[Samba] root preexec script runs twice

[Adrian Hicks]

Hi.

I'm tesing Samba 3.0.7-a on Debian Sarge with Debian kernel 2.6.8.

I am working on auto-creation of logon scripts, & am using a root preexec 
on the netlogon share for this.

In testing I have passed the user ID to the script, and have used echo to 
test output.  The netlogon service parameters and other info are below.

The output from the script occurs twice in the output file, leading me to 
believe that my script is being run twice by the root preexec command (if 
I run the script manually there is only one instance of the output).  Note 
that after each test I have deleted the text file to ensure it is not 
being appended to.

I have tried raising the log level to 5 and cannot see any reference to the 
root preexec in any of the logs.

Am I getting something wrong here or is this a possible bug?


[netlogon]
   comment = Network Logon Service
   path = /home/samba/netlogon
   browseable = no
   guest ok = yes
   writable = no
   share modes = no
   root preexec = /home/samba/scripts/create-login-script.sh %u



--- Test Script ---
#!/bin/bash
SAMBAUSER=$1

echo $SAMBAUSER >> /tmp/smbtest.txt
echo - >> /tmp/smbtest.txt

exit 0
--- End Test Script ---

--- smbtest.txt ---
adrian.h
-
adrian.h
-
--- End smbtest.txt ---



Adrian Hicks
-- 
MIS & Facilities Manager
Auston Int'l Group Ltd
45 Middle Rd, #01-00 Auston Unicentre
Singapore 188954

Tel: (65) 6334 5900  ext. 229
Fax: (65) 6339 7600
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Users not able to save doc. in home folder

[Richard Michael]

* Mark Sarria <[EMAIL PROTECTED]> [041012 23:57]:

> We have Windows XP client authenticating to a samba server. When users
> try to save their work to their home folders they get a message saying

Have you verified that the Unix side filesystem isn't actually full?
Unix "df" will show you this.  ("df -k" if you want it in K, "-h" if
you're using GNU df).  Is anything on the Unix side acting up?  Check
/var/{log,adm}/{messages,syslog}.

Check the samba config.  If you're using group perms in your smb.conf,
did you put the new users into the correct groups when you created the
accounts?  If you're using system groups (i.e. "valid users =
+group_name"), Unix "id" will help here; else, you'll have to use your
system tools.

Check the Unix filesystem itself.  Do users have correct permissions on 
whatever path(s) you've set in the shares in smb.conf?  Showing us "ls
-ld /path/to/troublesome/share" in conjunction with the smb.conf would
help.

> protected or corrupt". I check the permissions and check the smb.conf
> file and everything looks ok. 

Maybe posting some of your smb.conf would help, perhaps you've over
looked a typo.  I do it all the time, more eyes are better. :)  If you
don't post it, we have to go through all the above guesswork.

Finally, what else (if anything) on the system has been changed?

Cheers,
Richard

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] Users not able to save doc. in home folder

[Mark Sarria]

Hi all,
hope everyone's evening is pleasant,

We have Windows XP client authenticating to a samba server. When users try to save 
their work to their home folders they get a message saying "the directory is full, 
check to make sure that it is not right protected or corrupt". I check the permissions 
and check the smb.conf file and everything looks ok. As a matter of fact it work fine 
all last week, once I added more users to the server its giving me this problem.


Mark
--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Re: [Samba] ADS valid users can't map share

[Doug VanLeuven]

Greg Adams wrote:
   winbind separator = +
   winbind use default domain = no
[space]
   comment = Space Partition Share
   path = /space
   writable = yes
   browsable = yes
   valid users = "EDSADDDM\imguser"
 

Maybe it should be EDSADDDM+imguser ?
Any ideas?
 

Hope that helps.
Regards, Doug
--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] Re: Groupmapping doesn't work

[Igor Belyi]

What 'getent group domadm' returns you? I suspect that it does not have 
tilo as a member. If you have the same posixGroup defined both in 
/etc/group and in LDAP and what to have definition (and member list) to 
be taken from LDAP instead of local file you need to list 'ldap' before 
'files' in your group description in /etc/nsswitch.conf:
group: ldap files

Hope it helps,
Igor
Tilo Lutz wrote:
Hi
I got a problem with groupmapping. It doesn't work correct:
Wilma2:/home/root # net groupmap list | grep 512
Domain Admins (S-1-5-21-3371203057-3264423045-2392767973-512) -> domadm
ldapsearch -x cn=domadm:
# domadm, groups, wms-hn.de
dn: cn=domadm,ou=groups,dc=my-domain
objectClass: posixGroup
objectClass: sambaGroupMapping
cn: domadm
gidNumber: 65669
memberUid: tilo
sambaSID: S-1-5-21-3371203057-3264423045-2392767973-512
sambaGroupType: 2
displayName: Domain Admins
description: Domain Admins
The problem is "tilo" doesn't have any administrator rights.
Any idea whats wrong? I use samba 3.0.7
Cheers Tilo
--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] smb_lookup: find //pagefile.sys failed

[Raul Acevedo]

When I mount a particular Windows 2000 share, I get this error hundreds
of times in /var/log/messages.  All I have to do is mount the share, I
don't have to go into the directory or do anything with the share.

I actually don't know for sure that it's only for this one share.

Why does this happen?  I'm on Fedora Core 2, using the samba-3.0.7-2.FC2
RPM that comes with it.

Raul
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Re: [Samba] NT4 RAS Dial-in with Samba 3 PDC

[Andrew Bartlett]

On Tue, 2004-10-12 at 08:37, Andrew Bartlett wrote:

> But as we are talking about this, the patches in lorikeet now support
> plaintext (not just MSCHAP) authentication to an NT (or Samba or Win2k)
> domain.
> 
> http://download.samba.org/ftp/unpacked/lorikeet/trunk/pppd/

I should point out that the doco for this is here:

http://hawkerc.net/staff/abartlet/comp3700/final-report.pdf

When I get my act togeather, I'll get both in one place, or in the Samba
documentation collection.

Andrew Bartlett
-- 
Andrew Bartlett [EMAIL PROTECTED]
Authentication Developer, Samba Teamhttp://samba.org
Student Network Administrator, Hawker College   [EMAIL PROTECTED]


signature.asc
Description: This is a digitally signed message part
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Re: [Samba] openldap2 + samba3 user changed password on BDC wouldn't sync with PDC

[Andrew Bartlett]

On Tue, 2004-10-12 at 13:44, Bella Wong wrote:
> Hi all,
>  
> I am newbie on this and I couldn't figure out what I have configured wrong.
>  
> I have setup three Linux Debian Sarge servers with openldap2 + samba3.  
> PDC and master ldap on one machine and BDC slave ldap on the other two.  
> I followed instructions on
> http://us1.samba.org/samba/docs/man/Samba-Guide/happy.html to set them up.  
> I am using utilities smbldap-passwd.pl from idealx for password changing.
>  
> User could change password on PDC and it will populate to DBC, but when the
> user change password on BDC, it will not populate to PDC.

> # The following part is for slave slapd
> updatedn "cn=Manager,dc=cas,dc=edu,dc=au"

See, it all seems to easy to just use the same DN, but you *must* use a
*separate* 'replicator' DN.  Otherwise the salve cannot tell the
difference between the local samba and the replications - samba relies
on being told to 'go elsewhere' to update the master first.

Andrew Bartlett

-- 
Andrew Bartlett [EMAIL PROTECTED]
Authentication Developer, Samba Teamhttp://samba.org
Student Network Administrator, Hawker College   [EMAIL PROTECTED]


signature.asc
Description: This is a digitally signed message part
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] 'credentials' file doesn't work - also observed by others

[Michael Woodhams]

Background: Linux, Debian (Sarge). I want to auto-mount an smbfs at
boot. smbmount version is 3.0.7-Debian.

With the following in my fstab, I can do the mount as root, but have to
provide a password (hence either I can't boot unattended, or can't mount
it during boot):

///  /mnt/point smbfs  
user,noauto,username=/,uid=,gid=   0   0

I can make it automount by providing the password:

///  /mnt/point smbfs  
user,noauto,username=/,uid=,gid=,password=   0   0

but this is insecure. I tried using credentials:

///  /mnt/point smbfs  
user,noauto,username=/,uid=,gid=,credentials=/etc/smbpassword
   0   0

where /etc/smbpassword contains

username=/
password=

but I get an error:
1741: session setup failed: ERRDOS - ERRnoaccess (Access denied.)
SMB connection failed

(I think '1741' is a PID - it changes each time.) 

To forstall some suggestions:

* There are no non-alphanumeric charaters in , ,
 etc.
* There is a newline at the end of /etc/smbpassword
* I've tried from the command line using 'smbmount', with the same
results - works with "password=" but not with "credentials="
* I've tried giving the credentials file liberal permissions (666)
* The password in the credentials file is correct - I've cut-and-pasted
it to command line and had it work
* I've tried (from command line) without the extra options like 'user'
and 'noauto'.
* Yes, I've googled - I found several others with the same problem, but
no solution. 
http://lists.samba.org/archive/samba/2003-November/002040.html
http://archives.mandrakelinux.com/cooker/2004-01/msg00114.php

Michael W.


-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Re: Re: Groupmapping doesn't work

[John H Terpstra]

On Tuesday 12 October 2004 20:46, jamrock wrote:
> "John H Terpstra" <[EMAIL PROTECTED]> wrote in message
> news:[EMAIL PROTECTED]
>
...
> Hmmm...
>
> I am not sure I understand the process well enough to do that.  All I know
> is that I have found a way to get group mapping to work based on Section
> 6.3.5  of Samba 3 by example.
>
> "At this time, Samba-3 requires that on a PDC all UNIX (Posix) group
> accounts that are mapped (linked) to Windows Domain Group accounts must be
> in the LDAP database."
>
> I don't know how or why.  I just know that since I have done this, group
> mapping works beautifully on the systems that I have installed.
>
> See also chapter 6 of  LDAP System Administration by Gerald Carter.  The
> section on Information Migration gives detailed instructions on how to use
> the migration tools from www.padl.com.
>
> I copy the /etc/group account to another directory. I delete all the groups
> that don't map to Windows groups.  (It is important to make sure that you
> are working with the copy when doing this).  I then migrate the groups to a
> LDIF file and use the standard LDAP commands to import them into the
> directory.
>
> I will have a look at the Samba Howto and see if I can find a good place to
> stick in that sentence.  I think it makes or breaks the process.

OK. I look forward to anything you can provide to help clarify the docs.

Cheers,
John T.

-- 
John H Terpstra
Samba-Team Member
Phone: +1 (650) 580-8668

Author:
The Official Samba-3 HOWTO & Reference Guide, ISBN: 0131453556
Samba-3 by Example, ISBN: 0131472216
Hardening Linux, ISBN: 0072254971
OpenLDAP by Example, ISBN: 0131488732
Other books in production.
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] Re: Re: Groupmapping doesn't work

[jamrock]

"John H Terpstra" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]
> On Tuesday 12 October 2004 05:05, jamrock wrote:
> > I could never get group mapping to work.  After reading Samba 3 by
example,
> > I realized that I needed to migrate the relevant groups from /etc/group
to
> > LDAP.
> >
> > I have set up a few servers since then and have not had any problems.
> >
> > I use the migration tools from padl.com to migrate the /etc/group
entries
> > to LDAP.  I only migrate the ones I need to map to Windows groups. See
> > http://www.padl.com/OSS/MigrationTools.html
> >
> > This is clearly stated in Samba 3 by example but I did not see it in the
> > Official Samba 3 How To.
>
> Please provide a documentation patch, or else clearly indicate what needs
to
> be updated and your fixes will be applied. Please don't just tell us what
to
> fix but rather give us an update that we can add.
>
> Thanks.
>
> - John T.

Hmmm...

I am not sure I understand the process well enough to do that.  All I know
is that I have found a way to get group mapping to work based on Section
6.3.5  of Samba 3 by example.

"At this time, Samba-3 requires that on a PDC all UNIX (Posix) group
accounts that are mapped (linked) to Windows Domain Group accounts must be
in the LDAP database."

I don't know how or why.  I just know that since I have done this, group
mapping works beautifully on the systems that I have installed.

See also chapter 6 of  LDAP System Administration by Gerald Carter.  The
section on Information Migration gives detailed instructions on how to use
the migration tools from www.padl.com.

I copy the /etc/group account to another directory. I delete all the groups
that don't map to Windows groups.  (It is important to make sure that you
are working with the copy when doing this).  I then migrate the groups to a
LDIF file and use the standard LDAP commands to import them into the
directory.

I will have a look at the Samba Howto and see if I can find a good place to
stick in that sentence.  I think it makes or breaks the process.



-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] Major Samba Battle

[Brian Witowski]

I've been here before but I'm still battling with getting Samba to work
right with my XP Pro clients.  In a nutshell, when I try to access a share,
it asks for a username and password.  I enter a username and password and it
simply goes right back to the prompt, asking again.  This is when it's set
up as a domain controller.

 

 

I should note:

I CAN join the domain. 

I DO have my workstations added as machines. 

My [homes] mapping works fine.  

After I log in, I can access my H: drive (homes).

I have added Unix users and passwords to Samba  

I've tried disabling Shorewall

 

But that's about the only thing that works.  Ethereal is showing errors such
as: "NTLMSSP_CHALLENGE, Error: STATUS_MORE_PROCESSING_REQUIRED" and "Tree
Connect AndX Request, Path :\\SERVER\DOWNLOADS" then "Tree Connect AndX
Response, Error: STATUS_BAD_NETWORK_NAME".

 

Im at my wits end.  I've been fighting with this for 3 weeks and not making
any progress.  PLEASE, give me a push in the right direction.

 

Brian

 

 

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

RE: [Samba] Printer name changed in samba 3.0.7

[Cavanaugh, Mike F]

We went back to 3.0.4 and there is no problem at all. The problem is
that lots of print drivers need to be manually uploaded and now to be
manually corrected in 3.0.7.

-Original Message-
From: Gerald (Jerry) Carter [mailto:[EMAIL PROTECTED] 
Sent: Tuesday, October 12, 2004 1:50 PM
To: Andrew Gaffney
Cc: Cavanaugh, Mike F; [EMAIL PROTECTED]
Subject: Re: [Samba] Printer name changed in samba 3.0.7


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Andrew Gaffney wrote:
| Cavanaugh, Mike F wrote:
|
|> We have a strange problem when using samba 3.0.7 where a printer's 
|> name is changed to the name of the printer driver. We use samba to 
|> share out printers from a fedora core 1 system. On a windows client 
|> they initially show up accurately. When adding the windows driver 
|> from a windows client for a new shared printer the driver files get 
|> transferred just fine. However, the printer name in the Printer and 
|> Faxes folder suddenly gets changed to the name of the printer driver 
|> just uploaded after clicking the final OK in the windows dialog box. 
|> The name can be changed back to its original name and the printer 
|> works fine and the properties can be set. This did not happen in 
|> previous versions of samba. Would anyone know the cause of this?
|
|
| This isn't just a 3.0.7 thing. I noticed the same thing last night 
| with 3.0.6 when adding print drivers to the samba PDC from an XP box.

This is the Windows client renaming the printer.  not Samba. Just rename
it back after uploading the new driver.





cheers, jerry
- -
Alleviating the pain of Windows(tm)  --- http://www.samba.org
GnuPG Key- http://www.plainjoe.org/gpg_public.asc
"If we're adding to the noise, turn off this song"--Switchfoot (2003)
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.2.4 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFBbBlHIR7qMdg1EfYRAhwuAJ9stoN439HBG11OhqBARSMAuN6l+ACg46oa
vZpFwX72cGZBxN8N6U2NxCs=
=zfqr
-END PGP SIGNATURE-
--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] linux server freezes on large file transfers

[Monty]

Still no progress.  Just tried to transfer 1.3GB fle and my box locked up. 



I am running MD 10 (Community) as a file server on a Shuttle SB61G2. This 
setup worked very well under Mandrake 9.2 however, everytime I try to copy 
files larger than say <550 ~650MB using MD 10, my linux box freezes and must 
be rebooted. I can FTP the same file(s) perfectly fine to other PC 's on my 
home net.  Small volumes of files work fine as well as ISO images, the box 
seems to lock up only after it passes some type of treshold treshold.  I am 
not sure what to do here.  I have installed of the latest SMB packages for MD 
10.  The problem still persists.

Is there some config parameter that I must change? 



#=== Global Settings =
[global]
log file = /var/log/samba/log.%m
smb passwd file = /etc/samba/smbpasswd
load printers = yes
passwd chat = *New*UNIX*password* %n\n *ReType*new*UNIX*password* %n\n 
*passwd:*all*authentication*tokens*updated*successfully*
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
encrypt passwords = yes
passwd program = /usr/bin/passwd %u
dns proxy = no
server string = Samba Server
printing = cups
unix password sync = Yes
workgroup = Southpark
printcap name = lpstat
security = user
max log size = 500
use sendfile = no

 [homes]
 comment = Home Directories
 browseable = no
 writable = yes
--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] Group membership

[Misty Stanley-Jones]

I am using Samba PDC with OpenLDAP2 and smbldap-tools.  As part of my 
logon.bat, I call a script called ifmember.exe.  This script can list out the 
groups a user is a member of.  It is reporting that my root user is a member 
of the group 'engr.'  I don't know if this is a bug with ifmember.exe or if 
it's an issue in Samba or in LDAP.  Here is some relevant data:

oink:/etc/smbldap-tools # smbldap-groupshow engr
dn: cn=engr,ou=groups,dc=borkholder,dc=com
cn: engr
gidNumber: 1001
memberUid: pat,chuck,gene,paul,roger,jerry,mike,jose,todd,howard,jb
objectClass: top,posixGroup,sambaGroupMapping
sambaGroupType: 2
sambaSID: S-1-5-21-725326080-1709766072-2910717368-1001

oink:/usr/local/sbin # ./smbldap-usershow root
dn: cn=root,ou=people,dc=borkholder,dc=com
objectClass: account,posixAccount,top,sambaSamAccount
cn: root
uid: root
uidNumber: 0
gidNumber: 0
loginShell: /bin/bash
homeDirectory: /root
displayName: root
sambaPwdCanChange: 1095966471
sambaPwdMustChange: 2147483647
sambaLMPassword: 9B3390AB6FD22782AAD3B435B51404EE
sambaNTPassword: 6F0F56FE06D5EFFDE700A23B9A944678
sambaPasswordHistory: 

sambaPwdLastSet: 1095966471
sambaAcctFlags: [U  ]
userPassword: {SSHA}KeQmB88xtBT1lxXzLsG30CSVHIPD+VE2
sambaSID: S-1-5-21-725326080-1709766072-2910717368-500
sambaPrimaryGroupSID: S-1-5-21-725326080-1709766072-2910717368-512

oink:/usr/local/sbin # net groupmap list
acct_admin (S-1-5-21-725326080-1709766072-2910717368-1006) -> acct_admin
truss (S-1-5-21-725326080-1709766072-2910717368-1005) -> truss
hr (S-1-5-21-725326080-1709766072-2910717368-1004) -> hr
furniture (S-1-5-21-725326080-1709766072-2910717368-1003) -> furniture
dutch (S-1-5-21-725326080-1709766072-2910717368-1002) -> dutch
Domain Admins (S-1-5-21-725326080-1709766072-2910717368-512) -> Domain Admins
Domain Users (S-1-5-21-725326080-1709766072-2910717368-513) -> Domain Users
Domain Guests (S-1-5-21-725326080-1709766072-2910717368-514) -> Domain Guests
Print Operators (S-1-5-32-550) -> Print Operators
Backup Operators (S-1-5-32-551) -> Backup Operators
Replicators (S-1-5-32-552) -> Replicators
Workgroup Computers (S-1-5-21-725326080-1709766072-2910717368-515) -> 
Workgroup Computers
Administrators (S-1-5-32-544) -> Administrators
acct (S-1-5-21-725326080-1709766072-2910717368-1007) -> acct
receptionist (S-1-5-21-725326080-1709766072-2910717368-1008) -> receptionist
engr (S-1-5-21-725326080-1709766072-2910717368-1001) -> engr

Is there anywhere else I can look to see why this command thinks I'm a member 
of the engr group?  I'm using nss_ldap on the server for authentication as 
well.

Misty

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] win95 systems see samba 2.2.12 server OK, winXP do not

[bill eight]

Hi,

This problem is driving me crazy..
I've read piles of FMs, but am 
stuck...

is it the variable "domain logons = yes"
which is causing me trouble?

is it something else??

thx
b

---

[EMAIL PROTECTED] samba]# more smb.conf

[global]
smb passwd file = /etc/samba/smbpasswd
add user script = /usr/sbin/useradd -d
/dev/null -g machines -c 'Machine Accou
nt' -s /bin/false -M %u
pam password change = yes
encrypt passwords = yes
wins support = true
max log size = 0
obey pam restrictions = yes
directory mode = 775
security = user
passwd program = /usr/bin/passwd %u
printing = lprng
create mode = 775
dns proxy = no
only user = yes
socket options = TCP_NODELAY SO_RCVBUF=8192
SO_SNDBUF=8192
valid users = @samba
root preexec = /usr/bin/ntlogon -u %U -g %G -o
%a -d /var/lib/samba/netlogon \
&& chmod 644 /var/lib/samba/netlogon/%U.bat;
printcap name = /etc/printcap
invalid users = root
logon script = %U.bat
passwd chat = *New*password* %n\n
*Retype*new*password* %n\n *passwd:*all*auth
entication*tokens*updated*successfully*
domain admin group = chelp michael
user = @samba
domain logons = yes
unix password sync = Yes
workgroup = MP
server string = MEP Server
log file = /var/log/samba/%m.log
delete readonly = yes
netbios name = server
load printers = yes
root postexec = rm -f
/var/lib/samba/netlogon/%U.bat
os level = 33
write list = @samba
logon home = "\\server\%U"

[homes]
   comment = Home Directories
   browseable = no
   writable = yes
   valid users = %S
   create mode = 0664
   directory mode = 0775

[netlogon]
comment = Network Logon Service
path = /usr/local/samba/lib/netlogon
guest ok = yes
writable = no
share modes = no



# NOTE: If you have a BSD-style print system there is
no need to
# specifically define each individual printer
[printers]
   comment = All Printers
   path = /var/spool/samba
   browseable = no
# Set public = yes to allow user 'guest account' to
print
   guest ok = no
   writable = no
   printable = yes

[data]
path = /usr/data
force group = samba


__
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com 
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Samba with winbindd AD Group access limit problem

[Andreas]

On Tue, Oct 12, 2004 at 09:40:39AM -0400, Freund, Phil wrote:
> Thank you. I used the opportunity to upgrade to 3.0.7 and applied the patch.
> It appears to work perfectly. Do you know if this will be in the next
> distribution?

Yes, it's already commited to SVN and should be in 3.0.8

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] Problem with Netbios names

[Sheikji Nazirudeen]

Hello,
 I am having problems with the Netbios names. When I use %m or %M to
log system names I get IP address instead of the names. Can anyone help
me in resolving this?

Sheikji Nazirudeen
IT Analyst
Syracuse University
315-443-1207
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Redirect "My Documents" for NT through XP

[rruegner]

Misty Stanley-Jones schrieb:
I have seen ways to redirect "My Documents" for XP through the registry, and 
I've seen ways to do it in NT if you have NT server actually connected to 
your PDC.  I've seen ways to do it in 9x if you have Windows 98 somewhere so 
that you can use their policy editor.  Isn't there some way that I can do it 
for everyone all at once?  I don't happen to have any Win98 machines.  I only 
have one NT server which is not connected to the domain.  I really want to 
redirect My Documents because I'm worried about what will happen if someone 
saves a document and their machine crashes before they log out of the PDC 
(no, Windows NEVER crashes).

Any help would be appreciated.  By the way, ifmember.exe is beautiful.  If 
anyone needs help with group-aware logon.bat scripts, I will be glad to give 
you some examples.

Misty
Hi, as win98 cannot be a real domain member there will be no magic
to do this with ntconfig.pol,
but there is a way i think.
create the right reg file ( for redirect the My documents in win98 )and 
use win98 regedit version , copy it both in the netlogon share ( maybe 
sub folder ) in your default logon.bat insert a check to the inlogging 
win version and invoke a subbatch job which does the reg patch.
I think there must be ways to this with win scripting too.
As the win version vari in some thing at behavior at logon
a general version check is always good to have.
At last mixed setups ( many win versions ) cannot be recommended
especially if you use roaming profile...these problems are not really
samba related , so googling on win admin sites should help you much
about solving such problems
Regards

--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

RE: [Samba] Performance Issues with GBit LAN

[Tom Hibbert]

Hi Steffen
>At first: Thanks for the response.

>Here are the performance Measures of my Harddisks in the Server. As the
>Harddisks are not connected to the Onboard IDE, they're not limited to
9
>MB/sec

>/dev/sdb is the RAID 0, Connected to the PCI Raid Controller Card. The
only
>Share Samba provides is on the RAID, so performance should be enough.

>/dev/sdb:
>Timing buffered disk reads:  64 MB in  1.55 seconds = 41.29 MB/sec

>(Redhat9.0, 256 SD-RAM, 300MHz PII, RTL8169 NIC, 2x Western Digital
WD200JB >RAID 0) to my Windows-PC(AMD Athlon XP 1800+, 1024 MB DDR-RAM,
WINXP PRO, >RTL8169 NIC, 2x Western Digital WD080JB RAID 0)

Looking at the configuration of the server PC, you have a Realtek
network card and an unspecified RAID card on a P2 300. I'm guessing that
the machine is based on an LX or BX chipset with PC66 or PC100 ram.
You have 66mhz bandwidth to play with in the PCI bus. You also have
66mhz FSB thanks to the PII 300 CPU. All the benchmarking you have done
(both Iperf and hdparm) both test the two subsystems individually, not
together. My initial guess is that your PCI bus and/or CPU cannot drive
this system at its full potential. Look at the load average on the
server during transfer.

Secondly you are running Redhat 9 with a Realtek 8169. There were a
number of issues with the stock Redhat 9 kernel versus a Realtek 8169,
see here
http://www.linuxquestions.org/questions/showthread.php?s=&threadid=14975
1&highlight=8169. In fact these users are reporting only 8-10mb
throughput which is exactly what you are describing.

My advice to you is to roll a custom kernel for your system (optimized
for Pentium 2, raid and network drivers built into kernel instead of
modules). Then perform a proper hard disk benchmark using Bonnie++ so
you know what the disks are truly capable of (hdparm -t doesn't cut it
in this respect).
Then I would compare the difference between throughput serving from both
your SCSI disk (sda) and RAID array with the benchmark data given by
bonnie++. This may reveal a CPU or FSB bottleneck.


Good luck and thanks

Tom
--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] Samba 3.0.7 vs MIT Kerberos and tickets renewal...

[Melfi . Marcello]

Hi,

I am using (trying to...) Samba 3.0.7 in ADS security mode.

I have followed the instructions found in the Samba How-To doc regarding the
this security mode. So, I have setup the /etc/krb5.conf, ran the "kinit"
command to get the TGT ticket and added the samba machine to the AD with the
"net ads join" command.

I am mainly using Samba so that a share is available for Windows machine
which are running an application that generates and exports (to the Samba
share) many data files on a regular basis, every days of the week, every
weeks of the month, every months of the year... How does Samba handles/works
with Kerberos? In our case, nobody really have to log on to the Samba
machine. By that, I mean that whether it is a Windows user or an application
running in the background on a Windows machine, nobody logs on directly to
the Unix box. So, how are the Kerberos tickets handled/renewed? Manual
tickets renewal is not really an option here!

Am I missing some Kerberos configuration files and/or configuration
parameters? 

Regards,

Marcello Melfi

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Make fails

[Paul Gienger]

I am installing samba3.0.7 on unix
Care to give a fully qualified OS with that?  I think there's probably 
only about 5 likely variants of UNIX you could be talking about unless 
you're mistaken and are actually talking about Linux or BSD.

and when I run make, I get "failed to make dynaconfig -o".
 

Perhaps your configure line would help.
--
Paul Gienger Office: 701-281-1884
Applied Engineering Inc. 
Information Systems Consultant   Fax:701-281-1322
URL: www.ae-solutions.commailto: [EMAIL PROTECTED]

--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] Fixing wins entries in Samba 2.2.9.

[Marisabel]

Hello, 
how can I fix wins entries in Samba 2.2.9?
I created a file with the entries to fix, then deleted the wins.dat
file, but the programme does not append the new entries.
Changing the TTL to 0 does not work.
Best regards,
M.
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] migrating from samba-2.2.7 to samba-3.0.7

[Fernando Cachay G.]

Hello
I'm migrating from samba-2.2.7 to samba-3.0.7. Before I was working with
server level security (security = server) and all my clients into my domain
could connect, l also have another clients who are not in the domain, so
they have an local account and were authenticated using "smbpasswd" . But
now, I've configured it in Domain Security Level,but when a client who is
not in the domain try to connect,  he is prompted for user/password, and it
doesn't accept the local user/password. I get an log error :"Error was
NT_STATUS_NO_SUCH_USER." from the PDC . I want to know what parameter should
I check for doing that.

My smb.conf :
[global]
dos charset = CP850
unix charset = UTF-8
display charset = LOCALE
workgroup = DOMAIN
realm =
netbios name = LNXPRUEBA
netbios aliases =
netbios scope =
server string = lnxprueba
interfaces =
bind interfaces only = No
security = DOMAIN
auth methods =
encrypt passwords = Yes
update encrypted = No
client schannel = Auto
server schannel = Auto
allow trusted domains = Yes
hosts equiv =
min passwd length = 5
map to guest = Never
null passwords = Yes
obey pam restrictions = No
password server = *
smb passwd file = /etc/samba/smbpasswd
private dir = /etc/samba
passdb backend = smbpasswd
algorithmic rid base = 1000
root directory =
guest account = nobody
pam password change = No
passwd program = /usr/bin/passwd %u
passwd chat = *new*password* %n\n *new*password* %n\n *changed*
passwd chat debug = No
passwd chat timeout = 2
username map =
password level = 0
username level = 0
unix password sync = No
restrict anonymous = 0
lanman auth = Yes
ntlm auth = Yes
client NTLMv2 auth = No
client lanman auth = Yes
client plaintext auth = Yes
preload modules =
use kerberos keytab = No
log level = 0
syslog = 1
syslog only = No
log file = /var/log/samba/%m.log
max log size = 50
timestamp logs = Yes
debug hires timestamp = No
debug pid = No
debug uid = No
smb ports = 445 139
protocol = NT1
large readwrite = Yes
max protocol = NT1
min protocol = CORE
read bmpx = No
read raw = Yes
write raw = Yes
disable netbios = No
acl compatibility =
defer sharing violations = Yes
nt pipe support = Yes
nt status support = Yes
announce version = 4.9
announce as = NT
max mux = 50
max xmit = 16644
name resolve order = lmhosts wins bcast
max ttl = 259200
max wins ttl = 518400
min wins ttl = 21600
time server = No
unix extensions = Yes
use spnego = Yes
client signing = auto
server signing = No
client use spnego = Yes
change notify timeout = 60
deadtime = 0
getwd cache = Yes
keepalive = 300
kernel change notify = Yes
lpq cache time = 10
max smbd processes = 0
paranoid server security = Yes
max disk size = 0
max open files = 1
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
use mmap = Yes
hostname lookups = No
name cache timeout = 660
load printers = Yes
printcap cache time = 0
printcap name = /etc/printcap
cups server =
disable spoolss = No
enumports command =
addprinter command =
deleteprinter command =
show add printer wizard = Yes
os2 driver map =
mangling method = hash2
mangle prefix = 1
stat cache = Yes
machine password timeout = 604800
add user script =
delete user script =
add group script =
delete group script =
add user to group script =
delete user from group script =
set primary group script =
add machine script =
shutdown script =
abort shutdown script =
logon script =
logon path = \\%N\%U\profile
logon drive =
logon home = \\%N\%U
domain logons = No
os level = 20
lm announce = Auto
lm interval = 60
preferred master = Auto
local master = Yes
domain master = No
browse list = Yes
enhanced browsing = Yes
dns proxy = No
wins proxy = No
wins server = 160.100.120.125
wins support = No
wins hook =
wins partners =
kernel oplocks = Yes
lock spin count = 3
lock spin time = 10
oplock break wait time = 0
ldap admin dn =
ldap delete dn = No
ldap filter = (uid=%u)
  

Re: [Samba] Samba as gateway MIT kerberos

[Volker Lendecke]

On Tue, Oct 12, 2004 at 02:47:57PM -0500, Gerald (Jerry) Carter wrote:
> | --with-afs
> | --with-fake-kaserver
> | --with-krb5=base-directory
> 
> Yes, but Volker is better suited to explain how it works.
> Or point you towards some documentation.

It's irrelevant whether you have kerberos enabled or not. The only thing to
make Samba a gateway to AFS is the option --with-fake-kaserver=yes. Setting
that enables Samba to act as a kaserver. Three things to be done for
configuration:

* You have to give Samba access to the AFS KeyFile. This might be a blocker for
  you security-wise, but being a kaserver depends on being able to create
  kerberos tickets. This is done via the command 'net afskey 
  '

* Set 'afs username map'. It is typically 'afs username map = [EMAIL PROTECTED]'. %u
  represents the windows username, the appropriate pts user has to exist after
  being mapped.

* Set the parameter 'afs share = yes' for all samba shares handing out AFS
  filespace.

Hope that helps,

Volker
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] Home Directory

[Mark Sarria]

When trying to save a word document in my home directory I get a disk is
full error. Can anyone help me with this
 
 
Mark
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

RE : [Samba] Small bug with Samba 3.0.7's smbd process (or just a bad compilation)???

[Melfi . Marcello]

Hi Jerry,

Thanks for the explanation! I must point out though that it would be better
if the smbd process that is taking care of the lpq cache was renamed so that
it would not be confused with the other smbd process.

Regards,

Marcello

-Message d'origine-
De : Gerald (Jerry) Carter [mailto:[EMAIL PROTECTED] 
Envoyé : mardi 12 octobre 2004 13:54
À : Marcello Melfi
Cc : [EMAIL PROTECTED]; [EMAIL PROTECTED]
Objet : Re: [Samba] Small bug with Samba 3.0.7's smbd process (or just a bad
compilation)???


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Marcello Melfi wrote:

| Normally, when Samba is started, there should be one
| smbd process and one nmbd process up and running. Then,
| one additional smbd process is started for each share established with 
| a client pc. However, this is not the case here. When I start Samba 
| 3.0.7, I get two (instead of one) smbd processes and one nmbd process. 
| Other then that, everything seems to work ok (although I did nor had 
| the time to perform a lot of testing...). Is this a new Samba feature 
| or is there something wrong here?

New feature.  The second child process is responsible for updating the lpq
cache for various printers.  Although we're still working out a few issues
with it for 3.0.8.








cheers, jerry
- -
Alleviating the pain of Windows(tm)  --- http://www.samba.org
GnuPG Key- http://www.plainjoe.org/gpg_public.asc
"If we're adding to the noise, turn off this song"--Switchfoot (2003)
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.2.4 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFBbBo3IR7qMdg1EfYRApX5AKCgtuCedgZbT06Ndw45S4nHdS67HgCgxloI
/ESjmHe0zMU5NGmiWFbT6co=
=GQJU
-END PGP SIGNATURE-
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba
--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

RE : [Samba] Samba's ADS security mode on Sun Solaris

[Melfi . Marcello]

Hi John,

I managed to compile Samba 3.0.7, along with MIT Kerberos 1.3.5 and OpenLDAP
2.2.17.

I am using the ADS security mode in the smb.conf file. The AD server is
Windows Server 2000.

As described in the How-To Samba doc, I ran the "kinit [EMAIL PROTECTED]"
command first. Then, I added the Samba machine to the Windows Server with
the "net ads join -U Administrator%password" command.

When I run the klist command, I get the following output:

***
Ticket cache: FILE:/tmp/krb5cc_0
Default principal: <[EMAIL PROTECTED]>

Valid starting ExpiresService principal
10/08/04 15:57:48  10/09/04 01:59:26  krbtgt/@
renew until 10/09/04 15:57:48


Kerberos 4 ticket cache: /tmp/tkt0
klist: You have no tickets cached
***

Is it OK or should I see more, i.e. not just the TGT ticket?

After starting Samba (i.e. the smbd and nmbd processes), I tried to map a
Samba share from a Windows workstation. On that workstation, I am logged in
with a user already defined in the AD server.

The first try (i.e. after a reboot of the workstation so that the cache is
cleared) never works! At that point, a window opens and I have to provide
the username/password information and then it works. It looks like the
password is not OK the first time (I did the map from a Windows CMD console
to get the error msg)... When I look at the samba log for that workstation,
I have the following error messages:

***
[2004/10/08 17:31:34, 0] lib/util_sock.c:get_peer_addr(1000)
  getpeername failed. Error was Transport endpoint is not connected
[2004/10/08 17:31:34, 0] lib/util_sock.c:write_socket_data(430)
  write_socket_data: write failure. Error = Broken pipe
[2004/10/08 17:31:34, 0] lib/util_sock.c:write_socket(455)
  write_socket: Error writing 4 bytes to socket 24: ERRNO = Broken pipe
[2004/10/08 17:31:34, 0] lib/util_sock.c:send_smb(647)
  Error writing 4 bytes to client. -1. (Broken pipe)
***

When the share is established, it is working OK.

Do you have any ideas here?

Regards,

Marcello Melfi

-Original Message-
From: John H Terpstra [mailto:[EMAIL PROTECTED] 
Sent: September 28, 2004 23:49
To: Marcello Melfi
Subject: RE: [Samba] Samba's ADS security mode on Sun Solaris

Hi,

Some useful, but dated, info is to be found at:

http://samba.org/~jht/Notes/

- John T.
---
John H Terpstra
Samba-Team
email: [EMAIL PROTECTED]


>  Original Message 
> Subject: [Samba] Samba's ADS security mode on Sun Solaris
> From: "Marcello Melfi" <[EMAIL PROTECTED]>
> Date: Tue, September 28, 2004 6:20 pm
> To: [EMAIL PROTECTED]
>
> Hi,
>
> I have installed and configured with success Samba 3.0.2a (using a
> binary
> package) on a Sun Solaris 8 using the DOMAIN security mode. I used the 
> usermaps.txt file to simplify the overall configuration of Unix vs 
> Windows users, e.g. no winbindd/ldap/pam/etc...
>
> I now have a requirement to set it up using the ADS security mode. So,
> my understanding is that I need to start from the Samba source files, 
> version
> 3.0.7 for instance, and compile everything. I also need to compile the 
> MIT Kerberos and the OpenLDAP source files first. I think that one of 
> these packages also requires the Kerberos DB.
>
> The following questions come to mind:
>
> 1. Has anybody done that (i.e. compiled Samba with ADS support) on Sun
> Solaris 8 or 9? If so, a few pointers would be greatly appreciated!
>
> 2. The ADS security mode requires the MIT Kerberos and OpenLDAP
> development libraries. Does this simply mean that I need to compile 
> the source code from their respective Web site? For example, I would 
> download the stable source code version 2.2.17 of OpenLDAP and compile it.
>
> 3. When using the ADS security mode, can I still simply use the
> usermaps.txt file and not winbindd/ldap/pam/etc?
>
> Regards,
>
> Marcello Melfi
> m_melfi@  hotmail.com
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  http://lists.samba.org/mailman/listinfo/samba
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] Re: Samba and OpenLDAP Problem :((

[Igor Belyi]

Can you provide smbd log showing the error message you receive on login 
attempts?
Does your 'pdbedit -L' lists machine accounts as well as user's one?
How did you migrate your user database into LDAP (you may lost your 
password during migration)?
Why do you use samba 2.x schema with Samba 3.0.7? I know it should work, 
but it was design for those poor souls who had LDAP configured with 
Samba 2.x and now migrate to Samba 3.x.

Igor
Soheil Hassas Yeganeh wrote:
Dear All,
When i configured samba to use openldap for passdb backend, no one
could connect to it, (all workstation maked time out.)
But, pdbedit -L  works and prints all the users i've created.So, i
think everything about my ldap is right.
(I've used samba 2.x scheme on my openldap, so I used
ldapsam_compat:ldap://localhost/ for passdb backend.)
when i comment the LDAP lines of my smb.conf it works :)) i don't know
what's bad about it.
I'm using Samba 3.0.7 on fedora core 2. and my smb.conf is :
# Global parameters
[global]
	workgroup = CYBERMEHR
	server string = arthus
	username map = /etc/samba/smbusers
	log file = /var/log/samba/%m.log
	max log size = 50
	socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
	dns proxy = No
	passdb backend = ldapsam_compat:ldap://localhost/	 
	ldap admin dn = cn=Manager,dc=cybermehr,dc=com
	ldap group suffix = ou=Group
	ldap machine suffix = ou=Hosts
	ldap suffix = dc=cybermehr,dc=com
	ldap ssl = no
	ldap user suffix = ou=People
	ldap filter = (&(uid=%u))
[homes]
	comment = Home Directories
	read only = No
	browseable = No

[printers]
comment = All Printers
path = /var/spool/samba
printable = Yes
browseable = No
Does anyone know what can i do to make it work ?
Best Regards
Soheil
--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Samba as gateway MIT kerberos

[Gerald (Jerry) Carter]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Warren Yuen wrote:
| Hi,
|
| We have Windows2k machines connected and authenticated with Samba.  We
also
| have MIT kerberos for Linux systems.
|
| What we want to do is using samba as a gateway, clients using Windows2k
| machines can access their AFS file space.
|
| We are trying to encrypt the usernames and passwords and send to samba
side
| which then decrypt and retrieve the plain-text password. Does Samba have
| functionalites to get the AFS tickets and tokens? Any patches on Samba
| required?
|
| Or is there any "standard" or better way to work with this problem? PAM?
|
| I've been looking for some detail descriptions of the following
options. Are
| these options relevant to my situation?
|
| --with-afs
| --with-fake-kaserver
| --with-krb5=base-directory
Yes, but Volker is better suited to explain how it works.
Or point you towards some documentation.


cheers, jerry
- -
Alleviating the pain of Windows(tm)  --- http://www.samba.org
GnuPG Key- http://www.plainjoe.org/gpg_public.asc
"If we're adding to the noise, turn off this song"--Switchfoot (2003)
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.2.4 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFBbDTtIR7qMdg1EfYRAj7sAJ906m6+2SngkThoMybdzIncSOa/pgCgiaTE
gv8MY6iMEtQprWz1DnqieNQ=
=S+Fl
-END PGP SIGNATURE-
--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Roaming Profile & Folder Redirection Problems

[Rich Edelman]

Replies inline :)

On Monday 11 October 2004 11:56 am, Richard Michael wrote:
> Hi Rich,
>
> I have also built my XP clients w/ RP+FolderRedir.
>
> I haven't seen all the problems you've described, but am having my own
> share of difficulties.  I'd be interested if you encounter them, see my
> earlier post (a few days back) if you're curious.
>
> > 1) After a Windows XP user logs out for the first time, upon next
> > login they get an error message saying "Windows cannot log you in
> > because your profile cannot be loaded." Deleting the NTUSER.DAT file
> > for that user allows that user to log in again.
>
> I haven't seen this, but have read notes about the accumulation of .tmp
> in the profile (Windows creates them) files possibly causing this
> problem.  Are you seeing .tmp files if you look at the profile, during
> or after logoff (but prior to the next logon)?

There is no accumulation of .tmp files in the profile at all. I do think the 
profile is getting corrupted, though. After configuring the logging you 
mentioned below, I noticed that upon second login, Windows tries to merge the 
mandatory profile it copied over from the default profile with a user 
profile, which for some reason fails, and does not allow me to log on. Are 
there supposed to be both ntuser.dat and ntuser.man files in a profile? I'm 
really not much of a windows guy, heh.

> > 2) It doesn't appear like the default user profile (located in
> > /var/lib/samba/netlogon/Default User/) is getting used for anything,
> > as when I log in for the first time and view the registry any changes
> > that I made for the default user are not there!
>
> What profile is used for the new user?  For example, is XP copying the
> C:\Documents and Settings\Default User profile?  Perhaps it's not
> finding your [netlogon] share?  You've verified all permissions on the
> Unix side and in the smb.conf file?  Can you see the profile being
> copied if you sniff smb or read the logs?

Okay, it is copying the profile from the [netlogon] share. I was confused 
because apparently Windows changes the registry keys after you are logged in 
back to '%USERPROFILE%/blah' instead of keeping 
'%LOGONSERVER%/profiles/%USERNAME%/blah' like I have in the default profile.

> Also, you can turn on quite a bit of logging in XP by setting this reg
> key:
> HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsNT\CurrentVersion\Winlogon
>   = [REG_DWORD] UserEnvDebugLevel = 0x30002
>
> The log file is in C:\Windows\Debug\UserMode .. (if memory serves..)

Wow, lots of logs!

> I can compare perms and settings with you if it helps, my [netlogon]
> profile is used properly.
>
> Also, are you doing anything with Group Policy items on the XP side that
> would altered your expected Default User environment?  (The logging
> above will show you this..)

The only group policy I have set is I have disabled offline files entirely, I 
have altered the exclusion lists to include redirected folders, and I have 
turned off the ownership check for the profile. All (with the exception of 
the offline files) are as outlined in Chapter 6 of Samba-3 By Example.
FWIW, I have also experimented with keeping offline files enabled and turning 
off the 'synchronize files before logon' and 'synchronize files after logout' 
options. That last option did away with the synchronization window I was 
getting.  I wonder if this has anything to do with the fact that I am not 
redirecting all the folders in the profile.

> Evidently, XP wants client side caching on the profile location
> disabled (I saw complaints in the Event Log).  Perhaps this is causing
> problems?  To do so, add to the [profiles] section of smb.conf:
>
>   csc policy = disabled
>
> I don't think Terpstra's book mentions this but it's in the smb.conf man
> page.

I added the 'csc policy = disabled' line to the [profiles] section of my 
smb.conf file, but the event viewer still has complaints from WinXP about the 
profiles share being configured for automatic caching.

> > 3) This one will probably be solved by #2 above, but whenever a user
> > logs out, there is that stupid 'synchronizing' window, even though all
> > profile folders have been redirected to a network drive. Why?
>
> Isn't this Offline Files on the XP side?  I have disabled this at the
> system level, because I didn't want user's dealing with any sync
> problems.  Have you disabled Offline File Caching for at least the
> folders you have redirected?  Try disabling it altogether; set this GP:
>
>   Computer configuration
> Admin templates
>   Network
> Offline files
>   Allow or disallow use of offline files = Disabled
As I said above, I have experimented with that setting, as well as some 
others. I did forget to mention that I also enabled this GP:
   User configuration
  Admin Templates
 Network
Offline Files
   Do not automatically make redirected folders available offline.

That's the only way I could figure out to dis

[Samba] Make fails

[EXT-Rajan, Varad]

I am installing samba3.0.7 on unix and when I run make, I get "failed to make 
dynaconfig -o".
Please let me know where I an going wrong. If binary of Samba is available, please 
direct me to the web site. Thanks
...Varad Rajan
--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] Samba as gateway MIT kerberos

[Warren Yuen]

Hi,

We have Windows2k machines connected and authenticated with Samba.  We also 
have MIT kerberos for Linux systems.

What we want to do is using samba as a gateway, clients using Windows2k 
machines can access their AFS file space. 

We are trying to encrypt the usernames and passwords and send to samba side 
which then decrypt and retrieve the plain-text password. Does Samba have 
functionalites to get the AFS tickets and tokens? Any patches on Samba 
required?

Or is there any "standard" or better way to work with this problem? PAM?

I've been looking for some detail descriptions of the following options. Are 
these options relevant to my situation?

--with-afs
--with-fake-kaserver
--with-krb5=base-directory

Any help appreicated.

Warren

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] Redirect "My Documents" for NT through XP

[Misty Stanley-Jones]

I have seen ways to redirect "My Documents" for XP through the registry, and 
I've seen ways to do it in NT if you have NT server actually connected to 
your PDC.  I've seen ways to do it in 9x if you have Windows 98 somewhere so 
that you can use their policy editor.  Isn't there some way that I can do it 
for everyone all at once?  I don't happen to have any Win98 machines.  I only 
have one NT server which is not connected to the domain.  I really want to 
redirect My Documents because I'm worried about what will happen if someone 
saves a document and their machine crashes before they log out of the PDC 
(no, Windows NEVER crashes).

Any help would be appreciated.  By the way, ifmember.exe is beautiful.  If 
anyone needs help with group-aware logon.bat scripts, I will be glad to give 
you some examples.

Misty
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Performance Issues with GBit LAN

[Steffen Timmermann]

At first: Thanks for the response.

Here are the performance Measures of my Harddisks in the Server. As the
Harddisks are not connected to the Onboard IDE, they're not limited to 9
MB/sec

/dev/sda is the SCSI HDD where Redhat 9.0 is installed on.

/dev/sdb is the RAID 0, Connected to the PCI Raid Controller Card. The only
Share Samba provides is on the RAID, so performance should be enough.

[EMAIL PROTECTED] /]# hdparm -t /dev/sda

/dev/sda:
 Timing buffered disk reads:  64 MB in  5.42 seconds = 11.81 MB/sec
[EMAIL PROTECTED] /]# hdparm -t /dev/sdb

/dev/sdb:
 Timing buffered disk reads:  64 MB in  1.55 seconds = 41.29 MB/sec

- Original Message - 
From: "Dimitar Vassilev" <[EMAIL PROTECTED]>
To: "Holger Krull" <[EMAIL PROTECTED]>
Cc: "Steffen Timmermann" <[EMAIL PROTECTED]>; "Sambaliste"
<[EMAIL PROTECTED]>
Sent: Tuesday, October 12, 2004 7:40 PM
Subject: Re: [Samba] Performance Issues with GBit LAN


> В отговор на Holger Krull <[EMAIL PROTECTED]>:
> Please post your socket options.
Where do i find them?
> Disable computer browser from Control panel -> Administrative
Tools->Services
Wasn't disabled...done
> Enable Netbios over TCP
Wasn't enableddone
> set SO_RCVBUF and SO_SNDBUF to a value higher than 16386
How do I set the Buffersizes and on which machine?
> set dir caching.
Where do i set this?
> Get clients gigabit NICs
The Server and the Client both have the same GBit NIC with 8169 chipset.
> Best regards,
> Dimitar  Vassilev

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Re: [Samba] How to hire a samba developer?

[Gerald (Jerry) Carter]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Mark Roach wrote:
| I'm curious about how one would go about
| contacting/hiring a samba developer to fix a bug, or
| implement a feature. I've got a particular bug in mind
| (1493), but it seems like it would be a good thing to
| know in general.
This question has come up before so its probably a good one
to discuss.  If I understand you, you are really asking is:
"What's the best way to get personalized
 attention to the bug report I just filed?"
The core team members are stretched pretty thin on existing
bugs, new releases, continued work, day jobs, etc...
To me this would be a good chance for people in the community
to step up get involved.
I find that fixing specific bugs is a good way to become
familiar with a new code base.  New or potential developers
can stop in on the #samba-technical IRC channel (irc.freenode.net)
or email the [EMAIL PROTECTED] ml to get some direction.
But you have to be fairly self-motivated to work on Samba (and
open community driven projects in general IMO).
Once you have a patch, attach it to the bug report and add
a comment that will catch our attention like "PROPOSED PATCH"
or something.


cheers, jerry
- -
Alleviating the pain of Windows(tm)  --- http://www.samba.org
GnuPG Key- http://www.plainjoe.org/gpg_public.asc
"If we're adding to the noise, turn off this song"--Switchfoot (2003)
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.2.4 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFBbCcDIR7qMdg1EfYRAr56AKDEjptSAdY0bMsUpgLLTQQmTldSngCfeb2t
Th7SqK36mjeMdmpbGVac/ws=
=aZmF
-END PGP SIGNATURE-
--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] Invalid username/password for ipc$ [nobody]

[bill eight]

Hi,

this is the error I get in the log:

[2004/10/12 12:33:56, 2]
smbd/service.c:make_connection(331)
  Invalid username/password for ipc$ [nobody]
[2004/10/12 12:33:56, 2]
smbd/server.c:exit_server(511)
  Closing connections

now what should I look at?


background:

adding winXP pro clients into network
which previously had win95 clients.

upgraded to samba 2.2.12

added new user to win XP system,
same user, account, passwd as on samba
system (used smbpasswd -a to add)

thanks
b


__
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com 
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Pocket PC

[Gerald (Jerry) Carter]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
[EMAIL PROTECTED] wrote:
| It's a bug with either Samba 3.x or Windows Mobile
| 2003...  When Samba  3.x has SPNEGO enabled (as it does
| by default and for good reason), Windows Mobile 2003 cannot
| connect.  Disabling SPNEGO, while not  recommended, allows
| the device to connect... although my XP machines
| couldn't connect to samba at that point.  6 in
| one, 1/2 dozen the other.
|
| I opened a bug report on it a little while back, but
| it's not even been  looked at by the developers, near as I
| can tell.  Here's the link to my bug report:
|
| https://bugzilla.samba.org/show_bug.cgi?id=1828
We can try to work from traces.  Since none of us have access
to a device with Pocket PC on it.  If you could attack some
raw tcpdump traces to the bug report that would be a start.


cheers, jerry
- -
Alleviating the pain of Windows(tm)  --- http://www.samba.org
GnuPG Key- http://www.plainjoe.org/gpg_public.asc
"If we're adding to the noise, turn off this song"--Switchfoot (2003)
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.2.4 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFBbCBEIR7qMdg1EfYRAt2MAJ4510i01hiewFCVVBKB9d36AvWhTQCeI7tQ
cjF3DqEr/bhEfEZjq3mwVQY=
=Pu6V
-END PGP SIGNATURE-
--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Printer Device Modes

[Gerald (Jerry) Carter]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Ryan Suarez wrote:
| Greetings Admins,
|
| The howto details setting the device mode using a windows client:
|
http://us4.samba.org/samba/docs/man/Samba-HOWTO-Collection/printing.html#id2552900
|
|
| Is there a way to script this process?  We support 260+ printers and
| it's a pain in the ass.  (My wrist is hurting!)
There is actually. You can store default initialization
data for each printer driver and then a printer will
get this information assigned when it is bound to the
driver.
What you do is to set a printer bound to the driver in
quetion to be like you want it and the send a SetPrinterData()
call to set the registry value named "_p_f_a_n_t_0_m_"
(type REG_BINARY) to some arbitrary value.  The value doesn't
really matter.  This tells smbd to save a snapshot of that
printer's data as the default initialization data for that
driver.
Then when you bind a new printer to the same driver, it will
be assigned that get that initialization data.
Hope this helps.


cheers, jerry
- -
Alleviating the pain of Windows(tm)  --- http://www.samba.org
GnuPG Key- http://www.plainjoe.org/gpg_public.asc
"If we're adding to the noise, turn off this song"--Switchfoot (2003)
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.2.4 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFBbBwiIR7qMdg1EfYRArmZAKCJYahGiTqfYh7rWQhYWDWhz0UbfwCgw6tL
jKwwP26YBdixh68qTdCtDg0=
=nhaK
-END PGP SIGNATURE-
--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Small bug with Samba 3.0.7's smbd process (or just a bad compilation)???

[Gerald (Jerry) Carter]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Marcello Melfi wrote:
| Normally, when Samba is started, there should be one
| smbd process and one nmbd process up and running. Then,
| one additional smbd process is started for each share established
| with a client pc. However, this is not the case here. When I
| start Samba 3.0.7, I get two (instead of one) smbd processes
| and one nmbd process. Other then that, everything seems to
| work ok (although I did nor had the time to perform a lot
| of testing...). Is this a new Samba feature or is
| there something wrong here?
New feature.  The second child process is responsible for
updating the lpq cache for various printers.  Although we're
still working out a few issues with it for 3.0.8.



cheers, jerry
- -
Alleviating the pain of Windows(tm)  --- http://www.samba.org
GnuPG Key- http://www.plainjoe.org/gpg_public.asc
"If we're adding to the noise, turn off this song"--Switchfoot (2003)
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.2.4 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFBbBo3IR7qMdg1EfYRApX5AKCgtuCedgZbT06Ndw45S4nHdS67HgCgxloI
/ESjmHe0zMU5NGmiWFbT6co=
=GQJU
-END PGP SIGNATURE-
--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Printer name changed in samba 3.0.7

[Gerald (Jerry) Carter]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Andrew Gaffney wrote:
| Cavanaugh, Mike F wrote:
|
|> We have a strange problem when using samba 3.0.7 where a printer's name
|> is changed to the name of the printer driver. We use samba to share out
|> printers from a fedora core 1 system. On a windows client they initially
|> show up accurately. When adding the windows driver from a windows client
|> for a new shared printer the driver files get transferred just fine.
|> However, the printer name in the Printer and Faxes folder suddenly gets
|> changed to the name of the printer driver just uploaded after clicking
|> the final OK in the windows dialog box. The name can be changed back to
|> its original name and the printer works fine and the properties can be
|> set. This did not happen in previous versions of samba. Would anyone
|> know the cause of this?
|
|
| This isn't just a 3.0.7 thing. I noticed the same thing last night with
| 3.0.6 when adding print drivers to the samba PDC from an XP box.
This is the Windows client renaming the printer.  not Samba.
Just rename it back after uploading the new driver.


cheers, jerry
- -
Alleviating the pain of Windows(tm)  --- http://www.samba.org
GnuPG Key- http://www.plainjoe.org/gpg_public.asc
"If we're adding to the noise, turn off this song"--Switchfoot (2003)
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.2.4 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFBbBlHIR7qMdg1EfYRAhwuAJ9stoN439HBG11OhqBARSMAuN6l+ACg46oa
vZpFwX72cGZBxN8N6U2NxCs=
=zfqr
-END PGP SIGNATURE-
--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Using parameters in lpq command conflicts with background

[Gerald (Jerry) Carter]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Jerry Askew wrote:
| Thank you for the response.  After some further investigation, I
discovered
| that Samba 3.0.3 behaves correctly (i.e. the %U substitution works).
Samba
| 3.0.7 is ignoring the %U substitution.  This would fit in with your
comment
| about jumping to 3.0.6.  Will someone likely be addressing this issue, or
| would it be proper for me to make a propsed fix and submit the diff?
|
| Oh - and my apologies for submitting quoted-printable (i.e. the
wide-screen
| version) on my original post.
We're working on the fix for 3.0.8



cheers, jerry
- -
Alleviating the pain of Windows(tm)  --- http://www.samba.org
GnuPG Key- http://www.plainjoe.org/gpg_public.asc
"If we're adding to the noise, turn off this song"--Switchfoot (2003)
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.2.4 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFBbBhFIR7qMdg1EfYRAgG7AJ955+QNUsnLX7RPbXPEbxPikr/2kQCcDyqu
k1Dto7h+Z8iF2BP/C6uBiSY=
=z9WR
-END PGP SIGNATURE-
--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Performance Issues with GBit LAN

[Holger Krull]

Steffen Timmermann schrieb:
I have 2 PC's connected with 1GBit NIC's. 

When I transfer a file from my File-Server
(Redhat9.0, 256 SD-RAM, 300MHz PII, RTL8169 NIC,
What Chipset? Maybe Intel BX? The at this time common Harddisk Interface 
 can't read faster than about 9MB per second.
If you use a separate PCI Card as Harddisk Interface enable PCI Buffers 
in Bios.

2x Western Digital WD200JB RAID 0) 
to my Windows-PC(AMD Athlon XP 1800+, 
1024 MB DDR-RAM, WINXP PRO, RTL8169 NIC,
2x Western Digital WD080JB RAID 0) with Samba,

i get Speeds around 8-9MB/sec. 
to be expected

--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] Authentication in trusded domain

[Šopík Bronislav]

Hi,

I have two servers, servera (DOMAINA) and serverb (DOMAINB). I have made a trust
between this domain. But I try logon computer from domaina as user for domainb,
the log in serverb wrotes me that a authentication was succeded:

[2004/10/12 17:19:19, 3] rpc_server/srv_netlog_nt.c:_net_sam_logon(620)
  SAM Logon (Network). Domain:[DOMAINB].  User:[EMAIL PROTECTED] Requested
Domain:[DOMAINB]
[2004/10/12 17:19:19, 3] smbd/sec_ctx.c:push_sec_ctx(256)
  push_sec_ctx(65534, 65534) : sec_ctx_stack_ndx = 1
[2004/10/12 17:19:19, 3] smbd/uid.c:push_conn_ctx(365)
  push_conn_ctx(100) : conn_ctx_stack_ndx = 0
[2004/10/12 17:19:19, 3] smbd/sec_ctx.c:set_sec_ctx(288)
  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2004/10/12 17:19:19, 3] smbd/sec_ctx.c:pop_sec_ctx(386)
  pop_sec_ctx (65534, 65534) - sec_ctx_stack_ndx = 0
[2004/10/12 17:19:19, 3] auth/auth.c:check_ntlm_password(219)
  check_ntlm_password:  Checking password for unmapped user
[EMAIL PROTECTED] with the new password interface
[2004/10/12 17:19:19, 3] auth/auth.c:check_ntlm_password(222)
  check_ntlm_password:  mapped user is: [EMAIL PROTECTED]
[2004/10/12 17:19:19, 3] smbd/sec_ctx.c:push_sec_ctx(256)
  push_sec_ctx(65534, 65534) : sec_ctx_stack_ndx = 1
[2004/10/12 17:19:19, 3] smbd/uid.c:push_conn_ctx(365)
  push_conn_ctx(100) : conn_ctx_stack_ndx = 0
[2004/10/12 17:19:19, 3] smbd/sec_ctx.c:set_sec_ctx(288)
  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2004/10/12 17:19:19, 3] smbd/sec_ctx.c:pop_sec_ctx(386)
  pop_sec_ctx (65534, 65534) - sec_ctx_stack_ndx = 0
[2004/10/12 17:19:19, 3] smbd/sec_ctx.c:push_sec_ctx(256)
  push_sec_ctx(65534, 65534) : sec_ctx_stack_ndx = 1
[2004/10/12 17:19:19, 3] smbd/uid.c:push_conn_ctx(365)
  push_conn_ctx(100) : conn_ctx_stack_ndx = 0
[2004/10/12 17:19:19, 3] smbd/sec_ctx.c:set_sec_ctx(288)
  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2004/10/12 17:19:19, 3] smbd/sec_ctx.c:pop_sec_ctx(386)
  pop_sec_ctx (65534, 65534) - sec_ctx_stack_ndx = 0
[2004/10/12 17:19:19, 3] smbd/sec_ctx.c:push_sec_ctx(256)
  push_sec_ctx(65534, 65534) : sec_ctx_stack_ndx = 1
[2004/10/12 17:19:19, 3] smbd/uid.c:push_conn_ctx(365)
  push_conn_ctx(100) : conn_ctx_stack_ndx = 0
[2004/10/12 17:19:19, 3] smbd/sec_ctx.c:set_sec_ctx(288)
  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2004/10/12 17:19:19, 3] smbd/sec_ctx.c:pop_sec_ctx(386)
  pop_sec_ctx (65534, 65534) - sec_ctx_stack_ndx = 0
[2004/10/12 17:19:19, 3] auth/auth.c:check_ntlm_password(268)
  check_ntlm_password: sam authentication for user [bronasek] succeeded
[2004/10/12 17:19:19, 3] smbd/sec_ctx.c:push_sec_ctx(256)
  push_sec_ctx(65534, 65534) : sec_ctx_stack_ndx = 1
[2004/10/12 17:19:19, 3] smbd/uid.c:push_conn_ctx(365)
  push_conn_ctx(100) : conn_ctx_stack_ndx = 0
[2004/10/12 17:19:19, 3] smbd/sec_ctx.c:set_sec_ctx(288)
  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2004/10/12 17:19:19, 3] smbd/sec_ctx.c:pop_sec_ctx(386)
  pop_sec_ctx (65534, 65534) - sec_ctx_stack_ndx = 0
[2004/10/12 17:19:19, 2] auth/auth.c:check_ntlm_password(305)
  check_ntlm_password:  authentication for user [bronasek] -> [bronasek] ->
[bronasek] succeeded
[2004/10/12 17:19:19, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(544)
  free_pipe_context: destroying talloc pool of size 4844
[2004/10/12 17:19:19, 3] smbd/process.c:process_smb(1092)
  Transaction 10 of length 45
[2004/10/12 17:19:19, 3] smbd/process.c:switch_message(887)
  switch message SMBclose (pid 727) conn 0x83d6950
[2004/10/12 17:19:19, 3] smbd/process.c:process_smb(1092)
  Transaction 11 of length 43
[2004/10/12 17:19:19, 3] smbd/process.c:switch_message(887)
  switch message SMBulogoffX (pid 727) conn 0x0
[2004/10/12 17:19:19, 3] smbd/sec_ctx.c:set_sec_ctx(288)
  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2004/10/12 17:19:19, 3] smbd/reply.c:reply_ulogoffX(1255)
  ulogoffX vuid=100
[2004/10/12 17:19:19, 3] smbd/process.c:process_smb(1092)
  Transaction 12 of length 45
[2004/10/12 17:19:19, 3] smbd/process.c:switch_message(887)
  switch message SMBclose (pid 727) conn 0x83d6950
[2004/10/12 17:19:19, 2] smbd/uid.c:change_to_user(219)
  change_to_user: Invalid vuid used 100 in accessing share IPC$.
[2004/10/12 17:19:19, 3] smbd/error.c:error_packet(145)
  error packet at smbd/process.c(941) cmd=4 (SMBclose) eclass=2 ecode=91
[2004/10/12 17:19:19, 3] smbd/process.c:process_smb(1092)
  Transaction 13 of length 39 

 but the servera wrotes me this:

[2004/10/12 17:41:39, 3] rpc_server/srv_pipe.c:api_rpcTNP(1541)
  api_rpcTNP: rpc command: NET_SAMLOGON
[2004/10/12 17:41:39, 3] rpc_server/srv_netlog_nt.c:_net_sam_logon(613)
  SAM Logon (Interactive). Domain:[DOMAINA].  User:[EMAIL PROTECTED] Requested
Domain:[DOMAINB]
[2004/10/12 17:41:39, 3] smbd/sec_ctx.c:push_sec_ctx(256)
  push_sec_ctx(65534, 65534) : sec_ctx_stack_ndx = 1
[2004/10/12 17:41:39, 3] smbd/uid.c:push_conn_ctx(365)
  push_conn_ctx(100) : conn_ctx_stack_ndx = 0
[2004/10/12 17:41:39, 3] smbd/sec_ctx.c:set_sec_ctx(288)
  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[200

[Samba] Performance Issues with GBit LAN

[Steffen Timmermann]

Hi.

I have 2 PC's connected with 1GBit NIC's. When I transfer a file from my 
File-Server(Redhat9.0, 256 SD-RAM, 300MHz PII, RTL8169 NIC, 2x Western Digital WD200JB 
RAID 0) to my Windows-PC(AMD Athlon XP 1800+, 1024 MB DDR-RAM, WINXP PRO, RTL8169 NIC, 
2x Western Digital WD080JB RAID 0) with Samba, i get Speeds around 8-9MB/sec. I think 
this is too low for an GBit Network, so i tested the NIC's with the Tool Iperf 
(http://dast.nlanr.net/Projects/Iperf/) and the throughput with this tool is 300 
Mbit/sec, so I think, i can get 20 MB/sec with Samba. The Bottleneck why its only 300 
Mbit is the "old" File-Server Hardware. I'm using CAT 6 Cables and a 8-Port GBit 
Switch. The Cards are running both at GBit speeds, as the Switch shows. So what's the 
reason for this Performance issues?

Any Help is greatly appreciated.

Greets,

Steffen Timmermann
--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Cannot enable "Enable advanced printing features"

[Gerald (Jerry) Carter]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Manuel Capinha wrote:
| Hi Kent.
|
| I've tried your sugestion and you're right. Using only IPP to talk to
| Cups I can print using N-to-1, so this must be a problem from Samba.
| One of the things I noticed is that when using ipp I now have a lot of
| print processors in the printer properties window. Using samba I only
| see the Raw pre-processor.
|
| I remember reading that the "Enable advanced printer features" option
| was disabled because it was messing up some printers and that, back
| then, the option could be disabled (as oposed to today when it can't
| be enabled..).
|
| Maybe someone from the Samba dev team could shed some more light on this ?
We don't supprt EMF printing since that requires executing
Win32 driver code on the server.  So we force the RAW attribute
for all samba printers.  This is better than lieing and making
you think we support EMF when we really don't.


cheers, jerry
- -
Alleviating the pain of Windows(tm)  --- http://www.samba.org
GnuPG Key- http://www.plainjoe.org/gpg_public.asc
"If we're adding to the noise, turn off this song"--Switchfoot (2003)
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.2.4 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFBbAVgIR7qMdg1EfYRArgRAKDYCfQuG8xccrB8MCOoigmS3eCPFQCg5Av1
lDTpAsoRp/Ktdbxt4ZAj1Io=
=Lhsq
-END PGP SIGNATURE-
--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Samba 3.0.7, WinXP Pro SP2 printing issues with netbiosnames.

[Gerald (Jerry) Carter]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Alex de Vaal wrote:
|
| Hello Erik,
|
| I'm experiencing the same problem as you have with 3.0.7 on
| XP SP1 clients, downgrading to 3.0.4 solves this problem.
|
| Look at the mail I posted here about this:
| http://lists.samba.org/archive/samba/2004-September/092848.html
This issue was fixed by the patches for BUG 1519 and BUG 1907
both of which will be included in v3.0.8pre2.


cheers, jerry
- -
Alleviating the pain of Windows(tm)  --- http://www.samba.org
GnuPG Key- http://www.plainjoe.org/gpg_public.asc
"If we're adding to the noise, turn off this song"--Switchfoot (2003)
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.2.4 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFBa/1YIR7qMdg1EfYRAvsaAJwPBwZZJTHwFRU+54YkATLrNPFEfQCfaHwO
Q3lSj6pJKiLgz+OH4ghSseA=
=Yiy4
-END PGP SIGNATURE-
--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] Samba and OpenLDAP Problem :((

[Soheil Hassas Yeganeh]

Dear All,
When i configured samba to use openldap for passdb backend, no one
could connect to it, (all workstation maked time out.)
But, pdbedit -L  works and prints all the users i've created.So, i
think everything about my ldap is right.
(I've used samba 2.x scheme on my openldap, so I used
ldapsam_compat:ldap://localhost/ for passdb backend.)
when i comment the LDAP lines of my smb.conf it works :)) i don't know
what's bad about it.
I'm using Samba 3.0.7 on fedora core 2. and my smb.conf is :
# Global parameters
[global]
workgroup = CYBERMEHR
server string = arthus
username map = /etc/samba/smbusers
log file = /var/log/samba/%m.log
max log size = 50
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
dns proxy = No
passdb backend = ldapsam_compat:ldap://localhost/
ldap admin dn = cn=Manager,dc=cybermehr,dc=com
ldap group suffix = ou=Group
ldap machine suffix = ou=Hosts
ldap suffix = dc=cybermehr,dc=com
ldap ssl = no
ldap user suffix = ou=People
ldap filter = (&(uid=%u))
[homes]
comment = Home Directories
read only = No
browseable = No

[printers]
comment = All Printers
path = /var/spool/samba
printable = Yes
browseable = No
Does anyone know what can i do to make it work ?
Best Regards
Soheil
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] ADS valid users can't map share

[Greg Adams]

Everything looks fine to me...

net ads info :

# net ads info
LDAP server: 199.42.192.103
LDAP server name: uscosddm001
Realm: EDSADDDM.DDM.APM.BPM.EDS.COM
Bind Path: dc=EDSADDDM,dc=DDM,dc=APM,dc=BPM,dc=EDS,dc=COM
LDAP port: 389
Server time: Tue, 12 Oct 2004 08:22:59 PST
KDC server: 199.42.192.103
Server time offset: 0

wbinfo -u :

# wbinfo -u | grep imguser
EDSADDDM+imguser

smb.conf :

# cat smb.conf
[global]

workgroup = EDSADDDM
realm = EDSADDDM.DDM.APM.BPM.EDS.COM

server string = Maul Test Server

log level = 2

max log size = 100

security = ADS

local master = no

os level = 0

domain master = no

preferred master = no

wins server = 199.42.192.103
dns proxy = no

encrypt passwords = yes

idmap uid = 6-7
idmap gid = 8-9

winbind enum users = yes
winbind enum groups = yes

winbind separator = +

winbind use default domain = no

[space]
comment = Space Partition Share
path = /space
writable = yes
browsable = yes
valid users = "EDSADDDM\imguser"


When I try to map \\maul\space from a Windows XP client, using
EDSADDDM\imguser as the user to map as, the username/password box just
keeps popping up, and I get the following messages in log.smbd :

[2004/10/12 08:25:33, 2] smbd/sesssetup.c:setup_new_vc_session(608)
  setup_new_vc_session: New VC == 0, if NT4.x compatible we would
close all old resources.
[2004/10/12 08:25:33, 2] smbd/sesssetup.c:setup_new_vc_session(608)
  setup_new_vc_session: New VC == 0, if NT4.x compatible we would
close all old resources.
[2004/10/12 08:25:33, 2] auth/auth.c:check_ntlm_password(305)
  check_ntlm_password:  authentication for user [imguser] -> [imguser]
-> [EDSADDDM+imguser] succeeded
[2004/10/12 08:25:33, 2] smbd/service.c:make_connection_snum(314)
  user 'EDSADDDM+imguser' (from session setup) not permitted to access
this share (space)
[2004/10/12 08:25:44, 2] smbd/server.c:exit_server(571)
  Closing connections



Any ideas?
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Retrieving UNIX UID/GID directly through Active Directory

[Gerald (Jerry) Carter]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Tom wrote:
| Hi, there's a bug on bugzilla.samba.org that I'd like to comment on
but it's
| not letting me.
|
| It's bug #242, titled "Retrieving UNIX UID/GID directly through Active
| Directory from schema extension"
|
| The person who posted the request talks about using AD4Unix, but I've
| installed Microsoft's Services for Unix and it made similar schema
changes.
| Specifically, it added uid, gid, shell, and home directory objects,
plus a
| nice new tab called UNIX Attributes to the user properties window of the
| Active Directory Users and Computers MMC.
|
| So for instance, something like this should be an option in smb.conf:
| winbind uid = msSFU30UidNumber
| winbind gid = msSFU30GidNumber (this would denote the users Primary group
| name)
| winbind shell = msSFU30LoginShell
| winbind home = msSFU30HomeDirectory
|
| The people who use AD4Unix could change these variables to whatever it
| creates.
|
| Anyway, it seems like a much more simple way to get the uid's and
gid's to
| be the same across multiple machines than anything I've seen so far.
| This seems like a huge win to include.
or just use nss_ldap with schema mapping enabled and tell
winbindd not to allocate any uids/gids.


cheer,s jerry
- -
Alleviating the pain of Windows(tm)  --- http://www.samba.org
GnuPG Key- http://www.plainjoe.org/gpg_public.asc
"If we're adding to the noise, turn off this song"--Switchfoot (2003)
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.2.4 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFBa/WTIR7qMdg1EfYRAu0sAKCj71ZeEeh1I/NZvA2dd/zvOrfa6wCdEt4O
AfDUQzMC0TMhtpqCvg2DBlc=
=0R42
-END PGP SIGNATURE-
--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] can mount share, cannot join domain

[jason kawaja]

i am not using ldap.  samba 3.0.7 on sparc solaris.  winxp pro client.

[global]

netbios name = bunny
workgroup = ecel
time server = yes
security = user
encrypt passwords = yes
wins support = yes
domain master = yes
local master = yes
os level = 65
domain logons = yes
logon path = \\%L\%u\.win_profile
logon script = logon.bat
logon drive = D:
logon home = \\%L\%u\.win_home
add user script = useradd -d /dev/null -g 100 -s /usr/bin/false %u

[netlogon]

path = /usr/local/samba/lib/netlogon
writable = no
browsable = no

[homes]

comment = Home Directories
browsable = no
writable = yes
valid users = @student @despot
invalid users = @other @sys @adm @uucp @mail @tty @lp @nuucp @staff \
@daemon @sysadmin @bobody @noaccess @nogroup @nofiles @qmail
max connections = 80

drwxrwxr-x2 root other 512 Oct  8 13:21 netlogon/

when attempting to set/join domain from My Computer -> Properties, a
window pops up asking for username password and i enter root along with
the smbpassword for the root (uid=0) account.

then an error box saying "The user name could not be found." is
displayed.

i can mount a share using a non uid=0 samba account to this client.

ideas?

--
Jason Kawaja
http://www.ietf.org/rfc/rfc1855.txt
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Re: [Samba] problem with groups and permissions

[Gerald (Jerry) Carter]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
[EMAIL PROTECTED] wrote:
| Nested groups is not supported in Samba.
nested group support for local groups was introduced
into winbindd for Samba 3.0.3.


cheers, jerry
- -
Alleviating the pain of Windows(tm)  --- http://www.samba.org
GnuPG Key- http://www.plainjoe.org/gpg_public.asc
"If we're adding to the noise, turn off this song"--Switchfoot (2003)
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.2.4 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFBa/NgIR7qMdg1EfYRAtRmAJ4mVgzFHPXUqB60w5rcND2iynjaJgCg2FBM
CziZEFe1hYDAlgjmxizwOUA=
=c6ud
-END PGP SIGNATURE-
--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Re: [Samba] intermittent NT_STATUS_ACCESS_DENIED

[Gerald (Jerry) Carter]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
[EMAIL PROTECTED] wrote:
|
|
|
| Im having an intermittent problem with samba.
| Im running samba 3.0.2a on solaris 8 that i downloaded from
sunfreeware.com
| I have my smb.conf setup to get passwords from my active directory server
| and it usually works fine.
| I ran a net join command like so to originally join the domain:
|
| root#  net join -S WIN2KSERVER -w MYDOMAIN.com -U Administrator
| Password:
|
| Joined domain MYDOMAIN.
|
| It will run for days fine, but all of a sudden at random,
| users cannot connect and I will get the following errors in
| my samba logs:
|

| auth/auth_domain.c:connect_to_domain_password_server(123)
|   connect_to_domain_password_server: unable to setup the NETLOGON
| credentials to machine WIN2KSERVER. Error was : NT_STATUS_ACCESS_DENIED.
Better to run winbindd so Samba can proxy the authentication requests
through that daemon (rather than each smbd connecting to the DC).


cheers, jerry
- -
Alleviating the pain of Windows(tm)  --- http://www.samba.org
GnuPG Key- http://www.plainjoe.org/gpg_public.asc
"If we're adding to the noise, turn off this song"--Switchfoot (2003)
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.2.4 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFBa/KzIR7qMdg1EfYRAq8zAKDl4YoIGTZOupGR+VP7vEUEVqw0/wCgz5Yw
1LXx0Lo6Vt7HDgrxL6IjnMI=
=WSjX
-END PGP SIGNATURE-
--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Memory allocation error: failed to expand to 1108555744 bytes

[Gerald (Jerry) Carter]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Adam Tauno WIlliams wrote:
| I saw the following log entry when connecting to a print share on a
| Samba 3.0.7 box from a Windows 2000 client.
|
| I assume the attempt to allocate 1Gb+ of RAM has got to be wrong?
|
| [2004/09/14 11:07:14, 1] smbd/service.c:make_connection_snum(648)
|   pcladydeath (192.168.1.110) connect to service print$ initially as
| user pcnet (uid=288, gid=230) (pid 18501)[2004/09/14 11:07:17, 0]
| smbd/connection.c:register_message_flags(220)
|   register_message_flags: tdb_fetch failed
| [2004/09/14 11:07:19, 0] lib/util.c:Realloc(856)
|   Memory allocation error: failed to expand to 1108555744 bytes
| [2004/09/14 11:07:19, 0] rpc_parse/parse_prs.c:prs_grow(270)
|   prs_grow: Realloc failure for size 1108555744.
| [2004/09/14 11:07:19, 0]
| rpc_server/srv_spoolss.c:api_spoolss_rfnpcnex(341)
|   spoolss_io_r_rfnpcnex: unable to marshall SPOOL_R_RFNPCNEX.
| [2004/09/14 11:07:19, 0] rpc_server/srv_pipe.c:api_rpcTNP(1563)
|   api_rpcTNP: spoolss: SPOOLSS_RFNPCNEX failed.
That's really strange.  corrupted tdb maybe ?  Never seen it before.
If you can reproduce the failure, let me know.

cheers, jerry
- -
Alleviating the pain of Windows(tm)  --- http://www.samba.org
GnuPG Key- http://www.plainjoe.org/gpg_public.asc
"If we're adding to the noise, turn off this song"--Switchfoot (2003)
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.2.4 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFBa/HAIR7qMdg1EfYRAgNsAKClA+hhchSJXphyJ+1xJsFhPpquogCfT5Le
ITAWbtF1jaiVpLW/RNNl0sQ=
=chEx
-END PGP SIGNATURE-
--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Interdomain trust to Windows 2003 native mode domain ?

[Gerald (Jerry) Carter]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hans B. Randgaard wrote:
| Dear list and Samba Team,
|
| It says in the Samba Howto, that it "should" be possible to
| trust a Windows 2000 domain, but it needs more testing.
|
| Have any of you made this work ?
Yes.  It's part of my daily test network.
| I ask because we implemented our Samba/LDAP-3 domain
| during the week-end and had to rool back since we couldn't
| get the user validation to a trusted Windows 2003 native
| domain to work.
I haven't tested against 2003 but I would imagine it works ok.
Make sure you are using 3.0.7.


cheers, jerry
- -
Alleviating the pain of Windows(tm)  --- http://www.samba.org
GnuPG Key- http://www.plainjoe.org/gpg_public.asc
"If we're adding to the noise, turn off this song"--Switchfoot (2003)
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.2.4 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFBa/FqIR7qMdg1EfYRAhquAJ9YW26139dqJapoZmLlXzhavQ5rJgCfWRhS
OZ3o4x5N4022F0q1b568k/o=
=B3KF
-END PGP SIGNATURE-
--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] Problems with samba shares locking in w2k ADS environment.

[Jim Canfield]

Greetings,

I have a Gentoo Linux machine running samba 3.0.7-r2

It's a member of a win2k ADS domain...all that seems to be working fine.

Problem:

When I share a directory on the Samba machine ADS members can see it,
browse it, and even create directories and small text files.  However,
if I try to drop anything large or binary, it lock up the win2k client
for about 2 minutes then resets.

Could this be a socket issue?  SMB logs for that client don't show
anything odd.

Here is my smb.conf:

[global]
netbios name = TSHTUX
socket options = TCP_NODELAY SO_RCVBUF=16384 SO_SNDBUF=16384
idmap uid = 1-2
winbind enum users = yes
winbind gid = 1-2
workgroup = TSH
os level = 20
winbind enum groups = yes
password server = *
preferred master = no
winbind separator = +
max log size = 50
log file = /var/log/samba3/log.%m
encrypt passwords = yes
dns proxy = no
realm = TSH.MYDOMAIN.COM
security = ADS
wins server = **
wins proxy = no

[public]
   comment = Perl Files
   path = /public/
   read only = no
   writable = yes
--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] Winbind/wbinfo question

[Gibbs, Simon]

Hi,

I¹m testing samba version 3.0.2-6.3E on Redhat ES 3 Taroon update2
Samba is configured with a test share and winbind is authenticating against
Windows Active Directory.
But scanning the output of wbinfo ­u and wbinfo ­g I don¹t seem to be
getting any information for the ³Domain Admins² group or any of the users
belonging to that group ­ although I am for all other users and groups
within the domain.

Can anybody point me in the right direction?

Thanks,

Simon




The information contained in this email message may be confidential. If you are not 
the intended recipient, any use, interference with, disclosure or copying of this 
material is unauthorised and prohibited. Although this message and any attachments are 
believed to be free of viruses, no responsibility is accepted by T&F Informa for any 
loss or damage arising in any way from receipt or use thereof.  Messages to and from 
the company are monitored for operational reasons and in accordance with lawful 
business practices. 
If you have received this message in error, please notify us by return and delete the 
message and any attachments.  Further enquiries/returns can be sent to [EMAIL 
PROTECTED]

--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Re: [Samba] NT4 RAS Dial-in with Samba 3 PDC

[rruegner]

Andrew Bartlett schrieb:
On Tue, 2004-10-12 at 08:33, rruegner wrote:
Andrew Bartlett schrieb:
On Tue, 2004-10-12 at 00:56, Aaron Rosenblum wrote:

Hi,
I am searching for information on how to set up an NT4 RAS server to 
authenticate users against a Samba 3 PDC.  Right now we have 2 domain 
controllers and the plan is to phase them out.  We want to set up samba 
as the PDC, but we need RAS to work for the time being.  Is there a way 
to do this?  

Have you tried this?  Does it fail?  Particularly with the LDAP backend
(or tdbsam) and setting the properties in usrmgr, it should work...
Andrew Bartlett

why not using pptpd as dial in , for me this works very cool
but you need a patched version for auth to smb or ldap

Well, many sites try not to change everything at once :-).
But as we are talking about this, the patches in lorikeet now support
plaintext (not just MSCHAP) authentication to an NT (or Samba or Win2k)
domain.
http://download.samba.org/ftp/unpacked/lorikeet/trunk/pppd/
Andrew Bartlett
Thx Andrew , i will have a look on it
Regards Robert
--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

RE: [Samba] Samba with winbindd AD Group access limit problem

[Freund, Phil]

Thank you. I used the opportunity to upgrade to 3.0.7 and applied the patch. It 
appears to work perfectly. Do you know if this will be in the next distribution?

Phil

-Original Message-
From: Andreas [mailto:[EMAIL PROTECTED]
Sent: Friday, October 08, 2004 2:41 PM
To: [EMAIL PROTECTED]
Cc: [EMAIL PROTECTED]
Subject: Re: [Samba] Samba with winbindd AD Group access limit problem


On Thu, Oct 07, 2004 at 04:22:04PM -0400, [EMAIL PROTECTED] wrote:
> I'm running Samba 3.0.2 on Solaris using winbindd to allow me to security
> tailor access to subdirectories on a Samba share. We assign the
> subdirectories within a Samba share to an Active Directory group name. This
> generally works fine but I am having user access issues from the Win2K / Win
> XP workstations that have mapped the share. The problem seems to be related
> to the number of groups / total length of group names the user is assigned
> to in Active Directory. If there are too many groups (or the aggregate
> length of all group names is too long), the user cannot access the secured
> directories even though they are a member of the group in AD. If I keep
> reducing the number of assigned groups in AD, the user can, at some point,
> gain access to the directories.
> 
> Can someone tell me the following:
> 1. What limitation is causing this problem?
> 2. How to I remove the limitation?

I had this problem. Try this patch (for 3.0.7, I don't know if it applies to 3.0.2):


--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Re: Groupmapping doesn't work

[John H Terpstra]

On Tuesday 12 October 2004 05:05, jamrock wrote:
> I could never get group mapping to work.  After reading Samba 3 by example,
> I realized that I needed to migrate the relevant groups from /etc/group  to
> LDAP.
>
> I have set up a few servers since then and have not had any problems.
>
> I use the migration tools from padl.com to migrate the /etc/group entries
> to LDAP.  I only migrate the ones I need to map to Windows groups. See
> http://www.padl.com/OSS/MigrationTools.html
>
> This is clearly stated in Samba 3 by example but I did not see it in the
> Official Samba 3 How To.

Please provide a documentation patch, or else clearly indicate what needs to 
be updated and your fixes will be applied. Please don't just tell us what to 
fix but rather give us an update that we can add.

Thanks.

- John T.

>
>
> "Tilo Lutz" <[EMAIL PROTECTED]> wrote in message
> news:[EMAIL PROTECTED]
>
> > Hi
> >
> > I got a problem with groupmapping. It doesn't work correct:
> >
> > Wilma2:/home/root # net groupmap list | grep 512
> > Domain Admins (S-1-5-21-3371203057-3264423045-2392767973-512) -> domadm
> >
> > ldapsearch -x cn=domadm:
> > # domadm, groups, wms-hn.de
> > dn: cn=domadm,ou=groups,dc=my-domain
> > objectClass: posixGroup
> > objectClass: sambaGroupMapping
> > cn: domadm
> > gidNumber: 65669
> > memberUid: tilo
> > sambaSID: S-1-5-21-3371203057-3264423045-2392767973-512
> > sambaGroupType: 2
> > displayName: Domain Admins
> > description: Domain Admins
> >
> >
> > The problem is "tilo" doesn't have any administrator rights.
> >
> > Any idea whats wrong? I use samba 3.0.7
> >
> > Cheers Tilo
> >
> > --
> > To unsubscribe from this list go to the following URL and read the
> > instructions:  http://lists.samba.org/mailman/listinfo/samba

-- 
John H Terpstra
Samba-Team Member
Phone: +1 (650) 580-8668

Author:
The Official Samba-3 HOWTO & Reference Guide, ISBN: 0131453556
Samba-3 by Example, ISBN: 0131472216
Hardening Linux, ISBN: 0072254971
OpenLDAP by Example, ISBN: 0131488732
Other books in production.
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] Rogers Network Security - AutoReply

[abuse]

This is an automatic reply to inform you that your Email has been accepted 
by our mail server and is currently queued for review by a Rogers Network
Security representative.  Please note: If you have submitted more then one 
Email complaint within a 48 hour timeframe then you will only receive one
automatic reply to all your complaints.

HAVE YOU SUBMITTED YOUR COMPLAINT CORRECTLY?

To process your complaint we require that you include the VIOLATING IP ADDRESS in the 
Subject line of your email. If you have not done so already, we recommend that you 
resubmit your email with the appropriate IP in the Subject field. This will prevent 
delay in processing your complaint

REQUIRED SUPPORTING INFORMATION (NO ATTACHMENTS):

Reporting SPAM (Unsolicited Commercial/Bulk Email)

Paste the full message header along with the body of the message
received within the context of your complaint in plain text only

Reporting security violations 

Include the relevant log entries in plain text format only. Log
entries should contain a time stamp, source IP address, protocol
(TCP/UDP/ICMP) and any applicable ports involved.

Reporting USENET Violations

Ensure that you include the post in question (no attachments please!) with
the full message header along with a working link to the charter/FAQ of the
discussion group in question. .

This Email address is used for reporting violations of the Rogers End User
Agreement committed by a Rogers Hi Speed Internet customer. 

Abuse originating from outside the Rogers network should be reported to the
appropriate domain administrator from the domain of the offending IP
address.

Due to the volume of Email received by the Rogers Network Security
Department, we are unable to respond to each Email message individually
particularly if a large group of Rogers subscribers have been impacted. 

Please be assured that your concern is being addressed.

For your convenience, we have posted current security-related issues on the
Rogers Customer Support Website. You can check to see if your particular
concern has been addressed by visiting:

http://www.rogershelp.com/help/content/news/internet_security/



-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] Re: Groupmapping doesn't work

[jamrock]

I could never get group mapping to work.  After reading Samba 3 by example,
I realized that I needed to migrate the relevant groups from /etc/group  to
LDAP.

I have set up a few servers since then and have not had any problems.

I use the migration tools from padl.com to migrate the /etc/group entries to
LDAP.  I only migrate the ones I need to map to Windows groups. See
http://www.padl.com/OSS/MigrationTools.html

This is clearly stated in Samba 3 by example but I did not see it in the
Official Samba 3 How To.


"Tilo Lutz" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]
> Hi
>
> I got a problem with groupmapping. It doesn't work correct:
>
> Wilma2:/home/root # net groupmap list | grep 512
> Domain Admins (S-1-5-21-3371203057-3264423045-2392767973-512) -> domadm
>
> ldapsearch -x cn=domadm:
> # domadm, groups, wms-hn.de
> dn: cn=domadm,ou=groups,dc=my-domain
> objectClass: posixGroup
> objectClass: sambaGroupMapping
> cn: domadm
> gidNumber: 65669
> memberUid: tilo
> sambaSID: S-1-5-21-3371203057-3264423045-2392767973-512
> sambaGroupType: 2
> displayName: Domain Admins
> description: Domain Admins
>
>
> The problem is "tilo" doesn't have any administrator rights.
>
> Any idea whats wrong? I use samba 3.0.7
>
> Cheers Tilo
>
> -- 
> To unsubscribe from this list go to the following URL and read the
> instructions:  http://lists.samba.org/mailman/listinfo/samba
>



-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] accented letters in filenames

[Olive Esseret]

I am trying to connect to a samba server (hosted by a
unix platform; for which I have also ftp and telnet
access). I have problems with accents in filenames:

when I issue the command 

 mount -t smbfs -o
'username=oesser,password=,iocharset=iso8859-1,codepage=iso8859-1,uid=oesser,gid=oesser,dmask=700,fmask=700'
//nestor.ulb.ac.be/oesser /mnt/nestor

 all works fine

but if I put 

//nestor.ulb.ac.be/oesser /mnt/nestor smbfs
noauto,username=oesser,password=,iocharset=iso8859-1,codepage=iso8859-1,uid=oesser,gid=oesser,dmask=700,fmask=700
0 0

in /etc/fstab accented letters created when accessing
the count via the preceding command or via telnet or
ftp are replaced by unprintable characters

What I really don't understand is that I have put
exactly the same options in boths case and the result
is not the same.

About my configuration: I am using Mandrake 10.0
official and I attach my /etc/sysconfig/i18n which
reflet my current locale. I am unsure about exactly
what command are called by mount and what are their
versions. Please tell me if more information is needed

Many thanks for your help!

Olive



___
Do you Yahoo!?
Declare Yourself - Register online to vote today!
http://vote.yahoo.com-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Fw: smb_proc_readdir_long error

[Christoph Scheeder]

Hi,
maybe someone would have info on it, if you would provide all necesary 
info's.
We can't read your mind, nor can we look over your shoulder. ;-)

- What exactly are you tring to do,
- what OS-versions/Distributions are involved,
- what is the behavior you see?
Christoph
David Wilson schrieb:
Hi guys,
Sorry to bug you ...
Does nobody have any info on this ?
Kindest regards
David Wilson
D c D a t a 
Tel +27 33 342 7003
Fax +27 33 345 4155
Cell +27 82 4147413
MSN: [EMAIL PROTECTED]
http://www.dcdata.co.za
[EMAIL PROTECTED]
[EMAIL PROTECTED]
KZN's first and only pure Linux solution provider

LinuxBox S.A.: Africa's shell provider.
Powered by Linux and DcData - driven by passion !
http://www.linuxbox.co.za
- Original Message - 
From: David Wilson 
To: [EMAIL PROTECTED] 
Sent: Monday, October 11, 2004 9:31 AM
Subject: Fw: smb_proc_readdir_long error

Hi guys,
Does anyone have any ideas on my questions below ?
Kindest regards
David Wilson
D c D a t a 
Tel +27 33 342 7003
Fax +27 33 345 4155
Cell +27 82 4147413
MSN: [EMAIL PROTECTED]
http://www.dcdata.co.za
[EMAIL PROTECTED]
[EMAIL PROTECTED]
KZN's first and only pure Linux solution provider

LinuxBox S.A.: Africa's shell provider.
Powered by Linux and DcData - driven by passion !
http://www.linuxbox.co.za
- Original Message - 
From: David Wilson 
To: [EMAIL PROTECTED] 
Sent: Thursday, October 07, 2004 11:25 AM
Subject: smb_proc_readdir_long error

Hi guys,
Sorry to bug you with this.
Does anyone have any idea what this error below means ?
Kindest regards
David Wilson
D c D a t a 
Tel +27 33 342 7003
Fax +27 33 345 4155
Cell +27 82 4147413
MSN: [EMAIL PROTECTED]
http://www.dcdata.co.za
[EMAIL PROTECTED]
[EMAIL PROTECTED]
KZN's first and only pure Linux solution provider

LinuxBox S.A.: Africa's shell provider.
Powered by Linux and DcData - driven by passion !
http://www.linuxbox.co.za
- Original Message - 
From: David Wilson 
To: [EMAIL PROTECTED] 
Sent: Wednesday, October 06, 2004 1:15 PM
Subject: smb_proc_readdir_long error

Hi guys/girls,
How are you ?
I'm running "Linux 2.4.22 SMP" with Samba-3.0.4 and pick up the following message in 
my syslog when accessing a mounted NT4 share:
kernel: smb_proc_readdir_long: name=\OLAP Services\Data\GreatPlains\*, result=-13, 
rcls=1, err=5
Any ideas what this is ?
Your assistance is greatly appreciated.
Many thanks.
Kindest regards
David Wilson
D c D a t a 
Tel +27 33 342 7003
Fax +27 33 345 4155
Cell +27 82 4147413
MSN: [EMAIL PROTECTED]
http://www.dcdata.co.za
[EMAIL PROTECTED]
[EMAIL PROTECTED]
KZN's first and only pure Linux solution provider

LinuxBox S.A.: Africa's shell provider.
Powered by Linux and DcData - driven by passion !
http://www.linuxbox.co.za
--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] Fw: smb_proc_readdir_long error

[David Wilson]

Hi guys,

Sorry to bug you ...
Does nobody have any info on this ?

Kindest regards
David Wilson

D c D a t a 
Tel +27 33 342 7003
Fax +27 33 345 4155
Cell +27 82 4147413
MSN: [EMAIL PROTECTED]
http://www.dcdata.co.za
[EMAIL PROTECTED]
[EMAIL PROTECTED]
KZN's first and only pure Linux solution provider

LinuxBox S.A.: Africa's shell provider.
Powered by Linux and DcData - driven by passion !
http://www.linuxbox.co.za
- Original Message - 
From: David Wilson 
To: [EMAIL PROTECTED] 
Sent: Monday, October 11, 2004 9:31 AM
Subject: Fw: smb_proc_readdir_long error


Hi guys,

Does anyone have any ideas on my questions below ?

Kindest regards
David Wilson

D c D a t a 
Tel +27 33 342 7003
Fax +27 33 345 4155
Cell +27 82 4147413
MSN: [EMAIL PROTECTED]
http://www.dcdata.co.za
[EMAIL PROTECTED]
[EMAIL PROTECTED]
KZN's first and only pure Linux solution provider

LinuxBox S.A.: Africa's shell provider.
Powered by Linux and DcData - driven by passion !
http://www.linuxbox.co.za
- Original Message - 
From: David Wilson 
To: [EMAIL PROTECTED] 
Sent: Thursday, October 07, 2004 11:25 AM
Subject: smb_proc_readdir_long error


Hi guys,

Sorry to bug you with this.
Does anyone have any idea what this error below means ?

Kindest regards
David Wilson

D c D a t a 
Tel +27 33 342 7003
Fax +27 33 345 4155
Cell +27 82 4147413
MSN: [EMAIL PROTECTED]
http://www.dcdata.co.za
[EMAIL PROTECTED]
[EMAIL PROTECTED]
KZN's first and only pure Linux solution provider

LinuxBox S.A.: Africa's shell provider.
Powered by Linux and DcData - driven by passion !
http://www.linuxbox.co.za
- Original Message - 
From: David Wilson 
To: [EMAIL PROTECTED] 
Sent: Wednesday, October 06, 2004 1:15 PM
Subject: smb_proc_readdir_long error


Hi guys/girls,

How are you ?
I'm running "Linux 2.4.22 SMP" with Samba-3.0.4 and pick up the following message in 
my syslog when accessing a mounted NT4 share:

kernel: smb_proc_readdir_long: name=\OLAP Services\Data\GreatPlains\*, result=-13, 
rcls=1, err=5

Any ideas what this is ?
Your assistance is greatly appreciated.
Many thanks.


Kindest regards
David Wilson

D c D a t a 
Tel +27 33 342 7003
Fax +27 33 345 4155
Cell +27 82 4147413
MSN: [EMAIL PROTECTED]
http://www.dcdata.co.za
[EMAIL PROTECTED]
[EMAIL PROTECTED]
KZN's first and only pure Linux solution provider

LinuxBox S.A.: Africa's shell provider.
Powered by Linux and DcData - driven by passion !
http://www.linuxbox.co.za
--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Re: [Samba] NT4 RAS Dial-in with Samba 3 PDC

[ds_shadof]

Hello Aaron,

Monday, October 11, 2004, 6:56:10 PM, you wrote:

AR> Hi,

AR> I am searching for information on how to set up an NT4 RAS server to
AR> authenticate users against a Samba 3 PDC.  Right now we have 2 domain
AR> controllers and the plan is to phase them out.  We want to set up samba
AR> as the PDC, but we need RAS to work for the time being.  Is there a way
AR> to do this?  We are going to use the LDAP backend for samba.  Is it
AR> also possible to have our NT4 BDC stay up, as a BDC to our Samba 3 PDC,
AR> for the time being?

AR> thanks!

AR> Aaron

For Dial-in i use mgetty+pppd(2.4.2)+pppd_ldap plugin
if u are goin to use LDAP backend, pppd_ldap plugin it'is your choice
This plugin can be easily adopted to authenticate users against a Samba 3 PDC,
but for now i don't know what this means
sambaMungeDial:bQA6ACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIABkAAkAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAA



-- 
Best regards,
 ds_shadof   [EMAIL PROTECTED]@[EMAIL PROTECTED]

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] Two Questions concerning samba - file access times - two instances on one server

[Laurenz, Dirk]

Hello everybody,

i have two questions concerning samba.

1st Topic - file times
NTFS has three file times for each file,
the create time, the change time and the
access time. The create time will never be
modified, the change time will be changed
every time you save a file, the access time
will be changed every time you access (read)
a file. If i access a file on a samba share,
the access time will be modified correctly,
but if i resave a file, the create time is
also changed although i would expect that only
the change time will be modified. I found some
parameters concerning file times, but none
of them changes the behaviour. I used the following
parameters:
dos filetimes = yes
dos filetime resolution = yes
Has anyone a suggestion, which parameters must be
set, to get the NTFS behaviour? B.t.w., the underlying
filesystem is an ext3 with acl,user_xattr mount options.

2nd Topic - two instances on one server
I have successfully running two instances on one server.
Both are members in an NT4 Domain and every thing works
right, but local username resolution and groupmappings.
Normal startup order is:
- Instance A
- Instance B
Setting some groupmappings works fine for Instance B.
if i restart Instance A but not B, the groupmappings/usermappings 
from Instance A get effective. And thats very bad
If i restart afterwards Instance B, everything is fine.
I guess, this is a winbind issue. The problem is, I think,
the last started winbindd wins...

Here are my conf's (INSTANCE A and B)

INSTANCE A
##
[global]
name resolve order = lmhosts, wins, bcast
private dir = /samba/ages001/conf/private/
idmap gid = 1-4
debug uid = yes
host msdfs = yes
wtmp directory = /samba/ages001/conf/wtmp
lock directory = /samba/ages001/conf/locks/
netbios name = ages001
printing = none
idmap uid = 1-4
workgroup = XX
os level = 20
socket address = 192.168.84.34
security = domain
winbind separator = +
log file = /samba/ages001/conf/log/%m.log
load printers = yes
smb passwd file = /samba/ages001/conf/private/smbpasswd
loglevel = 10
wins server = 193.29.124.81 193.29.122.75
pid directory = /samba/ages001/conf/pids/
interfaces = 192.168.84.34/24
username map = /samba/ages001/conf/private/smbusers
domain master = No
encrypt passwords = yes
template shell = /bin/bash
winbind enum users = yes
password server = SRVA SRVB SRVC
template homedir = /samba/ages001/data/winbindjail
winbind enum groups = yes
preferred master = no
unix charset = UTF-8
utmp directory = /samba/ages001/conf/utmp
winbind cache time = 300
socket options = SO_KEEPALIVE TCP_NODELAY IPTOS_LOWDELAY IPTOS_THROUGHPUT

[dfsroot]
comment = XX
msdfs root  = yes
path= /samba/ages001/data/dfsroot/dfsroot_a
hide files  = /lost+found/
hide dot files = yes
read only   = yes
###

INSTANCE B
###
[global]
private dir = /samba/ages002/conf/private
name resolve order = lmhosts, wins, bcast
idmap gid = 1-2
wtmp directory = /samba/ages002/conf/wtmp
lock directory = /samba/ages002/conf/locks
netbios name = AGES002
writeable = yes
idmap uid = 1-2
workgroup = X
os level = 20
socket address = 192.168.84.35
security = domain
winbind separator = +

log level = 1
log file = /samba/ages002/conf/log/%m.log
smb passwd file = /samba/ages002/conf/private/smbpasswd
load printers = No
map hidden = yes
socket options = SO_SNDBUF=4096 SO_KEEPALIVE TCP_NODELAY IPTOS_LOWDELAY 
IPTOS_THROUGHPUT
pid directory = /samba/ages002/conf/pids
wins server = 193.29.124.81, 193.29.122.75
username map = /samba/ages002/conf/private/smbusers
interfaces = 192.168.84.35/255.255.255.0
domain master = No
encrypt passwords = yes
template shell = /bin/bash
password server = SRVA SRVB SRVC
winbind nested groups = Yes
template homedir = /samba/ages002/data/tmp/winbindjail
preferred master = no
unix charset = UTF8
utmp directory = /samba/ages002/conf/utmp
winbind enum users = no
winbind e