[Samba] Problem with Excel on a share with ACLs
Hi, I am experiencing the problem as described in http://us1.samba.org/samba/docs/man/Samba-Guide/kerberos.html#id2562652 Unfortunately the remedy/workaround as described there does not work in the more general case of ACLs. Problem description: - User A owns file F. - User B has rw access to F via a user ACL - Group G has rw access to F via a group ACL - User B edits the excel file F - User B saves file F. - File F gets stored with user B being the owner and with read-only permissions (this behaviour is specific to samba/excel and does not happen with a W2K server) - Due the concept of effective ACLs the file cannot be modified by user A anymore even though that user A belongs to the supplementary group B which has rw access The initial problem is that Samba 3 behaves differently from a W2K server. In contrast to Samba 3 Windows does keep the ownership when a file is edited even though technically Excel does an intermediate copy. I am aware of the fact that Samba 3 is nothing more than a plain user process running with the credentials of the connected user. So when creating a new file the ownership must be the user and therefore cannot be preserved. But with traditional unix: - User B edits the file F which is owned by user A - User B is granted rw access via group permissions - The ownership, group and access mode is _preserved So the question remains if it is possible to preserve the ACLs when editing a file with Excel? Somehow a Windows server does not really create a new intermediate file which is then renamed to the original filename. It looks to me that instead of - create new file intermediate file - delete original file by renaming new file it would be better if samba would do the following - create new file intermediate file - "cat" contents of the intermediate file on the _existing_ file This would imho allow to preserver the ownership and the ACLs. In order to establish understanding I repeat myself using pseudo shell commands. Current Samba behavior: - echo "data" > intermediate_file # user B is storing the file - mv intermediate_file original_file # user B is now the owner of the file Proposed Samba behavior: - echo "data" > intermediate_file - cat intermediate_file > original_file # contents of intermediate file # is propagated to the original file # without loosing ownership and without # changes to the ACLs Anyone else has the same problem and knows about a remedy which works in environments with _many_ users sharing files in complex manners? Yours, -- martin Dipl.-Phys. Martin Konold e r f r a k o n Erlewein, Frank, Konold & Partner - Beratende Ingenieure und Physiker Nobelstrasse 15, 70569 Stuttgart, Germany fon: 0711 67400963, fax: 0711 67400959 email: [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Samba, CUPS, or ?
I've been going over a problem and haven't been able to resolve it. I think I've narrowed the problem down to Samba, but I could use some advice on this. A few weeks ago I installed a print and fax server for a client. I used an old PII system with 64 MB RAM, SUSE Pro 9.1, configured to use Samba and HylaFAX. There are 8 client workstations running Window 98 SE (most of the systems are PII and PIII, so Win98 is the best solution for now). After getting the kinks out it worked perfectly for about 1.5 weeks. Then, one of the people used a different system and sent a print job from a DOS app through a captured printer port. The printer driver was for a Brother HL-1440 laser, but the job was going to a HP LaserJet 5Si (the printer connected to the print/fax server). It spewed garbage until one of the users finally went to the printer and cancelled the job. Since then most of the users can't print from either Windows or DOS apps to the 5Si. And sometimes some of them can, but they lose the capability later. Sometimes they get an error message "invalid access code" or a system error. The reason I think it's Samba is, none of the systems see the printer in network neighborhood. They DO see the system, a couple of folders I've made available for admin and testing purposes, and the pdf printer Samba has, but no longer see the 5Si, which they should see as hp_laserjet5si. I've checked to see, through ldd, the proper linking of Samba to the required printing and CUPS libs. They're there. The printer works properly from the server itself from the command line and from within scripts (the client wanted the faxes to print automatically upon receipt, and they continue to print out properly). I looked in /var/spool/samba and I saw a number of files, with the usernames of the people who submitted the jobs, and the group users. But all the files were 0 bytes. When I tried to print one from the command line, it gave a stdin nothing found message (approximate message, I forget the word for word). If it was one system, I'd guess a windows problem. But the browse and 0 byte for printer jobs is unusual. I've never seen Samba do this before. I've reset the server (not necessary, I know, but just in case) and manually restarted the Samba (smbd, nmbd) daemons, the windows systems still don't see the printer. To add to the issue, a file server set up a couple of years ago with SUSE 7.3 Pro is at Samba 2.2. Thinking this may be a conflict between Samba versions on the same network, I shutdown the file server, shutdown and restarted the print/fax server, and restarted the windows workstations. This didn't help. As a last try, thinking the print/fax server itself may have some problem, and to eliminate it as a variable, I set up a different system and set it up as the first print/fax server and the same thing happened. I'm totally stumped on this. Any suggestions would be appreciated. Thanks, Mark Here is the smb.conf file: # smb.conf is the main Samba configuration file. You find a full commented # version at /usr/share/doc/packages/samba/examples/smb.conf.SuSE # Date: 2004-04-06 [global] workgroup = WORKGROUP interfaces = 127.0.0.1 eth0 bind interfaces only = true load printers = yes printing = cups printcap name = cups printer admin = @ntadmin, root, administrator map to guest = Bad User [homes] comment = Home Directories valid users = %S browseable = No read only = No [public] comment = a place for common stuff for all users path=/home/public writeable = no browseable = yes read only = yes [users] comment = All users path = /home writeable = Yes inherit permissions = Yes veto files = /aquota.user/groups/shares/ [groups] comment = All groups path = /home/groups writeable = Yes inherit permissions = Yes [pdf] comment = PDF creator path = /var/tmp printable = Yes print command = /usr/bin/smbprngenpdf -J '%J' -c %c -s %s -u '%u' -z %z create mask = 0600 [printers] comment = All Printers path = /var/spool/samba public = yes guest ok = yes writable = no printable = Yes create mask = 0600 browseable = No printer admin = root, @ntadmins [recd-faxes] comment = received faxes path = /var/spool/fax/recvq create mask = 0600 browseable = Yes read only = Yes [print$] comment = Printer Drivers path = /var/lib/samba/drivers write list = @ntadmin root users guest force group = ntadmin create mask = 0664 directory mask = 0775 -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] RE: Samba 'make install' chokes on textproc/expat2 & now openldap
At 14:24 9/19/2004, [EMAIL PROTECTED], wrote: >Personally, unless one has great need not to, I highly recommend upgrading >to samba3 to start with. The perfomance gains alone I found well worth it. >Plus if you plan to integrate into a network with 2k/XP/2K3, it will greatly >improve compatibility. OK. I tried to install samba 3.0.7,1. Got the same error: === textproc/expat2 is already installed - perhaps an older version? If so, you may wish to `make deinstall' and install this port again by `make reinstall' to upgrade it properly. If you really wish to overwrite the old port of textproc/expat2 without deleting it first, set the variable "FORCE_PKG_REGISTER" in your environment or the "make install" command line. === So, I went to: /usr/ports/textproc/expat2/ and entered: 'make deinstall' then entered: 'make reinstall' That seemed to work. So I went back to: /usr/ports/net/samba3/ and again entered: 'make install' Got another error: ~~ ===> samba-3.0.7,1 depends on shared library: ldap-2.2.7 - not found ===>Verifying install for ldap-2.2.7 in /usr/ports/net/openldap22-client = You can build openldap-client-2.2.15 with the following options: WITH_SASL with (Cyrus) SASL2 support = Dependency warning: used OpenSSL version contains known vulerabilities Please update or define either WITH_OPENSSL_BASE or WITH_OPENSSL_PORT *** Error code 1 Stop in /usr/prts/net/openldap22-client. *** Error code 1 Stop in /usr/ports/net/samba3. ~~ OK. I Googled for this problem with all sorts of variations of keywords, and nothing showed that would point me in the right direction. What is the simple way to get past this and install Samba >-Original Message- >From: W. D. [mailto:[EMAIL PROTECTED] >Sent: Sunday, September 19, 2004 9:18 PM >To: [EMAIL PROTECTED]; [EMAIL PROTECTED] >Subject: Samba 'make install' chokes on textproc/expat2 > > >Can't get Samba 2.2.11 to install. Has anyone encountered >a problem with textproc/expat2? Start Here to Find It Fast! -> http://www.US-Webmasters.com/best-start-page/ $8.77 Domain Names -> http://domains.us-webmasters.com/ -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Samba Client in Windows Domain
I have a client Samba 3.0 in Redhat 9.0 to authenticate users using winbind. The users are created in a Windows 2000 machine (this machine is the PDC). How do I in order that the users mount his directory of the PDC as /home/user1 in local machine on automatic way when them logon? My smb.conf is: [global] workgroup = MYDOMAIN server string = Samba Server security = DOMAIN password server = * encrypt passwords = yes smb passwd file = /etc/samba/smbpasswd unix password sync = Yes passwd program = /usr/bin/passwd %u passwd chat = *New*UNIX*password* %n\n *ReType*new*UNIX*password* %n\n *passwd:*all*authentication*tokens*updated*successfully* socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 local master = no os level = 33 domain master = no preferred master = no winbind uid = 1-2 winbind gid = 1-2 winbind enum users = yes winbind enum groups = yes winbind separator = . template homedir = /home/%U template shell = /bin/bash2 My /etc/nssswitch.conf is: ... passwd:compat winbind shadow:compat group: compat winbind ... My /etc/pam.d/syst-auth is: #%PAM-1.0 # This file is auto-generated. # User changes will be destroyed the next time authconfig is run. authrequired /lib/security/$ISA/pam_env.so authsufficient/lib/security/$ISA/pam_unix.so likeauth nullok authsufficient/lib/security/$ISA/pam_smb_auth.so use_first_pass nolocal authsufficient/lib/security/$ISA/pam_winbind.so use_first_pass authrequired /lib/security/$ISA/pam_deny.so account required /lib/security/$ISA/pam_unix.so account sufficient/lib/security/$ISA/pam_winbind.so use_first_pass passwordrequired /lib/security/$ISA/pam_cracklib.so retry=3 type= passwordsufficient/lib/security/$ISA/pam_unix.so nullok use_authtok md5 shadow passwordsufficient/lib/security/$ISA/pam_winbind.so use_first_pass passwordrequired /lib/security/$ISA/pam_deny.so session required /lib/security/$ISA/pam_limits.so session required /lib/security/$ISA/pam_unix.so session sufficient/lib/security/$ISA/pam_winbind.so use_first_pass My /etc/fstab is: ... //PDC/user1/home/user1 smbfs credentials=/home/user1/.smbpassword,workgroup=MYDOMAIN 0 0 My /home/user1/.smbpassword is: username = user1 password = user1 Regards, -- Abigail Anzola -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] upgrading samba
Hello, I'm looking to upgrade my Samba from 3.0.4 to 3.0.7. Samba is my PDC currently. Are there any issues that I need to be aware of before I upgrade? Will I need to re-join the domain after the upgrade? Rohan Gilchrist [EMAIL PROTECTED] http://www.e-mailme.org/~rohan/ 0412 648 909 *** This e-mail and any files transmitted with it are privileged and confidential information intended for the use of the addressee. The confidentiality and/or privilege in this e-mail is not waived, lost or destroyed if it has been transmitted to you in error. If you have received this e-mail in error you must: (a) not disseminate, copy or take any action in reliance on it; (b) please notify the sender immediately by return e-mail; and (c) please delete the original e-mail. Except as required by law, we do not represent, warrant and/or guarantee that the integrity of this communication has been maintained nor that the communication is free of errors, virus, interception, inference or interference. *** -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Network Drives Dropping Out
Hi All, I am looking after a site that is running redhat 7.2 and Samba 3.0.2a-1. There is a mixture of Windows 98 and Windows XP clients on the network. Recently the Windows XP clients have been having problems with mapped network drives. The drives map fine but certain times during the day users get access denied error messages when accessing the drives. This lasts for a few minutes and without having to touch anything they are back working normally. Sometimes the drives in XP also come up with red 'x' next to them. Has anyone seen this before? Cheers -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Cannot join SAMBA domain from XP/2K
For me either... cause I traced down that advice and did try to put everything in one LDAP container (well before posting to the List). It didn't help... deff wrote: On Saturday 18 September 2004 21:31, Alexei Monastyrnyi wrote: And what was the result of that struggle? Didi you make it work? Yes, I did. In some other thread someone mentioned that it is mandatory to put all users and machines accounts to ou=People due to some weird samba design decision. However, it isn't mentioned in any howto, neither official nor idealx's, and samba doesn't complain about it in any way either. Too bad...for me. deff wrote: UPDATE THE DOCS!!! For christ's sake, I've killed 3 days over this. And i'm pretty sure i'm not the only one. On Friday 17 September 2004 16:57, Alexei Monastyrnyi wrote: Hi List. I've got SAMBA 3.0.7 with LDAP passwd backend (OpenLDAP 2.2.15) on Solaris 9 box. When joining the domain I have permanent error "The user name could not be found". To add machine I use account "administrator" which is already exist in SAMBA/LDAP with uid=0 and proper password. I have "add machine script" directive in smb.conf file and I see that it works when I try to join the domain. add machine script = /usr/local/sbin/smbldap-useradd -w %u This script is from IDEALX smbldap-tools 0.8.5 package which is supposed to be comparaible with SAMBA 3.0. In the IDELX doc file they say that "add machine script" adds only Posix stuff for machine LDAP account. And the rest should be added automatically during join process. So, Posiix account for machine is successfully created but not BAMBA one. And in LDAP log file I see no attempts from SAMBA server to do that. Neither see I errors in SAMBA log. My question is: what are the steps during the domain join process with SAMBA + LDAP as backend? Thanks for any hint. A. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba NT Domain Controller Help & Possible Walkthrough Please
On Sunday 19 September 2004 05:15, Debug Account wrote: > Hello, > > Here is my samba config, and prolly ldap or kerbros as my password backend. > > - attached file -- > # Global parameters > [global] > workgroup = HINATA-INN-NT-PDC Your problem is that Windows domain names can't be longer than 15 characters. It is Microsoft's design, but it would be great if someone did mention this in samba's docs. It took me quite a few hours to figure this. Grrr. deff > netbios name = HINATA-INN-NT-PDC > netbios aliases = Hinata-Inn-NT-PDC > server string = Hinata-Inn's Network PDC > encrypt passwords = Yes > update encrypted = Yes > password server = * > passwd program = /usr/bin/passwd %u > passwd chat = *New*UNIX*password* %n\n *ReType*new*UNIX*password* %n\n > *passwd:*all*authentication*tokens*updated*successfully* password level = 8 > username level = 8 > unix password sync = Yes > log file = /var/log/samba/log.%m > max log size = 50 > socket options = TCP_NODELAY SO_SNDBUF=8192 SO_RCVBUF=8192 > logon path = \\%L\Profiles\%U > domain logons = Yes > os level = 64 > domain master = Yes > dns proxy = No > wins support = Yes > > [homes] > comment = Home Directories > read only = No > browseable = No > > [printers] > comment = All Printers > path = /var/spool/samba > printable = Yes > browseable = No > > --- GÃmes GÃza <[EMAIL PROTECTED]> wrote: > > Debug Account Ãrta: > >Hello, > > > >Well a How-To Guide said to use that command after everything is setup. I > > tried using Windows 2000 Client to join the domain, but it would not, > > said domain dns lookup failed. Any help? > > > >Mike > > > >--- GÃmes GÃza <[EMAIL PROTECTED]> wrote: > > > >Debug Account Ãrta: > >>Hello everyone, > >> > >>I have done my reading & research and everything I try is coming to > >> different errors, so I am going to beg & pray someone here can help me > >> with my problem. I appericiate any help in advance! I am running Samba > >> 2.2.11 on a RedHat Linux 7.3 Server, connected to a network of Windows > >> 2000 & XP Machines. I want to configure Samba to be the Domain > >> Controller for my other machines. Before I was getting an error on a old > >> copy of Samba (2.2.2a i think), then I upgraded to 2.2.11, and when I > >> run the smbpasswd -j domainname , I get this error: > >> > >>ERROR: Must have both SECURITY = DOMAIN and ENCRYPT PASSWORDS = YES! > >> > >>My Security = Users > >>and Encrypt Passwords = Yes > >> > >>I want Samba to be the domain controller, > > > >Then why do you want it to join its own domain? > >You just need to have domain logons = yes for a domain controler and > >domain master = yes if this is the primary domain controler (which is > >the case, if this is the first, or the only one domain controler on your > >network). > >And then join the clients to this newly created domain. > > > >>I don't want to have samba rely on Windows2k as the domain controller, so > >> this is why I don't have it set Security = Domain. If anyone can please > >> provide me with some very helpful information or a small working config > >> file, please do. > >> > >>Domain name = Hinata-Inn-NT > >>Domain Controller's PC Name: Tama-Chan-PDC > >>Description: Hinata Inn's Network PDC > >> > >>Thank you very much, > >>Mike > >> > >>_ > >>Are you a Techie? Get Your Free Tech Email Address Now! Visit > >> http://www.TechEmail.com > > > >Cheers, > > > >Geza > > > > > >_ > >Are you a Techie? Get Your Free Tech Email Address Now! Visit > > http://www.TechEmail.com > > I supose you should have > workgroup = Hinata-Inn-NT > instead of > Domain name = Hinata-Inn-NT > but we (the list) could give you more help if you would post your actual > smb.conf, so that we could tell you wat's wrong with it. > Other question: what kind of password backend are you wanting to work > with tdbsam, ldapsam, or other. > > Cheers, > > Geza > > > _ > Are you a Techie? Get Your Free Tech Email Address Now! Visit > http://www.TechEmail.com -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Cannot join SAMBA domain from XP/2K
On Saturday 18 September 2004 21:31, Alexei Monastyrnyi wrote: > And what was the result of that struggle? > Didi you make it work? > Yes, I did. In some other thread someone mentioned that it is mandatory to put all users and machines accounts to ou=People due to some weird samba design decision. However, it isn't mentioned in any howto, neither official nor idealx's, and samba doesn't complain about it in any way either. Too bad...for me. > deff wrote: > >UPDATE THE DOCS!!! > >For christ's sake, I've killed 3 days over this. > >And i'm pretty sure i'm not the only one. > > > >On Friday 17 September 2004 16:57, Alexei Monastyrnyi wrote: > >>Hi List. > >> > >>I've got SAMBA 3.0.7 with LDAP passwd backend (OpenLDAP 2.2.15) on > >>Solaris 9 box. > >> > >>When joining the domain I have permanent error "The user name could not > >>be found". > >>To add machine I use account "administrator" which is already exist in > >>SAMBA/LDAP with uid=0 and proper password. > >> > >>I have "add machine script" directive in smb.conf file and I see that > >>it works when I try to join the domain. > >> > >>add machine script = /usr/local/sbin/smbldap-useradd -w %u > >> > >>This script is from IDEALX smbldap-tools 0.8.5 package which is supposed > >>to be comparaible with SAMBA 3.0. > >>In the IDELX doc file they say that "add machine script" adds only Posix > >>stuff for machine LDAP account. And the rest should be added > >>automatically during join process. > >>So, Posiix account for machine is successfully created but not BAMBA one. > >>And in LDAP log file I see no attempts from SAMBA server to do that. > >>Neither see I errors in SAMBA log. > >> > >>My question is: what are the steps during the domain join process with > >>SAMBA + LDAP as backend? > >> > >>Thanks for any hint. > >> > >>A. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Re: Samba 'make install' chokes on textproc/expat2
it is rekommended to install Samba 3.0.7 instead since 2 series of samba is obsolete and for the problem you will have to send some error message On Sun, 19 Sep 2004 14:17:30 -0500, W. D. <[EMAIL PROTECTED]> wrote: > Can't get Samba 2.2.11 to install. Has anyone encountered > a problem with textproc/expat2? > > Start Here to Find It Fast!â -> http://www.US-Webmasters.com/best-start-page/ > $8.77 Domain Names -> http://domains.us-webmasters.com/ > > ___ > [EMAIL PROTECTED] mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to "[EMAIL PROTECTED]" > -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Samba 'make install' chokes on textproc/expat2
Can't get Samba 2.2.11 to install. Has anyone encountered a problem with textproc/expat2? Start Here to Find It Fast! -> http://www.US-Webmasters.com/best-start-page/ $8.77 Domain Names -> http://domains.us-webmasters.com/ -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Re: Samba Configuration Options for small 2-3 person office?
At 08:11 9/19/2004, Matthew Seaman wrote: >Re Samba Configuration Options.emsConfiguration Options.ems <0880.0002>> >Content-Type: text/plain; charset=us-ascii >Content-Disposition: inline > >On Sun, Sep 19, 2004 at 02:28:22AM -0500, W. D. wrote: >> After 'make install', this appears: >> >> l samba configuration options qk >> x x >> x Please select desired options: x >> x lqqk x >> x x [ ] syslog With syslog support x x >> x x [ ] ssl With ssl supportx x >> x x [ ] ldap With LDAP2 support x x >> x x [ ] nocups Without CUPSx x >> x x [ ] acl With ACL supportx x >> x x [ ] utmp With UTMP support x x >> x x [ ] msdfsWith MSDFS support x x >> x x [ ] quotaWith Quota support x x >> x x [ ] recycle With Recycle Binx x >> x x [ ] auditWith Audit x x >> x x [ ] winbind With Winbindx x >> x x [ ] wbauth With Winbind Auth Challenge x x >> x mqqj x >> tqqu >> x[ OK ] Cancel x >> mqqj >> >> Which should be checked? > >The answer to that depends very much on your environment and what you >are trying to do with Samba. > >However, the rules of thumb are: > >* If you don't know what an option does leave it on the default setting. > >* Don't turn on anything unless you actually need that functionality. > >All of those options switch on or off corresponding optional parts of >the Samba suite -- refer to the documentation supplied with the Samba >sources and on the http://www.samba.org/ website to find out what they >all do and to if you need them. Be prepared to iterate through >re-building the port a few times until you get the settings right -- >use the command 'make configure' to change the settings, as you won't >automatically get that pop-up again once you've been through it once. > >Cheers, > >Matthew OK, I'm gonna leave them all blank. ;^) Start Here to Find It Fast! -> http://www.US-Webmasters.com/best-start-page/ $8.77 Domain Names -> http://domains.us-webmasters.com/ -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] samba w/ ldap - groups scalability and performance
Paul Gienger wrote: in the logs. This is correct because I'm no longer allowing samba to find the users primary group. It's not clear to me yet that this is really a problem as nothing's been noticed. But, it does concern me, plus it's extra noise in the log files. Now you could fix that by making everyone's primary group some group that is defined for the purpose of making samba shut up, but then you'd run into this nice issue that using secondary groups in samba with an LDAP backend on recent patchlevels is broken. We use LDAP for many applications, not just samba, for example, login to a unix host. And, all our permissions are based upon the idea that a user has their own group. This would be a very large change to our infrastructure that I don't want to undertake if there's another way. I did however consider this originally though, but I guess I'm not sure a single LDAP group with 14,000 members is going to be manageable or scalable either. I thought the secondary groups problem was only with Solaris 9, at a specific patch level? We are using Solaris for file servers but not the PDC and we are only at Solaris 8. Have I misunderstood the secondary groups problem? As a more helpful note, how does using nscd affect your performance issues? As far as I know, it doesn't. We are running it. However, it's my understanding that nscd only cache's info that the OS would request via system calls such as getgrent(), getgrgid(), getgrnam() or initgroups(). Samba makes it's own LDAP calls directly. BTW: any app that uses getgrent() exhibits this same behavior. Our mail app (cyrus) did that and caused our LDAP server to die under the load as well. We had to go with a similar 'restrict the groups' ldap configuration. -- Marlys A. Nelson Sr. Network Specialist Information Technology Services Network Services University of Wisconsin - River Falls 715/425-4357 410 South Third StreetEmail: [EMAIL PROTECTED] River Falls WI 54022http://www.uwrf.edu/ -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Re: Status
This is automated reply to your email. You have sent an email to an address that is no longer used at Membership+ Your email has not been received by anyone at Membership+. We apologize for this inconvenience. If you are trying to contact someone at Membership+, please visit our support page located online at http://www.membershipplus.net/support.shtml Also, if you could, please let us know which email address you were trying to contact us at, and where you obtained that email address. Thank you for contacting Membership+. Membership+ Staff http://www.membershipplus.net -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] samba w/ ldap - groups scalability and performance
in the logs. This is correct because I'm no longer allowing samba to find the users primary group. It's not clear to me yet that this is really a problem as nothing's been noticed. But, it does concern me, plus it's extra noise in the log files. Now you could fix that by making everyone's primary group some group that is defined for the purpose of making samba shut up, but then you'd run into this nice issue that using secondary groups in samba with an LDAP backend on recent patchlevels is broken. As a more helpful note, how does using nscd affect your performance issues? -- Paul Gienger Office: 701-281-1884 Applied Engineering Inc. Information Systems Consultant Fax:701-281-1322 URL: www.ae-solutions.commailto: [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] msaccess db corruption
On Sunday 19 September 2004 03:33, Ilia Chipitsine wrote: > > Ok, I've tried all the "common" fixes, such as turning oplocks off on the > > share. Twice a day the database has to be repaired. > > > > running samba-3.0.7-2.FC2 > > > > Here's the pertinent section: > > > > comment = Aeries > > path = /home/aeries > > valid users = @aeries > > read only = No > > create mask = 0770 > > directory mask = 0770 > > inherit permissions = Yes > > veto oplock files = /*.mdb/*.ldb/*.mdw/*.dbf/*.dat/*.fpt > > oplocks = No > > level2 oplocks = No > > > > Any ideas? Unforunately killing off msaccess is not an option. > > there's a special quirk for MS Access described in Samba-Official-Howto > > but the question is: why special handling required for Samba and is not > required for w2k server ? can samba detect this situation "on the fly" ? > just like the way w2k server does ? No, w2k does NOT auto-detect any locking requirements for MS Access. Suggest you check the MS knowledge base references in Samba-Guide.pdf Appendix 8.1. - John T. > > > -- > > Jefferson K. Davis > > Technology and Information Systems Manager > > Standard School District > > 1200 North Chester Ave > > Bakersfield, CA 93308 > > USA > > 661-392-2110 ext 120 > > > > > > -- > > To unsubscribe from this list go to the following URL and read the > > instructions: http://lists.samba.org/mailman/listinfo/samba -- John H Terpstra Samba-Team Member Phone: +1 (650) 580-8668 Author: The Official Samba-3 HOWTO & Reference Guide, ISBN: 0131453556 Samba-3 by Example, ISBN: 0131472216 Hardening Linux, ISBN: 0072254971 OpenLDAP by Example, ISBN: 0131488732 Other books in production. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] suggestion to Samba-Official-Howto (name resolution order on Windows)
On Sunday 19 September 2004 02:43, Ilia Chipitsine wrote: > Dear Sirs, > > as for Howto released with samba-3.0.7 (11th sept. 2004) > > (page 105 of supplied PDF) > > 9.3.2 TCP/IP without NetBIOS > > the name resolution order mentioned there is incorrect, because actual > name resolution order depends on netbios-node-type When NetBIOS is not used there is no netbios-node-type. But you are completely correct to point out that this documentation is deficient, it is important to discuss node-type and somehow that escaped from being documented - bad booboo on my part. Thank-you. It is being updated now. > > also, it is not correct to say "C:\Windows NT\System32\Drivers\etc", > > %SystemRoot%\System32\Drivers\etc is correct Again, you are correct. This change has been made now. Thank-you. - John T. -- John H Terpstra Samba-Team Member Phone: +1 (650) 580-8668 Author: The Official Samba-3 HOWTO & Reference Guide, ISBN: 0131453556 Samba-3 by Example, ISBN: 0131472216 Hardening Linux, ISBN: 0072254971 OpenLDAP by Example, ISBN: 0131488732 Other books in production. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] samba w/ ldap - groups scalability and performance
I am having problems with samba and ldap as concerns groups. We have two central LDAP servers which we use for authentication for many different applications, samba being just one of those. The LDAP servers are Solaris servers running Directory Server v5.2. Our PDC is running samba 3.0.7 on linux. There are several file servers, but the main ones are running samba 3.0.7 on solaris and all authentication goes through the PDC with ldapsam backend. The problem first appeared for us with 3.0.6 this fall, though we might have been noticing the start of this problem with 3.0.4 last May but never isolated it before all our users left for the summer. The PDC appears to request ALL groups from LDAP, using the search (objectclass=sambaGroupMapping). In our case, this is nearly 14,000 entries and it can take almost 10 minutes to retrieve those from LDAP when there are hundreds trying at once. Indexing doesn't help in this case because samba is asking for ALL groups. Our first day of class here was very VERY BAD as hundreds of users tried to login to our labs each hour :( As a stop-gap measure, I modified samba to request only groups where the gidNumber was less than 1000 - the LDAP filter is now (&(objectclass=sambaGroupMapping)(gidNumber<=999)). My rationale is that groups above 1000 are the individual user private groups, ala Red Hat style. And, it's not likely one would want to setup permissions on windows shares using that, the user could be used instead. Groups under 1000 are true groups as unix has traditionally used them. This resolved our login issues and got our labs functional again but now I'm getting the message: rpc_server/srv_util.c:get_domain_user_groups(376) get_domain_user_groups: primary gid of user [gray-00] is not a Domain group ! get_domain_user_groups: You should fix it, NT doesn't like that in the logs. This is correct because I'm no longer allowing samba to find the users primary group. It's not clear to me yet that this is really a problem as nothing's been noticed. But, it does concern me, plus it's extra noise in the log files. Is there any way to make samba do a more targeted lookup of groups, perhaps only those groups where the user is a member? -- Marlys A. Nelson Sr. Network Specialist Information Technology Services Network Services University of Wisconsin - River Falls 715/425-4357 410 South Third StreetEmail: [EMAIL PROTECTED] River Falls WI 54022http://www.uwrf.edu/ -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] cp input/output error
Hi I have been getting random input/oput error when trying to cp a ISO (100mb) to a samba mount point. I get the same random error when I try to cp a txt file over too. cp: writing `/public/cd.iso': Input/output error my fstab: //fserv/public /public smbfs fmask=666,username=,password= 1 Thanks, Liming -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Re: Samba Configuration Options for small 2-3 person office?
On Sun, Sep 19, 2004 at 02:28:22AM -0500, W. D. wrote: > After 'make install', this appears: > > l samba configuration options qk > x x > x Please select desired options: x > x lqqk x > x x [ ] syslog With syslog support x x > x x [ ] ssl With ssl supportx x > x x [ ] ldap With LDAP2 support x x > x x [ ] nocups Without CUPSx x > x x [ ] acl With ACL supportx x > x x [ ] utmp With UTMP support x x > x x [ ] msdfsWith MSDFS support x x > x x [ ] quotaWith Quota support x x > x x [ ] recycle With Recycle Binx x > x x [ ] auditWith Audit x x > x x [ ] winbind With Winbindx x > x x [ ] wbauth With Winbind Auth Challenge x x > x mqqj x > tqqu > x[ OK ] Cancel x > mqqj > > Which should be checked? The answer to that depends very much on your environment and what you are trying to do with Samba. However, the rules of thumb are: * If you don't know what an option does leave it on the default setting. * Don't turn on anything unless you actually need that functionality. All of those options switch on or off corresponding optional parts of the Samba suite -- refer to the documentation supplied with the Samba sources and on the http://www.samba.org/ website to find out what they all do and to if you need them. Be prepared to iterate through re-building the port a few times until you get the settings right -- use the command 'make configure' to change the settings, as you won't automatically get that pop-up again once you've been through it once. Cheers, Matthew -- Dr Matthew J Seaman MA, D.Phil. 26 The Paddocks Savill Way PGP: http://www.infracaninophile.co.uk/pgpkey Marlow Tel: +44 1628 476614 Bucks., SL7 1TH UK pgpdTl9YwmdHP.pgp Description: PGP signature -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba Script?
Shahid Hussain schrieb: Good Evening :) I wanted to know is it possible to write a script to alert me by email if anyone accessed to Samba. For example: 192.168.0.2 and 192.168.0.3 allowed to access to samba network (I wont get a alert). Any IP apart from 192.168.0.2 / 192.168.0.3 then it will alert me. You can take a look at smbstatus and Perl. matze -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Re: Samba Script?
Gee, sure you don't just want IPTables on your server protecting the services on the server? Let a firewall be a firewall, and the file/print server to be a file/print server? You could have it email if specifically for the rule of bad IP's trying to get to Samba... but since it would block it for you would you really need the email vs just checking your logs now and then to see what you didn't have to worry about since it took care of it for you? -- Michael Lueck Lueck Data Systems Remove the upper case letters NOSPAM to contact me directly. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] smbmount hanging
Hi Please please can someone shed some light on this one. I have mounted some windows 2003 shares onto the my linux box, Supermicro dual xeon running fedora core 2 samba 3.0.6 using smbmount and quite often the shares will die or just hang when there is a lot of activity on them. Does anyone have any idea how to stop this happening? The errors that I get in smbmount.log is the following... tdb_lock failed on list 112 ltype=1 (bad file descriptor) Cheers Paul -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] change samba access password
Hi, i strongly recommened to go to samba 3.07 for security reasons and many bugs solved. 2.2.1 can be seen as totally outdated , so it makes no sense to strugle with bugs Regards tecnobitpa schrieb: Hi, I ask an, elementary for you, but important for me beginner, problem. I have samba 2.2.1 with w98 SE client (suse 7.3 system as PDC). I set unix passwd sync parameter to yes, security to user (smb.conf). If i set the dead time of password of the system to 90 days and alert time to 7 days, How the samba, or the system, can comunicate to win98 the password alert? how can i change the password from w98? wich password the system password or the samba password? Thank you for the answers. Antonio -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba Configuration Options for small 2-3 person office?
Hi, i never seen this , cause i am installing from bins, but you can do it all without nocups cause using this parameters later depends only on your entries in the smb.conf, but it will be nice to have the choice. Regards W. D. schrieb: After 'make install', this appears: l samba configuration options qk x x x Please select desired options: x x lqqk x x x [ ] syslog With syslog support x x x x [ ] ssl With ssl supportx x x x [ ] ldap With LDAP2 support x x x x [ ] nocups Without CUPSx x x x [ ] acl With ACL supportx x x x [ ] utmp With UTMP support x x x x [ ] msdfsWith MSDFS support x x x x [ ] quotaWith Quota support x x x x [ ] recycle With Recycle Binx x x x [ ] auditWith Audit x x x x [ ] winbind With Winbindx x x x [ ] wbauth With Winbind Auth Challenge x x x mqqj x tqqu x[ OK ] Cancel x mqqj Which should be checked? Thanks for your help!!! Start Here to Find It Fast!™ -> http://www.US-Webmasters.com/best-start-page/ $8.77 Domain Names -> http://domains.us-webmasters.com/ -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba Script?
hi, there are many ways to implement such script, ie. i have done a dos script at netlogon which checks the ip and does not install printers for vpn users. But there should be a way with root exec and perl too directly in share. Checking samba log by cron should be work too. ( cause normally you have there a file for each ip ) grep them, compare them to your list of wanted ips and mail it out. Perhaps somebody has done such scripts before on the list an can help you out. Regards Shahid Hussain schrieb: Good Evening :) I wanted to know is it possible to write a script to alert me by email if anyone accessed to Samba. For example: 192.168.0.2 and 192.168.0.3 allowed to access to samba network (I wont get a alert). Any IP apart from 192.168.0.2 / 192.168.0.3 then it will alert me. thanks. Shahid -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] msaccess db corruption
Ok, I've tried all the "common" fixes, such as turning oplocks off on the share. Twice a day the database has to be repaired. running samba-3.0.7-2.FC2 Here's the pertinent section: comment = Aeries path = /home/aeries valid users = @aeries read only = No create mask = 0770 directory mask = 0770 inherit permissions = Yes veto oplock files = /*.mdb/*.ldb/*.mdw/*.dbf/*.dat/*.fpt oplocks = No level2 oplocks = No Any ideas? Unforunately killing off msaccess is not an option. there's a special quirk for MS Access described in Samba-Official-Howto but the question is: why special handling required for Samba and is not required for w2k server ? can samba detect this situation "on the fly" ? just like the way w2k server does ? -- Jefferson K. Davis Technology and Information Systems Manager Standard School District 1200 North Chester Ave Bakersfield, CA 93308 USA 661-392-2110 ext 120 -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Problems with 'ntlm_auth --require-membership-of' (samba: message 1 of 10) using Samba 3.0.6
Andrew, I didn't have the time to compile and test the pre-3.0.7 releases, but just did some testing on the 3.0.7 release and it looks good. The ntlm_auth "--require-membership-of" option appears to work as expected. This will make it really easy to use squid in fairly sophisticated access policy. Thanks for your help, -- Matt Doran PaperCut Software Pty. Ltd. Web: http://www.papercut.biz Blog:http://blogs.papercutsoftware.com/matt.doran/ Andrew Bartlett - [EMAIL PROTECTED] wrote: On Tue, 2004-09-07 at 23:08, Matt Doran wrote: Hi there, I'm trying to configure Squid to use a windows domain for authentication, and all goes well until I add the "--require-membership-of" option on ntlm_auth. I need to restrict access based on group membership, however ntlm_auth does not seem to be behaving correctly. I'm using Samba 3.0.6 on Debian and I'm using a Windows 2000 (SP4) Domain Controller. I configured winbind as discussed here: http://www.squid-cache.org/Doc/FAQ/FAQ-23.html#ss23.5 ntlm_auth seems to report the membership of some groups correctly, but incorrectly for others. You are actually lucky it didn't segfault. There are a number of logic bugs, the fixes for which I think didn't make 3.0.6. Try current SVN, but I suspect we might need some extra code to correctly pick up the universal groups. (We know how to do it, so it's a simple matter of programming - bug #1562.) Andrew Bartlett -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] suggestion to Samba-Official-Howto (name resolution order on Windows)
Dear Sirs, as for Howto released with samba-3.0.7 (11th sept. 2004) (page 105 of supplied PDF) 9.3.2 TCP/IP without NetBIOS the name resolution order mentioned there is incorrect, because actual name resolution order depends on netbios-node-type also, it is not correct to say "C:\Windows NT\System32\Drivers\etc", %SystemRoot%\System32\Drivers\etc is correct Cheers, Ilia Chipitsine -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] change samba access password
Hi, I ask an, elementary for you, but important for me beginner, problem. I have samba 2.2.1 with w98 SE client (suse 7.3 system as PDC). I set unix passwd sync parameter to yes, security to user (smb.conf). If i set the dead time of password of the system to 90 days and alert time to 7 days, How the samba, or the system, can comunicate to win98 the password alert? how can i change the password from w98? wich password the system password or the samba password? Thank you for the answers. Antonio -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Samba Configuration Options for small 2-3 person office?
After 'make install', this appears: l samba configuration options qk x x x Please select desired options: x x lqqk x x x [ ] syslog With syslog support x x x x [ ] ssl With ssl supportx x x x [ ] ldap With LDAP2 support x x x x [ ] nocups Without CUPSx x x x [ ] acl With ACL supportx x x x [ ] utmp With UTMP support x x x x [ ] msdfsWith MSDFS support x x x x [ ] quotaWith Quota support x x x x [ ] recycle With Recycle Binx x x x [ ] auditWith Audit x x x x [ ] winbind With Winbindx x x x [ ] wbauth With Winbind Auth Challenge x x x mqqj x tqqu x[ OK ] Cancel x mqqj Which should be checked? Thanks for your help!!! Start Here to Find It Fast! -> http://www.US-Webmasters.com/best-start-page/ $8.77 Domain Names -> http://domains.us-webmasters.com/ -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba