[Samba] This is an alert from eSafe GW from Vossloh in Luedenscheid
*** eSafe GW on Vossloh Luedenscheid detected a hostile content in this email. *** Time: 09:04:01 09/29/04 Scan result: Mail modified to remove malicious content Protocol: SMTP in File Name / Mail Subject: mail_1096118602 Source: [EMAIL PROTECTED] Destination: [EMAIL PROTECTED] Details: document.pif Infected with Win32.Mydoom.t (Non-Removable), Blocked -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] How to assign a change file permission
Dear ALL : I'm a school system administrator , I want use samba to create a share for students can submit their execise or exam file, after the submition, student cannot change/delete file, but UNIX only provide write and read file permissions , how to config the SAMBA to doing this function. THANKS - email Yahoo! Messenger http://messenger.yahoo.com.hk -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] How to assign a change file permission
mic chan rta: Dear ALL : I'm a school system administrator , I want use samba to create a share for students can submit their execise or exam file, after the submition, student cannot change/delete file, but UNIX only provide write and read file permissions , how to config the SAMBA to doing this function. THANKS - email Yahoo! Messenger http://messenger.yahoo.com.hk What you seems to want is called drop in folder in MacOS/Netatalk parlance. IMHO it could be a lot easier implemented by using a ftp server (e.g proftpd), with upload folders. Cheers, Geza -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: Windows XP - Explorer crashes when I try to open a file on a Samba share
Any insight as to what the kernel problem was? Since it's a Gentoo system, I did compile the kernel myself. I'd hate to file a bug if it was simply me making a boneheaded mistake... I don't know what the specific problem is. But there has to be a solution as my kernel (Suse 2.4.21-243) has no problems with sendfile. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] security in samba
Hi, In my company , we have 25 HP printers at different floors. All printesr are configured on One Linux Machine. Each printer has one administrator. My task is share the printer to that particular administrator. For example if i have 2 printers ( HP1 and HP2) , i want to share HP1 printer to only 192.168.0.1 and HP2 printer to only 192.168.0.2. If we use host allow host deny in global { or (or) and } shared section, the behaviour is not meets my requirement. if use valid users in shared section, it's not working properly. On windows, when i connect with valid username and passwd , it gives a credentials conflict error. Please , can any one give suggestions on this. Regards, shashi kanth -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Réf. : [Samba] security in samba
Could you explain more ? One people can access to one printer or each printer are one adminitrator and other people can just print ? else there are the printer admin parameter --- Stéphane PURNELLE [EMAIL PROTECTED] Service Informatique Corman S.A. Tel : 00 32 087/342467 |-+- | | Shashi Kanth Boddula [EMAIL PROTECTED] | | | Envoyé par : | | | [EMAIL PROTECTED]| | | s.samba.org | | | | | | | | | 29/09/2004 14:57 | | | | |-+- ---| | | |Pour : [EMAIL PROTECTED] | |cc : | |Objet : [Samba] security in samba | ---| Hi, In my company , we have 25 HP printers at different floors. All printesr are configured on One Linux Machine. Each printer has one administrator. My task is share the printer to that particular administrator. For example if i have 2 printers ( HP1 and HP2) , i want to share HP1 printer to only 192.168.0.1 and HP2 printer to only 192.168.0.2. If we use host allow host deny in global { or (or) and } shared section, the behaviour is not meets my requirement. if use valid users in shared section, it's not working properly. On windows, when i connect with valid username and passwd , it gives a credentials conflict error. Please , can any one give suggestions on this. Regards, shashi kanth -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Re: {Virus?} {Spam?} Mail Delivery (failure doris.pedersen@hallstahammar.se)
Jag har semester v. 40. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Re: winbind error message: krb5_cc_get_principal failed (No such file or directory)
Hi Jan, You must have Heimdal and related deps that support ArcFour HMAC/MD5. Input Administrator or equal level at kinit user. join to ADS and start winbind and smb, nsswitch already set of course. I had same problem and it solved when I rename my machine with other name and rejoin to domain. Cheers xBadung Jan Appenroth wrote: Hello List, I successfully joined a Suse 9.0 Server with Samba 3.0.6 to a W2K3 DC, following the guide from http://www.wlug.org.nz/ActiveDirectorySamba My setup seems to work okay, but whenever I start/restart winbind, I get the following message: [2004/09/24 10:26:54, 1] nsswitch/winbindd.c:main(854) winbindd version 3.0.6-SUSE started. Copyright The Samba Team 2000-2004 [2004/09/24 10:26:55, 1] libsmb/clikrb5.c:ads_krb5_mk_req(313) krb5_cc_get_principal failed (No such file or directory) What does that mean? It does not tell which file/directory is missing. Is there something wrong in my Kerberos setup? As mentioned above, everything seems to work, I joined the domain and after some additions to my pam modules I could authenticate domain users to the linux machine. At first there were problems with lost connections to the DC, but after deactivating smb signing at the DC those problems vanished. Output of wbinfo -t|u|g and so on also seems fine. Yet this kerberos error message pesists. Just wondering... Thanks, Jan -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Cannot get HP1055CM Color Plotter to work with Point and Click
Yes... All of these steps were performed. Before loading the drivers. Were the drivers for your plotter loaded directly on the Windows Workstation? Marcus O. On Thu, 2004-09-23 at 08:33, Olaf Eichhorn wrote: Hi Marcus, Is Your printqueue raw? You have to create one for Yoour Printer. I choosed swat to do that. Than You have to edit two files to allow unknown type of data to be printed via cups. I found this in the mailing list archive 1. Edit /etc/cups/mime.types to uncomment the line near the end of the file that has: #application/octet-stream 2. Do the same for the file /etc/cups/mime.convs. 3. Add a raw printer using the Web interface. Point your browser at http://localhost:631. Enter Administration, add the printer following the prompts. Do not install any drivers for it. Choose Raw. Choose queue name Raw It worked perfect for our HP 450C HPGL plotter. Olaf -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] sambaPwdMustChange not properly set with smbldap
I'm using samba 3.0.6 on fedora core 1 with LDAP enabled and smbldap-tools. When I change a user password with smbldap-passwd username, i find that sambaPwdMustChange attribute is correctly set to 30 days later as set in smbldap_conf. But, if I try to change password from any Win2000 or WinXP client with CTRL+ALT+CANC -- CHANGE PASSWORD i notice that sambaPwdMustChange attribute is always set to 2147483647. I have tryed different setups in smb.conf but nothing has changed. Here is last config. security = user password level = 8 username level = 8 encrypt passwords = yes smb passwd file = /etc/samba/smbpasswd passdb backend = ldapsam:ldap://localhost; smbpasswd ldap suffix = dc=myfactory,dc=mycountry ldap admin dn = cn=Manager,dc=myfactory,dc=mycountry ldap ssl = no ldap group suffix = ou=Group ldap machine suffix = ou=Machine ldap user suffix = ou=People passwd program = /usr/local/sbin/smbldap-passwd.pl -u %u passwd chat = *new*password* %n\n *Retype*new*password* %n\n *successfully* passwd chat debug = yes #unix password sync = Yes ldap passwd sync = yes admin users = root, administrator add user script = /usr/local/sbin/smbldap-useradd.pl -a delete user script = /usr/local/sbin/smbldap-useradd.pl -d add group script = /usr/local/sbin/smbldap-useradd.pl -a -g delete group script = /usr/local/sbin/smbldap-useradd.pl -d -g add user to group script = /usr/local/sbin/smbldap-useradd.pl -j -u delete user from group script = /usr/local/sbin/smbldap-useradd.pl -j -u set primary group script = /usr/local/sbin/smbldap-useradd.pl -m -u add machine script = /usr/local/sbin/smbldap-useradd.pl -a -m # unix password sync = Yes # passwd program = /usr/bin/passwd %u # passwd chat = *New*UNIX*password* %n\n *ReType*new*UNIX*password* %n\n *passwd:*all*authentication*tokens*updated*successfully* Any idea? thanks! ciao luca Libero ADSL Free - Velocita' 1280 Kbit/s, attivazione e traffico 2004 gratis! Abbonati su http://www.libero.it -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Puzzle -- Logon/Login from Windows XP
I hope somebody can help me with this. I posed this question a week ago and got several well-meaning answers that were not very helpful. I have 10 Windows XP workstations and 100 users. Each of the 100 users has an account on my Samba server (running Samba 3.03 on Mandrake Linux 10). Each user has several shares on the Samba server which are unique to that user. In other words, only THAT user can access his/her shares, and THAT user has read/write priviledges for those shares. BTW, I define each user's shares by listings in smb.username.conf files and the include=smb.%U.conf option (I may have that backwards it may be username.smb.conf and include=%U.smb.conf, I have it right on my server.) The problem is, I need each of my 100 users to be able to logon to the Samba server (with READ/WRITE access to their own shares) from any of the 10 Windows XP workstations. It's not a problem if the user has an account on the XP machine that matches the username and password on the Linux Samba server. But users don't have their own machines and it's impractical to create 100 user accounts on EACH Windows XP workstation. Especially when the list of users changes every few months. So my question is, how can those 100 users logon to the Samba server from ANY workstation without having an account on the Windows XP workstation that matches their username/password on the Samba server? I have a clumsy workaround right now, but I need something better. This is what I can do now: -- I have a Samba share that is accessible to everyone. -- In Windows XP, if I map network drive on that share and select connect using different username, I get an opportunity to enter the username and password for the specific user. -- Once the Windows XP machine connects to the Samba server, the Samba server knows who the user is and displays a list of the user's own unique shares -- which can then be mapped as well. The thing that's awkward about this technique, however, is that I'm having to map a public share JUST to communicate to the Samba server the username and password. Isn't there a way to get the Samba server to ask for a username and password when the user clicks on the name of the Samba server in Explorer? That's what happens when I click on the name of a Windows XP machine (XP Machine 1) from another Windows XP machine (XP Machine 2) when I'm logged on to Machine 2 with a username and password that does not match an account on XP Machine 1. I get a dialog box asking for a username and password. If I enter a username that has an account on the first machine -- and the matching password -- I connect and get read/write access to all shared drives and folders. I want to get the same dialog box when I click on the Linux Samba server. But how? Thanks in advance for the help. Regards, Andy Liebman -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Réf. : [Samba] Puzzle -- Logon/Login from Windows XP
I think that for resolve your problem, you configure samba for become PDC and connect all WINDOWS XP workstations to domain. --- Stéphane PURNELLE [EMAIL PROTECTED] Service Informatique Corman S.A. Tel : 00 32 087/342467 |-+- | | [EMAIL PROTECTED] | | | Envoyé par : | | | [EMAIL PROTECTED]| | | s.samba.org | | | | | | | | | 29/09/2004 11:57 | | | | |-+- ---| | | |Pour : [EMAIL PROTECTED] | |cc : | |Objet : [Samba] Puzzle -- Logon/Login from Windows XP | ---| I hope somebody can help me with this. I posed this question a week ago and got several well-meaning answers that were not very helpful. I have 10 Windows XP workstations and 100 users. Each of the 100 users has an account on my Samba server (running Samba 3.03 on Mandrake Linux 10). Each user has several shares on the Samba server which are unique to that user. In other words, only THAT user can access his/her shares, and THAT user has read/write priviledges for those shares. BTW, I define each user's shares by listings in smb.username.conf files and the include=smb.%U.conf option (I may have that backwards it may be username.smb.conf and include=%U.smb.conf, I have it right on my server.) The problem is, I need each of my 100 users to be able to logon to the Samba server (with READ/WRITE access to their own shares) from any of the 10 Windows XP workstations. It's not a problem if the user has an account on the XP machine that matches the username and password on the Linux Samba server. But users don't have their own machines and it's impractical to create 100 user accounts on EACH Windows XP workstation. Especially when the list of users changes every few months. So my question is, how can those 100 users logon to the Samba server from ANY workstation without having an account on the Windows XP workstation that matches their username/password on the Samba server? I have a clumsy workaround right now, but I need something better. This is what I can do now: -- I have a Samba share that is accessible to everyone. -- In Windows XP, if I map network drive on that share and select connect using different username, I get an opportunity to enter the username and password for the specific user. -- Once the Windows XP machine connects to the Samba server, the Samba server knows who the user is and displays a list of the user's own unique shares -- which can then be mapped as well. The thing that's awkward about this technique, however, is that I'm having to map a public share JUST to communicate to the Samba server the username and password. Isn't there a way to get the Samba server to ask for a username and password when the user clicks on the name of the Samba server in Explorer? That's what happens when I click on the name of a Windows XP machine (XP Machine 1) from another Windows XP machine (XP Machine 2) when I'm logged on to Machine 2 with a username and password that does not match an account on XP Machine 1. I get a dialog box asking for a username and password. If I enter a username that has an account on the first machine -- and the matching password -- I connect and get read/write access to all shared drives and folders. I want to get the same dialog box when I click on the Linux Samba server. But how? Thanks in advance for the help. Regards, Andy Liebman -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] winbind stops responding
Have you tried stopping nscd? I know it causes problems with winbind Borut Kurnik wrote: Hi! Windbind ocasionally stops responding. Both winbind processes are still there, but eig. wbinfo -u returns Error looking up domain users. I've got to restart winbindd to reactivate it again. Nothing in log.winbindd. SuSE SLES-8 (fully updated) samba3-3.0.7-13 winbind cache time = 180 Please, if You have any hints, ... Thanks, Borut -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] smbmount curiosity - cant mount share in rc.local
No idea if it would work, but have you tried putting it in /etc/fstab? Tomasz Chmielewski wrote: Hello, I would like to mount a certain share when the server is booted. So I added the following line at the end of rc.local: /bin/mount -t smbfs -o guest //backup/archiwizacja$ /mnt/archiwizacja Interestingly, this doesn't mount anything, nothing is added to the logs either. When I enter this line manually, after server is booted, it is mounted. # mount -t smbfs -o guest //backup/archiwizacja$ /mnt/archiwizacja # mount (...) //backup/archiwizacja$ on /mnt/archiwizacja type smbfs (0) It makes no difference if I change the netbios name (backup) to IP address in this rc.local. Of course rc.local is executed, as other programs from it are ran. Any ideas? Tomek -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Puzzle -- Logon/Login from Windows XP
So my question is, how can those 100 users logon to the Samba server from ANY workstation without having an account on the Windows XP workstation that matches their username/password on the Samba server? Why don't you want to creat a domain? Isn't there a way to get the Samba server to ask for a username and password when the user clicks on the name of the Samba server in Explorer? The server can't ask the user for another username/password. It is a clients decision to ask the user for additional credentials. Unless you find out what specific setting triggers explorer to ask (null session, guest account settings or something, try ethereal) you are out of luck. Maybe you write a script that mounts the shares with net use and give the samba username with /user:name * to ask for the password. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Cannot get HP1055CM Color Plotter to work with Point and Click
Hi Marcus, Were the drivers for your plotter loaded directly on the Windows Workstation? Yes, all printer drivers are installed locally on the win-clients. They print to an redirected lpt-port. (lpt2) This works perfect for our small organization. e.g. The sambaqueue is \\sambaserver\HP450C I use an script to redirect the lpt2 to the path above. net use lpt2: \\sambaserver\HP450C /persistent:yes You have to run the script only one time. hope this helps Olaf -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Puzzle -- Logon/Login from Windows XP
In a message dated 9/29/2004 6:20:07 AM Eastern Daylight Time, [EMAIL PROTECTED] writes: Thanks for the reply So my question is, how can those 100 users logon to the Samba server from ANY workstation without having an account on the Windows XP workstation that matches their username/password on the Samba server? Why don't you want to creat a domain? How do you define and create a domain? And is it difficult to maintain a domain as the users change? And what if the Samba server is just one of many servers on a network that might have other domains and domain servers? And what if the workstations have to access other domains? This is the sort of environment where my system has to work. Isn't there a way to get the Samba server to ask for a username and password when the user clicks on the name of the Samba server in Explorer? The server can't ask the user for another username/password. It is a clients decision to ask the user for additional credentials. Unless you find out what specific setting triggers explorer to ask (null session, guest account settings or something, try ethereal) you are out of luck. Maybe you write a script that mounts the shares with net use and give the samba username with /user:name * to ask for the password. Any clues about how to write that script. I'm not a samba expert. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] WINBIND Problem.....
Sorry for obvious question, but have you made sure that you have write permission to the directory you are trying to write to? Travis Bullock wrote: Hello again. Still have not resolved this winbind issue, although it may not be winbind at all. The odd thing is, when I attempt to access a share on the Fedora C2 server running samba 3.x and winbind it will ask for a password. If I enter the wrong username and password, it will give me an invalid username or password error. If I enter the correct username and password, it will give me a Access Denied contact your administrator...blah..blah...blahfollowed by a Network Path Not Found. Any ideas out there? Cheers, Travis -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Roaming Profiles:Samba PDC:WinXP:User must be local admin
Power Users is what I'm trying. It seems that anything other than Administrators has this problem On Wed, 29 Sep 2004 09:44:33 +0600 (YEKST), Ilia Chipitsine [EMAIL PROTECTED] wrote: maybe You should try Power Users instead of Local admin. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Réf. : Re: Réf. : [Samba] Puzzle -- Logon/Login from Windows XP
Configure samba for become a domain member of a domain ? or make samba as a domain controler and configure trusting account --- Stéphane PURNELLE [EMAIL PROTECTED] Service Informatique Corman S.A. Tel : 00 32 087/342467 [EMAIL PROTECTED] com Pour : [EMAIL PROTECTED] cc : 29/09/2004 12:46 Objet : Re: Réf. : [Samba] Puzzle -- Logon/Login from Windows XP In a message dated 9/29/2004 6:10:14 AM Eastern Daylight Time, [EMAIL PROTECTED] writes: I think that for resolve your problem, you configure samba for become PDC and connect all WINDOWS XP workstations to domain. Thanks for the reply. How do you define and create a domain? And is it difficult to maintain a domain as the users change? And what if the Samba server is just one of many servers on a network that might have other domains and domain servers? And what if the workstations have to access other domains? This is the sort of environment where my system has to work. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: Public share
On Tue, 28 Sep 2004, Igor Belyi wrote: Barbara M. wrote: How can I have a public area with no user/pass access on a smb server that do NOT use security = share? You will need 'guest ok = Yes' added for your share. Tried without success. Seems that using security = user I can't have a public share. Why? Regards, B. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] samba settings for ldap
I have compiled samba 3.0.2a with --with-ldapsam parameter on Solaris 9 server. I set passdb backend = ldapsam:ldap://my server ip addr:port in smb.conf file. And after I restarted smbd daemon I get the message in log.smbd file: [2004/09/29 13:38:59, 0] passdb/pdb_interface.c:make_pdb_methods_name(514) No builtin nor plugin backend for ldapsam found [2004/09/29 13:38:59, 1] passdb/pdb_interface.c:make_pdb_context_list(604) Loading ldapsam:ldap://my server ip addr:port failed! Maybe someone know how to resolv this problem? Thanks -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Roaming Profiles:Samba PDC:WinXP:User must be local admin
I not had this problem , samba 3.0.4 but I putted the line : profile acls = Yes in the GLOBAL section of smb.conf (not in the [profile] section) XP Selon Zach [EMAIL PROTECTED]: Power Users is what I'm trying. It seems that anything other than Administrators has this problem On Wed, 29 Sep 2004 09:44:33 +0600 (YEKST), Ilia Chipitsine [EMAIL PROTECTED] wrote: maybe You should try Power Users instead of Local admin. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- Xavier mailto: [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Roaming Profiles:Samba PDC:WinXP:User must be local admin
Unfortunately I don't have access to the SAMBA PDC (or win xp clients) right now. However the machine I'm on (RH9) has samba 2.2.x. I looked up smb.conf on this machine and the man page for smb.conf isn't explicit about where profile acls = yes should go. However, it does list profile acls under service parameters vs. global parameters. Based on that, it seems like profile acls should not go under [global]. However, I'll try anything so later today, I'll give it a try and see if it works. If anyone else following this thread gives it a try before then, let us know how it works. I'll post my smb.conf (as of last night) again below. [global] netbios name = BABYLON workgroup = CIVILIZATION browseable = no server string = Samba Server log file = /var/log/samba/smbd.log max log size = 50 security = user smb passwd file = /etc/samba/smbpasswd unix password sync = Yes passwd program = /usr/bin/passwd %u passwd chat = \ *password* %n\n \ *password* %n\n \ *successfully* username map = /etc/samba/smbusers # Most people will find that this option gives better performance. # See speed.txt and the manual pages for details socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 local master = yes os level = 64 domain master = yes preferred master = yes domain logons = yes logon path = \\%L\Profiles\%U logon drive = M: logon home = \\%L\%U logon script = logon.cmd wins support = yes dns proxy = no [homes] comment = Home Directories path = /home/samba/share/%U writeable = yes create mode = 0600 directory mode = 0740 browseable = No [netlogon] comment = Network Logon Service path = /home/samba/netlogon browseable = no [Profiles] path = /home/samba/profiles browseable = No writeable = yes profile acls = yes [share] path = /home/samba/share writeable = yes guest ok = no create mode = 0660 directory mode = 0770 browseable = yes On Wed, 29 Sep 2004 13:13:14 +0200, Xavier [EMAIL PROTECTED] wrote: I not had this problem , samba 3.0.4 but I putted the line : profile acls = Yes in the GLOBAL section of smb.conf (not in the [profile] section) XP Selon Zach [EMAIL PROTECTED]: Power Users is what I'm trying. It seems that anything other than Administrators has this problem On Wed, 29 Sep 2004 09:44:33 +0600 (YEKST), Ilia Chipitsine [EMAIL PROTECTED] wrote: maybe You should try Power Users instead of Local admin. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Roaming Profiles:Samba PDC:WinXP:User must be local admin
Unfortunately I don't have access to the SAMBA PDC (or win xp clients) right now. However the machine I'm on (RH9) has samba 2.2.x. I looked up smb.conf on this machine and the man page for smb.conf isn't explicit about where profile acls = yes should go. However, it does list profile acls under service parameters vs. global parameters. Based on that, it seems like profile acls should not go under [global]. However, I'll try anything so later today, I'll give it a try and see if it works. If anyone else following this thread gives it a try before then, let us know how it works. I'll post my smb.conf (as of last night) again below. [global] netbios name = BABYLON workgroup = CIVILIZATION browseable = no server string = Samba Server log file = /var/log/samba/smbd.log max log size = 50 security = user smb passwd file = /etc/samba/smbpasswd unix password sync = Yes passwd program = /usr/bin/passwd %u passwd chat = \ *password* %n\n \ *password* %n\n \ *successfully* username map = /etc/samba/smbusers # Most people will find that this option gives better performance. # See speed.txt and the manual pages for details socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 local master = yes os level = 64 domain master = yes preferred master = yes domain logons = yes logon path = \\%L\Profiles\%U logon drive = M: logon home = \\%L\%U logon script = logon.cmd wins support = yes dns proxy = no [homes] comment = Home Directories path = /home/samba/share/%U writeable = yes create mode = 0600 directory mode = 0740 browseable = No [netlogon] comment = Network Logon Service path = /home/samba/netlogon browseable = no [Profiles] path = /home/samba/profiles browseable = No writeable = yes profile acls = yes#added this line last night to no avail [share] path = /home/samba/share writeable = yes guest ok = no create mode = 0660 directory mode = 0770 browseable = yes On Wed, 29 Sep 2004 13:13:14 +0200, Xavier [EMAIL PROTECTED] wrote: I not had this problem , samba 3.0.4 but I putted the line : profile acls = Yes in the GLOBAL section of smb.conf (not in the [profile] section) XP Selon Zach [EMAIL PROTECTED]: Power Users is what I'm trying. It seems that anything other than Administrators has this problem On Wed, 29 Sep 2004 09:44:33 +0600 (YEKST), Ilia Chipitsine [EMAIL PROTECTED] wrote: maybe You should try Power Users instead of Local admin. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Roaming Profiles:Samba PDC:WinXP:User must be local admin
ok, just to make it clean. what do You mean by Local admins ? 1) domain user (or domain group, or even Everyone added to local group Administrators ? 2) local user added to local group Administrators ? Power Users is what I'm trying. It seems that anything other than Administrators has this problem On Wed, 29 Sep 2004 09:44:33 +0600 (YEKST), Ilia Chipitsine [EMAIL PROTECTED] wrote: maybe You should try Power Users instead of Local admin. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Roaming Profiles:Samba PDC:WinXP:User must be local admin
Okay, sorry, it *is* starting to get a bit muddy. To clear it up: If a domain user is added to the Administrators group on the client (ie local) win xp mahine, then their is no problem. If the user is *not* part of the local Administrators group then the profile doesn't load properly. So: Domain: CIVILIZATION samba PDC: BABYLON Win XP client: TROY Domain user: Zach Local user: local_user If CILIVLIZATION\Zach is added to TROY\Administrators, then no problem. If CILIVLIZATION\Zach is removed from TROY\Administrators, then profile doesn't load properly, even if CILIVLIZATION\Zach is a member of TROY\Power Users or TROY\Users, etc. (This applies to other domain users as well, not just Zach). Further, when TROY\local_user, logs on to TROY, then no problem, regardless of group membership. Hope this doesn't muddy things up further. I know there are others out there exibiting this same problem. Surely there's someone who's seen it solved it. Thanks Zach On Wed, 29 Sep 2004 17:40:06 +0600 (YEKST), Ilia Chipitsine [EMAIL PROTECTED] wrote: ok, just to make it clean. what do You mean by Local admins ? 1) domain user (or domain group, or even Everyone added to local group Administrators ? 2) local user added to local group Administrators ? Power Users is what I'm trying. It seems that anything other than Administrators has this problem On Wed, 29 Sep 2004 09:44:33 +0600 (YEKST), Ilia Chipitsine [EMAIL PROTECTED] wrote: maybe You should try Power Users instead of Local admin. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Strange behavior with file that have a .exe extension...
Kevin Riggins wrote: I am running Samba 3.0.7 on a Redhat EL3 server. Any action I attempt with a file that has an .exe extension takes quite some time to occur. For instance, a right-click to get properties menu takes 15 seconds, when executing the file it takes 8-10 seconds to start, drag-and-drop takes several seconds to start, etc. If I rename the file to a different extension or perform the same actions with another file type, everything works just fine. Just a thought, do you have any virus scanner installed that might be scanning the file when you access it ? Simon -- Simon Hobson MA MIEE, Technology Specialist Colony Gift Corporation Limited Lindal in Furness, Ulverston, Cumbria, LA12 0LD Tel 01229 461100, Fax 01229 461101 Registered in England No. 1499611 Regd. Office : 100 New Bridge Street, London, EC4V 6JA. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Re: Public share
Barbara M. wrote: On Tue, 28 Sep 2004, Igor Belyi wrote: Tried without success. Ok, I forgot that 'public' and 'guest ok' are synonyms and you have it in your smb.conf... Seems that using security = user I can't have a public share. Why? At least I have them with security = user. I dumb question - does user 'nobody' has access to the /home/Public directory? Igor -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] RE: why does samba need anonymous access enabled on windows to join AD server?
On Tue, Sep 28, 2004 at 01:17:06PM -0400, [EMAIL PROTECTED] wrote: I noticed when trying to use a windows active directory server for my password server that i cannot join the windows AD domain (using the net join command) unless the windows server has anonymous access enabled. Why is this? I am trying to join as administrator so why does it need anonymous? I think you need to use kerberos, then it will work. smb.conf: [Global] parameters workgroup = MYDOMAIN wins support = Yes hosts allow = all encrypt passwords = Yes unix password sync = Yes passwd program = /usr/bin/passwd %u update encrypted = No lm announce = true log level = 2 # for AD passwords # password server = * password server = WINSERVER1 WINSERVER2 security = domain [export] path = /export comment = export browseable = yes writable = yes read only = No public = No Try to use security = ads and realm = YOUR.AD.REALM. Configure kerberos, grab a ticket granting ticket (TGT) for the Administrator principal and you should be able to use net ads join -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Samaba 3.0.4 on solaris 8 with winbind
I have worked on getting the winbind portion of samba 3.0.4 to work for weeks now. I have had little success and need to seek help to resolve my issue. I am running samba on Solaris 8 box. My PDC/BDC is Window NT 4.0 and I'm running win2k pro on the pc(s). /'^'\ ( o o ) -oOOO--(_)--OOOo-- Andrea Savage IDC System Administrator .oooO ( ) Oooo. -\ (( )--- \_)) / (_/ -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Re: Roaming Profiles:Samba PDC:WinXP:User must be local admin
Zach wrote: To clear it up: Domain: CIVILIZATION samba PDC: BABYLON Win XP client: TROY Domain user: Zach Local user: local_user If CILIVLIZATION\Zach is added to TROY\Administrators, then no problem. If CILIVLIZATION\Zach is removed from TROY\Administrators, then profile doesn't load properly, even if CILIVLIZATION\Zach is a member of TROY\Power Users or TROY\Users, etc. (This applies to other domain users as well, not just Zach). Further, when TROY\local_user, logs on to TROY, then no problem, regardless of group membership. Just to give you some hope - I don't have this problem. I have users which belong _only_ to Domain Users group and they have WinXP Theme loaded without a problem. BTW, did you move those profiles from local profiles or other Domains or were they created when users first login into Domain? ACLs and ownership on files in the Roaming profiles are stored in NTUSER.DAT file which is a representation of user registry. To properly copy User Profiles you would need to use Window's System Properties/Advanced/User Profiles. Igor -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: Roaming Profiles:Samba PDC:WinXP:User must be local admin
You know you may have a point. It's been a couple of years, but I think the two accounts originally started out as local accounts. I don't remember how I moved them to the Samba server, if I did a straight copy of the directory over the network or if I used the System Properties/.../User Profiles mechanism. Any idea how I can fix that, or how I can properly re-create NTUSER.DAT? On Wed, 29 Sep 2004 09:16:30 -0400, Igor Belyi [EMAIL PROTECTED] wrote: Just to give you some hope - I don't have this problem. I have users which belong _only_ to Domain Users group and they have WinXP Theme loaded without a problem. BTW, did you move those profiles from local profiles or other Domains or were they created when users first login into Domain? ACLs and ownership on files in the Roaming profiles are stored in NTUSER.DAT file which is a representation of user registry. To properly copy User Profiles you would need to use Window's System Properties/Advanced/User Profiles. Igor -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Cannot enable Enable advanced printing features
Well, since no one else knows what's going on I'm gonna take a look at the source, and unless it's clearly stated there why this doesn't work I'm try filling it as a bug. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] rpcclient adddriver error
Hello list, slowly I am at the end of my wisdom ... --- Problem: rpcclient -c'adddriver' won't add driver information --- Symptoms: rpcclient (debug level 4) exits with: [...] lsa_io_sec_qos: length c does not match size 8 result was DOS code 0x0003 --- Syntax: After shifting thru gigabyte of useless garbage mailling-list archives i found the fitting part of a Samba-HOWTO: rpcclient -U'root%{youdliketoknow}' -c'adddriver Windows NT x86 cnlbp4u:UNIDRV.DLL:CNLBP4U.GPD:UNIDRVUI.DLL:UNIDRV.HLP:NULL:RAW: \ UNIDRV.DLL,CNLBP4U.GPD,UNIDRVUI.DLL,UNIDRV.HLP,CNLBPRES.DLL, \ UNIRES.DLL,STDNAMES.GPD' LINUX -d 4 (the \ are used for readability) - and as you see, there are 7 semi-colons seperating the files in the adddriver command. --- Current configuration as thrown out by testparm: Load smb config files from /etc/samba/smb.conf Processing section [print$] Processing section [netlogon] Processing section [lbp4u] Loaded services file OK. Server role: ROLE_STANDALONE Press enter to see a dump of your service definitions # Global parameters [global] workgroup = POPPE server string = Samba 3.0.7 Server security = SHARE map to guest = Bad User null passwords = Yes guest account = smbguest username map = /etc/samba/smbusers name resolve order = wins lmhosts bcast time server = Yes socket options = TCP_NODELAY IPTOS_LOWDELAY SO_RCVBUF=8192 SO_SNDBUF=8192 printcap cache time = 750 os level = 100 wins support = Yes printer admin = @ntadmin, root cups options = raw [print$] comment = Printer Drivers path = /var/lib/samba/drivers write list = @ntadmin, root force group = ntadmin create mask = 0664 directory mask = 0775 guest ok = Yes [netlogon] comment = NetLogon path = /var/lib/samba/netlogon browseable = No [lbp4u] comment = Canon LBP4U via AXIS path = /var/tmp printable = Yes print command = lpr -r -P%p %s --- Any Insight as to whats going wrong here would be very much appreciated ! Regards Kai M Poppe --- Debug Output from rpcclient -d 1024: INFO: Current debug levels: all: True/1024 tdb: False/0 printdrivers: False/0 lanman: False/0 smb: False/0 rpc_parse: False/0 rpc_srv: False/0 rpc_cli: False/0 passdb: False/0 sam: False/0 auth: False/0 winbind: False/0 vfs: False/0 idmap: False/0 quota: False/0 acls: False/0 added interface ip=192.168.0.3 bcast=192.168.0.255 nmask=255.255.255.0 Netbios name list:- my_netbios_names[0]=LINUX Connecting to host=LINUX internal_resolve_name: looking up LINUX#20 Opening cache file at /var/lib/samba/gencache.tdb Returning valid cache entry: key = NBT/LINUX#20, value = 192.168.0.3:0, timeout = Wed Sep 29 15:19:54 2004 name LINUX#20 found. Connecting to 192.168.0.3 at port 445 socket option SO_KEEPALIVE = 0 socket option SO_REUSEADDR = 0 socket option SO_BROADCAST = 0 socket option TCP_NODELAY = 1 socket option IPTOS_LOWDELAY = 16 socket option IPTOS_THROUGHPUT = 16 socket option SO_SNDBUF = 16384 socket option SO_RCVBUF = 16384 socket option SO_SNDLOWAT = 1 socket option SO_RCVLOWAT = 1 socket option SO_SNDTIMEO = 0 socket option SO_RCVTIMEO = 0 write_socket(4,183) write_socket(4,183) wrote 183 got smb length of 89 size=89 smb_com=0x72 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=0 smb_pid=9203 smb_uid=0 smb_mid=1 smt_wct=17 smb_vwv[ 0]=7 (0x7) smb_vwv[ 1]=12802 (0x3202) smb_vwv[ 2]= 256 (0x100) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 65 (0x41) smb_vwv[ 5]=0 (0x0) smb_vwv[ 6]= 256 (0x100) smb_vwv[ 7]=62464 (0xF400) smb_vwv[ 8]= 35 (0x23) smb_vwv[ 9]=64768 (0xFD00) smb_vwv[10]=32995 (0x80E3) smb_vwv[11]=0 (0x0) smb_vwv[12]=35374 (0x8A2E) smb_vwv[13]= 9958 (0x26E6) smb_vwv[14]=50342 (0xC4A6) smb_vwv[15]=34817 (0x8801) smb_vwv[16]= 2303 (0x8FF) smb_bcc=20 [000] C4 D1 5A C5 24 91 C1 12 50 00 4F 00 50 00 50 00 ÄÑZÅ$.Á. P.O.P.P. [010] 45 00 00 00 E... size=89 smb_com=0x72 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=0 smb_pid=9203 smb_uid=0 smb_mid=1 smt_wct=17 smb_vwv[ 0]=7 (0x7) smb_vwv[ 1]=12802 (0x3202) smb_vwv[ 2]= 256 (0x100) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 65 (0x41) smb_vwv[ 5]=0 (0x0) smb_vwv[ 6]= 256 (0x100) smb_vwv[ 7]=62464 (0xF400) smb_vwv[ 8]= 35 (0x23) smb_vwv[ 9]=64768 (0xFD00) smb_vwv[10]=32995 (0x80E3) smb_vwv[11]=0 (0x0) smb_vwv[12]=35374 (0x8A2E) smb_vwv[13]= 9958 (0x26E6) smb_vwv[14]=50342 (0xC4A6) smb_vwv[15]=34817 (0x8801) smb_vwv[16]= 2303 (0x8FF) smb_bcc=20 [000] C4 D1 5A C5 24 91 C1 12 50 00 4F 00 50 00 50 00 ÄÑZÅ$.Á. P.O.P.P. [010] 45 00 00 00 E... Serverzone is -7200 write_socket(4,134) write_socket(4,134) wrote 134 got smb length of 98 size=98 smb_com=0x73 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51201 smb_tid=0 smb_pid=9203
[Samba] Trust
Dear All, I want to make a trust between to Samba domains. I make all as is writed in samba documentation. But I alwais get a fail message when I want enstablish a trust. My steps: Trusting domain is DOMA Trusted domain is DOMB 1. In trusted domain I create a unix user DOMA$ 2. In trusted domain I create a samba user: smbpasswd -a -i DOMA 3. After then I trying create a trust from trusting domain with tjis command net rpc trustdom establish DOMB But I get an error Couldn't verify domain account. Error was NT_STATUS_CANT_ACCESS_DOMAIN_INFO. I don't know where is a fail. Thanks, Sopik Brona -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: Can join domain, can't login -- LDAP PDC
Thanks. The log is attached. Chris St. Pierre Unix Systems Administrator Nebraska Wesleyan University 402.465.7549 On Tue, 28 Sep 2004, Igor Belyi wrote: Chris St. Pierre wrote: nscd doesn't appear to be running: # ps -ef | grep nscd | grep -v grep Ok, my guess was wrong. :o) Also, it doesn't seem like that explanation would jive with the errors smbd is throwing. Or am I missing something? You've shown that Samba got Signal 11 which can mean almost any internal problem. The interesting part of the log is what happens _before_ Signal 11 was thrown. I don't have Samba 2.2.9 installed by I can load and look into its code for you if you give me your 'log level=10' trace from the moment of login to the first Signal 11 in pid. Igor -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba ldap_connect_system: Binding to ldap server as cn=directory manager [2004/09/28 17:50:19, 0] lib/fault.c:fault_report(38) === [2004/09/28 17:50:19, 0] lib/fault.c:fault_report(39) INTERNAL ERROR: Signal 11 in pid 19109 (2.2.9) Please read the file BUGS.txt in the distribution [2004/09/28 17:50:19, 0] lib/fault.c:fault_report(41) === [2004/09/28 17:50:19, 0] lib/util.c:smb_panic(1094) PANIC: internal error [2004/09/29 10:35:29, 1] lib/debug.c:debug_message(258) INFO: Debug class all level = 10 (pid 8748 from pid 8748) doing parameter ldap server = newman.nebrwesleyan.edu doing parameter ldap port = 389 doing parameter ldap suffix = o=NebrWesleyan.edu,o=isp doing parameter ldap filter = ((uid=%u)(objectclass=sambaAccount)) doing parameter ldap admin dn = cn=directory manager doing parameter ldap ssl = off doing parameter netbios name = testerator [2004/09/29 10:35:29, 4] param/loadparm.c:handle_netbios_name(2352) handle_netbios_name: set global_myname to: TESTERATOR doing parameter workgroup = NWU_TEST doing parameter browseable = yes doing parameter wins server = 10.9.1.12 [2004/09/29 10:35:29, 4] lib/wins_srv.c:wins_srv_load_list(139) wins_srv_load_list(): Building WINS server list: 10.9.1.12, 1 WINS server listed. doing parameter local master = yes doing parameter domain master = yes doing parameter preferred master = yes doing parameter domain logons = yes doing parameter security = user doing parameter domain admin group = root stpierre doing parameter add user script = /usr/local/sbin/smbldap-useradd.pl -m -d /dev/null -g 1000 -s /bin/false %u [2004/09/29 10:35:29, 2] param/loadparm.c:do_section(3073) Processing section [netlogon] doing parameter path = /usr/local/samba/netlogon doing parameter locking = no doing parameter browseable = no doing parameter read only = yes doing parameter write list = ntadmin [2004/09/29 10:35:29, 2] param/loadparm.c:do_section(3073) Processing section [tmp] doing parameter comment = test share doing parameter path = /tmp doing parameter read only = yes [2004/09/29 10:35:29, 4] param/loadparm.c:lp_load(3503) pm_process() returned Yes [2004/09/29 10:35:29, 7] param/loadparm.c:lp_servicenumber(3612) lp_servicenumber: couldn't find homes [2004/09/29 10:35:29, 3] param/loadparm.c:lp_add_ipc(2028) adding IPC service IPC$ [2004/09/29 10:35:29, 3] param/loadparm.c:lp_add_ipc(2028) adding IPC service ADMIN$ [2004/09/29 10:35:29, 10] param/loadparm.c:set_server_role(3454) set_server_role: ROLE_DOMAIN_PDC [2004/09/29 10:35:29, 7] param/loadparm.c:lp_servicenumber(3612) lp_servicenumber: couldn't find printers [2004/09/29 10:35:29, 7] param/loadparm.c:lp_servicenumber(3612) lp_servicenumber: couldn't find printers [2004/09/29 10:35:29, 2] lib/interface.c:add_interface(81) added interface ip=127.0.0.1 bcast=127.255.255.255 nmask=255.0.0.0 [2004/09/29 10:35:29, 2] lib/interface.c:add_interface(81) added interface ip=10.9.1.111 bcast=10.9.255.255 nmask=255.255.0.0 [2004/09/29 10:35:29, 5] lib/hash.c:hash_table_init(68) Hash size = 521. [2004/09/29 10:35:29, 5] lib/util_sock.c:print_socket_options(111) socket option SO_KEEPALIVE = 1 [2004/09/29 10:35:29, 5] lib/util_sock.c:print_socket_options(111) socket option SO_REUSEADDR = 1 [2004/09/29 10:35:29, 5] lib/util_sock.c:print_socket_options(111) socket option SO_BROADCAST = 0 [2004/09/29 10:35:29, 5] lib/util_sock.c:print_socket_options(111) socket option TCP_NODELAY = 1 [2004/09/29 10:35:29, 5] lib/util_sock.c:print_socket_options(111) socket option IPTOS_LOWDELAY = 0 [2004/09/29 10:35:29, 5] lib/util_sock.c:print_socket_options(111) socket option IPTOS_THROUGHPUT = 0 [2004/09/29 10:35:29, 5] lib/util_sock.c:print_socket_options(111) socket option SO_SNDBUF = 16384 [2004/09/29 10:35:29, 5] lib/util_sock.c:print_socket_options(111) socket option SO_RCVBUF = 87380 [2004/09/29 10:35:29, 5] lib/util_sock.c:print_socket_options(111)
Re: [Samba] Deleting Old Printer Drivers
rpcclient $server -N -U 'user%passwd' -c 'deldriver $printer' Then remove the all the files related to the printer in the driver directory... M/V Anastasis - IT Manager wrote: Hi all, I am running samba 3.0.6 on Linux and am wondering if anyone knows if it is possible to delete a print driver from the driver database? I have around 20 printers running off of this print server and occasionally we remove all of a certain type of printer. Also, for some reason, the drivers sometimes seem to become corrupt and it would be nice to be able to entirely remove a driver and then reinstall it from scratch. Is this a possible thing to do? Thanks, Chris Chris Slack IT Manager M/V Anastasis - Currently docked in Bremerhaven, DL Mercy Ships mailto:[EMAIL PROTECTED] [EMAIL PROTECTED] http://www.mercyships.org/ www.mercyships.org http://www.chrisslack.org/ -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Puzzle -- Logon/Login from Windows XP
Top post oh well... Make Samba a PDC join the XP workstations and use roaming profiles. [EMAIL PROTECTED] wrote: I hope somebody can help me with this. I posed this question a week ago and got several well-meaning answers that were not very helpful. I have 10 Windows XP workstations and 100 users. Each of the 100 users has an account on my Samba server (running Samba 3.03 on Mandrake Linux 10). Each user has several shares on the Samba server which are unique to that user. In other words, only THAT user can access his/her shares, and THAT user has read/write priviledges for those shares. BTW, I define each user's shares by listings in smb.username.conf files and the include=smb.%U.conf option (I may have that backwards it may be username.smb.conf and include=%U.smb.conf, I have it right on my server.) The problem is, I need each of my 100 users to be able to logon to the Samba server (with READ/WRITE access to their own shares) from any of the 10 Windows XP workstations. It's not a problem if the user has an account on the XP machine that matches the username and password on the Linux Samba server. But users don't have their own machines and it's impractical to create 100 user accounts on EACH Windows XP workstation. Especially when the list of users changes every few months. So my question is, how can those 100 users logon to the Samba server from ANY workstation without having an account on the Windows XP workstation that matches their username/password on the Samba server? I have a clumsy workaround right now, but I need something better. This is what I can do now: -- I have a Samba share that is accessible to everyone. -- In Windows XP, if I map network drive on that share and select connect using different username, I get an opportunity to enter the username and password for the specific user. -- Once the Windows XP machine connects to the Samba server, the Samba server knows who the user is and displays a list of the user's own unique shares -- which can then be mapped as well. The thing that's awkward about this technique, however, is that I'm having to map a public share JUST to communicate to the Samba server the username and password. Isn't there a way to get the Samba server to ask for a username and password when the user clicks on the name of the Samba server in Explorer? That's what happens when I click on the name of a Windows XP machine (XP Machine 1) from another Windows XP machine (XP Machine 2) when I'm logged on to Machine 2 with a username and password that does not match an account on XP Machine 1. I get a dialog box asking for a username and password. If I enter a username that has an account on the first machine -- and the matching password -- I connect and get read/write access to all shared drives and folders. I want to get the same dialog box when I click on the Linux Samba server. But how? Thanks in advance for the help. Regards, Andy Liebman -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] New here ... with an NT Group problem
Torsten E. schrieb am Mittwoch, 29. September 2004 00:22: Igor Belyi schrieb am Dienstag, 28. September 2004 21:16: Torsten E. wrote: Hello again, [...] Look into 'net groupmap list'. The right 'Domain Admins' should have RID (the last number after '-') 512 and SID (all numbers before the last '-') corresponding to your Domain SID ('net getlocalsid'). Use 'net groupmap delete' or 'net gropumap modify' to fix the problem. Ok, Thanks Igor! I guess the: S-1-5-21-1313674548-3619494541-1192360840-... are the wrong ones (Domain Admins, Domain Guests Domain Users) ... [...] I'll delete them tomorrow. So, I just tried to delete those groups/SIDs, but it doesn't work ...: pdc:/home/torsten # net groupmap list System Operators (S-1-5-32-549) - ntadmin Domain Users (S-1-5-21-363742550-2379833043-2840705137-513) - ntuser Replicators (S-1-5-32-552) - ntadmin Guests (S-1-5-32-546) - nogroup NTUsers (S-1-5-21-363742550-2379833043-2840705137-1201) - ntuser Domain Users (S-1-5-21-1313674548-3619494541-1192360840-513) - -1 Power Users (S-1-5-32-547) - ntuser Print Operators (S-1-5-32-550) - ntadmin Administrators (S-1-5-32-544) - ntadmin Account Operators (S-1-5-32-548) - ntadmin Domain Guests (S-1-5-21-1313674548-3619494541-1192360840-514) - -1 Backup Operators (S-1-5-32-551) - ntadmin Users (S-1-5-32-545) - ntuser Domain Admins (S-1-5-21-1313674548-3619494541-1192360840-512) - -1 Domain Admins (S-1-5-21-363742550-2379833043-2840705137-512) - ntadmin Domain Guests (S-1-5-21-363742550-2379833043-2840705137-514) - nogroup pdc:/home/torsten # pdc:/home/torsten # net groupmap delete ntgroup=Domain Admin sid=S-1-5-21-1313674548-3619494541-1192360840-512 Sucessfully removed S-1-5-21-1313674548-3619494541-1192360840-512 from the mapping db pdc:/home/torsten # net groupmap delete sid=S-1-5-21-1313674548-3619494541-1192360840-513 Sucessfully removed S-1-5-21-1313674548-3619494541-1192360840-513 from the mapping db pdc:/home/torsten # net groupmap delete sid=S-1-5-21-1313674548-3619494541-1192360840-514 Sucessfully removed S-1-5-21-1313674548-3619494541-1192360840-514 from the mapping db pdc:/home/torsten # pdc:/home/torsten # net groupmap list sid=S-1-5-21-1313674548-3619494541-1192360840-512 Domain Admins (S-1-5-21-1313674548-3619494541-1192360840-512) - -1 pdc:/home/torsten # net groupmap list sid=S-1-5-21-1313674548-3619494541-1192360840-513 Domain Users (S-1-5-21-1313674548-3619494541-1192360840-513) - -1 pdc:/home/torsten # net groupmap list sid=S-1-5-21-1313674548-3619494541-1192360840-514 Domain Guests (S-1-5-21-1313674548-3619494541-1192360840-514) - -1 pdc:/home/torsten # Any idea why it does not work? Thanks in advance Torsten Igor c y Torsten -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Samba Configuration
Hi all, I have installed a SAMBA SERVER (3.0.4) into my network using a Windows NT 4.0 as a PDC. I want Samba to catch the passwords from this NT, and authenticate these users getting access to the shares. How can I do this? Does anybody have a smb.conf file as an example? I use Linux for a long time, but this is my first time with Samba, Thanks for your help, -- Bruno Lessa Cardoso -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: Roaming Profiles:Samba PDC:WinXP:User must be local admin
Igor Belyi wrote: Zach wrote: To clear it up: Domain: CIVILIZATION samba PDC: BABYLON Win XP client: TROY Domain user: Zach Local user: local_user If CILIVLIZATION\Zach is added to TROY\Administrators, then no problem. If CILIVLIZATION\Zach is removed from TROY\Administrators, then profile doesn't load properly, even if CILIVLIZATION\Zach is a member of TROY\Power Users or TROY\Users, etc. (This applies to other domain users as well, not just Zach). Further, when TROY\local_user, logs on to TROY, then no problem, regardless of group membership. Just to give you some hope - I don't have this problem. I have users which belong _only_ to Domain Users group and they have WinXP Theme loaded without a problem. BTW, did you move those profiles from local profiles or other Domains or were they created when users first login into Domain? ACLs and ownership on files in the Roaming profiles are stored in NTUSER.DAT file which is a representation of user registry. To properly copy User Profiles you would need to use Window's System Properties/Advanced/User Profiles. Well, I've been having the same probs too, and hadn't thought about this. That gives me lots of food for thought. Thanks Igor. TMS III Igor -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] samba printing on windows
Hi, I configured 3 printers on my Linux machine. One prinetr is a network printer and 2 are SMB printers. I shared all 3 printers through samba. On Windows side, i am seeing all 3 print shares and i am able to connect printrs. On windows , After connecting samba printers , when i open a printer ( print queue ) , it will open a Box. But, on the top of the box , it will show Access denied, unable to connect . It will process print jobs But it will not show the jobs in the print queue box. Pleaes, give suggestions on this. Regards, shashi kanth -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Weird thing with Samba and Final Cut Pro
Does anybody have a clue why, when I access my Linux Samba server from a Mac G5 (OS X 10.3.x) and try to capture digital video files, the Apple Final Cut application -- in allocating disk space for the file it's about to capture -- actually writes to the hard drive for a long time (presumably writing zeros) until it has created a file the very size of what it expects to store on the Samba server. This process basically occurs in real time. If I expect to capture a 30 minute file, the process takes about 30 minutes before capturing actually begins. When I access the same Linux server with Apple File Sharing/Netatalk, the disk space is allocated instantly and capturing begins right away. Could there be anything to configure in Samba that would make it behave more like Netatalk in this regard? Andy Liebman -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Re: Problems with Samba 3.0.5 only seeing 1360 files on a share to a Windows 2000
In dos (win 2000 cmd) it's shows the same, but under linux I seen all the files. Has anyone seen this before? I have seen something like that, but only about 130 entries (files or dir's) were seen. ls -l showed 146 entries, the same amount was returned by ls in smbclient. I am using samba 3.0.7 from FreeBSD port. FreeBSD verision is 4.10. Yesterday I tried to simulate such situation - I've created about 1800 directory entries (using mktemp), but in Windows 2000 all of them were seen. I suppose, the amount of seen entries depends on their name's lengths. I've also made some syscall tracing on smbd when listing such directory (the one with 146 long entries) and it looked way like this: [..] read dir stat entry #1 stat entry #2 . . stat entry #130 send partial response to socket (about 16kB) stat entry #131 . . stat entry #146 send the rest of response (about 1-2 kB) In Windows only entries sent in first response were seen. Does anyone have any idea? Maybe analyzing responses from Windows server would help (for example using Ethereal) ? -- Tomasz Rosiak -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Cross-subnet browsing and oplocks
Hi, Thank you for your response. I use the tun device as it seemed it was a bit easier to setup. I did read that tap was a bit better with windows, but other than the oplocks issue with Samba I have not had any real problem with the openVPN setup and Samba. I think I will setup a test openVPN server running a tap device and see if there are any apparent differences. I have read though the Samba manual regarding oplocks and agree that they are a bit difficult to understand, okay, quite a bit. On my regular office network oplocks have worked fine since I started running the Samba server and it is only with the introduction of the VPN that I have seen any troubles. I have also read about a few file types causes issues with oplocks, I had problems with excel files, but it seems to be okay now, well nobody is complaining anymore anyway. I am not to familiar with pptp other than it is a point-to-point tunnelling protocol and the things I have read discuss using it with dial-up, we have no dedicated dailup access to our networks. For clarity sake, there appears to be no oplocks whatsoever when a client over the openVPN connection accesses a file on the server. Their connection is logged by samba, they show up in smbstatus, including all mounted drives, IP address, and username, just no oplocks. I think one of the first things I need to do is upgrade the Samba server to the latest version, but that will have to wait until the weekend as it is currently in use. As a first attempt I will try a tap device on the openVPN connection Thank you for your help and I will post any notable results. Michael Kelly rruegner [EMAIL PROTECTED] 28/09/2004 5:01:44 pm Hi Michael, do you use the tap device? like this ( man openvpn advice tap instead of tun devices for win networks) #example conf #my partners dns name remote your.partner.dns #kind of device dev tap0 float #tunnel ips my tunnel nic partners tunnel nic ifconfig 192.168.10.2 255.255.255.0 #what to do if comming up up /etc/openvpn/your.partner.dns.conf # optional, but good for setting route # timeouts ping 15 ping-restart 300 # 5 minutes resolv-retry 300 # 5 minutes persist-tun persist-key # compression (optional) comp-lzo # verbosity (optional) verb 5 #user and group user nobody group nogroup secret /etc/openvpnkey #mtu #mtu-test tun-mtu 1500 #daemonize daemon #tune #fragment 1400 #mssfix 1400 tun-mtu-extra 64 i have a few setups with pdc and bdc sambas across openvpn networks and they work quite well, i never found some oplocks problems ( what makes not sure that they are some ) but in 6 Months on 3 Servers with 100 Users and gigs of files nobody talked about that. Study the subnet browsing stuff from samba, using openvpn as laptop clients i found not satisfactory i use pptp vor my roadwarriors. oplocks are difficult to understand, i had my troubles with them in the past but now it worked from default with samba 3.07 but i read there are a few filetypes which making special trouble with them. Maybe this was usefull for you its a complex theme Regards Michael Kelly schrieb: Hello all, I will give you a few details first. In my office I am running Samba 3.02a as a simple file serve and a WINS server. It currently serves about 11 employees. That setup, other than a couple of minor things works fine. I administrate a remote office as well that is part of the same company, there are 3 employees. In that office I have a Linux gateway running openVPN 2.0beta11 as a client which connects to our office so that they can utilize our file server. They can connect without any issues and get any resources they need from the file server. They also register on the WINS server listed above. That same Linux gateway is also running Samba 3.07 for the sole purpose of browse list syncronization. My routed openVPN solution does not allow broadcasts across its tunnel. Again this is working fine, They register with WINS, use WINS for NetBIOS lookups, and use resources from the Samba file server. Also, I have two remote employees that connect to our network using an openVPN client on laptops running win2000 Pro. Again, these connections work great and they are able to register with the WINS server, edit files, what have you. The problem I am having is that oplocks do not seem to function for any of the users connected via VPN. When I look at the status of the file server using smbstatus, I can see all of the connected users, both in my subnet and the ones connecting across the VPN, as well as being able to see the shares they have mapped. I guess I am not sure why clients are able to open files across the VPN but not have the oplocks engaged. I have no turned off locks on any of the shares and, as I said earlier, users from my physical office receive locks when they open files, but remote users do not. If I open a file on a machine on the office network, it is locked and even a remote client cannot
Re: [Samba] Re: Public share
On Wed, 29 Sep 2004, Igor Belyi wrote: Barbara M. wrote: On Tue, 28 Sep 2004, Igor Belyi wrote: Tried without success. Ok, I forgot that 'public' and 'guest ok' are synonyms and you have it in your smb.conf... I put it both in [global] and in [pubblica] :-( Seems that using security = user I can't have a public share. Why? At least I have them with security = user. I dumb question - does user 'nobody' has access to the /home/Public directory? Group and owner. I try also to create a /Pub drwxrwxrwx nobody nobody But no differences: always required a user to access. Anyone have a working conf (PDC+homes+public in samba 3.0.x)? Regards, B. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Re: New here ... with an NT Group problem
Torsten E. wrote: Torsten E. schrieb am Mittwoch, 29. September 2004 00:22: So, I just tried to delete those groups/SIDs, but it doesn't work ...: pdc:/home/torsten # net groupmap list System Operators (S-1-5-32-549) - ntadmin Domain Users (S-1-5-21-363742550-2379833043-2840705137-513) - ntuser Replicators (S-1-5-32-552) - ntadmin Guests (S-1-5-32-546) - nogroup NTUsers (S-1-5-21-363742550-2379833043-2840705137-1201) - ntuser Domain Users (S-1-5-21-1313674548-3619494541-1192360840-513) - -1 Power Users (S-1-5-32-547) - ntuser Print Operators (S-1-5-32-550) - ntadmin Administrators (S-1-5-32-544) - ntadmin Account Operators (S-1-5-32-548) - ntadmin Domain Guests (S-1-5-21-1313674548-3619494541-1192360840-514) - -1 Backup Operators (S-1-5-32-551) - ntadmin Users (S-1-5-32-545) - ntuser Domain Admins (S-1-5-21-1313674548-3619494541-1192360840-512) - -1 Domain Admins (S-1-5-21-363742550-2379833043-2840705137-512) - ntadmin Domain Guests (S-1-5-21-363742550-2379833043-2840705137-514) - nogroup pdc:/home/torsten # pdc:/home/torsten # net groupmap delete ntgroup=Domain Admin sid=S-1-5-21-1313674548-3619494541-1192360840-512 Sucessfully removed S-1-5-21-1313674548-3619494541-1192360840-512 from the mapping db pdc:/home/torsten # net groupmap delete sid=S-1-5-21-1313674548-3619494541-1192360840-513 Sucessfully removed S-1-5-21-1313674548-3619494541-1192360840-513 from the mapping db pdc:/home/torsten # net groupmap delete sid=S-1-5-21-1313674548-3619494541-1192360840-514 Sucessfully removed S-1-5-21-1313674548-3619494541-1192360840-514 from the mapping db pdc:/home/torsten # pdc:/home/torsten # net groupmap list sid=S-1-5-21-1313674548-3619494541-1192360840-512 Domain Admins (S-1-5-21-1313674548-3619494541-1192360840-512) - -1 pdc:/home/torsten # net groupmap list sid=S-1-5-21-1313674548-3619494541-1192360840-513 Domain Users (S-1-5-21-1313674548-3619494541-1192360840-513) - -1 pdc:/home/torsten # net groupmap list sid=S-1-5-21-1313674548-3619494541-1192360840-514 Domain Guests (S-1-5-21-1313674548-3619494541-1192360840-514) - -1 pdc:/home/torsten # Any idea why it does not work? Well... My guess is that S-1-5-21-1313674548-3619494541-1192360840 is SID of the domain you are trying to remove those mappings from. Is it the same SID 'net getlocalsid' retuns you? And since these are builtin groups they are always there - they just may have or may have not mappings to UNIX groups. I suspect that your problem is that you have those other mappings from a wrong (old?) domain: S-1-5-21-363742550-2379833043-2840705137 and that those SIDs are mapped into your local UNIX groups instead of the one from your current domain. So, check SID of the domain you use and then make sure that builtin groups from this domain are mapped to your UNIX groups. Hope it helps, Igor -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] net groupmap failures
OK all, really going nuts here. wbinfo -u/-g works, pulls up the W2k users/groups. Net ads join works just fine. Created the krb5.keytab file on the w2k machine and kutil copy this to /etc/krb5.keytab. kinit administrator works fine. However, all net groupmap commands fail. Here's an example: fskkweb# net groupmap add unixgroup=admin ntgroup=Domain Admins No rid or sid specified, choosing algorithmic mapping [2004/09/29 08:42:46, 0] lib/smbldap.c:smbldap_open_connection(623) Failed to issue the StartTLS instruction: Decoding error [2004/09/29 08:42:47, 0] passdb/pdb_ldap.c:ldapsam_search_one_group(1873) ldapsam_search_one_group: Problem during the LDAP search: LDAP error: 20D6: SvcErr: DSID-03100684, problem 5012 (DIR_ERROR), data 0 (Operations error) Snip-error burps out for quite a number of lines [2004/09/29 08:42:47, 0] passdb/pdb_ldap.c:ldapsam_search_one_group(1873) ldapsam_search_one_group: Problem during the LDAP search: LDAP error: 20D6: SvcErr: DSID-03100684, problem 5012 (DIR_ERROR), data 0 (Operations error) adding entry for group Domain Admins failed! fskkweb# I'm assuming there is some problem with openldap client. ldapsearch burps out this: fskkweb# ldapsearch -v -D CN=Administrator,CN=Users,DC=fsklaw,DC=net ldap_initialize( DEFAULT ) ldap_bind: Invalid credentials (49) additional info: 80090308: LdapErr: DSID-0C09030B, comment: AcceptSecurityContext error, data 52e, v893 Any body have any clues...I would love to get this working. If you need smb.conf, krb5.conf, nsswitch files etc. please ask. TMS III -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Problems compiling samba-3.0.7 on Redhat-7.2
Hi Greg, Well, I did the same thing and hacked the configure file and its working. I am just wondering why -Wl option will cause such a problem ? Rahul -Original Message- From: Greg Ryan [mailto:[EMAIL PROTECTED] Sent: Tue 9/28/2004 6:59 PM To: Rahul Padalikar (WT01 - EMBEDDED PRODUCT ENGINEERING SOLUTIONS) Cc: [EMAIL PROTECTED] Subject: Re: [Samba] Problems compiling samba-3.0.7 on Redhat-7.2 Rahul I saw your samba list posting on your RH9 experience with samba 3.0.7. I found the same problem when dropping in the source of 3.0.7 in place of 3.0.6. If you investigate the configure scripts, between the two releases, they have changed things so that you now get LDSHFLAGS=-shared -Wl,-Bsymbolic under 3.0.7, where under 3.0.6 it was LDSHFLAGS=-shared -Bsymbolic If you hack the scripts to make the LDSHFLAGS like that under 3.0.6, then the build works quietly. I think it is only the build of winbind that is effected by this loader problem. Any suggestions or further information on this change? Confidentiality Notice The information contained in this electronic message and any attachments to this message are intended for the exclusive use of the addressee(s) and may contain confidential or privileged information. If you are not the intended recipient, please notify the sender at Wipro or [EMAIL PROTECTED] immediately and destroy all copies of this message and any attachments. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: [cups.general] Re: Windows Clients keep finished jobs in Queue
On Wednesday 29 September 2004 09:29, Ryan Suarez wrote: I'm also seeing this problem. We're running samba 3.0.7 with CUPS 1.1.20. The clients printing are WinXP Professional SP1. The jobs printed are still displayed in the Windows printer status window, even though it's been printed already and disappears from the CUPS printer queue list. You will note that if you refresh, they disappear. I see the problem too with 3.0.6. Have not tested with 3.0.7 yet. I think it's also with WinNT clients. Another person on this list reported the same refresh problem with files in Explorer too. Misty -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Roaming Profiles:Samba PDC:WinXP:User must be local admin
On Tue, 2004-09-28 at 11:18, Stefan Wegner wrote: Craig White schrieb: The 'homes' share should be differentiated from the 'profiles' share if you desire to have expected behavior. Whether this is an absolute requirement or not, I have no idea but I do know that I don't have a problem with roaming profiles and haven't since 2.2.x and it still works on 3.0.x Doesn't make any difference: profile acls = yes in homes is the same behaviour asin profiles as long as profiles are located under homes. The prob is still the same: user with local adm-rights = complete profile user with User- or Poweruser- rights = reduced profile (background and other settings) Can you switch the local Rights of your Users from User to Admin and then go back to User without loss in the profile ? I have done that but only once. My users are all NOT local admins or power users - they are pretty much unprivileged beyond the local Users. Either way (or even switching to and from local Administrator group) caused no problem with loading the profile. On the samba server(s) - my privileges are different for the homes and profiles directories. my users homes are in... drwxr-xr-x 40 root root 4096 Sep 8 10:50 users and a sample users directory... drwx-- 19 craigusers-all 4096 Aug 29 17:31 craig whereas the profiles... drwxrwsr-x 21 Administrator Domain Users 4096 Sep 9 08:53 profiles and a sample profile directory drwxr-xr-x 13 test Domain Users 4096 Jan 26 2004 test This has not been a problem for me. Craig -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Re: Problem
wrote: I've installed samba 3.0.2a with winbind 3.0.2a (I have the PDS on NT4). net rpc join -S -U Administrator Joined the domain MYDOMAIN. That is ok! When I execute the command 'getent passwd', I receive the list of local users and domain users. But when I execute the command 'getent group', I receive the list of only local groups. That is the matter? Did you check that your /etc/nsswitch.conf has winbind listed for group: as well as for passwd:? Igor -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Re: Authenticateing DC's on an ldap backend... nobody knows how?
If I knew what it had to do with devfs, I would have been alot farther ... Mandrake. In order to write a HOWTO for this, I need to have as similar a setup as possible. ...which goes back into me not yet having mentioned that which has already been tried. :-/ What was tried previously was adding ... appropriate log levels for slapd/smbd? I've always had trouble with them which may explain a lot. OK, I've made some discoveries which may point to the LDAP acls I've been using. 1. smbldap scripts cannot create a user account when authenticateing as host. 2. smbldap scripts cannot read password information unless space in Domain Controllers is escaped. Here are my acls. They are the new regex based ones provided by Mandrake. I could use some tips on testing them. What should I be looking for in the logs? The entry in slapd.conf reads like this: # Define global ACLs to disable default read access. include /etc/openldap/slapd.access.conf # Provide write access to replicators, and cover access to any other # attributes (default anonymous read access may be undesirable) access to dn.subtree=dc=j9starr,dc=net by group=cn=Replicator,ou=Group,dc=j9starr,dc=net by users read by anonymous read Entries in slapd.access.conf looks like this: # Generic ACLs # These ACLs should work well for any domain-based (ie dc=,dc=) suffix, # but need adjustment and testing for any other suffix # Note that these ACLs allow anonymouse read access to most non-password # attributes, you may want to prevent leakage of this information by # removing the by anonymous read lines # Protect passwords, using a regex so we can have generic accounts with # write access # Openldap will not authenticate against non-userPassword attributes # but we would have to duplicate most rules ... access to dn.regex=^([^,]*,)?ou=[^,]+,(dc=[^,]+(,dc=[^,]+)*)$ attrs=lmPassword,ntPassword,sambaLMPassword,sambaNTPassword,userPassword by self write by dn.exact,expand=uid=Administrator,ou=People,$2 write by group=cn=Domain\ Controllers,ou=Group,$2 write by group=cn=Replicator,ou=Group,$2 write by anonymous auth by * none # ACL allowing samba domain controllers to add user accounts access to dn.regex=^([^,]+,)?ou=People,(dc=[^,]+(,dc=[^,]+)*)$ attrs=entry,children,posixAccount,sambaAccount,inetOrgperson,sambaSamAccount by dn.exact,expand=uid=Administrator,ou=People,$2 write by group=cn=Domain\ Controllers,ou=Group,$2 write by group=cn=Replicator,ou=Group,$2 write by users read by anonymous read # allow users to modify their own address book entries: access to dn.regex=([^,]+,)?ou=People,(dc=[^,]+(,dc=[^,]+)*)$ attrs=inetOrgPerson,mail by self write by dn.exact,expand=uid=Administrator,ou=People,$2 write by group=cn=Domain\ Controllers,ou=Group,$2 write by group=cn=Replicator,ou=Group,$2 write by users read by anonymous read # Allow samba domain controllers to create groups and group mappings access to dn.regex=^([^,]+,)?ou=Group,(dc=[^,]+(,dc=[^,]+)*)$ attrs=entry,children,posixGroup,sambaGroupMapping by dn.exact,expand=uid=Administrator,ou=People,$2 write by group=cn=Domain\ Controllers,ou=Group,$2 write by group=cn=Replicator,ou=Group,$2 write by users read by anonymous read # Allow samba domain controllers to create machine accounts access to dn.regex=^([^,]+,)?ou=Hosts,(dc=[^,]+(,dc=[^,]+)*)$ attrs=entry,children,posixAccount,inetOrgperson,sambaSamAccount by dn.exact,expand=uid=Administrator,ou=People,$2 write by group=cn=Domain\ Controllers,ou=Group,$2 write by group=cn=Replicator,ou=Group,$2 write by users read by anonymous read # Allow samba to create idmap entries access to dn.regex=^([^,]+,)?ou=Idmap,(dc=[^,]+(,dc=[^,]+)*)$ attrs=entry,children,sambaIdmapEntry by dn.exact,expand=uid=Administrator,ou=People,$2 write by group=cn=Domain\ Controllers,ou=Group,$2 write by group=cn=Replicator,ou=Group,$2 write by users read by anonymous read # Allow users in the domain to add entries to the global address book: access to dn.regex=^([^,],)?ou=Contacts,(dc=[^,]+(,dc=[^,]+)*)$ attrs=children,entry,inetOrgPerson by dn=uid=[^,]+,ou=People,$2 write by group=cn=Replicator,ou=Group,$2 write by users read by anonymous read -- - | I can be reached on the following Instant Messenger services: | |---| | MSN: [EMAIL PROTECTED] AIM: WyteLi0n ICQ: 123291844 | |---| | Y!: j_c_llings Jabber: [EMAIL PROTECTED]| - -- To
[Samba] winbind user vs group permission deny
Samba List - Like most people new to Samba, I'm having the most trouble setting up permissions. First of all, let me get this straight: if you use security = domain, you do not need to set up individual users on the Linux box (in an NT domain), correct? I want all users to be able to read the files in LSSNET, and only specific users allowed to write to it. If the folder is 775 and the group owner is LSS_A+Domain Users everyone has read and write access. Then to deny the write access I add read list and write list as below. Now even though I am in all the groups and my individual user is in write list, I don't have write access. This is because I'm also in Domain Users and the read list overrides all Samba permissions The other options is to change the folder to 755, but then no matter what groups I add to write access, they will not override the Unix permissions. This means I have no way to give all users read access and only some users write access without actually creating the users on the local linux box...and that defeats the purpose of the security = domain ? ? ? Thanks in advance for anybody who can solve this. Paul #SETUP# root# ls -lah drwxrwxr-x 36 root LSS_A+Domain Users 4.0K Sep 29 08:46 lssnet [global] workgroup = LSS_A server string = Intranet Server log file = /var/log/samba/%m.log max log size = 500 security = domain password server = lss_pdc bdc1 bdc2 encrypt passwords = yes smb passwd file = /usr/local/samba/private/smbpasswd Winbind # This section added by PJR 5/25/04 # Include winbind NT domain support winbind separator = + winbind uid = 1-2 winbind gid = 1-2 winbind use default domain = no winbind cache time = 20 winbind enum users = yes winbind enum groups = yes # Most people will find that this option gives better performance. # See speed.txt and the manual pages for details # Browser Control Options: # set local master to no if you don't want Samba to become a master # browser on your network. Otherwise the normal election rules apply local master = no # WINS Server - Tells the NMBD components of Samba to be a WINS Client # Note: Samba can be either a WINS Server, or a WINS Client, but NOT both wins server = 206.145.30.12 # DNS Proxy - tells Samba whether or not to try to resolve NetBIOS names # via DNS nslookups. The built-in default for versions 1.9.17 is yes, # this has been changed in version 1.9.18 to no. dns proxy = no force create mode = 0775 force directory mode = 0775 read only = yes veto oplock files = /*.cgi/ guest ok = no browseable = no writable = no # Note: This line is added for security purposes. The following # users should never have access to the Samba shares invalid users = root,bin,daemon,adm,sync,shutdown,halt,mail,news,uucp,operator,gopher [lssnet] path = /www/lssnet comment = Intranet Web Files read list = 'LSS_A+Domain Users' write list = LSS_A+pryan, 'LSS_A+Corp Tech', 'LSS_A+Domain Admins' Paul Ryan, Technology Specialist LSS Data Systems 6423 City West Parkway, Eden Prairie, MN 55344 952.941.1000 -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Re: Authenticateing DC's on an ldap backend... nobody knows how?
Whoops! Missed part of those acls that had scrolled off the top of my screen. The full slapd.access.conf listing is as follows: # This is a good place to put slapd access-control directives # The Administrator DIT should be accessible to all clients access to dn.exact= by * read # Generic ACLs # These ACLs should work well for any domain-based (ie dc=,dc=) suffix, # but need adjustment and testing for any other suffix # Note that these ACLs allow anonymouse read access to most non-password # attributes, you may want to prevent leakage of this information by # removing the by anonymous read lines # Protect passwords, using a regex so we can have generic accounts with # write access # Openldap will not authenticate against non-userPassword attributes # but we would have to duplicate most rules ... access to dn.regex=^([^,]*,)?ou=[^,]+,(dc=[^,]+(,dc=[^,]+)*)$ attrs=lmPassword,ntPassword,sambaLMPassword,sambaNTPassword,userPassword by self write by dn.exact,expand=uid=Administrator,ou=People,$2 write by group=cn=Domain\ Controllers,ou=Group,$2 write by group=cn=Replicator,ou=Group,$2 write by anonymous auth by * none # ACL allowing samba domain controllers to add user accounts access to dn.regex=^([^,]+,)?ou=People,(dc=[^,]+(,dc=[^,]+)*)$ attrs=entry,children,posixAccount,sambaAccount,inetOrgperson,sambaSamAccount by dn.exact,expand=uid=Administrator,ou=People,$2 write by group=cn=Domain\ Controllers,ou=Group,$2 write by group=cn=Replicator,ou=Group,$2 write by users read by anonymous read # allow users to modify their own address book entries: access to dn.regex=([^,]+,)?ou=People,(dc=[^,]+(,dc=[^,]+)*)$ attrs=inetOrgPerson,mail by self write by dn.exact,expand=uid=Administrator,ou=People,$2 write by group=cn=Domain\ Controllers,ou=Group,$2 write by group=cn=Replicator,ou=Group,$2 write by users read # Allow samba domain controllers to create groups and group mappings access to dn.regex=^([^,]+,)?ou=Group,(dc=[^,]+(,dc=[^,]+)*)$ attrs=entry,children,posixGroup,sambaGroupMapping by dn.exact,expand=uid=Administrator,ou=People,$2 write by group=cn=Domain\ Controllers,ou=Group,$2 write by group=cn=Replicator,ou=Group,$2 write by users read by anonymous read # Allow samba domain controllers to create machine accounts access to dn.regex=^([^,]+,)?ou=Hosts,(dc=[^,]+(,dc=[^,]+)*)$ attrs=entry,children,posixAccount,inetOrgperson,sambaSamAccount by dn.exact,expand=uid=Administrator,ou=People,$2 write by group=cn=Domain\ Controllers,ou=Group,$2 write by group=cn=Replicator,ou=Group,$2 write by users read by anonymous read # Allow samba to create idmap entries access to dn.regex=^([^,]+,)?ou=Idmap,(dc=[^,]+(,dc=[^,]+)*)$ attrs=entry,children,sambaIdmapEntry by dn.exact,expand=uid=Administrator,ou=People,$2 write by group=cn=Domain\ Controllers,ou=Group,$2 write by group=cn=Replicator,ou=Group,$2 write by users read by anonymous read # Allow users in the domain to add entries to the global address book: access to dn.regex=^([^,],)?ou=Contacts,(dc=[^,]+(,dc=[^,]+)*)$ attrs=children,entry,inetOrgPerson by dn=uid=[^,]+,ou=People,$2 write by group=cn=Replicator,ou=Group,$2 write by users read by anonymous read -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Roaming Profiles:Samba PDC:WinXP:User must be local admin
We just experimented with this here at work. As administrator we manually deleted the profile of a user at replaced it with a manual copy of another user's profile, and the problem was reproduced exactly. When we subsquently deleted NTUSER.DAT and logged in again, NTUSER.DAT was rebuilt using the default profile and the profile loaded properly. Evidently the SID recorded in NTUSER.DAT has to match the user's sid or it won't load properly. Now to find out how to repair/rebuild/migrate NTUSER.DAT without losing the user's sid without losing the customizations. Although this has turned out to not really be a Samba problem, I'll post what I find out since this seems to affect several users on the list. Thanks Zach On Wed, 29 Sep 2004 10:00:47 -0700, Craig White [EMAIL PROTECTED] wrote: On Tue, 2004-09-28 at 11:18, Stefan Wegner wrote: Craig White schrieb: The 'homes' share should be differentiated from the 'profiles' share if you desire to have expected behavior. Whether this is an absolute requirement or not, I have no idea but I do know that I don't have a problem with roaming profiles and haven't since 2.2.x and it still works on 3.0.x Doesn't make any difference: profile acls = yes in homes is the same behaviour asin profiles as long as profiles are located under homes. The prob is still the same: user with local adm-rights = complete profile user with User- or Poweruser- rights = reduced profile (background and other settings) Can you switch the local Rights of your Users from User to Admin and then go back to User without loss in the profile ? I have done that but only once. My users are all NOT local admins or power users - they are pretty much unprivileged beyond the local Users. Either way (or even switching to and from local Administrator group) caused no problem with loading the profile. On the samba server(s) - my privileges are different for the homes and profiles directories. my users homes are in... drwxr-xr-x 40 root root 4096 Sep 8 10:50 users and a sample users directory... drwx-- 19 craigusers-all 4096 Aug 29 17:31 craig whereas the profiles... drwxrwsr-x 21 Administrator Domain Users 4096 Sep 9 08:53 profiles and a sample profile directory drwxr-xr-x 13 test Domain Users 4096 Jan 26 2004 test This has not been a problem for me. Craig -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] hostname and smbstatus
Hi, I'm having problems with seeing the hostname of a Linux box correctly under Samba with smbstatus. Background: I'm running Debian sarge with Samba 3.0.5 on a server that I built. It sits on our local network behind a Smoothwall firewall, which functions as a virtual nameserver using our ISP's DNS servers for resolution. I've been able to set up our Windows machines without too much problem with the Debian Samba server as a PDC. I'm now trying to connect a Mepis (Debian sid) box to the server using Samba. Problem: When I login to a Mepis user session, the share is mounted in a user directory (set up with smb4k). However, smbstatus shows only the IP address of the machine, not the hostname. The Windows machine hostnames show up correctly. Here's smbstatus with forced user/group yarg/domadm, Windows XP box thais, and the Linux box: Samba version 3.0.5-Debian PID Username Group Machine --- 3096 yarg domadm192.168.1.8 (192.168.1.8) 2816 yarg domadmthais (192.168.1.10) I've changed /etc/hosts on the client, server, and firewall/nameserver machine to include the IP-name; nsswitch.conf maps host to DNS. smb.conf has name resolve order parameter set to host wins lmhosts bcast. I'm not specifying a WINS server, but have configured wins support to yes. I also have Mandrake 10 and SuSE 9.1 triple-booting with the Mepis partitions and while they also connect as Samba clients, I have the same result -only the IP shows up. Any ideas? Thanks. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Roaming Profiles:Samba PDC:WinXP:User must be local admin
Zach wrote: We just experimented with this here at work. As administrator we manually deleted the profile of a user at replaced it with a manual copy of another user's profile, and the problem was reproduced exactly. When we subsquently deleted NTUSER.DAT and logged in again, NTUSER.DAT was rebuilt using the default profile and the profile loaded properly. Evidently the SID recorded in NTUSER.DAT has to match the user's sid or it won't load properly. Good news Zach. I'm off to the office to give it a go myself. Should give a preliminary response by noon PST. Cheers, TMS III Now to find out how to repair/rebuild/migrate NTUSER.DAT without losing the user's sid without losing the customizations. Although this has turned out to not really be a Samba problem, I'll post what I find out since this seems to affect several users on the list. Thanks Zach On Wed, 29 Sep 2004 10:00:47 -0700, Craig White [EMAIL PROTECTED] wrote: On Tue, 2004-09-28 at 11:18, Stefan Wegner wrote: Craig White schrieb: The 'homes' share should be differentiated from the 'profiles' share if you desire to have expected behavior. Whether this is an absolute requirement or not, I have no idea but I do know that I don't have a problem with roaming profiles and haven't since 2.2.x and it still works on 3.0.x Doesn't make any difference: profile acls = yes in homes is the same behaviour asin profiles as long as profiles are located under homes. The prob is still the same: user with local adm-rights = complete profile user with User- or Poweruser- rights = reduced profile (background and other settings) Can you switch the local Rights of your Users from User to Admin and then go back to User without loss in the profile ? I have done that but only once. My users are all NOT local admins or power users - they are pretty much unprivileged beyond the local Users. Either way (or even switching to and from local Administrator group) caused no problem with loading the profile. On the samba server(s) - my privileges are different for the homes and profiles directories. my users homes are in... drwxr-xr-x 40 root root 4096 Sep 8 10:50 users and a sample users directory... drwx-- 19 craigusers-all 4096 Aug 29 17:31 craig whereas the profiles... drwxrwsr-x 21 Administrator Domain Users 4096 Sep 9 08:53 profiles and a sample profile directory drwxr-xr-x 13 test Domain Users 4096 Jan 26 2004 test This has not been a problem for me. Craig -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Switch profile from local to roaming?
I've got a WinXP machine that was configured for local profiles. I have now joined that machine to the domain, but when I try to log in as a user, it tries to use a roaming profile. Fine, that's what I want anyway. But it doesn't do the smart thing and copy the user's local profile to roaming -- it gives an error instead. OK, no problem, I will change the type. I log in as local admin and go to her profile. It only gives me Local as an option. Maybe it's because I'm not logged into the domain. OK, I log into the domain as Administrator (alias root -- uid of 0). It doesn't even let me SEE her profile then. Because it is local, I assume. So ok, I add MYDOMAIN\Administrator as a local administrator on her machine. It lets me see her profile now but I still can't change it to roaming. And every time I try to copy it into either Administrator's directory on the server, or hers, it gives me Permission Denied. So what is the real way to get this accomplished? Thanks, Misty -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Profiles and PDC
We have severla samba servers which we've just tried to upgrade to using the domain based security. Most things seem to be fine but there is one problem which is causing some trouble. Roaming profiles are decalred on the PDC to be: logon path = \\ufs.%G\%U\Profiles which resolves to a folder called Profiles in the users home directory. The server ufs.%G is not the same server as the PDC. When we try to log in we get a message telling us that there is a security problem with the Roaming profile and it refuses to download. However the folder Profiles does get created on the users home directory. In the samba log files we get the error: rm43pc066-kopen (160.5.100.2) signed connect to service csa01 initially as user csa01 (uid=732, gid=426) (pid 31918) [2004/09/29 18:03:11, 0] smbd/posix_acls.c:create_canon_ace_lists(1385) create_canon_ace_lists: unable to map SID S-1-5-21-1129199182-1858052969-2540920885-2464 to uid or gid. However once logged in we can browse and play with the folder with no problem. We're running samba 3.0.7 on fedora-2 with acl support. Using %N/Profiles/%U as the logon path works fine but we want the profiles to be in the users home directory and not on the PDC. -- __[EMAIL PROTECTED]Jonathan Knight, / Department of Computer Science / _ __ Telephone: +44 1782 583437 University of Keele, Keele, (_/ (_) / / Fax : +44 1782 713082 Staffordshire. ST5 5BG. U.K. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Roaming Profiles:Samba PDC:WinXP:User must be local admin
Tom, Can't wait to find out what you learn. In the mean time, a quick google search turned up this: http://www.samba.org/samba/docs/man/profiles.1.html Unfortunately I don't have this package installed on this system, so I don't have the man page or the profiles command right now. On Wed, 29 Sep 2004 10:46:14 -0700, Tom Skeren [EMAIL PROTECTED] wrote: Zach wrote: We just experimented with this here at work. As administrator we manually deleted the profile of a user at replaced it with a manual copy of another user's profile, and the problem was reproduced exactly. When we subsquently deleted NTUSER.DAT and logged in again, NTUSER.DAT was rebuilt using the default profile and the profile loaded properly. Evidently the SID recorded in NTUSER.DAT has to match the user's sid or it won't load properly. Good news Zach. I'm off to the office to give it a go myself. Should give a preliminary response by noon PST. Cheers, TMS III -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Switch profile from local to roaming?
I'm currently trying to solve a problem regarding roaming profiles in another thread. In this case it appears the profiles weren't migrated properly. In my case I think (it was a long time ago) I simply copied the the profile directory up to the server with a simple drag and drop (I didn't know better). In trying to solve the problems with a now malformed NTUSER.DAT a google search turned this up: http://www.samba.org/samba/docs/man/profiles.1.html It appears the samba developers are attempting to address this very problem. See the thread, Roaming Profiles:Samba PDC:WinXP:User must be local admin, for more info. On Wed, 29 Sep 2004 13:08:24 -0500, Paul Gienger [EMAIL PROTECTED] wrote: doesn't do the smart thing and copy the user's local profile to roaming -- it That would actually be a very *dumb* thing to do. These are two users from two different worlds as far as Windows is concerned. If you were to look at the SIDs of them (windows version of UID) you would see they arent even close. So what is the real way to get this accomplished? Not sure if this is the 'approved' way to do things like this, but it always works for me when I have to migrate a profile from one dir to another, usually I use it when switching domains, i.e. from our 'one domain per site' to one global domain where the sid just can't match ANYWAY 1. Copy said user's profile to a backup location 2. Move the 'Default User' profile someplace so that it isn't in the way 3. Copy said user's old profile to Default User 4. Log in as said user, the default profile will copy to the user's profile 5. Move real 'Default User' back Now there will be some things that aren't migrated but that depends a lot on your setup and what programs you run. For the most part, everything involving the SID that Windows knows about will be migrated in my experience. -- Paul Gienger Office: 701-281-1884 Applied Engineering Inc. Information Systems Consultant Fax:701-281-1322 URL: www.ae-solutions.commailto: [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Re: Authenticateing DC's on an ldap backend... nobody knows how?
Drat! Escapeing the space in Domain Controllers doesn't seem to help after all. Whoops! Missed part of those acls that had scrolled off the top of my ... by users read by anonymous read Jim C. -- - | I can be reached on the following Instant Messenger services: | |---| | MSN: [EMAIL PROTECTED] AIM: WyteLi0n ICQ: 123291844 | |---| | Y!: j_c_llings Jabber: [EMAIL PROTECTED]| - -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Mixed Network Diagnostics
Hi Folks, I emailed earlier about some samba / network issues we are having with in a mixed OS environment. I believe that our problem might be being caused by possible multiple Browse Masters in the windows machines. What I am trying to find is a good way to help determine this. I'm not a windows guru, and have not been able to find any browse master settings on the XP systems. I have read online about BrowseMon.exe. But have not been able to find a copy of it anywhere! Can anyone recommend a good tool for helping to diagnose this issue? Or point me in the direction of BrowseMon? Jim Beard counterclaim.com, Inc http://www.counterclaim.com http://openefm.sourceforge.net (800) 264-8145 -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Mixed Network Diagnostics
Try browstat in the resource kit tools for Server 2000 and 2003. http://support.microsoft.com/default.aspx?scid=kb;en-us;188305 The default settings for all 2000 and XP server/clients is to paticipate in the browser master elections by disabling it on server/workstations you do not want to maintain the master browser list http://www.jsiinc.com/SUBA/tip0100/rh0148.htm Also note that the master browser list is subnet based, so each subnet needs it's own master browsers. Yang On Wed, 29 Sep 2004 11:52:28 -0700, Jim Beard [EMAIL PROTECTED] wrote: Hi Folks, I emailed earlier about some samba / network issues we are having with in a mixed OS environment. I believe that our problem might be being caused by possible multiple Browse Masters in the windows machines. What I am trying to find is a good way to help determine this. I'm not a windows guru, and have not been able to find any browse master settings on the XP systems. I have read online about BrowseMon.exe. But have not been able to find a copy of it anywhere! Can anyone recommend a good tool for helping to diagnose this issue? Or point me in the direction of BrowseMon? Jim Beard counterclaim.com, Inc http://www.counterclaim.com http://openefm.sourceforge.net (800) 264-8145 -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] RE: Trouble setting up an Anonymous read/write samba server for WinXP Pro users
Just thought I would follow-up on this as I finally found a solution. Using the exact same configuration, I simply upgraded to samba 3.0.7 and the problem went away! Tim -Original Message- From: Tim Harvey [mailto:[EMAIL PROTECTED] Sent: Friday, September 24, 2004 12:47 PM To: '[EMAIL PROTECTED]' Subject: Trouble setting up an Anonymous read/write samba server for WinXP Pro users Greetings, I'm having difficulty setting up an 'Anonymous Read-Write' SAMBA server on a new system with a stock FC2 installation for use with WinXP Pro systems. I'm using the following software on the 'fileserver': - Linux FC2 installed from the FC2 iso's: kernel 2.6.5-1.358 - samba-common-3.0.3-5 - samba-3.0.3-5 - samba-client-3.0.3-5 - samba-swat-3.0.3-5 - system-config-samba-1.2.9-2 Following the instructions and examples in the official SAMBA howto, I'm under the impression that I want a smb.conf file such as: # Global parameters [global] workgroup = MSHOME netbios name = FILESERVER security = SHARE [data] comment = Data path = /export force user = nobody force group = nobody read only = No guest ok = Yes The problem I'm running into is that when I attempt to connect to the share from a WinXP Pro system by simply using the address \\fileserver in an explorer window, I immediately get a 'Connect to fileserver' window from WinXP with a greyed out username set to 'fileserver\Guest' and asking for a password. I'm confused - the whole point of setting up an anonymous read/write server was to avoid having to put user accounts on the samba server. I've found that if I open up the address \\fileserver\data I can connect with no user/pass request. I've also found that if I'm logged into the WinXP system as user 'Tim' and I create a user 'tim' on the samba server, I am not prompted for a user/pass. Both of these solutions are unacceptable for what I'm trying to accomplish. All the howto's and examples I've found regarding anonymous samba servers mention nothing about this problem. Any explanation / advice would be greatly appreciated Thanks, Tim -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Switch profile from local to roaming?
Been working on this for a while Misty. Stay tuned. TMS III Misty Stanley-Jones wrote: I've got a WinXP machine that was configured for local profiles. I have now joined that machine to the domain, but when I try to log in as a user, it tries to use a roaming profile. Fine, that's what I want anyway. But it doesn't do the smart thing and copy the user's local profile to roaming -- it gives an error instead. OK, no problem, I will change the type. I log in as local admin and go to her profile. It only gives me Local as an option. Maybe it's because I'm not logged into the domain. OK, I log into the domain as Administrator (alias root -- uid of 0). It doesn't even let me SEE her profile then. Because it is local, I assume. So ok, I add MYDOMAIN\Administrator as a local administrator on her machine. It lets me see her profile now but I still can't change it to roaming. And every time I try to copy it into either Administrator's directory on the server, or hers, it gives me Permission Denied. So what is the real way to get this accomplished? Thanks, Misty -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Printing woes (Driver uploading, and .tdb annoyances)
Hi all, I'm running 3.0.6 on IRIX 6.5 (compiled from sources) Runs fine for almost all purposes. But I thought I'd have a look at the extra Samba-3 printing facilites today, and they've thrown up some real issues. 1st point. I still haven't managed to get to the bottom of this one, but I can't always add a printer drive to a Samba-served printer. I've been following Chapter 17 of the HOW-TO-Collection [1] and made some progress. However it looks like there's an issue with installing drivers on a printer that is't explicitly listed in smb.conf. The symptom I get is that some printers can have drivers added to them, and some can't. And some of those that can it doesn't stick. It _looks_ like it's worked, and then when you go onto the next step (First client connection) the driver's not there! The uploading seems OKay, files appear in the [print$] share and ntdrivers.tdb gets changed. ntprinters.tdb doesn't though. 2nd point. Hmmm. All those TDB files in var/locks/printing. Seem like a pile of uselessness to me. What is the way to get them to _accurately- reflect the state of the underlying UNIX printer queue? They only seem to be interested in jobs that have passed through Samba, what about all the others? Even stopping smbd, deleting the printing/*.tdb files and restarting smbd doesn't do it. Help! (and why???) I'm sorry if this seems like of a rant than a proper mail. I can only say in my defence that I've been at this desk for 12 hours so far today. Mac Assistant Systems Adminstrator @nibsc.ac.uk [EMAIL PROTECTED] Work: +44 1707 641565 Everything else: +44 7956 237670 (anytime) [1] http://us3.samba.org/samba/docs/man/Samba-HOWTO-Collection/printing.html -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Switch profile from local to roaming?
Not sure if this is the 'approved' way to do things like this, but it always works for me when I have to migrate a profile from one dir to another, usually I use it when switching domains, i.e. from our 'one domain per site' to one global domain where the sid just can't match ANYWAY 1. Copy said user's profile to a backup location 2. Move the 'Default User' profile someplace so that it isn't in the way 3. Copy said user's old profile to Default User 4. Log in as said user, the default profile will copy to the user's profile 5. Move real 'Default User' back You rock dude. Never had to do this before. Didn't realize ntuser.dat was SID locked. The above works PERFECTLY for my purposes. Cheers TMS III Now there will be some things that aren't migrated but that depends a lot on your setup and what programs you run. For the most part, everything involving the SID that Windows knows about will be migrated in my experience. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Re: Authenticateing DC's on an ldap backend... nobody knows how?
access to dn.regex=^([^,]*,)?ou=[^,]+,(dc=[^,]+(,dc=[^,]+)*)$ attrs=lmPassword,ntPassword,sambaLMPassword,sambaNTPassword,userPassword by self write by dn.exact,expand=uid=Administrator,ou=People,$2 write by group=cn=Domain\ Controllers,ou=Group,$2 write by group=cn=Replicator,ou=Group,$2 write by anonymous auth by * none Using commenting, I've narrowed it down to the first line above. I also turned off all acls to test and see if Samba would be begin to function properly with group authentication. This did not work and would seem to indicate that there is another problem contained in Samba itself or the config. I prefer to address the acl issue first. Unfortunately, I've not had much practice with regular expressions. Jim C. -- - | I can be reached on the following Instant Messenger services: | |---| | MSN: [EMAIL PROTECTED] AIM: WyteLi0n ICQ: 123291844 | |---| | Y!: j_c_llings Jabber: [EMAIL PROTECTED]| - -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] WINS Proxy Question
I am running RedHat V9.0 with SAMBA v2.2.7a-8.9.0 on both servers that are involved. We have a fairly small network ( 500+ Nodes ) ( Mixed environment Windows 2K - XP ). SMB/NMB server. ( RedHat V9.0 / SAMBA v2.2.7a-8.9.0 ) acting as stand-alone server: ( wins support = yes ) ( IP = X.X.X.2 ) NMB server ( RedHat V9.0 / SAMBA v2.2.7a-8.9.0 ) configured as a wins proxy. ( wins support = no, wins server = X.X.X.2, wins proxy = yes ) ( IP = Y.Y.Y.3 ) If I have a machine with samba as in NMB Server above, should it forward wins requests from Y.Y.Y.? subnet to the wins server at X.X.X.2? In order to test, I use the following command on a computer that is not running the smb or nmb daemon: nmblookup -RU X.X.X.2 -s /etc/samba/smb.conf machine( succeeds ) nmblookup -RU Y.Y.Y.3 -s /etc/samba/smb.conf machine( fails ) --- William L Childers Programming Support Manager, OSU Center for Health Sciences A beowulf cluster of Cisco routers? Isn't that the Internet? http://humorix.org/slogans --- William L Childers Programming Support Manager, OSU Center for Health Sciences A beowulf cluster of Cisco routers? Isn't that the Internet? http://humorix.org/slogans -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Samba became Domain Member Server
Hi group, I have problems with a former Samba-server. It has been a simple server, no acl-stuff,not a DC or so. Now we have a Windows 2003 PDC and I intergated the Samba-Server as a Domain Member Server. Everything works fine, except one annoying thing: I cannot allow the Domain-Members to full-access the files recursively. Example: The users complain, that they can make an excel-sheet and save it. When someone else opens it, he cannot overwrite it. When the owner of the file gives the right to all domain-users to change the file they can do that.But when they save it, it is the same game again: Nobody else can overwrite it. I am not a member of this group but I hope you will answer my question :-) bye Martin Verschicken Sie romantische, coole und witzige Bilder per SMS! Jetzt neu bei WEB.DE FreeMail: http://freemail.web.de/?mc=021193 -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: New here ... with an NT Group problem
Igor Belyi schrieb am Mittwoch, 29. September 2004 17:55: Torsten E. wrote: Torsten E. schrieb am Mittwoch, 29. September 2004 00:22: [...] Any idea why it does not work? Well... My guess is that S-1-5-21-1313674548-3619494541-1192360840 is SID of the domain you are trying to remove those mappings from. Is it the same SID 'net getlocalsid' retuns you? And since these are builtin groups they are always there - they just may have or may have not mappings to UNIX groups. I suspect that your problem is that you have those other mappings from a wrong (old?) domain: S-1-5-21-363742550-2379833043-2840705137 and that those SIDs are mapped into your local UNIX groups instead of the one from your current domain. Done ... So, check SID of the domain you use and then make sure that builtin groups from this domain are mapped to your UNIX groups. Done ... Hope it helps, For sure it did! All those nasty groups are gone now! Thanks!! But, to be honest, I have no real idea where they come from. The domain is used since ~2,5 years, and it was always running on my server here next to me. All I did was adding an SLES9 system (for testing), but even that one was configured to act as an BDC ... Maybe I'll find some hints within the logfiles ... Anyways: it works again, and that's most important right now :) Igor c y Torsten -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] 3.0.7 CUPS Conflict?
First time I've seen this... Trying to install Samba 3.0.7 from rpms obtained from the samba.org site on a SuSE 8.2 system--very vanilla. Samba has not been installed previously on this box at all. outside:/home/data/Downloads/Samba-3.0.7/8.2 # rpm -Uvh libsmbclient3-3* samba3-3* samba3-client* samba3-win* --test file /usr/lib/cups/backend/smb from install of samba3-client-3.0.7-1 conflicts with file from package cups-1.1.18-96 outside:/home/data/Downloads/Samba-3.0.7/8.2 # What's the best way to handle this? Thanks! Mark -- _ A Message From... L. Mark Stone Reliable Networks of Maine, LLC 477 Congress Street Portland, ME 04101 Tel: (207) 772-5678 Web: www.RNoME.com -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Problem with Perl module, SmbClientParser-2.6
Hi, I'm trying to use SmbClientParser to implement a simple SMB crawler. After a lot of effort, I still could not get it to work. Here is my small test script: [CODE] #!/usr/bin/perl use POSIX; use Filesys::SmbClientParser; use DBI(); use Socket; use Sys::Hostname; use strict; my $host; my $smb = new Filesys::SmbClientParser (undef, ( user = '', password = '' )); $smb-Debug('1'); $smb-Host('localhost'); my @l = $smb-GetShr; foreach (@l) {print $_-{name},\n;} [/CODE] All i got for the output is the default usage of smbclient [CODE] == SmbClientParser::command /usr/bin/smbclient -d1-L '\\localhost' -D / Usage: [-?] [-?EgV] [-?EgV] [-?EgVNkP] [-?|--help] [--usage] [-R|--name-resolveNAME-RESOLVE-ORDER] [-M|--message HOST] [-I|--ip-address IP] [-E|--stderr] [-L|--list HOST] [-t|--terminal CODE] [-m|--max-protocol LEVEL] [-T|--tar c|xIXFqgbNan] [-D|--directory DIR] [-c|--command STRING] [-b|--send-buffer BYTES] [-p|--port PORT] [-g|--grepable] [-d|--debuglevel DEBUGLEVEL] [-s|--configfile CONFIGFILE] [-l|--log-basename LOGFILEBASE] [-V|--version] [-O|--socket-options SOCKETOPTIONS] [-n|--netbiosname NETBIOSNAME] [-W|--workgroup WORKGROUP] [-i|--scope SCOPE] [-U|--user USERNAME] [-N|--no-pass] [-k|--kerberos] [-A|--authentication-file FILE] [-S|--signing on|off|required] [-P|--machine-pass] service password [/CODE] I'm using Samba 3.0.2a on Mandrake Linux 10. Any help would be very much appreciated. Thank you. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Switch profile from local to roaming?
Paul Geinger's idea below looks like it will work. I've found a way that you can force windows to replace the invalid SID in NTUSER.DAT with a valid one, whithout trying to discover what the valid SID is (they're very long and cumbersome anyway), and still preserving all the profile's customization. I'll post it under the Roaming Profiles:Samba PDC:WinXP:User must be local admin thread. I never did try the profiles program. I've got the samba 3.0.7 rpm installed and the profiles man page is there, but I couldn't find the profiles binary. I'll mess around with that later. On Wed, 29 Sep 2004 14:42:41 -0500, Misty Stanley-Jones [EMAIL PROTECTED] wrote: On Wednesday 29 September 2004 13:21, Zach wrote: I'm currently trying to solve a problem regarding roaming profiles in another thread. In this case it appears the profiles weren't migrated properly. In my case I think (it was a long time ago) I simply copied the the profile directory up to the server with a simple drag and drop (I didn't know better). In trying to solve the problems with a now malformed NTUSER.DAT a google search turned this up: http://www.samba.org/samba/docs/man/profiles.1.html It appears the samba developers are attempting to address this very problem. Thanks, that looks very promising. I even have that binary! However, how do I find what the user's current SID is? We were in a workgroup environment, with also logging onto Novell Netware. Does she even have a SID? Do I have to go into her registry to find it? Thanks in advance, Misty See the thread, Roaming Profiles:Samba PDC:WinXP:User must be local admin, for more info. On Wed, 29 Sep 2004 13:08:24 -0500, Paul Gienger [EMAIL PROTECTED] wrote: doesn't do the smart thing and copy the user's local profile to roaming -- it That would actually be a very *dumb* thing to do. These are two users from two different worlds as far as Windows is concerned. If you were to look at the SIDs of them (windows version of UID) you would see they arent even close. So what is the real way to get this accomplished? Not sure if this is the 'approved' way to do things like this, but it always works for me when I have to migrate a profile from one dir to another, usually I use it when switching domains, i.e. from our 'one domain per site' to one global domain where the sid just can't match ANYWAY 1. Copy said user's profile to a backup location 2. Move the 'Default User' profile someplace so that it isn't in the way 3. Copy said user's old profile to Default User 4. Log in as said user, the default profile will copy to the user's profile 5. Move real 'Default User' back Now there will be some things that aren't migrated but that depends a lot on your setup and what programs you run. For the most part, everything involving the SID that Windows knows about will be migrated in my experience. -- Paul Gienger Office: 701-281-1884 Applied Engineering Inc. Information Systems Consultant Fax:701-281-1322 URL: www.ae-solutions.commailto: [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Roaming Profiles:Samba PDC:WinXP:User must be local admin SOLVED
This worked for me: (1) Log in as a local administrator on one of the XP clients (2) Create a temporary user, eg test_user1 (3) System Properties-Advanced-User Profiles:Settings button (4) Choose the profile you're trying to migrate and click Copy To (5) Pick some temporary directory, eg c:\test (6) Under Permitted to use, click change, and add your temporary user (7) Click ok and ok again, and wait while the profile is copied to c:\test. Windows has now added test_user1's SID to NTUSER.DAT in c:\test (8) log out and log back in as test_user1, to allow test_user1's profile to be set up. (9) log out and log back in as a local administrator (10) manually copy the contents of c:\test over top of test_1's profile in c:\Documents ...\test_user1\, or the directory where test_user1's profile was created. (11) log out and log back in as test_user1 to verify the profile loads properly (12) log out and log back in as a local admin and repeat steps 3 through 6, except instead of adding test_user1 under Permitted to use, add your domain user. Allow the profile to be copied to c:\test. Windows has now added the sid for your domain user to NTUSER.DAT (I don't know if the other SIDs are there as well or not). (13) At this point it is vital to make sure the domain user is not logged in on any machine otherwise NTUSER.DAT will be overwritten when they log out. Backup the server copy of NTUSER.DAT (14) copy c:\test\NTUSER.DAT to your server under the appropriate user's profile. (15) log out and log back in as the domain user. It should work. This way worked for me and preserved all of the profile's custmizations. I didn't try the profiles program (see man profiles) because I couldn't find that binary on my system. However this seems to work perfectly. Admittedly if you have more than a few users to migrate, this could be cumbersome. Paul Geinger's suggestion is much fewer steps. Your mileage may vary. Thanks for everyone's help - Original Message - From: Thomas M. Skeren III [EMAIL PROTECTED] Date: Wed, 29 Sep 2004 13:17:16 -0700 Subject: Re: [Samba] Roaming Profiles:Samba PDC:WinXP:User must be local admin To: Zach [EMAIL PROTECTED] See Paul Geingers email on this subject. That method works perfectly. WooHoo! Zach wrote: Tom, Can't wait to find out what you learn. In the mean time, a quick google search turned up this: http://www.samba.org/samba/docs/man/profiles.1.html Unfortunately I don't have this package installed on this system, so I don't have the man page or the profiles command right now. On Wed, 29 Sep 2004 10:46:14 -0700, Tom Skeren [EMAIL PROTECTED] wrote: Zach wrote: We just experimented with this here at work. As administrator we manually deleted the profile of a user at replaced it with a manual copy of another user's profile, and the problem was reproduced exactly. When we subsquently deleted NTUSER.DAT and logged in again, NTUSER.DAT was rebuilt using the default profile and the profile loaded properly. Evidently the SID recorded in NTUSER.DAT has to match the user's sid or it won't load properly. Good news Zach. I'm off to the office to give it a go myself. Should give a preliminary response by noon PST. Cheers, TMS III -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba became Domain Member Server
Martin Hauptmann wrote: Hi group, I have problems with a former Samba-server. It has been a simple server, no acl-stuff,not a DC or so. ACL's would be a good idea here. Now we have a Windows 2003 PDC and I intergated the Samba-Server as a Domain Member Server. Everything works fine, except one annoying thing: I cannot allow the Domain-Members to full-access the files recursively. Example: The users complain, that they can make an excel-sheet and save it. When someone else opens it, he cannot overwrite it. When the owner of the file gives the right to all domain-users to change the file they can do that.But when they save it, it is the same game again: Nobody else can overwrite it. This is because MS Excel deletes the old file and replaces it with the new one, thus resseting privaleges on the file to 700. Man smb.conf for force user, or force directory mask, whcih should eliminate the problem, if you don't want to mess with ACL's. I am not a member of this group but I hope you will answer my question :-) bye Martin Verschicken Sie romantische, coole und witzige Bilder per SMS! Jetzt neu bei WEB.DE FreeMail: http://freemail.web.de/?mc=021193 -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Roaming Profiles:Samba PDC:WinXP:User must be local admin SOLVED
Thanks Zach, but as this project moves forward, doing it the way you did for 100+ users would likely cause me to eat a bullet. Paul's way may leave a glitch or too. However maybe this would solve Awful Hack's problems. Cheers TMS III Zach wrote: This worked for me: (1) Log in as a local administrator on one of the XP clients (2) Create a temporary user, eg test_user1 (3) System Properties-Advanced-User Profiles:Settings button (4) Choose the profile you're trying to migrate and click Copy To (5) Pick some temporary directory, eg c:\test (6) Under Permitted to use, click change, and add your temporary user (7) Click ok and ok again, and wait while the profile is copied to c:\test. Windows has now added test_user1's SID to NTUSER.DAT in c:\test (8) log out and log back in as test_user1, to allow test_user1's profile to be set up. (9) log out and log back in as a local administrator (10) manually copy the contents of c:\test over top of test_1's profile in c:\Documents ...\test_user1\, or the directory where test_user1's profile was created. (11) log out and log back in as test_user1 to verify the profile loads properly (12) log out and log back in as a local admin and repeat steps 3 through 6, except instead of adding test_user1 under Permitted to use, add your domain user. Allow the profile to be copied to c:\test. Windows has now added the sid for your domain user to NTUSER.DAT (I don't know if the other SIDs are there as well or not). (13) At this point it is vital to make sure the domain user is not logged in on any machine otherwise NTUSER.DAT will be overwritten when they log out. Backup the server copy of NTUSER.DAT (14) copy c:\test\NTUSER.DAT to your server under the appropriate user's profile. (15) log out and log back in as the domain user. It should work. This way worked for me and preserved all of the profile's custmizations. I didn't try the profiles program (see man profiles) because I couldn't find that binary on my system. However this seems to work perfectly. Admittedly if you have more than a few users to migrate, this could be cumbersome. Paul Geinger's suggestion is much fewer steps. Your mileage may vary. Thanks for everyone's help - Original Message - From: Thomas M. Skeren III [EMAIL PROTECTED] Date: Wed, 29 Sep 2004 13:17:16 -0700 Subject: Re: [Samba] Roaming Profiles:Samba PDC:WinXP:User must be local admin To: Zach [EMAIL PROTECTED] See Paul Geingers email on this subject. That method works perfectly. WooHoo! Zach wrote: Tom, Can't wait to find out what you learn. In the mean time, a quick google search turned up this: http://www.samba.org/samba/docs/man/profiles.1.html Unfortunately I don't have this package installed on this system, so I don't have the man page or the profiles command right now. On Wed, 29 Sep 2004 10:46:14 -0700, Tom Skeren [EMAIL PROTECTED] wrote: Zach wrote: We just experimented with this here at work. As administrator we manually deleted the profile of a user at replaced it with a manual copy of another user's profile, and the problem was reproduced exactly. When we subsquently deleted NTUSER.DAT and logged in again, NTUSER.DAT was rebuilt using the default profile and the profile loaded properly. Evidently the SID recorded in NTUSER.DAT has to match the user's sid or it won't load properly. Good news Zach. I'm off to the office to give it a go myself. Should give a preliminary response by noon PST. Cheers, TMS III -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Samba 3.0, Windows 2k/XP and usrmgr.exe
Hi there I've just finished setting my first Samba PDC for 120ish users and so far so good, although its only been live for 2 days!! One problem I've come across (actually I had loads but the HOW-TO, Samba archive and google solved most of them) is with usrmgr. There is one XP client that I have installed the NT 4 Server Tools software on for the school IT coordinator (note the phrase 'coordinator', not exactly a guru or sysadmin) to use to tidy up user names, passwords etc. We are both set up as Domain Admins and have our primary LINUX GID set to 0 (root) but neither of us can log in and use the USRMGR.EXE program, it will connect but we can't view, add or delete etc. If I log onto the XP box as root it all works fine, users can be added, deleted, amended etc and of course I could get her to do this or use the server console, su as root and use pdbedit (Yeah, Right!). I've been pulling my already unsubstantial hair out over this all evening and had I invested in the Google IPO I'd be a very rich man by now. I've spent the evening checking net groupmap list, the unix user list, trying to get usrmgr to allow me to tell it who has permissions to add users to the domain (comes up with an error about local admins not being able to log in locally), adding domain admins to the local admin group, removing users from the domain admin group and adding them again and generally smoking a lot of cigarettes. So, could someone confirm that usrmgr can only be used fully when logged into a 2k/XP machine as root and that there is no functionality for the domain admin group to do this? On the brightside I successfully migrated from a smbpasswd backend to tdbsam tonight so life isn't all that bad!! Many Thanks James Niven ps its my first time so I'm sorry if this has been covered ad nauseam already. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Roaming Profiles:Samba PDC:WinXP:User must be local admin SOLVED
On Wed, 29 Sep 2004 14:45:17 -0700, Thomas M. Skeren III [EMAIL PROTECTED] wrote: Thanks Zach, but as this project moves forward, doing it the way you did for 100+ users would likely cause me to eat a bullet. Paul's way may leave a glitch or too. However maybe this would solve Awful Hack's problems. As it happens, my problem (could log in and see Desktop folders, but settings for IE and other programs kept reverting to defaults) was caused by a duplicate account on my test box -- two Samba accounts with the same name but different SIDs. Needless to say, it caused a few headaches. :-) (Sorry everyone -- I replied to Thomas directly rather than CCing the list.) BTW, what problems do you think might crop up with Paul's way? I'll probably have to do something like this shortly, and I'd like to know what problems I might come across. (1) Log in as a local administrator on one of the XP clients (2) Create a temporary user, eg test_user1 (3) System Properties-Advanced-User Profiles:Settings button (4) Choose the profile you're trying to migrate and click Copy To Is there similar functionality anywhere in W2K Pro, or some other series of steps that would work? Awful Hack [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Re: Authenticateing DC's on an ldap backend... nobody knows how?
Jim C. wrote: Can you reccomend appropriate log levels for slapd/smbd? I've always had trouble with them which may explain a lot. The easiest way with the logs is to do it step by step, increasing volume of information on each step until you can say: That's enough! With practice you'll get the feeling with what level to start next time. So, first without any 'log level' check if there's any error messages in the log. Since you are not able to login there's definitely at least something there. Then, since you have trouble with calls to ldap I would select 'log level=5' since this is the level smbldap_search prints its arguments at, but feel free to try anything between 1-4 too - maybe your intuition will guide you better with lesser volume of extra information. Commenting out things which you've added is also good approach, but if you ask me - I prefer gradual approach - first try something simple, see if it works and them move on adding regular expressions all over the place. It's much easier to see difference in your logic and in logic of LDAP/Samba/or any other program on some simple things. If simple statement like: access to dn.subtree=dc=j9starr,dc=net by group=cnReplicator,ou=Group,dc=j9starr,dc=net by * read doesn't work, adding regexp to it won't help to resolve this problem. Did you check that it works without group with a simple 'by dn='? Ok, sorry... I've got in a lecture mood. It's just too confusing to see what exactly you do and what kind of problems you encounter. Cheers, Igor -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Mixed Network Diagnostics
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Maybe I'm naively blind, which could be the case, but I don't see any links to download an executable. MS has documentation up, but where can I get the .exe?? http://www.petri.co.il/download_free_reskit_tools.htm Cheers - - Kristyan Osborne - IT Technician Longhill High School 01273 391672 / 304086 -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (MingW32) iD8DBQFBW0uHqrr+KdRYU5gRAmCIAJ9jOYUJh2ye1xvD++MDs4llYfR/eACgsKv7 CYNb67H/e7pC2mxnHUAvbvA= =sVJt -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Roaming Profiles:Samba PDC:WinXP:User must be local admin SOLVED
yeah it was long, but I didn't have the profiles command, plus I didn't know how to figure out the old sid to tell it to replace. for only two users, it really wasn't too bad. if all you want to do is physically get the profile onto the server then run profiles on it to head off any problems, then do what I did to begin with and just manually copy the entire directory over the network. I believe the reason this is considered bad is because of the problems presented by ntuser.dat not matching up against the user, but it seems that's what profiles is for. I just don't know how to find out what the old sid is you're looking for. I've heard there's a tool on sysinternals.com to do just that though, so maybe there's good luck there. On Wed, 29 Sep 2004 17:27:46 -0500, Misty Stanley-Jones [EMAIL PROTECTED] wrote: Wow, this does seem long. Mainly all I want to know is why I can't change my user's profile type from local to roaming, or copy it, or anything. This is when I'm logged in as administrator or a domain administrator or anyone. I know that it's a problem with Windows, not with Samba. But I can't even get the NTUSER.DAT into an appropriate place to run the really cool looking 'profiles' command on it. Misty -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Roaming Profiles:Samba PDC:WinXP:User must be local admin SOLVED
Truthfully I don't really suspect Paul's way would cause any problems at all. However, he indicated in his post that doing it that way might cause a setting or two to get left out. It is conceivable that since you're importing a fully populated profile as a default profile, windows might opt to leave out a thing or two that couldn't possibly be part of a clean default profile. who knows. you'd have to give it a try. He says it works for him though. The reason i did it the way I did is because each time you transfer the profile from one user to another you're letting windows do it gracefully rather than let the profile heal itself out the default profile folder. that way the user never knows the difference--it thinks the profile was there all along. Again, it probably doesn't make a difference, but I only had two users so the extra steps were reasonable. As far as win2k, it's been awhile since I ran it at home, and I wasn't messing with profiles then, so I can't speak to that issue. The other way to do it would be to manually copy the entire profile directory over the network to your [profiles] share and set the permissions owner on it. then give samba's profiles command a whirl on ntuser.dat. I wasn't able to try it because I couldn't find the profiles command on my system. good luck zach On Wed, 29 Sep 2004 16:34:13 -0700, Awful Hack [EMAIL PROTECTED] wrote: BTW, what problems do you think might crop up with Paul's way? I'll probably have to do something like this shortly, and I'd like to know what problems I might come across. (1) Log in as a local administrator on one of the XP clients (2) Create a temporary user, eg test_user1 (3) System Properties-Advanced-User Profiles:Settings button (4) Choose the profile you're trying to migrate and click Copy To Is there similar functionality anywhere in W2K Pro, or some other series of steps that would work? Awful Hack [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Roaming Profiles:Samba PDC:WinXP:User must be local admin SOLVED
I just don't know how to find out what the old sid is you're looking for. I've heard there's a tool on sysinternals.com to do just that though, so maybe there's good luck there. If you're lucky, then like me you'll have old Samba .tdb files to run net getlocalsid on. If not, you may be able to get the SID by looking in the registry under HKEY_USERS. On Wed, 29 Sep 2004 17:27:46 -0500, Misty Stanley-Jones [EMAIL PROTECTED] wrote: Wow, this does seem long. Mainly all I want to know is why I can't change my user's profile type from local to roaming, or copy it, or anything. This is when I'm logged in as administrator or a domain administrator or anyone. I know that it's a problem with Windows, not with Samba. But I can't even get the NTUSER.DAT into an appropriate place to run the really cool looking 'profiles' command on it. Misty -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- Awful Hack [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Roaming Profiles:Samba PDC:WinXP:User must be local admin SOLVED
(1) Log in as a local administrator on one of the XP clients (2) Create a temporary user, eg test_user1 (3) System Properties-Advanced-User Profiles:Settings button (4) Choose the profile you're trying to migrate and click Copy To Is there similar functionality anywhere in W2K Pro, or some other series of steps that would work? Must be on crack...Copy To right there in System Properties - User Profiles in W2K Pro. -- Awful Hack [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Extended Auditing Module working as described now
Hi @ll and John log level = 2 vfs:1 log file = /var/log/samba/%U.%m.log syslog = 0 now works ,as i wanted the logs to be Thx John H Terpstra schrieb: Original Message Subject: [Samba] Re: VFS Extended Auditing Module Debug Information From: Marco De Vitis [EMAIL PROTECTED] Date: Mon, September 27, 2004 9:44 am To: [EMAIL PROTECTED] Il 23/09/2004, alle ore 8:22, John H Terpstra ha scritto: Given recent discussion on this list I have just updated the master Samba-Docs information regarding the Debug Class (Log Level) settings and the audit Great, thanks! Anyway something is still not clear to me. I quote from the updated howto: Logging can take place to the default log file (log.smbd) for all loaded VFS modules just be setting in the smb.conf file log level = 0 vfs:x, where x is the log level. This will disable general logging while activating all logging of VFS module activity at the log level specified. Apart from be - by (I suppose), does this mean that a global log Oops. I'll fix that typo. level of zero is NECESSARY for correct extd_audit logging? Or is it just a suggestion? Suggestion to keep log noise level down. Also, this vfs:x parameter looks like a global VFS parameter. Does this mean that any other VFS module which outputs debug information (I don't know if others exist) will be affected by it? Correct. All VFS modules will be affected. The alternative is to modify a VFS module so it will read the log level info and thereby affect just its own actions. log level = 0 vfs:[012] syslog = 0 ie: log level = 0 vfs:0 or log level = 0 vfs:1 or log level = 0 vfs:2 In this example, syslog information will be only critical general samba I just tried these settings: log file = /var/log/samba/%m.%U.log syslog = 0 log level = 0 vfs:2 max log size = 0 ...and restarted samba (3.0.7), but I still get lots of smbd_audit stuff in syslog, and ONLY in syslog (i.e. not in samba logfiles): open, close, opendir, rename, chmod... I've had the same report from others. I'll look into this when I get some time. Despite recent criticism regarding the difficulty of establishing acceptable I'm not critic regarding audit, I'm critic regarding docs about it. ;) ;) Let me explain: when using Samba 2.x I expressed on some mailing lists the desire for good auditing on file access, and I was told that the audit VFS module in Samba 3 was the answer to my problems. I now finally got to use Samba 3, but I felt lost regarding the way to obtain usable audit logs, and so a bit disappointed. Understood. I just discovered that someone has been hacking on the source code and has changed the way it works without updating the documentation! Argh! As far as I can see, this is a fairly popular topic, so maybe it should be documented in more detail, covering all doubts users seem to express on the subject. Anyway your new additions to the howto are already a good step forward, I now have a clearer idea of what I should do. OK. More to follow when I get some time to sort this out. - John T. -- Ciao, Marco. ...Kid A, Radiohead 2000 -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba 3.0, Windows 2k/XP and usrmgr.exe
Hi James, i use usermgr on win xp serv pack2 to admin many smb domains, my account is in the Domain Admin Group, and if i want to use it at a not trusted domain i use run as this work as well with ldap, smbpasswd backend I guess somthing in you config isnt right. I never use root to do anything, i deligated the most admin stuff to the win guys and they doing very well with usrmgr ( sometimes failure messages appear , but in real every funktion works ) Regards James Niven schrieb: Hi there I've just finished setting my first Samba PDC for 120ish users and so far so good, although its only been live for 2 days!! One problem I've come across (actually I had loads but the HOW-TO, Samba archive and google solved most of them) is with usrmgr. There is one XP client that I have installed the NT 4 Server Tools software on for the school IT coordinator (note the phrase 'coordinator', not exactly a guru or sysadmin) to use to tidy up user names, passwords etc. We are both set up as Domain Admins and have our primary LINUX GID set to 0 (root) but neither of us can log in and use the USRMGR.EXE program, it will connect but we can't view, add or delete etc. If I log onto the XP box as root it all works fine, users can be added, deleted, amended etc and of course I could get her to do this or use the server console, su as root and use pdbedit (Yeah, Right!). I've been pulling my already unsubstantial hair out over this all evening and had I invested in the Google IPO I'd be a very rich man by now. I've spent the evening checking net groupmap list, the unix user list, trying to get usrmgr to allow me to tell it who has permissions to add users to the domain (comes up with an error about local admins not being able to log in locally), adding domain admins to the local admin group, removing users from the domain admin group and adding them again and generally smoking a lot of cigarettes. So, could someone confirm that usrmgr can only be used fully when logged into a 2k/XP machine as root and that there is no functionality for the domain admin group to do this? On the brightside I successfully migrated from a smbpasswd backend to tdbsam tonight so life isn't all that bad!! Many Thanks James Niven ps its my first time so I'm sorry if this has been covered ad nauseam already. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] 3.0.7 CUPS Conflict?
I updated CUPS from 1.1.18 to 1.1.20 and the problem went away... On Wednesday, September 29, 2004 04:56 pm, L. Mark Stone wrote: First time I've seen this... Trying to install Samba 3.0.7 from rpms obtained from the samba.org site on a SuSE 8.2 system--very vanilla. Samba has not been installed previously on this box at all. outside:/home/data/Downloads/Samba-3.0.7/8.2 # rpm -Uvh libsmbclient3-3* samba3-3* samba3-client* samba3-win* --test file /usr/lib/cups/backend/smb from install of samba3-client-3.0.7-1 conflicts with file from package cups-1.1.18-96 outside:/home/data/Downloads/Samba-3.0.7/8.2 # What's the best way to handle this? Thanks! Mark -- _ A Message From... L. Mark Stone Reliable Networks of Maine, LLC 477 Congress Street Portland, ME 04101 Tel: (207) 772-5678 Web: www.RNoME.com -- _ A Message From... L. Mark Stone Reliable Networks of Maine, LLC 477 Congress Street Portland, ME 04101 Tel: (207) 772-5678 Web: www.RNoME.com -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Re: Authenticateing DC's on an ldap backend... nobody knows how?
Can you reccomend appropriate log levels for slapd/smbd? I've always ... statement like: access to dn.subtree=dc=j9starr,dc=net by group=cnReplicator,ou=Group,dc=j9starr,dc=net by * read doesn't work, adding regexp to it won't help to resolve this problem. Did you check that it works without group with a simple 'by dn='? Ok, sorry... I've got in a lecture mood. It's just too confusing to see what exactly you do and what kind of problems you encounter. Actually, I think I am on to something. Putting the ACL's under a microscope lead to the revelation of some differences in group structure from what I am using and those previously reccomended by Buchan Milne. Mine: [EMAIL PROTECTED] 0 root]$ smbldap-groupshow 'Domain Controllers' dn: cn=Domain Controllers,ou=Group,dc=j9starr,dc=net objectClass: posixGroup,sambaGroupMapping cn: Domain Controllers sambaGroupType: 2 sambaSID: S-1-5-21-2147030705-2499090161-3119200592-516 gidNumber: 516 displayName: Domain Controllers memberUid: cn=enigma,ou=Hosts,dc=j9starr,dc=net His: dn: cn=Domain Controllers,ou=Group,dc=ranger,dc=dnsalias,dc=com objectClass: groupOfNames objectClass: top cn: Domain Controllers member: cn=kiowa.ranger.dnsalias.com,ou=Hosts,dc=ranger,dc=dnsalias,dc=com member: cn=comanche.ranger.dnsalias.com,ou=Hosts,dc=ranger,dc=dnsalias,dc=com Now I don't know how slapd deals with groups but if it specifically needs groupOfNames, then I may have a problem. I'll see if I can manipulate the structure to include groupOfNames. Who knows, I might be able to do it without redunancy. Jim C. -- - | I can be reached on the following Instant Messenger services: | |---| | MSN: [EMAIL PROTECTED] AIM: WyteLi0n ICQ: 123291844 | |---| | Y!: j_c_llings Jabber: [EMAIL PROTECTED]| - -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Re: Authenticateing DC's on an ldap backend... nobody knows how?
Jim C. wrote: Mine: [EMAIL PROTECTED] 0 root]$ smbldap-groupshow 'Domain Controllers' dn: cn=Domain Controllers,ou=Group,dc=j9starr,dc=net objectClass: posixGroup,sambaGroupMapping cn: Domain Controllers sambaGroupType: 2 sambaSID: S-1-5-21-2147030705-2499090161-3119200592-516 gidNumber: 516 displayName: Domain Controllers memberUid: cn=enigma,ou=Hosts,dc=j9starr,dc=net His: dn: cn=Domain Controllers,ou=Group,dc=ranger,dc=dnsalias,dc=com objectClass: groupOfNames objectClass: top cn: Domain Controllers member: cn=kiowa.ranger.dnsalias.com,ou=Hosts,dc=ranger,dc=dnsalias,dc=com member: cn=comanche.ranger.dnsalias.com,ou=Hosts,dc=ranger,dc=dnsalias,dc=com Now I don't know how slapd deals with groups but if it specifically needs groupOfNames, then I may have a problem. I'll see if I can manipulate the structure to include groupOfNames. Who knows, I might be able to do it without redunancy. No, slapd doesn't know (by default) how to work with posixGroups. Note that memberUid of the posixGroup usually contain uids of the posixAccount objects. To let slapd work with just 'group=' it should be either groupOfNames or groupOfUniqueNames object. You can however trick slapd into working with posixGroup (I don't know if this the right move though)... There's additional parameters to the _who_ part of the access statement. Try something like that (just for fun of it): access to dn.subtree=dc=j9starr,dc=net by group/posixGroup/memberUid=cn=Domain Controllers,ou=Group,dc=j9starr,dc=net by * read Good luck, Igor -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Re: Can join domain, can't login -- LDAP PDC
Chris St. Pierre wrote: Thanks. The log is attached. Well... It looks like a job way over my head. :o( The only thing I can see is that request come to Samba for a connection without any Domain or User specified and instead of letting this connection to be a guest connection Samba just give up and exit. Plus, on exit it gets a Segmentation Fault (Signal 11). I probably, shouldn't be surprised about this SegFault since code shows that Samba 2.9.9 isn't quite well adjusted to User and Domain being NULL during request. Plus, according to log it starts to show user as 'no' at some point instead of an empty string which could be an indication of memory overide... This also could be the cause of the not able to login problem you see. So, my conclusion: Have you ever thought about moving to Samba 3.x? ;o) There's still some activity to patch things when they don't work well with Samba 3.x. Unfortunately, I couldn't say that about Samba 2.x. Hope you find some value in my answer, Igor -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Windows XP deletes read-only files. Windows 98 does not.
Hi, On my computer I have a writable share where I force the file permissions to be read-only when files are written. Also the delete readonly option is kept at its default no value. When I access this share using Windows 98 or smbclient, Samba will refuse to delete files but writing new files is possible, just as I want it to be. However, when I access this share using Windows XP and I choose to delete a file and after I say OK to the The file is read-only. Are you sure you want to delete? prompt, Samba really deletes this file. I've been studying the debug logs and I believe the difference is that Windows XP sets the delete on close flag when it has found out that the file is read-only. Windows 98 does not use this flag but instead just tries to delete the file which will be blocked by Samba. After the file is closed by Windows XP, Samba obeys the delete on close flag and happily deletes the file. Resulting in behaviour I don't want and is in contradiction to what the delete readonly = no option promises to do. Maybe a test should be added to the procedure that sets the delete on close flag that will not allow this flag to be set on files that are read-only? Arjan -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Puzzle -- Logon/Login from Windows XP
[EMAIL PROTECTED] wrote: So my question is, how can those 100 users logon to the Samba server from ANY workstation without having an account on the Windows XP workstation that matches their username/password on the Samba server? Either set up the Samba server as a domain controller and join the workstations to that domain, or if the workstations are part of another domain, join the Samba server to that domain and use winbind for authentication. This is explained in detail in the documentation. Isn't there a way to get the Samba server to ask for a username and password when the user clicks on the name of the Samba server in Explorer? Short answer: if the workstation already has a connection (mapped drive, cached connection, RPC connection, etc.) to this server, then no. Long answer: a limitation of Windows is that when you connect via SMB to a remote server, all connections to that server must use the same credentials. If you are connected to \\sambaserver\datafiles as the user *nigel* and wish to connect to \\sambaserver\frederick (which is accessible only to the user *frederick*), the Windows workstation attempts to connect as *nigel*. In order to connect as *frederick* you must break all connections to that server. Simply put, you cannot make two connections to a server from one workstation with two different sets of credentials. I haven't investigated the interaction between Windows workstation and Windows server versus between Windows workstation and Samba server, in terms of *when* you are asked for a password. When you click on the server name in Network Neighborhood / My Network Places, when are you presented with the login prompt? When you click on the server name? Or when you click on the share name under that server? Your Samba server may be presenting you with the share names, if you've configured it to map unknown users to a particular user or guest. This may be confusing your workstation into thinking that it's already authenticated to the Samba server, so you don't get the login prompt. Point of clarification: when I say workstation I mean the one you are at, attempting to connect remotely to the server. The server CAN be another Windows XP workstation with shared files. The workstation is the client, the server is the host that's sharing the files. Don't confuse the terminology with proprietary branding and product naming. --Jon -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE : WinXP - OpenVMS tests reproduced using C++ test pro
The stat() or fstat() functions should return the correct results of the real size of the file. In the standard fields, they should have the highest byte written in the file. I am not sure it should. Anyway, it does not and, as far as I know, it never did in DECC or VAXC RTL history. If the stat()/fstat() calls are not doing this, then a small reproducer needs to be submitted to HP so that the stat() call can be fixed. Here it is: -CUT HERE-- #include stdlib.h #include stdio.h #include stdio.h #include stat.h main() { char buffer[1024]; FILE *tst; int i; int n; struct stat st; tst = fopen (TST.DAT, w); for (i=0; i10; i++) { n = fwrite (buffer, 1024, 1, tst); } n = stat (TST.DAT, st); printf (File Size before close = %d\n,st.st_size); fclose (tst); n = stat (TST.DAT, st); printf (File Size after close = %d\n,st.st_size); exit(0); } -CUT HERE-- My guess is that it should only induce a delay, but likely not as bad as what it is fixing. I agree. JYC PLEASE READ THIS IMPORTANT ETIQUETTE MESSAGE BEFORE POSTING: http://www.catb.org/~esr/faqs/smart-questions.html
RE: WinXP - OpenVMS tests reproduced using C++ test pro
The stat() or fstat() functions should return the correct results of the real size of the file. In the standard fields, they should have the highest byte written in the file. The CRTL manual notes: 'be aware that for st_size to report a correct value, you need to flush both the C RTL and RMS buffers'. fflush()/ fsync() may be a mite quicker than fclose() / fopen() I suppose. Richard Brodie PLEASE READ THIS IMPORTANT ETIQUETTE MESSAGE BEFORE POSTING: http://www.catb.org/~esr/faqs/smart-questions.html
Re: WinXP - OpenVMS tests reproduced using C++ test pro
Brodie, R (Richard) wrote: The stat() or fstat() functions should return the correct results of the real size of the file. In the standard fields, they should have the highest byte written in the file. The CRTL manual notes: 'be aware that for st_size to report a correct value, you need to flush both the C RTL and RMS buffers'. fflush()/ fsync() may be a mite quicker than fclose() / fopen() I suppose. Yes, and if this is backed up by the UNIX standard, means that the UNIX variants of SAMBA are possibly depending on an implementation quirk than by required behavior. Still if OpenVMS is the only one that is not behaving this way, it may be good to bring it into compliance with UNIX. -John PLEASE READ THIS IMPORTANT ETIQUETTE MESSAGE BEFORE POSTING: http://www.catb.org/~esr/faqs/smart-questions.html
A note about HAVE_MMAP
Since Dave Jones provided a new, VMS-specific TDB set of routines, defining HAVE_MMAP or not has no more impact on Samba/VMS. JYC PLEASE READ THIS IMPORTANT ETIQUETTE MESSAGE BEFORE POSTING: http://www.catb.org/~esr/faqs/smart-questions.html