[Samba] problem adding an user as non-Manager with smbldap-tools
Hello, at first please excuse my poor english. I did my Samba-OpenLDAP-PDC configuration as described in "The Linux Samba-OpenLDAP Howto (Revision 1.6)". I took Fedora Core 1 and it works. The same configuration (e.g. ACLs in slapd.conf) does not work with my "self-compiled" Samba- OpenLDAP-PDC at Debian I am using Debian (woody), kernel 2.4.27-pre2. I compiled - Berkley DB 4.2.52 - openssl 0.9.7d - (openldap 2.2.15) now openldap 2.2.16 - (samba 3.0.6 (with patches, incl. samba.schema)) now samba 3.0.7 - smbldap-tools 0.8.5 - libnss-ldap_186 - libpam-ldap-140 If I do a 'smbldap-useradd -m test1' I get an error: <- failed to add entry: no write access to parent at /usr/local/sbin/smbldap-useradd line 288, line 283. failed to add entry: No such object at /usr/local/sbin/smbldap-useradd line 444, line 283. -> If I do again a 'smbldap-useradd -m test1', I get this error: <- failed to add entry: no write access to parent at /usr/local/sbin/smbldap-useradd line 288, line 283. User "test1" already member of the group "513". failed to add entry: No such object at /usr/local/sbin/smbldap-useradd line 444, line 283. -> smbldap-useradd can add user 'test1' to group 'Domain Users' but can not create an unix account? It works with 'cn=Manager' for masterDN and slaveDN. But it gives errors and does not work with 'cn=smbldap-tools'. Have you any idea? regards, Thomas -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Winbind - Getting W2K-User Names Problem
Hallo List, I have set up a SAMBA 3.0.7 as a ADS-Domain Member with Kerberos and/or rpc (both working) Kerberos seems to work fine. net ads join ... was successful. wbinfo -t : checking the trust secret via RPC calls succeeded wbinfo -u results in aschmidt agall aglock aklein aschaefer aturmus aweiche where I expected DOMAIN+agall DOMAIN+aklein What went wrong ?? Any hints are highly appreciated -- Thanx in advance!! Mit freundlichen GrÃÃen Bernhard Pallas Mail [EMAIL PROTECTED] Mit freundlichen GrÃÃen Bernhard Pallas Neue Schulstrasse 15 71665 Vaihingen / Enz Telefon 07042 840019 Telefax 07042 840029 Mail [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Migrate BACK to WINDOWS -> Talk me out of it QUICK
On Mon, 13 Sep 2004 17:17:21 -0500, Chris McKeever <[EMAIL PROTECTED]> wrote: > One other option is just ot house a ginormous WIN-TSRV at the central > location. However, I am afraid of issues with printing back to the > remote locations (pushing large files through the 1/2 T-1 to print). My comment is not strictly samba related but if your thinking of running a Windows Terminal farm you should look at Citrix Presentation Server (AKA Metaframe). The bells and whistles you gain by using it make it worthwhile (load balancing, client printer redirection, better client/server protocol). Specifically, printing to client printers under Citrix/ICA is A LOT easier to manage than just a straight RDP session. If you are considering running terminal servers which may access samba servers, you should be aware of the effects the network redirector in Windows Terminal Server has on Samba processes. Theres stuff in the archives about it. cheers Andrew -- "If you wash lousy clothing at low temperatures, all you get is cleaner lice" - Dr John Maunder -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Migrate BACK to WINDOWS -> Talk me out of it QUICK
> We have just started to roll out Thinstation thin-clients that are > connecting to Win TSRV servers. What is being planned is 1 Terminal > Server per location. This will significantly reduce the adminstrative > nightmare on multiple Windows boxes and centralize it. However, this > is where I start to feel that I am having too many servers per > location, seeing that the windows server could do what the Samba > server is doing, I am in debate about moving back to windows (I have > will need to licenses and boxes there anyhows) No! Bad! Having the same box to DC/WINS/DNS/etc... as runs user apps is a disaster (trust me, I've dismantled & refactored the networks of shops that tried to put everything on one windows machine). > One other option is just ot house a ginormous WIN-TSRV at the central That would be my choice. > location. However, I am afraid of issues with printing back to the > remote locations (pushing large files through the 1/2 T-1 to print). Verses all the filesystem and other support (profiles, WINS, DNS, LDAP, etc...) traffic? Use QoS to relagte the print traffic to second-class status and/or tunnell the print traffic through a compressor (postscript is wonderfully compressible, and some printers support compression themselves). > Another option is to remove the samba servers from the remote > location, and just have a samba PDC with authenticating windows tsrv > machines. - I dont like this option for some reason Is the TS actually useful without a connection to the central servers (database, middleware, etc...)? Do you still have stand-alone workstations, laptops, etc..? The TS probably caches the profile/login anyway so it might remain usable for a time even if the circuit it down. > I really dont want to move away from the SAMBA backend, but at the > same time dont want to stay with it just because I 'like it' and I > 'want to'. So I am looking for discussion/arguements as to why I > should stay with the Samba server and a win-tsrv server, as opposed to > just moving to a MS backend. Whatever your have - samba or not - don't pile it all on one machine, and certainly not on a terminal server running user apps. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Re: Samba3 - LDAP - USRMGR.EXE
I´ve just had the same problem and came to this post while searching for a solution, and I´ve just fixed this problem for my setup after reading Kang´s words: I disabled the remove user script in smb.conf, and also removed the -a option from the add user script. Using the scripts the way they were configured, Samba tried to add / remove the user twice, though giving the error. Here is my smb.conf extract: add user script = /usr/local/sbin/smbldap-useradd -m "%u" ldap delete dn = Yes #delete user script = /usr/local/sbin/smbldap-userdel "%u" add machine script = /usr/local/sbin/smbldap-useradd -w "%u" add group script = /usr/local/sbin/smbldap-groupadd -p "%g" delete group script = /usr/local/sbin/smbldap-groupdel "%g" add user to group script = /usr/local/sbin/smbldap-groupmod -m "%u" "%g" delete user from group script = /usr/local/sbin/smbldap-groupmod -x "%u" "%g" set primary group script = /usr/local/sbin/smbldap-usermod -g "%g" "%u" ... unix password sync = No ldap passwd sync = Yes ... My setup: Samba 3.0.7, openldap 2.1.29, smbldap-tools 0.8.5-2, Fedora Core 2. Hope this is useful. Mark Jones "Kang Sun" <[EMAIL PROTECTED]> wrote in message news:[EMAIL PROTECTED] > Just a hunch, I didnot test myself. > In your smb.conf, did you set the "add user script" to add posix account as > well as Windows account? If so, there might be a problem. > >From what I read and understand, the script suppose to add Posix account > only, and samba will add the Windows account. If the Windows account is > added by the "add user script", then Samba has to delete it or modify it, > which it might not have the previlege or some error comes up that does not > mean what it says. > > Hope this helps! > > -- Kang Sun > > <[EMAIL PROTECTED]> wrote in message > news:[EMAIL PROTECTED] > tware.com... > Hello, > > have some little problems adding user to domain with USRMGR.EXE > My System runs on SuSE 9.1 (2.6.5-7.75-default), samba-3.0.4, > smbldap-tools-0.8.5, openldap2-2.2.6 > > If I try to add a new user with USRMGR.EXE I get an error "Access denied", > but if I look into LDAP the new user was correctly added to LDAP. > If I confirm the error-message and then cancel the "NEW USER" Window and > typing "F5" for refreshing the USRMGR. I can see the new user. > By doubble-clicking the new User I am able to make any modification to the > User without any error. > What could be the problem ? > > Here is a part of /var/log/messages that > Jul 27 12:36:25 samba3 smbd[2149]: [2004/07/27 12:36:25, 0] > passdb/pdb_ldap.c:ldapsam_add_sam_account(1573) > Jul 27 12:36:25 samba3 smbd[2149]: ldapsam_add_sam_account: User > 'i1' already in the base, with samba attributes > Jul 27 12:36:25 samba3 smbd[2149]: [2004/07/27 12:36:25, 0] > rpc_server/srv_samr_nt.c:_samr_create_user(2267) > Jul 27 12:36:25 samba3 smbd[2149]: could not add user/computer i1 to > passdb. Check permissions? > > if you need more logs or sambalog with special loglevel just tell me. > > The same problem exists when joining a machine to DOMAIN. > On first try => "Access denied" but correctly added to LDAP > On second try => "Welcome to DOMAIN" > > Thanks for any help. > > Christian Wittmer > > - > Büro/Office: +49 (0) 6227/385-120 > Email: [EMAIL PROTECTED] > > InterComponentWare AG > Otto-Hahn-Strasse 3 > 69190 Walldorf > Zentrale/Main: +49 (6227) 385-100 > > http://www.intercomponentware.com > http://www.lifesensor.com > -- > To unsubscribe from this list go to the following URL and read the > instructions: http://lists.samba.org/mailman/listinfo/samba > > > > -- > To unsubscribe from this list go to the following URL and read the > instructions: http://lists.samba.org/mailman/listinfo/samba > -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Update FC1 samba-3.0.6 breaks system
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Peter Huetmannsberger wrote: | Hi! | | I have a curious problem. I updated my Fedora Core | 1 box yesterday from samba-3.0.2 to samba-3.0.6. All | the packages that were suggested by yum. ... | | I use winbind and that seems to work. getent passwd | lists all the users, getent group all the groups, the | way it should. However a smbmount //box/share -o | username=CENTRUM+username results in an access denied, | where it had worked before. Should be fixed in 3.0.7. Sorry. cheers, jerry - - Alleviating the pain of Windows(tm) --- http://www.samba.org GnuPG Key- http://www.plainjoe.org/gpg_public.asc "If we're adding to the noise, turn off this song"--Switchfoot (2003) -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFBRkePIR7qMdg1EfYRAiKyAJ97E7g6Zf/cIIZnZX0bWEoJyDsMMgCgu5Um jgj+lsFDKsZeBXhjbdrRPlE= =OXx4 -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Field Definition for objectSid (LDAP)
I'm trying to write a perl program to get user information my boss wants using Net::LDAP in perl. I'm doing fairly well, but when I try to get the objectSid from the user list, it comes in packed or encrypted in some fashion. Since dumping the users using the command "net ads search '(&(objectClass=person)(objectCategory=person))'" gets me an unscrambled objectSid, I figure someone out there knows how to put it into human-readable form. Celeste Suliin Burris Systems Administrator Tacoma Economic Development Department Email - [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Re: PDC from 2 to 3, SID headaches
Il 13/09/2004, alle ore 20:22, [EMAIL PROTECTED] ha scritto: >> Where does Samba 3 store the domain SID? I tried deleting > /etc/samba/secrets.tdb, to no avail. > > Indeed SID is stored in this database. You can use tdbdump to see what are Indeed it is, and today I found the cause for my problem: my fault. I was coming from a Mandrakelinux installation, where secrets.tdb sits in /etc/samba/, and moving to a Debian Woody installation, supposing the file position was the same. Wrong. Debian has the file in /var/lib/samba/. So I was simply deleting/replacing the wrong file. :-/ I now stopped Samba 3, replaced /var/lib/samba/secrets.tdb with the old one from Samba 2, restarted Samba 3, and finally had my new PDC with the old SID for both domain and server. Client logins are working fine without any changes. Thanks for your help. -- Ciao, Marco. ..."Dancing", Mike Keneally & Beer for Dolphins 2000 -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Signal 11 error
On Monday 13 September 2004 16:58, Tim Gibson wrote: > Hi, > > I posted this error last week from my log files: > > lib/fault.c:fault_report(37) INTERNAL ERROR: Signal > 11 in pid 16450 (3.0.2a) > > It is being generated about 5 time severy day. > Does anyone know what it means? It means that either one of your system libraries is causing a segfault or else a samba bug is being hit. It could be either, there have been many segfault fixes in Samba since 3.0.2. Suggest you update to 3.0.7. If the problem persists with that version please follow through so we can help find the cause. - John T. -- John H Terpstra Samba-Team Member Phone: +1 (650) 580-8668 Author: The Official Samba-3 HOWTO & Reference Guide, ISBN: 0131453556 Samba-3 by Example, ISBN: 0131472216 Hardening Linux, ISBN: 0072254971 OpenLDAP by Example, ISBN: 0131488732 Other books in production. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Signal 11 error
Hi, I posted this error last week from my log files: lib/fault.c:fault_report(37) INTERNAL ERROR: Signal 11 in pid 16450 (3.0.2a) It is being generated about 5 time severy day. Does anyone know what it means? Tim Gibson ___ Do you Yahoo!? Declare Yourself - Register online to vote today! http://vote.yahoo.com -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Migrate BACK to WINDOWS -> Talk me out of it QUICK
Not thinking about migrating back due to issues, it is more due to implementation needs and a little situation I have been wrestling with with for a bit now, and would love some feedback First a little history: We currently have 10 locations connected via a dedicated 1/2 T-1. Last year I migrated from a WINNT domain to a Samba/LDAP domain. It has been running great. Basically did this for license reasons as well as reduced administrative horror. NOW: We have just started to roll out Thinstation thin-clients that are connecting to Win TSRV servers. What is being planned is 1 Terminal Server per location. This will significantly reduce the adminstrative nightmare on multiple Windows boxes and centralize it. However, this is where I start to feel that I am having too many servers per location, seeing that the windows server could do what the Samba server is doing, I am in debate about moving back to windows (I have will need to licenses and boxes there anyhows) One other option is just ot house a ginormous WIN-TSRV at the central location. However, I am afraid of issues with printing back to the remote locations (pushing large files through the 1/2 T-1 to print). Another option is to remove the samba servers from the remote location, and just have a samba PDC with authenticating windows tsrv machines. - I dont like this option for some reason I really dont want to move away from the SAMBA backend, but at the same time dont want to stay with it just because I 'like it' and I 'want to'. So I am looking for discussion/arguements as to why I should stay with the Samba server and a win-tsrv server, as opposed to just moving to a MS backend. Please Obi-won Kenobi, you are our only help! thanks -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] mount.cifs doesn't do japanese?
On a FC2 system (which includes kernel 2.6.5 and samba-3.0.3), I am able to use "smbmount" to mount filesystems with japanese filenames on them by specifying codepage=cp932. But when I mount with "mount.cifs" the translation from SJIS to UTF-8 isn't done right: # uname -a Linux 5nave 2.6.5-1.358 #1 Sat May 8 09:04:50 EDT 2004 i686 i686 i386 GNU/Linux # smbclient --version Version 3.0.3-5 # mount.cifs --version mount.cifs version: 1.2 # # smbmount //my-server/share /mnt/my-server -o codepage=cp932 Password: # ls -l /mnt/my-server total 4194336 drwxr-xr-x 1 root root 4096 Sep 3 15:24 ææè # umount /mnt/my-server # mount.cifs //my-server/share /mnt/my-server -o codepage=cp932 Password: # ls -l /mnt/my-server total 131072 drwxrwxrwx 1 root root 0 Sep 3 15:24 ææ? # How can I make mount.cifs properly read Japanese filenames? Thanks, Dave -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Joining an AD domain without password
On Mon, Sep 13, 2004 at 04:42:04PM -0300, Andreas wrote: > On Mon, Sep 13, 2004 at 10:57:22AM -0300, Andreas wrote: > > samba-3.0.6, win2k will all patches from windowsupdate as of last > > friday > > > > Should it be possible to join an AD domain (win2k) without a password > > on the client side if the machine is already created in the ou=Computers > > container? I seem to be unable to do this: either "net ads join" will ask > > for a password or it will try with the current user's kerberos ticket and > > fail if this user doesn't have the right privileges. > > > > This seemed to work with "net rpc join" when win2k is not in its native mode. > > Am I missing something? > > When I created the computer account in w2k, I selected the "Authenticated users" > to be permitted to join the machine to the domain. From a winxp pro workstation, > I could use any user to perform the joining, but from samba only administrators > or members of the account operators group could join the domain. Is samba doing > something differently that I'm not aware of? Samba's "net ads join" is indeed different. I sniffed the join operation from winxp pro and samba-3.0.7. samba uses ldap to change attributes on AD (and it's here that is gets a permission denied error) and later on uses kerberos to change the machine's password. Winxp uses something completely different. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Joining an AD domain without password
On Mon, Sep 13, 2004 at 10:57:22AM -0300, Andreas wrote: > samba-3.0.6, win2k will all patches from windowsupdate as of last > friday > > Should it be possible to join an AD domain (win2k) without a password > on the client side if the machine is already created in the ou=Computers > container? I seem to be unable to do this: either "net ads join" will ask > for a password or it will try with the current user's kerberos ticket and > fail if this user doesn't have the right privileges. > > This seemed to work with "net rpc join" when win2k is not in its native mode. > Am I missing something? When I created the computer account in w2k, I selected the "Authenticated users" to be permitted to join the machine to the domain. From a winxp pro workstation, I could use any user to perform the joining, but from samba only administrators or members of the account operators group could join the domain. Is samba doing something differently that I'm not aware of? -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Browsing Sucks on VPN
Hi, I am using Samba on RH9 for providing namaing services. We were using WINS before for naming. On networking neighborhood, I can see all computers (when I am in the office), however when I am travelling, I am not able to see the list. Not only that, I am unable to connect to my computer using \\NameOfComputer. I can connect through \\MyIpAddress. I could see the list of computers when I was using WINS in the past. Does anyone know the solution to fix this on Samba. Your help would be highly appreciated. MSA -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Winbind - Getting W2K-User Names Problem
Hallo List, I have set up a SAMBA 3.0.7 as a ADS-Domain Member with Kerberos and/or rpc. Kerberos seems to work fine. net ads join ... was successfully. wbinfo -t : checking the trust secret via RPC calls succeeded wbinfo -u results in aschmidt agall aglock aklein aschaefer aturmus aweiche where I expected DOMAIN+agall DOMAIN+aklein What went wrong ?? Any hints are highly appreciated -- Thanx in advance!! Mit freundlichen GrÃÃen Bernhard Pallas Mail [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Re: machine account with w2k
As i remembered the smbusers by default mapped root to Administrator -- Kang -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Migrating to a new PDC
Hello, I don't know if my last message went through to the list. If so, kindly ignore it. I do have a question though. I am trying to migrate a Samba 2.2.7a PDC to another computer, as it shows signs of dying HW. I am using my copy of the How-To to adapt the NT4-style migration to Samba 3. I joined the new server to the domain, but when I run net rpc vampire, I get a message saying that the current domain conflicts with the local domain. The SIDs displayed are indeed different, so I thought it might help to run the net rpc getsid command. That doesn't seem to change the SID in such a way as to have run net rpc vampire successfully. Any thoughts on where I can go from here? Thanks, Dan -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] More on Update FC1 samba-3.0.6 breaks system
Hi again! What's even weirder is that the groups are being found without any problem. a listing with ls -l shows e.g. -rwxrw-r-- 1 2035 CENTRUM+DomÃnen-Admins 6164091 Jul 13 16:25 solakov.jpg typing setfacl -m g:CENTRUM+groupname:rw- worksm, but not on the userlevel. Any help woul¶d be appreciated. Many thanks, .peter -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] throughput of 300MB/s
Hi, I would like to emphasize that your protocol weather samba, nfs or even afp for that matter isn't the bottle neck as they are dependant on how well you; 1) config these protocols in terms of network tunning params 2) how well the OS is config'd in terms of its network params and deamons running, local file system used like reiferfs or xfs 3) how well the hardware is config'd in terms of bus speed of PCI bus, raid card throughput, drive throughput, network card throughput, etc... I've had a lot of customers throw out local theoretical #s of say Ultra 320 SCSI which are usually 60-70% of those figures in reality. Samba itself has been a blessing for many of my clients. Bri- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Re: Could not create posix account info
> When I do a slapcat, iam able to see the users user1, user2, user3.user9. > But when I try to authenticate from a WIN NT WORKSTATION with user9/password, (with the NT4 shutdown and samba acting as a BDC) > I am able to login only with the cached profile. use 'smbldap_usershow.pl user1' to see if you have both sambaUID and UID for user1. You suppose to have both after vampiring. Also, do the same with workstation names to see if you have the sambaNTPassword entry filled up. Notice the SID number, whether they are as expected. -- Kang -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Re: PDC from 2 to 3, SID headaches
> Where does Samba 3 store the domain SID? I tried deleting /etc/samba/secrets.tdb, to no avail. Indeed SID is stored in this database. You can use tdbdump to see what are in it. I don't think you need the smbpasswd -X if you are configuring a PDC. 'net rpc getsid' will get the domain SID and set it as your local SID. It is my understanding anyway. -- Kang -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] throughput of 300MB/s
Brian Krusic wrote: Hi, I've set it up for this purpose with a max sustained throughput of ~25-30MB/sec (megabytes). This was using p-ide on the backend and 3ware cards with RH9 and xfs and a mix of raid5 and raid10 (1+0). Yes, I have this too. It was my first idea to use samba, but I did not expect that samba is that slow. (Okay, windows server is even slower) This was with a gig e (non jumbo capable) network and tricks like increased TCP window sizes and the typical Samba tricks like TCP no delay etc... However even with NetApps or BlueArcs (both with fiber channel on the backend @ raid4), the sustained throughput according to my bro at R&H was like 45MB/sec. There are several things to consider like; - whats doing the file serving (fiber, ide, raid or striped) http://www.lustre.org/ It a parallel filesystem over network. (currenlty GiGE) Current benchmarks show that you do not need to worry about bandwidth on that part. - is it an OS or an appliance - is the net topology ethernet - is it gig e with jumbo frames - can the client handle that throuput Choosing a backend is key as well as your net topology. Also, look into http://www.myri.com/ for a fast topology. For disk i/o look into http://www.pvfs.org/. Or quadrics for network: http://www.quadrics.com/. Quadrics for example is capable of doing 1GB/s. But currently samba is the bottleneck. At least the benchmarks I found on the net were all (much) below < 100 MB/s, so I wanted to ask, if this is really true ? regards, Martin -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Update FC1 samba-3.0.6 breaks system
Hi! I have a curious problem. I updated my Fedora Core 1 box yesterday from samba-3.0.2 to samba-3.0.6. All the packages that were suggested by yum. I have the box join an NT4 Domain, and while yesterday before the update a smbstatus would list the users as CENTRUM+Username (CENTRUM is my NT Domain) today it refuses to do so, and any shares apart from the public ones are not available any more. I also use Posix ACLs and a "setfacl -m u:CENTRUM+Username:rw-" results in an error. All this worked beautifully before the upgrade. I use winbind and that seems to work. getent passwd lists all the users, getent group all the groups, the way it should. However a smbmount //box/share -o username=CENTRUM+username results in an access denied, where it had worked before. I am pretty desperate at this point having spent all day trying to find the problem, and short of downgrading and oping this would work, I can't find the problem. Many thanks for your help. Peter Huetmannsberger -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] smbmounting share with japanese name
I can use "net rpc share" to discover the names of shares on a windows computer that have Japanese characters in them. That works great. Now I want to mount those shares. But when I try to do so, it looks like this: # smbmount //myserver/新しいフォルダ -o iocharset=utf8,codepage=cp932 creating lame upcase table creating lame lowcase table 688: tree connect failed: ERRDOS - ERRnosuchshare (You specified an invalid share name) SMB connection failed # I have tried putting the argument in quotes (both double and single), to no avail. Any suggestions? Dave -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] throughput of 300MB/s
Hi, I've set it up for this purpose with a max sustained throughput of ~25-30MB/sec (megabytes). This was using p-ide on the backend and 3ware cards with RH9 and xfs and a mix of raid5 and raid10 (1+0). This was with a gig e (non jumbo capable) network and tricks like increased TCP window sizes and the typical Samba tricks like TCP no delay etc... However even with NetApps or BlueArcs (both with fiber channel on the backend @ raid4), the sustained throughput according to my bro at R&H was like 45MB/sec. There are several things to consider like; - whats doing the file serving (fiber, ide, raid or striped) - is it an OS or an appliance - is the net topology ethernet - is it gig e with jumbo frames - can the client handle that throuput Choosing a backend is key as well as your net topology. Also, look into http://www.myri.com/ for a fast topology. For disk i/o look into http://www.pvfs.org/. I've nevr been called upon to look into these but they look like a lot of fun. Bri- Network Consulting Services -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] throughput of 300MB/s
Hello, are there any experiences with samba as a _really_ fast server? Assuming if the filesystem and network is fast enough, has anyone managed to get a throughput in samba of of let's say 300 MB/s ? Are there any benchmarks? regards, Martin -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Offline Files won't sync after Samba upgrade
Dear Samba users, Having scanned this list archive, this problem has been raised several times over the past 12 months on this list, but mostly without any response. Now it's happened to us too, and I raise it again in case anybody has figured it out in the meantime. All our employees are provided with laptops, and spend a lot of time working offline. We make extensive use of the Offline Files capability of Win2K, synchronizing changes when back in the office, or over a VPN. This is our user-backup method, since it requires no effort from users and hence actually gets used. We've run like this for over 2 years without problems. We have recently switched running Samba 2.2.7-security-fix-rollup on RedHat 8. I'm not sure which Samba version that was - whatever shipped with RedHat 7.2 - but it didn't exhibit this problem. With the new version, trying to synchronize any file modification made while offline, fails with the message "Offline Files (\\server\user on server): Access to 'file.txt' is denied on \\server\user\my_folder. New files or modifications made while on-line sync OK. There is no problem accessing any file while online. A new file, created offline, synchronizes OK, i.e. sync only fails when the file already exists on the server. Oh, and it dumps an empty file for each failed sync with a name like "800BF4" (I presume it's Windows which makes this file). Hence a tedious workaround is to rename the file when offline, synchronize (which causes the old copy to be deleted on the server, and creates the new one) and then rename the file back again when online. I found two suggestions on this list which don't work: Setting chmod 777 on files on the server makes no difference (and anyhow, wasn't necessary before). Setting "force create mode = 0660" and "force directory mode = 0770" made no difference. If anybody has had this problem and found out how to fix it, please let us know. Does anyone know if the problem is fixed in 3.0.* for example? -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Winbind uid/gid issue.
Hello All, I've got Samba 3.0.4 running under Solaris 8 with AD support/Winbind... One issue I'm having that I need to fix is, all the files on the Solaris box are owned by uid's and gid's from my nis files... Now that winbind is running, when a user modifies a file, it is now owned by DOMAIN+AD-USERID and the same for the group... Then a lot of other people can't access those files. I'd like to have the files owned by the UNIX uid/gid and not the AD uid/gid Can I do this? I'd do something with the AD groups but unfortunately, I don't have any control or influence on the AD admin side of things. I haven't poured through the docs yet because I need to get this resolved fast... Thanks! ...Joe -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Samba without password
Hi: I'm sorry my English, I don't write english very well. I work with samba-3.0.0-15 and Fedora Core 2. My workstations is work in Windos XP and Win 98, I use SHARE Settings options. I try with logging to Samba and the proccess work, but my goal is to use the eviroment without create users in Samba (Autentification, transparent enviroment) I try to create a sharing public directory but without login in samba enviroment, could anybody help me? -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Login restrictions through winbind
On Mon, 2004-09-13 at 08:25, Wong, G. MR EECS wrote: > I have successfully setup a Red Hat Enterprise Linux AS 3.0 server that > allows Windows AD Users to login to it(through winbind). The problem is > that ALL such users can now do so. Is there a way to control which > users are allowed to login while others are denied access? groups Craig -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Login restrictions through winbind
In smb.conf you can allow users via valid users = DOMAIN\user or deny to specific users via invalid users = DOMAIN\user It works for me. Regards Simone Wong, G. MR EECS wrote: I have successfully setup a Red Hat Enterprise Linux AS 3.0 server that allows Windows AD Users to login to it(through winbind). The problem is that ALL such users can now do so. Is there a way to control which users are allowed to login while others are denied access? -- Email.it, the professional e-mail, gratis per te: http://www.email.it/f Sponsor: Biscotti perfetti? Metti la pasta dentro allo Sparabiscotti e...click click... biscotti pronti per essere infornati! Clicca qui: http://adv.email.it/cgi-bin/foclick.cgi?mid=2745&d=13-9 -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] short utf8 char
Hi everybody, I have thousands of messages in my samba log, relative to an charset issue: Sep 13 12:16:45 samba001 smbd[27926]: [2004/09/13 12:16:45, 0] lib/iconv.c:utf8_pull(514) Sep 13 12:16:45 samba001 smbd[27926]: short utf8 char In my smb.con, I used the following settings: preserve case = No short preserve case = No unix charset = UTF8 display charset = UTF8 dos charset = cp850 Is It possible to configure something more to avoid this kind of messages? What kind of error that can produce in my samba server? I try to find my answers reading the mailing list archives, but I can's see any answers for that question Help will be very apreciated, This is a large samba server in production, and times to times it's just crashes, without log anything else... With best regards, -- William Marques Scinergy Consulting Ltda. http://www.scinergy.com.br 55 (0XX21) 2224-3224 -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] System preferences
Dear Mr./Mrs., After installing and configurating Samba Sharing on my ibook G3, I tried to start up but after pushing the 'start button', System preferences just quits after about one minute, with the appearance of a message "Syst. Prefs. has unexpectadly stopped!" and the option of sending a bug report. The shared volume only then appears in the 'network window' after I activate the other computer icon in the finders 'network window' The Samba shared volume seems to work, but why doesn't the icon of the shared volume appear immediately after starting up 'Samba share'? with regards, Lou Buijs -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] smbf errors with kernel 2.6
Hello, I can't mount shares of some servers since I use kernel 2.6.x. As it works with smbclient and also with smbmount on kernel 2.4.x, I assume the problem lies within smbfs. Kernel version: 2.6.8.1 Samba version: 3.0.4 Dist: Debian unstable I get errors when I try to mount a share from OS/2 4.0: 1) smbmount everything's fine 2) cd into the mounted dir smbfs output: smb_setup_bcc: Packet too large 4257>4096 smb_add_request: request [f7298e80, mid=0] timed out! 3) ls in the mounted dir smbfs output: smb_receive_header: short packet: 0 smb_add_request: request [f7353e80, mid=1] timed out! Then ls says: ls: .: Input/output error 4) cd .. smbfs output: smb_get_length: Invalid NBT packet, code 39 smb_add_request: request [f736be80, mid=2] timed out! 5) umount everything's fine Also, it's not possible to mount a share from a server running Samba 3.0.6 on Suse with kernel 2.4.21. I get ``smb_add_request: request[xxx, mid=x] timed out!'' all the time, and this time also already when when I try to mount. I can mount shares, however, from other systems, namely all Windows versions and OS/2 3.0 If it is of any help, I could also supply samba logs and tcpdump dumps, although I couldn't find any error messages in the samba logs. Btw: I tried to enable SMBFS_DEBUG and SMBFS_DEBUG_VERBOSE in smbfs' Makefile, but that didn't change anything. Thanks in advance Alexej -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Login restrictions through winbind
I have successfully setup a Red Hat Enterprise Linux AS 3.0 server that allows Windows AD Users to login to it(through winbind). The problem is that ALL such users can now do so. Is there a way to control which users are allowed to login while others are denied access? -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] RPMs for SuSE Linux (was: Samba 3.0.7 Available for Download)
Hello, On Mon, Sep 13, 2004 at 06:55:36AM -0500, Gerald Carter wrote: [snip] > Binary packages are available at > > http://download.samba.org/samba/ftp/Binary_Packages/ RPM packages of Samba 3.0.7 for SuSE Linux are available at ftp://ftp.SuSE.com/pub/projects/samba/3.0/ The same packages are also available at http://download.Samba.org/samba/ftp/Binary_Packages/SuSE/3.0/ Please use a mirror close to your site. A list of Samba.org mirrors is available at http://Samba.org/ Also SuSE provides a bunch of mirrors. Lists are available for int http://www.SuSE.com/en/private/download/ftp/int_mirrors.html germany http://www.SuSE.com/de/private/download/ftp/inland.html In particular ftp://ftp.GwDG.de/pub/samba/Binary_Packages/SuSE/3.0/ is already up to date. Currently there are 3.0.7 packages for SuSE Linux i3868.1, 8.2, 9.0, 9.1, and SLES 9 x86_64 8.1, 9.0, 9.1, and SLES 9 Have a lot of fun... Lars -- Lars MÃLLER [ËlaË(r)z ËmÊlÉ] SuSE Linux AG, MaxfeldstraÃe 5, 90409 NÃrnberg, Germany pgpp99hu4FS1M.pgp Description: PGP signature -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] homedir login account issue
Shahid Hussain <[EMAIL PROTECTED]> schrieb am So, Sep 12: > I am having problem with Samba 2.x. > I am be able to login to Samba without a problem :). When I login to > "Shahid" account it directed to "/home/shahid" but I can still can see > another user home dir too? why that [...] > [global] >workgroup = MSHOME >netbios name = TEST >server string = FreeBSD Samba Server >encrypt passwords = Yes > > [Share] >comment = This is Share >path = /tmp >read only = No >guest ok = Yes > > [Shahid] >comment = Shahid Home Dir >path = /home/shahid >guest account = shahid >read only = No > > [Testing] >comment = Test Home Dir >path = /home/test >guest account = test >read only = No You don't need a entry for every "homedir". Delete the [Shahid] section and add the following to you smb.conf: [homes] comment = Home Directories valid users = %S browseable = No read only = No To hide the other Share use the option: browseable = No Hope this will help you. Regards, Thomas -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Re: BUG 1717 [was Re: Re: Samba 3.0.6 Problems w/AD and Kerberos]
Gerald (Jerry) Carter wrote:
> Josh T wrote:
> |
> | I then downloaded and compiled Samba 3.0.5 and
> | set it up. It was working last night, however
> | this morning I started having the same problems...
>
> Are the clocks drifting out of sync perhaps ? Can
> you send me a level 10 debug log of the complete
> failure? Please also include your /etc/krb5.conf
> and smb.conf file. Thanks.
>
Unfortunately, since it was a VMWare test machine, I have already
reverted back to the clean install. I then used the 3.0.5 debian
packages & Debian 1.2.4 MIT kerberos rather than locally compiling
anything and its been working fine, so maybe I did something wrong or
missed something when I downgraded the 3.0.6 to 3.0.5.
Anyway, I just upgraded the test machine via Debian packages to 3.0.6
and it definately breaks - log and config files follow. Let me know if
there's anything I can do to help figure this out. (Jerry - I can
privately mail you full logs, etc. if you still want them - corporate
policy makes me cautious in posting anything with real names/ip
addresses/etc.)
Josh
(snippet from log level = 10 log.ipaddress of a Windows 2000 SP 4 client)
[2004/09/13 09:00:21, 10] lib/util.c:name_to_fqdn(2501)
name_to_fqdn: lookup for VIRTUALSMB -> VIRTUALSMB.mydomain.local.
[2004/09/13 09:00:21, 10] passdb/secrets.c:secrets_named_mutex(701)
secrets_named_mutex: got mutex for replay cache mutex
[2004/09/13 09:00:21, 10]
libads/kerberos_verify.c:ads_secrets_verify_ticket(193)
ads_secrets_verify_ticket: enc type [16] failed to decrypt with error
Bad encryption type
[2004/09/13 09:00:21, 10]
libads/kerberos_verify.c:ads_secrets_verify_ticket(193)
ads_secrets_verify_ticket: enc type [1] failed to decrypt with error
Bad encryption type
[2004/09/13 09:00:21, 3]
libads/kerberos_verify.c:ads_secrets_verify_ticket(193)
ads_secrets_verify_ticket: enc type [3] failed to decrypt with error
Decrypt integrity check failed
[2004/09/13 09:00:21, 10] passdb/secrets.c:secrets_named_mutex_release(713)
secrets_named_mutex: released mutex for replay cache mutex
[2004/09/13 09:00:21, 3] libads/kerberos_verify.c:ads_verify_ticket(307)
ads_verify_ticket: krb5_rd_req with auth failed (Success)
[2004/09/13 09:00:21, 1] smbd/sesssetup.c:reply_spnego_kerberos(173)
Failed to verify incoming ticket!
[2004/09/13 09:00:21, 3] smbd/error.c:error_packet(129)
error packet at smbd/sesssetup.c(174) cmd=115 (SMBsesssetupX)
NT_STATUS_LOGON_FAILURE
### Here is the result of "klist tickets" on the W2K client:
Server: krbtgt/[EMAIL PROTECTED]
KerbTicket Encryption Type: RSADSI RC4-HMAC(NT)
End Time: 9/13/2004 17:24:18
Renew Time: 9/13/2004 10:24:18
Server: HOST/[EMAIL PROTECTED]
KerbTicket Encryption Type: Kerberos DES-CBC-MD5
End Time: 9/13/2004 10:24:18
Renew Time: 9/13/2004 10:24:18
Here is /etc/samba/smb.conf:
[global]
workgroup = MYDOMAIN
netbios name = VIRTUALSMB
security = ADS
realm = MYDOMAIN.LOCAL
encrypt passwords = true
password server = DC1.MYDOMAIN.LOCAL
hosts allow = 192.168.1. 127.
log file = /var/log/samba/log.%m
log level = 3
winbind separator = +
winbind uid = 1-2
winbind gid = 1-2
winbind enum users = yes
winbind enum groups = yes
winbind use default domain = yes
[data]
comment = Data Files
path = /data
read only = no
admin users = "@Domain Admins"
### Here is /etc/krb5.conf:
[libdefaults]
default_realm = MYDOMAIN.LOCAL
# The following krb5.conf variables are only for MIT Kerberos.
default_tgs_enctypes = des3-hmac-sha1 des-cbc-crc des-cbc-md5
default_tkt_enctypes = des3-hmac-sha1 des-cbc-crc des-cbc-md5
permitted_enctypes = des3-hmac-sha1 des-cbc-crc des-cbc-md5
krb4_config = /etc/krb.conf
krb4_realms = /etc/krb.realms
kdc_timesync = 1
ccache_type = 4
forwardable = true
proxiable = true
# The following libdefaults parameters are only for Heimdal Kerberos.
v4_instance_resolve = false
v4_name_convert = {
host = {
rcmd = host
ftp = ftp
}
plain = {
something = something-else
}
}
[realms]
MORTONSS109.LOCAL = {
kdc = DC1.MYDOMAIN.LOCAL
kdc = DC2.MYDOMAIN.LOCAL
admin_server = DC1.MYDOMAIN.LOCAL
}
ATHENA.MIT.EDU = {
kdc = kerberos.mit.edu:88
kdc = kerberos-1.mit.edu:88
kdc = kerberos-2.mit.edu:88
kdc = kerberos-3.mit.edu:88
admin_server = kerberos.mit.edu
default_domain = mit.edu
}
MEDIA-LAB.MIT.EDU = {
kdc = kerberos.media.mit.edu
admin_server = kerberos.media.mit.edu
}
ZONE.MIT.EDU =
[Samba] Joining an AD domain without password
samba-3.0.6, win2k will all patches from windowsupdate as of last friday Should it be possible to join an AD domain (win2k) without a password on the client side if the machine is already created in the ou=Computers container? I seem to be unable to do this: either "net ads join" will ask for a password or it will try with the current user's kerberos ticket and fail if this user doesn't have the right privileges. This seemed to work with "net rpc join" when win2k is not in its native mode. Am I missing something? -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] How can I mount a remote dos-partition?
Hi, I have a small network with 3 linux-servers including samba 3.0.4. The servers work very well. But now I want to share the hdds of my windows-and dos-clients outside the local network. So I have to mount the remote partitions on the different clients. On Win95/Win98/WinNT/Win2000 machines it works perfectly. But there are some old dos-clients (ms dos 5.0). After mounting a harddisk of one of these computers I get I/O errors, when I make ls at the mountpoint. For example: client: bush with hdd C server: oil mount -t smbfs -o username=..,passwd=.. //bush/C /export/bush/C ok, it seems to be mounted, but the ls command returns with I/O errors. What is going wrong? cu peter -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Samba 3.0 DoS Vulberabilities (CAN-2004-0807 & CAN-2004-0808)
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Subject:Samba 3.0.x Denial of Service Flaw Summary:(i) A DoS bug in smbd may allow an unauthenticated user to cause smbd to spawn new processes each one entering an infinite loop. After sending a sufficient amount of packets it is possible to exhaust the memory resources on the server. (ii) A DoS bug in nmbd may allow an attacker to remotely crash the nmbd daemon. Affected Versions: Defect (i) affects Samba 3.0.x prior to and including v3.0.6. Defect (ii) affects Samba 3.0.x prior to and including v3.0.6. Patch Availability: The patch file for Samba 3.0.5 addressing both bugs (samba-3.0.5-DoS.patch) can be downloaded from http://download.samba.org/samba/ftp/patches/security/ Description - --- CAN-2004-0807: A defect in smbd's ASN.1 parsing allows an attacker to send a specially crafted packet during the authentication request which will send the newly spawned smbd process into an infinite loop. Given enough of these packets, it is possible to exhaust the available memory on the server. CAN-2004-0808: A defect in nmbd's process of mailslot packets can allow an attacker to anonymously crash nmbd. Protecting Unpatched Servers - The Samba Team always encourages users to run the latest stable release as a defense of against attacks. However, under certain circumstances it may not be possible to immediately upgrade important installations. In such cases, administrators should read the "Server Security" documentation found at http://www.samba.org/samba/docs/server_security.html. Credits - Both security issues were reported to Samba developers by iDEFENSE (http://www.idefense.com/). The defect discovery was anonymously reported to iDEFENSE via their Vulnerability Contributor Program (http://www.idefense.com/poi/teams/vcp.jsp). - -- Our Code, Our Bugs, Our Responsibility. -- The Samba Team -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFBRYsPIR7qMdg1EfYRAmBYAJ914Te0hZZ0eHbMh7IBWxZpFCfKBwCgoMth BHW4DifB2E4x9kQXrYPWJqY= =8FIz -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Samba 3.0.7 Available for Download
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 This is the latest stable release of Samba. This is the version that production Samba servers should be running for all current bug-fixes. There have been several important issues fixes since the 3.0.6 release. See the "Changes" section for details on exact updates. Common bugs fixed in 3.0.7 include: ~ o Fixes for two Denial of Service vulnerabalities ~(CVE ID# CAN-2004-0807 & CAN-2004-0808). ~ o Winbind failure to return user entries under certain ~conditions. ~ o Syntax errors in the OpenLDAP schema file (samba.schema). ~ o Printing errors caused by not setting default values ~for the various printing commands. smb.conf changes - ~Parameter Name Action ~-- -- ~winbind enable local accounts disabled by default The source code can be downloaded from : http://download.samba.org/samba/ftp/ The uncompressed tarball and patch file have been signed using GnuPG. The Samba public key is available at http://download.samba.org/samba/ftp/samba-pubkey.asc Binary packages are available at http://download.samba.org/samba/ftp/Binary_Packages/ The release notes are also available on-line at http://www.samba.org/samba/whatsnew/samba-3.0.7.html Our Code, Our Bugs, Our Responsibility. (https://bugzilla.samba.org/) --Enjoy The Samba Team - -- - - Alleviating the pain of Windows(tm) --- http://www.samba.org GnuPG Key- http://www.plainjoe.org/gpg_public.asc "If we're adding to the noise, turn off this song"--Switchfoot (2003) -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFBRYq4IR7qMdg1EfYRAkhUAKCFWWZAW5eONeTBHbdUni4+tSQUoQCffqr5 iIfMoAYDsa9B6rbZv+NEhPM= =mH7O -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Samba 3.0.6 & Krb5-1.3.4 problems
Hello fellow Samba Administrators. We've been serving data with samba2 to our company for 1 1/2 year now. Now we want to go one step further: Samba 3 with ADS integration. I've installed a test Linux box (2.6.8 Slackware 10.0) and installed the following software form source: x Linux-PAM-0.77 (pain ./configure) x openldap-2.2.15 (./configure --disable-slapd --disable-slurpd) x acl-2.2.15 (plain ./configure & make install-dev) x krb5-1.3.4 (./configure --prefix=/usr/local/kerberos --without-krb4 --enable-dns --enable-dns-for-kdc --enable-dns-for-realm --enable-shared) x samba-3.0.6 (./configure --prefix=/usr/local/samba --with-smbwrapper --with-dce-dfs --with-ads --with-smbmount --with-pam --with-libsmbclient --with-acl-support --with-winbind --with-krb5=/usr/local/kerberos --with-quotas --with-ldap) Sofar so good. Since everything works as i expected it to work. i was able to join the samba server to the ADS i can connect form a windows 2000 client to the shares. i can use the ADS groups and users on the samba server (which is s god! :) ) and everything is fine. but. I cant manage the permissions form a windows client... i get the "permission denied" message each and every time i try to save changes i made to the permissions of a share... i dont know if this has anything to do with the following error message i got in my log.smbd: smbd/kerberos_verify.c:ads_keytab_verify_ticket(61) ads_keytab_verify_ticket: krb5_kt_start_seq_get failed (No such file of directory) smbd/sesssetup.c:reply_spnego_kerberos(265) make_server_info_from_pw failed! i get this messages like every time i connect to a samba share... and every time i do something to the share (touching files, folders etc.) anyone have to same problem? help badly needed here... thanks Daniel -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Modifying ACL's from client without using winbind
My situation is pretty simple but I'm not able to figure out this last bit (any help is greatly appreciated). I have a Samba3 server that is a standard NT member of an Active Directory. All domain user's have matching local accounts, and the domain groups that are involved also have matching local groups. Clients can set permissions within the shares but are *unable* to add or remove users/groups from those acls. Do I need to configure some kind of additional user or group mapping? Thanks in advance, Christian -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] SAMBA configuration on windows!
Hi, I have installed samba on unix tier production support machine, I would like to know the process involved to configure on windows machine interms of access unix file system on windows. Scenerio: Samba installed on ClearCase VIEWs(HP-UX 11.11) server and created a VIEW called 'user_view_build1' on /home/user/user_view_build.vws, and I would map this VIEW on windows machine and do the necessay build. Please do let me know the configuration part on windows client area. Thanks & regards, Venkata Kedarnadh. B -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] CUPS Printer Class support?
On Friday 10 September 2004 19:47, Ryan Suarez wrote: > Greetings Admins, > > We run cups 1.1.20 with samba 3.0.4 on debian woody to serve > point'n'print to Win2K/XP clients. > > Does samba support CUPS Printer Classes? How do you install these in > samba? > > regards, > Ryan Samba handles CUPS classes just like ordinary printers. There's no difference between them. You should upgrade your Samba version to 3.0.6. There have been some bugs in the printing code in earlier versions. Bye, Martin -- Martin Zielinski [EMAIL PROTECTED] Software Development SEH Computertechnik GmbH www.seh.de -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] samba client warning for password transmitted with noencryption
Hello, I am newbie in linux, and have security problems with samba. I installed samba server on a box b1 (v2.2.7a), and samba client is not my last and second box b2. They both run under linux (RH9 distribution). It seems to be installed correctly, but I have 2 strange things: 1) I cannot locate why when I get a connection with nautilus, the popup window tells me that password will be transmitted with no encryption. 2) When I start samba in nautilus, the popup window asking for a user/password re-opens twice after I have filled it for the very 1st time. Does somebody know why it reopens? Filling again and clicking OK, or clicking Cancel has the same effect: I can access. Is this a bug, or a bad configuration? I have set a smbpasswd file on samba server, and did the procedure to migrate passwords from linux to samba. Can I have some advices, please ? Thanks, xavier. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Samba 3 PDC
Hi! I have the following samba config file: server string = %h Samba PDC Server interfaces = eth0, lo bind interfaces only = Yes passdb backend = ldapsam:ldap://10.0.0.3 passwd program = /root/tools/smb/smbldap-passwd.pl '%u' log level = 2 syslog = 0 log file = /var/log/samba/%m max log size = 5 smb ports = 139 445 name resolve order = wins bcast hosts time server = Yes show add printer wizard = No add user script = /root/tools/smb/smbldap-useradd.pl -a -m '%u' delete user script = /root/tools/smb/smbldap-userdel.pl %u add group script = /root/tools/smb/smbldap-groupadd.pl -p '%g' delete group script = /root/tools/smb/smbldap-groupdel.pl '%g' add user to group script = /root/tools/smb/smbldap-groupmod.pl -m '%u' '%g' delete user from group script = /root/tools/smb/smbldap-groupmod.pl -x '%u' '%g' set primary group script = /root/tools/smb/smbldap-usermod.pl -g '%g' '%u' add machine script = /root/tools/smb/smbldap-useradd.pl -w '%u' logon script = logon.bat logon path = \\%L\profiles\%U logon drive = H: logon home = \\%L\%U domain logons = Yes os level = 65 preferred master = Yes domain master = Yes wins support = Yes ldap admin dn = cn=admin,dc=intra,dc=net ldap group suffix = ou=Groups ldap machine suffix = ou=Computers ldap suffix = dc=aitia,dc=ai ldap ssl = no ldap user suffix = ou=Users admin users = Administrator printer admin = Administrator [netlogon] comment = Loging Service path = /media/nfs/samba/new/netlogon guest ok = Yes browseable = No locking = No [homes] comment = Home Directories read only = No create mask = 0700 directory mask = 0700 browseable = No I have some problem: 1. in my syslog appears the following: <= bdb_equality_candidates: (uniqueMember) index_param failed (18) what means this? 2. I have a test user and if I made this user member of Domain Admins then a the windows can't load it's profile. 3. If a user it's not member of DOmain Admins then the logon.bat don't run on logon, but if it's member the the problem 2 appears. Best regards bzg -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
