Re: [Samba] Samba+LDAP - so close yet so far :) ...STILL NOT SOLVED

2004-07-16 Thread Craig White
On Fri, 2004-07-16 at 13:39, abebe lsslp wrote:
> Hey Craig, 
> Here is what's happening. I've got nothing, but
> headache from looking at log level 10, but finally I
> finished going over it. For those of you who have not
> been following, check
> http://150.208.105.24/smbldap-pdc.html
> 
> > 
> > > smbd/process.c:timeout_processing(1332)
> > >   timeout_processing: End of file from client
> > (client
> > > has disconnected).
> > 
> > You are attempting to join WinXP to domain, are
> > asked for the
> > name/password/domain of a user who has sufficient
> > privileges to add a
> > machine to the domain and it fails to finish? The
> > machine is indeed
> > added to LDAP - that's all I can figure out from
> > your email.
> > 
> > First off - my understanding is that Machine
> > accounts should still be
> > located in the People subtree and not in the
> > Computers subtree because
> > subsequent searches will not locate it there. If
> > this has been fixed,
> > I'm sure someone will correct me.
> >
> 
> I have tried it your way as well. 
> 
> # 1
> Changeed the Entry in '/etc/ldap.conf' to 
> 
> nss_base_passwd ou=People,dc=wbcoll,dc=edu?one
> nss_base_shadow ou=People,dc=wbcoll,dc=edu?one
> nss_base_group  ou=Groups,dc=wbcoll,dc=edu?one
> 
> #2
> changed the entry in '/etc/samba/smb.conf' file, I
> changed 
> 
> ldap machine suffix = ou=People
> 
> #3
> and finally, the entry in
> '/etc/smbldap-tools/smbldap.conf'
> 
> # Ex: computersdn="ou=Computers,dc=IDEALX,dc=ORG"
> computersdn="ou=People,dc=wbcoll,dc=edu"
> 
> However, I am sure the "ou =Computers" entry works. A
> lot of documentations, including idealx.org would have
> corrected their documentations if it wasn't so.  
> 
> > Secondly - ldap log?
> 
> I couldn't find any hint that leads me to believe the
> ldap doesn't work, but you might see something I
> don't.  you will find the whole 'slapd.log' file here:
> http://150.208.105.24/smbldap-pdc/. (there are also
> log files for the xp machine. ('winxp.log.html' is log
> level 10 and 'winxp_log.html' is log level 3). Log
> level 10 doesn't really tell me anything log level 3
> doesn't.

SID's don't match...

dn: uid=Administrator,ou=Users,dc=wbcoll,dc=edu

sambaPrimaryGroupSID: S-1-5-21-952094410-1508517273-1204454084-512
sambaSID: S-1-5-21-952094410-1508517273-1204454084-2996

pdbedit -Lv testuser1

User SID: S-1-5-21-1414736517-1990894286-2385622597-3000
Primary Group SID:S-1-5-21-1414736517-1990894286-2385622597-513

Who knows which SID is in smbldap_conf and which SID is in 
dn=SambaDomainName,dc=wbcoll,dc=edu

This should be one of the first things you check.

Also - just for a point of reference (not that what I do is at all correct or even 
recommended by the many people that know way more than I do), I set the primary posix 
gid for all users to a posix labeled group and my /etc/samba/smbusers looks like this:
# cat /etc/samba/smbusers
# Unix_name = SMB_name1 SMB_name2 ...
root = Administrator administrator admin
nobody = guest pcguest smbguest

I hope this helps.

Craig

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba


Re: [Samba] Sync'ing user and group ID's

2004-07-16 Thread Andrew Bartlett
On Sat, 2004-07-17 at 15:38, [EMAIL PROTECTED] wrote:
> Heya, I'm new to this particular area of linux admin, and I noticed the 
> behaviour of
> the new samba CIFS's linux driver.
> 
> The only problem was that the user and group ID's of the files in the 
> mounted directories
> were rather strange, as these ID's were not in sync between the server 
> and the client.
> 
> My question is how do I keep them in sync, how I would deal with, say, 
> a laptop roaming
> between two different networks.

The usual suggestion is a central LDAP server for your workstations. 
For laptops, this becomes more interesting however...

Unfortunately, the 'uid' and 'gid' options no longer work against Samba
servers, unless they have 'unix extensions' explicitly disabled.  This
could be considered a bug.

> I am also concerned about the security implications - to me, it appears 
> that every single
> computer must be trusted, and thus, no-body but those in the admin 
> staff should be able to
> have root access -- this sounds like the security will go down as the 
> number of computers
> increases.  Any suggestions about this?

The server enforces the access control - so even if somebody has root on
the client, they only have their password to the server.

This is the difference between CIFS and NFS :-)

Andrew Bartlett


signature.asc
Description: This is a digitally signed message part
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] Sync'ing user and group ID's

2004-07-16 Thread thestar
Heya, I'm new to this particular area of linux admin, and I noticed the 
behaviour of
the new samba CIFS's linux driver.

The only problem was that the user and group ID's of the files in the 
mounted directories
were rather strange, as these ID's were not in sync between the server 
and the client.

My question is how do I keep them in sync, how I would deal with, say, 
a laptop roaming
between two different networks.

I am also concerned about the security implications - to me, it appears 
that every single
computer must be trusted, and thus, no-body but those in the admin 
staff should be able to
have root access -- this sounds like the security will go down as the 
number of computers
increases.  Any suggestions about this?

Thanks.
--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba


[Samba] ldap & winbind

2004-07-16 Thread colinjenkins
For a few weeks now, I have been attempting to set up a linux box to 
authenticate from a win2003 ldap server

All the article Iv'e read mention winbind, but it has been removed from 
our network.
I'm only running 1 linux (mandrake) box as a web server, and just want 
to have all authentication done from ADS.
is this possible without winbind?
any other pointers?

--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba


Re: [Samba] Make Samba 3.0.4 PDC server as Windows update server

2004-07-16 Thread rruegner
Hi,
if you only have this service on the station it will run
as long to the next reboot patch.
The security of ms webserver an additionals you can read at technet , 
which is a must to read !!!
Windows isnt that unstable as most of the people say if you dont fuck it 
with buggy drivers , programs, or ugly admins ( as there nearly more 
than users )
The described susserver has a parameter for downloading via a proxy ,no 
problem at all.
and you dont have time to google , but waste our time with asking?
Regards

cep welly schrieb:
rruegner wrote:
Hi ,
you can make any win2k, winxp prof workstation make a
sus server , you only have to fix a few parameters ( lines )in the 
downloaded
sus package vom ms ( the line which check the install to the version
of windows cause normaly you can only install it on server versions )
Then you install iis ( ms-webserver ) from your win cd (included on 
win2k, winxp),
install the modified package , setup the sus server ( language, 
download rotation time ) download your updates , aprove them.
Make a ntconfig.pol in your netlogon at smb pdc, and
configure daily internal check to the ip of the sus server.
You can also outroll a tool forcesus.exe and start it
with psexec on every domain computer to force the sus update anytime.
The only problem is the win sus station has to be up the whole time. ( 
or at last the update time )

That' might be a problem. Is windows designed to be up for a long time ( 
without reboot or blue screen ? --- ;-) )

A duron/celeron 800 or so with 128MB  Ram will do the job nicly.
There are a few other possiblities ( some with linux via wget and so 
on  ), but this is i found the best way.
YOu will found all information about that at
http://www.susserver.com/ in the forums.

Thanks for your valuable information. I haven't got enough time to 
google for additional info, but I think
deploying susserver behind proxy firewall won't be a problem ( isn't it 
??? )
Cheers all ...

It is no hard job to do and works 100 %
Regards Robert
cep welly schrieb:
hi, guys... I'm a noobie around here and first come first ask  ;-)
well, I have successfully made my linux box ( debian sid kernel 2.426 
) as a PDC
( I can connect my winxp box to this pdc --> that's what i mean 
success )
I'm using Samba 3.0.4. I wonder if I can make my pdc to be a windows 
update server.
As we know, updating windows always goes through the internet, which 
in my
consideration is not good internet bandwidth management ( assume if 
there's
a hundred or even thousand windows clients in a network ... )
So, if one machine can provide that need, it would be a great 
improvement.
I've heard about SUS which can provide this, but since it need a 
windows server
I guess I should ignore that ( I'd experienced a bad time when one of 
our server
being compromised several months ago --- that's why I turn to Linux 
platform )
Maybe providing a script to execute the update files is not enough, 
since users
have to involved to the installation, answering some questions, etc 
which
might be boring them ( in case there'll not just only one update ). 
And there will
be a chance where users will give a wrong answer.
Updating windows without asking anything, after user log in just : go 
copying files,
changin' registry, etc ( restart after the whole process defenetely 
can't be avoided,
isn't it ?  :D )
Or I just to much to hope .

cheers,
--me--


--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba


Re: [Samba] Enabling account lockouts

2004-07-16 Thread Jeremy Allison
On Wed, Jul 14, 2004 at 08:41:19AM -0400, Dunn, Drew A. wrote:
> I'm running Samba 3.0.4 (using a tdb backend) as the PDC for several windows
> 2000 clients.  I would like to enable an account lockout policy.  I set the
> number of bad password attempts using pdbedit by issuing,
> 
> # pdbedit -P "bad lockout attempt" -C 3
> 
> and recieved confirmation that this was correct.  I then tried to enable
> locking by issuing
> 
> # pdbedit -u username -c "[L]"
> 
> However pdbedit -Lv does not show any change to the account flags.  I have
> been able to set other flags like "Password does not expire", "account
> disabled", etc.  When setting these I receive confirmation that the flag has
> been set but go not receive any confirmation when trying to set the lockout.
> 
> Any suggestions?  Is there something else I need to turn on for this to
> work?

Ok, try this patch - should fix the problem (it does here).

Jeremy.
Index: utils/pdbedit.c
===
--- utils/pdbedit.c (revision 1535)
+++ utils/pdbedit.c (working copy)
@@ -202,7 +202,6 @@
 {
SAM_ACCOUNT *sam_pwent=NULL;
BOOL ret;
-   BOOL updated_autolock = False, updated_badpw = False;
 
if (!NT_STATUS_IS_OK(pdb_init_sam (&sam_pwent))) {
return -1;
@@ -216,19 +215,6 @@
return -1;
}
 
-   if (!pdb_update_autolock_flag(sam_pwent, &updated_autolock))
-   DEBUG(2,("pdb_update_autolock_flag failed.\n"));
-
-   if (!pdb_update_bad_password_count(sam_pwent, &updated_badpw))
-   DEBUG(2,("pdb_update_bad_password_count failed.\n"));
-
-   if (updated_autolock || updated_badpw) {
-   become_root();
-   if(!pdb_update_sam_account(sam_pwent))
-   DEBUG(1, ("Failed to modify entry.\n"));
-   unbecome_root();
-   }
-
ret=print_sam_info (sam_pwent, verbosity, smbpwdstyle);
pdb_free_sam(&sam_pwent);

@@ -310,6 +296,7 @@
  const char *user_sid, const char *group_sid,
  const BOOL badpw)
 {
+   BOOL updated_autolock = False, updated_badpw = False;
SAM_ACCOUNT *sam_pwent=NULL;
BOOL ret;

@@ -322,6 +309,14 @@
return -1;
}

+   if (!pdb_update_autolock_flag(sam_pwent, &updated_autolock)) {
+   DEBUG(2,("pdb_update_autolock_flag failed.\n"));
+   }
+
+   if (!pdb_update_bad_password_count(sam_pwent, &updated_badpw)) {
+   DEBUG(2,("pdb_update_bad_password_count failed.\n"));
+   }
+
if (fullname)
pdb_set_fullname(sam_pwent, fullname, PDB_CHANGED);
if (homedir)
@@ -384,7 +379,7 @@
pdb_set_bad_password_count(sam_pwent, 0, PDB_CHANGED);
pdb_set_bad_password_time(sam_pwent, 0, PDB_CHANGED);
}
-   
+
if (NT_STATUS_IS_OK(in->pdb_update_sam_account (in, sam_pwent)))
print_user_info (in, username, True, False);
else {
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Make Samba 3.0.4 PDC server as Windows update server

2004-07-16 Thread cep welly
rruegner wrote:
Hi ,
you can make any win2k, winxp prof workstation make a
sus server , you only have to fix a few parameters ( lines )in the 
downloaded
sus package vom ms ( the line which check the install to the version
of windows cause normaly you can only install it on server versions )
Then you install iis ( ms-webserver ) from your win cd (included on 
win2k, winxp),
install the modified package , setup the sus server ( language, 
download rotation time ) download your updates , aprove them.
Make a ntconfig.pol in your netlogon at smb pdc, and
configure daily internal check to the ip of the sus server.
You can also outroll a tool forcesus.exe and start it
with psexec on every domain computer to force the sus update anytime.
The only problem is the win sus station has to be up the whole time. ( 
or at last the update time )
That' might be a problem. Is windows designed to be up for a long time ( 
without reboot or blue screen ? --- ;-) )

A duron/celeron 800 or so with 128MB  Ram will do the job nicly.
There are a few other possiblities ( some with linux via wget and so 
on  ), but this is i found the best way.
YOu will found all information about that at
http://www.susserver.com/ in the forums.
Thanks for your valuable information. I haven't got enough time to 
google for additional info, but I think
deploying susserver behind proxy firewall won't be a problem ( isn't it 
??? )
Cheers all ...

It is no hard job to do and works 100 %
Regards Robert
cep welly schrieb:
hi, guys... I'm a noobie around here and first come first ask  ;-)
well, I have successfully made my linux box ( debian sid kernel 2.426 
) as a PDC
( I can connect my winxp box to this pdc --> that's what i mean 
success )
I'm using Samba 3.0.4. I wonder if I can make my pdc to be a windows 
update server.
As we know, updating windows always goes through the internet, which 
in my
consideration is not good internet bandwidth management ( assume if 
there's
a hundred or even thousand windows clients in a network ... )
So, if one machine can provide that need, it would be a great 
improvement.
I've heard about SUS which can provide this, but since it need a 
windows server
I guess I should ignore that ( I'd experienced a bad time when one of 
our server
being compromised several months ago --- that's why I turn to Linux 
platform )
Maybe providing a script to execute the update files is not enough, 
since users
have to involved to the installation, answering some questions, etc 
which
might be boring them ( in case there'll not just only one update ). 
And there will
be a chance where users will give a wrong answer.
Updating windows without asking anything, after user log in just : go 
copying files,
changin' registry, etc ( restart after the whole process defenetely 
can't be avoided,
isn't it ?  :D )
Or I just to much to hope .

cheers,
--me--


--
-BEGIN PGP PUBLIC KEY BLOCK-
Version: GnuPG v1.2.4 (GNU/Linux)
mQGiBEDato0RBADHD8bKvVCTORppg/pot1Zuyx4Joz/IC34aZlLkG7/JNEVemqiB
jSVgnwxa9UNs9Chz9CT6vqzw1pgPXDAb1rD91kbupatgaFUlNEwAW/v2eH8LQEYz
3NicbaysYeeJLBOYlwtmbZWrV8KKoSNrHWxZRjfl4a7TGggllou6+sAQTwCg/2Q2
lLLdPjuaXGiRHqpHFuFWVT8D/Rfzi89GrGWwharBmqNlq3WNJJSK4NdZUy6yFrfY
mqaytOBUq6wWoM9OdvAciS4R1qVK2GItV2xIX9N47zeEXspsANF3PyH6PSdXBYfO
CDL6jdkL1JS/E+QQcOsqbwkJOa3IpSuJPuE0IuYj9G2pEUNFR9/QiNVq2ysqUK8I
V/8VBACmL758SPyrMSwA2sPGiRbSndr0Bc6XW/YPwvJNQsU+zzX+qtAP4K3oEX7R
z1OD6LfkJAvrCLswNJbyIlrsFSo/NxlsqnWgKU4K4qsntvMA2UiyAUCOONCn+7Uo
V8UVK/3ZKRAlnTM6YdxEWe1c09pP3k4kxGdii5E3cJu6a1a4jbYxZGViaWFu
IChKVVNUIFNJR05BVFVSRSkgPGRlYl9taWxpc3RAeWFob28uY29tLnNnPohbBBMR
AgAbBQJA2raNBgsJCAcDAgMVAgMDFgIBAh4BAheAAAoJEP6KKTciHvMpKQgAoLl1
8lYWPDqcTtRwNyPBA5UhlbHIAKDAjaZYyTgyYU2xtacqPDqsMzf/N4hJBBMRAgAJ
BQJA5AJfAgcAAAoJEAiiw5gMTBnLYAUAoKeNbaExa+6oJIz9WWYgsVUO8KW9AJ4m
oP4njy83Cl7bnbacBW7o9doj6rkBDQRA2raQEAQAqzfMQUbVLt/iFTDFcI3XSO26
v2BYQAvHdRkMGo8AFrffJCbEFfTlyCrTbhIHKB0D6Z8+lEqdsjJlwleNWDWTu3gY
hOvUeGqCiNmPRGeYjM5VatsUNMQLS6qGVbpaiHXZ75e6Vco3MjMEKN1KQDn3QdtW
JcW32LPA5XqrEbInV1MAAwYD/idygDdnBgOUNEfN+JVFr3OUuVBTxky6VZ08mYbj
VmE/tFDh+H9o0GdHAMrvXbITFau6BR3ykNXtVPRMlT+g1pCe91RovR+WwfLItFnC
eB6lfiu4tsdPWeBWPKbdQO7zb1Wj6U/yo5JcjNjQjBHpxuoTpicYYgKiFIIhHzIG
kt9MiEYEGBECAAYFAkDatpAACgkQ/oopNyIe8ykmwgCfZLcfyNlAVIpfhyhjJPDb
LYJsBc8AnRz9PqrchdlrWSonVBgsHg0VZml+
=sm88
-END PGP PUBLIC KEY BLOCK-
--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba


Re: [Samba] Enabling account lockouts

2004-07-16 Thread Jeremy Allison
On Wed, Jul 14, 2004 at 08:41:19AM -0400, Dunn, Drew A. wrote:
> I'm running Samba 3.0.4 (using a tdb backend) as the PDC for several windows
> 2000 clients.  I would like to enable an account lockout policy.  I set the
> number of bad password attempts using pdbedit by issuing,
> 
> # pdbedit -P "bad lockout attempt" -C 3
> 
> and recieved confirmation that this was correct.  I then tried to enable
> locking by issuing
> 
> # pdbedit -u username -c "[L]"
> 
> However pdbedit -Lv does not show any change to the account flags.  I have
> been able to set other flags like "Password does not expire", "account
> disabled", etc.  When setting these I receive confirmation that the flag has
> been set but go not receive any confirmation when trying to set the lockout.
> 
> Any suggestions?  Is there something else I need to turn on for this to
> work?

No, this is a bug in that pdbedit when printing out a user account
info checks the current time and turns off/on the locked out flag L
based on if the account has timed out. pdbedit shouldn't be doing
that when printing an account - only when modifying. I'll fix it.

Thanks for the report.

Jeremy.
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba


[Samba] samba over a vpn

2004-07-16 Thread Greg Andrews


Howdy All,

Sorry about the last posting. My machine sent the mail in mid keystroke
for some reason.
This may not be the correct list for this sort of question, so please
excuse me if it is not quite right.

I have three sites ( going to become four shortly ) which are connect via
dlink equipment to create a vpn

main site  192.168.0.1/255.255.255.0 with the gateway at .0.6 and the
samba server at .0.5
site1  192.168.1.0/255.255.255.0 with gateway 1.6
site3  192.168.2.0/255.255.255.0 with gateway 2.6

Now the question is can I get windows 9x and xp boxes on the 1.x and 2.x
network to login to the samba box at 0.5. If so how ??
The three sites "see" each other quite nicely ( can ping any machine on
the 0.0 network from either of the other networks ) with 30-40ms access
time.
Will samba work in this scenario ??

Any and all help appreciated

Greg Andrews




-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba


Re: [Samba] Ascii mode in smbclient?

2004-07-16 Thread Andrew Bartlett
On Sat, 2004-07-17 at 05:36, William Beilstein wrote:
> I know that the smbclient only supports binary transfers. Is there any way
> to use samba that will perform the equivalent of the ASCII mode in FTP. In
> other words, change CR/LF to LF in Dos -> Unix transfers and to change LF to
> CR?LF in Unix to Dos transfers?
> 
> My site is only using samba to transfer between Windows and Unix machines.
> And while I know that I could use âunix2dosâ and âdos2unixâ for the
> transfer, it would be nice if the transfer took care of it.
> 
> This would seem to be a natural. Modify smbclient to understand the âBINARYâ
> and âASCIIâ commands and transfer accordingly.

No.  That would then make us have to assume the type of the server
(which we don't know, and can't negotiate) and risk data corruption.  


Andrew Bartlett


signature.asc
Description: This is a digitally signed message part
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] samba and vpn connections

2004-07-16 Thread Greg Andrews
Howdy All,

This may not be the correct list for this sort of question, so please
excuse me if it is not quite right.

I have three sites ( going to become four shortly ) which are connect via
dlink equipment to create a vpn

main site  192.168.0.1/255.255.255.0 with the gateway at .6 and the
samba server at .5
site1
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba


[Samba] User Level Security and PDC

2004-07-16 Thread James Kreuziger
So, I have this Samba PDC setup, and it's gotten to
the point where a good number of my Win2K and WinXP
boxes refuse to acknowledge that the PDC exists.
If I logon to the Win boxes on a local account, and
go to the run dialog and type \\mymachine, it prompts
me for a username and password.  I can then see my shares.
If I logoff the local account and try and logon to
the domain, I get "Domain MYDOMAIN is unavailable".

So why would I have user level access available through
a local account and not access to my domain through
my PDC?

Below is the relevant portions of the [global] section
of my smb.conf

-Jim

*
Jim Kreuziger
[EMAIL PROTECTED]
*
[global]
workgroup = MYDOMAIN
preexec = csh -c `echo /usr/local/samba/bin/smbclient \
-M %m -I %I` &
server string = Samba %v on (%L)
security = user
domain logons = yes
encrypt passwords = Yes
password level = 3
log level = 3
log file = /samba/current/var/log.smbd.%m
max log size = 2000
wins support = Yes
name resolve order = lmhosts wins hosts bcast
dns proxy = yes
deadtime = 0
keepalive = 3600
client code page = 437
domain master = yes
preferred master = yes
local master = yes
os level = 255
guest account = samba
invalid users = daemon bin sys lp smtp uucp nuucp listen dcs consult dumper 
nobody
veto oplock files = /*.mdb/*.dbm/*.doc/*.xls
socket options = TCP_NODELAY IPTOS_LOWDELAY
getwd cache = yes
logon script = %U.bat
logon path = \\mymachine\profile\%U
utmp = True
username map = /samba/current/lib/usermap.txt
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba


Re: [Samba] Can't build 3.0.4 under QNX 6.1.0

2004-07-16 Thread Andrew Bartlett
On Sat, 2004-07-17 at 01:01, Mackenzie Alan-G25604 wrote:
> I've been trying to build Samba 3.0.4 on QNX 6.1.0.
> 
> 1. I downloaded the source tarball "samba-latest.tar.gz" from a mirror 
> site.  The downloading was done on an MS-Windows system.  The tarball was 
> transferred to the QNX box by loading into Emacs on MS-Windows with "M-x 
> find-file-literally" then saving it with Emacs's ftp facility: "C-x C-w 
> /[EMAIL PROTECTED]:/" [where ww.xx.yy.zz. is the IP address of 
> the QNX machine].
> 
> 2. I logged on as root in the QNX machine.
> 
> 3. I unpacked it into a sensible directory with "gunzip" and "tar -xf
> samba-latest.tar".  [tar reported that two files couldn't be unpacked 
> because their names were too long: 
> ../docs/htmldocs/guide/.ProtocolStats.png and TraceStats.png, but 
> this is probably (hopefully?) unimportant.]
> 
> 4. From ./samba-3.0.4/source I did
>   # ./configure | tee configure-messages.txt
> and this seemed to work OK.
> 
> 5. # make 2> make-stderr.txt | tee make-stdout.txt
> This produced this error message:
> gawk: script/mkproto.awk:14: fatal: cannot open file 
> `cnrpc_client/cli_lsarpc.cnrpc_client/cli_samr.cnrpc_client/cli_netlogon.cnrpc_client/...
>   [middle of very long error message line snipped]
> /srv_spoolss_nt.cnrpc_server/srv_echo.cnrpc_server/srv_echo_nt.cnsam/idmap.cnsam/idmap_util.cnsam/idmap_tdb.cnlibsmb/spnego.cnlibsmb/passchange.c'
>  for reading (Filename too long)

Sounds like something isn't quite standard with QNX (causing the
concatenation).  You could, as a workaround, run 'make proto' on a linux
box, and ship the proto.h across.

If you figure out why it's happening, then please file a bug (with patch
if possible)

Andrew Bartlett


signature.asc
Description: This is a digitally signed message part
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Samba performance/stability issue...

2004-07-16 Thread Jeremy Allison
On Thu, Jul 15, 2004 at 09:01:05PM -0400, Marcello Melfi wrote:
> Hi Jeremy,
> 
> I have added the parameters
> 
>   case sensitive = yes
>   preserve case = no
>   short preserve case = no
>   default case = lower
> 
> to the smb.conf file and everything seems ok now, as far as performance
> goes.
> 
> However, the created files on the share are still in uppercase... I though
> that these settings were to stop the lookup and, as a consequence of the
> default case setting, to have all newly created files in lower case. Any
> idea?

I can't reproduce this with the latest Samba svn code so I'm assuming it's
fixed.

Jeremy
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba


Re: [Samba] hosting library (ie. PVCS) on Samba

2004-07-16 Thread webster
OK; this appears to be working fine w/ ext3 .
Thanks for the suggestion.

Now, I just have to select & learn how to optimize another filesystem.
I guess it will be either XFS or ext3 ...


Gx




Jeremy Allison <[EMAIL PROTECTED]>
07/14/04 08:10 PM
Please respond to Jeremy Allison

 
To: [EMAIL PROTECTED]
cc: Jeremy Allison <[EMAIL PROTECTED]>, [EMAIL PROTECTED]
Subject:Re: [Samba] hosting library (ie. PVCS) on Samba

On Wed, Jul 14, 2004 at 04:43:40PM -0400, [EMAIL PROTECTED] wrote:
> Thanks for the reply.
>
> Indeed, the smbd process is unkillable via kill -9 .
> Also, all Samba clients are out-to-lunch at this point.
>
> Here are the last few lines from strace(the file is named 'afile'):
> stat64("afile", {st_mode=S_IFREG|0664, st_size=320, ...}) = 0
> getxattr("afile", "user.DOSATTRIB", 0xbfffb220, 256) = 4
> getxattr("afile", "user.DOSATTRIB", 0xbfffb220, 256) = 4
> stat64("afile", {st_mode=S_IFREG|0664, st_size=320, ...}) = 0
> getxattr("afile", "system.posix_acl_access", 0xbfffaff0, 132) = -1 
ENODATA
> (No data available)
> stat64("afile", {st_mode=S_IFREG|0664, st_size=320, ...}) = 0
> getxattr("afile", "user.DOSATTRIB", 0xbfffb070, 256) = 4
> setxattr("afile", "user.DOSATTRIB", 0xbfffb1c0, 4,
>
> The owner of the file can flip the 'read-only' bit on & off all day.
> But, when another user tries it(on or off), I get the aforementioned
> 'hang.'
>
> SuSE 9.1 uses reiserfs by default, with EAs & ACLs enabled.
> That is what I'm using.

Looks like a kernel bug with reiserfs and EA's. Can you test
with another EA supporting filesystem and see if the same
problem occurs ?

Jeremy.


-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba


[Samba] Solution! -> Re: Does "Admin Users =" accept groups?

2004-07-16 Thread Michael Lueck
While smb.conf will accept a space delimited list of user ID's for admin users, 
/etc/group needs a coma delimited list of users. @groupname is now working properly 
for admin users = in smb.conf.
--
Michael Lueck
Lueck Data Systems
Remove the upper case letters NOSPAM to contact me directly.
--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba


Re: [Samba] NTBackup and samba-3.0.4

2004-07-16 Thread Jeremy Allison
On Wed, Jul 14, 2004 at 11:29:58AM -0300, Bruno Gimenes Pereti wrote:
> Hi,
> 
> I have a Win2000 in my network running ntbackup daily to backup data from
> some servers including my Samba-3.0.4 (updated from 2.2.8a last month) with
> the homedir of my users. Today I needed to restore one file from the tape
> and there was no files from the samba server. Ntbackup can't access the
> shares in samba anymore.

This is fixed in 3.0.5rc1 - I'd suggest trying that !

Jeremy.
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba


Re: [Samba] Samba+LDAP - so close yet so far :) ...STILL NOT SOLVED

2004-07-16 Thread abebe lsslp
Hey Craig, 
Here is what's happening. I've got nothing, but
headache from looking at log level 10, but finally I
finished going over it. For those of you who have not
been following, check
http://150.208.105.24/smbldap-pdc.html

> 
> > smbd/process.c:timeout_processing(1332)
> >   timeout_processing: End of file from client
> (client
> > has disconnected).
> 
> You are attempting to join WinXP to domain, are
> asked for the
> name/password/domain of a user who has sufficient
> privileges to add a
> machine to the domain and it fails to finish? The
> machine is indeed
> added to LDAP - that's all I can figure out from
> your email.
> 
> First off - my understanding is that Machine
> accounts should still be
> located in the People subtree and not in the
> Computers subtree because
> subsequent searches will not locate it there. If
> this has been fixed,
> I'm sure someone will correct me.
>

I have tried it your way as well. 

# 1
Changeed the Entry in '/etc/ldap.conf' to 

nss_base_passwd ou=People,dc=wbcoll,dc=edu?one
nss_base_shadow ou=People,dc=wbcoll,dc=edu?one
nss_base_group  ou=Groups,dc=wbcoll,dc=edu?one

#2
changed the entry in '/etc/samba/smb.conf' file, I
changed 

ldap machine suffix = ou=People

#3
and finally, the entry in
'/etc/smbldap-tools/smbldap.conf'

# Ex: computersdn="ou=Computers,dc=IDEALX,dc=ORG"
computersdn="ou=People,dc=wbcoll,dc=edu"

However, I am sure the "ou =Computers" entry works. A
lot of documentations, including idealx.org would have
corrected their documentations if it wasn't so.  

> Secondly - ldap log?

I couldn't find any hint that leads me to believe the
ldap doesn't work, but you might see something I
don't.  you will find the whole 'slapd.log' file here:
http://150.208.105.24/smbldap-pdc/. (there are also
log files for the xp machine. ('winxp.log.html' is log
level 10 and 'winxp_log.html' is log level 3). Log
level 10 doesn't really tell me anything log level 3
doesn't.

Ambex



__
Do you Yahoo!?
Yahoo! Mail Address AutoComplete - You start. We finish.
http://promotions.yahoo.com/new_mail 
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba


[Samba] The next Logical Check for SWAT

2004-07-16 Thread Robert Robinson
Samba is working

SWAT is loaded and listening on port 901

I have reconfirmed the syntax of the services file

I have reconfirmed the syntax of the SWAT file in xinet.d

When I go to localhost:901 nothing happens.  It just sits there.

WHat is the next logical check in my attempt to get SWAT working?

BTW: It works fine if I use Webmin




--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba


Re: [Samba] RE: Can I get the GPL source for the Samba version used in the Gu ardian OS?

2004-07-16 Thread Jeremy Allison
On Fri, Jul 16, 2004 at 12:05:23PM -0700, Tom Dickson wrote:
> 
> I fully understand! :) I just really want to be able to make the world
> permissions of "---" mean that the everyone group gets hidden, instead of
> showing up with no rights, which confuses people.
> 
> Samba is cool!

Thanks. I thought that was the case, I have your earlier message in
my inbox. I haven't worked on it yet, so when you get the SNAP code
you will see what they did.

Jeremy
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba


[Samba] Ascii mode in smbclient?

2004-07-16 Thread William Beilstein
I know that the smbclient only supports binary transfers. Is there any way
to use samba that will perform the equivalent of the ASCII mode in FTP. In
other words, change CR/LF to LF in Dos -> Unix transfers and to change LF to
CR?LF in Unix to Dos transfers?

My site is only using samba to transfer between Windows and Unix machines.
And while I know that I could use “unix2dos” and “dos2unix” for the
transfer, it would be nice if the transfer took care of it.

This would seem to be a natural. Modify smbclient to understand the “BINARY”
and “ASCII” commands and transfer accordingly.
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba


Re: [Samba] RE: Can I get the GPL source for the Samba version used in the Gu ardian OS?

2004-07-16 Thread Tom Dickson
> On Fri, Jul 16, 2004 at 11:07:00AM -0700, Tom Dickson wrote:
>> Then you are in violation of section 3 of the GPL as printed at
>> http://oss.snapappliance.com/license.html
>>
>> Samba is licensed under the GPL, and the version in SNAP is modified.
>> I'd
>> like the modifications.
>>
>> The modifications available at oss.snapappliance.com are old.
>>
>> -Tom
>>
>> > Hi Tom,
>> >
>> > I am terribly sorry but this is Confidential information that cannot
>> be
>> > distributed outside of Snap appliances.
>> >
>> > Thanks,
>> >
>> > Rodney
>
> In the words of the hitch hikers guide to the galaxy...
> Don't panic :-).
>
> Rodney is incorrect - SNAP do make source available. Marc Kaplan
> who is an engineer at SNAP is a member of the Samba Team, so
> we will get this sorted out without upset :-).
>
> Give them a short break, they just got bought by Adaptec (which
> I think is really cool btw and should mean more resources for
> Samba !) so they may be a little slower to respond than you'd
> like, but you will definately get the source code.
>
> Jeremy.

I fully understand! :) I just really want to be able to make the world
permissions of "---" mean that the everyone group gets hidden, instead of
showing up with no rights, which confuses people.

Samba is cool!

-Tom

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba


Re: [Samba] RE: Can I get the GPL source for the Samba version used in the Gu ardian OS?

2004-07-16 Thread Jeremy Allison
On Fri, Jul 16, 2004 at 11:07:00AM -0700, Tom Dickson wrote:
> Then you are in violation of section 3 of the GPL as printed at
> http://oss.snapappliance.com/license.html
> 
> Samba is licensed under the GPL, and the version in SNAP is modified. I'd
> like the modifications.
> 
> The modifications available at oss.snapappliance.com are old.
> 
> -Tom
> 
> > Hi Tom,
> >
> > I am terribly sorry but this is Confidential information that cannot be
> > distributed outside of Snap appliances.
> >
> > Thanks,
> >
> > Rodney

In the words of the hitch hikers guide to the galaxy...
Don't panic :-).

Rodney is incorrect - SNAP do make source available. Marc Kaplan
who is an engineer at SNAP is a member of the Samba Team, so
we will get this sorted out without upset :-).

Give them a short break, they just got bought by Adaptec (which
I think is really cool btw and should mean more resources for
Samba !) so they may be a little slower to respond than you'd
like, but you will definately get the source code.

Jeremy.
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba


[Samba] RE: Can I get the GPL source for the Samba version used in the Gu ardian OS?

2004-07-16 Thread Tom Dickson
Then you are in violation of section 3 of the GPL as printed at
http://oss.snapappliance.com/license.html

Samba is licensed under the GPL, and the version in SNAP is modified. I'd
like the modifications.

The modifications available at oss.snapappliance.com are old.

-Tom

> Hi Tom,
>
> I am terribly sorry but this is Confidential information that cannot be
> distributed outside of Snap appliances.
>
> Thanks,
>
> Rodney
>
> -Original Message-
> From: Support, Snap
> Sent: Thursday, July 15, 2004 2:46 PM
> To: Support, Snap
> Subject: Can I get the GPL source for the Samba version used in the
> Guardian OS?
>
>
> Form Submission: Contact Support
> 
>
> - First Name:
> Tom
>
>
>
>
> - Last Name:
> Dickson
>
>
>
>
> - Title:
>
>
>
>
>
> - Company Name:
>
>
>
>
>
> - Address 1:
> 2757 Chaffee St
>
>
>
>
> - Address 2:
>
>
>
>
>
> - City:
> National City
>
>
>
>
> - State:
> CA
>
>
>
>
> - Zip/Postal Code:
> 91950
>
>
>
>
> - Country:
> United States
>
>
>
>
> - Location:
> Americas
>
>
>
>
> - Phone:
> 858-726-1846
>
>
>
>
> - Email:
> [EMAIL PROTECTED]
>
>
>
>
> - Product Model:
> Snap Server 4500
>
>
>
>
> - Snap Server OS Version:
> GuardianOS 3.0.099
>
>
>
>
> - Serial Number:
> 411138
>
>
>
>
> - Network Operating System Environment:
> Windows
>
>
>
>
> - Client Workstation Types:
> Windows
>
>
>
>
> - Detailed description of your problem (include error messages,
> symptoms, etc.):
> Can I get the GPL source for the Samba version used in the Guardian OS?
>
> Thank you.
>
>
>
>
>


-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba


[Samba] corrupt tdb problems

2004-07-16 Thread Greg Dickie

Hi,

I'm seeing this in log.winbind

[2004/07/16 13:26:57, 0] tdb/tdbutil.c:tdb_log(725)
  tdb(/var/lib/samba/winbindd_idmap.tdb): rec_free_read bad magic
0x42424242 at offset=25528
[2004/07/16 13:26:57, 1]
nsswitch/winbindd_user.c:winbindd_fill_pwent(50)
  error getting user id for sid
S-1-5-21-2216088991-3827457959-3939315012-1283
[2004/07/16 13:26:57, 0] tdb/tdbutil.c:tdb_log(725)
  tdb(/var/lib/samba/winbindd_idmap.tdb): rec_free_read bad magic
0x42424242 at offset=25528
[2004/07/16 13:26:57, 0] nsswitch/winbindd_acct.c:wb_storepwnam(467)
  wb_storepwnam: Failed to store
"testing:x:2422:99:testing:/home/%D/%U:/bin/false"

and I'm assuming this is due to a corrupt tdb so I stopped samba and ran
tdbbackup and I get this:

# tdbbackup *.tdb
failed to copy winbindd_idmap.tdb

Does this mean it cannot be repaired? Have I lost all my SID->UID
mappings and if so why would this happen?


THanks alot,
Greg


-- 
Greg Dickie
just a guy
Maximum Throughput

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba


[Samba] Interaction between "wins support = yes" and "os level = 65"

2004-07-16 Thread AndyLiebman
I'm a little unclear about something. I want my Linux box to be the Local 
Browse Master -- so that the machine that's "on" all the time is the one that 
other computers look to. 

Is it correct that I want in my Global Settings: 

wins support = yes
os level = 65  (or some higher number)

And should my Windows XP workstations have the Linux box as the Wins Server? 
Or should I leave the Wins Server out of it? 

Thanks in advance for the help. 

Andy Liebman
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba


[Samba] Why do windows users see "(Samba 3.0) MyNetBiosName"?

2004-07-16 Thread AndyLiebman
Can anybody tell me why most, but not ALL, Windows XP users on my network see 
my Linux server listed in the network browser as: 

"(Samba 3.0) MyNetBiosName"

instead of just

"MyNetBiosName"? 

And why, over the course of the day, the computers that see the extra "(Samba 
3.0)" sometimes don't see it? 

What is the Global Settings listing that controls how the Linux server is 
named in user's browsers? 

Andy Liebman
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba


[Samba] Re: roaming and local profiles on same domain

2004-07-16 Thread Jim C.
First, there may be an account flagg for this, I don't know.  You should 
investigate this. Aside from that...

A simple way to do this might be to create the users profile directory 
and then deny the user access by changeing perms/ownership.  The local 
system would then respond with "Can't find a roaming profile, using a 
local one". My users, for example, have access to 
/var/lib/samba/profiles/[username].  I create the user profile 
directories using a short script.  I have to do this because I provide 
*no* access to the root folder of the profiles share, i.e. 
/var/lib/samba/profiles is:

drwxr-xr-x  4 root root 4096 Jul 10 12:08 profiles/
instead of something like:
drwxrwxr-x  4 root Domain Users 4096 Jul 10 12:08 profiles/
Here is an example of the script:
[profiles]
comment = Profile Share
path = /var/lib/samba/profiles
.
.
.
root preexec = PROFILE=/var/lib/samba/profiles/%u; if [ ! -e $PROFILE ]; \
then mkdir -pm700 $PROFILE; chown "%u"."%g" $PROFILE; fi
It is possible I could modify the script so that if %g (the users group) 
is "Local Profile" then do not create the profile etc. etc.

OK, that is one angle but here is another.
From my smb.conf:
#Below is for Windows XP Pro, NT, 2K Pro
#Cooresponds to userProfile in /etc/samba/smbldap_conf.pm
#which sets sambaProfilePath in the user account.
logon path = \\%L\profiles\%U
#Below is for Windows 95 style clients.
#Cooresponds to userSmbHome in /etc/samba/smbldap_conf.pm
#which sets sambaHomePath in the user account.
logon home = \\%L\%U\profiles
Now I beleive the settings in the user account are supposed to override 
the defaults in smb.conf *but* if the user account settings are invalid 
or blank, then the defaults in smb.conf will be used.  If this is the 
case, then you should be able to set everyone to the correct settings 
explicitly by using smbldap-tools and then comment out the defaults in 
smb.conf *or* set those defaults in smb.conf to something that is 
invalid like \\dev\null.  This way, if the user's settings are blank or 
invalid samba should default to something in the smb.conf that also 
doesn't exist which, in turn,  should result in "Can't find a roaming 
profile, using a local one".

Yet another angle:
Now remember that my users have no access to the root folder of the 
profiles share.  This means that \\SERVERNETBIOSNAME\profiles is a 
*valid* resource to which *no one* has write access.  So I might be able 
to get the results you desire by setting the individual user accounts to 
sambaProfilePath=\\SERVERNETBIOSNAME\profiles instead of 
sambaProfilePath=\\SERVERNETBIOSNAME\profiles\[username].

smbldap-useradd -a -m -F SERVERNETBIOSNAME\profiles newusername
Of course I *may* have to remove read access to the profiles directory 
for "other", I'm not sure.

In other words change
drwxr-xr-x  4 root root 4096 Jul 10 12:08 profiles/
to
drwxr-x--x  4 root root 4096 Jul 10 12:08 profiles/

Jim C.
Richard Hall wrote:
I have samba 3 configured and running fine as a PDC with LDAP as the 
back end user database.   I have most users using roaming profiles but 
there are a few I would like to be able to only have local profiles.   
Is it possible to configure samba to use both types of  profile rather 
than one or the other.   I have the profile path set on each user 
account in LDAP as the field  "sambaProfilePath" and I have tried 
removing the "logon path" directive from the smb.conf file.   If I 
remove the sambaProfilePath entry from a user record then their profile 
still gets saved to the profile directory under what I assume is the 
default "logon path" setting.   If I set   "logon path =" with no value 
on the right of = then this breaks all the roaming profiles and it seems 
How does this stand up to testparm?  Does the system consider it an 
error?  I think you should probably either set it to something or 
comment it out.

to ignore the "sambaProfilePath" set on the individual accounts.   I 
gather there is a reg setting that I can use on each windows machine to 
tell it to ignore roaming profiles, but I would like to do it on a per 
user rather than per machine basis. 
Does anyone know of a way round this?

Thanks
Rich

--
-
| I can be reached on the following Instant Messenger services: |
|---|
| MSN: [EMAIL PROTECTED]  AIM: WyteLi0n  ICQ: 123291844 |
|---|
| Y!: j_c_llings   Jabber: [EMAIL PROTECTED]|
-
--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba


[Samba] A question about environmental variables and samba

2004-07-16 Thread William Beilstein
I am new to samba and I have a question.

I have the following command file I am passing to the Samba client (Version
2.0.7).
=
#!/bin/ksh
#set -xv

# Variable one represents the name of the resulting command file
# Variable 2 is the name of the source file spooled to adhoc by the sql
script.
# Variable 3 is the name of the file, as it will be called on the staged
directory

 echo "cd DSRP" > $ORACLE_HOME/adhoc/$1
 echo "cd Database" >> $ORACLE_HOME/adhoc/$1
 echo "cd Active" >> $ORACLE_HOME/adhoc/$1
 echo "get $2 $GERS_HOME/datafiles/$3" >> $ORACLE_HOME/adhoc/$1

/usr/local/samba/bin/smbclient //rfdata/OPS -Uxxx% <
$ORACLE_HOME/adhoc/$1
=

rm $ORACLE_HOME/adhoc/$1


My problem is that the client doesn't expand out the environmental variable
$GERS_HOME, it treats it like a literal string and attempts to save the file
in the

'$GERS_HOME/datafiles' directory (which doesn't exist) instead of the
'/gers/test/datafiles' directory. The script is run by a number of different
instances so that I can't hard code a path in the script.

Does samba not understand ENV Vars, or is there a special syntax to use
them.

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba


[Samba] Re: Does "Admin Users =" accept groups?

2004-07-16 Thread Jim C.
I'll second this request for info.  I've not had any success with 
setting an admin user for the profiles share unless that person were a 
member of the Domain Admins group.

Jim C.
man smb.conf does not specifically say admin users supports @groupname 
syntax. Google turns up lots of examples of it being used, but everyone 
hanging their smb.conf's up to air does not mean they are 100% accurate 
either.

Here, Samba 3.0.4 in PDC mode, I can not get it to accept the name of a 
group in /etc/group, user ID's only.

--
-
| I can be reached on the following Instant Messenger services: |
|---|
| MSN: [EMAIL PROTECTED]  AIM: WyteLi0n  ICQ: 123291844 |
|---|
| Y!: j_c_llings   Jabber: [EMAIL PROTECTED]|
-
--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba


[Samba] Upgrade Preparation

2004-07-16 Thread Norman Zhang
Hi,
I currently have samba-2.2.8 as members servers in my NT 4.0 domain. I 
will be upgrading my NT 4.0 server to Windows 2003 + Exchange 2003. Will 
samba-2.2.8 still work as member server after upgrade. I think Windows 
2003 requires AD by default.

Regards,
Norman
--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba


Re: [Samba] Samba+LDAP - so close yet so far :)

2004-07-16 Thread abebe lsslp
Hey Paul,
Thanks for checking out my work! I hope you will find
more errors in my set up (soon to be a mini how to
http://150.208.105.24/smbldap-pdc.html) Your
suggestions were helpful.
> 
> 1. You have configured in smbldap tools the machine
> account container as 
> ou=Users, but in smb.conf you have it in
> ou=Computers.  These should 
> match, and also match your user container per bug
> #674  and #987.

The 'ou' is actually set in both 'smbldap.conf' and
'smb.conf' as ou=Computers. (You must have read the
commented (#) line in 'smbldap.conf' file. I forgot to
take it out after testing it according to Craig's
advice about me not being able to use 'ou=Computers'. 
 

> 2. You don't have the full configuration for the
> smbldap tools scripts.  
> There are parameters with quotes around them that
> aren't in there, you 
> should have something like this:
> 
> add user script = /usr/sbin/smbldap-useradd -a -m
> "%u"
> delete user script = /usr/sbin/smbldap-userdel "%u"

YOU ARE RIGHT about this one! I modified it as it is
on   http://samba.idealx.org. Unfortunatly, it is
doing the same thing :(

Ambex 

PS: Craig, I am working on the log level 10 for samba
and log level 256 for ldap. I will get back with you
as soon as I get done :)




__
Do you Yahoo!?
Yahoo! Mail - Helps protect you from nasty viruses.
http://promotions.yahoo.com/new_mail
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba


[Samba] Can't build 3.0.4 under QNX 6.1.0

2004-07-16 Thread Mackenzie Alan-G25604
I've been trying to build Samba 3.0.4 on QNX 6.1.0.

1. I downloaded the source tarball "samba-latest.tar.gz" from a mirror 
site.  The downloading was done on an MS-Windows system.  The tarball was 
transferred to the QNX box by loading into Emacs on MS-Windows with "M-x 
find-file-literally" then saving it with Emacs's ftp facility: "C-x C-w 
/[EMAIL PROTECTED]:/" [where ww.xx.yy.zz. is the IP address of 
the QNX machine].

2. I logged on as root in the QNX machine.

3. I unpacked it into a sensible directory with "gunzip" and "tar -xf
samba-latest.tar".  [tar reported that two files couldn't be unpacked 
because their names were too long: 
../docs/htmldocs/guide/.ProtocolStats.png and TraceStats.png, but 
this is probably (hopefully?) unimportant.]

4. From ./samba-3.0.4/source I did
  # ./configure | tee configure-messages.txt
and this seemed to work OK.

5. # make 2> make-stderr.txt | tee make-stdout.txt
This produced this error message:
gawk: script/mkproto.awk:14: fatal: cannot open file 
`cnrpc_client/cli_lsarpc.cnrpc_client/cli_samr.cnrpc_client/cli_netlogon.cnrpc_client/...
  [middle of very long error message line snipped]
/srv_spoolss_nt.cnrpc_server/srv_echo.cnrpc_server/srv_echo_nt.cnsam/idmap.cnsam/idmap_util.cnsam/idmap_tdb.cnlibsmb/spnego.cnlibsmb/passchange.c'
 for reading (Filename too long)

The entire output on stdout was:
Using FLAGS =  -O -I./popt -Iinclude -I/home/AM/samba-3.0.4/source/include 
-I/home/AM/samba-3.0.4/source/ubiqx -I/home/AM/samba-3.0.4/source/smbwrapper  -I.  
-I/home/AM/samba-3.0.4/source
  LIBS = -lsocket
  LDSHFLAGS = -shared 
  LDFLAGS = 
Generating smbd/build_options.c
Building include/proto.h
creating /home/AM/samba-3.0.4/source/include/proto.h
Building include/wrepld_proto.h
creating /home/AM/samba-3.0.4/source/include/wrepld_proto.h
Building include/build_env.h
creating /home/AM/samba-3.0.4/source/nsswitch/winbindd_proto.h
creating /home/AM/samba-3.0.4/source/web/swat_proto.h
creating /home/AM/samba-3.0.4/source/client/client_proto.h
creating /home/AM/samba-3.0.4/source/utils/net_proto.h
creating /home/AM/samba-3.0.4/source/utils/ntlm_auth_proto.h
Compiling dynconfig.c

5. Curiously, "make -n > make-n.txt" [make -n means "run make reporting
actions to be done without actually doing them.] (produces a decent 
looking output, starting thus:

echo "Using FLAGS =  -O -I./popt -Iinclude -I/home/AM/samba-3.0.4/source/include 
-I/home/AM/samba-3.0.4/source/ubiqx -I/home/AM/samba-3.0.4/source/smbwrapper  -I.  
-I/home/AM/samba-3.0.4/source"
echo "  LIBS = -lsocket"
echo "  LDSHFLAGS = -shared "
echo "  LDFLAGS = "
echo Compiling dynconfig.c
gcc  -O -I./popt -Iinclude -I/home/AM/samba-3.0.4/source/include 
-I/home/AM/samba-3.0.4/source/ubiqx -I/home/AM/samba-3.0.4/source/smbwrapper  -I.  
-I/home/AM/samba-3.0.4/source -DCONFIGFILE=\"/usr/local/samba/lib/smb.conf\"  
-DSBINDIR=\"/usr/local/samba/sbin\" -DBINDIR=\"/usr/local/samba/bin\" 
-DDRIVERFILE=\"\"  -DLMHOSTSFILE=\"/usr/local/samba/lib/lmhosts\"  
-DSWATDIR=\"/usr/local/samba/swat\"  -DLOCKDIR=\"/usr/local/samba/var/locks\" 
-DPIDDIR=\"/usr/local/samba/var/locks\" -DLIBDIR=\"/usr/local/samba/lib\" 
-DLOGFILEBASE=\"/usr/local/samba/var\" -DSHLIBEXT=\"so\" 
-DCONFIGDIR=\"/usr/local/samba/lib\" 
-DSMB_PASSWD_FILE=\"/usr/local/samba/private/smbpasswd\" 
-DPRIVATE_DIR=\"/usr/local/samba/private\" -c dynconfig.c -o dynconfig.o 
if (: >> param/loadparm.o || : > param/loadparm.o) >/dev/null 2>&1; then rm -f 
param/loadparm.o; else \
 dir=`echo param/loadparm.o | sed 's,/[^/]*$,,;s,^$,.,'` || exec false; if test -d 
"$dir"; then :; else echo mkdir "$dir"; mkdir -p "$dir" >/dev/null 2>&1 || test -d 
"$dir" || mkdir "$dir" || exec false; fi || exec false; fi
echo Compiling param/loadparm.c


I'd greatly appreciate help getting the build scripts working on my 
system.

Thanks in advance!

-- 
Alan Mackenzie
Motorola, Munich (Germany)
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba


Re: [Samba] Building samba 3 with iPlanet DS5

2004-07-16 Thread Adam Tauno WIlliams
> I believe you need to build it against the openldap libraries, but then 
> you can point it against any LDAP server you wish once it's built.  Of 
> course I haven't tried that, but it seems to be the consensus I've found.

Yes.

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba


Re: [Samba] Building samba 3 with iPlanet DS5

2004-07-16 Thread Paul Gienger
J. A. Landamore wrote:
We run Sun/iPlanet DS5 for our LDAP service.  Has anyone built Samba3.0.4 on 
SPARC using DS5 rather than OpenLDAP?  Running ./configure gives

configure: WARNING: ldap.h: present but cannot be compiled
configure: WARNING: ldap.h: check for missing prerequisite headers?
and also
configure: WARNING: libldap is needed for LDAP support
whilst libldap.so is there in /usr/lib
Any hints?
 

I believe you need to build it against the openldap libraries, but then 
you can point it against any LDAP server you wish once it's built.  Of 
course I haven't tried that, but it seems to be the consensus I've found.

--
Paul Gienger Office:701-281-1884
Applied Engineering Inc. Cell:  701-306-6254
Information Systems Consultant   Fax:   701-281-1322
URL: www.ae-solutions.commailto:[EMAIL PROTECTED]
--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba


[Samba] Building samba 3 with iPlanet DS5

2004-07-16 Thread J. A. Landamore
We run Sun/iPlanet DS5 for our LDAP service.  Has anyone built Samba3.0.4 on 
SPARC using DS5 rather than OpenLDAP?  Running ./configure gives

configure: WARNING: ldap.h: present but cannot be compiled
configure: WARNING: ldap.h: check for missing prerequisite headers?

and also

configure: WARNING: libldap is needed for LDAP support

whilst libldap.so is there in /usr/lib

Any hints?

Thanks

John Landamore

School of Mathematics & Computer Science
University of Leicester
University Road, LEICESTER, LE1 7RH
[EMAIL PROTECTED]
Phone: +44 (0)116 2523410   Fax: +44 (0)116 2523604

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba


[Samba] Re: FW: SAMBA+ACL+XFS

2004-07-16 Thread John H Terpstra
Paul,

Your samba does have ACLs support built-in. Please check that your system has 
the ACLs support libraries. Since you are using kernel 2.4.x you need to have 
the bestbits acls support libraries installed on your machine. Check the 
documentation for XFS to see how to mount the XFS file system so it has ACLs 
support.

You should manually be able to set POSIX ACLs using the setfacls utility. 
Check the following resource for more info on XFS and ACLs:
http://oss.sgi.com/projects/xfs/faq.html#usexfs

If you still have a problem after you have ACLs working in the UNIX file 
system, you can set the debug level to 10 and then examine the log files 
created by smbd to find the source of the problem.

- John T.


On Thursday 15 July 2004 23:26, you wrote:
> John hello!
> Excuse me, I stik again.
> Tell please, that it is possible to try.
> I'll be very grateful.
>
> Paul.
>
> -Original Message-
> From: ÐÐÐ Ð
> Sent: Wednesday, July 14, 2004 9:09 AM
> To: '[EMAIL PROTECTED]'
> Subject: RE: SAMBA+ACL+XFS
>
>
> John many thanks for the answer, request return:
>  HAVE_SYS_ACL_H
>  HAVE_POSIX_ACLS
>
> -Original Message-
> From: John H Terpstra [mailto:[EMAIL PROTECTED]
> Sent: Tuesday, July 13, 2004 11:34 PM
> To: ÐÐÐ Ð
> Subject: Re: SAMBA+ACL+XFS
>
>
> Paul,
>
> Please send the output of running:
>
>   smbd -B | grep ACL
>
> - John T.
>
> On Tuesday 13 July 2004 09:03, you wrote:
> > John good afternoon!
> >
> > Excuse for anxiety, consultation is very necessary on option for
> > SAMBA+ACL+XFS.
> >
> > It is installed RedHat9 with kernel 2.4.20-20.9. XFS1.3.1 with support
> > XFS.
> >
> > And Samba 3.0.4-1, made rpm from source codes --with-acl-suport.
> >
> > XFS works normally, rights (installed with command setfacl) on
> > directory with domain groups (the domain winnt 4.0) function.
> >
> > In smb.conf the following records:
> >
> > acl compatibility = Auto
> >
> > nt acl support = Yes
> >
> > map acl inherit =Yes
> >
> > But at change of the rights in a dialogue window, writes Access
> > Denied.
> >
> > Help to understand please or tell to whom it is possible to address
> > for the help.
> >
> > It is thankful in advance.
> >
> > Paul.

-- 
John H Terpstra
Samba-Team Member
Phone: +1 (650) 580-8668

Author:
The Official Samba-3 HOWTO & Reference Guide, ISBN: 0131453556
Samba-3 by Example, ISBN: 0131472216
Hardening Linux, ISBN: 0072254971
OpenLDAP by Example, ISBN: 0131488732
Other books in production.
--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba


[Samba] Re: Profiles

2004-07-16 Thread Kang Sun
In the smb.conf there should be a session called [profiles], it specifies
the paht=/var/samba/profiles/%U or something similar and I read somewhere
the mode to that directory has to be 1777.

Hope this helps.

-- Kang

"B.Rumsey" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]
> Hi all,
> I have just installed Suse 9.1 and samba 3.02a. I have set samba up as a
PDC.
> I am able to log into  it but windows complains about not being able  to
find
> the profile. I have created the dir /var/lib/samba/profiles/ and the users
> folders.
>
> 1: Where  can I find the windows default profile?
> 2: Can this be edited (default win profile )?
>
> Thanks in advance
>
> Barry
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  http://lists.samba.org/mailman/listinfo/samba
>



-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba


[Samba] Re: New to Samba

2004-07-16 Thread Michael Lueck
Greetings to the land of OS/3! (GNU Linux)
A lot depends on what you want Samba to do for you. If you want it to be a Domain Controller as WarpServer was, or if you just want peer to peer networking where each boxes serves and uses. There are 
a lot of good docs at samba.org, there are man pages right on your box (the Linux answer to view) so you could do something like "man smb.conf" to learn about the config file that way... baybe a bit 
dry so do the samba.org route first. As well, there are three good books out on Samba 3, two by John Terpstra and one by Rod Smith.

The more you play with it, the more it will make sense.
--
Michael Lueck
Lueck Data Systems
Remove the upper case letters NOSPAM to contact me directly.
--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba


Re: [Samba] Samba+LDAP - so close yet so far :)

2004-07-16 Thread Paul Gienger

PSS: You will find my configuration files from this
how to doc I started: http://150.208.105.24/smbldap-pdc.html
 

I took a look at what you have and there are a couple of issues.
1. You have configured in smbldap tools the machine account container as 
ou=Users, but in smb.conf you have it in ou=Computers.  These should 
match, and also match your user container per bug #674  and #987.
2. You don't have the full configuration for the smbldap tools scripts.  
There are parameters with quotes around them that aren't in there, you 
should have something like this:

add user script = /usr/sbin/smbldap-useradd -a -m "%u"
delete user script = /usr/sbin/smbldap-userdel "%u"
add group script = /usr/sbin/smbldap-groupadd "%g"
delete group script = /usr/sbin/smbldap-groupdel "%g"
add user to group script = /usr/sbin/smbldap-groupmod -m "%u" "%g"
delete user from group script = /usr/sbin/smbldap-groupmod -x "%u" "%g"
set primary group script = /usr/sbin/smbldap-usermod -g "%g" "%u"
add machine script = /usr/sbin/smbldap-useradd -w "%u"
of course, make sure that your paths line up, this is from my standard 
'sample for mailing to the list' configuration so it's generic.

--
Paul Gienger Office:701-281-1884
Applied Engineering Inc. Cell:  701-306-
Information Systems Consultant   Fax:   701-281-1322
URL: www.ae-solutions.commailto:[EMAIL PROTECTED]
--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba


[Samba] Winbind problem

2004-07-16 Thread Chris
Posted: Thu Jul 15, 2004 11:34 amPost subject: Samba/winbind and ADS 
problem 
I almost have this.

I have read the docs, I have read this, I have purchased both books from the 
samba team, and I cannot find any help from any of these.

We are trying to migrate from OLDDOMAIN (an NT4 Domain) to NEWDOMAIN (our 
Win2k3 Domain). I have a two way trust right now between the domains. I have 
everything configured as per the docs as far as smb.conf, krb5.conf and 
nsswitch. I do:
Code:
# wbinfo -t
checking the trust secret via RPC calls succeeded

so everything looks good there, but the weird thing is when I do this:
Code:
# wbinfo -g
or
# wbinfo -u


I get a list of all the users and groups from OLDDOMAIN, and none of the 
groups from NEWDOMAIN! Same thing is true when I use getent. Which makes 
about zero sense to me... I had absolutely no error output when joining the 
ADS Domain (NEWDOMAIN), from wbinfo, kinit, sbmclient or smbmount.

So, I went to the log file:
Quote:
[2004/07/15 11:55:39, 1] nsswitch/winbindd.c:main(843)
winbindd version 3.0.4 started.
Copyright The Samba Team 2000-2004
[2004/07/15 11:55:39, 1] nsswitch/winbindd_util.c:add_trusted_domain(180)
Added domain NEWDOMAIN NEWDOMAIN.INT S-0-0
[2004/07/15 11:55:43, 1] nsswitch/winbindd_ads.c:ads_cached_connection(81)
ads_connect for domain NEWDOMAIN failed: No such file or directory
[2004/07/15 11:55:44, 1] nsswitch/winbindd_util.c:add_trusted_domain(180)
Added domain OLDDOMAIN S-1-5-21-1898674339-994652211-837300805
[2004/07/15 11:55:44, 1] nsswitch/winbindd_util.c:add_trusted_domain(180)
Added domain BUILTIN S-1-5-32
[2004/07/15 11:55:44, 1] nsswitch/winbindd_util.c:add_trusted_domain(180)
Added domain CASPER S-1-5-21-789378082-241503064-2986860805
[2004/07/15 12:04:59, 1] nsswitch/winbindd_ads.c:ads_cached_connection(81)
ads_connect for domain NEWDOMAIN failed: No such file or directory


I have been trying this since samba 3.0.0, and I still have problems. I am now 
using 3.0.4.

my smb.conf:

Code:

# Global parameters
[global]
netbios name = JOE
socket options = TCP_NODELAY SO_RCVBUF=16384 SO_SNDBUF=16384
dns proxy = no
realm = NEWDOMAIN.INT
workgroup = NEWDOMAIN
netbios aliases = JOE
server string = JOE server
security = ADS
wins proxy = no
map to guest = Bad User
password server = stan.newdomain.int
name resolve order = lmhosts wins bcast
time server = Yes
os level = 0
preferred master = No
local master = No
domain master = No
wins server = 208.226.104.3
hosts allow = 127.0.0.1, 208.226.104.
oplocks = No
follow symlinks = No
printing = cups
printcap name = cups
load printers = yes
idmap uid = 1-2
winbind enum users = yes
winbind gid = 1-2
winbind enum groups = yes
winbind separator = +
os level = 20

[images]
valid users = chrisd,kristynp,administrator
public = no
path = /images
writable = yes
write list = kristynp,chrisd,administrator
admin users = kristynp,chrisd,administrator
force user = root


my krb5.conf:
Code:
[libdefaults]
   default_realm = NEWDOMAIN.INT

   [realms]
   NEWDOMAIN.INT = {
 kdc = stan.naic.int
   }

   [domain_realms]
 .newdomain.int = NEWDOMAIN.INT


my nsswitch.conf:
Code:

# /etc/nsswitch.conf:
# $Header: /home/cvsroot/gentoo-src/rc-scripts/etc/nsswitch.conf,v 1.4 
2002/11/18 19:39:22 azarah Exp $

passwd:  compat winbind
shadow:  compat
group:   compat winbind

# passwd:db files nis
# shadow:db files nis
# group: db files nis

hosts:   files dns
networks:files dns

services:db files
protocols:   db files
rpc: db files
ethers:  db files
netmasks:files
netgroup:files
bootparams:  files

automount:   files
aliases: files


I am at my wit's end here... I would really appreciate any help.

Thank you!

chris
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba


[Samba] Email eller vedhæftet fil blokeret

2004-07-16 Thread Emailgateway
Email eller vedhæftet fil afsendt fra din adresse (eller med din adresse som afsender) 
er blevet afvist fra Allerød Kommune.

Spam og virus bliver typisk sendt under dække af andre afsendere og den blokerede 
email behøver derfor ikke oprinde direkte fra dig. (Husk dog altid at have et 
opdateret antivirusprogram på din computer.)
Du kan evt. scanne din computer med det gratis' værktøj "Stinger" fra McAfee som 
findes på adressen:
http://vil.nai.com/vil/stinger
Du finder en engelsk vejledning på siden!


Hvis din email eller fil derimord er blokeret ved en fejl, kan du kontakte vores 
Helpdesk på tlf. 70 26 30 48, som så vil hjælpe til med at få din email igennem til 
kommunen.

NB! Denne email kan ikke besvares !

Informationerne fra den oprindelige email er som følger:
From: [EMAIL PROTECTED]
To: [EMAIL PROTECTED]

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba


[Samba] Virus gefunden!

2004-07-16 Thread Husel Martin
Dateianlage :   yours.pif
Virusname   :   W32/[EMAIL PROTECTED]
Ausgeführte Aktion  :   Gelöscht...


--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba


[Samba] New to Samba

2004-07-16 Thread OS/2User
Hi All,
For many years I have had an OS/2 box peer to peer Netbois over TCP/IP 
connecting to either stand alone WIN98 or Dual boot with OS/2.

Now I've moved the laptops over to Linux. I installed Linspire which is 
supposed to support Samba. Being new to Samba I have no idea what to to 
put in the .conf file - on Linspire there's 5 of these files. All I have 
changed is the workgroup name.

Everywhere I read it's abot installing the server side - not much on 
Linux being just a client. Or the other main topic Micosoft accessing a 
samba server.

What I need is setting up amba as a Client Only any one prepared to give 
me a helping hand - help much appreciated!

Regards,
David
--
Web site: https://www.gbenet.com 100 + links to OS/2 Sites + News IBM 
Business Partner - Mozilla/5.0 (OS/2; U; Warp 4; en-US; rv:1.3) 
Gecko/20030313 IBM OS/2 Warp 4.5 - FX Firewall Professional. This email 
and any files transmitted with it are confidential and intended solely 
for the use of the individual or entity to whom they are addressed. If 
you have received this email in error please notify [EMAIL PROTECTED] or 
tel 07960 108665 Thank you.  Fight Spam! Join EuroCAUCE: 
http://www.euro.cauce.org/

--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba


[Samba] Moving domain from one samba box to another

2004-07-16 Thread James Murray
I have searched for the answer but have only found others asking...

I have been running Samba successfully for ten years now, with approx 50
clients hanging off a Solaris box running Samba 2.2.6. The mixed network of
95/98/2000/XP machines were logging into the Samba domain fine and roaming
profiles were functional. We do not have any Windows server machines on
this site.

I decided to upgrade the Solaris machine and bought a Dell machine running
Redhat Linux ES 3.0. This is now running Samba 3.0.2

I have migrated the file serving to the new machine but I am stumped on how
to cleanly move the domain serving and all of the roamed profiles.

In a period of downtime I tried disabling the old server and setting the
new one as the PDC but when I tried to login from an XP client it reported
"cannot find the domain" I had copied the smbpasswd across with the machine
trust accounts.
Dis-joining and re-joining the domain allowed me to then login but I had
lost my profile.

>From the information I have gleaned it would appear that one route might be:
-take copy of smbpassed
-reset all user passwords (about 50) to known value
-login to one machine as all user accounts in turn (to save roaming profile)
-disjoin from domain
-swap PDC function between servers
-rejoin new domain
-login to machine as all user accounts in turn (to create blank profile)
(-edit user registry to change profile location)?
-login in Administrator and copy all user profiles onto new server
-for each client PC disjoin and rejoin domain
-restore all user passwords

While this seems possible it is a good day's work - hopefully I have missed
something obvious.

suggestions welcomed

James Murray
Stokes Forgings Ltd
01922 704800 / 01384 342550


-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba


Re: [Samba] Make Samba 3.0.4 PDC server as Windows update server

2004-07-16 Thread rruegner
Hi ,
you can make any win2k, winxp prof workstation make a
sus server , you only have to fix a few parameters ( lines )in the 
downloaded
sus package vom ms ( the line which check the install to the version
of windows cause normaly you can only install it on server versions )
Then you install iis ( ms-webserver ) from your win cd (included on 
win2k, winxp),
install the modified package , setup the sus server ( language, download 
rotation time ) download your updates , aprove them.
Make a ntconfig.pol in your netlogon at smb pdc, and
configure daily internal check to the ip of the sus server.
You can also outroll a tool forcesus.exe and start it
with psexec on every domain computer to force the sus update anytime.
The only problem is the win sus station has to be up the whole time. ( 
or at last the update time )
A duron/celeron 800 or so with 128MB  Ram will do the job nicly.
There are a few other possiblities ( some with linux via wget and so on 
 ), but this is i found the best way.
YOu will found all information about that at
http://www.susserver.com/ in the forums.
It is no hard job to do and works 100 %
Regards Robert

cep welly schrieb:
hi, guys... I'm a noobie around here and first come first ask  ;-)
well, I have successfully made my linux box ( debian sid kernel 2.426 ) 
as a PDC
( I can connect my winxp box to this pdc --> that's what i mean success 
)
I'm using Samba 3.0.4. I wonder if I can make my pdc to be a windows 
update server.
As we know, updating windows always goes through the internet, which in my
consideration is not good internet bandwidth management ( assume if there's
a hundred or even thousand windows clients in a network ... )
So, if one machine can provide that need, it would be a great improvement.
I've heard about SUS which can provide this, but since it need a windows 
server
I guess I should ignore that ( I'd experienced a bad time when one of 
our server
being compromised several months ago --- that's why I turn to Linux 
platform )
Maybe providing a script to execute the update files is not enough, 
since users
have to involved to the installation, answering some questions, etc which
might be boring them ( in case there'll not just only one update ). And 
there will
be a chance where users will give a wrong answer.
Updating windows without asking anything, after user log in just : go 
copying files,
changin' registry, etc ( restart after the whole process defenetely 
can't be avoided,
isn't it ?  :D )
Or I just to much to hope .

cheers,
--me--
--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba


[Samba] Re: [BUG] iconv detection in 3.0.5rc1

2004-07-16 Thread James Peach
On Sun, Jul 11, 2004 at 01:33:39PM -0400, Jason Mader wrote:
> I've found that the inner loop for iconv detection in a lib32 
> subdirectory of the LOOK_DIR path doesn't work right.  Here are the 
> problems I've noticed,
> 
> 1) configure only tested lib32 on the first directory, /usr, this is 
> because ICONV_FOUND was set to "yes" on the try of /usr/local/lib and 
> never reset (if it should be) to "no" because all the conversion tests 
> were failures.  I've found that by moving,
>   ICONV_FOUND="no"
> inside the for loop,
>   for i in $LOOK_DIRS ; do
> 
> permits configure to actually find the good installation of libiconv on 
> my system under /opt/lib32.
> 
> 2) I've also noticed that on the second iteration of that loop to try 
> the lib32 directory that LDFLAGS is set to "-L/usr/lib -L/usr/lib32" 
> when it should probably only be "-L/usr/lib32".  This is probably a 
> sign that other variables are not being restored to their saved values.

Hi Jason,

The patch at
http://marc.theaimsgroup.com/?l=samba-technical&m=108293814431661&w=2
still applies to the 3.0.5 configure.in. IIRC this was ok for your
environment when you tested it previously.

-- 
James Peach | [EMAIL PROTECTED] | SGI Australian Software Group
I don't speak for SGI.
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba


[Samba] AutoNotify: Re: Document

2004-07-16 Thread Surfcontrol
Message [167_0922ino9f72.pro] triggered rule [Executables] at 09:22:25 16/07/2004

This message has an attachment that may contain malicious content.
The message has been blocked.

Sender: [EMAIL PROTECTED]
Recipient(s): [EMAIL PROTECTED]
Subject: Re: Document

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba


RE: [Samba] Make Samba 3.0.4 PDC server as Windows update server

2004-07-16 Thread Mark Lidstone
Hi,

Microsoft provide the software to do it on a Windows server, it's called
SUS (System Update Services or something similar).

It's basically a certain layout of files and things on a web server.

I'm sure someone could do it but it's not really part of what Samba is
about (SMB/CIFS).

I hope this helps,

Mark Lidstone
IT and Network Support Administrator

BMT SeaTech Ltd
Grove House, Meridians Cross, 7 Ocean Way
Ocean Village, Southampton.  SO14 3TJ. UK
Tel: +44 (0)23 8063 5122 
Fax: +44 (0)23 8063 5144

E-Mail:  mailto:[EMAIL PROTECTED]
Website: www.bmtseatech.co.uk

==
Confidentiality Notice and Disclaimer: 
The contents of this e-mail and any attachments are intended only for
the
use of the e-mail addressee(s) shown. If you are not that person, or one
of those persons, you are not allowed to take any action based upon it
or
to copy it, forward, distribute or disclose the contents of it and you
should please delete it from your system. BMT SeaTech Limited does not
accept liability for any errors or omissions in the context of this
e-mail
or its attachments which arise as a result of Internet transmission, nor
accept liability for statements which are those of the author and not
clearly made on behalf of BMT SeaTech Limited.

==
  

-Original Message-
From: cep welly [mailto:[EMAIL PROTECTED] 
Sent: 16 July 2004 09:19
To: Samba
Subject: [Samba] Make Samba 3.0.4 PDC server as Windows update server


hi, guys... I'm a noobie around here and first come first ask  ;-)
well, I have successfully made my linux box ( debian sid kernel 2.426 ) 
as a PDC
( I can connect my winxp box to this pdc --> that's what i mean success 
)
I'm using Samba 3.0.4. I wonder if I can make my pdc to be a windows 
update server.
As we know, updating windows always goes through the internet, which in
my consideration is not good internet bandwidth management ( assume if
there's a hundred or even thousand windows clients in a network ... )
So, if one machine can provide that need, it would be a great
improvement. I've heard about SUS which can provide this, but since it
need a windows 
server
I guess I should ignore that ( I'd experienced a bad time when one of 
our server
being compromised several months ago --- that's why I turn to Linux 
platform )
Maybe providing a script to execute the update files is not enough, 
since users
have to involved to the installation, answering some questions, etc
which might be boring them ( in case there'll not just only one update
). And 
there will
be a chance where users will give a wrong answer.
Updating windows without asking anything, after user log in just : go 
copying files,
changin' registry, etc ( restart after the whole process defenetely 
can't be avoided,
isn't it ?  :D )
Or I just to much to hope .

cheers,

--me--

-- 
-BEGIN PGP PUBLIC KEY BLOCK-
Version: GnuPG v1.2.4 (GNU/Linux)

mQGiBEDato0RBADHD8bKvVCTORppg/pot1Zuyx4Joz/IC34aZlLkG7/JNEVemqiB
jSVgnwxa9UNs9Chz9CT6vqzw1pgPXDAb1rD91kbupatgaFUlNEwAW/v2eH8LQEYz
3NicbaysYeeJLBOYlwtmbZWrV8KKoSNrHWxZRjfl4a7TGggllou6+sAQTwCg/2Q2
lLLdPjuaXGiRHqpHFuFWVT8D/Rfzi89GrGWwharBmqNlq3WNJJSK4NdZUy6yFrfY
mqaytOBUq6wWoM9OdvAciS4R1qVK2GItV2xIX9N47zeEXspsANF3PyH6PSdXBYfO
CDL6jdkL1JS/E+QQcOsqbwkJOa3IpSuJPuE0IuYj9G2pEUNFR9/QiNVq2ysqUK8I
V/8VBACmL758SPyrMSwA2sPGiRbSndr0Bc6XW/YPwvJNQsU+zzX+qtAP4K3oEX7R
z1OD6LfkJAvrCLswNJbyIlrsFSo/NxlsqnWgKU4K4qsntvMA2UiyAUCOONCn+7Uo
V8UVK/3ZKRAlnTM6YdxEWe1c09pP3k4kxGdii5E3cJu6a1a4jbYxZGViaWFu
IChKVVNUIFNJR05BVFVSRSkgPGRlYl9taWxpc3RAeWFob28uY29tLnNnPohbBBMR
AgAbBQJA2raNBgsJCAcDAgMVAgMDFgIBAh4BAheAAAoJEP6KKTciHvMpKQgAoLl1
8lYWPDqcTtRwNyPBA5UhlbHIAKDAjaZYyTgyYU2xtacqPDqsMzf/N4hJBBMRAgAJ
BQJA5AJfAgcAAAoJEAiiw5gMTBnLYAUAoKeNbaExa+6oJIz9WWYgsVUO8KW9AJ4m
oP4njy83Cl7bnbacBW7o9doj6rkBDQRA2raQEAQAqzfMQUbVLt/iFTDFcI3XSO26
v2BYQAvHdRkMGo8AFrffJCbEFfTlyCrTbhIHKB0D6Z8+lEqdsjJlwleNWDWTu3gY
hOvUeGqCiNmPRGeYjM5VatsUNMQLS6qGVbpaiHXZ75e6Vco3MjMEKN1KQDn3QdtW
JcW32LPA5XqrEbInV1MAAwYD/idygDdnBgOUNEfN+JVFr3OUuVBTxky6VZ08mYbj
VmE/tFDh+H9o0GdHAMrvXbITFau6BR3ykNXtVPRMlT+g1pCe91RovR+WwfLItFnC
eB6lfiu4tsdPWeBWPKbdQO7zb1Wj6U/yo5JcjNjQjBHpxuoTpicYYgKiFIIhHzIG
kt9MiEYEGBECAAYFAkDatpAACgkQ/oopNyIe8ykmwgCfZLcfyNlAVIpfhyhjJPDb
LYJsBc8AnRz9PqrchdlrWSonVBgsHg0VZml+
=sm88
-END PGP PUBLIC KEY BLOCK-

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba
--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba


[Samba] Make Samba 3.0.4 PDC server as Windows update server

2004-07-16 Thread cep welly
hi, guys... I'm a noobie around here and first come first ask  ;-)
well, I have successfully made my linux box ( debian sid kernel 2.426 ) 
as a PDC
( I can connect my winxp box to this pdc --> that's what i mean success 
)
I'm using Samba 3.0.4. I wonder if I can make my pdc to be a windows 
update server.
As we know, updating windows always goes through the internet, which in my
consideration is not good internet bandwidth management ( assume if there's
a hundred or even thousand windows clients in a network ... )
So, if one machine can provide that need, it would be a great improvement.
I've heard about SUS which can provide this, but since it need a windows 
server
I guess I should ignore that ( I'd experienced a bad time when one of 
our server
being compromised several months ago --- that's why I turn to Linux 
platform )
Maybe providing a script to execute the update files is not enough, 
since users
have to involved to the installation, answering some questions, etc which
might be boring them ( in case there'll not just only one update ). And 
there will
be a chance where users will give a wrong answer.
Updating windows without asking anything, after user log in just : go 
copying files,
changin' registry, etc ( restart after the whole process defenetely 
can't be avoided,
isn't it ?  :D )
Or I just to much to hope .

cheers,
--me--
--
-BEGIN PGP PUBLIC KEY BLOCK-
Version: GnuPG v1.2.4 (GNU/Linux)
mQGiBEDato0RBADHD8bKvVCTORppg/pot1Zuyx4Joz/IC34aZlLkG7/JNEVemqiB
jSVgnwxa9UNs9Chz9CT6vqzw1pgPXDAb1rD91kbupatgaFUlNEwAW/v2eH8LQEYz
3NicbaysYeeJLBOYlwtmbZWrV8KKoSNrHWxZRjfl4a7TGggllou6+sAQTwCg/2Q2
lLLdPjuaXGiRHqpHFuFWVT8D/Rfzi89GrGWwharBmqNlq3WNJJSK4NdZUy6yFrfY
mqaytOBUq6wWoM9OdvAciS4R1qVK2GItV2xIX9N47zeEXspsANF3PyH6PSdXBYfO
CDL6jdkL1JS/E+QQcOsqbwkJOa3IpSuJPuE0IuYj9G2pEUNFR9/QiNVq2ysqUK8I
V/8VBACmL758SPyrMSwA2sPGiRbSndr0Bc6XW/YPwvJNQsU+zzX+qtAP4K3oEX7R
z1OD6LfkJAvrCLswNJbyIlrsFSo/NxlsqnWgKU4K4qsntvMA2UiyAUCOONCn+7Uo
V8UVK/3ZKRAlnTM6YdxEWe1c09pP3k4kxGdii5E3cJu6a1a4jbYxZGViaWFu
IChKVVNUIFNJR05BVFVSRSkgPGRlYl9taWxpc3RAeWFob28uY29tLnNnPohbBBMR
AgAbBQJA2raNBgsJCAcDAgMVAgMDFgIBAh4BAheAAAoJEP6KKTciHvMpKQgAoLl1
8lYWPDqcTtRwNyPBA5UhlbHIAKDAjaZYyTgyYU2xtacqPDqsMzf/N4hJBBMRAgAJ
BQJA5AJfAgcAAAoJEAiiw5gMTBnLYAUAoKeNbaExa+6oJIz9WWYgsVUO8KW9AJ4m
oP4njy83Cl7bnbacBW7o9doj6rkBDQRA2raQEAQAqzfMQUbVLt/iFTDFcI3XSO26
v2BYQAvHdRkMGo8AFrffJCbEFfTlyCrTbhIHKB0D6Z8+lEqdsjJlwleNWDWTu3gY
hOvUeGqCiNmPRGeYjM5VatsUNMQLS6qGVbpaiHXZ75e6Vco3MjMEKN1KQDn3QdtW
JcW32LPA5XqrEbInV1MAAwYD/idygDdnBgOUNEfN+JVFr3OUuVBTxky6VZ08mYbj
VmE/tFDh+H9o0GdHAMrvXbITFau6BR3ykNXtVPRMlT+g1pCe91RovR+WwfLItFnC
eB6lfiu4tsdPWeBWPKbdQO7zb1Wj6U/yo5JcjNjQjBHpxuoTpicYYgKiFIIhHzIG
kt9MiEYEGBECAAYFAkDatpAACgkQ/oopNyIe8ykmwgCfZLcfyNlAVIpfhyhjJPDb
LYJsBc8AnRz9PqrchdlrWSonVBgsHg0VZml+
=sm88
-END PGP PUBLIC KEY BLOCK-
--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba


RE: [Samba] Canot mount samba drive

2004-07-16 Thread Mark Lidstone
Hi,

This sounds like it could be a routing issue rather than a Samba issue.
What happens if you try "ping 11.22.33.44"?  How are the two machines
connected?  What are their IP setups (IP, Subnet mask, default gateway)?

Many thanks,

Mark Lidstone
IT and Network Support Administrator

BMT SeaTech Ltd
Grove House, Meridians Cross, 7 Ocean Way
Ocean Village, Southampton.  SO14 3TJ. UK
Tel: +44 (0)23 8063 5122 
Fax: +44 (0)23 8063 5144

E-Mail:  mailto:[EMAIL PROTECTED]
Website: www.bmtseatech.co.uk

==
Confidentiality Notice and Disclaimer: 
The contents of this e-mail and any attachments are intended only for
the
use of the e-mail addressee(s) shown. If you are not that person, or one
of those persons, you are not allowed to take any action based upon it
or
to copy it, forward, distribute or disclose the contents of it and you
should please delete it from your system. BMT SeaTech Limited does not
accept liability for any errors or omissions in the context of this
e-mail
or its attachments which arise as a result of Internet transmission, nor
accept liability for statements which are those of the author and not
clearly made on behalf of BMT SeaTech Limited.

==
  

-Original Message-
From: Test @ TD [mailto:[EMAIL PROTECTED] 
Sent: 16 July 2004 04:53
To: [EMAIL PROTECTED]
Subject: [Samba] Canot mount samba drive


Hi all

When i try to mount samba drive t am prompt for a pasword and nothing
happend and i have to kill the process [EMAIL PROTECTED] root]# mount -t
smbfs -o username=sam, //11.22.33.44/homes /root/smb/



but when i connect using the private server ip i am prompt for a
password and the drive is mounted in less that 1 second [EMAIL PROTECTED]
root]# mount -t smbfs -o username=sam, //192.168.2.8/homes /root/smb/


Thanks in advance
Samuel Denis D'Ortun


my /etc/samba/smb.comf file :
[global]
  log file = /var/log/samba/smbd.log
  dns proxy = no
  netbios name = ddrcom01
  load printers = yes
  server string = Samba Server
  socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
  workgroup = DDRCOM
  os level = 20
  domain master = yes
  printcap name = /etc/printcap
  security = user
  max log size = 50
  wins support = true
  domain logons = yes

[homes]
 comment = Home Directories
 browseable = no
 writable = yes
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba
--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba


[Samba] Samba Read Only

2004-07-16 Thread zaidi




i used samba 3.0.2 on RedHat 9 ( my Server )
my client using JAMD ( kernel 2.4 ) oke no problem, to mount share file we
using LinNeighborhood
and another my client using LormaLinux ( kernel 2.6.7 ), can mount the
share file, but went i open
file ( using open openoffice ) that file just read only



any solutions




regard's


zaidi

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba