Re: [Samba] poledit policy-file for w2k offline folders
To add an answer for the list archive: I received an NT4 poledit adm File that contains lots of options for XP and W2K. It is to big to be posted to the list, but I will pass it on if someone asks for it. > I am looking for a NT4 policy template (.adm) file I can deploy using > samba 3 to change the behavior of the "make folders available offline" > feature. -- Gunther SchlegelRiege Software International GmbH Manager System AdministrationMollsfeld 10 40670 Meerbusch, Germany Email: [EMAIL PROTECTED] Phone: +49-2159-9148-0 Fax: +49-2159-9148-11 - Disclaimer: You may grab my GPG key from http://www.keyserver.net . A nonproportional font is recommended for reading. signature.asc Description: This is a digitally signed message part -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Re: string overflow in safe_strcpy
Corey Spalding wrote: I recently upgraded both of my samba servers (mirrors of each other) to 3.0.4, my log files now fill with the following messages (hundred lines per day): Jun 24 13:55:33 Clyde smbd[8597]: [2004/06/24 13:55:33, 0] lib/util_str.c:safe_strcpy_fn(602) Jun 24 13:55:33 Clyde smbd[8597]: ERROR: string overflow by 1 (9 - 8) in safe_strcpy [LIBRA~V$.DOC] Jun 24 14:20:34 Clyde smbd[8597]: [2004/06/24 14:20:34, 0] lib/util_str.c:safe_strcpy_fn(602) Jun 24 14:20:34 Clyde smbd[8597]: ERROR: string overflow by 1 (11 - 10) in safe_strcpy [Config.pol.bak] The messages appear when I'm browsing any share setup on either server. Heres the smb.conf from the backup server. # Global parameters [global] unix charset = UTF8 workgroup = SPRINGFIELD server string = Clyde security = SHARE map to guest = Bad User passwd program = /usr/bin/passwd%u passwd chat = *password* %n\n *password* %n\n *successful* log level = 1 name resolve order = lmhosts host wins bcast mangling method = hash add user script = /usr/sbin/adduser -n -g machines -c Machine -d /dev/null -s /bin/false %m$ add machine script = /usr/sbin/useradd -d /dev/null -g 503 -s /bin/false -M %u logon path = \\%L\Profiles\%U os level = 60 preferred master = No local master = No domain master = No wins support = Yes ldap ssl = no idmap uid = 1-2 idmap gid = 1-2 winbind enum users = No winbind enum groups = No path = /var/spool/samba admin users = root, cspalding read only = No guest ok = Yes [homes] comment = Home Directories path = /home/%U create mask = 0700 directory mask = 0700 guest ok = No nt acl support = No locking = No [netlogon] comment = Network Logon Service path = /home/NETLOGON nt acl support = No locking = No [Profiles] comment = Nt Roaming Profiles path = /home/profiles create mask = 0777 guest ok = No [public] comment = Public on Clyde path = /usr2/public create mask = 0777 force create mode = 0777 directory mask = 0777 force directory mode = 0777 [printers] comment = All Printers printable = Yes browseable = No [apache] comment = webserver share path = /var/www/html username = billy,@billy, nobody, cspalding valid users = cspalding, mcaley, lynn, billy admin users = cspalding, mcaley, corey write list = billy, @billy [office] path = /usr2/office Any ideas how to get rid of this error? Its more of a nuisance that anything else at the moment. Yeah i get this problem too, with samba 3.04 on FC1 exactly the same, string errors when browsing any share which fills up my /var/log/messages file Any one know a fix? -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Special characters in the password
Dear all: I am using samba+openldap as the PDC, I use to smbldap-tool like smbldap-useradd.pl, smbldap-usermod.pl .. to work on the user account, and I find it is not able to create user password with special character single quote character (') can anyone able to solve this problem? Also when a user login a Window NT/2000 machine through my PDC, the user can't change password with the password contain special character of single quote ('), double quote (") and a space. In the smb.conf script, the password program is set to ./smbldap-passwd.pl and I think there is something weired on it... is anyone has any idea on this and solve this? Thanks a lot! Carmen __ Do you Yahoo!? New and Improved Yahoo! Mail - Send 10MB messages! http://promotions.yahoo.com/new_mail -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] one and a half nets
Hi all, I am trying to configure a SAMBA server to be connected to two different networks in two different ways: One network, on interface eth0, is the local network, the SAMBA server is the main file server for this network, and so I assume it would be best if the SAMBA server were the "master" on this network. The other network, on interface eth3, is someone else's network. I am trying to make my SAMBA server as invisible as possible on this network, whilst still allowing file sharing. I set this up as seemed to make sense, and it worked to my expectations. However, the single remote PC (Windows XP) on the eth3 network that was accessing my SAMBA server can access it no longer, and gets an "An extended error occurred" error when trying to re-create the network share. I have no idea what has changed to cause this, and suspect that perhaps it is the PC and not my server at fault. Ideally, I want the SAMBA server to support all samba services, including browsing, on eth0. In contrast, I don't want the server to be visible in browse lists of PCs on eth3. I really only want PCs to connect by explicitly creating a network share on that PC. I especially *don't* want my SAMBA server to be any kind of controller on the eth3 network. I have restricted access from eth3 by only including it in the "hosts allow" of a single share on the server. I have some fairly general quations Q1: Has anyone any idea what the "extended error" might mean? Q2: Has anyone any suggestions on how to make a single SAMBA server behave like the main file server on one network, but be almost invisible on another? Q3: Is there any way I can adjust my firewall so that a PC can connect to a shared drive on my SAMBA server, if it knows the address and share name, but the SAMBA server will not show up in browse lists, will not participate in master elections, and won't interfere with WINS servers on that same network? And some more specific questions: Q4: The parameters "domain master" "local master" "preferred master" are all global parameters, so if I enable any of them, my SAMBA server will set the corresponding behaviour on ALL connected networks, correct? Q5: eth3 has a Microsoft domain controller - will anything nasty happen on eth3 if I have "wins support = yes" set on my SAMBA server? Q6: Is the behaviour of the "xxx master" parameters restricted by the "interfaces" parameter? Q7: Just what does the "interfaces" parameter restrict? If I omit eth3 from the "interfaces" parameter, will this disable connection to services, or just browsing, or...? Q8: If my SAMBA server's address on eth3 is 123.456.789.100, then what are the differences, if any, between the following settings: interfaces = eth0 eth3 interfaces = eth0 123.456.789.0/24 interfaces = eth0 123.456.789.100 Q9: The PCs on eth0 are all Window 2000 machines. If I disable all the "xxx master" and "wins" parameters on my SAMBA server, will the PCs on eth0 still be happy, or will I regret it? Any and all help greatly appreciated. Cheers! Nik -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Group Policy
On Fri, 2004-06-25 at 01:56, Ashley Burt wrote: > I hope I don't get a ton of flames for this but I am wondering if anyone > knows a way to migrate a samba 3 controlled domain to an Windows based > Active Directory domain. Let me explain why. > > I want to continue to use samba as my file and print servers but I > really need the ability to use Group Policies. As far as I know there > is no way to do this without ADS. I would like to have a Windows 2003 > ADS server with Samba 3 file and print servers. Which part of Group Policies do you need? NT4 system policies handle a lot, and there is some information floating about regarding the use of client-side group policies. > The hard part is that I don't want to rejoin all my machines (~700) and > I want all my users and passwords preserved (~1,300). Any help or ideas > would be appreciated. > > Oh ya, down with Microsoft, hail Samba. :-) There may be some information over in Samba TNG, but in general this is hard, because we do not implement the server-side BDC protocols. Andrew Bartlett signature.asc Description: This is a digitally signed message part -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Winbind and Active Directory 2003 OR a SMB3 Trust?
I wanted to get the opinion of the good people on this list. My work is upgrading from NT4 domain servers to Active Directory on Windows 2003 servers. I currently use winbind to integrate in my Linux samba servers (They do file a print well). In your opinion, should I do the same approach with he new domain? Or create a separate samba 3 domain just for my Linux servers, and then trust the Windows AD domain? Have people out there gotten Winbind to work with Server 2003 AD? Any help would be great! -Chris -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Samba+LDAP Joining domain...weird problem!!!
I have some problem to with samba-3.0.3-5 (fedora package), but i'm sure that Administrator password is correct, and have uidNumber=0. And smbd.log said that i can connect to LDAP server. How to debug or solve this matter ? Please help me... --- [EMAIL PROTECTED] root]# smbldap-usershow administrator dn: uid=Administrator,ou=Users,dc=mragroup,dc=net cn: Administrator sn: Administrator objectClass: inetOrgPerson,sambaSAMAccount,posixAccount,shadowAccount gidNumber: 512 uid: Administrator uidNumber: 0 homeDirectory: /home/Administrator sambaLogonTime: 0 sambaLogoffTime: 2147483647 sambaKickoffTime: 2147483647 sambaPwdCanChange: 0 sambaHomePath: \\PDC-SMB3\home\Administrator sambaHomeDrive: H: sambaProfilePath: \\PDC-SMB3\profiles\Administrator\ sambaPrimaryGroupSID: S-1-5-21-972941785-1405270838-393888-512 sambaSID: S-1-5-21-972941785-1405270838-393888-2996 loginShell: /bin/false gecos: Netbios Domain Administrator sambaLMPassword: 42CD4C7F818D4973AAD3B435B51404EE sambaAcctFlags: [U] sambaNTPassword: 2FE8B5F75CF04A070222E0B49058EAA8 sambaPwdLastSet: 1088091927 sambaPwdMustChange: 1091979927 userPassword: {SSHA}vMIArCQ3m2yn4sjieOltxPZzkS+O4uWs -Original Message- From: Lance Levsen [mailto:[EMAIL PROTECTED] Sent: Fri 6/25/2004 12:12 AM To: abebe lsslp Cc: Samba Samba Subject: Re: [Samba] Samba+LDAP Joining domain...weird problem!!! On Thu, Jun 24, 2004 at 08:25:27AM -0700, abebe lsslp wrote: > This seems to be working fine. However, as I try to > join the domain from 'winxp' (logged in as > 'Administrator' and using 'root'),I still get "Access > is denied" message on the xp workstation. The weird > thing is, I don't see anymore logs in > /var/log/messages, smbd.log, or winxp.log. I have > tried restarting the XP computer as well. Try adding the samba machine first from the commandline to see if your user has the correct perms. $> net rpc join -w domain -UAdministrator%password The user who joins machines to the domain has to have a uid of 0 on the samba box. Here, I had to change the Administrator uid in LDAP to 0. > Ambex Cheers, lance -- Lance Levsen, Linux Systems Catprint Computing -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Problem setting ACLs on files/folders... plz help!
I'm running Samba on a Mac OS X server, and the server is a member of a Windows domain (Windows 2003). Samba is setup for security=domain permissions. I have opened up a file share to the Windows machines named AppDeployment. I'm able to open \\xserve\AppDeployment on a Windows server, and am able to create directories and copy files in there. (Btw, when i attempt to "net use" that directory from Windows, I'm required to enter an account from the Mac server.) Even if i login as 'root' on the Mac server when accessing that file share, when i try and change the permissions of a folder (i.e. add ACLs for a domain user via the Windows property page), I get an error dialog saying "Unable to save permission changes on ". Access is denied." when i try and apply the changes. any thoughts on what could be going wrong? i'm pretty stuck! am i going about this the wrong way? basically i want to setup Samba so i can have a file share on the Mac server that is exposed to the Windows servers in the domain, and the Windows servers can set ACLs on the files/folders using accounts in the domain. thanks for any help! Kirk [global] workgroup = <...> password server = * hide files = .Trashes/Temporary Items/Desktop */TheFindByContentFolder/TheVolumeSettingsFolder/.DS_Store/.AppleDouble/ display charset = UTF-8-MAC print command = /usr/sbin/PrintServiceAccess printps %p %s lprm command = /usr/sbin/PrintServiceAccess remove %p %j security = domain guest account = unknown encrypt passwords = yes printing = BSD allow trusted domains = yes preferred master = no lppause command = /usr/sbin/PrintServiceAccess hold %p %j netbios name = xserve wins support = no max smbd processes = 0 printcap = server string = Mac OS X lpresume command = /usr/sbin/PrintServiceAccess release %p %j client ntlmv2 auth = yes domain logons = no lpq command = /usr/sbin/PrintServiceAccess jobs %p passdb backend = opendirectorysam guest dos charset = CP437 unix charset = UTF-8-MAC socket options = SO_RCVBUF=64240 auth methods = guest ntdomain opendirectory local master = no use spnego = yes map to guest = Bad User domain master = no printer admin = @admin, @staff log level = 3 [AppDeployment] oplocks = 0 map archive = no path = /Volumes/<...>/AppDeployment read only = no inherit permissions = 1 strict locking = 1 comment = macosx create mask = 0666 guest ok = 1 public = yes writeable = yes directory mask = 0777 -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Windows 95, encrypted passwords, and secure channel communications
On Fri, 2004-06-25 at 00:45, Jonathan Johnson wrote: > First of all, let me say "I know it's been fixed in Samba 3." That's > for those of you who think I'm talking about the requiresignorseal > registry hack in Windows XP. I'm not. > > I ran into an issue when using Windows 95 clients with a Windows 2003 > server. (Why not Samba? The customer needs terminal services for some > windows-only programs.) Because Windows 2003, by policy, implements > tighter security including encrypted passwords and communications, > Windows 95 will NOT communicate with a Windows 2003 server. (If I'm > wrong about the encrypted passwords, someone please correct me.) > > David Lechnyr's Unofficial Samba HOW-TO states in part, "Windows 95 > doesn't use encrypted passwords, so this option must be disabled in > your smb.conf to support these clients... Verify that your smb.conf > file includes the parameter "encrypt passwords = yes" unless you are > using Win95/Win95a or have disabled encrypted passwords in your other > Windows clients (not a good idea)." This is misleading and dangerous information. There is no MS client that I know of (even DOS) that requires plaintext passwords. All MS clients support and allow encrypted passwords, at least at the 'lanman' level (pathetic, but encrypted). > It turns out that Microsoft provided a patch for Windows 95, 98, and > NT4 called "Active Directory Client Extension" which provides "NTLM > version 2 authentication". At least under Windows 2003 it seems to > work, allowing my Win95 clients access to the 2003 server. The patch includes NTLM1 and NTLMv2 support, which are more secure encrypted password forms than the old LM. This may allow access to more stringent domains. > I'm wondering if this patch will work on Windows 95 against a Samba > server, allowing one to leave "encrypted passwords = yes" set. I > don't have an available testbed to try it on right now. You could always have 'encrypt passwords = yes' set. This should (and I've not played with it) allow you to also set 'lanman auth = no', which is my preferred option for security. Andrew Bartlett signature.asc Description: This is a digitally signed message part -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: [fwd: [Fwd: Re: network response] ]
On Thu, Jun 24, 2004 at 12:45:03PM -0500, Chris Garrigues wrote: > > From: Chris Garrigues <[EMAIL PROTECTED]> > > Date: Thu, 24 Jun 2004 11:22:11 -0500 > > > > I haven't been able to reproduce it yet. > > Got it! > > Open an Excel file. Save it. Go to lunch. > > When you return, go to File>Save As... and click on "Save" to save it over > itself. Say that you want to save the file over itself. Things go to hell. > > I just did this on a W2K box and my co-worker did it on an XP box. > > I don't know how long lunch has to be. We had Thai. (Stir fried red herring!) I can't reproduce this :-(. Jeremy. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Automated reply from bulletproof@www.bulletproofsoft.com
BulletProofSoft.com Support Ticket Reply. DO NOT REPLY TO THIS EMAIL Please use our Online Support system for faster results to your questions. You can monitor the status of your ticket online where you can add follow up replies. http://www.bulletproofsoft.com/cgi-bin/custquest/quest_desk.cgi If the URL above splits into two lines, please visit: http://www.bulletproofsoft.com/support.html and click on the Contact Customer Support link Rest assured we will do our best to respond to your query promptly. You will receive a further email notification when one of our technicians has replied. Tech Support BulletProofSoft.com -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] WINS Replication
Dirk, > does anyone know when WINS replication via samba deamons will be > released? Has anybody perhaps developed such a synchronisation based on > scripts or something like that. This was hoped to make it into the 3.0 release but was not finished in time. I do not think it is being actively developed at this point. Check out wrepld stuff in CVS if you're interested. It doesn't really work though (at least the last time I looked at it). Nathan -- nre :wq -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Winbind/LDAP Backend question
Nik Reiman wrote: Hello, Recently, I've spent the last few days trying to get some unix client boxes to authenticate logins via winbind, so all of our unix system accounts can be maintained from active directory. So far, everything is working, and users can authenticate into the system, but they are assigned random uid/gid values, based on the smb.conf as well as the internal winbind_idmap.tdb file. Anyways, since users' home directories are in NFS, the uid/gid need to be uniform across the network, which is where ldap comes in. So, we added a set of schema to active directory in windows, and now every user has two new fields, uidNumber and gidNumber. The only thing I need to do now is somehow get samba to get this information out of the AD via LDAP, and use it rather than letting samba make its own uid table. I set up samba with all the relevant details of how to contact our AD server with LDAP (I should note that I can browse the uidNumber and gidNumber fields from a command line in unix with the ldapsearch tool). However, for whatever reason, samba can't seem to authenticate this way, and no information gets dumped to the error logs. Here's the smb.conf I've been working with: [global] workgroup = WORKGROUP security = DOMAIN log level = 10 log file = /var/adm/samba.log local master = No domain master = No wins server = leviathan ldap server = zurg ldap suffix = dc=example,dc=com ldap user suffix = ou=Employees ldap group suffix = ou=Groups ldap filter = (uidNumber=%u) ldap admin dn = cn=Administrator,cn=Users,dc=example,dc=com ldap ssl = no idmap backend = ldap:ldap://zurg idmap uid = 1000-2000 idmap gid = 600-1000 template primary group = employee template homedir = /home/%U template shell = /bin/bash winbind use default domain = Yes Here, zurg is our AD server (running windows 2003 server). The only thing that I can think of that might be bad is that it won't allow anonymous binds... yet I haven't seen any place to put in a bind password for LDAP. Does anyone know how I might be able to get this up and running? To do that part you issue a smbpasswd -w on the command line of your samba box to set the bind password to associate with the ldap admin dn. Have you tried storing your winbind idmap on an openldap (or other ldap) server? You could either manually pull the SIDs from the windows directory and then sync them with uids with a script, or you could change the uid stored in the idmap database to match the uid manually as the users connect. I suppose you could store that in your AD server as well, no real reason you couldn't. This wouldn't be reinventing the wheel quite as much and samba will work out of the box with that idmap data. Thanks, Nik -- // Nik Reiman || [EMAIL PROTECTED] || http://www.aboleo.net \\ -- Paul Gienger Office:701-281-1884 Applied Engineering Inc. Cell: 701-306-6254 Information Systems Consultant Fax: 701-281-1322 URL: www.ae-solutions.commailto:[EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Winbind/LDAP Backend question
Hello, Recently, I've spent the last few days trying to get some unix client boxes to authenticate logins via winbind, so all of our unix system accounts can be maintained from active directory. So far, everything is working, and users can authenticate into the system, but they are assigned random uid/gid values, based on the smb.conf as well as the internal winbind_idmap.tdb file. Anyways, since users' home directories are in NFS, the uid/gid need to be uniform across the network, which is where ldap comes in. So, we added a set of schema to active directory in windows, and now every user has two new fields, uidNumber and gidNumber. The only thing I need to do now is somehow get samba to get this information out of the AD via LDAP, and use it rather than letting samba make its own uid table. I set up samba with all the relevant details of how to contact our AD server with LDAP (I should note that I can browse the uidNumber and gidNumber fields from a command line in unix with the ldapsearch tool). However, for whatever reason, samba can't seem to authenticate this way, and no information gets dumped to the error logs. Here's the smb.conf I've been working with: [global] workgroup = WORKGROUP security = DOMAIN log level = 10 log file = /var/adm/samba.log local master = No domain master = No wins server = leviathan ldap server = zurg ldap suffix = dc=example,dc=com ldap user suffix = ou=Employees ldap group suffix = ou=Groups ldap filter = (uidNumber=%u) ldap admin dn = cn=Administrator,cn=Users,dc=example,dc=com ldap ssl = no idmap backend = ldap:ldap://zurg idmap uid = 1000-2000 idmap gid = 600-1000 template primary group = employee template homedir = /home/%U template shell = /bin/bash winbind use default domain = Yes Here, zurg is our AD server (running windows 2003 server). The only thing that I can think of that might be bad is that it won't allow anonymous binds... yet I haven't seen any place to put in a bind password for LDAP. Does anyone know how I might be able to get this up and running? Thanks, Nik -- // Nik Reiman || [EMAIL PROTECTED] || http://www.aboleo.net \\ -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Is this possible? (syncing users between a system withsamba 3 on and a win2k3 server)
Hi there, Do you know of any good documentation or books that cover this? As I said in a previous post I've not used Samba in a few years, so I'd feel more comfortable on reading up a bit then doing some experimentation in a test vmware network. Thanks Mark -Original Message- From: Christoph Scheeder [mailto:[EMAIL PROTECTED] Sent: 20 June 2004 17:41 To: [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Subject: Re: [Samba] Is this possible? (syncing users between a system withsamba 3 on and a win2k3 server) Hi, it is possible, but you'll have to install some packages manualy by compiling them for your own. these packages are kerberos and samba, as the versions in most distros are to old to work correct as an ads-member in win2k3-ADS. AFAIK you'll have to install MIT-kerberos 1.33 and, at the moment, samba from svnall other versions do not work. Christoph Mark Casey schrieb: > Well, the gentoo mention was a joke. (the loving compile times remark) > > Are there any good books on the subject dealing with what I mentioned, > as I haven't used Samba for a few years. (probably pre 2.0) > > Anyway, if I do setup any *bsd or linux servers they will be dedicated > to the task and will not have any additional programs installed. > > I would most likely leave the win2k3 server as the PDC, I have heard > of some issues in the past dealing with Samba and it being a PDC. The > situation is that I want to apply the practice of least change, I > don't want to (or feel the network needs to) have a new domain > controller.. Having all machines join the new domain etc. > > So, SBS won't allow a BDC? (suppose I'll have to go and buy it then > do some tests in vmware) > > What're saying is that it isn't possible currently with Samba 3 to > replicate users from win 2k3? (without some manual work, is it > possible at all to script any of it?) > > Thanks > > Mark > -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: [fwd: [Fwd: Re: network response] ]
On Thu, Jun 24, 2004 at 12:45:03PM -0500, Chris Garrigues wrote: > > From: Chris Garrigues <[EMAIL PROTECTED]> > > Date: Thu, 24 Jun 2004 11:22:11 -0500 > > > > I haven't been able to reproduce it yet. > > Got it! > > Open an Excel file. Save it. Go to lunch. > > When you return, go to File>Save As... and click on "Save" to save it over > itself. Say that you want to save the file over itself. Things go to hell. > > I just did this on a W2K box and my co-worker did it on an XP box. > > I don't know how long lunch has to be. We had Thai. (Stir fried red herring!) I'm still trying to reproduce this. Can you send me a debug level 10 of you reproducing it please ? Jeremy. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] string overflow in safe_strcpy
I recently upgraded both of my samba servers (mirrors of each other) to 3.0.4, my log files now fill with the following messages (hundred lines per day): Jun 24 13:55:33 Clyde smbd[8597]: [2004/06/24 13:55:33, 0] lib/util_str.c:safe_strcpy_fn(602) Jun 24 13:55:33 Clyde smbd[8597]: ERROR: string overflow by 1 (9 - 8) in safe_strcpy [LIBRA~V$.DOC] Jun 24 14:20:34 Clyde smbd[8597]: [2004/06/24 14:20:34, 0] lib/util_str.c:safe_strcpy_fn(602) Jun 24 14:20:34 Clyde smbd[8597]: ERROR: string overflow by 1 (11 - 10) in safe_strcpy [Config.pol.bak] The messages appear when I'm browsing any share setup on either server. Heres the smb.conf from the backup server. # Global parameters [global] unix charset = UTF8 workgroup = SPRINGFIELD server string = Clyde security = SHARE map to guest = Bad User passwd program = /usr/bin/passwd%u passwd chat = *password* %n\n *password* %n\n *successful* log level = 1 name resolve order = lmhosts host wins bcast mangling method = hash add user script = /usr/sbin/adduser -n -g machines -c Machine -d /dev/null -s /bin/false %m$ add machine script = /usr/sbin/useradd -d /dev/null -g 503 -s /bin/false -M %u logon path = \\%L\Profiles\%U os level = 60 preferred master = No local master = No domain master = No wins support = Yes ldap ssl = no idmap uid = 1-2 idmap gid = 1-2 winbind enum users = No winbind enum groups = No path = /var/spool/samba admin users = root, cspalding read only = No guest ok = Yes [homes] comment = Home Directories path = /home/%U create mask = 0700 directory mask = 0700 guest ok = No nt acl support = No locking = No [netlogon] comment = Network Logon Service path = /home/NETLOGON nt acl support = No locking = No [Profiles] comment = Nt Roaming Profiles path = /home/profiles create mask = 0777 guest ok = No [public] comment = Public on Clyde path = /usr2/public create mask = 0777 force create mode = 0777 directory mask = 0777 force directory mode = 0777 [printers] comment = All Printers printable = Yes browseable = No [apache] comment = webserver share path = /var/www/html username = billy,@billy, nobody, cspalding valid users = cspalding, mcaley, lynn, billy admin users = cspalding, mcaley, corey write list = billy, @billy [office] path = /usr2/office Any ideas how to get rid of this error? Its more of a nuisance that anything else at the moment. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: [fwd: [Fwd: Re: network response] ]
On Thu, Jun 24, 2004 at 12:45:03PM -0500, Chris Garrigues wrote: > > From: Chris Garrigues <[EMAIL PROTECTED]> > > Date: Thu, 24 Jun 2004 11:22:11 -0500 > > > > I haven't been able to reproduce it yet. > > Got it! > > Open an Excel file. Save it. Go to lunch. > > When you return, go to File>Save As... and click on "Save" to save it over > itself. Say that you want to save the file over itself. Things go to hell. > > I just did this on a W2K box and my co-worker did it on an XP box. > > I don't know how long lunch has to be. We had Thai. (Stir fried red herring!) Ok, I'm using these oplock settings with the current svn code : kernel oplocks = Yes oplocks = No level2 oplocks = No from a XP client using Excel 2000 9.0.3821 SR-1, I've saved it and am now going to lunch :-). I'll let you know if it happens for me. Jeremy. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: [fwd: [Fwd: Re: network response] ]
> From: Jeremy Allison <[EMAIL PROTECTED]> > Date: Thu, 24 Jun 2004 11:22:19 -0700 > > On Thu, Jun 24, 2004 at 01:06:01PM -0500, Chris Garrigues wrote: > > > From: Jeremy Allison <[EMAIL PROTECTED]> > > > Date: Thu, 24 Jun 2004 10:48:43 -0700 > > > > > > Ok, thanks. A couple of questions. What MS-Office version ? What Samba > > > code version (is this current svn code) ? What is your platform ? What > > > oplock settings do you have in your smb.conf ? > > > > I'm running Excel 2K on Win2k. Samba was built this base weekend from SV > N > > (3.0.5pre2-SVN-build-1202). The server is mandrake Linux kernel 2.4.22-3 > 0mdk. > > > > kernel oplocks = Yes > > oplocks = No > > level2 oplocks = No > > > > Oplocks settings have been changed repeatedly as we've tried to figure th > ings out. I > > intend to turn them back on again. > > This is very strange. With "oplocks = No" you shouldn't be able to > get an oplock timed out message at all as it shoudn't be granting them :-(. > > Can you reproduce with oplocks on ? Hold on...I lied. Farther down in my smb.conf file: [homes] comment = Home Directories read only = No browseable = No oplocks = Yes veto files = /.?*/.AppleDouble/.bin/.AppleDesktop/Network Trash Folder/.Parent/Icon?/Desktop/DesktopFolderDB/Maildir/ ...and yes indeed, this was in my home directory, so yes, this was with oplocks. Chris -- Chris Garrigues http://www.DeepEddy.Com/~cwg/ Trinsic Solutions http://www.trinsics.com 1611-B West 6th Street Austin, TX 78703-5074 512-322-0180 If you don't apply what you've learned, you haven't learned anything. pgpu5MWjTv1Eq.pgp Description: PGP signature -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: [fwd: [Fwd: Re: network response] ]
On Thu, Jun 24, 2004 at 01:06:01PM -0500, Chris Garrigues wrote: > > From: Jeremy Allison <[EMAIL PROTECTED]> > > Date: Thu, 24 Jun 2004 10:48:43 -0700 > > > > Ok, thanks. A couple of questions. What MS-Office version ? What Samba > > code version (is this current svn code) ? What is your platform ? What > > oplock settings do you have in your smb.conf ? > > I'm running Excel 2K on Win2k. Samba was built this base weekend from SVN > (3.0.5pre2-SVN-build-1202). The server is mandrake Linux kernel 2.4.22-30mdk. > > kernel oplocks = Yes > oplocks = No > level2 oplocks = No > > Oplocks settings have been changed repeatedly as we've tried to figure things out. > I > intend to turn them back on again. This is very strange. With "oplocks = No" you shouldn't be able to get an oplock timed out message at all as it shoudn't be granting them :-(. Can you reproduce with oplocks on ? Jeremy. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Roaming profiles. How to do it ?
Matthias Spork escreveu: Do not use one share for Home and Profile. Read this: http://www.idealx.org/prj/samba/smbldap-howto.en.html matze thank you for the answer, but like I said, I'm serving win98 clients, not WinNT/XP/2000, and the tutorial deals with theses clients my big doubt is if the options that I discribe above is right or not to do what I want. maybe I'm setting the wrong option. Thank youy again. Flávio Henrique Flávio Henrique schrieb: Hi all.. I'm using Samba 3.0.2a on Mandrake 10, serving +/- 50 win98 clients. I'm using this options: logon path = \\%N\%U\profile logon home = \\%N\%U\profile but the roaming profile seems do not working... at least the way that I want. (maybe this is the right behavior). What I want: -> When an user logins on MACHINE1 the profile that is saved in Linux begin download to MACHINE1 -> When this user logoff from MACHINE1 the profile must update on linux server -> If this user logins on MACHINE2 the profile (updated) must be downloaded to MACHINE2 But is not happen like this. When the user logins for the first time on MACHINE1 a local profile is created using the "All users" folder (under \windows\profiles) I'm not sure if the option " logon home = \\%N\%U\profile " tells Samba to do what I want. Somone can help me ? Thank you in advance. Flávio Henrique -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: [fwd: [Fwd: Re: network response] ]
> From: Jeremy Allison <[EMAIL PROTECTED]> > Date: Thu, 24 Jun 2004 10:48:43 -0700 > > Ok, thanks. A couple of questions. What MS-Office version ? What Samba > code version (is this current svn code) ? What is your platform ? What > oplock settings do you have in your smb.conf ? I'm running Excel 2K on Win2k. Samba was built this base weekend from SVN (3.0.5pre2-SVN-build-1202). The server is mandrake Linux kernel 2.4.22-30mdk. kernel oplocks = Yes oplocks = No level2 oplocks = No Oplocks settings have been changed repeatedly as we've tried to figure things out. I intend to turn them back on again. > (What is your favourite color, what is the flight speed of a fully laden > sparrow... :-) ? Blueno red. African or European? Chris -- Chris Garrigues http://www.DeepEddy.Com/~cwg/ Trinsic Solutions http://www.trinsics.com 1611-B West 6th Street Austin, TX 78703-5074 512-322-0180 If you don't apply what you've learned, you haven't learned anything. pgpTamrUQ56Cx.pgp Description: PGP signature -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: [fwd: [Fwd: Re: network response] ]
On Thu, Jun 24, 2004 at 12:45:03PM -0500, Chris Garrigues wrote: > > From: Chris Garrigues <[EMAIL PROTECTED]> > > Date: Thu, 24 Jun 2004 11:22:11 -0500 > > > > I haven't been able to reproduce it yet. > > Got it! > > Open an Excel file. Save it. Go to lunch. > > When you return, go to File>Save As... and click on "Save" to save it over > itself. Say that you want to save the file over itself. Things go to hell. > > I just did this on a W2K box and my co-worker did it on an XP box. > > I don't know how long lunch has to be. We had Thai. (Stir fried red herring!) Ok, thanks. A couple of questions. What MS-Office version ? What Samba code version (is this current svn code) ? What is your platform ? What oplock settings do you have in your smb.conf ? Jeremy. (What is your favourite color, what is the flight speed of a fully laden sparrow... :-) ? -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: [fwd: [Fwd: Re: network response] ]
> From: Chris Garrigues <[EMAIL PROTECTED]> > Date: Thu, 24 Jun 2004 11:22:11 -0500 > > I haven't been able to reproduce it yet. Got it! Open an Excel file. Save it. Go to lunch. When you return, go to File>Save As... and click on "Save" to save it over itself. Say that you want to save the file over itself. Things go to hell. I just did this on a W2K box and my co-worker did it on an XP box. I don't know how long lunch has to be. We had Thai. (Stir fried red herring!) Chris -- Chris Garrigues http://www.DeepEddy.Com/~cwg/ Trinsic Solutions http://www.trinsics.com 1611-B West 6th Street Austin, TX 78703-5074 512-322-0180 If you don't apply what you've learned, you haven't learned anything. pgpfZ3UZ5VCSz.pgp Description: PGP signature -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Question about Samba and a WINS server...
Hello everyone. I have a question about setting up a WINS server and to allow browsing across VPN tunnels. Let me give my setup... Running FreeBSD 4.9, with samba-3.0.4. Sole purpose right now is to just be a WINS server on the corporte network. We have 3 VPN tunnels setup at remote locations that will need to access the network and browse the corporate network. All the clients on the 3 branch office VPN's point to the WINS server located on the corporate network. Hence, since NetBIOS traffic cannot travel down VPN tunnels, that was the need for the WINS server. The kicker: We have one NT 4.0 server (yes yes, I know...working on getting rid of it) that is really just acting as a file server for the time being. Subnets: Corporate: 192.168.1.0/24 BO #1: 192.168.111.0/24 BO #2: 172.16.1.0/24 BO #3: 192.168.5/24 smb.conf [global] workgroup = COURTESY server string = Wins Server log file = /var/log/samba/log.%m max log size = 50 os level = 33 preferred master = Yes domain master = Yes dns proxy = No wins support = Yes hosts allow = 192.168.1., 192.168.5., 192.168.111., 172.16.1, 127.0 I'm running into some problems where sometimes I can browse the network from the Branch office location, and other times I cant see anything. Also, sometimes I can search for a computer on the corporate network and find it, and other times it does not come up at all. Here are some snips from my log.nmbd: [2004/06/23 22:53:43, 0] nmbd/nmbd_become_dmb.c:become_domain_master_browser_wins(327) become_domain_master_browser_wins: Attempting to become domain master browser on workgroup COURTESY, subnet UNICAST_SUBNET. [2004/06/23 22:53:43, 0] nmbd/nmbd_become_dmb.c:become_domain_master_browser_wins(341) become_domain_master_browser_wins: querying WINS server from IP 192.168.1.50 for domain master browser name COURTESY<1b> on workgroup COURTESY [2004/06/23 22:53:43, 0] nmbd/nmbd_become_dmb.c:become_domain_master_stage2(113) * Samba server OXYGEN is now a domain master browser for workgroup COURTESY on subnet UNICAST_SUBNET * [2004/06/23 22:53:43, 0] nmbd/nmbd_become_dmb.c:become_domain_master_browser_bcast(282) become_domain_master_browser_bcast: Attempting to become domain master browser on workgroup COURTESY on subnet 192.168.1.50 [2004/06/23 22:53:43, 0] nmbd/nmbd_become_dmb.c:become_domain_master_browser_bcast(295) become_domain_master_browser_bcast: querying subnet 192.168.1.50 for domain master browser on workgroup COURTESY [2004/06/23 22:53:43, 0] nmbd/nmbd_become_dmb.c:become_domain_master_query_success(225) become_domain_master_query_success: There is already a domain master browser at IP 192.168.1.20 for workgroup COURTESY registered on subnet 192.168.1.50. [2004/06/23 22:54:05, 0] nmbd/nmbd_become_lmb.c:become_local_master_stage2(396) * Samba name server OXYGEN is now a local master browser for workgroup COURTESY on subnet 192.168.1.50 * [2004/06/23 22:56:33, 0] nmbd/nmbd_incomingdgrams.c:process_get_backup_list_request(683) process_get_backup_list_request: domain list requested for workgroup COURTESY and I am not a domain master browser. I just went out and bout "The Official Samba 3 How to and reference guid" and plan on going through it extensively. In the meantime, I was hoping that someone may be able to give some suggestions on how I can correct this problem. I appreciate the help. Jason -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Roaming profiles. How to do it ?
Hi all.. I'm using Samba 3.0.2a on Mandrake 10, serving +/- 50 win98 clients. I'm using this options: logon path = \\%N\%U\profile logon home = \\%N\%U\profile but the roaming profile seems do not working... at least the way that I want. (maybe this is the right behavior). What I want: -> When an user logins on MACHINE1 the profile that is saved in Linux begin download to MACHINE1 -> When this user logoff from MACHINE1 the profile must update on linux server -> If this user logins on MACHINE2 the profile (updated) must be downloaded to MACHINE2 But is not happen like this. When the user logins for the first time on MACHINE1 a local profile is created using the "All users" folder (under \windows\profiles) I'm not sure if the option " logon home = \\%N\%U\profile " tells Samba to do what I want. Somone can help me ? Thank you in advance. Flávio Henrique -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba+LDAP Joining domain...weird problem!!!
On Thu, Jun 24, 2004 at 08:25:27AM -0700, abebe lsslp wrote: > This seems to be working fine. However, as I try to > join the domain from 'winxp' (logged in as > 'Administrator' and using 'root'),I still get "Access > is denied" message on the xp workstation. The weird > thing is, I don't see anymore logs in > /var/log/messages, smbd.log, or winxp.log. I have > tried restarting the XP computer as well. Try adding the samba machine first from the commandline to see if your user has the correct perms. $> net rpc join -w domain -UAdministrator%password The user who joins machines to the domain has to have a uid of 0 on the samba box. Here, I had to change the Administrator uid in LDAP to 0. > Ambex Cheers, lance -- Lance Levsen, Linux Systems Catprint Computing -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: [fwd: [Fwd: Re: network response] ]
> From: Jeremy Allison <[EMAIL PROTECTED]> > Date: Thu, 24 Jun 2004 09:02:07 -0700 > > On Thu, Jun 24, 2004 at 11:00:48AM -0500, Chris Garrigues wrote: > > > > ~sigh~ Thanks, but neither the server nor the switch are showing any netw > ork problems. > > > > Hell, we aren't even seeing any collisions on the server: > > Ok, so can you reproduce this ? Are you using latest svn code ? > If you can reproduce this at will please tell me how and I'll > look at it immediately. I haven't been able to reproduce it yet. Chris -- Chris Garrigues http://www.DeepEddy.Com/~cwg/ Trinsic Solutions http://www.trinsics.com 1611-B West 6th Street Austin, TX 78703-5074 512-322-0180 If you don't apply what you've learned, you haven't learned anything. pgpl3b1c6X7e8.pgp Description: PGP signature -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: [fwd: [Fwd: Re: network response] ]
On Thu, Jun 24, 2004 at 11:00:48AM -0500, Chris Garrigues wrote: > > ~sigh~ Thanks, but neither the server nor the switch are showing any network > problems. > > Hell, we aren't even seeing any collisions on the server: Ok, so can you reproduce this ? Are you using latest svn code ? If you can reproduce this at will please tell me how and I'll look at it immediately. Jeremy. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: [fwd: [Fwd: Re: network response] ]
Chris Garrigues wrote: From: Jeremy Allison <[EMAIL PROTECTED]> Date: Thu, 24 Jun 2004 08:29:32 -0700 Check network hardware (negotiation etc). This is usually called by a flakey network. ~sigh~ Thanks, but neither the server nor the switch are showing any network problems. Hell, we aren't even seeing any collisions on the server: eth0 Link encap:Ethernet HWaddr 00:D0:B7:3E:A0:4D inet addr:10.2.240.1 Bcast:10.2.240.255 Mask:255.255.255.0 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:52198838 errors:0 dropped:0 overruns:0 frame:0 TX packets:47574112 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 RX bytes:591919497 (564.4 Mb) TX bytes:2269551243 (2164.4 Mb) Any firewalling hardware/software involved? Particularly the windows xp firewall? -- Paul Gienger Office:701-281-1884 Applied Engineering Inc. Cell: 701-306-6254 Information Systems Consultant Fax: 701-281-1322 URL: www.ae-solutions.commailto:[EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Samba issue with Windows XP
Hello everybody: We have a problem with Samba and Windows XP/2000 and hope that somebody will help me. We have the network with Windows 98, Linux Red Hat 8.0 and Windows XP/2000. On windows machines works a program that generates and copies some files to Samba File server (Samba 2.2.5 on Linux RedHat 8.0). On Windows 98 everything works just fine; however machines with Windows XP sometimes unable to write to Samba machine, after some time (30-45 seconds) everything fine. The program that we running on XP the same as on Windows 98, but again only Windows XP has a problem. Can somebody please help us to resolve this issue? Best regards, Oleg -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: [fwd: [Fwd: Re: network response] ]
> From: Jeremy Allison <[EMAIL PROTECTED]> > Date: Thu, 24 Jun 2004 08:29:32 -0700 > > Check network hardware (negotiation etc). This is usually called by a flakey > network. ~sigh~ Thanks, but neither the server nor the switch are showing any network problems. Hell, we aren't even seeing any collisions on the server: eth0 Link encap:Ethernet HWaddr 00:D0:B7:3E:A0:4D inet addr:10.2.240.1 Bcast:10.2.240.255 Mask:255.255.255.0 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:52198838 errors:0 dropped:0 overruns:0 frame:0 TX packets:47574112 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 RX bytes:591919497 (564.4 Mb) TX bytes:2269551243 (2164.4 Mb) -- Chris Garrigues http://www.DeepEddy.Com/~cwg/ Trinsic Solutions http://www.trinsics.com 1611-B West 6th Street Austin, TX 78703-5074 512-322-0180 If you don't apply what you've learned, you haven't learned anything. pgpZwroDY1aqw.pgp Description: PGP signature -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Group Policy
I hope I don't get a ton of flames for this but I am wondering if anyone knows a way to migrate a samba 3 controlled domain to an Windows based Active Directory domain. Let me explain why. I want to continue to use samba as my file and print servers but I really need the ability to use Group Policies. As far as I know there is no way to do this without ADS. I would like to have a Windows 2003 ADS server with Samba 3 file and print servers. The hard part is that I don't want to rejoin all my machines (~700) and I want all my users and passwords preserved (~1,300). Any help or ideas would be appreciated. Oh ya, down with Microsoft, hail Samba. :-) --- Ashley F. Burt Network Administrator Veterinary Medicine Computer Group [EMAIL PROTECTED] --- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Samba config
Hi Im having difficulty configuring Samba running on FreeBSD. Samba version is 2.2.8a. The scenario is that we have an NT4 domain and I am looking to migrate the printers onto Samba. All of the printers are connected via print servers, mainly HP JetDirect. As far as security is concerned I am happy for guest/anonymous logon as the server will only be used for printing but I have set security to domain and added samba to the domain. As things stand I have setup a test share which is visible from both Win98 and XP. I have also setup a JetDirect connected printer and can print to it using lpr. What I can't seem to do is print via Samba, either using smbclient or Windows. Smbclient errors with an NT_STATUS_ACCESS_DENIED error, windows clients just report the printer is not contactable. I have also added the nobody user to the samba passwords file with a blank password - I really don't want to have to add all users to unix/samba. My conf files are below: Smb.conf [global] netbios name = samba workgroup = MMO wins server = x.x.x.x#changed os level = 33 security = domain encrypt passwords = yes # printcap name = /etc/printcap password server = * [beyond] # temporary printer share to test setup path = /var/spool/lpd guest ok = yes printable = yes printing = BSD print command = /usr/bin/lpr -P%p -r %s [test] #test file share comment = For testing only, please path = /usr/local/samba/tmp read only = no guest ok = yes printcap file - ### test for new printer### beyond|raw1:\ :lp=:\ :rm=beyond:\ :rp=raw:\ :sh:\ :sd=/var/spool/lpd/beyond: In addition I have added an entry in /etc/host to define beyond - none of the docs mention this but raw lpr doesn't seem to work without it. Can anyone suggest what I am doing wrong? Also should I use lpr or cups as we don't have any postscript printers? Regards, Chris Christopher Moss Murray McIntosh O'Brien Wellesley House 204 London Road Waterlooville PO7 7AN 023 9223 1006 --- Disclaimer Privileged or confidential information may be contained in this message. If you are not the addressee of this message please notify the sender by return and delete it, and you may not use, copy, disclose or rely on the information contained in it. Internet e-mail may be susceptible to data corruption, interception and unauthorised amendment for which Murray McIntosh O'Brien does not accept liability. Likewise whilst we have taken reasonable precautions to ensure that this e-mail and any attachments have been swept for viruses, Murray McIntosh O'Brien does not accept liability for any losses caused as a result of viruses. Statements in this message that do not relate to the business of Murray McIntosh O'Brien are neither given nor endorsed by it or the Directors of Murray McIntosh O'Brien. A list of the Directors of Murray McIntosh O'Brien is available for inspection at our offices. -- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Replacing a W2K box with a Samba box
On Sun, Jun 20, 2004 at 07:52:50PM +0100, Alex Forrow wrote: > Yeh Samba can do all that you want, but I believe you will have to get rid > of Active Directory, because Samba cannot host it, only join it. So you > will have to use a good old NT style domain. > > You can setup Samba for domain logons, and as long as the adm file is not > too new, you can use the NT policy editor to generate .pol files to use. > Check out the policies section on my site @ http://forrow.com/nova if you > have problems with the new win2k ADM files. > > This setup will allow for roaming profiles to be used, which is what you > are looking for. > > Hope this helps It did, thanks a lot. -- : M a r t e e N Debian GNU/Linux | : GPG PK www.lugmen.org.ar/~marteen/.perfil/clave.txt : GPG FPCA49 DEE9 7F5B A373 5121 2F82 1047 1BB9 83EC D3C9 : JID / e-mailmarteen[arroba]lugmen[punto]org[punto]ar |__ -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: [fwd: [Fwd: Re: network response] ]
On Thu, Jun 24, 2004 at 10:30:09AM -0500, Chris Garrigues wrote: > > It solved some of the issues we've been seeing, but we're still getting > reports of delays while trying to open files of over a minute. The message I > originally forwarded mentioned twice this morning. Here's the server log for > that user with the above mentioned LDAP search failures removed since they > appear to be unrelated (they happen much more often than the problem and > nobody complains when they do happen): > > [2004/06/24 09:19:45, 0] smbd/oplock.c:request_oplock_break(1055) > request_oplock_break: no response received to oplock break request to pid 20578 on > port 4027 for dev = 811, inode = 541045, file_id = 23 Check network hardware (negotiation etc). This is usually called by a flakey network. Jeremy. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: [fwd: [Fwd: Re: network response] ]
> From: Chris Garrigues <[EMAIL PROTECTED]> > Date: Thu, 24 Jun 2004 10:04:37 -0500 > > > From: Chris Garrigues <[EMAIL PROTECTED]> > > Date: Thu, 24 Jun 2004 09:45:16 -0500 > > > > [2004/06/24 07:38:05, 0] passdb/pdb_ldap.c:ldapsam_search_one_group(1782) > > ldapsam_search_one_group: Problem during the LDAP search: LDAP error: > (N > > o such object) > > These lines appear to all be searching for > > base="ou=group,dc=borderent,dc=com,dc=borderent,dc=com" > scope=2 > filter="(&(objectClass=sambaGroupMapping)(gidNumber=99))" > > where group 99 is the nobody group. I'm assuming as a result that this error > is a red herring. > > I really need some guidance here. I've got some pretty frustrated users who > don't even want to tell me when they're having problems any more. ~sigh~ It looks like my second message got posted to the list, but not my first (probably because I included the original user complaint as an attachment), so I'm going to restate it differently. I'm now running 3.0.5pre2-SVN-build-1202 which I built this weekend. It solved some of the issues we've been seeing, but we're still getting reports of delays while trying to open files of over a minute. The message I originally forwarded mentioned twice this morning. Here's the server log for that user with the above mentioned LDAP search failures removed since they appear to be unrelated (they happen much more often than the problem and nobody complains when they do happen): [2004/06/24 07:37:57, 0] lib/util_sock.c:get_peer_addr(1000) getpeername failed. Error was Transport endpoint is not connected [2004/06/24 07:37:57, 0] lib/util_sock.c:write_socket_data(430) write_socket_data: write failure. Error = Connection reset by peer [2004/06/24 07:37:57, 0] lib/util_sock.c:write_socket(455) write_socket: Error writing 4 bytes to socket 5: ERRNO = Connection reset by peer [2004/06/24 07:37:57, 0] lib/util_sock.c:send_smb(647) Error writing 4 bytes to client. -1. (Connection reset by peer) [2004/06/24 07:38:03, 0] lib/util_sock.c:get_peer_addr(1000) getpeername failed. Error was Transport endpoint is not connected [2004/06/24 07:38:03, 0] lib/util_sock.c:write_socket_data(430) write_socket_data: write failure. Error = Connection reset by peer [2004/06/24 07:38:03, 0] lib/util_sock.c:write_socket(455) write_socket: Error writing 4 bytes to socket 5: ERRNO = Connection reset by peer [2004/06/24 07:38:03, 0] lib/util_sock.c:send_smb(647) Error writing 4 bytes to client. -1. (Connection reset by peer) [2004/06/24 07:38:05, 0] rpc_server/srv_pipe.c:api_pipe_netsec_process(1400) failed to decode PDU [2004/06/24 07:38:05, 0] rpc_server/srv_pipe_hnd.c:process_request_pdu(605) process_request_pdu: failed to do schannel processing. [2004/06/24 07:38:14, 1] smbd/service.c:make_connection_snum(648) product1 (10.2.240.173) connect to service profiles initially as user bjames (uid=514, gid=100) (pid 30493) [2004/06/24 07:38:31, 1] smbd/service.c:close_cnum(833) product1 (10.2.240.173) closed connection to service profiles [2004/06/24 07:38:32, 1] smbd/service.c:make_connection_snum(648) product1 (10.2.240.173) connect to service netlogon initially as user bjames (uid=514, gid=100) (pid 30493) [2004/06/24 07:38:34, 1] smbd/service.c:make_connection_snum(648) product1 (10.2.240.173) connect to service bjames initially as user bjames (uid=514, gid=100) (pid 30493) [2004/06/24 07:40:00, 1] smbd/service.c:close_cnum(833) product1 (10.2.240.173) closed connection to service netlogon [2004/06/24 08:24:41, 1] smbd/service.c:make_connection_snum(648) product1 (10.2.240.173) connect to service bjames initially as user bjames (uid=514, gid=100) (pid 20578) [2004/06/24 08:50:08, 1] smbd/service.c:close_cnum(833) product1 (10.2.240.173) closed connection to service bjames [2004/06/24 09:10:46, 0] lib/util_sock.c:get_peer_addr(1000) getpeername failed. Error was Transport endpoint is not connected [2004/06/24 09:10:46, 0] lib/util_sock.c:write_socket_data(430) write_socket_data: write failure. Error = Connection reset by peer [2004/06/24 09:10:46, 0] lib/util_sock.c:write_socket(455) write_socket: Error writing 4 bytes to socket 5: ERRNO = Connection reset by peer [2004/06/24 09:10:46, 0] lib/util_sock.c:send_smb(647) Error writing 4 bytes to client. -1. (Connection reset by peer) [2004/06/24 09:10:48, 1] smbd/service.c:make_connection_snum(648) product1 (10.2.240.173) connect to service bjames initially as user bjames (uid=514, gid=100) (pid 10715) [2004/06/24 09:19:45, 0] smbd/oplock.c:request_oplock_break(1055) request_oplock_break: no response received to oplock break request to pid 20578 on port 4027 for dev = 811, inode = 541045, file_id = 23 [2004/06/24 09:19:45, 0] smbd/open.c:open_mode_check(731) open_mode_check: exlusive oplock left by process 20578 after break ! For file My Documents/Product/Game Buys/July/gamebuyJULY.2004.xls, dev = 811, inode = 541045. Deleting it
[Samba] Samba+LDAP Joining domain...weird problem!!!
Hey, I was having this problem, with samba+ldap pdc created using IDEALX tools [EMAIL PROTECTED] etc]# smbpasswd -w XX Setting stored password for "uid=samba,ou=Users,dc=eaglex,dc=wbc" in secrets.tdb [EMAIL PROTECTED] etc]# smbldap-useradd -w winxp$ failed to add entry: modifications require authentication at /usr/sbin//smbldap_tools.pm line 366. So I made some adjustments to /etc/samba/smb.conf, /etc/ldap.conf, and /etc/smbldap-tools/smbldap_bind.conf and tried the following [EMAIL PROTECTED] smbldap-tools]# smbpasswd -w XX Setting stored password for "cn=Manager,dc=eaglex,dc=wbc" in secrets.tdb [EMAIL PROTECTED] smbldap-tools]# smbldap-useradd -w winxp$ [EMAIL PROTECTED] smbldap-tools]# This seems to be working fine. However, as I try to join the domain from 'winxp' (logged in as 'Administrator' and using 'root'),I still get "Access is denied" message on the xp workstation. The weird thing is, I don't see anymore logs in /var/log/messages, smbd.log, or winxp.log. I have tried restarting the XP computer as well. I am just out ideas with no clues to follow. Please, show me your greatness on this matter!!! Ambex __ Do you Yahoo!? New and Improved Yahoo! Mail - Send 10MB messages! http://promotions.yahoo.com/new_mail -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Samba making many nobody processes
Hello, I have a samba server 3.04 and it works fine for windows authentication. Now I just got SUSE 9.0 and wanted authentication done via samba. When I enable samba authentication on linux it fails to work and worst more it makes a nasty nobody process for each time I reboot the machine on the Samba server! That nobody process takes up about 20 to 30% cpu. Ouch! Can anyone provide some advice as to what to do, to get Linux Samba authentication to work? Thank you, Dave -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Re: [fwd: [Fwd: Re: network response] ]
> From: Chris Garrigues <[EMAIL PROTECTED]> > Date: Thu, 24 Jun 2004 09:45:16 -0500 > > [2004/06/24 07:38:05, 0] passdb/pdb_ldap.c:ldapsam_search_one_group(1782) > ldapsam_search_one_group: Problem during the LDAP search: LDAP error: (N > o such object) These lines appear to all be searching for base="ou=group,dc=borderent,dc=com,dc=borderent,dc=com" scope=2 filter="(&(objectClass=sambaGroupMapping)(gidNumber=99))" where group 99 is the nobody group. I'm assuming as a result that this error is a red herring. I really need some guidance here. I've got some pretty frustrated users who don't even want to tell me when they're having problems any more. Chris -- Chris Garrigues http://www.DeepEddy.Com/~cwg/ Trinsic Solutions http://www.trinsics.com 1611-B West 6th Street Austin, TX 78703-5074 512-322-0180 If you don't apply what you've learned, you haven't learned anything. pgpu11R9tAzPJ.pgp Description: PGP signature -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Windows 95, encrypted passwords, and secure channel communications
First of all, let me say "I know it's been fixed in Samba 3." That's for those of you who think I'm talking about the requiresignorseal registry hack in Windows XP. I'm not. I ran into an issue when using Windows 95 clients with a Windows 2003 server. (Why not Samba? The customer needs terminal services for some windows-only programs.) Because Windows 2003, by policy, implements tighter security including encrypted passwords and communications, Windows 95 will NOT communicate with a Windows 2003 server. (If I'm wrong about the encrypted passwords, someone please correct me.) David Lechnyr's Unofficial Samba HOW-TO states in part, "Windows 95 doesn't use encrypted passwords, so this option must be disabled in your smb.conf to support these clients... Verify that your smb.conf file includes the parameter "encrypt passwords = yes" unless you are using Win95/Win95a or have disabled encrypted passwords in your other Windows clients (not a good idea)." It turns out that Microsoft provided a patch for Windows 95, 98, and NT4 called "Active Directory Client Extension" which provides "NTLM version 2 authentication". At least under Windows 2003 it seems to work, allowing my Win95 clients access to the 2003 server. I'm wondering if this patch will work on Windows 95 against a Samba server, allowing one to leave "encrypted passwords = yes" set. I don't have an available testbed to try it on right now. More info: http://www.microsoft.com/windows2000/server/evaluation/news/bulletins/adextension.asp Note: the ADCE for 9x is on the Windows 2000 CD, but not the Windows 2003 CD, and is not downloadable from Microsoft. --Jon Johnson Sutinen Consulting, Inc. [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Samba problems
Is the samba server winning the election? -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] directory ACL dont work
i have a problem with the acls in directories. i use samba 3 and windows 2000. when i change die permissions on a file the acl is also change on linux (suse 9.0). but when i change die permission in a directory it fails. my smb.conf: [global] workgroup = SUNNY domain logons = yes os level = 32 preferred master = auto local master = yes preferred master = yes interfaces = eth0 username map = /etc/samba/username_map map to guest = Bad User disable netbios = yes wins support = yes wins hook = /etc/samba/dns_update [daten] path = /daten read only = no comment = Datenverzeichnis browseable = yes valid users = rudi root nt acl support = yes acl compatibility = win2k security mask = 0770 directory security mask = 0770 map acl inherit = yes -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba 3.0.3/4 - WINS server expires names after 2 hours
Hello, I had the same problem. I've found a workaround by patching the code in "nmbd/nmbd_namelistdb.c": /*** Expires old names in all subnet namelists. **/ void expire_names(time_t t) { struct subnet_record *subrec; for( subrec = FIRST_SUBNET; subrec; subrec = NEXT_SUBNET_INCLUDING_UNICAST(subrec) ) { expire_names_on_subnet( subrec, t ); } expire_names_on_subnet( wins_server_subnet, t ); /* ADD THIS LINE FOR REMOVING EXPIRED NAME FROM WINS TABLE */ } I dont know if it's the correct things to do, but it works fine for me with my configuration (PDC+LDAP+WINS with Samba 3.0.4 on MDK 9.2) If a real Samba develloper can have a quick look to this to make a real correction for next release. Bye [EMAIL PROTECTED] wrote: Sorry for not truncating but I thought the info was relevant... This "bug" has apparently been documented in bugzilla but no activity since March 18/04?? https://bugzilla.samba.org/show_bug.cgi?id=607 Jeff Gerard - Systems Administrator Wawanesa Mutual Insurance Company Office: 204-985-0517 Fax:204-947-5192 Email: [EMAIL PROTECTED] [EMAIL PROTECTED] Sent by: [EMAIL PROTECTED] 23/06/2004 03:34 PM To [EMAIL PROTECTED] cc Subject [Samba] Samba 3.0.3/4 - WINS server expires names after 2 hours Hi there...this problem has me banging my head against a wall Until last week I was running Samba 2.2.7a on an old Slack box. I decided to upgrade as I needed more drive space and wanted something more current. I went with Fedora Core 2 and am running 2.6.6-1.435 kernel. I was using the default Samba install that came packaged with this release of Fedora and decided to try compiling/installing 3.0.4 to see if it would resolve my issue, which it did not. With logging options on nmbd set to d=3, I was finally able to figure out why this problem was happening but now how to prevent it. I am using Samba to do some file sharing, but more importantly for it's dns proxy capabilities. We currently have 2 domain names as we migrate from a Novell environment to an Active Directory environment. All windows clients are passed the samba server's IP for a wins address in order to do netbios name resolution and not have to configure 2 different domain names in the search suffix list. What has been happening since I started to use this version of samba is that after 2 hours, certain names stop resolving. The only way to correct the problem was to restart both smbd and nmbd. I had tried restarting only smbd and then only nmbd but to no avail...both had to be restarted to get things running again. Today I finally caught some log entries that showed me what was happening. If I try to ping an address on the old domain from a windows workstation, in this example, "ping ns-updates", I see the following in log.nmbd: (ignore the timestamps as I have patched logs together to get this info) [2004/06/23 13:56:49, 3] nmbd/nmbd_winsserver.c:wins_process_name_query_request(1485) wins_process_name_query: name query for name NS-UPDATES<00> from IP 10.239.10.38 [2004/06/23 13:56:49, 3] nmbd/nmbd_winsserver.c:wins_process_name_query_request(1549) wins_process_name_query: name query for name NS-UPDATES<00> not found - doing dns lookup. [2004/06/23 13:56:49, 3] nmbd/asyncdns.c:queue_dns_query(308) added DNS query for NS-UPDATES<00> [2004/06/23 13:56:49, 3] nmbd/asyncdns.c:add_dns_result(43) add_dns_result: DNS gave answer for NS-UPDATES of 10.3.9.100 [2004/06/23 13:56:49, 3] nmbd/nmbd_namelistdb.c:add_name_to_subnet(236) add_name_to_subnet: Added netbios name NS-UPDATES<00> with first IP 10.3.9.100 ttl=7200 nb_flags= 4 to subnet WINS_SERVER_SUBNET The "ttl=7200" is what has me baffled. After 2 hours has passed, If I try to "ping ns-updates" again, I get no reply on the windows workstation (ie, "Ping request could not find host ns-updates. Please check the name and try again." and I see the following in log.nmbd: [2004/06/23 13:55:57, 3] nmbd/nmbd_winsserver.c:wins_process_name_query_request(1485) wins_process_name_query: name query for name NS-UPDATES<00> from IP 10.239.10.38 [2004/06/23 13:55:57, 3] nmbd/nmbd_winsserver.c:wins_process_name_query_request(1531) wins_process_name_query: name query for name NS-UPDATES<00> - name expired. Returning fail. The ttl values vary, and in most cases are set to 30, but all of the hosts that are set to 7200 will expire after 2 hours and I am no longer able to resolve these hostnames until I restart smbd and nmbd. My smb.conf looks like this: [global] log file = /usr/local/samba/var/log.%m load printers = yes name resolve order = lmhosts hosts bcast idmap gid = 16777216-33554431 socket options = TCP_NODELAY IPTOS_LOWDELAY SO_RCVBUF=8192 SO_SNDBUF=8192 interfaces = eth0 nu
[Samba] Problem with winbind an samba Domain
Hello, I get the following problem with winbind from samba 3.0.3 as well as 3.0.4: [EMAIL PROTECTED] root]# wbinfo -u Error looking up domain users [EMAIL PROTECTED] root]# From /var/log/messages: Jun 24 16:02:23 bagheera winbind: winbindd startup succeeded Jun 24 16:02:23 bagheera winbindd[28278]: [2004/06/24 16:02:23, 0] rpc_client/cli_pipe.c:rpc_auth_pipe(256) Jun 24 16:02:23 bagheera winbindd[28278]: BAD auth level 6 (should be 5) The Domaincontroller is a Samba 3.0.2 on a Redhat 7.3 machine. winbind from samba 3.0.2 works. Is there any problem known between samba 3.0.2 and higher versions? Will it help to upgrade the domain controller also to 3.0.4? Sincerly, Klaus -- Klaus Steinberger Maier-Leibnitz Labor Phone: (+49 89)289 14287 Am Coulombwall 6, D-85748 Garching, Germany FAX: (+49 89)289 14280 EMail: [EMAIL PROTECTED] URL: http://www.physik.uni-muenchen.de/~k2/ In a world without Walls and Fences, who needs Windows and Gates -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba 3.0.3/4 - WINS server expires names after 2 hours
Sorry for not truncating but I thought the info was relevant... This "bug" has apparently been documented in bugzilla but no activity since March 18/04?? https://bugzilla.samba.org/show_bug.cgi?id=607 Jeff Gerard - Systems Administrator Wawanesa Mutual Insurance Company Office: 204-985-0517 Fax:204-947-5192 Email: [EMAIL PROTECTED] [EMAIL PROTECTED] Sent by: [EMAIL PROTECTED] 23/06/2004 03:34 PM To [EMAIL PROTECTED] cc Subject [Samba] Samba 3.0.3/4 - WINS server expires names after 2 hours Hi there...this problem has me banging my head against a wall Until last week I was running Samba 2.2.7a on an old Slack box. I decided to upgrade as I needed more drive space and wanted something more current. I went with Fedora Core 2 and am running 2.6.6-1.435 kernel. I was using the default Samba install that came packaged with this release of Fedora and decided to try compiling/installing 3.0.4 to see if it would resolve my issue, which it did not. With logging options on nmbd set to d=3, I was finally able to figure out why this problem was happening but now how to prevent it. I am using Samba to do some file sharing, but more importantly for it's dns proxy capabilities. We currently have 2 domain names as we migrate from a Novell environment to an Active Directory environment. All windows clients are passed the samba server's IP for a wins address in order to do netbios name resolution and not have to configure 2 different domain names in the search suffix list. What has been happening since I started to use this version of samba is that after 2 hours, certain names stop resolving. The only way to correct the problem was to restart both smbd and nmbd. I had tried restarting only smbd and then only nmbd but to no avail...both had to be restarted to get things running again. Today I finally caught some log entries that showed me what was happening. If I try to ping an address on the old domain from a windows workstation, in this example, "ping ns-updates", I see the following in log.nmbd: (ignore the timestamps as I have patched logs together to get this info) [2004/06/23 13:56:49, 3] nmbd/nmbd_winsserver.c:wins_process_name_query_request(1485) wins_process_name_query: name query for name NS-UPDATES<00> from IP 10.239.10.38 [2004/06/23 13:56:49, 3] nmbd/nmbd_winsserver.c:wins_process_name_query_request(1549) wins_process_name_query: name query for name NS-UPDATES<00> not found - doing dns lookup. [2004/06/23 13:56:49, 3] nmbd/asyncdns.c:queue_dns_query(308) added DNS query for NS-UPDATES<00> [2004/06/23 13:56:49, 3] nmbd/asyncdns.c:add_dns_result(43) add_dns_result: DNS gave answer for NS-UPDATES of 10.3.9.100 [2004/06/23 13:56:49, 3] nmbd/nmbd_namelistdb.c:add_name_to_subnet(236) add_name_to_subnet: Added netbios name NS-UPDATES<00> with first IP 10.3.9.100 ttl=7200 nb_flags= 4 to subnet WINS_SERVER_SUBNET The "ttl=7200" is what has me baffled. After 2 hours has passed, If I try to "ping ns-updates" again, I get no reply on the windows workstation (ie, "Ping request could not find host ns-updates. Please check the name and try again." and I see the following in log.nmbd: [2004/06/23 13:55:57, 3] nmbd/nmbd_winsserver.c:wins_process_name_query_request(1485) wins_process_name_query: name query for name NS-UPDATES<00> from IP 10.239.10.38 [2004/06/23 13:55:57, 3] nmbd/nmbd_winsserver.c:wins_process_name_query_request(1531) wins_process_name_query: name query for name NS-UPDATES<00> - name expired. Returning fail. The ttl values vary, and in most cases are set to 30, but all of the hosts that are set to 7200 will expire after 2 hours and I am no longer able to resolve these hostnames until I restart smbd and nmbd. My smb.conf looks like this: [global] log file = /usr/local/samba/var/log.%m load printers = yes name resolve order = lmhosts hosts bcast idmap gid = 16777216-33554431 socket options = TCP_NODELAY IPTOS_LOWDELAY SO_RCVBUF=8192 SO_SNDBUF=8192 interfaces = eth0 null passwords = yes domain master = no hosts allow = 10. encrypt passwords = yes winbind use default domain = no template shell = /bin/false wins support = yes dns proxy = yes netbios name = wpg1lx01 netbios aliases = zelda password server = None idmap uid = 16777216-33554431 default = pub local master = no workgroup = TECH socket address = 10.38.2.11 printcap name = /etc/printcap security = share preferred master = no bind interfaces only = no max log size = 512 os level = 0 Right now I have a cron job set up to restart samba every 2 hours. I can't have this happening if someone is accessing files off the file shares that I have setup. Any help would be greatly appreciated. I am contemplat
Re: [Samba] [EXPERIENCES] with OpenLDAP and Samba and Redundancy ???
Hello Buchan Milne, [..] > No you don't, unless your slave is misconfigured. > > | e.g. a machine changes its machine password in Slave directory and > can't logon anymore cause the password change isn't replicated on Master > | > > It's password change attempt will fail. [...] > > Only if you've mis-configured it. > > Note that these questions don't really have anything to do with samba, > you may want to ask on the openldap list. Sorry about when i ask too. But i think this on Topic on this List. The Question is: What happens in Samba when the Master LDAP Server ist down and a Change- Request for the Workstation-Machine-Account-Passwort comes? - Is it possible that a User can't Logon on this Workstation? - Or falls the Workstation out of the Domain? (Nevermore a Member of the Domain)? - When nothing happens, why is there a Mechanism for changes of Machine Passworts (Security, or what else)? - When i right understand, then is in this Szenario no Changes of Passwort's, LastLogonTime usw. possible, right? Thank You Thomas -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] WINS Replication
Hello everybody, does anyone know when WINS replication via samba deamons will be released? Has anybody perhaps developed such a synchronisation based on scripts or something like that. Mit freundlichem Gruß, Dirk Laurenz Systems Engineer PSO - Professional Service Organisation Fujitsu Siemens Computers Hildesheimer Strasse 25 30880 Laatzen Germany Telephone: +49 (511) 84 89 - 18 08 Telefax:+49 (511) 84 89 - 25 18 08 Mobile: +49 (170) 22 10 781 Email: mailto:[EMAIL PROTECTED] Internet: http://www.fujitsu-siemens.com http://www.fujitsu-siemens.de/rl/servicesupport/itdienstleistungen/competencecenter.html *** -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Cannot install printers via CUPS in Samba3.0.2a on debian sarge
Hello, please help me: After searching for nearly 2 weeks for a solution, I have to ask for assistance: System: debian sarge - update from an working installaton on woody (without printing) Now the samba server joins ADS, authenticates users, but should also provide printers. I have installed cups, configured my smb.conf: - [global] load printers = yes printing = cups printcap name = printcap.cups [print$] path = /var/samba browseable = no write list = root [printers] comment = All Printers path = /var/spool/cups browseable = no public = yes guest ok = yes writable = no printable = yes [kyo1750] comment = S/W-Laserdrucker Kyocera FS-1750 printeable = yes path = /var/spool/samba/kyo1750 printcap.cups : kyo1750|kyo1750:rm=riwake1:rp=kyo1750: OK, and here is my problem: no printer appear in network-neigbourhood - I can not connect to the printer from any windows box, but printing the testpage from cups works fine. Wher should I look for more debugging? Did I miss anything? Or is my understanding of printing wrong? I am absolutely without an idea where to go from here on. Reading the samba-docs did not help me really, and the new book "samba-3 by example" is on the way to me. Thank you for any hint. Wolfgang Wagner -- Systemadministration Riwa GmbH, Zwingerstraße 1, 87435 Kempten, +49-831-52 29 63-537 eMail:[EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] smbclient failure on 3.0.4
hello, I have just gone from samba 2 to 3.0.4. I have compiled succesfully and wanted to test that smbclient was working as it had for the previous version. When I run smbclient /// it returns the following session setup failed: NT_STATUS_CANT_ACCESS_DOMAIN_INFO logs show: [2004/06/24 11:59:37, 5] auth/auth.c:check_ntlm_password(271) check_ntlm_password: winbind authentication for user [root] FAILED with error NT_STATUS_CANT_ACCESS_DOMAIN_INFO [2004/06/24 11:59:37, 2] auth/auth.c:check_ntlm_password(312) check_ntlm_password: Authentication for user [root] -> [root] FAILED with error NT_STATUS_CANT_ACCESS_DOMAIN_INFO I have searched google but have come up blank. Can anyone point me in the right direction?? Cheers Our name has changed. Please update your address book to the following format: "[EMAIL PROTECTED]". This message contains information that may be privileged or confidential and is the property of the Capgemini Group. It is intended only for the person to whom it is addressed. If you are not the intended recipient, you are not authorized to read, print, retain, copy, disseminate, distribute, or use this message or any part thereof. If you receive this message in error, please notify the sender immediately and delete all copies of this message. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Account desc mysql backend
ehh, just a little remark/note for the mysql passwd backend users and developers... when adding a user, the 'account desc' field is NOT filled in..! when adding some text manualy, and doing pdbedit -v the field showes up, so when reading from the passwdbackend, the fields are resolved, when writting too the passwdbackend , the description field (and maybe more important fields) are kept empty..! like i said, it's not a bug, just a thing.. Later - Collen Blijenberg (Systeem/Netwerk Beheerder) Montessori Lyceum Herman Jordan Zeist -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] samba3 PDC+ldap domain logon problem
Is this bug fix with rpm version of samba-3.0.3-5 (fedora package ?) Cause is still can't join to Samba LDAP server with unknown user name and password error form Windows 2000. smbd.log said [2004/06/17 23:22:20, 2] lib/smbldap.c:smbldap_search_domain_info(1344) Searching for:[(&(objectClass=sambaDomain)(sambaDomainName=SMB3))] [2004/06/17 23:22:20, 2] lib/smbldap.c:smbldap_open_connection(639) smbldap_open_connection: connection opened [2004/06/17 23:22:20, 3] lib/smbldap.c:smbldap_connect_system(806) ldap_connect_system: succesful connection to the LDAP server and .log said [2004/06/24 14:23:18, 2] smbd/reply.c:reply_special(208) netbios connect: name1=PDC-SMB3name2=BACKUP [2004/06/24 14:23:18, 2] smbd/reply.c:reply_special(215) netbios connect: local=pdc-smb3 remote=backup, name type = 0 Is there something wrong with my configuration ? -smb.conf workgroup = SMB3 netbios name = PDC-SMB3 interfaces = 172.16.0.232 username map = /etc/samba/smbusers admin users= administrator,@"Domain Admins" server string = Samba Server %v security = user encrypt passwords = Yes domain logons = Yes os level = 65 preferred master = Yes domain master = Yes wins support = Yes passdb backend = ldapsam:ldap://127.0.0.1/ # passdb backend = ldapsam:"ldap://127.0.0.1/ ldap://slave.idealx.com"; ldap admin dn = cn=Manager,dc=mragroup,dc=net ldap suffix = dc=mragroup,dc=net ldap group suffix = ou=Groups ldap user suffix = ou=Users ldap machine suffix = ou=Computers ldap idmap suffix = ou=Users #ldap ssl = start tls add user script = /usr/local/sbin/smbldap-useradd -m "%u" ldap delete dn = Yes #delete user script = /usr/local/sbin/smbldap-userdel "%u" add machine script = /usr/local/sbin/smbldap-useradd -w "%u" add group script = /usr/local/sbin/smbldap-groupadd -p "%g" #delete group script = /usr/local/sbin/smbldap-groupdel "%g" add user to group script = /usr/local/sbin/smbldap-groupmod -m "%u" "%g" delete user from group script = /usr/local/sbin/smbldap-groupmod -x "%u" "%g" #smbldap-usershow Administrator dn: uid=Administrator,ou=Users,dc=mragroup,dc=net cn: Administrator sn: Administrator objectClass: inetOrgPerson,sambaSAMAccount,posixAccount,shadowAccount gidNumber: 512 uid: Administrator uidNumber: 0 homeDirectory: /home sambaLogonTime: 0 sambaLogoffTime: 2147483647 sambaKickoffTime: 2147483647 sambaHomeDrive: H: sambaPrimaryGroupSID: S-1-5-21-1931314229-1443927316-3005072698-512 sambaSID: S-1-5-21-1931314229-1443927316-3005072698-2996 loginShell: /bin/false gecos: Netbios Domain Administrator sambaLMPassword: 552902031BEDE9EFAAD3B435B51404EE sambaNTPassword: 878D8014606CDA29677A44EFA1353FC7 sambaPwdCanChange: 1087541956 sambaPwdMustChange: 2147483647 sambaPwdLastSet: 1087541956 sambaAcctFlags: [U ] userPassword: {SMD5}W826bGtUtVBFm2cy9pjOoLleifE= please help me regards reza There is a bug with seperating the machine suffix and the user suffix, they both need to be the same container. Please search the archives more, this topic comes up every week or so. David Caplan wrote: Hi, I've got an issue with a samba 3 PDC with an ldap backend. I get a logon failure (unknown username or bad password) when trying to add a win2k box to the domain. I'm using Mandrake with Samba 3.0.2a and openldap 2.1.22. I am able to set up the workgroup on the w2k box, and access folders for users registered in the ldap database, however I am not able to join the domain with the user Administrator. Any ideas on where I can look to find errors or test another way? (I cant find anything in the ldap logs or the samba logs). Please CC me any response, as I'm not subscribed to the list. Thanks. - David ---Some relevant smb.conf [global] ... username map = /etc/samba3/smbusers obey pam restrictions = No ldap passwd sync = yes passdb backend = ldapsam:ldap://127.0.0.1/ unix password sync = yes pam password change = yes passwd chat = *New*UNIX*password* %n\n *Retype*new*UNIX*password* %n\n *LDAP*password*information*changed*for*dcaplan*\n *passwd:*all*authentication*tokens*updated*successfully* ldap admin dn = cn=root,dc=cloudraker,dc=com ldap suffix = dc=cloudraker,dc=com ldap group suffix = ou=Group ldap user suffix = ou=People ldap machine suffix = ou=Hosts ldap idmap suffix = ou=People ldap ssl = off#ldap ssl = start tls add user script = /usr/bin/smbldap-useradd3 -m "%u" ldap delete dn = Yes delete user script = /usr/bin/smbldap-userdel3 "%u" add machine script = /usr/bin/smbldap-useradd3 -w "%u" add group script = /usr/bin/smbldap-groupadd3 -p "%g"#delete group script = /usr/bin/smbldap-groupdel3 "%g" add user to group script = /usr/bin/smbldap-groupmod3 -m "%u" "%g" delete user from group script = /usr/bin/smbld