[Samba] How to access Windows machine from Linux using Samba.
I have few questions 1. I installed samba on my Linux box. When I invoke any Samba tool e.g. smbclient or findsmb error is reported unable to open configuration file smb.conf run testparm to debug it. I ran testparm but could not solve the problem. 2. I have a Windows machine which I want to access from the linux machine. I Samba is there to help in this problem ? How should I achieve this using Samba. I checked the documentation available on samba.org but found it too much away from my problem. Thanks in Advance. ..Ba -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Samba Multiple Subnets
Hi, I have installed Samba 3.0.5 pre1 as PDC and two domain member servers with winbind which is catering to two subnets containing only windows 9x clients. The PDC and the member servers are in the same subnet i.e. 192.168.1.0/24, and the other subnet 192.168.2.0/24 is seperated by a linux router, now how can I make the windows 9x clients to domain logon from the second subnet (192.168.2.0/24) which only contains windows 9x clients. Please suggest me some solution. Thanks, Honey -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Re: i need recycle bin configuration
How do we do it on Samba 3.x? Hi, there are a few things to do to get this working with samba-2.x.x: Jim C. -- - | I can be reached on the following Instant Messenger services: | |---| | MSN: [EMAIL PROTECTED] AIM: WyteLi0n ICQ: 123291844 | |---| | Y!: j_c_llings Jabber: [EMAIL PROTECTED]| - -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Problem with umlaut on windows server
Hallo Samba-users, I've got a problem mounting a windows-share via mount / smbmount: The mount itself works without any problem, but when I try to enter a directory with a Umlaut (such as ,,) the command fails. All the umlauts are replaced with a question mark when I ls in the directory which contains the directory with the umlaut. Changing the character set results in equal problems: The umlauts are shown as Block-Symbol ( - if you cant see it: it's ASCII sign Nr. 177, see http://www.asciitable.com/) but entering a directory works. Unfortunately any further actions fail, i.e. listing the content of the directory quits with an IO Error. Browsing the share with the smb:// tool of the Konqueror returns correct umlauts, but entering a directory is also not possible. What can I do to get the Windows-Shares displayed correctly ? Renaming is unfortunately not an option. Configuration: Client: RedHat Enterprise Linux 3.0; Samba 3.0; Server: Windows 2000 Server in a Domain; Thanks in advance for your help, Philipp Weimann -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] strange DOS-Error 58
Hi, based on Bart Lagerweij's ( www.nu2.nu ) bootdisk, I've created a small DOS system that users can start by booting from network ( PXE ). The system is configured to map a network drive from a Suse 9.0 Pro / Samba server with various tools on it. The connection is anonymous. Until recently everything worked fine but suddenly there are strange errors: When I try to launch an EXE from that share I get Access denied. After that I can no longer work with that share. No matter what I do ( e.g. 'dir' ) the result is 'Extended Error 58'. Also, when I copy an EXE from the share to the bootdisk's ramdrive, the file seems to get broken - the computer hangs up as soon as I launch it from the ramdrive. Apart from starting programs I can do almost everything on the network drive, e.g. 'type' a text file or execute all other kinds DOS commands. This problem does not occur at all when I access the same share from a WinXP box. I'm pretty sure the only change in the whole system was an upgrade from Samba 3.0.4 to 3.0.5RC1 . That was because of a printing problem. For this reason I would not want to downgrade back to Samba 3.0.4. You will find the usual bunch of logs and conf's below. Thanks in advance for any help you can give ! Regards, Ulf smb.conf: # 'privacy enhanced' smb.conf # Global parameters [global] workgroup = MYDOMAIN server string = Fileserver client schannel = auto map to guest = Bad User null passwords = Yes obey pam restrictions = Yes passdb backend = ldapsam:ldap://dir-server, guest passwd program = /usr/bin/passwd -q %u passwd chat = *New*password* %n\n *Re-enter*new*password* %n\n \n unix password sync = Yes client plaintext auth = No log level = 2 syslog = 0 log file = /var/log/samba/%m.log time server = Yes client signing = Yes deadtime = 1440 socket options = SO_KEEPALIVE IPTOS_LOWDELAY TCP_NODELAY add user script = /etc/samba/scripts/smbldap-useradd.pl '%u' delete user script = /etc/samba/scripts/userdel.sh '%u' add group script = /etc/samba/scripts/smbldap-groupadd.pl '%g' /etc/samba/scripts/smbldap-groupshow.pl %g|awk '/^gidNumber:/ {print $2}' delete group script = /etc/samba/scripts/groupdel.sh '%g' add user to group script = /etc/samba/scripts/smbldap-groupmod.pl -m '%u' '%g' delete user from group script = /etc/samba/scripts/smbldap-groupmod.pl -x '%u' '%g' set primary group script = /etc/samba/scripts/smbldap-usermod.pl -g '%g' '%u' add machine script = /etc/samba/scripts/machadd.sh %u shutdown script = /sbin/shutdown +1 abort shutdown script = /sbin/shutdown -c logon script = scripts\%m.bat logon path = \\%L\%U\.winprofile logon drive = m: logon home = \\%L\%U domain logons = Yes os level = 65 domain master = Yes wins server = 10.0.0.2 ldap admin dn = cn=proxy-user,ou=department,o=company,c=DE ldap group suffix = ou=Group ldap suffix = ou=department,o=company,c=DE ldap ssl = no ldap user suffix = ou=People message command = /bin/mail -s 'Nachricht von %f auf %m' root %s; rm %s host msdfs = Yes idmap uid = 1-2 idmap gid = 1-2 admin users = @domadm write list = @domadm printer admin = @it-s, @domadm, @printop map acl inherit = Yes printer name = normal map system = Yes map hidden = Yes [install] comment = windows installation source path = /data/pxe/client write list = root, @it-s, @domadm guest ok = Yes map system = No map hidden = No map archive = No browseable = No smbd.log: [2004/07/20 09:45:36, 5] lib/debug.c:debug_dump_status(369) INFO: Current debug levels: all: True/5 tdb: False/0 printdrivers: False/0 lanman: False/0 smb: False/0 rpc_parse: False/0 rpc_srv: False/0 rpc_cli: False/0 passdb: False/0 sam: False/0 auth: False/0 winbind: False/0 vfs: False/0 idmap: False/0 quota: False/0 acls: False/0 [2004/07/20 09:45:36, 5] lib/debug.c:debug_dump_status(369) INFO: Current debug levels: all: True/5 tdb: False/0 printdrivers: False/0 lanman: False/0 smb: False/0 rpc_parse: False/0 rpc_srv: False/0 rpc_cli: False/0 passdb: False/0 sam: False/0 auth: False/0 winbind: False/0 vfs: False/0 idmap: False/0 quota: False/0 acls: False/0 [2004/07/20 09:45:55, 5] lib/util_sock.c:print_socket_options(147) socket option SO_KEEPALIVE = 1 [2004/07/20 09:45:55, 5] lib/util_sock.c:print_socket_options(147) socket option SO_REUSEADDR = 1 [2004/07/20 09:45:55, 5] lib/util_sock.c:print_socket_options(147) socket option SO_BROADCAST = 0 [2004/07/20 09:45:55, 5] lib/util_sock.c:print_socket_options(147) socket option TCP_NODELAY = 1 [2004/07/20 09:45:55, 5] lib/util_sock.c:print_socket_options(147) socket option IPTOS_LOWDELAY = 16 [2004/07/20 09:45:55, 5] lib/util_sock.c:print_socket_options(147) socket option IPTOS_THROUGHPUT = 16 [2004/07/20 09:45:55, 5]
Re: [Samba] Re: i need recycle bin configuration
Ermm... have you read the complete mail from me? ;-) it's all described at the bottom of it for 3.x excerpt from that mail: for the samba 3.x-branch the procedure has changed completly. The VFS modules have been integrated in the normal make/install process, so you don't have to compile them for your on, and the complete configuration now goes into smb.conf, no need to create a separate file for it. for example i use the folowing lines in my [homes] section: vfs object = recycle recycle:repository = .Papierkorb/%U recycle:keeptree = Yes recycle:touch = Yes recycle:versions = Yes recycle:maxsize = 0 recycle:exclude = *.tmp|*.temp|*.o|*.obj|~$*|*.~?? recycle:excludedir = /tmp|/temp|/cache recycle:noversions = *.doc|*.xls|*.ppt and it works out of the box like a charm have a nice day. Christoph Jim C. schrieb: How do we do it on Samba 3.x? Hi, there are a few things to do to get this working with samba-2.x.x: Jim C. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: i need recycle bin configuration
Hi Jim, Your configuration could look like this: [tmp] comment = Temporary file space path = /tmp read only = no guest ok = yes public = yes # Use Recycler Modul (check your path !) vfs object = /usr/lib/samba/vfs/recycle.so # Name of the directory the trash will be stored in vfs object = recycle:repository=.recycle # Keep multiple versions of deleted files recycle:versions=True # Touch files on recycling recycle:touch=True # Keep the tree when deleting whole structures recycle:keeptree=True Philipp Weissmann How do we do it on Samba 3.x? Hi, there are a few things to do to get this working with samba-2.x.x: Jim C. -- - | I can be reached on the following Instant Messenger services: | |---| | MSN: [EMAIL PROTECTED] AIM: WyteLi0n ICQ: 123291844| |---| | Y!: j_c_llings Jabber: [EMAIL PROTECTED] | - -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Windows Backup to samba3 share = problem
Hello All! I have strange problem with my samba3. I want to backup my data from w2k computer to samba share. For this, I using order tool - Windows Backup program. When I trying to choose network disk for backup destination, I see error message: Access denied. But, I can create any files or folders on the disk manually, for example, with Explorer. Very interesting, that this problem is absent for samba2 shares. I see this problem only for samba3. Help me please! -- With best wishes, Victor Vislobokov Perm. Russia -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Re: Windows permissions
Hi, you need to put the gomain group 'Domain Users' into the local group Administrators on each client machine. If you don't want every users to be administrator an every client machine you can also put individual groups or users into the local administrator group of your clients. Alternatively you could create a group 'Domain Admins' with a rid=512. Members of that group would automatically be administrators on all domain clients Ulf Jacob Marble schrieb: Greetings NG- I'm putting together a Samba domain for the first time, using 3.0.2a-Debian. I have created a good smb.conf file (based on the Howto book by John Terpstra), including the following line to disable roaming profiles everywhere: logon path = Thanks to Josh Ginsberg and company for that one! Now I have created one logon user and have logged on successfully from a Win2k/pro machine without incident. However, this user does not have Administrator privaledges on the windows machine. I need a samba domain user that logs in and has all the privaledges that a local Administrator user has. Is this possible? I would think this should be configurable on the server, as authentication is all done via SMB/CIFS. Am I right? I have investigated the smbpasswd command, thinking it should be in there somewhere, but no dice. TIA, Jake Marble LandEZ -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Re: strange DOS-Error 58
Hi again, I've probably cut to much from the client log. Again, please mail me if you need the full log file. This might also be interesting: [2004/07/20 09:46:11, 3] smbd/process.c:switch_message(887) switch message SMBchkpth (pid 16976) conn 0x83c2038 [2004/07/20 09:46:11, 4] smbd/uid.c:change_to_user(193) change_to_user: Skipping user change - already user [2004/07/20 09:46:11, 5] smbd/filename.c:unix_convert(109) unix_convert called on file TOOLS/PART/XFDISK [2004/07/20 09:46:11, 5] smbd/filename.c:unix_convert(180) unix_convert begin: name = tools/PART/XFDISK, dirpath = tools, start = PART/XFDISK [2004/07/20 09:46:11, 4] smbd/dir.c:DirCacheAdd(1041) Added dir cache entry tools PART - Part [2004/07/20 09:46:11, 5] smbd/statcache.c:stat_cache_add(176) stat_cache_add: Added entry TOOLS/PART - tools/Part [2004/07/20 09:46:11, 5] smbd/statcache.c:stat_cache_add(176) stat_cache_add: Added entry TOOLS/PART/XFDISK - tools/Part/xfdisk [2004/07/20 09:46:11, 5] smbd/filename.c:unix_convert(397) conversion finished TOOLS/PART/XFDISK - tools/Part/xfdisk [2004/07/20 09:46:11, 3] smbd/reply.c:reply_chkpth(582) chkpth tools/Part/xfdisk mode=20 [2004/07/20 09:46:11, 5] lib/util.c:show_msg(443) [2004/07/20 09:46:11, 5] lib/util.c:show_msg(453) size=35 smb_com=0x10 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=128 smb_flg2=18433 smb_tid=1 smb_pid=58030 smb_uid=100 smb_mid=0 smt_wct=0 smb_bcc=0 [2004/07/20 09:46:13, 3] smbd/process.c:process_smb(1092) Transaction 31 of length 77 [2004/07/20 09:46:13, 5] lib/util.c:show_msg(443) [2004/07/20 09:46:13, 5] lib/util.c:show_msg(453) size=73 smb_com=0x81 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=0 smb_flg2=0 smb_tid=1 smb_pid=58030 smb_uid=100 smb_mid=0 smt_wct=2 smb_vwv[ 0]=1 (0x1) smb_vwv[ 1]= 19 (0x13) smb_bcc=34 [2004/07/20 09:46:13, 3] smbd/process.c:switch_message(887) switch message SMBsearch (pid 16976) conn 0x83c2038 [2004/07/20 09:46:13, 4] smbd/uid.c:change_to_user(193) change_to_user: Skipping user change - already user [2004/07/20 09:46:13, 5] smbd/filename.c:unix_convert(109) unix_convert called on file TOOLS/PART/XFDISK/XFDISK.??? [2004/07/20 09:46:13, 5] smbd/filename.c:unix_convert(180) unix_convert begin: name = tools/Part/xfdisk/XFDISK.???, dirpath = tools/Part/xfdisk, start = XFDISK.??? [2004/07/20 09:46:13, 5] smbd/filename.c:unix_convert(332) New file XFDISK.??? [2004/07/20 09:46:13, 5] smbd/dir.c:start_dir(334) start_dir dir=tools/Part/xfdisk [2004/07/20 09:46:13, 3] smbd/dir.c:dptr_create(491) creating new dirptr 6 for path tools/Part/xfdisk, expect_close = 0 [2004/07/20 09:46:13, 4] smbd/reply.c:reply_search(897) dptr_num is 6 [2004/07/20 09:46:13, 3] smbd/dir.c:get_dir_entry(661) get_dir_entry mask=[XFDISK.???] found tools/Part/xfdisk/XFDISK.EXE fname=XFDISK.EXE [2004/07/20 09:46:13, 4] smbd/reply.c:reply_search(974) SMBsearch mask=XFDISK.??? path=tools/Part/xfdisk dtype=19 nument=1 of 1 [2004/07/20 09:46:13, 5] lib/util.c:show_msg(443) [2004/07/20 09:46:13, 5] lib/util.c:show_msg(453) size=83 smb_com=0x81 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=128 smb_flg2=18433 smb_tid=1 smb_pid=58030 smb_uid=100 smb_mid=0 smt_wct=1 smb_vwv[ 0]=1 (0x1) smb_bcc=46 [2004/07/20 09:46:13, 3] smbd/process.c:process_smb(1092) Transaction 32 of length 69 [2004/07/20 09:46:13, 5] lib/util.c:show_msg(443) [2004/07/20 09:46:13, 5] lib/util.c:show_msg(453) size=65 smb_com=0x81 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=0 smb_flg2=0 smb_tid=1 smb_pid=58030 smb_uid=100 smb_mid=0 smt_wct=2 smb_vwv[ 0]=1 (0x1) smb_vwv[ 1]= 46 (0x2E) smb_bcc=26 [2004/07/20 09:46:13, 3] smbd/process.c:switch_message(887) switch message SMBsearch (pid 16976) conn 0x83c2038 [2004/07/20 09:46:13, 4] smbd/uid.c:change_to_user(193) change_to_user: Skipping user change - already user [2004/07/20 09:46:13, 3] smbd/dir.c:dptr_fetch(535) fetching dirptr 6 for path tools/Part/xfdisk at offset 4 [2004/07/20 09:46:13, 4] smbd/reply.c:reply_search(897) dptr_num is 6 [2004/07/20 09:46:13, 3] smbd/dir.c:get_dir_entry(661) get_dir_entry mask=[XFDISK.???] found tools/Part/xfdisk/XFDISK.INI fname=XFDISK.INI [2004/07/20 09:46:13, 4] smbd/reply.c:reply_search(974) SMBsearch mask=XFDISK.??? path=(tools/Part/xfdisk) dtype=19 nument=1 of 1 [2004/07/20 09:46:13, 5] lib/util.c:show_msg(443) [2004/07/20 09:46:13, 5] lib/util.c:show_msg(453) size=83 smb_com=0x81 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=128 smb_flg2=18433 smb_tid=1 smb_pid=58030 smb_uid=100 smb_mid=0 smt_wct=1 smb_vwv[ 0]=1 (0x1) smb_bcc=46 -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] need 100% working confs(samba with ldap backend)
I am totaly lost with my problem... (it looks like https://bugzilla.samba.org/show_bug.cgi?id=1506 but i have problem only with profiles) I'm asked here but no answer... This is my solution: ^) Somebody mail me 100% working confs... please What i need... smb.conf slapd.conf ldap.conf entire tree of your ldap directory -- Best regards, ds_shadof mailto:[EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba + ADS + User Accounts
Hi, yes, samba can do that, kindof;-) What you want is realized via pam. You need to install the pam_mkhomedir module and configure it for all services your users use to connect to your server. After that the home-dir for each user will be created automagically the first time the user trys to access the server. But don't ask me how to do it on fedora, cause i don't know it. pam with all its tricks and traps is verry distribution-specific. if you used debian i could tell you more... Christoph Dan Strohschein schrieb: Hello, We have a windows 2003 server hosting ADS. We also have a fedora core 2 file server running samba 3.0.2a. We have it currently configured to join the ADS domain. We Can use Winbind to see users, groups, etc. We can even browse samba shares from windows computers. However one thing we don't know: What we want to do is when a user is added to ADS for samba to create a user directory (like it does when you run adduser in linux) with proper ownership of that dirrectory. Can samba do this? If so, how do we set up samba to do that?? Thanks Dan Strohschein Director of Software The Wifi Link -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Files get written with sections of log in them - destroying files.
Hello! I'm having a problem with Samba 3.0.4 on a HP-UX 11.00 server. The problem is, that sometimes files don't get written properly; ie. somewhere in the middle of the file, I find a section of logs. You can find a sample file at http://stuff.alexander.skwar.name/Delphi/HP-UX/Samba/broken-samba-file.prt If you open the file with a binary editor and have a look at bytes 6000 to 16100, you'll see that something's very wrong. You'll also see that, if you open the file in a normal text viewer like your browser. Any ideas at all about why something like this might happen? Further files of interest: http://stuff.alexander.skwar.name/Delphi/HP-UX/Samba/smb.conf http://stuff.alexander.skwar.name/Delphi/HP-UX/Samba/testparm_--suppress-prompt_--verbose.txt Thanks a lot, Alexander Skwar -- Sind Schäfchens Locken schwarz und braun, dann lehnt es am Elektrozaun. Und wenn es mit den Äuglein rollt, dann will es sagen: Zuviel Volt! -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Upgrading PDC from 2.2.8 to 3.0.2a - WAN problems
I tried to upgrade our Solaris 7 Sun E450 PDC from Samba 2.2.8 to Samba 3.0.2a recently. We are running Windows 2000 desktops. Most of our users connect via our LAN , however a significant group of users are connecting over our WAN - by a variety of methods , including ISDN and BT-NetEquip ( 512k/2MB line ). After the upgrade all of the users on the LAN were able to reach there network resources via Samba consistently without problems. Initially , all of the users connecting via the WAN were also able to get to all there network resources , but we consistently found that after approximately 2 to 3 hours they all lost there network resources. Attempts by WAN users to log back on again failed. When running the login script , the error code 53 was frequently seen. Restarting the Samba daemons on the PDC fixed the problem , but this is hardly a feasible solution on a production PDC. In the end , I had to fall back to running 2.2.8. Can anybody out there help me please ? Thanks in advance Dominic Clarke Friends of The Earth www.foe.co.uk -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] HELP panic with samba3\PDC\ldap == w2kServer
I'm so lost I've configured samba/ldap to act as PDC and everithing seems to work fine, i can join easily a domain with my w2k SP4 client but after reboot when i try to connect to samba PDC i obtain a message that say something like the domain is not avaiable at the moment, try again later. what can i do... i'm seriously tired and angry... =) thanks everybody. Sandro Paganotti -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: i need recycle bin configuration
excerpt from that mail: complete configuration now goes into smb.conf, no need to create a separate file for it. vfs object = recycle recycle:repository = .Papierkorb/%U Now, that's great. And really works. And testparm goes crazy if i ad all this, it repeats that part maybe 10 times. Can someone please tell me where to find doku on all these parameters for recycle? Google wasn't that helpful this time. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Why this error? Unable to find Domain Master Browser
Hi. Can someone tell me why I'm getting this error (see below) in my daemon error log every hour? In my smb.conf section, I have my Linux box set to: wins support = yes os level = 65 This message occurs even when all Windows workstations are shut off, so it must be something with my samba configuration on the Linux box. Help appreciated. Regards, Andy Liebman Jul 21 06:54:34 localhost nmbd[1937]: [2004/07/21 06:54:34, 0] nmbd/nmbd_browsesync.c:find_domain_master_name_query_fail(350) Jul 21 06:54:34 localhost nmbd[1937]: find_domain_master_name_query_fail: Jul 21 06:54:34 localhost nmbd[1937]: Unable to find the Domain Master Browser name SALES_GROUP1b for the workgroup SALES_GROUP. Jul 21 06:54:34 localhost nmbd[1937]: Unable to sync browse lists in this workgroup. Jul 21 06:54:34 localhost nmbd[1937]: [2004/07/21 06:54:34, 0] nmbd/nmbd_browsesync.c:find_domain_master_name_query_fail(350) Jul 21 06:54:34 localhost nmbd[1937]: find_domain_master_name_query_fail: Jul 21 06:54:34 localhost nmbd[1937]: Unable to find the Domain Master Browser name SALES_GROUP1b for the workgroup SALES_GROUP. Jul 21 06:54:34 localhost nmbd[1937]: Unable to sync browse lists in this workgroup. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] [[ LDAP - PDC/BDC Strategy ]]
hi there's - maybe only for me - one problem: i can add just on IDMAP BACKEND server in smb.conf for winbindd so if this IDMAP BACKEND (most likely PDC) fails (or better: his ldap server), IDMAPing also fails for winbindd andrew told me, that it should work, but it doesn't for me under samba v3.0.4 best, micha Felipe Augusto van de Wiel schrieb: Paul Gienger wrote: Hi Paul, Felipe Augusto van de Wiel wrote: :: Hi rruegner, :: rruegner wrote: you dont have to struggle around, if you have a ldap master allready running setup a ldap slave on the bdc machine, and configure the bdc smb.conf as bdc with asking the ldap slve for auth thats all :: Sorry but maybe I'm missing something. In my tests :: it didn't work, because of the read only status of :: ldap slave, the machines account password are changed :: lots of times. :: There are lines in the smbldap-tools package (which I :: hope you're using by now) that you can specify a 'ldap :: master' that will be referred to in instances where an :: ldap-modify command is needed as opposed to a simple :: ldap-search. Yes, I use smbldap-tools package! :) But, I really do not understand how it is related with the PDC/BDC system. Is is a 'smbd' task, the LDAP server is responsible to make the replication, and the smbd the authentication. The docs are clearly to say that I need to put the User and Group SID inside the LDAP base do allow the Samba Server (I have 8 Samba Server, which 5 of them are on differente networks) to act as PDC/BDC system. In other words, if master fails, secondary will take over the 'auth' task until the master re-appears. :) But AFAICT the PDC/BDC also needs the SID mapped inside the LDAP, and actually I doesn't have it. :: Are you saying that the SID on each machine is :: different? If that is the case you need to do :: a net getlocalsid on your pdc and then a net :: setlocalsid (output of last command) on the bdc :: machine. No, I'm not talking about machines. I'm talking about users. Probably I have two majors problems, the samba-3.0.0-beta2 (we'll migrate this week) and the structure of the LDAP base, in other words, the samba schema. I'm trying to discover which fields are required for each user. Looking at SAMBA3 HOW TO, the idmap backend is required for LDAP PDC/BDC Strategy to work, in other words, users must have only one SID along the entire 'Directory'. The point is that I'm trying to check and be sure of what I'm doing on my 'Directory' and on my network. :) // Felipe -- Matrix - more than a vision ** Michael Gasch - Central IT Department - Max Planck Institute for Evolutionary Anthropology Deutscher Platz 6 04103 Leipzig Germany ** -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] NMBLOOKUP returns double entries ???
hi, when i do nevanfs01:/ # nmblookup NEVAN#1B i get querying NEVAN on 192.168.255.255 192.168.41.3 NEVAN1b 192.168.41.3 NEVAN1b i just wonder, why there's two times the same entry? i also get error messages from nmbd like these, which i think are related to the problem i mentioned at first: 2004-07-21 13:34:21 nmbd[3150]: [2004/07/21 13:34:09, 0] nmbd/nmbd_namequery.c:query_name_response(101) 2004-07-21 13:29:26 nmbd[3150]: This response was from IP 192.168.41.3, reporting an IP address of 192.168.41.3. 2004-07-21 13:29:26 nmbd[3150]: query_name_response: Multiple (2) responses received for a query on subnet 192.168.1.239 for name NEVAN1d. here's my smb.conf for the PDC (192.168.41.3) [global] workgroup = NEVAN netbios name = nevanpdc server string = NevanPDC on Samba Version: %v username map = /etc/samba/username.map log level = 5 log file = /var/lib/samba/log.%m max log size = 1 -- snip --- guest ok = no guest account = Guest security = user os level = 65 domain master = yes local master = yes preferred master = yes domain logons = yes logon path = logon home = encrypt passwords = yes socket options = SO_KEEPALIVE IPTOS_LOWDELAY TCP_NODELAY wins support = yes dns proxy = no add machine script = /root/bin/BDC/addmachine.sh '%u' display charset = UTF8 unix charset = UTF8 -- could you point me to a solution? thx greez Matrix - more than a vision ** Michael Gasch - Central IT Department - Max Planck Institute for Evolutionary Anthropology Deutscher Platz 6 04103 Leipzig Germany ** -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Re: Samba Multiple Subnets
Hi, I have installed Samba 3.0.5 pre1 as PDC and two domain member servers with winbind which is catering to two subnets containing only windows 9x clients, the samba PDC is also configured as Wins server. The PDC and the member servers are in the same subnet i.e. 192.168.1.0/24, and the other subnet 192.168.2.0/24 is seperated by a linux router, now how can I make the windows 9x clients to domain logon from the second subnet (192.168.2.0/24) which only contains windows 9x clients, I have added the wins server address on all the clients in both the sunbets, but from the second subnet my windows 9x clients are unable to logon to domain. Please suggest me some solution. Thanks, Honey -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Winbind on AIX
Hi, Thanks for the tip, it works better now. Not perfectly, but I think we have to fix a few things on our DC Regards, Le mar 20/07/2004 à 15:54, Anders Larsson a écrit : Hi! yes we are using samba/winbind as auth against AD 2003 server u need to join your domain ner join -U username%password and then wbinfo -set-auth-user=username%pass and modify methods and modify /etc/security/user default: SYSTEM = WINBIND or compat and conf your smb.conf for winbind Regards Anders On Tue, Jul 20, 2004 at 02:26:48PM +0200, Stephane DAVY wrote: Deal all, I'd like to use winbind capabilities on AIX servers (AIX 4.3.3 and AIX 5.2). In particular, I'd like to define share access based on NT group. I think I've successfully setup my Samba suite, I've entered my AIX box in my NT domain and playing with wbinfo (-t, or -a user%passwd) works fine. As told in the documentation, I've copied the WINBIND module under /usr/lib/security, and modify the methods.cfg file like that: WINBIND: program = /usr/lib/security/WINBIND and... it doesn't work. Does some of you have some experience with the AIX plateform? Thanks a lot -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] XP - strange profile handling
Hi all, I'm using samba 3.0.2a with openldap as PDC with roaming profiles. one xp client has only been able to load the profile from the server after I set nt acl support = yes for the profiles share. Now the problem is that this xp client writes everything directly into the profile folder on the server, instead of doing this when the user logs off. Thanks in advance for any hint, Andre -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Re: Samba/LDAP/PDC Questions
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 | Subject: | [Samba] Samba/LDAP/PDC Questions | From: | [EMAIL PROTECTED] | Date: | Mon, 19 Jul 2004 21:10:29 + (UTC) | To: | [EMAIL PROTECTED] | | Greetings! | | I created a Samba/OpenLDAP/smbldap-tools Primary Domain Controller. So far | I am able to do the folowing: | 1. Using USRMGR,EXE to administrating users and groups. | 2. Adding Windows 2000, XP workstation on the fly. | 3. PDBEDIT/SMBLDAP-TOOLS/GQ all works as they suppose to. | 4. LDAP autheticate unix accounts. | | However, I am not able to to the following: | 1. Cannot joint an NT machine (SP6a) into the domwin. It keeps | saying that the Machine account is not available or not accessible even | if I manually added the machine account manually using smbldap-useradd | NT$. | 2. Cannot use SRVMGR.EXE to add machine to domain. It complains | Access Denied, though I can do other things like change the permission | of a share etc. | 3. Cannot join an existing domain after I configure it as a BDC | with the PDC's SID. It complains Failed to setup BDC creds. | | It looks like the communication between samba and openldap is OK since I | can managing user/group with USRMGR.EXE. However, a few questions puzzles | me: | 1. In what situtation do I need People group as the group for | machines? In the case where you use: nss_base_passwdou=Users,dc=ab,dc=com?one If you use: nss_base_passwddc=ab,dc=com?sub then you can have machine accounts anywhere you like under dc=ab,dc=com Regards, Buchan - -- Buchan Milne Senior Support Technician Obsidian Systems http://www.obsidian.co.za B.EngRHCE (803004789010797) -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFA/lscrJK6UGDSBKcRAlmKAJ4z1HLpysdmbleQbv3+lW7IHblOvACeJ5nn FSzpemqu+CZdgaFGwhmXNII= =tlrI -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: i need recycle bin configuration
Hi, if testparm goes crazy on these parameters, are you shure its the testparm matching the smbd you are running? perhaps its a leftover older version which doesnt know these values? mine doesn't complain. And yes the doc's for this are not easy to find. AFAIR i found these parameters in the HTML-doc's comming with the new versions of samba. Christoph Holger Krull schrieb: excerpt from that mail: complete configuration now goes into smb.conf, no need to create a separate file for it. vfs object = recycle recycle:repository = .Papierkorb/%U Now, that's great. And really works. And testparm goes crazy if i ad all this, it repeats that part maybe 10 times. Can someone please tell me where to find doku on all these parameters for recycle? Google wasn't that helpful this time. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Problem with umlaut on windows server
Hello, I've had nearly the same problem. I've fixed the character mapping with the following entries in the smb.conf ([global] section): 8-- dos charset = 850 unix charset = ISO8859-15 8-- but you have to determine which charset your unix file system is really using, maybe another one could help you to determine *shame*, I've forgotten how I was doing that :-( I also run into problems with umlauts (without samba) using jfs, so I switched to xfs and I'm happy with it. but I think there is no way to avoid renaming of scrambled files/directories. manfred Am Mittwoch, 21. Juli 2004 09:16 schrieb Weimann Philipp: Hallo Samba-users, I've got a problem mounting a windows-share via mount / smbmount: The mount itself works without any problem, but when I try to enter a directory with a Umlaut (such as ,,) the command fails. All the umlauts are replaced with a question mark when I ls in the directory which contains the directory with the umlaut. Changing the character set results in equal problems: The umlauts are shown as Block-Symbol ( - if you cant see it: it's ASCII sign Nr. 177, see http://www.asciitable.com/) but entering a directory works. Unfortunately any further actions fail, i.e. listing the content of the directory quits with an IO Error. Browsing the share with the smb:// tool of the Konqueror returns correct umlauts, but entering a directory is also not possible. What can I do to get the Windows-Shares displayed correctly ? Renaming is unfortunately not an option. Configuration: Client: RedHat Enterprise Linux 3.0; Samba 3.0; Server: Windows 2000 Server in a Domain; Thanks in advance for your help, Philipp Weimann -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] unable to join domain hosted by 3.0 PDC
On Wed, Jul 21, 2004 at 01:54:52PM +0200, Nikola Vanevski wrote: Hi! I experienced the same problem a couple of days ago. It is a misconfiguration in global parameters, but I don't exactly know where. I copied the smb.conf [Globals] options from a working server and it fixed the problem. Because I was in a great hurry, I did not check where did I go wrong. Here are the parameters that worked on _my_ server : (smbpasswd backend) [global] workgroup = MBPR2 server string = Samba Server interfaces = 127.0.0.1, eth0 bind interfaces only = Yes map to guest = Bad User username map = /etc/samba/smbusers add machine script = /usr/sbin/useradd -c Machine -d /var/lib/nobody -s /bin/false %m$ logon path = logon home = domain logons = Yes os level = 65 preferred master = Yes domain master = Yes ldap suffix = dc=example,dc=com ldap ssl = no printer admin = @ntadmin, root, administrator Hope this helps. If you find what's going on (like the difference between your settings and these), Id like to know. Greetings Nino Thanks for the info. I eventually found another way to solve it. I had: invalid users = root so I commented that out, and was then able to use the root account to join the domain. I'd like to be able to figure out how to do it using a non-root account, though. Apparently it should be possible to do so if the account is a member of the Domain Admins, but that didn't seem to work for me. It would be nice to know what privileges are required to add machines to the domain, so you could delegate out that privilege without having to use the root account. Any samba experts care to comment? -- Jeff -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] unable to join domain hosted by 3.0 PDC
On Wed, 2004-07-21 at 05:30, Jeff Layton wrote: On Wed, Jul 21, 2004 at 01:54:52PM +0200, Nikola Vanevski wrote: Hi! I experienced the same problem a couple of days ago. It is a misconfiguration in global parameters, but I don't exactly know where. I copied the smb.conf [Globals] options from a working server and it fixed the problem. Because I was in a great hurry, I did not check where did I go wrong. Here are the parameters that worked on _my_ server : (smbpasswd backend) [global] workgroup = MBPR2 server string = Samba Server interfaces = 127.0.0.1, eth0 bind interfaces only = Yes map to guest = Bad User username map = /etc/samba/smbusers add machine script = /usr/sbin/useradd -c Machine -d /var/lib/nobody -s /bin/false %m$ logon path = logon home = domain logons = Yes os level = 65 preferred master = Yes domain master = Yes ldap suffix = dc=example,dc=com ldap ssl = no printer admin = @ntadmin, root, administrator Hope this helps. If you find what's going on (like the difference between your settings and these), Id like to know. Greetings Nino Thanks for the info. I eventually found another way to solve it. I had: invalid users = root so I commented that out, and was then able to use the root account to join the domain. I'd like to be able to figure out how to do it using a non-root account, though. Apparently it should be possible to do so if the account is a member of the Domain Admins, but that didn't seem to work for me. It would be nice to know what privileges are required to add machines to the domain, so you could delegate out that privilege without having to use the root account. Any samba experts care to comment? You don't give details on your configuration but generally... A member of 'Domain Admins' (RID 512) /etc/smb/smbusers root = Administrator administrator etc. user with uidnumber of 0 Craig -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] PDBEDIT USE - ACCOUNT FLAGS AND POLICIES - 2ND TIME
Hi everyone... Can somebody help me? I've sent this last Sunday but nobody has replied. Cheers, Rafael -Mensaje original- De: Rafael Paris [mailto:[EMAIL PROTECTED] Enviado el: Domingo, 18 de Julio de 2004 06:58 p.m. Para: '[EMAIL PROTECTED]' Asunto: PDBEDIT USE - ACCOUNT FLAGS AND POLICIES Good afternoon everyone. I'm trying to set account control flags and password expire policies but i don't succeed. Please help. Need a lot a direction in this. I ran the command: pdbedit -c [L ] -u username But nothing changes at all. I also ran: pdbedit -P bad lockout attempt -C 3 and it says to have changed the policy to that new value but the account does not get locked or disabled after a lot of wrong passwords. Thanks in advanced. Cheers, Rafael Paris Gerente de Sistemas Casino e-mail: [EMAIL PROTECTED] pagina web/page: www.hotelmaruma.com Telefono/Phone: 0058 261 730 27 70 Fax: 0058 261 730 28 10 -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: Samba/LDAP/PDC Questions
| 1. In what situtation do I need People group as the group for | machines? In the case where you use: nss_base_passwdou=Users,dc=ab,dc=com?one If you use: nss_base_passwddc=ab,dc=com?sub Would people please stop suggesting this without explaining the ramifications? If you do this, you are going to (theoretically)(1) severely harm the performance on your server. Setting the nss library to do a search on the 'entire' directory every time it needs to look up user information is asinine to put it in a word. It's like doing this in DNS terms... rather than looking for a machine named 'something.else.com' in the dns servers for else.com you go ask .com who then goes in and asks else.com by proxy. Doing the first example (the one searching with ?one) you are restricting searches to a respectable scope, doing the second you are searching all OUs which may be numerous and deep (in our LDAP tree we have 10 OUs, two of which are at least 3 levels deep). You would be better served by defining ou=Computers and ou=People under something like ou=Accounts (which would give you DNs of ou=Computers,ou=Accounts,dc=ab,dc=com and ou=People,ou=Accounts,dc=ab,dc=com) and then then set: nss_base_passwdou=Accounts,dc=ab,dc=com?sub Note that I'm not saying that doing a sub search is necessarily bad, just when you are searching your entire ldap DIT, especially for something that happens as often as passwd lookups. (1) I say theoretically because I've never tried it, it's a Bad Idea(C) from the word go. There are a lot of other things that I haven't tried that are bad ideas but I can safely say they are also dangerous, such as sticking forks in my eyes and jumping off cliffs. -- Paul Gienger Office: 701-281-1884 Applied Engineering Inc. Information Systems Consultant Fax:701-281-1322 URL: www.ae-solutions.commailto: [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Windows 2000/2003 shares - danish character problem.
Hello all. I have been given an assignment to mount a share automatically for each user using a given Linux machine (Mandrake 10 in this case). This is working fine, thanks to pam_mount, BUT: The mounted share contains national characters like this: æ ø å. The problem I'm having is that when I mount these on Linux the 'ø' looks like 'o' but cannot be accessed like that. It says the file or directory doesn't exist (and it has a point). I have seen this on both Windows 2000 and Windows 2003 Server. Interestingly enough there are no problems with Windows XP, as long as I use codepage=cp850 to mount with. I have tried these codepages: cp437, cp850, cp865, cp1250, cp1251, utf8 I even tried 'latin1' just to see what would happen. I guess there is something that should be changed on the Windows machine for this to work? If so does anyone know what that would be? Part of the problem is that it is a literal 'o' that is shown in the Linux filesystem but when this filename is requested of the Windows server it of course denies any knowledge of such a thing. When I write a file that has 'æøå' *inside* there are no problems displaying that. I have tried googling for clues for quite a while now and haven't found that much other than 'chcp 850' on the Windows machine. This doesn't seem to alleviate the problem when the Windows box is the server... Is it a matter of forcing cp850 at a much earlier state (running just chcp gives '437')? Any takers? :) -- ### Martin Moeller Liga LinDist ApS. Faelledvej 16D DK-2200 Copenhagen N Tel: +45 35 36 95 05 Fax: +45 35 36 92 05 http://www.liga.dk mailto: [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: i need recycle bin configuration
testparm matching the smbd you are running? perhaps its a leftover older version which doesnt know these values? mine doesn't complain. No, it is the same version, i tested on a 3.0.5rc1-SUSE. Seems there is more broken than that. Swat doesn't work right and the html help seems incomplete, but only testing And yes the doc's for this are not easy to find. Now i that i know what to look for... It's even in the Samba-HOWTO-Collection.pdf. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] PDBEDIT USE - ACCOUNT FLAGS AND POLICIES - 2ND TIME
On Wed, 2004-07-21 at 06:44, Rafael Paris wrote: Hi everyone... Can somebody help me? I've sent this last Sunday but nobody has replied. Cheers, Rafael -Mensaje original- De: Rafael Paris [mailto:[EMAIL PROTECTED] Enviado el: Domingo, 18 de Julio de 2004 06:58 p.m. Para: '[EMAIL PROTECTED]' Asunto: PDBEDIT USE - ACCOUNT FLAGS AND POLICIES Good afternoon everyone. I'm trying to set account control flags and password expire policies but i don't succeed. Please help. Need a lot a direction in this. I ran the command: pdbedit -c [L ] -u username But nothing changes at all. I also ran: pdbedit -P bad lockout attempt -C 3 and it says to have changed the policy to that new value but the account does not get locked or disabled after a lot of wrong passwords. Thanks in advanced. I believe that this was covered last week - you might want to search the archives or bugzilla. You don't mention which version of Samba you are using and if it was the bug discussed last week, it likely won't be fixed until 3.0.5 Craig -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] remaining connection after a user logoff
Hello We have a samba 3.0.3 server on win xp sp1 stations. When a user logoff, it remains connections between the station and the server. Is there a way to have a clean logoff? Thanks -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Compiling Samba 3.0.4, err w/ krb5
Hello again, I'm not attempting an install of Samba 3.0.4 from source. I want to specifically compile in ads and winbindd support. So, I already compiled and installed OpenLDAP 2.2.13. Now the configure script is hung on krb5 dependancy: checking for krb5.h... no configure: error: Active Directory cannot be supported without krb5.h So I downloaded and attempted compile of krb5 1.3.4, but I got this error: /root/stuff/krb5-1.3.4/src/appl/telnet/telnet/telnet.c:783: undefined reference to `tgetent' collect2: ld returned 1 exit status Upon searching kerberos list archives, there was a complaint about this error and having to reinstall ncurses to satisfy this reference. http://mailman.mit.edu/pipermail/kerberos/2004-May/005452.html http://mailman.mit.edu/pipermail/kerberos/2004-May/005452.html However, when I compile ncurses 5.3, I get an error about g++ not being installed. This seems like an endless dependancy. Any tips on making samba configure script happy? --- ...OLE_Obj... Shawn Poulson SAP America, IT/PSS (610) 661-5011 [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Compiling Samba 3.0.4, err w/ krb5
Typo... I'm now attempting... doh -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Poulson, Shawn Sent: Wednesday, July 21, 2004 11:47 AM To: [EMAIL PROTECTED] Subject: [Samba] Compiling Samba 3.0.4, err w/ krb5 Hello again, I'm not attempting an install of Samba 3.0.4 from source. I want to specifically compile in ads and winbindd support. So, I already compiled and installed OpenLDAP 2.2.13. Now the configure script is hung on krb5 dependancy: checking for krb5.h... no configure: error: Active Directory cannot be supported without krb5.h So I downloaded and attempted compile of krb5 1.3.4, but I got this error: /root/stuff/krb5-1.3.4/src/appl/telnet/telnet/telnet.c:783: undefined reference to `tgetent' collect2: ld returned 1 exit status Upon searching kerberos list archives, there was a complaint about this error and having to reinstall ncurses to satisfy this reference. http://mailman.mit.edu/pipermail/kerberos/2004-May/005452.html http://mailman.mit.edu/pipermail/kerberos/2004-May/005452.html However, when I compile ncurses 5.3, I get an error about g++ not being installed. This seems like an endless dependancy. Any tips on making samba configure script happy? --- ...OLE_Obj... Shawn Poulson SAP America, IT/PSS (610) 661-5011 [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Compiling Samba 3.0.4, err w/ krb5
What O.S.? Poulson, Shawn wrote: Typo... I'm now attempting... doh -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Poulson, Shawn Sent: Wednesday, July 21, 2004 11:47 AM To: [EMAIL PROTECTED] Subject: [Samba] Compiling Samba 3.0.4, err w/ krb5 Hello again, I'm not attempting an install of Samba 3.0.4 from source. I want to specifically compile in ads and winbindd support. So, I already compiled and installed OpenLDAP 2.2.13. Now the configure script is hung on krb5 dependancy: checking for krb5.h... no configure: error: Active Directory cannot be supported without krb5.h So I downloaded and attempted compile of krb5 1.3.4, but I got this error: /root/stuff/krb5-1.3.4/src/appl/telnet/telnet/telnet.c:783: undefined reference to `tgetent' collect2: ld returned 1 exit status Upon searching kerberos list archives, there was a complaint about this error and having to reinstall ncurses to satisfy this reference. http://mailman.mit.edu/pipermail/kerberos/2004-May/005452.html http://mailman.mit.edu/pipermail/kerberos/2004-May/005452.html However, when I compile ncurses 5.3, I get an error about g++ not being installed. This seems like an endless dependancy. Any tips on making samba configure script happy? --- ...OLE_Obj... Shawn Poulson SAP America, IT/PSS (610) 661-5011 [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Does Admin Users = accept groups?
As I recall, there are 2 things to bear in mind: 1/ Samba 3.0 has dropped the admin users= setting. There is only one true domain administrator: root. 2/ Also, Samba now uses NT Groups the way it is supposed to, with SID and all. More info can be found by looking up the 'net groupmap' command. If you map the default NT group Domain Administrators, you can do admin users the official way. Also, you'll notice that the number of errors about groups in the samba log falls considerably ;-) Good luck! Kit -Oorspronkelijk bericht- Van: Michael Lueck [mailto:[EMAIL PROTECTED] Verzonden: donderdag 15 juli 2004 18:20 Aan: [EMAIL PROTECTED] Onderwerp: [Samba] Does Admin Users = accept groups? man smb.conf does not specifically say admin users supports @groupname syntax. Google turns up lots of examples of it being used, but everyone hanging their smb.conf's up to air does not mean they are 100% accurate either. Here, Samba 3.0.4 in PDC mode, I can not get it to accept the name of a group in /etc/group, user ID's only. -- Michael Lueck Lueck Data Systems Remove the upper case letters NOSPAM to contact me directly. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] How do you create an accout that can ONLY add workstations to the domain
Is there some way to configure a special account which is able to only join workstations to the domain? I believe the operation talks over IPC$ - such as the NETDOM.EXE command. Can one set admin users for IPC$ and thus join the domain without allowing that special account too much access to Samba. Maybe one extension of this would be allowing to join workstations to the domain plus read only access to a share to draw files down from while preparing the computer. TIA! -- Michael Lueck Lueck Data Systems Remove the upper case letters NOSPAM to contact me directly. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Compiling Samba 3.0.4, err w/ krb5
SuSE United Linux 1.0 (aka SuSE 8.1 Enterprise) -Original Message- From: Tom Skeren [mailto:[EMAIL PROTECTED] Sent: Wednesday, July 21, 2004 12:09 PM To: Poulson, Shawn Cc: [EMAIL PROTECTED] Subject: Re: [Samba] Compiling Samba 3.0.4, err w/ krb5 What O.S.? Poulson, Shawn wrote: Typo... I'm now attempting... doh -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Poulson, Shawn Sent: Wednesday, July 21, 2004 11:47 AM To: [EMAIL PROTECTED] Subject: [Samba] Compiling Samba 3.0.4, err w/ krb5 Hello again, I'm not attempting an install of Samba 3.0.4 from source. I want to specifically compile in ads and winbindd support. So, I already compiled and installed OpenLDAP 2.2.13. Now the configure script is hung on krb5 dependancy: checking for krb5.h... no configure: error: Active Directory cannot be supported without krb5.h So I downloaded and attempted compile of krb5 1.3.4, but I got this error: /root/stuff/krb5-1.3.4/src/appl/telnet/telnet/telnet.c:783: undefined reference to `tgetent' collect2: ld returned 1 exit status Upon searching kerberos list archives, there was a complaint about this error and having to reinstall ncurses to satisfy this reference. http://mailman.mit.edu/pipermail/kerberos/2004-May/005452.html http://mailman.mit.edu/pipermail/kerberos/2004-May/005452.html However, when I compile ncurses 5.3, I get an error about g++ not being installed. This seems like an endless dependancy. Any tips on making samba configure script happy? --- ...OLE_Obj... Shawn Poulson SAP America, IT/PSS (610) 661-5011 [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] How do you create an accout that can ONLY add workstations to the domain
Michael Lueck wrote: Is there some way to configure a special account which is able to only join workstations to the domain? I believe the operation talks over IPC$ - such as the NETDOM.EXE command. Can one set admin users for IPC$ and thus join the domain without allowing that special account too much access to Samba. The criteria that defines whether or not you can join machines is usually whether or not you can add system users in UNIX. Traditionally this has meant that you need root (or uid=0) access. With LDAP (as I think you are using, no?) I believe this requirement may have been blurred since you can define an ACL for adding things in the LDAP store. You could maybe define a smb.conf include based on the user and/or group (there have been examples of this) and then only have the create script defined in that .conf file. This is just a thought off the top of my head, not that I've tried it or anything. I may have to look at this myself though since sometimes our remote admin-less office needs to add a new machine. -- Paul Gienger Office: 701-281-1884 Applied Engineering Inc. Information Systems Consultant Fax:701-281-1322 URL: www.ae-solutions.commailto: [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] unable to join domain hosted by 3.0 PDC
I ran into a similar problem and finally determine that I didn't have the group mapping correct. Do a net groupmap list a verify the your Domain Admins group is mapped to the correct unix group and that whatever user you're using is in that group. I was having trouble mostly because of my own stupidity, and a few ldap issues. I used a net groupmap add instead of the proper net groupmap modify then I ran into a nss_ldap problem, since all my users live in ldap. Derek On Jul 21, 2004, at 8:30 AM, Jeff Layton wrote: On Wed, Jul 21, 2004 at 01:54:52PM +0200, Nikola Vanevski wrote: Hi! I experienced the same problem a couple of days ago. It is a misconfiguration in global parameters, but I don't exactly know where. I copied the smb.conf [Globals] options from a working server and it fixed the problem. Because I was in a great hurry, I did not check where did I go wrong. Here are the parameters that worked on _my_ server : (smbpasswd backend) [global] workgroup = MBPR2 server string = Samba Server interfaces = 127.0.0.1, eth0 bind interfaces only = Yes map to guest = Bad User username map = /etc/samba/smbusers add machine script = /usr/sbin/useradd -c Machine -d /var/lib/nobody -s /bin/false %m$ logon path = logon home = domain logons = Yes os level = 65 preferred master = Yes domain master = Yes ldap suffix = dc=example,dc=com ldap ssl = no printer admin = @ntadmin, root, administrator Hope this helps. If you find what's going on (like the difference between your settings and these), Id like to know. Greetings Nino Thanks for the info. I eventually found another way to solve it. I had: invalid users = root so I commented that out, and was then able to use the root account to join the domain. I'd like to be able to figure out how to do it using a non-root account, though. Apparently it should be possible to do so if the account is a member of the Domain Admins, but that didn't seem to work for me. It would be nice to know what privileges are required to add machines to the domain, so you could delegate out that privilege without having to use the root account. Any samba experts care to comment? -- Jeff -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba This world is a comedy to those who think and a tragedy to those who feel. PGP.sig Description: This is a digitally signed message part -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Re: How do you create an accout that can ONLY add workstations to the domain
Paul Gienger wrote: The criteria that defines whether or not you can join machines is usually whether or not you can add system users in UNIX. I guess I should have explained a bit more of what I have tried and chatted with John Terpstra about. /etc/group domadmin:x:2000:mradmin # initGrps.sh net groupmap modify ntgroup=Domain Admins unixgroup=domadmin (These two allow Win2K ifmember.exe /list to see that the logged in user is a domain admin, but the ID can not add workstations to the domain...) # /etc/samba/smb.conf [global] admin users = @domadmin And then the account may finally add workstations. So that's all fine and dandy except now I have a utility ID in script files with passwords that has way too many permissions to the domain. On a side note, if I remove the account from /etc/group yet leave it in the admin users = list, ifmember.exe /list no longer sees the domain admin membership, but joining the workstations to the domain still works. So, admin users = seems to be key for now, but it is unclear which share needs it, as admin users is a share level setting per the docs. Some shares are created automatically if you do not specify / override the default settings. I'm thinking if I knew what share was critical I could add a section of that name, admin users = under it, and lock this ID to being an admin only for that one required share... IPC$ maybe? I am not turing up anyone doing an [IPC$] share, but I just might try it... -- Michael Lueck Lueck Data Systems Remove the upper case letters NOSPAM to contact me directly. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] strange DOS-Error 58
On Wed, Jul 21, 2004 at 09:18:25AM +0200, Ulf Dettmer wrote: Hi, based on Bart Lagerweij's ( www.nu2.nu ) bootdisk, I've created a small DOS system that users can start by booting from network ( PXE ). The system is configured to map a network drive from a Suse 9.0 Pro / Samba server with various tools on it. The connection is anonymous. Until recently everything worked fine but suddenly there are strange errors: When I try to launch an EXE from that share I get Access denied. After that I can no longer work with that share. No matter what I do ( e.g. 'dir' ) the result is 'Extended Error 58'. Also, when I copy an EXE from the share to the bootdisk's ramdrive, the file seems to get broken - the computer hangs up as soon as I launch it from the ramdrive. Apart from starting programs I can do almost everything on the network drive, e.g. 'type' a text file or execute all other kinds DOS commands. This problem does not occur at all when I access the same share from a WinXP box. I'm pretty sure the only change in the whole system was an upgrade from Samba 3.0.4 to 3.0.5RC1 . That was because of a printing problem. For this reason I would not want to downgrade back to Samba 3.0.4. You will find the usual bunch of logs and conf's below. Thanks in advance for any help you can give ! Regards, Ulf Can you give me an image of that system so I can test this ? I don't want the network boot, but a floppy boot so I can test on vmware. Thanks, Jeremy. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Oh Yea! Re: How do you create an accout that can ONLY add workstations to the domain
I just added... [IPC$] admin users = installer to the end of my smb.conf and the installer ID is able to join workstations to the domain. I get an entry in the smbd log that no path was specified so it is using /tmp... where does IPC$ usually point, if not /tmp then I should make it the same as what it was with no [IPC$] specified. Any ideas what other default settings I have now destroyed by doing this [IPC$] share specification? -- Michael Lueck Lueck Data Systems Remove the upper case letters NOSPAM to contact me directly. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] PDBEDIT USE - ACCOUNT FLAGS AND POLICIES - 2ND TIME
On Wed, Jul 21, 2004 at 09:44:53AM -0400, Rafael Paris wrote: Hi everyone... Can somebody help me? I've sent this last Sunday but nobody has replied. Cheers, Rafael -Mensaje original- De: Rafael Paris [mailto:[EMAIL PROTECTED] Enviado el: Domingo, 18 de Julio de 2004 06:58 p.m. Para: '[EMAIL PROTECTED]' Asunto: PDBEDIT USE - ACCOUNT FLAGS AND POLICIES Good afternoon everyone. I'm trying to set account control flags and password expire policies but i don't succeed. Please help. Need a lot a direction in this. I ran the command: pdbedit -c [L ] -u username But nothing changes at all. I also ran: pdbedit -P bad lockout attempt -C 3 and it says to have changed the policy to that new value but the account does not get locked or disabled after a lot of wrong passwords. Actually I'm pretty sure I did reply. It's a bug, and I've fixed it in SVN - it'll be in the next release. Sorry for the problem. Jermey. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Re: remaining connection after a user logoff
If you are in a domain (PDC) configuration a machine connection will always exist while the client PC is on the LAN. -- Michael Lueck Lueck Data Systems Remove the upper case letters NOSPAM to contact me directly. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] LPRng and Samba: Problems with print queue administration
Hi, could it be that recent versions of samba have some problems when collaborating with LPRng? I have a bunch of windows clients printing via Samba and LPRng and ran into the following problems: - In my environment it is desirable that people can kill other people's print jobs. LPRng is configured accordingly and works correctly. The corresponding Samba shares have no restrictions on them, so everybody can print and the permissions for manipulating the print queue are (or better: were) exclusively based on the LPRng setup. Currently however, only the owner of a print job can cancel it, everybody else gets a permission denied reply. - furthermore I noticed, that Samba does not always show all the entries in the print queue. I couldn't discover any pattern, some print jobs are not reported at all, others first show up in the queue and disappear from Samba's queue list while lpq still shows them. The basic setup has not changed in quite a while and used to work without problems, so the relevant change must have been some samba upgrade. Right now I am running samba 2.2.9 (with 3.0.x it's the same). Unfortunately these problems were just brought to my attention, so I can't tell which was the last correctly working samba version. LPRng has all the time been vesion 3.6.24 and works as it should. Client OS doesn't matter, the problems can be reproduced directly on the (Linux) server using smbclient. Any ideas? Regards, Peter Daum -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Files get written with sections of log in them - destroying files.
Herb Lewis wrote: Did you by any chance get a log rotate about the time of the corruption? You mean the Samba logs, don't you (ie. not the logs from syslog and the like)? We have seen these things in the past but they have never been reproducible Yes. I also cannot really reproduce it - ie. I cannot do X and have the file be destroyed. I wish I were able to :( so have been hard to track down. Yep. Don't you just hate those Heisenbugs? Well, I do :( At one time I had a theory that something was going wrong at the time the logs reached the max size and were being rotated because all the cases had a max log size set. Can you check your logs and see if you have an old log that ends about the time of the log entries that were inserted into your file? Well, at least that's a theory. Tomorrow when I'm back at work, I'll for sure checkt that. PS: Why did you reply off-list? Alexander Skwar -- printk(KERN_WARNING Warning: defective CD-ROM (volume sequence number). Enabling \cruft\ mount option.\n); 2.2.16 /usr/src/linux/fs/isofs/inode.c -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] samba 3.0.4 and OS/2 Warp server
Since release of samba 3.0.4 I can mounted a smb share from a os/2 warp server after tracing and comparing version 3.0.3 against 3.0.4 there is a problem when sending the username to the OS/2 PDC so you always received access deny because the user that is sended by samba is mess with the group is there a fix available ? -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] samba and windows logons with roaming profiles
I have got smaba 3.0.4 running as a PDC on a mandrake linux server utilizing roaming profiles and would like to be able to limit a users login to one per network. Does anyone have any examples of a logon/logoff script that say for example creats a file and checks for it upon logon if its there it would not permit the user to logon until they loged out of the other machine?? or is there a damon i can run on my server to keep track of this or will samba itself do it?? ANY ideas will be much appreciated!! Please help, Mark -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] samba 3.0.4 and OS/2 Warp server
On Tue, Jul 20, 2004 at 11:34:22AM +0200, Sterck Serge wrote: Since release of samba 3.0.4 I can mounted a smb share from a os/2 warp server after tracing and comparing version 3.0.3 against 3.0.4 there is a problem when sending the username to the OS/2 PDC so you always received access deny because the user that is sended by samba is mess with the group is there a fix available ? Logs please ! Jeremy. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] [MailServer Notification] To External Sender: file blocking setti ngs matched and action was taken.
ScanMail for Microsoft Exchange took action on the message. The message details were: Sender = [EMAIL PROTECTED] Recipient(s) = [EMAIL PROTECTED]; Subject = Re: Scanning time = 07/21/2004 12:31:43 Engine/Pattern = 7.000-1004/1.943.00 Action taken on message: The attachment Fish.cpl matched file blocking settings. ScanMail took the action: Deleted. SMEX_FENGSHOE_MB;07/21/2004Fish.cpl/Deleted [EMAIL PROTECTED];Warning to external sender: AttacRe:12:31 PMhment blocking action taken. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] pam_smbpass: Cannot access samba password database
I think pam_smbpass it is not initializing all the parameters from smb.conf. This exhibits itself as Cannot access samba password database messages in the syslog. I ran my test code using truss and there are some interesting open() calls: - 20247: open64(/secrets.tdb, O_RDWR|O_CREAT, 0600)= 3 20247: open64(, O_WRONLY|O_APPEND|O_CREAT, 0644) Err#2 ENOENT 20247: open64(, O_WRONLY|O_APPEND|O_CREAT, 0644) Err#2 ENOENT - I _know_ that my private directory is not set to /. And what are those attempts to open ? This is Samba 3.0.4 built on Solaris 9 using gcc 3.2.3 with: ./configure \ --prefix=/opt/ulcmit \ --sysconfdir=/etc/ulcmit \ --localstatedir=/var/ulcmit \ --with-configdir=/etc/ulcmit/samba \ --with-privatedir=/var/ulcmit/samba/private \ --with-lockdir=/var/ulcmit/samba/locks \ --with-piddir=/var/ulcmit/samba/locks \ --with-logfilebase=/var/ulcmit/samba/log \ --without-readline \ --with-ldap \ --with-acl-support \ --with-quotas \ --with-utmp \ --enable-cups \ --without-winbind \ --with-pam_smbpass \ --with-ldapsam I tried setting the PAM argument smbconf=... to a file that explicitly sets the private directory and it still tries to open /secrets.tdb and . Anyone know how to get pam_smbpass to use the right parameters? -- Gary Algier, WB2FWZ gaa at ulticom.com +1 856 787 2758 Ulticom Inc., 1020 Briggs Rd, Mt. Laurel, NJ 08054 Fax:+1 856 866 2033 Nielsen's First Law of Computer Manuals: People don't read documentation voluntarily. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Compiling Samba 3.0.4, err w/ krb5
On Wed, 2004-07-21 at 11:46, Poulson, Shawn wrote: Hello again, I'm not attempting an install of Samba 3.0.4 from source. I want to specifically compile in ads and winbindd support. So, I already compiled and installed OpenLDAP 2.2.13. If you are not attempting to install samba from source, how are you going to get ads and winbindd support? What does OpenLDAP have to do with doing up samba for ads and winbind? Now the configure script is hung on krb5 dependancy: checking for krb5.h... no configure: error: Active Directory cannot be supported without krb5.h That is a sticker. you need to have version of krb5 installed, either MIT or HEIMDAL. So I downloaded and attempted compile of krb5 1.3.4, but I got this error: /root/stuff/krb5-1.3.4/src/appl/telnet/telnet/telnet.c:783: undefined reference to `tgetent' collect2: ld returned 1 exit status Upon searching kerberos list archives, there was a complaint about this error and having to reinstall ncurses to satisfy this reference. Good on the D/L of MIT KRB5 1.3.4. Shucks, ncurses. well, you downloaded that. http://mailman.mit.edu/pipermail/kerberos/2004-May/005452.html http://mailman.mit.edu/pipermail/kerberos/2004-May/005452.html However, when I compile ncurses 5.3, I get an error about g++ not being installed. Well, that is a biggy. you might have gcc installed (the C compiler) but not have the C++ compiler g++ installed. It happens to all of us. This seems like an endless dependancy. Any tips on making samba configure script happy? Yes, how long have been an admin of a *NIX machine? I can say I have had to deal with things like this for eons. If you do it often enough, you get good at it. I used to update whole Linux machine with touch RPM or any other package manager. Mainly they screwed up everything I needed left as is (config wise). So, I used Slackware. Now I use Debian Sid. Now, remember I said alot. But gave no real answer. You asked alot but gave us no clues how to help you. What *NIX are you using. Is it a Linux or *BSD? If it is Linux which distro is it? When you can tell us the answers, we can help. -- greg, [EMAIL PROTECTED] The technology that is Stronger, better, faster: Linux signature.asc Description: This is a digitally signed message part -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] changing passwords with pam_winbind.so
From what I can find in the archives I don't see an answer to this, plus the keywords are just so common that it makes it impossible to sift though all the information, so I thought I would ask. I have a working smb.conf and windbind is working just fine. I am authentication users to a Win2K machine which is the PDC. The authentication is working just fine. Its the password changes that are making life hard. I am doing pass through authentication for POP and IMAP to the 2k machine, but I need a way to change the password via PAM, eg a pam password module that works. I have the following setup in my pop pam file: auth sufficient pam_winbind.so auth required pam_unix_auth.so use_first_pass account sufficient pam_winbind.so account required pam_unix_acct.so use_first_pass password required pam_unix_passwd.so session required pam_unix_session.so as I said, this works. Now, when I try to change the password via the same winbind pam module, it won't change. The strange part is smbpasswd works fine when called as 'smbpasswd -r (PDC NAME) username'. Am I running around in circles trying to get something to work that won't? I've considered writing my own PAM interface based on the smbpasswd code and a pam password module. Any thoughts? Thanks all, Mat Allgood -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Oh Yea! Re: How do you create an accout that can ONLY add workstations to the domain
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Michael Lueck wrote: | I just added... | | [IPC$] |admin users = installer | | | to the end of my smb.conf and the installer ID is able | to join workstations to the domain. I get an entry in | the smbd log that no path was specified so it is using | /tmp... where does IPC$ usually point, if | not /tmp then I should make it the same as what it | was with no [IPC$] specified. | | Any ideas what other default settings I have now | destroyed by doing this [IPC$] share specification? Michael, You get points for cleverness. However, I don't think this is a good idea (there's an open bug against it somewhere) and will probably not work in a future version of Samba. We're are working on the correct fix for doing what you want. Just a little tied up. cheers, jerry - -- Hewlett-Packard- http://www.hp.com SAMBA Team -- http://www.samba.org GnuPG Key http://www.plainjoe.org/gpg_public.asc ...a hundred billion castaways looking for a home. --- Sting -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFA/ucRIR7qMdg1EfYRAtKYAKDbgQ0o7KxgqUPFq/xJ8RuKgt1/0QCgwC6e 3aBrnOuj2XbkQPXCuBrfhbk= =y6Mz -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Ill formed hosts line error
When I mount a Windows share from my Linux computer I get his error: getlmhostsent: Ill formed hosts line [] getlmhostsent: Ill formed hosts line [] getlmhostsent: Ill formed hosts line [] I am running kernel Linux 2.6.7-rc3-love1 What does this error mean. The share seems to work for the most part but is a little flakey sometimes. Thx -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Problems with samba in Irix 6.5
Hi, I have a problem with samba. I have already installed samba 2.2.8a.2, and i configurated the samba and shares bellow is attached my smb.conf. I can not open the swap since my SGI workstation only from my pc. I have tried to see the shares from my explorer in Windows XP, but i can not see the shares. can some body help me to fix the configuration? # Global parameters [global] workgroup = CATIA netbios name = CATIA security = SHARE map to guest = Bad User passwd program = /usr/bin/passwd %u passwd chat = *ew*password:* %n\n *e-enter*new*password:* %n\n log level = 2 socket options = TCP_NODELAY IPTOS_LOWDELAY wins support = Yes # hosts allow = * [tmp] comment = Temporary file space path = /usr/tmp read only = No guest ok = Yes [matrix] comment = Matrix one applications Directoy path = /MODELS/matrix read only = No [test] comment = Esto es una prueba path = /DATA/users read only = No Thanks Best Regards This e-mail message is intended only for the use of the intended recipient(s). The information contained therein may be confidential or privileged, and its disclosure or reproduction is strictly prohibited. If you are not the intended recipient, please return it immediately to its sender at the above address and destroy it. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Password Incorrect
Hi, I have samba 3.0.4 installed and I'm using win2k clients with all winupdates but when i use ctrl+alt+del to change the passwords i get and incorrect password message but the password actually changes how fix this? -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Samba Server (on Linux) authenticating it's clients against an OS/2 Domain
Hello. The subject pretty much sums-up my question. Can this be done? I'm thinking that this was fairly standard/easy when I first started using Samba years ago, that I'd seen some discussion/instructions about it. Now however, all I can find is unanswered postings regarding this question. I've tried following the relevant guides for having a Samba server authenticate users against a WinNT domain. The point at which I appear to be failing there is in joining the Samba server to the Domain. From 'net rpc join -S OS2-PDC -U os2admin%secret' , I receive: could not initialise lsa pipe could not obtain sid for domain Thanks for any pointers/advice . Gary R. Webster -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Windows Backup
hi, i created a share called backup and it is wrightable for everyone but even so the windows gives me the access denied when using windows backup but i can acess normaly and create using windows explorer any ideas? using win2k -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] 3.0.4
I've installed 3.0.4. Install show successful. All the parameters are set per Webmin. Still, not path found when calling net use. Also, testparm returns command not found. Any suggestions? Windows XP Pro OS client, FreeBSD Unix Server. Bill Mann W. D. (Bill) Mann, Sr., LUTCF, RHU The Benefits Office, an RMA Company P. O. Box 1884 Cypress, TX 77410-1884 281-374-6071 Ext. 104 Office 281-374-6077 Company Fax 832-615-3028 Direct Fax 713-907-2129 Cell -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Can SAMBA be used to map a WINDOWS directory to a UNIX SERVER (pa rticularly SOLARIS)?
On Tue, 2004-07-20 at 07:45, Jeff Layton wrote: On Mon, 2004-07-19 at 13:59, Imbimbo, Joe wrote: Hi: We were wondering if SAMBA can be used to make a windows share look like a UNIX filesystem to the UNIX server? I know it works in reversre. Just checking to see if there were new functionality I was not privy to. It is possible to do what you're asking with Linux, primarily because Linux supports SMB/CIFS as a network filesystem. There is no such filesystem driver for Solaris (that I am aware of). The commercial tool sharity is the only tool in this area. Andrew Bartlett -- Andrew Bartlett [EMAIL PROTECTED] Authentication Developer, Samba Teamhttp://samba.org Student Network Administrator, Hawker College [EMAIL PROTECTED] signature.asc Description: This is a digitally signed message part -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] NTLMv2 Authentication fails on domain member servers
On Sat, 2004-07-10 at 07:24, Neal K.Groothuis wrote: Hello, I'm having some issues with getting NTLMv2 authentication working, and I thought you might be able to help. I've got a Windows XP Pro client machine trying to access shares on a domain member server running Samba. (Both the domain member server and the PDC are running Samba 3.0.4.) The XP machine is by default configured to use NTLMv2 for authentication, but that fails when I'm trying to access shares on the domain member server. However, it works when I'm accessing shares on the PDC itself. Alternatively, this works if I allow the XP machine to use NTLM authentication. Has anyone else run into this issue and/or have any workarounds for it? I know that there were issues previously with using NTLMv2 only with a Samba PDC, but according to the Changelog, that bug was fixed in 3.0.3. Can you give me more details on this? I thought NTLMv2 was working everywhere - and the domain member really should not break it, as it just forwards things on. The one thing that *will* break it is 'username map'. If that's not in use, please send me some logs (CC me, I don't follow this list all the time) and I'll see if I can understand what's up... Andrew Bartlett -- Andrew Bartlett [EMAIL PROTECTED] Authentication Developer, Samba Teamhttp://samba.org Student Network Administrator, Hawker College [EMAIL PROTECTED] signature.asc Description: This is a digitally signed message part -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: sambaAcctFlags automatically DUX when logon
On Sat, 2004-07-10 at 04:40, Jim C. wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Problem is on one machine or all machines? Tried leaveing domain, deleteing machine account, resetting flags and then re-joinging? | as I wrote yesterday I've set up a samba3.0.3 as pdc for my w2k-domain with I think this one is fixed in 3.0.3a, or certainly 3.0.4. I nicely hit it with my production environment - not fun :-) Andrew Bartlett -- Andrew Bartlett [EMAIL PROTECTED] Authentication Developer, Samba Teamhttp://samba.org Student Network Administrator, Hawker College [EMAIL PROTECTED] signature.asc Description: This is a digitally signed message part -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] mysql_auth
On Fri, 2004-07-16 at 06:42, Barry Rumsey wrote: Hi all I have been trying yo find the mysql_auth for samba. I have been to a couple of sites that say they have it, but it's not there. Is there someone who can tell the site address where I can get it from? There is a mysql passdb module in the samba source (as an experimental option), but no auth module. If you want your passwords in mysql, then the passdb is the way to do it. Andrew Bartlett -- Andrew Bartlett [EMAIL PROTECTED] Authentication Developer, Samba Teamhttp://samba.org Student Network Administrator, Hawker College [EMAIL PROTECTED] signature.asc Description: This is a digitally signed message part -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] slapd index
hi I am using suse 9.1, openldap 2.2-34, samba 3.0.4-1.2. My slapd.conf looks like this: # # See slapd.conf(5) for details on configuration options. # This file should NOT be world readable. # include /etc/openldap/schema/core.schema include /etc/openldap/schema/cosine.schema include /etc/openldap/schema/inetorgperson.schema include /etc/openldap/schema/samba.schema include /etc/openldap/schema/nis.schema # Define global ACLs to disable default read access. # Do not enable referrals until AFTER you have a working directory # service AND an understanding of referrals. #referral ldap://root.openldap.org pidfile /var/run/slapd/run/slapd.pid argsfile/var/run/slapd/run/slapd.args # Load dynamic backend modules: modulepath /usr/lib/openldap/modules # moduleloadback_ldap.la # moduleloadback_meta.la # moduleloadback_monitor.la # moduleloadback_perl.la # Sample security restrictions # Require integrity protection (prevent hijacking) # Require 112-bit (3DES or better) encryption for updates # Require 63-bit encryption for simple bind # security ssf=1 update_ssf=112 simple_bind=64 # Sample access control policy: # Root DSE: allow anyone to read it # Subschema (sub)entry DSE: allow anyone to read it # Other DSEs: # Allow self write access # Allow authenticated users read access # Allow anonymous users to authenticate # Directives needed to implement policy: # access to dn.base= by * read # access to dn.base=cn=Subschema by * read # access to * # by self write # by users read # by anonymous auth # # if no access controls are present, the default policy # allows anyone and everyone to read anything but restricts # updates to rootdn. (e.g., access to * by * read) # # rootdn can always read and write EVERYTHING! ### # bdb database definitions ### databasebdb checkpoint 10245 cachesize 1 suffix dc=tux,dc=dyndns,dc=org rootdn cn=Manager,dc=tux,dc=dyndns,dc=org # Cleartext passwords, especially for the rootdn, should # be avoid. See slappasswd(8) and slapd.conf(5) for details. # Use of strong authentication encouraged. rootpw secret # The database directory MUST exist prior to running slapd AND # should only be accessible by the slapd and slap tools. # Mode 700 recommended. directory /var/lib/ldap # Indices to maintain index objectClass eq index cn pres,sub,eq index sn pres,sub,eq index uid pres,sub,eq index displayName pres,sub,eq index uidNumber eq index gidNumber eq index memberUid eq index sambaSIDeq index sambaPrimaryGroups eq index sambaDomainName eq index default sub When I try to execute the index by doing : tux:/usr/sbin # ./slapindex -f /etc/openldap/slapd.conf I end up with the following error: /etc/openldap/schema/samba.schema: line 340: AttributeType not found: gidNumber slapindex: bad configuration file! I have been follow the exsample from The Official Samba-3 HOWTO and Reference Guide. Can someone help me past this error please Thanks in advance Barry -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] slapd index
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Barry Rumsey wrote: | I end up with the following error: | /etc/openldap/schema/samba.schema: line 340: AttributeType not found: | gidNumber | slapindex: bad configuration file! #include /etc/openldap/schema/nis.schema cheers, jerry - -- Hewlett-Packard- http://www.hp.com SAMBA Team -- http://www.samba.org GnuPG Key http://www.plainjoe.org/gpg_public.asc ...a hundred billion castaways looking for a home. --- Sting -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFA/yaWIR7qMdg1EfYRApgAAKDGhszYWoa7eIGpjiBk8ekZR88wZACfR61F bYGQKPNoSs+O4BCzbsy2mRk= =mxkG -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] slapd index
On Wednesday 21 July 2004 18:59, Barry Rumsey wrote: hi I am using suse 9.1, openldap 2.2-34, samba 3.0.4-1.2. My slapd.conf looks like this: # # See slapd.conf(5) for details on configuration options. # This file should NOT be world readable. # include /etc/openldap/schema/core.schema include /etc/openldap/schema/cosine.schema include /etc/openldap/schema/inetorgperson.schema include /etc/openldap/schema/samba.schema include /etc/openldap/schema/nis.schema The NIS schema must be specified BEFORE the samba schema! # Define global ACLs to disable default read access. # Do not enable referrals until AFTER you have a working directory # service AND an understanding of referrals. #referral ldap://root.openldap.org pidfile /var/run/slapd/run/slapd.pid argsfile /var/run/slapd/run/slapd.args # Load dynamic backend modules: modulepath/usr/lib/openldap/modules # moduleload back_ldap.la # moduleload back_meta.la # moduleload back_monitor.la # moduleload back_perl.la # Sample security restrictions # Require integrity protection (prevent hijacking) # Require 112-bit (3DES or better) encryption for updates # Require 63-bit encryption for simple bind # security ssf=1 update_ssf=112 simple_bind=64 # Sample access control policy: # Root DSE: allow anyone to read it # Subschema (sub)entry DSE: allow anyone to read it # Other DSEs: # Allow self write access # Allow authenticated users read access # Allow anonymous users to authenticate # Directives needed to implement policy: # access to dn.base= by * read # access to dn.base=cn=Subschema by * read # access to * # by self write # by users read # by anonymous auth # # if no access controls are present, the default policy # allows anyone and everyone to read anything but restricts # updates to rootdn. (e.g., access to * by * read) # # rootdn can always read and write EVERYTHING! ### # bdb database definitions ### database bdb checkpoint 10245 cachesize 1 suffixdc=tux,dc=dyndns,dc=org rootdncn=Manager,dc=tux,dc=dyndns,dc=org # Cleartext passwords, especially for the rootdn, should # be avoid. See slappasswd(8) and slapd.conf(5) for details. # Use of strong authentication encouraged. rootpwsecret # The database directory MUST exist prior to running slapd AND # should only be accessible by the slapd and slap tools. # Mode 700 recommended. directory /var/lib/ldap # Indices to maintain index objectClass eq index cn pres,sub,eq index sn pres,sub,eq index uid pres,sub,eq index displayName pres,sub,eq index uidNumber eq index gidNumber eq index memberUid eq index sambaSIDeq index sambaPrimaryGroups eq index sambaDomainName eq index default sub When I try to execute the index by doing : tux:/usr/sbin # ./slapindex -f /etc/openldap/slapd.conf I end up with the following error: /etc/openldap/schema/samba.schema: line 340: AttributeType not found: gidNumber slapindex: bad configuration file! I have been follow the exsample from The Official Samba-3 HOWTO and Reference Guide. Can someone help me past this error please See above. - John T. Thanks in advance Barry -- John H Terpstra Samba-Team Member Phone: +1 (650) 580-8668 Author: The Official Samba-3 HOWTO Reference Guide, ISBN: 0131453556 Samba-3 by Example, ISBN: 0131472216 Hardening Linux, ISBN: 0072254971 OpenLDAP by Example, ISBN: 0131488732 Other books in production. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] slapd index
Thanks, It worked On Thursday 22 July 2004 15:24, John H Terpstra wrote: On Wednesday 21 July 2004 18:59, Barry Rumsey wrote: hi I am using suse 9.1, openldap 2.2-34, samba 3.0.4-1.2. My slapd.conf looks like this: # # See slapd.conf(5) for details on configuration options. # This file should NOT be world readable. # include /etc/openldap/schema/core.schema include /etc/openldap/schema/cosine.schema include /etc/openldap/schema/inetorgperson.schema include /etc/openldap/schema/samba.schema include /etc/openldap/schema/nis.schema The NIS schema must be specified BEFORE the samba schema! # Define global ACLs to disable default read access. # Do not enable referrals until AFTER you have a working directory # service AND an understanding of referrals. #referral ldap://root.openldap.org pidfile /var/run/slapd/run/slapd.pid argsfile/var/run/slapd/run/slapd.args # Load dynamic backend modules: modulepath /usr/lib/openldap/modules # moduleloadback_ldap.la # moduleloadback_meta.la # moduleloadback_monitor.la # moduleloadback_perl.la # Sample security restrictions # Require integrity protection (prevent hijacking) # Require 112-bit (3DES or better) encryption for updates # Require 63-bit encryption for simple bind # security ssf=1 update_ssf=112 simple_bind=64 # Sample access control policy: # Root DSE: allow anyone to read it # Subschema (sub)entry DSE: allow anyone to read it # Other DSEs: # Allow self write access # Allow authenticated users read access # Allow anonymous users to authenticate # Directives needed to implement policy: # access to dn.base= by * read # access to dn.base=cn=Subschema by * read # access to * # by self write # by users read # by anonymous auth # # if no access controls are present, the default policy # allows anyone and everyone to read anything but restricts # updates to rootdn. (e.g., access to * by * read) # # rootdn can always read and write EVERYTHING! ### # bdb database definitions ### databasebdb checkpoint 10245 cachesize 1 suffix dc=tux,dc=dyndns,dc=org rootdn cn=Manager,dc=tux,dc=dyndns,dc=org # Cleartext passwords, especially for the rootdn, should # be avoid. See slappasswd(8) and slapd.conf(5) for details. # Use of strong authentication encouraged. rootpw secret # The database directory MUST exist prior to running slapd AND # should only be accessible by the slapd and slap tools. # Mode 700 recommended. directory /var/lib/ldap # Indices to maintain index objectClass eq index cn pres,sub,eq index sn pres,sub,eq index uid pres,sub,eq index displayName pres,sub,eq index uidNumber eq index gidNumber eq index memberUid eq index sambaSIDeq index sambaPrimaryGroups eq index sambaDomainName eq index default sub When I try to execute the index by doing : tux:/usr/sbin # ./slapindex -f /etc/openldap/slapd.conf I end up with the following error: /etc/openldap/schema/samba.schema: line 340: AttributeType not found: gidNumber slapindex: bad configuration file! I have been follow the exsample from The Official Samba-3 HOWTO and Reference Guide. Can someone help me past this error please See above. - John T. Thanks in advance Barry -- John H Terpstra Samba-Team Member Phone: +1 (650) 580-8668 Author: The Official Samba-3 HOWTO Reference Guide, ISBN: 0131453556 Samba-3 by Example, ISBN: 0131472216 Hardening Linux, ISBN: 0072254971 OpenLDAP by Example, ISBN: 0131488732 Other books in production. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] getlmhostsent: ill formed hosts line
When I try to mount a Windows XP share I get this error: getlmhostsent: Ill formed hosts line [] getlmhostsent: Ill formed hosts line [] getlmhostsent: Ill formed hosts line [] I am running kernel: Linux 2.6.8-rc2-love1 Samba: 3.0.4 I am running the command: mount /home/wendy/documents My fstab entry is: \\home-xpp\wendy /home/wendy/documents smbfs user,fmask=777,uid=1000,dmask=777,gid=100,username=mike,noauto 0 0 The mount actually works but I get the above error. Sometimes when I try to browse it using nautilus, nautilus locks up (that could be a nautilus problem). What does the error mean and how do I get rid of it? Thx -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] SWAT - Could not connect to port 901
Hope this finds it way to somewhere that help Assuming you followed the instructions for creating the swat file in /etc/xinetd.d directory. In the swat file, make sure that the server option is pointing to where swat is actually stored. Search for it and make sure the path is correct. If you followed the instructions that I used the directory in the instructions is not where swat is stored on my SuSE linux box. I had to change my /etc/xinetd.d/swat ASCII file to use server = /usr/sbin/swat. danZ Check in /etc/ -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Samba 3, Windows 2000 and DNS.
I've got a Samba 3 box running RHEL 3 that has been added to a Windows 2000 domain as a member server, however it cannot be browsed via the network (it appears within the domain, but does not open the machine). Its IP address is 10.30.4.1/255.255.252.0, nbtstat.exe on one of the windows boxes returns as below P:\nbtstat -A 10.30.4.1 Local Area Connection 3: Node IpAddress: [10.30.5.1] Scope Id: [] Host not found. DNS is used for name resolution and Ping can resolve a name to an IP address. Smbclient can connect to another host however nmblookup cannot. Smbclient when directed at itself does not detect the master browser. [EMAIL PROTECTED] samba]# smbclient -L router -N Anonymous login successful Sharename Type Comment - --- delta Disk Delta Testing IPC$ IPC IPC Service (Samba Server router) ADMIN$ IPC IPC Service (Samba Server router) Anonymous login successful Server Comment ---- ROUTER Samba Server router WorkgroupMaster ---- DEETTEST Broadcast pings only return a response from the machines own IP address. Additionally, while 'net ads join' completes without issue, 'net ads info' reports as follows: [EMAIL PROTECTED] samba]# net ads info Didn't find the ldap server! Thanks in advance. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] With a Samba 3 PDC, can I promote a Samba BDC to become new PDC?
I'm helping out a small office upgrade their NT 4 PDC to Samba. It's a small office of 6 people, so tdbsam is being used. They keep having tape backup issues and other problems, so one of the reasons for the Samba migration is to allow me to SSH into their box and remotely administer it from home on evenings/weekends. Currently I'm testing the move using two dummy machines, and some Windows 2000 clients running under VMWare. Following the Samba Guide, my plan was as follows: Existing Windows NT machine is called DellDC. Temporary machine is called TempDC 1. Create a Linux based, Samba BDC named TempDC that joins the NT domain, then following the instructions in chapters 5 and 8 of the Samba-Guide, vampire the accounts database off of DellDC and promote TempDC to a PDC. 2. Shutdown DellDC, and reload with Linux, configuring Samba as a BDC. Following the same approach, re-join DellDC to NT domain as a BDC, and using net rpc vampire, vampire accounts database off of TempDC and promote DellDC to PDC. 3. Shutdown TempDC for good. In my simulation environment, I created a similar set of machines. One is NT 4.0 server and the other is Debian Linux (testing, sarge) with the latest Samba 3.0.4. My samba configuration files are almost exactly as shown in the Samba-Guide with the exception of printer shares and the fictional shared folders. Step 1 goes fine. I was able to join TempDC to the domain hosted by NT4 on DellDC, vampire the accounts off of DellDC, and promote TempDC to Primary DC status. After this I turned off DellDC and reloaded it with Debian Linux and Samba. Step 2 fails. I reload DellDC with Linux, and successfully join the domain. Groupmaps are successfully created as directed in the guide, as before. I even made sure /etc/passwd and /etc/group are the same on both the Linux PDC and the Linux BDC that I'm trying to promote. However, 'net rpc vampire' fails. The output is: DellDC:/etc/samba# net rpc vampire -S TempDC Fetching DOMAIN database Failed to fetch domain database: NT_STATUS_UNSUCCESSFUL Is there another approach or did I configure something incorrectly? Given a successfully running Samba 3.0 PDC using tdbsam, how can I migrate the PDC responsibilities from the existing Linux box to another? I'd imagine this scenario comes up often as people upgrade server hardware on PDCs without losing all the existing domain settings. Can anyone help me? Many thanks, Jeff McWilliams -- Jeff McWilliams: [EMAIL PROTECTED] This message was sent using IMP, the Internet Messaging Program. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] With a Samba 3 PDC, can I promote a Samba BDC to become new PDC?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 I'm trying to do the exact same thing out here, it's tricky, even after reading the manual rather thoroughly, I got to the stage where we vampire'd over all the account info successfully, but the vampire didn't copy the password information for the machine accounts, and thus people cannot log on. I've posted to this list about it a couple of times before, but noone has answered, I don't know if this is just an accepted bug or I'm screwing something up, still trying to hack through the smbldap-useradd script in the machine adding section, which is my best guess as to where the actual problem is. Cheers Eric Jeff McWilliams wrote: | I'm helping out a small office upgrade their NT 4 PDC to Samba. It's a small | office of 6 people, so tdbsam is being used. They keep having tape backup | issues | and other problems, so one of the reasons for the Samba migration is to allow | me | to SSH into their box and remotely administer it from home on | evenings/weekends. | | | | Currently I'm testing the move using two dummy machines, and some Windows 2000 | clients running under VMWare. | | Following the Samba Guide, my plan was as follows: | | Existing Windows NT machine is called DellDC. | Temporary machine is called TempDC | | 1. Create a Linux based, Samba BDC named TempDC that joins the NT domain, then | following the instructions in chapters 5 and 8 of the Samba-Guide, vampire the | accounts database off of DellDC and promote TempDC to a PDC. | | 2. Shutdown DellDC, and reload with Linux, configuring Samba as a BDC. | Following the same approach, re-join DellDC to NT domain as a BDC, and using | net rpc vampire, vampire accounts database off of TempDC and promote DellDC to | PDC. | | 3. Shutdown TempDC for good. | | | In my simulation environment, I created a similar set of machines. One is NT | 4.0 server and the other is Debian Linux (testing, sarge) with the latest Samba | | 3.0.4. My samba configuration files are almost exactly as shown in the | Samba-Guide with the exception of printer shares and the fictional shared | folders. | | Step 1 goes fine. I was able to join TempDC to the domain hosted by NT4 on | DellDC, vampire the accounts off of DellDC, and promote TempDC to Primary DC | status. After this I turned off DellDC and reloaded it with Debian Linux and | Samba. | | Step 2 fails. I reload DellDC with Linux, and successfully join the domain. | Groupmaps are successfully created as directed in the guide, as before. I even | made sure /etc/passwd and /etc/group are the same on both the Linux PDC and the | Linux BDC that I'm trying to promote. However, 'net rpc vampire' fails. | | The output is: | DellDC:/etc/samba# net rpc vampire -S TempDC | Fetching DOMAIN database | Failed to fetch domain database: NT_STATUS_UNSUCCESSFUL | | | Is there another approach or did I configure something incorrectly? Given a | successfully running Samba 3.0 PDC using tdbsam, how can I migrate the PDC | responsibilities from the existing Linux box to another? | | I'd imagine this scenario comes up often as people upgrade server | hardware on PDCs without losing all the existing domain settings. | | Can anyone help me? | | Many thanks, | | Jeff McWilliams | -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.3 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFA/07e3xh0GTRQuR4RApU4AJ0fbad9tZFVE5ngNLNB4GgZYVPpmgCcDi35 TgyrXJWAOmyASmayOVnhF3k= =sxRE -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] With a Samba 3 PDC, can I promote a Samba BDC to become new PDC?
On Wednesday 21 July 2004 23:21, Eric J Bennett wrote: I'm trying to do the exact same thing out here, it's tricky, even after reading the manual rather thoroughly, I got to the stage where we vampire'd over all the account info successfully, but the vampire didn't copy the password information for the machine accounts, and thus people cannot log on. We are aware of this problem. It does not affect every site but on those that it does the problem is significant. I'm sorry to say that we do not have a solution at this time. It would help if you can capture the entire process using ethereal as well as a level 10 debug trace of the activity and then post a bug report on bugzilla.samba.org. So far we have not been able to capture sufficient information to catch what is glitching. Andrew Bartlett may be able to comment when he sees the debug info. - John T. I've posted to this list about it a couple of times before, but noone has answered, I don't know if this is just an accepted bug or I'm screwing something up, still trying to hack through the smbldap-useradd script in the machine adding section, which is my best guess as to where the actual problem is. Cheers Eric Jeff McWilliams wrote: | I'm helping out a small office upgrade their NT 4 PDC to Samba. It's a small | office of 6 people, so tdbsam is being used. They keep having tape backup | issues | and other problems, so one of the reasons for the Samba migration is to allow | me | to SSH into their box and remotely administer it from home on | evenings/weekends. | | | | Currently I'm testing the move using two dummy machines, and some Windows 2000 | clients running under VMWare. | | Following the Samba Guide, my plan was as follows: | | Existing Windows NT machine is called DellDC. | Temporary machine is called TempDC | | 1. Create a Linux based, Samba BDC named TempDC that joins the NT domain, then | following the instructions in chapters 5 and 8 of the Samba-Guide, vampire the | accounts database off of DellDC and promote TempDC to a PDC. | | 2. Shutdown DellDC, and reload with Linux, configuring Samba as a BDC. | Following the same approach, re-join DellDC to NT domain as a BDC, and using | net rpc vampire, vampire accounts database off of TempDC and promote DellDC to | PDC. | | 3. Shutdown TempDC for good. | | | In my simulation environment, I created a similar set of machines. One is NT | 4.0 server and the other is Debian Linux (testing, sarge) with the latest Samba | 3.0.4. My samba configuration files are almost exactly as shown in the | Samba-Guide with the exception of printer shares and the fictional shared | folders. | | Step 1 goes fine. I was able to join TempDC to the domain hosted by NT4 on | DellDC, vampire the accounts off of DellDC, and promote TempDC to Primary DC | status. After this I turned off DellDC and reloaded it with Debian Linux and | Samba. | | Step 2 fails. I reload DellDC with Linux, and successfully join the domain. | Groupmaps are successfully created as directed in the guide, as before. I even | made sure /etc/passwd and /etc/group are the same on both the Linux PDC and the | Linux BDC that I'm trying to promote. However, 'net rpc vampire' fails. | | The output is: | DellDC:/etc/samba# net rpc vampire -S TempDC | Fetching DOMAIN database | Failed to fetch domain database: NT_STATUS_UNSUCCESSFUL | | | Is there another approach or did I configure something incorrectly? Given a | successfully running Samba 3.0 PDC using tdbsam, how can I migrate the | PDC responsibilities from the existing Linux box to another? | | I'd imagine this scenario comes up often as people upgrade server | hardware on PDCs without losing all the existing domain settings. | | Can anyone help me? | | Many thanks, | | Jeff McWilliams -- John H Terpstra Samba-Team Member Phone: +1 (650) 580-8668 Author: The Official Samba-3 HOWTO Reference Guide, ISBN: 0131453556 Samba-3 by Example, ISBN: 0131472216 Hardening Linux, ISBN: 0072254971 OpenLDAP by Example, ISBN: 0131488732 Other books in production. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
svn commit: samba r1558 - branches/SAMBA_4_0/source/librpc/idl
Author: metze Date: 2004-07-21 09:57:39 + (Wed, 21 Jul 2004) New Revision: 1558 Modified: branches/SAMBA_4_0/source/librpc/idl/krb5pac.idl Log: the unknown_time is the same as the logon_time in the PAC_LOGON_INFO the account_name is a 'nstring' metze WebSVN: http://websvn.samba.org/websvn/changeset.php?rep=sambapath=/rev=1558nolog=1
svn commit: lorikeet r16 - in trunk: . heimdal heimdal/admin heimdal/appl heimdal/appl/afsutil heimdal/appl/dceutils heimdal/appl/ftp heimdal/appl/ftp/common heimdal/appl/ftp/ftp heimdal/appl/ftp/ftpd heimdal/appl/kf heimdal/appl/kx heimdal/appl/login heimdal/appl/otp heimdal/appl/popper heimdal/appl/push heimdal/appl/rcp heimdal/appl/rsh heimdal/appl/su heimdal/appl/telnet heimdal/appl/telnet/arpa heimdal/appl/telnet/libtelnet heimdal/appl/telnet/telnet heimdal/appl/telnet/telnetd heimdal/appl/test heimdal/appl/xnlock heimdal/cf heimdal/doc heimdal/doc/standardisation heimdal/etc heimdal/include heimdal/include/kadm5 heimdal/kadmin heimdal/kdc heimdal/kpasswd heimdal/kuser heimdal/lib heimdal/lib/45 heimdal/lib/asn1 heimdal/lib/auth heimdal/lib/auth/afskauthlib heimdal/lib/auth/pam heimdal/lib/auth/sia heimdal/lib/com_err heimdal/lib/des heimdal/lib/des/asm heimdal/lib/des/t heimdal/lib/editline heimdal/lib/gssapi heimdal/lib/hdb heimdal/lib/kadm5 heimdal/lib/kafs heimdal/lib/kdfs heimdal/lib/krb5 heimdal/lib/otp heimdal/lib/roken heimdal/lib/sl heimdal/lib/vers heimdal/tools
Author: metze Date: 2004-07-21 10:56:44 + (Wed, 21 Jul 2004) New Revision: 16 Added: trunk/heimdal/ trunk/heimdal/ChangeLog trunk/heimdal/ChangeLog.1998 trunk/heimdal/ChangeLog.1999 trunk/heimdal/ChangeLog.2000 trunk/heimdal/ChangeLog.2001 trunk/heimdal/ChangeLog.2002 trunk/heimdal/Makefile.am trunk/heimdal/Makefile.am.common trunk/heimdal/Makefile.in trunk/heimdal/NEWS trunk/heimdal/README trunk/heimdal/TODO trunk/heimdal/TODO-1.0 trunk/heimdal/TODO-shadow trunk/heimdal/aclocal.m4 trunk/heimdal/admin/ trunk/heimdal/admin/Makefile.am trunk/heimdal/admin/Makefile.in trunk/heimdal/admin/add.c trunk/heimdal/admin/change.c trunk/heimdal/admin/copy.c trunk/heimdal/admin/get.c trunk/heimdal/admin/ktutil.8 trunk/heimdal/admin/ktutil.c trunk/heimdal/admin/ktutil.cat8 trunk/heimdal/admin/ktutil_locl.h trunk/heimdal/admin/list.c trunk/heimdal/admin/purge.c trunk/heimdal/admin/remove.c trunk/heimdal/admin/rename.c trunk/heimdal/appl/ trunk/heimdal/appl/Makefile.am trunk/heimdal/appl/Makefile.in trunk/heimdal/appl/afsutil/ trunk/heimdal/appl/afsutil/ChangeLog trunk/heimdal/appl/afsutil/Makefile.am trunk/heimdal/appl/afsutil/Makefile.in trunk/heimdal/appl/afsutil/afslog.1 trunk/heimdal/appl/afsutil/afslog.c trunk/heimdal/appl/afsutil/afslog.cat1 trunk/heimdal/appl/afsutil/pagsh.c trunk/heimdal/appl/dceutils/ trunk/heimdal/appl/dceutils/ChangeLog trunk/heimdal/appl/dceutils/Makefile.am trunk/heimdal/appl/dceutils/Makefile.in trunk/heimdal/appl/dceutils/README.dcedfs trunk/heimdal/appl/dceutils/README.original trunk/heimdal/appl/dceutils/dfspag.exp trunk/heimdal/appl/dceutils/dpagaix.c trunk/heimdal/appl/dceutils/k5dce.h trunk/heimdal/appl/dceutils/k5dcecon.c trunk/heimdal/appl/dceutils/testpag.c trunk/heimdal/appl/ftp/ trunk/heimdal/appl/ftp/ChangeLog trunk/heimdal/appl/ftp/Makefile.am trunk/heimdal/appl/ftp/Makefile.in trunk/heimdal/appl/ftp/common/ trunk/heimdal/appl/ftp/common/Makefile.am trunk/heimdal/appl/ftp/common/Makefile.in trunk/heimdal/appl/ftp/common/buffer.c trunk/heimdal/appl/ftp/common/common.h trunk/heimdal/appl/ftp/common/sockbuf.c trunk/heimdal/appl/ftp/ftp/ trunk/heimdal/appl/ftp/ftp/Makefile.am trunk/heimdal/appl/ftp/ftp/Makefile.in trunk/heimdal/appl/ftp/ftp/cmds.c trunk/heimdal/appl/ftp/ftp/cmdtab.c trunk/heimdal/appl/ftp/ftp/domacro.c trunk/heimdal/appl/ftp/ftp/extern.h trunk/heimdal/appl/ftp/ftp/ftp.1 trunk/heimdal/appl/ftp/ftp/ftp.c trunk/heimdal/appl/ftp/ftp/ftp.cat1 trunk/heimdal/appl/ftp/ftp/ftp_locl.h trunk/heimdal/appl/ftp/ftp/ftp_var.h trunk/heimdal/appl/ftp/ftp/globals.c trunk/heimdal/appl/ftp/ftp/gssapi.c trunk/heimdal/appl/ftp/ftp/kauth.c trunk/heimdal/appl/ftp/ftp/krb4.c trunk/heimdal/appl/ftp/ftp/main.c trunk/heimdal/appl/ftp/ftp/pathnames.h trunk/heimdal/appl/ftp/ftp/ruserpass.c trunk/heimdal/appl/ftp/ftp/security.c trunk/heimdal/appl/ftp/ftp/security.h trunk/heimdal/appl/ftp/ftpd/ trunk/heimdal/appl/ftp/ftpd/Makefile.am trunk/heimdal/appl/ftp/ftpd/Makefile.in trunk/heimdal/appl/ftp/ftpd/extern.h trunk/heimdal/appl/ftp/ftpd/ftpcmd.y trunk/heimdal/appl/ftp/ftpd/ftpd.8 trunk/heimdal/appl/ftp/ftpd/ftpd.c trunk/heimdal/appl/ftp/ftpd/ftpd.cat8 trunk/heimdal/appl/ftp/ftpd/ftpd_locl.h trunk/heimdal/appl/ftp/ftpd/ftpusers.5 trunk/heimdal/appl/ftp/ftpd/ftpusers.cat5 trunk/heimdal/appl/ftp/ftpd/gss_userok.c trunk/heimdal/appl/ftp/ftpd/kauth.c trunk/heimdal/appl/ftp/ftpd/logwtmp.c trunk/heimdal/appl/ftp/ftpd/ls.c trunk/heimdal/appl/ftp/ftpd/pathnames.h trunk/heimdal/appl/ftp/ftpd/popen.c trunk/heimdal/appl/kf/ trunk/heimdal/appl/kf/Makefile.am trunk/heimdal/appl/kf/Makefile.in trunk/heimdal/appl/kf/kf.1 trunk/heimdal/appl/kf/kf.c trunk/heimdal/appl/kf/kf.cat1 trunk/heimdal/appl/kf/kf_locl.h trunk/heimdal/appl/kf/kfd.8 trunk/heimdal/appl/kf/kfd.c trunk/heimdal/appl/kf/kfd.cat8 trunk/heimdal/appl/kx/ trunk/heimdal/appl/kx/ChangeLog trunk/heimdal/appl/kx/Makefile.am trunk/heimdal/appl/kx/Makefile.in trunk/heimdal/appl/kx/common.c trunk/heimdal/appl/kx/context.c trunk/heimdal/appl/kx/krb4.c trunk/heimdal/appl/kx/krb5.c trunk/heimdal/appl/kx/kx.1 trunk/heimdal/appl/kx/kx.c trunk/heimdal/appl/kx/kx.cat1 trunk/heimdal/appl/kx/kx.h trunk/heimdal/appl/kx/kxd.8 trunk/heimdal/appl/kx/kxd.c trunk/heimdal/appl/kx/kxd.cat8 trunk/heimdal/appl/kx/rxtelnet.1 trunk/heimdal/appl/kx/rxtelnet.cat1 trunk/heimdal/appl/kx/rxtelnet.in trunk/heimdal/appl/kx/rxterm.1 trunk/heimdal/appl/kx/rxterm.cat1 trunk/heimdal/appl/kx/rxterm.in trunk/heimdal/appl/kx/tenletxr.1 trunk/heimdal/appl/kx/tenletxr.cat1 trunk/heimdal/appl/kx/tenletxr.in trunk/heimdal/appl/kx/writeauth.c trunk/heimdal/appl/login/
svn commit: lorikeet r17 - in trunk/heimdal: . lib/hdb
Author: metze Date: 2004-07-21 11:06:59 + (Wed, 21 Jul 2004) New Revision: 17 Added: trunk/heimdal/lib/hdb/hdb-ldb.c Modified: trunk/heimdal/aclocal.m4 trunk/heimdal/configure.in trunk/heimdal/lib/hdb/Makefile.am trunk/heimdal/lib/hdb/Makefile.in trunk/heimdal/lib/hdb/hdb-protos.h trunk/heimdal/lib/hdb/hdb.c Log: add first version of the hdb-ldb backend for heimdal NOTE: this only compiles, but is far away from being functional! metze WebSVN: http://websvn.samba.org/websvn/changeset.php?rep=lorikeetpath=/trunk/heimdalrev=17nolog=1
svn commit: samba r1559 - trunk/source/libsmb
Author: vlendec Date: 2004-07-21 12:19:40 + (Wed, 21 Jul 2004) New Revision: 1559 Modified: trunk/source/libsmb/clidgram.c Log: Not that anybody uses this stuff (yet...), but at least get it correct :-) When sending a mailslot datagram, get the packet length correction correct. Volker WebSVN: http://websvn.samba.org/websvn/changeset.php?rep=sambapath=/rev=1559nolog=1
svn commit: samba r1560 - branches/SAMBA_3_0/source/libsmb
Author: vlendec Date: 2004-07-21 12:22:58 + (Wed, 21 Jul 2004) New Revision: 1560 Modified: branches/SAMBA_3_0/source/libsmb/clidgram.c Log: Not that anybody uses this stuff (yet...), but at least get it correct :-) When sending a mailslot datagram, get the packet length correction correct. Volker WebSVN: http://websvn.samba.org/websvn/changeset.php?rep=sambapath=/rev=1560nolog=1
Re: svn commit: samba r1559 - trunk/source/libsmb
On Wed, Jul 21, 2004 at 12:19:40PM +, [EMAIL PROTECTED] wrote: When sending a mailslot datagram, get the packet length correction correct. Hmm. Should read calculation :-) Volker
svn commit: lorikeet r18 - in trunk/heimdal: . admin appl appl/afsutil appl/dceutils appl/ftp appl/ftp/common appl/ftp/ftp appl/ftp/ftpd appl/kf appl/kx appl/login appl/otp appl/popper appl/push appl/rcp appl/rsh appl/su appl/telnet appl/telnet/libtelnet appl/telnet/telnet appl/telnet/telnetd appl/test appl/xnlock cf doc doc/standardisation include include/kadm5 kadmin kdc kpasswd kuser lib lib/45 lib/asn1 lib/auth lib/auth/afskauthlib lib/auth/pam lib/auth/sia lib/com_err lib/des lib/editline lib/gssapi lib/hdb lib/kadm5 lib/kafs lib/kdfs lib/krb5 lib/otp lib/roken lib/sl lib/vers tools
/snprintf.c trunk/heimdal/lib/roken/strptime.c trunk/heimdal/lib/roken/tm2time.c trunk/heimdal/lib/sl/ChangeLog trunk/heimdal/lib/sl/Makefile.am trunk/heimdal/lib/sl/Makefile.in trunk/heimdal/lib/sl/sl.c trunk/heimdal/lib/sl/sl.h trunk/heimdal/lib/vers/ChangeLog trunk/heimdal/lib/vers/Makefile.in trunk/heimdal/lib/vers/print_version.c trunk/heimdal/ltconfig trunk/heimdal/missing trunk/heimdal/tools/Makefile.am trunk/heimdal/tools/Makefile.in Log: merge in heimdal-20040721 metze WebSVN: http://websvn.samba.org/websvn/changeset.php?rep=lorikeetpath=/trunk/heimdalrev=18nolog=1
svn commit: lorikeet r19 - trunk/heimdal/lib/hdb
Author: metze Date: 2004-07-21 14:55:52 + (Wed, 21 Jul 2004) New Revision: 19 Modified: trunk/heimdal/lib/hdb/hdb-ldap.c Log: build fix: this should be merge into the main heimdal as well metze WebSVN: http://websvn.samba.org/websvn/changeset.php?rep=lorikeetpath=/rev=19nolog=1
svn commit: samba r1561 - branches/SAMBA_3_0/source
Author: jerry Date: 2004-07-21 19:23:48 + (Wed, 21 Jul 2004) New Revision: 1561 Modified: branches/SAMBA_3_0/source/configure.in Log: iconv detection fix from James Peach [EMAIL PROTECTED] WebSVN: http://websvn.samba.org/websvn/changeset.php?rep=sambapath=/rev=1561nolog=1
svn commit: samba-web r161 - branches/tmp.samba.org
Author: deryck Date: 2004-07-22 03:33:24 + (Thu, 22 Jul 2004) New Revision: 161 Modified: branches/tmp.samba.org/footer.html branches/tmp.samba.org/header2.html branches/tmp.samba.org/samba.html Log: Minor clean ups to XHTML so the pages will validate. --deryck WebSVN: http://websvn.samba.org/websvn/changeset.php?rep=samba-webpath=/rev=161nolog=1
svn commit: samba-web r162 - in branches/tmp.samba.org: . style
Author: deryck Date: 2004-07-22 03:46:57 + (Thu, 22 Jul 2004) New Revision: 162 Modified: branches/tmp.samba.org/header2.html branches/tmp.samba.org/style/samba.css Log: Corrected CDATA tags in last commit. Also, added site- wide rule to remove borders from images. --deryck WebSVN: http://websvn.samba.org/websvn/changeset.php?rep=samba-webpath=/branches/tmp.samba.orgrev=162nolog=1
svn commit: samba-web r163 - branches/tmp.samba.org
Author: deryck Date: 2004-07-22 03:56:35 + (Thu, 22 Jul 2004) New Revision: 163 Modified: branches/tmp.samba.org/header2.html Log: Had to move CDATA tags (again!) to make IE happy. --deryck WebSVN: http://websvn.samba.org/websvn/changeset.php?rep=samba-webpath=/rev=163nolog=1
svn commit: samba-web r164 - branches/tmp.samba.org
Author: deryck Date: 2004-07-22 04:40:22 + (Thu, 22 Jul 2004) New Revision: 164 Modified: branches/tmp.samba.org/header2.html Log: Last pass at CDATA tags -- it's the ugliest thing I've ever seen, but it validates and makes IE happy at the same time. Also, tweaked position of logo in IE 5 to match other browsers. -- deryck WebSVN: http://websvn.samba.org/websvn/changeset.php?rep=samba-webpath=/rev=164nolog=1