[Samba] Re: Chicken-and-egg problem with domain SID

2004-08-19 Thread Alexander E. Patrakov 
Eric V. Smith wrote:
Thank you very much for your response, it's very helpful.  While I think 
I can live with this solution, what I really want to do is to generate 
the SID on a different box and push all of the config files (including 
the LDAP database) over to the samba server.  It appears I can just do 
what net getlocalsid does and use it to populate LDAP and the smbldap 
config.
Don't forget that "net setlocalsid" exists :)
--
Alexander E. Patrakov
--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] Re: Samba Printing

2004-08-19 Thread Jim C. 
This is Mandrake specific but there are refs to relevant sections of the 
 HOWTOs.

http://mandrake.vmlinuz.ca/bin/view/Main/SambaThreeDomainController#Simple_Print_Services
Using samba 3.05 and cups for raw printing does anyone know why i'm 
getting this when i print from an xp client. All i'm trying to do is get 
point and print printing working in raw cups mode.

--
-
| I can be reached on the following Instant Messenger services: |
|---|
| MSN: [EMAIL PROTECTED]  AIM: WyteLi0n  ICQ: 123291844 |
|---|
| Y!: j_c_llings   Jabber: [EMAIL PROTECTED]|
-
--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] Re: CUPS Printing to PostScript Printer

2004-08-19 Thread Jim C. 
Are you using the postscript cups-samba drivers?
I'm having trouble printing to a HP LaserJet 6MP
Postscript printer.  I'm using CUPS and normal
UNIX printing works fine.
--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Sharing a Samba Share?

2004-08-19 Thread Thomas M. Skeren III 
An interesting problem.  I think a thing I tried and failed at may apply 
here.

Want internet samba port 445 clients to access a W2k machine, but point 
the router to a samba machine.

Mount the w2k machine share on the Unix box
Share that mount in samba
Let the wan clients mount the unix samba share.
Lots of errors.
Besides being so slow it was unusable here are some issues.
The smb mount to the unix box has the permissions of the mount.  IE if 
you mount the w2k share as Administrator, then all who mount the samba 
share are Administrator. 

Further, given the above, Samba does not like this.  It lags out a lot 
and is not ideal.

Note that a smb mount from UNIX to a w2k server is a user level 
implementation.  It's like mapping a drive to a windows box.  I know not 
Novel, but I suspect that the Novel  functions you describe are quite 
disimilar to smbfs.

Too many beers.  Exiting before I say something stupid.

Fitzwater, Bryan wrote:
Is it possible to share a Windows Share of a Samba Unix Share?
We have Samba running on a Solaris Box, I can map a drive to the share just fine from 
a Windows 2000 server.
Problem is that I want to in-turn share the Samba share from the Windows box.
Reason is ... I have customers on a remote network who are only allowed HTTP and HTTPS 
outbound on their firewall. And I would like to give them access to the Solaris box.
I would like to do something similar to what I have done for access to our Netware 
servers via HTTPS:
Here's an example of what I have done for our Netware Servers:
1. Setup an application Server running Unix accessible via HTTPS in our DMZ.
2. Application Server runs an https "Windows Domain Browser/ File Manager" to browse 
and access Windows Server shares/files.
3. The shares are "published" to the client browser via HTTPS.
4. The user can manage files using their java client similar to the Windows Explorer.
5. I setup one of the Windows Servers with GSNW (Gateway Services for Netware) and use that to 
"re-share" netware file shares as "windows shares".
6. From this point the remote users can access the Netware files through the HTTPS 
application server, then the Windows Server running GSNW and finally on the Netware 
server.
This all works fine but I want to do something similar for sharing the files on the 
Solaris box.  Process would be something like...
1. Setup an application Server running Unix accessible via HTTPS in our DMZ. = DONE.
2. Application Server runs an https "Windows Domain Browser/ File Manager" to browse and access Windows Server shares/files. = DONE.
3. Grab a Windows Server and MAP a drive to the Solaris Box using Samba. = DONE
4. Share the mapped drive in step 3 and allow remote user to access.  = FAILED.  

This is where I get stuck, I can't share the mapped drive because Windows won't allow 
this type of mapping to be shared. Is there a workaround for this?
Bear in mind the only connectivity the customer is allowed out their firewall is 
HTTPS, no FTP, no IPSEC (vpn) etc.
thanks in advance for any ideas.
-Bryan Fitzwater
Network Janitor

 


--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] Re: Groups not recognized

2004-08-19 Thread pgienger 
Quoting Michal Kurowski <[EMAIL PROTECTED]>:

> Paul Gienger [EMAIL PROTECTED] wrote:
> >
> > Ok, apparently this is a solaris-vs.-LDAP issue.  I've tested with a
> > machine running Solaris 9 12/02 (that I could reboot) and with anything
> > higher than 112960-03 you can't see supplimentary groups, but with -03
> > you can do everything like you want to, although the id command never
> > shows all the groups, but I think that's a solaris-ism.

Correcting myself, on solaris you need to do an id -a but on linux a simple id
gives you all secondary groups.

> > Here's the rub, I've got a Solaris 9 8/03 box that has to be upgraded,
> > but that version is post 112960-03. Does anybody know of a way around
> > this??? I'm not completely averse to ripping out sun's nss library, but
> > that's a little more work than this cat likes to do.
>
> Certainilly problem does not appear on Solaris 9 04/03 with patch
> 112960-16.

Just to be sure, we're talking about a directory that has something like 750
perms, and the group is in the secondary groups list of the user?  I get perm
denied from samba but get in just fine on something like the unix comand line.
If so, good to hear, perhaps then I won't have issues with 8/03 -> the newer of
the two sun boxes I have to work on.  I think I read in one of the posts that
the reporter was using 12/02 (what I have), but I can't find that one now. 
Maybe if push comes to shove, both boxes can be updated to 04/04.  I guess it's
possible that the patch itself is bad or it doesn't check for some other minute
dependency.  Put updating test server to 04/04 on my to-do list :-\

> It is pretty weird you only have 112960-03.
Why is that wierd? patchrm works wonders when you need it.  This is what the bug
(395 I believe) says is the correct patch-point to get things working, and it
seems to be correct in my tests.

> What do you use as a NSS data source ?
Openldap 2.1.something, whatever comes with FC2, or are you getting at something
else?

> Do you have any patchlevel control software ?
Nope, but if I did I'd try using the sun package first.  I can't stand automatic
patching of unix boxes (this week anyway, next week may change).  We've got two
FC2 boxes that started going wierd on network transfers, and I'd much rather be
able to rule out yum sticking in some new version of a package that doesn't
play nice.

> Have you modified your pam config ?
Nope, at least not that I can remember.  Rembember, unix permissions work fine,
it's just from samba.

Just to update, I backed down to 112960-03 on my 12/02 box and things work fine.
 If I go to a windows box and run ifmember it shows me all the groups I want,
and I don't even think I have some of them groupmapped.
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] Sharing a Samba Share?

2004-08-19 Thread Fitzwater, Bryan 
Is it possible to share a Windows Share of a Samba Unix Share?

We have Samba running on a Solaris Box, I can map a drive to the share just fine from 
a Windows 2000 server.

Problem is that I want to in-turn share the Samba share from the Windows box.

Reason is ... I have customers on a remote network who are only allowed HTTP and HTTPS 
outbound on their firewall. And I would like to give them access to the Solaris box.

I would like to do something similar to what I have done for access to our Netware 
servers via HTTPS:

Here's an example of what I have done for our Netware Servers:

1. Setup an application Server running Unix accessible via HTTPS in our DMZ.
2. Application Server runs an https "Windows Domain Browser/ File Manager" to browse 
and access Windows Server shares/files.
3. The shares are "published" to the client browser via HTTPS.
4. The user can manage files using their java client similar to the Windows Explorer.
5. I setup one of the Windows Servers with GSNW (Gateway Services for Netware) and use 
that to "re-share" netware file shares as "windows shares".
6. From this point the remote users can access the Netware files through the HTTPS 
application server, then the Windows Server running GSNW and finally on the Netware 
server.

This all works fine but I want to do something similar for sharing the files on the 
Solaris box.  Process would be something like...

1. Setup an application Server running Unix accessible via HTTPS in our DMZ. = DONE.
2. Application Server runs an https "Windows Domain Browser/ File Manager" to browse 
and access Windows Server shares/files. = DONE.
3. Grab a Windows Server and MAP a drive to the Solaris Box using Samba. = DONE
4. Share the mapped drive in step 3 and allow remote user to access.  = FAILED.  

This is where I get stuck, I can't share the mapped drive because Windows won't allow 
this type of mapping to be shared. Is there a workaround for this?

Bear in mind the only connectivity the customer is allowed out their firewall is 
HTTPS, no FTP, no IPSEC (vpn) etc.

thanks in advance for any ideas.

-Bryan Fitzwater
Network Janitor



--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Samba 3.0.6 Available for Download

2004-08-19 Thread Gerald (Jerry) Carter 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Gerald (Jerry) Carter wrote:
| The release notes are also available on-line at
|
|   http://www.samba.org/samba/whatsnew/samba-3.0.6.html
Correction.  The URL should read
http://www.samba.org/samba/history/samba-3.0.6.html


cheers, jerry
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.2.4 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFBJWThIR7qMdg1EfYRAkyHAJ9soay8z2QlpqJ298L2tjQDMpU/JgCeO/HM
gdvPjy+A+TVQ3QcmGeg9smg=
=7TGr
-END PGP SIGNATURE-
--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] Lkfdpsac m'edi`cal update

2004-08-19 Thread stacey jewell 

trommelaars hyphend  woodington
wgwhipsgyracanthus


The most wanted medications like Dar,von, Carisoprodol, Brufen retard,
Lipitor and other 200 medications at the most wanted price.


NrtxlwuRcujtx http://ul.dh.kalmyk3865drygs.com/f74m/


Were you ever with a circus, brother? No, said the SorcererIt was nearly
evening, and Rob had wandered down by the wharves to look at the shipping,
when his attention was called to an ugly looking bull dog, which ran toward
him and began barking ferociously
magnesiabutb12acordante 03prematuramente roldana  comentarista




-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] Macintosh filenames with reserved chars

2004-08-19 Thread Entelin 
I have a client with about 1TB worth of files stored on an old mac
server which is being replaced by a small samba cluster. Unfortunately
the users were very liberal when naming their files naming them things
such as.

*wh at/e\v er!.tiff

lol, so of course samba doesnt like that very much and gives me a
"invalid filename" error, so the question is, is there a way for samba
to rename that incoming filename just taking out the invalid chars?

resulting in something valid like

wh atev er.tiff

thanks :)

-- 
Entelin <[EMAIL PROTECTED]>

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] Samba 3.0.6 Available for Download

2004-08-19 Thread Gerald (Jerry) Carter 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

(Samba goes for the gold!)

This is the latest stable release of Samba. This is the version
that production Samba servers should be running for all
current bug-fixes.  There have been several issues fixes since
the 3.0.4/5 release and new features have been added as well.
See the "Changes" section of the release notes for details
on exact updates.

Common bugs fixed in 3.0.6 include:

  o Schannel failure in winbindd.
  o Numerous memory leaks.
  o Incompatibilities between the 'write list' and 'force user'
smb.conf options.
  o Premature optimization of the open_directory() internal
function that broke tools such as the ArcServe backup
agent, Macromedia HomeSite, and Robocopy.
  o Corrupt workgroup names in nmbd's browse.dat.
  o Sharing violation errors commonly seen when opening
when serving Microsoft Office documents from a Samba
file share.
  o Browsing problems caused by an apostrophe (') in the
computer's description field.
  o Problems creating special file types from UNIX CIFS
clients and enabling 'unix extensions'.
  o Fix stalls in smbd caused by inaccessible LDAP servers.
  o Fix issues in the password lockout feature.

New features introduced in this release include:

  o Support symlinks created by CIFS clients which
can be followed on the server.
  o Using a cups server other than localhost.
  o Maintaining the service principal entry in the system
keytab for integration with other kerberized services.
Please refer to the 'use kerberos keytab' entry in
smb.conf(5).  When using the heimdal kerberos libraries,
you must also specify the following in /etc/krb5.conf:
[libdefaults]
   default_keytab_name = FILE:/etc/krb5.keytab
  o Support for maintaining individual printer names
stored separately from the printer's sharename.
  o Support for maintaining user password history.
  o Support for honoring the logon times for user in a
Samba domain.


smb.conf changes
- 

Parameter Name  Action
--  --
cups server New
defer sharing violationsNew
force unknown acl user  New
ldap timeoutNew
printcap cache time New
use kerberos keytab New


- 
unix extensions = yes (default) and symlinks
- 

Beginning with Samba 3.0.6pre1 (formerly known as 3.0.5pre1), clients
supporting the UNIX extensions to the CIFS protocol can create symlinks to
absolute paths which will be **followed** by the server.  This
functionality has been requested in order to correctly support certain
applications when the user's home directory is mounted using some type of
CIFS client (e.g. the cifsvfs in the Linux 2.6 kernel).

If this behavior is not acceptable for your production environment you can
set 'wide links = no' in the specific share declaration in the server's
smb.conf.  Be aware that disabling wide link support out of a share in
Samba may impact the server's performance due to the fact that smbd will
now have to check each path additional times before traversing it.

- 
Password History Support
- 

The new password history feature allows smbd to check the new password in
password change requests against a list of the user's previous passwords.  
The number of previous passwords to save can be set using pdbedit (4 in
this example):

   root# pdbedit -P "password history" -C 4

When using the ldapsam passdb backend, it is vital to secure the following
attributes from access by non-administrative users:

   * sambaNTPassword
   * sambaLMPassword
   * sambaPasswordHistory

You should refer to your directory server's documentation on how to
implement this restriction.

  -

The source code can be downloaded from :

  http://download.samba.org/samba/ftp/

The uncompressed tarball and patch file have been signed using GnuPG.  
The Samba public key is available at

  http://download.samba.org/samba/ftp/samba-pubkey.asc

Binary packages are available at

  http://download.samba.org/samba/ftp/Binary_Packages/

The release notes are also available on-line at

  http://www.samba.org/samba/whatsnew/samba-3.0.6.html

Our Code, Our Bugs, Our Responsibility.  (https://bugzilla.samba.org/)

  --Enjoy
  The Samba Team



-BEGIN PGP SIGNATURE-
Version: GnuPG v1.2.4 (GNU/Linux)
Comment: For info see http://quantumlab.net/pine_privacy_guard/

iD8DBQFBJWH3IR7qMdg1EfYRAh9hAJsHzXiZQS7N/jr3ntrSPs/EenWdtQCg7aqB
NKwBoDlzqm4kndX6Q91gPoo=
=yfUw
-END PGP SIGNATURE-
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Re: [Samba] LDAP Master/Slave

2004-08-19 Thread Michael Cornish 
Please remove [EMAIL PROTECTED] from your contact lists- Original
Message - 
From: "rruegner" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Cc: <[EMAIL PROTECTED]>
Sent: Thursday, August 19, 2004 5:41 PM
Subject: Re: [Samba] LDAP Master/Slave


> Hi John,
> let me explainif you have conected smb ldap master pdc with
> a vpn ( ie. Openvpn ) to a bdc smb ldap slave and if the vpn
> brakes , win clients from the vpn network are working with
> the last entries from the slave ldap.
> As in the blackout period the pdc isnt exist and the bdc ldap slave is
> not writeable , you cant make any changes ( like bringing up new
> machines on the fly, chnage passwords etc )until the vpn is up again to
> the pdc ldap master.
> This belongs to the fact that a bdc is read only.
> This is my understandingand practised...or do you now something
> other workaround? ( which might be possible with ldap in principal, but
> will end in heavly syncing the ldap directory in network blackout
periods )
> Best Regards
>
>
>
> John H Terpstra schrieb:
> > On Wednesday 18 August 2004 16:11, rruegner wrote:
> >
> >>thats right
> >
> >
> > I am not sure if I understand what is being said here. Samba should
refer
> > password changes to the PDC and it should apply the changes to the LDAP
> > directory.
> >
> > - John T.
> >
> >
> >>regards
> >>
> >>Jason C. Waters schrieb:
> >>
> >>>I don't think this is a solution.  If I understand what you were
saying,
> >>>on the BDC I should have this as the passwd backend:
> >>>
> >>>passwd backend = ldapsam:"ldaps://ldap.server2 ldaps://ldap.server1"
> >>>
> >>>server2 - the BDC and ldap slave which is read only
> >>>server1 - is the PDB and has the ldap master which users can
read/write,
> >>>so they could update their passwords.
> >>>
> >>>If I have it setup this way, the users that on the other side will
never
> >>>be able to update their passwords, at least on that leg of the VPN.  Or
> >>>maybe I just thinking about this the wrong way.
> >>>
> >>>Jason
> >>>
> >>>rruegner wrote:
> >>>
> Hi,
> if you want to stay bdc stay alive, in cases
> when vpn broke so on your bdc smb.conf
> your slave ldap should be the first entry in the passwd backend,
> so if vpn brake , the slave ldap operates with its last
> entries from the master and will give the win clients any chance
> to operate just like if the pdc is alive.
> If vpn is up again it the ldap should refresh the slave automatic.
> But note, a bdc is read only so changes can olny be made to the master
> ldap on the pdc.So no changes can be made to the domain during the
> blackout period.
> If you want a full functional bdc you also should setup user clients
> homes and profiles in your outside ( vpn ) office hosted on the bdc.
> ( a seperate dhcp server and an bind slave with longtime zone caching
> is very usefull, too )
> 
> Regards
> 
> Jason C. Waters schrieb:
> 
> >Is anyone using this?  My smb.conf file has this line in
> >server1(master)
> >
> >passwd backend = ldapsam:"ldaps://ldap.server1 ldaps://ldap.server2"
> >
> >and this is what server2(slave ldap, BDC) looks like:
> >
> >passwd backend = ldapsam:"ldaps://ldap.server1 ldap.server2"
> >
> >This is what happens.  When I take down server 1's ldap server,
> >server2 just starts using its local ldap server.  But if I take down
> >the VPN between the two, I try the same test, pdbedit -L, it works
> >but it take about 6 seconds for it to timeout on server1.  Is this
> >normal or do I need to change some DNS setting?  Thanks for your
help.
> >
> >Jason
> >
> >
> -- 
> To unsubscribe from this list go to the following URL and read the
> instructions:  http://lists.samba.org/mailman/listinfo/samba
>

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] ldap, smbldap-tools and smbpasswd

2004-08-19 Thread Raymond 
After a review of the smbldap-tools and:

add user script = /usr/local/sbin/smbldap-useradd -m "%u"
delete user script = /usr/local/sbin/smbldap-userdel "%u"
add group script = /usr/local/sbin/smbldap-groupadd -p "%g"
delete group script = /usr/local/sbin/smbldap-groupdel "%g"
add user to group script = /usr/local/sbin/smbldap-groupmod -m "%u" "%g"
delete user from group script = /usr/local/sbin/smbldap-groupmod -x "%u" "%g"
set primary group script = /usr/local/sbin/smbldap-usermod -g "%g" "%u"
add machine script = /usr/local/sbin/smbldap-useradd -w "%u"

Can these perl scripts be effectively replaced by the current incarnation of 
smbpasswd?
-- 
Raymond
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] Re: Groups not recognized

2004-08-19 Thread Michal Kurowski 
Paul Gienger [EMAIL PROTECTED] wrote:
> 
> Ok, apparently this is a solaris-vs.-LDAP issue.  I've tested with a 
> machine running Solaris 9 12/02 (that I could reboot) and with anything 
> higher than 112960-03 you can't see supplimentary groups, but with -03 
> you can do everything like you want to, although the id command never 
> shows all the groups, but I think that's a solaris-ism.
> 
> Here's the rub, I've got a Solaris 9 8/03 box that has to be upgraded, 
> but that version is post 112960-03. Does anybody know of a way around 
> this??? I'm not completely averse to ripping out sun's nss library, but 
> that's a little more work than this cat likes to do.

Certainilly problem does not appear on Solaris 9 04/03 with patch
112960-16. It is pretty weird you only have 112960-03. The patch
itself is pretty much depended on many other patches and you should
also make sure you have got them applied - at least those that apply
to you config.

What do you use as a NSS data source ? Do you have any patchlevel
control software ? (I'd recommend opensource "pca.pl"). Have you
modified your pam config ?

Cheers,

-- 
Michal Kurowski
perl -e '$_=q#: 13_2: 12/o{>: 8_4) (_4: 6/2^-2; 3;-2^\2: 5/7\_/\7: 12m m::#;
y#:#\n#;s#(\D)(\d+)#$1x$2#ge;print'

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] Inter. between Samba 2.2.x and 3.x w/ LDAP backend (and another changes)

2004-08-19 Thread Fabiano Felix 
Hi all,

I have a network that are composed at this way:

- Samba 2.2.8a PDC
- Samba 2.2.8a BDC
- Some Samba 2.2.8a as MS
- OpenLDAP 2.1 as backend (w/ Samba2 schema)

We are planning some changes, including change the domain name. For this, we planning 
to setup the new Samba 3 domain on the same environment as the Samba 2, and sharing 
the same backend using the ldapsam_compat feature. After the workstations are changed 
to the new domain, we will convert the LDAP to the Samba 3 schema.

In tests, we found some problems:

- In Samba 3, we have the "built-in" accounts, which must be mapped to unix accounts. 
When I try to map it using the "idmap ldap backend", we receive an error;
- Using the tdbbackend, we can map the "Domain Admins" group, but when I try to add a 
machine on domain, we receive "the user or password is incorrect" (the machine account 
is created). Testing with "net join", using an user of "Domain Admins" group (after 
the map), I receive "this user could not have administrative rights". Reading the 
Idealx howto, I found that, in LDAP, is created a "Domain Admins" with an user 
"Administrator" with UID 0.

Questions:

- Is it possible to use the idmap ldap backend with ldapsam_compat? Someone has an 
example?
- In Samba 3, we don't have some option as "domain admin group" (I read that this 
parameter isn't used)? I  believed that mapping the Unix Group to "Domains Admins" can 
be done it. We need to have an user with UID 0?
- I see on LDAP Account Manager (http://lam.sourceforge.net/), on live demo that the 
Domain SID are stored on LDAP backend, and not on secrets.tdb, is it correct? If yes, 
how to make it? Is possible to store more than one SID?
- In some examples, all groups uses the posixGroup and sambaGroup objectclass, this 
can be the error in my built-in account maps? In Samba 3, is it mandatory? If I do it 
with all my groups, I can view then on Windows Workstations? (without the sambaGroup, 
on Samba 2, I can use it to provide access control on filesystem, but it can't be 
listed on Windows machines)

Sirs, I need to make this change. I can't found any doc in the net about this setup. I 
believe that I can write my experience about after , and I need this help to make it. 
Please, any help will be apreciated.

With best regards,

Fabiano Felix

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] Errors on DC since adding a Samba 3.0.5 server.

2004-08-19 Thread Andrew Best 
Morning all.

Im hoping someone here has seen this before and can suggest a solution.

I added a Samba 3.0.5 box to our AD yesterday and now one of our DCs
is producing the following error in its System log:

Event Type: Error
Event Source:   Server
Event Category: None
Event ID:   2510
Date:   20/08/2004
Time:   2:24:05 AM
User:   N/A
Computer:   RKI-SYD-SQL1
Description:
The server service was unable to map error code 1355. 

The occurance of this error appears to be very random.

According to MS this means:

H:\>net helpmsg 1355

The specified domain either does not exist or could not be contacted.

The MS KB has a few references for Event ID 2510 but nothing specific
for error code 1355.
Google groups found:
http://groups.google.com/groups?q=windows+2000+event+id+2510+1355&hl=en&lr=&ie=UTF-8&selm=i5T9AVzkDHA.2616%40cpmsftngxa06.phx.gbl&rnum=2

Seems like a contender and suggests the problem is a Samba one.
Im unsure how to proceed though, ive probably not got Samba setup right.

Anyone else seen this error?

start smb.conf

[global]
# general options
workgroup = *REMOVEDTOPROTECTTHEINNOCENT*
netbios name = SERVER1
server string = Server 1

# winbindd configuration
#winbind separator = +
idmap uid = 1-2
idmap gid = 1-2
winbind enum users = yes
winbind enum groups = yes
#template homedir = /home/%D/%U
#template shell = /bin/bash

# Active directory joining
security = ads
encrypt passwords = yes
realm = *REMOVEDTOPROTECTTHEINNOCENT*
wins server = X.X.X.35

cheers
Andrew

-- 
NARF!
250 OK
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] Samba Printing

2004-08-19 Thread Douglas Sterner 
Using samba 3.05 and cups for raw printing does anyone know why I'm getting
this when I print from an xp client. All I'm trying to do is get point and
print printing working in raw cups mode. Using the print manager I can print
a successful test page but not from the client. Does anyone have any
suggestions.

Thanks

Samba version 3.0.5
PID Username  Group Machine
---
23087   root  1 chpaw-test   (192.168.10.199)
 
Service  pid machine   Connected at
---
print$   23087   chpaw-testTue Aug 17 15:09:58 2004
scans23087   chpaw-testTue Aug 17 14:42:06 2004
IPC$ 23087   chpaw-testTue Aug 17 12:39:46 2004
Locked files:
PidDenyMode   Access  R/WOplock   Name
--
23087  DENY_WRITE 0x20089 RDONLY EXCLUSIVE+BATCH 
/data/samba/drivers/W32X86/3/DKAAJ2UZ.ZIP   Tue Aug 17 15:09:58 2004
23087  DENY_WRITE 0x20089 RDONLY EXCLUSIVE+BATCH 
/data/samba/drivers/W32X86/3/DKAAJ2F0.DFM   Tue Aug 17 15:09:58 2004
23087  DENY_WRITE 0x20089 RDONLY EXCLUSIVE+BATCH 
/data/samba/drivers/W32X86/3/DKAAJ2D$.INI   Tue Aug 17 15:09:58 2004
23087  DENY_WRITE 0x20089 RDONLY EXCLUSIVE+BATCH 
/data/samba/drivers/W32X86/3/DKAAJ2TH.HLP   Tue Aug 17 15:09:58 2004
23087  DENY_WRITE 0x20089 RDONLY EXCLUSIVE+BATCH 
/data/samba/drivers/W32X86/3/DKAAJ2DA.HLP   Tue Aug 17 15:09:58 2004
23087  DENY_WRITE 0x20089 RDONLY EXCLUSIVE+BATCH 
/data/samba/drivers/W32X86/3/DKAAJ2DA.ALL   Tue Aug 17 15:09:58 2004
23087  DENY_WRITE 0x20089 RDONLY EXCLUSIVE+BATCH 
/data/samba/drivers/W32X86/3/DKAAJ2DA.CNT   Tue Aug 17 15:09:58 2004
 
[EMAIL PROTECTED] samba]#





[global]
workgroup = workgroup
log file = /var/log/samba/%U.log
max log size = 1000
socket options = TCP_NODELAY SO_RCVBUF=8192
printcap name = cups
printer admin = auser
guest ok = Yes
printing = cups
cups options = raw
print command = /usr/bin/lp -d '%p' %s; rm %s
lpq command = /usr/bin/lpstat -o '%p'
lprm command = /usr/bin/cancel '%p-%j'
lppause command = lp -i '%p-%j' -H hold
lpresume command = lp -i '%p-%j' -H resume
queuepause command = /usr/bin/disable '%p'
queueresume command = /usr/bin/enable '%p'

[printers]
comment = CHPA - Complete printer share
path = /var/spool/samba
printer admin = @ntadmin, root, auser
printable = Yes
browseable = No

[print$]
comment = Printer Driver Download Area
path = /data/samba/drivers
write list = @ntadmin, root, auser

[CH-5300N]
comment = CH Dispatch Dell 5300N Laser Jet
path = /var/spool/samba/dell5300n
printer admin = @ntadmin, root
hosts allow = 192.168.10.
guest ok = Yes
printable = Yes
printer name = CH Dispatch Dell 5300N Laser Jet

[CH-1600N-1]
comment = CH Maintenance Dell 1600N Laser Jet
path = var/spool/samba/dell1600N-1
printer admin = @ntadmin, root
hosts allow = 192.168.10.
printable = Yes
printer name = CH Maintenance Dell 1600N Laser Jet

[CH-1600N-2]
comment = CH MIS Dell 1600N Laser Jet
path = var/spool/samba/dell1600N-2
printer admin = @ntadmin, root
hosts allow = 192.168.10.
printable = Yes
printer name = CH MIS Dell 1600N Laser Jet



Douglas Sterner  


-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] Making users happy

2004-08-19 Thread Douglas Sterner 
Using samba 3.05 and Openldap I have been following the Samba How To Chapter
6 Making users happy and everything works up to this point

root#  pdbedit -Lv chrisr

I get a message along the lines of the user is not in the pass backend. Any
suggestions would be appreciated.

Thanks

Douglas Sterner

 


-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Installation problems on Fedora Core 2

2004-08-19 Thread David Levner 
Thanks to Paul Gienger, I've made some progress
diagnosing my samba problems. Paul suggested that I
needed to install the samba-client package to fully
test my setup. I have now done that.

I am trying to share files between a Linux system
running Fedora Core 2 (named Wintergreen) and a
Windows 2000 Professional system (named
Internet-2000). I am not yet able to share files,
although the W2K machine can see the Linux box. The
key error message I am getting on the W2K machine is
"The Server service is not started."

I have gone through the Samba Checklist to try to
figure out what is wrong. Here are the results I've
gotten from the checklist (it's long). I've also
attached my smb.conf file to this e-mail.

1. The output of testparm looks healthy:

Load smb config files from /etc/samba/smb.conf
Processing section "[homes]"
Processing section "[printers]"
Processing section "[tmp]"
Loaded services file OK.
Server role: ROLE_STANDALONE
Press enter to see a dump of your service definitions

# Global parameters
[global]
server string = Samba Test Server
interfaces = eth0, lo
log file = /var/log/samba/%m.log
max log size = 50
socket options = TCP_NODELAY SO_RCVBUF=8192
SO_SNDBUF=8192
printcap name = /etc/printcap
dns proxy = No
idmap uid = 16777216-33554431
idmap gid = 16777216-33554431

[homes]
comment = Home Directories
read only = No
browseable = No

[printers]
comment = All Printers
path = /var/spool/samba
printable = Yes
browseable = No

[tmp]
comment = Temporary file space
path = /tmp
read only = No
guest ok = Yes

2. I can ping each machine from the other using IP
addresses. I can ping the W2K machine from the Linux
machine by the machine name (because I put the W2K
machine name and IP address into /etc/hosts).

3. When I run the command "smbclient -L Wintergreen"
on the Linux box, I am asked for a password. I type in
the root password and get the error message "session
setup failed: NT_STATUS_LOGON_FAILURE". When I enter
no password at all (this was not obvious), the command
succeeds and I get the following output:

Anonymouse login successful
Domain=[WORKGROUP] OS=[Unix] Server=[Samba 3.0.3-5]

Sharename   Type  Comment
-     ---
tmp Disk  Temporary file space
IPC$IPC   IPC Service (Samba
Test Server)
ADMIN$  IPC   IPC Service (Samba
Test Server)
Anonymouse login successful
Domain=[WORKGROUP] OS=[Unix] Server=[Samba 3.0.3-5]

Server   Comment
----
WINTERGREEN  Samba Test Server

WorkgroupMaster
----
WORKGROUPWINTERGREEN

4. When I type the command "nmblookup -B Wintergreen
__SAMBA__", I do indeed get the IP address of the
server.

5. When I type the command "nmblookup -B Internet-2000
'*'", I do indeed get the IP address of the W2K
machine.

6. When I type the command "nmblookup -d 2 '*'", I get
the following output:

added interface ip=192.168.0.4 bcast=192.168.0.255
nmask=255.255.255.0
added interface ip=127.0.0.1 bcast=127.255.255.255
nmask=255.0.0.0
querying * on 192.168.0.255
querying * on 127.255.255.255
Got a positive name query response from 127.0.0.1 (
192.168.0.4 )
192.168.0.4 *<00>

The fact that I only got one positive response bothers
me. I should probably have gotten a response from the
W2K machine (192.168.0.7).

7. When I type the command "smbclient
//Wintergreen/tmp", I am prompted for a password. When
I enter the password, I get the error message "session
setup failed: NT_STATUS_LOGON_FAILURE". However, when
I don't enter a password (I just press Enter), the
anonymous login succeeds and I get a "smb :\>" prompt.

The dir and get commands work. When I try the put
command, I get the error message
"NT_STATUS_ACCESS_DENIED opening remote file
\test.txt".

8. On the W2K machine, I typed "net view
\\Wintergreen" in a DOS window, and I got the
following error message: "The Server service is not
started."

9. On the W2K machine, I typed "net use x:
\\Wintergreen", and I got the following two error
messages: "System error 67 has occurred." and "The
network name cannot be found."

10. The command "nmblookup -M WORKGROUP" succeeded on
the Linux machine.

11. When I used Internet explorer to try to look at
the Linux machine, I got the following error messages:
"\\Wintergreen is not accessible" and "The Server
service is not started."

Thanks for any help you can provide.

David Levner

--- Paul Gienger <[EMAIL PROTECTED]> wrote:

> David Levner wrote:
> 
> >the name of the Linux machine. I have started nmbd
> and
> >smbd on the Linux machine with "nmbd -D" and "smbd
> >-D".)
> >  
> >
> Perhaps try using the startup script, you may get
> some insight from that 
> and it's the 'approved' way

[Samba] File deletion logging

2004-08-19 Thread José Pinteiro da Costa Bisneto 
Hi,
I small network at my job, and it has a samba server. This server has 
many shares (one for the home of each user, one for each group of users 
and one "public" share, that anyone can write to, open any file ou even 
delete then). Lately, I'm experiencing some problems with malicious 
users who are deleting all files in the public share, and I'd like to 
know if there is any setting in samba that can log who deleted any file, 
and when. I've RTFM, and tried using a higher level of logging, tried 
the audit and extd_audit modules, to no avail. Does any of you have a 
tip on how could I accomplish this?

Thanks in advance,
José Pinteiro
--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Re: [Samba] can't write superblock

2004-08-19 Thread nina 
Thanks a lot.
Tom Skeren wrote:
Let's see, you first do this on server2
1. mkdir /Shared
2. mount_smbfs //server1/Shared /Shared
3. On server2 you rm -R /Shared.
If so this is a bad thing.  You have two choices here.  ssh to server 
1 and do that function on server1.  Or cd /Shared and rm the stuff in 
there.  You can't delete the mount point and then recreate the mount 
point, then remount the shared drive.

--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Groups not recognized

2004-08-19 Thread Paul Gienger 

I've got an issue with a fresh (and I mean really fresh) 3.0.5 + ldap 
server where doesn't seem to recognize unix group membership.  The 
server was 2.2.8a last night and things were working.  The unix side 
works flawlessly, in other words if I log in as myself I can get where 
I need to, but under samba I get nothing.  Here's some supporting info:
Ok, apparently this is a solaris-vs.-LDAP issue.  I've tested with a 
machine running Solaris 9 12/02 (that I could reboot) and with anything 
higher than 112960-03 you can't see supplimentary groups, but with -03 
you can do everything like you want to, although the id command never 
shows all the groups, but I think that's a solaris-ism.

Here's the rub, I've got a Solaris 9 8/03 box that has to be upgraded, 
but that version is post 112960-03. Does anybody know of a way around 
this??? I'm not completely averse to ripping out sun's nss library, but 
that's a little more work than this cat likes to do.

my group membership information:
[fgoserv:bin]# groups pgienger
itserv applied itadmin office projects
permissions on the directory:
[fgoserv:itserv]# ls -alF
total 8
drwxrws---   4 speterso itserv   512 Mar  3 09:03 ./
drwxr-xr-x   8 root root 512 Jun 25 08:10 ../
drwxrws---   5 speterso projects 512 Jun 22 09:34 projects/
drwxrwsr-t   7 root itserv   512 Aug  3 16:47 shared/
So from that I can access projects and subdirectories with uid 
pgienger on unix.  On samba 3, not so much.  This did work under 
2.2.8a last night.  My question then is 'is there anything else I 
should need to do to get the groups to recognize?'  This is one 
example, there are many more people/groups/directories that show this 
behavior as well.

I'm pretty sure I've seen this posting before on the list but I 
couldn't find any resolutions... so if somebody solved it - shame on 
you for not sharing :-P

Thanks
--
Paul Gienger Office: 701-281-1884
Applied Engineering Inc. 
Information Systems Consultant   Fax:701-281-1322
URL: www.ae-solutions.commailto: [EMAIL PROTECTED]

--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Re: [Samba] can't write superblock

2004-08-19 Thread Tom Skeren 
Let's see, you first do this on server2
1. mkdir /Shared
2. mount_smbfs //server1/Shared /Shared
3. On server2 you rm -R /Shared.
If so this is a bad thing.  You have two choices here.  ssh to server 1 
and do that function on server1.  Or cd /Shared and rm the stuff in 
there.  You can't delete the mount point and then recreate the mount 
point, then remount the shared drive. 

nina wrote:
/shared is actually the copy of  one of mine folder which is updated 
everyday. That's why I need to remove /Shared and recreate it.

rm -Rf  /Shared
cp -R /myDir /Shared
Tom Skeren wrote:
nina wrote:
Hi I have 2 servers. server 1(Fedora Core 2) shares /Shared with 
rwxrwx, server2(Redhat linux 9) mount to /Shared from server 1. When 
I did smbmount from server2, Shared is successfully mounted. I then 
remove /Shared 

Huh?  What do you mean remove /Shared?
and recreate /Shared from server 1, 

Again sorry, Huh?  Please explain precisely.
I started having problem from server 2. when I do mount, it still 
show Shared is mounted, but when I do ls -l / , it displays /Shared 
Input/Output error.
I can't unmount /Shared after that. When I try to umount,  it 
dislays can't write superblock. Can anybody tell me what's happening 
here? How can I fix it? If nothing I can do, reboot the system will 
umount  /Shared?





--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] smbmount hung after mounted

2004-08-19 Thread nina 
From my redhat9, I tried to mount the network disk from the FC2 system 
, after mounting, most of the time it just stay there until I press 
Ctrl_z, or Ctrl_c, however, the disk is mounted successfully ( somtimes, 
it got through and give me the prompt without pressing Ctrl_c.)
*#smbmount //server/folder1 /Shared -o 
credentials=/root/smb_shared,uid=general,gid=group,fmask=660, dmask=770

/INFO: Debug class all level = 2 (pid 5476 from pid 5476) added 
interface ip=66.80.30.160 bcast=66.80.30.191 nmask=255.255.255.224/
*
then wait for ctrl_c. Did I miss anything here?

--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] Message not delivered RE: Re: Here

2004-08-19 Thread sj 
Ihre Nachricht
Your message

From: [EMAIL PROTECTED]
To:
[EMAIL PROTECTED]

Date: Thu, 19 Aug 2004 22:47:31 +0200
Subject:
Re: Here

wurde nicht zugestellt, ein Virus oder Wurm wurde entdeckt.
was not delivered, a virus or worm was detected.

Bitte antworten sie nicht an [EMAIL PROTECTED]
Please do not answer to [EMAIL PROTECTED]

Viren benutzen  oft die Adressbuecher eines befallenen Szstems als Senderadresse. 
Insofern kann es sein, dass die Nachricht nicht von Ihrem System versendet wurde.Wurde 
ihre Mail-Adresse missbraucht, koennen Sie diese Nachricht loeschen.

Virus often uses adressbooks of infected systems as sender-adress. So it is possible, 
that the message came not from your system. Was your address misused, you can delete 
this message.

This message was generated by Mailsweeper.
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Re: [Samba] userRID

2004-08-19 Thread Gerald (Jerry) Carter 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Jeff Saxton wrote:
| In the context of Samba, what is a RID?
"Relative IDentifier" -- last 32 bits in the user/group
SID (security IDentifier).

cheers, jerry
- -
Alleviating the pain of Windows(tm)  --- http://www.samba.org
GnuPG Key- http://www.plainjoe.org/gpg_public.asc
"If we're adding to the noise, turn off this song"--Switchfoot (2003)
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.2.4 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFBJQf4IR7qMdg1EfYRArYsAJ46u941itl2bq7EAwtB/JA+xAzx6gCgpBxf
pri+JZjQO6o6g9NJID/tQSo=
=peVe
-END PGP SIGNATURE-
--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] Samba and Active Directory

2004-08-19 Thread jzorzi 
I have setup my linux machine (Fedora Core2) to kinit to my windows 2003
server.
It has added itself to the active directory with no errors
I can use smbclient //server/c$ -k and view all the files on the server.
I installed and configured winbind.  I can do a wbinfo -u and wbinfo -g and
return the list of users and groups from the active directory.
I have done a getent passwd and getgroups and winbind has assigned the
active directory users and groups the proper unix uid's and gid's.
I can even assign ownership to files but I must use DOMAINPREFIX\\username
in order to do so. IS THIS THE CORRECT WAY TO DO THAT?

I can add the user to the smbpasswd file using "smbpasswd -a
DOMAINPREFIX\\username" and it gets added.
This tells me that unix knows the user exits.
Whether I add the username to the smbpasswd file or not I still cannot
access any of the samba shares.  It continuously prompts me for a username
and password when I access it from a windows machine.

I guessing that the password isn't getting pulled from the active directory
for the user accounts.  But I'm not sure.
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

RE: [Samba] SUMMARY: Samba3 PDC with ldap backend in ldaps

2004-08-19 Thread Bousquet Francois 
Yes, I know and I have 2 ldap.conf on my server :
/usr/local/etc/openldap/ldap.conf
and
/etc/ldap.conf

The first is for openldap lib and the second for pam_ldap & nss_ldap

I didn't want to put pam_ldap & nss_ldap parameters in the openldap
ldap.conf because I was worrying my slapd would not accept them correctly.

It is working well like this, maybe I could try to mixed both files but that
would me recompile openldap lib ou slapd for me...  so I am not very
interested.

thanx for the cue.

-Original Message-
From: Jeff Saxton [mailto:[EMAIL PROTECTED]
Sent: August 19, 2004 3:32 PM
To: [EMAIL PROTECTED]
Cc: 'Bousquet Francois'
Subject: RE: [Samba] SUMMARY: Samba3 PDC with ldap backend in ldaps


Watch out, nss_ldap wants it in a different file, usually /etc/ldap.conf

Jeff Saxton
Sr. Support Engineer
Addamark Technologies, Inc.
http://www.addamark.com
mailto:[EMAIL PROTECTED]
CELL: +1 415-640-6392


-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On
Behalf Of Bousquet Francois
Sent: Thursday, August 19, 2004 12:12 PM
To: '[EMAIL PROTECTED]'
Subject: [Samba] SUMMARY: Samba3 PDC with ldap backend in ldaps


The ca certificate path must be entered in the ldap.conf of the openldap
lib used by Samba.

For me that was /usr/local/etc/openldap/ldap.conf

Thanks everyone

-Original Message-
From: Bousquet Francois 
Sent: August 18, 2004 1:39 PM
To: '[EMAIL PROTECTED]'
Subject: Samba3 PDC with ldap backend in ldaps


I have a Samba 3.0.4 installed on Solaris  7 as a PDC connecting to an
ldap backend with ldaps (secure ldap).

I need to specify the CA Certificate to Samba so it can accept the
server certificate.

What is the line to add to smb.conf ?  I made some search and it doesn`t
seems to have one.

anyone have a idea ?



-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] No .JPG as background when using roaming profiles

2004-08-19 Thread Thorsten Reichelt 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Hello !

I have installed Samba3.0.5 on Debian/testing and I think I have
encountered a problem with WinXP (SP1 and SP2), the desktop
wallpapers and Samba.

If I use a JPEG image as background image for the desktop
it will not be loaded at the next logon. I have to right
click on desktop, select "properties" and then simply
click OK to let Windows load the wallpaper.

If I use BMP images instead of JPG, GIF, PNG the
wallpaper will be loaded without any problems.

This happens only with roaming profiles stored on
the samba server. Locale profiles and profiles stored
on a W2k server are not hit by this problem.

I can post my smb.conf on request.

Thank you for your help.

   Thorsten Reichelt

-BEGIN PGP SIGNATURE-
Version: PGP SDK 3.0.3
Comment: ""

iQA/AwUBQST+rm1rSljn4qeLEQJmAgCgg6kvV0e17MpRKEOe6q3Gui7B+KEAoM8B
kVsEYmXItGJE2eXAbK8Duj3p
=sesx
-END PGP SIGNATURE-

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

RE: [Samba] SUMMARY: Samba3 PDC with ldap backend in ldaps

2004-08-19 Thread Jeff Saxton 
Watch out, nss_ldap wants it in a different file, usually /etc/ldap.conf

Jeff Saxton
Sr. Support Engineer
Addamark Technologies, Inc.
http://www.addamark.com
mailto:[EMAIL PROTECTED]
CELL: +1 415-640-6392


-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On
Behalf Of Bousquet Francois
Sent: Thursday, August 19, 2004 12:12 PM
To: '[EMAIL PROTECTED]'
Subject: [Samba] SUMMARY: Samba3 PDC with ldap backend in ldaps


The ca certificate path must be entered in the ldap.conf of the openldap
lib used by Samba.

For me that was /usr/local/etc/openldap/ldap.conf

Thanks everyone

-Original Message-
From: Bousquet Francois 
Sent: August 18, 2004 1:39 PM
To: '[EMAIL PROTECTED]'
Subject: Samba3 PDC with ldap backend in ldaps


I have a Samba 3.0.4 installed on Solaris  7 as a PDC connecting to an
ldap backend with ldaps (secure ldap).

I need to specify the CA Certificate to Samba so it can accept the
server certificate.

What is the line to add to smb.conf ?  I made some search and it doesn`t
seems to have one.

anyone have a idea ?



-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] SUMMARY: Samba3 PDC with ldap backend in ldaps

2004-08-19 Thread Bousquet Francois 
The ca certificate path must be entered in the ldap.conf of the openldap lib
used by Samba.

For me that was /usr/local/etc/openldap/ldap.conf

Thanks everyone

-Original Message-
From: Bousquet Francois 
Sent: August 18, 2004 1:39 PM
To: '[EMAIL PROTECTED]'
Subject: Samba3 PDC with ldap backend in ldaps


I have a Samba 3.0.4 installed on Solaris  7 as a PDC connecting to an ldap
backend with ldaps (secure ldap).

I need to specify the CA Certificate to Samba so it can accept the server
certificate.

What is the line to add to smb.conf ?  I made some search and it doesn`t
seems to have one.

anyone have a idea ?



-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Re: [Samba] can't write superblock

2004-08-19 Thread nina 
/shared is actually the copy of  one of mine folder which is updated 
everyday. That's why I need to remove /Shared and recreate it.

rm -Rf  /Shared
cp -R /myDir /Shared
Tom Skeren wrote:
nina wrote:
Hi I have 2 servers. server 1(Fedora Core 2) shares /Shared with 
rwxrwx, server2(Redhat linux 9) mount to /Shared from server 1. When 
I did smbmount from server2, Shared is successfully mounted. I then 
remove /Shared 

Huh?  What do you mean remove /Shared?
and recreate /Shared from server 1, 

Again sorry, Huh?  Please explain precisely.
I started having problem from server 2. when I do mount, it still 
show Shared is mounted, but when I do ls -l / , it displays /Shared 
Input/Output error.
I can't unmount /Shared after that. When I try to umount,  it dislays 
can't write superblock. Can anybody tell me what's happening here? 
How can I fix it? If nothing I can do, reboot the system will umount  
/Shared?




--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] userRID

2004-08-19 Thread Jeff Saxton 
In the context of Samba, what is a RID?
 
 
 
Jeff Saxton
Sr. Support Engineer
Addamark Technologies, Inc.
http://www.addamark.com  
mailto:[EMAIL PROTECTED]
CELL: +1 415-640-6392
 
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Re: [Samba] can't write superblock

2004-08-19 Thread Tom Skeren 
nina wrote:
Hi I have 2 servers. server 1(Fedora Core 2) shares /Shared with 
rwxrwx, server2(Redhat linux 9) mount to /Shared from server 1. When I 
did smbmount from server2, Shared is successfully mounted. I then 
remove /Shared 
Huh?  What do you mean remove /Shared?
and recreate /Shared from server 1, 
Again sorry, Huh?  Please explain precisely. 

I started having problem from server 2. when I do mount, it still show 
Shared is mounted, but when I do ls -l / , it displays /Shared 
Input/Output error.
I can't unmount /Shared after that. When I try to umount,  it dislays 
can't write superblock. Can anybody tell me what's happening here? How 
can I fix it? If nothing I can do, reboot the system will umount  
/Shared?


--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] 1 wk2 server with 2 names; is it possible?

2004-08-19 Thread andrea ferraris 
Hi,
I tried to post in the windows newsgroup, but I didn't get replies 
because maybe there the users are not very conscious of what they
are doing. ;-)

I can't choose to go with samba (as I'd like best), because on the w2k 
server of the subject there are some windows application that
doesn't work on linux or samba.

Sorry if it's a FAQ, and if it is let me know where can I find the 
A(nswer) and read the FM (Fine Manual).

I have 2 W2K server with 2 different names with about 80 clients
(mostly XP, but also some W98) that uses different shares and programs 
on both (using also the server's names, not only IPs).
They are oversized (average CPU load in working hours at about 10-15%) 
and the tasks that they perform are important but not mission critical 
h24x365. They work in a municipality, it is there are no much money and 
they are both W2000 server (no advanced server and there are no 
Microsoft cluster software). Every night they are backupped on DAT and 
there are a crossed backup copy of data from one to the other and 
viceversa. If for some reason one of them die I'd like to switch to the 
other without changing the settings of all the clients. To do so, I have 
to add the IP address of died machine to the surviving, but I should 
also add the name of the died one to the surviving one.

Are there some way to do such thing (it is a W2000 server with 2 names), 
and if yes, which one?

Thx to replying people, regards to all,
Andrea Ferraris
--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] can't write superblock

2004-08-19 Thread nina 
Hi I have 2 servers. server 1(Fedora Core 2) shares /Shared with rwxrwx, 
server2(Redhat linux 9) mount to /Shared from server 1. When I did 
smbmount from server2, Shared is successfully mounted. I then remove 
/Shared and recreate /Shared from server 1, I started having problem 
from server 2. when I do mount, it still show Shared is mounted, but 
when I do ls -l / , it displays /Shared Input/Output error.
I can't unmount /Shared after that. When I try to umount,  it dislays 
can't write superblock. Can anybody tell me what's happening here? How 
can I fix it? If nothing I can do, reboot the system will umount  /Shared?

--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Authenticating with ldap backend

2004-08-19 Thread Tom Skeren 
Make sure you have the proper schema's loaded in ../etc/openldap/schema 
on the ldap server and that slapd.conf calls them in the right order.  
Also smb.conf needs this line

ldap ssl = start tls. 

This will invoke the tls session which make ldap requests to port 389.
Hastas
TMS III
Paul Gienger wrote:
Try adding
/ldap ssl = off
to your smb.conf//
/
Brendon Standing wrote:
Hi,
Using samba 3.0.2, I am trying to set up my samba config to 
authenticate against my ldap server.  However I am getting the errors:
Failed to issue the StartTLS instruction: Can't contact LDAP server
I believe that samba is trying to bind to port 636. This is a problem 
as my ldap server using port 389. Although the option exists in my 
config to change the ldap port : "ldap port = 389", when I start 
samba with this option I get an error "unkown option".

PLease help ...


--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] winbind, active directory and solaris 8

2004-08-19 Thread egold 




Hi All,
I have a sparc solaris 8 server running samba 2.2.11 (which i complied with
winbind).
The server has been running for years and has about 20 local users setup
using local files for openssh and rexec logins,  and samba shares.
They each use samba to map to their home directory and a common shared
folder.
They also use rexec and openssh to login on the command line.

4 users are in a special group called "sap" and only those 4 have write
access to the shared folder, the rest are in a group called "dataentry" and
only have read access to the shared folder.

I now have a requirement to have the unix server get its passwords for
these users from our win2000 active directory server.
I used this guide to try and set this up:

http://us3.samba.org/samba/ftp/docs/textdocs/Solaris-Winbind-HOWTO.txt


I am now able to map to the samba share using winbind, but i have some
problems:


1) When the users login using ssh or rexec, they get the local UID, but
when they map with samba they get the UID from samba and active directory.
These do not match and im having permission problems. Also when they login
local, they get their group "sap" or "dataentry" but when they use
winbind/AD to map they are in a group called "domain users", so the
permissions are wrong here also. Is there a way to have them keep their
UID's and GID's that im now using from local files when i switch to winbind
and AD? The users have different groups for unix local files and AD.
If not I have to change the perms on thousands of files.

2) I only want these 20 users to be able to map to the samba share, but it
seems that anyone in the windows active directory can now map to this
share. How do i only allow the 20 users to map?

3) I am trying to setup logins with rexec and openssh to use winbind and
active directory, but its not working for me. I think my pam.conf is setup
wrong. How can i fix this? Do i need to delete their entries from the local
passwd, shadow and group files when i switch to AD?

Thank you in advance gurus!

Here is my pam.conf and my smb.conf:





[EMAIL PROTECTED]:/export# cat /etc/pam.conf
#
# ident "@(#)pam.conf   1.1903/01/10 SMI"
#
# Copyright 1996-2002 Sun Microsystems, Inc.  All rights reserved.
# Use is subject to license terms.
#
# PAM configuration
#
# Unless explicitly defined, all services use the modules
# defined in the "other" section.
#
# Modules are defined with relative pathnames, i.e., they are
# relative to /usr/lib/security/$ISA. Absolute path names, as
# present in this file in previous releases are still acceptable.
#
# Authentication management
#
# login service (explicit because of pam_dial_auth)
#
login   auth required   /usr/lib/security/pam_winbind.so
login   auth requisite  pam_authtok_get.so.1
login   auth required   pam_dhkeys.so.1
login   auth required   pam_unix_auth.so.1
login   auth required   pam_dial_auth.so.1
#
# rlogin service (explicit because of pam_rhost_auth)
#
rlogin  auth sufficient /usr/lib/security/pam_winbind.so
rlogin  auth sufficient pam_rhosts_auth.so.1
rlogin  auth requisite  pam_authtok_get.so.1
rlogin  auth required   pam_dhkeys.so.1
rlogin  auth required   pam_unix_auth.so.1
#
# rsh service (explicit because of pam_rhost_auth,
# and pam_unix_auth for meaningful pam_setcred)
#
rsh auth sufficient pam_rhosts_auth.so.1
rsh auth required   pam_unix_auth.so.1
#
# PPP service (explicit because of pam_dial_auth)
#
ppp auth requisite  pam_authtok_get.so.1
ppp auth required   pam_dhkeys.so.1
ppp auth required   pam_unix_auth.so.1
ppp auth required   pam_dial_auth.so.1
#
# Default definitions for Authentication management
# Used when service name is not explicitly mentioned for authenctication
#
other   account sufficient  /usr/lib/security/pam_winbind.so
other   auth requisite  pam_authtok_get.so.1
other   auth required   pam_dhkeys.so.1
other   auth required   pam_unix_auth.so.1
#
# passwd command (explicit because of a different authentication module)
#
passwd  auth required   pam_passwd_auth.so.1
#
# cron service (explicit because of non-usage of pam_roles.so.1)
#
cronaccount requiredpam_projects.so.1
cronaccount requiredpam_unix_account.so.1
#
# Default definition for Account management
# Used when service name is not explicitly mentioned for account management
#
other   account requisite   pam_roles.so.1
other   account requiredpam_projects.so.1
other   account requiredpam_unix_account.so.1
#
# Default definition for Session management
# Used when service name is not explicitly mentioned for session management
#
other   session requiredpam_unix_session.so.1
#
# Default definition for  Password management
# Used when service name is not explicitly mentioned for password
management
#
other   password required   pam_dhkeys.so.1
other   password

Re: [Samba] Authenticating with ldap backend

2004-08-19 Thread Paul Gienger 
Try adding
/ldap ssl = off
to your smb.conf//
/
Brendon Standing wrote:
Hi,
Using samba 3.0.2, I am trying to set up my samba config to 
authenticate against my ldap server.  However I am getting the errors:
Failed to issue the StartTLS instruction: Can't contact LDAP server
I believe that samba is trying to bind to port 636. This is a problem 
as my ldap server using port 389. Although the option exists in my 
config to change the ldap port : "ldap port = 389", when I start samba 
with this option I get an error "unkown option".

PLease help ...
--
Paul Gienger Office: 701-281-1884
Applied Engineering Inc. 
Information Systems Consultant   Fax:701-281-1322
URL: www.ae-solutions.commailto: [EMAIL PROTECTED]

--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Re: [Samba] How can I limit samba users to just one login session ?

2004-08-19 Thread Gerald (Jerry) Carter 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Donald D Gunn wrote:
| How can I limit samba users to just one login session?
|
| I have some people logging in as the same user several times ..
| .( don't ask...it's a partner company that has limited access)
| I have no control over the users other than limiting their
| login to just once per user.
Volker just posted a possible patch to the samba-technical
list.   Probably will be incorporated into 3.0.7.

cheers, jerry
- -
Alleviating the pain of Windows(tm)  --- http://www.samba.org
GnuPG Key- http://www.plainjoe.org/gpg_public.asc
"If we're adding to the noise, turn off this song"--Switchfoot (2003)
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.2.4 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFBJOOdIR7qMdg1EfYRApaPAKCvtQmD59ebSybiLacdCSM42fWH7gCgxQZU
CDUhXtb2k07iY2eJWmuZpR0=
=Rpd4
-END PGP SIGNATURE-
--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] How can I limit samba users to just one login session ?

2004-08-19 Thread Donald D Gunn 
How can I limit samba users to just one login session?

I have some people logging in as the same user several times ..
.( don't ask...it's a partner company that has limited access)
I have no control over the users other than limiting their login to just once per user.

--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] Can't log in after joining domain

2004-08-19 Thread Jeff Brooks-Manas 
Hello,
 
I've successfully joined my workstation (Win 2K Pro) to my Samba domain
(3.0.5 on a Fedora Core 2 box), but I can't log on after that. The error
message is "The system cannot log you on to this domain because the
system's computer account in its primary domain is missing, or the
password on that account is incorrect."
 
I've checked the different files associated with this (smb.conf,
smbpasswd, /etc/passwd, /etc/shadow, etc.) The machine account appears
in each one. I don't have any LDAP running. 
 
Any help would be appreciated.
 
Thanks!

Jeff

Jeff Brooks-Manas - Sr. IT Coordinator
Raines, Melton & Carella, Inc.
2001 N. Main St., Suite 400
Walnut Creek, CA 94596

(925) 627-4136 (direct)
(925) 299-6733 (office)
(925) 299-6736 (fax)

[EMAIL PROTECTED]
http://www.rmcengr.com



Innovative Solutions for Water and the Environment.

--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

FW: [Samba] LDAP Idmap

2004-08-19 Thread Hoferer, Patrick K. (Space Systems) 
In addition to the instructions below, you must have complied the NSS_LDAP from 
www.padl.com on your SAMBA PDC. I have written a how-to with instructions to compile 
NSS_LDAP and an example smb.conf attached to this email. I got  the detailed 
directions from the "SAMBA 3 by example" at 
http://us1.samba.org/samba/docs/man/Samba-Guide/

Good luck, 
Pat


-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Behalf
Of Manfred Odenstein
Sent: Monday, August 09, 2004 2:59 AM
To: [EMAIL PROTECTED]
Subject: Re: [Samba] LDAP Idmap


Hi,
at least you have to specify:

idmap backend = ldap:ldap://
idmap uid = 1-2
idmap gid = 1-2

ldap idmap suffix = 
ldap admin dn = 
ldap suffix = 

you don't have to change the nsswitch if winbind is already in there

regards
odi


Am Freitag, 6. August 2004 13:51 schrieb Shannon Johnson:
> Thanks for the quick response... but I've already been there.
>
> As I said, I'm NOT looking for an LDAP PDC... I'm ONLY looking for LDAP
> idmap. There is no documentation on idealx.org for an LDAP idmap that
> does NOT include the PDC... nor is there much documentation anywhere
> else about it.
>
>
> 
>
> Shannon Johnson
> Network Support Specialist / Systems Administrator
> Dept. of Mechanical and Nuclear Engineering
> 224 Reber Building
> University Park, PA 16802
> Phone: (814) 865-8267
> 
>
> > -Original Message-
> > From: [EMAIL PROTECTED]
> > [mailto:[EMAIL PROTECTED]
> > Sent: Friday, August 06, 2004 3:59 AM
> > To: Shannon Johnson; [EMAIL PROTECTED]
> > Subject: Re: [Samba] LDAP Idmap
> >
> > "Shannon Johnson" <[EMAIL PROTECTED]>
> > Sent by:
> > [EMAIL PROTECTED]
> > 05.08.2004 22:59
> >
> >
> > To: <[EMAIL PROTECTED]>
> > cc:
> > Subject:[Samba] LDAP Idmap
> >
> > Hi shannon,
> >
> > a good start you'll find at www.idealx.org. There is a very good docu
>
> on
>
> > how to setup samba3-LDAP.
> > If you then running into problems.
> > ask the list.
> >
> > Chris
> >
> >
> >
> > I'm having quite a bit of trouble getting an LDAP directory set up for
> > the idmap backend for winbind. I've been working on it for quite a
> > while, and haven't found any very helpful websites or anything. I've
> > found quite a bit on how to set up a PDC using LDAP, which would be
> > nice, but I already have the PDC... I just need LDAP to host UID's and
> > GID's. The things I'd like to know are:
> >
> > 1.   What should the rootdn, suffix, and indexes be in the
> > slapd.conf? I think that the rootdn needs to match what I put in the
> > smb.conf for the "ldap admin dn", and I'm fairly sure the suffix needs
> > to match the "ldap suffix" from the smb.conf... I don't have any idea
> > about the indexes.
> > 2.   What needs to be in the ldif file to create the
>
> directory
>
> > properly? I've tried several that I've found online, both from the
>
> Samba
>
> > 3 By Example book, and lots of forum / mailing list posts. I'm not
>
> sure
>
> > if what I've tried has been correct, but it hasn't worked yet, and
>
> this
>
> > is one part I'm not sure about.
> > 3.   I think that once I get the first 2 things worked
>
> out, I
>
> > just
> > set about 6 things in my smb.conf (ldap suffix, ldap admin dn, idmap
> > backend (which should point to ldap:ldap://127.0.0.1, if the server is
> > running on the same machine, right?), ldap idmap suffix, idmap uid,
>
> and
>
> > idmap gid), enter my password from the "smbpasswd -w" command, and
>
> once
>
> > I restart winbind, it should automatically start filling up the
> > directory, right?
> > 4.   Once I get the server going and filled up with UID's
>
> and
>
> > GID's,
> > for the clients, am I correct in saying that I alter the smb.conf to
> > include the ldap suffix, ldap admin dn, idmap backend, ldap idmap
> > suffix, idmap uid, and idmap gid, then again enter my password via
> > smbpasswd -w, change /etc/nsswitch.conf to be "passwd files ldap"
> > instead of "passwd files winbind", and it should work?
> >
> > This isn't documented very well anywhere, so I'd appreciate any hints
>
> or
>
> > suggestions anybody might have...
> >
> > Shannon
> >
> >
> >
> > --
> > To unsubscribe from this list go to the following URL and read the
> > instructions:  http://lists.samba.org/mailman/listinfo/samba
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] Groups not recognized

2004-08-19 Thread Paul Gienger 
I've got an issue with a fresh (and I mean really fresh) 3.0.5 + ldap 
server where doesn't seem to recognize unix group membership.  The 
server was 2.2.8a last night and things were working.  The unix side 
works flawlessly, in other words if I log in as myself I can get where I 
need to, but under samba I get nothing.  Here's some supporting info:

my group membership information:
[fgoserv:bin]# groups pgienger
itserv applied itadmin office projects
permissions on the directory:
[fgoserv:itserv]# ls -alF
total 8
drwxrws---   4 speterso itserv   512 Mar  3 09:03 ./
drwxr-xr-x   8 root root 512 Jun 25 08:10 ../
drwxrws---   5 speterso projects 512 Jun 22 09:34 projects/
drwxrwsr-t   7 root itserv   512 Aug  3 16:47 shared/
So from that I can access projects and subdirectories with uid pgienger 
on unix.  On samba 3, not so much.  This did work under 2.2.8a last 
night.  My question then is 'is there anything else I should need to do 
to get the groups to recognize?'  This is one example, there are many 
more people/groups/directories that show this behavior as well.

I'm pretty sure I've seen this posting before on the list but I couldn't 
find any resolutions... so if somebody solved it - shame on you for not 
sharing :-P

Thanks
--
Paul Gienger Office: 701-281-1884
Applied Engineering Inc. 
Information Systems Consultant   Fax:701-281-1322
URL: www.ae-solutions.commailto: [EMAIL PROTECTED]

--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] TR : Connection Issue - Samba 3.0.2a Solaris 6 - NT4 SP 6

2004-08-19 Thread Boismartel, Jerome 
Hi all,

First, here is a small description of our environnement :
We have a PDC running a domain. let's call this server pdc01. All of our
users are defined in the domain.
We have a Unix server hosting a database. Let's call this server unix01. All
users can access this server and use the database. They are allowed of
generating report which are stored in their home directory on unix01. 
Unix01, and pdc01 are on different network with a firewall between them.

I would like to configure samba to act as a Domain member, and have users
accessing their home directory on unix01 through a share. We also have
unix02 and unix03 working the same way. SAMBA is working well on unix02 and
unix03 but I cannot get unix01 to work.

When I try to join the domain, this is what I get (these are the last line
of command net join rpc -d10) :
_
[2004/08/19 11:00:09, 5] libsmb/nmblib.c:send_udp(744)
  Sending a packet of len 50 to (10.xx.xx.255) on port 137
[2004/08/19 11:00:09, 5] libsmb/nmblib.c:send_udp(744)
  Sending a packet of len 50 to (10.xx.xx.255) on port 137
[2004/08/19 11:00:09, 5] libsmb/nmblib.c:send_udp(744)
  Sending a packet of len 50 to (10.xx.xx.255) on port 137
[2004/08/19 11:00:10, 1] utils/net.c:net_find_server(274)
  no server to connect to
[2004/08/19 11:00:10, 2] utils/net.c:main(767)
  return code = 1

Unable to find a suitable server

Unable to find a suitable server
_

Earlier on in this output, I see Samba trying to broadcast queries on
network 10.xx.xx.255 (which is unix01 net). pdc01 is on a different network.
Do I have to configure something ?

Do you have any idea of what is going on ? 
Thanks a lot in advance.

Group Cantrex Inc.

Boismartel, Jerome
Certified Unix SysAdmin Cantrex Group Inc.
4445 rue Garand,
St-Laurent, H4R 2H9
Quebec, Canada 
[EMAIL PROTECTED]  
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Re: [Samba] printernames vs. sharenames

2004-08-19 Thread Gerald (Jerry) Carter 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Martin Zielinski wrote:
| Hello,
|
| when I assign a printer driver to a printer from a
| windows client, the  printername now changes
| to the drivername.
|
| Yes, I can see the SPOOLSS_SETPRINTER call with the
| printername property, but that's definitly not what I
| want (or would expect).
This is actually windows behavior.  As you mention, it
is the client spooler to the SetPrinter() call.  You
can see the same thing locally if the printername is
the previous driver name.
| E.g. when I change the drivers of 3 printers to HP Laserjet, I
| get 3 printers  with the names "HP Laserjet [(Copy 1|2)]". These
| names are different from the  names of my CUPS queues and have
| to be reverted manually.
|
| We all work with and configure the printers having the
| sharenames (aka the  queue names) in mind. And -btw- it does
| not happen, when changing the printer driver of a local
| queue.
|
| Just my point of view... any comments?
Changing a driver should happen in frequently I expect.
If people find the behavior worse than not being able to
change the printername at all, then we can set some method
of enforcing the printername == sharename model again.
Kind of late for 3.0.6 though.
| To the topic "print spooling messages never go away":
| We're not able to reproduce it with 3.06rc2. We'll still
| have an eye on that  but can't provide reasonable infos now.
ok.  Hopefully this is fixed.


cheers, jerry
- -
Alleviating the pain of Windows(tm)  --- http://www.samba.org
GnuPG Key- http://www.plainjoe.org/gpg_public.asc
"If we're adding to the noise, turn off this song"--Switchfoot (2003)
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.2.4 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFBJL3/IR7qMdg1EfYRAqTfAKC3OcWqDiM15STY2x4jV9N1dQZiQACgv90Y
U323MlSzED1oIRx0V23fNXo=
=ubKi
-END PGP SIGNATURE-
--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] 2 gb size limit

2004-08-19 Thread Ralph Feole 
Jason,

I am loading the share with the following command
export USER=ralphf
smbmount //satldw001/programers /lcad/backup1 -o credentials=/etc/somefile

It seems to work fine up until 2 gig going to windows

I can copy a 3 gig file in linux from (box a) to (box b) no problem without
samba

Any help would be appreciated

Here is a copy of my /etc/fstab
LABEL=/ /   ext3defaults1 1
LABEL=/boot /boot   ext3defaults1 2
none/dev/ptsdevpts  gid=5,mode=620  0 0
LABEL=/home /home   ext3defaults1 2
LABEL=/lcad /lcad   ext3defaults1 2
none/proc   procdefaults0 0
none/dev/shmtmpfs   defaults0 0
LABEL=/tmp  /tmpext3defaults1 2
LABEL=/usr  /usrext3defaults1 2
LABEL=/var  /varext3defaults1 2
/dev/sda8   swapswapdefaults0 0
/dev/cdrom  /mnt/cdrom  iso9660
noauto,owner,kudzu,ro 0 0
/dev/fd0/mnt/floppy autonoauto,owner,kudzu 0
0

Thanks Ralph

Ralph Feole
LogistiCare, Inc.
[EMAIL PROTECTED]
352-337-0029 ext. 405

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] Authenticating with ldap backend

2004-08-19 Thread Brendon Standing 
Hi,
Using samba 3.0.2, I am trying to set up my samba config to authenticate 
against my ldap server.  However I am getting the errors:
Failed to issue the StartTLS instruction: Can't contact LDAP server
I believe that samba is trying to bind to port 636. This is a problem as 
my ldap server using port 389. Although the option exists in my config 
to change the ldap port : "ldap port = 389", when I start samba with 
this option I get an error "unkown option".

PLease help ...
--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] printernames vs. sharenames

2004-08-19 Thread Martin Zielinski 
Hello,

when I assign a printer driver to a printer from a windows client, the 
printername now changes to the drivername.

Yes, I can see the SPOOLSS_SETPRINTER call with the printername property, 
but that's definitly not what I want (or would expect).

E.g. when I change the drivers of 3 printers to HP Laserjet, I get 3 printers 
with the names "HP Laserjet [(Copy 1|2)]". These names are different from the 
names of my CUPS queues and have to be reverted manually.

We all work with and configure the printers having the sharenames (aka the 
queue names) in mind. And -btw- it does not happen, when changing the printer 
driver of a local queue. 

Just my point of view... any comments?


P.S.
To the topic "print spooling messages never go away": 
We're not able to reproduce it with 3.06rc2. We'll still have an eye on that 
but can't provide reasonable infos now.

Bye,
Martin

-- 
Martin Zielinski                       [EMAIL PROTECTED]
Software Development
SEH Computertechnik GmbH     www.seh.de
--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Compiling Samba and kerberos, lib problems

2004-08-19 Thread Mattias Andersson 
Gerald (Jerry) Carter wrote:
You don't say what server os.  If you are using linux, then
just add /usr/local/kerberos/lib/ to /etc/ld.so.conf.
Yes, it is linux, thanks a lot for your help,
though there is still something strange.
When I run smbd it dies directly and returns 255.
If I try to run winbindd, same thing happens, though it returns 1.
Thanks,
Mattias
--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] Virus gefunden!

2004-08-19 Thread Werner Wolfgang 
Dateianlage :   document.pif
Virusname   :   W32/[EMAIL PROTECTED]
Ausgeführte Aktion  :   Gelöscht...


--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Compiling Samba and kerberos, lib problems

2004-08-19 Thread Gerald (Jerry) Carter 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Mattias Andersson wrote:
| I compiled kerberos 1.3.4 with these options:
| --prefix=/usr/local/kerberos/ --enable-dns
| --disable-krb4 --enable-shared
|
| Then I compiled samba 3.0.5 with these: --prefix=/usr/local/samba
| --with-krb5=/usr/local/kerberos/
|
| Everything seemed fine and I did: make install.
|
| But I get this message when I manually try to start smbd:
| ./smbd: error while loading shared libraries: libgssapi_krb5.so.2:
| cannot open shared object file: No such file or directory
You don't say what server os.  If you are using linux, then
just add /usr/local/kerberos/lib/ to /etc/ld.so.conf.


cheers, jerry
- -
Alleviating the pain of Windows(tm)  --- http://www.samba.org
GnuPG Key- http://www.plainjoe.org/gpg_public.asc
"If we're adding to the noise, turn off this song"--Switchfoot (2003)
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.2.4 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFBJKb/IR7qMdg1EfYRAuKOAJ9Jb2RWDMEI6WgcyiF1rtqjTnka0QCglK+4
b86tpWICEDOA2PPl0VctkMc=
=gtYy
-END PGP SIGNATURE-
--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Problem migrating PDC from one machine to another

2004-08-19 Thread John H Terpstra 
On Thursday 19 August 2004 06:47, Derek Harkness wrote:
> On Aug 12, 2004, at 7:57 AM, Alex Sharaz wrote:
> > 3). Copy smbpasswd, secrets.tdb and smbusers from old server/etc/samba
> >  to new server/etc/samba
>
> Don't copy the secrets.tdb, most of the information in secrets.tdb is
> server specific.  The information piece of information in the file is
> the domain SID.  So preform the upgrade just like a real MS domain.
> Join Server 2 to the domain, so it has the correct domain SID, then
> edit it's config to make it a the domain master.  At this point you can
> either edit the config on Server 1 and demote it to a normal domain
> server or simply turn it off.

To set the domain SID from an existing Domain run:
net rpc getsid -S PDC_name -UAdministrator%password

Do NOT change the server name and do NOT change the Domain name (workgroup 
name) of a Samba server after you have set the SID. IF you must change either 
you should first save the current SID with:
net getlocalsid > mysid
Then after changing the name, reset the SID from the file mysid with:
net setlocalsid S-1-5-21-XX-XX-X

- John T.

>
> Hope that helps,
> Derek
>
> Isn't sanity just a one-trick pony anyway? I mean, all you get is that
> one trick, rational thinking, but when you're good and crazy, well, the
> sky's the limit!
> "The Tick (comic book)"

-- 
John H Terpstra
Samba-Team Member
Phone: +1 (650) 580-8668

Author:
The Official Samba-3 HOWTO & Reference Guide, ISBN: 0131453556
Samba-3 by Example, ISBN: 0131472216
Hardening Linux, ISBN: 0072254971
OpenLDAP by Example, ISBN: 0131488732
Other books in production.
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] Compiling Samba and kerberos, lib problems

2004-08-19 Thread Mattias Andersson 
I compiled kerberos 1.3.4 with these options:  
--prefix=/usr/local/kerberos/ --enable-dns --disable-krb4 --enable-shared

Then I compiled samba 3.0.5 with these: --prefix=/usr/local/samba 
--with-krb5=/usr/local/kerberos/

Everything seemed fine and I did: make install.
But I get this message when I manually try to start smbd:
./smbd: error while loading shared libraries: libgssapi_krb5.so.2: 
cannot open shared object file: No such file or directory

If I run this command: ls -l /usr/local/kerberos/lib/libgssapi_krb5.so.2*
I get:
lrwxrwxrwx1 root root   21 Aug 12 12:07 
/usr/local/kerberos/lib/libgssapi_krb5.so.2 -> libgssapi_krb5.so.2.2
-rw-r--r--1 root root   781823 Aug 12 12:07 
/usr/local/kerberos/lib/libgssapi_krb5.so.2.2

So the lib seems to be in place.
Help?
Thanks,
Mattias
--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Problem migrating PDC from one machine to another

2004-08-19 Thread Derek Harkness 
On Aug 12, 2004, at 7:57 AM, Alex Sharaz wrote:
3). Copy smbpasswd, secrets.tdb and smbusers from old server/etc/samba 
 to new server/etc/samba
Don't copy the secrets.tdb, most of the information in secrets.tdb is 
server specific.  The information piece of information in the file is 
the domain SID.  So preform the upgrade just like a real MS domain.  
Join Server 2 to the domain, so it has the correct domain SID, then 
edit it's config to make it a the domain master.  At this point you can 
either edit the config on Server 1 and demote it to a normal domain 
server or simply turn it off.

Hope that helps,
Derek
Isn't sanity just a one-trick pony anyway? I mean, all you get is that 
one trick, rational thinking, but when you're good and crazy, well, the 
sky's the limit!
"The Tick (comic book)"


PGP.sig
Description: This is a digitally signed message part
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Re: [Samba] LDAP Master/Slave

2004-08-19 Thread Simon Hobson 
rruegner wrote:
let me explainif you have conected smb ldap master pdc with
a vpn ( ie. Openvpn ) to a bdc smb ldap slave and if the vpn
brakes , win clients from the vpn network are working with
the last entries from the slave ldap.
As in the blackout period the pdc isnt exist and the bdc ldap slave 
is not writeable , you cant make any changes ( like bringing up new 
machines on the fly, chnage passwords etc )until the vpn is up again 
to the pdc ldap master.
This belongs to the fact that a bdc is read only.
This is my understandingand practised...or do you now something
other workaround? ( which might be possible with ldap in principal, 
but will end in heavly syncing the ldap directory in network 
blackout periods )
I've been watching this thread since I'm looking at implementing 
backup servers at two remote sites next week. Could I just clarify 
what I believe happens :

During a network break :
Clients at the remote site will be reliant on the backup servers, but 
for obvious reasons will not be able to update the LDAP server.

During normal operations :
Clients can use any of the servers for authentication etc. If a 
change is made via one of the remote servers, then it is either 
replicated or redirected to the primary LDAP server depending on the 
LDAP setup.

Is this correct ?
Simon
--
Simon Hobson MA MIEE, Technology Specialist
Colony Gift Corporation Limited
Lindal in Furness, Ulverston, Cumbria, LA12 0LD
Tel 01229 461100, Fax 01229 461101
Registered in England No. 1499611
Regd. Office : 100 New Bridge Street, London, EC4V 6JA.
--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Re: [Samba] LDAP Master/Slave

2004-08-19 Thread Michael Gasch 
> This belongs to the fact that a bdc is read only.
> This is my understandingand practised...or do you now something
> other workaround?
this is also my understandig
a solution could be the (experimental) multimaster patch for openldap
but it's not recommended on productive systems
greez
rruegner schrieb:
Hi John,
let me explainif you have conected smb ldap master pdc with
a vpn ( ie. Openvpn ) to a bdc smb ldap slave and if the vpn
brakes , win clients from the vpn network are working with
the last entries from the slave ldap.
As in the blackout period the pdc isnt exist and the bdc ldap slave is 
not writeable , you cant make any changes ( like bringing up new 
machines on the fly, chnage passwords etc )until the vpn is up again to 
the pdc ldap master.
This belongs to the fact that a bdc is read only.
This is my understandingand practised...or do you now something
other workaround? ( which might be possible with ldap in principal, but 
will end in heavly syncing the ldap directory in network blackout periods )
Best Regards


John H Terpstra schrieb:
On Wednesday 18 August 2004 16:11, rruegner wrote:
thats right

I am not sure if I understand what is being said here. Samba should 
refer password changes to the PDC and it should apply the changes to 
the LDAP directory.

- John T.

regards
Jason C. Waters schrieb:
I don't think this is a solution.  If I understand what you were 
saying,
on the BDC I should have this as the passwd backend:

passwd backend = ldapsam:"ldaps://ldap.server2 ldaps://ldap.server1"
server2 - the BDC and ldap slave which is read only
server1 - is the PDB and has the ldap master which users can 
read/write,
so they could update their passwords.

If I have it setup this way, the users that on the other side will 
never
be able to update their passwords, at least on that leg of the VPN.  Or
maybe I just thinking about this the wrong way.

Jason
rruegner wrote:
Hi,
if you want to stay bdc stay alive, in cases
when vpn broke so on your bdc smb.conf
your slave ldap should be the first entry in the passwd backend,
so if vpn brake , the slave ldap operates with its last
entries from the master and will give the win clients any chance
to operate just like if the pdc is alive.
If vpn is up again it the ldap should refresh the slave automatic.
But note, a bdc is read only so changes can olny be made to the master
ldap on the pdc.So no changes can be made to the domain during the
blackout period.
If you want a full functional bdc you also should setup user clients
homes and profiles in your outside ( vpn ) office hosted on the bdc.
( a seperate dhcp server and an bind slave with longtime zone caching
is very usefull, too )
Regards
Jason C. Waters schrieb:
Is anyone using this?  My smb.conf file has this line in
server1(master)
passwd backend = ldapsam:"ldaps://ldap.server1 ldaps://ldap.server2"
and this is what server2(slave ldap, BDC) looks like:
passwd backend = ldapsam:"ldaps://ldap.server1 ldap.server2"
This is what happens.  When I take down server 1's ldap server,
server2 just starts using its local ldap server.  But if I take down
the VPN between the two, I try the same test, pdbedit -L, it works
but it take about 6 seconds for it to timeout on server1.  Is this
normal or do I need to change some DNS setting?  Thanks for your 
help.

Jason


--
 "Matrix - more than a vision"
**
 Michael Gasch
   - Central IT Department -
Max Planck Institute for Evolutionary Anthropology
Deutscher Platz 6
04103 Leipzig
Germany
**
--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Re: [Samba] LDAP Master/Slave

2004-08-19 Thread rruegner 
Hi John,
let me explainif you have conected smb ldap master pdc with
a vpn ( ie. Openvpn ) to a bdc smb ldap slave and if the vpn
brakes , win clients from the vpn network are working with
the last entries from the slave ldap.
As in the blackout period the pdc isnt exist and the bdc ldap slave is 
not writeable , you cant make any changes ( like bringing up new 
machines on the fly, chnage passwords etc )until the vpn is up again to 
the pdc ldap master.
This belongs to the fact that a bdc is read only.
This is my understandingand practised...or do you now something
other workaround? ( which might be possible with ldap in principal, but 
will end in heavly syncing the ldap directory in network blackout periods )
Best Regards


John H Terpstra schrieb:
On Wednesday 18 August 2004 16:11, rruegner wrote:
thats right

I am not sure if I understand what is being said here. Samba should refer 
password changes to the PDC and it should apply the changes to the LDAP 
directory.

- John T.

regards
Jason C. Waters schrieb:
I don't think this is a solution.  If I understand what you were saying,
on the BDC I should have this as the passwd backend:
passwd backend = ldapsam:"ldaps://ldap.server2 ldaps://ldap.server1"
server2 - the BDC and ldap slave which is read only
server1 - is the PDB and has the ldap master which users can read/write,
so they could update their passwords.
If I have it setup this way, the users that on the other side will never
be able to update their passwords, at least on that leg of the VPN.  Or
maybe I just thinking about this the wrong way.
Jason
rruegner wrote:
Hi,
if you want to stay bdc stay alive, in cases
when vpn broke so on your bdc smb.conf
your slave ldap should be the first entry in the passwd backend,
so if vpn brake , the slave ldap operates with its last
entries from the master and will give the win clients any chance
to operate just like if the pdc is alive.
If vpn is up again it the ldap should refresh the slave automatic.
But note, a bdc is read only so changes can olny be made to the master
ldap on the pdc.So no changes can be made to the domain during the
blackout period.
If you want a full functional bdc you also should setup user clients
homes and profiles in your outside ( vpn ) office hosted on the bdc.
( a seperate dhcp server and an bind slave with longtime zone caching
is very usefull, too )
Regards
Jason C. Waters schrieb:
Is anyone using this?  My smb.conf file has this line in
server1(master)
passwd backend = ldapsam:"ldaps://ldap.server1 ldaps://ldap.server2"
and this is what server2(slave ldap, BDC) looks like:
passwd backend = ldapsam:"ldaps://ldap.server1 ldap.server2"
This is what happens.  When I take down server 1's ldap server,
server2 just starts using its local ldap server.  But if I take down
the VPN between the two, I try the same test, pdbedit -L, it works
but it take about 6 seconds for it to timeout on server1.  Is this
normal or do I need to change some DNS setting?  Thanks for your help.
Jason

--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Windows 2003 Active Directory Compatibility issue in libads/sasl.c

2004-08-19 Thread Doug VanLeuven 
You can find references in the archives, but
I remember wasting quite a bit of time to find this.
MIT Kerberos and Heimdal have to be really pretty current versions.
If you cant upgrade to the new MS rc4-hmac encryption type
see the following MS hotfix
http://support.microsoft.com/default.aspx?scid=kb;en-us;833708
Hope it helps, Doug
[EMAIL PROTECTED] wrote:
Hi All,
I am new to the samba-technical list. I am currently adopting the way Samba does for mutual authentication using Kerberos to MS Active Directory 2003.
Basically, I am using this "static ADS_STATUS  ads_sasl_gssapi_bind (ADS_STRUCT *ads) " in my LDAP client implemented by Netscape Directory SDK.
However, the code works fine with Windows 2000 but fails on 2003. By running the code, I could sucessfully get the TGT and session ticket from
Windows Active Directory KDC with the right enctype. I verified both tickets by checking client's local credential cache using "klist". After tracing down the code,
the code fails on line 000374 ( http://samba.org/doxygen/appliance-head/sasl_8c-source.html) with an error saying "invalid credential". I have tried serveral ways to
work it out but got no luck. I am at the end of the rope. Is there a known issue for compatibility with Windows 2003 and Samba, or am I missing something here?
Any help and insighs are highly apprecited. Many thanks in advance. 
Sincerely,
Peter


TREND MICRO EMAIL NOTICE
The information contained in this email and any attachments is confidential and may be subject to copyright or other intellectual property protection. If you are not the intended recipient, you are not authorized to use or disclose this information, and we request that you notify us by reply mail or telephone and delete the original message from your mail system.
 

--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] net groupmap -> gidNumber=4294967295

2004-08-19 Thread andreas burger 
hello,
i still trying to deal with groups in a samba-pdc
i am now closer to my problem:
the net groupmap cant find the group about a wrong groupid.
i found similar errormessages by googling, but no answer, which
brings me to understand what exactly happens.
it follows a snipp from smb.conf, a snipp from the
debug-info i am getting.
my ldap has ous people, groups and Idmap
samba is 3.0.4 system is solaris 8
smb.conf:
passdb backend = ldapsam:ldaps://localhost
domain logons = yes
ldap admin dn = "cn=Manager,dc=agrl,dc=ethz"
ldap group suffix = ou=groups
ldap user suffix = ou=people
ldap machine suffix =
ldap suffix = dc=agrl,dc=ethz
debuginfo:
./net groupmap add -d 5 ntgroup="Domain Admins" unixgroup=domadm \
type=d rid=512

[2004/08/19 10:43:52, 5] lib/smbldap.c:smbldap_search(932)
  smbldap_search: base => [dc=agrl,dc=ethz], filter => 
[(&(objectClass=sambaIdma
pEntry)(gidNumber=4294967295))], scope => [2]

[2004/08/19 10:43:52, 5] lib/smbldap.c:smbldap_search(932)
  smbldap_search: base => [ou=groups,dc=agrl,dc=ethz], filter => 
[(&(objectClass
=sambaGroupMapping)(gidNumber=4294967295))], scope => [2]

[2004/08/19 10:43:52, 4] passdb/pdb_ldap.c:ldapsam_getgroup(1898)
  ldapsam_getgroup: Did not find group
[2004/08/19 10:43:52, 5] lib/smbldap.c:smbldap_search(932)
  smbldap_search: base => [ou=groups,dc=agrl,dc=ethz], filter => 
[(&(|(objectCla
ss=posixGroup)(objectclass=sambaIdmapEntry))(gidNumber=4294967295))], 
scope => [
2]

[2004/08/19 10:43:52, 5] lib/smbldap.c:smbldap_search(932)
  smbldap_search: base => [dc=agrl,dc=ethz], filter => 
[(&(objectClass=sambaIdma
pEntry)(gidNumber=4294967295))], scope => [2]

[2004/08/19 10:43:52, 5] lib/smbldap.c:smbldap_search(932)
  smbldap_search: base => [ou=groups,dc=agrl,dc=ethz], filter => 
[(&(objectClass
=sambaGroupMapping)(gidNumber=55001))], scope => [2]

[2004/08/19 10:43:52, 4] passdb/pdb_ldap.c:ldapsam_getgroup(1898)
  ldapsam_getgroup: Did not find group
[2004/08/19 10:43:52, 5] lib/smbldap.c:smbldap_search(932)
  smbldap_search: base => [ou=groups,dc=agrl,dc=ethz], filter => 
[(&(|(objectCla
ss=posixGroup)(objectclass=sambaIdmapEntry))(gidNumber=55001))], scope 
=> [2]

[2004/08/19 10:43:52, 5] lib/smbldap.c:smbldap_search(932)
  smbldap_search: base => [dc=agrl,dc=ethz], filter => 
[(&(objectClass=sambaIdma
pEntry)(gidNumber=55001))], scope => [2]
adding entry for group Domain Admins failed!

[2004/08/19 10:43:52, 2] utils/net.c:main(792)
  return code = -1
--

Andreas Burger
Eidgenoessische Technische Hochschule Zuerich
Departement AgrL  ISG
LFW A2  8092 Zuerich  632 68 54
[EMAIL PROTECTED]
_
--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Mount at boot - and a bug - where to report?

2004-08-19 Thread Christoph Scheeder 
Hi,
your problem arises from abuse of the c$ share:  ;-)
the shares ending in$-signs are so-called administrative shares.
Their use is restricted to adminitrator-users of the windows-machine,
as they are ment only for administrative tasks.
Never use these shares for real filesharing, create a second share on
the root-directory of your c:-drive if you want to share it to some
other machines.
Christoph
Victor Wynnytsky schrieb:
just in case you didn't put this problem to rest...
I found I got the "tree connect failed: ERRDOS - ERRnoaccess (Access
denied.)" when I removed my windows user from the administrator group
and I was mounting to a c$ share so I suppose the windows account
requires admin access if I'm authenticating with it from linux.
PS: this problem is best debugged from un/mount scripts and NOT by
rebooting for each attempt
--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Group creation and ldap

2004-08-19 Thread Neil Robst 

> This only happens when I try to create a new group from the User Manager
> for Domains - This search is in the test to see if the posixGroup exists
> (right after it calls out to the group creation script).  I have several
> groupMappings in operation and they all work correctly; Do I understand
> your correctly that you've got working groups, or is it that you're able
> to create them as well?
>
Ahh... I don't use User Manager for Domains. Initially I created my group
mappings using the net groupmap add command from the command line of my
samba server. However, I now create the group mappings at the time when
the group is created in LDAP by simply adding the Samba attributes.

Regards,
Neil


-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] Internet.Com Format Error

2004-08-19 Thread Internet.com 
Sorry, your email containing an attachment can not be distributed through
Internet.Com discussion lists.

The only acceptable format for posting to isp-nt is ASCII
Text, with NO attachments.

Please, re-send your post to continue your discussion on
isp-nt.

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] smbpasswd issue

2004-08-19 Thread Greg Andrews 
Howdy All,

I am trying to add more winxp machines to an existing domain and I think I
must have broken something.
The story goes, I discovered that it is a bad idea to have the
computername and username the same, so I thought  I would change the
computername on one machine ( at a time ). However after trying with the
first machine ( and failing ) I gave up thinking I would come back to this
issue.
However,when I try to add ANY new machine to the domain with smbpasswd -a
-m newmachinename  I get

failed to initialise SAM_ACCOUNT for user newmachinename$
failed tomodify password entry for user newmachinename$

This tells me that it recognises the account as a machine trust account,
but the database is bust.

HOW DO I FIX IT ( or if all else fails  can I remove the smbpasswd file
and simply add all of the accounts again )  ??
The latter is not my favourite option but I will do it to get things going.

The second and more important question is WHAT DID I DO to break it. I
really dont want to have to go through this regularly.AND  is there some
backup of the database ( or can I create one on a dynamic system ) and if
so what files should I be backing up.

Thanks in advance.

Regards

Greg




-- 
System Manager
RGTechnologies Pty Ltd
606 Skipton Street
Ballarat 3350
613 53363603
0417 511 731
[EMAIL PROTECTED]

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba