Re: [Samba] Samba 3.0.6 Problems w/AD and Kerberos
Le dimanche 05 Septembre 2004 13:38, Christian Merrill a écrit : Running into a lot of people upgrading to the 3.0.6 package that all of a sudden begin to experience the Failed to verify incoming ticket! errors etc., that are generally associated with a kerberos package incompatibility. I'm running more tests with 3.0.5 instead of 3.0.6, and it seems that 3.0.5 has some problems too. Sometime, a share can't be mounted, when username, pass is given, but if DOMAIN\username, pass is given the share can be used.! I'll try to increase the level of logs, but I can't make a lot of changer per day, because this is a prod server. Emmanuel -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] WindowsXP SP2 shuts down while trying to log into samba 3.0.6 domain
Hello, I have few Windows2000 Pro samba domain members which logon to the domain without any obstacles. Recently I decided to upgrade all client workstations to WindowsXP SP2. Fresh copy of WindowsXP joined domain properly but when I tried to logon as usual it accepted password and shut down after a while (logs of samba confirm that workstation logged on). Windows claims that winlogon caused exception in msgina.dll lib. Did anyone expirenced similar problem ? TIA R.W. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] read write - yes .. but delete - No
On Fri, 2004-09-10 at 14:22, Xavier wrote: Selon Rick Brown [EMAIL PROTECTED]: I should have added : read write - Yes .. but delete and rename - No ! is it possible too with the sticky bit ? I don't think it's is. Since the sticky bit will only let the original owner to delete it. Does XFS support ACL? IIRC they don't unless you've applied patches and stuffs. and another question is : is the win2k GUI interface for a security of a file changing the corresponding unix sticky bit ? XP use the sticky bit (man chmod). [ Rick Brown ][ (404) 894-6175 ] [ Office of Information Technology ][[EMAIL PROTECTED] ] [ Georgia Institute of Technology ][ 258 4th street. Atlanta, GA ] On Thu, 9 Sep 2004, Xavier wrote: How is it possible to set for a file that a user can read,write but not delete it ? I'm using a xfs filesystem and samba3.0.4 with ACL's support included. -- Xavier mailto: [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- Xavier mailto: [EMAIL PROTECTED] -- Ow Mun Heng Fedora GNU/Linux Core 2 on D600 1.4Ghz CPU kernel 2.6.7-2.jul1-interactive Neuromancer 15:14:40 up 19:54, 8 users, load average: 3.00, 3.19, 2.87 -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Forcing RIDs to desired value
Michael Gasch wrote: what about the algorithmic rid base (G) parameter? I gave it a try. But even with this disabled, the pdbedit still complains about mismatched RIDs. I used tdbdump to get a view what is inside the tbdsam database. To my surprise, the mappings from RID to usernames are there (key = RID_), but contains still 2*UID+1000 values, regardless of the last number of user's SID! Probably the cause of the complains. Is the format of this tdb database somewhere documented, so I could manually correct it? For example, I *REALLY* want to have the possibility to change the DOMAIN the user is marked in. (pdbedit -Lv | grep Domain) Best regards Radek Svoboda Neovision s.r.o., Prague [EMAIL PROTECTED] http://www.neovision.cz -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] machine account with w2k
High Brian, what you wrote I tried in my first experiment. I created the user domamdin like this: # useradd -m -u 500 -G 0 domadmin # pdbedit -a -U 500 -G 512 domadmin The Unix-user domadmin had the uid = 500, the primary-group = 500 (like normal users), and was a member of the root-group = 0. Whit this settings I was able to join my Samba-PDC with Windows-NT4.0-Workstations well, when I manually created a machine-account on the Samba. But when I tried to the same with a Windows2000-Workstation, then I got a login prompt. Then I tried to give in the domadmin with the password, the login-promt appeared again. It was not possible to join my Samba-PDC with Windows2000-Workstations. I tried different things until I read in the Samba-manual, that I should join a Samba-Domain with the user Root. This is normally not possible, because Root does not have an smb-account and im my smb.conf I have: invalid users = root . Yes, and because it was'nt successful with the user domadmin as member of group 0, I tried the really not nice thing, that I gave the user domadmin the uid 0, and this was successful. Please could you tell me, what I did wrong? Please see for this the documentation in my first mail, there are my smb.conf and the user-profile from the domadmin. By, Heinz. Heinz Allerberger Systemadministrator Zentrum Neurologie Universitätsklinikum Frankfurt am Main Tel: 069/6301-4274 Fax: 069/6301-6842 Piepser 18-0455 Brian Krusic wrote: The Domain Admin user domadmin must have the root-policies on the /etc/passwd like this: domadmin:x:0:0: This is incorrect as you should never have users with identical uids. You should mod the entry in etc/group to add your domadmin user to the root group. This gives it root privs. In my opinion it is not fine, because it is a security-hole, Incorrect. Only someone of root or admin privs should be able to initially join domains for if any one could, then a potential hacker to do so w/o admin/root privs and attain further domain trust by doing so. Bri- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] How to Upgrade from 2.2.8a to 3.0.6
[EMAIL PROTECTED] mailto:[EMAIL PROTECTED] wrote: | cd nsswitch | cp libnss_winbind.so /lib Make sure that there is a symlink from /lib/libnss_winbind.so.2 - /lib/libnss_winbind.so * Yes I had already setup the symlink | if I do a directory listing it now looks like this | | | drwxrws--- 22 16043 CITDOM+Domain Admins make sure nscd is not caching previous negative lookups. Also, is 16043 within the winbind uid range ? *nscd is not running *winbind uid range in 1 - 5 | If I type chown OP86V op86v it works but is using | a uid of 20266 Hmmm...make sure you set 'winbind enable local accounts = no'. Now run 'getent passwd OP86V'. If you get an entry back, run 'wbinfo -x OP86V'. Now run getent passwd OP86V' again. See if this helps. *Did have to change 'winbind enable local accounts = no' * followed rest of your instructions but still no joy Here are the 2.2.8a smb.conf files [global] netbios name = SRVSAM02 netbios aliases = SRVSAM02A workgroup = xxxdom security = domain encrypt passwords = yes map to guest = bad user name resolve order = wins lmhosts host bcast dns proxy = no password server = server1 server2 preferred master = no domain master = no local master = no log level = 2 log file = /var/log/samba wins server = 172.19.1.1 winbind uid = 1-5 winbind gid = 1-5 winbind separator = + winbind cache time = 10 template homedir = /smb/homes/%U [homes] comment = Home directory for %U path = /smb/homes/%U read only = no browseable = no inherit permissions = no inherit acls = yes create mask = 0660 force user = %U # force create mode = 0660 directory mask = 0770 force directory mode =0770 root preexec = /usr/local/bin/buildhome %U %G [admin] comment = Administrative Share path = /smb valid users = @xxxdom+Domain Admins admin users = @xxxdom+Domain Admins administrator force user = root read only = no browseable = no create mask = 0660 directory mask = 0770 [share] comment = share path = /smb/data/share browseable = yes read only = no [itdrive] comment = itdrive path = /smb/data/itdrive browseable = yes inherit permissions = no read only = no create mask = 0660 force create mode = 0660 directory mask = 0770 force directory mode = 0770 [dataxx] comment = dataxx path = /smb/data/dataxx browseable = yes inherit permissions = no read only = no create mask = 0660 force create mode = 0660 directory mask = 0770 force directory mode = 0770 Here is the 3.0.6 smb.conf file [global] netbios name = SRVSAM02 netbios aliases = SRVSAM02A workgroup = xxxdom security = domain encrypt passwords = yes ; socket options = TCP_NODELAY SO_SNDBUF=1500 SO_RCVBUF=1500 map to guest = bad user name resolve order = wins lmhosts host bcast dns proxy = no password server = server1 server2 preferred master = no domain master = no local master = no log level = 2 log file = /var/log/samba wins server = 172.19.1.1 winbind uid = 1-5 winbind gid = 1-5 winbind separator = + winbind cache time = 10 template homedir = /smb/homes/%U [homes] comment = Home directory for %U path = /smb/homes/%U read only = no browseable = no inherit permissions = no inherit acls = yes create mask = 0660 force user = %U # force create mode = 0660 directory mask = 0770 force directory mode =0770 root preexec = /usr/local/bin/buildhome %U %G [admin] comment = Administrative Share path = /smb valid users = @xxxdom+Domain Admins admin users = @xxxdom+Domain Admins administrator force user = root read only = no browseable = no create mask = 0660 directory mask = 0770 [share] comment = share path = /smb/data/share browseable = yes read only = no [itdrive] comment = itdrive path = /smb/data/itdrive browseable = yes inherit permissions = no read only = no create mask = 0660 force create mode = 0660 directory mask = 0770 force directory mode = 0770 [dataxx] comment = dataxx path = /smb/data/dataxx browseable = yes inherit permissions = no read only = no create mask = 0660 force create mode = 0660 directory mask = 0770 force directory mode = 0770 All the other parameters are at default Thanks for your help so far, I hope the about smb.conf file help you to spot my problem, could it be something to do with the location of smbpasswd, sorry if these ar silly questions, i'm still
[Samba] Re: CUPS Print Quality -- WAS -- UPDATE Where are the ADOBE PS Drivers?
Chris McKeever wrote: I would guess that there is probably at least some quality lost during that conversion and the resulting output would depend entirely on ghostscript's ability to translate (render) the Postscript generated by the driver on Windows into your printer's native tongue. yeah - I am thinking this is the issue... There shouldn't be - see below If you didn't need to do the PS-(some other language) conversion on the CUPS server then I suspect you would see better resulting output. Trying to avoid this PS-(other) conversion step is one of the reasons why I generally only support PS capable printers. You might want to look into adding Postscript support to your printers if it is available as an add-on option (assuming you don't want to continue to just use CUPS in raw mode - there really isn't anything wrong with that, it's just not how I'd like to have my system setup). Can I ask a really basic question, that may help me get my hands around this stuff...On the windows side the application prints using the ADOBE (or whatever) Driver and the vendor specific PPD file. It then gets sent to cups which then does what?? Does the CUPS server process it again before sending to the printer (assuming the printer is postscript capable)? The reason I ask, was that I thought (for some reason) that the CUPS processing made the windows client driver independent - but if the windows client uses the PPD - then I am thinking that I was mistaken It's fairly well described in the Samba Howto IIRC. To paraphrase ... If configured for raw printing then it simply passes whatever it is given on to the output stream. Otherwise ... The first step (as far as Samba printing is concerned), if not already feeding it the right format, is to pre-process the input file to extract device specific options and convert them to Cups parameters and generate a device-independent Postscript file. It selects a set of conversion filters, typically using Ghostscript to generate a bitmap image and then encode this into the printers native format. Once the job is in a format the printer can understand, it is sent through the configured output device/transport to the printer. If properly configured, there is no reason that Cups should not be able to produce output as good as any other driver. The quality you actually get will largely depend on the settings (particularly resolution and colour depth) for the PS to bitmap conversion, plus an element of how well the device dependent filter converts the resulting bitmap to the printers native format. From the above, you can prbably imagine that if you use a generic PPD, you can use the same driver and PPD for all printers, but you won't get access to all the facilities available on a printer. If you stick with the Adobe PS drivers, then you can use the same driver for all printers, only the PPD is different. Simon -- Simon Hobson MA MIEE, Technology Specialist Colony Gift Corporation Limited Lindal in Furness, Ulverston, Cumbria, LA12 0LD Tel 01229 461100, Fax 01229 461101 Registered in England No. 1499611 Regd. Office : 100 New Bridge Street, London, EC4V 6JA. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Re: upgarde smbd to 3.0.6 and keep winbind to 3.0.2a, possible ?
hello, i deleted the passdb backend line and have no more panics. it seems like it solved the problem with the help of your analysis, thank you. an advice for debian users : start with an empty smb.conf, do not use the proposed smb.conf, especially if u want to setup a member server with winbind. the one proposed is for tdbsam setup. regards éric le hénaff [EMAIL PROTECTED] a écrit dans le message de news:[EMAIL PROTECTED] I'm wondering if i really need a tdbsam ? i'm using winbindd and the users and groups base is on a windows NT4 PDC. may be i should delete those three lines from smb.con : passdb backend = tdbsam, guest passwd program = /usr/bin/passwd %u passwd chat = *Enter\snew\sUNIX\spassword:* %n\n *Retype\snew\sUNIX\spassword:* %n\n . see smb.conf below. --- # Global parameters [global] workgroup = DOM_BIBLIO server string = Serveur %h (Samba %v) security = DOMAIN passdb backend = tdbsam, guest passwd program = /usr/bin/passwd %u passwd chat = *Enter\snew\sUNIX\spassword:* %n\n *Retype\snew\sUNIX\spassword:* %n\n . syslog = 0 log file = /var/log/samba/log.%m max log size = 1000 socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 dns proxy = No panic action = /usr/share/samba/panic-action %d idmap uid = 1-2 idmap gid = 1-2 winbind separator = + invalid users = root [users] path = /share/users read only = No create mask = 0770 force create mode = 0770 directory mask = 0770 force directory mode = 0770 [groupes] path = /share/groupes read only = No create mask = 0770 force create mode = 0770 directory mask = 0770 force directory mode = 0770 Jeremy Allison [EMAIL PROTECTED] a écrit dans le message de news:[EMAIL PROTECTED] On Thu, Sep 09, 2004 at 11:46:45AM +0200, ?ric le h?naff wrote: hello, server : debian sarge on a dell pe 1750 . Secondary file server holding homes and groups shares documents. the pdc is a windows nt 4. clients are NT4, w2k some xp. about 100 clients. i want to upgrade smbd from 3.0.2a to 3.0.6 but keep winbindd at 3.02a because of a bug in winbindd 3.0.6. Do you think it's possible ? i have a lot of panic actions when users access to mail client eudora's files. see log below. what does mean call_nt_transact_ioctl(0x90028): Currently not implemented.. it creates a panic. No, this is not causing the panic - what is causing the panic looks like a corrupted tdb sam database. The following gives it away : #0 /usr/sbin/smbd(smb_panic+0x101) [0x81c1d11] #1 /usr/sbin/smbd [0x81aff28] #2 /lib/libc.so.6 [0x401ed4a8] #3 /usr/sbin/smbd(init_sam_from_buffer+0x61c) [0x819379c] #4 /usr/sbin/smbd [0x81a4941] #5 /usr/sbin/smbd [0x81a4e10] #6 /usr/sbin/smbd [0x81a4f60] #7 /usr/sbin/smbd [0x8194ad5] #8 /usr/sbin/smbd(pdb_getsampwsid+0x35) [0x81960d5] #9 /usr/sbin/smbd(make_server_info_guest+0x89) [0x81fbfb9] #10 /usr/sbin/smbd [0x81f9d82] #11 /usr/sbin/smbd [0x81f4e3f] #12 /usr/sbin/smbd [0x80a80fe] #13 /usr/sbin/smbd(reply_sesssetup_and_X+0x758) [0x80a9bd8] #14 /usr/sbin/smbd [0x80c809a] #15 /usr/sbin/smbd [0x80c8300] #16 /usr/sbin/smbd(process_smb+0x8c) [0x80c850c] #17 /usr/sbin/smbd(smbd_process+0x168) [0x80c9188] #18 /usr/sbin/smbd(main+0x4bc) [0x822cb8c] The init_sam_from_buffer is the key. Can you get a proper stack backtrace with symbols - or try to restore your 3.0.2 tdbsam and re-install 3.0.6. The first start of 3.0.6 should upgrade your tdbsam database correctly. Jeremy. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Re: upgarde smbd to 3.0.6 and keep winbind to 3.0.2a, possible ?
forget it, it's not a good idea, itried it and it doesnt work. éric le hénaff [EMAIL PROTECTED] a écrit dans le message de news:[EMAIL PROTECTED] i want to upgrade smbd from 3.0.2a to 3.0.6 but keep winbindd at 3.02a because of a bug in winbindd 3.0.6. Do you think it's possible ? Jeremy Allison [EMAIL PROTECTED] a écrit dans le message de news:[EMAIL PROTECTED] On Thu, Sep 09, 2004 at 11:46:45AM +0200, ?ric le h?naff wrote: hello, server : debian sarge on a dell pe 1750 . Secondary file server holding homes and groups shares documents. the pdc is a windows nt 4. clients are NT4, w2k some xp. about 100 clients. i want to upgrade smbd from 3.0.2a to 3.0.6 but keep winbindd at 3.02a because of a bug in winbindd 3.0.6. Do you think it's possible ? i have a lot of panic actions when users access to mail client eudora's files. see log below. what does mean call_nt_transact_ioctl(0x90028): Currently not implemented.. it creates a panic. No, this is not causing the panic - what is causing the panic looks like a corrupted tdb sam database. The following gives it away : #0 /usr/sbin/smbd(smb_panic+0x101) [0x81c1d11] #1 /usr/sbin/smbd [0x81aff28] #2 /lib/libc.so.6 [0x401ed4a8] #3 /usr/sbin/smbd(init_sam_from_buffer+0x61c) [0x819379c] #4 /usr/sbin/smbd [0x81a4941] #5 /usr/sbin/smbd [0x81a4e10] #6 /usr/sbin/smbd [0x81a4f60] #7 /usr/sbin/smbd [0x8194ad5] #8 /usr/sbin/smbd(pdb_getsampwsid+0x35) [0x81960d5] #9 /usr/sbin/smbd(make_server_info_guest+0x89) [0x81fbfb9] #10 /usr/sbin/smbd [0x81f9d82] #11 /usr/sbin/smbd [0x81f4e3f] #12 /usr/sbin/smbd [0x80a80fe] #13 /usr/sbin/smbd(reply_sesssetup_and_X+0x758) [0x80a9bd8] #14 /usr/sbin/smbd [0x80c809a] #15 /usr/sbin/smbd [0x80c8300] #16 /usr/sbin/smbd(process_smb+0x8c) [0x80c850c] #17 /usr/sbin/smbd(smbd_process+0x168) [0x80c9188] #18 /usr/sbin/smbd(main+0x4bc) [0x822cb8c] The init_sam_from_buffer is the key. Can you get a proper stack backtrace with symbols - or try to restore your 3.0.2 tdbsam and re-install 3.0.6. The first start of 3.0.6 should upgrade your tdbsam database correctly. Jeremy. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Using Samba over VPN - shares disconnect on Windows clients
I am running Poptop 1.1.4 VPN server, Samba 3.0.6, RH 9 (2.4.20-8 patched for mppe-mppc). When the end user connects via VPN, they can create a share to the samba shared folder that was created. When they clost the explorer window, then reopen the shared drive from the My Computer view, the share can not be re-opened with the error that the mapped drive is alreay in use. I have searched high and low for possible solutions and have tried just about all of them, but nothing seems to correct this issue. The network for the Samba server and Redhat is 192.168.1.X but coming on on the VPN the boxes are 192.168.2.x with client systems getting assigned IPs in the range 192.168.1.50-60 by the Poptop server. I had been getting Samba read errors(436), but I seem to have gotten away from those by resetting the services file of the Redhat on port 139 from netbios to smbd. Any ideas of where to jump from here?? (besides a tall building or short bridge?) TYIA Mark Huff --- Outgoing mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.752 / Virus Database: 503 - Release Date: 3/09/2004 -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] my surver is fail
Dear Sir, please help me i am totally fusutated and plan to shifted to windows to complete my job. my mail problems are. 1. The roaming profile of the users are stop working after some time. and causes a very lots of trouble. 2. i am not able to add new machines when i am add these and give a password u am receive following error message. 3 all these are working very well some days ago. [EMAIL PROTECTED] root]# smbpasswd -a sanjaysoni New SMB password: Retype new SMB password: getsmbfilepwent: malformed password entry (uid not number) getsmbfilepwent: malformed password entry (uid not number) getsmbfilepwent: malformed password entry (uid not number) getsmbfilepwent: malformed password entry (uid not number) getsmbfilepwent: malformed password entry (uid not number) getsmbfilepwent: malformed password entry (uid not number) getsmbfilepwent: malformed password entry (uid not number) getsmbfilepwent: malformed password entry (uid not number) getsmbfilepwent: malformed password entry (uid not number) [EMAIL PROTECTED] root]# please help me regards Vivek Raghuwanshi +91-755-3111077 ___ Do you Yahoo!? Shop for Back-to-School deals on Yahoo! Shopping. http://shopping.yahoo.com/backtoschool-- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] my surver is fail
Hi, roaming Profiles are always a little bit tricky, i totaly forbid caching of them with group policies on workstations. (laptops are allowed) You can do that with poledit or reg patches, for your user account :have you tried to delete the user from /etc/passwd and /etc/shadow , /etc/samba/smbpasswd first and create him once again, a machine musst have a name like machine$, robopc$. Normally , having the right entry in the smb.conf , machine accounts can be created on the fly add machine script = /usr/sbin/useradd -g Machines -c Machine -d /dev/null -s /bin/false %u ( create a group Machines here first ) password backend smbpasswd is not longer recomended ( samba Version 3 ) but works still. ( i still use it too on some setups ) Posting your smb.conf would be helpfull for debugging Regards vivek raghuwanshi schrieb: Dear Sir, please help me i am totally fusutated and plan to shifted to windows to complete my job. my mail problems are. 1. The roaming profile of the users are stop working after some time. and causes a very lots of trouble. 2. i am not able to add new machines when i am add these and give a password u am receive following error message. 3 all these are working very well some days ago. [EMAIL PROTECTED] root]# smbpasswd -a sanjaysoni New SMB password: Retype new SMB password: getsmbfilepwent: malformed password entry (uid not number) getsmbfilepwent: malformed password entry (uid not number) getsmbfilepwent: malformed password entry (uid not number) getsmbfilepwent: malformed password entry (uid not number) getsmbfilepwent: malformed password entry (uid not number) getsmbfilepwent: malformed password entry (uid not number) getsmbfilepwent: malformed password entry (uid not number) getsmbfilepwent: malformed password entry (uid not number) getsmbfilepwent: malformed password entry (uid not number) [EMAIL PROTECTED] root]# please help me regards Vivek Raghuwanshi +91-755-3111077 ___ Do you Yahoo!? Shop for Back-to-School deals on Yahoo! Shopping. http://shopping.yahoo.com/backtoschool -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] samba client warning for HELP password transmitted with no encryption
Hello, I am newbie in linux, and have security problems with samba. I installed samba server on a box b1 (v2.2.7a), and samba client is not my last and second box b2. They both run under linux (RH9 distribution). It seems to be installed correctly, but I have 2 strange things: 1) I cannot locate why when I get a connection with nautilus, the popup window tells me that password will be transmitted with no encryption. 2) When I start samba in nautilus, the popup window asking for a user/password re-opens twice after I have filled it for the very 1st time. Does somebody know why it reopens? Filling again and clicking OK, or clicking Cancel has the same effect: I can access. Is this a bug, or a bad configuration? I have set a smbpasswd file on samba server, and did the procedure to migrate passwords from linux to samba. Can I have some advices, please ? Thanks, xavier. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] smbf errors
Hello, I can't mount shares of some servers since I use kernel 2.6.x. As it works with smbclient and also with smbmount on kernel 2.4.x, I assume the problem lies within smbfs. Kernel version: 2.6.8.1 Samba version: 3.0.4 Dist: Debian unstable I get errors when I try to mount a share from OS/2 4.0: 1) smbmount everything's fine 2) cd into the mounted dir smbfs output: smb_setup_bcc: Packet too large 42574096 smb_add_request: request [f7298e80, mid=0] timed out! 3) ls in the mounted dir smbfs output: smb_receive_header: short packet: 0 smb_add_request: request [f7353e80, mid=1] timed out! Then ls says: ls: .: Input/output error 4) cd .. smbfs output: smb_get_length: Invalid NBT packet, code 39 smb_add_request: request [f736be80, mid=2] timed out! 5) umount everything's fine Also, it's not possible to mount a share from a server running Samba 3.0.6 on Suse with kernel 2.4.21. I get ``smb_add_request: request[xxx, mid=x] timed out!'' all the time, and this time also already when when I try to mount. I can mount shares, however, from other systems, namely all Windows versions and OS/2 3.0 If it is of any help, I could also supply samba logs and tcpdump dumps, although I couldn't find any error messages in the samba logs. Btw: I tried to enable SMBFS_DEBUG and SMBFS_DEBUG_VERBOSE in smbfs' Makefile, but that didn't change anything. Thanks in advance Alexej -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Samba password synchronization
Firstly excuse my english, i'm spanish. I don´t know how to do this, maybe someone could help me. I have a samba member server for a win2k3 domain. I have winbind configured (it works fine). Now i want to synchronize 2 users password. Linux --Win2k3 Domain root -- DOMAIN_Administrator impresoras --- DOMAIN_impresoras How can i do this it is posible using samba ??? What i want is from windows to linux, if i change the windows user password, then the unix user password must change Un saludo Eneko -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Using Samba over VPN - shares disconnect on Windows clients
Hi Mark, doing wins is always the better choice, and it takes no costs to the network, some older progs ignore dns and do only wins. I always setup Samba as a wins server, to avoid additional broadcasts by the windows clients, have a propper setup internal dns should be the normal case. But this seems to me is only a add in your case. Adsl or isdn , is only a question from performance , it doesnt relate to the quality of the vpn. ( for sure it should be stable anyway ) If your network is not really stable , maybe firewall issuses on the xp client or on the gateway itself, the open and close from a folder ist not clearly noticed by the server-client connection, this might be your problem , using tcpdump and etherreal may clear this. Using vpn ( pptp ) is difficult to setup , cause there are some many parts you have to think off. I usually test it from a internal machine first. Even if the pptp conect works from internal works perfectly, i start to test it from outside. I allways start the test from a isdn win client directly connected to the internet , without having any firewall on the client enabled. ( normally after this test this client musst be reinstalled cause its totaly hacked by minutes ) If this works i do the same test via a direct adsl line. If this works i used to test it with a direct adsl line and kerio firewall enabled. I never use Win xp firewall cause of low tuning features. Also the win xp client should be able to connect to the samba domain in the internal net without any problems , before trying conect it from vpn. Last test ist with multiple adsl routers , having pptp passtrough enabled. During this testing , i tuned the pptpd options to the values i posted, and it works now stable and nice. I would start trying conect from a internal machine to the samba server via vpn, so you are sure it works in principal, this is the to boarder the bug, after that you know if you have to tune pptp or samba. I have a test net , parted from internal and vpn net via a iptables firwall, so no dhcp problems may happen. As a tip , you should have a look to openvpn which works very nice too, i use it for static vpn , between my office networks (fixed ips), but you can also use it ( with dyndns ) for windows.But it is not my first choice vor dialup vpns. Sorry but i dont know any more tips, tracing your network traffic looking the log on the client server and the gateway should show up the bug. Best Regards Mark Huff schrieb: robert, the user is coming in via ADSL on both sides of the line As he is attaching to the samba share using IP address (not system name) then wins is not needed (is it?)...i.e., he maps the drive from WinXP as \\192.168.1.x\share . We do not have a problem with him connecting through the VPN at all, only in getting the mapped share to stay where it belongs. He maps the drive initially, and can see the files in the share. He closes the explorer window for the mapped drive, then tries to reopen the explorer window for the drive to view the files and that is when the problem occurs I have a feeling it might have something to do with the port 139, but am not sure on that. I have lowered my mtu and mru in the options.pptpd file and initially we got good connection, but then, after being able to open the close the folders a few times, he got the problem of the not being able to open the folder with the error from windows that the drive is already in use kind thing. If he disconnected the mapped drive then re-maps it, it connects just fine initially, the just dies away again. any thing else you can think of?? Mark -Original Message- From: rruegner [mailto:[EMAIL PROTECTED] Sent: Friday, 10 September 2004 8:33 PM To: Mark Huff Subject: Re: [Samba] Using Samba over VPN - shares disconnect on Windows clients Hi, i have also a dial in vpn over pptp and it works like charme, did you give the right wins server and dns server for the dial in machines, do you use the stripped domain patch? Are you aware that your dial in network range does not conflict with a dhcp server which migth be exist in your network too, what about the firewall ( iptables on the vpn gateway, some on th client? ) What are the samba logs. Are you sure that the problem does not not belong to a pptp passtrough problem on the client side? Inconsitant VPN Networks may result in multiple Problems. i have something like this as pptp.options Note: to use this on use suse 9 i had to do a few patches ie stripped domain , and 128 bit chapms-strip-domain name * lock mtu 1490 mru 1490 proxyarp auth +chap +chapms-v2 ipcp-accept-local ipcp-accept-remote lcp-echo-failure 3 lcp-echo-interval 5 deflate 0 mppe-128 mppe-40 mppe-stateless # Specify which DNS Servers the incoming Win95 or WinNT Connection should use # Two Servers can be remotely configured ms-dns 10.10.3.1 # Specify which WINS Servers the incoming connection Win95 or WinNT should use ms-wins 10.10.3.2 logfile /var/log/pptpd.log i am runnig the pptp
Re: [Samba] samba 3 / AD / krb5_cc_get_principal failed
On Mon, 2004-09-06 at 11:51 +0200, Olaf Zaplinski wrote: Hi all, I successfully joined my Samba 3.0.6 box to our AD tree. wbinfo -t and -u work as expected. But when I try to access a share on the samba box (Windows AD controller), I am asked for a password, Samba then logs [2004/09/06 11:49:28, 1] smbd/sesssetup.c:reply_spnego_kerberos(173) Failed to verify incoming ticket! winbindd sometimes logs [2004/09/06 11:42:55, 1] libsmb/clikrb5.c:ads_krb5_mk_req(313) krb5_cc_get_principal failed (No credentials cache found) I had this same problem. Samba + AD compatibility seems to be much farther from complete than advertised, and is rather flimsy. It's easier to use RPC, but if your domain is in native mode, there are likely to be problems still. We have a server that worked great for several years, and since we switched to native mode AD (which the samba FAQs say is fine) we have had no end of problems. Numerous groups don't work, ACLs stopped working, hangs, crashes etc. Not trying to discourage you, but be warned that this is the sort of bleeding-edge stuff that will actually leave you bleeding. -Mark -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Re: Mail Delivery (failure info@membershipplus.net)
This is automated reply to your email. You have sent an email to an address that is no longer used at Membership+ Your email has not been received by anyone at Membership+. We apologize for this inconvenience. If you are trying to contact someone at Membership+, please visit our support page located online at http://www.membershipplus.net/support.shtml Also, if you could, please let us know which email address you were trying to contact us at, and where you obtained that email address. Thank you for contacting Membership+. Membership+ Staff http://www.membershipplus.net -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: CUPS Print Quality -- WAS -- UPDATE Where are the ADOBE PS Drivers?
n Fri, 10 Sep 2004 09:52:34 +0100, Simon Hobson [EMAIL PROTECTED] wrote: Chris McKeever wrote: The reason I ask, was that I thought (for some reason) that the CUPS processing made the windows client driver independent - but if the windows client uses the PPD - then I am thinking that I was mistaken The first step (as far as Samba printing is concerned), if not already feeding it the right format, is to pre-process the input file to extract device specific options and convert them to Cups parameters and generate a device-independent Postscript file. It selects a set of conversion filters, typically using Ghostscript to generate a bitmap image and then encode this into the printers native format. If properly configured, there is no reason that Cups should not be able to produce output as good as any other driver. The quality you actually get will largely depend on the settings (particularly resolution and colour depth) for the PS to bitmap conversion, plus an element of how well the device dependent filter converts the resulting bitmap to the printers native format. I believe in my tests, it was becausae I was going to a non PS printer using the generic HPLJ PPD -- and unfortunately, both the PPD's I tested using the ppd test script failed From the above, you can prbably imagine that if you use a generic PPD, you can use the same driver and PPD for all printers, but you won't get access to all the facilities available on a printer. If you stick with the Adobe PS drivers, then you can use the same driver for all printers, only the PPD is different. So - the PPD controls the print options - therefore driver independence isnt fully achievable since you need the printer specific PPD (if you want to be able to set printer specific information per job) from the howto: A postscript file that was created to contain device-specific ommands for achieving a certain print job output on a specific target machine, may not print as expectd, or may not be printable at all on other models Now what would be nice (and who knows if at all possible) - if there was a generic CUPS PPD, which gave general print options (duplex/punched) -- when sent from windows into the cups spooled, cups could extract what the client requested, use the PPD of the vendor to ensure what was requested is available, recreated the PS file and send it to the printer. With this, the client could be completely driver/ppd independent from the howto: for real PS printers, DO NOT use the foomatic PPD's. The original vendor PPD's are always first choice Thanks for the information - if I am still off, I apologize Simon -- Simon Hobson MA MIEE, Technology Specialist Colony Gift Corporation Limited Lindal in Furness, Ulverston, Cumbria, LA12 0LD Tel 01229 461100, Fax 01229 461101 Registered in England No. 1499611 Regd. Office : 100 New Bridge Street, London, EC4V 6JA. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] tech: Samba configuration settings.
Hello, I have just installed fedora core 2 hoping I can get away from windows. Everything is going smoothly so far except for samba server. I have it running and I can see the Linux machine in the network places on my windows machine, but when I try to access it through windows network places (duple clicking I get an error message from windows that is something like: There is a duplicate name on the network. please go to the systems settings and network Id and change the name of the computer. Something to that effect. I have no clue as to why I tired configuring it manual and through the server settings window and I still get the same message.. Can some one help. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: CUPS Print Quality -- WAS -- UPDATE Where are the ADOBE PS Drivers?
Chris McKeever wrote: So - the PPD controls the print options - therefore driver independence isnt fully achievable since you need the printer specific PPD (if you want to be able to set printer specific information per job) Yes, that is true. What I am not sure about as I've not done the testing to support it, is whether just changing the PPD and re-running cupsaddsmb will result in the client getting the new ppd installed (our login script maps the printers on this site). If it does then swapping out a printer should be as simple as changing the ppd on the server. from the howto: A postscript file that was created to contain device-specific ommands for achieving a certain print job output on a specific target machine, may not print as expectd, or may not be printable at all on other models One of the things about Postscript is that it tends to degrade reasonably well. I'm fairly confident that in most cases you could send a file that (for example) requests duplex printing to a printer without that feature and it will still print (but without the duplex of course). Now what would be nice (and who knows if at all possible) - if there was a generic CUPS PPD, which gave general print options (duplex/punched) -- when sent from windows into the cups spooled, cups could extract what the client requested, use the PPD of the vendor to ensure what was requested is available, recreated the PS file and send it to the printer. With this, the client could be completely driver/ppd independent from the howto: for real PS printers, DO NOT use the foomatic PPD's. The original vendor PPD's are always first choice You could roll your own ! I don't know if you've looked at the contents of a ppd, but they tend to be fairly easy to understand (if a bit large for a complex printer). If you started with a complex printer ppd and stripped out the bits you don't need then you could end up with something that would just have the features you want, and I think you would probably find the output reasonably portable. -- Simon Hobson MA MIEE, Technology Specialist Colony Gift Corporation Limited Lindal in Furness, Ulverston, Cumbria, LA12 0LD Tel 01229 461100, Fax 01229 461101 Registered in England No. 1499611 Regd. Office : 100 New Bridge Street, London, EC4V 6JA. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba Password Problems (Alt-Characters)-SOLVED
Good Morning All, I figured out a solution this problem. I dumped the results of testparm to a file (testparm -v smb_dump-file-01. dos charset = CP850, unix charset = UTF-8. local display = LOCALE. I set the unix charset variable in smb.conf to unix charset = iso8859-1, restarted smb, and verified unix charset set to iso8859 using testparm -v smb_dump-file-02. I verified that my locale was ISO-8859-1 using locale charmap. I tried syncing up UTF-8 as suggested, but could not get it to work correctly with the alt-characters. I want to thank Andrew for pointing me in the right direction. Stuart - Original Message - From: Stuart Highlander [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Wednesday, September 08, 2004 3:41 PM Subject: [Samba] Samba Password Problems (Alt-Characters) Good Afternoon All: Here is the setup: A RedHat 7.2 Samba 2.2.7 Server upgraded to Fedora Core 1 Samba 3.0.6-2.FC1. The server is acting as the PDC. No Windows servers are providing authentication. Windows 2000 clients. testparm -v | grep unix charset results in UTF-8. locale charmap results in ISO-8859-1. using smbpasswd. Before upgrading the server, I was able to authenticate users to the domain on the Win2k boxes with alt-characters (alt-0162=¢) in their passwords. Since upgrading the server, users who had these type of characters in their passwords with passwords that have not changed, are able to authenticate, but changing a user's password to a new password that contains these characters results in not being able to authenticate. Any ideas? Stuart -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Problem using pam_winbind to authenticate with Windows 2003 Active Directory Server.
Thanks, that worked beautifully. -Original Message- From: Gerald (Jerry) Carter [mailto:[EMAIL PROTECTED] Sent: Thursday, September 09, 2004 6:45 PM To: Wong, G. MR EECS Cc: [EMAIL PROTECTED] Subject: Re: [Samba] Problem using pam_winbind to authenticate with Windows 2003 Active Directory Server. -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Wong, G. MR EECS wrote: | If sAMAaccountName = UserPrincipalName | user can Log in | Else | can't ( The error message from pam_winbind is: PAM | error was 10, NT error was NT_STATUS_NO_SUCH_USER ) | | Why is this occuring? Do I need to use other programs | in conjunction with samba to get this to work and if so | are there some instructions to do so? HELP! Recently fixed for the upcoming 3.0.7 release. Here's the patch. cheers, jerry - - Alleviating the pain of Windows(tm) --- http://www.samba.org GnuPG Key- http://www.plainjoe.org/gpg_public.asc If we're adding to the noise, turn off this song--Switchfoot (2003) -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFBQNz9IR7qMdg1EfYRAgdnAJ9raUexgprsxOGp8zc6red+rJPEhQCfQ9oW hAXpVmXSQFCK+QG4JBb1mzo= =xxGa -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: CUPS Print Quality -- WAS -- UPDATE Where are the ADOBE PS Drivers?
On Fri, 10 Sep 2004 14:45:08 +0100, Simon Hobson [EMAIL PROTECTED] wrote: Chris McKeever wrote: So - the PPD controls the print options - therefore driver independence isnt fully achievable since you need the printer specific PPD (if you want to be able to set printer specific information per job) Yes, that is true. What I am not sure about as I've not done the testing to support it, is whether just changing the PPD and re-running cupsaddsmb will result in the client getting the new ppd installed (our login script maps the printers on this site). If it does then swapping out a printer should be as simple as changing the ppd on the server. I dont think that you can push the client a new PPD by changing it on the server .. it gets downloaded to the client on the first connection. I dont think it looks back into the print$ directory -- I think it pulls defaults/etc from the .TDB database files and that about the most of the interaction it has with the server till it spools the job to it -- but your idea below I find quite interesting regarding a generic PPD One of the things about Postscript is that it tends to degrade reasonably well. I'm fairly confident that in most cases you could send a file that (for example) requests duplex printing to a printer without that feature and it will still print (but without the duplex of course). Now what would be nice (and who knows if at all possible) - if there was a generic CUPS PPD, which gave general print options (duplex/punched) -- when sent from windows into the cups spooled, cups could extract what the client requested, use the PPD of the vendor to ensure what was requested is available, recreated the PS file and send it to the printer. With this, the client could be completely driver/ppd independent You could roll your own ! I don't know if you've looked at the contents of a ppd, but they tend to be fairly easy to understand (if a bit large for a complex printer). If you started with a complex printer ppd and stripped out the bits you don't need then you could end up with something that would just have the features you want, and I think you would probably find the output reasonably portable. I have tried 3 of my PPD's all failed the testppd.php script --- figures...but I said this before, striving for driver independence on the client may be a 'holy grail quest'. -- Simon Hobson MA MIEE, Technology Specialist Colony Gift Corporation Limited Lindal in Furness, Ulverston, Cumbria, LA12 0LD Tel 01229 461100, Fax 01229 461101 Registered in England No. 1499611 Regd. Office : 100 New Bridge Street, London, EC4V 6JA. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Local vs Domain sid using net commands
I am curious. I have joined my 3.0.4 samba server to my NT4 domain. However, when I do a net groupmap list, I notice that the SID of the Samba Domain accounts (i.e. Domain Admins, Domain Guests, Domain Users) is not the same as the sid of the domain that it is joined to, when doing a net rpc getsid. Why is this? Does this mean that the Domain accounts in Samba are not really associated with the domain accounts in the NT4 domain? Thanks, _ Timothy S. Stanley IS Manager Küsters Corporation -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Permission weirdness
Okay... Another interesting turn-out... I issued a 'klist' on my samba server. And got this: Ticket cache: FILE:/tmp/krb5cc_0 Default principal: [EMAIL PROTECTED] Valid starting ExpiresService principal 09/09/04 16:10:24 09/10/04 02:10:29 krbtgt/[EMAIL PROTECTED] renew until 09/10/04 16:10:24 Is this a problem? Should I issue a kdestroy? I am not that strong with kerberos yet, and I am a little fuzzy on the implications of doing a kdestroy. Anyone? Thanks. Chris On Thursday 09 September 2004 04:34 pm, Chris wrote: Okay, I left and rejoined the domain. Same problem... if this is the problem Any help is appreciated! Thanks. Chris On Thursday 09 September 2004 04:13 pm, Chris wrote: Okay.. I think I may have found something, but I don't know what to do about it I have found this in my log.winbind file: [2004/09/09 15:50:55, 1] nsswitch/winbindd_util.c:add_trusted_domain(180) Added domain NAIC NAIC.INT S-0-0 [2004/09/09 15:50:55, 1] libsmb/clikrb5.c:ads_krb5_mk_req(306) krb5_cc_get_principal failed (No credentials cache found) [2004/09/09 15:50:55, 1] nsswitch/winbindd_util.c:add_trusted_domain(180) Added domain NAICSYS S-1-5-21-1898674339-994652211-837300805 [2004/09/09 15:50:55, 1] nsswitch/winbindd_util.c:add_trusted_domain(180) Added domain BUILTIN S-1-5-32 [2004/09/09 15:50:55, 1] nsswitch/winbindd_util.c:add_trusted_domain(180) Added domain PERSEUS S-1-5-21-3652935647-1358748155-3390278020 It is the No credentials found part that looks suspicious. When I initially rolled the system out a couple months back, it did not give this error. Now it does, and I can't think of a thing that has changed on the system. Again, the weird thing is it doesn't appear to affect everybody, just certain users trying to use certain resources. I have seen many posts with this error, but no solutions to it. I am going to try to leave and rejoin the domain... I hope I don't regret that... Chris On Thursday 09 September 2004 03:28 pm, Chris wrote: This is worse than I thought! Another user has now complained to me that he does not have rights to something he should have rights to! I have a printer shared out, to use it you must be in the DOMAIN+ColorPrint_ group. He is a member, and yet it won't let him even access it to install it! An authentication box pops up asking for username and passwd. [phaser8400] path = /var/spool/samba valid users = @Domain+ColorPrint_ printable = Yes printer name = phaser8400 browseable = No root preexec = echo Connect :%T U.G=%U.%G u.g=%u.%g /root/.info/p8400.log root postexec = echo Disconnect:%T U.G=%U.%G u.g=%u.%g /root/.info/p8400.log printer admin = @DOMAIN+Domain Admins Nothing has changed... I haven't messed with any of the configuration files or added any new software. This just started happening spontaneously it seems. my wbinfo -t/-u/-g all look good. Is the tdb corrupted or something? What can I do to fix this? Chris On Thursday 09 September 2004 02:29 pm, Chris wrote: Hello. I am running samba 3.0.5 in an ADS environment. I have a win2k3 server as the DC and my samba machine (running on Gentoo Linux) is a member of that domain. I am using winbind. I have three users, for this example I will call them Larry, Curly and Moe. All three have RW access to a share on the server called stooges. The linux perms on this directory look like this: drwxrwx--- root DOMAIN+stooges_ stooges There are other users who are members of the DOMAIN+stooges group, but these three are in charge and need access to a more restricted subdirectory of stooges. So I made a stooges_CIA directory under the stooges share. Its linux perms look like this: drwxrwx--- root DOMAIN+stooges_CIA_ stooges_CIA Larry, Curly and Moe are all members of both the DOMAIN+stooges_CIA_ (only those three) and the DOMAIN+stooges_ groups (those 3 plus other users in the dept). Now here is the strange part: Larry and curly can access everything in the share stooges and the subdirectory stooges_CIA. Moe, can access everyting in the stooges share but NOT anything in the stooges_CIA subdir. This makes absolutely no sense to me! Moe is a group member of DOMAIN+stooges_CIA. He shows up thusly when I do a 'getent group' or when I do a 'groups DOMAIN+moe'. Likewise, he shows up on the domain controller as being part of that group. *BOTH* systems have him listed in that group -- but for some reason he has no access! He gets this error: \\server\stooges\stooges_CIA is not accessible. You might not have permission to use this network
[Samba] Announcing to ourselves ???
I found this i our log.nmbd, occurs each hour: [2004/09/10 16:03:36, 2] nmbd/nmbd_browsesync.c:announce_local_master_browser_to _domain_master_browser(109) announce_local_master_browser_to_domain_master_browser: We are both a domain and a local master browser for workgroup NEOVISION. Do not announce to ourselves. [2004/09/10 16:03:36, 2] nmbd/nmbd_browsesync.c:sync_with_dmb(151) sync_with_dmb: Initiating sync with domain master browser SERVER20 at IP 192.168.0.1 for workgroup NEOVISION One cause for this I can imagine is that we joined by SERVER machine our own domain controlled by the same machine. Do you know how to *left* joined domain, e.g. by using net command? Radek Svoboda Neovision s.r.o., Prague [EMAIL PROTECTED] http://www.neovision.cz -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] samba 3.0.4
I am using samba 3.0.4 on a SUSE 9 using smbpasswd as backend db, very simple installation to get the hang of samba. I am able to join the domain with root samba user, I created using swat, when I log in as that user, in the home directory there are 2 other directories, bin and desktop, I now that those directories should not be there because it's the users home folder, I also installed webmin, I can create the user in webmin, but for some reason am an not able to log in use any other user name but root. Please help, your input is greatly appreciated Mark -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] How to Upgrade from 2.2.8a to 3.0.6
As part of my continuing Pd into this problem I have:- setup two more users on my NT domain op86vb op86vc I then did getent passwd xxxdom+op86vb it returned XXXDOM+op86vb:x:20592:1::/smb/homes/op86vb:/bin/false getent passwd xxxdom+op86vc it returned XXXDOM+op86vc:x:20593:1::/smb/homes/op86vc:/bin/false so far so good I then created a home directory for op86vb in /smb/homes then I chown xxxdom+op86vb op86vb still good then I tried to access the home directory both from windows and Linux smbclient //localhost/op86vb -U citdom+op86vb This failed with an NT tree error about 5minutes later I noticed that now when I did getent passwd xxxdom+op86vb it returned nothing but when I type getent passwd xxxdom+op86vc it still returns XXXDOM+op86vc:x:20593:1::/smb/homes/op86vc:/bin/false the only difference between the two is that op86vc has not tried to access the samba server, I don't know if this helps you to help me fix my problem. If I do a getent passwd|less I can see both the ids in the file. | cd nsswitch | cp libnss_winbind.so /lib Make sure that there is a symlink from /lib/libnss_winbind.so.2 - /lib/libnss_winbind.so * Yes I had already setup the symlink | if I do a directory listing it now looks like this | | | drwxrws--- 22 16043 CITDOM+Domain Admins make sure nscd is not caching previous negative lookups. Also, is 16043 within the winbind uid range ? *nscd is not running *winbind uid range in 1 - 5 | If I type chown OP86V op86v it works but is using | a uid of 20266 Hmmm...make sure you set 'winbind enable local accounts = no'. Now run 'getent passwd OP86V'. If you get an entry back, run 'wbinfo -x OP86V'. Now run getent passwd OP86V' again. See if this helps. *Did have to change 'winbind enable local accounts = no' * followed rest of your instructions but still no joy Here are the 2.2.8a smb.conf files [global] netbios name = SRVSAM02 netbios aliases =SRVSAM02A workgroup = xxxdom security = domain encrypt passwords =yes map to guest = bad user name resolve order = wins lmhosts host bcast dns proxy = no password server = server1 server2 preferred master =no domain master = no local master = no log level = 2 log file =/var/log/samba wins server =172.19.1.1 winbind uid =1-5 winbind gid =1-5 winbind separator =+ winbind cache time = 10 template homedir =/smb/homes/%U [homes] comment = Home directory for %U path = /smb/homes/%U read only = no browseable = no inherit permissions =no inherit acls = yes create mask = 0660 force user = %U # force create mode = 0660 directory mask =0770 force directory mode =0770 root preexec =/usr/local/bin/buildhome %U %G [admin] comment = Administrative Share path = /smb valid users =@xxxdom+Domain Admins admin users =@xxxdom+Domain Admins administrator force user = root read only = no browseable = no create mask = 0660 directory mask =0770 [share] comment = share path = /smb/data/share browseable = yes read only = no [itdrive] comment = itdrive path = /smb/data/itdrive browseable = yes inherit permissions =no read only = no create mask = 0660 force create mode = 0660 directory mask =0770 force directory mode = 0770 [dataxx] comment = dataxx path = /smb/data/dataxx browseable = yes inherit permissions =no read only = no create mask = 0660 force create mode = 0660 directory mask =0770 force directory mode = 0770 Here is the 3.0.6 smb.conf file [global] netbios name = SRVSAM02 netbios aliases =SRVSAM02A workgroup = xxxdom security = domain encrypt passwords =yes ; socket options = TCP_NODELAY SO_SNDBUF=1500 SO_RCVBUF=1500 map to guest = bad user name resolve order = wins lmhosts host bcast dns proxy = no password server = server1 server2 preferred master =no domain master = no local master = no log level = 2 log file =/var/log/samba wins server =172.19.1.1 winbind uid =1-5 winbind gid =1-5 winbind separator =+ winbind cache time = 10 template homedir =/smb/homes/%U [homes] comment = Home directory for %U path = /smb/homes/%U read only = no browseable = no inherit permissions =no inherit acls = yes create mask = 0660 force user = %U # force create mode = 0660 directory mask =0770 force directory mode =0770 root preexec =
Re: [Samba] How to Upgrade from 2.2.8a to 3.0.6
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 [EMAIL PROTECTED] wrote: | As part of my continuing Pd into this problem I have:- | | setup two more users on my NT domain | | op86vb | op86vc | | I then did | | getent passwd xxxdom+op86vb it returned | XXXDOM+op86vb:x:20592:1::/smb/homes/op86vb:/bin/false | | getent passwd xxxdom+op86vc it returned | XXXDOM+op86vc:x:20593:1::/smb/homes/op86vc:/bin/false | | so far so good | | I then created a home directory for op86vb in /smb/homes | then I chown xxxdom+op86vb op86vb | | still good | | then I tried to access the home directory both from windows and Linux | | smbclient //localhost/op86vb -U citdom+op86vb | | This failed with an NT tree error | | about 5minutes later I noticed that now when I did | | getent passwd xxxdom+op86vb it returned nothing Did you apply the winbind_getpwnam_v1.patch found at http://samba.org/~jerry/patches/post-3.0.6 ? This ia a known bug in 3.0.6 (fixed in 3.0.7). cheers, jerry - - Alleviating the pain of Windows(tm) --- http://www.samba.org GnuPG Key- http://www.plainjoe.org/gpg_public.asc If we're adding to the noise, turn off this song--Switchfoot (2003) -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFBQcYrIR7qMdg1EfYRAjSWAKCzel6UFRMRjI7a2xRd6rwUkvYSBgCgtzBJ Xp6SpR3rJOMKxNrnRD9L1g8= =+BSE -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: CUPS Print Quality -- WAS -- UPDATE Where are the ADOBE PS Drivers?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Chris McKeever wrote: | I dont think that you can push the client a new | PPD by changing it on the server .. it gets downloaded | to the client on the first connection. I dont think | it looks back into the print$ directory -- I | think it pulls defaults/etc from the .TDB database | files and that about the most of the interaction it | has with the server till it spools the job to it -- | but your idea below I find quite interesting | regarding a generic PPD The client should update it's local cache of printer information (registry keys, devmode, etc...) and the driver file when: (a) the change_id timestamp on the printer changes, and (b) the timestamp on the new ppd file is newer than the old file. cheers, jerry - - Alleviating the pain of Windows(tm) --- http://www.samba.org GnuPG Key- http://www.plainjoe.org/gpg_public.asc If we're adding to the noise, turn off this song--Switchfoot (2003) -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFBQc+3IR7qMdg1EfYRAvdCAJ4kHSt3FQzXzflfZAEGG2N5pb3dHwCeL9Kl Zs0XKPBVjq14vgD+hkV7SSA= =+iKh -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] NT Domain Failure issue when new users map share
Hi There, I am having an issue with SAMBA ver 2.2 on a linux 7.1 kernal 2.4. When i create new users they are unable to map share from the windows client but the old users are fine. and I get the following error in the log.smbd. I am new to Linix/samba. Please let me know what else I should look for. LOG.SMBD: [2004/09/10 11:04:57, 0] smbd/password.c:domain_client_validate(1613) domain_client_validate: unable to validate password for user mkumar in domain TIERS to Domain controller aus_dc021. Error was NT_STATUS_TRUSTED_DOMAIN_FAILURE. [2004/09/10 11:04:58, 0] rpc_client/cli_netlogon.c:cli_net_sam_logon_internal(411) cli_net_sam_logon_internal: NT_STATUS_TRUSTED_DOMAIN_FAILURE [2004/09/10 11:04:58, 0] smbd/password.c:domain_client_validate(1613) domain_client_validate: unable to validate password for user mkumar in domain TIERS to Domain controller aus_dc021. Error was NT_STATUS_TRUSTED_DOMAIN_FAILURE. [2004/09/10 11:16:02, 0] rpc_client/cli_netlogon.c:cli_net_sam_logon_internal(411) cli_net_sam_logon_internal: NT_STATUS_WRONG_PASSWORD [2004/09/10 11:16:02, 0] smbd/password.c:domain_client_validate(1613) domain_client_validate: unable to validate password for user mtej in domain txtiers_dev to Domain controller aus_dc021. Error was NT_STATUS_WRONG_PASSWORD. [2004/09/10 11:16:41, 0] rpc_client/cli_netlogon.c:cli_net_sam_logon_internal(411) cli_net_sam_logon_internal: NT_STATUS_TRUSTED_DOMAIN_FAILURE [2004/09/10 11:16:41, 0] smbd/password.c:domain_client_validate(1613) domain_client_validate: unable to validate password for user mkumar in domain TIERS to Domain controller aus_dc021. Error was NT_STATUS_TRUSTED_DOMAIN_FAILURE. [2004/09/10 11:16:41, 0] rpc_client/cli_netlogon.c:cli_net_sam_logon_internal(411) cli_net_sam_logon_internal: NT_STATUS_TRUSTED_DOMAIN_FAILURE [2004/09/10 11:16:41, 0] smbd/password.c:domain_client_validate(1613) domain_client_validate: unable to validate password for user mkumar in domain TIERS to Domain controller aus_dc021. Error was NT_STATUS_TRUSTED_DOMAIN_FAILURE. [2004/09/10 11:16:41, 0] rpc_client/cli_netlogon.c:cli_net_sam_logon_internal(411) cli_net_sam_logon_internal: NT_STATUS_TRUSTED_DOMAIN_FAILURE [2004/09/10 11:16:41, 0] smbd/password.c:domain_client_validate(1613) domain_client_validate: unable to validate password for user mkumar in domain TIERS to Domain controller aus_dc021. Error was NT_STATUS_TRUSTED_DOMAIN_FAILURE. [2004/09/10 11:16:42, 0] rpc_client/cli_netlogon.c:cli_net_sam_logon_internal(411) cli_net_sam_logon_internal: NT_STATUS_TRUSTED_DOMAIN_FAILURE [2004/09/10 11:16:42, 0] smbd/password.c:domain_client_validate(1613) domain_client_validate: unable to validate password for user mkumar in domain TIERS to Domain controller aus_dc021. Error was NT_STATUS_TRUSTED_DOMAIN_FAILURE. [2004/09/10 11:16:42, 0] rpc_client/cli_netlogon.c:cli_net_sam_logon_internal(411) cli_net_sam_logon_internal: NT_STATUS_TRUSTED_DOMAIN_FAILURE [2004/09/10 11:16:42, 0] smbd/password.c:domain_client_validate(1613) domain_client_validate: unable to validate password for user mkumar in domain TIERS to Domain controller aus_dc021. Error was NT_STATUS_TRUSTED_DOMAIN_FAILURE. [2004/09/10 11:16:42, 0] rpc_client/cli_netlogon.c:cli_net_sam_logon_internal(411) cli_net_sam_logon_internal: NT_STATUS_TRUSTED_DOMAIN_FAILURE [2004/09/10 11:16:42, 0] smbd/password.c:domain_client_validate(1613) domain_client_validate: unable to validate password for user mkumar in domain TIERS to Domain controller aus_dc021. Error was NT_STATUS_TRUSTED_DOMAIN_FAILURE. [2004/09/10 11:16:43, 0] rpc_client/cli_netlogon.c:cli_net_sam_logon_internal(411) cli_net_sam_logon_internal: NT_STATUS_TRUSTED_DOMAIN_FAILURE [2004/09/10 11:16:43, 0] smbd/password.c:domain_client_validate(1613) domain_client_validate: unable to validate password for user mkumar in domain TIERS to Domain controller aus_dc021. Error was NT_STATUS_TRUSTED_DOMAIN_FAILURE. [2004/09/10 11:16:43, 0] rpc_client/cli_netlogon.c:cli_net_sam_logon_internal(411) cli_net_sam_logon_internal: NT_STATUS_TRUSTED_DOMAIN_FAILURE [2004/09/10 11:16:43, 0] smbd/password.c:domain_client_validate(1613) domain_client_validate: unable to validate password for user mkumar in domain TIERS to Domain controller aus_dc021. Error was NT_STATUS_TRUSTED_DOMAIN_FAILURE. (END) Thanks Rehan ___ Do you Yahoo!? Shop for Back-to-School deals on Yahoo! Shopping. http://shopping.yahoo.com/backtoschool -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] CUPS Printer Class support?
Greetings Admins, We run cups 1.1.20 with samba 3.0.4 on debian woody to serve point'n'print to Win2K/XP clients. Does samba support CUPS Printer Classes? How do you install these in samba? regards, Ryan -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] create_canon_ace_lists: unable to map SID
I know this is probably something very simple but I can't for the life of me figure out what's going on. This is a very basic setup using domain security and joined NT style in an AD running in Mixed Mode. I am *not* using winbind, all user and group accounts are represented locally in /etc/passwd and /etc/group. For the most part this is functional, from a windows client I am able to modify access permissions for users already in the ACL (using acl support, filesystem is mounted with acl option etc.). What I cannot do is add users to the acl from the windows side. Does anyone know what I am doing wrong? Christian -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Missing charset ISO8859-1.so in 3.0.6?
Thanks, Andrew. I assumed it really wasn't a problem, since the connection was working in spite of those fatal error messages. But, if I might inquire further... By configuring, do you mean just setting the LANG environment variable to something other than its current en_US.ISO8859-1 setting? Maybe something like en_US.CP850? And if I do such a thing, is it then necessary to copy the CP850.so into /usr/lib/iconv (where all its other charsets live?) Please forgive the fact that although libiconv has been installed on this system for some time now, I'm not really all that clear on what it's used for. :-) Oh, and I had the debug turned up in order to figure out why my win2k machine kept telling me the server wasn't running. That just turned out to be that winbindd had died which was easily corrected after discovery, but I thought it might be some weirdness in smbd. Thanks again. -Original Message- From: Andrew Bartlett [mailto:[EMAIL PROTECTED] Sent: Thursday, September 09, 2004 7:48 PM To: John B. Scalia Cc: [EMAIL PROTECTED] Subject: Re: [Samba] Missing charset ISO8859-1.so in 3.0.6? On Thu, 2004-09-09 at 23:46, John B. Scalia wrote: I recently installed and built 3.0.06 on my Solaris 9 Ultra 5 station. When I start either smbd or nmbd, the log files indicate a missing shared library during initialization, but the daemons appear to be running anyway. Specifically, the log says: [2004/09/09 09:09:07, 3] lib/module.c:do_smb_load_module(46) Error loading module '/usr/local/samba/lib/charset/ISO8859-1.so': ld.so.1: /usr/local/samba/sbin/smbd: fatal: /usr/local/samba/lib/charset/IS)8859-1.so: open failed: No such file or directory That is normal - but you should configure your 'unix charset' and 'display charset' to values that your system iconv() (if you have added libiconv to solaris) knows about, or the CP850 module we ship. Basically, we presume that the system iconv() can handle things, but if not, we look for a plugin (which may or may not exist - hence it being level 3 debug, not level 0). Andrew Bartlett -- Andrew Bartlett [EMAIL PROTECTED] Authentication Developer, Samba Teamhttp://samba.org Student Network Administrator, Hawker College [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Samba(PDC) - LDAP problem only with W2KAS and XP clients
Hi, my name is Gonzalo, I have the following problem: I have a Samba 2.2.8a configured as a PDC server running on Solaris 9 and pointing to a users database acceded by LDAP (SunOne Directory Server 5.2). Everything works very well while I register hosts with W2000 Proffesional in the Domain. The problem appears when I want to join the domain with WXP or W2K AS hosts (I didn't prove with W2000S but I supposed It'll be the same). The registration process into the domain looks to work fine but it does not, Windows shows Wellcome to MYDOMAIN Domain, when I restart the PC and want to start a session with a domain user, the W2K Server o WXP shows the next message: The system cannot begin its session at this time because domain MYDOMAIN not this available or something like that... In the log of the samba I've found that during the registration to the domain, the following error is reported: [2004/08/15 18:53:45, 2] rpc_parse/parse_samr.c:samr_io_userinfo_ctr(6285) samr_io_userinfo_ctr: unknown switch level 0x1a [2004/08/15 18:53:45, 0] rpc_server/srv_samr.c:api_samr_set_userinfo(670) api_samr_set_userinfo: Unable to unmarshall SAMR_Q_SET_USERINFO. I don't know if this could help but hers is a copy of my smb.conf file [global] workgroup = MYDOMAIN netbios name = MAIN server string = Samba PDC Server interfaces = 192.168.104.1/24 bind interfaces only = Yes encrypt passwords = Yes passwd program = /opt/samba/bin/change_LDAP_passwd.sh %u passwd chat = *New*Password:* %n\n *Re-enter*new*Password:* %n\n *changed* unix password sync = Yes log level = 2 log file = /opt/local/samba/var/log.%m max log size = 50 domain admin group = smbadm domain logons = Yes os level = 80 preferred master = Yes domain master = Yes dns proxy = No wins support = Yes ldap server = 192.168.1.1 ldap port = 389 ldap suffix = o=myorg,o=root ldap admin dn = uid=admin,ou=People,o=myorg,o=root ldap ssl = no hosts allow = 192.168.1.0/255.255.255.0 profile acls = Yes [homes] comment = Home Directories valid users = %S read only = No browseable = No [netlogon] comment = Network Logon Service path = /opt/samba/lib/netlogon guest ok = Yes share modes = No I can attach all the logs of the LDAP, if somebody thinks that they can help. if someone can help me, thanks in advance, Gonzalo. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba 3.0.6 Problems w/AD and Kerberos
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Christian Merrill wrote: | Well from my end (Redhat) the behavior is indicative of | a known issue with the MIT kerberos 1.2.x packages | that we currently support and Win2k3 DC's...however Win2k | DC's have been operating fine as far as I know. What I | am seeing are customers who were previously running | upgrade to the 3.0.6 samba package and then start to | encounter these errors. If they downgrade the samba | package the problem goes away. I've also noticed a few | other posts from users on other distros such as | Debian encountering very similar behavior. | On the surface it really looks like a kerberos problem, | but people are reporting that it seems to be directly | linked to the samba package. My current test environment | is on 2k3 so I'm still in the process of setting up a | 2k AD environment to do testing on...at this point just | relaying feedback that I am getting from others. I spent some time on this today without any luck reproducing the problem. My test server was SuSE 9.1 pro however with heimdal 0.6.1rc3. I've updated the comments in https://bugzilla.samba.org/show_bug.cgi?id=1717 And I checked the ticket cache produced by smbclient //server/share -k from 3.0.5 and 3.0.6. Same host principal is used ([EMAIL PROTECTED]). So far, I've not learned of any common thread from the people who posted on this. I'm open to suggestions. (off to review abartlet's mail to samba-technical about this). cheers, jerry - - Alleviating the pain of Windows(tm) --- http://www.samba.org GnuPG Key- http://www.plainjoe.org/gpg_public.asc If we're adding to the noise, turn off this song--Switchfoot (2003) -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFBQgLaIR7qMdg1EfYRAhVvAJ9skQtebUDF4QgAMFgxE+3IblGBNACgpnzi atDsjikhg3nr7PyaWuVXaLY= =odE/ -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba 3.0.6 Problems w/AD and Kerberos
I submitted a ticket (bugzilla) to redhat on this.. with the 3.0.6 update from them, coupled with their recent kerberos updates, it fails unless you use the FQDN.. its completely reproducable (at least on my end). I moved to security = domain and have it at least working again.. Tom On Fri, 10 Sep 2004, Gerald (Jerry) Carter wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Christian Merrill wrote: | Well from my end (Redhat) the behavior is indicative of | a known issue with the MIT kerberos 1.2.x packages | that we currently support and Win2k3 DC's...however Win2k | DC's have been operating fine as far as I know. What I | am seeing are customers who were previously running | upgrade to the 3.0.6 samba package and then start to | encounter these errors. If they downgrade the samba | package the problem goes away. I've also noticed a few | other posts from users on other distros such as | Debian encountering very similar behavior. | On the surface it really looks like a kerberos problem, | but people are reporting that it seems to be directly | linked to the samba package. My current test environment | is on 2k3 so I'm still in the process of setting up a | 2k AD environment to do testing on...at this point just | relaying feedback that I am getting from others. I spent some time on this today without any luck reproducing the problem. My test server was SuSE 9.1 pro however with heimdal 0.6.1rc3. I've updated the comments in https://bugzilla.samba.org/show_bug.cgi?id=1717 And I checked the ticket cache produced by smbclient //server/share -k from 3.0.5 and 3.0.6. Same host principal is used ([EMAIL PROTECTED]). So far, I've not learned of any common thread from the people who posted on this. I'm open to suggestions. (off to review abartlet's mail to samba-technical about this). cheers, jerry - - Alleviating the pain of Windows(tm) --- http://www.samba.org GnuPG Key- http://www.plainjoe.org/gpg_public.asc If we're adding to the noise, turn off this song--Switchfoot (2003) -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFBQgLaIR7qMdg1EfYRAhVvAJ9skQtebUDF4QgAMFgxE+3IblGBNACgpnzi atDsjikhg3nr7PyaWuVXaLY= =odE/ -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba ___ Tom RyanVoice: 856-225-6361 Consulting System Administrator Fax: 856-969-7900 Rutgers School of Law - Camden IT Help Desk: 856-225-2343 -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] oplock_break failed
Hi, i posted the same problem 3 weeks ago, I was afraid, I am the only one having this problem. I am glad, that there others thinking about that problem too, so maybe we will get it fixed. One try was also to switch off the oplocks, which is not a really good idea, because several users can work on the same file without noticing it. So they will override each others changes. In those (for me helpless) last three weeks the users complaining about problems to save their files grew more and more, they are only w2k - Clients, I have a lot of w98 clients still, never heard a word from them, it is not only excel causing the trouble, but also word, once I got even with notepad and a text file with only the word test as content. Meanwhile I did try to undo all the changes I have made before the problem occured. What I can't easyly undo is the update on the w2k clients, I was pondering changing the linux kernel-update this weekend ( from 2.4.21 back to 2.4.18 I had before the problem existed). I don't like that, and I am glad about the sugesstion checking the switches and NIC's - I never spend a thougth on them - I think the servers NIC, the switch is a 3COM 4400, but I already had one damaged of them to, so maybe 3Com isn't that quality assurance I hoped it to be. Am Donnerstag, 9. September 2004 12:20 schrieb Jeremy Allison: On Thu, Sep 09, 2004 at 12:08:37PM +0200, ric le hnaff wrote: hello i have oplock_break failed in logs, see below. should i consider removing oplocks ? You could try that, although oplock break failed messages are often due to local network problems. Check your switches/hubs/nic cards. Jeremy. -- mit freundlichen Gren Martin Schmidt Tel: 09843/988095 Fax: 09843/988096 email: [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
BUG 1717 [was Re: [Samba] Re: Samba 3.0.6 Problems w/AD and Kerberos]
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Josh T wrote: | I've had this problem since a Samba.org .deb package | upgrade 3.0.5 to 3.0.6 on Debian stable. Domain is ADS | Windows 2000 Native - both domain controllers are W2K | Server SP4. I'm using an XP SP2 PC and a Windows 2000 | Server SP4 PC as clients to test (simply because | they're by my desk). | | Yesterday, I set up a fresh test install od debian | stable (under VMWare) and installed from source MIT | Kerberos 1.3.4, OpenLDAP 2.2.15, and Samba 3.0.6 to | see if it was a problem with Debian Stable's older | kerberos. But I had the same problem - \\ipaddress | worked, but \\name didn't. | | So I removed Samba 3.0.6 via: | stopping the daemons | net ads leave | make uninstall in the source dir \ manually deleting /lib/libnss_win* | manually deleting any samba related files in | /var/log /var/run, etc. | | I then downloaded and compiled Samba 3.0.5 and | set it up. It was working last night, however | this morning I started having the same problems... Are the clocks drifting out of sync perhaps ? Can you send me a level 10 debug log of the complete failure? Please also include your /etc/krb5.conf and smb.conf file. Thanks. cheers, jerry - - Alleviating the pain of Windows(tm) --- http://www.samba.org GnuPG Key- http://www.plainjoe.org/gpg_public.asc If we're adding to the noise, turn off this song--Switchfoot (2003) -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFBQgZEIR7qMdg1EfYRAiVvAKDIrR6NDbluI6xHE+xxbdE+KcMADgCg4grG hQ6Kgsznieyc033IMNfV3Lg= =Lf4c -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba 3.0.6 Problems w/AD and Kerberos
Tom Ryan wrote: I submitted a ticket (bugzilla) to redhat on this.. with the 3.0.6 update from them, coupled with their recent kerberos updates, it fails unless you use the FQDN.. its completely reproducable (at least on my end). I moved to security = domain and have it at least working again.. Tom On Fri, 10 Sep 2004, Gerald (Jerry) Carter wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Christian Merrill wrote: | Well from my end (Redhat) the behavior is indicative of | a known issue with the MIT kerberos 1.2.x packages | that we currently support and Win2k3 DC's...however Win2k | DC's have been operating fine as far as I know. What I | am seeing are customers who were previously running | upgrade to the 3.0.6 samba package and then start to | encounter these errors. If they downgrade the samba | package the problem goes away. I've also noticed a few | other posts from users on other distros such as | Debian encountering very similar behavior. | On the surface it really looks like a kerberos problem, | but people are reporting that it seems to be directly | linked to the samba package. My current test environment | is on 2k3 so I'm still in the process of setting up a | 2k AD environment to do testing on...at this point just | relaying feedback that I am getting from others. I spent some time on this today without any luck reproducing the problem. My test server was SuSE 9.1 pro however with heimdal 0.6.1rc3. I've updated the comments in https://bugzilla.samba.org/show_bug.cgi?id=1717 And I checked the ticket cache produced by smbclient //server/share -k from 3.0.5 and 3.0.6. Same host principal is used ([EMAIL PROTECTED]). So far, I've not learned of any common thread from the people who posted on this. I'm open to suggestions. (off to review abartlet's mail to samba-technical about this). cheers, jerry - - Alleviating the pain of Windows(tm) --- http://www.samba.org GnuPG Key- http://www.plainjoe.org/gpg_public.asc If we're adding to the noise, turn off this song--Switchfoot (2003) -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFBQgLaIR7qMdg1EfYRAhVvAJ9skQtebUDF4QgAMFgxE+3IblGBNACgpnzi atDsjikhg3nr7PyaWuVXaLY= =odE/ -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba ___ Tom RyanVoice: 856-225-6361 Consulting System Administrator Fax: 856-969-7900 Rutgers School of Law - Camden IT Help Desk: 856-225-2343 Tom we have had multiple reports of this and I imagine your ticket is probably one of many in my queue right now. We are working on it internally as well but so far have not made any real progress narrowing down the problem. It *appears* that this is actually unrelated to our kerberos update. As I mentioned previously this looks like the problems we have been seeing in win2k3 environments -- almost as if something helped spread this issue to win2k as well. Christian -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Logon Scripts Fail to Execute at Logon
I am running Samba 3.0.6 with and LDAP backend. Here is the output of pdbedit for my user: pdb_set_logon_script: setting logon script scripts\logon.cmd, was element 4 - now SET While logging in with this account (or any other account), this script never executes. I am able to run it manually, but that doesnt help. Dustin A. Dortch Network Administrator Gilchrist Soames Office Email: HYPERLINK mailto:[EMAIL PROTECTED][EMAIL PROTECTED] Mobile Email: HYPERLINK mailto:[EMAIL PROTECTED][EMAIL PROTECTED] s.com Office Phone: 1.317.786.8286 x423 Mobile Phone: 1.317.809.5794 Fax: 1.317.786.2788 --- Outgoing mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.757 / Virus Database: 507 - Release Date: 9/9/2004 -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba 3.0.6 Problems w/AD and Kerberos
Christian, another reason I think this is also kerberos related is that I am also having problems with ssh on my (admittedly) odd round robin dns setup.. I used to be able to ssh to the common hostname and get access to either box, now I get an unknown kerberos error and have to login to either host by name. couple that with my samba issues and how it works with FQDN, and I was inclined to think it was kerberos.. but hey.. I admit it.. you guys know better than I do :) Tom On Tue, 7 Sep 2004, Christian Merrill wrote: Tom Ryan wrote: I submitted a ticket (bugzilla) to redhat on this.. with the 3.0.6 update from them, coupled with their recent kerberos updates, it fails unless you use the FQDN.. its completely reproducable (at least on my end). I moved to security = domain and have it at least working again.. Tom On Fri, 10 Sep 2004, Gerald (Jerry) Carter wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Christian Merrill wrote: | Well from my end (Redhat) the behavior is indicative of | a known issue with the MIT kerberos 1.2.x packages | that we currently support and Win2k3 DC's...however Win2k | DC's have been operating fine as far as I know. What I | am seeing are customers who were previously running | upgrade to the 3.0.6 samba package and then start to | encounter these errors. If they downgrade the samba | package the problem goes away. I've also noticed a few | other posts from users on other distros such as | Debian encountering very similar behavior. | On the surface it really looks like a kerberos problem, | but people are reporting that it seems to be directly | linked to the samba package. My current test environment | is on 2k3 so I'm still in the process of setting up a | 2k AD environment to do testing on...at this point just | relaying feedback that I am getting from others. I spent some time on this today without any luck reproducing the problem. My test server was SuSE 9.1 pro however with heimdal 0.6.1rc3. I've updated the comments in https://bugzilla.samba.org/show_bug.cgi?id=1717 And I checked the ticket cache produced by smbclient //server/share -k from 3.0.5 and 3.0.6. Same host principal is used ([EMAIL PROTECTED]). So far, I've not learned of any common thread from the people who posted on this. I'm open to suggestions. (off to review abartlet's mail to samba-technical about this). cheers, jerry - - Alleviating the pain of Windows(tm) --- http://www.samba.org GnuPG Key- http://www.plainjoe.org/gpg_public.asc If we're adding to the noise, turn off this song--Switchfoot (2003) -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFBQgLaIR7qMdg1EfYRAhVvAJ9skQtebUDF4QgAMFgxE+3IblGBNACgpnzi atDsjikhg3nr7PyaWuVXaLY= =odE/ -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba ___ Tom RyanVoice: 856-225-6361 Consulting System Administrator Fax: 856-969-7900 Rutgers School of Law - Camden IT Help Desk: 856-225-2343 Tom we have had multiple reports of this and I imagine your ticket is probably one of many in my queue right now. We are working on it internally as well but so far have not made any real progress narrowing down the problem. It *appears* that this is actually unrelated to our kerberos update. As I mentioned previously this looks like the problems we have been seeing in win2k3 environments -- almost as if something helped spread this issue to win2k as well. Christian ___ Tom RyanVoice: 856-225-6361 Consulting System Administrator Fax: 856-969-7900 Rutgers School of Law - Camden IT Help Desk: 856-225-2343 -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba 3.0.6 Problems w/AD and Kerberos
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Christian Merrill wrote: | Tom we have had multiple reports of this and I imagine | your ticket is probably one of many in my queue right | now. We are working on it internally as well but so far | have not made any real progress narrowing down the | problem. It *appears* that this is actually unrelated to our | kerberos update. As I mentioned previously this looks | like the problems we have been seeing in win2k3 environments | -- almost as if something helped spread this issue to win2k | as well. Tom, I'm not completely willing to cross this out as a redhat specific issue. I've sen at least one specific report with debian (krb 1.3.4 and samba 3.0.6 both compiled locally). However, krb5 is tricky to debug remotely like this :-\ Can anyone shed any more light on any more platforms? Other than debian and redhat? cheers, jerry - - Alleviating the pain of Windows(tm) --- http://www.samba.org GnuPG Key- http://www.plainjoe.org/gpg_public.asc If we're adding to the noise, turn off this song--Switchfoot (2003) -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFBQg5TIR7qMdg1EfYRAoPeAJ9P6MS1FGPW8NK6rjsKSTT1ZqCXmQCffgex eS5/vVKGvlE4Ud5BEB5s1Lc= =gtE+ -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] mysql settings in smb.conf
Hello, I have a question about the mysql settings in smb.conf. I understand the part on the left of the equal sign (matches a field in the user table from the samba db in mysql). Where does the variable on the right side come from? How do I know what should be put on the right side? Should each line end with a colon? I used the mysql.dump in examples/pdb/mysql to create the database. Are the unknown fields used for anything (unknown_3, unknown_5, unknown_6, unknown_str)? Thanks, Carlos mysql:username column = username: mysql:nt username column = ntusername: mysql:nt fullname column = fullname: -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba 3.0.6 Problems w/AD and Kerberos
On Fri, 10 Sep 2004, Gerald (Jerry) Carter wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Christian Merrill wrote: | Tom we have had multiple reports of this and I imagine | your ticket is probably one of many in my queue right | now. We are working on it internally as well but so far | have not made any real progress narrowing down the | problem. It *appears* that this is actually unrelated to our | kerberos update. As I mentioned previously this looks | like the problems we have been seeing in win2k3 environments | -- almost as if something helped spread this issue to win2k | as well. Tom, I'm not completely willing to cross this out as a redhat specific issue. I've sen at least one specific report with debian (krb 1.3.4 and samba 3.0.6 both compiled locally). However, krb5 is tricky to debug remotely like this :-\ Can anyone shed any more light on any more platforms? Other than debian and redhat? I can testify for solaris 9 on sparc with krb 1.2.5(patched) with samba 3.0.2, 3.0.4, and 3.0.6. [ Rick Brown ][ (404) 894-6175 ] [ Office of Information Technology ][[EMAIL PROTECTED] ] [ Georgia Institute of Technology ][ 258 4th street. Atlanta, GA ] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Re: Re: UID and GID's
Ok, I entered all that stuff in. I also created a samba user in AD and delegated control to the ou idmap to it. I did the smbpasswd -w command and entered all the entries I needed in smb.conf Do I have to set up anything in the ldap.conf? it works kinda, I'm getting the following errors in my winbind.log file: [2004/09/10 16:25:27, 0] sam/idmap_ldap.c:ldap_allocate_id(413) ldap_allocate_id: single sambaUnixIdPool object not found What does it create in the ou Imap? Will I be able to see the entries when using the Active Directory MMC on the domain controllers? wbinfo -u works getent passwd doesn't work, well it only lists the /etc/passwd stuff thanks, -tom Blindauer Emmanuel [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] Le mercredi 8 Septembre 2004 22:37, Tom a écrit : ok, so how do I do that? Do I take out: idmap uid = 16777216-33554431 idmap gid = 16777216-33554431 and add: ldap idmap suffix = ou=Idmap,dc=samba,dc=org No you must keep the uid/gid ranges. you must add some entries for ldap too, and create an adapted ldap server. the relevant section in my smb.conf is: idmap backend = ldap:ldap://the.ldap.server idmap uid = 1-2 idmap gid = 1-2 ldap suffix = dc=domain,dc=local ldap idmap suffix = ou=Idmap ldap admin dn = cn=admin,dc=domain,dc=local -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: Re: UID and GID's
Le vendredi 10 Septembre 2004 23:17, Tom a écrit : Ok, I entered all that stuff in. I also created a samba user in AD and delegated control to the ou idmap to it. I did the smbpasswd -w command and entered all the entries I needed in smb.conf Do I have to set up anything in the ldap.conf? it works kinda, I'm getting the following errors in my winbind.log file: [2004/09/10 16:25:27, 0] sam/idmap_ldap.c:ldap_allocate_id(413) ldap_allocate_id: single sambaUnixIdPool object not found What does it create in the ou Imap? Will I be able to see the entries when using the Active Directory MMC on the domain controllers? you need to create your ldap with correct entries, I got them by using the classical howto about using samba+ldap to be a domain server. you don't need all entries in ldap, only the Idmap. using ldapbrower, my Idmap is: ou = Idmap objectClass = organizationalUnit objectClass = sambaUnixIdPool this ldap tree is fully disconnected from AD, you won't see it in mmc. wbinfo -u works getent passwd doesn't work, well it only lists the /etc/passwd stuff Normal, wbinfo uses winbind directly like doing a net user, but getent passwd will use the nsswitch.conf, and must be able to create all entries for having a working system. as soon you will have a working ldap backend, getent passwd will show you more entries (It will generate the maping at this time, I like to do a getent passwd on server when I add some users to be sure that all is working fine after adding some users. Emmanuel -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: BUG 1717 [was Re: [Samba] Re: Samba 3.0.6 Problems w/AD and Kerberos]
I've done a log level = 10 test
I've tried to mount my share, 4 times.
all four have failed.
attached are log from smbd, krb5.conf and smb.conf
(PS: hide dot files isn't working for me...)
Emmanuel
[libdefaults]
default_realm = DPTINFO.URS.LOCAL
krb4_config = /etc/krb.conf
krb4_realms = /etc/krb.realms
kdc_timesync = 1
ccache_type = 4
forwardable = true
proxiable = true
v4_instance_resolve = false
v4_name_convert = {
host = {
rcmd = host
ftp = ftp
}
plain = {
something = something-else
}
}
[realms]
DPTINFO.URS.LOCAL = {
kdc = canard.u-strasbg.fr
admin_server = canard.u-strasbg.fr
}
[domain_realm]
.u-strasbg.fr = DPTINFO.URS.LOCAL
u-strasbg.fr = DPTINFO.URS.LOCAL
[login]
krb4_convert = true
krb4_get_tickets = true
[logging]
default = FILE:/var/log/krb5libs.log
kdc = FILE:/var/log/krb5kdc.log
admin_server = FILE:/var/log/kadmind.log
--
To unsubscribe from this list go to the following URL and read the
instructions: http://lists.samba.org/mailman/listinfo/samba
Re: BUG 1717 [was Re: [Samba] Re: Samba 3.0.6 Problems w/AD and Kerberos]
Le samedi 11 Septembre 2004 00:17, Blindauer Emmanuel a écrit :
attached are log from smbd, krb5.conf and smb.conf
[global]
workgroup = DPTINFO
server string = %h server (Samba %v)
dns proxy = no
log file = /var/log/samba/log.%m
max log size = 10
syslog = 0
panic action = /usr/share/samba/panic-action %d
obey pam restrictions = yes
log level = 10
security = ads
realm = DPTINFO.URS.LOCAL
password server = *
use sendfile = no
;encrypt passwords = true
;passdb backend = tdbsam guest
invalid users = root
passwd program = /usr/bin/passwd %u
passwd chat = *Enter\snew\sUNIX\spassword:* %n\n *Retype\snew\sUNIX\spassword:*
%n\n .
socket options = TCP_NODELAY
winbind cache time = 0
allow trusted domains = no
winbind separator = +
winbind use default domain = yes
idmap backend = ldap:ldap://oie.u-strasbg.fr
idmap uid = 1-2
idmap gid = 1-2
ldap suffix = dc=iutinfo,dc=local
ldap idmap suffix = ou=Idmap
ldap admin dn = cn=admin,dc=iutinfo,dc=local
winbind enum users = yes
winbind enum groups = yes
template homedir = /data/home/%U
template shell = /bin/false
[homes]
path = /data/home/%U
comment = Home Directories
browseable = yes
writable = yes
create mask = 0775
directory mask = 0775
hide dot files = yes
[printers]
comment = All Printers
browseable = no
path = /tmp
printable = yes
public = yes
writable = no
create mode = 0700
[print$]
comment = Printer Drivers
path = /var/lib/samba/printers
browseable = yes
read only = yes
guest ok = no
[libdefaults]
default_realm = DPTINFO.URS.LOCAL
krb4_config = /etc/krb.conf
krb4_realms = /etc/krb.realms
kdc_timesync = 1
ccache_type = 4
forwardable = true
proxiable = true
v4_instance_resolve = false
v4_name_convert = {
host = {
rcmd = host
ftp = ftp
}
plain = {
something = something-else
}
}
[realms]
DPTINFO.URS.LOCAL = {
kdc = canard.u-strasbg.fr
admin_server = canard.u-strasbg.fr
}
[domain_realm]
.u-strasbg.fr = DPTINFO.URS.LOCAL
u-strasbg.fr = DPTINFO.URS.LOCAL
[login]
krb4_convert = true
krb4_get_tickets = true
[logging]
default = FILE:/var/log/krb5libs.log
kdc = FILE:/var/log/krb5kdc.log
admin_server = FILE:/var/log/kadmind.log
--
To unsubscribe from this list go to the following URL and read the
instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Smbfs problems after upgrading from Woody to Sarge
I earlier this week upgraded from Debian woody to sarge on a machine that does a nightly backup to another machine via a samba share. Since then I have had some issues with accessing that share with I believe are a result of the upgrade. I upgraded the kernel at the same time to 2.4.27-1-686 #1 via apt-get, which might be the related to the problem. Smbfs is version 3.0.6-3 (http://packages.debian.org/testing/otherosfs/smbfs ). I am looking for some advice as to how to proceed with further troubleshooting. Here is how I mount the share in fstab. I should move the user/pass to a credentials file, but one thing at a time (this works): /etc/fstab: //wardrobe/backup /backup smbfs defaults,fmask=644,dmask=755,password=***,user=*** 0 0 Once the share is mounted I am able to list directories, create and modify small files (touch, echo, etc). I don't get any errors and things look like they are working fine. However, when I try to copy a ~200 MB file is when I get into trouble. Error on the command line: aslan:/backup/test# cp wardrobe.tar.gz.1 wardrobe.tar.gz_test123 cp: writing `wardrobe.tar.gz_test123': Input/output error Errors from syslog: Sep 10 07:53:06 aslan kernel: smb_get_length: Invalid NBT packet, code=39 Sep 10 07:53:06 aslan kernel: smb_request: result -5, setting invalid Sep 10 07:53:06 aslan kernel: smb_writepage_sync: failed write, wsize=4096, result=-5 Sep 10 07:53:09 aslan kernel: smb_retry: successful, new pid=28697, generation=2 Sep 10 07:53:09 aslan kernel: smb_get_length: recv error = 5 Sep 10 07:53:09 aslan kernel: smb_request: result -5, setting invalid Sep 10 07:53:32 aslan kernel: smb_retry: successful, new pid=28697, generation=3 Cat /proc/filesystems nodev rootfs nodev bdev nodev proc nodev sockfs nodev tmpfs nodev shm nodev pipefs cramfs nodev ramfs nodev devfs nodev devpts ext3 nodev smbfs Looking through my boot logs, the only error that I can see is the following: Sep 10 11:01:20 aslan modprobe: Note: /etc/modules.conf is more recent than /lib/modules/2.4.27-1-686/modules.dep Sep 10 11:01:21 aslan last message repeated 3 times I have done a pretty complete Google search and a search of the archives and not found anything that has helped. Anyone out there have any suggestions? The machine that I am making the mount from is running the same (up to date) version of Samba. Thanks, Sam -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] PDC from 2 to 3, SID headaches
Hello, I'm doing a migration of a PDC from Samba 2.2.8a on Mandrake Linux 9.0 to Samba 3.0.6 on Debian Woody (stable), both on the same machine, different partitions, they do not run simultaneously. And I really need help. :-/ I could not find a detailed guide, so after having a look at the migration chapter of the official howto, I adapted my smb.conf keeping the same host and domain name, copied needed users by hand (by copypaste from/to passwd, shadow, group, gshadow and smbpasswd files, verifying that no IDs conflicted), got the 2.2.8a domain SID with smbpasswd -X and imported it in the 3.0.6 domain with net setlocalsid. I don't think I have anything else necessary, in other tdb files. Now, maybe the problem was the last step: after doing it on the Samba 3 domain, net getlocalsid and net getlocalsid domain_name returned two different values, which is not a good thing according to www.richardsharpe.com. Indeed, with net setlocalsid I did set the SID for the server, but HOW can I set the SID for the domain?? Anyway, the result was that Win2000 clients (I tested only one) could not load user profiles from the server, because a copy with wrong permissions already exists on the server or something like that. But users could access shares regularly. I could not find any special hints in logs at level 4. So I removed the client from the domain, and then made it join again. The result: no more errors at login, but most user settings are not loaded, and all local user/group mappings on the client have disappeared! This is a disaster for me, as domain users need to belong to the local Power Users group to use some crap applications, and I really do not like the idea of going through all clients again to assign users to groups. 8-/ I then tried making domain and server SID the same, copying the domain SID to the server (so both were different from the 2.2.8a one, but unfortunately I can't find a way to do the opposite). Had to remove/join the client again, and the problem stays the same, if not even worse. I also tried copying secrets.tdb over from the 2.2.8a installation, but nothing seemed to change. I then rebooted back on Mandrake with the old version, rejoined the client in the old domain, and everything started working fine again, including user/group mappings. I really need some detailed suggestions on what I might be missing. Thank you very much. I'm also having problems with VFS modules and charsets, but these will come later. ;) Making the new PDC basically work is my current priority. -- Ciao, Marco. ...Stupid Dream, Porcupine Tree 1999 -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
http://www.samba.org links to VMS port being updated.
Hello Jean-Yves, I requested that the main SAMBA team reference your page as the current SAMBA-VMS port, and they agreed to do so. That change should take effect in the next 24 hours to all the mirrors. Thanks for all the good work, I am starting to look at the 2.2.11, 3.x, and 4.x versions. -John [EMAIL PROTECTED] Personal Opinion Only PLEASE READ THIS IMPORTANT ETIQUETTE MESSAGE BEFORE POSTING: http://www.catb.org/~esr/faqs/smart-questions.html
svn commit: samba r2275 - in branches/SAMBA_4_0/source/librpc/rpc: .
Author: tridge
Date: 2004-09-10 07:14:02 + (Fri, 10 Sep 2004)
New Revision: 2275
WebSVN:
http://websvn.samba.org/websvn/changeset.php?rep=sambapath=/branches/SAMBA_4_0/source/librpc/rpcrev=2275nolog=1
Log:
don't crash on a rpc BIND_NAK response ...
Modified:
branches/SAMBA_4_0/source/librpc/rpc/dcerpc.c
Changeset:
Modified: branches/SAMBA_4_0/source/librpc/rpc/dcerpc.c
===
--- branches/SAMBA_4_0/source/librpc/rpc/dcerpc.c 2004-09-10 03:39:11 UTC (rev
2274)
+++ branches/SAMBA_4_0/source/librpc/rpc/dcerpc.c 2004-09-10 07:14:02 UTC (rev
2275)
@@ -465,10 +465,15 @@
return status;
}
+ if (pkt.ptype == DCERPC_PKT_BIND_NAK) {
+ DEBUG(2,(dcerpc: bind_nak reason %d\n,
pkt.u.bind_nak.reject_reason));
+ return NT_STATUS_ACCESS_DENIED;
+ }
+
if ((pkt.ptype != DCERPC_PKT_BIND_ACK) ||
pkt.u.bind_ack.num_results == 0 ||
pkt.u.bind_ack.ctx_list[0].result != 0) {
- status = NT_STATUS_UNSUCCESSFUL;
+ return NT_STATUS_UNSUCCESSFUL;
}
if (pkt.ptype == DCERPC_PKT_BIND_ACK) {
svn commit: samba r2276 - in branches/SAMBA_4_0/source/scripting/swig: .
Author: tpot Date: 2004-09-10 12:16:42 + (Fri, 10 Sep 2004) New Revision: 2276 WebSVN: http://websvn.samba.org/websvn/changeset.php?rep=sambapath=/branches/SAMBA_4_0/source/scripting/swigrev=2276nolog=1 Log: Remove garbage collection debugs. Modified: branches/SAMBA_4_0/source/scripting/swig/test Changeset: Modified: branches/SAMBA_4_0/source/scripting/swig/test === --- branches/SAMBA_4_0/source/scripting/swig/test 2004-09-10 07:14:02 UTC (rev 2275) +++ branches/SAMBA_4_0/source/scripting/swig/test 2004-09-10 12:16:42 UTC (rev 2276) @@ -1,8 +1,6 @@ #!/usr/bin/python import dcerpc -import gc -gc.set_debug(gc.DEBUG_LEAK) handle = dcerpc.pipe_connect(ncacn_np:win2k3dc, dcerpc.DCERPC_SAMR_UUID, dcerpc.DCERPC_SAMR_VERSION,
svn commit: samba r2277 - in branches/SAMBA_4_0/source/build/pidl: .
Author: tpot
Date: 2004-09-10 12:18:56 + (Fri, 10 Sep 2004)
New Revision: 2277
WebSVN:
http://websvn.samba.org/websvn/changeset.php?rep=sambapath=/branches/SAMBA_4_0/source/build/pidlrev=2277nolog=1
Log:
Generate stubs for input and output typemaps.
Modified:
branches/SAMBA_4_0/source/build/pidl/swig.pm
Changeset:
Modified: branches/SAMBA_4_0/source/build/pidl/swig.pm
===
--- branches/SAMBA_4_0/source/build/pidl/swig.pm2004-09-10 12:16:42 UTC (rev
2276)
+++ branches/SAMBA_4_0/source/build/pidl/swig.pm2004-09-10 12:18:56 UTC (rev
2277)
@@ -15,17 +15,21 @@
{
my($fn) = shift;
-#print Dumper($fn);
-
# Input typemap
$res .= %typemap(in) struct $fn-{NAME} * (struct $fn-{NAME} temp) {\n;
-$res .= \tif (!PyDict_Check(\$input)) {\n;
-$res .= \t\tPyErr_SetString(PyExc_TypeError, \dict arg expected\);\n;
-$res .= \t\treturn NULL;\n;
-$res .= \t}\n\n;
-$res .= \tmemset(temp, 0, sizeof(temp));\n\n;
-$res .= \t/* store input params in dict */\n\n;
+#$res .= \tif (!PyDict_Check(\$input)) {\n;
+#$res .= \t\tPyErr_SetString(PyExc_TypeError, \dict arg expected\);\n;
+#$res .= \t\treturn NULL;\n;
+#$res .= \t}\n\n;
+$res .= \tmemset(temp, 0, sizeof(temp));\n;
+#foreach my $e (@{$fn-{DATA}}) {
+# if (util::has_property($e, in)) {
+# $res .= \ttemp.in.$e-{NAME} =
$e-{TYPE}_from_python(PyDict_GetItem(\$input,
PyString_FromString(\$e-{NAME}\)));\n;
+# }
+#}
+
+#$res .= \n;
$res .= \t\$1 = temp;\n;
$res .= }\n\n;
@@ -40,8 +44,16 @@
$res .= \t\treturn NULL;\n;
$res .= \t}\n;
$res .= \n;
-$res .= \tdict = PyDict_New();\n\n;
-$res .= \t/* store output params in dict */\n\n;
+$res .= \tdict = PyDict_New();\n;
+
+#foreach my $e (@{$fn-{DATA}}) {
+# if (util::has_property($e, out)) {
+# $res .= \t// PyDict_SetItem(dict, PyString_FromString(\$e-{NAME}\),\n;
+# $res .= \t//\t$e-{TYPE}_to_python(\$1-out.$e-{NAME}));\n;
+# }
+#}
+
+$res .= \n;
$res .= \tresultobj = dict;\n;
$res .= }\n\n;
@@ -51,12 +63,35 @@
$res .= $fn-{RETURN_TYPE} dcerpc_$fn-{NAME}(struct dcerpc_pipe *p, TALLOC_CTX
*mem_ctx, struct $fn-{NAME} *r);\n\n;
}
+sub ParseStruct($)
+{
+my($s) = shift;
+
+$res .= %{\n\n;
+$res .= \t/* $s-{NAME} */\n\n;
+
+foreach my $e (@{$s-{DATA}{ELEMENTS}}) {
+}
+
+$res .= \n%}\n\n;
+}
+
+sub ParseTypedef($)
+{
+my($t) = shift;
+
+foreach my $e ($t) {
+ ($e-{DATA}{TYPE} eq STRUCT) ParseStruct($e);
+}
+}
+
sub ParseInheritedData($)
{
my($data) = shift;
foreach my $e (@{$data}) {
($e-{TYPE} eq FUNCTION) ParseFunction($e);
+ ($e-{TYPE} eq TYPEDEF) ParseTypedef($e);
}
}
svn commit: samba r2278 - in branches/SAMBA_4_0/source/scripting/swig: .
Author: tpot
Date: 2004-09-10 12:20:25 + (Fri, 10 Sep 2004)
New Revision: 2278
WebSVN:
http://websvn.samba.org/websvn/changeset.php?rep=sambapath=/branches/SAMBA_4_0/source/scripting/swigrev=2278nolog=1
Log:
Add some more helper functions.
Modified:
branches/SAMBA_4_0/source/scripting/swig/dcerpc.i
Changeset:
Modified: branches/SAMBA_4_0/source/scripting/swig/dcerpc.i
===
--- branches/SAMBA_4_0/source/scripting/swig/dcerpc.i 2004-09-10 12:18:56 UTC (rev
2277)
+++ branches/SAMBA_4_0/source/scripting/swig/dcerpc.i 2004-09-10 12:20:25 UTC (rev
2278)
@@ -47,26 +47,56 @@
PyErr_SetObject(ntstatus_exception, obj);
}
-char *get_string_property(PyObject *dict, char *key)
+uint8 uint8_from_python(PyObject *obj)
{
- PyObject *item = PyDict_GetItem(dict, PyString_FromString(key));
+ return (uint8)PyInt_AsLong(obj);
+}
- if (!item)
- return 0; /* TODO: throw exception */
+uint16 uint16_from_python(PyObject *obj)
+{
+ return (uint16)PyInt_AsLong(obj);
+}
- return PyString_AsString(item);
+uint32 uint32_from_python(PyObject *obj)
+{
+ return (uint32)PyInt_AsLong(obj);
}
-uint32 get_uint32_property(PyObject *dict, char *key)
+int64 int64_from_python(PyObject *obj)
{
- PyObject *item = PyDict_GetItem(dict, PyString_FromString(key));
+ return (int64)PyLong_AsLong(obj);
+}
- if (!item)
- return 0; /* TODO: throw exception */
+uint64 uint64_from_python(PyObject *obj)
+{
+ return (uint64)PyLong_AsLong(obj);
+}
- return (uint32)PyInt_AsLong(item);
+NTTIME NTTIME_from_python(PyObject *obj)
+{
+ return (NTTIME)PyLong_AsLong(obj);
}
+HYPER_T HYPER_T_from_python(PyObject *obj)
+{
+ return (HYPER_T)PyLong_AsLong(obj);
+}
+
+struct policy_handle *policy_handle_from_python(PyObject *obj)
+{
+ return (struct policy_handle *)PyString_AsString(obj);
+}
+
+struct security_descriptor *security_descriptor_from_python(PyObject *obj)
+{
+ return NULL;
+}
+
+char *string_from_python(PyObject *obj)
+{
+ return NULL;
+}
+
%}
%include samba.i
svn commit: samba r2279 - in branches/SAMBA_3_0: .
Author: jht Date: 2004-09-10 16:15:29 + (Fri, 10 Sep 2004) New Revision: 2279 WebSVN: http://websvn.samba.org/websvn/changeset.php?rep=sambapath=/branches/SAMBA_3_0rev=2279nolog=1 Log: Clarification changes only. Modified: branches/SAMBA_3_0/Roadmap Changeset: Modified: branches/SAMBA_3_0/Roadmap === --- branches/SAMBA_3_0/Roadmap 2004-09-10 12:20:25 UTC (rev 2278) +++ branches/SAMBA_3_0/Roadmap 2004-09-10 16:15:29 UTC (rev 2279) @@ -3,7 +3,7 @@ The Samba-Team are committed to an aggressive program to deliver quality controlled software to a well defined roadmap. -The current Samba Beta series of Samba 3.0.0 is called the Domain Integration +The current Samba series of Samba 3.0.0 is called the Domain Integration release. The following development objectives for future releases @@ -27,4 +27,4 @@ You may also note that the release numbers get fuzzier the further into the future the objectives get. This is intentional -as we cannot yet commit to exact timeframes. +as we cannot commit to exact timeframes.
svn commit: samba-web r320 - in trunk/docs: .
Author: deryck Date: 2004-09-10 21:25:29 + (Fri, 10 Sep 2004) New Revision: 320 WebSVN: http://websvn.samba.org/websvn/changeset.php?rep=samba-webpath=/trunk/docsrev=320nolog=1 Log: First pass at adding a permanent copy of the notes on Protecting an unpatched Samba server found in older release notes. --deryck Added: trunk/docs/server_security.html Changeset: Added: trunk/docs/server_security.html === --- trunk/docs/server_security.html 2004-09-09 13:49:54 UTC (rev 319) +++ trunk/docs/server_security.html 2004-09-10 21:25:29 UTC (rev 320) @@ -0,0 +1,144 @@ +!--#include virtual=/samba/header.html -- +titleSamba Server Security/title +!--#include virtual=header_docs.html -- + + h2Protecting an unpatched Samba server/h2 + + + pThis following instructions will help provide your Samba server some + protection against security vulnerabilities if you are unable to (or until + you are able to) upgrade to the patched version. Even if you do upgrade + you might like to thinkabout the suggestions here to provide you with + additional levels of protection./p + + + + h4Using host based protection/h4 + + pIn many installations of Samba the greatest threat comes for + outside your immediate network. By default Samba will accept + connections from any host, which means that if you run an + insecure version of Samba on a host that is directly + connected to the Internet you can be especially vulnerable./p + + pOne of the simplest fixes in this case is to use the 'hosts + allow' and 'hosts deny' options in the Samba smb.conf + configuration file to only allow access to your server from a + specific range of hosts. An example might be:/p + +pre +hosts allow = 127.0.0.1 192.168.2.0/24 192.168.3.0/24 +hosts deny = 0.0.0.0/0 +/pre + + pThe above will only allow SMB connections from 'localhost' + (your own computer) and from the two private networks + 192.168.2 and 192.168.3. All other connections will be + refused connections as soon as the client sends its first + packet. The refusal will be marked as a 'not listening on + called name' error./p + + + + h4Using interface protection/h4 + + pBy default Samba will accept connections on any network + interface that it finds on your system. That means if you + have a ISDN line or a PPP connection to the Internet then + Samba will accept connections on those links. This may not be + what you want./p + + pYou can change this behavior using options like the + following:/p + +pre +interfaces = eth* lo +bind interfaces only = yes +/pre + + pthat tells Samba to only listen for connections on interfaces + with a name starting with 'eth' such as eth0, eth1, plus on + the loopback interface called 'lo'. The name you will need to + use depends on what OS you are using. In the above I used the + common name for ethernet adapters on Linux./p + + pIf you use the above and someone tries to make a SMB + connection to your host over a PPP interface called 'ppp0', + they will get a TCP connection refused reply. In that + case no Samba code is run at all as the operating system has + been told not to pass connections from that interface to any + process./p + + + + h4Using a firewall/h4 + + pMany people use a firewall to deny access to services that + they don't want exposed outside their network. This can be a + very good idea, although I would recommend using it in + conjunction with the above methods so that you are protected + even if your firewall is not active for some reason./p + + pIf you are setting up a firewall then you need to know what + TCP and UDP ports to allow and block. Samba uses the + following:/p + +pre +UDP/137- used by nmbd +UDP/138- used by nmbd +TCP/139- used by smbd +TCP/445- used by smbd +/pre + + pThe last one is important as many older firewall setups may + not be aware of it, given that this port was only added to + the protocol in recent years./p + + + + h4Using a IPC$ share deny/h4 + + pIf the above methods are not suitable, then you could also + place a more specific deny on the IPC$ share that is used in + the recently discovered security hole. This allows you to + offer access to other shares while denying access to IPC$ + from potentially untrustworthy hosts./p + + pTo do that you could use:/p + +pre +[ipc$] +hosts allow = 192.168.115.0/24 127.0.0.1 +hosts deny = 0.0.0.0/0 +/pre + + pthis would tell Samba that IPC$ connections are not allowed + from anywhere but the two listed places (localhost and a + local subnet). Connections to other shares would still be + allowed. As the IPC$ share is the only share that is always + accessible anonymously this provides some level of protection + against attackers that do not know a username/password for + your host./p + + + pIf you use this method then clients will be given a 'access +
svn commit: samba-web r321 - in trunk: . download
Author: deryck Date: 2004-09-11 03:00:55 + (Sat, 11 Sep 2004) New Revision: 321 WebSVN: http://websvn.samba.org/websvn/changeset.php?rep=samba-webpath=/trunkrev=321nolog=1 Log: Update link to VMS port. Also, fix several xhtml validation errors. --deryck Modified: trunk/download/index.html trunk/what_is_samba.html Changeset: Modified: trunk/download/index.html === --- trunk/download/index.html 2004-09-10 21:25:29 UTC (rev 320) +++ trunk/download/index.html 2004-09-11 03:00:55 UTC (rev 321) @@ -1,9 +1,9 @@ !--#include virtual=/samba/header.html -- titleDownload Samba/title !--#include virtual=header_download.html -- -h2 align=centerDownload/h2 +h2Download/h2 -br/p The Samba source code is distributed via ftp and http. For ftp +br /p The Samba source code is distributed via ftp and http. For ftp sites look a href=ftp_mirrors.htmlhere/a. For the http site look a href=/samba/ftp/here/a. The file you probably want is called a href=/samba/ftp/samba-latest.tar.gzsamba-latest.tar.gz/a. @@ -16,24 +16,24 @@ and the Samba distribution public key. Then run/p pre - $ gpg --import samba-pubkey.asc - $ gunzip samba-emversion/em.tar.gz - $ gpg --verify samba-emrelease/em.tar.asc - gpg: Signature made Tue 26 Nov 2002 07:12:04 PM CST using DSA key ID 2F87AF6F - gpg: Good signature from Samba Distribution Verification Key [EMAIL PROTECTED] +$ gpg --import samba-pubkey.asc +$ gunzip samba-emversion/em.tar.gz +$ gpg --verify samba-emrelease/em.tar.asc +gpg: Signature made Tue 26 Nov 2002 07:12:04 PM CST using DSA key ID 2F87AF6F +gpg: Good signature from #34;Samba Distribution Verification Keylsaquo;samba-bugs#64;samba.orgrsaquo; /pre pFor information on Samba security releases, please see our a href=/samba/history/security.htmlsecurity page/a./p -br -table border=0 - tr valign=top +br / +table border=0 + tr valign=top td h3 align=centerBinaries/h3 Samba binaries are available for many popular platforms. You can download - them via http A HREF=/samba/ftp/Binary_Packageshere/A or from one of - several A HREF=/samba/mirror sites/A. Note that the latest + them via http a href=/samba/ftp/Binary_Packageshere/a or from one of + several a href=/samba/mirror sites/a. Note that the latest version may not always be available for every platform. /td td @@ -42,26 +42,29 @@ h3 align=centerSubversion and CVS Sources/h3 You can also fetch the sources using a source code control system. The advantage of fetching via a VCS is that you can update your - sources at any time using a single command. See the A - HREF=/samba/subversion.htmlSubversion instructions/A and A - HREF=/samba/cvs.htmlCVS instructions/A for information on + sources at any time using a single command. See the a + href=/samba/subversion.htmlSubversion instructions/a and a + href=/samba/cvs.htmlCVS instructions/a for information on fetching the sources using a version control system. /td /tr - tr - /tr - tr valign=top + tr valign=top td h3 align=centerTools/h3 table -tr valign=top +tr valign=top td ul - liA HREF=/samba/GUI/Samba GUI managers/A - liA HREF=http://www.ethereal.com/;Ethereal/a (decodes NetBIOS, SMB/CIFS, MS-RPC) - liA HREF=http://www.tcpdump.org/;tcpdump/a (command line packet sniffer) - lia href=http://www.tux.org/pub/security/secnet/tools/nat10/;NetBIOSnbsp;Auditingnbsp;Toolnbsp;(NAT)/a - liA HREF=http://nbfw.sourceforge.net;nbfw/A, the NetBIOS forwarder + lia href=/samba/GUI/Samba GUI managers/a/li + lia href=http://www.ethereal.com/;Ethereal/a (decodes NetBIOS, +SMB/CIFS, amp; MS-RPC)/li + lia href=http://www.tcpdump.org/;tcpdump/a (command line +packet sniffer)/li + lia +href=http://www.tux.org/pub/security/secnet/tools/nat10/;NetBIOSnbsp;Auditing +nbsp;Toolnbsp;(NAT)/a/li + lia href=http://nbfw.sourceforge.net;nbfw/a, the NetBIOS +forwarder/li /ul /td /tr @@ -72,52 +75,57 @@ td h3 align=centerPorts/h3 table -tr valign=top +tr valign=top td ul - lia href=http://www.ifn.ing.tu-bs.de/ifn/sonst/samba-vms.html;VMS/a - lia href=ftp://ftp.mks.com/pub/s390/gnu/;MVS/a + lia +href=http://www.pi-net.dyndns.org/anonymous/jyc/;VMS/a/li + lia href=ftp://ftp.mks.com/pub/s390/gnu/;MVS/a/li !-- This link returns a 404 as of 21/2/03. RIP OS/2 - liA HREF=http://carol.wins.uva.nl/~leeuw/samba/index.html;OS/2/A + lia href=http://carol.wins.uva.nl/~leeuw/samba/index.html;OS/2/a -- - lia href=ftp://ftp.stratus.com/pub/vos/tools/tools.html;Stratus-VOS/a + lia
