[Samba] Samba & Multiple Subnets
Hi, I have installed Samba 3.0.5 pre1 as PDC and two domain member servers with winbind which is catering to two subnets containing only windows 9x clients. The PDC and the member servers are in the same subnet i.e. 192.168.1.0/24, and the other subnet 192.168.2.0/24 is seperated by a linux router, now how can I make the windows 9x clients to domain logon from the second subnet (192.168.2.0/24) which only contains windows 9x clients. Please suggest me some solution. Thanks, Honey -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] How to access Windows machine from Linux using Samba.
I have few questions 1. I installed samba on my Linux box. When I invoke any Samba tool e.g. smbclient or findsmb error is reported "unable to open configuration file smb.conf run testparm to debug it". I ran testparm but could not solve the problem. 2. I have a Windows machine which I want to access from the linux machine. I Samba is there to help in this problem ? How should I achieve this using Samba. I checked the documentation available on samba.org but found it too much away from my problem. Thanks in Advance. ..Ba -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Re: Samba 3.0.4 Performance Problem (tcp win 1)
On Mon, 19 Jul 2004 14:09:34 -0500, Chris Richards <[EMAIL PROTECTED]> wrote: > Howdy. I have observed a horrific performance problem in my setup. > I'm running samba on a Linux Fedora Core 1 machine with Windows > clients. The samba server is communicating with a Windows 98 machine. Cycling both the samba server and the interface does not correct the problem. However, doing this I can double my transfer rates as the window size is now 2 instead of 1. No clue, huh? /ds -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Re: Re: Samba/LDAP/PDC Questions
OK, I just figured out how to do it. My NT4 workstation is called "king". Use 'smbldap-useradd -w king' to add the posixAccount: king$. Then use 'smbpasswd -a -m king' to add the samba account. You will have # smbldap-usershow king$ dn: uid=king$,ou=Computers,dc=sunix,dc=com objectClass: top,inetOrgPerson,posixAccount,sambaSamAccount cn: king$ sn: king$ uid: king$ uidNumber: 1025 gidNumber: 515 homeDirectory: /dev/null loginShell: /bin/false description: Computer sambaSID: S-1-5-21-1242048156-3479289135-3828126537-3050 sambaPrimaryGroupSID: S-1-5-21-1242048156-3479289135-3828126537-2031 displayName: king$ sambaPwdCanChange: 1090385089 sambaPwdMustChange: 2147483647 sambaLMPassword: FE250117FB90641FAAD3B435B51404EE sambaNTPassword: 0FBD58B776542B3CB589E0D8F686A3A7 sambaPwdLastSet: 1090385089 sambaAcctFlags: [W ] Then loginto NT4 and change its identification from workgroup to domain, without creating new account. Thanks anyway! == "Kang Sun" <[EMAIL PROTECTED]> wrote in message news:[EMAIL PROTECTED] > Hello Paul, > > Thank you for the help. Now I am back to my original question: I cannot add > NT4 machine to the samba domain! > > I tried to use the "Identification changes" from NT4 system to sign into the > domain, it said "The machine account for this computer does not exist or is > anaccessible. > > The log file said: > > [2004/07/20 21:46:47, 0] passdb/pdb_ldap.c:ldapsam_update_sam_account(1512) > > ldapsam_update_sam_account: failed to modify user with uid = king$, error: > modify/delete: sambaPrimaryGroupSID: no such value (Success) > > [2004/07/20 21:46:49, 0] passdb/pdb_ldap.c:ldapsam_delete_entry(271) > > ldapsam_delete_entry: Entry must exist exactly once! > > > > I tried 'smbldap-useradd -w King$'. It does not seem to add the > SambaSID. > > # smbldap-useradd -w king$ > # smbldap-usershow king$ > dn: uid=king$,ou=Computers,dc=sunix,dc=com > objectClass: top,inetOrgPerson,posixAccount > cn: king$ > sn: king$ > uid: king$ > uidNumber: 1023 > gidNumber: 515 > homeDirectory: /dev/null > loginShell: /bin/false > description: Computer > > Forcing creating a Samba account with option -a give me an error: > # smbldap-useradd -a -w king$ > Can't call method "get_value" on an undefined value at > /usr/sbin/smbldap-useradd line 152, line 283. > > Using pdbedit also has problems: > # pdbedit -a -m -u king > ldapsam_add_sam_account: failed to modify/add user with uid = king$ (dn = > uid=king$,ou=Computers,dc=sunix,dc=com) > Unable to add machine! (does it already exist?) > > I started to think the add machine script must be wrong or something. > > -- Kang > > > > > -- > To unsubscribe from this list go to the following URL and read the > instructions: http://lists.samba.org/mailman/listinfo/samba > -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Re: Problem with Authnication from NT
OK, I just figured out how to do it. My NT4 workstation is called "king". Use 'smbldap-useradd -w king' to add the posixAccount: king$. Then use 'smbpasswd -a -m king' to add the samba account. You will have # smbldap-usershow king$ dn: uid=king$,ou=Computers,dc=sunix,dc=com objectClass: top,inetOrgPerson,posixAccount,sambaSamAccount cn: king$ sn: king$ uid: king$ uidNumber: 1025 gidNumber: 515 homeDirectory: /dev/null loginShell: /bin/false description: Computer sambaSID: S-1-5-21-1242048156-3479289135-3828126537-3050 sambaPrimaryGroupSID: S-1-5-21-1242048156-3479289135-3828126537-2031 displayName: king$ sambaPwdCanChange: 1090385089 sambaPwdMustChange: 2147483647 sambaLMPassword: FE250117FB90641FAAD3B435B51404EE sambaNTPassword: 0FBD58B776542B3CB589E0D8F686A3A7 sambaPwdLastSet: 1090385089 sambaAcctFlags: [W ] Then loginto NT4 and change its identification from workgroup to domain, without creating new account. Hope this works for you guys, too! --- Kang "Kang Sun" <[EMAIL PROTECTED]> wrote in message news:[EMAIL PROTECTED] > I have the same problem. > > The log file said: > # [2004/07/20 21:46:47, 0] > passdb/pdb_ldap.c:ldapsam_update_sam_account(1512) > > # ldapsam_update_sam_account: failed to modify user with uid = king$, error: > modify/delete: sambaPrimaryGroupSID: no such value (Success) > > # [2004/07/20 21:46:49, 0] passdb/pdb_ldap.c:ldapsam_delete_entry(271) > > # ldapsam_delete_entry: Entry must exist exactly once! > > I tried 'smbldap-useradd -w King$'. It does not seem to add Add the > SambaSID. > > # smbldap-useradd -w king$ > # smbldap-usershow king$ > dn: uid=king$,ou=Computers,dc=sunix,dc=com > objectClass: top,inetOrgPerson,posixAccount > cn: king$ > sn: king$ > uid: king$ > uidNumber: 1023 > gidNumber: 515 > homeDirectory: /dev/null > loginShell: /bin/false > description: Computer > > Forcing creating a Samba account with option -a give me an error: > # smbldap-useradd -a -w king$ > Can't call method "get_value" on an undefined value at > /usr/sbin/smbldap-useradd line 152, line 283. > > Using pdbedit also has problems: > # pdbedit -a -m -u king > ldapsam_add_sam_account: failed to modify/add user with uid = king$ (dn = > uid=king$,ou=Computers,dc=sunix,dc=com) > Unable to add machine! (does it already exist?) > > I started to think the add machine script must be wrong or something. > > Please help somebody. > > -- Kang > > Hi Samba Guru's... > > I have a problem connecting from a windows NT workstation to Samba server. > It is working fine for Windows XP and Windows 2000. Samba not logging any > information about that Windows NT m/c. Here i am giving the smb.conf file. > Please try to help me to work it for Win NT also. > > Here is my Configuration file. > > Thanks in advance for any help. > # Global Parameters > > [global] > > netbios name = avengr03 > > workgroup = avengr03 > > map to guest = Bad User > > passwd program = /usr/bin/passwd %u > > passwd chat = *New*password* %n\n *Retype*new*password %n\n > *passwd:*all*authentication*tokens*updated*sucessfully* > > # Debug Logging Information > > > Log Level = 2 > > max log size = 1000 > > # log file = /var/log/samba/samba.log.%m > > socket options = TCP_NODELAY IPTOS_LOWDELAY > > wins support = yes > > # Networking configuration Options > > Hosts Allow = *.*.*.* > > [Proj1] > > comment = Proj1 directory > > path = /engr/proj1 > > read only = No > > valid users = @tec,pvasireddy,pbuenros,dan,dsteffen,scollins > > [Proj2] > > comment = Proj2 directory > > path = /engr/proj2 > > read only = No > > valid users = @tec,pvasireddy,pbuenros,dan,dsteffen,scollins > -- > To unsubscribe from this list go to the following URL and read the > instructions: http://lists.samba.org/mailman/listinfo/samba > > > > -- > To unsubscribe from this list go to the following URL and read the > instructions: http://lists.samba.org/mailman/listinfo/samba > -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Re: Re: Samba/LDAP/PDC Questions
Hello Paul, Thank you for the help. Now I am back to my original question: I cannot add NT4 machine to the samba domain! I tried to use the "Identification changes" from NT4 system to sign into the domain, it said "The machine account for this computer does not exist or is anaccessible. The log file said: [2004/07/20 21:46:47, 0] passdb/pdb_ldap.c:ldapsam_update_sam_account(1512) ldapsam_update_sam_account: failed to modify user with uid = king$, error: modify/delete: sambaPrimaryGroupSID: no such value (Success) [2004/07/20 21:46:49, 0] passdb/pdb_ldap.c:ldapsam_delete_entry(271) ldapsam_delete_entry: Entry must exist exactly once! I tried 'smbldap-useradd -w King$'. It does not seem to add the SambaSID. # smbldap-useradd -w king$ # smbldap-usershow king$ dn: uid=king$,ou=Computers,dc=sunix,dc=com objectClass: top,inetOrgPerson,posixAccount cn: king$ sn: king$ uid: king$ uidNumber: 1023 gidNumber: 515 homeDirectory: /dev/null loginShell: /bin/false description: Computer Forcing creating a Samba account with option -a give me an error: # smbldap-useradd -a -w king$ Can't call method "get_value" on an undefined value at /usr/sbin/smbldap-useradd line 152, line 283. Using pdbedit also has problems: # pdbedit -a -m -u king ldapsam_add_sam_account: failed to modify/add user with uid = king$ (dn = uid=king$,ou=Computers,dc=sunix,dc=com) Unable to add machine! (does it already exist?) I started to think the add machine script must be wrong or something. -- Kang -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Re: Problem with Authnication from NT
I have the same problem. The log file said: # [2004/07/20 21:46:47, 0] passdb/pdb_ldap.c:ldapsam_update_sam_account(1512) # ldapsam_update_sam_account: failed to modify user with uid = king$, error: modify/delete: sambaPrimaryGroupSID: no such value (Success) # [2004/07/20 21:46:49, 0] passdb/pdb_ldap.c:ldapsam_delete_entry(271) # ldapsam_delete_entry: Entry must exist exactly once! I tried 'smbldap-useradd -w King$'. It does not seem to add Add the SambaSID. # smbldap-useradd -w king$ # smbldap-usershow king$ dn: uid=king$,ou=Computers,dc=sunix,dc=com objectClass: top,inetOrgPerson,posixAccount cn: king$ sn: king$ uid: king$ uidNumber: 1023 gidNumber: 515 homeDirectory: /dev/null loginShell: /bin/false description: Computer Forcing creating a Samba account with option -a give me an error: # smbldap-useradd -a -w king$ Can't call method "get_value" on an undefined value at /usr/sbin/smbldap-useradd line 152, line 283. Using pdbedit also has problems: # pdbedit -a -m -u king ldapsam_add_sam_account: failed to modify/add user with uid = king$ (dn = uid=king$,ou=Computers,dc=sunix,dc=com) Unable to add machine! (does it already exist?) I started to think the add machine script must be wrong or something. Please help somebody. -- Kang Hi Samba Guru's... I have a problem connecting from a windows NT workstation to Samba server. It is working fine for Windows XP and Windows 2000. Samba not logging any information about that Windows NT m/c. Here i am giving the smb.conf file. Please try to help me to work it for Win NT also. Here is my Configuration file. Thanks in advance for any help. # Global Parameters [global] netbios name = avengr03 workgroup = avengr03 map to guest = Bad User passwd program = /usr/bin/passwd %u passwd chat = *New*password* %n\n *Retype*new*password %n\n *passwd:*all*authentication*tokens*updated*sucessfully* # Debug Logging Information Log Level = 2 max log size = 1000 # log file = /var/log/samba/samba.log.%m socket options = TCP_NODELAY IPTOS_LOWDELAY wins support = yes # Networking configuration Options Hosts Allow = *.*.*.* [Proj1] comment = Proj1 directory path = /engr/proj1 read only = No valid users = @tec,pvasireddy,pbuenros,dan,dsteffen,scollins [Proj2] comment = Proj2 directory path = /engr/proj2 read only = No valid users = @tec,pvasireddy,pbuenros,dan,dsteffen,scollins -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] FIXED: Chasing the "ads_add_machine_acct: Insufficient access" problem
Fix provided below. On Tue, 2004-07-20 at 18:06, Greg Folkert wrote: > Okay, the jist of this whole thing, I get this infamous (?) problem, I > have been trying to search though the archives of samba-general on gmane > and also in my archive of this list. I have only seen requests for the > magical answer. > > Environment: W2K/W2K3 mixed ADS going Native ADS only soon. Samba 3.0.4 > compiled from source on a RHEL AS30 machine. MIT Kerberos v1.3.4 also > compiled from source. > > Kernel == 2.4.21-15.0.2.ELhugemem #1 SMP Wed Jun 16 22:36:51 EDT 2004 > i686 athlon i386 GNU/Linux > > > Here is the problem in a nutshell: > > [EMAIL PROTECTED] root]# net ads join Computers -S mydc1.mynetwork.com > [2004/07/20 15:06:09, 0] libads/ldap.c:ads_join_realm(1336) > ads_add_machine_acct: Insufficient access > ads_join_realm: Insufficient access > > and the important pieces of smb.conf: > > [global] > workgroup = MYNETWORK > netbios name = ROAR > server string = Lotsa Room > security = ADS > realm = MYNETWORK.COM > auth methods = winbind > password server = mydc1.mynetwork.com > passwd program = /usr/bin/passwd %u > passwd chat = *Enter\snew\sUNIX\spassword:* %n\n > *Retype\snew\sUNIX\spassword:* %n\n . > lanman auth = No > ntlm auth = No > client NTLMv2 auth = Yes > client lanman auth = No > client plaintext auth = No > syslog = 0 > log file = /var/log/samba/log.%m > max log size = 1 > smb ports = 445 > disable netbios = Yes > max xmit = 65535 > name resolve order = host wins lmhosts bcast > #tried both spnego Yes and No same diff. > use spnego = Yes > # use spnego = No > server signing = auto > deadtime = 10080 > socket options = IPTOS_LOWDELAY TCP_NODELAY > logon path = > logon home = > os level = 49 > preferred master = No > local master = No > domain master = No > dns proxy = No > ldap ssl = no > idmap uid = 1-4 > idmap gid = 1-4 > winbind separator = + > winbind nested groups = Yes > winbind cache time = 20 > template homedir = /home/%D/%U > invalid users = root > ea support = Yes > hide special files = Yes > hide unreadable = Yes > > And here is my klist: > > [EMAIL PROTECTED] root]# klist > Ticket cache: FILE:/tmp/krb5cc_0 > Default principal: [EMAIL PROTECTED] > > Valid starting ExpiresService principal > 07/20/04 16:21:53 07/21/04 02:22:01 krbtgt/[EMAIL PROTECTED] > renew until 07/21/04 16:21:53 > > > Kerberos 4 ticket cache: /tmp/tkt0 > klist: You have no tickets cached > > Yes, [EMAIL PROTECTED] has rights to create users and machines in the > AD Tree in "Computers" > > So, now, given that this is an existing problem in v3.0.4, I have to > show the way I configured and compiled it. I also compiled MIT Kerberos > v1.3.4 the proper way (similar to this). Personally I like integrations. > > Here is the configure for samba v3.0.4: > > ./configure --program-prefix= --prefix=/usr --exec-prefix=/usr \ > --bindir=/usr/bin --sbindir=/usr/sbin --sysconfdir=/etc \ > --datadir=/usr/share --includedir=/usr/include \ > --libdir=/usr/lib --libexecdir=/usr/libexec \ > --localstatedir=/var --sharedstatedir=/usr/com \ > --mandir=/usr/share/man --infodir=/usr/share/info > --with-acl-support --with-automount \ > --with-codepagedir=/usr/share/samba/codepages --with-fhs \ > --with-libsmbclient --with-lockdir=/var/cache/samba --with-pam \ > --with-pam_smbpass --with-piddir=/var/run \ > --with-privatedir=/etc/samba --with-quotas --with-smbmount \ > --with-swatdir=/usr/share/swat --with-syslog --with-utmp \ > --with-vfs --without-smbwrapper --with-ads --with-winbind \ > --with-krb5 > > Here is the configure for krb5-1.3.4: > > ./configure --program-prefix= --prefix=/usr --exec-prefix=/usr \ > --bindir=/usr/bin --sbindir=/usr/sbin --sysconfdir=/etc \ > --datadir=/usr/share --includedir=/usr/include \ > --libdir=/usr/lib --libexecdir=/usr/libexec \ > --localstatedir=/var --sharedstatedir=/usr/com \ > --mandir=/usr/share/man --infodir=/usr/share/info CC=gcc \ > CFLAGS="-O2 -g -pipe
[Samba] Character Set
Hi, Is character set = ISO8859-15 still an valid option under samba-3.0.x? When I run testparm, it complains Unknown parameter encountered. Regards, Norman -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] sessionid.tdb not initialised
Hi all, I am new to the list, I have setup samba using solaris package samba-3.0.2a I am running solaris 8. Everything seems to be working fine. But one thing, when I bash-2.03# ./smbstatus sessionid.tdb not initialised Service pid machine Connected at --- No locked files bash-2.03# I got a "sessionid.tdb not initialised". Is that a problem? And how do I fix this problem. Thanks in advance. Kind Regards, Clive Luk -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: String overflow in safe_strcpy - bug in documentation
On Tue, Jul 20, 2004 at 09:51:25PM +0200, Thomas Bork wrote: > Herb Lewis schrieb: > > >you can change "mangle prefix" to specify the number of characters you > >want to stay the same. Just remember the more letters that remain the > >same the more likely you will get a collision and slow things down. > > http://de.samba.org/samba/docs/man/smb.conf.5.html > > mangling method (G) > controls the algorithm used for the generating the mangled names. Can > take two different values, "hash" and "hash2". "hash" is the default and > > is the algorithm that has been used in Samba for many years. "hash2" is > a newer and considered a better algorithm (generates less collisions) in > the names. However, many Win32 applications store the mangled names and > so changing to the new algorithm must not be done lightly as these > applications may break unless reinstalled. > > Default: mangling method = hash2 > > Example: mangling method = hash > > > But: > "hash" is not the default (this was in 2.2.x) Fixed in the SVN docs - thanks a *lot* ! Jeremy. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] No support? who said that?
Who said there was no support on this list? Look at that, Jerry's posting by truckloads! -- David Morel <[EMAIL PROTECTED]> signature.asc Description: Ceci est une partie de message =?ISO-8859-1?Q?num=E9riquement?= =?ISO-8859-1?Q?_sign=E9e=2E?= -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Chasing the "ads_add_machine_acct: Insufficient access" problem
Okay, the jist of this whole thing, I get this infamous (?) problem, I have been trying to search though the archives of samba-general on gmane and also in my archive of this list. I have only seen requests for the magical answer. Environment: W2K/W2K3 mixed ADS going Native ADS only soon. Samba 3.0.4 compiled from source on a RHEL AS30 machine. MIT Kerberos v1.3.4 also compiled from source. Kernel == 2.4.21-15.0.2.ELhugemem #1 SMP Wed Jun 16 22:36:51 EDT 2004 i686 athlon i386 GNU/Linux Here is the problem in a nutshell: [EMAIL PROTECTED] root]# net ads join Computers -S mydc1.mynetwork.com [2004/07/20 15:06:09, 0] libads/ldap.c:ads_join_realm(1336) ads_add_machine_acct: Insufficient access ads_join_realm: Insufficient access and the important pieces of smb.conf: [global] workgroup = MYNETWORK netbios name = ROAR server string = Lotsa Room security = ADS realm = MYNETWORK.COM auth methods = winbind password server = mydc1.mynetwork.com passwd program = /usr/bin/passwd %u passwd chat = *Enter\snew\sUNIX\spassword:* %n\n *Retype\snew\sUNIX\spassword:* %n\n . lanman auth = No ntlm auth = No client NTLMv2 auth = Yes client lanman auth = No client plaintext auth = No syslog = 0 log file = /var/log/samba/log.%m max log size = 1 smb ports = 445 disable netbios = Yes max xmit = 65535 name resolve order = host wins lmhosts bcast #tried both spnego Yes and No same diff. use spnego = Yes # use spnego = No server signing = auto deadtime = 10080 socket options = IPTOS_LOWDELAY TCP_NODELAY logon path = logon home = os level = 49 preferred master = No local master = No domain master = No dns proxy = No ldap ssl = no idmap uid = 1-4 idmap gid = 1-4 winbind separator = + winbind nested groups = Yes winbind cache time = 20 template homedir = /home/%D/%U invalid users = root ea support = Yes hide special files = Yes hide unreadable = Yes And here is my klist: [EMAIL PROTECTED] root]# klist Ticket cache: FILE:/tmp/krb5cc_0 Default principal: [EMAIL PROTECTED] Valid starting ExpiresService principal 07/20/04 16:21:53 07/21/04 02:22:01 krbtgt/[EMAIL PROTECTED] renew until 07/21/04 16:21:53 Kerberos 4 ticket cache: /tmp/tkt0 klist: You have no tickets cached Yes, [EMAIL PROTECTED] has rights to create users and machines in the AD Tree in "Computers" So, now, given that this is an existing problem in v3.0.4, I have to show the way I configured and compiled it. I also compiled MIT Kerberos v1.3.4 the proper way (similar to this). Personally I like integrations. Here is the configure for samba v3.0.4: ./configure --program-prefix= --prefix=/usr --exec-prefix=/usr \ --bindir=/usr/bin --sbindir=/usr/sbin --sysconfdir=/etc \ --datadir=/usr/share --includedir=/usr/include \ --libdir=/usr/lib --libexecdir=/usr/libexec \ --localstatedir=/var --sharedstatedir=/usr/com \ --mandir=/usr/share/man --infodir=/usr/share/info --with-acl-support --with-automount \ --with-codepagedir=/usr/share/samba/codepages --with-fhs \ --with-libsmbclient --with-lockdir=/var/cache/samba --with-pam \ --with-pam_smbpass --with-piddir=/var/run \ --with-privatedir=/etc/samba --with-quotas --with-smbmount \ --with-swatdir=/usr/share/swat --with-syslog --with-utmp \ --with-vfs --without-smbwrapper --with-ads --with-winbind \ --with-krb5 Here is the configure for krb5-1.3.4: ./configure --program-prefix= --prefix=/usr --exec-prefix=/usr \ --bindir=/usr/bin --sbindir=/usr/sbin --sysconfdir=/etc \ --datadir=/usr/share --includedir=/usr/include \ --libdir=/usr/lib --libexecdir=/usr/libexec \ --localstatedir=/var --sharedstatedir=/usr/com \ --mandir=/usr/share/man --infodir=/usr/share/info CC=gcc \ CFLAGS="-O2 -g -pipe -march=i386 -mcpu=i686 -I/usr/include/et \ -fPIC" LDFLAGS= CPPFLAGS="-I/usr/include/et" --enable-shared \ --enable-static --bindir=/usr/kerberos/bin \ --mandir=/usr/kerberos/man --sbindir=/usr/kerberos/sbin \ --datadir=/usr/kerberos/share --localstatedir=/var/kerberos \
Re: [Samba] Any Windows XP SP2 RC2 Experience?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Jason Balicki wrote: | Earlier today I installed Windows XP SP2 RC2 onto | two of my production machines. My test boxes were | fine, but the two production machines I installed | them on failed to print in Adobe Reader and IE. | | I've got a Samba 2.2.9 DC with a CUPS printing | backend. | | Anyway, I've backed off the SP on both production | machines, and I'm going to try to replicate the | issue with another test box, but I was wondering | if anyone has any experience with this service | pack and a Samba based network? Any hints or | gotchas you want to share? We've reported a bug in XP sp2 rc2 to MS wither regards to the print change notify code. It was triggering a crash in smbd (our fault) by doing a notify operation incorrectly (ms's fault). This was reproduced using Samba 3.0.x. I think the same code exists in the 2.2.x tree. cheers, jerry - -- Hewlett-Packard- http://www.hp.com SAMBA Team -- http://www.samba.org GnuPG Key http://www.plainjoe.org/gpg_public.asc "...a hundred billion castaways looking for a home." --- Sting -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFA/ZLZIR7qMdg1EfYRAiGwAJ4/LkC1q2v1Y49uXwV++i+qG2eqvACg3vVM qQgqzCVC+XdCAxYfaWvAzeQ= =iSef -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Chaning shares using Computer Management with W2k3.
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Mattias Andersson wrote: | I'm trying to change permissions and add shares and | remove shares etc.. on my Samba-hosts shares (running 3.0.4 | on Fedora, using the Computer Management-tool on Windows | Server 2003. I have set security = ads on the samba host | and I've joined the host to the Active Directory Server (the | same machine as the one I'm running the Computer | Management-tool on). However, I seem to get "Access is | denied" all the time. After some googling and some reading in | several howto's I think it must be that I dont have any | scripts for adding, removing and changing shares, set up. | Could this be the problem? | | I know how to set these in smb.conf, though I dont know | where to get them. Does anyone know where I can find | good example of such scripts? Correct. You have to write the 'addshare command' program. There's a sample in example/misc/modify_share_command.pl And you have to be connected as a root user. cheers, jerry - -- Hewlett-Packard- http://www.hp.com SAMBA Team -- http://www.samba.org GnuPG Key http://www.plainjoe.org/gpg_public.asc "...a hundred billion castaways looking for a home." --- Sting -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFA/ZAmIR7qMdg1EfYRAo/yAKDFoQ6S+KkNRBZH46IBGsoWe30pUACbBMkZ cZ+uz6k8u4aXv9sZmeCJtVE= =QzOH -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] posix locking - what does it do?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Rudolf Polzer wrote: | What exactly does the POSIX locking option do? | | I know what it does NOT do: flock() the files a Windows machine has | locked. When for example a file is locked on server side (Linux, I | tried all three Debian samba releases from stable, testing and | unstable), notepad on Windows still opens it. If it however is | locked by a Windows application on another computer, notepad | refuses. | | Does "posix locking" perhaps map SMB locks to something else than | flock()? yeah. It maps them onto posix byte range locks (e.g. fcntl() ) cheers, jerry - -- Hewlett-Packard- http://www.hp.com SAMBA Team -- http://www.samba.org GnuPG Key http://www.plainjoe.org/gpg_public.asc "...a hundred billion castaways looking for a home." --- Sting -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFA/Y5PIR7qMdg1EfYRAofGAKCrj7nvtP0VFRXjPL+9kPq5b2eivQCfXAcj Wk0oWc0Ru14OCmZr9ilQh9I= =Y1Al -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Interaction between "wins support = yes" and "os level = 65"
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 [EMAIL PROTECTED] wrote: | I'm a little unclear about something. I want my Linux | box to be the Local Browse Master -- so that the machine | that's "on" all the time is the one that other computers | look to. | | Is it correct that I want in my Global Settings: | | wins support = yes | os level = 65 (or some higher number) | | And should my Windows XP workstations have the Linux box | as the Wins Server? Or should I leave the Wins Server out | of it? | Wins has nothing to do with local master browsing elections. The 2 parameters are othogonal. You need the os level to win the local browsing election. You need to wins support to consolidate your netbios namespace across multiple subnets. cheers, jerry - -- Hewlett-Packard- http://www.hp.com SAMBA Team -- http://www.samba.org GnuPG Key http://www.plainjoe.org/gpg_public.asc "...a hundred billion castaways looking for a home." --- Sting -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFA/YOKIR7qMdg1EfYRAo4PAJ0ckBmp51ysMfffgjbeMd+X9dtwgwCeLWBf 2/4zmaWoWEajh25WSIeh9gM= =H1xR -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Re: locks cooperating with a server side process
"Gerald (Jerry) Carter" <[EMAIL PROTECTED]> writes: > This kind og question is probably better suited for > the samba-technical mailing list. I would repost there. Ah thanks a bunch, Chris -- Chris Green <[EMAIL PROTECTED]> Chicken's thinkin' -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Migarting an NT domain to a Fedora Samba 3 domain
I have an NT domain, and I DON'T want to go to AD, and I DO want to move off NT4 to Linux for my servers. I have set up a Fedora Core 2 server in my domain. The domain recognizes it and it the other servers (oddly enough I am having some, but not complete printer problems. Well thta is a separate question) My plan is: Run Fedora as a BDC. Take down my NT PDC (I have an NT BDC btw) Upgrade the Fedora to PDC Bring up another Fedora server as a BDC But the graphic tool in Fedora does not support these activities. I am not a UN*X person. Never found the time. I am a protocols developer. So I need some graphic tools and wish to stay away fromVI and .conf files. Pointers to instructions and tools are greatly appreciated! Oh, I also want to move my Fedora PDC to the same IP address and even hostname as my NT PDC. Will save a lot of external problems. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Re: locks cooperating with a server side process
Adam Tauno WIlliams <[EMAIL PROTECTED]> writes: > If your building a 'drop box' so to speak, where a process picks up > files after they are copied in, perhaps you want to look into hooking > for application into 'fam' > > http://oss.sgi.com/projects/fam/ > Thanks for the pointer. My problem isn't picking up the file when it's copied in, but picking it up when it's "complete". Looking at the imon ( and linux fcntl(2) ), there doesn't seem to be a way to say "let me know I'm the only person using this file" short of mandatory locking. The work around for the users in my case is to copy the file, and then rename but I'd really like it to be a one step operation. Cheers, Chris -- Chris Green <[EMAIL PROTECTED]> To err is human, to moo bovine. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] configure not detecting IRIX6
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Philip Chambers wrote: | A couple of days ago I sent a message about trying to | build 3.0.4 under IRIX6 and having "make" fail | because smbd/quota.h could not find . | I got no suggestions as to how to work out what the | problem was. I have now identified why the problem arose | and that moves me to the next problem! | | configure is failing to detect that the OS is IRIX6. | include/config.h does not have a #define for any OS. | | Can someone suggest why configure is not setting up the | OS on IRIX6? | | Failing that, can someone point me to the part of | configure where it should be detecting IRIX6 as the OS? Please send me the config.log and config.h files from the build and I'll try to work on it. cheers, jerry - -- Hewlett-Packard- http://www.hp.com SAMBA Team -- http://www.samba.org GnuPG Key http://www.plainjoe.org/gpg_public.asc "...a hundred billion castaways looking for a home." --- Sting -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFA/YfuIR7qMdg1EfYRAnQJAKCu+cHTyxfOIvRsmZAE0fBgLa3AzwCfb8sr rlhQwBUJ6+8kuKhL0ZIYQ8Y= =cRWi -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Ascii mode in smbclient?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 William Beilstein wrote: | The translate command did what I needed. Why isn't it in any of the man | pages? It would have saved all of us effort. Thanks to Giulio! Your answer | was much appreciated. Your right. Apparently it is missing from the smb.conf(1) man page. I'll get that fixed. In the meantime you should be able to get minimal help on all smbclient commands via the help function. smb: \> help ... rename reput rm rmdir setmode symlinktartarmodetranslate vuid smb: \> help translate HELP translate: ~toggle text translation for printing cheers, jerry - -- Hewlett-Packard- http://www.hp.com SAMBA Team -- http://www.samba.org GnuPG Key http://www.plainjoe.org/gpg_public.asc "...a hundred billion castaways looking for a home." --- Sting -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFA/YVfIR7qMdg1EfYRAnMWAJ479hRnNOyavXkcQ3HCRf2roZMG4QCeKKmG 9ojY/qezxWzYUZpZLKeHhEE= =i5CV -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] corrupt tdb problems
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Greg Dickie wrote: | Hi, | | I'm seeing this in log.winbind | | [2004/07/16 13:26:57, 0] tdb/tdbutil.c:tdb_log(725) | tdb(/var/lib/samba/winbindd_idmap.tdb): rec_free_read bad magic Bad news. Hope you have a backup of. Not much you can do but remove the tdb and restart winbindd. This means that all winbindd SID<->uid/gid mappings will be reset and any winbind local users/groups will be removed. cheers, jerry - -- Hewlett-Packard- http://www.hp.com SAMBA Team -- http://www.samba.org GnuPG Key http://www.plainjoe.org/gpg_public.asc "...a hundred billion castaways looking for a home." --- Sting -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFA/YPSIR7qMdg1EfYRAmDvAJ9GAU4rgHkehsuw/8oiqhN+w3hf4QCeKPE7 Er2xPssgY2B+InkUDNAwTpk= =ZfA1 -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Winbind problem
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Chris wrote: | Since we are dealing with ADS, I thought it would be | safe to refer to things in ads nomanclature. Aparently | not the case with the password server. The | error output was likewise misleading: | | [2004/07/15 11:55:43, 1] nsswitch/winbindd_ads.c:ads_cached_connection(81) | ads_connect for domain NEWDOMAIN failed: No such file or directory | | I was looking all around both machines' filesystems, | LDAP and ADS for a file or directory that was missing. Turns | out that had nothing to do with it. | | The problem was this line in my smb.conf: | password server = stan.newdomain.int | | It should have been | password server = STAN | | i.e. in netbios nomanclature -- not ADS(DNS) nomanclature. | | I am amazed that no one caught that, but there it is! | So much grief for such a stupid gaff. | | I thank those who took the time to read my post, and | hope that this will help someone in the future. Chris, This should have worked. Either netbios names, fwdn's, or ip addresses are supported values in the pasword server field in the Samba 3.0.x series. Does stan.newdomain.int resolve to an IP address and does that machine have netbios enabled ? - -- cheers, jerry - -- Hewlett-Packard- http://www.hp.com SAMBA Team -- http://www.samba.org GnuPG Key http://www.plainjoe.org/gpg_public.asc "...a hundred billion castaways looking for a home." --- Sting -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFA/YMFIR7qMdg1EfYRAqkDAKDS21lXeoKlJY+KhbzGV+7ljBljugCfdzbH zKW+59akKw4t1GIuQxU/ins= =u4Ke -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: Samba/LDAP/PDC Questions
[EMAIL PROTECTED] wrote: Thank you for the response! And thank you for also posting in plaintext. That fonted stuff was tough to read. 2. Should the PDC itself be in the ldap backend database? I haven't found a good reason that it 'has' to in my tests. I did join PDC to the domain using 'net rpc join -Uadministrator%secret' according to John H. Terpatra's Samba-3 by Example. After joining, I do see the PDC machine is the ldap backend database. Nothing wrong with that... 3. In the /etc/ldap.conf, if I turn on the nss staff, I cannot log in to the dmain anymore. It said "User does not exist". Can you expand on this a bit more? From what you've said (which isn't much) it almost sounds like you didn't have ldap working as the posix auth system before you layered on samba. My /etc/ldap.conf is as follow: host 127.0.0.1 base dc=ab,dc=com # nss_base_passwdou=Users,dc=ab,dc=com?one # nss_base_shadowou=Users,dc=ab,dc=com?one # nss_base_group ou=Group,dc=ab,dc=com?one ssl no pam_password md5 # What I was trying to say is that the three nss_base lines: o with or without them, I can do 'getent password' etc with all the posixAcounts o with them uncommented, I cannot loginto a domain account from an XP machine, though the XP machine itself joined the domain on a fly. [* actually I cannot login to a domain account from the XP no matter what after I reconfigure the PDC with People for computers *] So I wonder what exactly these three lines do. The PDC is on Fedora 2 system. I ran authconfig to enable ldap authentication. The pam.d is automatically configured. I am not sure it is using ldap_nss stuff at all. Ok, I believe on Fedora that ou=People is the default, so when you uncomment these then you are changing the authentication system and nss to look in Users instead of People. It is running on defaults entirely if these are missing. If you are authenticating directly (ssh or ftp or something) that should fail as well when you have those lines enabled. Right now, I can join the XP machine into the domain but after reboot I just cannot log into domain Administrator account. The error from the XP is "The system could not log you on, Make sure your user name and domain are correct, then type your oassword again." Can you log in with a regular user? Perhaps one that you know is configured correctly? It sounds like your machine is added correctly or the error you would get would say something to the effect of 'Cannot find your machine account or the domain controller is unavailable.' I'm sure I mangled that error, but that's the best I can remember right now. From the log.xp file, I see errors. Any suggestion? -- Kang Sun # [2004/07/20 14:42:38, 0] rpc_server/srv_pipe.c:api_pipe_netsec_process(1397) failed to decode PDU [2004/07/20 14:42:38, 0] rpc_server/srv_pipe_hnd.c:process_request_pdu(605) process_request_pdu: failed to do schannel processing. ## A lot of people have posted about schannel stuff, but I think I may have glossed over the end of those threads. Anybody who actually read them care to chime in here? :-/ -- Paul Gienger Office: 701-281-1884 Applied Engineering Inc. Information Systems Consultant Fax:701-281-1322 URL: www.ae-solutions.commailto: [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Failed to issue the StartTLS instruction: Connect error
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 O Plameras wrote: | Hi, | | I have two LDAP Servers with similar configurations. | The main difference is that one runs Linux Fedora 1 and the other Linux | Fedora 2. The Fedora 2 server runs | correctly whilst the Fedora 1 LdAP doesn't with the error: | | Failed to issue the StartTLS instruction: Connect error. | | Following is an example of error message on Fedora 1. | | [EMAIL PROTECTED] etc]# net getlocalsid | [2004/07/18 21:20:09, 0] lib/smbldap.c:smbldap_open_connection(624) | Failed to issue the StartTLS instruction: Connect error | [2004/07/18 21:20:09, 0] lib/smbldap.c:smbldap_search_suffix(1126) | smbldap_search_suffix: Problem during the LDAP search: | error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake | failure (Connect error) | SID for domain LINUX is: S-1-5-21-631164965-3065778426-3560323935 | [EMAIL PROTECTED] etc]# | | Can someone tell what and where I should be looking for ? Thanks. aMake sure that you can connect to the LDAP directory server using ldapsearch -ZZ. This is probably an issue with the LDAP server's certificate. Probably not a Samba issue. cheers, jerry - -- Hewlett-Packard- http://www.hp.com SAMBA Team -- http://www.samba.org GnuPG Key http://www.plainjoe.org/gpg_public.asc "...a hundred billion castaways looking for a home." --- Sting -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFA/YIaIR7qMdg1EfYRAlqxAKCvVAECs5lpQNNrFMKs8C1iJLWbrQCgrFge DLR45310EeTiXsVUVhv4O7Y= =iQiG -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Re: roaming profiles and samba
Just don't do roaming profiles... thread on that recently in this list. -- Michael Lueck Lueck Data Systems Remove the upper case letters NOSPAM to contact me directly. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: locks cooperating with a server side process
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Chris Green wrote: ... | Does anyone else use samba as a drop box for a unix process? | | Is there anyway to make a file be locked upon creation with the copy | command? I have a hard time figuring out all the paramters for | open_file_shared1 Chris, This kind og question is probably better suited for the samba-technical mailing list. I would repost there. cheers, jerry - -- Hewlett-Packard- http://www.hp.com SAMBA Team -- http://www.samba.org GnuPG Key http://www.plainjoe.org/gpg_public.asc "...a hundred billion castaways looking for a home." --- Sting -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFA/YEHIR7qMdg1EfYRArGLAJ9cDIX+qpu1jo3MDK8wt4CitjBn8wCePDzn tNaMlQ4irMheC+EwD8vUAa8= =IOzG -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Log shows NT4 for an ADS domain
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Joe wrote: | I'm using a native Win2k ADS domain, but when winbindd | is starting up my log shows HOME is an NT4 domain... Home | was an mixed mode domain when I first started working with | SAMBA, but I have converted it since then. I thought | I had removed all traces of the old domain from SAMBA, | and rejoined the ADS domain. Do ADS domains still show | NT4 in the log? or do I have something messed up? This is a bug in 3.0.4 and has been fixed in the latest 3.0 subversion tree. - -- cheers, jerry - -- Hewlett-Packard- http://www.hp.com SAMBA Team -- http://www.samba.org GnuPG Key http://www.plainjoe.org/gpg_public.asc "...a hundred billion castaways looking for a home." --- Sting -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFA/YCOIR7qMdg1EfYRAuvYAJ9C3S15RbGEOdIwzdiDIf/Kek1pygCgx8R2 xc6e2ftYTxvd2XrGhR4tMfI= =pTJ6 -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Log shows NT4 for an ADS domain
I'm trying to learn about the interactions between SAMBA and win2k DCs. The eventual goal is to have a Win2k server with ADS working with a freeBSD SAMBA server. I've used the setup from http://oslabs.mikro-net.com/fbsd_samba.html as the basis for what I've done so far. Winbind seems to work and I can show users and groups using wbinfo although I see some things in the logs that I haven't been able to figure out. I'm using a native Win2k ADS domain, but when winbindd is starting up my log shows HOME is an NT4 domain... Home was an mixed mode domain when I first started working with SAMBA, but I have converted it since then. I thought I had removed all traces of the old domain from SAMBA, and rejoined the ADS domain. Do ADS domains still show NT4 in the log? or do I have something messed up? If there's a better reference for the log messages, please point me in the right direction. Thanks for the help, Joe In this log snippets: - home.local is the Win2k domain - frosty.home.local is the DC - kara.home.local is the Samba box. [2004/07/20 20:08:31, 3] nsswitch/winbindd_util.c:add_trusted_domain(173) add_trusted_domain: HOME is an NT4 domain [2004/07/20 20:08:31, 1] nsswitch/winbindd_util.c:add_trusted_domain(180) Added domain HOME HOME.LOCAL S-0-0 ... [2004/07/20 20:08:31, 3] nsswitch/winbindd_util.c:add_trusted_domain(173) add_trusted_domain: BUILTIN is an NT4 domain [2004/07/20 20:08:31, 1] nsswitch/winbindd_util.c:add_trusted_domain(180) Added domain BUILTIN S-1-5-32 [2004/07/20 20:08:31, 3] nsswitch/winbindd_util.c:add_trusted_domain(173) add_trusted_domain: KARA is an NT4 domain [2004/07/20 20:08:31, 1] nsswitch/winbindd_util.c:add_trusted_domain(180) Added domain KARA S-1-5-21-3424855220-147354258-856157331 complete winbind log (level 5) winbindd version 3.0.4 started. Copyright The Samba Team 2000-2004 [2004/07/20 20:08:31, 2] param/loadparm.c:do_section(3392) Processing section "[homes]" [2004/07/20 20:08:31, 2] param/loadparm.c:do_section(3392) Processing section "[storage]" [2004/07/20 20:08:31, 3] param/loadparm.c:lp_add_ipc(2359) adding IPC service [2004/07/20 20:08:31, 3] param/loadparm.c:lp_add_ipc(2359) adding IPC service [2004/07/20 20:08:31, 2] lib/interface.c:add_interface(79) added interface ip=10.0.0.102 bcast=10.0.0.255 nmask=255.255.255.0 [2004/07/20 20:08:31, 2] lib/interface.c:add_interface(79) added interface ip=10.0.0.102 bcast=10.0.0.255 nmask=255.255.255.0 [2004/07/20 20:08:31, 2] lib/tallocmsg.c:register_msg_pool_usage(57) Registered MSG_REQ_POOL_USAGE [2004/07/20 20:08:31, 2] lib/dmallocmsg.c:register_dmalloc_msgs(71) Registered MSG_REQ_DMALLOC_MARK and LOG_CHANGED [2004/07/20 20:08:31, 3] nsswitch/winbindd_util.c:add_trusted_domain(173) add_trusted_domain: HOME is an NT4 domain [2004/07/20 20:08:31, 1] nsswitch/winbindd_util.c:add_trusted_domain(180) Added domain HOME HOME.LOCAL S-0-0 [2004/07/20 20:08:31, 3] libads/ldap.c:ads_connect(218) Connected to LDAP server 10.0.0.100 [2004/07/20 20:08:31, 3] libads/ldap.c:ads_server_info(2029) got ldap server name [EMAIL PROTECTED], using bind path: dc=HOME,dc=LOCAL [2004/07/20 20:08:31, 3] nsswitch/winbindd_cm.c:cm_get_ipc_userpass(110) IPC$ connections done anonymously [2004/07/20 20:08:31, 3] libsmb/cliconnect.c:cli_start_connection(1373) Connecting to host=FROSTY [2004/07/20 20:08:31, 3] lib/util_sock.c:open_socket_out(735) Connecting to 10.0.0.100 at port 445 [2004/07/20 20:08:31, 5] nsswitch/winbindd_cm.c:cm_open_connection(256) connecting to FROSTY from KARA with kerberos principal [EMAIL PROTECTED] [2004/07/20 20:08:31, 3] libsmb/cliconnect.c:cli_session_setup_spnego(705) Doing spnego session setup (blob length=106) [2004/07/20 20:08:31, 3] libsmb/cliconnect.c:cli_session_setup_spnego(730) got OID=1 2 840 48018 1 2 2 [2004/07/20 20:08:31, 3] libsmb/cliconnect.c:cli_session_setup_spnego(730) got OID=1 2 840 113554 1 2 2 [2004/07/20 20:08:31, 3] libsmb/cliconnect.c:cli_session_setup_spnego(730) got OID=1 2 840 113554 1 2 2 3 [2004/07/20 20:08:31, 3] libsmb/cliconnect.c:cli_session_setup_spnego(730) got OID=1 3 6 1 4 1 311 2 2 10 [2004/07/20 20:08:31, 3] libsmb/cliconnect.c:cli_session_setup_spnego(737) got [EMAIL PROTECTED] [2004/07/20 20:08:31, 2] libsmb/cliconnect.c:cli_session_setup_kerberos(535) Doing kerberos session setup [2004/07/20 20:08:31, 3] libsmb/clikrb5.c:ads_cleanup_expired_creds(245) Ticket in ccache[MEMORY:cliconnect] expiration Wed, 21 Jul 2004 06:08:31 GMT [2004/07/20 20:08:31, 3] rpc_parse/parse_lsa.c:lsa_io_sec_qos(181) lsa_io_sec_qos: length c does not match size 8 [2004/07/20 20:08:31, 3] nsswitch/winbindd_ads.c:alternate_name(932) ads: alternate_name [2004/07/20 20:08:31, 3] libads/ldap.c:ads_connect(218) Connected to LDAP server 10.0.0.100 [2004/07/20 20:08:31, 3] libads/ldap.c:ads_server_info(2029) got ldap server name [EMAIL PROTECTED], using bind path: dc=HOME,dc=LOCAL [2004/07/20
Re: [Samba] Samba-3.0.4 - PANIC: Could not generate a machine SID
On Tue, Jul 20, 2004 at 04:11:57PM -0400, Mike Box wrote: > Thanks to Jim C. for his suggestion of winbind, which I will also pursue. > > However, this specific problem was corrected by moving the "private" directory > from NFS to a local filesystem. > > I recall experiencing this situation before. Okay, Solaris gurus, what exactly > causes this problem? Is it unique to Solaris? Is it something to be avoided by > software (Samba) developers? Solaris won't allow fcntl locks on mmap'ed files on an NFS mounted filesystem. Some would call that a bug. :-). Yes, it's unique to Solaris. Jeremy. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba-3.0.4 - PANIC: Could not generate a machine SID
Thanks to Jim C. for his suggestion of winbind, which I will also pursue. However, this specific problem was corrected by moving the "private" directory from NFS to a local filesystem. I recall experiencing this situation before. Okay, Solaris gurus, what exactly causes this problem? Is it unique to Solaris? Is it something to be avoided by software (Samba) developers? Mike >Searching the archives for a solution to this problem revealed no solution. > >Recently I built Samba-3.0.4 from downloaded source on a computer running >Solaris 8. I wish to have this computer join a Windows NT 4.0 domain (as >only a member.) I have another computer currently running Samba-2.0.7 as >a member in this domain. (The goal is to have Samba-3.0.4 replace >Samba-2.0.7.) After a successful build, I copied the Samba-2.0.7 smb.conf >to Samba-3.0.4 and changed the necessary identification statements. (testparm >runs clean.) If needed, I will post smb.conf. > >Key smb.conf statements: >security = domain >encrypt passwords = yes >password server = xyzzy > >Samba is started via (complete path not shown): >.../nmbd -D >.../smbd -D > ># ls -ald /usr/local/samba/private >drwxr-xr-x 2 root other 4096 Jul 12 17:23 /usr/local/samba/private ># ls -l /usr/local/samba/private/secrets.tdb >-rw--- 1 root root8192 Jul 13 13:32 >/usr/local/samba/private/secrets.tdb > >smbd repeatedly fails producing the following messages in the log: >[2004/07/13 12:50:24, 0] tdb/tdbutil.c:tdb_log(725) > tdb(/SOURCES/samba-3.0.4/private/secrets.tdb): tdb_lock failed on list 30 >ltype=1 (Resource temporarily unavailable) >[2004/07/13 12:50:24, 0] tdb/tdbutil.c:tdb_log(725) > tdb(/SOURCES/samba-3.0.4/private/secrets.tdb): tdb_lock failed on list 30 >ltype=2 (Resource temporarily unavailable) >[2004/07/13 12:50:24, 0] passdb/machine_sid.c:pdb_generate_sam_sid(176) > pdb_generate_sam_sid: Failed to store generated machine SID. >[2004/07/13 12:50:24, 0] lib/util.c:smb_panic2(1398) > PANIC: Could not generate a machine SID > >[2004/07/13 12:50:24, 0] lib/fault.c:fault_report(36) > === >[2004/07/13 12:50:24, 0] lib/fault.c:fault_report(37) > INTERNAL ERROR: Signal 6 in pid 24581 (3.0.4) > Please read the appendix Bugs of the Samba HOWTO collection >[2004/07/13 12:50:24, 0] lib/fault.c:fault_report(39) > === >[2004/07/13 12:50:24, 0] lib/util.c:smb_panic2(1398) > PANIC: internal error > > >Thanks, in advance, for any help that you may offer. > >Mike Box > >-- >To unsubscribe from this list go to the following URL and read the >instructions: http://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Help using Samba in ADS environment
Hello all, Forgive me as this is probably a common question. However, I could not find an answer while searching. I have a few Linux servers running Samba 2.2.x that are hosting open shares with guest read/write access. I would like to have these become a member of the active directory and allow pass-thru authentication and authorizations to the shares hosted. I find where I can join the domain and set it to domain mode. However, it's not clear how to do pass-thru authentication. I do not want to create local user accounts for all users. I want to allow read/write share access to a global group. Can anyone direct me to an FAQ or instructions on setting this up properly? Thanks. --- Shawn Poulson [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] LOGIC ERROR in smbd locks system...
On Tue, Jul 20, 2004 at 10:22:02AM +0200, Maier, Thomas wrote: > Hello, > > i have a little problem here: > > Using Samba 2.2.2 with IBM ClearCase (2003) on a Sun Solaris 8 machine (2 > cpus, 4G ram) (IBM does not support Samba 3.0 with Clearcase, maybe Samba > 3.0 will fix the problem, but not able to test it yet). There are more than > 100 smbd processes running in average. Load average of the maschine: under > 1.0 in normal operation. > > But from time to time there are system locks, means: there are many smbd's > running (over 50 and more) that produces an load average of over 50.0 ! > These processes consume about 2% cpu time per smbd, resulting in: cpu > state: 0% idle 10% user 90% kernel. 2.2.2 is old even for the 2.2.x series :-). Please upgrade either to 3.0.x or the last 2.2.x version (2.2.9 I believe). Jeremy. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: locks cooperating with a server side process
> > I'm having a problem where I can gain the lock but the process is > > still writing to the file. If your building a 'drop box' so to speak, where a process picks up files after they are copied in, perhaps you want to look into hooking for application into 'fam' http://oss.sgi.com/projects/fam/ man fam: ... fam is a server that tracks changes to the filesystem and relays these changes to interested applications. Applica tions such as fm(1G) and mailbox(1) present an up-to-date view of the filesystem. In the absence of fam, these applications and others like them are forced to poll the filesystem to detect changes. fam is more efficient. Applications can request fam to monitor any files or directories in any filesystem. When fam detects changes to monitored files, it notifies the appropriate applica tion. The FAM API provides a programmatic interface to fam; see fam(3X). fam is informed of filesystem changes as they happen by the kernel through the imon(7M) pseudo device driver. If asked to monitor files on an NFS mounted filesystem, fam tries to use fam on the NFS server to monitor files. If fam cannot contact a remote fam, it polls the files instead. fam also polls special files. ... -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: String overflow in safe_strcpy - bug in documentation
Herb Lewis schrieb: you can change "mangle prefix" to specify the number of characters you want to stay the same. Just remember the more letters that remain the same the more likely you will get a collision and slow things down. http://de.samba.org/samba/docs/man/smb.conf.5.html mangling method (G) controls the algorithm used for the generating the mangled names. Can take two different values, "hash" and "hash2". "hash" is the default and is the algorithm that has been used in Samba for many years. "hash2" is a newer and considered a better algorithm (generates less collisions) in the names. However, many Win32 applications store the mangled names and so changing to the new algorithm must not be done lightly as these applications may break unless reinstalled. Default: mangling method = hash2 Example: mangling method = hash But: "hash" is not the default (this was in 2.2.x) der tom -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Re: locks cooperating with a server side process
Chris Green <[EMAIL PROTECTED]> writes: > I'm having a problem where I can gain the lock but the process is > still writing to the file. OK, I realized that putting python in might have scared away anyone that knew C enough to help me out on my problem so I wrote a tiny util to look at the fcntl based locks. http://cmg.dok.org/code/lockview.c As I copy the file from NT -> Linux 2.4, There are no locks set on the file. However, if I turn strict locking on, posix.c/is_posix_locked will return true as soon as I gain the lock and abort the copy. If just plain locking is on, the file will be deleted as soon as the copy is complete if another process has gained a write lock. Does anyone else use samba as a drop box for a unix process? Is there anyway to make a file be locked upon creation with the copy command? I have a hard time figuring out all the paramters for open_file_shared1 [2004/07/20 13:21:37, 5] smbd/files.c:file_new(123) allocated file structure 5634, fnum = 9730 (2 used) [2004/07/20 13:21:37, 10] smbd/open.c:open_file_shared1(807) open_file_shared: fname = output/Testing/cygwin.tar, share_mode = 11, ofun = 10, mode = 660, oplock request = 3 Thanks, Chris -- Chris Green <[EMAIL PROTECTED]> Eschew obfuscation. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE: [Samba] The next Logical Check for SWAT
I know this might be out in left field, but have you checked your hosts.allow and hosts.deny files in /etc? Patti Clark -Original Message- From: Robert Robinson [mailto:[EMAIL PROTECTED] Sent: Friday, July 16, 2004 4:14 PM To: [EMAIL PROTECTED] Subject: [Samba] The next Logical Check for SWAT Samba is working SWAT is loaded and listening on port 901 I have reconfirmed the syntax of the services file I have reconfirmed the syntax of the SWAT file in xinet.d When I go to localhost:901 nothing happens. It just sits there. WHat is the next logical check in my attempt to get SWAT working? BTW: It works fine if I use Webmin -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] roaming profiles and samba
I have a network comprised of a linux server (mandrake) running samba 3.0.4 as a PDC and clients all being windows xp. I am in the process of doing a practice run of roaming profiles and am currently stuck. What is the most common way to prevent two of the workstations from logging into the pdc and thus corrupting the roaming profile? Ive googled this till im blue in the face and am getting nowhere. I cant possibly be the only person whose attempted such :) Any help would be MUCH appreciated. Please forgive me if I have improperly posted this or broken some other ettiqute, this is my second post ever to such a list, so i apologise in advance for any mistakes. Mark -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Re: Samba/LDAP/PDC Questions
Thank you for the response! >>1. In what situtation do I need People group as the group for >>machines? > Always. Until they fix the bug/design issue that is. OK, I reconfigured smb.conf and smbldap_config.pm to Users for users, Groups for groups, and People for computers. >>2. Should the PDC itself be in the ldap backend database? > I haven't found a good reason that it 'has' to in my tests. I did join PDC to the domain using 'net rpc join -Uadministrator%secret' according to John H. Terpatra's Samba-3 by Example. After joining, I do see the PDC machine is the ldap backend database. >>3. In the /etc/ldap.conf, if I turn on the nss staff, I cannot log >> in to the dmain anymore. It said "User does not exist". > Can you expand on this a bit more? From what you've said (which isn't > much) it almost sounds like you didn't have ldap working as the posix > auth system before you layered on samba. My /etc/ldap.conf is as follow: host 127.0.0.1 base dc=ab,dc=com # nss_base_passwdou=Users,dc=ab,dc=com?one # nss_base_shadowou=Users,dc=ab,dc=com?one # nss_base_group ou=Group,dc=ab,dc=com?one ssl no pam_password md5 # What I was trying to say is that the three nss_base lines: o with or without them, I can do 'getent password' etc with all the posixAcounts o with them uncommented, I cannot loginto a domain account from an XP machine, though the XP machine itself joined the domain on a fly. [* actually I cannot login to a domain account from the XP no matter what after I reconfigure the PDC with People for computers *] So I wonder what exactly these three lines do. The PDC is on Fedora 2 system. I ran authconfig to enable ldap authentication. The pam.d is automatically configured. I am not sure it is using ldap_nss stuff at all. Right now, I can join the XP machine into the domain but after reboot I just cannot log into domain Administrator account. The error from the XP is "The system could not log you on, Make sure your user name and domain are correct, then type your oassword again." >From the log.xp file, I see errors. Any suggestion? -- Kang Sun # [2004/07/20 14:42:38, 0] rpc_server/srv_pipe.c:api_pipe_netsec_process(1397) failed to decode PDU [2004/07/20 14:42:38, 0] rpc_server/srv_pipe_hnd.c:process_request_pdu(605) process_request_pdu: failed to do schannel processing. ## -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Virus checker leaving "chmod of" files in samba log
I have some more information and a possible clue to what is going on here. 1) The "chmod" was only happening to files that I did not own. 2) These files were on Samba shares that I had write access to. Readonly shares did not give me this behavior on any file. Writable shares only gave me this behavior on files I did not own. This behavior was noted in the archives: http://lists.samba.org/archive/samba/2003-March/063621.html and http://lists.samba.org/archive/samba-technical/2003-November/032624.html with the first reference stating the following: - When the laptop user connects to the network, and starts to synchronize, the synchronization fails with "NT_STATUS_ACCESS_DENIED". A bit of tracing through debugging output show that: * Synchronization fails only on files not owned by the laptop owner * The laptop user is in the correct unix group to read and write these files, and smbd knows this. * Some packet dumping shows that the actual point of failure comes when the laptop issues a SET_FILE_INFORMATION request. It looks like XP is trying to set the mode of the files (even though it doesn't need to). Samba is "doing the right thing" and translates this into a chmod call, which fails correctly due to the file owner not being the laptop user. - Now I was running a Virus Scanner and not synchronizing my files (knowingly), but the behavior is the same and repeatable. I'm guessing that the virus scanner is performing a syncronization during its scanning. Anyway, it seems harmless but really clogs the logs at debug level 2! Any other pointers appreciated. It appears harmless but will be keeping my eye on it. -Jim -Original Message- From: Sullivan, James (NIH/CIT) Sent: Tuesday, July 20, 2004 1:09 PM To: '[EMAIL PROTECTED]' Subject: [Samba] Virus checker leaving "chmod of" files in samba log Hi all, I am running a Samba 3.0.0-14.3E server on a RedHat Enterprise WS3. Here's the problem: When I am connected from my PC (Windows 2000) and run the MacAffee v4.5.1 virus scanner on the connected share, I see the following in the Samba log file (debug level=2) for what appears to be each file in the share: [2004/07/20 13:02:51, 2] smbd/open.c:open_file(250) sullivan opened file media/._media1.pov read=Yes write=No (numopen=1) [2004/07/20 13:02:51, 2] smbd/close.c:close_normal_file(228) sullivan closed file media/._media1.pov (numopen=0) [2004/07/20 13:02:51, 2] smbd/open.c:open_file(250) sullivan opened file media/._media1.pov read=Yes write=No (numopen=1) [2004/07/20 13:02:51, 2] smbd/close.c:close_normal_file(228) sullivan closed file media/._media1.pov (numopen=0) [2004/07/20 13:02:51, 2] smbd/open.c:open_file(250) sullivan opened file media/._media1.pov read=Yes write=No (numopen=1) [2004/07/20 13:02:51, 2] smbd/trans2.c:call_trans2setfilepathinfo(3091) chmod of media/._media1.pov failed (Operation not permitted) [2004/07/20 13:02:51, 2] smbd/close.c:close_normal_file(228) sullivan closed file media/._media1.pov (numopen=0) [2004/07/20 13:02:51, 2] smbd/open.c:open_file(250) sullivan opened file media/._media1.pov read=No write=Yes (numopen=1) [2004/07/20 13:02:51, 2] smbd/close.c:close_normal_file(228) sullivan closed file media/._media1.pov (numopen=0) [2004/07/20 13:02:51, 2] smbd/open.c:open_file(250) Note the "chmod of media/._media1.pov failed (Operation not permitted)" line. Does anyone know what the virus scanner is trying to do? -Jim -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Windows permissions
Greetings NG- I'm putting together a Samba domain for the first time, using 3.0.2a-Debian. I have created a good smb.conf file (based on the Howto book by John Terpstra), including the following line to disable roaming profiles everywhere: logon path = Thanks to Josh Ginsberg and company for that one! Now I have created one logon user and have logged on successfully from a Win2k/pro machine without incident. However, this user does not have Administrator privaledges on the windows machine. I need a samba domain user that logs in and has all the privaledges that a local "Administrator" user has. Is this possible? I would think this should be configurable on the server, as authentication is all done via SMB/CIFS. Am I right? I have investigated the smbpasswd command, thinking it should be in there somewhere, but no dice. TIA, Jake Marble LandEZ -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Samba + ADS + User Accounts
Hello, We have a windows 2003 server hosting ADS. We also have a fedora core 2 file server running samba 3.0.2a. We have it currently configured to join the ADS domain. We Can use Winbind to see users, groups, etc. We can even browse samba shares from windows computers. However one thing we don't know: What we want to do is when a user is added to ADS for samba to create a user directory (like it does when you run adduser in linux) with proper ownership of that dirrectory. Can samba do this? If so, how do we set up samba to do that?? Thanks Dan Strohschein Director of Software The Wifi Link -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Invitation to Hawaii (USA) and Amalfi (Italy) vip/ka
Dear Dr. Samba, This is an invitation for you to attend two IPSI BgD multidisciplinary and interdisciplinary conferences, one in Hawaii, and one in Amalfi, as follows: IPSI-2005 HAWAII Big Island Hawaii (arrival: 06.01.2005. departure: 09.01.2005.) Deadlines: 1 October 2004 (abstract) + 30 October 2004 (full paper) IPSI-2005 AMALFI Amalfi, Italy (arrival: 17.02.2005. departure: 20.02.2005.) Deadlines: 17 October 2004 (abstract) + 7 December 2004 (full papers) If you like to obtain more information on both conferences, please reply to this email. All IPSI BgD conferences are non-profit! They bring together the elite of the world science (so far, 7 times a Nobel Laureate was talking at the opening ceremony), and they take place in the leading hotels of the world. Topics of interest include, but are not limited to: Internet, Computer Science and Engineering, Management and Business Administration, Education, e-Medicine, Electrical Engineering, Bioengineering, Environment Protection, and e-Economy. These conferences are in line with the newest recommendations of NSF and EU to stress multidisciplinary, interdisciplinary, and transdisciplinary research, and truly support this type of scientific interraction. Sincerely Yours, Prof. V. Milutinovic, Chairman PS - If you plan to submit an abstract/paper, let us know immediately. If you are not able to attend now, but you like to be informed about the future IPSI BgD conferences, please let us know. If you do not like to receive future invitations, let us know, as well! -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Delete directory on mounted system
Hello, I'm french so sorry for my mistakes. I have samba server 2.2.8 on mdk and one PC on Fedora Core II in local network. I have mounted some smb directory on my FC2 . All work fine but just i can't delete any directory on my FC2 however i have all the rights. That made 4 days that I seek but I found anything. Thank for your help. -- Cordialement, toute l'Ãquipe de LinuxPourLesNuls. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Slowdown due to change in DC lookup from 3.0.1 to 3.0.2a
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Derek Holden wrote: | I am experiencing slowdown due to changes introduced | after 3.0.1 to the various DC lookup routines. I have | it narrowed down but don't know where to go from here. | First the relevant pieces of the conf: | | [global] |workgroup = COMPANY.COM |security = server |log level = "4 auth:6" |password server = SERVER1 SERVER2 |wins server = 10.0.0.29 |os level = 0 |domain / preferred / local master = no |dns proxy = no ... | It appears before ads_dc_name () was being | alled before because the condition strchr_m(domain, '.') | was passing due to the domain being 'COMPANY.COM' in | the conf. This is why the check was considered to be bogus. having a '.' in a netbios name always ends in tears. Set workgroup to be the short version of the AD realm name. Then the name should resolve via WINS. | Now it fails because it it is checking either ADS | security mode or realm. However, realm is set to NULL | from the enumerate_domain_trusts call. | | So that's where I am at. I don't have the priviledges at | the company to add this server to the domain, which is | why security mode is server. I'd appreciate any help | or pointers. Thanks a lot, cheers, jerry - -- Hewlett-Packard- http://www.hp.com SAMBA Team -- http://www.samba.org GnuPG Key http://www.plainjoe.org/gpg_public.asc "...a hundred billion castaways looking for a home." --- Sting -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFA/VlnIR7qMdg1EfYRAq37AKDjUmYB6z37pUbWpKXPK+v46jEqbACgtkFv XnURNQjeDQjILgeU3ljf9co= =BmhS -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Virus checker leaving "chmod of" files in samba log
Hi all, I am running a Samba 3.0.0-14.3E server on a RedHat Enterprise WS3. Here's the problem: When I am connected from my PC (Windows 2000) and run the MacAffee v4.5.1 virus scanner on the connected share, I see the following in the Samba log file (debug level=2) for what appears to be each file in the share: [2004/07/20 13:02:51, 2] smbd/open.c:open_file(250) sullivan opened file media/._media1.pov read=Yes write=No (numopen=1) [2004/07/20 13:02:51, 2] smbd/close.c:close_normal_file(228) sullivan closed file media/._media1.pov (numopen=0) [2004/07/20 13:02:51, 2] smbd/open.c:open_file(250) sullivan opened file media/._media1.pov read=Yes write=No (numopen=1) [2004/07/20 13:02:51, 2] smbd/close.c:close_normal_file(228) sullivan closed file media/._media1.pov (numopen=0) [2004/07/20 13:02:51, 2] smbd/open.c:open_file(250) sullivan opened file media/._media1.pov read=Yes write=No (numopen=1) [2004/07/20 13:02:51, 2] smbd/trans2.c:call_trans2setfilepathinfo(3091) chmod of media/._media1.pov failed (Operation not permitted) [2004/07/20 13:02:51, 2] smbd/close.c:close_normal_file(228) sullivan closed file media/._media1.pov (numopen=0) [2004/07/20 13:02:51, 2] smbd/open.c:open_file(250) sullivan opened file media/._media1.pov read=No write=Yes (numopen=1) [2004/07/20 13:02:51, 2] smbd/close.c:close_normal_file(228) sullivan closed file media/._media1.pov (numopen=0) [2004/07/20 13:02:51, 2] smbd/open.c:open_file(250) Note the "chmod of media/._media1.pov failed (Operation not permitted)" line. Does anyone know what the virus scanner is trying to do? -Jim -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba as a portable userland FS basis?
1. Is it possible to build/run the Samba _server_ on Windows (e.g. using Cygwin)? a quick ./configure test on Cygwin results in: ... checking whether to use included popt... ./popt checking configure summary... ERROR: No locking available. Running Samba would be unsafe configure: error: summary failure. Aborting config [EMAIL PROTECTED] ~/samba-2.2.9/source after hacking/forcing configure to go on by inserting samba_cv_HAVE_FCNTL_LOCK=yes the "configure" runs till' end with no further complaints. moreover: "make" runs through without complaints (some C warnings which look like expected ..). then "make install" has it's problems: [EMAIL PROTECTED] ~/samba-2.2.9/source $ make install Using FLAGS = -O -I./popt -Iinclude -I./include -I./ubiqx -I./smbwrapper -DLOGFILEBASE="/usr DSBINDIR="/usr/local/samba/bin" -DLOCKDIR="/usr/local/samba/var/locks" -DCODEPAGEDIR="/usr/loca IBDIR="/usr/local/samba/lib" -DHAVE_INCLUDES_H -DPASSWD_PROGRAM="/usr/bin/passwd" -DSMB_PASSWD_ Using FLAGS32 = -O -I./popt -Iinclude -I./include -I./ubiqx -I./smbwrapper -DLOGFILEBASE="/u -DSBINDIR="/usr/local/samba/bin" -DLOCKDIR="/usr/local/samba/var/locks" -DCODEPAGEDIR="/usr/lo DLIBDIR="/usr/local/samba/lib" -DHAVE_INCLUDES_H -DPASSWD_PROGRAM="/usr/bin/passwd" -DSMB_PASSW Using LIBS = -lcrypt /bin/sh ./install-sh -d -m 0755 /usr/local/samba /bin/sh ./install-sh -d -m 0755 /usr/local/samba/bin /bin/sh ./install-sh -d -m 0755 /usr/local/samba/bin /bin/sh ./install-sh -d -m 0755 /usr/local/samba/lib /bin/sh ./install-sh -d -m 0755 /usr/local/samba/var /bin/sh ./install-sh -d -m 0755 /usr/local/samba/var/locks /bin/sh ./install-sh -d -m 0755 /usr/local/samba/lib/codepages Installing bin/smbd as /usr/local/samba/bin/smbd cp: `bin/smbd' and `/usr/local/samba/bin/smbd' are the same file chmod: getting attributes of `/usr/local/samba/bin/smbd': No such file or directory Installing bin/nmbd as /usr/local/samba/bin/nmbd cp: `bin/nmbd' and `/usr/local/samba/bin/nmbd' are the same file chmod: getting attributes of `/usr/local/samba/bin/nmbd': No such file or directory Installing bin/swat as /usr/local/samba/bin/swat cp: `bin/swat' and `/usr/local/samba/bin/swat' are the same file chmod: getting attributes of `/usr/local/samba/bin/swat': No such file or directory ... after manually copying the binaries like "make install" tried, I reran "make install" to get the codepages installed, since now it can find the binaries needed for this then, I copied C:\cygwin\home\tob\samba-2.2.9\examples\smb.conf.default to C:\cygwin\usr\local\samba\lib\smb.conf with slight editing now, at least basic functionality seem to work: [EMAIL PROTECTED] ~ $ smbd -i -d 10 -s /usr/local/samba/lib/smb.conf ... load_unicode_map: loading unicode map for codepage 850. load_unix_unicode_map: ISO8859-1 (init_done=0, override load_unicode_map: loading unicode map for codepage ISO8 loaded services fcntl_lock 5 8 0 1 2 fcntl_lock: Lock call successful claiming 0 bind succeeded on port 139 ... waiting for a connection and $ smbclient -L localhost added interface ip=192.168.1.101 bcast=192.168.1.255 nmask=255.255.255.0 Password: Anonymous login successful Domain=[ARBEITSGRUPPE] OS=[Unix] Server=[Samba 2.2.9] Sharename Type Comment - --- tmpDisk Temporary file space IPC$ IPC IPC Service (Samba Server) ADMIN$ Disk IPC Service (Samba Server) Server Comment ---- WorkgroupMaster ---- [EMAIL PROTECTED] ~ so this leaves me with the question: Is the fcnlt/locking issue on Cygwin significant? 2. Is there a "reasonable" internal API within the Samba server which could be used to stack unusual FS stuff on top? I just learned there is a VFS interface to implement modules to do various unusual things. Is this the recommended way of extending Samba? Cheers, Tobias -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: String overflow in safe_strcpy .
you can change "mangle prefix" to specify the number of characters you want to stay the same. Just remember the more letters that remain the same the more likely you will get a collision and slow things down. Carl Matthews wrote: Is there another way to make shares readable to 16 bit apps that use the 8.3 filename. because with out specifying "mangling method = hash" the file names are completly mangled and only the first letter remains the same. Where as "mangling method = hash" only mangles the last 3 letters. Carl. Carl Matthews wrote: Hi Jeremy, Sorry for not replying sooner, ive attached my config file. as a quick test, I created a folder called : "Test Directory That Is Long" under which i created a folder called "This folder is long too" and a file called "This Folder is long.txt" and this gives me the string errors. Thanks. Jeremy Allison wrote: On Wed, Jul 14, 2004 at 11:03:26PM +0100, Carl wrote: Just Installed 3.0.5rc1 and the problem persists unfortunately, Ok, can you give me the smb.conf file and the directory and filenames you're using. I'll see if I can reproduce with the latest SVN code. Thanks, Jeremy. # Samba config file created using SWAT # from 0.0.0.0 (0.0.0.0) # Date: 2004/06/23 10:15:40 # Global parameters [global] server string = Mandrake1 netbios aliases = FC1 password server = None guest account = mleall username map = /etc/samba/smbusers log level = 0 log file = /var/log/samba/%m.log max log size = 500 name resolve order = wins lmhosts host bcas deadtime = 15 socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 load printers = No mangling method = hash preferred master = Yes domain master = No dns proxy = No wins support = Yes oplock break wait time = 100 ldap ssl = no valid users = @MLE-ALL create mask = 0775 directory mask = 0775 guest ok = Yes dos filemode = Yes [NET-Eng] comment = Product Design By Genius path = /mnt/mle-net/MLE-NET/MLE-NET-Eng write list = @MLE-ALL force user = mleall read only = No [NET-GMDB] comment = MLE-NET GoldMine DB path = /mnt/mle-net/MLE-NET/MLE-NET-GMDB write list = @MLE-ALL force user = mleall read only = No veto oplock files = /*.DBT/*.DBF/*.MDX/ blocking locks = No level2 oplocks = No dos filemode = No [NET-Public] comment = MLE-NET Public Share path = /home/local/samba-public write list = @MLE-ALL force user = mleall read only = No copy = NET-Eng -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Rpm for Redhat v7.1
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 [EMAIL PROTECTED] wrote: | Hi | | Could you suggest where I can download a samba-2.2.6 or | samba-2.2.9 rpm for Redhat Linux v7.1. | I am presently using a samba-2.2.3a server but Windows | XP clients create extra files when saving or copying to | this samaba server. Grab the SRPM from samba.org and run 'rpm --rebuild ' on it is the best bet I think. | | Best regards, | | Gary Marshall | e-Protector | Tel: 0870 0278302 | Mob: 07769 747080 | Fax: 0115 9227111 | | | | | ** | This email and any files transmitted with it are confidential and | intended solely for the use of the individual or entity to whom they | are addressed. If you have received this email in error please notify | [EMAIL PROTECTED] | | This footnote also confirms that this email message has been swept | for the presence of computer viruses. | ** | - -- - -- Hewlett-Packard- http://www.hp.com SAMBA Team -- http://www.samba.org GnuPG Key http://www.plainjoe.org/gpg_public.asc "...a hundred billion castaways looking for a home." --- Sting -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFA/U9oIR7qMdg1EfYRApqAAKC5GL7fnNrcungDW9Vzm5zbBY+C+QCdHHje WNNCRYQnw1vfkWxri4gHuGw= =CaYv -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] LOGIC ERROR in smbd locks system...
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Maier, Thomas wrote: | Hello, | | i have a little problem here: | | Using Samba 2.2.2 with IBM ClearCase (2003) on a Sun Solaris | 8 machine (2 cpus, 4G ram) (IBM does not support Samba 3.0 | with Clearcase, maybe Samba 3.0 will fix the problem, but not able | to test it yet). There are more than 100 smbd processes running | in average. Load average of the maschine: under 1.0 in | normal operation. | | But from time to time there are system locks, means: there | are many smbd's running (over 50 and more) that produces | n load average of over 50.0 ! These processes consume about | 2% cpu time per smbd, resulting in: cpu state: 0% idle 10% | user 90% kernel. Thomas, The 2.2. branch is no linger under development or maintenance. However at the very least I would suggest upgrading to to Samba 2.2.9. I remember this code and when Jeremy was working on it. Changes are that 2.2.9 will be better for you. I don't remember the Solaris lock kernel bug was Solaris 7, 8, or 9 (or all three). But check with you Sun rep about the fcntl() kernel lock patch. Don't remember the patch # right now. Sorry. cheers, jerry - -- Hewlett-Packard- http://www.hp.com SAMBA Team -- http://www.samba.org GnuPG Key http://www.plainjoe.org/gpg_public.asc "...a hundred billion castaways looking for a home." --- Sting -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFA/Uo8IR7qMdg1EfYRAj/rAJ9aScH9DGqQUYBw/1OL/nGf78XvaACgjLrG fqetpaETctETm32G4oVHnqE= =wab/ -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] problem joining a domain after upgrade
hello, I've upgraded my samba server to samba 3.02. The roaming profiles works fine. But I've got a problem with the workstation accounts. On some machine (not all of them), I can't load any roaming profile. I've got to log localy as administrator and to join manually the domain. Then everything works fine. The matter is that I've got a lot of machine with this problem... is there a way to automatically do this ? The workstation are running Windows2000. And if someone knows why it happends only on some workstation... thanks, Fabrice Tereszkiewicz -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba+LDAP - so close yet so far :) ...STILL NOT SOLVED
abebe lsslp wrote: I was having trouble sleeping last night, so I start going over your past e-mails. Do you remember you asking me that I need to make sure LDAP is authenticating system users? And I told you that it was. I was not completely lying, it authenticates 'testuser1' with no problem. However, 'administrator' is getting kicked out as soon as it logs in. Here is what it looks like: [EMAIL PROTECTED] root]# ssh [EMAIL PROTECTED] [EMAIL PROTECTED]'s password: Last login: Tue Jul 20 09:49:05 2004 from 192.168.1.17 Connection to 192.168.1.10 closed. [EMAIL PROTECTED] root]# Off course: loginShell: /bin/false It logins, then just die, because it have no shell. :) Here is part of 'slapd.log': +++ Jul 20 10:22:31 eaglex slapd[20508]: conn=7 op=2 SRCH attr=cn userPassword memberUid uniqueMember gidNumber Jul 20 10:22:31 eaglex slapd[20508]: conn=7 op=2 SEARCH RESULT tag=101 err=0 nentries=1 text= Jul 20 10:22:31 eaglex slapd[20508]: conn=7 fd=15 closed Jul 20 10:25:17 eaglex slapd[20508]: conn=4 op=2 SRCH base="dc=wbcoll,dc=edu" scope=2 filter="(&(objectClass=posixAccount)(uid=administrator))" Jul 20 10:25:17 eaglex slapd[20508]: conn=4 op=2 SRCH attr=uid userPassword uidNumber gidNumber cn homeDirectory loginShell gecos description objectClass Jul 20 10:25:17 eaglex slapd[20508]: conn=4 op=2 SEARCH RESULT tag=101 err=0 nentries=1 text= Jul 20 10:25:19 eaglex slapd[20508]: conn=8 fd=15 ACCEPT from IP=127.0.0.1:33263 (IP=0.0.0.0:389) Jul 20 10:25:19 eaglex slapd[20508]: conn=8 op=0 BIND dn="cn=Manager,dc=wbcoll,dc=edu" method=128 Jul 20 10:25:19 eaglex slapd[20508]: conn=8 op=0 BIND dn="cn=Manager,dc=wbcoll,dc=edu" mech=simple ssf=0 Jul 20 10:25:19 eaglex slapd[20508]: conn=8 op=0 RESULT tag=97 err=0 text= Jul 20 10:25:19 eaglex slapd[20508]: conn=8 op=1 SRCH base="dc=wbcoll,dc=edu" scope=2 filter="(uid=Administrator)" Jul 20 10:25:19 eaglex slapd[20508]: conn=8 op=1 SEARCH RESULT tag=101 err=0 nentries=1 text= Jul 20 10:25:19 eaglex slapd[20508]: conn=8 op=2 BIND anonymous mech=implicit ssf=0 Jul 20 10:25:19 eaglex slapd[20508]: conn=8 op=2 BIND dn="uid=Administrator,ou=Users,dc=wbcoll,dc=edu" method=128 Jul 20 10:25:19 eaglex slapd[20508]: conn=8 op=2 BIND dn="uid=Administrator,ou=Users,dc=wbcoll,dc=edu" mech=simple ssf=0 Jul 20 10:25:19 eaglex slapd[20508]: conn=8 op=2 RESULT tag=97 err=0 text= Jul 20 10:25:19 eaglex slapd[20508]: conn=8 op=3 BIND anonymous mech=implicit ssf=0 Jul 20 10:25:19 eaglex slapd[20508]: conn=8 op=3 BIND dn="cn=Manager,dc=wbcoll,dc=edu" method=128 Jul 20 10:25:19 eaglex slapd[20508]: conn=8 op=3 BIND dn="cn=Manager,dc=wbcoll,dc=edu" mech=simple ssf=0 Jul 20 10:25:19 eaglex slapd[20508]: conn=8 op=3 RESULT tag=97 err=0 text= Jul 20 10:25:19 eaglex slapd[20508]: conn=9 fd=18 ACCEPT from IP=127.0.0.1:33264 (IP=0.0.0.0:389) Jul 20 10:25:19 eaglex slapd[20508]: conn=9 op=0 BIND dn="cn=Manager,dc=wbcoll,dc=edu" method=128 Jul 20 10:25:19 eaglex slapd[20508]: conn=9 op=0 BIND dn="cn=Manager,dc=wbcoll,dc=edu" mech=simple ssf=0 Jul 20 10:25:19 eaglex slapd[20508]: conn=9 op=0 RESULT tag=97 err=0 text= Jul 20 10:25:19 eaglex slapd[20508]: deferring operation Jul 20 10:25:19 eaglex slapd[20508]: conn=9 op=1 SRCH base="dc=wbcoll,dc=edu" scope=2 filter="(&(objectClass=shadowAccount)(uid=Administrator))" Jul 20 10:25:19 eaglex slapd[20508]: conn=9 op=1 SRCH attr=uid userPassword shadowLastChange shadowMax shadowMin shadowWarning shadowInactive shadowExpire Jul 20 10:25:19 eaglex slapd[20508]: conn=9 op=1 SEARCH RESULT tag=101 err=0 nentries=1 text= Jul 20 10:25:20 eaglex slapd[20508]: conn=8 op=4 UNBIND Jul 20 10:25:20 eaglex slapd[20508]: conn=8 fd=15 closed Jul 20 10:25:20 eaglex slapd[20508]: conn=10 fd=15 ACCEPT from IP=127.0.0.1:33265 (IP=0.0.0.0:389) Jul 20 10:25:20 eaglex slapd[20508]: conn=9 fd=18 closed Jul 20 10:25:20 eaglex slapd[20508]: conn=10 op=0 BIND dn="cn=Manager,dc=wbcoll,dc=edu" method=128 Jul 20 10:25:20 eaglex slapd[20508]: conn=10 op=0 BIND dn="cn=Manager,dc=wbcoll,dc=edu" mech=simple ssf=0 Jul 20 10:25:20 eaglex slapd[20508]: conn=10 op=0 RESULT tag=97 err=0 text= Jul 20 10:25:20 eaglex slapd[20508]: conn=10 op=1 SRCH base="dc=wbcoll,dc=edu" scope=2 filter="(uid=Administrator)" Jul 20 10:25:20 eaglex slapd[20508]: conn=10 op=1 SEARCH RESULT tag=101 err=0 nentries=1 text= Jul 20 10:25:20 eaglex slapd[20508]: conn=10 op=2 SRCH base="ou=Groups,dc=wbcoll,dc=edu" scope=1 filter="(&(objectClass=posixGroup)(|(memberUid=Administrator)(uniqueMember=uid=administrator,ou=users,dc=wbcoll,dc=edu)))" Jul 20 10:25:20 eaglex slapd[20508]: conn=10 op=2 SRCH attr=cn userPassword memberUid uniqueMember gidNumber Jul 20 10:25:20 eaglex slapd[20508]: conn=10 op=2 SEARCH RESULT tag=101 err=0 nentries=1 text= Jul 20 10:25:20 eaglex slapd[20508]: conn=10 fd=15 closed +++ Is it alright if I delete the files in '/var/lib/ldap/*' before I use 'slapindex'? When I do the 'ldapsearch' command, machin
[Samba] Active directory and trusted domains
I setup Samba a while ago in an active directory environment. There are many trusted domains (with a very lot lot of users and computer account), but i (my users) used only one, and all worked just fine Actually, some from others domains needs to connect to my shares. And even if i do not setupe any users, they cannot. So here are some few questions : I've this in my winbindd log file : [2004/07/20 16:29:48, 1] nsswitch/winbindd_util.c:winbindd_lookup_name_by_sid(429) Can't find domain from sid [2004/07/20 16:33:21, 1] nsswitch/winbindd_sid.c:winbindd_gid_to_sid(437) Could not convert gid 65534 to sid [2004/07/20 16:40:55, 1] nsswitch/winbindd_util.c:winbindd_lookup_name_by_sid(429) Can't find domain from sid [2004/07/20 16:40:55, 1] libsmb/clikrb5.c:ads_krb5_mk_req(276) krb5_get_credentials failed for [EMAIL PROTECTED] (KDC can't fulfill requested option) - Is 65534 a limitation? - credentials seems to fail, however MYAD is the only domain where there is no problems for accessing shares. - Is there any limitation in the idmap uid and idmap gid? A few minutes before, in the log, i've line that said others domains are correctly added. Regard's Vincent -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba+LDAP - so close yet so far :) ...STILL NOT SOLVED
I was having trouble sleeping last night, so I start going over your past e-mails. Do you remember you asking me that I need to make sure LDAP is authenticating system users? And I told you that it was. I was not completely lying, it authenticates 'testuser1' with no problem. However, 'administrator' is getting kicked out as soon as it logs in. Here is what it looks like: [EMAIL PROTECTED] root]# ssh [EMAIL PROTECTED] [EMAIL PROTECTED]'s password: Last login: Tue Jul 20 09:49:05 2004 from 192.168.1.17 Connection to 192.168.1.10 closed. [EMAIL PROTECTED] root]# Here is part of 'slapd.log': +++ Jul 20 10:22:31 eaglex slapd[20508]: conn=7 op=2 SRCH attr=cn userPassword memberUid uniqueMember gidNumber Jul 20 10:22:31 eaglex slapd[20508]: conn=7 op=2 SEARCH RESULT tag=101 err=0 nentries=1 text= Jul 20 10:22:31 eaglex slapd[20508]: conn=7 fd=15 closed Jul 20 10:25:17 eaglex slapd[20508]: conn=4 op=2 SRCH base="dc=wbcoll,dc=edu" scope=2 filter="(&(objectClass=posixAccount)(uid=administrator))" Jul 20 10:25:17 eaglex slapd[20508]: conn=4 op=2 SRCH attr=uid userPassword uidNumber gidNumber cn homeDirectory loginShell gecos description objectClass Jul 20 10:25:17 eaglex slapd[20508]: conn=4 op=2 SEARCH RESULT tag=101 err=0 nentries=1 text= Jul 20 10:25:19 eaglex slapd[20508]: conn=8 fd=15 ACCEPT from IP=127.0.0.1:33263 (IP=0.0.0.0:389) Jul 20 10:25:19 eaglex slapd[20508]: conn=8 op=0 BIND dn="cn=Manager,dc=wbcoll,dc=edu" method=128 Jul 20 10:25:19 eaglex slapd[20508]: conn=8 op=0 BIND dn="cn=Manager,dc=wbcoll,dc=edu" mech=simple ssf=0 Jul 20 10:25:19 eaglex slapd[20508]: conn=8 op=0 RESULT tag=97 err=0 text= Jul 20 10:25:19 eaglex slapd[20508]: conn=8 op=1 SRCH base="dc=wbcoll,dc=edu" scope=2 filter="(uid=Administrator)" Jul 20 10:25:19 eaglex slapd[20508]: conn=8 op=1 SEARCH RESULT tag=101 err=0 nentries=1 text= Jul 20 10:25:19 eaglex slapd[20508]: conn=8 op=2 BIND anonymous mech=implicit ssf=0 Jul 20 10:25:19 eaglex slapd[20508]: conn=8 op=2 BIND dn="uid=Administrator,ou=Users,dc=wbcoll,dc=edu" method=128 Jul 20 10:25:19 eaglex slapd[20508]: conn=8 op=2 BIND dn="uid=Administrator,ou=Users,dc=wbcoll,dc=edu" mech=simple ssf=0 Jul 20 10:25:19 eaglex slapd[20508]: conn=8 op=2 RESULT tag=97 err=0 text= Jul 20 10:25:19 eaglex slapd[20508]: conn=8 op=3 BIND anonymous mech=implicit ssf=0 Jul 20 10:25:19 eaglex slapd[20508]: conn=8 op=3 BIND dn="cn=Manager,dc=wbcoll,dc=edu" method=128 Jul 20 10:25:19 eaglex slapd[20508]: conn=8 op=3 BIND dn="cn=Manager,dc=wbcoll,dc=edu" mech=simple ssf=0 Jul 20 10:25:19 eaglex slapd[20508]: conn=8 op=3 RESULT tag=97 err=0 text= Jul 20 10:25:19 eaglex slapd[20508]: conn=9 fd=18 ACCEPT from IP=127.0.0.1:33264 (IP=0.0.0.0:389) Jul 20 10:25:19 eaglex slapd[20508]: conn=9 op=0 BIND dn="cn=Manager,dc=wbcoll,dc=edu" method=128 Jul 20 10:25:19 eaglex slapd[20508]: conn=9 op=0 BIND dn="cn=Manager,dc=wbcoll,dc=edu" mech=simple ssf=0 Jul 20 10:25:19 eaglex slapd[20508]: conn=9 op=0 RESULT tag=97 err=0 text= Jul 20 10:25:19 eaglex slapd[20508]: deferring operation Jul 20 10:25:19 eaglex slapd[20508]: conn=9 op=1 SRCH base="dc=wbcoll,dc=edu" scope=2 filter="(&(objectClass=shadowAccount)(uid=Administrator))" Jul 20 10:25:19 eaglex slapd[20508]: conn=9 op=1 SRCH attr=uid userPassword shadowLastChange shadowMax shadowMin shadowWarning shadowInactive shadowExpire Jul 20 10:25:19 eaglex slapd[20508]: conn=9 op=1 SEARCH RESULT tag=101 err=0 nentries=1 text= Jul 20 10:25:20 eaglex slapd[20508]: conn=8 op=4 UNBIND Jul 20 10:25:20 eaglex slapd[20508]: conn=8 fd=15 closed Jul 20 10:25:20 eaglex slapd[20508]: conn=10 fd=15 ACCEPT from IP=127.0.0.1:33265 (IP=0.0.0.0:389) Jul 20 10:25:20 eaglex slapd[20508]: conn=9 fd=18 closed Jul 20 10:25:20 eaglex slapd[20508]: conn=10 op=0 BIND dn="cn=Manager,dc=wbcoll,dc=edu" method=128 Jul 20 10:25:20 eaglex slapd[20508]: conn=10 op=0 BIND dn="cn=Manager,dc=wbcoll,dc=edu" mech=simple ssf=0 Jul 20 10:25:20 eaglex slapd[20508]: conn=10 op=0 RESULT tag=97 err=0 text= Jul 20 10:25:20 eaglex slapd[20508]: conn=10 op=1 SRCH base="dc=wbcoll,dc=edu" scope=2 filter="(uid=Administrator)" Jul 20 10:25:20 eaglex slapd[20508]: conn=10 op=1 SEARCH RESULT tag=101 err=0 nentries=1 text= Jul 20 10:25:20 eaglex slapd[20508]: conn=10 op=2 SRCH base="ou=Groups,dc=wbcoll,dc=edu" scope=1 filter="(&(objectClass=posixGroup)(|(memberUid=Administrator)(uniqueMember=uid=administrator,ou=users,dc=wbcoll,dc=edu)))" Jul 20 10:25:20 eaglex slapd[20508]: conn=10 op=2 SRCH attr=cn userPassword memberUid uniqueMember gidNumber Jul 20 10:25:20 eaglex slapd[20508]: conn=10 op=2 SEARCH RESULT tag=101 err=0 nentries=1 text= Jul 20 10:25:20 eaglex slapd[20508]: conn=10 fd=15 closed +++ Is it alright if I delete the files in '/var/lib/ldap/*' before I use 'slapindex'? When I do the 'ldapsearch' command, machine entry does not exist anymore. Here is my 'smb.conf' after taking out what you told me and using 'testpar
[Samba] Access denied to a Samba drive when use Backup Software
Hi! Here's my problem. I have a backup server. It's a Fedora Core 2 box with Samba 3.0.3-5. The client is Win XP. When I try to access to the network drive of my server with my backup software, the program said that the access is denied. But, when I mount the network drive, I can read, execute and write data on the drive. I really have no ideas where is the problem. I've try with these two share. But nothing work. [homes] comment = Home Directories browseable = no writeable = yes [PDF] comment = Dossier de creation des PDF path = /pub/pdf_out # valid users = yann joanne guy public = yes writable = yes printable = no Does somebody as the same problem??? Thanks a lot! Yann -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba+LDAP - so close yet so far :) ...STILL NOT SOLVED
Mohammad Reza wrote: Dear lists... But this still un-solved the real problem to join w2k to samba3-ldap . I'm here with the same situation. I even switch my distro to SuSe with same result, still cant join domain. Please give us hint how to solve or debug this problem. Sorry, I looked at the thread, and I don't have info about your problem with w2k. According to what I read at the link posted by Abebe, I think it may be a problem with the unix system not "seeing" the machine account created automatically by samba (ie, the smbldap-useradd script). You should be able to do a "su - winxp\$" as root, and it should log in: obelix:~# su - virtualxp\$ No directory, logging in with HOME=/ Off course, it will not give you a prompt as virtualxp\$, because the shell is /bin/false, but If the user didn't existed, it would answered: Unkown ID, or something like that. regards reza -Original Message- From: Craig White [mailto:[EMAIL PROTECTED] Sent: Tue 7/20/2004 9:48 AM To: [EMAIL PROTECTED] Cc: Subject:Re: [Samba] Samba+LDAP - so close yet so far :) ...STILL NOT SOLVED On Mon, 2004-07-19 at 19:34, José Ildefonso Camargo Tolosa wrote: http://samba.idealx.org/smbldap-howto.fr.html as you recommended. I have one big question, which one do I put in '/etc/ldap.conf' nss_base_passwd dc=wbcoll,dc=edu?one nss_base_shadow dc=wbcoll,dc=edu?one nss_base_group ou=Groups,dc=wbcoll,dc=edu?one or nss_base_passwdou=Users,dc=wbcoll,dc=edu?one nss_base_shadowou=Users,dc=wbcoll,dc=edu?one nss_base_group ou=Groups,dc=wbcoll,dc=edu?one Neither, use this: nss_base_passwd dc=wbcoll,dc=edu?sub nss_base_shadow dc=wbcoll,dc=edu?sub nss_base_group ou=Groups,dc=wbcoll,dc=edu?one Look at the sub, it tells the system to descend to all the sub-objects it may have. --- It is pertinent to consider that this suggestion waives any efficiency for ease of use as it will tell all user lookups to search the entire LDAP tree. I already told him to use his second choice as that is most efficient. I recognize that your option would permit the option of trying to use a separate organizational unit for Computers but this guy is endlessly confused, and simple is clearly better for his purposes, without considering the impact of excessive searching of the LDAP db. Craig -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] HP-UX, problem with 3.0.5rc1 (was not in pre1)
I have built 3.0.5rc1 for testing, with the same options I was using for 3.0.5pre1. Unfortunately, however, when I build this one, everything tanks (save for one or two smaller utils) and dumps core. I have attached my configure script, shamelessly swiped from HP (but edited a little bit for my site) in their CIFS source. Would something in particular from the core file be helpful? This is HP-UX 11i, on an N4000 with HP ansiC. _ _ _ _ ___ _ _ _ |Y#| | | |\/| | \ |\ | | | Ryan Novosielski - Jr. UNIX Systems Admin |$&| |__| | | |__/ | \| _| | [EMAIL PROTECTED] - 973/972.0922 (2-0922) \__/ Univ. of Med. and Dent. | IST/ACS - NJMS Medical Science Bldg - C630 # Check whether the necessary software is installed. # # Check for HP Kerberos libraries # Check for OpenLDAP or HP LDAP libraries # Check for libiconv # Check for autoconf # Check for autoheader # export SMBVER="3.0.5rc1" export CC="cc" if [[ $(uname -m) = "ia64" ]]; then export CFLAGS="+DD32 -DUSING_GROUPNAME_MAP -DWITH_SYSLOG -D_KERNEL_THREADS" else export CFLAGS="+DA1.1 +DS1.1 -DUSING_GROUPNAME_MAP -DWITH_SYSLOG -L/umdapps/prod/ldapapp/local/lib -I/umdapps/prod/ldapapp/local/include" fi export CPPFLAGS="-I/usr/local/include -L/usr/local/lib" # Generate the version.h from script/mkversion.sh script/mkversion.sh if [[ $? != 0 || ! -f include/version.h ]] then print "Cannot generate version.h, script/mkversion.h failed to run" print "successfully." exit 1 fi # Generate the config.h.in # using autoheader if [[ ! -f include/config.h.in ]] then /usr/local/bin/autoheader configure.in if [[ $? != 0 ]] then print "Cannot generate config.h.in, autoheader failed to run" print "successfully." exit 1 fi fi # Generate the configure script from configure.in if [[ ! -f configure ]] then print "Cannot locate configure script" print "Generating configure..." /usr/local/bin/autoconf -o configure configure.in if [[ $? != 0 ]] then print "Cannot generate configure, autoconf failed to run" print "successfully." exit 1 fi fi if [[ ! -x ./configure ]] then print "Configure script is not executable. Adding a +x through" print "chmod" chmod +x ./configure fi # Run configure script with the needed options to build Samba # ./configure \ --with-ldap \ --with-ldapsam \ --with-libiconv=/usr/local \ --without-winbind \ --with-quotas \ --with-utmp \ --with-syslog \ --prefix=/opt/samba-$SMBVER \ --libdir=/opt/samba-$SMBVER/lib \ --localstatedir=/var/samba \ --with-configdir=/etc/samba \ --with-privatedir=/etc/samba/private \ --with-lockdir=/var/spool/locks/samba \ --with-swatdir=/opt/samba-$SMBVER/swat \ --with-acl-support \ --with-msdfs \ --with-pam_smbpass \ --with-pam # Check build and running environment # Currently 11.00 BE is exactly same with 11.11 BE. # And 11.22 BE is exactly same with 11.23 BE, and 11.22 will not be deliveried. # 11.31 BE so far is the same with 11.23 BE, probably is diff from 11.23 in future. os_ver=`uname -r|cut -d "." -f 3` case $os_ver in 11 | 00) version=11 ;; 22 | 23) version=23 ;; 31) version=$os_ver ;; esac for afile in include/config.h Makefile; do diff $afile $afile.$version if [[ $? != 0 ]]; then echo "WARNING: $afile is different from $afile.$version." echo " Please verify the differencies before running make." echo fi done -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba+LDAP - so close yet so far :) ...STILL NOT SOLVED
Craig White wrote: On Mon, 2004-07-19 at 19:34, Josà Ildefonso Camargo Tolosa wrote: http://samba.idealx.org/smbldap-howto.fr.html as you recommended. I have one big question, which one do I put in '/etc/ldap.conf' nss_base_passwd dc=wbcoll,dc=edu?one nss_base_shadow dc=wbcoll,dc=edu?one nss_base_group ou=Groups,dc=wbcoll,dc=edu?one or nss_base_passwdou=Users,dc=wbcoll,dc=edu?one nss_base_shadowou=Users,dc=wbcoll,dc=edu?one nss_base_group ou=Groups,dc=wbcoll,dc=edu?one Neither, use this: nss_base_passwd dc=wbcoll,dc=edu?sub nss_base_shadow dc=wbcoll,dc=edu?sub nss_base_group ou=Groups,dc=wbcoll,dc=edu?one Look at the sub, it tells the system to descend to all the sub-objects it may have. --- It is pertinent to consider that this suggestion waives any efficiency for ease of use as it will tell all user lookups to search the entire LDAP tree. In fact, you should do something like this (that's what I did, if you read the thread): nss_base_passwd ou=Accounts,dc=wbcoll,dc=edu?sub nss_base_shadow ou=Accounts,dc=wbcoll,dc=edu?sub nss_base_group ou=Groups,dc=wbcoll,dc=edu?one And under ou=Accounts,dc=wbcoll,dc=edu, you create another ou: ou=People,ou=Accounts,dc=wbcoll,dc=edu here you place user accounts, and put this in the smb.conf for users ou=Computers,ou=Accounts,dc=wbcoll,dc=edu and here you place computers accounts. Off course, you can call Accounts whatever you want to call it: samba, domains, I don't know. I already told him to use his second choice as that is most efficient. I recognize that your option would permit the option of trying to use a separate organizational unit for Computers but this guy is endlessly confused, and simple is clearly better for his purposes, without considering the impact of excessive searching of the LDAP db. If you only have the ldap for samba, there will not be any problem. It will also allow you to create others ou to futher organize your users (you can't ask someone to have, let's say, 900 users in just one ou). This would also allow you to delegate the administration of a group of users to another person, without giving him access to the whole directory. I was endlessly confused myself when I started with this, I read many different howtos, all of them saying different things. And I have been a samba user for more than two years, I just started to use it with ldap about five months ago. Craig Ildefonso Camargo -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: Smart Questions [Was: Re: [Samba] Re: What happened to this list?]
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Jeremy Allison wrote: |>To be honest, you really need to realize WHOM you sent this to... Jeremy |>Allison, is not the person *I* would send this to. | | | Oh I don't see why not, I ask as many stupid questions | as anyone :-) :-). It's true. Why just the other day oh wait. Maybe I shouldn't tell that story - -- jerry -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFA/TfMIR7qMdg1EfYRAlNSAJ4u+ocuZMzyw6SssYxYooi/pFU6pQCglUkv KyXwPBHv8ol49dxWKggeURM= =WgbF -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] pam_smbmount
Le Tue, Jul 20, 2004 at 11:17:06PM +1000, John Simovic a ecrit: > Has anybody managed to get this working under linux and if not does anybody > mount windows shares under linux without user intervention? yes, you can use the pam's libpam-mount module for this. Note that if you want to mount windows 2003 share, you need to patch the kernel for CIFS support, or use en 2.6 kernel. -- Jérôme -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] What happened to this list?
Hello again, Please understand, that this post was meant to flame no one. I have said it before and I say it now, I believe the samba team to be nothing less than saintly. The world owes them a debt of gratitude. I just wonder if some gurus outside the samba team should be delegated to peruse the list periodically for single posts, since it seems that the samba team is so busy lately. I am grateful to Opensource as a whole and samba in particular. I am no guru, but I will help where I can. Thank you all, Chris On Monday 19 July 2004 07:41 am, Chris wrote: > Hello. > > I have been having some major troubles lately with samba and winbind. The > last 5 posts I made, no one has responded. I did some looking around, and > in the last several months it seems that very few people are getting any > assistance at all on this list at all. > > Why is that? I haven't needed this list in years, but it used to be very > different. > > Is there another place a person can go to get help with samba? I have > faithfully followed the docs and it is still not working right, and it is > most frustrating. > > Chris -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Winbind problem
Okay. I got it. I am posting it for posterity.
Yes, it was something stupid, as I suspected. I am stunned no one has run
into this yet.
Since we are dealing with ADS, I thought it would be safe to refer to things
in ads nomanclature. Aparently not the case with the password server. The
error output was likewise misleading:
[2004/07/15 11:55:43, 1] nsswitch/winbindd_ads.c:ads_cached_connection(81)
ads_connect for domain NEWDOMAIN failed: No such file or directory
I was looking all around both machines' filesystems, LDAP and ADS for a file
or directory that was missing. Turns out that had nothing to do with it.
The problem was this line in my smb.conf:
password server = stan.newdomain.int
It should have been
password server = STAN
i.e. in netbios nomanclature -- not ADS(DNS) nomanclature.
I am amazed that no one caught that, but there it is! So much grief for such
a stupid gaff.
I thank those who took the time to read my post, and hope that this will help
someone in the future.
Chris
On Friday 16 July 2004 07:51 am, Chris wrote:
> Posted: Thu Jul 15, 2004 11:34 amPost subject: Samba/winbind and ADS
> problem
> I almost have this.
>
> I have read the docs, I have read this, I have purchased both books from
> the samba team, and I cannot find any help from any of these.
>
> We are trying to migrate from OLDDOMAIN (an NT4 Domain) to NEWDOMAIN (our
> Win2k3 Domain). I have a two way trust right now between the domains. I
> have everything configured as per the docs as far as smb.conf, krb5.conf
> and nsswitch. I do:
> Code:
> # wbinfo -t
> checking the trust secret via RPC calls succeeded
>
> so everything looks good there, but the weird thing is when I do this:
> Code:
> # wbinfo -g
> or
> # wbinfo -u
>
>
> I get a list of all the users and groups from OLDDOMAIN, and none of the
> groups from NEWDOMAIN! Same thing is true when I use getent. Which makes
> about zero sense to me... I had absolutely no error output when joining the
> ADS Domain (NEWDOMAIN), from wbinfo, kinit, sbmclient or smbmount.
>
> So, I went to the log file:
> Quote:
> [2004/07/15 11:55:39, 1] nsswitch/winbindd.c:main(843)
> winbindd version 3.0.4 started.
> Copyright The Samba Team 2000-2004
> [2004/07/15 11:55:39, 1] nsswitch/winbindd_util.c:add_trusted_domain(180)
> Added domain NEWDOMAIN NEWDOMAIN.INT S-0-0
> [2004/07/15 11:55:43, 1] nsswitch/winbindd_ads.c:ads_cached_connection(81)
> ads_connect for domain NEWDOMAIN failed: No such file or directory
> [2004/07/15 11:55:44, 1] nsswitch/winbindd_util.c:add_trusted_domain(180)
> Added domain OLDDOMAIN S-1-5-21-1898674339-994652211-837300805
> [2004/07/15 11:55:44, 1] nsswitch/winbindd_util.c:add_trusted_domain(180)
> Added domain BUILTIN S-1-5-32
> [2004/07/15 11:55:44, 1] nsswitch/winbindd_util.c:add_trusted_domain(180)
> Added domain CASPER S-1-5-21-789378082-241503064-2986860805
> [2004/07/15 12:04:59, 1] nsswitch/winbindd_ads.c:ads_cached_connection(81)
> ads_connect for domain NEWDOMAIN failed: No such file or directory
>
>
> I have been trying this since samba 3.0.0, and I still have problems. I am
> now using 3.0.4.
>
> my smb.conf:
>
> Code:
>
> # Global parameters
> [global]
> netbios name = JOE
> socket options = TCP_NODELAY SO_RCVBUF=16384 SO_SNDBUF=16384
> dns proxy = no
> realm = NEWDOMAIN.INT
> workgroup = NEWDOMAIN
> netbios aliases = JOE
> server string = JOE server
> security = ADS
> wins proxy = no
> map to guest = Bad User
> password server = stan.newdomain.int
> name resolve order = lmhosts wins bcast
> time server = Yes
> os level = 0
> preferred master = No
> local master = No
> domain master = No
> wins server = 208.226.104.3
> hosts allow = 127.0.0.1, 208.226.104.
> oplocks = No
> follow symlinks = No
> printing = cups
> printcap name = cups
> load printers = yes
> idmap uid = 1-2
> winbind enum users = yes
> winbind gid = 1-2
> winbind enum groups = yes
> winbind separator = +
> os level = 20
>
> [images]
> valid users = chrisd,kristynp,administrator
> public = no
> path = /images
> writable = yes
> write list = kristynp,chrisd,administrator
> admin users = kristynp,chrisd,administrator
> force user = root
>
>
> my krb5.conf:
> Code:
> [libdefaults]
>default_realm = NEWDOMAIN.INT
>
>[realms]
>NEWDOMAIN.INT = {
> kdc = stan.naic.int
>}
>
>[domain_realms]
> .newdomain.int = NEWDOMAIN.INT
>
>
> my nsswitch.conf:
> Code:
>
> # /etc/nsswitch.conf:
> # $Header: /home/cvsroot/gentoo-src/rc-scripts/etc/nsswitch.conf,v 1.4
> 2002/11/18 19:39:22 azarah Exp $
>
> passwd: compat winbind
> shadow: compat
> group: compat winbind
>
> # passwd:db files nis
> # shadow:db files nis
> # gr
Re: [Samba] Re: PDC without profiles?
Wow! The blank logon path worked! Thanks so much!! -jag On Tue, 2004-07-20 at 06:31, Paul Gienger wrote: > Michael Lueck wrote: > > >On Mon, 19 Jul 2004 21:31:03 -0500, Paul Gienger wrote: > > > > > > > >>Rather than monkey with each client, just don't define a [profiles] > >>share. I'll check one of our setups tomorrow, we have a site with no > >>roaming there (for now). > >> > >> > > > >I did not have a roaming share defined and Win2K put up a fuss that it was > >missing and assigned a temp one which was erased at each logoff. Not quite the > >affect of having a local profile. > > > > > Actually, on that server we also have a blank logon path specified which > is populated on the other servers. This is on 2.2.8, so YMMV, but I > would guess it works on 3.0.x. > > >With electronic software distribution managing each client, there is no issue > >sending out such small registry updates globally... think outside the box and > >what now seems a challenge becomes very easy. > > > > > I'm guessing you either use a program that you set up once on each > workstation which may or may not be a pay-ware solution. Some places > simply don't have the budget to buy such things. Also remember, every > change you make to a client is one more thing to screw up, although in > this case it sounds as if you're doing it automatically. I guess I > personally subscribe to the theory of making the smallest change > possible, that is if I can make a simple change to the server that > avoids me having to change every client's configuration then at the > server it will happen. > > >Michael Lueck > >Lueck Data Systems > >http://www.lueckdatasystems.com/ > > > > > > > > > > -- > Paul Gienger Office: 701-281-1884 > Applied Engineering Inc. > Information Systems Consultant Fax:701-281-1322 > URL: www.ae-solutions.commailto: [EMAIL PROTECTED] -- Joshua Ginsberg <[EMAIL PROTECTED]> Brainstorm Internet Network Operations -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] PDC without profiles?
Mark -- XP Pro and XP Pro SP1 mixed. Thanks! -jag On Mon, 2004-07-19 at 17:49, Mark Sarria wrote: > What version of Windows are you running? > > Mark Sarria > www.msdigitaldzines.com > "serving up Linux everyday, non-stop" > - Original Message - > From: "Joshua Ginsberg" <[EMAIL PROTECTED]> > To: <[EMAIL PROTECTED]> > Sent: Monday, July 19, 2004 3:56 PM > Subject: [Samba] PDC without profiles? > > > > Hi -- > > > > I'd like to try running Samba as a PDC simply for authentication -- that > > is without doing any profile management, i.e. I'd like Windows to not > > write anything to the network after logout. Is this possible with Samba? > > I'm not seeing an obvious answer to this. Thanks! > > > > -jag > > > > -- > > Joshua Ginsberg <[EMAIL PROTECTED]> > > Brainstorm Internet Network Operations > > > > -- > > To unsubscribe from this list go to the following URL and read the > > instructions: http://lists.samba.org/mailman/listinfo/samba -- Joshua Adam Ginsberg <[EMAIL PROTECTED]> Network Operations -- Brainstorm Internet -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Build Errors, torture tests 3.0.x/HP-UX 11i
P _ _ _ _ ___ _ _ _ |Y#| | | |\/| | \ |\ | | | Ryan Novosielski - Jr. UNIX Systems Admin |$&| |__| | | |__/ | \| _| | [EMAIL PROTECTED] - 973/972.0922 (2-0922) \__/ Univ. of Med. and Dent. | IST/ACS - NJMS Medical Science Bldg - C630 On Wed, 23 Jun 2004, Jeremy Allison wrote: On Wed, Jun 23, 2004 at 03:12:47PM -0400, Ryan Novosielski wrote: Anyone here have a solution to this one? It would really help with my testing. _ _ _ _ ___ _ _ _ |Y#| | | |\/| | \ |\ | | | Ryan Novosielski - Jr. UNIX Systems Admin |$&| |__| | | |__/ | \| _| | [EMAIL PROTECTED] - 973/972.0922 (2-0922) \__/ Univ. of Med. and Dent. | IST/ACS - NJMS Medical Science Bldg - C630 On Mon, 24 May 2004, Ryan Novosielski wrote: I get the following errors when building the torture suite under HP-UX 11i with HP AnsiC. They are actually somewhat similar to the errors that I get trying to build the whole package with gcc: Compiling torture/torture.c In file included from include/includes.h:109, from torture/torture.c:23: /usr/include/sys/socket.h:484: error: parse error before "sendfile" /usr/include/sys/socket.h:484: error: parse error before "bsize_t" /usr/include/sys/socket.h:486: error: parse error before "sendpath" /usr/include/sys/socket.h:486: error: parse error before "bsize_t" /usr/include/sys/socket.h:493: error: parse error before "sendfile64" /usr/include/sys/socket.h:493: error: parse error before "bsize64_t" /usr/include/sys/socket.h:495: error: parse error before "sendpath64" /usr/include/sys/socket.h:495: error: parse error before "bsize64_t" In file included from /usr/include/sys/mp.h:55, from /usr/include/sys/malloc.h:59, from /usr/include/net/netmp.h:53, from /usr/include/net/if.h:59, from include/includes.h:275, from torture/torture.c:23: /usr/include/machine/sys/setjmp.h:45: error: redefinition of `struct label_t' In file included from torture/torture.c:23: include/includes.h:495: error: conflicting types for `socklen_t' /usr/include/sys/socket.h:199: error: previous declaration of `socklen_t' Looks like the configure script isn't finding the HPUX definition of socklen_t in the /usr/include/sys/socket.h include file. Look at the configure output to discover why. Jeremy. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Samba 3.0.4 make file error
I am trying to install Samba version 3.0.4 to work with SSL on an IBM server 7029 running AIX version 5.1 maint level4. The C compiler installed on the server is vac.C version 6.0.0.0 The steps i have taken so far are from the source directory i have run ./configure--with-ssl which completed without errors. I have then run the make command from the source directory but this comes back with the following warnings and then stops at the nsswitch config. I have searched for these warning messages but can not find any relevant information so please could someone tell me what these warnings actually mean and if there is anything i need to change to fix these. Please find below warnings extracted from make "smbd/chgpasswd.c", line 551.35: 1506-280 (W) Function argument assignment between types "struct passwd*" and "const struct passwd*" is not allowed. "rpc_server/srv_spoolss_nt.c", line 4288.51: 1506-280 (W) Function argument assignment between types "struct uuid*" and "struct uuid_flat*" is not allowed. "printing/pcap.c", line 276.17: 1506-280 (W) Function argument assignment between types "unsigned char*" and "const unsigned char*" is not allowed. "printing/pcap.c", line 277.25: 1506-280 (W) Function argument assignment between types "unsigned char*" and "const unsigned char*" is not allowed. "printing/pcap.c", line 277.29: 1506-280 (W) Function argument assignment between types "unsigned char*" and "const unsigned char*" is not allowed. "lib/util_str.c", line 1324.24: 1506-068 (W) Operation between types "unsigned char*" and "const unsigned char*" is not allowed. "tdb/tdbutil.c", line 46.18: 1506-068 (W) Operation between types "unsigned char*" and "const unsigned char*" is not allowed. "lib/popt_common.c", line 118.39: 1506-196 (W) Initialization between types "void*" and "void(*)(struct poptContext_s*,enum poptCallbackReason,const struct poptOption*,const unsigned char*,const void*)" is not allowed. "lib/popt_common.c", line 129.55: 1506-196 (W) Initialization between types "void*" and "void(*)(struct poptContext_s*,enum poptCallbackReason,const struct poptOption*,const unsigned char*,const void*)" is not allowed. "lib/popt_common.c", line 138.39: 1506-196 (W) Initialization between types "void*" and "void(*)(struct poptContext_s*,enum poptCallbackReason,const struct poptOption*,const unsigned char*,const void*)" is not allowed. "lib/popt_common.c", line 386.55: 1506-196 (W) Initialization between types "void*" and "void(*)(struct poptContext_s*,enum poptCallbackReason,const struct poptOption*,const unsigned char*,const void*)" is not allowed. Compiling nsswitch/winbindd.c 569 1500-010: (W) WARNING in process_loop: Infinite loop. Program may not stop. "nsswitch/winbindd_group.c", line 1042.49: 1506-280 (W) Function argument assignment between types "int*" and "unsigned int*" is not allowed. "nsswitch/winbindd_group.c", line 1087.54: 1506-280 (W) Function argument assignment between types "int*" and "unsigned int*" is not allowed. "nsswitch/winbindd_group.c", line 1100.66: 1506-280 (W) Function argument assignment between types "int*" and "unsigned int*" is not allowed. "nsswitch/winbindd_group.c", line 1120.54: 1506-280 (W) Function argument assignment between types "int*" and "unsigned int*" is not allowed. "nsswitch/winbindd_group.c", line 1127.32: 1506-280 (W) Function argument assignment between types "int*" and "unsigned int*" is not allowed. Compiling nsswitch/winbindd_dual.c 171 1500-010: (W) WARNING in do_dual_daemon: Infinite loop. Program may not stop. Compiling client/client.c "client/client.c", line 699.34: 1506-280 (W) Function argument assignment between types "unsigned long long*" and "unsigned long*" is not allowed. "client/client.c", line 1075.60: 1506-280 (W) Function argument assignment between types "unsigned long long*" and "unsigned long*" is not allowed. "utils/net_idmap.c", line 123.27: 1506-280 (W) Function argument assignment between types "unsigned int*" and "int*" is not allowed. "utils/net_idmap.c", line 123.43: 1506-280 (W) Function argument assignment between types "unsigned int*" and "int*" is not allowed. "utils/net_idmap.c", line 124.27: 1506-280 (W) Function argument assignment between types "unsigned int*" and "int*" is not allowed. "utils/net_idmap.c", line 124.44: 1506-280 (W) Function argument assignment between types "unsigned int*" and "int*" is not allowed. "utils/smbcontrol.c", line 431.63: 1506-280 (W) Function argument assignment between types "unsigned char*" and "const unsigned char*" is not allowed. "rpcclient/cmd_spoolss.c", line 452.41: 1506-280 (W) Function argument assignment between types "unsigned int*" and "int*" is not allowed. "rpcclient/cmd_spoolss.c", line 456.61: 1506-280 (W) Function argument assignment between types "unsigned int*" and "int*" is not allowed. "rpcclient/cmd_spoolss.c", line 1185.22: 1506-280 (W) Function argument assignment between types "unsigned char*" and "const unsigned char*" is not a
[Samba] attaching printer w/user level sec; XP okay, 2k won't work
So I've spent a couple of hours on this and I think I've found the problem. I have cups and samba running on the print/file server. I have a 2k and and XP system as clients. All are in the same workgroup. I started with share-level security, and everything worked okay. Then I decided to tighten it down a bit, and moved to user-level security. XP could connect to both the printers and file shares just fine.* The 2k machine can connect to the file shares, but not the printer. Instead of prompting me for a user/password, it just says "Access denied". Also, browsing seems broken. The print/file server just isn't showing up in the network neighborhood. Could be a seperate issue. [*] Actually, if I connect to the printer and bring up the printers menu on XP, it has an error in the "Status" field (I think Access denied), but it can print just fine regardless. Any ideas? Also, do the users in smbpasswd file have to have Unix accounts? I'd like a user just for connecting to printers, who won't own any files. Thanks in advance. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Samba as a portable userland FS basis?
Recently, I looked at some options implementing unusual file systems in userland. On Linux, there is LUFS and similar stuff which frees one from touching any kernel code. The design is always similar: a generic kernel module forwards calls to a user level daemon and forwards returned results back. The user level daemon implements or serves as a basis for unusual user land filesystem implmentation. However, LUFS is not available on Windows and I'm not aware of somehting similar .. So I've looked after an alternative for LUFS portable across at least over Windows and Linux and probably POSIX, *BSD and MacOSX. I did not found anything .. my conclusion was, that one has to go e.g. and use the "MS Installable File Systems Development Kit" and build a kernel mode driver which forwards calls to a user mode daemon (pretty much the LUFS design). I'm unwilling to take that level of pain. Next idea was to use the Samba _server_ code as a basis to built the unusual FS on top and just run the Samba server colocated/locally on the desktop machine. Great reuse. Here are the two main questions: 1. Is it possible to build/run the Samba _server_ on Windows (e.g. using Cygwin)? 2. Is there a "reasonable" internal API within the Samba server which could be used to stack unusual FS stuff on top? Generally, IMHO it would be great to have an open standard C API to some portable user land daemon to implement portable user land file systems. Cheers, Tobias -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] pam_smbmount
Has anybody managed to get this working under linux and if not does anybody mount windows shares under linux without user intervention? Thanks in advance -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: PDC without profiles?
So sorry to hear you end up with off-site machines with no remote access. Unacceptable in my book. VPN back door, SSH, NetOp, and electronic software distribution of course. Actually, this usually happens only for a couple weeks to months before the office gets in the VPN. In this case, I've got the hardware but not the time to implement it... -- Paul Gienger Office: 701-281-1884 Applied Engineering Inc. Information Systems Consultant Fax:701-281-1322 URL: www.ae-solutions.commailto: [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: PDC without profiles?
On Tue, 20 Jul 2004 07:51:34 -0500, Paul Gienger wrote: >So do us a favor and let us in on what you're using in case anyone else >wants to know... In many areas I develop my own for use within LDS consulting. Vendor tools I care to suggest would be Prism Pack from New Boundary Technologies on the low end and Novadigm (now HP) Radia on the high end... but either way there is a lot of engineering / code development involved in turning their shell into a proper implementation. Vendors do not for the most part understand how Electronic Software Distribution (managed fat client) should be done, and thus the need for custom code. So sorry to hear you end up with off-site machines with no remote access. Unacceptable in my book. VPN back door, SSH, NetOp, and electronic software distribution of course. Michael Lueck Electronic Software Distribution Engineer Lueck Data Systems -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: PDC without profiles?
Paul Gienger wrote: So do us a favor and let us in on what you're using in case anyone else wants to know... FWIW, we took on a temp (someone we know who was 'between jobs') to do a rollout of XP. He introduced us to Symantec Ghost which seems quite a useful tool. I don't think it cost us much, but it's certainly been worth whatever we paid for it. Another (free) tool we don't regret deploying is VNC. Apart from it's utility value, watching a department stood round a screen while some invisible man works the system sure breaks the monotony ! The best bit was the way they stood behind the users chair, just like they would if there was a real IT guy sat in person at the computer. Simon -- Simon Hobson MA MIEE, Technology Specialist Colony Gift Corporation Limited Lindal in Furness, Ulverston, Cumbria, LA12 0LD Tel 01229 461100, Fax 01229 461101 Registered in England No. 1499611 Regd. Office : 100 New Bridge Street, London, EC4V 6JA. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] chmod and unix extensions
Dear all, Im trying to set up Samba so that linux users can use the new unix extensions to be able to chmod their files as they wish. However I seem to be having problems with masks. Whether using smbfs or smbclient trying to do: chmod 777 testfile results only in read permissions for group and other (ie it ends up 744). Under smbfs it complains: chmod: changing permissions of `testfile' (requested: 0777, actual: 0744): Operation not permitted The only way I can it to work is to set "create mask = 0777" in the server's smb.conf. Now, this is confusing me as the file isnt being created, I'm just trying to chmod an existing file. I dont want to leave the setting as this because of course all new files get created with world read-write which is not what I want. Looking at the unix_perms_from_wire() function, it would seem it is indeed applying the create mask. As an aside, changing permissions from a W2K ACL dialogue seems to work fine. Any ideas anyone? Samba version: 3.0.4 Some relevant settings from smb.conf: # testparm -v | egrep '(force|security|mask|unix extensions)' Load smb config files from /usr/local/samba/samba-3.0.4/lib/smb.conf Processing section "[homes]" Loaded services file OK. Server role: ROLE_STANDALONE Press enter to see a dump of your service definitions security = USER unix extensions = Yes paranoid server security = Yes force user = force group = create mask = 0744 force create mode = 00 security mask = 0777 force security mode = 00 directory mask = 0755 force directory mode = 00 directory security mask = 0777 force directory security mode = 00 debug log file gives: [2004/07/20 13:10:44, 10, pid=24949, effective(6923, 18), real(0, 0)] smbd/trans2.c:call_trans2setfilepathinfo(3392) call_trans2setfilepathinfo: SMB_SET_FILE_UNIX_BASIC: name = testfile size = 39, uid = 4294967295, gid = 4294967295, raw perms = 0100777 [2004/07/20 13:10:44, 10, pid=24949, effective(6923, 18), real(0, 0)] smbd/trans2.c:call_trans2setfilepathinfo(3454) call_trans2setfilepathinfo: SMB_SET_FILE_UNIX_BASIC setting mode 0744 for file testfile -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: PDC without profiles?
Michael Lueck wrote: Also remember, every change you make to a client is one more thing to screw up If you're going to compute that way, then put the computer back in the box and leave it on the client's desk and tell them to never open the box! ;-) When doing sysadmin isn't your only job, and/or there are systems that get sent to remote locations, you'll change your tune... (without the software you obviously have, that I should probably remind that some places just cannot afford) Nothing is worse than either : A. being 2 hours deep into a thought process programming and then having some user come bug you because doesn't work for them because of some obscure configuration issue. B. Sending a machine offsite where you don't have access to it and finding some tweak you do for everyone in the office but forgot to do to their machine, couple that with a user that cannot deal with a little phone walkthrough and you have a fun day ahead of you. That, in a nutshell, is why *I* advocate to change the server whenever possible. You got to buy some fantastic software, and I have to fight to buy a new mouse... I would guess many smallish businesses have the same situation. although in this case it sounds as if you're doing it automatically. Ja, of course! Das is good! I would want to run around to thousands of computers and try to configure them all the same way by hand why...??? I could easilly forget steps on this machine or that one, slight configuration details to drive me insain when one computer out of the bunch does not work properly. Automatically with LOGGING as the truth is in the logs... many automated systems skimp on logs... shame shame shame on them. So do us a favor and let us in on what you're using in case anyone else wants to know... -- Paul Gienger Office: 701-281-1884 Applied Engineering Inc. Information Systems Consultant Fax:701-281-1322 URL: www.ae-solutions.commailto: [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Re: PDC without profiles?
Paul Gienger wrote: Actually, on that server we also have a blank logon path specified which is populated on the other servers. This is on 2.2.8, so YMMV, but I would guess it works on 3.0.x. That "might" be it as I did not have that set blank until long after my "join the domain" package had the registry update in it. Also remember, every change you make to a client is one more thing to screw up If you're going to compute that way, then put the computer back in the box and leave it on the client's desk and tell them to never open the box! ;-) although in this case it sounds as if you're doing it automatically. Ja, of course! Das is good! I would want to run around to thousands of computers and try to configure them all the same way by hand why...??? I could easilly forget steps on this machine or that one, slight configuration details to drive me insain when one computer out of the bunch does not work properly. Automatically with LOGGING as the truth is in the logs... many automated systems skimp on logs... shame shame shame on them. -- Michael Lueck Electronic Software Distribution Engineer Lueck Data Systems Remove the upper case letters NOSPAM to contact me directly. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: PDC without profiles?
Michael Lueck wrote: On Mon, 19 Jul 2004 21:31:03 -0500, Paul Gienger wrote: Rather than monkey with each client, just don't define a [profiles] share. I'll check one of our setups tomorrow, we have a site with no roaming there (for now). I did not have a roaming share defined and Win2K put up a fuss that it was missing and assigned a temp one which was erased at each logoff. Not quite the affect of having a local profile. Actually, on that server we also have a blank logon path specified which is populated on the other servers. This is on 2.2.8, so YMMV, but I would guess it works on 3.0.x. With electronic software distribution managing each client, there is no issue sending out such small registry updates globally... think outside the box and what now seems a challenge becomes very easy. I'm guessing you either use a program that you set up once on each workstation which may or may not be a pay-ware solution. Some places simply don't have the budget to buy such things. Also remember, every change you make to a client is one more thing to screw up, although in this case it sounds as if you're doing it automatically. I guess I personally subscribe to the theory of making the smallest change possible, that is if I can make a simple change to the server that avoids me having to change every client's configuration then at the server it will happen. Michael Lueck Lueck Data Systems http://www.lueckdatasystems.com/ -- Paul Gienger Office: 701-281-1884 Applied Engineering Inc. Information Systems Consultant Fax:701-281-1322 URL: www.ae-solutions.commailto: [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Winbind on AIX
Deal all, I'd like to use winbind capabilities on AIX servers (AIX 4.3.3 and AIX 5.2). In particular, I'd like to define share access based on NT group. I think I've successfully setup my Samba suite, I've entered my AIX box in my NT domain and playing with wbinfo (-t, or -a user%passwd) works fine. As told in the documentation, I've copied the WINBIND module under /usr/lib/security, and modify the methods.cfg file like that: WINBIND: program = /usr/lib/security/WINBIND and... it doesn't work. Does some of you have some experience with the AIX plateform? Thanks a lot -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: PDC without profiles?
On Mon, 19 Jul 2004 21:31:03 -0500, Paul Gienger wrote: >Rather than monkey with each client, just don't define a [profiles] >share. I'll check one of our setups tomorrow, we have a site with no >roaming there (for now). I did not have a roaming share defined and Win2K put up a fuss that it was missing and assigned a temp one which was erased at each logoff. Not quite the affect of having a local profile. With electronic software distribution managing each client, there is no issue sending out such small registry updates globally... think outside the box and what now seems a challenge becomes very easy. Michael Lueck Lueck Data Systems http://www.lueckdatasystems.com/ -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Problems Samba with LDAP
Hi all, I'm trying to use Samba with ldap, and when i user try to logon in my domain, i got this message in my log: string_to_sid: Sid S-1-5-21-1555867097-2400918380-3197679675-3040-2027 does not start with 'S-' how can i solve this? Thanks, -- = Sp0oKeR Labs [EMAIL PROTECTED] http://www.spooker.com.br = -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] NTBackup and samba-3.0.4
Hi Jeremy, I'm writing to thank you for the help and register in the list that it solved the problem. Bruno. - Original Message - From: "Jeremy Allison" <[EMAIL PROTECTED]> To: "Bruno Gimenes Pereti" <[EMAIL PROTECTED]> Cc: <[EMAIL PROTECTED]> Sent: Friday, July 16, 2004 5:59 PM Subject: Re: [Samba] NTBackup and samba-3.0.4 > On Wed, Jul 14, 2004 at 11:29:58AM -0300, Bruno Gimenes Pereti wrote: > > Hi, > > > > I have a Win2000 in my network running ntbackup daily to backup data from > > some servers including my Samba-3.0.4 (updated from 2.2.8a last month) with > > the homedir of my users. Today I needed to restore one file from the tape > > and there was no files from the samba server. Ntbackup can't access the > > shares in samba anymore. > > This is fixed in 3.0.5rc1 - I'd suggest trying that ! > > Jeremy. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Winbind under 3.0beta2
Hi, first: 3.0beta2 is verry outdated. please go and get the latest stable version from samba.org. second: after completing step 1, if your problem persists could you be more detailed what your problem is? we can't read your mind... ;-) third: have you read all the doc's available with samba? Christoph Cedric schrieb: Hello, I have a problem with installation of winbindd and samba. I saw on a mailing-list you had the same problem a few month ago. Did you find the solution ? -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Winbind under 3.0beta2
Hello, I have a problem with installation of winbindd and samba. I saw on a mailing-list you had the same problem a few month ago. Did you find the solution ? -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Question about permissions
Hi, you shouldn't need to force a group in the homes share, and using "fore group" in another share shouldn't affect the homes share at all. I guess the effect of locking out your users from their homes in your first attempt with "force group" resulted from samba missbehaving with the @ sign in your groupnames. Christoph Mario Gamito schrieb: Hi Christoph, Thank you for your answer. ok, i did that. i suppose that now, assignin the user's primary group as their own, they also can access their homes, right ? Warm Regards, Mário Gamito On Tue, 2004-07-20 at 10:43, Christoph Scheeder wrote: Hi, your first attempt with using "force group" is correct, but your syntax is not. for "force group" you have to omit the '@' sign. it only takes the name of the group. for example : force group = f at least thats the way it works for me ;-) Christoph Mario Gamito schrieb: Hi, First of all, my apologies for the extension of this message, but it is needeed for you to undertand my problem. Straight to the point: i have this domain in my company running in Samba 3.0.2 My users are: hcoelho, jardim, gamito, yesenia, smatias, fqueiros, faugusto, vamaro, peixinho, aragao, dina, pinho. I have this shares with the users that can access them and the correponding Linux groups: [DAT]: hcoelho, jardim, fqueiros, gamito, faugusto => Linux group A [DID]: hcoelho, jardim, gamito, faugusto, peixinho, aragao, vamaro => Linux group B [DGM]: hcoelho, jardim, smatias => Linux group C [SAD]: hcoelho, jardi, yesenia => Linux group D [NTL]: Everybody => Linux group E [arquivo]: everybody [backups]: jardim, gamito, filipe => Linux group G [biblioteca]: everybody [desenvolvimento]: jardim, gamito, faugusto user's groups: coelho : d hcoelho a b c e f g jardim : d jardim a b c e f g h gamito : gamito a b e f g h (etc...) Besides these shares, there are the homes also. Problems: If hcoelho, for instance, copies a file to share [SAD], yesenia can't open it (and it should, as above), because it is copied with group A. I've already used "force group" in smb.conf, but then, my users can't access their homes. Following my signature is my smb.conf Any help would be appreciated. Warm Regards, Mário Gamito smb.conf: -- ## ## # smb.conf : criado por Mário Gamito # # Data: 21/06/04 # ## ## [global] workgroup = NETUAL netbios name = bateira server string = Beatrix Kiddo # scripts para alterar o /etc/passwd quando o utilizador muda a password no Windows passwd program = /usr/bin/passwd %u passwd chat = *New*password* %n\n *Retype*new*password* %n\n *passwd:*all*authentication*tokens*updated*successfully* #username map = /etc/samba/smbusers unix password sync = Yes log level = 2 log file = /etc/samba/individual/%m.log name resolve order = wins lmhosts host time server = Yes socket options = TCP_NODELAY IPTOS_LOWDELAY SO_SNDBUF=8192 SO_RCVBUF=8192 load printers = No #oplocks = No add user script = /usr/sbin/useradd -n -g domainusers -G domainguests -d /dev/null -s /bin/false -M %u delete user script = /usr/sbin/userdel %u add group script = /usr/sbin/groupadd -r %g delete group script = /usr/sbin/groupdel %g add user to group script = /usr/bin/gpasswd -a %u %g delete user from group script = /usr/bin/gpasswd -d %u %g set primary group script = /usr/sbin/usermod -g '%g' '%u' add machine script = /usr/sbin/adduser -n -g domainmachines -c Machine -d /dev/null -s /bin/false %u smb passwd file = /etc/samba/passwd logon script = netualinit.bat logon path = \\%L\profiles\%U logon home = \\%L\%U logon drive = H: domain logons = Yes os level = 64 preferred master = Yes domain master = Yes dns proxy = No wins support = Yes message command = echo obrigado | smbclient -M %f panic action = echo Isto é uma mensagem automática: O servidor crashou. Contacte o Mário Gamito | smbclient -M shuttle host msdfs = Yes admin users = domainroot hosts allow = 10.10.1., 10.10.2. hosts deny = ALL hide files = /.bash_profile/.bash_logout/.bashrc/.gtkrc/.kde/.zshrc/ [homes] comment = Home Directories read only = No browseable = No create mask = 0600 directory mask = 0700 [Profiles] comment = Windows profiles para os utilizadores que carregam as suas preferências a partir do servidor. path = /etc/samba/profiles browseable = No read only = No create mask = 0600 directory mask = 0700 [netlogon] comment = Network Logon Service path = /etc/samba/netlogon browseable = No writeable = No browseable = No [arquivo] comment = pasta de arquivo path = /home/arquivo/ writeable = Yes browseable = Yes create mask = 660 directory mask = 777 #force group = @f [SAD] comment = pasta da SAD path = /home/SAD writeable = Yes browseable = Yes create mask = 660 directory mask = 770 #force group = @d [DAT] comment = pasta da DAT path = /home/DAT writeable = Yes browseable = Yes create mask = 660 directory mask = 7
Re: [Samba] Question about permissions
Hi Christoph, Thank you for your answer. ok, i did that. i suppose that now, assignin the user's primary group as their own, they also can access their homes, right ? Warm Regards, Mário Gamito On Tue, 2004-07-20 at 10:43, Christoph Scheeder wrote: > Hi, > your first attempt with using "force group" is correct, but your syntax > is not. > for "force group" you have to omit the '@' sign. it only takes the name > of the group. > for example : >force group = f > > at least thats the way it works for me ;-) > Christoph > > Mario Gamito schrieb: > > > Hi, > > > > First of all, my apologies for the extension of this message, but it is > > needeed for you to undertand my problem. > > > > Straight to the point: i have this domain in my company running in Samba > > 3.0.2 > > > > My users are: hcoelho, jardim, gamito, yesenia, smatias, fqueiros, > > faugusto, vamaro, peixinho, aragao, dina, pinho. > > > > I have this shares with the users that can access them and the > > correponding Linux groups: > > > > [DAT]: hcoelho, jardim, fqueiros, gamito, faugusto => Linux group A > > [DID]: hcoelho, jardim, gamito, faugusto, peixinho, aragao, vamaro => > > Linux group B > > [DGM]: hcoelho, jardim, smatias => Linux group C > > [SAD]: hcoelho, jardi, yesenia => Linux group D > > [NTL]: Everybody => Linux group E > > [arquivo]: everybody > > [backups]: jardim, gamito, filipe => Linux group G > > [biblioteca]: everybody > > [desenvolvimento]: jardim, gamito, faugusto > > > > > > user's groups: > > coelho : d hcoelho a b c e f g > > jardim : d jardim a b c e f g h > > gamito : gamito a b e f g h > > (etc...) > > > > Besides these shares, there are the homes also. > > > > > > Problems: > > > > If hcoelho, for instance, copies a file to share [SAD], yesenia can't > > open it (and it should, as above), because it is copied with group A. > > > > I've already used "force group" in smb.conf, but then, my users can't > > access their homes. > > > > Following my signature is my smb.conf > > > > Any help would be appreciated. > > > > Warm Regards, > > Mário Gamito > > > > > > smb.conf: > > -- > > ## > > ## > > # smb.conf : criado por Mário Gamito # > > # Data: 21/06/04 # > > ## > > ## > > > > > > [global] > > workgroup = NETUAL > > netbios name = bateira > > server string = Beatrix Kiddo > > > > # scripts para alterar o /etc/passwd quando o utilizador muda a password > > no Windows > > passwd program = /usr/bin/passwd %u > > passwd chat = *New*password* %n\n *Retype*new*password* %n\n > > *passwd:*all*authentication*tokens*updated*successfully* > > #username map = /etc/samba/smbusers > > > > unix password sync = Yes > > log level = 2 > > log file = /etc/samba/individual/%m.log > > name resolve order = wins lmhosts host > > time server = Yes > > socket options = TCP_NODELAY IPTOS_LOWDELAY SO_SNDBUF=8192 > > SO_RCVBUF=8192 > > load printers = No > > #oplocks = No > > > > add user script = /usr/sbin/useradd -n -g domainusers -G domainguests -d > > /dev/null -s /bin/false -M %u > > delete user script = /usr/sbin/userdel %u > > add group script = /usr/sbin/groupadd -r %g > > delete group script = /usr/sbin/groupdel %g > > add user to group script = /usr/bin/gpasswd -a %u %g > > delete user from group script = /usr/bin/gpasswd -d %u %g > > set primary group script = /usr/sbin/usermod -g '%g' '%u' > > add machine script = /usr/sbin/adduser -n -g domainmachines -c Machine > > -d /dev/null -s /bin/false %u > > > > smb passwd file = /etc/samba/passwd > > > > logon script = netualinit.bat > > logon path = \\%L\profiles\%U > > logon home = \\%L\%U > > logon drive = H: > > domain logons = Yes > > os level = 64 > > preferred master = Yes > > domain master = Yes > > dns proxy = No > > wins support = Yes > > message command = echo obrigado | smbclient -M %f > > panic action = echo Isto é uma mensagem automática: O servidor crashou. > > Contacte o Mário Gamito | smbclient -M shuttle > > host msdfs = Yes > > admin users = domainroot > > hosts allow = 10.10.1., 10.10.2. > > hosts deny = ALL > > hide files = /.bash_profile/.bash_logout/.bashrc/.gtkrc/.kde/.zshrc/ > > > > [homes] > > comment = Home Directories > > read only = No > > browseable = No > > create mask = 0600 > > directory mask = 0700 > > > > [Profiles] > > comment = Windows profiles para os utilizadores que carregam as suas > > preferências a partir do servidor. > > path = /etc/samba/profiles > > browseable = No > > read only = No > > create mask = 0600 > > directory mask = 0700 > > > > [netlogon] > > comment = Network Logon Service > > path = /etc/samba/netlogon > > browseable = No > > writeable = No > > browseable = No > > > > [arquivo] > > comment = pasta de arquivo > > path = /home/arquivo/ > > writeable = Yes > > browseable = Yes > > create mask = 660 > >
[Samba] Using user policies with samba3 and windows 2000
Hello! We are using samba3-3.0.2a-30 as a PDC. Everything is working fine, but now we would like to use user policies. As I learned that can be done by the ntuser.pol file in the 'profiles' user sub directory on the PDC. So her is what i already tried: 1.) Set up a test Window$ 2000 Client and get it into the Domain 2.) Log in as Administrator 3.) Start gpedit.msc (and change something) 4.) Test if that change works 5.) Log out 6.) Make the ntuser.dat to a ntuser.man 7.) Log in as Administrator 8.) restore the original gpedit.msc parameter 9.) log out and in again So i found out that this does not work, as the changes via gpedit.msc are only stored local. Can anybody help me ? Bjoern -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Question about permissions
Hi, your first attempt with using "force group" is correct, but your syntax is not. for "force group" you have to omit the '@' sign. it only takes the name of the group. for example : force group = f at least thats the way it works for me ;-) Christoph Mario Gamito schrieb: Hi, First of all, my apologies for the extension of this message, but it is needeed for you to undertand my problem. Straight to the point: i have this domain in my company running in Samba 3.0.2 My users are: hcoelho, jardim, gamito, yesenia, smatias, fqueiros, faugusto, vamaro, peixinho, aragao, dina, pinho. I have this shares with the users that can access them and the correponding Linux groups: [DAT]: hcoelho, jardim, fqueiros, gamito, faugusto => Linux group A [DID]: hcoelho, jardim, gamito, faugusto, peixinho, aragao, vamaro => Linux group B [DGM]: hcoelho, jardim, smatias => Linux group C [SAD]: hcoelho, jardi, yesenia => Linux group D [NTL]: Everybody => Linux group E [arquivo]: everybody [backups]: jardim, gamito, filipe => Linux group G [biblioteca]: everybody [desenvolvimento]: jardim, gamito, faugusto user's groups: coelho : d hcoelho a b c e f g jardim : d jardim a b c e f g h gamito : gamito a b e f g h (etc...) Besides these shares, there are the homes also. Problems: If hcoelho, for instance, copies a file to share [SAD], yesenia can't open it (and it should, as above), because it is copied with group A. I've already used "force group" in smb.conf, but then, my users can't access their homes. Following my signature is my smb.conf Any help would be appreciated. Warm Regards, Mário Gamito smb.conf: -- ## ## # smb.conf : criado por Mário Gamito # # Data: 21/06/04 # ## ## [global] workgroup = NETUAL netbios name = bateira server string = Beatrix Kiddo # scripts para alterar o /etc/passwd quando o utilizador muda a password no Windows passwd program = /usr/bin/passwd %u passwd chat = *New*password* %n\n *Retype*new*password* %n\n *passwd:*all*authentication*tokens*updated*successfully* #username map = /etc/samba/smbusers unix password sync = Yes log level = 2 log file = /etc/samba/individual/%m.log name resolve order = wins lmhosts host time server = Yes socket options = TCP_NODELAY IPTOS_LOWDELAY SO_SNDBUF=8192 SO_RCVBUF=8192 load printers = No #oplocks = No add user script = /usr/sbin/useradd -n -g domainusers -G domainguests -d /dev/null -s /bin/false -M %u delete user script = /usr/sbin/userdel %u add group script = /usr/sbin/groupadd -r %g delete group script = /usr/sbin/groupdel %g add user to group script = /usr/bin/gpasswd -a %u %g delete user from group script = /usr/bin/gpasswd -d %u %g set primary group script = /usr/sbin/usermod -g '%g' '%u' add machine script = /usr/sbin/adduser -n -g domainmachines -c Machine -d /dev/null -s /bin/false %u smb passwd file = /etc/samba/passwd logon script = netualinit.bat logon path = \\%L\profiles\%U logon home = \\%L\%U logon drive = H: domain logons = Yes os level = 64 preferred master = Yes domain master = Yes dns proxy = No wins support = Yes message command = echo obrigado | smbclient -M %f panic action = echo Isto é uma mensagem automática: O servidor crashou. Contacte o Mário Gamito | smbclient -M shuttle host msdfs = Yes admin users = domainroot hosts allow = 10.10.1., 10.10.2. hosts deny = ALL hide files = /.bash_profile/.bash_logout/.bashrc/.gtkrc/.kde/.zshrc/ [homes] comment = Home Directories read only = No browseable = No create mask = 0600 directory mask = 0700 [Profiles] comment = Windows profiles para os utilizadores que carregam as suas preferências a partir do servidor. path = /etc/samba/profiles browseable = No read only = No create mask = 0600 directory mask = 0700 [netlogon] comment = Network Logon Service path = /etc/samba/netlogon browseable = No writeable = No browseable = No [arquivo] comment = pasta de arquivo path = /home/arquivo/ writeable = Yes browseable = Yes create mask = 660 directory mask = 777 #force group = @f [SAD] comment = pasta da SAD path = /home/SAD writeable = Yes browseable = Yes create mask = 660 directory mask = 770 #force group = @d [DAT] comment = pasta da DAT path = /home/DAT writeable = Yes browseable = Yes create mask = 660 directory mask = 770 #force group = @a [DID] comment = pasta da DID path = /home/DID writeable = Yes browseable = Yes create mask = 660 directory mask = 770 #force group = @b [DGM] comment = pasta da DGM path = /home/DGM writeable = Yes browseable = Yes create mask = 660 directory mask = 770 #force group = @c [SAD] comment = pasta da SAD path = /home/SAD writeable = Yes browseable = Yes create mask = 660 directory mask = 770 #force group = @d [backups] comment = pasta de backups path = /home/backups writeable = Yes browseable = Yes create mask = 666 directory mask = 770 #force group = @g [biblioteca] comment
[Samba] Samba make errors
I am trying to install Samba version 3.0.4 to work with SSL on an IBM server 7029 running AIX version 5.1 maint level4. The C compiler installed on the server is vac.C version 6.0.0.0 The steps i have taken so far are from the source directory i have run ./configure--with-ssl which completed without errors. I have then run the make command from the source directory but this comes back with the following warnings and then stops at the nsswitch config. I have searched for these warning messages but can not find any relevant information so please could someone tell me what these warnings actually mean and if there is anything i need to change to fix these. Please find below warnings extracted from make "smbd/chgpasswd.c", line 551.35: 1506-280 (W) Function argument assignment between types "struct passwd*" and "const struct passwd*" is not allowed. "rpc_server/srv_spoolss_nt.c", line 4288.51: 1506-280 (W) Function argument assignment between types "struct uuid*" and "struct uuid_flat*" is not allowed. "printing/pcap.c", line 276.17: 1506-280 (W) Function argument assignment between types "unsigned char*" and "const unsigned char*" is not allowed. "printing/pcap.c", line 277.25: 1506-280 (W) Function argument assignment between types "unsigned char*" and "const unsigned char*" is not allowed. "printing/pcap.c", line 277.29: 1506-280 (W) Function argument assignment between types "unsigned char*" and "const unsigned char*" is not allowed. "lib/util_str.c", line 1324.24: 1506-068 (W) Operation between types "unsigned char*" and "const unsigned char*" is not allowed. "tdb/tdbutil.c", line 46.18: 1506-068 (W) Operation between types "unsigned char*" and "const unsigned char*" is not allowed. "lib/popt_common.c", line 118.39: 1506-196 (W) Initialization between types "void*" and "void(*)(struct poptContext_s*,enum poptCallbackReason,const struct poptOption*,const unsigned char*,const void*)" is not allowed. "lib/popt_common.c", line 129.55: 1506-196 (W) Initialization between types "void*" and "void(*)(struct poptContext_s*,enum poptCallbackReason,const struct poptOption*,const unsigned char*,const void*)" is not allowed. "lib/popt_common.c", line 138.39: 1506-196 (W) Initialization between types "void*" and "void(*)(struct poptContext_s*,enum poptCallbackReason,const struct poptOption*,const unsigned char*,const void*)" is not allowed. "lib/popt_common.c", line 386.55: 1506-196 (W) Initialization between types "void*" and "void(*)(struct poptContext_s*,enum poptCallbackReason,const struct poptOption*,const unsigned char*,const void*)" is not allowed. Compiling nsswitch/winbindd.c 569 1500-010: (W) WARNING in process_loop: Infinite loop. Program may not stop. "nsswitch/winbindd_group.c", line 1042.49: 1506-280 (W) Function argument assignment between types "int*" and "unsigned int*" is not allowed. "nsswitch/winbindd_group.c", line 1087.54: 1506-280 (W) Function argument assignment between types "int*" and "unsigned int*" is not allowed. "nsswitch/winbindd_group.c", line 1100.66: 1506-280 (W) Function argument assignment between types "int*" and "unsigned int*" is not allowed. "nsswitch/winbindd_group.c", line 1120.54: 1506-280 (W) Function argument assignment between types "int*" and "unsigned int*" is not allowed. "nsswitch/winbindd_group.c", line 1127.32: 1506-280 (W) Function argument assignment between types "int*" and "unsigned int*" is not allowed. Compiling nsswitch/winbindd_dual.c 171 1500-010: (W) WARNING in do_dual_daemon: Infinite loop. Program may not stop. Compiling client/client.c "client/client.c", line 699.34: 1506-280 (W) Function argument assignment between types "unsigned long long*" and "unsigned long*" is not allowed. "client/client.c", line 1075.60: 1506-280 (W) Function argument assignment between types "unsigned long long*" and "unsigned long*" is not allowed. "utils/net_idmap.c", line 123.27: 1506-280 (W) Function argument assignment between types "unsigned int*" and "int*" is not allowed. "utils/net_idmap.c", line 123.43: 1506-280 (W) Function argument assignment between types "unsigned int*" and "int*" is not allowed. "utils/net_idmap.c", line 124.27: 1506-280 (W) Function argument assignment between types "unsigned int*" and "int*" is not allowed. "utils/net_idmap.c", line 124.44: 1506-280 (W) Function argument assignment between types "unsigned int*" and "int*" is not allowed. "utils/smbcontrol.c", line 431.63: 1506-280 (W) Function argument assignment between types "unsigned char*" and "const unsigned char*" is not allowed. "rpcclient/cmd_spoolss.c", line 452.41: 1506-280 (W) Function argument assignment between types "unsigned int*" and "int*" is not allowed. "rpcclient/cmd_spoolss.c", line 456.61: 1506-280 (W) Function argument assignment between types "unsigned int*" and "int*" is not allowed. "rpcclient/cmd_spoolss.c", line 1185.22: 1506-280 (W) Function argument assignment between types "unsigned char*" and "const unsigned char*" is not a
[Samba] Question about permissions
Hi, First of all, my apologies for the extension of this message, but it is needeed for you to undertand my problem. Straight to the point: i have this domain in my company running in Samba 3.0.2 My users are: hcoelho, jardim, gamito, yesenia, smatias, fqueiros, faugusto, vamaro, peixinho, aragao, dina, pinho. I have this shares with the users that can access them and the correponding Linux groups: [DAT]: hcoelho, jardim, fqueiros, gamito, faugusto => Linux group A [DID]: hcoelho, jardim, gamito, faugusto, peixinho, aragao, vamaro => Linux group B [DGM]: hcoelho, jardim, smatias => Linux group C [SAD]: hcoelho, jardi, yesenia => Linux group D [NTL]: Everybody => Linux group E [arquivo]: everybody [backups]: jardim, gamito, filipe => Linux group G [biblioteca]: everybody [desenvolvimento]: jardim, gamito, faugusto user's groups: coelho : d hcoelho a b c e f g jardim : d jardim a b c e f g h gamito : gamito a b e f g h (etc...) Besides these shares, there are the homes also. Problems: If hcoelho, for instance, copies a file to share [SAD], yesenia can't open it (and it should, as above), because it is copied with group A. I've already used "force group" in smb.conf, but then, my users can't access their homes. Following my signature is my smb.conf Any help would be appreciated. Warm Regards, Mário Gamito smb.conf: -- ## ## # smb.conf : criado por Mário Gamito # # Data: 21/06/04 # ## ## [global] workgroup = NETUAL netbios name = bateira server string = Beatrix Kiddo # scripts para alterar o /etc/passwd quando o utilizador muda a password no Windows passwd program = /usr/bin/passwd %u passwd chat = *New*password* %n\n *Retype*new*password* %n\n *passwd:*all*authentication*tokens*updated*successfully* #username map = /etc/samba/smbusers unix password sync = Yes log level = 2 log file = /etc/samba/individual/%m.log name resolve order = wins lmhosts host time server = Yes socket options = TCP_NODELAY IPTOS_LOWDELAY SO_SNDBUF=8192 SO_RCVBUF=8192 load printers = No #oplocks = No add user script = /usr/sbin/useradd -n -g domainusers -G domainguests -d /dev/null -s /bin/false -M %u delete user script = /usr/sbin/userdel %u add group script = /usr/sbin/groupadd -r %g delete group script = /usr/sbin/groupdel %g add user to group script = /usr/bin/gpasswd -a %u %g delete user from group script = /usr/bin/gpasswd -d %u %g set primary group script = /usr/sbin/usermod -g '%g' '%u' add machine script = /usr/sbin/adduser -n -g domainmachines -c Machine -d /dev/null -s /bin/false %u smb passwd file = /etc/samba/passwd logon script = netualinit.bat logon path = \\%L\profiles\%U logon home = \\%L\%U logon drive = H: domain logons = Yes os level = 64 preferred master = Yes domain master = Yes dns proxy = No wins support = Yes message command = echo obrigado | smbclient -M %f panic action = echo Isto é uma mensagem automática: O servidor crashou. Contacte o Mário Gamito | smbclient -M shuttle host msdfs = Yes admin users = domainroot hosts allow = 10.10.1., 10.10.2. hosts deny = ALL hide files = /.bash_profile/.bash_logout/.bashrc/.gtkrc/.kde/.zshrc/ [homes] comment = Home Directories read only = No browseable = No create mask = 0600 directory mask = 0700 [Profiles] comment = Windows profiles para os utilizadores que carregam as suas preferências a partir do servidor. path = /etc/samba/profiles browseable = No read only = No create mask = 0600 directory mask = 0700 [netlogon] comment = Network Logon Service path = /etc/samba/netlogon browseable = No writeable = No browseable = No [arquivo] comment = pasta de arquivo path = /home/arquivo/ writeable = Yes browseable = Yes create mask = 660 directory mask = 777 #force group = @f [SAD] comment = pasta da SAD path = /home/SAD writeable = Yes browseable = Yes create mask = 660 directory mask = 770 #force group = @d [DAT] comment = pasta da DAT path = /home/DAT writeable = Yes browseable = Yes create mask = 660 directory mask = 770 #force group = @a [DID] comment = pasta da DID path = /home/DID writeable = Yes browseable = Yes create mask = 660 directory mask = 770 #force group = @b [DGM] comment = pasta da DGM path = /home/DGM writeable = Yes browseable = Yes create mask = 660 directory mask = 770 #force group = @c [SAD] comment = pasta da SAD path = /home/SAD writeable = Yes browseable = Yes create mask = 660 directory mask = 770 #force group = @d [backups] comment = pasta de backups path = /home/backups writeable = Yes browseable = Yes create mask = 666 directory mask = 770 #force group = @g [biblioteca] comment = pasta da biblioteca path = /home/biblioteca writeable = Yes browseable = Yes create mask = 666 directory mask = 777 #force group = @f [desenvolvimento] comment = pasta do devel team path = /home/desenvolvimento writeable = Yes browseable = Yes crea
Re: [Samba] i need recycle bin configuration
Hi, there are a few things to do to get this working with samba-2.x.x: 1.) build the vfs-modules, they are not compiled by the default makefile in samba 2.x.x. To do this go in the samba-2.x.x/examples/VFS directory and do a "./configure; make" 2.) copy the module recycle/recycle.so to a directory of your choice, i use (as an example) /etc/samba/VFS 3.) for each share you want the recycle-function to be enabled on, put the following lines in the share-section of your smb.conf: vfs object = /etc/samba/VFS/recycle.so vfs options= /etc/samba/VFS/recycle.conf don't forget to adjust the path to the place whre you put the files to. 4.) create the file recycle.conf. as an example, mine contains the lines: name = .recycle/%U mode = KEEP_DIRECTORIES|VERSIONS|TOUCH maxsize = 0 exclude = *.tmp|*.temp|*.o|*.obj|~$*|*.~??|*.log|*.trace excludedir = /tmp|/temp|/cache noversions = *.doc|*.ppt|*.dat|*.ini the available options for the module are documented in the file samba-2.x.x/examples/VFS/README. 5.) create the .recycle directory in the root of each share with full acces for all users who have acess to the share. if you miss this step the dir will get created with wrong permisions when the first user deletes a file, and all files deleted by other user will get lost. for the samba 3.x-branch the procedure has changed completly. The VFS modules have been integrated in the normal make/install process, so you don't have to compile them for your on, and the complete configuration now goes into smb.conf, no need to create a separate file for it. for example i use the folowing lines in my [homes] section: vfs object = recycle recycle:repository = .Papierkorb/%U recycle:keeptree = Yes recycle:touch = Yes recycle:versions = Yes recycle:maxsize = 0 recycle:exclude = *.tmp|*.temp|*.o|*.obj|~$*|*.~?? recycle:excludedir = /tmp|/temp|/cache recycle:noversions = *.doc|*.xls|*.ppt and it works out of the box like a charm have much fun Christoph andry schrieb: any one can help me how to setting up recycle bin on samba or manual references webstie btw i'm using redhat 7.2 samba 2.2.7.. === "Gabung INSTANIA, dapatkan XENIA. Daftar di www.telkomnetinstan.com, langsung dapat akses Internet Gratis.. Dan ..ikuti "Instan Smile" berhadiah Xenia,Tour S'pore, Komputer,dll, info hub : TELKOM Jatim 0-800-1-467826 " === -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] LOGIC ERROR in smbd locks system...
Hello, i have a little problem here: Using Samba 2.2.2 with IBM ClearCase (2003) on a Sun Solaris 8 machine (2 cpus, 4G ram) (IBM does not support Samba 3.0 with Clearcase, maybe Samba 3.0 will fix the problem, but not able to test it yet). There are more than 100 smbd processes running in average. Load average of the maschine: under 1.0 in normal operation. But from time to time there are system locks, means: there are many smbd's running (over 50 and more) that produces an load average of over 50.0 ! These processes consume about 2% cpu time per smbd, resulting in: cpu state: 0% idle 10% user 90% kernel. Simply: the machine does not responded to any request log.smbd says: [2004/07/20 10:07:48, 0] locking/locking.c:delete_fn(252) locking : delete_fn. LOGIC ERROR ! Entry for pid 16008 and it no longer exists! [2004/07/20 10:07:48, 0] locking/locking.c:delete_fn(252) locking : delete_fn. LOGIC ERROR ! Entry for pid 23576 and it no longer exists! [2004/07/20 10:07:48, 0] locking/locking.c:delete_fn(252) locking : delete_fn. LOGIC ERROR ! Entry for pid 4160 and it no longer exists! [2004/07/20 10:07:48, 0] locking/locking.c:delete_fn(252) locking : delete_fn. LOGIC ERROR ! Entry for pid 22062 and it no longer exists! [2004/07/20 10:07:48, 0] locking/locking.c:delete_fn(252) locking : delete_fn. LOGIC ERROR ! Entry for pid 9311 and it no longer exists! [2004/07/20 10:07:48, 0] locking/locking.c:delete_fn(252) locking : delete_fn. LOGIC ERROR ! Entry for pid 9311 and it no longer exists! Seems that smbd's are terminated and restarted again?! But what can cause this behaviour? Are there any timeouts in smbd that can cause this? Maybe the problem arise, if someone want to access a clearcase element over a clearcase view that is shared over samba to the windows world. If the element's size is huge and maybe compressed, clearcase can take a while to extract the element from the vob and give a response back to samba. But i can not understand, why nearly *all* smbd's are influenced? Many thanks for any help Thomas Maier -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] samba3 as NT4 BDC or domain member
i try to configure samba 3 as NT4 BDC or domain member with a whitebox linux i follow http://www.comp.hkbu.edu.hk/docs/s/samba30/htmldocs/howto/NT4Migration.html but get following error [EMAIL PROTECTED] root]# net rpc join -S serveur -w LSCOT -U Administrateur%xxx Joined domain LSCOT. [EMAIL PROTECTED] root]# net rpc vampire -S serveur -U Administrateur%xxx Fetching DOMAIN database Failed to fetch domain database: NT_STATUS_ACCESS_DENIED NT4 log returns refused access and just before, complains about missing trust relationship in the security database of the computer. as for now, i mainly want this server to serve file (BDC is bonus), i try to get it as domain member only but if joining domain works, user auth doesn't (passwd server is defined) local unix user and win domain user can't authentificate w or w/o group mapping defined. ideas ? thanks regards julien # This is the main Samba configuration file. You should read the # smb.conf(5) manual page in order to understand the options listed # here. Samba has a huge number of configurable options (perhaps too # many!) most of which are not shown in this example # # Any line which starts with a ; (semi-colon) or a # (hash) # is a comment and is ignored. In this example we will use a # # for commentry and a ; for parts of the config file that you # may wish to enable # # NOTE: Whenever you modify this file you should run the command "testparm" # to check that you have not many any basic syntactic errors. # ## ## links ## http://www.osnews.com/story.php?news_id=6684 ## tuning ## http://www.oreilly.com/catalog/samba/chapter/book/appb_02.html ## #=== Global Settings = [global] # workgroup = NT-Domain-Name or Workgroup-Name, eg: REDHAT4 ; workgroup = Win_test workgroup = LSCOT # server string is the equivalent of the NT Description field server string = Samba Server netbios name = whitebox netbios aliases = fichiers # netbios aliases = ntinstall # This option is important for security. It allows you to restrict # connections to machines which are on your local network. The # following example restricts access to two C class networks and # the "loopback" interface. For more examples of the syntax see # the smb.conf man page ; hosts allow = 192.168.1. 192.168.2. 127. hosts deny = ALL hosts allow = 192.168.1. 127. ; hosts allow = 192.168. EXCEPT 192.168.3.99 # If you want to automatically load your printer list rather # than setting them up individually then you'll need this ; load printers = yes # you may wish to override the location of the printcap file ; printcap name = /etc/printcap # on SystemV system setting printcap name to lpstat should allow # you to automatically obtain a printer list from the SystemV spool # system ; printcap name = lpstat # It should not be necessary to specify the print system type unless # it is non-standard. Currently supported print systems include: # bsd, sysv, plp, lprng, aix, hpux, qnx ; printing = bsd ## ## printing ## print command = /usr/bin/lpr -r -P%p %s lpq command = /usr/bin/lpq -P%p %s lprm command = /usr/bin/lprm -P%p %j queuepause command = /usr/sbin/lpc -P%p stop queueresume command = /usr/sbin/lpc -P%p start ## max print jobs allowed (0 no limit) ;total print jobs = 10 #lpq cache = 30 # Uncomment this if you want a guest account, you must add this to /etc/passwd # otherwise the user "nobody" is used ; guest account = pcguest # this tells Samba to use a separate log file for each machine # that connects ; %m NetBIOS name of the client machine ; log file = /var/log/smbd.%m ; %I IP log file = /var/log/smbd.%I # Default is 0 log level = 0 # Put a capping on the size of the log files (in Kb). max log size = 500 # Security mode. Most people will want user level security. See # security_level.txt for details. ;security = user ;security = member ??? security = domain # Use password server option only with security = server # The argument list may include: # password server = My_PDC_Name [My_BDC_Name] [My_Next_BDC_Name] # or to auto-locate the domain controller/s # password server = * ; password server = ; password server = serveur_nt1 # Note: Do NOT use the now deprecated option of "domain controller" # This option is no longer implemented. # You may wish to use password encryption. Please read # ENCRYPTION.txt, Win95.txt and WinNT.txt in the Samba documentation. # Do not enable this option unless you have read those documents encrypt passwords = yes # Using the following line enables you to customise your configuration # on a per machine basis. The %m gets replaced with the netbios name # of the machine that is connecting ; include = /usr/local/samba/lib/smb.conf.%m # Most people will find that this option gives better performance. # See speed.txt and the manual pages for details # You may wan
RE: [Samba] Samba+LDAP - so close yet so far :) ...STILL NOT SOLVED
Dear lists... But this still un-solved the real problem to join w2k to samba3-ldap . I'm here with the same situation. I even switch my distro to SuSe with same result, still cant join domain. Please give us hint how to solve or debug this problem. regards reza -Original Message- From: Craig White [mailto:[EMAIL PROTECTED] Sent: Tue 7/20/2004 9:48 AM To: [EMAIL PROTECTED] Cc: Subject:Re: [Samba] Samba+LDAP - so close yet so far :) ...STILL NOT SOLVED On Mon, 2004-07-19 at 19:34, José Ildefonso Camargo Tolosa wrote: > >http://samba.idealx.org/smbldap-howto.fr.html as you > >recommended. I have one big question, which one do I > >put in '/etc/ldap.conf' > > > >nss_base_passwd dc=wbcoll,dc=edu?one > >nss_base_shadow dc=wbcoll,dc=edu?one > >nss_base_group ou=Groups,dc=wbcoll,dc=edu?one > > > >or > > > >nss_base_passwdou=Users,dc=wbcoll,dc=edu?one > >nss_base_shadowou=Users,dc=wbcoll,dc=edu?one > >nss_base_group ou=Groups,dc=wbcoll,dc=edu?one > > > > > Neither, use this: > > nss_base_passwd dc=wbcoll,dc=edu?sub > nss_base_shadow dc=wbcoll,dc=edu?sub > nss_base_group ou=Groups,dc=wbcoll,dc=edu?one > > Look at the sub, it tells the system to descend to all the sub-objects it may have. > --- It is pertinent to consider that this suggestion waives any efficiency for ease of use as it will tell all user lookups to search the entire LDAP tree. I already told him to use his second choice as that is most efficient. I recognize that your option would permit the option of trying to use a separate organizational unit for Computers but this guy is endlessly confused, and simple is clearly better for his purposes, without considering the impact of excessive searching of the LDAP db. Craig -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Re: String overflow in safe_strcpy .
Is there another way to make shares readable to 16 bit apps that use the 8.3 filename. because with out specifying "mangling method = hash" the file names are completly mangled and only the first letter remains the same. Where as "mangling method = hash" only mangles the last 3 letters. Carl. Carl Matthews wrote: Hi Jeremy, Sorry for not replying sooner, ive attached my config file. as a quick test, I created a folder called : "Test Directory That Is Long" under which i created a folder called "This folder is long too" and a file called "This Folder is long.txt" and this gives me the string errors. Thanks. Jeremy Allison wrote: On Wed, Jul 14, 2004 at 11:03:26PM +0100, Carl wrote: Just Installed 3.0.5rc1 and the problem persists unfortunately, Ok, can you give me the smb.conf file and the directory and filenames you're using. I'll see if I can reproduce with the latest SVN code. Thanks, Jeremy. # Samba config file created using SWAT # from 0.0.0.0 (0.0.0.0) # Date: 2004/06/23 10:15:40 # Global parameters [global] server string = Mandrake1 netbios aliases = FC1 password server = None guest account = mleall username map = /etc/samba/smbusers log level = 0 log file = /var/log/samba/%m.log max log size = 500 name resolve order = wins lmhosts host bcas deadtime = 15 socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 load printers = No mangling method = hash preferred master = Yes domain master = No dns proxy = No wins support = Yes oplock break wait time = 100 ldap ssl = no valid users = @MLE-ALL create mask = 0775 directory mask = 0775 guest ok = Yes dos filemode = Yes [NET-Eng] comment = Product Design By Genius path = /mnt/mle-net/MLE-NET/MLE-NET-Eng write list = @MLE-ALL force user = mleall read only = No [NET-GMDB] comment = MLE-NET GoldMine DB path = /mnt/mle-net/MLE-NET/MLE-NET-GMDB write list = @MLE-ALL force user = mleall read only = No veto oplock files = /*.DBT/*.DBF/*.MDX/ blocking locks = No level2 oplocks = No dos filemode = No [NET-Public] comment = MLE-NET Public Share path = /home/local/samba-public write list = @MLE-ALL force user = mleall read only = No copy = NET-Eng -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] logging in to PDC with Win98
Hiya I've got FreeBSD and Samba 2.2 running quite nicely on a server I ma using for web page development. This is on a 3 PC network at home using fixed IP addresses 192.168.0.x etc. However, last night I tried to make it into a PDC following the PDC Howto document. all seemed well till I tried to login to it >-: The netbios name is 'micah' the server name was 'micah.ru.ac.za' which is the full domain of the network I installed it on here at work. I set my Win98SE machine to ;login to domain; and told it the domain name was 'micah' I got an instant dialog saying ;incorrect parameter; and it will not login I then tried '\\micah' but it also will not work. I then added '.ru.ac.za' to the domain name I then got a delay followed by a long message saying in essense 'I could not find a domain to authorize against, so some of the network won't work' and then the login proceeds, I do not get a home directory, but a preexisting drive mapping works fine, and no sign of the login script running at all (I created a simple batch file that just annouces itself, and I did make it executable) I then messed around with the server name, making is just 'micah', or 'micha.home'. no change in the above results. I checked, and rechecked, the lmhosts and hosts files on my Win98 box, all ok there, and of course the server is browsable after the failed login. The server is not running DNS or anything else remotely fancy. It just exists as a web server for developing new PHP code, and I use Samba to make it easy to edit the web files. So what is it that I am missing? (note I have NEVER logged into any kind of MS domain server, ever. We have Novell at the office) -- DA Fo rsythNetwork Supervisor Principal Technical Officer -- Institute for Water Research http://www.ru.ac.za/institutes/iwr/ -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
