[Samba] This is an alert from eSafe GW from Vossloh in Luedenscheid

2004-09-29 Thread eSafe_vossloh_lued
*** eSafe GW on Vossloh Luedenscheid detected a hostile content in this email. ***


Time: 09:04:01 09/29/04
Scan result: Mail modified to remove malicious content
Protocol: SMTP in
File Name / Mail Subject: mail_1096118602
Source: [EMAIL PROTECTED]
Destination: [EMAIL PROTECTED]
Details: document.pif   Infected with Win32.Mydoom.t (Non-Removable), Blocked 
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba


[Samba] How to assign a change file permission

2004-09-29 Thread mic chan
Dear ALL : I'm a school system administrator , I want use samba to create a share for 
students can submit their execise or exam file, after the submition, student cannot 
change/delete file, but UNIX only provide write and read file permissions , how to 
config the SAMBA to doing this function.
 
THANKS
 


-
 email 
 Yahoo! Messenger
http://messenger.yahoo.com.hk
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba


Re: [Samba] How to assign a change file permission

2004-09-29 Thread Gmes Gza
mic chan rta:
Dear ALL : I'm a school system administrator , I want use samba to create a share for 
students can submit their execise or exam file, after the submition, student cannot 
change/delete file, but UNIX only provide write and read file permissions , how to 
config the SAMBA to doing this function.
THANKS

-
 email 
 Yahoo! Messenger
http://messenger.yahoo.com.hk
 

What you seems to want is called drop in folder in MacOS/Netatalk parlance.
IMHO it could be a lot easier implemented by using a ftp server (e.g 
proftpd), with upload folders.

Cheers,
Geza
--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba


Re: [Samba] Re: Windows XP - Explorer crashes when I try to open a file on a Samba share

2004-09-29 Thread Holger Krull
Any insight as to what the kernel problem was? Since it's a Gentoo system,
I did compile the kernel myself. I'd hate to file a bug if it was simply
me making a boneheaded mistake...
I don't know what the specific problem is. But there has to be a 
solution as my kernel (Suse 2.4.21-243) has no problems with sendfile.

--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba


[Samba] security in samba

2004-09-29 Thread Shashi Kanth Boddula
Hi,  
 In my company , we have 25 HP printers at different floors. All 
printesr are configured on  One Linux  Machine. Each printer has one 
administrator. My  task is share the printer to that  particular 
administrator.  
 For example if i have 2 printers  ( HP1  and HP2) , i want to share

HP1 printer to only 192.168.0.1 and HP2 printer to only 192.168.0.2.  
   If we use  host  allow  host deny in global  { or  (or) and } shared

section, the behaviour is not meets my requirement.  
   if use valid users  in shared section, it's not working properly. On
windows, when i connect with valid username and passwd , it gives a
credentials conflict error. 
   Please , can any one give suggestions on this.  
  
  
Regards,  
shashi kanth  

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba


Réf. : [Samba] security in samba

2004-09-29 Thread stephane . purnelle




Could you explain more ?

One people can access to one printer or each printer are one adminitrator
and other people can just print ?
else there are the printer admin parameter

---
Stéphane PURNELLE [EMAIL PROTECTED]
Service Informatique   Corman S.A.   Tel : 00 32 087/342467


|-+-
| |   Shashi Kanth Boddula [EMAIL PROTECTED]  |
| |   Envoyé par :  |
| |   [EMAIL PROTECTED]|
| |   s.samba.org   |
| | |
| | |
| |   29/09/2004 14:57  |
| | |
|-+-
  
---|
  |
   |
  |Pour :   [EMAIL PROTECTED]
   |
  |cc :
   |
  |Objet :  [Samba] security in samba  
   |
  
---|




Hi,
 In my company , we have 25 HP printers at different floors. All
printesr are configured on  One Linux  Machine. Each printer has one
administrator. My  task is share the printer to that  particular
administrator.
 For example if i have 2 printers  ( HP1  and HP2) , i want to share

HP1 printer to only 192.168.0.1 and HP2 printer to only 192.168.0.2.
   If we use  host  allow  host deny in global  { or  (or) and } shared

section, the behaviour is not meets my requirement.
   if use valid users  in shared section, it's not working properly. On
windows, when i connect with valid username and passwd , it gives a
credentials conflict error.
   Please , can any one give suggestions on this.


Regards,
shashi kanth

--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba



--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba


[Samba] Re: {Virus?} {Spam?} Mail Delivery (failure doris.pedersen@hallstahammar.se)

2004-09-29 Thread Doris Pedersen
Jag har semester v. 40.

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba


[Samba] Re: winbind error message: krb5_cc_get_principal failed (No such file or directory)

2004-09-29 Thread xmanbadung
Hi Jan,
You must have Heimdal and related deps that support ArcFour HMAC/MD5.
Input Administrator or equal level at kinit user.
join to ADS
and start winbind and smb, nsswitch already set of course.
I had same problem and it solved when I rename my machine with other 
name and rejoin to domain.

Cheers
xBadung
Jan Appenroth wrote:
Hello List,
I successfully joined a Suse 9.0 Server with Samba 3.0.6 to a W2K3 DC, 
following the guide from  http://www.wlug.org.nz/ActiveDirectorySamba

My setup seems to work okay, but whenever I start/restart winbind, I get 
the following message:

[2004/09/24 10:26:54, 1] nsswitch/winbindd.c:main(854)
 winbindd version 3.0.6-SUSE started.
 Copyright The Samba Team 2000-2004
[2004/09/24 10:26:55, 1] libsmb/clikrb5.c:ads_krb5_mk_req(313)
 krb5_cc_get_principal failed (No such file or directory)

What does that mean? It does not tell which file/directory is missing. 
Is there something wrong in my Kerberos setup?
As mentioned above, everything seems to work, I joined the domain and 
after some additions to my pam modules I could authenticate domain users 
to the linux machine.

At first there were problems with lost connections to the DC, but 
after deactivating smb signing at the DC those problems vanished.

Output of wbinfo -t|u|g and so on also seems fine.
Yet this kerberos error message pesists.
Just wondering...
Thanks,
Jan

--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba


Re: [Samba] Cannot get HP1055CM Color Plotter to work with Point and Click

2004-09-29 Thread Marcus White
Yes... All of these steps were performed. Before loading the drivers.
Were the drivers for your plotter loaded directly on the Windows
Workstation?

Marcus O.


On Thu, 2004-09-23 at 08:33, Olaf Eichhorn wrote:
 Hi Marcus,
 
 Is Your printqueue raw? You have to create one for Yoour Printer. I
 choosed swat to do that.
 Than You have to edit two files to allow unknown type of data to be
 printed via cups.
 
 I found this in the mailing list archive
 
 1.  Edit /etc/cups/mime.types to uncomment the line near the end
 of the
 file that has:
 #application/octet-stream
 
 
 2.  Do the same for the file /etc/cups/mime.convs.
 
 
 3.  Add a raw printer using the Web interface. Point your
 browser at
 http://localhost:631. Enter Administration, add the printer following the
 prompts. Do not install any drivers for it. Choose Raw. Choose queue
 name Raw
 
 
 It worked perfect for our HP 450C HPGL plotter.
 
 Olaf

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba


[Samba] sambaPwdMustChange not properly set with smbldap

2004-09-29 Thread [EMAIL PROTECTED]
I'm using samba 3.0.6 on fedora core 1 with LDAP enabled and smbldap-tools.

When I change a user password with smbldap-passwd username, i find that
sambaPwdMustChange attribute is correctly set to 30 days later as set in
smbldap_conf.

But, if I try to change password from any Win2000 or WinXP client with
CTRL+ALT+CANC -- CHANGE PASSWORD i notice that sambaPwdMustChange attribute is
always set to 2147483647.

I have tryed different setups in smb.conf but nothing has changed.

Here is last config.

   security = user
 
 
 
  password level = 8
  username level = 8
  encrypt passwords = yes
  smb passwd file = /etc/samba/smbpasswd
  
  

  passdb backend = ldapsam:ldap://localhost; smbpasswd
  ldap suffix = dc=myfactory,dc=mycountry
  ldap admin dn = cn=Manager,dc=myfactory,dc=mycountry
  ldap ssl = no
  ldap group suffix = ou=Group
  ldap machine suffix = ou=Machine
  ldap user suffix = ou=People
   
 

  passwd program = /usr/local/sbin/smbldap-passwd.pl -u %u
  passwd chat = *new*password* %n\n *Retype*new*password* %n\n *successfully*
  passwd chat debug = yes
  #unix password sync = Yes
  ldap passwd sync = yes
  admin users = root, administrator
 
 
 
  add user script = /usr/local/sbin/smbldap-useradd.pl -a
  delete user script = /usr/local/sbin/smbldap-useradd.pl -d
  add group script = /usr/local/sbin/smbldap-useradd.pl -a -g
  delete group script = /usr/local/sbin/smbldap-useradd.pl -d -g
  add user to group script = /usr/local/sbin/smbldap-useradd.pl -j -u
  delete user from group script = /usr/local/sbin/smbldap-useradd.pl -j -u
  set primary group script = /usr/local/sbin/smbldap-useradd.pl -m -u
  add machine script = /usr/local/sbin/smbldap-useradd.pl -a -m
#  unix password sync = Yes
#  passwd program = /usr/bin/passwd %u
#  passwd chat = *New*UNIX*password* %n\n *ReType*new*UNIX*password* %n\n
*passwd:*all*authentication*tokens*updated*successfully*

Any idea?

thanks!

ciao

luca




Libero ADSL Free - Velocita' 1280 Kbit/s, attivazione e traffico 2004 gratis!
Abbonati su http://www.libero.it 


--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba


[Samba] Puzzle -- Logon/Login from Windows XP

2004-09-29 Thread AndyLiebman
I hope somebody can help me with this. I posed this question a week ago and 
got several well-meaning answers that were not very helpful. 

I have 10 Windows XP workstations and 100 users. Each of the 100 users has an 
account on my Samba server (running Samba 3.03  on Mandrake Linux 10). 

Each user has several shares on the Samba server which are unique to that 
user. In other words, only THAT user can access his/her shares, and THAT user has 
read/write priviledges for those shares. 

BTW,  I define each user's shares by listings in smb.username.conf files 
and the include=smb.%U.conf option (I may have that backwards it may be 
username.smb.conf and include=%U.smb.conf, I have it right on my server.) 

The problem is, I need each of my 100 users to be able to logon to the Samba 
server (with READ/WRITE access to their own shares) from any of the 10 Windows 
XP workstations. It's not a problem if the user has an account on the XP 
machine that matches the username and password on the Linux Samba server. 

But users don't have their own machines and it's impractical to create 100 
user accounts on EACH Windows XP workstation. Especially when the list of users 
changes every few months. 

So my question is, how can those 100 users logon to the Samba server from ANY 
workstation without having an account on the Windows XP workstation that 
matches their username/password on the Samba server? 

I have a clumsy workaround right now, but I need something better. This is 
what I can do now:  

-- I have a Samba share that is accessible to everyone. 
-- In Windows XP, if I map network drive on that share and select connect 
using different username, I get an opportunity to enter the username and 
password for the specific user. 
-- Once the Windows XP machine connects to the Samba server, the Samba server 
knows who the user is and displays a list of the user's own unique shares 
-- which can then be mapped as well. 

The thing that's awkward about this technique, however, is that I'm having to 
map a public share JUST to communicate to the Samba server the username and 
password. 

Isn't there a way to get the Samba server to ask for a username and password 
when the user clicks on the name of the Samba server in Explorer? 

That's what happens when I click on the name of a Windows XP machine (XP 
Machine 1) from another Windows XP machine (XP Machine 2) when I'm logged on to 
Machine 2 with a username and password that does not match an account on XP 
Machine 1.  I get a dialog box asking for a username and password. If I enter a 
username that has an account on the first machine -- and the matching password 
-- I connect and get read/write access to all shared drives and folders. 

I want to get the same dialog box when I click on the Linux Samba server. But 
how? 

Thanks in advance for the help. 

Regards, 
Andy Liebman
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba


Réf. : [Samba] Puzzle -- Logon/Login from Windows XP

2004-09-29 Thread stephane . purnelle




I think that for resolve your problem, you configure samba for become PDC
and connect all WINDOWS XP workstations to domain.

---
Stéphane PURNELLE [EMAIL PROTECTED]
Service Informatique   Corman S.A.   Tel : 00 32 087/342467


|-+-
| |   [EMAIL PROTECTED]   |
| |   Envoyé par :  |
| |   [EMAIL PROTECTED]|
| |   s.samba.org   |
| | |
| | |
| |   29/09/2004 11:57  |
| | |
|-+-
  
---|
  |
   |
  |Pour :   [EMAIL PROTECTED]  
   |
  |cc :
   |
  |Objet :  [Samba] Puzzle --  Logon/Login from Windows XP 
   |
  
---|




I hope somebody can help me with this. I posed this question a week ago and

got several well-meaning answers that were not very helpful.

I have 10 Windows XP workstations and 100 users. Each of the 100 users has
an
account on my Samba server (running Samba 3.03  on Mandrake Linux 10).

Each user has several shares on the Samba server which are unique to that
user. In other words, only THAT user can access his/her shares, and THAT
user has
read/write priviledges for those shares.

BTW,  I define each user's shares by listings in smb.username.conf files
and the include=smb.%U.conf option (I may have that backwards it may be
username.smb.conf and include=%U.smb.conf, I have it right on my
server.)

The problem is, I need each of my 100 users to be able to logon to the
Samba
server (with READ/WRITE access to their own shares) from any of the 10
Windows
XP workstations. It's not a problem if the user has an account on the XP
machine that matches the username and password on the Linux Samba server.

But users don't have their own machines and it's impractical to create 100
user accounts on EACH Windows XP workstation. Especially when the list of
users
changes every few months.

So my question is, how can those 100 users logon to the Samba server from
ANY
workstation without having an account on the Windows XP workstation that
matches their username/password on the Samba server?

I have a clumsy workaround right now, but I need something better. This is
what I can do now:

-- I have a Samba share that is accessible to everyone.
-- In Windows XP, if I map network drive on that share and select
connect
using different username, I get an opportunity to enter the username and
password for the specific user.
-- Once the Windows XP machine connects to the Samba server, the Samba
server
knows who the user is and displays a list of the user's own unique shares

-- which can then be mapped as well.

The thing that's awkward about this technique, however, is that I'm having
to
map a public share JUST to communicate to the Samba server the username and

password.

Isn't there a way to get the Samba server to ask for a username and
password
when the user clicks on the name of the Samba server in Explorer?

That's what happens when I click on the name of a Windows XP machine (XP
Machine 1) from another Windows XP machine (XP Machine 2) when I'm logged
on to
Machine 2 with a username and password that does not match an account on XP

Machine 1.  I get a dialog box asking for a username and password. If I
enter a
username that has an account on the first machine -- and the matching
password
-- I connect and get read/write access to all shared drives and folders.

I want to get the same dialog box when I click on the Linux Samba server.
But
how?

Thanks in advance for the help.

Regards,
Andy Liebman
--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba



--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba


Re: [Samba] winbind stops responding

2004-09-29 Thread Hamish
Have you tried stopping nscd? I know it causes problems with winbind
Borut Kurnik wrote:
Hi! 

Windbind ocasionally stops responding. Both winbind processes
are still there, but eig. wbinfo -u returns Error looking up domain
users.
I've got to restart winbindd to reactivate it again. Nothing
in log.winbindd.
SuSE SLES-8 (fully updated)
samba3-3.0.7-13
winbind cache time = 180
Please, if You have any hints, ...
Thanks,
Borut
 

--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba


Re: [Samba] smbmount curiosity - cant mount share in rc.local

2004-09-29 Thread Hamish
No idea if it would work, but have you tried putting it in /etc/fstab?
Tomasz Chmielewski wrote:
Hello,
I would like to mount a certain share when the server is booted.
So I added the following line at the end of rc.local:
/bin/mount -t smbfs -o guest //backup/archiwizacja$ /mnt/archiwizacja
Interestingly, this doesn't mount anything, nothing is added to the 
logs either.

When I enter this line manually, after server is booted, it is mounted.
# mount -t smbfs -o guest //backup/archiwizacja$ /mnt/archiwizacja
# mount
(...)
//backup/archiwizacja$ on /mnt/archiwizacja type smbfs (0)
It makes no difference if I change the netbios name (backup) to IP 
address in this rc.local.

Of course rc.local is executed, as other programs from it are ran.
Any ideas?
Tomek
--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba


Re: [Samba] Puzzle -- Logon/Login from Windows XP

2004-09-29 Thread Holger Krull
So my question is, how can those 100 users logon to the Samba server from ANY 
workstation without having an account on the Windows XP workstation that 
matches their username/password on the Samba server? 
Why don't you want to creat a domain?
Isn't there a way to get the Samba server to ask for a username and password 
when the user clicks on the name of the Samba server in Explorer? 
The server can't ask the user for another username/password. It is a 
clients decision to ask the user for additional credentials. Unless you 
find out what specific setting triggers explorer to ask (null session, 
guest account settings or something, try ethereal) you are out of luck.

Maybe you write a script that mounts the shares with net use and give 
the samba username with /user:name * to ask for the password.


--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba


Re: [Samba] Cannot get HP1055CM Color Plotter to work with Point and Click

2004-09-29 Thread Olaf Eichhorn
Hi Marcus,
Were the drivers for your plotter loaded directly on the Windows
Workstation?
Yes, all printer drivers are installed locally on the win-clients. They 
print to an redirected lpt-port. (lpt2) This works perfect for our small 
organization.
e.g. The sambaqueue is \\sambaserver\HP450C
I use an script to redirect the lpt2 to the path above.

net use lpt2: \\sambaserver\HP450C /persistent:yes
You have to run the script only one time.
hope this helps
Olaf
--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba


Re: [Samba] Puzzle -- Logon/Login from Windows XP

2004-09-29 Thread AndyLiebman
 In a message dated 9/29/2004 6:20:07 AM Eastern Daylight Time, 
[EMAIL PROTECTED] 
 writes:

Thanks for the reply

 So my question is, how can those 100 users logon to the Samba server from 
ANY 
 workstation without having an account on the Windows XP workstation that 
 matches their username/password on the Samba server? 

 Why don't you want to creat a domain?

How do you define and create a domain? And is it difficult to maintain a 
domain as the users change? 

And what if the Samba server is just one of many servers on a network that 
might have other domains and domain servers? And what if the workstations have 
to access other domains? This is the sort of environment where my system has to 
work. 


 Isn't there a way to get the Samba server to ask for a username and 
password 
 when the user clicks on the name of the Samba server in Explorer? 

 The server can't ask the user for another username/password. It is a 
 clients decision to ask the user for additional credentials. Unless you 
 find out what specific setting triggers explorer to ask (null session, 
 guest account settings or something, try ethereal) you are out of luck.

 Maybe you write a script that mounts the shares with net use and give 
 the samba username with /user:name * to ask for the password.

Any clues about how to write that script. I'm not a samba expert. 
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba


Re: [Samba] WINBIND Problem.....

2004-09-29 Thread Hamish
Sorry for obvious question, but have you made sure that you have write 
permission to the directory you are trying to write to?

Travis Bullock wrote:
Hello again.
Still have not resolved this winbind issue, although it may not be winbind
at all.  The odd thing is, when I attempt to access a share on the Fedora C2
server running samba 3.x and winbind it will ask for a password.  If I enter
the wrong username and password, it will give me an invalid username or
password error. If I enter the correct username and password, it will give
me a Access Denied contact your
administrator...blah..blah...blahfollowed by a Network Path Not Found.
Any ideas out there?
Cheers,
Travis
 

--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba


Re: [Samba] Roaming Profiles:Samba PDC:WinXP:User must be local admin

2004-09-29 Thread Zach
Power Users is what I'm trying.  It seems that anything other than
Administrators has this problem


On Wed, 29 Sep 2004 09:44:33 +0600 (YEKST), Ilia Chipitsine
[EMAIL PROTECTED] wrote:

 maybe You should try Power Users instead of Local admin.

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba


Réf. : Re: Réf. : [Samba] Puzzle -- Logon/Login from Windows XP

2004-09-29 Thread stephane . purnelle




Configure samba for become a domain member of a domain ?
or make samba as a domain controler and configure trusting account

---
Stéphane PURNELLE [EMAIL PROTECTED]
Service Informatique   Corman S.A.   Tel : 00 32 087/342467


   
  [EMAIL PROTECTED] 
  com  Pour :   [EMAIL PROTECTED]
   cc :
  29/09/2004 12:46 Objet :  Re: Réf. : [Samba] Puzzle --  
Logon/Login from Windows  XP
   
   




 In a message dated 9/29/2004 6:10:14 AM Eastern Daylight Time,
 [EMAIL PROTECTED] writes:

I think that for resolve your problem, you configure samba for become PDC
and connect all WINDOWS XP workstations to domain.

Thanks for the reply.

How do you define and create a domain? And is it difficult to maintain a
domain as the users change?

And what if the Samba server is just one of many servers on a network that
might have other domains and domain servers? And what if the workstations
have
to access other domains? This is the sort of environment where my system
has to
work.



--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba


Re: [Samba] Re: Public share

2004-09-29 Thread Barbara M.
On Tue, 28 Sep 2004, Igor Belyi wrote:

 Barbara M. wrote:
  How can I have a public area with no user/pass access on a smb server that 
  do NOT use security = share?
 
 You will need 'guest ok = Yes' added for your share.

Tried without success.

Seems that using security = user I can't have a public share. 
Why?

Regards, B.

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba


[Samba] samba settings for ldap

2004-09-29 Thread Ivan Porohov
I have compiled samba 3.0.2a with --with-ldapsam parameter on Solaris 9 server.
I set passdb backend = ldapsam:ldap://my server ip addr:port in smb.conf file. 
And after I restarted smbd daemon I get the message in log.smbd file:

  [2004/09/29 13:38:59, 0] passdb/pdb_interface.c:make_pdb_methods_name(514)
  No builtin nor plugin backend for ldapsam found
[2004/09/29 13:38:59, 1] passdb/pdb_interface.c:make_pdb_context_list(604)
  Loading ldapsam:ldap://my server ip addr:port failed!

Maybe someone know how to resolv this problem?
Thanks
--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba


Re: [Samba] Roaming Profiles:Samba PDC:WinXP:User must be local admin

2004-09-29 Thread Xavier
I not had this problem ,
samba 3.0.4

but I putted the line :
profile acls = Yes
in the GLOBAL section of smb.conf (not in the [profile] section)

XP

Selon Zach [EMAIL PROTECTED]:

 Power Users is what I'm trying.  It seems that anything other than
 Administrators has this problem


 On Wed, 29 Sep 2004 09:44:33 +0600 (YEKST), Ilia Chipitsine
 [EMAIL PROTECTED] wrote:

  maybe You should try Power Users instead of Local admin.
 
 --
 To unsubscribe from this list go to the following URL and read the
 instructions:  http://lists.samba.org/mailman/listinfo/samba



--
Xavier
mailto: [EMAIL PROTECTED]
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba


Re: [Samba] Roaming Profiles:Samba PDC:WinXP:User must be local admin

2004-09-29 Thread Zach
Unfortunately I don't have access to the SAMBA PDC (or win xp clients)
right now.  However the machine I'm on (RH9) has samba 2.2.x.  I
looked up smb.conf on this machine and the man page for smb.conf isn't
explicit about where profile acls = yes should go.  However, it does
list profile acls under service parameters vs. global parameters. 
Based on that, it seems like profile acls should not go under
[global].  However, I'll try anything so later today, I'll give it a
try and see if it works.

If anyone else following this thread gives it a try before then, let
us know how it works.  I'll post my smb.conf (as of last night) again
below.

[global]
netbios name = BABYLON
workgroup = CIVILIZATION
browseable = no
server string = Samba Server
log file = /var/log/samba/smbd.log
max log size = 50
security = user
smb passwd file = /etc/samba/smbpasswd
unix password sync = Yes
passwd program = /usr/bin/passwd %u
passwd chat = \
*password* %n\n \
*password* %n\n \
*successfully*
username map = /etc/samba/smbusers
# Most people will find that this option gives better performance.
# See speed.txt and the manual pages for details
   socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
local master = yes
os level = 64
domain master = yes 
preferred master = yes
domain logons = yes
logon path = \\%L\Profiles\%U
logon drive = M:
logon home = \\%L\%U
logon script = logon.cmd
wins support = yes
dns proxy = no 

[homes]
comment = Home Directories
path = /home/samba/share/%U
writeable = yes
create mode = 0600
directory mode = 0740
browseable = No

[netlogon]
comment = Network Logon Service
path = /home/samba/netlogon
browseable = no


[Profiles]
path = /home/samba/profiles
browseable = No
writeable = yes
profile acls = yes

[share]
path = /home/samba/share
writeable = yes
guest ok = no
create mode = 0660
directory mode = 0770
browseable = yes


On Wed, 29 Sep 2004 13:13:14 +0200, Xavier [EMAIL PROTECTED] wrote:
 I not had this problem ,
 samba 3.0.4
 
 but I putted the line :
 profile acls = Yes
 in the GLOBAL section of smb.conf (not in the [profile] section)
 
 XP
 
 Selon Zach [EMAIL PROTECTED]:
 
 
 
  Power Users is what I'm trying.  It seems that anything other than
  Administrators has this problem
 
 
  On Wed, 29 Sep 2004 09:44:33 +0600 (YEKST), Ilia Chipitsine
  [EMAIL PROTECTED] wrote:
 
   maybe You should try Power Users instead of Local admin.
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba


Re: [Samba] Roaming Profiles:Samba PDC:WinXP:User must be local admin

2004-09-29 Thread Zach
Unfortunately I don't have access to the SAMBA PDC (or win xp clients)
right now.  However the machine I'm on (RH9) has samba 2.2.x.  I
looked up smb.conf on this machine and the man page for smb.conf isn't
explicit about where profile acls = yes should go.  However, it does
list profile acls under service parameters vs. global parameters. 
Based on that, it seems like profile acls should not go under
[global].  However, I'll try anything so later today, I'll give it a
try and see if it works.

If anyone else following this thread gives it a try before then, let
us know how it works.  I'll post my smb.conf (as of last night) again
below.

[global]
netbios name = BABYLON
workgroup = CIVILIZATION
browseable = no
server string = Samba Server
log file = /var/log/samba/smbd.log
max log size = 50
security = user
smb passwd file = /etc/samba/smbpasswd
unix password sync = Yes
passwd program = /usr/bin/passwd %u
passwd chat = \
*password* %n\n \
*password* %n\n \
*successfully*
username map = /etc/samba/smbusers
# Most people will find that this option gives better performance.
# See speed.txt and the manual pages for details
   socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
local master = yes
os level = 64
domain master = yes 
preferred master = yes
domain logons = yes
logon path = \\%L\Profiles\%U
logon drive = M:
logon home = \\%L\%U
logon script = logon.cmd
wins support = yes
dns proxy = no 

[homes]
comment = Home Directories
path = /home/samba/share/%U
writeable = yes
create mode = 0600
directory mode = 0740
browseable = No

[netlogon]
comment = Network Logon Service
path = /home/samba/netlogon
browseable = no


[Profiles]
path = /home/samba/profiles
browseable = No
writeable = yes
profile acls = yes#added this line last night to no avail

[share]
path = /home/samba/share
writeable = yes
guest ok = no
create mode = 0660
directory mode = 0770
browseable = yes


On Wed, 29 Sep 2004 13:13:14 +0200, Xavier [EMAIL PROTECTED] wrote:
 I not had this problem ,
 samba 3.0.4
 
 but I putted the line :
 profile acls = Yes
 in the GLOBAL section of smb.conf (not in the [profile] section)
 
 XP
 
 Selon Zach [EMAIL PROTECTED]:
 
 
 
  Power Users is what I'm trying.  It seems that anything other than
  Administrators has this problem
 
 
  On Wed, 29 Sep 2004 09:44:33 +0600 (YEKST), Ilia Chipitsine
  [EMAIL PROTECTED] wrote:
 
   maybe You should try Power Users instead of Local admin.
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba


Re: [Samba] Roaming Profiles:Samba PDC:WinXP:User must be local admin

2004-09-29 Thread Ilia Chipitsine
ok, just to make it clean.
what do You mean by Local admins ?
1) domain user (or domain group, or even Everyone added to local
group Administrators ?
2) local user added to local group Administrators ?
Power Users is what I'm trying.  It seems that anything other than
Administrators has this problem
On Wed, 29 Sep 2004 09:44:33 +0600 (YEKST), Ilia Chipitsine
[EMAIL PROTECTED] wrote:
maybe You should try Power Users instead of Local admin.

--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba


Re: [Samba] Roaming Profiles:Samba PDC:WinXP:User must be local admin

2004-09-29 Thread Zach
Okay, sorry, it *is* starting to get a bit muddy.

To clear it up:
If a domain user is added to the Administrators group on the client
(ie local) win xp mahine, then their is no problem.

If the user is *not* part of the local Administrators group then the
profile doesn't load properly.

So:
Domain: CIVILIZATION
samba PDC: BABYLON
Win XP client:  TROY
Domain user: Zach
Local user: local_user

If CILIVLIZATION\Zach is added to TROY\Administrators, then no problem.
If CILIVLIZATION\Zach is removed from TROY\Administrators, then
profile doesn't load properly, even if CILIVLIZATION\Zach is a member
of TROY\Power Users or TROY\Users, etc.  (This applies to other domain
users as well, not just Zach).
Further, 
when TROY\local_user, logs on to TROY, then no problem, regardless of
group membership.

Hope this doesn't muddy things up further.

I know there are others out there exibiting this same problem.  Surely
there's someone who's seen it  solved it.

Thanks
Zach


On Wed, 29 Sep 2004 17:40:06 +0600 (YEKST), Ilia Chipitsine
[EMAIL PROTECTED] wrote:
 ok, just to make it clean.
 what do You mean by Local admins ?
 
 1) domain user (or domain group, or even Everyone added to local
 group Administrators ?
 
 2) local user added to local group Administrators ?
 
 
 
  Power Users is what I'm trying.  It seems that anything other than
  Administrators has this problem
 
 
  On Wed, 29 Sep 2004 09:44:33 +0600 (YEKST), Ilia Chipitsine
  [EMAIL PROTECTED] wrote:
 
  maybe You should try Power Users instead of Local admin.
 
 

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba


Re: [Samba] Strange behavior with file that have a .exe extension...

2004-09-29 Thread Simon Hobson
Kevin Riggins wrote:
I am running Samba 3.0.7 on a Redhat EL3 server.  Any action I attempt
with a file that has an .exe extension takes quite some time to occur.
For instance, a right-click to get properties menu takes 15 seconds,
when executing the file it takes 8-10 seconds to start, drag-and-drop
takes several seconds to start, etc.  If I rename the file to a
different extension or perform the same actions with another file type,
everything works just fine.
Just a thought, do you have any virus scanner installed that might be 
scanning the file when you access it ?

Simon
--
Simon Hobson MA MIEE, Technology Specialist
Colony Gift Corporation Limited
Lindal in Furness, Ulverston, Cumbria, LA12 0LD
Tel 01229 461100, Fax 01229 461101
Registered in England No. 1499611
Regd. Office : 100 New Bridge Street, London, EC4V 6JA.
--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba


[Samba] Re: Public share

2004-09-29 Thread Igor Belyi
Barbara M. wrote:
On Tue, 28 Sep 2004, Igor Belyi wrote:
Tried without success.
Ok, I forgot that 'public' and 'guest ok' are synonyms and you have it 
in your smb.conf...

Seems that using security = user I can't have a public share. 
Why?
At least I have them with security = user. I dumb question - does user 
'nobody' has access to the /home/Public directory?

Igor
--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba


Re: [Samba] RE: why does samba need anonymous access enabled on windows to join AD server?

2004-09-29 Thread Andreas
On Tue, Sep 28, 2004 at 01:17:06PM -0400, [EMAIL PROTECTED] wrote:
 I noticed when trying to use a windows active directory server for my
 password server that i cannot join the windows AD domain (using the net
 join command) unless the windows server has anonymous access enabled.
 Why is this? I am trying to join as administrator so why does it need
 anonymous?

I think you need to use kerberos, then it will work.

 smb.conf:
 [Global] parameters
 workgroup = MYDOMAIN
 wins support = Yes
 hosts allow = all
 encrypt passwords = Yes
 unix password sync = Yes
 passwd program = /usr/bin/passwd %u
 update encrypted = No
 lm announce = true
 log level = 2
 # for AD passwords
 #   password server = *
 password server = WINSERVER1 WINSERVER2
 security = domain
 [export]
 path = /export
 comment = export
 browseable = yes
 writable = yes
 read only = No
 public = No
 

Try to use security = ads and realm = YOUR.AD.REALM. Configure kerberos, grab a 
ticket
granting ticket (TGT) for the Administrator principal and you should be able to use 
net ads join

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba


[Samba] Samaba 3.0.4 on solaris 8 with winbind

2004-09-29 Thread Savage, Andrea Ms 902d MI
I have worked on getting the winbind portion of samba 3.0.4 to work 
for weeks now. I have had little success and need to seek help to 
resolve my issue. I am running samba on Solaris 8 box. My PDC/BDC is 
Window NT 4.0 and I'm running win2k pro on the pc(s).

  /'^'\
 ( o o )
-oOOO--(_)--OOOo--
  Andrea Savage
 IDC System Administrator
 
.oooO   
(   )   Oooo.
-\ ((   )---
  \_)) /
(_/


-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba


[Samba] Re: Roaming Profiles:Samba PDC:WinXP:User must be local admin

2004-09-29 Thread Igor Belyi
Zach wrote:
To clear it up:
Domain: CIVILIZATION
samba PDC: BABYLON
Win XP client:  TROY
Domain user: Zach
Local user: local_user
If CILIVLIZATION\Zach is added to TROY\Administrators, then no problem.
If CILIVLIZATION\Zach is removed from TROY\Administrators, then
profile doesn't load properly, even if CILIVLIZATION\Zach is a member
of TROY\Power Users or TROY\Users, etc.  (This applies to other domain
users as well, not just Zach).
Further, 
when TROY\local_user, logs on to TROY, then no problem, regardless of
group membership.
Just to give you some hope - I don't have this problem.
I have users which belong _only_ to Domain Users group and they have 
WinXP Theme loaded without a problem.

BTW, did you move those profiles from local profiles or other Domains or 
were they created when users first login into Domain? ACLs and ownership 
on files in the Roaming profiles are stored in NTUSER.DAT file which is 
a representation of user registry. To properly copy User Profiles you 
would need to use Window's System Properties/Advanced/User Profiles.

Igor
--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba


Re: [Samba] Re: Roaming Profiles:Samba PDC:WinXP:User must be local admin

2004-09-29 Thread Zach
You know you may have a point.  It's been a couple of years, but I
think the two accounts originally started out as local accounts.  I
don't remember how I moved them to the Samba server, if I did a
straight copy of the directory over the network or if I used the
System Properties/.../User Profiles mechanism.  Any idea how I can
fix that, or how I can properly re-create NTUSER.DAT?

On Wed, 29 Sep 2004 09:16:30 -0400, Igor Belyi
[EMAIL PROTECTED] wrote:

 
 Just to give you some hope - I don't have this problem.
 
 I have users which belong _only_ to Domain Users group and they have
 WinXP Theme loaded without a problem.
 
 BTW, did you move those profiles from local profiles or other Domains or
 were they created when users first login into Domain? ACLs and ownership
 on files in the Roaming profiles are stored in NTUSER.DAT file which is
 a representation of user registry. To properly copy User Profiles you
 would need to use Window's System Properties/Advanced/User Profiles.
 
 Igor
 

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba


Re: [Samba] Cannot enable Enable advanced printing features

2004-09-29 Thread Manuel Capinha
Well, since no one else knows what's going on I'm gonna take a look at
the source, and unless it's clearly stated there why this doesn't work
I'm try filling it as a bug.
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba


[Samba] rpcclient adddriver error

2004-09-29 Thread Kai Michael Poppe
Hello list,

slowly I am at the end of my wisdom ...

---
Problem: rpcclient -c'adddriver' won't add driver information
---
Symptoms: rpcclient (debug level 4) exits with:
[...]
lsa_io_sec_qos: length c does not match size 8
result was DOS code 0x0003
---
Syntax:
After shifting thru gigabyte of useless garbage mailling-list archives i
found the fitting part of a Samba-HOWTO:

rpcclient -U'root%{youdliketoknow}' -c'adddriver Windows NT x86
cnlbp4u:UNIDRV.DLL:CNLBP4U.GPD:UNIDRVUI.DLL:UNIDRV.HLP:NULL:RAW: \
UNIDRV.DLL,CNLBP4U.GPD,UNIDRVUI.DLL,UNIDRV.HLP,CNLBPRES.DLL, \
UNIRES.DLL,STDNAMES.GPD' LINUX -d 4

(the \ are used for readability) - and as you see, there are 7 semi-colons
seperating the files in the adddriver command.
---
Current configuration as thrown out by testparm:
Load smb config files from /etc/samba/smb.conf
Processing section [print$]
Processing section [netlogon]
Processing section [lbp4u]
Loaded services file OK.
Server role: ROLE_STANDALONE
Press enter to see a dump of your service definitions

# Global parameters
[global]
workgroup = POPPE
server string = Samba 3.0.7 Server
security = SHARE
map to guest = Bad User
null passwords = Yes
guest account = smbguest
username map = /etc/samba/smbusers
name resolve order = wins lmhosts bcast
time server = Yes
socket options = TCP_NODELAY IPTOS_LOWDELAY SO_RCVBUF=8192
SO_SNDBUF=8192
printcap cache time = 750
os level = 100
wins support = Yes
printer admin = @ntadmin, root
cups options = raw
[print$]
comment = Printer Drivers
path = /var/lib/samba/drivers
write list = @ntadmin, root
force group = ntadmin
create mask = 0664
directory mask = 0775
guest ok = Yes
[netlogon]
comment = NetLogon
path = /var/lib/samba/netlogon
browseable = No
[lbp4u]
comment = Canon LBP4U via AXIS
path = /var/tmp
printable = Yes
print command = lpr -r -P%p %s
---
Any Insight as to whats going wrong here would be very much appreciated !

Regards

Kai M Poppe
---
Debug Output from rpcclient -d 1024:
INFO: Current debug levels:
  all: True/1024
  tdb: False/0
  printdrivers: False/0
  lanman: False/0
  smb: False/0
  rpc_parse: False/0
  rpc_srv: False/0
  rpc_cli: False/0
  passdb: False/0
  sam: False/0
  auth: False/0
  winbind: False/0
  vfs: False/0
  idmap: False/0
  quota: False/0
  acls: False/0
added interface ip=192.168.0.3 bcast=192.168.0.255 nmask=255.255.255.0
Netbios name list:-
my_netbios_names[0]=LINUX
Connecting to host=LINUX
internal_resolve_name: looking up LINUX#20
Opening cache file at /var/lib/samba/gencache.tdb
Returning valid cache entry: key = NBT/LINUX#20, value = 192.168.0.3:0,
timeout = Wed Sep 29 15:19:54 2004

name LINUX#20 found.
Connecting to 192.168.0.3 at port 445
socket option SO_KEEPALIVE = 0
socket option SO_REUSEADDR = 0
socket option SO_BROADCAST = 0
socket option TCP_NODELAY = 1
socket option IPTOS_LOWDELAY = 16
socket option IPTOS_THROUGHPUT = 16
socket option SO_SNDBUF = 16384
socket option SO_RCVBUF = 16384
socket option SO_SNDLOWAT = 1
socket option SO_RCVLOWAT = 1
socket option SO_SNDTIMEO = 0
socket option SO_RCVTIMEO = 0
write_socket(4,183)
write_socket(4,183) wrote 183
got smb length of 89
size=89
smb_com=0x72
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=136
smb_flg2=51201
smb_tid=0
smb_pid=9203
smb_uid=0
smb_mid=1
smt_wct=17
smb_vwv[ 0]=7 (0x7)
smb_vwv[ 1]=12802 (0x3202)
smb_vwv[ 2]=  256 (0x100)
smb_vwv[ 3]= 1024 (0x400)
smb_vwv[ 4]=   65 (0x41)
smb_vwv[ 5]=0 (0x0)
smb_vwv[ 6]=  256 (0x100)
smb_vwv[ 7]=62464 (0xF400)
smb_vwv[ 8]=   35 (0x23)
smb_vwv[ 9]=64768 (0xFD00)
smb_vwv[10]=32995 (0x80E3)
smb_vwv[11]=0 (0x0)
smb_vwv[12]=35374 (0x8A2E)
smb_vwv[13]= 9958 (0x26E6)
smb_vwv[14]=50342 (0xC4A6)
smb_vwv[15]=34817 (0x8801)
smb_vwv[16]= 2303 (0x8FF)
smb_bcc=20
[000] C4 D1 5A C5 24 91 C1 12  50 00 4F 00 50 00 50 00  ÄÑZÅ$.Á. P.O.P.P.
[010] 45 00 00 00   E...
size=89
smb_com=0x72
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=136
smb_flg2=51201
smb_tid=0
smb_pid=9203
smb_uid=0
smb_mid=1
smt_wct=17
smb_vwv[ 0]=7 (0x7)
smb_vwv[ 1]=12802 (0x3202)
smb_vwv[ 2]=  256 (0x100)
smb_vwv[ 3]= 1024 (0x400)
smb_vwv[ 4]=   65 (0x41)
smb_vwv[ 5]=0 (0x0)
smb_vwv[ 6]=  256 (0x100)
smb_vwv[ 7]=62464 (0xF400)
smb_vwv[ 8]=   35 (0x23)
smb_vwv[ 9]=64768 (0xFD00)
smb_vwv[10]=32995 (0x80E3)
smb_vwv[11]=0 (0x0)
smb_vwv[12]=35374 (0x8A2E)
smb_vwv[13]= 9958 (0x26E6)
smb_vwv[14]=50342 (0xC4A6)
smb_vwv[15]=34817 (0x8801)
smb_vwv[16]= 2303 (0x8FF)
smb_bcc=20
[000] C4 D1 5A C5 24 91 C1 12  50 00 4F 00 50 00 50 00  ÄÑZÅ$.Á. P.O.P.P.
[010] 45 00 00 00   E...
Serverzone is -7200
write_socket(4,134)
write_socket(4,134) wrote 134
got smb length of 98
size=98
smb_com=0x73
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=136
smb_flg2=51201
smb_tid=0
smb_pid=9203

[Samba] Trust

2004-09-29 Thread opk Bronislav


Dear All, 
I want to make a trust between to Samba domains. I make all as is writed in
samba  documentation. But I alwais get a fail message when I want enstablish a
trust.

My steps:
Trusting domain is DOMA
Trusted domain is DOMB
1.  In trusted domain I create a unix user DOMA$
2.  In trusted domain I create a samba user:
  smbpasswd -a -i DOMA
3.  After then I trying create a trust from trusting domain with tjis command
net rpc trustdom establish DOMB

But I get an error Couldn't verify domain account. Error was
NT_STATUS_CANT_ACCESS_DOMAIN_INFO.

I don't know where is a fail.

Thanks, Sopik Brona
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba


Re: [Samba] Re: Can join domain, can't login -- LDAP PDC

2004-09-29 Thread Chris St. Pierre
Thanks.  The log is attached.

Chris St. Pierre
Unix Systems Administrator
Nebraska Wesleyan University
402.465.7549


On Tue, 28 Sep 2004, Igor Belyi wrote:

Chris St. Pierre wrote:
 nscd doesn't appear to be running:
 
 # ps -ef | grep nscd | grep -v grep

Ok, my guess was wrong. :o)

 Also, it doesn't seem like that explanation would jive with the errors
 smbd is throwing.  Or am I missing something?

You've shown that Samba got Signal 11 which can mean almost any internal
problem. The interesting part of the log is what happens _before_ Signal 11
was thrown.

I don't have Samba 2.2.9 installed by I can load and look into its code for
you if you give me your 'log level=10' trace from the moment of login to the
first Signal 11 in pid.

Igor

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

  ldap_connect_system: Binding to ldap server as cn=directory manager
[2004/09/28 17:50:19, 0] lib/fault.c:fault_report(38)
  ===
[2004/09/28 17:50:19, 0] lib/fault.c:fault_report(39)
  INTERNAL ERROR: Signal 11 in pid 19109 (2.2.9)
  Please read the file BUGS.txt in the distribution
[2004/09/28 17:50:19, 0] lib/fault.c:fault_report(41)
  ===
[2004/09/28 17:50:19, 0] lib/util.c:smb_panic(1094)
  PANIC: internal error
[2004/09/29 10:35:29, 1] lib/debug.c:debug_message(258)
  INFO: Debug class all level = 10   (pid 8748 from pid 8748)
  doing parameter ldap server = newman.nebrwesleyan.edu
  doing parameter ldap port = 389
  doing parameter ldap suffix = o=NebrWesleyan.edu,o=isp
  doing parameter ldap filter = ((uid=%u)(objectclass=sambaAccount))
  doing parameter ldap admin dn = cn=directory manager
  doing parameter ldap ssl = off
  doing parameter netbios name = testerator
[2004/09/29 10:35:29, 4] param/loadparm.c:handle_netbios_name(2352)
  handle_netbios_name: set global_myname to: TESTERATOR
  doing parameter workgroup = NWU_TEST
  doing parameter browseable = yes
  doing parameter wins server = 10.9.1.12
[2004/09/29 10:35:29, 4] lib/wins_srv.c:wins_srv_load_list(139)
  wins_srv_load_list(): Building WINS server list:
  10.9.1.12,
  1 WINS server listed.
  doing parameter local master = yes
  doing parameter domain master = yes
  doing parameter preferred master = yes
  doing parameter domain logons = yes
  doing parameter security = user
  doing parameter domain admin group = root stpierre
  doing parameter add user script = /usr/local/sbin/smbldap-useradd.pl -m -d /dev/null 
-g 1000 -s /bin/false %u
[2004/09/29 10:35:29, 2] param/loadparm.c:do_section(3073)
  Processing section [netlogon]
  doing parameter path = /usr/local/samba/netlogon
  doing parameter locking = no
  doing parameter browseable = no
  doing parameter read only = yes
  doing parameter write list = ntadmin
[2004/09/29 10:35:29, 2] param/loadparm.c:do_section(3073)
  Processing section [tmp]
  doing parameter comment = test share
  doing parameter path = /tmp
  doing parameter read only = yes
[2004/09/29 10:35:29, 4] param/loadparm.c:lp_load(3503)
  pm_process() returned Yes
[2004/09/29 10:35:29, 7] param/loadparm.c:lp_servicenumber(3612)
  lp_servicenumber: couldn't find homes
[2004/09/29 10:35:29, 3] param/loadparm.c:lp_add_ipc(2028)
  adding IPC service IPC$
[2004/09/29 10:35:29, 3] param/loadparm.c:lp_add_ipc(2028)
  adding IPC service ADMIN$
[2004/09/29 10:35:29, 10] param/loadparm.c:set_server_role(3454)
  set_server_role: ROLE_DOMAIN_PDC
[2004/09/29 10:35:29, 7] param/loadparm.c:lp_servicenumber(3612)
  lp_servicenumber: couldn't find printers
[2004/09/29 10:35:29, 7] param/loadparm.c:lp_servicenumber(3612)
  lp_servicenumber: couldn't find printers
[2004/09/29 10:35:29, 2] lib/interface.c:add_interface(81)
  added interface ip=127.0.0.1 bcast=127.255.255.255 nmask=255.0.0.0
[2004/09/29 10:35:29, 2] lib/interface.c:add_interface(81)
  added interface ip=10.9.1.111 bcast=10.9.255.255 nmask=255.255.0.0
[2004/09/29 10:35:29, 5] lib/hash.c:hash_table_init(68)
  Hash size = 521.
[2004/09/29 10:35:29, 5] lib/util_sock.c:print_socket_options(111)
  socket option SO_KEEPALIVE = 1
[2004/09/29 10:35:29, 5] lib/util_sock.c:print_socket_options(111)
  socket option SO_REUSEADDR = 1
[2004/09/29 10:35:29, 5] lib/util_sock.c:print_socket_options(111)
  socket option SO_BROADCAST = 0
[2004/09/29 10:35:29, 5] lib/util_sock.c:print_socket_options(111)
  socket option TCP_NODELAY = 1
[2004/09/29 10:35:29, 5] lib/util_sock.c:print_socket_options(111)
  socket option IPTOS_LOWDELAY = 0
[2004/09/29 10:35:29, 5] lib/util_sock.c:print_socket_options(111)
  socket option IPTOS_THROUGHPUT = 0
[2004/09/29 10:35:29, 5] lib/util_sock.c:print_socket_options(111)
  socket option SO_SNDBUF = 16384
[2004/09/29 10:35:29, 5] lib/util_sock.c:print_socket_options(111)
  socket option SO_RCVBUF = 87380
[2004/09/29 10:35:29, 5] lib/util_sock.c:print_socket_options(111)
  

Re: [Samba] Deleting Old Printer Drivers

2004-09-29 Thread Ryan Suarez
rpcclient $server -N -U 'user%passwd' -c 'deldriver $printer'
Then remove the all the files related to the printer in the driver 
directory...

M/V Anastasis - IT Manager wrote:
Hi all,
I am running samba 3.0.6 on Linux and am wondering if anyone knows if it
is possible to delete a print driver from the driver database?  I have
around 20 printers running off of this print server and occasionally we
remove all of a certain type of printer.  Also, for some reason, the
drivers sometimes seem to become corrupt and it would be nice to be able
to entirely remove a driver and then reinstall it from scratch.  Is this
a possible thing to do?
Thanks,
Chris


Chris Slack
IT Manager
M/V Anastasis - Currently docked in Bremerhaven, DL
Mercy Ships

mailto:[EMAIL PROTECTED] [EMAIL PROTECTED]
http://www.mercyships.org/ 
www.mercyships.org http://www.chrisslack.org/ 



 

--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba


Re: [Samba] Puzzle -- Logon/Login from Windows XP

2004-09-29 Thread Tom Skeren
Top post oh well...
Make Samba a PDC join the XP workstations and use roaming profiles.
[EMAIL PROTECTED] wrote:
I hope somebody can help me with this. I posed this question a week ago and 
got several well-meaning answers that were not very helpful. 

I have 10 Windows XP workstations and 100 users. Each of the 100 users has an 
account on my Samba server (running Samba 3.03  on Mandrake Linux 10). 

Each user has several shares on the Samba server which are unique to that 
user. In other words, only THAT user can access his/her shares, and THAT user has 
read/write priviledges for those shares. 

BTW,  I define each user's shares by listings in smb.username.conf files 
and the include=smb.%U.conf option (I may have that backwards it may be 
username.smb.conf and include=%U.smb.conf, I have it right on my server.) 

The problem is, I need each of my 100 users to be able to logon to the Samba 
server (with READ/WRITE access to their own shares) from any of the 10 Windows 
XP workstations. It's not a problem if the user has an account on the XP 
machine that matches the username and password on the Linux Samba server. 

But users don't have their own machines and it's impractical to create 100 
user accounts on EACH Windows XP workstation. Especially when the list of users 
changes every few months. 

So my question is, how can those 100 users logon to the Samba server from ANY 
workstation without having an account on the Windows XP workstation that 
matches their username/password on the Samba server? 

I have a clumsy workaround right now, but I need something better. This is 
what I can do now:  

-- I have a Samba share that is accessible to everyone. 
-- In Windows XP, if I map network drive on that share and select connect 
using different username, I get an opportunity to enter the username and 
password for the specific user. 
-- Once the Windows XP machine connects to the Samba server, the Samba server 
knows who the user is and displays a list of the user's own unique shares 
-- which can then be mapped as well. 

The thing that's awkward about this technique, however, is that I'm having to 
map a public share JUST to communicate to the Samba server the username and 
password. 

Isn't there a way to get the Samba server to ask for a username and password 
when the user clicks on the name of the Samba server in Explorer? 

That's what happens when I click on the name of a Windows XP machine (XP 
Machine 1) from another Windows XP machine (XP Machine 2) when I'm logged on to 
Machine 2 with a username and password that does not match an account on XP 
Machine 1.  I get a dialog box asking for a username and password. If I enter a 
username that has an account on the first machine -- and the matching password 
-- I connect and get read/write access to all shared drives and folders. 

I want to get the same dialog box when I click on the Linux Samba server. But 
how? 

Thanks in advance for the help. 

Regards, 
Andy Liebman
 


--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba


Re: [Samba] New here ... with an NT Group problem

2004-09-29 Thread Torsten E.
Torsten E. schrieb am Mittwoch, 29. September 2004 00:22:

 Igor Belyi schrieb am Dienstag, 28. September 2004 21:16:

 Torsten E. wrote:

Hello again,


[...]

 Look into 'net groupmap list'. The right 'Domain Admins' should have
 RID (the last number after '-') 512 and SID (all numbers before the
 last '-') corresponding to your Domain SID ('net getlocalsid').

 Use 'net groupmap delete' or 'net gropumap modify' to fix the
 problem.

 Ok, Thanks Igor!
 I guess the:
 S-1-5-21-1313674548-3619494541-1192360840-...
 are the wrong ones (Domain Admins, Domain Guests  Domain Users) ...

[...]

 I'll delete them tomorrow.

So, I just tried to delete those groups/SIDs, but it doesn't work ...:

pdc:/home/torsten # net groupmap list
System Operators (S-1-5-32-549) - ntadmin
Domain Users (S-1-5-21-363742550-2379833043-2840705137-513) - ntuser
Replicators (S-1-5-32-552) - ntadmin
Guests (S-1-5-32-546) - nogroup
NTUsers (S-1-5-21-363742550-2379833043-2840705137-1201) - ntuser
Domain Users (S-1-5-21-1313674548-3619494541-1192360840-513) - -1
Power Users (S-1-5-32-547) - ntuser
Print Operators (S-1-5-32-550) - ntadmin
Administrators (S-1-5-32-544) - ntadmin
Account Operators (S-1-5-32-548) - ntadmin
Domain Guests (S-1-5-21-1313674548-3619494541-1192360840-514) - -1
Backup Operators (S-1-5-32-551) - ntadmin
Users (S-1-5-32-545) - ntuser
Domain Admins (S-1-5-21-1313674548-3619494541-1192360840-512) - -1
Domain Admins (S-1-5-21-363742550-2379833043-2840705137-512) - ntadmin
Domain Guests (S-1-5-21-363742550-2379833043-2840705137-514) - nogroup
pdc:/home/torsten #

pdc:/home/torsten # net groupmap delete ntgroup=Domain Admin
sid=S-1-5-21-1313674548-3619494541-1192360840-512
Sucessfully removed S-1-5-21-1313674548-3619494541-1192360840-512 from
the mapping db
pdc:/home/torsten # net groupmap delete
sid=S-1-5-21-1313674548-3619494541-1192360840-513
Sucessfully removed S-1-5-21-1313674548-3619494541-1192360840-513 from
the mapping db
pdc:/home/torsten # net groupmap delete
sid=S-1-5-21-1313674548-3619494541-1192360840-514
Sucessfully removed S-1-5-21-1313674548-3619494541-1192360840-514 from
the mapping db
pdc:/home/torsten #

pdc:/home/torsten # net groupmap list
sid=S-1-5-21-1313674548-3619494541-1192360840-512
Domain Admins (S-1-5-21-1313674548-3619494541-1192360840-512) - -1
pdc:/home/torsten # net groupmap list
sid=S-1-5-21-1313674548-3619494541-1192360840-513
Domain Users (S-1-5-21-1313674548-3619494541-1192360840-513) - -1
pdc:/home/torsten # net groupmap list
sid=S-1-5-21-1313674548-3619494541-1192360840-514
Domain Guests (S-1-5-21-1313674548-3619494541-1192360840-514) - -1
pdc:/home/torsten #

Any idea why it does not work?

Thanks in advance
Torsten

 Igor

 c y
 Torsten


-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba


[Samba] Samba Configuration

2004-09-29 Thread Bruno Lessa Cardoso
Hi all,

I have installed a SAMBA SERVER (3.0.4) into my network using a
Windows NT 4.0 as a  PDC. I want Samba to catch the passwords from
this NT, and authenticate these users getting access to the shares.
How can I do this? Does anybody have a smb.conf file as an example? I
use Linux for a long time, but this is my first time with Samba,

Thanks for your help,

-- 
Bruno Lessa Cardoso
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba


Re: [Samba] Re: Roaming Profiles:Samba PDC:WinXP:User must be local admin

2004-09-29 Thread Tom Skeren
Igor Belyi wrote:
Zach wrote:
To clear it up:
Domain: CIVILIZATION
samba PDC: BABYLON
Win XP client:  TROY
Domain user: Zach
Local user: local_user
If CILIVLIZATION\Zach is added to TROY\Administrators, then no problem.
If CILIVLIZATION\Zach is removed from TROY\Administrators, then
profile doesn't load properly, even if CILIVLIZATION\Zach is a member
of TROY\Power Users or TROY\Users, etc.  (This applies to other domain
users as well, not just Zach).
Further, when TROY\local_user, logs on to TROY, then no problem, 
regardless of
group membership.

Just to give you some hope - I don't have this problem.
I have users which belong _only_ to Domain Users group and they have 
WinXP Theme loaded without a problem.

BTW, did you move those profiles from local profiles or other Domains 
or were they created when users first login into Domain? ACLs and 
ownership on files in the Roaming profiles are stored in NTUSER.DAT 
file which is a representation of user registry. To properly copy User 
Profiles you would need to use Window's System 
Properties/Advanced/User Profiles. 
Well, I've been having the same probs too, and hadn't thought about 
this.  That gives me lots of food for thought.  Thanks Igor.

TMS III

Igor

--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba


[Samba] samba printing on windows

2004-09-29 Thread Shashi Kanth Boddula
Hi, 
  I configured 3 printers on my Linux machine. One prinetr is a
network printer and 2 are  SMB printers. I shared all 3 printers through
samba. On Windows side, i am seeing all 3 print shares and i am able to
connect printrs. On windows , After connecting samba printers , when i
open a printer ( print queue ) , it will open a Box. But, on the top of
the box  , it will show Access denied, unable to connect . It will
process print jobs But it will not show the jobs in the print queue box.

  Pleaes, give suggestions on this. 
 
 
 
Regards, 
shashi kanth 

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba


[Samba] Weird thing with Samba and Final Cut Pro

2004-09-29 Thread AndyLiebman
Does anybody have a clue why, when I access my Linux Samba server from a Mac 
G5 (OS X 10.3.x) and try to capture digital video files, the Apple Final Cut 
application -- in allocating disk space for the file it's about to capture -- 
actually writes to the hard drive for a long time (presumably writing zeros) 
until it has created a file the very size of what it expects to store on the 
Samba server. This process basically occurs in real time. If I expect to capture 
a 30 minute file, the process takes about 30 minutes before capturing actually 
begins. 

When I access the same Linux server with Apple File Sharing/Netatalk, the 
disk space is allocated instantly and capturing begins right away. 

Could there be anything to configure in Samba that would make it behave more 
like Netatalk in this regard? 

Andy Liebman
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba


[Samba] Re: Problems with Samba 3.0.5 only seeing 1360 files on a share to a Windows 2000

2004-09-29 Thread Tomasz Rosiak
In dos (win 2000 cmd) it's shows the same, but under linux I seen all 
the files.
Has anyone seen this before?

I have seen something like that, but only about 130 entries (files or 
dir's) were seen. ls -l showed 146 entries, the same amount was returned 
by ls in smbclient.
I am using samba 3.0.7 from FreeBSD port. FreeBSD verision is 4.10.
Yesterday I tried to simulate such situation - I've created about 1800 
directory entries (using mktemp), but in Windows 2000 all of them were 
seen. I suppose, the amount of seen entries depends on their name's lengths.
I've also made some syscall tracing on smbd when listing such directory 
(the one with 146 long entries) and it looked way like this:

[..]
read dir
stat entry #1
stat entry #2
.
.
stat entry #130
send partial response to socket (about 16kB)
stat entry #131
.
.
stat entry #146
send the rest of response (about 1-2 kB)
In Windows only entries sent in first response were seen.
Does anyone have any idea?
Maybe analyzing responses from Windows server would help (for example 
using Ethereal) ?

--
Tomasz Rosiak
--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba


Re: [Samba] Cross-subnet browsing and oplocks

2004-09-29 Thread Michael Kelly
Hi,

Thank you for your response.

I use the tun device as it seemed it was a bit easier to setup. I did
read that tap was a bit better with windows, but other than the oplocks
issue with Samba I have not had any real problem with the openVPN setup
and Samba. I think I will setup a test openVPN server running a tap
device and see if there are any apparent differences.

I have read though the Samba manual regarding oplocks and agree that
they are a bit difficult to understand, okay, quite a bit. On my regular
office network oplocks have worked fine since I started running the
Samba server and it is only with the introduction of the VPN that I have
seen any troubles. I have also read about a few file types causes issues
with oplocks, I had problems with excel files, but it seems to be okay
now, well nobody is complaining anymore anyway.

I am not to familiar with pptp other than it is a point-to-point
tunnelling protocol and the things I have read discuss using it with
dial-up, we have no dedicated dailup access to our networks.

For clarity sake, there appears to be no oplocks whatsoever when a
client over the openVPN connection accesses a file on the server. Their
connection is logged by samba, they show up in smbstatus, including all
mounted drives, IP address, and username, just no oplocks.

I think one of the first things I need to do is upgrade the Samba
server to the latest version, but that will have to wait until the
weekend as it is currently in use.

As a first attempt I will try a tap device on the openVPN connection

Thank you for your help and I will post any notable results.
Michael Kelly


 rruegner [EMAIL PROTECTED] 28/09/2004 5:01:44 pm 
Hi Michael,

do you use the tap device?
like this ( man openvpn advice tap instead of tun devices for win
networks)

#example conf
#my partners dns name
remote your.partner.dns
#kind of device
dev tap0
float
#tunnel ips my tunnel nic  partners tunnel nic
ifconfig 192.168.10.2 255.255.255.0
#what to do if comming up
up /etc/openvpn/your.partner.dns.conf # optional, but good for setting
route
# timeouts
ping   15
ping-restart  300 # 5 minutes
resolv-retry  300 # 5 minutes
persist-tun
persist-key
# compression (optional)
comp-lzo
# verbosity (optional)
verb 5
#user and group
user nobody
group nogroup
secret /etc/openvpnkey
#mtu
#mtu-test
tun-mtu 1500
#daemonize
daemon
#tune
#fragment 1400
#mssfix 1400
tun-mtu-extra 64

i have a few setups with pdc and bdc sambas across
openvpn networks and they work quite well, i never found some
oplocks problems ( what makes not sure that they are some )
but in 6 Months on 3 Servers with 100 Users and gigs of files
nobody talked about that.

Study the subnet browsing stuff from samba,
using openvpn as laptop clients i found not satisfactory
i use pptp vor my roadwarriors.

oplocks are difficult to understand, i had my troubles with them in the

past but now it worked from default with samba 3.07
but i read there are a few filetypes which making special trouble with
them.
Maybe this was usefull for you its a complex theme
Regards

Michael Kelly schrieb:
 Hello all,
 
 I will give you a few details first.
 
 In my office I am running Samba 3.02a as a simple file serve and a
WINS
 server. It currently serves about 11 employees. That setup, other
than a
 couple of minor things works fine.
 
 I administrate a remote office as well that is part of the same
 company, there are 3 employees. In that office I have a Linux
gateway
 running openVPN 2.0beta11 as a client which connects to our office
so
 that they can utilize our file server. They can connect without any
 issues and get any resources they need from the file server. They
also
 register on the WINS server listed above. That same Linux gateway is
 also running Samba 3.07 for the sole purpose of browse list
 syncronization. My routed openVPN solution does not allow broadcasts
 across its tunnel. Again this is working fine, They register with
WINS,
 use WINS for NetBIOS lookups, and use resources from the Samba file
 server.
 
 Also, I have two remote employees that connect to our network using
an
 openVPN client on laptops running win2000 Pro. Again, these
connections
 work great and they are able to register with the WINS server, edit
 files, what have you.
 
 The problem I am having is that oplocks do not seem to function for
any
 of the users connected via VPN. When I look at the status of the
file
 server using smbstatus, I can see all of the connected users, both in
my
 subnet and the ones connecting across the VPN, as well as being able
to
 see the shares they have mapped.
 
 I guess I am not sure why clients are able to open files across the
VPN
 but not have the oplocks engaged. I have no turned off locks on any
of
 the shares and, as I said earlier, users from my physical office
receive
 locks when they open files, but remote users do not.
 
 If I open a file on a machine on the office network, it is locked
and
 even a remote client cannot 

Re: [Samba] Re: Public share

2004-09-29 Thread Barbara M.
On Wed, 29 Sep 2004, Igor Belyi wrote:

 Barbara M. wrote:
  On Tue, 28 Sep 2004, Igor Belyi wrote:
  Tried without success.
 
 Ok, I forgot that 'public' and 'guest ok' are synonyms and you have it 
 in your smb.conf...

I put it both in [global] and in [pubblica] :-(

  Seems that using security = user I can't have a public share. 
  Why?
 
 At least I have them with security = user. I dumb question - does user 
 'nobody' has access to the /home/Public directory?

Group and owner.

I try also to create a 

/Pub  drwxrwxrwx  nobody  nobody


But no differences: always required a user to access.


Anyone have a working conf (PDC+homes+public in samba 3.0.x)?

Regards, B.



-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba


[Samba] Re: New here ... with an NT Group problem

2004-09-29 Thread Igor Belyi
Torsten E. wrote:
Torsten E. schrieb am Mittwoch, 29. September 2004 00:22:
So, I just tried to delete those groups/SIDs, but it doesn't work ...:
pdc:/home/torsten # net groupmap list
System Operators (S-1-5-32-549) - ntadmin
Domain Users (S-1-5-21-363742550-2379833043-2840705137-513) - ntuser
Replicators (S-1-5-32-552) - ntadmin
Guests (S-1-5-32-546) - nogroup
NTUsers (S-1-5-21-363742550-2379833043-2840705137-1201) - ntuser
Domain Users (S-1-5-21-1313674548-3619494541-1192360840-513) - -1
Power Users (S-1-5-32-547) - ntuser
Print Operators (S-1-5-32-550) - ntadmin
Administrators (S-1-5-32-544) - ntadmin
Account Operators (S-1-5-32-548) - ntadmin
Domain Guests (S-1-5-21-1313674548-3619494541-1192360840-514) - -1
Backup Operators (S-1-5-32-551) - ntadmin
Users (S-1-5-32-545) - ntuser
Domain Admins (S-1-5-21-1313674548-3619494541-1192360840-512) - -1
Domain Admins (S-1-5-21-363742550-2379833043-2840705137-512) - ntadmin
Domain Guests (S-1-5-21-363742550-2379833043-2840705137-514) - nogroup
pdc:/home/torsten #
pdc:/home/torsten # net groupmap delete ntgroup=Domain Admin
sid=S-1-5-21-1313674548-3619494541-1192360840-512
Sucessfully removed S-1-5-21-1313674548-3619494541-1192360840-512 from
the mapping db
pdc:/home/torsten # net groupmap delete
sid=S-1-5-21-1313674548-3619494541-1192360840-513
Sucessfully removed S-1-5-21-1313674548-3619494541-1192360840-513 from
the mapping db
pdc:/home/torsten # net groupmap delete
sid=S-1-5-21-1313674548-3619494541-1192360840-514
Sucessfully removed S-1-5-21-1313674548-3619494541-1192360840-514 from
the mapping db
pdc:/home/torsten #
pdc:/home/torsten # net groupmap list
sid=S-1-5-21-1313674548-3619494541-1192360840-512
Domain Admins (S-1-5-21-1313674548-3619494541-1192360840-512) - -1
pdc:/home/torsten # net groupmap list
sid=S-1-5-21-1313674548-3619494541-1192360840-513
Domain Users (S-1-5-21-1313674548-3619494541-1192360840-513) - -1
pdc:/home/torsten # net groupmap list
sid=S-1-5-21-1313674548-3619494541-1192360840-514
Domain Guests (S-1-5-21-1313674548-3619494541-1192360840-514) - -1
pdc:/home/torsten #
Any idea why it does not work?
Well... My guess is that S-1-5-21-1313674548-3619494541-1192360840 is 
SID of the domain you are trying to remove those mappings from. Is it 
the same SID 'net getlocalsid' retuns you? And since these are builtin 
groups they are always there - they just may have or may have not 
mappings to UNIX groups.

I suspect that your problem is that you have those other mappings from a 
wrong (old?) domain: S-1-5-21-363742550-2379833043-2840705137 and that 
those SIDs are mapped into your local UNIX groups instead of the one 
from your current domain.

So, check SID of the domain you use and then make sure that builtin 
groups from this domain are mapped to your UNIX groups.

Hope it helps,
Igor
--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba


[Samba] net groupmap failures

2004-09-29 Thread Tom Skeren
OK all, really going nuts here.  wbinfo -u/-g works, pulls up the W2k 
users/groups.  Net ads join works just fine.  Created the krb5.keytab 
file on the w2k machine and kutil copy this to /etc/krb5.keytab.  kinit 
administrator works fine.  However, all net groupmap commands fail.  
Here's an example:

fskkweb# net groupmap add unixgroup=admin ntgroup=Domain Admins
No rid or sid specified, choosing algorithmic mapping
[2004/09/29 08:42:46, 0] lib/smbldap.c:smbldap_open_connection(623)
 Failed to issue the StartTLS instruction: Decoding error
[2004/09/29 08:42:47, 0] passdb/pdb_ldap.c:ldapsam_search_one_group(1873)
 ldapsam_search_one_group: Problem during the LDAP search: LDAP error: 20D6: 
SvcErr: DSID-03100684, problem 5012 (DIR_ERROR), data 0
  (Operations error)
Snip-error burps out for quite a number of lines
[2004/09/29 08:42:47, 0] passdb/pdb_ldap.c:ldapsam_search_one_group(1873)
 ldapsam_search_one_group: Problem during the LDAP search: LDAP error: 20D6: 
SvcErr: DSID-03100684, problem 5012 (DIR_ERROR), data 0
  (Operations error)
adding entry for group Domain Admins failed!
fskkweb#
I'm assuming there is some problem with openldap client.  ldapsearch 
burps out this:

fskkweb# ldapsearch -v -D CN=Administrator,CN=Users,DC=fsklaw,DC=net
ldap_initialize( DEFAULT )
ldap_bind: Invalid credentials (49)
   additional info: 80090308: LdapErr: DSID-0C09030B, comment: 
AcceptSecurityContext error, data 52e, v893
Any body have any clues...I would love to get this working.  If you need smb.conf, 
krb5.conf, nsswitch files etc. please ask.
TMS III


--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba


RE: [Samba] Problems compiling samba-3.0.7 on Redhat-7.2

2004-09-29 Thread rahul.padalikar

Hi Greg,
 
Well, I did the same thing and hacked the configure file and its working. 
I am just wondering why -Wl option will cause such a problem ?
 
Rahul

-Original Message- 
From: Greg Ryan [mailto:[EMAIL PROTECTED] 
Sent: Tue 9/28/2004 6:59 PM 
To: Rahul Padalikar (WT01 - EMBEDDED  PRODUCT ENGINEERING SOLUTIONS) 
Cc: [EMAIL PROTECTED] 
Subject: Re: [Samba] Problems compiling samba-3.0.7 on Redhat-7.2



Rahul

I saw your samba list posting on your RH9 experience with samba 3.0.7.
I found the same problem when dropping in the source of 3.0.7 in place of
3.0.6.

If you investigate the configure scripts, between the two releases, they
have changed things so that you now get

 LDSHFLAGS=-shared -Wl,-Bsymbolic

under 3.0.7, where under 3.0.6 it was

LDSHFLAGS=-shared -Bsymbolic

If you hack the scripts to make the LDSHFLAGS like that under 3.0.6,
then the build works quietly.  I think it is only the build of winbind
that is effected by this loader problem. 

Any suggestions or further information on this change?




Confidentiality Notice 

The information contained in this electronic message and any attachments to this 
message are intended
for the exclusive use of the addressee(s) and may contain confidential or privileged 
information. If
you are not the intended recipient, please notify the sender at Wipro or [EMAIL 
PROTECTED] immediately
and destroy all copies of this message and any attachments.
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Re: [cups.general] Re: Windows Clients keep finished jobs in Queue

2004-09-29 Thread Misty Stanley-Jones
On Wednesday 29 September 2004 09:29, Ryan Suarez wrote:
 I'm also seeing this problem.  We're running samba 3.0.7 with CUPS
 1.1.20.  The clients printing are WinXP Professional SP1.

 The jobs printed are still displayed in the Windows printer status
 window, even though it's been printed already and disappears from the
 CUPS printer queue list.

You will note that if you refresh, they disappear.  I see the problem too with 
3.0.6. Have not tested with 3.0.7 yet.  I think it's also with WinNT clients.  
Another person on this list reported the same refresh problem with files in 
Explorer too.

Misty

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba


Re: [Samba] Roaming Profiles:Samba PDC:WinXP:User must be local admin

2004-09-29 Thread Craig White
On Tue, 2004-09-28 at 11:18, Stefan Wegner wrote:
 Craig White schrieb:
 
  The 'homes' share should be differentiated from the 'profiles' share if
  you desire to have expected behavior. Whether this is an absolute
  requirement or not, I have no idea but I do know that I don't have a
  problem with roaming profiles and haven't since 2.2.x and it still works
  on 3.0.x
 
 Doesn't make any difference: profile acls = yes
 in homes is the same behaviour asin profiles as long as profiles are 
 located under homes.
 
 The prob is still the same:
 user with local adm-rights = complete profile
 user with User- or Poweruser- rights = reduced profile (background and 
 other settings)
 
 Can you switch the local Rights of your Users from User to Admin and 
 then go back to User without loss in the profile ?

I have done that but only once. My users are all NOT local admins or
power users - they are pretty much unprivileged beyond the local Users.
Either way (or even switching to and from local Administrator group)
caused no problem with loading the profile.

On the samba server(s) - my privileges are different for the homes and
profiles directories.

my users homes are in...
drwxr-xr-x   40 root root 4096 Sep  8 10:50 users
and a sample users directory...
drwx--   19 craigusers-all 4096 Aug 29 17:31 craig

whereas the profiles...

drwxrwsr-x   21 Administrator Domain Users 4096 Sep  9 08:53
profiles
and a sample profile directory
drwxr-xr-x   13 test Domain Users 4096 Jan 26  2004 test

This has not been a problem for me.

Craig

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba


[Samba] Re: Problem

2004-09-29 Thread Igor Belyi
  wrote:
I've installed samba 3.0.2a with winbind 3.0.2a (I have the PDS on NT4).
net rpc join -S -U Administrator
Joined the domain MYDOMAIN.
That is ok!
When I execute the command 'getent passwd', I receive the list of
local users and domain users. But when I execute the command 'getent
group', I receive the list of only local groups. That is the matter?
Did you check that your /etc/nsswitch.conf has winbind listed for group: 
as well as for passwd:?

Igor
--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba


[Samba] Re: Authenticateing DC's on an ldap backend... nobody knows how?

2004-09-29 Thread Jim C.
If I knew what it had to do with devfs, I would have been alot farther 
...
Mandrake.  In order to write a HOWTO for this, I need to have as similar 
a setup as possible.
...which goes back into me not yet having mentioned that which has 
already been tried. :-/  What was tried previously was adding 
...
appropriate log levels for slapd/smbd?  I've always had trouble with 
them which may explain a lot.
OK, I've made some discoveries which may point to the LDAP acls I've 
been using.

1. smbldap scripts cannot create a user account when authenticateing as 
host.
2. smbldap scripts cannot read password information unless space in 
Domain Controllers is escaped.

Here are my acls.  They are the new regex based ones provided by 
Mandrake. I could use some tips on testing them.  What should I be 
looking for in the logs?

The entry in slapd.conf reads like this:
# Define global ACLs to disable default read access.
include /etc/openldap/slapd.access.conf
# Provide write access to replicators, and cover access to any other
# attributes (default anonymous read access may be undesirable)
access to dn.subtree=dc=j9starr,dc=net
by group=cn=Replicator,ou=Group,dc=j9starr,dc=net
by users read
by anonymous read
Entries in slapd.access.conf looks like this:
# Generic ACLs
# These ACLs should work well for any domain-based (ie dc=,dc=) suffix,
# but need adjustment and testing for any other suffix
# Note that these ACLs allow anonymouse read access to most non-password
# attributes, you may want to prevent leakage of this information by
# removing the by anonymous read lines
# Protect passwords, using a regex so we can have generic accounts with
# write access
# Openldap will not authenticate against non-userPassword attributes
# but we would have to duplicate most rules ...
access to dn.regex=^([^,]*,)?ou=[^,]+,(dc=[^,]+(,dc=[^,]+)*)$
attrs=lmPassword,ntPassword,sambaLMPassword,sambaNTPassword,userPassword
by self write
by dn.exact,expand=uid=Administrator,ou=People,$2 write
by group=cn=Domain\ Controllers,ou=Group,$2 write
by group=cn=Replicator,ou=Group,$2 write
by anonymous auth
by * none
# ACL allowing samba domain controllers to add user accounts
access to dn.regex=^([^,]+,)?ou=People,(dc=[^,]+(,dc=[^,]+)*)$
attrs=entry,children,posixAccount,sambaAccount,inetOrgperson,sambaSamAccount
by dn.exact,expand=uid=Administrator,ou=People,$2 write
by group=cn=Domain\ Controllers,ou=Group,$2 write
by group=cn=Replicator,ou=Group,$2 write
by users read
by anonymous read
# allow users to modify their own address book entries:
access to dn.regex=([^,]+,)?ou=People,(dc=[^,]+(,dc=[^,]+)*)$
attrs=inetOrgPerson,mail
by self write
by dn.exact,expand=uid=Administrator,ou=People,$2 write
by group=cn=Domain\ Controllers,ou=Group,$2 write
by group=cn=Replicator,ou=Group,$2 write
by users read
by anonymous read
# Allow samba domain controllers to create groups and group mappings
access to dn.regex=^([^,]+,)?ou=Group,(dc=[^,]+(,dc=[^,]+)*)$
attrs=entry,children,posixGroup,sambaGroupMapping
by dn.exact,expand=uid=Administrator,ou=People,$2 write
by group=cn=Domain\ Controllers,ou=Group,$2 write
by group=cn=Replicator,ou=Group,$2 write
by users read
by anonymous read
# Allow samba domain controllers to create machine accounts
access to dn.regex=^([^,]+,)?ou=Hosts,(dc=[^,]+(,dc=[^,]+)*)$
attrs=entry,children,posixAccount,inetOrgperson,sambaSamAccount
by dn.exact,expand=uid=Administrator,ou=People,$2 write
by group=cn=Domain\ Controllers,ou=Group,$2 write
by group=cn=Replicator,ou=Group,$2 write
by users read
by anonymous read
# Allow samba to create idmap entries
access to dn.regex=^([^,]+,)?ou=Idmap,(dc=[^,]+(,dc=[^,]+)*)$
attrs=entry,children,sambaIdmapEntry
by dn.exact,expand=uid=Administrator,ou=People,$2 write
by group=cn=Domain\ Controllers,ou=Group,$2 write
by group=cn=Replicator,ou=Group,$2 write
by users read
by anonymous read
# Allow users in the domain to add entries to the global address book:
access to dn.regex=^([^,],)?ou=Contacts,(dc=[^,]+(,dc=[^,]+)*)$
   attrs=children,entry,inetOrgPerson
by dn=uid=[^,]+,ou=People,$2 write
by group=cn=Replicator,ou=Group,$2 write
by users read
by anonymous read

--
-
| I can be reached on the following Instant Messenger services: |
|---|
| MSN: [EMAIL PROTECTED]  AIM: WyteLi0n  ICQ: 123291844 |
|---|
| Y!: j_c_llings   Jabber: [EMAIL PROTECTED]|
-
--
To 

[Samba] winbind user vs group permission deny

2004-09-29 Thread Paul Ryan
Samba List -

Like most people new to Samba, I'm having the most trouble setting up permissions.

First of all, let me get this straight: if you use security = domain, you do not need 
to set up individual users on the Linux box (in an NT domain), correct?

I want all users to be able to read the files in LSSNET, and only specific users 
allowed to write to it.  If the folder is 775 and the group owner is LSS_A+Domain 
Users everyone has read and write access.  Then to deny the write access I add read 
list and write list as below.  Now even though I am in all the groups and my 
individual user is in write list, I don't have write access.  This is because I'm also 
in Domain Users and the read list overrides all Samba permissions

The other options is to change the folder to 755, but then no matter what groups I add 
to write access, they will not override the Unix permissions.  This means I have no 
way to give all users read access and only some users write access without actually 
creating the users on the local linux box...and that defeats the purpose of the 
security = domain  ? ? ?

Thanks in advance for anybody who can solve this.
Paul

#SETUP#

root# ls -lah
drwxrwxr-x 36 root  LSS_A+Domain Users 4.0K Sep 29 08:46 lssnet

[global]
   workgroup = LSS_A
   server string = Intranet Server
   log file = /var/log/samba/%m.log
   max log size = 500
   security = domain
   password server = lss_pdc bdc1 bdc2
   encrypt passwords = yes
   smb passwd file = /usr/local/samba/private/smbpasswd

Winbind
# This section added by PJR 5/25/04
# Include winbind NT domain support

   winbind separator = +
   winbind uid = 1-2
   winbind gid = 1-2
   winbind use default domain = no
   winbind cache time = 20
   winbind enum users = yes
   winbind enum groups = yes

# Most people will find that this option gives better performance.
# See speed.txt and the manual pages for details

# Browser Control Options:
# set local master to no if you don't want Samba to become a master
# browser on your network. Otherwise the normal election rules apply
   local master = no

# WINS Server - Tells the NMBD components of Samba to be a WINS Client
#   Note: Samba can be either a WINS Server, or a WINS Client, but NOT both
   wins server = 206.145.30.12

# DNS Proxy - tells Samba whether or not to try to resolve NetBIOS names
# via DNS nslookups. The built-in default for versions 1.9.17 is yes,
# this has been changed in version 1.9.18 to no.
   dns proxy = no

   force create mode = 0775
   force directory mode = 0775
   read only = yes
   veto oplock files = /*.cgi/
   guest ok = no
   browseable = no
   writable = no

# Note: This line is added for security purposes.  The following
# users should never have access to the Samba shares

  invalid users = root,bin,daemon,adm,sync,shutdown,halt,mail,news,uucp,operator,gopher

[lssnet]
   path = /www/lssnet
   comment = Intranet Web Files
   read list = 'LSS_A+Domain Users'
   write list = LSS_A+pryan, 'LSS_A+Corp Tech', 'LSS_A+Domain Admins'

Paul Ryan, Technology Specialist
LSS Data Systems
6423 City West Parkway, Eden Prairie, MN  55344
952.941.1000

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] Re: Authenticateing DC's on an ldap backend... nobody knows how?

2004-09-29 Thread Jim C.
Whoops! Missed part of those acls that had scrolled off the top of my 
screen.  The full slapd.access.conf listing is as follows:

# This is a good place to put slapd access-control directives
# The Administrator DIT should be accessible to all clients
access to dn.exact=
by * read
# Generic ACLs
# These ACLs should work well for any domain-based (ie dc=,dc=) suffix,
# but need adjustment and testing for any other suffix
# Note that these ACLs allow anonymouse read access to most non-password
# attributes, you may want to prevent leakage of this information by
# removing the by anonymous read lines
# Protect passwords, using a regex so we can have generic accounts with
# write access
# Openldap will not authenticate against non-userPassword attributes
# but we would have to duplicate most rules ...
access to dn.regex=^([^,]*,)?ou=[^,]+,(dc=[^,]+(,dc=[^,]+)*)$
attrs=lmPassword,ntPassword,sambaLMPassword,sambaNTPassword,userPassword
by self write
by dn.exact,expand=uid=Administrator,ou=People,$2 write
by group=cn=Domain\ Controllers,ou=Group,$2 write
by group=cn=Replicator,ou=Group,$2 write
by anonymous auth
by * none
# ACL allowing samba domain controllers to add user accounts
access to dn.regex=^([^,]+,)?ou=People,(dc=[^,]+(,dc=[^,]+)*)$
attrs=entry,children,posixAccount,sambaAccount,inetOrgperson,sambaSamAccount
by dn.exact,expand=uid=Administrator,ou=People,$2 write
by group=cn=Domain\ Controllers,ou=Group,$2 write
by group=cn=Replicator,ou=Group,$2 write
by users read
by anonymous read
# allow users to modify their own address book entries:
access to dn.regex=([^,]+,)?ou=People,(dc=[^,]+(,dc=[^,]+)*)$
attrs=inetOrgPerson,mail
by self write
by dn.exact,expand=uid=Administrator,ou=People,$2 write
by group=cn=Domain\ Controllers,ou=Group,$2 write
by group=cn=Replicator,ou=Group,$2 write
by users read

# Allow samba domain controllers to create groups and group mappings
access to dn.regex=^([^,]+,)?ou=Group,(dc=[^,]+(,dc=[^,]+)*)$
attrs=entry,children,posixGroup,sambaGroupMapping
by dn.exact,expand=uid=Administrator,ou=People,$2 write
by group=cn=Domain\ Controllers,ou=Group,$2 write
by group=cn=Replicator,ou=Group,$2 write
by users read
by anonymous read
# Allow samba domain controllers to create machine accounts
access to dn.regex=^([^,]+,)?ou=Hosts,(dc=[^,]+(,dc=[^,]+)*)$
attrs=entry,children,posixAccount,inetOrgperson,sambaSamAccount
by dn.exact,expand=uid=Administrator,ou=People,$2 write
by group=cn=Domain\ Controllers,ou=Group,$2 write
by group=cn=Replicator,ou=Group,$2 write
by users read
by anonymous read
# Allow samba to create idmap entries
access to dn.regex=^([^,]+,)?ou=Idmap,(dc=[^,]+(,dc=[^,]+)*)$
attrs=entry,children,sambaIdmapEntry
by dn.exact,expand=uid=Administrator,ou=People,$2 write
by group=cn=Domain\ Controllers,ou=Group,$2 write
by group=cn=Replicator,ou=Group,$2 write
by users read
by anonymous read
# Allow users in the domain to add entries to the global address book:
access to dn.regex=^([^,],)?ou=Contacts,(dc=[^,]+(,dc=[^,]+)*)$
   attrs=children,entry,inetOrgPerson
by dn=uid=[^,]+,ou=People,$2 write
by group=cn=Replicator,ou=Group,$2 write
by users read
by anonymous read
--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba


Re: [Samba] Roaming Profiles:Samba PDC:WinXP:User must be local admin

2004-09-29 Thread Zach
We just experimented with this here at work.  As administrator we
manually deleted the profile of a user at replaced it with a manual
copy of another user's profile, and the problem was reproduced
exactly.  When we subsquently deleted NTUSER.DAT and logged in again,
NTUSER.DAT was rebuilt using the default profile and the profile
loaded properly.  Evidently the SID recorded in NTUSER.DAT has to
match the user's sid or it won't load properly.

Now to find out how to repair/rebuild/migrate NTUSER.DAT without
losing the user's sid without losing the customizations.

Although this has turned out to not really be a Samba problem, I'll
post what I find out since this seems to affect several users on the
list.

Thanks
Zach

On Wed, 29 Sep 2004 10:00:47 -0700, Craig White [EMAIL PROTECTED] wrote:
 On Tue, 2004-09-28 at 11:18, Stefan Wegner wrote:
  Craig White schrieb:
 
   The 'homes' share should be differentiated from the 'profiles' share if
   you desire to have expected behavior. Whether this is an absolute
   requirement or not, I have no idea but I do know that I don't have a
   problem with roaming profiles and haven't since 2.2.x and it still works
   on 3.0.x
 
  Doesn't make any difference: profile acls = yes
  in homes is the same behaviour asin profiles as long as profiles are
  located under homes.
 
  The prob is still the same:
  user with local adm-rights = complete profile
  user with User- or Poweruser- rights = reduced profile (background and
  other settings)
 
  Can you switch the local Rights of your Users from User to Admin and
  then go back to User without loss in the profile ?
 
 I have done that but only once. My users are all NOT local admins or
 power users - they are pretty much unprivileged beyond the local Users.
 Either way (or even switching to and from local Administrator group)
 caused no problem with loading the profile.
 
 On the samba server(s) - my privileges are different for the homes and
 profiles directories.
 
 my users homes are in...
 drwxr-xr-x   40 root root 4096 Sep  8 10:50 users
 and a sample users directory...
 drwx--   19 craigusers-all 4096 Aug 29 17:31 craig
 
 whereas the profiles...
 
 drwxrwsr-x   21 Administrator Domain Users 4096 Sep  9 08:53
 profiles
 and a sample profile directory
 drwxr-xr-x   13 test Domain Users 4096 Jan 26  2004 test
 
 This has not been a problem for me.
 
 Craig
 
 
 
 --
 To unsubscribe from this list go to the following URL and read the
 instructions:  http://lists.samba.org/mailman/listinfo/samba

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba


[Samba] hostname and smbstatus

2004-09-29 Thread Phil Bardanes
Hi,

I'm having problems with seeing the hostname of a Linux box
correctly under Samba with smbstatus.

Background:
I'm running Debian sarge with Samba 3.0.5 on a server that I built. It
sits on our local network behind a Smoothwall firewall, which functions
as a virtual nameserver using our ISP's DNS servers for resolution. 

I've been able to set up our Windows machines without too much problem
with the Debian Samba server as a PDC. I'm now trying to connect a Mepis
(Debian sid) box to the server using Samba.

Problem:
When I login to a Mepis user session, the share is mounted in a user
directory (set up with smb4k). However, smbstatus shows only the IP
address of the machine, not the hostname. The Windows machine hostnames
show up correctly. Here's smbstatus with forced user/group
yarg/domadm, Windows XP box thais, and the Linux box:

Samba version 3.0.5-Debian
PID Username  Group Machine
---
 3096   yarg  domadm192.168.1.8  (192.168.1.8)
 2816   yarg  domadmthais   (192.168.1.10)

I've changed /etc/hosts on the client, server, and firewall/nameserver
machine to include the IP-name; nsswitch.conf maps host to DNS. smb.conf
has name resolve order parameter set to host wins lmhosts bcast. I'm
not specifying a WINS server, but have configured wins support to yes.

I also have Mandrake 10 and SuSE 9.1 triple-booting with the Mepis
partitions and while they also connect as Samba clients, I have the same
result -only the IP shows up.

Any ideas? Thanks.


-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba


Re: [Samba] Roaming Profiles:Samba PDC:WinXP:User must be local admin

2004-09-29 Thread Tom Skeren
Zach wrote:
We just experimented with this here at work.  As administrator we
manually deleted the profile of a user at replaced it with a manual
copy of another user's profile, and the problem was reproduced
exactly.  When we subsquently deleted NTUSER.DAT and logged in again,
NTUSER.DAT was rebuilt using the default profile and the profile
loaded properly.  Evidently the SID recorded in NTUSER.DAT has to
match the user's sid or it won't load properly.
Good news Zach.  I'm off to the office to give it a go myself.  Should 
give a preliminary response by noon PST.
Cheers,
TMS III

Now to find out how to repair/rebuild/migrate NTUSER.DAT without
losing the user's sid without losing the customizations.
Although this has turned out to not really be a Samba problem, I'll
post what I find out since this seems to affect several users on the
list.
Thanks
Zach
On Wed, 29 Sep 2004 10:00:47 -0700, Craig White [EMAIL PROTECTED] wrote:
 

On Tue, 2004-09-28 at 11:18, Stefan Wegner wrote:
   

Craig White schrieb:
 

The 'homes' share should be differentiated from the 'profiles' share if
you desire to have expected behavior. Whether this is an absolute
requirement or not, I have no idea but I do know that I don't have a
problem with roaming profiles and haven't since 2.2.x and it still works
on 3.0.x
   

Doesn't make any difference: profile acls = yes
in homes is the same behaviour asin profiles as long as profiles are
located under homes.
The prob is still the same:
user with local adm-rights = complete profile
user with User- or Poweruser- rights = reduced profile (background and
other settings)
Can you switch the local Rights of your Users from User to Admin and
then go back to User without loss in the profile ?
 


I have done that but only once. My users are all NOT local admins or
power users - they are pretty much unprivileged beyond the local Users.
Either way (or even switching to and from local Administrator group)
caused no problem with loading the profile.
On the samba server(s) - my privileges are different for the homes and
profiles directories.
my users homes are in...
drwxr-xr-x   40 root root 4096 Sep  8 10:50 users
and a sample users directory...
drwx--   19 craigusers-all 4096 Aug 29 17:31 craig
whereas the profiles...
drwxrwsr-x   21 Administrator Domain Users 4096 Sep  9 08:53
profiles
and a sample profile directory
drwxr-xr-x   13 test Domain Users 4096 Jan 26  2004 test
This has not been a problem for me.
Craig

--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba
   


--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba


[Samba] Switch profile from local to roaming?

2004-09-29 Thread Misty Stanley-Jones
I've got a WinXP machine that was configured for local profiles.  I have now 
joined that machine to the domain, but when I try to log in as a user, it 
tries to use a roaming profile.  Fine, that's what I want anyway.  But it 
doesn't do the smart thing and copy the user's local profile to roaming -- it 
gives an error instead.  OK, no problem, I will change the type.  I log in as 
local admin and go to her profile.  It only gives me Local as an option.  
Maybe it's because I'm not logged into the domain.  OK, I log into the domain 
as Administrator (alias root -- uid of 0).  It doesn't even let me SEE her 
profile then.  Because it is local, I assume.  So ok, I add 
MYDOMAIN\Administrator as a local administrator on her machine.  It lets me 
see her profile now but I still can't change it to roaming.  And every time I 
try to copy it into either Administrator's directory on the server, or hers, 
it gives me Permission Denied.  

So what is the real way to get this accomplished?

Thanks,
Misty
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba


[Samba] Profiles and PDC

2004-09-29 Thread Jonathan Knight


We have severla samba servers which we've just tried to upgrade to using the
domain based security.

Most things seem to be fine but there is one problem which is causing some
trouble.

Roaming profiles are decalred on the PDC to be:

  logon path = \\ufs.%G\%U\Profiles

which resolves to a folder called Profiles in the users home directory.
The server ufs.%G is not the same server as the PDC.  When we try to log in
we get a message telling us that there is a security problem with the
Roaming profile and it refuses to download.  However the folder Profiles
does get created on the users home directory.  In the samba log files we get
the error:

  rm43pc066-kopen (160.5.100.2) signed connect to service csa01 initially as user 
csa01 (uid=732, gid=426) (pid 31918)
[2004/09/29 18:03:11, 0] smbd/posix_acls.c:create_canon_ace_lists(1385)
  create_canon_ace_lists: unable to map SID 
S-1-5-21-1129199182-1858052969-2540920885-2464 to uid or gid.

However once logged in we can browse and play with the folder with no
problem.

We're running samba 3.0.7 on fedora-2 with acl support.


Using %N/Profiles/%U as the logon path works fine but we want the profiles
to be in the users home directory and not on the PDC.



-- 
  __[EMAIL PROTECTED]Jonathan Knight,
/  Department of Computer Science
   / _   __ Telephone: +44 1782 583437 University of Keele, Keele,
(_/ (_) / / Fax  : +44 1782 713082 Staffordshire.  ST5 5BG.  U.K.
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba


Re: [Samba] Roaming Profiles:Samba PDC:WinXP:User must be local admin

2004-09-29 Thread Zach
Tom,


Can't wait to find out what you learn.  In the mean time, a quick
google search turned up this:
http://www.samba.org/samba/docs/man/profiles.1.html

Unfortunately I don't have this package installed on this system, so I
don't have the man page or the profiles command right now.

On Wed, 29 Sep 2004 10:46:14 -0700, Tom Skeren [EMAIL PROTECTED] wrote:
 Zach wrote:
 
 We just experimented with this here at work.  As administrator we
 manually deleted the profile of a user at replaced it with a manual
 copy of another user's profile, and the problem was reproduced
 exactly.  When we subsquently deleted NTUSER.DAT and logged in again,
 NTUSER.DAT was rebuilt using the default profile and the profile
 loaded properly.  Evidently the SID recorded in NTUSER.DAT has to
 match the user's sid or it won't load properly.
 
 Good news Zach.  I'm off to the office to give it a go myself.  Should
 give a preliminary response by noon PST.
 Cheers,
 TMS III

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba


Re: [Samba] Switch profile from local to roaming?

2004-09-29 Thread Zach
I'm currently trying to solve a problem regarding roaming profiles in
another thread.  In this case it appears the profiles weren't migrated
properly.  In my case I think (it was a long time ago) I simply copied
the the profile directory up to the server with a simple drag and drop
(I didn't know better).  In trying to solve the problems with a now
malformed NTUSER.DAT a google search turned this up:
http://www.samba.org/samba/docs/man/profiles.1.html

It appears the samba developers are attempting to address this very problem.  

See the thread,  Roaming Profiles:Samba PDC:WinXP:User must be local
admin, for more info.


On Wed, 29 Sep 2004 13:08:24 -0500, Paul Gienger
[EMAIL PROTECTED] wrote:
 
 doesn't do the smart thing and copy the user's local profile to roaming -- it
 
 
 That would actually be a very *dumb* thing to do.  These are two users
 from two different worlds as far as Windows is concerned.  If you were
 to look at the SIDs of them (windows version of UID) you would see they
 arent even close.
 
 So what is the real way to get this accomplished?
 
 
 Not sure if this is the 'approved' way to do things like this, but it
 always works for me when I have to migrate a profile from one dir to
 another, usually I use it when switching domains, i.e. from our 'one
 domain per site' to one global domain where the sid just can't match
 ANYWAY
 
 1. Copy said user's profile to a backup location
 2. Move the 'Default User' profile someplace so that it isn't in the way
 3. Copy said user's old profile to Default User
 4. Log in as said user, the default profile will copy to the user's profile
 5. Move real 'Default User' back
 
 Now there will be some things that aren't migrated but that depends a
 lot on your setup and what programs you run.  For the most part,
 everything involving the SID that Windows knows about will be migrated
 in my experience.
 
 --
 Paul Gienger Office: 701-281-1884
 Applied Engineering Inc.
 Information Systems Consultant   Fax:701-281-1322
 URL: www.ae-solutions.commailto: [EMAIL PROTECTED]
 
 
 
 
 --
 To unsubscribe from this list go to the following URL and read the
 instructions:  http://lists.samba.org/mailman/listinfo/samba

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba


[Samba] Re: Authenticateing DC's on an ldap backend... nobody knows how?

2004-09-29 Thread Jim C.
Drat!  Escapeing the space in Domain Controllers doesn't seem to help 
after all.

Whoops! Missed part of those acls that had scrolled off the top of my 
...
by users read
by anonymous read

Jim C.
--
-
| I can be reached on the following Instant Messenger services: |
|---|
| MSN: [EMAIL PROTECTED]  AIM: WyteLi0n  ICQ: 123291844 |
|---|
| Y!: j_c_llings   Jabber: [EMAIL PROTECTED]|
-
--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba


[Samba] Mixed Network Diagnostics

2004-09-29 Thread Jim Beard
Hi Folks,
	I emailed earlier about some samba / network issues we are having with 
in a mixed OS environment.  I believe that our problem might be being 
caused by possible multiple Browse Masters in the windows machines.  
What I am trying to find is a good way to help determine this.  I'm not 
a windows guru, and have not been able to find any browse master 
settings on the XP systems.  I have read online about BrowseMon.exe.  
But have not been able to find a copy of it anywhere!  Can anyone 
recommend a good tool for helping to diagnose this issue?
Or point me in the direction of BrowseMon?

Jim Beard
counterclaim.com, Inc
http://www.counterclaim.com
http://openefm.sourceforge.net
(800) 264-8145
--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba


Re: [Samba] Mixed Network Diagnostics

2004-09-29 Thread Yang Xiao
Try browstat in the resource kit tools for Server 2000 and 2003. 
http://support.microsoft.com/default.aspx?scid=kb;en-us;188305

The default settings for all 2000 and XP server/clients is to
paticipate in the browser master elections by disabling it on
server/workstations you do not want to maintain the master browser
list
http://www.jsiinc.com/SUBA/tip0100/rh0148.htm

Also note that the master browser list is subnet based, so each subnet
needs it's own master browsers.

Yang



On Wed, 29 Sep 2004 11:52:28 -0700, Jim Beard [EMAIL PROTECTED] wrote:
 Hi Folks,
 
I emailed earlier about some samba / network issues we are having with
 in a mixed OS environment.  I believe that our problem might be being
 caused by possible multiple Browse Masters in the windows machines.
 What I am trying to find is a good way to help determine this.  I'm not
 a windows guru, and have not been able to find any browse master
 settings on the XP systems.  I have read online about BrowseMon.exe.
 But have not been able to find a copy of it anywhere!  Can anyone
 recommend a good tool for helping to diagnose this issue?
 Or point me in the direction of BrowseMon?
 
 Jim Beard
 counterclaim.com, Inc
 http://www.counterclaim.com
 http://openefm.sourceforge.net
 (800) 264-8145
 
 --
 To unsubscribe from this list go to the following URL and read the
 instructions:  http://lists.samba.org/mailman/listinfo/samba

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba


[Samba] RE: Trouble setting up an Anonymous read/write samba server for WinXP Pro users

2004-09-29 Thread Tim Harvey
Just thought I would follow-up on this as I finally found a solution.

Using the exact same configuration, I simply upgraded to samba 3.0.7 and the
problem went away!

Tim

 -Original Message-
 From: Tim Harvey [mailto:[EMAIL PROTECTED]
 Sent: Friday, September 24, 2004 12:47 PM
 To: '[EMAIL PROTECTED]'
 Subject: Trouble setting up an Anonymous read/write samba server for WinXP
 Pro users
 
 Greetings,
 
 I'm having difficulty setting up an 'Anonymous Read-Write' SAMBA server on
 a new system with a stock FC2 installation for use with WinXP Pro systems.
 
 I'm using the following software on the 'fileserver':
   - Linux FC2 installed from the FC2 iso's: kernel 2.6.5-1.358
   - samba-common-3.0.3-5
   - samba-3.0.3-5
   - samba-client-3.0.3-5
   - samba-swat-3.0.3-5
   - system-config-samba-1.2.9-2
 
 Following the instructions and examples in the official SAMBA howto, I'm
 under the impression that I want a smb.conf file such as:
 
 # Global parameters
 [global]
 workgroup = MSHOME
 netbios name = FILESERVER
 security = SHARE
 
 [data]
 comment = Data
 path = /export
 force user = nobody
 force group = nobody
 read only = No
 guest ok = Yes
 
 The problem I'm running into is that when I attempt to connect to the
 share from a WinXP Pro system by simply using the address \\fileserver in
 an explorer window, I immediately get a 'Connect to fileserver' window
 from WinXP with a greyed out username set to 'fileserver\Guest' and asking
 for a password.  I'm confused - the whole point of setting up an anonymous
 read/write server was to avoid having to put user accounts on the samba
 server.
 
 I've found that if I open up the address \\fileserver\data I can connect
 with no user/pass request.  I've also found that if I'm logged into the
 WinXP system as user 'Tim' and I create a user 'tim' on the samba server,
 I am not prompted for a user/pass.  Both of these solutions are
 unacceptable for what I'm trying to accomplish.  All the howto's and
 examples I've found regarding anonymous samba servers mention nothing
 about this problem.
 
 Any explanation / advice would be greatly appreciated
 
 Thanks,
 
 Tim

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba


Re: [Samba] Switch profile from local to roaming?

2004-09-29 Thread Thomas M. Skeren III
Been working on this for a while Misty.  Stay tuned.
TMS III
Misty Stanley-Jones wrote:
I've got a WinXP machine that was configured for local profiles.  I have now 
joined that machine to the domain, but when I try to log in as a user, it 
tries to use a roaming profile.  Fine, that's what I want anyway.  But it 
doesn't do the smart thing and copy the user's local profile to roaming -- it 
gives an error instead.  OK, no problem, I will change the type.  I log in as 
local admin and go to her profile.  It only gives me Local as an option.  
Maybe it's because I'm not logged into the domain.  OK, I log into the domain 
as Administrator (alias root -- uid of 0).  It doesn't even let me SEE her 
profile then.  Because it is local, I assume.  So ok, I add 
MYDOMAIN\Administrator as a local administrator on her machine.  It lets me 
see her profile now but I still can't change it to roaming.  And every time I 
try to copy it into either Administrator's directory on the server, or hers, 
it gives me Permission Denied.  

So what is the real way to get this accomplished?
Thanks,
Misty
 


--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba


[Samba] Printing woes (Driver uploading, and .tdb annoyances)

2004-09-29 Thread Mac
Hi all,

I'm running 3.0.6 on IRIX 6.5 (compiled from sources)


Runs fine for almost all purposes.


But I thought I'd have a look at the extra Samba-3 printing facilites
today, and they've thrown up some real issues.


1st point.

I still haven't managed to get to the bottom of this one, but I can't
always add a printer drive to a Samba-served printer.  I've been
following Chapter 17 of the HOW-TO-Collection [1] and made some
progress.

However it looks like there's an issue with installing drivers on a
printer that is't explicitly listed in smb.conf.  The symptom I get is
that some printers can have drivers added to them, and some can't.  And
some of those that can it doesn't stick.  It _looks_ like it's worked,
and then when you go onto the next step (First client connection) the
driver's not there!

The uploading seems OKay, files appear in the [print$] share and
ntdrivers.tdb gets changed.  ntprinters.tdb doesn't though.




2nd point.

Hmmm.  All those TDB files in var/locks/printing.  Seem like a pile of
uselessness to me.  

What is the way to get them to _accurately- reflect the state of the
underlying UNIX printer queue?  They only seem to be interested in jobs
that have passed through Samba, what about all the others?

Even stopping smbd, deleting the printing/*.tdb files and restarting smbd
doesn't do it.  Help!  (and why???)



I'm sorry if this seems like of a rant than a proper mail.  I can only
say in my defence that I've been at this desk for 12 hours so far
today.



   Mac
  Assistant Systems Adminstrator @nibsc.ac.uk
[EMAIL PROTECTED]
   Work: +44 1707 641565  Everything else: +44 7956 237670 (anytime)

[1] http://us3.samba.org/samba/docs/man/Samba-HOWTO-Collection/printing.html

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba


Re: [Samba] Switch profile from local to roaming?

2004-09-29 Thread Thomas M. Skeren III
Not sure if this is the 'approved' way to do things like this, but it 
always works for me when I have to migrate a profile from one dir to 
another, usually I use it when switching domains, i.e. from our 'one 
domain per site' to one global domain where the sid just can't 
match ANYWAY

1. Copy said user's profile to a backup location
2. Move the 'Default User' profile someplace so that it isn't in the way
3. Copy said user's old profile to Default User
4. Log in as said user, the default profile will copy to the user's 
profile
5. Move real 'Default User' back
You rock dude.  Never had to do this before.  Didn't realize ntuser.dat 
was SID locked.  The above works PERFECTLY for my purposes. 

Cheers
TMS III
Now there will be some things that aren't migrated but that depends a 
lot on your setup and what programs you run.  For the most part, 
everything involving the SID that Windows knows about will be migrated 
in my experience.


--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba


[Samba] Re: Authenticateing DC's on an ldap backend... nobody knows how?

2004-09-29 Thread Jim C.
access to dn.regex=^([^,]*,)?ou=[^,]+,(dc=[^,]+(,dc=[^,]+)*)$

attrs=lmPassword,ntPassword,sambaLMPassword,sambaNTPassword,userPassword
by self write
by dn.exact,expand=uid=Administrator,ou=People,$2 write
by group=cn=Domain\ Controllers,ou=Group,$2 write
by group=cn=Replicator,ou=Group,$2 write
by anonymous auth
by * none
Using commenting, I've narrowed it down to the first line above.
I also turned off all acls to test and see if Samba would be begin to 
function properly with group authentication.  This did not work and 
would seem to indicate that there is another problem contained in Samba 
itself or the config.

I prefer to address the acl issue first. Unfortunately, I've not had 
much practice with regular expressions.

Jim C.
--
-
| I can be reached on the following Instant Messenger services: |
|---|
| MSN: [EMAIL PROTECTED]  AIM: WyteLi0n  ICQ: 123291844 |
|---|
| Y!: j_c_llings   Jabber: [EMAIL PROTECTED]|
-
--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba


[Samba] WINS Proxy Question

2004-09-29 Thread William L. Childers

I am running RedHat V9.0 with SAMBA v2.2.7a-8.9.0 on both servers that are
involved.

We have a fairly small network ( 500+ Nodes ) ( Mixed environment Windows 2K
- XP ).

SMB/NMB server. ( RedHat V9.0 / SAMBA v2.2.7a-8.9.0 ) acting as stand-alone
server: ( wins support = yes ) ( IP = X.X.X.2 )

NMB server  ( RedHat V9.0 / SAMBA v2.2.7a-8.9.0 ) configured as
a wins proxy.
( wins support = no, wins server = X.X.X.2, wins
proxy = yes ) ( IP = Y.Y.Y.3 )

If I have a machine with samba as in NMB Server above, should it forward
wins requests from Y.Y.Y.? subnet to the wins server at X.X.X.2?

In order to test, I use the following command on a computer that is not
running the smb or nmb daemon:

nmblookup -RU X.X.X.2 -s /etc/samba/smb.conf machine( succeeds )
nmblookup -RU Y.Y.Y.3 -s /etc/samba/smb.conf machine( fails )

---
William L Childers
Programming Support Manager,
OSU Center for Health Sciences

A beowulf cluster of Cisco routers? Isn't that the Internet? 

http://humorix.org/slogans ---
William L Childers
Programming Support Manager,
OSU Center for Health Sciences

A beowulf cluster of Cisco routers? Isn't that the Internet? 

http://humorix.org/slogans 
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] Samba became Domain Member Server

2004-09-29 Thread Martin Hauptmann
Hi group,

I have problems with a former Samba-server. It has been a simple server, no 
acl-stuff,not a DC or so.

Now we have a Windows 2003 PDC and I intergated the Samba-Server as a Domain Member 
Server.

Everything works fine, except one annoying thing:
I cannot allow the Domain-Members to full-access the files recursively.

Example:
The users complain, that they can make an excel-sheet and save it. When someone else 
opens it, he cannot overwrite it. When the owner of the file gives the right to all 
domain-users to change the file they can do that.But when they save it, it is the same 
game again: Nobody else can overwrite it.

I am not a member of this group but I hope you will answer my question :-)

bye

Martin

Verschicken Sie romantische, coole und witzige Bilder per SMS!
Jetzt neu bei WEB.DE FreeMail: http://freemail.web.de/?mc=021193

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba


Re: [Samba] Re: New here ... with an NT Group problem

2004-09-29 Thread Torsten E.
Igor Belyi schrieb am Mittwoch, 29. September 2004 17:55:

 Torsten E. wrote:
 Torsten E. schrieb am Mittwoch, 29. September 2004 00:22:

[...]

 Any idea why it does not work?

 Well... My guess is that S-1-5-21-1313674548-3619494541-1192360840 is
 SID of the domain you are trying to remove those mappings from. Is it
 the same SID 'net getlocalsid' retuns you? And since these are builtin
 groups they are always there - they just may have or may have not
 mappings to UNIX groups.

 I suspect that your problem is that you have those other mappings
 from a wrong (old?) domain: S-1-5-21-363742550-2379833043-2840705137
 and that those SIDs are mapped into your local UNIX groups instead of
 the one from your current domain.

Done ...

 So, check SID of the domain you use and then make sure that builtin
 groups from this domain are mapped to your UNIX groups.

Done ...

 Hope it helps,

For sure it did!
All those nasty groups are gone now! Thanks!!
But, to be honest, I have no real idea where they come from.
The domain is used since ~2,5 years, and it was always running on my
server here next to me.
All I did was adding an SLES9 system (for testing), but even that one
was configured to act as an BDC ...
Maybe I'll find some hints within the logfiles ...

Anyways: it works again, and that's most important right now :)

 Igor

c y
Torsten


-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba


[Samba] 3.0.7 CUPS Conflict?

2004-09-29 Thread L. Mark Stone
First time I've seen this...

Trying to install Samba 3.0.7 from rpms obtained from the samba.org site on a 
SuSE 8.2 system--very vanilla.  Samba has not been installed previously on 
this box at all.

outside:/home/data/Downloads/Samba-3.0.7/8.2 # rpm -Uvh libsmbclient3-3* 
samba3-3* samba3-client* samba3-win* --test
file /usr/lib/cups/backend/smb from install of samba3-client-3.0.7-1 conflicts 
with file from package cups-1.1.18-96
outside:/home/data/Downloads/Samba-3.0.7/8.2 #

What's the best way to handle this?

Thanks!
Mark
-- 
_
A Message From...  L. Mark Stone

Reliable Networks of Maine, LLC
477 Congress Street
Portland, ME 04101
Tel: (207) 772-5678
Web: www.RNoME.com


-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba


[Samba] Problem with Perl module, SmbClientParser-2.6

2004-09-29 Thread Nguyen Vu Nguyen
Hi,
 I'm trying to use SmbClientParser to implement a simple SMB
crawler. After a lot of effort, I still could not get it to work. Here
is my small test script:
[CODE]
#!/usr/bin/perl

use POSIX;
use Filesys::SmbClientParser;
use DBI();
use Socket;
use Sys::Hostname;
use strict;

my $host;

my $smb = new Filesys::SmbClientParser
  (undef,
   (
user = '',
password = ''
   ));
   
  $smb-Debug('1'); 
  
  $smb-Host('localhost');
   
  my @l = $smb-GetShr;
  foreach (@l) {print $_-{name},\n;}
[/CODE]

All i got for the output is the default usage of smbclient
[CODE]
 == SmbClientParser::command /usr/bin/smbclient -d1-L '\\localhost'  -D /
Usage: [-?] [-?EgV] [-?EgV] [-?EgVNkP] [-?|--help] [--usage]
[-R|--name-resolveNAME-RESOLVE-ORDER]
[-M|--message HOST] [-I|--ip-address IP] [-E|--stderr] [-L|--list HOST]
[-t|--terminal CODE] [-m|--max-protocol LEVEL] [-T|--tar c|xIXFqgbNan]
[-D|--directory DIR] [-c|--command STRING] [-b|--send-buffer BYTES]
[-p|--port PORT] [-g|--grepable] [-d|--debuglevel DEBUGLEVEL]
[-s|--configfile CONFIGFILE] [-l|--log-basename LOGFILEBASE]
[-V|--version] [-O|--socket-options SOCKETOPTIONS]
[-n|--netbiosname NETBIOSNAME] [-W|--workgroup WORKGROUP]
[-i|--scope SCOPE] [-U|--user USERNAME] [-N|--no-pass] [-k|--kerberos]
[-A|--authentication-file FILE] [-S|--signing on|off|required]
[-P|--machine-pass] service password
[/CODE]

I'm using Samba 3.0.2a on Mandrake Linux 10. Any help would be very
much appreciated. Thank you.
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba


Re: [Samba] Switch profile from local to roaming?

2004-09-29 Thread Zach
Paul Geinger's idea below looks like it will work.  I've found a way
that you can force windows to replace the invalid SID in NTUSER.DAT
with a valid one, whithout trying to discover what the valid SID is
(they're very long and cumbersome anyway), and still preserving all
the profile's customization.

I'll post it under the Roaming Profiles:Samba PDC:WinXP:User must be local
admin thread.  

I never did try the profiles program.  I've got the samba 3.0.7 rpm
installed and the profiles man page is there, but I couldn't find the
profiles binary.  I'll mess around with that later.



On Wed, 29 Sep 2004 14:42:41 -0500, Misty Stanley-Jones
[EMAIL PROTECTED] wrote:
 On Wednesday 29 September 2004 13:21, Zach wrote:
  I'm currently trying to solve a problem regarding roaming profiles in
  another thread.  In this case it appears the profiles weren't migrated
  properly.  In my case I think (it was a long time ago) I simply copied
  the the profile directory up to the server with a simple drag and drop
  (I didn't know better).  In trying to solve the problems with a now
  malformed NTUSER.DAT a google search turned this up:
  http://www.samba.org/samba/docs/man/profiles.1.html
 
  It appears the samba developers are attempting to address this very
  problem.
 
 Thanks, that looks very promising.  I even have that binary!  However, how do
 I find what the user's current SID is?  We were in a workgroup environment,
 with also logging onto Novell Netware.  Does she even have a SID?  Do I have
 to go into her registry to find it?
 
 Thanks in advance,
 Misty
 
 
 
 
  See the thread,  Roaming Profiles:Samba PDC:WinXP:User must be local
  admin, for more info.
 
 
  On Wed, 29 Sep 2004 13:08:24 -0500, Paul Gienger
 
  [EMAIL PROTECTED] wrote:
   doesn't do the smart thing and copy the user's local profile to roaming
-- it
  
   That would actually be a very *dumb* thing to do.  These are two users
   from two different worlds as far as Windows is concerned.  If you were
   to look at the SIDs of them (windows version of UID) you would see they
   arent even close.
  
   So what is the real way to get this accomplished?
  
   Not sure if this is the 'approved' way to do things like this, but it
   always works for me when I have to migrate a profile from one dir to
   another, usually I use it when switching domains, i.e. from our 'one
   domain per site' to one global domain where the sid just can't match
   ANYWAY
  
   1. Copy said user's profile to a backup location
   2. Move the 'Default User' profile someplace so that it isn't in the way
   3. Copy said user's old profile to Default User
   4. Log in as said user, the default profile will copy to the user's
   profile 5. Move real 'Default User' back
  
   Now there will be some things that aren't migrated but that depends a
   lot on your setup and what programs you run.  For the most part,
   everything involving the SID that Windows knows about will be migrated
   in my experience.
  
   --
   Paul Gienger Office: 701-281-1884
   Applied Engineering Inc.
   Information Systems Consultant   Fax:701-281-1322
   URL: www.ae-solutions.commailto: [EMAIL PROTECTED]
  
  
  
  
   --
   To unsubscribe from this list go to the following URL and read the
   instructions:  http://lists.samba.org/mailman/listinfo/samba

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba


Re: [Samba] Roaming Profiles:Samba PDC:WinXP:User must be local admin SOLVED

2004-09-29 Thread Zach
This worked for me:

(1) Log in as a local administrator on one of the XP clients
(2) Create a temporary user, eg test_user1
(3) System Properties-Advanced-User Profiles:Settings button
(4) Choose the profile you're trying to migrate and click Copy To
(5)  Pick some temporary directory, eg c:\test
(6)  Under Permitted to use, click change, and add your temporary user
(7)  Click ok and ok again, and wait while the profile is copied to
c:\test.  Windows has now added test_user1's SID to NTUSER.DAT in
c:\test
(8)  log out and log back in as test_user1, to allow test_user1's
profile to be set up.
(9)  log out and log back in as a local administrator
(10) manually copy the contents of c:\test over top of test_1's
profile in c:\Documents ...\test_user1\, or the directory where
test_user1's profile was created.
(11) log out and log back in as test_user1 to verify the profile loads properly
(12) log out and log back in as a local admin and repeat steps 3
through 6, except instead of adding test_user1 under Permitted to
use, add your domain user.  Allow the profile to be copied to
c:\test.  Windows has now added the sid for your domain user to
NTUSER.DAT (I don't know if the other SIDs are there as well or not).
(13)  At this point it is vital to make sure the domain user is not
logged in on any machine otherwise NTUSER.DAT will be overwritten when
they log out.  Backup the server copy of NTUSER.DAT
(14) copy c:\test\NTUSER.DAT to your server under the appropriate
user's profile.
(15) log out and log back in as the domain user.  It should work.

This way worked for me and preserved all of the profile's
custmizations.  I didn't try the profiles program (see man profiles)
because I couldn't find that binary on my system.  However this seems
to work perfectly.  Admittedly if you have more than a few users to
migrate, this could be cumbersome.  Paul Geinger's suggestion is much
fewer steps.  Your mileage may vary.

Thanks for everyone's help
- Original Message -
From: Thomas M. Skeren III [EMAIL PROTECTED]
Date: Wed, 29 Sep 2004 13:17:16 -0700
Subject: Re: [Samba] Roaming Profiles:Samba PDC:WinXP:User must be local admin
To: Zach [EMAIL PROTECTED]

 See Paul Geingers email on this subject.  That method works perfectly.  WooHoo!


 
 Zach wrote:
 
 Tom, Can't wait to find out what you learn. In the mean time, a quick
google search turned up this:
http://www.samba.org/samba/docs/man/profiles.1.html Unfortunately I
don't have this package installed on this system, so I don't have the
man page or the profiles command right now. On Wed, 29 Sep 2004
10:46:14 -0700, Tom Skeren [EMAIL PROTECTED] wrote:
 Zach wrote: 
 We just experimented with this here at work. As administrator we
manually deleted the profile of a user at replaced it with a manual
copy of another user's profile, and the problem was reproduced
exactly. When we subsquently deleted NTUSER.DAT and logged in again,
NTUSER.DAT was rebuilt using the default profile and the profile
loaded properly. Evidently the SID recorded in NTUSER.DAT has to match
the user's sid or it won't load properly. Good news Zach. I'm off to
the office to give it a go myself. Should give a preliminary response
by noon PST. Cheers, TMS III
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba


Re: [Samba] Samba became Domain Member Server

2004-09-29 Thread Thomas M. Skeren III
Martin Hauptmann wrote:
Hi group,
I have problems with a former Samba-server. It has been a simple server, no acl-stuff,not a DC or so.
 

ACL's would be a good idea here.
Now we have a Windows 2003 PDC and I intergated the Samba-Server as a Domain Member 
Server.
Everything works fine, except one annoying thing:
I cannot allow the Domain-Members to full-access the files recursively.
Example:
The users complain, that they can make an excel-sheet and save it. When someone else opens it, he cannot overwrite it. When the owner of the file gives the right to all domain-users to change the file they can do that.But when they save it, it is the same game again: Nobody else can overwrite it.
 

This is because MS Excel deletes the old file and replaces it with the 
new one, thus resseting privaleges on the file to 700.  Man smb.conf for 
force user, or force directory mask, whcih should eliminate the problem, 
if you don't want to mess with ACL's.

I am not a member of this group but I hope you will answer my question :-)
bye
Martin

Verschicken Sie romantische, coole und witzige Bilder per SMS!
Jetzt neu bei WEB.DE FreeMail: http://freemail.web.de/?mc=021193
 


--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba


Re: [Samba] Roaming Profiles:Samba PDC:WinXP:User must be local admin SOLVED

2004-09-29 Thread Thomas M. Skeren III
Thanks Zach, but as this project moves forward, doing it the way you did 
for 100+ users would likely cause me to eat a bullet.  Paul's way may 
leave a glitch or too.  However maybe this would solve Awful Hack's 
problems.

Cheers
TMS III
Zach wrote:
This worked for me:
(1) Log in as a local administrator on one of the XP clients
(2) Create a temporary user, eg test_user1
(3) System Properties-Advanced-User Profiles:Settings button
(4) Choose the profile you're trying to migrate and click Copy To
(5)  Pick some temporary directory, eg c:\test
(6)  Under Permitted to use, click change, and add your temporary user
(7)  Click ok and ok again, and wait while the profile is copied to
c:\test.  Windows has now added test_user1's SID to NTUSER.DAT in
c:\test
(8)  log out and log back in as test_user1, to allow test_user1's
profile to be set up.
(9)  log out and log back in as a local administrator
(10) manually copy the contents of c:\test over top of test_1's
profile in c:\Documents ...\test_user1\, or the directory where
test_user1's profile was created.
(11) log out and log back in as test_user1 to verify the profile loads properly
(12) log out and log back in as a local admin and repeat steps 3
through 6, except instead of adding test_user1 under Permitted to
use, add your domain user.  Allow the profile to be copied to
c:\test.  Windows has now added the sid for your domain user to
NTUSER.DAT (I don't know if the other SIDs are there as well or not).
(13)  At this point it is vital to make sure the domain user is not
logged in on any machine otherwise NTUSER.DAT will be overwritten when
they log out.  Backup the server copy of NTUSER.DAT
(14) copy c:\test\NTUSER.DAT to your server under the appropriate
user's profile.
(15) log out and log back in as the domain user.  It should work.
This way worked for me and preserved all of the profile's
custmizations.  I didn't try the profiles program (see man profiles)
because I couldn't find that binary on my system.  However this seems
to work perfectly.  Admittedly if you have more than a few users to
migrate, this could be cumbersome.  Paul Geinger's suggestion is much
fewer steps.  Your mileage may vary.
Thanks for everyone's help
- Original Message -
From: Thomas M. Skeren III [EMAIL PROTECTED]
Date: Wed, 29 Sep 2004 13:17:16 -0700
Subject: Re: [Samba] Roaming Profiles:Samba PDC:WinXP:User must be local admin
To: Zach [EMAIL PROTECTED]
See Paul Geingers email on this subject.  That method works perfectly.  WooHoo!

Zach wrote:
Tom, Can't wait to find out what you learn. In the mean time, a quick
google search turned up this:
http://www.samba.org/samba/docs/man/profiles.1.html Unfortunately I
don't have this package installed on this system, so I don't have the
man page or the profiles command right now. On Wed, 29 Sep 2004
10:46:14 -0700, Tom Skeren [EMAIL PROTECTED] wrote:
Zach wrote: 
We just experimented with this here at work. As administrator we
manually deleted the profile of a user at replaced it with a manual
copy of another user's profile, and the problem was reproduced
exactly. When we subsquently deleted NTUSER.DAT and logged in again,
NTUSER.DAT was rebuilt using the default profile and the profile
loaded properly. Evidently the SID recorded in NTUSER.DAT has to match
the user's sid or it won't load properly. Good news Zach. I'm off to
the office to give it a go myself. Should give a preliminary response
by noon PST. Cheers, TMS III

 


--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba


[Samba] Samba 3.0, Windows 2k/XP and usrmgr.exe

2004-09-29 Thread James Niven
Hi there

I've just finished setting my first Samba PDC for 120ish users and so far so
good, although its only been live for 2 days!!

One problem I've come across (actually I had loads but the HOW-TO, Samba
archive and google solved most of them) is with usrmgr.  There is one XP
client that I have installed the NT 4 Server Tools software on for the
school IT coordinator (note the phrase 'coordinator', not exactly a guru or
sysadmin) to use to tidy up user names, passwords etc.  We are both set up
as Domain Admins and have our primary LINUX GID set to 0 (root) but neither
of us can log in and use the USRMGR.EXE program, it will connect but we
can't view, add or delete etc.

If I log onto the XP box as root it all works fine, users can be added,
deleted, amended etc and of course I could get her to do this or use the
server console, su as root and use pdbedit (Yeah, Right!).  I've been
pulling my already unsubstantial hair out over this all evening and had I
invested in the Google IPO I'd be a very rich man by now.  I've spent the
evening checking net groupmap list, the unix user list, trying to get usrmgr
to allow me to tell it who has permissions to add users to the domain (comes
up with an error about local admins not being able to log in locally),
adding domain admins to the local admin group, removing users from the
domain admin group and adding them again and generally smoking a lot of
cigarettes.

So, could someone confirm that usrmgr can only be used fully when logged
into a 2k/XP machine as root and that there is no functionality for the
domain admin group to do this?

On the brightside I successfully migrated from a smbpasswd backend to tdbsam
tonight so life isn't all that bad!!

Many Thanks

James Niven

ps  its my first time so I'm sorry if this has been covered ad nauseam
already.

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba


Re: [Samba] Roaming Profiles:Samba PDC:WinXP:User must be local admin SOLVED

2004-09-29 Thread Awful Hack
On Wed, 29 Sep 2004 14:45:17 -0700, Thomas M. Skeren III
[EMAIL PROTECTED] wrote:
 Thanks Zach, but as this project moves forward, doing it the way you did
 for 100+ users would likely cause me to eat a bullet.  Paul's way may
 leave a glitch or too.  However maybe this would solve Awful Hack's
 problems.

As it happens, my problem (could log in and see Desktop folders, but
settings for IE and other programs kept reverting to defaults) was
caused by a duplicate account on my test box -- two Samba accounts
with the same name but different SIDs.  Needless to say, it caused a
few headaches.  :-)  (Sorry everyone -- I replied to Thomas directly
rather than CCing the list.)

BTW, what problems do you think might crop up with Paul's way?  I'll
probably have to do something like this shortly, and I'd like to know
what problems I might come across.

 (1) Log in as a local administrator on one of the XP clients
 (2) Create a temporary user, eg test_user1
 (3) System Properties-Advanced-User Profiles:Settings button
 (4) Choose the profile you're trying to migrate and click Copy To

Is there similar functionality anywhere in W2K Pro, or some other
series of steps that would work?

Awful Hack
[EMAIL PROTECTED]
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba


[Samba] Re: Authenticateing DC's on an ldap backend... nobody knows how?

2004-09-29 Thread Igor Belyi
Jim C. wrote:
Can you reccomend 
appropriate log levels for slapd/smbd?  I've always had trouble with 
them which may explain a lot.
The easiest way with the logs is to do it step by step, increasing 
volume  of information on each step until you can say: That's enough! 
With practice you'll get the feeling with what level to start next time.

So, first without any 'log level' check if there's any error messages in 
the log. Since you are not able to login there's definitely at least 
something there. Then, since you have trouble with calls to ldap I would 
select 'log level=5' since this is the level smbldap_search prints its 
arguments at, but feel free to try anything between 1-4 too - maybe your 
intuition will guide you better with lesser volume of extra information.

Commenting out things which you've added is also good approach, but if 
you ask me - I prefer gradual approach - first try something simple, see 
if it works and them move on adding regular expressions all over the 
place. It's much easier to see difference in your logic and in logic of 
LDAP/Samba/or any other program on some simple things. If simple 
statement like:

access to dn.subtree=dc=j9starr,dc=net
by group=cnReplicator,ou=Group,dc=j9starr,dc=net
by * read
doesn't work, adding regexp to it won't help to resolve this problem. 
Did you check that it works without group with a simple 'by dn='?

Ok, sorry... I've got in a lecture mood. It's just too confusing to see 
what exactly you do and what kind of problems you encounter.

Cheers,
Igor
--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba


RE: [Samba] Mixed Network Diagnostics

2004-09-29 Thread Kristyan Osborne
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Maybe I'm naively blind, which could be the case, but I don't see any 
links to download an executable.  MS has documentation up, but where 
can I get the .exe??

http://www.petri.co.il/download_free_reskit_tools.htm

Cheers

- -
Kristyan Osborne - IT Technician
Longhill High School
01273 391672 / 304086
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.2.4 (MingW32)

iD8DBQFBW0uHqrr+KdRYU5gRAmCIAJ9jOYUJh2ye1xvD++MDs4llYfR/eACgsKv7
CYNb67H/e7pC2mxnHUAvbvA=
=sVJt
-END PGP SIGNATURE-

--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba


Re: [Samba] Roaming Profiles:Samba PDC:WinXP:User must be local admin SOLVED

2004-09-29 Thread Zach
yeah it was long, but I didn't have the profiles command, plus I
didn't know how to figure out the old sid to tell it to replace.  for
only two users, it really wasn't too bad.

if all you want to do is physically get the profile onto the server
then run profiles on it to head off any problems, then do what I did
to begin with and just manually copy the entire directory over the
network.  I believe the reason this is considered bad is because of
the problems presented by ntuser.dat not matching up against the user,
but it seems that's what profiles is for.

I just don't know how to find out what the old sid is you're looking
for.  I've heard there's a tool on sysinternals.com to do just that
though, so maybe there's good luck there.


On Wed, 29 Sep 2004 17:27:46 -0500, Misty Stanley-Jones
[EMAIL PROTECTED] wrote:
 Wow, this does seem long.  Mainly all I want to know is why I can't change my
 user's profile type from local to roaming, or copy it, or anything.  This is
 when I'm logged in as administrator or a domain administrator or anyone.  I
 know that it's a problem with Windows, not with Samba.  But I can't even get
 the NTUSER.DAT into an appropriate place to run the really cool looking
 'profiles' command on it.
 
 Misty

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba


Re: [Samba] Roaming Profiles:Samba PDC:WinXP:User must be local admin SOLVED

2004-09-29 Thread Zach
Truthfully I don't really suspect Paul's way would cause any problems
at all.  However, he indicated in his post that doing it that way
might cause a setting or two to get left out.  It is conceivable that
since you're importing a fully populated profile as a default profile,
windows might opt to leave out a thing or two that couldn't possibly
be part of a clean default profile.  who knows.  you'd have to give it
a try.  He says it works for him though.  The reason i did it the way
I did is because each time you transfer the profile from one user to
another you're letting windows do it gracefully rather than let the
profile heal itself out the default profile folder.  that way the
user never knows the difference--it thinks the profile was there all
along.  Again, it probably doesn't make a difference, but I only had
two users so the extra steps were reasonable.

As far as win2k, it's been awhile since I ran it at home, and I wasn't
messing with profiles then, so I can't speak to that issue.

The other way to do it would be to manually copy the entire profile
directory over the network to your [profiles] share and set the
permissions  owner on it.  then give samba's profiles command a whirl
on ntuser.dat.  I wasn't able to try it because I couldn't find the
profiles command on my system.

good luck

zach



On Wed, 29 Sep 2004 16:34:13 -0700, Awful Hack [EMAIL PROTECTED] wrote:
 
 BTW, what problems do you think might crop up with Paul's way?  I'll
 probably have to do something like this shortly, and I'd like to know
 what problems I might come across.
 
  (1) Log in as a local administrator on one of the XP clients
  (2) Create a temporary user, eg test_user1
  (3) System Properties-Advanced-User Profiles:Settings button
  (4) Choose the profile you're trying to migrate and click Copy To
 
 Is there similar functionality anywhere in W2K Pro, or some other
 series of steps that would work?
 
 Awful Hack
 [EMAIL PROTECTED]

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba


Re: [Samba] Roaming Profiles:Samba PDC:WinXP:User must be local admin SOLVED

2004-09-29 Thread Awful Hack
 I just don't know how to find out what the old sid is you're looking
 for.  I've heard there's a tool on sysinternals.com to do just that
 though, so maybe there's good luck there.

If you're lucky, then like me you'll have old Samba .tdb files to run
net getlocalsid on.  If not, you may be able to get the SID by
looking in the registry under HKEY_USERS.
 
 On Wed, 29 Sep 2004 17:27:46 -0500, Misty Stanley-Jones
 [EMAIL PROTECTED] wrote:
  Wow, this does seem long.  Mainly all I want to know is why I can't change my
  user's profile type from local to roaming, or copy it, or anything.  This is
  when I'm logged in as administrator or a domain administrator or anyone.  I
  know that it's a problem with Windows, not with Samba.  But I can't even get
  the NTUSER.DAT into an appropriate place to run the really cool looking
  'profiles' command on it.
 
  Misty
 
 
 
 --
 To unsubscribe from this list go to the following URL and read the
 instructions:  http://lists.samba.org/mailman/listinfo/samba
 



-- 
Awful Hack
[EMAIL PROTECTED]
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba


Re: [Samba] Roaming Profiles:Samba PDC:WinXP:User must be local admin SOLVED

2004-09-29 Thread Awful Hack
  (1) Log in as a local administrator on one of the XP clients
  (2) Create a temporary user, eg test_user1
  (3) System Properties-Advanced-User Profiles:Settings button
  (4) Choose the profile you're trying to migrate and click Copy To
 
 Is there similar functionality anywhere in W2K Pro, or some other
 series of steps that would work?

Must be on crack...Copy To right there in System Properties - User
Profiles in W2K Pro.

-- 
Awful Hack
[EMAIL PROTECTED]
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba


[Samba] Extended Auditing Module working as described now

2004-09-29 Thread rruegner
Hi @ll and John
log level = 2 vfs:1
log file = /var/log/samba/%U.%m.log
syslog = 0
now works ,as i wanted the logs to be
Thx
John H Terpstra schrieb:
 Original Message 
Subject: [Samba] Re: VFS Extended Auditing Module Debug Information
From: Marco De Vitis [EMAIL PROTECTED]
Date: Mon, September 27, 2004 9:44 am
To: [EMAIL PROTECTED]
Il 23/09/2004, alle ore 8:22, John H Terpstra ha scritto:

Given recent discussion on this list I have just updated the master Samba-Docs
information regarding the Debug Class (Log Level) settings and the audit
Great, thanks!
Anyway something is still not clear to me. I quote from the updated howto:

Logging can take place to the default log file (log.smbd) for all loaded
VFS modules just be setting in the smb.conf file log level = 0 vfs:x,
where x is the log level. This will disable general logging while
activating all logging of VFS module activity at the log level
specified.
Apart from be - by (I suppose), does this mean that a global log

Oops. I'll fix that typo.

level of zero is NECESSARY for correct extd_audit logging? Or is it just a
suggestion?

Suggestion to keep log noise level down.

Also, this vfs:x parameter looks like a global VFS parameter. Does this
mean that any other VFS module which outputs debug information (I don't
know if others exist) will be affected by it?

Correct. All VFS modules will be affected. The alternative is to modify
a VFS module so it will read the log level info and thereby affect 
just its own actions.


log level = 0 vfs:[012]
syslog = 0
ie:
log level = 0 vfs:0
or  log level = 0 vfs:1
or  log level = 0 vfs:2
In this example, syslog information will be only critical general samba
I just tried these settings:
   log file = /var/log/samba/%m.%U.log
   syslog = 0
log level = 0 vfs:2
max log size = 0
...and restarted samba (3.0.7), but I still get lots of smbd_audit stuff
in syslog, and ONLY in syslog (i.e. not in samba logfiles): open, close,
opendir, rename, chmod...

I've had the same report from others. I'll look into this when I get
some time.

Despite recent criticism regarding the difficulty of establishing acceptable
I'm not critic regarding audit, I'm critic regarding docs about it. ;)

;)

Let me explain: when using Samba 2.x I expressed on some mailing lists the
desire for good auditing on file access, and I was told that the audit VFS
module in Samba 3 was the answer to my problems. I now finally got to use
Samba 3, but I felt lost regarding the way to obtain usable audit logs,
and so a bit disappointed.

Understood. I just discovered that someone has been hacking on the
source code and has changed the way it works without updating the
documentation! Argh!

As far as I can see, this is a fairly popular topic, so maybe it should be
documented in more detail, covering all doubts users seem to express on
the subject.
Anyway your new additions to the howto are already a good step forward, I
now have a clearer idea of what I should do.

OK. More to follow when I get some time to sort this out.
- John T.

--
Ciao,
 Marco.
...Kid A, Radiohead 2000
--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba


Re: [Samba] Samba 3.0, Windows 2k/XP and usrmgr.exe

2004-09-29 Thread rruegner
Hi James,
i use usermgr on win xp serv pack2 to admin many smb domains,
my account is in the Domain Admin Group, and if i want to use it
at a not trusted domain i use run as
this work as well with ldap, smbpasswd backend
I guess somthing in you config isnt right.
I never use root to do anything, i deligated the most admin stuff to the 
win guys and they doing very well with usrmgr ( sometimes failure 
messages appear , but in real every funktion  works )
Regards

James Niven schrieb:
Hi there
I've just finished setting my first Samba PDC for 120ish users and so far so
good, although its only been live for 2 days!!
One problem I've come across (actually I had loads but the HOW-TO, Samba
archive and google solved most of them) is with usrmgr.  There is one XP
client that I have installed the NT 4 Server Tools software on for the
school IT coordinator (note the phrase 'coordinator', not exactly a guru or
sysadmin) to use to tidy up user names, passwords etc.  We are both set up
as Domain Admins and have our primary LINUX GID set to 0 (root) but neither
of us can log in and use the USRMGR.EXE program, it will connect but we
can't view, add or delete etc.
If I log onto the XP box as root it all works fine, users can be added,
deleted, amended etc and of course I could get her to do this or use the
server console, su as root and use pdbedit (Yeah, Right!).  I've been
pulling my already unsubstantial hair out over this all evening and had I
invested in the Google IPO I'd be a very rich man by now.  I've spent the
evening checking net groupmap list, the unix user list, trying to get usrmgr
to allow me to tell it who has permissions to add users to the domain (comes
up with an error about local admins not being able to log in locally),
adding domain admins to the local admin group, removing users from the
domain admin group and adding them again and generally smoking a lot of
cigarettes.
So, could someone confirm that usrmgr can only be used fully when logged
into a 2k/XP machine as root and that there is no functionality for the
domain admin group to do this?
On the brightside I successfully migrated from a smbpasswd backend to tdbsam
tonight so life isn't all that bad!!
Many Thanks
James Niven
ps  its my first time so I'm sorry if this has been covered ad nauseam
already.
--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba


Re: [Samba] 3.0.7 CUPS Conflict?

2004-09-29 Thread L. Mark Stone
I updated CUPS from 1.1.18 to 1.1.20 and the problem went away...

On Wednesday, September 29, 2004 04:56 pm, L. Mark Stone wrote:
 First time I've seen this...

 Trying to install Samba 3.0.7 from rpms obtained from the samba.org site on
 a SuSE 8.2 system--very vanilla.  Samba has not been installed previously
 on this box at all.

 outside:/home/data/Downloads/Samba-3.0.7/8.2 # rpm -Uvh libsmbclient3-3*
 samba3-3* samba3-client* samba3-win* --test
 file /usr/lib/cups/backend/smb from install of samba3-client-3.0.7-1
 conflicts with file from package cups-1.1.18-96
 outside:/home/data/Downloads/Samba-3.0.7/8.2 #

 What's the best way to handle this?

 Thanks!
 Mark
 --
 _
 A Message From...  L. Mark Stone

 Reliable Networks of Maine, LLC
 477 Congress Street
 Portland, ME 04101
 Tel: (207) 772-5678
 Web: www.RNoME.com

-- 
_
A Message From...  L. Mark Stone

Reliable Networks of Maine, LLC
477 Congress Street
Portland, ME 04101
Tel: (207) 772-5678
Web: www.RNoME.com


-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba


[Samba] Re: Authenticateing DC's on an ldap backend... nobody knows how?

2004-09-29 Thread Jim C.
Can you reccomend appropriate log levels for slapd/smbd?  I've always 
...
statement like:
access to dn.subtree=dc=j9starr,dc=net
by group=cnReplicator,ou=Group,dc=j9starr,dc=net
by * read
doesn't work, adding regexp to it won't help to resolve this problem. 
Did you check that it works without group with a simple 'by dn='?
Ok, sorry... I've got in a lecture mood. It's just too confusing to see 
what exactly you do and what kind of problems you encounter.
Actually, I think I am on to something.  Putting the ACL's under a 
microscope lead to the revelation of some differences in group structure 
from what I am using and those previously reccomended by Buchan Milne.

Mine:
[EMAIL PROTECTED] 0 root]$ smbldap-groupshow 'Domain Controllers'
dn: cn=Domain Controllers,ou=Group,dc=j9starr,dc=net
objectClass: posixGroup,sambaGroupMapping
cn: Domain Controllers
sambaGroupType: 2
sambaSID: S-1-5-21-2147030705-2499090161-3119200592-516
gidNumber: 516
displayName: Domain Controllers
memberUid: cn=enigma,ou=Hosts,dc=j9starr,dc=net
His:
dn: cn=Domain
Controllers,ou=Group,dc=ranger,dc=dnsalias,dc=com
objectClass: groupOfNames
objectClass: top
cn: Domain Controllers
member:
cn=kiowa.ranger.dnsalias.com,ou=Hosts,dc=ranger,dc=dnsalias,dc=com
member:
cn=comanche.ranger.dnsalias.com,ou=Hosts,dc=ranger,dc=dnsalias,dc=com
Now I don't know how slapd deals with groups but if it specifically 
needs groupOfNames, then I may have a problem. I'll see if I can 
manipulate the structure to include groupOfNames.  Who knows, I might be 
able to do it without redunancy.

Jim C.
--
-
| I can be reached on the following Instant Messenger services: |
|---|
| MSN: [EMAIL PROTECTED]  AIM: WyteLi0n  ICQ: 123291844 |
|---|
| Y!: j_c_llings   Jabber: [EMAIL PROTECTED]|
-
--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba


[Samba] Re: Authenticateing DC's on an ldap backend... nobody knows how?

2004-09-29 Thread Igor Belyi
Jim C. wrote:
Mine:
[EMAIL PROTECTED] 0 root]$ smbldap-groupshow 'Domain Controllers'
dn: cn=Domain Controllers,ou=Group,dc=j9starr,dc=net
objectClass: posixGroup,sambaGroupMapping
cn: Domain Controllers
sambaGroupType: 2
sambaSID: S-1-5-21-2147030705-2499090161-3119200592-516
gidNumber: 516
displayName: Domain Controllers
memberUid: cn=enigma,ou=Hosts,dc=j9starr,dc=net
His:
dn: cn=Domain
Controllers,ou=Group,dc=ranger,dc=dnsalias,dc=com
objectClass: groupOfNames
objectClass: top
cn: Domain Controllers
member:
cn=kiowa.ranger.dnsalias.com,ou=Hosts,dc=ranger,dc=dnsalias,dc=com
member:
cn=comanche.ranger.dnsalias.com,ou=Hosts,dc=ranger,dc=dnsalias,dc=com
Now I don't know how slapd deals with groups but if it specifically 
needs groupOfNames, then I may have a problem. I'll see if I can 
manipulate the structure to include groupOfNames.  Who knows, I might be 
able to do it without redunancy.
No, slapd doesn't know (by default) how to work with posixGroups. Note 
that memberUid of the posixGroup usually contain uids of the 
posixAccount objects. To let slapd work with just 'group=' it should be 
either groupOfNames or groupOfUniqueNames object.

You can however trick slapd into working with posixGroup (I don't know 
if this the right move though)... There's additional parameters to the 
_who_ part of the access statement. Try something like that (just for 
fun of it):

access to dn.subtree=dc=j9starr,dc=net
by group/posixGroup/memberUid=cn=Domain 
Controllers,ou=Group,dc=j9starr,dc=net
by * read

Good luck,
Igor
--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba


[Samba] Re: Can join domain, can't login -- LDAP PDC

2004-09-29 Thread Igor Belyi
Chris St. Pierre wrote:
Thanks.  The log is attached.
Well... It looks like a job way over my head. :o(
The only thing I can see is that request come to Samba for a connection 
without any Domain or User specified and instead of letting this 
connection to be a guest connection Samba just give up and exit. Plus, 
on exit it gets a Segmentation Fault (Signal 11). I probably, shouldn't 
be surprised about this SegFault since code shows that Samba 2.9.9 isn't 
quite well adjusted to User and Domain being NULL during request. Plus, 
according to log it starts to show user as 'no' at some point instead of 
an empty string which could be an indication of memory overide... This 
also could be the cause of the not able to login problem you see.

So, my conclusion: Have you ever thought about moving to Samba 3.x? ;o) 
There's still some activity to patch things when they don't work well 
with Samba 3.x. Unfortunately, I couldn't say that about Samba 2.x.

Hope you find some value in my answer,
Igor
--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba


[Samba] Windows XP deletes read-only files. Windows 98 does not.

2004-09-29 Thread Arjan Opmeer

Hi,

On my computer I have a writable share where I force the file permissions to
be read-only when files are written. Also the delete readonly option is
kept at its default no value.

When I access this share using Windows 98 or smbclient, Samba will refuse to
delete files but writing new files is possible, just as I want it to be.

However, when I access this share using Windows XP and I choose to delete a
file and after I say OK to the The file is read-only. Are you sure you want
to delete? prompt, Samba really deletes this file.

I've been studying the debug logs and I believe the difference is that
Windows XP sets the delete on close flag when it has found out that the
file is read-only. Windows 98 does not use this flag but instead just tries
to delete the file which will be blocked by Samba.

After the file is closed by Windows XP, Samba obeys the delete on close
flag and happily deletes the file. Resulting in behaviour I don't want and
is in contradiction to what the delete readonly = no option promises to do.

Maybe a test should be added to the procedure that sets the delete on close
flag that will not allow this flag to be set on files that are read-only?


Arjan
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba


Re: [Samba] Puzzle -- Logon/Login from Windows XP

2004-09-29 Thread Jonathan Johnson
[EMAIL PROTECTED] wrote:
So my question is, how can those 100 users logon to the Samba server from ANY 
workstation without having an account on the Windows XP workstation that 
matches their username/password on the Samba server? 
 

Either set up the Samba server as a domain controller and join the 
workstations to that domain, or if the workstations are part of another 
domain, join the Samba server to that domain and use winbind for 
authentication. This is explained in detail in the documentation.

Isn't there a way to get the Samba server to ask for a username and password 
when the user clicks on the name of the Samba server in Explorer? 
 

Short answer: if the workstation already has a connection (mapped drive, 
cached connection, RPC connection, etc.) to this server, then no.

Long answer: a limitation of Windows is that when you connect via SMB to 
a remote server, all connections to that server must use the same 
credentials. If you are connected to \\sambaserver\datafiles as the user 
*nigel* and wish to connect to \\sambaserver\frederick (which is 
accessible only to the user *frederick*), the Windows workstation 
attempts to connect as *nigel*. In order to connect as *frederick* you 
must break all connections to that server. Simply put, you cannot make 
two connections to a server from one workstation with two different sets 
of credentials.

I haven't investigated the interaction between Windows workstation and 
Windows server versus between Windows workstation and Samba server, in 
terms of *when* you are asked for a password. When you click on the 
server name in Network Neighborhood / My Network Places, when are you 
presented with the login prompt? When you click on the server name? Or 
when you click on the share name under that server? Your Samba server 
may be presenting you with the share names, if you've configured it to 
map unknown users to a particular user or guest. This may be confusing 
your workstation into thinking that it's already authenticated to the 
Samba server, so you don't get the login prompt.

Point of clarification: when I say workstation I mean the one you are 
at, attempting to connect remotely to the server. The server CAN be 
another Windows XP workstation with shared files. The workstation is 
the client, the server is the host that's sharing the files. Don't 
confuse the terminology with proprietary branding and product naming.

--Jon
--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba


RE : WinXP - OpenVMS tests reproduced using C++ test pro

2004-09-29 Thread COLLOT Jean-Yves
 The stat() or fstat() functions should return the correct 
 results of the real size of the file.  
 In the standard fields, they should have the highest
 byte written in the file.

I am not sure it should. Anyway, it does not and, as far as I know, it never
did in DECC or VAXC RTL history.

 If the stat()/fstat() calls are not doing this, then a small reproducer
 needs to be submitted to HP so that the stat() call can be fixed.

Here it is:

-CUT HERE--
#include stdlib.h
#include stdio.h
#include stdio.h
#include stat.h
main()
{
char buffer[1024];
FILE *tst;
int i;
int n;
struct stat st;

tst = fopen (TST.DAT, w);
for (i=0;  i10;  i++)
{
n = fwrite (buffer, 1024, 1, tst);
}
n = stat (TST.DAT, st);
printf (File Size before close = %d\n,st.st_size);
fclose (tst);
n = stat (TST.DAT, st);
printf (File Size after close = %d\n,st.st_size);
exit(0);
}
-CUT HERE--

 My guess is that it should only induce a delay, but likely 
 not as bad as what it is fixing.

I agree.

JYC

PLEASE READ THIS IMPORTANT ETIQUETTE MESSAGE BEFORE POSTING:

http://www.catb.org/~esr/faqs/smart-questions.html


RE: WinXP - OpenVMS tests reproduced using C++ test pro

2004-09-29 Thread Brodie, R (Richard)
The stat() or fstat() functions should return the correct results of the
real
size of the file.  In the standard fields, they should have the highest
byte written in the file.

The CRTL manual notes:

'be aware that for st_size to report a correct value, you need to flush
both the C RTL and RMS buffers'.

fflush()/ fsync() may be a mite quicker than fclose() / fopen() I suppose.

Richard Brodie

PLEASE READ THIS IMPORTANT ETIQUETTE MESSAGE BEFORE POSTING:

http://www.catb.org/~esr/faqs/smart-questions.html


Re: WinXP - OpenVMS tests reproduced using C++ test pro

2004-09-29 Thread John E. Malmberg
Brodie, R (Richard) wrote:
The stat() or fstat() functions should return the correct results of the
real size of the file.  In the standard fields, they should have the
highest byte written in the file.
The CRTL manual notes:
'be aware that for st_size to report a correct value, you need to flush
both the C RTL and RMS buffers'.
fflush()/ fsync() may be a mite quicker than fclose() / fopen() I suppose. 
Yes, and if this is backed up by the UNIX standard, means that the UNIX 
variants of SAMBA are possibly depending on an implementation quirk than 
by required behavior.

Still if OpenVMS is the only one that is not behaving this way, it may 
be good to bring it into compliance with UNIX.

-John
PLEASE READ THIS IMPORTANT ETIQUETTE MESSAGE BEFORE POSTING:
http://www.catb.org/~esr/faqs/smart-questions.html


A note about HAVE_MMAP

2004-09-29 Thread COLLOT Jean-Yves
Since Dave Jones provided a new, VMS-specific TDB set of routines, defining
HAVE_MMAP or not has no more impact on Samba/VMS.

JYC
PLEASE READ THIS IMPORTANT ETIQUETTE MESSAGE BEFORE POSTING:

http://www.catb.org/~esr/faqs/smart-questions.html


  1   2   >