same account as rootdn cn=Manager,dc=dbb,dc=su,dc=se. With the same password, right? No. Administrator is just plain unix and samba account. Why not just set new password for this account ? --beast -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Re: Authentification in windows ads 2003
I commented the following lines in the krb5.conf # default_tgs_enctypes = des3-hmac-sha1 des-cbc-crc des-cbc-md5 # default_tkt_enctypes = des3-hmac-sha1 des-cbc-crc des-cbc-md5 # permitted_enctypes = des3-hmac-sha1 des-cbc-crc des-cbc-md5 The problem is still the same. After i tried to log in the share of samba, i get in the smbd log: smbd version 3.0.4 started. Copyright Andrew Tridgell and the Samba Team 1992-2004 [2004/06/10 12:00:35, 0] lib/util_sock.c:get_peer_addr(978) getpeername failed. Error was Transport endpoint is not connected and in the winbindd.log winbindd version 3.0.4 started. Copyright The Samba Team 2000-2004 [2004/06/10 12:00:16, 1] nsswitch/winbindd_util.c:add_trusted_domain(180) Added domain CAR CAR.BE.ZETES.COM.LOCAL S-0-0 [2004/06/10 12:00:16, 1] libsmb/clikrb5.c:ads_krb5_mk_req(306) krb5_cc_get_principal failed (No credentials cache found) [2004/06/10 12:00:17, 1] nsswitch/winbindd_util.c:add_trusted_domain(180) Added domain BUILTIN S-1-5-32 [2004/06/10 12:00:17, 1] nsswitch/winbindd_util.c:add_trusted_domain(180) Added domain RANTANPLAN S-1-5-21-837388855-3362161430-1770541169 [2004/06/10 12:05:01, 1] nsswitch/winbindd_group.c:winbindd_getgroups(1032) user 'root' does not exist Any idea? Thnx Benoit -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Winbind - More Info
Ok.. I figured a lot of this out... But I am lost on how to keep the UID and GIDs identical. How do I make sure system A uses the same IDs that system B will use? winbind with idmap (see Samba HOWTO Collection) or better yet, NSS with an LDAP backend. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] info for samba between linux and win98
Goodmorning. I need to connect a win98SE with a linux suse 7.3 with samba 2.2 server. I have write the smb.conf and testparm results ok. If i write security = share in smb.conf, i can access the linux directory without password request, but if i write security = user (to obtain authentication of user) i cannot connect to it, when i want map linux directory as disk (because it ask to me the password and answers incorrect password). I set the win98SE registry value to 1 (for explain password), as raccomended by samba. I set then personalized access client of win98 to nt domain and specified domain (the same of linux). I would like know as i can obtein authentication from linux system when i logon from win98SE (personalized access client as predefinied client). do i the correct procedure (set personalized access client as default with nt domain specified)? Please give me help (what can i do or set ) or documents that i can read to resolve this problem. Tank you Antonio -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] samba + ldap authentication
Peter Nyberg wrote: Hi again! I did the following: [EMAIL PROTECTED]:/usr/local/sbin# smbldap-passwd.pl administrator Changing password for administrator New password : xx Retype new password : xxx [EMAIL PROTECTED]:/usr/local/samba/bin# ./net rpc group LIST global -U administrator Password: xxx The username or password was not correct. Try to get some info for this user first. root# pdbedit -L -v administrator is this mapped account? -- --beast -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] samba + ldap authentication
Peter Nyberg wrote: here's an output. I don't know if one can see anything wrong here. I don't have the account administrator in the /etc/passwd. Only in ldap. [EMAIL PROTECTED]:/usr/local/sbin# ./smbldap-usershow.pl administrator dn: uid=Administrator,ou=Users,dc=dbb,dc=su,dc=se cn: Administrator sn: Administrator objectClass: inetOrgPerson,sambaSamAccount,posixAccount gidNumber: 512 uid: Administrator uidNumber: 998 homeDirectory: /home/Users/ sambaPwdLastSet: 0 sambaLogonTime: 0 sambaLogoffTime: 2147483647 sambaKickoffTime: 2147483647 sambaPwdCanChange: 0 sambaPwdMustChange: 2147483647 sambaHomePath: \\s2\home\Users sambaHomeDrive: H: sambaProfilePath: \\s2\home\profiles\ sambaPrimaryGroupSID: S-1-5-21-1027936538-659792286-2162639956-512 sambaLMPassword: XXX sambaNTPassword: XXX Oops, did not see your recent post,sorry. This both attributes should not contain XXX, this means your previous smbldappasswd command did not works. Try using smbpasswd administrator or direct modify to ldap entry. -- --beast -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] samba + ldap authentication
Quoting Beast [EMAIL PROTECTED]: Peter Nyberg wrote: here's an output. I don't know if one can see anything wrong here. I don't have the account administrator in the /etc/passwd. Only in ldap. [EMAIL PROTECTED]:/usr/local/sbin# ./smbldap-usershow.pl administrator dn: uid=Administrator,ou=Users,dc=dbb,dc=su,dc=se cn: Administrator sn: Administrator objectClass: inetOrgPerson,sambaSamAccount,posixAccount gidNumber: 512 uid: Administrator uidNumber: 998 homeDirectory: /home/Users/ sambaPwdLastSet: 0 sambaLogonTime: 0 sambaLogoffTime: 2147483647 sambaKickoffTime: 2147483647 sambaPwdCanChange: 0 sambaPwdMustChange: 2147483647 sambaHomePath: \\s2\home\Users sambaHomeDrive: H: sambaProfilePath: \\s2\home\profiles\ sambaPrimaryGroupSID: S-1-5-21-1027936538-659792286-2162639956-512 sambaLMPassword: XXX sambaNTPassword: XXX Oops, did not see your recent post,sorry. This both attributes should not contain XXX, this means your previous smbldappasswd command did not works. Try using smbpasswd administrator or direct modify to ldap entry. -- --beast I did the following: [EMAIL PROTECTED]:/usr/local/samba/bin# ./smbpasswd administrator New SMB password: Retype new SMB password: [EMAIL PROTECTED]:/usr/local/samba/bin# And now: [EMAIL PROTECTED]:/usr/local/samba/bin# ./pdbedit administrator Administrator:4294967295:Administrator And: [EMAIL PROTECTED]:/usr/local/sbin# ./smbldap-usershow.pl administrator dn: uid=Administrator,ou=Users,dc=dbb,dc=su,dc=se cn: Administrator sn: Administrator objectClass: inetOrgPerson,sambaSamAccount,posixAccount gidNumber: 512 uid: Administrator uidNumber: 998 homeDirectory: /home/Users/ sambaLogonTime: 0 sambaLogoffTime: 2147483647 sambaKickoffTime: 2147483647 sambaPwdMustChange: 2147483647 sambaHomePath: \\s2\home\Users sambaHomeDrive: H: sambaProfilePath: \\s2\home\profiles\ sambaPrimaryGroupSID: S-1-5-21-1027936538-659792286-2162639956-512 sambaAcctFlags: [U ] sambaSID: S-1-5-21-1027936538-659792286-2162639956-2996 loginShell: /bin/false gecos: Netbios Domain Administrator sambaLMPassword: 176D7D7C26BFB683AAD3B435B51404EE sambaNTPassword: 2C925CDF69D46A468291C454DEF9CE18 sambaPwdCanChange: 1086864688 sambaPwdLastSet: 1086864688 userPassword: {SMD5}+Ne1vmD3C1zlF/fqRjedOWIngzM= [EMAIL PROTECTED]:/usr/local/sbin# cd ../samba/bin/ But still: [EMAIL PROTECTED]:/usr/local/samba/bin# ./net rpc group LIST global -U administrator Password: The username or password was not correct. I have force TLS in my slapd.conf, but in my smb.conf I have passdb backend = ldapsam:ldap://s2.dbb.su.se Do you think it should be passdb backend = ldapsam:ldaps://s2.dbb.su.se I'm a newbie on both samba and ldap so I'm not sure how to change a password dirrectly into ldap database. I did a: [EMAIL PROTECTED]:/usr/bin# ./ldappasswd administrator ldap_bind: Confidentiality required (13) additional info: TLS confidentiality required [EMAIL PROTECTED]:/usr/bin# That why I think the ldaps thing. I'll try it now and restart samba. No, still the same [EMAIL PROTECTED]:/usr/bin# ./ldappasswd administrator ldap_bind: Confidentiality required (13) additional info: TLS confidentiality required I really have to thank you for your time! -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] smbclient RAP code 143
i am trying to print to a networked printer through my linux firewall from my windblows machine on a subnet. does anyone have suggestions as to what i am doing incorrectly? $# smbclient -L printserver -U myusername -d 3 Initialising global parameters params.c:pm_process() - Processing configuration file /etc/samba/smb. conf Processing section [global] added interface ip=10.20.1.158 bcast=10.20.1.255 nmask=255.255.255.0 added interface ip=127.0.0.1 bcast=127.0.0.255 nmask=255.255.255.0 Client started (version 2.2.3a-12.3 for Debian). resolve_lmhosts: Attempting lmhosts lookup for name printserver0x20 resolve_hosts: Attempting host lookup for name printserver0x20 Connecting to 10.20.5.65 at port 139 session request to PRIINTSERVER failed (RAP code 143) resolve_lmhosts: Attempting lmhosts lookup for name printserver0x20 resolve_hosts: Attempting host lookup for name printserver0x20 Connecting to 10.20.5.65 at port 139 Sharename Type Comment - --- PRINTERPrinter IPC$ IPC 0GD1610.20.5.65 Server Comment ---- WorkgroupMaster ---- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] passwd chat parameter %o
Hi, with samba-3.0.4 i try to sync the unix-password with samba. But it does not work, because the passwd program failed. It looks like, the variable %o does not work anymore: Does anybody has an idea? here is my config and the log: [global] unix password sync = yes passwd program = /usr/bin/passwd %u passwd chat = *password* %o\n *password* %n\n *password* %n\n *changed* [2004/06/10 14:15:20, 3] smbd/chgpasswd.c:chat_with_program(425) chat_with_program: Dochild for user jal (uid=0,gid=0) (as_root = Yes) [2004/06/10 14:15:20, 10] smbd/chgpasswd.c:dochild(218) Invoking '/usr/bin/passwd jal' as password change program. [2004/06/10 14:15:20, 10] lib/util_sock.c:read_socket_with_timeout(288) read_socket_with_timeout: timeout read. select timed out. [2004/06/10 14:15:20, 100] smbd/chgpasswd.c:expect(275) expect: expected [*password*] received [Changing password for jal. Enter login(LDAP) password: ] match yes [2004/06/10 14:15:20, 10] smbd/chgpasswd.c:expect(286) expect: returning True [2004/06/10 14:15:20, 100] smbd/chgpasswd.c:expect(238) expect: sending [ ] [2004/06/10 14:15:20, 10] lib/util_sock.c:read_socket_with_timeout(288) read_socket_with_timeout: timeout read. select timed out. [2004/06/10 14:15:20, 100] smbd/chgpasswd.c:expect(275) expect: expected [*password*] received [ Password change aborted Enter login(LDAP) password: ] match yes [2004/06/10 14:15:20, 10] smbd/chgpasswd.c:expect(286) expect: returning True [2004/06/10 14:15:20, 100] smbd/chgpasswd.c:expect(238) expect: sending [test1 ] [2004/06/10 14:15:20, 10] lib/util_sock.c:read_socket_with_timeout(288) read_socket_with_timeout: timeout read. select timed out. [2004/06/10 14:15:20, 100] smbd/chgpasswd.c:expect(275) expect: expected [*password*] received [ LDAP Password incorrect: try again Enter login(LDAP) password: ] match yes [2004/06/10 14:15:20, 10] smbd/chgpasswd.c:expect(286) expect: returning True [2004/06/10 14:15:20, 100] smbd/chgpasswd.c:expect(238) expect: sending [test1 ] [2004/06/10 14:15:22, 10] lib/util_sock.c:read_socket_with_timeout(288) read_socket_with_timeout: timeout read. select timed out. [2004/06/10 14:15:22, 100] smbd/chgpasswd.c:expect(275) expect: expected [*changed*] received [ LDAP Password incorrect: try again Enter login(LDAP) password: ] match no [2004/06/10 14:15:22, 2] smbd/chgpasswd.c:expect(281) expect: Success [2004/06/10 14:15:22, 3] smbd/chgpasswd.c:talktochild(312) Response 4 incorrect [2004/06/10 14:15:22, 3] smbd/chgpasswd.c:chat_with_program(368) chat_with_program: Child failed to change password: jal -- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Help configuring samba
We are trying to configure samba to allow 3 users to connect using the Unix Guest account. We would like to prevent any other users from using the Guest account to connect to SAMBA. Is there any way of configuring samba to recognise which PC is attempting to connect as guest ? When the user has connected as guest we would like it to assume the access level of another unix user account. We don't want to create unix accounts for each user that is allowed to connect to the server. Any help appreciated Thanks Ian . -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] SAMBA installation
hi, just wanted to introduce myself. My company is currently running a very old version of Samba - 2.0.7. I have been upgrading our UNIX systems this past month and have reached Samba. I know, if this is anything like the past upgrades over the last few weeks, I will need some support. Nothing has installed successfully the first time around. I downloaded version 3.0.4 and will be installing today. I have an AIX machine running Unix 5.2. Just a heads up. Thank you for your help, Jessica Dietrich TSYS, Specialty Services Senior Client Server Programmer Analyst Phone: 770.745.5701 Fax: 770.739.8173 # Note: This message is for the named person's use only. It may contain confidential, proprietary or legally privileged information. No confidentiality or privilege is waived or lost by any mistransmission. If you receive this message in error, please immediately delete it and all copies of it from your system, destroy any hard copies of it and notify the sender. You must not, directly or indirectly, use, disclose, distribute, print, or copy any part of this message if you are not the intended recipient. TSYS and any of its subsidiaries each reserve the right to monitor all e-mail communications through its networks. Any views expressed in this message are those of the individual sender, except where the message states otherwise and the sender is authorized to state them to be the views of any such entity. Thank You. # -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] security = ads: problem join XP Pro?
Hi Paul, Where are you getting with adding the machines? You should get a posix user added with machinename$ for the uid, then that user will be modified to include the sambaSamAccount data. That's what I got when I tried joining the domain while security was set to domain. However, I've not been able to retest this with security set to user as you suggested. My test workstation hard disk crashed yesterday. I'm expecting my replacement drive tomorrow so I should be able to test this during the weekend. I would suggest these for 'official' resources: http://us2.samba.org/samba/docs/man/howto/samba-pdc.html* *and http://us2.samba.org/samba/docs/man/guide/ ** I'll have a look at those. Until now, I've use the Samba by example and that's where I got the security = ads which seems to be the cause of my problem. there are a couple of comments below: Yes, the smbldap-tools are installed and working. I've also setted the secret with smbpasswd -w. As I said, the join worked after I tried security = domain. I'm pretty sure it will work as well with security = user. I just have to wait for my new hard disk... I'll keep you posted as soon as I'm having tested it. Have a nice day. Etienne-Hugues -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Samba installation
hi, just wanted to introduce myself. My company is currently running a very old version of Samba - 2.0.7. I have been upgrading our UNIX systems this past month and have reached Samba. I know, if this is anything like the past upgrades over the last few weeks, I will need some support. Nothing has installed successfully the first time around. I downloaded version 3.0.4 and will be installing today. I have an AIX machine running Unix 5.2. Just a heads up. Thank you for your help, Jessica Dietrich TSYS, Specialty Services Senior Client Server Programmer Analyst Phone: 770.745.5701 Fax: 770.739.8173 # Note: This message is for the named person's use only. It may contain confidential, proprietary or legally privileged information. No confidentiality or privilege is waived or lost by any mistransmission. If you receive this message in error, please immediately delete it and all copies of it from your system, destroy any hard copies of it and notify the sender. You must not, directly or indirectly, use, disclose, distribute, print, or copy any part of this message if you are not the intended recipient. TSYS and any of its subsidiaries each reserve the right to monitor all e-mail communications through its networks. Any views expressed in this message are those of the individual sender, except where the message states otherwise and the sender is authorized to state them to be the views of any such entity. Thank You. # -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Samba installation
Please let me know if you are receiving my emails. I am getting SPAM notifications. Thanks. Jessica Dietrich TSYS, Specialty Services Senior Client Server Programmer Analyst Phone: 770.745.5701 Fax: 770.739.8173 -Original Message- From: Jessica Dietrich Sent: Thursday, June 10, 2004 08:56 AM To: '[EMAIL PROTECTED]' Subject: Samba installation hi, just wanted to introduce myself. My company is currently running a very old version of Samba - 2.0.7. I have been upgrading our UNIX systems this past month and have reached Samba. I know, if this is anything like the past upgrades over the last few weeks, I will need some support. Nothing has installed successfully the first time around. I downloaded version 3.0.4 and will be installing today. I have an AIX machine running Unix 5.2. Just a heads up. Thank you for your help, Jessica Dietrich TSYS, Specialty Services Senior Client Server Programmer Analyst Phone: 770.745.5701 Fax: 770.739.8173 # Note: This message is for the named person's use only. It may contain confidential, proprietary or legally privileged information. No confidentiality or privilege is waived or lost by any mistransmission. If you receive this message in error, please immediately delete it and all copies of it from your system, destroy any hard copies of it and notify the sender. You must not, directly or indirectly, use, disclose, distribute, print, or copy any part of this message if you are not the intended recipient. TSYS and any of its subsidiaries each reserve the right to monitor all e-mail communications through its networks. Any views expressed in this message are those of the individual sender, except where the message states otherwise and the sender is authorized to state them to be the views of any such entity. Thank You. # -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Clustered Samba print shares
Hi Tim, I've got Samba 3.0 configured on VCS and Sun Cluster and all works fine (both active/passive). I encounrter no problem setting the netbios name as the same on each system (providing you don't ever start both simultaneously). Only thing I did to make things run smoothly was configure interfaces to use an ip address associated with the cluster virtual server. I haven't duplicated secrests.tdb between the systems. If you can be more specific about the problems you are seeing maybe I can help a bit more, thanks Andy. I hope someone can shed some light on this. I've posted this before but I'm still looking for an answer. Basically, I'm looking for help in configuring Samba 3.02a in an active/passive cluster (failover). Currently I have two nodes running Solaris 8. Only one is active at a time. The active node is running Samba. It's netbios name is printserver1. Printerserver1 is also DNS name of the virtual IP that I failover between nodes. I added this node to our NT 4.0 domain and all is well. The print spool directory is a shared disk that is also failed over between nodes. The failover process itself (using VCS) works fine and is fairly quick. However, I currently have the second nodes Netbios name set to Printerserver2. This was because I ran into issues trying to use the same name as the other node. At one point, I tried coping over the secrets.tdb file from Printerserver1 to Printerserver2 and then failing over the cluster. This didn't work either (bad secret when running wbinfo -t). What am I missing? Seems like some of you have had success with this? Thanks, Tim -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba BBCi at http://www.bbc.co.uk/ This e-mail (and any attachments) is confidential and may contain personal views which are not the views of the BBC unless specifically stated. If you have received it in error, please delete it from your system. Do not use, copy or disclose the information in any way nor act in reliance on it and notify the sender immediately. Please note that the BBC monitors e-mails sent or received. Further communication will signify your consent to this. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Samba XP multip user login problem
Hi, I have a problem reg. the interconnection of Samba and XP und the Fast User switching facility of XP. Problem occurs like this: If there are more than one user logged into a XP machine (i.e via remotedesktop/fast user switching) only the last logged in user is able to access the samba shares. The other ones are getting a window which prompts for username and password, but they will never succeed. One of the share is the home of the user and is shown as loginname in the network neighborhood (i.e. \\samba\USER). If there are more than one logged into the XP machine I can see a \\samba\USER and a \\samba\nobody. So it seems that the Samba isn't able to handle more the one user per XP machine. Our setup is a little bit trocky but not too much. We are using Samba 2.2.8a and a XP machine as password server. Does anybody knows about restrictions/problems regarding this setup or multiple user logged into an XP machine? Under native XP file sharing it is possible to change the user and to connect to the same XP-share from different accounts on the same machine. Thanks in advance. Sven Hahlbrock -- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] NMBD dies off
using latest binaries this program dies off, I read somewhere this was fixed in this version 3.0.4 ? but still dies ? -- Regards, Res -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Samba Auditing
Hi, I have installed samba 3.0.4 on Redhat 9 with security = user , I would like to enable auditing which should only display which user has deleted files in a particular share, I have tried installing VFS Audit module, but that slow down the samba server very much, I am using samba server for large users around 250 users access resources on Samba server. Please help me out in setting up Auditing feature. Thanks, Honey -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] I couldn't install automatically the driver HP LaserJet 4050 Series PS on Windows 98
I've 2 machines : one is a samba server and one is client where I have installed Windows 2000/XP/98. On my samba server, the driver HP Color LaserJet 4600 PS and the driver HP LaserJet 4050 Series PS are correctly installed. Then, the files of the driver HP Color LaserJet 4600 PS are in the location /var/lib/samba/printers/W32X86/3 and the files of the driver HP LaserJet 4050 Series PS are in the location /var/lib/samba/printers/WIN40/0. My samba server run fine. On my machine client, I couldn't install automatically the driver HP LaserJet 4050 Series PS on Windows 98. But I could install automatically the driver HP Color LaserJet 4600 PS on Windows 2000/XP. Can you help me, please. thanks. -- ___ Sign-up for Ads Free at Mail.com http://promo.mail.com/adsfreejump.htm -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] ACL Propagation problem
Using Samba 3.0.2a with acl support. My problem is as follows: When using the Windows ACL editor (security tab in folder properties) on a folder, if you set the check boxes for full control (or any combination or permissions) for a user, the Posix acl's are set for both the user, and the default user. This in itself is fine, because it causes newly created folders, and files to inherit access ACL's based on the Default ACL above it. My problem is that if you change the permissions on a folder (again, from windows), say, adding a new user to the ACL (and thus adding both an Access and Default POSIX ACL), the new ACL (and all other ACL's on the folder) will propagate down to all the subdirectories (I didn't have replace permissions on subdirectories checked in windows). This means that if there were a folder beneath the one being edited that had stricter security, the security would be opened up to anyone on the higher level ACL. This behavior does not happen if I use setfacl to set the same ACL's, it only happens with the windows ACL editor. My smb.conf is quite long, but here are what I think the important directives are: nt acl support = Yes inherit permissions = No inherit acls = No map acl inherit = Yes or No (didn't matter to this problem) Didn't see anything in the changelogs for Samba that suggest that upgrading will help me, but I will upgrade if that will fix it. Any other solutions will be welcomed with a hearty thanks!. Alex Laslavic Havertys Tech Services -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Password History
I have a Samba 3.0.4 test server running on Fedora Core 1 to test the functionality of the new version. We will be moving from 2.2x to version 3 soon and everything looks great and is working great on the test server except for one thing. I was messing around with the password history option and after changing it I can no longer change my passwords. I get the error message Your password must be X characters and cannot repeat any of your previous 0 passwords. This is on a windows 2k machine. I really don't care that it doesn't work or has not been implemented yet since I'm just testing, but when I try and turn it off with pdbedit -P password history -C 0 . it does not turn it off or reset whatever it needs to reset. I've also tried to turn it off through usrmgr in windows, but no help. My question is how do you turn password history off? Thanks for any help matt -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: Authentification in windows ads 2003
I found something very intresting about the encryptions type with kerberos and w2k3 issues. The Microsoft Windows Server 2003 Key Distribution Center (KDC) uses the strongest encryption type (etype) available to encrypt service tickets. If a client requests etype DES-CBC-CRC, the KDC encrypts tickets with RC4_HMAC_NT. If the client does not understand this etype, the service ticket is unusable. http://support.microsoft.com/default.aspx?scid=kb;en-us;833708 However, i have no more error msg in the logs, but i still cannot access to the linux's share. Everything is successful in the event viewer of the domain controller Here are the logs (i put in lvl 5 for logging): *log.smbd* [2004/06/10 16:31:12, 5] libsmb/trustdom_cache.c:trustdom_cache_store(125) trustdom_store: storing SID S-1-5-21-3240427509-3552638280-2529748619 of domain ZSCARDS rantanplan:/usr/share/krb5# tail -n 50 /var/log/samba/log.smbd [2004/06/10 16:31:24, 5] lib/util_sock.c:print_socket_options(130) socket option IPTOS_LOWDELAY = 0 [2004/06/10 16:31:24, 5] lib/util_sock.c:print_socket_options(130) socket option IPTOS_THROUGHPUT = 0 [2004/06/10 16:31:24, 5] lib/util_sock.c:print_socket_options(130) socket option SO_SNDBUF = 16384 [2004/06/10 16:31:24, 5] lib/util_sock.c:print_socket_options(130) socket option SO_RCVBUF = 87380 [2004/06/10 16:31:24, 5] lib/util_sock.c:print_socket_options(130) socket option SO_SNDLOWAT = 1 [2004/06/10 16:31:24, 5] lib/util_sock.c:print_socket_options(130) socket option SO_RCVLOWAT = 1 [2004/06/10 16:31:24, 5] lib/util_sock.c:print_socket_options(130) socket option SO_SNDTIMEO = 0 [2004/06/10 16:31:24, 5] lib/util_sock.c:print_socket_options(130) socket option SO_RCVTIMEO = 0 [2004/06/10 16:31:24, 5] passdb/pdb_interface.c:make_pdb_context_list(763) Trying to load: tdbsam [2004/06/10 16:31:24, 5] passdb/pdb_interface.c:smb_register_passdb(93) Attempting to register passdb backend ldapsam [2004/06/10 16:31:24, 5] passdb/pdb_interface.c:smb_register_passdb(106) Successfully added passdb backend 'ldapsam' [2004/06/10 16:31:24, 5] passdb/pdb_interface.c:smb_register_passdb(93) Attempting to register passdb backend ldapsam_compat [2004/06/10 16:31:24, 5] passdb/pdb_interface.c:smb_register_passdb(106) Successfully added passdb backend 'ldapsam_compat' [2004/06/10 16:31:24, 5] passdb/pdb_interface.c:smb_register_passdb(93) Attempting to register passdb backend smbpasswd [2004/06/10 16:31:24, 5] passdb/pdb_interface.c:smb_register_passdb(106) Successfully added passdb backend 'smbpasswd' [2004/06/10 16:31:24, 5] passdb/pdb_interface.c:smb_register_passdb(93) Attempting to register passdb backend tdbsam [2004/06/10 16:31:24, 5] passdb/pdb_interface.c:smb_register_passdb(106) Successfully added passdb backend 'tdbsam' [2004/06/10 16:31:24, 5] passdb/pdb_interface.c:smb_register_passdb(93) Attempting to register passdb backend guest [2004/06/10 16:31:24, 5] passdb/pdb_interface.c:smb_register_passdb(106) Successfully added passdb backend 'guest' [2004/06/10 16:31:24, 5] passdb/pdb_interface.c:make_pdb_methods_name(648) Attempting to find an passdb backend to match tdbsam (tdbsam) [2004/06/10 16:31:24, 5] passdb/pdb_interface.c:make_pdb_methods_name(669) Found pdb backend tdbsam [2004/06/10 16:31:24, 5] passdb/pdb_interface.c:make_pdb_methods_name(672) pdb backend tdbsam has a valid init [2004/06/10 16:31:24, 5] passdb/pdb_interface.c:make_pdb_methods_name(648) Attempting to find an passdb backend to match guest (guest) [2004/06/10 16:31:24, 5] passdb/pdb_interface.c:make_pdb_methods_name(669) Found pdb backend guest [2004/06/10 16:31:24, 5] passdb/pdb_interface.c:make_pdb_methods_name(672) pdb backend guest has a valid init *winbind* [2004/06/10 16:35:01, 3] nsswitch/winbindd_misc.c:winbindd_interface_version(261) [ 1164]: request interface version [2004/06/10 16:35:01, 3] nsswitch/winbindd_misc.c:winbindd_priv_pipe_dir(297) [ 1164]: request location of privileged pipe [2004/06/10 16:35:01, 5] nsswitch/winbindd.c:winbind_client_read(465) read failed on sock 18, pid 1164: EOF [2004/06/10 16:35:01, 3] nsswitch/winbindd_group.c:winbindd_getgroups(1003) [ 1164]: getgroups root [2004/06/10 16:35:01, 5] passdb/pdb_interface.c:make_pdb_context_list(763) Trying to load: tdbsam [2004/06/10 16:35:01, 5] passdb/pdb_interface.c:smb_register_passdb(93) Attempting to register passdb backend ldapsam [2004/06/10 16:35:01, 5] passdb/pdb_interface.c:smb_register_passdb(106) Successfully added passdb backend 'ldapsam' [2004/06/10 16:35:01, 5] passdb/pdb_interface.c:smb_register_passdb(93) Attempting to register passdb backend ldapsam_compat [2004/06/10 16:35:01, 5] passdb/pdb_interface.c:smb_register_passdb(106) Successfully added passdb backend 'ldapsam_compat' [2004/06/10 16:35:01, 5] passdb/pdb_interface.c:smb_register_passdb(93) Attempting to register passdb backend smbpasswd [2004/06/10 16:35:01, 5] passdb/pdb_interface.c:smb_register_passdb(106)
[Samba] samba with daemontools
Hi all, I am trying to use samba with daemontools. (and it's brother runit: http://smarden.org/runit/). I do not want to talk much about runit itself. The main point is that samba *must* run in foreground mode (no fork, no detach from terminal). It is fine up to this point. I found an option '-F' and if I start with smbd -F It will run in foreground so it's OK. But I want to use runit for logging too. This way the logging info needs to be written to a terminal (not a file) smbd's manpage says: -S If specified, this parameter causes smbd to log to standard output rather than a file. So I expected that with this option it will write the *same* to STDOUT as usually it written to a (log)file. But it is not! Very little output only. It seems that smbd ignores the loglevel settings in smbd.conf when I invoke with '-S'. If I raise the debuglevel with '-d' it produces some output but it is not the same AFAIK as loglevel. I have log level = 1 in smb.conf I see no way to specify loglevel from command line (in fact I do not want to I want to use the value from smb.conf) Is there a way to solve this or the inbuilt logging mechanism can be only used? Thanks, in advance. PS: I use Samba 3.2 (compiled by me) -- cstamas -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] reloading group member from LDAP
Hello, I use samba 3.0.4 with LDAP backend and ACL, I have no problem. But I see a small problem and I suggest a solution. I explain by an example : I have a user toto, he ask to me to access to two folder (erp01 and crm02). The ACL of erp01 is grp_erp01 rwx The ACL of crm02 is user_bla rx, user_blo, rwx The first directory is managed by a group and the second directly with user list. I going to my LDAP server and I add a memberUid ( = toto) to grp_erp01 and I add a user to my ACL of crm02. If I call toto for says Ok, you can work, toto will see only crm02, no erp01. Why : because smbd load group member on session setup. If a use the command 'smbcontrol pid close-share' or I use the 'kill button' of swat status, the auto-reconnection will reload the group, else not. I just suggest for 3.0.5 to add a parameter : 'reload group' or 'reload session setup' value in second and include the necessary code on smbd. Thanks Stéphane Purnelle -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] All I want!!!! (Winbind)
Well, I am a bit confused. I am DESPRATE to get winbind to use the same GID and UIDs on several machines... But I am having a headache doing it. I need to run an LDAP server, I guess, so I put one together with the most basic things. But I just simply can't get it to run. Is there any site or document I can read that will show a most basic LDAP setup that would run my idmaps? I just need LDAP for this simple task. Thanks, JMS -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Domain problem with NT4 Samba 3.0.2a
All, I really need some help. I'm putting samba up on a new windows domain called SIERRA. I'm using Samba 3.0.2a on Solaris 8. I'm barely knowledgeable on Windows NetBIOS... but am good with Solaris. The status is that I've got the daemons running and working normally. I have 1 desktop with 1 PDC 1 BDC in the SIERRA domain. On the desktop, I can see both DC's but not the samba server. As a non-priviledged account, when I issue a smbclient -L moon I get the following output: moon:/home/burkharr smbclient -L moon Password: Anonymous login successful Domain=[SIERRA] OS=[Unix] Server=[Samba 3.0.2a] Sharename Type Comment - --- rcbtest Disk Spike's testing IPC$ IPC IPC Service (Samba 3.0.2a) ADMIN$IPC IPC Service (Samba 3.0.2a) Domain=[WORKGROUP] OS=[SunOS 5.8 sun4u] Server=[LAN Manager 2.1] tree connect failed: ERRSRV - ERRbadpw (Bad password - name/password pair in a Tree Connect or Session Setup are invalid.) NetBIOS over TCP disabled -- no workgroup available When I issue the same command substituting localhost for moon I get the following output: moon:/home/burkharr smbclient -L localhost Password: Anonymous login successful Domain=[SIERRA] OS=[Unix] Server=[Samba 3.0.2a] Sharename Type Comment - --- rcbtestDisk Spike's testing IPC$ IPC IPC Service (Samba 3.0.2a) ADMIN$IPC IPC Service (Samba 3.0.2a) Anonymous login successful Domain=[SIERRA] OS=[Unix] Server=[Samba 3.0.2a] Server Comment ---- EPN32-237 MOON Samba 3.0.2a ROHAN SHADOWFAX WorkgroupMaster ---- SIERRAMOON Notice that I don't get any NetBIOS errors which makes sense because I'm not going out on the network. Here's my smb.conf file: moon:/home/burkharr more /apps/samba/lib/smb.conf # Global parameters [global] workgroup = SIERRA netbios name = moon security = SERVER encrypt passwords = Yes password server = rohan shadowfax wins server = 172.22.2.251 password level = 8 #admin log = Yes log level = 1 log file = /var/samba/log/log.%m create mask = 775 [rcbtest] comment = Spike's testing path = /dbd00/spike valid users = @webadmin force group = webadmin create mask = 740 writeable = Yes Any thoughts? Thanks for your help. spike -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Re: Request patch for samba 2.2.2
On Tue, Jun 08, 2004 at 11:57:26PM -0700, Richard Sharpe wrote: On Tue, 8 Jun 2004, Udomchai Srisuk (LAD:1Logic) wrote: I'm request patch for samba 2.2.2 on Sun Server (Solaris) There is no such patch. Since you ask for a patch, you most likely are happy to work with source. You should upgrade to 3.0.4, but if you must continue with the 2.2.x stream, then you should move to 2.2.9. Could it be a Sun patch for Solaris? -- Implementing CIFS - the Common Internet FileSystem ISBN: 013047116X Samba Team -- http://www.samba.org/ -)- Christopher R. Hertel jCIFS Team -- http://jcifs.samba.org/ -)- ubiqx development, uninq. ubiqx Team -- http://www.ubiqx.org/ -)- [EMAIL PROTECTED] OnLineBook -- http://ubiqx.org/cifs/-)- [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE: [Samba] All I want!!!! (Winbind)
Here is the smb.conf entry (the LDAP thing isn't working, so I am trying to diagnose) # Global parameters [global] # LDAP Configuration idmap backend = ldap:ldap://master.eng.deltad.com ldap suffix = dc=softeng,dc=com ldap idmap suffix = ou=Idmap ldap admin dn = cn=Manager,dc=softeng,dc=com log level = 10 workgroup = ENG security = DOMAIN map to guest = Bad User wins server = 192.168.8.2 ldap ssl = no winbind enum users = yes winbind enum groups = yes idmap uid = 1-2 idmap gid = 1-2 template homedir = /mhome/%U template shell = /bin/bash winbind use default domain = Yes printer admin = @ntadmin, root, administrator use sendfile = Yes cups options = raw [homes] comment = Home Directories valid users = %S read only = No browseable = No Anything visibly wrong? Thanks, JMS -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Josh Skains Sent: Thursday, June 10, 2004 8:51 AM To: [EMAIL PROTECTED] Subject: [Samba] All I want (Winbind) Well, I am a bit confused. I am DESPRATE to get winbind to use the same GID and UIDs on several machines... But I am having a headache doing it. I need to run an LDAP server, I guess, so I put one together with the most basic things. But I just simply can't get it to run. Is there any site or document I can read that will show a most basic LDAP setup that would run my idmaps? I just need LDAP for this simple task. Thanks, JMS -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] And the LDIF thing
Sorry.. One more email.. I tried to create the IDMAP container on the LDAP with an example I found: dn: ou=Idmap,dc=softeng,dc=com objectClass: organizationalUnit ou: idmap structuralObjectClass: organizationalUnit and it gives: adding new entry ou=Idmap,dc=softeng,dc=com ldap_add: Constraint violation additional info: structuralObjectClass: no user modification allowed ldif_record() = 19 Just seems so complicated just to sync the UID and GID maps across unix systems. :(... Why can't I just use some NFS share and a database JMS -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Domain problem with NT4 Samba 3.0.2a
The first thing that jumps out at me is the line beginning with Domain=[WORKGROUP] in the results of 'smbclient -L moon. It appears to me that in looking for the browse list, your user may be attempting to authenticate against the local smbpasswd database instead of authenticating against the PDC or BDC. A bug, a feature, or a misunderstanding? I don't know. Have you joined this server to the domain? You'll want to read this section of the Samba 3 HOWTO if you haven't already: http://us2.samba.org/samba/docs/man/howto/domain-member.html#domain-member-server This section says to use Security = DOMAIN instead of Security = SERVER, and explains why. Looking at your smb.conf, it looks like you're on the right track. I'd recommend investigating winbind to create users on the fly when auth'd against the domain controller. As samba still requires a local user database, winbind and appropriate scripts will automatically maintain this local user database for you. And, of course, there's always the recommendation to go with Samba 3.0.4 (or 3.0.5 if it's out soon). --Jon Johnson Sutinen Consulting, Inc. [EMAIL PROTECTED] On Thu, 10 Jun 2004, Spike Burkhardt wrote: All, I really need some help. I'm putting samba up on a new windows domain called SIERRA. I'm using Samba 3.0.2a on Solaris 8. I'm barely knowledgeable on Windows NetBIOS... but am good with Solaris. The status is that I've got the daemons running and working normally. I have 1 desktop with 1 PDC 1 BDC in the SIERRA domain. On the desktop, I can see both DC's but not the samba server. As a non-priviledged account, when I issue a smbclient -L moon I get the following output: moon:/home/burkharr smbclient -L moon Password: Anonymous login successful Domain=[SIERRA] OS=[Unix] Server=[Samba 3.0.2a] Sharename Type Comment - --- rcbtest Disk Spike's testing IPC$ IPC IPC Service (Samba 3.0.2a) ADMIN$IPC IPC Service (Samba 3.0.2a) Domain=[WORKGROUP] OS=[SunOS 5.8 sun4u] Server=[LAN Manager 2.1] tree connect failed: ERRSRV - ERRbadpw (Bad password - name/password pair in a Tree Connect or Session Setup are invalid.) NetBIOS over TCP disabled -- no workgroup available When I issue the same command substituting localhost for moon I get the following output: moon:/home/burkharr smbclient -L localhost Password: Anonymous login successful Domain=[SIERRA] OS=[Unix] Server=[Samba 3.0.2a] Sharename Type Comment - --- rcbtestDisk Spike's testing IPC$ IPC IPC Service (Samba 3.0.2a) ADMIN$IPC IPC Service (Samba 3.0.2a) Anonymous login successful Domain=[SIERRA] OS=[Unix] Server=[Samba 3.0.2a] Server Comment ---- EPN32-237 MOON Samba 3.0.2a ROHAN SHADOWFAX WorkgroupMaster ---- SIERRAMOON Notice that I don't get any NetBIOS errors which makes sense because I'm not going out on the network. Here's my smb.conf file: moon:/home/burkharr more /apps/samba/lib/smb.conf # Global parameters [global] workgroup = SIERRA netbios name = moon security = SERVER encrypt passwords = Yes password server = rohan shadowfax wins server = 172.22.2.251 password level = 8 #admin log = Yes log level = 1 log file = /var/samba/log/log.%m create mask = 775 [rcbtest] comment = Spike's testing path = /dbd00/spike valid users = @webadmin force group = webadmin create mask = 740 writeable = Yes Any thoughts? Thanks for your help. spike -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE: [Samba] And the LDIF thing
Hi Josh, I have sympathy for your position, I have been through the same exersize myself. I used SunONE LDAP server so can't provide you a how to from that. First thing I would say is if you want to achieve a central idmap database then, as you know, the only currently supported way to do this is with LDAP. LDAP is not a trivial thing to deal with and if you go down this route you really need to accept it'll take time and effort to get something you understand properly (to provide a robust solution). I think the dev guys are looking at alternatives as many people have complained that being forced to use LDAP isn't ideal, but until then... Most of your config looks fine from a Samba point of view, with regards creating your OU (which of course must exist or nothing will work). But I can't say I've come across structrualObjectClass before have you tried adding an object without like: dn: ou=Idmap,dc=softeng,dc=com objectClass: organizationalUnit ?? cheers Andy. BBCi at http://www.bbc.co.uk/ This e-mail (and any attachments) is confidential and may contain personal views which are not the views of the BBC unless specifically stated. If you have received it in error, please delete it from your system. Do not use, copy or disclose the information in any way nor act in reliance on it and notify the sender immediately. Please note that the BBC monitors e-mails sent or received. Further communication will signify your consent to this. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] And the LDIF thing
Sorry.. One more email.. I tried to create the IDMAP container on the LDAP with an example I found: dn: ou=Idmap,dc=softeng,dc=com objectClass: organizationalUnit ou: idmap structuralObjectClass: organizationalUnit Try dopping the structuralObjectClass line, or either use objectclass OR structuralObjectClass. You haven't said what DSA or version of DSA your using. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Re: Clustered Samba print shares
Hi Andy, Thanks for the quick response. I think I've tried that, but we were struggling to get active/active going for so long that I'm not sure I didn't have something else causing the problem when I set it that way. We were going to copy the secrets.tdb file over and set the mac address to appear the same for the virtual IP on both hosts. However, I think I'll try your suggestion again. One question, though (maybe a dumb one). You say you didn't copy over the secrets.tdb file. So are you saying your other node doesn't have this file at all or were you able to register/add both nodes to the domain under the same netbios name? I'll let you know what happens. Thanks again for the quick response. -Tim -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE: [Samba] And the LDIF thing
I did drop it and it added.. # extended LDIF # # LDAPv3 # base dc=softeng,dc=com with scope sub # filter: (objectclass=*) # requesting: ALL # # softeng.com dn: dc=softeng,dc=com objectClass: dcObject objectClass: organization o: Software Engineering dc: softeng # Manager, softeng.com dn: cn=Manager,dc=softeng,dc=com objectClass: organizationalRole cn: Manager # Idmap, softeng.com dn: ou=Idmap,dc=softeng,dc=com objectClass: organizationalUnit ou: idmap # search result search: 2 result: 0 Success # numResponses: 4 # numEntries: 3 But now when I do a getent passwd, I get: Jun 10 02:31:05 wwweng1 winbindd[4233]: ldap_allocate_id: single sambaUnixIdPool object not found Jun 10 02:31:05 wwweng1 winbindd[4233]: [2004/06/10 02:31:05, 0] sam/idmap_ldap.c:ldap_allocate_id(413) Jun 10 02:31:05 wwweng1 winbindd[4233]: [2004/06/10 02:31:05, 0] sam/idmap_ldap.c:ldap_get_id_from_sid(621) Jun 10 02:31:05 wwweng1 winbindd[4233]: ldap_allocate_id: cannot acquire id lock! and the getent returns nothing from winbind. When I remove the ldap entries from smb.conf, the getnet command works fine. (so winbind is working) As for DSA, I am not sure what you mean. I am doing nothing fancy like SSL or the like. Thanks, JMS P.S. My SLDAP.CONF: # Define global ACLs to disable default read access. # Do not enable referrals until AFTER you have a working directory # service AND an understanding of referrals. #referral ldap://root.openldap.org #pidfile//var/run/slapd.pid #argsfile //var/run/slapd.args # Create a replication log in /var/lib/ldap for use by slurpd. #replogfile /var/lib/ldap/master-slapd.replog # Load dynamic backend modules: # modulepath/usr/sbin/openldap # moduleloadback_ldap.la # moduleloadback_ldbm.la # moduleloadback_passwd.la # moduleloadback_shell.la # # The next two lines allow use of TLS for connections using a dummy test # certificate, but you should generate a proper certificate by changing to # /usr/share/ssl/certs, running make slapd.pem, and fixing permissions on # slapd.pem so that the ldap user or group can read it. # TLSCertificateFile /usr/share/ssl/certs/slapd.pem # TLSCertificateKeyFile /usr/share/ssl/certs/slapd.pem # # Sample Access Control # Allow read access of root DSE # Allow self write access # Allow authenticated users read access # Allow anonymous users to authenticate # #access to dn= by * read #access to * # by self write # by users read # by anonymous auth # # if no access controls are present, the default is: # Allow read by all # # rootdn can always write! ### # ldbm database definitions ### databaseldbm suffix dc=softeng,dc=com rootdn cn=Manager,dc=softeng,dc=com rootpw {SSHA}l3niIBoW8kJe1gEzqK5VW426vNh+PW69 directory /var/lib/ldap # Indices to maintain index objectClass,uid,uidNumber,gidNumber,memberUid eq index cn,mail,surname,givenname eq,subinitial # Replicas to which we should propagate changes #replica host=ldap-1.example.com:389 tls=yes # bindmethod=sasl saslmech=GSSAPI # authcId=host/[EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] 3.0.4 on AIX 5.2
Has anyone seen this error before? I'm digging into it now, but trying to save some timehave we uncovered a latent mem leak? [2004/06/10 12:05:09, 0] lib/substitute.c:alloc_sub_basic(505) alloc_sub_basic: NULL source string! This should not happen [2004/06/10 12:09:23, 0] lib/substitute.c:alloc_sub_basic(505) alloc_sub_basic: NULL source string! This should not happen [2004/06/10 12:35:00, 0] lib/substitute.c:alloc_sub_basic(505) alloc_sub_basic: NULL source string! This should not happen [2004/06/10 12:50:55, 0] lib/substitute.c:alloc_sub_basic(505) alloc_sub_basic: NULL source string! This should not happen Bill -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] And the LDIF thing
Jun 10 02:31:05 wwweng1 winbindd[4233]: ldap_allocate_id: single sambaUnixIdPool object not found Jun 10 02:31:05 wwweng1 winbindd[4233]: [2004/06/10 02:31:05, 0] sam/idmap_ldap.c:ldap_allocate_id(413) Jun 10 02:31:05 wwweng1 winbindd[4233]: [2004/06/10 02:31:05, 0] sam/idmap_ldap.c:ldap_get_id_from_sid(621) Jun 10 02:31:05 wwweng1 winbindd[4233]: ldap_allocate_id: cannot acquire id lock! and the getent returns nothing from winbind. You need to add a sambaUnixIdPool object inside of your IdMap ou. This will give samba it's starting UID number and some other things. Just make sure you have all of the required attributes filled out in that object and then samba(winbind) will start adding subobjects of it automatically when new users connect the first time. When I remove the ldap entries from smb.conf, the getnet command works fine. (so winbind is working) As for DSA, I am not sure what you mean. I am doing nothing fancy like SSL or the like. Thanks, JMS P.S. My SLDAP.CONF: # Define global ACLs to disable default read access. # Do not enable referrals until AFTER you have a working directory # service AND an understanding of referrals. #referral ldap://root.openldap.org #pidfile//var/run/slapd.pid #argsfile //var/run/slapd.args # Create a replication log in /var/lib/ldap for use by slurpd. #replogfile /var/lib/ldap/master-slapd.replog # Load dynamic backend modules: # modulepath/usr/sbin/openldap # moduleloadback_ldap.la # moduleloadback_ldbm.la # moduleloadback_passwd.la # moduleloadback_shell.la # # The next two lines allow use of TLS for connections using a dummy test # certificate, but you should generate a proper certificate by changing to # /usr/share/ssl/certs, running make slapd.pem, and fixing permissions on # slapd.pem so that the ldap user or group can read it. # TLSCertificateFile /usr/share/ssl/certs/slapd.pem # TLSCertificateKeyFile /usr/share/ssl/certs/slapd.pem # # Sample Access Control # Allow read access of root DSE # Allow self write access # Allow authenticated users read access # Allow anonymous users to authenticate # #access to dn= by * read #access to * # by self write # by users read # by anonymous auth # # if no access controls are present, the default is: # Allow read by all # # rootdn can always write! ### # ldbm database definitions ### databaseldbm suffix dc=softeng,dc=com rootdn cn=Manager,dc=softeng,dc=com rootpw {SSHA}l3niIBoW8kJe1gEzqK5VW426vNh+PW69 directory /var/lib/ldap # Indices to maintain index objectClass,uid,uidNumber,gidNumber,memberUid eq index cn,mail,surname,givenname eq,subinitial # Replicas to which we should propagate changes #replica host=ldap-1.example.com:389 tls=yes # bindmethod=sasl saslmech=GSSAPI # authcId=host/[EMAIL PROTECTED] -- Paul Gienger Office:701-281-1884 Applied Engineering Inc. Cell: 701-306-6254 Information Systems Consultant Fax: 701-281-1322 URL: www.ae-solutions.commailto:[EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] 3.0.4 on AIX 5.2
On Thu, Jun 10, 2004 at 01:50:28PM -0400, William Jojo wrote: Has anyone seen this error before? I'm digging into it now, but trying to save some timehave we uncovered a latent mem leak? [2004/06/10 12:05:09, 0] lib/substitute.c:alloc_sub_basic(505) alloc_sub_basic: NULL source string! This should not happen [2004/06/10 12:09:23, 0] lib/substitute.c:alloc_sub_basic(505) alloc_sub_basic: NULL source string! This should not happen [2004/06/10 12:35:00, 0] lib/substitute.c:alloc_sub_basic(505) alloc_sub_basic: NULL source string! This should not happen [2004/06/10 12:50:55, 0] lib/substitute.c:alloc_sub_basic(505) alloc_sub_basic: NULL source string! This should not happen gdb backtrace ? Thanks, Jeremy. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE: [Samba] And the LDIF thing
I hate to be a pain, but I am under the gun.. Could you show an example ldif on that? I am completely ldap dumb. I'd greatly appreciate it. Thanks, JMS -Original Message- From: Paul Gienger [mailto:[EMAIL PROTECTED] Sent: Thursday, June 10, 2004 11:03 AM To: Josh Skains Cc: [EMAIL PROTECTED]; [EMAIL PROTECTED] Subject: Re: [Samba] And the LDIF thing Jun 10 02:31:05 wwweng1 winbindd[4233]: ldap_allocate_id: single sambaUnixIdPool object not found Jun 10 02:31:05 wwweng1 winbindd[4233]: [2004/06/10 02:31:05, 0] sam/idmap_ldap.c:ldap_allocate_id(413) Jun 10 02:31:05 wwweng1 winbindd[4233]: [2004/06/10 02:31:05, 0] sam/idmap_ldap.c:ldap_get_id_from_sid(621) Jun 10 02:31:05 wwweng1 winbindd[4233]: ldap_allocate_id: cannot acquire id lock! and the getent returns nothing from winbind. You need to add a sambaUnixIdPool object inside of your IdMap ou. This will give samba it's starting UID number and some other things. Just make sure you have all of the required attributes filled out in that object and then samba(winbind) will start adding subobjects of it automatically when new users connect the first time. When I remove the ldap entries from smb.conf, the getnet command works fine. (so winbind is working) As for DSA, I am not sure what you mean. I am doing nothing fancy like SSL or the like. Thanks, JMS P.S. My SLDAP.CONF: # Define global ACLs to disable default read access. # Do not enable referrals until AFTER you have a working directory # service AND an understanding of referrals. #referral ldap://root.openldap.org #pidfile//var/run/slapd.pid #argsfile //var/run/slapd.args # Create a replication log in /var/lib/ldap for use by slurpd. #replogfile /var/lib/ldap/master-slapd.replog # Load dynamic backend modules: # modulepath/usr/sbin/openldap # moduleloadback_ldap.la # moduleloadback_ldbm.la # moduleloadback_passwd.la # moduleloadback_shell.la # # The next two lines allow use of TLS for connections using a dummy test # certificate, but you should generate a proper certificate by changing to # /usr/share/ssl/certs, running make slapd.pem, and fixing permissions on # slapd.pem so that the ldap user or group can read it. # TLSCertificateFile /usr/share/ssl/certs/slapd.pem # TLSCertificateKeyFile /usr/share/ssl/certs/slapd.pem # # Sample Access Control # Allow read access of root DSE # Allow self write access # Allow authenticated users read access # Allow anonymous users to authenticate # #access to dn= by * read #access to * # by self write # by users read # by anonymous auth # # if no access controls are present, the default is: # Allow read by all # # rootdn can always write! ### # ldbm database definitions ### databaseldbm suffix dc=softeng,dc=com rootdn cn=Manager,dc=softeng,dc=com rootpw {SSHA}l3niIBoW8kJe1gEzqK5VW426vNh+PW69 directory /var/lib/ldap # Indices to maintain index objectClass,uid,uidNumber,gidNumber,memberUid eq index cn,mail,surname,givenname eq,subinitial # Replicas to which we should propagate changes #replica host=ldap-1.example.com:389 tls=yes # bindmethod=sasl saslmech=GSSAPI # authcId=host/[EMAIL PROTECTED] -- Paul Gienger Office:701-281-1884 Applied Engineering Inc. Cell: 701-306-6254 Information Systems Consultant Fax: 701-281-1322 URL: www.ae-solutions.commailto:[EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] smbtorture utility
Forgive my ignorance, but I keep reading about this smbtorture utility and I can't find it anywhere! It doesn't *seem* to come with Samba. Where can I find this binary? Thanks! Matthew -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] smbtorture utility
On Thu, Jun 10, 2004 at 02:13:32PM -0400, [EMAIL PROTECTED] wrote: Forgive my ignorance, but I keep reading about this smbtorture utility and I can't find it anywhere! It doesn't *seem* to come with Samba. Where can I find this binary? Thanks! The source code comes with Samba but it must be built separately as it is purely a developer tool. ./configure make bin/smbtorture will make it. Jeremy. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] smbtorture utility
On Thu, 2004-06-10 at 14:19, Jeremy Allison wrote: On Thu, Jun 10, 2004 at 02:13:32PM -0400, [EMAIL PROTECTED] wrote: Forgive my ignorance, but I keep reading about this smbtorture utility and I can't find it anywhere! It doesn't *seem* to come with Samba. Where can I find this binary? Thanks! The source code comes with Samba but it must be built separately as it is purely a developer tool. ./configure make bin/smbtorture will make it. O! All this time I thought it was referring to Windows and its myriad of incarnations. Oh, please forgive my ignorance. -- [EMAIL PROTECTED] REMEMBER ED CURRY! http://www.iwethey.org/ed_curry Novell's Directory Services is a competitive product to Microsoft's Active Directory in much the same way that the Saturn V is a competitive product to those dinky little model rockets that kids light off down at the playfield. -- Thane Walkup signature.asc Description: This is a digitally signed message part -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] What is the password for ADMIN$ ? Can we disable it?
Hi, I am using Samba 2.2.8a as a file and print server. When I execute smbclient with my server as parameter, I see all my shares and I also see IPC$ and ADMIN$. I am trying to find out 1. If I try to connect to \\MySambaServer\ADMIN$ from a windows machine, as username/password dialog pops up. What is password for this? 2. Is there a way to disable the ADMIN$ share via smb.conf ? What are the possible side-effects? Any help will be appreciated. Thanks and regards, Rohit Wadhwa. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Samba (speed) over WAN Link
Guys, Maybe this is not a samba question? is there any way to get smb packets to speed up over a WAN link. There's a 1MB link from US to a server in Asia. Currently using FTP/HTTP conn will get like ~40-50KB/s transfer rate. However, using Samba, it's really very slow. Thanks for any response -- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Can't print multiple copies from XP to Samba 2.2.8a on Linux, hp 932c
Hello Jeremy, Thanks for your response. Hooking the printer locally to the XP computer and removing the checkbox Enable Advanced Printer Features checkbox does print multiple copies when multiple copies are entered in the print dialog from MS Word. Printing over the network to the samba box always ignores the number of copies setting regardless of the Enable Advanced Printer Features checkbox value. I tried checking and unchecking the checkbox in both situations without any change in behavior. On a whim, I tried the printing to a windows 2000 server sharing an HP 845c with the exact same outcome. It appears that when the printer is used locally on a machine, the number of copies prints correctly. But when printing over the network, only a single copy is ever printed from Microsoft applications (quickbooks works as expected). This indicates that it must be a problem with the HP printer driver provided w/ windows. I tried downloading and installing the HP drivers on the client and that simply caused the properties dialog to crash every time I brought it up. Any other ideas? -Chris On Wednesday 09 June 2004 4:10 pm, Gerald (Jerry) Carter wrote: Chris Kratz wrote: | When we hook the printer directly to a xp machine, printing | multiple copies does work, but printing over the network to | samba will only ever print a single copy no matter what. Make sure that you've initialized the printer data for that queue on the Samba box. Also make sure that you can print multiple copies after to a a local version of the printer even after unselecteding the Enmable Advanced Printer Features checkbox in the advanced tab of the printer properties window. It could be that this feature only works with EMF jobs and not standard RAW/PCL/PS. Just a guess. cheers, jerry -- Chris Kratz Systems Analyst/Programmer VistaShare LLC www.vistashare.com -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Re: Windows 2003 accessing samba
I have a working Samba install now by ramming the Red Hat 7.3 samba RPM for 2.2.9 into the Gentoo system (source for 2.2.9 failed to make correctly). I am still curious as to why I couldn't get 3.0.2 to work from Win2K or Win2K3. Is this a configuration mistake, a windows bug or a Samba bug? If someone could point me in the right direction I really would like to use Samba 3. Thanks David Kennel wrote: I am having a similar problem with Windows 2000 and 2003 machines. I have multiple Samba servers. Those based on RH or Mandrake with samba 2.2 work fine with 2K and 2K3. A new gentoo box with 3.0.2 does not. NT4 machines can connect fine but 2K and 2K3 cannot. 2000 gives the following errors: Using NET VIEW - System error 64 has occurred. The specified network name is no longer available. Using Map Network Drive - The mapped network drive could not be created because the following error has occurred: The specified network name is no longer available. When attempts to connect are made the following entry is made in the system log: Source: MRxSmb Event ID: 3036 The redirector detected a security signature mismatch. The connection has been disconnected. Anybody have any ideas as to what is happening here? I spent some quality time with Google and couldn't turn up anything useful. Thanks Dave K. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Winbind problem
I have server with Fedora Core 1, samba 3 and kernel with support ACL. I am using a NT4 as PDC. My problem is after opening three telnet sessions, this nexts is very slow. This is my smb.conf: # # Generated by /usr/local/samba/md_smb.conf.pl # [global] passwdprogram = /usr/bin/passwd %u nameresolveorder = host lmhosts wins bcast addsharecommand = /usr/local/samba/md_smb.conf.pl ntaclsupport = Yes netbiosname = pinheiros deletesharecommand = /usr/local/samba/md_smb.conf.pl usernamemap = /etc/samba/smbusers maxlogsize = 50 idmapuid = 1-2 deleteprintercommand = delprinter addmachinescript = /usr/sbin/useradd -d /dev/null -g 100 -s /bi n/false -M %u addprintercommand = addprinter read only = No winbindcachetime = 10 logfile = /var/log/samba/log.%m templatehomedir = /home/%U #socketoptions = TCP_NODELAY SO_RCVBUF printing = cups inheritacls = Yes updateencrypted = Yes workgroup = ECP authmethods = winbind security = DOMAIN profileacls = Yes idmapgid = 1-2 ldapssl = no #winbindusedefaultdomain = Yes winbind enum users = yes winbind enum groups = yes mapaclinherit = Yes dnsproxy = No usernamelevel = 8 passwordlevel = 8 guestaccount = pcguest localmaster = No passwdchat = *New*UNIX*password* %nn *ReType*new*UNIX*pa ssword* %nn *passwd:*all*authentication*tokens*updated*successfully* changesharecommand = /usr/local/samba/md_smb.conf.pl templateshell = /bin/sh aclcompatibility = winnt winbindseparator = + serverstring = Samba Server log level = 5 wins server = 192.168.1.237 ## Section - [printers] [printers] comment = Printers browseable = No printable = Yes path = /var/spool/samba ## Section - [C] [C] read only = No writable = Yes comment = Raiz do Server Linux ECP20 path = / ## In the nsswitch.conf passwd: files winbind shadow: files group: files winbind # And the /etc/pam.d/login #%PAM-1.0 auth required pam_securetty.so auth sufficient pam_winbind.so auth sufficient pam_unix.so use_first_pass auth required pam_stack.so service=system-auth auth required pam_nologin.so account sufficient pam_winbind.so account required pam_stack.so service=system-auth password required pam_stack.so service=system-auth session required pam_stack.so service=system-auth session optional pam_console.so ## Thanks This mail was sent by Results - Webmail 2.5 -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Re: Login Failure
Hi, After more googling, I found that many users seem to experience the same problem when upgrading from Samba 2.2.x to 3.0.x. But there isn't a solution yet. In Samba 2.2.8a, I have no problem of logging to the box using local root password. I managed to tricked box by creating a root user with same password on my NT domain. But it only works if I don't reboot my server. May I ask is someone looking into this? Regards, Norman Norman Zhang wrote: I've tried googling and reinstalling Samba 3.0.2a-3mdk but the problem still remains. I can't login in to swat with root account. In /var/log/samba/log.swat I see [2004/06/07 10:57:54, 0] param/loadparm.c:map_parameter(2410) Unknown paramater encountered: character set [2004/06/07 10:57:54, 0] param/loadparm.c:lp_do_parameter(3048) Ignoring unknown parameter character set [2004/06/07 10:57:54, 0] auth/pampass.c:smb_pam_passcheck(810) smb_pam_passcheck: PAM: smb_pam_auth failed - Rejecting User root! /var/log/samba/log.winbind [2004/06/07 11:10:24, 1] nsswitch/winbindd_group.c:winbindd_getgroups(954) user 'root' does not exist /etc/samba/smb.conf [global] workgroup = MYDOMAIN netbios name = PROXY server string = Samba Server %V security = domain encrypt passwords = Yes password server = BAKSERVER log file = /var/log/samba/log.%m max log size = 50 socket options = TCP_NODELAY SO_RECBUF=8192 SO_SNDBUF=8192 character set = ISO8859-15 os level = 18 local master = No domain master = No preferred master = No dns proxy = No winbind uid = 1-2 winbind gid = 1-2 winbind separator = + template homedir = /home/%D/%U template shell = /bin/bash winbind use default domain = yes /etc/nsswitch.conf passwd: files nisplus nis winbind shadow: files nisplus nis winbind group: files nisplus nis winbind Is this a bug with 3.0.2a? May I ask how can I workaround this? Regards, Norman Norman Zhang wrote: I've setup my Mandrake 10.0 box to use winbind authentication. However, I noticed that root with local files password login fails at first try after reboot. Also there's no way I can authenticate using root when screen is locked. My nsswitch.conf looks like passwd files nis nisplus winbind Won't this first they local files then winbind? -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Fixed it myself... (ldap/winbind)
After much searching, research, compiling, and some guess work, I found my problem was wrapped around one simple fact. I didn't have the samba.schema included. I now have some suggestions: 1. If you are going to force people to use something complex, DOCUMENT it. Assume there are people like me who have no understanding of ldap. Even some automatic script should be written for people who need LDAP for distribution but plan to use LDAP for absolutely NOTHING else. 2. Then make a simple shared daemon called unixmapd or something that works like WINS. Everyone can attach to one simple server and see the maps... Whoever gets a resolve first, adds the new entry. So if ENG\joe logs into server bozo and bozo sees there isn't a map in the unixmapd, then it contributes it. It's that simple! Just my thoughts, JMS -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Fixed it myself... (ldap/winbind)
Josh Skains wrote: 1. If you are going to force people to use something complex, DOCUMENT it. Assume there are people like me who have no understanding of ldap. Even some automatic script should be written for people who need LDAP for distribution but plan to use LDAP for absolutely NOTHING else. This part has been discussed before, and there are a whole lot of LDAP servers and versions that all do things differently. Even though most people 'round here use openldap there are many Sun (I should know their server name), and other ldap servers in use, I'd be surprised if there aren't even a couple people here that put their idmap in their active directory's LDAP server. I think that at least the 'include the schema file' part was in the documentation where you found the samba.schema file, but I could be wrong. I'm away from my machines and documentation today :-/ -- Paul Gienger Office:701-281-1884 Applied Engineering Inc. Cell: 701-306-6254 Information Systems Consultant Fax: 701-281-1322 URL: www.ae-solutions.commailto:[EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Net Command
Howdy: Does any have any experience changing a user password on a Active Directory domain with the Samba 3 net command? Here is my workstation setup: - Red Hat Linux Enterprise AS 2.0 - Samba Version 3.0.2a I am trying to script the event, but I keep getting a password prompt. I have been having problems expecting around the prompt too. hmmm. /usr/local/samba/bin/net -w mydomain -I ads.mydomain.com --user=test PASSWORD test football soccer01 Thank you, -dkw -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Samba 3.0.5 pre1 cannot ad windows xp machine to domain
There is a registry file included in the Samba distribution that disables the local policy entry requiring server side sealing of the join process. I believe Samba does not support this process yet so the only way to go is disable it through policy. The file is named something like WinXPSignOrSeal.reg. Merge it, reboot, and you should be good to go (provided your mechanisms for creating machine accounts are working correctly). Tom -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Glenn Arnold Sent: Thursday, 10 June 2004 12:58 p.m. To: [EMAIL PROTECTED] Subject: [Samba] Samba 3.0.5 pre1 cannot ad windows xp machine to domain Hi all, I can add my W2K machines to the Samba 3.0.5pre1 with no problems, but I can not add my XP machines. Existing XP machines work fine, but when I try to add new XP machine it does not work. Here is my smb.conf and pc from the log.smbd Thanks -Glenn [global] netbios name = HSFNP01 workgroup = MTHCS security = user os level = 64 domain master = yes local master = yes preferred master = yes time server = yes ;passdb backend = tdbsam passdb backend = tdbsam unix extensions = yes encrypt passwords = yes domain logons = yes logon script = logon.bat logon drive = H: logon home = \\%L\%U logon path = socket options = SO_KEEPALIVE IPTOS_LOWDELAY TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 wins support = no wins server = 10.100.0.10 veto files = /*.eml/*.nws/riched20.dll/ lanman auth = yes add user script = /usr/sbin/useradd -m %u delete user script = /usr/sbin/userdel -r %u add group script = /usr/sbin/groupadd %g delete group script = /usr/sbin/groupdel %g add user script = /usr/sbin/useradd -d /dev/null -g 502 -c 'Machine Account' -s /bin/false -M %u oplocks = yes load printers = yes printing = cups printer admin = Administrator, @ntadmin idmap uid = 15000-2 idmap gid = 15000-2 winbind separator = - winbind use default domain = No [netlogon] path = /smbsrvr/netlogon/scripts guest ok = yes write list = ntadmin [homes] comment = Home Directories browseable = no read only = no hide dot files = yes veto files = /*.mp3/*.exe/*.com/*.js/*.bat/*.cmd/*.wsh/*.lnk/*.scr/*.zip/.*/ dos file times = yes [C$] valid users = @root path = /smbsrvr read only = no create mask = 0770 directory mask = 0770 force group = +ntadmin force directory mode = 0770 dos file times = yes [Apps] read only = no path = /smbsrvr/Apps [Students] path = /smbsrvr/Students read only = no create mask = 0770 directory mask = 0770 force group = +HSSTUDENTS force create mode = 0770 force directory mode = 0770 dos filetimes = yes [AdminTools$] path = /smbsrvr/AdminTools read only = no create mask = 0770 directory mask = 0770 force group = Domain Administrators force create mode = 0770 force directory mode = 0770 dos filetimes = yes [printers] comment = All Printers path = /var/spool/samba printable = yes browseable = no guest ok = yes [print$] comment = Printer Drivers path = /var/lib/samba/drivers browseable = yes guest ok = no read only = yes write list = root, @ntadmin [%G] path = /home/groups/%G/ read only = no force group = %G [home$] writeable = yes write list = +ntadmin,@MTHS-Domain Admins,@ntadmin,@root path = /home force directory mode = 0770 force group = +ntadmin dos file times = yes create mask = 0770 directory mask = 0770 valid users = +ntadmins,+root,@MTHS-Domain Admins,@ntadmin,@root [ezaudit] path = /smbsrvr/ezaudit read only = no browseable = yes available = yes write list = +HSBUILDING,+HSSTAFF,+HSSTUDENTS admin users = +ntadmin,+wheel [HSGUIDANCE] path = /smbsrvr/Guidance writelist = +HSGUIDANCE read only = no create mask = 0770 directory mask = 0770 force group = +HSGUIDANCE force create mode = 0770 force directory mode = 0770 dos filetimes = yes [HS PRINCIPAL] path = /smbsrvr/hsprincipal writelist = +HSPRINCIPAL read only = no create mask = 0770 directory mask = 0770 force group = +HSPRINCIPAL force create mode = 0770 force directory mode = 0770 dos filetimes = yes [CIP] path = /smbsrvr/CIP writelist = +HSSTAFF read only = no create mask = 0770 directory mask = 0770 force group = +HSSTAFF force create mode = 0770 force directory mode = 0770 dos filetimes = yes [POISE ISSUES] path = /smbsrvr/Poise Issues writelist = +BUILDING SECRETARIES read only = no create mask = 0770 directory mask = 0770 force group = +BUILDING SECRETARIES force create mode = 0770 force directory mode = 0770 dos filetimes = yes [HSDISCIPLINE] path = /smbsrvr/Discipline writelist = +BUILDING SECRETARIES read only = no create mask = 0770 directory mask = 0770 force group = +BUILDING SECRETARIES force create mode = 0770 force directory mode = 0770 dos filetimes = yes [YEARBOOK] path = /smbsrvr/yearbook writelist = +HSYEARBOOK read only = no create mask = 0770 directory mask = 0770 force group = +HSYEARBOOK force create mode = 0770 force directory mode = 0770 dos filetimes = yes [INSTALL] comment =
Re: [Samba] Fixed it myself... (ldap/winbind)
On Thu, 2004-06-10 at 13:11, Josh Skains wrote: After much searching, research, compiling, and some guess work, I found my problem was wrapped around one simple fact. I didn't have the samba.schema included. I now have some suggestions: 1. If you are going to force people to use something complex, DOCUMENT it. Assume there are people like me who have no understanding of ldap. Even some automatic script should be written for people who need LDAP for distribution but plan to use LDAP for absolutely NOTHING else. 2. Then make a simple shared daemon called unixmapd or something that works like WINS. Everyone can attach to one simple server and see the maps... Whoever gets a resolve first, adds the new entry. So if ENG\joe logs into server bozo and bozo sees there isn't a map in the unixmapd, then it contributes it. It's that simple! Just my thoughts, Your thoughts - rely upon an assumption that is clearly false...that ldap is usable without understanding it, that understanding it is digestible in some easy form and that documentation doesn't exist. I have posted this a few times the past 6 months but new users seem to pop up without fully digesting the archives. - LDAP is a learning curve all to it's own. It may be harder to learn than any other that you have learned, certainly the concepts can be more difficult to grasp than things like BIND, sendmail, apache. - LDAP has no pat setup. There are a lot of LDAP providers (openldap, sun, novell, etc.) and there are a number of different versions being circulated, even by the same providers. - It makes little sense to use LDAP for Samba and not local system user accounts, and why would you think that you can use LDAP for local account security without fully digesting the implications and the technology? - Once you understand LDAP, and can add, delete, search from the command line, integrating it with samba is easy. If you don't understand LDAP, integrating it with mail, ftp, ssh etc. is just another hurdle, just like samba. As for the documentation...John has written 2 excellent books, both available at the book store and accessible in the documentation link on the samba web site...Samba 3 HOW-TO and Samba 3 by Example Craig -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Samba 3.0.5 pre1 cannot ad windows xp machine to domain
On Thu, 2004-06-10 at 13:54, Tom Hibbert wrote: There is a registry file included in the Samba distribution that disables the local policy entry requiring server side sealing of the join process. I believe Samba does not support this process yet so the only way to go is disable it through policy. The file is named something like WinXPSignOrSeal.reg. Merge it, reboot, and you should be good to go (provided your mechanisms for creating machine accounts are working correctly). I don't believe the local policy of WinXPSignOrSeal is of interest to Samba 3.x, but only to 2.2.x Craig -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Fixed it myself... (ldap/winbind)
You said: -- Your thoughts - rely upon an assumption that is clearly false...that ldap is usable without understanding it, that understanding it is digestible in some easy form and that documentation doesn't exist. -- I say: -- First off, you are saying a lot that is clearly false. LDAP can be used blindly in this case. All I needed is a way to avoid having winbind on system A from assigning UIDs on system B that is different. If the UIDs are not identical on all member unix servers, it screws up permissions on issues like NFS, which still has applications in my world. I can toss water in a bucket without knowing how to chemically create the plastic. -- You say: -- I have posted this a few times the past 6 months but new users seem to pop up without fully digesting the archives. -- I say: -- Sorry, but some of us have bosses and timeframes. Taking bits and peices of different cases, documents, and posts and trying to make them all fit isn't easy. I finally did it, and now it works fine. I also understand what I did and see that it isn't hard once you understand it, it's just a matter of connecting the dots. I have areas that you most likely aren't as good at.. You have areas that I most likely am not good at. If you came to me and asked me about one of my areas, I certainly won't be stomping around screaming the traditional RTFM. -- You say: -- - LDAP is a learning curve all to it's own. It may be harder to learn than any other that you have learned, certainly the concepts can be more difficult to grasp than things like BIND, sendmail, apache. -- I say: -- Oh please. It isn't THAT complex, once you start to grasp it. Sure, I can see it getting more and more complex in larger applications, but sheesh, we are talking such a simple application here. My problem was just putting the different peices together. -- You say: -- - LDAP has no pat setup. There are a lot of LDAP providers (openldap, sun, novell, etc.) and there are a number of different versions being circulated, even by the same providers. -- I say: -- When someone comes in like me who doesn't have a need for LDAP in ANY OTHER application, then it does have a pat setup. You can say our automated package only supports OpenLDAP. If you need LDAP for bigger things or want to use a different server, it is suggested you understand LDAP first and do the install manually. -- You say: -- - It makes little sense to use LDAP for Samba and not local system user accounts, and why would you think that you can use LDAP for local account security without fully digesting the implications and the technology? -- I say: -- I don't need local accounts. I am using winbind. Did you even read my posts, or were you just too busy looking for someone to put down cause you are in a bad mood? -- Whatever... Anyways JMS -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Domain problem with NT4 Samba 3.0.2a
Jon, I'm using the Security = SERVER due to the fact that the machines that will be used aren't in the domain. I'm not using the smbpasswd file. I have not joined the domain but on the two other servers I've setup I haven't had to. I'll try it and let you know. As to the authenticating, how can I tell if it's using smbpasswd? spike Jonathan Johnson wrote: The first thing that jumps out at me is the line beginning with Domain=[WORKGROUP] in the results of 'smbclient -L moon. It appears to me that in looking for the browse list, your user may be attempting to authenticate against the local smbpasswd database instead of authenticating against the PDC or BDC. A bug, a feature, or a misunderstanding? I don't know. Have you joined this server to the domain? You'll want to read this section of the Samba 3 HOWTO if you haven't already: http://us2.samba.org/samba/docs/man/howto/domain-member.html#domain-member-server This section says to use Security = DOMAIN instead of Security = SERVER, and explains why. Looking at your smb.conf, it looks like you're on the right track. I'd recommend investigating winbind to create users on the fly when auth'd against the domain controller. As samba still requires a local user database, winbind and appropriate scripts will automatically maintain this local user database for you. And, of course, there's always the recommendation to go with Samba 3.0.4 (or 3.0.5 if it's out soon). --Jon Johnson Sutinen Consulting, Inc. [EMAIL PROTECTED] On Thu, 10 Jun 2004, Spike Burkhardt wrote: All, I really need some help. I'm putting samba up on a new windows domain called SIERRA. I'm using Samba 3.0.2a on Solaris 8. I'm barely knowledgeable on Windows NetBIOS... but am good with Solaris. The status is that I've got the daemons running and working normally. I have 1 desktop with 1 PDC 1 BDC in the SIERRA domain. On the desktop, I can see both DC's but not the samba server. As a non-priviledged account, when I issue a smbclient -L moon I get the following output: moon:/home/burkharr smbclient -L moon Password: Anonymous login successful Domain=[SIERRA] OS=[Unix] Server=[Samba 3.0.2a] Sharename Type Comment - --- rcbtest Disk Spike's testing IPC$ IPC IPC Service (Samba 3.0.2a) ADMIN$IPC IPC Service (Samba 3.0.2a) Domain=[WORKGROUP] OS=[SunOS 5.8 sun4u] Server=[LAN Manager 2.1] tree connect failed: ERRSRV - ERRbadpw (Bad password - name/password pair in a Tree Connect or Session Setup are invalid.) NetBIOS over TCP disabled -- no workgroup available When I issue the same command substituting localhost for moon I get the following output: moon:/home/burkharr smbclient -L localhost Password: Anonymous login successful Domain=[SIERRA] OS=[Unix] Server=[Samba 3.0.2a] Sharename Type Comment - --- rcbtestDisk Spike's testing IPC$ IPC IPC Service (Samba 3.0.2a) ADMIN$IPC IPC Service (Samba 3.0.2a) Anonymous login successful Domain=[SIERRA] OS=[Unix] Server=[Samba 3.0.2a] Server Comment ---- EPN32-237 MOON Samba 3.0.2a ROHAN SHADOWFAX WorkgroupMaster ---- SIERRAMOON Notice that I don't get any NetBIOS errors which makes sense because I'm not going out on the network. Here's my smb.conf file: moon:/home/burkharr more /apps/samba/lib/smb.conf # Global parameters [global] workgroup = SIERRA netbios name = moon security = SERVER encrypt passwords = Yes password server = rohan shadowfax wins server = 172.22.2.251 password level = 8 #admin log = Yes log level = 1 log file = /var/samba/log/log.%m create mask = 775 [rcbtest] comment = Spike's testing path = /dbd00/spike valid users = @webadmin force group = webadmin create mask = 740 writeable = Yes Any thoughts? Thanks for your help. spike -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Need help configuring Samba3/LDAP PDC
Have you checked the logging on OpenLDAP? I'd set the loglevel to 488 and look at the queries samba is doing. If you have root = administrator admin in your smbusers file then samba will look for an ldap entry with uid=root. grep the ldap log file for that and comment out that line in smbusers if that seems to be the case. Rich Hello Rich (and others), thanks for responding. I turned up the loglevel, fixed some configuration errors in smb.conf, and commented the root= entry in smbusers. You were right, Administrator was being mapped to 'root'. Now I can authenticate LDAP users in Samba, e.g. 'smbclient -L localhost -U Administrator' works properly. Unfortunately I still cannot join the PDC machine to the domain and I think I know why. When I run 'net rpc join -U Administrator' the machine account gets created but it is a posixAccount instead of a sambaSamAccount. In other words it is a normal unix user account that is missing all of the samba-related fields. Samba is calling the IDEALX smbldap-useradd.pl script to create the account but obviously I've got an error somewhere... the user accounts it creates are not samba-capable. Does anyone know how to fix this? Did I miss something in smbldap_conf.pm? On a related note, I've imported lots of NIS data into this LDAP directory, so I have lots of valid Unix accounts. These are working properly on LDAP-enabled linux machines, but how do I 'convert' them for use with Samba? Ideally I would like to have one record for each user that contains all of the samba data as well as the unix data. Is there an easy way to add the appropriate samba fields to 'normal' posixAccounts? Is there a FAQ that covers the procedure? Any help would be welcome. thanks in advance, aaron -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Help With Winbind Please
Setting up a temporary Samba Member Server as part of a domain with real NT4 PDC and BDC machines. In two months the NT domain will go away to be replaced by Samba/LDAP PDC and BDCs, but for now I'm stuck using Winbind. Actually, I'm just stuck! The Samba box is running SuSE 9.0 and Samba 3.0.4-5 installed from the SerNet rpms (ftp.sernet.de). I followed chapter 9.3.2 in Samba-3 By Example, changing only the network-specific values in the example smb.conf file, and also leaving out the winbind separator value to get the default '\' separator. So, no need to waste bandwidth posting smb.conf here since we all own John's fine book already. :-) Everything works fine from the Samba machine, but trying to browse from a Windows machine doesn't work properly. From a Windows machine I can do Start Run \\shiraz and get a window with all of the shares listed. But when I double-click on a share's icon, I get repeatedly challenged for a username and password. The permissions on the directories underlying the shares on the Samba box allow anyone to read and write to them. So, I have a feeling something is not quite right with Winbind. Is there a way I can reset the configuration and start from scratch? Just in case I did indeed mess something up? Thanks! Mark -- _ A Message From... L. Mark Stone Reliable Networks of Maine, LLC 477 Congress Street, 5th Floor Portland, ME 04101 Tel: (207) 772-5678 Web: http://www.RNoME.com -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] NT Domain login problem
I have set up an NT domain using samba 3.0.4 on Slackware 9.1 with Win XP clients. Security = user, samba is PDC and WINS server. I'm new to samba and working most things out as I go, but have one persistent problem: Some clients frequently refuse to log in to the domain, a situation that can only be remedied by, for example, logging in as local administrator on the XP machine, then logging back out and trying to log in to the domain again (usually successful the second time round). Is there some setting or configuration step I might have missed? Thanks Mick -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Newbie group mapping question
I'm wondering if, in a context where samba 3.0.4 is PDC for an NT domain with XP clients, it is necessary or at least normal practice to map most/all NT groups (eg Domain Admins, Domain Users) to unix groups? Also, I notice when I do 'net groupmap list' that there are not only Domain Admins, Domain Users and Domain Guests, but also plain Admins, Users and Guests. What is the significance of these two sets of groups (the Domain groups and the 'plain' groups), should I map to one or the other or both? Sorry, my knowledge of Windows is even less than my knowledge of Samba at this point in time. Thanks Mick -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Fixed it myself... (ldap/winbind)
On Thu, 2004-06-10 at 14:21, Josh Skains wrote: You said: -- Your thoughts - rely upon an assumption that is clearly false...that ldap is usable without understanding it, that understanding it is digestible in some easy form and that documentation doesn't exist. -- I say: -- First off, you are saying a lot that is clearly false. LDAP can be used blindly in this case. All I needed is a way to avoid having winbind on system A from assigning UIDs on system B that is different. If the UIDs are not identical on all member unix servers, it screws up permissions on issues like NFS, which still has applications in my world. That is the point of LDAP - you set it up to maintain your unix accounts and the member machines use it for authentication. Therefore, 1 user, 1 account on all machines that use LDAP for authentication. The alternative to LDAP for this is NIS and that is not convergent with samba. If you use winbind to assign uid's, they WILL be different on each machine using winbind. Welcome to the jungle. I'm glad for you that LDAP can be used blindly in this case. I was hoping that you are gonna show us how, real soon now. I say: -- Sorry, but some of us have bosses and timeframes. Tell the boss that this is complicated stuff, that you need to learn it to get it right. Please don't hammer us with your time frames. You say: -- - It makes little sense to use LDAP for Samba and not local system user accounts, and why would you think that you can use LDAP for local account security without fully digesting the implications and the technology? -- I say: -- I don't need local accounts. I am using winbind. Did you even read my posts, or were you just too busy looking for someone to put down cause you are in a bad mood? Yes, I read your posts and scratched my head because of your naivety. But the arrogance of your suggestions wasn't something I couldn't let pass. If you are using winbind to get local account services for unix users, why are you not using it (server = [domain|ads] ) for smb users? I cannot envision a scenario where your plan makes sense. Yes, I read your posts and thought that they were presumptuous that they asked for LDAP help and this is a samba message base. Clue...there are many LDAP lists that provide support of LDAP. You say, the only reason you want to use LDAP is to interact with samba and therefore, samba should make LDAP easy. Of course, the samba list members should help you with your lack of understanding of LDAP too. Good luck Craig -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Newbie group mapping question
On Thu, 2004-06-10 at 17:25, Ninti Systems wrote: I'm wondering if, in a context where samba 3.0.4 is PDC for an NT domain with XP clients, it is necessary or at least normal practice to map most/all NT groups (eg Domain Admins, Domain Users) to unix groups? Also, I notice when I do 'net groupmap list' that there are not only Domain Admins, Domain Users and Domain Guests, but also plain Admins, Users and Guests. What is the significance of these two sets of groups (the Domain groups and the 'plain' groups), should I map to one or the other or both? Sorry, my knowledge of Windows is even less than my knowledge of Samba at this point in time. There is coverage of groups in the very excellent samba 3 how-to - see the documentation page at the samba web site http://www.samba.org Rather than cover it inadequately, you would be better served by reading the information there. It seems that you already have mapped groups. 'Plain' groups are local accounts - not of much importance to a Samba machine. Craig -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Still having touble with Redhat 7.1 and windows 2003 DC authentication
Hello Gav, I'm a security student looking to find out how to invade a windows 2003 server using SMB for my final. Are there any suggestions and/or configs you can provide to help me pass this thing? I have looked everywhere and have nothing. Thanks! Mel106 -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] smbldap - backup
On Wed, 9 Jun 2004 13:54 , System User [EMAIL PROTECTED] sent: Hi, I'm wondering what is the best option to backup the ldap backend of my samba server without having to bring ldap offline? Until now, I didn't find a lot of documentation about best practices on this subject. Does anybody here have a suggestion? someone else pointed this out - replication. It works great, and gives you a real time snapshot. Thank you. Etienne-Hugues Fortin -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba --- Chris McKeever If you want to reply directly to me, please use cgmckeever--at--prupref---dot---com A href=http://www.prupref.com;www.prupref.com/A Prudential Preferred Properties A href=http://www.prupref.com;Chicago and Illinois NorthShore Real Estate Experts/A Prudential Preferred Properties www.prupref.com Success Driven By Results Results Driven By Commitment Commitment Driven By Integrity We Are Prudential Preferred Properties -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] password expiry message -
I have seen many archives about this, but nothing of solid answer for the fix - maybe I havent dug far enough. I am running 2.2.8a with an LDAP backend. I am pretty sure I have it so passwords wont expire, but after changing mine today I am prompted at a WIN2K login that it is about to expire... any idea? shadowLastChange: 11761 shadowMin: -1 shadowMax: 9 shadowWarning: -1 shadowInactive: -1 shadowExpire: -1 shadowFlag: 7100670 pwdLastSet: 1086920093 logonTime: 0 logoffTime: 0 kickoffTime: 0 pwdCanChange: 0 pwdMustChange: 0 --- Chris McKeever If you want to reply directly to me, please use cgmckeever--at--prupref---dot---com A href=http://www.prupref.com;www.prupref.com/A Prudential Preferred Properties A href=http://www.prupref.com;Chicago and Illinois NorthShore Real Estate Experts/A Prudential Preferred Properties www.prupref.com Success Driven By Results Results Driven By Commitment Commitment Driven By Integrity We Are Prudential Preferred Properties -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Re: PLEASE TEST NFS quota module
Hi, -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba 3.0 and winpopup?
Hi Ken, Am 9 Jun 2004 um 10:05 hat Ken D'Ambrosio geschrieben: Hello, all. I want to send a message to Windwos clients, a la smbclient -M, from my Samba 3.x box. Is this possible? I seem to recall (and apt-get seems to agree) that smbclient has been deprecated; On a box with 2.2.8a I used 2 variants: 1. echo message | smbclient -M recipient_machine -U name_of_your_choice /dev/null 2. I created a file 'msg' and sent it with cat /path/msg | smbclient -M recipient_machine -U name_of_your_choice /dev/null didn't try it on Samba2, but I think it will work there, too. Uwe -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
svn commit: samba r1099 - branches/SAMBA_4_0/source/build/pidl
Author: tpot Date: 2004-06-10 06:56:36 + (Thu, 10 Jun 2004) New Revision: 1099 Modified: branches/SAMBA_4_0/source/build/pidl/eparser.pm Log: Set $module variable to name of module. Only generate code for module registration if we could find a UUID. Tweaks to get [relative] compiling. WebSVN: http://websvn.samba.org/websvn/changeset.php?rep=sambapath=/rev=1099nolog=1
svn commit: samba r1100 - branches/SAMBA_4_0/source/build/pidl
Author: tpot Date: 2004-06-10 07:04:02 + (Thu, 10 Jun 2004) New Revision: 1100 Modified: branches/SAMBA_4_0/source/build/pidl/packet-dcerpc-eparser.c branches/SAMBA_4_0/source/build/pidl/packet-dcerpc-eparser.h Log: Comment out functions that we now get from other sources (misc.idl and lsarpc.idl). Add stub for ndr_pull_relative() function. WebSVN: http://websvn.samba.org/websvn/changeset.php?rep=sambapath=/rev=1100nolog=1
svn commit: samba r1101 - branches/SAMBA_3_0/source/rpcclient
Author: vlendec Date: 2004-06-10 13:07:44 + (Thu, 10 Jun 2004) New Revision: 1101 Modified: branches/SAMBA_3_0/source/rpcclient/cmd_spoolss.c Log: Implement 'rpcclient setprintername'. Thanks to Guenther Deschner [EMAIL PROTECTED]. This needs to be generalized somewhat. Jerry, which of the parameters in the printer_info_2 struct are settable via cli_spoolss_setprinter? Volker WebSVN: http://websvn.samba.org/websvn/changeset.php?rep=sambapath=/rev=1101nolog=1
svn commit: samba r1102 - trunk/source/rpcclient
Author: vlendec Date: 2004-06-10 13:08:32 + (Thu, 10 Jun 2004) New Revision: 1102 Modified: trunk/source/rpcclient/cmd_spoolss.c Log: Implement 'rpcclient setprintername'. Thanks to Guenther Deschner [EMAIL PROTECTED]. This needs to be generalized somewhat. Jerry, which of the parameters in the printer_info_2 struct are settable via cli_spoolss_setprinter? Volker WebSVN: http://websvn.samba.org/websvn/changeset.php?rep=sambapath=/rev=1102nolog=1
svn commit: samba r1103 - branches/SAMBA_3_0/source/utils
Author: herb Date: 2004-06-10 14:23:34 + (Thu, 10 Jun 2004) New Revision: 1103 Modified: branches/SAMBA_3_0/source/utils/smbcacls.c Log: need to leave empty dacl so we can remove last ACE WebSVN: http://websvn.samba.org/websvn/changeset.php?rep=sambapath=/rev=1103nolog=1
svn commit: samba-docs r121 - trunk/howto
Author: jelmer Date: 2004-06-10 15:16:42 + (Thu, 10 Jun 2004) New Revision: 121 Modified: trunk/howto/Portability.xml Log: Solaris patch 113476 has been replaced by 112960-14 (bug #1453) WebSVN: http://websvn.samba.org/websvn/changeset.php?rep=samba-docspath=/rev=121nolog=1
svn commit: samba-docs r122 - trunk
Author: jelmer Date: 2004-06-10 15:23:17 + (Thu, 10 Jun 2004) New Revision: 122 Added: trunk/README Removed: trunk/docbook.txt Log: Rename docbook.txt to README to give it some more attention. WebSVN: http://websvn.samba.org/websvn/changeset.php?rep=samba-docspath=/rev=122nolog=1
svn commit: samba-docs r123 - branches/SAMBA_4
Author: jelmer Date: 2004-06-10 15:23:41 + (Thu, 10 Jun 2004) New Revision: 123 Added: branches/SAMBA_4/README Removed: branches/SAMBA_4/docbook.txt Log: Rename docbook.txt to README to give it some more attention. WebSVN: http://websvn.samba.org/websvn/changeset.php?rep=samba-docspath=/rev=123nolog=1
svn commit: samba-docs r124 - trunk/howto
Author: jelmer Date: 2004-06-10 15:27:37 + (Thu, 10 Jun 2004) New Revision: 124 Modified: trunk/howto/Winbind.xml Log: Winbind is installed in sbin/winbindd, not bin/winbindd... (bug #1101) WebSVN: http://websvn.samba.org/websvn/changeset.php?rep=samba-docspath=/rev=124nolog=1
svn commit: samba r1104 - in branches/SAMBA_3_0/source: lib param
Author: vlendec Date: 2004-06-10 17:09:00 + (Thu, 10 Jun 2004) New Revision: 1104 Modified: branches/SAMBA_3_0/source/lib/util_sock.c branches/SAMBA_3_0/source/param/loadparm.c Log: get_called_name is used in the printing subsystem. In case of multi-homed servers we need to make sure that the clients are given back the IP address they connected to. Volker WebSVN: http://websvn.samba.org/websvn/changeset.php?rep=sambapath=/branches/SAMBA_3_0/sourcerev=1104nolog=1
svn commit: samba r1105 - in trunk/source: lib param
Author: vlendec Date: 2004-06-10 17:09:22 + (Thu, 10 Jun 2004) New Revision: 1105 Modified: trunk/source/lib/util_sock.c trunk/source/param/loadparm.c Log: get_called_name is used in the printing subsystem. In case of multi-homed servers we need to make sure that the clients are given back the IP address they connected to. Volker WebSVN: http://websvn.samba.org/websvn/changeset.php?rep=sambapath=/trunk/sourcerev=1105nolog=1
svn commit: samba r1106 - branches/SAMBA_3_0/source/lib
Author: vlendec Date: 2004-06-10 17:13:30 + (Thu, 10 Jun 2004) New Revision: 1106 Modified: branches/SAMBA_3_0/source/lib/afs_settoken.c Log: Lars Mueller [EMAIL PROTECTED] asked me to apply this patch, as this is needed for their build environment. The AFS stuff is linux 2.4 only currently, it works for me on this platform, so apply it. Volker WebSVN: http://websvn.samba.org/websvn/changeset.php?rep=sambapath=/rev=1106nolog=1
svn commit: samba r1107 - trunk/source/lib
Author: vlendec Date: 2004-06-10 17:13:54 + (Thu, 10 Jun 2004) New Revision: 1107 Modified: trunk/source/lib/afs_settoken.c Log: Lars Mueller [EMAIL PROTECTED] asked me to apply this patch, as this is needed for their build environment. The AFS stuff is linux 2.4 only currently, it works for me on this platform, so apply it. Volker WebSVN: http://websvn.samba.org/websvn/changeset.php?rep=sambapath=/rev=1107nolog=1
svn commit: samba r1108 - branches/SAMBA_3_0/source/passdb
Author: vlendec Date: 2004-06-10 17:42:16 + (Thu, 10 Jun 2004) New Revision: 1108 Modified: branches/SAMBA_3_0/source/passdb/login_cache.c branches/SAMBA_3_0/source/passdb/pdb_ldap.c Log: Index: pdb_ldap.c === --- pdb_ldap.c (revision 1095) +++ pdb_ldap.c (working copy) @@ -1134,6 +1134,19 @@ return NT_STATUS_OK; } +static void append_attr(char ***attr_list, const char *new_attr) +{ + int i; + + for (i=0; (*attr_list)[i] != NULL; i++) + ; + + (*attr_list) = Realloc((*attr_list), sizeof(**attr_list) * (i+2)); + SMB_ASSERT((*attr_list) != NULL); + (*attr_list)[i] = strdup(new_attr); + (*attr_list)[i+1] = NULL; +} + /** Get SAM_ACCOUNT entry from LDAP by username. */ @@ -1149,6 +1162,7 @@ int rc; attr_list = get_userattr_list( ldap_state-schema_ver ); + append_attr(attr_list, MODIFY_TIMESTAMP_STRING); rc = ldapsam_search_suffix_by_name(ldap_state, sname, result, attr_list); free_attr_list( attr_list ); @@ -1194,6 +1208,7 @@ switch ( ldap_state-schema_ver ) { case SCHEMAVER_SAMBASAMACCOUNT: attr_list = get_userattr_list(ldap_state-schema_ver); + append_attr(attr_list, MODIFY_TIMESTAMP_STRING); rc = ldapsam_search_suffix_by_sid(ldap_state, sid, result, attr_list); free_attr_list( attr_list ); Index: login_cache.c === --- login_cache.c (revision 1095) +++ login_cache.c (working copy) @@ -95,10 +95,13 @@ entry-bad_password_count, entry-bad_password_time) == -1) { DEBUG(7, (No cache entry found\n)); + SAFE_FREE(entry); SAFE_FREE(databuf.dptr); return NULL; } + SAFE_FREE(databuf.dptr); + DEBUG(5, (Found login cache entry: timestamp %12u, flags 0x%x, count %d, time %12u\n, (unsigned int)entry-entry_timestamp, entry-acct_ctrl, entry-bad_password_count, (unsigned int)entry-bad_password_time)); WebSVN: http://websvn.samba.org/websvn/changeset.php?rep=sambapath=/rev=1108nolog=1
svn commit: samba r1109 - trunk/source/utils
Author: herb Date: 2004-06-10 17:43:15 + (Thu, 10 Jun 2004) New Revision: 1109 Modified: trunk/source/utils/smbcacls.c Log: merge from 3.0 - allow smbcacls to remove last ACL entry WebSVN: http://websvn.samba.org/websvn/changeset.php?rep=sambapath=/rev=1109nolog=1
svn commit: samba r1111 - in branches/SAMBA_3_0/source: include lib
Author: jelmer Date: 2004-06-10 18:45:45 + (Thu, 10 Jun 2004) New Revision: Modified: branches/SAMBA_3_0/source/include/includes.h branches/SAMBA_3_0/source/lib/snprintf.c Log: Rename vsnprintf to smb_vsnprintf so we don't get duplicate symbol errors when linking against an app that does have vsnprintf() (bug #478) WebSVN: http://websvn.samba.org/websvn/changeset.php?rep=sambapath=/branches/SAMBA_3_0/sourcerev=nolog=1
svn commit: samba r1112 - in trunk/source: include lib
Author: jelmer Date: 2004-06-10 18:47:03 + (Thu, 10 Jun 2004) New Revision: 1112 Modified: trunk/source/include/includes.h trunk/source/lib/snprintf.c Log: Rename vsnprintf to smb_vsnprintf so we don't get duplicate symbol errors when linking against an app that does have vsnprintf() (bug #478) WebSVN: http://websvn.samba.org/websvn/changeset.php?rep=sambapath=/trunk/sourcerev=1112nolog=1
svn commit: samba r1113 - branches/SAMBA_4_0/source/torture/raw
Author: jra Date: 2004-06-10 23:17:22 + (Thu, 10 Jun 2004) New Revision: 1113 Modified: branches/SAMBA_4_0/source/torture/raw/chkpath.c Log: Test for wildcards in chkpath. Jeremy. WebSVN: http://websvn.samba.org/websvn/changeset.php?rep=sambapath=/rev=1113nolog=1
svn commit: samba-docs r125 - trunk/howto
Author: tpot Date: 2004-06-11 00:38:24 + (Fri, 11 Jun 2004) New Revision: 125 Modified: trunk/howto/msdfs.xml Log: Remove reference to non-existent configure option --with-msdfs as DFS is always on now. WebSVN: http://websvn.samba.org/websvn/changeset.php?rep=samba-docspath=/rev=125nolog=1
svn commit: samba-web r92 - trunk/support
Author: deryck Date: 2004-06-11 04:14:37 + (Fri, 11 Jun 2004) New Revision: 92 Removed: trunk/support/peru.html trunk/support/portugal.html trunk/support/scotland.html Modified: trunk/support/countries.html trunk/support/italy.html trunk/support/romania.html trunk/support/singapore.html trunk/support/slovenia.html trunk/support/southafrica.html trunk/support/spain.html trunk/support/sweden.html trunk/support/switzerland.html Log: More clean-up of non-replying support companies. Peru, Portugal, and Scotland were removed completely. Also, a few updates to existing company listings. WebSVN: http://websvn.samba.org/websvn/changeset.php?rep=samba-webpath=/rev=92nolog=1
svn commit: samba-web r93 - trunk/support
Author: deryck Date: 2004-06-11 04:40:45 + (Fri, 11 Jun 2004) New Revision: 93 Modified: trunk/support/singapore.html trunk/support/spain.html Log: Fix format problem in last update. WebSVN: http://websvn.samba.org/websvn/changeset.php?rep=samba-webpath=/rev=93nolog=1