Re: [Samba] Setting up a server
Thanks I think i will try it out. Regards, Gerald On Thursday 14 October 2004 01:51 am, Laurenz, Dirk wrote: Hi, there's a nice project called unattended on sourceforge for installing windows automaticly via linux. http://unattended.sourceforge.net/ Mit freundlichem Gruß, Dirk Laurenz Systems Engineer Fujitsu Siemens Computers Sales Central Europe Deutschland Professional Service Organisation Nord / Ost Hildesheimer Strasse 25 30880 Laatzen Germany Telephone:+49 (511) 84 89 - 18 08 Telefax: +49 (511) 84 89 - 25 18 08 Mobile: +49 (170) 22 10 781 Email:mailto:[EMAIL PROTECTED] Internet: http://www.fujitsu-siemens.com http://www.fujitsu-siemens.de/rl/servicesupport/itdienstleistungen/competen cecenter.html *** -| -Original Message- -| From: -| [EMAIL PROTECTED] -| rg -| [mailto:[EMAIL PROTECTED] -| .samba.org] On Behalf Of Gerald -| Sent: Thursday, October 14, 2004 9:24 AM -| To: [EMAIL PROTECTED] -| Subject: [Samba] Setting up a server -| -| Good day -| -| Please can you help me on this. I want to set up a server -| on this PC using -| the Samba. This is what i want to do. have about 4 other -| computers connect -| to the server. Now i need to install sooftware from this -| server on all the -| other windows computers. So i dont need to keep doing one -| at a time. I also -| want to install Windows on some computers through this -| server. I dont have a -| clue how to start. -| -- -| To unsubscribe from this list go to the following URL and read the -| instructions: http://lists.samba.org/mailman/listinfo/samba -| -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Photoshop Disk Full error, a linux filesystem NOT Samba issue
I just follow the sample net use command in O'Reilly's Using Samba. I tried to execute the command in Windows command prompt and it works, the drive was map I can see it in my windows explorer, any idea? On Thu, 14 Oct 2004 07:53:51 +0200, Laurenz, Dirk [EMAIL PROTECTED] wrote: Hi, do you think /home is right in Win Platform? Put the \\smbnfs\MS Office in like \\smbnfs\MS Office. I think Win98 doesn't like blanks and share names longer than eight characters Mit freundlichem Gruß, Dirk Laurenz Systems Engineer Fujitsu Siemens Computers Sales Central Europe Deutschland Professional Service Organisation Nord / Ost Hildesheimer Strasse 25 30880 Laatzen Germany Telephone: +49 (511) 84 89 - 18 08 Telefax:+49 (511) 84 89 - 25 18 08 Mobile: +49 (170) 22 10 781 Email: mailto:[EMAIL PROTECTED] Internet: http://www.fujitsu-siemens.com http://www.fujitsu-siemens.de/rl/servicesupport/itdienstleistungen/competencecenter.html *** -| -Original Message- -| From: -| [EMAIL PROTECTED] -| rg -| [mailto:[EMAIL PROTECTED] -| .samba.org] On Behalf Of Drexx -| Sent: Thursday, October 14, 2004 7:45 AM -| To: [EMAIL PROTECTED] -| Subject: Re: [Samba] Photoshop Disk Full error,a linux -| filesystem NOT Samba issue -| -| Hi lists -| Just installed RHFC2 with Samba3.0.3-5. my problem is when -| I log on my -| windows98 logon script was run but it did not map my home directory -| and MS Office to my windows98 machine. Logon bat script has -| only this -| net use h: /home -| net use m: \\smbnfs\MS Office -| -| here is the output of my testparm -| -| # Global parameters -| [global] -| workgroup = BMCMNL -| server string = Samba Server log-on domain for -| win95 and win98 -| interfaces = 192.168.101.124/25 -| log file = /var/log/samba/%m.log -| max log size = 50 -| socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 -| printcap name = /etc/printcap -| logon script = logon.bat -| logon path = \\%L\profiles\%U\%m -| logon home = \\%L\%U\.win_profile\%m -| domain logons = Yes -| dns proxy = No -| wins support = Yes -| idmap uid = 16777216-33554431 -| idmap gid = 16777216-33554431 -| hosts allow = 192.168.101., 127. -| -| [homes] -| comment = Home Directories -| read only = No -| browseable = No -| -| [netlogon] -| comment = Network Logon Service -| path = /home/netlogon -| browseable = No -| share modes = No -| -| [profiles] -| path = /home/profiles -| read only = No -| guest ok = Yes -| browseable = No -| root preexec = /bin/mkdir /home/profiles/%U; /bin/chown %U -| /home/profiles/%U; /bin/chmod 700 /home/profiles/%U -| -| [printers] -| comment = All Printers -| path = /var/spool/samba -| printable = Yes -| browseable = No -| -| [MS Office] -| comment = Microsoft Office 97 for all -| path = /mnt/win/Program Files/Microsoft Office/Office -| guest ok = Yes -| -| -| thanks -| drex -| -- -| To unsubscribe from this list go to the following URL and read the -| instructions: http://lists.samba.org/mailman/listinfo/samba -| -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Linux and samba server + Mac OS Clients on LAN
Hi, On my network, I have 30 PCs with Win98/XP/2000. I have a debian linux server with samba 3.0 which act as PDC and it works pretty good. No problem until the management decided to buy some 15 Mac OS computer for graphics purposes. Here, where my problem begins. I need to integrate these 15 MAC pcs in my network where there will be file sharing and user logging. How can I proceed?? I found something at http://netatalk.sourceforge.net . Could someone please help me to sort this problem out Thanks S. -- Shafeek Sumser ___ Do you Yahoo!? Declare Yourself - Register online to vote today! http://vote.yahoo.com -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Linux and samba server + Mac OS Clients on LAN
Hi, i think newer versions of mac os support smb/cifs and nfs. Appletalk is depreciated, i think. It shouldn't be used for new installations from my point of view. Mit freundlichem Gruß, Dirk Laurenz Systems Engineer Fujitsu Siemens Computers Sales Central Europe Deutschland Professional Service Organisation Nord / Ost Hildesheimer Strasse 25 30880 Laatzen Germany Telephone: +49 (511) 84 89 - 18 08 Telefax:+49 (511) 84 89 - 25 18 08 Mobile: +49 (170) 22 10 781 Email: mailto:[EMAIL PROTECTED] Internet: http://www.fujitsu-siemens.com http://www.fujitsu-siemens.de/rl/servicesupport/itdienstleistungen/competencecenter.html *** -| -Original Message- -| From: -| [EMAIL PROTECTED] -| rg -| [mailto:[EMAIL PROTECTED] -| .samba.org] On Behalf Of shaf sum -| Sent: Thursday, October 14, 2004 8:36 AM -| To: [EMAIL PROTECTED] -| Subject: [Samba] Linux and samba server + Mac OS Clients on LAN -| -| Hi, -| -| On my network, I have 30 PCs with Win98/XP/2000. I -| have a debian linux server with samba 3.0 which act as -| PDC and it works pretty good. No problem until the -| management decided to buy some 15 Mac OS computer for -| graphics purposes. -| -| Here, where my problem begins. I need to integrate -| these 15 MAC pcs in my network where there will be -| file sharing and user logging. -| -| How can I proceed?? I found something at -| http://netatalk.sourceforge.net . -| -| Could someone please help me to sort this problem -| out -| -| -| Thanks -| -| -| S. -| -- -| Shafeek Sumser -| -| -| -| -| -| ___ -| Do you Yahoo!? -| Declare Yourself - Register online to vote today! -| http://vote.yahoo.com -| -- -| To unsubscribe from this list go to the following URL and read the -| instructions: http://lists.samba.org/mailman/listinfo/samba -| -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Samba ADS -- works with XP Pro, but not 2000 Pro
I am using Samba with Active Directory. I have successfully joined my Samba server to the domain D1 ( net ads join -U [EMAIL PROTECTED] ). I am able to succesfully connect from Windows XP clients ( with no password ), but not from Windows 2000 ( even when specifying a password ). With w2k, I always get Failed to verify incoming ticket!. I think it has something to do with the key type of the Kerberos tickets ( etype or enctype in krb5.conf ). Does Windows 2000 speak the same Kerberos 5 as Windows XP? Which key types are used by Windows? How do I know which enctype I need, and why doesn't the default enctype setting negotiate something that works? It might also have something to do with trust relationships, since my samba machine is in domain D1.DOMAIN.COM, but my users are in domain D2.DOMAIN.COM. (And my client machine is in D3.DOMAIN.COM). Each of these domains is an active directory tree, with trust relationships between them... But it works with an XP client, so what's different between XP and Windows 2000? Thanks, Gordon Configuration files follow. - # smb.conf: [global] workgroup = D1 realm = D1.DOMAIN.COM security = ADS password server = d1dc02.d1.domain.com log file = /etc/samba/samba.log [t] comment = Test Share path = /tmp read only = No guest ok = Yes browseable = Yes - # krb5.conf: [logging] default = FILE:/var/log/krb5.log [libdefaults] ticket_lifetime = 24000 default_realm = D1.DOMAIN.COM dns_lookup_realm = true dns_lookup_kdc = true # According to http://web.mit.edu/kerberos/www/krb5-1.2/krb5-1.2.8/doc/admin.html#SEC17 # the only supported encryption types are des3-hmac-sha1 and des-cbc-crc. default_tkt_enctypes = des3-hmac-sha1 des-cbc-crc default_tgs_enctypes = des3-hmac-sha1 des-cbc-crc # However, http://lists.samba.org/archive/samba/2004-October/093761.html suggests: # default_tgs_enctypes = des-cbc-crc des-cbc-md5 # default_tkt_enctypes = des-cbc-crc des-cbc-md5 [realms] D1.DOMAIN.COM = { kdc = d1dc01.d1.domain.com } D2.DOMAIN.COM = { kdc = d2dc01.d2.domain.com } -- # from an XP machine in the d2 Domain C:\net use * \\samba07\t Drive Y: is now connected to \\samba07\t . The command completed successfully. - # from an XP machine NOT in the Domain C:\net use * \\samba07\t The password or user name is invalid for \\samba07\t . Enter the user name for 'samba07': d2\username Enter the password for samba07: Drive Z: is now connected to \\samba07\t . The command completed successfully. -- # from a Windows 2000 machine in the d2 Domain: C:\net use * \\samba07\t The password or user name is invalid for \\samba07\t. Type the password for \\samba07\t: System error 1326 has occurred. Logon failure: unknown user name or bad password. C:\net use * \\samba07\t /USER:d2\username The password or user name is invalid for \\samba07\t . Type the password for \\samba07\t : System error 1326 has occurred. Logon failure: unknown user name or bad password. # I get this message in the samba.log: [2004/10/13 17:44:51, 1] smbd/sesssetup.c:reply_spnego_kerberos(173) Failed to verify incoming ticket! # List of relevant packages (These are the latest updates available for RHEL 3) $ rpm -qa | egrep 'krb5|samba' krb5-devel-1.2.7-28 krb5-libs-1.2.7-28 krb5-workstation-1.2.7-28 samba-3.0.7-1.3E samba-client-3.0.7-1.3E samba-common-3.0.7-1.3E -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] cups logs ?
Hi all What do you guys use for analyzing cups logs ? I'm looking for a web based (apache style) log analyses tool regards -ipguy -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] RE: TOSHARG: Samba ADS domain membership notes
On Wed, 2004-10-13 at 23:40, John H Terpstra wrote: Jeremy, Thanks for this feedback. I will include this info as soon as I get a moment. Good work. It also failed when using the ntlm_auth helper (with basic or NTLM authentication). I found out this is because neither wbinfo or ntlm_auth support NTLMv2, and I had this setting in my Security Policy: Network security: LAN Manager authentication level = Send NTLMv2 response only\refuse LM NTLM I configured Squid for NTLMv2 (ntlm_auth --helper-protocol=squid-2.5-ntlmssp) authentication and that worked fine. I could have saved a lot of time had I realized the other tools would never work. It was nothing more than a bug - I'm sorry for the delay in getting it fixed. The changes are in current SVN, which will be 3.0.8. You will need to set 'client ntlmv2 auth = yes'. Andrew Bartlett -- Andrew Bartlett [EMAIL PROTECTED] Authentication Developer, Samba Teamhttp://samba.org Student Network Administrator, Hawker College [EMAIL PROTECTED] signature.asc Description: This is a digitally signed message part -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] AD, smb 3.0.6, ticket: Request is a replay
I have some problems with samba 3.0.6, AD domain in mixed mode, and kerberos MIT 1.3.2: Sometime when a user want to access a chare, he's getting a wrong password message. Looking further in logs, the problem is here: ads_secrets_verify_ticket: enc type [23] failed to decrypt with error Request is a replay The only solution I've found to resolve this issue is to remove all tickets on clients with klist.exe purge and to re-access the share. Has someone found something to resolve this issue ? Emmanuel -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: problem with samba, ldap and windows
Igor Belyi wrote: Different people have different reason for this failure but in your case you need to remember that besides finding Administrator Samba need to find machine trust account as well. If it can't find it the same error message Can't find user is reported back to Windows. Check that machine account was successfully created during joining of the Domain, that flag marks it as a Workstation trust account (W), and that you can see this account with 'getent passwd' request. thanks to your suggestion i realized there weren't, so i managed to make them available thorugh nsswitch and pam files and now all works. the reason i didn't add that entries was because i thought there were to let the linux system use as users, people in LDAP (like Nis do). By reading again all the tutorial i realized it was necessary to let the system sync with the ldap. And a minor note, which probably is unrelated to your problem - don't use '-a' option to smbldap-useradd in your 'add user script' since Samba expects this script to create only Posix account. ok Many thanks Samuele -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba3 By Example - Suggested Update (Correction?) And Two Winbind Defects
Hi, probably your problem was caused by SuSE's .local problem. They patched their glibc to do a multicast DNS lookup (AKA Apple ZeroConf) for all .local domains. A fix is supposed to come soon ( I pushed them to make one :-), but if you have support try to ask for it directly. Unfortunateley I am not allowed to distribute this patch myself. Using IP Addresses only of course also serves as a workaround, but with DNS-rooted domains this is a pain in the ass. Regards, Schlomo PS: Look for previous traffic on this list regarding SuSE 9.1 On Wed, 13 Oct 2004, L. Mark Stone wrote: We were trying to build a SuSE 9.1 box in a lab as a Domain Member server in a Windows Active Directory domain where the AD server was running Windows 2000 Server. We found that the instructions in Chapter 9.3.3 were, at least in our case, incomplete. The AD server was managing a private domain, so following the Windows Configure My Server wizard the domain was setup as smelug.local. When we attempted to have the Linux box (running SuSE 9.1 (fully patched) with the Samba 3.0.7 rpm packages from the SuSE ftp site) join the domain, we got an error indicating the Linux box could not find the Kerberos server. After Googling, we saw that others experiencing this problem had as the root cause either a DNS configuration problem or a misconfigured realm in krb5.conf. We checked DNS on the W2K server and on the Linux box, added entries in the Linux and Windows hosts files, and then watched the packets go back and forth with Ethereal between the Windows 2K AD server and the SuSE box, but we still got the error. The two boxes were clearly exchanging packets, so we felt pretty good that we didn't have any DNS configuration errors. Next, we undid all of the above changes, and simply edited the krb5.conf file to include the realm information and the IP:port info for the AD server. The join was successful now. May I therefore suggest that configuring the krb5.conf file be added to Chapter 9.3.3 in S3BE? Separately, we found two winbind errors during testing: First, we found that winbind does not shut down cleanly during a reboot (we used the SuSE runlevel editor in YaST to have smb, nmb and winbind startup automagically during boot up). Winbind leaves /var/run/samba/winbindd.pid in place, which we must remove manually before we can start winbind. Second, even after starting/stopping/restarting winbind manually, wbinfo -u (and -g) do not work at first. We found we needed to run net ads info first, and then wbinfo -whatever would work just fine. Please let me know if you would like me to file bugzilla reports on these errors, or if you would like more detail. We are not programmers so we don't know how to narrow this down further. With best regards, Mark P.S. The lab machines are VMware 4.5.2 guests, running on a SuSE Linux 8.2 host. We can make the virtual machine files available to you if you would like to run these machines locally for testing (assuming you have VMware and a Windows 2000 Server license). -- Regards, Schlomo -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Samba as PDC - Can't get user profiles to save properly
Greetings, I'm running desperate on a problem with my windows user profiles here, searched the net and read the docus alot but still no luck. I've got an running Samba domain, an existing windows 2000 machine can log into the domain properly. Furthermore, a test account is made aswell, and the 2k machine is able to log in with that account. Now, my problem is: When I try to change windows settings (like switch active desktop to on) or delete/rename icons from my desktop, log out and in again, all changes are undone like they've been not saved on the server. But if I create new icons on the desktop and relog, those are still there. Additionally, when I right-click in some folder and choose New- there's only Folder and Link to choose where you would expect things like new text file etc. Now, when I log in locally on the client as admin and add an domain-user with the same name as my test user on the server, log out and back in on the domain again, then it's possible to delete/rename icons on the desktop, settings like active desktop can't be changed at all still though. Access permissions on the home-folder of the user seem fine, I've even tried mask 0777 just to see if it would work. Sorry for the long story, but maybe somebody is able to recognize the problem. I'm really running out of ideas what to try next... Thanks alot Felix -- Append: My original smb.conf # Global parameters [global] # Base Options workgroup = SAMBA netbios name = PDC server string = Samba %v (PDC) @ biomax.de interfaces = eth0 # Security Options security = user #encypted passwords = yes update encrypted = Yes passdb backend = smbpasswd unix password sync = yes passwd program = /usr/bin/passwd %u passwd chat = *new*password* %n\n *new*password* %n\n *successfully* allow trusted domains = yes # password server = ALBERICH password server = PDC # Logging Options log level = 2 log file = /var/log.%m # Tuning Options deadtime = 15 # Logon Options add machine script = /usr/sbin/useradd -d /dev/null -g ntclient -s /bin/false -M %u logon script = logon.bat logon path = \\%L\profile\%u logon home = \\%N\%U logon drive = Z: domain logons = Yes # Browse Options os level = 65 preferred master = Yes domain master = Yes # Ldap Options ldap ssl = no # Misc panic action = /usr/share/samba/panic-action %d admin users = root printing = cups browseable = No [homes] comment = Benutzer-Verzeichnisse path = /samba/profile/%u read only = No browseable = Yes [netlogon] comment = NetLogON path = /samba/netlogon [profile] comment = Benutzerprofile path = /samba/profile read only = No [public] comment = Oeffentlicher Ordner path = /samba/public read only = No guest ok = Yes browseable = Yes -- -- ** Felix Knoblach Biomax Informatics AG Lochhamer Str. 11 82152 Martinsried, Germany Email: [EMAIL PROTECTED] PGP: https://ssl.biomax.de/pgp/ ** -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Ex-PDC always loosing sync with new samba PDC
On Thu, 2004-10-14 at 07:30, Gustavo Lima wrote: Hi All, Ive migrated my Win NT4 PDC to a samba 3.0.7 with ldap backend. In all the 22 citys I made this, the old PDC just let me connect on it if I go on srvmgr and ask it to syncronize wiht the PDC. After that I can open its shares normally. After a while the Win BDC starts again asking for username and password. Note that Im using the same SID of the NT server on the Samba server. After you migrate to Samba, you *must* disconnect the NT4 PDC/BDC, and not use them on the network again. They will conflict, and Samba has no way to maintain a correct link with them. Andrew Bartlett -- Andrew Bartlett [EMAIL PROTECTED] Authentication Developer, Samba Teamhttp://samba.org Student Network Administrator, Hawker College [EMAIL PROTECTED] signature.asc Description: This is a digitally signed message part -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Looking for large-ish deployment advice
On Thu, 2004-10-14 at 03:00, Quentin Hartman wrote: Trying to understand this a bit better before I comment... Thanks for taking the time. First, won't roving users be disappointed if you have separate home directories in each building? Won't they expect that a document on which they worked in one building be available when they go to the next building? That's part of the core mechanic that I am trying to work out. When a user logs on, the logon script figures out what their home building is and connects their home directory appropriately. In the case of logging in at their home building, it connects to their local server, in the case of logging in at another building, it connects to the appropriate server in another building. Using separate domains, this is easy, and somewhat the natural behavior. I would like to use a single domain to keep management overhead lower if possible. It's the figuring out part that I have to work out yet. When you create the user in LDAP, set their sambaHomePath to the server you want to put their profile on. That's all! Second, are you contemplating using roaming profiles, and if so, are these profiles likely to be large? E.g., users store big files on their Desktop, and/or have 200MB Outlook pst files, etc I am contemplating roaming profiles, though they are unlikely to be large in most cases. To answer your examples specifically, as far as I know most users are not in the habit of saving files on their desktops, and we do not use Outlook. If you are looking to save admin costs on the profiles, you could do as I have at Hawker, and have just one single mandatory profile. I use that profile everywhere, and set the logon path to \\%L\manprof\manprof (which maps to the local server) Lastly, if I read your post correctly you have T-1 speeds between buildings. That's a pretty fat pipe to fill, so why do you say the building-to-building networks links are slow? I suppose I left out an important point in my first post in that this network has about 3000 users and just over 1000 computers on it. Many of which who are working medium to large sized files stored in their home directories. Between that and the large volume of Internet traffic, my WAN links are pegged all day under the current setup, wherein there is a cluster of NT4 servers all centrally located and all user data has to traverse those links. During peak usage times, it can be painfully slow. That's a nice big network :-) Another list member suggested using individual logon scripts, and as far as I can tell at this point, that is the only solution that will work. If that's the case, I then need to decide what's harder to manage, 10 seperate domains, or 3000+ individual logon scripts, where I have a very high rate of user churn. Since this is for a public school district, I'm nearly constantly creating and destroying accounts as students enroll and depart. Well, either way you script it, but I see no need for multiple logon scripts. Andrew Bartlett -- Andrew Bartlett [EMAIL PROTECTED] Authentication Developer, Samba Teamhttp://samba.org Student Network Administrator, Hawker College [EMAIL PROTECTED] signature.asc Description: This is a digitally signed message part -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] time server directive and synchronizing Win XP clients
On Wed, 2004-10-13 at 21:39, Gmes Gza wrote: Jonathan Salomon rta: To set the timeserver on the XP machines we use the domain policy, with an adm file (attached) made by Andrew Bartlett. Glad to see my ADM files are still doing the rounds :-) Andrew Bartlett -- Andrew Bartlett [EMAIL PROTECTED] Authentication Developer, Samba Teamhttp://samba.org Student Network Administrator, Hawker College [EMAIL PROTECTED] signature.asc Description: This is a digitally signed message part -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Samba 3.0.7 / AD Domain Group Resolving
Hello List, currently we have Samba 3.0.7 running on SLES8 systems with AD integration. We´re using the SerNet RPM´s (ftp.sernet.de) Everything works fine so far, we just have a problem with resolving domain groups. wbinfo -g works fine, the domain groups are correctly resolved. But when inserting a valid users = @AD_DOMAIN_GROUP statement in the smb.conf we get the following error: smbd/service.c:make_connection_snum(314) user 'DOMAIN\User.Name' (from session setup) not permitted to access this share (sharename) Inserting the user with his normal accountname does work (e.g. valid users = DOMAIN\User.Name) We do have a lot of AD Groups, some users are member of more than 200 groups (and no, we cannot fix that, reducing the number of groups is unfortunately not an option). I did find several post in the list archives on this topic, but no practical solution yet. Is there a solution? Are more details necessary? One more thing: we also have the problem that once in a while winbind dies when executing wbinfo -g or -u. I don´t know, if this is somehow connected. Anyone any ideas? I´m a bit lost here... Greetings Andreas Grzeski Systems Engineer/RHCE Stadtwerke München GmbH -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Samba 3.0.7 / AD Domain Group Resolving
Hi, I think that you are fomatting the valid users directive incorrectly. Try valid users = DOMAIN+Group_name (I use + as my winbind separator, substitute for whatever you have chosen) No @ sign necessary It works fine for me like that. Thanks, Mark -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: 14 October 2004 12:38 PM To: [EMAIL PROTECTED] Subject: [Samba] Samba 3.0.7 / AD Domain Group Resolving Hello List, currently we have Samba 3.0.7 running on SLES8 systems with AD integration. We´re using the SerNet RPM´s (ftp.sernet.de) Everything works fine so far, we just have a problem with resolving domain groups. wbinfo -g works fine, the domain groups are correctly resolved. But when inserting a valid users = @AD_DOMAIN_GROUP statement in the smb.conf we get the following error: smbd/service.c:make_connection_snum(314) user 'DOMAIN\User.Name' (from session setup) not permitted to access this share (sharename) Inserting the user with his normal accountname does work (e.g. valid users = DOMAIN\User.Name) We do have a lot of AD Groups, some users are member of more than 200 groups (and no, we cannot fix that, reducing the number of groups is unfortunately not an option). I did find several post in the list archives on this topic, but no practical solution yet. Is there a solution? Are more details necessary? One more thing: we also have the problem that once in a while winbind dies when executing wbinfo -g or -u. I don´t know, if this is somehow connected. Anyone any ideas? I´m a bit lost here... Greetings Andreas Grzeski Systems Engineer/RHCE Stadtwerke München GmbH -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Linux and samba server + Mac OS Clients on LAN
Thanks. The Mac OS version that we are buying is 8.x and 9.x. For these version, i am not so sure that smb/cifs NFS are supported. Hi, i think newer versions of mac os support smb/cifs and nfs. Appletalk is depreciated, i think. It shouldn't be used for new installations from my point of view. Mit freundlichem Gruß, Dirk Laurenz Systems Engineer Fujitsu Siemens Computers Sales Central Europe Deutschland Professional Service Organisation Nord / Ost Hildesheimer Strasse 25 30880 Laatzen Germany Telephone:+49 (511) 84 89 - 18 08 Telefax: +49 (511) 84 89 - 25 18 08 Mobile: +49 (170) 22 10 781 Email:mailto:[EMAIL PROTECTED] Internet: http://www.fujitsu-siemens.com http://www.fujitsu-siemens.de/rl/servicesupport/itdienstleistungen/competencecenter.html *** -| -Original Message- -| From: -| [EMAIL PROTECTED] -| rg -| [mailto:[EMAIL PROTECTED] -| .samba.org] On Behalf Of shaf sum -| Sent: Thursday, October 14, 2004 8:36 AM -| To: [EMAIL PROTECTED] -| Subject: [Samba] Linux and samba server + Mac OS Clients on LAN -| -| Hi, -| -| On my network, I have 30 PCs with Win98/XP/2000. I -| have a debian linux server with samba 3.0 which act as -| PDC and it works pretty good. No problem until the -| management decided to buy some 15 Mac OS computer for -| graphics purposes. -| -| Here, where my problem begins. I need to integrate -| these 15 MAC pcs in my network where there will be -| file sharing and user logging. -| -| How can I proceed?? I found something at -| http://netatalk.sourceforge.net . -| -| Could someone please help me to sort this problem -| out -| -| -| Thanks -| -| -| S. -| -- -| Shafeek Sumser -| -| -| -| -| -| ___ -| Do you Yahoo!? -| Declare Yourself - Register online to vote today! -| http://vote.yahoo.com -| -- -| To unsubscribe from this list go to the following URL and read the -| instructions: http://lists.samba.org/mailman/listinfo/samba -| __ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba ADS -- works with XP Pro, but not 2000 Pro
Hi, AFAIR, this is a known problem with w2k clients. You have to upgrade your kerberos to something 1.3 preferably to the latest available version. Christoph Gordon Hopper schrieb: I am using Samba with Active Directory. I have successfully joined my Samba server to the domain D1 ( net ads join -U [EMAIL PROTECTED] ). I am able to succesfully connect from Windows XP clients ( with no password ), but not from Windows 2000 ( even when specifying a password ). With w2k, I always get Failed to verify incoming ticket!. I think it has something to do with the key type of the Kerberos tickets ( etype or enctype in krb5.conf ). Does Windows 2000 speak the same Kerberos 5 as Windows XP? Which key types are used by Windows? How do I know which enctype I need, and why doesn't the default enctype setting negotiate something that works? It might also have something to do with trust relationships, since my samba machine is in domain D1.DOMAIN.COM, but my users are in domain D2.DOMAIN.COM. (And my client machine is in D3.DOMAIN.COM). Each of these domains is an active directory tree, with trust relationships between them... But it works with an XP client, so what's different between XP and Windows 2000? Thanks, Gordon Configuration files follow. - # smb.conf: [global] workgroup = D1 realm = D1.DOMAIN.COM security = ADS password server = d1dc02.d1.domain.com log file = /etc/samba/samba.log [t] comment = Test Share path = /tmp read only = No guest ok = Yes browseable = Yes - # krb5.conf: [logging] default = FILE:/var/log/krb5.log [libdefaults] ticket_lifetime = 24000 default_realm = D1.DOMAIN.COM dns_lookup_realm = true dns_lookup_kdc = true # According to http://web.mit.edu/kerberos/www/krb5-1.2/krb5-1.2.8/doc/admin.html#SEC17 # the only supported encryption types are des3-hmac-sha1 and des-cbc-crc. default_tkt_enctypes = des3-hmac-sha1 des-cbc-crc default_tgs_enctypes = des3-hmac-sha1 des-cbc-crc # However, http://lists.samba.org/archive/samba/2004-October/093761.html suggests: # default_tgs_enctypes = des-cbc-crc des-cbc-md5 # default_tkt_enctypes = des-cbc-crc des-cbc-md5 [realms] D1.DOMAIN.COM = { kdc = d1dc01.d1.domain.com } D2.DOMAIN.COM = { kdc = d2dc01.d2.domain.com } -- # from an XP machine in the d2 Domain C:\net use * \\samba07\t Drive Y: is now connected to \\samba07\t . The command completed successfully. - # from an XP machine NOT in the Domain C:\net use * \\samba07\t The password or user name is invalid for \\samba07\t . Enter the user name for 'samba07': d2\username Enter the password for samba07: Drive Z: is now connected to \\samba07\t . The command completed successfully. -- # from a Windows 2000 machine in the d2 Domain: C:\net use * \\samba07\t The password or user name is invalid for \\samba07\t. Type the password for \\samba07\t: System error 1326 has occurred. Logon failure: unknown user name or bad password. C:\net use * \\samba07\t /USER:d2\username The password or user name is invalid for \\samba07\t . Type the password for \\samba07\t : System error 1326 has occurred. Logon failure: unknown user name or bad password. # I get this message in the samba.log: [2004/10/13 17:44:51, 1] smbd/sesssetup.c:reply_spnego_kerberos(173) Failed to verify incoming ticket! # List of relevant packages (These are the latest updates available for RHEL 3) $ rpm -qa | egrep 'krb5|samba' krb5-devel-1.2.7-28 krb5-libs-1.2.7-28 krb5-workstation-1.2.7-28 samba-3.0.7-1.3E samba-client-3.0.7-1.3E samba-common-3.0.7-1.3E -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Problem adding users to the PDC
I have problem adding users after I set up a goupmap. Before there was no problem. net groupmap ntgroup=Users unixgroup=users Users (S-1-5-32-545) - users useradd pesho -g users pdbedit -a pesho new password: retype new password: tdb_update_sam: Failing to store a SAM_ACCOUNT for [pesho] without a primary group RID Unable to add user! (does it already exist?) pesho of cource doesn´t exist pdbedit -L | grep pesho returns nothing. I´m using two passwd backends: passdb backend = tdbsam:/etc/samba/passdb.tdb \ smbpasswd:/etc/samba/smbpasswd In this case I´m trying to add pesho to tdbsam, when I remove it and only smbpasswd was in the smb.conf I was able to add it sucessfully. I´m using samba 3.0.7-2.FC1. Can somebody tell me what have I done wrong? -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Samba 3.0.7 / AD Domain Group Resolving
Hi Mark, that did not resolve the problem for me. Removing the @ sign produced the same error message (see below)... Greetings Andreas -Ursprüngliche Nachricht- Von: Mark Le Noury [mailto:[EMAIL PROTECTED] Gesendet: Donnerstag, 14. Oktober 2004 12:43 An: [EMAIL PROTECTED] Betreff: RE: [Samba] Samba 3.0.7 / AD Domain Group Resolving Hi, I think that you are fomatting the valid users directive incorrectly. Try valid users = DOMAIN+Group_name (I use + as my winbind separator, substitute for whatever you have chosen) No @ sign necessary It works fine for me like that. Thanks, Mark -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: 14 October 2004 12:38 PM To: [EMAIL PROTECTED] Subject: [Samba] Samba 3.0.7 / AD Domain Group Resolving Hello List, currently we have Samba 3.0.7 running on SLES8 systems with AD integration. We´re using the SerNet RPM´s (ftp.sernet.de) Everything works fine so far, we just have a problem with resolving domain groups. wbinfo -g works fine, the domain groups are correctly resolved. But when inserting a valid users = @AD_DOMAIN_GROUP statement in the smb.conf we get the following error: smbd/service.c:make_connection_snum(314) user 'DOMAIN\User.Name' (from session setup) not permitted to access this share (sharename) Inserting the user with his normal accountname does work (e.g. valid users = DOMAIN\User.Name) We do have a lot of AD Groups, some users are member of more than 200 groups (and no, we cannot fix that, reducing the number of groups is unfortunately not an option). I did find several post in the list archives on this topic, but no practical solution yet. Is there a solution? Are more details necessary? One more thing: we also have the problem that once in a while winbind dies when executing wbinfo -g or -u. I don´t know, if this is somehow connected. Anyone any ideas? I´m a bit lost here... Greetings Andreas Grzeski Systems Engineer/RHCE Stadtwerke München GmbH -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Ex-PDC always loosing sync with new samba PDC
Thanks for your answer Andrew, Unfortunelly I cant take these NT out from the network now. I will have to find a way to handle them. Another question. Im having problems with Win 2k Server with SQL 2k. The 2k cant see the users names from the 22 trusts I have, but only the SIDs. In other way the local account s works fine. Is there any solution to this problem? Thanks, Gustavo - Original Message - From: Andrew Bartlett [EMAIL PROTECTED] To: Gustavo Lima [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Sent: Thursday, October 14, 2004 7:13 AM Subject: Re: [Samba] Ex-PDC always loosing sync with new samba PDC -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] can mount share, cannot join domain
On Tue, 12 Oct 2004, jason kawaja wrote: i am not using ldap. samba 3.0.7 on sparc solaris. winxp pro client. [global] netbios name = bunny workgroup = ecel time server = yes security = user encrypt passwords = yes wins support = yes domain master = yes local master = yes os level = 65 domain logons = yes logon path = \\%L\%u\.win_profile logon script = logon.bat logon drive = D: logon home = \\%L\%u\.win_home add user script = useradd -d /dev/null -g 100 -s /usr/bin/false %u [netlogon] path = /usr/local/samba/lib/netlogon writable = no browsable = no [homes] comment = Home Directories browsable = no writable = yes valid users = @student @despot invalid users = @other @sys @adm @uucp @mail @tty @lp @nuucp @staff \ @daemon @sysadmin @bobody @noaccess @nogroup @nofiles @qmail max connections = 80 drwxrwxr-x2 root other 512 Oct 8 13:21 netlogon/ when attempting to set/join domain from My Computer - Properties, a window pops up asking for username password and i enter root along with the smbpassword for the root (uid=0) account. then an error box saying The user name could not be found. is displayed. i can mount a share using a non uid=0 samba account to this client. ideas? how about a nudge in the right direction? -- Jason Kawaja http://www.ietf.org/rfc/rfc1855.txt -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Samba 3.0.7 / AD Domain Group Resolving
Could you post the share definition from your smb.conf file? -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: 14 October 2004 02:10 PM To: [EMAIL PROTECTED] Subject: RE: [Samba] Samba 3.0.7 / AD Domain Group Resolving Hi Mark, that did not resolve the problem for me. Removing the @ sign produced the same error message (see below)... Greetings Andreas -Ursprüngliche Nachricht- Von: Mark Le Noury [mailto:[EMAIL PROTECTED] Gesendet: Donnerstag, 14. Oktober 2004 12:43 An: [EMAIL PROTECTED] Betreff: RE: [Samba] Samba 3.0.7 / AD Domain Group Resolving Hi, I think that you are fomatting the valid users directive incorrectly. Try valid users = DOMAIN+Group_name (I use + as my winbind separator, substitute for whatever you have chosen) No @ sign necessary It works fine for me like that. Thanks, Mark -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: 14 October 2004 12:38 PM To: [EMAIL PROTECTED] Subject: [Samba] Samba 3.0.7 / AD Domain Group Resolving Hello List, currently we have Samba 3.0.7 running on SLES8 systems with AD integration. We´re using the SerNet RPM´s (ftp.sernet.de) Everything works fine so far, we just have a problem with resolving domain groups. wbinfo -g works fine, the domain groups are correctly resolved. But when inserting a valid users = @AD_DOMAIN_GROUP statement in the smb.conf we get the following error: smbd/service.c:make_connection_snum(314) user 'DOMAIN\User.Name' (from session setup) not permitted to access this share (sharename) Inserting the user with his normal accountname does work (e.g. valid users = DOMAIN\User.Name) We do have a lot of AD Groups, some users are member of more than 200 groups (and no, we cannot fix that, reducing the number of groups is unfortunately not an option). I did find several post in the list archives on this topic, but no practical solution yet. Is there a solution? Are more details necessary? One more thing: we also have the problem that once in a while winbind dies when executing wbinfo -g or -u. I don´t know, if this is somehow connected. Anyone any ideas? I´m a bit lost here... Greetings Andreas Grzeski Systems Engineer/RHCE Stadtwerke München GmbH -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] smbfs mount issues
Culver, Chuck wrote: I am having a similar problem on a Domain. The problem only seems to be when mounting a share located on a Windows 2003 server. My problem is this: I run the mount command. It completes without error. However, the mount path disappears. In your example, /path/to/mount/dir would be mounted, but the dir would disappear from view. If I open a terminal, SU, and then ls -la /path/to/mount It will not show anything at all. If I run unmount the share, the folder reappears. This used to work on an older version of Samba.. like 2.28 or early 3. Now I am running 3.0.7-2 on Mandrake 10.1. The stranger part is, I can preview the contents with SMB4K or LAN:// but once it is mounted -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Jason Pirok Sent: Wednesday, October 13, 2004 2:03 PM To: [EMAIL PROTECTED] Subject: [Samba] smbfs mount issues This problem began a couple months ago with my new install of (you guessed it) XP sp2. Now, when i mount a share from the xp machine to my debian box, everyone, including rot, gets a permission denied trying to ls the dir. I've read posts about switching to cifs, but that has opened a whole new can of worms. I'd just like to see smbfs mount my shares properly the way they used to. My version of samba is 3.0.7-1 according to dpkg on debian unstable. the mount command is mount -t smbfs -o credentials=cred.file,netbiosname=intruder,workgroup=workgroup,ip=111.11 1.111.111 //host/share /path/to/mount/dir I've done lots of look ups on google regarding many combinations of xp smbfs and the problems encountered to no avail. I'm at wits end and don't know what else to do. Sincerely, Jason This might be coused by buggy kernel, I had sa similar problem with kernel 2.6.1-... which come with Fedora Core2 test1. When I upgrade the kernel it was OK. What kernel are you using -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] can mount share, cannot join domain
jason kawaja wrote: On Tue, 12 Oct 2004, jason kawaja wrote: i am not using ldap. samba 3.0.7 on sparc solaris. winxp pro client. [global] netbios name = bunny workgroup = ecel time server = yes security = user encrypt passwords = yes wins support = yes domain master = yes local master = yes os level = 65 domain logons = yes logon path = \\%L\%u\.win_profile logon script = logon.bat logon drive = D: logon home = \\%L\%u\.win_home add user script = useradd -d /dev/null -g 100 -s /usr/bin/false %u [netlogon] path = /usr/local/samba/lib/netlogon writable = no browsable = no [homes] comment = Home Directories browsable = no writable = yes valid users = @student @despot invalid users = @other @sys @adm @uucp @mail @tty @lp @nuucp @staff \ @daemon @sysadmin @bobody @noaccess @nogroup @nofiles @qmail max connections = 80 drwxrwxr-x2 root other 512 Oct 8 13:21 netlogon/ when attempting to set/join domain from My Computer - Properties, a window pops up asking for username password and i enter root along with the smbpassword for the root (uid=0) account. then an error box saying The user name could not be found. is displayed. i can mount a share using a non uid=0 samba account to this client. ideas? how about a nudge in the right direction? -- Jason Kawaja http://www.ietf.org/rfc/rfc1855.txt Maybe you forgot to add root in samba like smbpasswd -a root -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] AD
Hi, does anyone know if there is a chance to use samba + openldap and Heimdal all together...? Until know it samba seems to be only able to join as a member server... Kelly -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Samba 3.0.7 / AD Domain Group Resolving
Hi Mark, this is the Share definition from our smb.conf: [install] writeable = yes path = /Path/to/directory write list = DOMAIN\Domain_Group valid users = DOMAIN\Domain_Group The configuration is pretty straightforward... Here is the Rest of our smb.conf: [global] workgroup = DOMAIN realm = DOMAIN.DE security = ADS netbios name = servername server string = Installserver domain master = no domain logons = no wins support = no wins server = ip.of.wins.server password server = server1 server2 server3 idmap gid = 1-4 idmap uid = 1-4 winbind enum users = yes winbind enum groups = yes os level = 20 interfaces = 127.0.0.1 eth0 encrypt passwords = yes utmp = yes passdb backend = tdbsam:/etc/samba/passdb.tdb smbpasswd:/etc/samba/smbpasswd preferred master = no unix charset = LOCALE bind interfaces only = true template homedir = /home/%D/%U template shell = /bin/bash client use spnego = yes local master = no I hope that helps... Greetings Andreas -Ursprüngliche Nachricht- Von: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Im Auftrag von Mark Le Noury Gesendet: Donnerstag, 14. Oktober 2004 14:31 An: [EMAIL PROTECTED] Betreff: RE: [Samba] Samba 3.0.7 / AD Domain Group Resolving Could you post the share definition from your smb.conf file? -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: 14 October 2004 02:10 PM To: [EMAIL PROTECTED] Subject: RE: [Samba] Samba 3.0.7 / AD Domain Group Resolving Hi Mark, that did not resolve the problem for me. Removing the @ sign produced the same error message (see below)... Greetings Andreas -Ursprüngliche Nachricht- Von: Mark Le Noury [mailto:[EMAIL PROTECTED] Gesendet: Donnerstag, 14. Oktober 2004 12:43 An: [EMAIL PROTECTED] Betreff: RE: [Samba] Samba 3.0.7 / AD Domain Group Resolving Hi, I think that you are fomatting the valid users directive incorrectly. Try valid users = DOMAIN+Group_name (I use + as my winbind separator, substitute for whatever you have chosen) No @ sign necessary It works fine for me like that. Thanks, Mark -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: 14 October 2004 12:38 PM To: [EMAIL PROTECTED] Subject: [Samba] Samba 3.0.7 / AD Domain Group Resolving Hello List, currently we have Samba 3.0.7 running on SLES8 systems with AD integration. We´re using the SerNet RPM´s (ftp.sernet.de) Everything works fine so far, we just have a problem with resolving domain groups. wbinfo -g works fine, the domain groups are correctly resolved. But when inserting a valid users = @AD_DOMAIN_GROUP statement in the smb.conf we get the following error: smbd/service.c:make_connection_snum(314) user 'DOMAIN\User.Name' (from session setup) not permitted to access this share (sharename) Inserting the user with his normal accountname does work (e.g. valid users = DOMAIN\User.Name) We do have a lot of AD Groups, some users are member of more than 200 groups (and no, we cannot fix that, reducing the number of groups is unfortunately not an option). I did find several post in the list archives on this topic, but no practical solution yet. Is there a solution? Are more details necessary? One more thing: we also have the problem that once in a while winbind dies when executing wbinfo -g or -u. I don´t know, if this is somehow connected. Anyone any ideas? I´m a bit lost here... Greetings Andreas Grzeski Systems Engineer/RHCE Stadtwerke München GmbH -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] smbfs mount issues
Kernel 2.6.8.1-10 On Thu, 2004-10-14 at 15:38 +0300, Anton K. wrote: Culver, Chuck wrote: I am having a similar problem on a Domain. The problem only seems to be when mounting a share located on a Windows 2003 server. My problem is this: I run the mount command. It completes without error. However, the mount path disappears. In your example, /path/to/mount/dir would be mounted, but the dir would disappear from view. If I open a terminal, SU, and then ls -la /path/to/mount It will not show anything at all. If I run unmount the share, the folder reappears. This used to work on an older version of Samba.. like 2.28 or early 3. Now I am running 3.0.7-2 on Mandrake 10.1. The stranger part is, I can preview the contents with SMB4K or LAN:// but once it is mounted -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Jason Pirok Sent: Wednesday, October 13, 2004 2:03 PM To: [EMAIL PROTECTED] Subject: [Samba] smbfs mount issues This problem began a couple months ago with my new install of (you guessed it) XP sp2. Now, when i mount a share from the xp machine to my debian box, everyone, including rot, gets a permission denied trying to ls the dir. I've read posts about switching to cifs, but that has opened a whole new can of worms. I'd just like to see smbfs mount my shares properly the way they used to. My version of samba is 3.0.7-1 according to dpkg on debian unstable. the mount command is mount -t smbfs -o credentials=cred.file,netbiosname=intruder,workgroup=workgroup,ip=111.11 1.111.111 //host/share /path/to/mount/dir I've done lots of look ups on google regarding many combinations of xp smbfs and the problems encountered to no avail. I'm at wits end and don't know what else to do. Sincerely, Jason This might be coused by buggy kernel, I had sa similar problem with kernel 2.6.1-... which come with Fedora Core2 test1. When I upgrade the kernel it was OK. What kernel are you using -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] can mount share, cannot join domain
On Thu, 14 Oct 2004, Anton K. wrote: jason kawaja wrote: On Tue, 12 Oct 2004, jason kawaja wrote: i am not using ldap. samba 3.0.7 on sparc solaris. winxp pro client. [snip smb.conf] when attempting to set/join domain from My Computer - Properties, a window pops up asking for username password and i enter root along with the smbpassword for the root (uid=0) account. then an error box saying The user name could not be found. is displayed. i can mount a share using a non uid=0 samba account to this client. Maybe you forgot to add root in samba like smbpasswd -a root nope, i created the smb root account and even see this : /usr/local/samba/var/log.smbd: check_ntlm_password: authentication for user [root] - [root] - [root] succeeded which im assuming means root authenticated. -- Jason Kawaja http://www.ietf.org/rfc/rfc1855.txt -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] script in netlogon isn't run
Hi, i have samba 3.0.7 and set a logon.bat script in /home/samba/netlogon But when i log in my domaine (from a windows xp sp1 machine) Domi the script isn't run, no error message at log in Just going on the share netlogon i got the sand-hour and nothing more happens What's wrong ? Thanks for any help *here my smb.conf * [global] # Do something sensible when Samba crashes: mail the admin a backtrace netbios name = FS1 workgroup = DOMI security = user encrypt passwords = yes #admin users= @Domain Admins interfaces=192.168.251.8 #host allow= 192.168.251.0/255.255.255.0 #domain logons = Yes os level = 65 preferred master = Yes domain master = Yes domain logons = Yes logon script=logon.bat log file = /var/log/samba/%m.log log level = 5 max log size = 5000 add machine script = /usr/local/sbin/smbldap-useradd -w %u add user script = /usr/sbin/useradd -d /dev/null -g 100 -s /bin/false -M %u #add user script = /usr/local/sbin/smbldap-useradd -m %u #add group script = /usr/local/sbin/smbldap-groupadd -p %g #add user to group script = /usr/local/sbin/smbldap-groupmod -m %u %g #delete user from group script = /usr/local/sbin/smbldap-groupmod -x %u %g #set primary group script = /usr/local/sbin/smbldap-usermod -g %g %u #delete user script = /usr/local/sbin/smbldap-userdel %u #delete group script = /usr/local/sbin/smbldap-groupdel %g obey pam restrictions = Yes #** Pour LDAP * passdb backend = ldapsam:ldap://127.0.0.1/ ldap suffix = dc=alsace,dc=iufm,dc=fr ldap admin dn = cn=admin,dc=alsace,dc=iufm,dc=fr ldap ssl=no ldap user suffix = ou=People ldap machine suffix = ou=Computers ldap group suffix = ou=Groups #ldap idmap suffix = ou=Users # d'après http://cj.tronquet.free.fr/doc/samba3ldap.php et idealx p.17 (smbtools) ldap passwd sync = Yes #*** [commun] comment = commun aux profs et étudiants volume = commun path = /home/samba/commun guest ok=yes read only = no writeable = yes #pas de partage visible dans vosinage réseau browseable = no [compta] comment = fichiers du service comptable path = /home/samba/fichiers/compta public = yes writeable = yes read only = no create mask = 0750 valid users = @compta # le groupe superviseur a tous les droits sur ce partage admin users = @superviseur [prothee] comment = accès à prothee path=/home/samba/prothee public = yes writeable = yes read only = no create mask = 0750 valid users = prothee admin users = @superviseur [netlogon] comment = Network Logon Service path = /home/samba/netlogon guest ok = yes writable = no share modes = no *here my logon..bat file * (i did as simple as possible..) net use j: \\FS1\netlogon net use k: \\FS1\commun -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Re: Sage oplocks
I need to set oplocking in smb.conf.I had it running for a while but on some windows pc's when i deleted a file it stayed there when attemping to delete for second time it threw an error saying file did not exist etc. I suspect this is windows problem so when i enable oplocking do i need to do anything on the windows pc's. I noticed this in the samba docs and wanted to confirm its the right thing to do ( nt4 and XP machines by the way ) - The following registry entries on Microsoft Windows XP Professional, 2000 Professional and Windows NT4 workstation clients must be configured as shown here: REGEDIT4 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\ Services\LanmanServer\Parameters] EnableOplocks=dword: [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\ Services\LanmanWorkstation\Parameters] UseOpportunisticLocking=dword: Sage is proving to be a pain in general Regards Terry -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] script in netlogon isn't run
Patrick DUBAU wrote: Hi, i have samba 3.0.7 and set a logon.bat script in /home/samba/netlogon But when i log in my domaine (from a windows xp sp1 machine) Domi the script isn't run, no error message at log in Just going on the share netlogon i got the sand-hour and nothing more happens *here my logon..bat file * (i did as simple as possible..) net use j: \\FS1\netlogon net use k: \\FS1\commun The first things I would try: - check the permissions on the file - make sure the file is in DOS text format, not Unix. You can do it with the unix2dos logon.bat command - check in the logs if the user can connect correctly to the [NETLOGON] share at login Bye... Mattia -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] smbfs mount issues
sorry about forgetting that. My kernel version is 2.6.8 This might be coused by buggy kernel, I had sa similar problem with kernel 2.6.1-... which come with Fedora Core2 test1. When I upgrade the kernel it was OK. What kernel are you using -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] smbfs mount issues
Whoops I should have run uname first. kernel is 2.6.7 On Thu, 14 Oct 2004 08:55:47 -0500, Jason Pirok [EMAIL PROTECTED] wrote: sorry about forgetting that. My kernel version is 2.6.8 This might be coused by buggy kernel, I had sa similar problem with kernel 2.6.1-... which come with Fedora Core2 test1. When I upgrade the kernel it was OK. What kernel are you using -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] NTFS ACLs - access denied
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Matías Barletta wrote: | People, I had gone panic... there is no way to migrate | Files from my NT 4, to the Samba BDC Server. I had vampired | all the users. but still I get access denied in robocopy | when it tries to copy the NTFS Security. | | Any Idea what could it be?? | | I swear to god, that I will share a bit of my salary | to solve this out!! 2 weeks fighting and going throw forums, | and this weekend my boss will go with win2000 if I dont | find a solution!! What version of Samba ? We'll need a lot more details. cheers, jerry - - Alleviating the pain of Windows(tm) --- http://www.samba.org GnuPG Key- http://www.plainjoe.org/gpg_public.asc If we're adding to the noise, turn off this song--Switchfoot (2003) -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFBboaBIR7qMdg1EfYRAm7QAJ9GCaJ57Y7ruymLyxeX/ycTjMU3OACgt4hX CoW9En0CexPh6GnQYse19VQ= =xYOW -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] kerberos and/or winbind ??
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Christian Merrill wrote: | Here is an over simplified explanation. Configuring | kerberos with samba will not give you any additional features. Actually it will. You don't get support for transitive trusts in winbindd without it. Without krb5 you get the non-transtive NT4 style trusts. cheers, jerry - - Alleviating the pain of Windows(tm) --- http://www.samba.org GnuPG Key- http://www.plainjoe.org/gpg_public.asc If we're adding to the noise, turn off this song--Switchfoot (2003) -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFBbocTIR7qMdg1EfYRAvMEAKCQlgScoCVr1MSjPvEQrvtWe/f0ZQCgmoFW hoyWspetmyUWCZrXR0a22I4= =RZWZ -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Can't join domain - no message
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 [EMAIL PROTECTED] wrote: | domain_client_validate: could not fetch trust account | password for domain DOMAINNAME Looks like it didn't really join the domain. Run smbpasswd with debug level of 10 and look for any errors at the tail end of the join process. cheers, jerry - - Alleviating the pain of Windows(tm) --- http://www.samba.org GnuPG Key- http://www.plainjoe.org/gpg_public.asc If we're adding to the noise, turn off this song--Switchfoot (2003) -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFBbod2IR7qMdg1EfYRAku7AJ9fMm8DRGzNssZSoT1nzRL1DqNz3gCg1hKQ AzSKc69xROl6TMcxYkawlOo= =3pTA -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba setup with Winbind connecting to NT4 PDC - Login is Slow...
-| PDC - Login isnow Slow... -| -| winbind enum users = yes -| winbind enum groups = yes remove those two... Mit freundlichem Gruß, Ok, I removed those 2 lines and tried again... It still took at least 2 minutes to login as it just Sit's on the KDE welcome screen with nothing and then all of a sudden up pops the KDE login box and proceeds as normal. Questions : - Is there a chance that becuase I'm on a trusted Domain with 3 locations that it is trying to Syncronize with the PDC's on the 3 domains on startup? Causing it to be slow like that? - Is there a chance that PAM has something to do with it? My SMB shares are all working and it authenticates with the PDC correctly so I would rather not mess with pam as I don't know what I'm doing with it. Here is my current SMB.CONF and NSSWITCH.CONF files again now. - SMB.CONF - # version at /usr/share/doc/packages/samba/examples/smb.conf.SUSE # Date: 2004-09-16 [global] workgroup = SHELTER printing = cups printcap name = cups printcap cache time = 750 cups options = raw printer admin = @ntadmin, root, administrator username map = /etc/samba/smbusers map to guest = Bad User ###include = /etc/samba/dhcp.conf #logon path = \\%L\profiles\.msprofile #logon home = \\%L\%U\.9xprofile #logon drive = P: # My additions... security = DOMAIN encrypt passwords = yes password server = shelternt1 sriesrv2 obey pam restrictions = yes socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 wins server = shelternt1 sriesrv2 dns proxy = no netbios name = sriemailsrv log level = 1 winbind separator = + winbind uid = 1-2 winbind gid = 1-2 winbind cache time = 15 #winbind enum users = yes #winbind enum groups = yes template homedir = /home/%U template shell = /bin/bash winbind use default domain = yes name resolve order = wins lmhosts host bcast [pdf] comment = PDF creator path = /var/tmp printable = Yes print command = /usr/bin/smbprngenpdf -J '%J' -c %c -s %s -u '%u' -z %z create mask = 0600 [printers] comment = All Printers path = /var/tmp printable = Yes create mask = 0600 browseable = No [print$] comment = Printer Drivers path = /var/lib/samba/drivers write list = @ntadmin root force group = ntadmin create mask = 0664 directory mask = 0775 [Public] comment = Public Folder path = /data/Public writable = yes [NetworkAccess] writable = yes path = /data/NetworkAccess write list = @shelter+TestLinuxGroup force group = ntadmin force user = root comment = Network Share for Writability... create mode = 0660 directory mode = 0770 [tmp] comment = Temporary File Space path = /data/tmp read only = no public = yes - NSSWITCH.CONF - # # /etc/nsswitch.conf # # An example Name Service Switch config file. This file should be # sorted with the most-used services at the beginning. # # The entry '[NOTFOUND=return]' means that the search for an # entry should stop if the search in the previous entry turned # up nothing. Note that if the search failed due to some other reason # (like no NIS server responding) then the search continues with the # next entry. # # Legal entries are: # # compat Use compatibility setup # nisplus Use NIS+ (NIS version 3) # nis Use NIS (NIS version 2), also called YP # dns Use DNS (Domain Name Service) # files Use the local files # db Use the /var/db databases # [NOTFOUND=return] Stop searching if not found so far # # For more information, please read the nsswitch.conf.5 manual page. # # passwd: files nis # shadow: files nis # group: files nis passwd: compat winbind group: compat winbind hosts: files dns networks: files dns services: files protocols: files rpc:files ethers:files netmasks: files netgroup: files publickey:files bootparams: files automount: files nis aliases:files Thanks, -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] 2 log files for the same client workstation accessing a Samba sha re
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 [EMAIL PROTECTED] wrote: | Hi, | | I am using Samba 3.0.7. | | Why is there a log filename with the IP address | and another one with the machine name in the | samba/var directory? | | For example : | | log.10.x.x.x. | log.machine_name_at_10.x.x.x | | Note: I deleted all logs before restarting Samba and | connecting to a share. Both log files are created at | about the same time. | | Is this a normal Samba behavior? Yes (when the client connects to port 445 we don't have access to the machine name until the SMBsesssetupX request). cheers, jerry - - Alleviating the pain of Windows(tm) --- http://www.samba.org GnuPG Key- http://www.plainjoe.org/gpg_public.asc If we're adding to the noise, turn off this song--Switchfoot (2003) -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFBboi1IR7qMdg1EfYRAhC/AJ9Wtk02xfo8sNupb62usLCI8RXd1QCeN2px aoDVvuEPqak8yF99kVhKr1A= =ef4y -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Bad lockout attempt recorded 2x
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Jeremy Bender wrote: | Example: | I logon to my Windows box as 'bender' | I also have the samba users 'bob', 'chuck' and 'bender'. | If I Map a Share as bob and mess up twice (or once) and then | successfully logon, the 'Bad password count' for 'bob' will | correctly be 0, but for bender it will be 2. If I logon | as 'chuck' and mess up once - 'bender' is now locked | out!! This is windows trying to use cached credentials I think. | that, all the shares on my samba server are | locked out to EVERYONE until I either remove user 'bender' or | ./pdbedit -z -c='[]' bender That would be a bug. Mind filing a report at bugzilla.samba.org. cheers, jerry -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFBboqCIR7qMdg1EfYRAmhcAJ0TRxGWPRdare1uY1omV/XuL3MhMwCg3eig NYTtMm/oL2YIBHmCL5ZPbE8= =r2JR -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Can't join domain - no message
Output from smbpasswd with debug level 10: ./smbpasswd -D 10 -j DOMAINNAME -r PDC -U username Initialising global parameters params.c:pm_process() - Processing configuration file /usr/local/samba/lib/smb.conf Processing section [global] doing parameter workgroup = DOMAINNAME doing parameter netbios name = HOSTNAME handle_netbios_name: set global_myname to: HOSTNAME doing parameter server string = My Server doing parameter security = DOMAIN doing parameter encrypt passwords = Yes doing parameter password server = * doing parameter admin log = Yes doing parameter log file = /var/log/samba doing parameter dns proxy = No doing parameter invalid users = root pm_process() returned Yes lp_servicenumber: couldn't find homes set_server_role: ROLE_DOMAIN_MEMBER codepage_initialise: client code page = 850 load_client_codepage: loading codepage 850. Adding chars 0x85 0xb7 (l-u = True) (u-l = True) Adding chars 0xa0 0xb5 (l-u = True) (u-l = True) Adding chars 0x83 0xb6 (l-u = True) (u-l = True) Adding chars 0xc6 0xc7 (l-u = True) (u-l = True) Adding chars 0x84 0x8e (l-u = True) (u-l = True) Adding chars 0x86 0x8f (l-u = True) (u-l = True) Adding chars 0x91 0x92 (l-u = True) (u-l = True) Adding chars 0x87 0x80 (l-u = True) (u-l = True) Adding chars 0x8a 0xd4 (l-u = True) (u-l = True) Adding chars 0x82 0x90 (l-u = True) (u-l = True) Adding chars 0x88 0xd2 (l-u = True) (u-l = True) Adding chars 0x89 0xd3 (l-u = True) (u-l = True) Adding chars 0x8d 0xde (l-u = True) (u-l = True) Adding chars 0xa1 0xd6 (l-u = True) (u-l = True) Adding chars 0x8c 0xd7 (l-u = True) (u-l = True) Adding chars 0x8b 0xd8 (l-u = True) (u-l = True) Adding chars 0xd0 0xd1 (l-u = True) (u-l = True) Adding chars 0xa4 0xa5 (l-u = True) (u-l = True) Adding chars 0x95 0xe3 (l-u = True) (u-l = True) Adding chars 0xa2 0xe0 (l-u = True) (u-l = True) Adding chars 0x93 0xe2 (l-u = True) (u-l = True) Adding chars 0xe4 0xe5 (l-u = True) (u-l = True) Adding chars 0x94 0x99 (l-u = True) (u-l = True) Adding chars 0x9b 0x9d (l-u = True) (u-l = True) Adding chars 0x97 0xeb (l-u = True) (u-l = True) Adding chars 0xa3 0xe9 (l-u = True) (u-l = True) Adding chars 0x96 0xea (l-u = True) (u-l = True) Adding chars 0x81 0x9a (l-u = True) (u-l = True) Adding chars 0xec 0xed (l-u = True) (u-l = True) Adding chars 0xe7 0xe8 (l-u = True) (u-l = True) Adding chars 0x9c 0x0 (l-u = False) (u-l = False) load_dos_unicode_map: 850 load_unicode_map: loading unicode map for codepage 850. load_unix_unicode_map: ISO8859-1 (init_done=0, override=0) load_unicode_map: loading unicode map for codepage ISO8859-1. added interface ip=172.17.1.212 bcast=172.17.255.255 nmask=255.255.0.0 Password: cli_init_creds: user username domain DOMAINNAME flgs: 0 ntlmssp_cli_flgs:0 cli_establish_connection: HOSTNAME00 connecting to PDC20 (0.0.0.0) - username [DOMAINNAME] resolve_lmhosts: Attempting lmhosts lookup for name PDC0x20 startlmhosts: Can't open lmhosts file /usr/local/samba/lib/lmhosts. Error was No such file or directory resolve_hosts: Attempting host lookup for name PDC0x20 resolve_wins: Attempting wins lookup for name PDC0x20 wins_srv_count: WINS status: 0 servers. resolve_wins: WINS server resolution selected and no WINS servers listed. name_resolve_bcast: Attempting broadcast lookup for name PDC0x20 bind succeeded on port 0 socket option SO_KEEPALIVE = 0 socket option SO_REUSEADDR = 4 socket option SO_BROADCAST = 32 Could not test socket option TCP_NODELAY. socket option IPTOS_LOWDELAY = 0 socket option IPTOS_THROUGHPUT = 0 socket option SO_SNDBUF = 0 socket option SO_RCVBUF = 0 socket option SO_SNDLOWAT = 0 socket option SO_RCVLOWAT = 0 socket option SO_SNDTIMEO = 0 socket option SO_RCVTIMEO = 0 Sending a packet of len 50 to (172.17.255.255) on port 137 read_udp_socket: lastip 172.8.8.8 lastport 137 read: 62 parse_nmb: packet id = 14521 Received a packet of len 62 from (172.8.8.8) port 137 nmb packet from 172.8.8.8(137) header: id=14521 opcode=Query(0) response=Yes header: flags: bcast=No rec_avail=No rec_des=Yes trunc=No auth=Yes header: rcode=0 qdcount=0 ancount=1 nscount=0 arcount=0 answers: nmb_name=PDC20 rr_type=32 rr_class=1 ttl=30 answers 0 char `. hex 6000AC110101 Got a positive name query response from 172.8.8.8 ( 172.8.8.8 ) parse_nmb: packet id = 123 parse_nmb: packet id = 123 parse_nmb: packet id = 123 parse_nmb: packet id = 123 parse_nmb: packet id = 123 parse_nmb: packet id = 123 internal_resolve_name: returning 1 addresses: 172.8.8.8 Connecting to 172.8.8.8 at port 445 As you can see, no message to say domain joined or not Regards, Stuart -Original Message- From: Gerald (Jerry) Carter [mailto:[EMAIL PROTECTED] Sent: 14 October 2004 15:05 To: Stuart Manning Cc: [EMAIL PROTECTED] Subject: Re: [Samba] Can't join domain - no message *** Gold Medal Travel E Mail disclaimer This e-mail contains proprietary information some or all of which may be legally
[Samba] Re: Problem adding users to the PDC
Users (S-1-5-32-545) is a local group. Domain users should have Domain group from their domain as their primary group. I would recommend to change mapping by removing 'Users - users' map and adding 'Domain Users - users' one. The problem can be also caused if you already have 'Domain Users - users' and add 'Users - users' since Samba mapps gid - SID by finding the first SID - gid mapping with the right gid and will fail if 'Users - users' is the first map it encounters. Hope it helps, Igor Anton K. wrote: I have problem adding users after I set up a goupmap. Before there was no problem. net groupmap ntgroup=Users unixgroup=users Users (S-1-5-32-545) - users useradd pesho -g users pdbedit -a pesho new password: retype new password: tdb_update_sam: Failing to store a SAM_ACCOUNT for [pesho] without a primary group RID Unable to add user! (does it already exist?) pesho of cource doesn´t exist pdbedit -L | grep pesho returns nothing. I´m using two passwd backends: passdb backend = tdbsam:/etc/samba/passdb.tdb \ smbpasswd:/etc/samba/smbpasswd In this case I´m trying to add pesho to tdbsam, when I remove it and only smbpasswd was in the smb.conf I was able to add it sucessfully. I´m using samba 3.0.7-2.FC1. Can somebody tell me what have I done wrong? -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Can't join domain - no message
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 [EMAIL PROTECTED] wrote: | Output from smbpasswd with debug level 10: | | ./smbpasswd -D 10 -j DOMAINNAME -r PDC -U username | Password: | Connecting to 172.8.8.8 at port 445 | | As you can see, no message to say domain joined | or not You should get some configmarion such as joined domain BLAH Is that IP address corret ? Does smbpasswd every connect ? The log file shouldn't just stop. There should be a lot more information after that last line. cheers, jerry - - Alleviating the pain of Windows(tm) --- http://www.samba.org GnuPG Key- http://www.plainjoe.org/gpg_public.asc If we're adding to the noise, turn off this song--Switchfoot (2003) -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFBbo8eIR7qMdg1EfYRAnqOAKDmgJmy2x44Wr59ecKftbJa7GQESgCgyGhv GYJF+vpcYEdJ2ybTZq/BP5U= =DUPc -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Bad lockout attempt recorded 2x
Thanks for input. But before I file a bug report I was poking around and found what seemed to be a fix back in 3.0beta2. http://www.linux.israel.net/samba/whatsnew/samba-3.0.0rc1.html Section: Changes since 3.0beta2 bullet number 6. Is this the same issue? Thanks. Gerald (Jerry) Carter wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Jeremy Bender wrote: | Example: | I logon to my Windows box as 'bender' | I also have the samba users 'bob', 'chuck' and 'bender'. | If I Map a Share as bob and mess up twice (or once) and then | successfully logon, the 'Bad password count' for 'bob' will | correctly be 0, but for bender it will be 2. If I logon | as 'chuck' and mess up once - 'bender' is now locked | out!! This is windows trying to use cached credentials I think. | that, all the shares on my samba server are | locked out to EVERYONE until I either remove user 'bender' or | ./pdbedit -z -c='[]' bender That would be a bug. Mind filing a report at bugzilla.samba.org. cheers, jerry -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFBboqCIR7qMdg1EfYRAmhcAJ0TRxGWPRdare1uY1omV/XuL3MhMwCg3eig NYTtMm/oL2YIBHmCL5ZPbE8= =r2JR -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] can mount share, cannot join domain
On Thu, 14 Oct 2004, jason kawaja wrote: On Thu, 14 Oct 2004, Anton K. wrote: jason kawaja wrote: On Tue, 12 Oct 2004, jason kawaja wrote: i am not using ldap. samba 3.0.7 on sparc solaris. winxp pro client. /usr/local/samba/var/log.smbd: check_ntlm_password: authentication for user [root] - [root] - [root] succeeded which im assuming means root authenticated. log.smbd on an attempt to join domain (log level=2) : [2004/10/14 10:41:18, 2] smbd/reply.c:reply_special(235) netbios connect: name1=BUNNY name2=KOBILE [2004/10/14 10:41:18, 2] smbd/reply.c:reply_special(242) netbios connect: local=bunny remote=kobile, name type = 0 [2004/10/14 10:41:18, 2] smbd/sesssetup.c:setup_new_vc_session(608) setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all old resources. [2004/10/14 10:41:18, 2] smbd/sesssetup.c:setup_new_vc_session(608) setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all old resources. [2004/10/14 10:41:18, 2] auth/auth.c:check_ntlm_password(305) check_ntlm_password: authentication for user [root] - [root] - [root] succeeded [2004/10/14 10:41:18, 2] rpc_server/srv_samr_nt.c:_samr_lookup_domain(2477) Returning domain sid for domain ECEL - S-1-5-21-4249381265-1503177171-4108507800 [2004/10/14 10:41:18, 2] smbd/server.c:exit_server(571) Closing connections log.smbd on another attempt to join domain (log level=5) : [2004/10/14 10:44:36, 5] lib/username.c:Get_Pwnam_internals(251) Get_Pwnam_internals didn't find user [kobile$]! [2004/10/14 10:44:36, 3] rpc_server/srv_samr_nt.c:_samr_create_user(2251) _samr_create_user: winbind_create_user(kobile$) failed is that perhaps the problem? kobile is the machine attempting to join. -- Jason Kawaja http://www.ietf.org/rfc/rfc1855.txt -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Bad lockout attempt recorded 2x
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Jeremy Bender wrote: | Thanks for input. But before I file a bug report I | was poking around and found what seemed to be a fix | back in 3.0beta2. | | http://www.linux.israel.net/samba/whatsnew/samba-3.0.0rc1.html | Section: Changes since 3.0beta2 bullet number 6. | | Is this the same issue? No. That's unrelated. cheers, jerry - - Alleviating the pain of Windows(tm) --- http://www.samba.org GnuPG Key- http://www.plainjoe.org/gpg_public.asc If we're adding to the noise, turn off this song--Switchfoot (2003) -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFBbpNEIR7qMdg1EfYRAjj8AJ42j+bYf6Bf0XKty5aJEfhMgolXrgCg0I81 HwTHhxL/QD8Qxyr138P1OgQ= =ATBE -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Can't join domain - no message
The IP has been changed for security, but yes it's correct. The fact that no message is given is the problem - no message either way. I've setup Samba loads of times and seen successes ans fails at this point, but never nothing. The same happened originally when I tried installing Samba 3. I installed this version as I knew is was working on another system with the same O/S level. This is why I'm stuck. Regards, Stuart -Original Message- From: Gerald (Jerry) Carter [mailto:[EMAIL PROTECTED] Sent: 14 October 2004 15:37 To: Stuart Manning Cc: [EMAIL PROTECTED] Subject: Re: [Samba] Can't join domain - no message *** Gold Medal Travel E Mail disclaimer This e-mail contains proprietary information some or all of which may be legally privileged. It is for the intended recipient only. If an addressing or transmission error has misdirected this e-mail, please notify the author by replying to this e-mail. If you are not the intended recipient you must not use, disclose, distribute, copy, print or rely on this e-mail. *** -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 [EMAIL PROTECTED] wrote: | Output from smbpasswd with debug level 10: | | ./smbpasswd -D 10 -j DOMAINNAME -r PDC -U username | Password: | Connecting to 172.8.8.8 at port 445 | | As you can see, no message to say domain joined | or not You should get some configmarion such as joined domain BLAH Is that IP address corret ? Does smbpasswd every connect ? The log file shouldn't just stop. There should be a lot more information after that last line. cheers, jerry - - Alleviating the pain of Windows(tm) --- http://www.samba.org GnuPG Key- http://www.plainjoe.org/gpg_public.asc If we're adding to the noise, turn off this song--Switchfoot (2003) -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFBbo8eIR7qMdg1EfYRAnqOAKDmgJmy2x44Wr59ecKftbJa7GQESgCgyGhv GYJF+vpcYEdJ2ybTZq/BP5U= =DUPc -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Can't join domain - no message
Now I'm confused! If it is ending with no message either way, I guessed smbpasswd must be aborting somehow, but not giving STDERR, so I just did a truss on smbpasswd. It worked! ...giving the messge Joing Domain. Tried again normally, but same result - no passwd. Started samba, connected fine. The end result has been achieved - ie samba working, but not sure why join failed until I ran it under truss. Anyone any ideas? Thanks for your reply Jerry, I guess it got me to think about the problem from another angle. Regards, Stuart -Original Message- From: Gerald (Jerry) Carter [mailto:[EMAIL PROTECTED] Sent: 14 October 2004 15:37 To: Stuart Manning Cc: [EMAIL PROTECTED] Subject: Re: [Samba] Can't join domain - no message *** Gold Medal Travel E Mail disclaimer This e-mail contains proprietary information some or all of which may be legally privileged. It is for the intended recipient only. If an addressing or transmission error has misdirected this e-mail, please notify the author by replying to this e-mail. If you are not the intended recipient you must not use, disclose, distribute, copy, print or rely on this e-mail. *** -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 [EMAIL PROTECTED] wrote: | Output from smbpasswd with debug level 10: | | ./smbpasswd -D 10 -j DOMAINNAME -r PDC -U username | Password: | Connecting to 172.8.8.8 at port 445 | | As you can see, no message to say domain joined | or not You should get some configmarion such as joined domain BLAH Is that IP address corret ? Does smbpasswd every connect ? The log file shouldn't just stop. There should be a lot more information after that last line. cheers, jerry - - Alleviating the pain of Windows(tm) --- http://www.samba.org GnuPG Key- http://www.plainjoe.org/gpg_public.asc If we're adding to the noise, turn off this song--Switchfoot (2003) -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFBbo8eIR7qMdg1EfYRAnqOAKDmgJmy2x44Wr59ecKftbJa7GQESgCgyGhv GYJF+vpcYEdJ2ybTZq/BP5U= =DUPc -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] [PATCH] smbfs: smbfs do not honor uid, gid, file_mode and dir_mode supplied by user mount
Hi, This patch fixes Samba Bugzilla Bug 999. The last version (2.6.8.1) of smbfs kernel module do not honor uid, gid, file_mode and dir_mode supplied by user during mount. This bug is also logged as Kernel Bug Tracker Bug 3330. I think this stuff is related to the unix extensions. This patch offers to the client side the opportunity to decide to use or not those extensions. To fully work, some modifications are needed to samba smbmount.c and smbmnt.c files. Those patches are available at Samba and Kernel Bug Tracker pages (Bug 999). After those patches, if the user do not supply any of the parameters above, the uid, gid, file_mode and dir_mode on the server will be used by the client. I have submitted this before, but I've got no answer. This is the last time. If it have no value, please send me a note. Thank you in advance, Haroldo Gamal PS: Thank you Randy. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba setup with Winbind connecting to NT4 PDC - Login isnow Slow...
-| PDC - Login isnow Slow... -| -| winbind enum users = yes -| winbind enum groups = yes remove those two... Mit freundlichem Gruß, Couple of more things I found... I tried removing my Linux Server from the NT domain and readding it as per a couple websites. The linux server shows Joine Domain so that looks good. But on the NT server in the event log I get a Event Id 5722 saying : - The session setup from the computer X failed to authenticate. The name of the account referenced in the security database is XX$. the following error occured. Access is denied. - Shortly after that there is another event ID 5723 which is saying that there is no TRUST ACCOUNT reference in the database. I'm confused with the fact that my linux server Joined the domain and is not running it's own domain so I don't have to add it to the Trust relationships, I tried but of course it said could not find domain (Because it isn't one) Is there a step i'm missing that I should have added a trust account or something else to make it work, the shares are seen, everything works but my login is slow and that is from a timeout of 1 miliseconds becuase it's trying to resolve something. Confused. Thanks for all your help! Eric -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Re: Trust between two samba domains
Please, read carefuly Samba doc regarding Interdomain Trust: http://www.samba.org/samba/docs/man/Samba-HOWTO-Collection/InterdomainTrusts.html Interdomain trust implies that one Domain will trust another that a user logged into it correctly. Your assumption that user from one Domain should be able to login into another is incorrect. Users from DomainA should login into DomainA but will be able to use resources of the DomainB if DomainB trust DomainA. Hope it helps, Igor opk Bronislav wrote: Hi, I posted my problem to list but nobody answerd me. I have found a solution of netsamlogon_cache.tdb but still I have a problem with authentication. I have changed a smb.conf files. servera: [global] workgroup = DOMAINA netbios name = SERVERA security = user passdb backend = smbpasswd local master = yes domain logons = yes os level = 33 domain master = yes preferred master = yes log level = 3 allow trusted domains = yes wins support = yes [netlogon] comment = Network Logon Service path = /var/lib/samba/netlogon read only = yes [Documents] comment = Dokumenty path = /export/documents writeable = yes browseable = yes guest ok = yes serverb: [global] workgroup = DOMAINB netbios name = SERVERB security = user passdb backend = smbpasswd local master = yes domain logons = yes os level = 33 domain master = yes preferred master = yes log level = 3 allow trusted domains = yes wins support = yes [netlogon] comment = Network Logon Service path = /var/lib/samba/netlogon read only = yes [Documents] comment = Dokumenty path = /export/documents writeable = yes browseable = yes guest ok = yes loga: [2004/10/13 16:40:21, 3] rpc_server/srv_pipe.c:api_rpcTNP(1541) api_rpcTNP: rpc command: NET_SAMLOGON [2004/10/13 16:40:21, 3] rpc_server/srv_netlog_nt.c:_net_sam_logon(613) SAM Logon (Interactive). Domain:[DOMAINA]. User:[EMAIL PROTECTED] Requested Domain:[DOMAINB] [2004/10/13 16:40:21, 3] smbd/sec_ctx.c:push_sec_ctx(256) push_sec_ctx(65534, 65534) : sec_ctx_stack_ndx = 1 [2004/10/13 16:40:21, 3] smbd/uid.c:push_conn_ctx(365) push_conn_ctx(100) : conn_ctx_stack_ndx = 0 [2004/10/13 16:40:21, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2004/10/13 16:40:21, 3] smbd/sec_ctx.c:pop_sec_ctx(386) pop_sec_ctx (65534, 65534) - sec_ctx_stack_ndx = 0 [2004/10/13 16:40:21, 3] auth/auth.c:check_ntlm_password(219) check_ntlm_password: Checking password for unmapped user [EMAIL PROTECTED] with the new password interface [2004/10/13 16:40:21, 3] auth/auth.c:check_ntlm_password(222) check_ntlm_password: mapped user is: [EMAIL PROTECTED] [2004/10/13 16:40:21, 3] smbd/sec_ctx.c:push_sec_ctx(256) push_sec_ctx(65534, 65534) : sec_ctx_stack_ndx = 1 [2004/10/13 16:40:21, 3] smbd/uid.c:push_conn_ctx(365) push_conn_ctx(100) : conn_ctx_stack_ndx = 0 [2004/10/13 16:40:21, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2004/10/13 16:40:21, 3] smbd/sec_ctx.c:pop_sec_ctx(386) pop_sec_ctx (65534, 65534) - sec_ctx_stack_ndx = 0 [2004/10/13 16:40:21, 3] smbd/sec_ctx.c:push_sec_ctx(256) push_sec_ctx(65534, 65534) : sec_ctx_stack_ndx = 1 [2004/10/13 16:40:21, 3] smbd/uid.c:push_conn_ctx(365) push_conn_ctx(100) : conn_ctx_stack_ndx = 0 [2004/10/13 16:40:21, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2004/10/13 16:40:21, 3] smbd/sec_ctx.c:pop_sec_ctx(386) pop_sec_ctx (65534, 65534) - sec_ctx_stack_ndx = 0 [2004/10/13 16:40:21, 3] libsmb/namequery_dc.c:rpc_dc_name(145) rpc_dc_name: Returning DC SERVERB (192.168.100.11) for domain DOMAINB [2004/10/13 16:40:21, 3] libsmb/cliconnect.c:cli_start_connection(1376) Connecting to host=SERVERB [2004/10/13 16:40:21, 3] lib/util_sock.c:open_socket_out(752) Connecting to 192.168.100.11 at port 445 [2004/10/13 16:40:21, 3] auth/auth_util.c:make_server_info_info3(1114) User bronasek does not exist, trying to add it [2004/10/13 16:40:21, 0] auth/auth_util.c:make_server_info_info3(1122) make_server_info_info3: pdb_init_sam failed! [2004/10/13 16:40:21, 2] auth/auth.c:check_ntlm_password(312) check_ntlm_password: Authentication for user [bronasek] - [bronasek] FAILED with error NT_STATUS_NO_SUCH_USER [2004/10/13 16:40:21, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(544) free_pipe_context: destroying talloc pool of size 6274 [2004/10/13 16:40:21, 3] smbd/pipes.c:reply_pipe_write_and_X(199) writeX-IPC pnum=73cc nwritten=336 [2004/10/13 16:40:21, 3] smbd/process.c:process_smb(1092) Transaction 39 of length 63 [2004/10/13 16:40:21, 3] smbd/process.c:switch_message(887) switch message SMBreadX (pid 10156) conn 0x83d8040 [2004/10/13 16:40:21, 3] smbd/pipes.c:reply_pipe_read_and_X(242) readX-IPC pnum=73cc min=1024 max=1024 nread=96 logb: [2004/10/13 16:17:06, 3] rpc_server/srv_netlog_nt.c:_net_sam_logon(620) SAM Logon (Network).
Re: [Samba] ADS valid users can't map share
Yeah, that solved the problem for valid users. Thanks. However, I now have a different problem. The same kind of logic should apply to the username map, right? But it doesn't seem to. smb.conf: * [global] workgroup = EDSADDDM realm = EDSADDDM.DDM.APM.BPM.EDS.COM server string = Maul Test Server log level = 2 max log size = 100 security = ADS local master = no os level = 0 domain master = no preferred master = no wins server = 199.42.192.103 dns proxy = no encrypt passwords = yes idmap uid = 6-7 idmap gid = 8-9 winbind enum users = yes winbind enum groups = yes winbind separator = + winbind use default domain = no username map = /opt/samba/lib/username.map [space] comment = Space Partition Share path = /space writable = yes browsable = yes * username.map: * !grega = EDSADDDM+imguser * If I map the share from my Windows XP client as EDSADDDM\imguser, it doesn't do the mapping. I get the following messages in log.smbd: * [2004/10/14 09:57:39, 2] smbd/sesssetup.c:setup_new_vc_session(608) setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all old resources. open_sockets_smbd: accept: Software caused connection abort [2004/10/14 09:57:39, 2] smbd/sesssetup.c:setup_new_vc_session(608) setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all old resources. [2004/10/14 09:57:40, 2] auth/auth.c:check_ntlm_password(305) check_ntlm_password: authentication for user [imguser] - [imguser] - [EDSADDDM+imguser] succeeded [2004/10/14 09:57:40, 1] smbd/service.c:make_connection_snum(648) mule (199.42.192.45) connect to service space initially as user EDSADDDM+imguser (uid=60001, gid=8) (pid 25694) * and if I create a new file it gets the following ownership/permission: * # ls -l /space/tmp total 0 -rwxr--r-- 1 nobody EDSADDDM+Domain Users 0 Oct 14 09:59 New Text Document.txt * However, if I change username.map to the following and restart Samba: * !grega = imguser * The username map does what I think it should... The permissions on the created file are as follows: * # ls -l /space/tmp total 0 -rwxr--r-- 1 gregaeng0 Oct 14 10:01 New Text Document.txt * So... it appears that the username map is not using the domain information. Any ideas on this one?? Greg Adams On Tue, 12 Oct 2004 20:51:35 -0700, Doug VanLeuven [EMAIL PROTECTED] wrote: Greg Adams wrote: winbind separator = + winbind use default domain = no [space] comment = Space Partition Share path = /space writable = yes browsable = yes valid users = EDSADDDM\imguser Maybe it should be EDSADDDM+imguser ? Any ideas? Hope that helps. Regards, Doug -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] non-local accounts...
I am having problems, can join domain, add users, etc, etc no problem using samba 3.0.6 and ldap 2.2.17, have the ldap working fine with samba. The problem is that I cannot get this to work without having local unix accounts. We are setting up a domain between 32 locations (zero budget) , and of course want to just have our ldap directory replicate itself, not have to add local users. Totally unix pdc/bdcs, not active directory at all. What is the easiest way to add ldap users without having to add local accounts as well? smbldap-tools is giving me failed to perform search; No such object at /usr/local/sbin//smbldap_tools.pm line 229, DATA line 283 errors, even though the conf files seem correct in every which way. Any help would be appreciated. MIke -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Re: Samba 3.0.7 adding machines. Wrong primary group.
I have a strange feeling that the clue is in the server-manager since I don't use it to join domain at all. I have Debian/unstable x86 Linux 2.6.7 Samba 3.0.7 as a PDC. Workstation is WinXP Pro SP1. To join domain I just go into System Properties/Computer Name/Change... and put Domain name in the Member of/Domain: field. Then I click Ok, put Domain administrator's name and password in popuped Computer Name Changes window, and click Ok again. After getting Welcome to DOMAIN domain. and You must restart this computer for the changes to take effect. popups I reboot and have computer as a domain member. Do you join domain some other way? Igor Michael Liebl wrote: Am Mittwoch, den 13. Oktober 2004 schrubte Igor Belyi: Using: Debian/unstable x86 Linux 2.6.5 Samba: Version 3.0.7-Debian Interesting case... The request comes from Windows to update machine account with a bunch of new values and in this request RID of the primary group for the account (group_rid) is listed as 513 (0x201). If you look at the 'fields_present' in the request you will notice that it requests almost all information to be updated - 09f827fa (this is a bitwise mask of fields to be updated). When I add a computer in my domain I have it only '00c4 fields_present : 0112'. Note, that on How do you add? Details welcome. So, I suspect the problem is somewhere on Windows side. I haven't found any Domain Policy requiring all accounts to be in Domain Users group which is the only thing which comes to my mind as a probably cause for the problem. Strange. @home I have WinXP SP1 only, with standard server-manager from the WinNT4 Resource Kit. At the customer we have W2K with a unknown server-manager, but same results @ samba 3.0.7 on RH box. I hope somebody having more experience with different Domain/Windows configurations can help in this case. May I install an old samba 3.0.1 to test that? -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Re: Printer Device Modes
Gerald (Jerry) Carter wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Ryan Suarez wrote: | Greetings Admins, | | The howto details setting the device mode using a windows client: | http://us4.samba.org/samba/docs/man/Samba-HOWTO-Collection/printing.html#id2552900 | | | Is there a way to script this process? We support 260+ printers and | it's a pain in the ass. (My wrist is hurting!) There is actually. You can store default initialization data for each printer driver and then a printer will get this information assigned when it is bound to the driver. What you do is to set a printer bound to the driver in quetion to be like you want it and the send a SetPrinterData() call to set the registry value named _p_f_a_n_t_0_m_ (type REG_BINARY) to some arbitrary value. The value doesn't really matter. This tells smbd to save a snapshot of that printer's data as the default initialization data for that driver. Then when you bind a new printer to the same driver, it will be assigned that get that initialization data. Hope this helps. Jerry, can you cut paste what you just said into Samba-HOWTO-Collection? :o) Igor -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] VSS and Samba
Did you ever find a solution for using a linux working directory with VSS? Thanks, Charles -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Re: Authentication woes
Can you also provide smbd log showing the error message during your attempts? Igor Brian Witowski wrote: Hello, I have a perplexing problem. Im running Mandrake 10.0 and samba 3.0 setup as a domain controller. My client machines are XP Pro. I can join the domain and my Homes directory connects as it should. But that's all I can do. I have other shares that I can't access. For instance, I have a downloads share. Ive tried every conceivable setting but when I try to access that share, it prompts for my username and password. I enter it but it doesn't take. It just asks again. I've tried different logins and get the same result. Ive tried setting guest=yes and that didn't help. Ive set the attributes to 777 and that didn't help. Evidently it doesn't see my netlogon share either because my logon script never runs. Ive included my samba.conf for inspection. Keep in mind this is only one of MANY configurations I've tried. Any help would be greatly appreciated. Brian --- # Samba config file created using SWAT # from 0.0.0.0 (0.0.0.0) # Date: 2004/10/07 07:23:18 # Global parameters [global] workgroup = PYRAMID netbios name = SERVER interfaces = eth1, lo bind interfaces only = Yes username map = /etc/samba/smbusers log level = 31 syslog = 0 log file = /var/log/samba/%m max log size = 50 smb ports = 139 445 name resolve order = wins bcast hosts time server = Yes add user script = /usr/sbin/useradd -m %u delete user script = /usr/sbin/userdel -r %u add group script = /usr/sbin/groupadd %g delete group script = /usr/sbin/groupdel %g add user to group script = /usr/sbin/usermod -G %g %u add machine script = /usr/sbin/useradd -s /bin/false -d /dev/null %u shutdown script = /var/lib/samba/scripts/shutdown.sh abort shutdown script = /sbin/shutdown -c logon script = \\%L\netlogon\default.bat logon path = \\server\profiles\%U logon drive = X: logon home = \\%L\%U domain logons = Yes ldap ssl = no default service = Downloads winbind use default domain = Yes [downloads] path = /mnt/hda3/downloads read only = No create mask = 0777 force create mode = 0777 directory mask = 0777 force directory mode = 0777 [netlogon] comment = Network Logon Service path = /mnt/hda3/home/netlogon read only = No [brianw] path = /mnt/hda3/home/brianw read only = No guest ok = Yes [laptop] path = /home/laptop read only = No guest ok = Yes [profiles] path = /mnt/hda3/home/samba/profiles read only = No guest ok = Yes [homes] path = /mnt/hda3/home read only = No [jan] path = /mnt/hda3/home/jan -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] non-local accounts...
Michael J Wilson schrieb: I am having problems, can join domain, add users, etc, etc no problem using samba 3.0.6 and ldap 2.2.17, have the ldap working fine with samba. The problem is that I cannot get this to work without having local unix accounts. Every Samba-User must have a Unix-Account, but you can manage Local- and Sambaaccounts in one LDAP-Tree. What is the easiest way to add ldap users without having to add local accounts as well? In the most Samba-LDAP-PDC-HowTo's you can read, that you have to authenticate the Unix AND the Samba by one LDAP-Tree. The LDAP-Tree manage every Unix and Samba-Account in one container. Please look at this: http://samba.idealx.org/smbldap-howto.en.html I use the web-based-Software LAM (http://lam.sourceforge.net/) to manage my 500 Unix- and Sambaccount Users. matze -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Alerta de Vírus
A L E R T A D E V Í R U S Esta é uma mensagem automática, não é preciso respondê-la! O servidor de e-mails da SitePlanet encontrou vírus no e-mail que você enviou para mcontabi. Por medida de segurança, o e-mail não foi entregue! Remova o vírus e envie o e-mail novamente. ATENÇÃO: Caso você não tenha enviado tal e-mail, por favor, desconsidere este alerta. Para sua referência, seguem os cabeçalhos do seu e-mail: - INICIO DOS CABEÇALHOS - Return-Path: [EMAIL PROTECTED] Received: from mutter.com.br ([200.219.166.116]) by jupter.siteplanet.com.br (8.12.11/8.12.11) with SMTP id i9EIwrdu015826 for [EMAIL PROTECTED]; Thu, 14 Oct 2004 15:58:54 -0300 Message-Id: [EMAIL PROTECTED] From: [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: Sua saude esta bem? Date: Thu, 14 Oct 2004 15:32:06 -0300 MIME-Version: 1.0 Content-Type: multipart/mixed; boundary=46125860 X-AntiVirus: scanned for viruses by SitePlanet --- FIM DOS CABEÇALHOS -- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Alerta de Vírus
A L E R T A D E V Í R U S Esta é uma mensagem automática, não é preciso respondê-la! O servidor de e-mails da SitePlanet encontrou vírus no e-mail que você enviou para tejada. Por medida de segurança, o e-mail não foi entregue! Remova o vírus e envie o e-mail novamente. ATENÇÃO: Caso você não tenha enviado tal e-mail, por favor, desconsidere este alerta. Para sua referência, seguem os cabeçalhos do seu e-mail: - INICIO DOS CABEÇALHOS - Return-Path: [EMAIL PROTECTED] Received: from mutter.com.br ([200.219.166.116]) by jupter.siteplanet.com.br (8.12.11/8.12.11) with SMTP id i9EIwrdu015826 for [EMAIL PROTECTED]; Thu, 14 Oct 2004 15:58:54 -0300 Message-Id: [EMAIL PROTECTED] From: [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: Sua saude esta bem? Date: Thu, 14 Oct 2004 15:32:06 -0300 MIME-Version: 1.0 Content-Type: multipart/mixed; boundary=46125860 X-AntiVirus: scanned for viruses by SitePlanet --- FIM DOS CABEÇALHOS -- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Getting errors while running Samba 3.0.7 with ADS security mode under MIT Kerberos
Hi, I compiled Samba 3.0.7, MIT Kerberos 1.3.5 and OpenLDAP 2.2.17. I did not notice any errors during compilation. I searched and found the #define HAVE_LDAP 1 and #define HAVE_KRB5 1 statements in the config.h file of Samba 3.0.7's include dir. So, ADS should be supported in the compiled Samba 3.0.7 version. Here is what I did up to now. As described in the How-To Samba doc, I created the /etc/krb5.conf file and I ran the kinit [EMAIL PROTECTED] command. I had to provide the password for USERNAME. When I run the klist command, I get the following output: * Ticket cache: FILE:/tmp/krb5cc_0 FILE:/tmp/krb5cc_0 Default principal: [EMAIL PROTECTED] Valid starting ExpiresService principal 10/08/04 15:57:48 10/09/04 01:59:26 krbtgt/REALM@REALM renew until 10/09/04 15:57:48 Kerberos 4 ticket cache: /tmp/tkt0 klist: You have no tickets cached * Is it OK or should I see more then just the TGT ticket? My understanding is that I ran the kinit command just to make sure that Kerberos was working between the Win2K3 server and the Samba machine. Am I right? Then, I joined successfully the Samba machine to the Win2K3 server's domain with the net ads join -U Administrator%password command. After starting Samba (i.e. only the smbd and nmbd processes), I tried to map a Samba share from a Windows XP Pro workstation from which I was already logged in with a user account defined in the Win2K3 server's domain. The first try (i.e. after a reboot of the workstation so that the cache was cleared) never works! At that point, a username/password box opened and I entered the username and password information of that same user I was logged in and it worked. It looks like the password was not OK the first time (I did the map from a Windows CMD console to get the error message)... When I look at the Samba log for that workstation (log=0 ... sorry!), I noticed the following error messages: * [2004/10/08 17:31:34, 0] lib/util_sock.c:get_peer_addr(1000) getpeername failed. Error was Transport endpoint is not connected [2004/10/08 17:31:34, 0] lib/util_sock.c:write_socket_data(430) write_socket_data: write failure. Error = Broken pipe [2004/10/08 17:31:34, 0] lib/util_sock.c:write_socket(455) write_socket: Error writing 4 bytes to socket 24: ERRNO = Broken pipe [2004/10/08 17:31:34, 0] lib/util_sock.c:send_smb(647) Error writing 4 bytes to client. -1. (Broken pipe) * When the Samba share was established, it seemed to work OK. But today, I changed the log setting (i.e. log=2), I repeated the same steps and I noticed that there were some additional messages about NTLM being used the second time (i.e. after the username/password box)... See the following Samba log output: * [2004/10/13 16:01:57, 2] smbd/sesssetup.c:setup_new_vc_session(608) setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all old resources. [2004/10/13 16:01:58, 1] smbd/sesssetup.c:reply_spnego_kerberos(250) Username DEV-TESTAD.HYDRO.QC.CA\mv90ddmexp02$ is invalid on this system [2004/10/13 16:01:58, 2] smbd/sesssetup.c:setup_new_vc_session(608) setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all old resources. [2004/10/13 16:01:58, 2] smbd/service.c:make_connection_snum(314) user 'qc' (from session setup) not permitted to access this share (ddm_mv90data) [2004/10/13 16:01:58, 2] smbd/server.c:exit_server(571) Closing connections [2004/10/13 16:02:13, 0] lib/util_sock.c:get_peer_addr(1000) getpeername failed. Error was Transport endpoint is not connected [2004/10/13 16:02:13, 0] lib/util_sock.c:write_socket_data(430) write_socket_data: write failure. Error = Broken pipe [2004/10/13 16:02:13, 0] lib/util_sock.c:write_socket(455) write_socket: Error writing 4 bytes to socket 24: ERRNO = Broken pipe [2004/10/13 16:02:13, 0] lib/util_sock.c:send_smb(647) Error writing 4 bytes to client. -1. (Broken pipe) [2004/10/13 16:02:13, 2] smbd/server.c:exit_server(571) Closing connections [2004/10/13 16:02:13, 2] libsmb/namequery.c:name_query(492) Got a positive name query response from 10.6.1.103 ( 10.6.1.103 ) [2004/10/13 16:02:13, 2] auth/auth.c:check_ntlm_password(305) check_ntlm_password: authentication for user [QC] - [ddmuser] - [ddmuser] succeeded [2004/10/13 16:02:13, 1] smbd/service.c:make_connection_snum(648) mv90ddmexp02 (10.4.114.22) connect to service ddm_mv90data initially as user ddmuser (uid=40147, gid=30013) (pid 4162) * From that, I can only guess that when I try to map the Samba share from the Windows XP Pro workstation, it fails and Samba seems to revert to the NTLM authentication... Is that possible? Here is my krb5.conf file:
Re: [Samba] NTFS ACLs - access denied
SuSE 9.1 Pro - Samba 3.0.7 - Reiserfs ACL is supported by default.. getfsacl setfsacl works great. thanks On Thu, 2004-10-14 at 09:00 -0500, Gerald (Jerry) Carter wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Matas Barletta wrote: | People, I had gone panic... there is no way to migrate | Files from my NT 4, to the Samba BDC Server. I had vampired | all the users. but still I get access denied in robocopy | when it tries to copy the NTFS Security. | | Any Idea what could it be?? | | I swear to god, that I will share a bit of my salary | to solve this out!! 2 weeks fighting and going throw forums, | and this weekend my boss will go with win2000 if I dont | find a solution!! What version of Samba ? We'll need a lot more details. cheers, jerry - - Alleviating the pain of Windows(tm) --- http://www.samba.org GnuPG Key- http://www.plainjoe.org/gpg_public.asc If we're adding to the noise, turn off this song--Switchfoot (2003) -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFBboaBIR7qMdg1EfYRAm7QAJ9GCaJ57Y7ruymLyxeX/ycTjMU3OACgt4hX CoW9En0CexPh6GnQYse19VQ= =xYOW -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Cannot receive files from server 3.0.7 to W2K
Just FYI: This fixed file w2k file lock ups on my Gentoo installaion too. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Holger Krull Sent: Wednesday, October 13, 2004 4:50 PM To: Aymeric Berrendonner Cc: [EMAIL PROTECTED] Subject: Re: [Samba] Cannot receive files from server 3.0.7 to W2K Standard Debian Response, third time this day. Try adding use sendfile = no to global section. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Any way to use Samba 2.2 with OpenLDAP directory using Samba 3 schema?
I'm in the process of upgrading OpenLDAP from 2.0 to 2.2 and many Samba servers from 2.2 to 3.0 over the course of several weeks. I have a test setup using Samba 3 against OpenLDAP 2.2 with the Samba 3 schema. I would like to be able to point all my existing Samba 2.2 servers at the new directory while they wait their turn to be upgraded. I see that Samba 2.2 allows me to specify an alternative ldap filter so I can tell it to use ((uid=%u)(objectclass=sambaSamAccount)) instead of ((uid=%u)(objectclass=sambaAccount)). However, I would still need a way to point passwords at sambaNTPassword instead of ntpassword among other things? Any easy way to do this or should I just maintain two directories until the last box is upgraded? Jason Joines = -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Re: Any way to use Samba 2.2 with OpenLDAP directory using Samba 3 schema?
Jason Joines wrote: I'm in the process of upgrading OpenLDAP from 2.0 to 2.2 and many Samba servers from 2.2 to 3.0 over the course of several weeks. I have a test setup using Samba 3 against OpenLDAP 2.2 with the Samba 3 schema. I would like to be able to point all my existing Samba 2.2 servers at the new directory while they wait their turn to be upgraded. I see that Samba 2.2 allows me to specify an alternative ldap filter so I can tell it to use ((uid=%u)(objectclass=sambaSamAccount)) instead of ((uid=%u)(objectclass=sambaAccount)). However, I would still need a way to point passwords at sambaNTPassword instead of ntpassword among other things? Any easy way to do this or should I just maintain two directories until the last box is upgraded? Jason Joines = As an alternative, is it possible to enable both the Samba 2 and Samba 3 schema in the same directory? Jason === -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] rpcclient shutdown with -m
Hello, Am I posting this to the wrong list? I used the command rpcclient shutdowninit -m MESSAGE ... to shutdown windows workstations and it used to work just fine. After an online update on the windows workstation the shutdown script stopped working. Trying the command manually I got this return error: result was NT code 0x0057 when I cutoff -m MESSAGE from the script it works fine, but I can't display any message to the user on the workstation. anyone can help? -- Att. Flavio Fonseca Administrador de Redes Divisao de Redes Universidade Federal de Uberlandia -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba ADS -- works with XP Pro, but not 2000 Pro
Gordon Hopper wrote: # According to http://web.mit.edu/kerberos/www/krb5-1.2/krb5-1.2.8/doc/admin.html#SEC17 # the only supported encryption types are des3-hmac-sha1 and des-cbc-crc. default_tkt_enctypes = des3-hmac-sha1 des-cbc-crc default_tgs_enctypes = des3-hmac-sha1 des-cbc-crc # However, http://lists.samba.org/archive/samba/2004-October/093761.html suggests: # default_tgs_enctypes = des-cbc-crc des-cbc-md5 # default_tkt_enctypes = des-cbc-crc des-cbc-md5 At the time, I was working from the MS KB article on permitted enctypes http://support.microsoft.com/default.aspx?scid=kb;en-us;296842 and the IBM AIX security guide for authenticating to a 2000 ADS domain controller with an older version kerberos http://publib16.boulder.ibm.com/doc_link/en_US/a_doc_lib/aixbman/security/securitytfrm.htm It may very well be the only acceptable enctype is des-cbc-crc considering the limitation of that version of kerberos. But MS seems to suggest the only acceptable ecntypes for AD are rc4-hmac, des-cbc-crc and des-cbc-md5 Regards, Doug -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Re: [PATCH] smbfs: smbfs do not honor uid, gid, file_mode and dir_mode supplied by user mount
Haroldo Gamal [EMAIL PROTECTED] wrote: This patch fixes Samba Bugzilla Bug 999. The last version (2.6.8.1) of smbfs kernel module do not honor uid, gid, file_mode and dir_mode supplied by user during mount. I merged this into -mm when you first sent it. See ftp://ftp.kernel.org/pub/linux/kernel/people/akpm/patches/2.6/2.6.9-rc4/2.6.9-rc4-mm1/broken-out/smbfs-do-not-honor-uid-gid-file_mode-and-dir_mode-supplied.patch. This latest patch seems to be significantly different from the earlier one. What's up? -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Re: [PATCH] smbfs: smbfs do not honor uid, gid, file_mode and dir_mode supplied by user mount
This is the same patch. As I do not receive any ack I sent it again... On Thu, 2004-10-14 at 18:41, Andrew Morton wrote: Haroldo Gamal [EMAIL PROTECTED] wrote: This patch fixes Samba Bugzilla Bug 999. The last version (2.6.8.1) of smbfs kernel module do not honor uid, gid, file_mode and dir_mode supplied by user during mount. I merged this into -mm when you first sent it. See ftp://ftp.kernel.org/pub/linux/kernel/people/akpm/patches/2.6/2.6.9-rc4/2.6.9-rc4-mm1/broken-out/smbfs-do-not-honor-uid-gid-file_mode-and-dir_mode-supplied.patch. This latest patch seems to be significantly different from the earlier one. What's up? - To unsubscribe from this list: send the line unsubscribe linux-kernel in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/ -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba3 By Example - Suggested Update (Correction?) And Two Winbind Defects
Hi, have you info if this bug will be fixed in the suse 9.2 which will arriving in a few weeks? I am very wondering about that this patch is not disribute by suse themselfes ( the novell case? ), if this is not getting fixed i will stop using suse cause in my oppinion they broke dns Regards Schlomo Schapiro schrieb: Hi, probably your problem was caused by SuSE's .local problem. They patched their glibc to do a multicast DNS lookup (AKA Apple ZeroConf) for all .local domains. A fix is supposed to come soon ( I pushed them to make one :-), but if you have support try to ask for it directly. Unfortunateley I am not allowed to distribute this patch myself. Using IP Addresses only of course also serves as a workaround, but with DNS-rooted domains this is a pain in the ass. Regards, Schlomo PS: Look for previous traffic on this list regarding SuSE 9.1 On Wed, 13 Oct 2004, L. Mark Stone wrote: We were trying to build a SuSE 9.1 box in a lab as a Domain Member server in a Windows Active Directory domain where the AD server was running Windows 2000 Server. We found that the instructions in Chapter 9.3.3 were, at least in our case, incomplete. The AD server was managing a private domain, so following the Windows Configure My Server wizard the domain was setup as smelug.local. When we attempted to have the Linux box (running SuSE 9.1 (fully patched) with the Samba 3.0.7 rpm packages from the SuSE ftp site) join the domain, we got an error indicating the Linux box could not find the Kerberos server. After Googling, we saw that others experiencing this problem had as the root cause either a DNS configuration problem or a misconfigured realm in krb5.conf. We checked DNS on the W2K server and on the Linux box, added entries in the Linux and Windows hosts files, and then watched the packets go back and forth with Ethereal between the Windows 2K AD server and the SuSE box, but we still got the error. The two boxes were clearly exchanging packets, so we felt pretty good that we didn't have any DNS configuration errors. Next, we undid all of the above changes, and simply edited the krb5.conf file to include the realm information and the IP:port info for the AD server. The join was successful now. May I therefore suggest that configuring the krb5.conf file be added to Chapter 9.3.3 in S3BE? Separately, we found two winbind errors during testing: First, we found that winbind does not shut down cleanly during a reboot (we used the SuSE runlevel editor in YaST to have smb, nmb and winbind startup automagically during boot up). Winbind leaves /var/run/samba/winbindd.pid in place, which we must remove manually before we can start winbind. Second, even after starting/stopping/restarting winbind manually, wbinfo -u (and -g) do not work at first. We found we needed to run net ads info first, and then wbinfo -whatever would work just fine. Please let me know if you would like me to file bugzilla reports on these errors, or if you would like more detail. We are not programmers so we don't know how to narrow this down further. With best regards, Mark P.S. The lab machines are VMware 4.5.2 guests, running on a SuSE Linux 8.2 host. We can make the virtual machine files available to you if you would like to run these machines locally for testing (assuming you have VMware and a Windows 2000 Server license). -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Join NT4 Domain.. Works but Event Log has error 5723...
Hi, I execute the net rpc join -S PDC -u account%password and it replys Joined Domain XXX and everything works good... Samba Authenticates properly share works etc, etc... My Login is SLOW but I tracked it down that I have a EventID on the NT Server saying there is no Trust account (Event ID 5723) and I also recieve a error on startup Event ID 5722 which is Access Denied because of the trust account message that followes. Is there something in samba that I have to configure to shutoff a feature such as sign or seal etc in the smb.conf file. I read if you get this problem on XP joining a NT4 domain you need to do that. Looking for suggestions as once I fix this my login should be back to normal. Thanks, Eric -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Roaming Profile Folder Redirection Problems
Sorry about the top post... John and list... I have figured out what my problem was with Chaper 6 of Samba 3 By Example. Table 6.3 (page 167 of the print copy) has some incorrect values. That table says to set the Cache directory key, for example, to: \\%LOGONSERVER%\profdata\%USERNAME%\InternetFiles That is incorrect! The leading \\ characters cause the profile path to be unreachable, as I believe the path would then expand to: SMB-PDC\profdata\testuser\InternetFiles. Removing the two leading \ characters fixed all my problems on both Windows 2000 and XP. Both the print versions and the web versions of Samba 3 By Example have this typo in multiple places in section 6.6.1. (Step 3 under Redirect Folders In Default User Profile has it as an example of a network redirection that contains a macro, as well as the aforementioned Table 6.3 errors.) The web version of TOSHARG, Chapter 23, does not contain this error and is what led me to figuring out what I was going incorrectly. Rich Edelman On Sunday 10 October 2004 09:43 pm, John H Terpstra wrote: Rich, I have seen a number of reports of problems with the procedure I outlined in the book. Rest assured that this was well tested prior to publication. Additionally, there are some large sites in Europe that use roaming profiles in precisely this fashion. That leaves us with the problem of the need to identify what you have done that is different, or to identify what is different in your client Windows configuration. I regret that at this time I do not have time to assist you further, however I am keen to hear of any progress you make in solving the issue and would much appreciate any comments that can be added to the chapter to help others to avoid your pain. Cheers, John T. On Sunday 10 October 2004 13:19, Rich Edelman wrote: I'm running Samba 3.0.7 on SuSE 9.1 with OpenLDAP for auth. I've been mostly following along Terpstra's Book Samba 3 By Example, as lots of other people here have been. The three big problems I'm having are: 1) After a Windows XP user logs out for the first time, upon next login they get an error message saying Windows cannot log you in because your profile cannot be loaded. Deleting the NTUSER.DAT file for that user allows that user to log in again. 2) It doesn't appear like the default user profile (located in /var/lib/samba/netlogon/Default User/) is getting used for anything, as when I log in for the first time and view the registry any changes that I made for the default user are not there! 3) This one will probably be solved by #2 above, but whenever a user logs out, there is that stupid 'synchronizing' window, even though all profile folders have been redirected to a network drive. Why? Any help or suggestions on these would be greatly appreciated! Thanks, Rich Edelman -- John H Terpstra Samba-Team Member Phone: +1 (650) 580-8668 Author: The Official Samba-3 HOWTO Reference Guide, ISBN: 0131453556 Samba-3 by Example, ISBN: 0131472216 Hardening Linux, ISBN: 0072254971 OpenLDAP by Example, ISBN: 0131488732 Other books in production. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Upgrading/Replacing Samba/Solaris 2.2.4 ?
Due to Security audit items I'm having to patch/upgrade our SAMBA version 2.2.4 2.2.8a. This needs to be as quick and effortless as possible. Can someone please tell me if there are patches available to fill security holes for these versions or is an upgrade or total new install required? If patches are available please tell me the url to download from. Thanks, Pat E. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] msdfs root in [homes] do not work in XP
Hi We setup a samba server (3.02a ) under Debian, acting as PDC. Clients are w98 S.E. and XP sp1. Server name is box-p In smb.conf we configure: [clouds] ... [homes] ... msdfs root = yes We create dfs links in home directory of users : ln -s msdfs:box-p\\clouds shared When users log into PDC using an win98 machine they find shared in his home, and can access it. When users log into PDC using an win XP pro they find shared in his home, but can't access it: the resource is inaccesible or doesn't exists. We tried to move the dfs to other share, acting as dfs root, and create mdfsd links there. Then any machine can see share and have access to its contents. We need the first configuration, because we can create differents links for any user. (there are many shares, and we don't want show all for any user) ¿Any idea? F. Latorre Segovia Spain -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] can mount share, cannot join domain
Firstly, the man page says to use add machine script... AND Can someone tell me why my thinking is wrong. Isn't %u the username of the current service, if any, as described in the smb.conf man page? If so, why do the doc's (including the man page) put %u in the command for adding a machine account to the UNIX side? Doesn't the machine account need the NetBIOS name of the client, and isn't this represented in Samba by %m? Wouldn't the command for adding a machine be something more like (3.0.x): add machine script = /usr/sbin/useradd -c Machine -d /dev/null -g 100 \ -s /bin/false %m Can't test right now as our only 2000 machine is busy. Can anyone else confirm? Adrian Hicks -- MIS Facilities Manager Auston Int'l Group Ltd 45 Middle Rd, #01-00 Auston Unicentre Singapore 188954 Tel: (65) 6334 5900 ext. 229 Fax: (65) 6339 7600 On 14 October 2004 pm 20:43, Anton K. wrote: jason kawaja wrote: On Tue, 12 Oct 2004, jason kawaja wrote: i am not using ldap. samba 3.0.7 on sparc solaris. winxp pro client. [global] netbios name = bunny workgroup = ecel time server = yes security = user encrypt passwords = yes wins support = yes domain master = yes local master = yes os level = 65 domain logons = yes logon path = \\%L\%u\.win_profile logon script = logon.bat logon drive = D: logon home = \\%L\%u\.win_home add user script = useradd -d /dev/null -g 100 -s /usr/bin/false %u [netlogon] path = /usr/local/samba/lib/netlogon writable = no browsable = no [homes] comment = Home Directories browsable = no writable = yes valid users = @student @despot invalid users = @other @sys @adm @uucp @mail @tty @lp @nuucp @staff \ @daemon @sysadmin @bobody @noaccess @nogroup @nofiles @qmail max connections = 80 drwxrwxr-x2 root other 512 Oct 8 13:21 netlogon/ when attempting to set/join domain from My Computer - Properties, a window pops up asking for username password and i enter root along with the smbpassword for the root (uid=0) account. then an error box saying The user name could not be found. is displayed. i can mount a share using a non uid=0 samba account to this client. ideas? how about a nudge in the right direction? -- Jason Kawaja http://www.ietf.org/rfc/rfc1855.txt Maybe you forgot to add root in samba like smbpasswd -a root -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Samba Errors in my log file
FreeBSD 4.10 Latest version of Samba Domain Member WinXP machines with SP2 Why do these errors continue to come up, it does not seem to be hurting a thing as the box is working perfectly no complaints other than these errors in my log file. Oct 14 16:07:00 ns1 smbd[82463]: getpeername failed. Error was Socket is not connected Oct 14 16:07:00 ns1 smbd[82463]: [2004/10/14 16:07:00, 0] lib/util_sock.c:write_socket_data(430) Oct 14 16:07:00 ns1 smbd[82463]: write_socket_data: write failure. Error = Broken pipe Oct 14 16:07:00 ns1 smbd[82463]: [2004/10/14 16:07:00, 0] lib/util_sock.c:write_socket(455) Oct 14 16:07:00 ns1 smbd[82463]: write_socket: Error writing 4 bytes to socket 22: ERRNO = Broken pipe Oct 14 16:07:00 ns1 smbd[82463]: [2004/10/14 16:07:00, 0] lib/util_sock.c:send_smb(647) Oct 14 16:07:00 ns1 smbd[82463]: Error writing 4 bytes to client. -1. (Broken pipe -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Re: Linux freezes on large file transfers
Monty wrote: I am running MD 10 (Community) as a file server on a Shuttle SB61G2. This setup worked very well under Mandrake 9.2 however, everytime I try to copy files larger than say 550 ~650MB using MD 10, my linux box freezes and must be rebooted. I can FTP the same file(s) perfectly fine to other PC 's on my home net. Small volumes of files work fine as well as ISO images, the box seems to lock up only after it passes some type of treshold treshold. I am not sure what to do here. I have installed of the latest SMB packages for MD 10. The problem still persists. Is there some config parameter that I must change? Have you tried use sendfile = no in smb.conf? Igor -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Re: unable to change password on multi IP
Kris Van Bruwaene wrote: When trying to connect to a new machine on our internal network I first got: session setup failed: NT_STATUS_PASSWORD_MUST_CHANGE I searched the list archives and found the following solution, which gave me a new error: smbpasswd -U bruwaek -r //rto.be Old SMB password: New SMB password: Retype new SMB password: unable to find an IP address for machine //rto.be. Failed to modify password entry for user bruwaek Why did you put '//' in front of a machine name? Try just: smbpasswd -U bruwaek -r rto.be Hope it helps, Igor -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Photoshop Disk Full error, a linux filesystem NOT Samba issue
I changed my smb.conf (on a SuSE 9.1 system) to include max disk size = 1000 I no longer get Disk Full errors when I try to do a file backup using Quicken 98 to an SMB share..but now I get a Drive not ready error. I've tried several values and all behave the same. I have a Reiser FS on 9.1, but had ext2 on 8.2 and got the same Disk Full errors. I don't know whether the Drive not ready errors are particular to Reiser as I don't have ext2 partitions anywhere to compare. Anybody have similar experiences? Jim -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Re: Samba 3.0.7 adding machines. Wrong primary group.
Am Donnerstag, den 14. Oktober 2004 schrubte Igor Belyi: I have a strange feeling that the clue is in the server-manager since I don't use it to join domain at all. Maybe, yes. To join domain I just go into System Properties/Computer Name/Change... That way I did also, but some Time ago. And some Samba-Versions ago. Do you join domain some other way? Servermanager. I'll give it a try and let 1 Computer rejoin the Domain without pre-work. -- ) .--. Bei E-Mail Antworten muss der Betreff )#=+ ' mit 'USENET' beginnen, sonst /dev/null /## | .+.Liebe Grüsse, ,,/###,|,,| Michael -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
svn commit: samba r2963 - in branches/SAMBA_4_0/source/build/pidl: .
Author: tpot Date: 2004-10-14 06:35:42 + (Thu, 14 Oct 2004) New Revision: 2963 WebSVN: http://websvn.samba.org/websvn/changeset.php?rep=sambapath=/branches/SAMBA_4_0/source/build/pidlrev=2963nolog=1 Log: Handle structures that contain more than one union as members. Modified: branches/SAMBA_4_0/source/build/pidl/swig.pm Changeset: Modified: branches/SAMBA_4_0/source/build/pidl/swig.pm === --- branches/SAMBA_4_0/source/build/pidl/swig.pm2004-10-14 05:59:28 UTC (rev 2962) +++ branches/SAMBA_4_0/source/build/pidl/swig.pm2004-10-14 06:35:42 UTC (rev 2963) @@ -216,7 +216,7 @@ my($extra_args) = ; if (isunion($e-{TYPE})) { - $extra_args = , switch_is; + $extra_args = , $e-{NAME}_switch_is; } if ($e-{POINTERS} == 0) { @@ -291,7 +291,7 @@ foreach my $e (@{$fn-{DATA}}) { if (isunion($e-{TYPE})) { - $result .= , int switch_is; + $result .= , int $e-{NAME}_switch_is; } } $result .= )\n;
svn commit: samba r2964 - in branches/SAMBA_4_0/source: build/smb_build scripting/swig
Author: tpot Date: 2004-10-14 06:45:25 + (Thu, 14 Oct 2004) New Revision: 2964 WebSVN: http://websvn.samba.org/websvn/changeset.php?rep=sambapath=/branches/SAMBA_4_0/sourcerev=2964nolog=1 Log: Add spoolss to list of wrapped client functions. Modified: branches/SAMBA_4_0/source/build/smb_build/makefile.pl branches/SAMBA_4_0/source/scripting/swig/dcerpc.i Changeset: Modified: branches/SAMBA_4_0/source/build/smb_build/makefile.pl === --- branches/SAMBA_4_0/source/build/smb_build/makefile.pl 2004-10-14 06:35:42 UTC (rev 2963) +++ branches/SAMBA_4_0/source/build/smb_build/makefile.pl 2004-10-14 06:45:25 UTC (rev 2964) @@ -776,7 +776,7 @@ PYTHON_DCERPC_LIBS = -lldap -SWIG_INCLUDES = librpc/gen_ndr/samr.i librpc/gen_ndr/lsa.i librpc/gen_ndr/winreg.i +SWIG_INCLUDES = librpc/gen_ndr/samr.i librpc/gen_ndr/lsa.i librpc/gen_ndr/winreg.i librpc/gen_ndr/spoolss.i scripting/swig/dcerpc.py: scripting/swig/dcerpc.i scripting/swig/samba.i \$(SWIG_INCLUDES) swig -python scripting/swig/dcerpc.i Modified: branches/SAMBA_4_0/source/scripting/swig/dcerpc.i === --- branches/SAMBA_4_0/source/scripting/swig/dcerpc.i 2004-10-14 06:35:42 UTC (rev 2963) +++ branches/SAMBA_4_0/source/scripting/swig/dcerpc.i 2004-10-14 06:45:25 UTC (rev 2964) @@ -377,3 +377,4 @@ } %include librpc/gen_ndr/winreg.i +%include librpc/gen_ndr/spoolss.i
svn commit: samba r2965 - in branches/SAMBA_4_0/source/scripting/swig/torture: .
Author: tpot Date: 2004-10-14 07:25:47 + (Thu, 14 Oct 2004) New Revision: 2965 WebSVN: http://websvn.samba.org/websvn/changeset.php?rep=sambapath=/branches/SAMBA_4_0/source/scripting/swig/torturerev=2965nolog=1 Log: Ignore *.pyc files in torture directory. Allow test module name to be specified on command line for pytorture module. Start spoolss torture test. Added: branches/SAMBA_4_0/source/scripting/swig/torture/spoolss.py Modified: branches/SAMBA_4_0/source/scripting/swig/torture/ branches/SAMBA_4_0/source/scripting/swig/torture/pytorture Changeset: Property changes on: branches/SAMBA_4_0/source/scripting/swig/torture ___ Name: svn:ignore + *.pyc Modified: branches/SAMBA_4_0/source/scripting/swig/torture/pytorture === --- branches/SAMBA_4_0/source/scripting/swig/torture/pytorture 2004-10-14 06:45:25 UTC (rev 2964) +++ branches/SAMBA_4_0/source/scripting/swig/torture/pytorture 2004-10-14 07:25:47 UTC (rev 2965) @@ -1,5 +1,6 @@ #!/usr/bin/python +import sys from optparse import OptionParser # Parse command line @@ -31,7 +32,20 @@ username = options.username password = options.password -# Run tests +if len(args) == 0: + parser.error('You must supply the name of a module to test') -import samr -samr.runtests(binding, domain, username, password) +# Import and test + +for test in args: + + try: + module = __import__(test) + except ImportError: + print 'No such module %s' % test + sys.exit(1) + + if not hasattr(module, 'runtests'): + print 'Module %s does not have a runtests function' % test + + module.runtests(binding, domain, username, password) Added: branches/SAMBA_4_0/source/scripting/swig/torture/spoolss.py === --- branches/SAMBA_4_0/source/scripting/swig/torture/spoolss.py 2004-10-14 06:45:25 UTC (rev 2964) +++ branches/SAMBA_4_0/source/scripting/swig/torture/spoolss.py 2004-10-14 07:25:47 UTC (rev 2965) @@ -0,0 +1,24 @@ +import dcerpc + +def test_EnumPrinters(pipe): + +r = {} +r['flags'] = 0x02 +r['server'] = None +r['level'] = 1 +r['buffer'] = 392 * '\x00' +r['buf_size'] = 392 + +result = dcerpc.spoolss_EnumPrinters(pipe, r) + +print result + +def runtests(binding, domain, username, password): + +print 'Testing SPOOLSS pipe' + +pipe = dcerpc.pipe_connect(binding, +dcerpc.DCERPC_SPOOLSS_UUID, dcerpc.DCERPC_SPOOLSS_VERSION, +domain, username, password) + +test_EnumPrinters(pipe)
svn commit: samba r2966 - in branches/SAMBA_4_0/source: build/pidl scripting/swig
Author: tpot Date: 2004-10-14 07:33:09 + (Thu, 14 Oct 2004) New Revision: 2966 WebSVN: http://websvn.samba.org/websvn/changeset.php?rep=sambapath=/branches/SAMBA_4_0/sourcerev=2966nolog=1 Log: Handle conversion of DATA_BLOB fields from Python in a slightly nicer manner. I'm hoping to get rid of DATA_BLOB's but for the moment they make it easy to get some spoolss action happening quickly. Modified: branches/SAMBA_4_0/source/build/pidl/swig.pm branches/SAMBA_4_0/source/scripting/swig/dcerpc.i Changeset: Modified: branches/SAMBA_4_0/source/build/pidl/swig.pm === --- branches/SAMBA_4_0/source/build/pidl/swig.pm2004-10-14 07:25:47 UTC (rev 2965) +++ branches/SAMBA_4_0/source/build/pidl/swig.pm2004-10-14 07:33:09 UTC (rev 2966) @@ -96,6 +96,11 @@ return $result; } +if ($e-{TYPE} eq DATA_BLOB) { + $result .= \tDATA_BLOB_ptr_from_python(mem_ctx, s-$prefix$e-{NAME}, $obj, \$e-{NAME}\);\n; + return $result; +} + # Generate conversion for element if (util::is_scalar_type($e-{TYPE})) { Modified: branches/SAMBA_4_0/source/scripting/swig/dcerpc.i === --- branches/SAMBA_4_0/source/scripting/swig/dcerpc.i 2004-10-14 07:25:47 UTC (rev 2965) +++ branches/SAMBA_4_0/source/scripting/swig/dcerpc.i 2004-10-14 07:33:09 UTC (rev 2966) @@ -254,28 +254,28 @@ #define dom_sid2_ptr_to_python dom_sid_ptr_to_python #define dom_sid2_ptr_from_python dom_sid_ptr_from_python -DATA_BLOB DATA_BLOB_from_python(PyObject *obj, char *name) +void DATA_BLOB_ptr_from_python(TALLOC_CTX *mem_ctx, DATA_BLOB **s, + PyObject *obj, char *name) { - DATA_BLOB ret; - - /* Because we treat DATA_BLOB as a scalar type (why?) there - doesn't seem to be a way to pass back when an error has - occured. */ - if (obj == NULL) { PyErr_Format(PyExc_ValueError, Expecting key %s, name); return; } + if (obj == Py_None) { + *s = NULL; + return; + } + if (!PyString_Check(obj)) { PyErr_Format(PyExc_TypeError, Expecting string value for key '%s', name); return; } - ret.length = PyString_Size(obj); - ret.data = PyString_AsString(obj); + *s = talloc(mem_ctx, sizeof(DATA_BLOB)); - return ret; + (*s)-length = PyString_Size(obj); + (*s)-data = PyString_AsString(obj); } PyObject *DATA_BLOB_to_python(DATA_BLOB obj)
svn commit: samba r2967 - in branches/SAMBA_4_0/source/librpc/idl: .
Author: tpot Date: 2004-10-14 07:33:49 + (Thu, 14 Oct 2004) New Revision: 2967 WebSVN: http://websvn.samba.org/websvn/changeset.php?rep=sambapath=/branches/SAMBA_4_0/source/librpc/idlrev=2967nolog=1 Log: Add some printer enum constants from Samba3's rpc_spoolss.h Modified: branches/SAMBA_4_0/source/librpc/idl/spoolss.idl Changeset: Modified: branches/SAMBA_4_0/source/librpc/idl/spoolss.idl === --- branches/SAMBA_4_0/source/librpc/idl/spoolss.idl2004-10-14 07:33:09 UTC (rev 2966) +++ branches/SAMBA_4_0/source/librpc/idl/spoolss.idl2004-10-14 07:33:49 UTC (rev 2967) @@ -129,6 +129,15 @@ [case(7)] spoolss_PrinterInfo7 info7; } spoolss_PrinterInfo; + const int PRINTER_ENUM_DEFAULT = 0x0001; + const int PRINTER_ENUM_LOCAL = 0x0002; + const int PRINTER_ENUM_CONNECTIONS = 0x0004; + const int PRINTER_ENUM_FAVORITE= 0x0004; + const int PRINTER_ENUM_NAME= 0x0008; + const int PRINTER_ENUM_REMOTE = 0x0010; + const int PRINTER_ENUM_SHARED = 0x0020; + const int PRINTER_ENUM_NETWORK = 0x0040; + /**/ /* Function: 0x00 */ WERROR spoolss_EnumPrinters(
svn commit: samba r2968 - in branches/SAMBA_4_0/source: build/pidl librpc/idl librpc/ndr
Author: tridge Date: 2004-10-14 09:07:41 + (Thu, 14 Oct 2004) New Revision: 2968 WebSVN: http://websvn.samba.org/websvn/changeset.php?rep=sambapath=/branches/SAMBA_4_0/sourcerev=2968nolog=1 Log: fixed the byte order problem with the new RHS parsing on ncacn_ip_tcp Modified: branches/SAMBA_4_0/source/build/pidl/parser.pm branches/SAMBA_4_0/source/librpc/idl/epmapper.idl branches/SAMBA_4_0/source/librpc/idl/idl_types.h branches/SAMBA_4_0/source/librpc/ndr/ndr.c Changeset: Modified: branches/SAMBA_4_0/source/build/pidl/parser.pm === --- branches/SAMBA_4_0/source/build/pidl/parser.pm 2004-10-14 07:33:49 UTC (rev 2967) +++ branches/SAMBA_4_0/source/build/pidl/parser.pm 2004-10-14 09:07:41 UTC (rev 2968) @@ -135,7 +135,7 @@ my $flags = util::has_property($e, flag); if (defined $flags) { pidl \t{ uint32_t _flags_save_$e-{TYPE} = ndr-flags;\n; - pidl \tndr-flags |= $flags;\n; + pidl \tndr_set_flags(ndr-flags, $flags);\n; } } Modified: branches/SAMBA_4_0/source/librpc/idl/epmapper.idl === --- branches/SAMBA_4_0/source/librpc/idl/epmapper.idl 2004-10-14 07:33:49 UTC (rev 2967) +++ branches/SAMBA_4_0/source/librpc/idl/epmapper.idl 2004-10-14 09:07:41 UTC (rev 2968) @@ -149,7 +149,7 @@ typedef struct { } epm_rhs_ncalrpc; - typedef [nodiscriminant] union { + typedef [flag(NDR_BIG_ENDIAN),nodiscriminant] union { [case(EPM_PROTOCOL_DNET_NSP)] epm_rhs_dnet_nsp dnet_nsp; [case(EPM_PROTOCOL_OSI_TP4)] epm_rhs_osi_tp4 osi_tp4; [case(EPM_PROTOCOL_OSI_CLNS)] epm_rhs_osi_clns osi_clns; Modified: branches/SAMBA_4_0/source/librpc/idl/idl_types.h === --- branches/SAMBA_4_0/source/librpc/idl/idl_types.h2004-10-14 07:33:49 UTC (rev 2967) +++ branches/SAMBA_4_0/source/librpc/idl/idl_types.h2004-10-14 09:07:41 UTC (rev 2968) @@ -66,6 +66,7 @@ /* this flag is used to force a section of IDL as little endian. It is needed for the epmapper IDL, which is defined as always being LE */ #define NDR_LITTLE_ENDIAN LIBNDR_FLAG_LITTLE_ENDIAN +#define NDR_BIG_ENDIAN LIBNDR_FLAG_BIGENDIAN /* Modified: branches/SAMBA_4_0/source/librpc/ndr/ndr.c === --- branches/SAMBA_4_0/source/librpc/ndr/ndr.c 2004-10-14 07:33:49 UTC (rev 2967) +++ branches/SAMBA_4_0/source/librpc/ndr/ndr.c 2004-10-14 09:07:41 UTC (rev 2968) @@ -350,6 +350,17 @@ talloc_free(ndr); } +void ndr_set_flags(uint32_t *pflags, uint32_t new_flags) +{ + /* the big/little endian flags are inter-dependent */ + if (new_flags LIBNDR_FLAG_LITTLE_ENDIAN) { + (*pflags) = ~LIBNDR_FLAG_BIGENDIAN; + } + if (new_flags LIBNDR_FLAG_BIGENDIAN) { + (*pflags) = ~LIBNDR_FLAG_LITTLE_ENDIAN; + } + (*pflags) |= new_flags; +} static NTSTATUS ndr_map_error(enum ndr_err_code err) {
svn commit: samba r2969 - in branches/SAMBA_4_0/source/torture/rpc: .
Author: tridge Date: 2004-10-14 09:21:12 + (Thu, 14 Oct 2004) New Revision: 2969 WebSVN: http://websvn.samba.org/websvn/changeset.php?rep=sambapath=/branches/SAMBA_4_0/source/torture/rpcrev=2969nolog=1 Log: inet_ntoa() takes an address in network byte order, so now that we parse the RHS as IDL, we need to use htonl() to convert back to network byte order before we can display the IP Modified: branches/SAMBA_4_0/source/torture/rpc/epmapper.c Changeset: Modified: branches/SAMBA_4_0/source/torture/rpc/epmapper.c === --- branches/SAMBA_4_0/source/torture/rpc/epmapper.c2004-10-14 09:07:41 UTC (rev 2968) +++ branches/SAMBA_4_0/source/torture/rpc/epmapper.c2004-10-14 09:21:12 UTC (rev 2969) @@ -64,7 +64,7 @@ printf( IP:); { struct in_addr in; - in.s_addr = rhs-ip.address; + in.s_addr = htonl(rhs-ip.address); printf(%s, inet_ntoa(in)); } break;
svn commit: samba r2970 - in branches/SAMBA_4_0/source: librpc/idl rpc_server rpc_server/drsuapi torture/rpc
Author: metze Date: 2004-10-14 09:56:04 + (Thu, 14 Oct 2004) New Revision: 2970 WebSVN: http://websvn.samba.org/websvn/changeset.php?rep=sambapath=/branches/SAMBA_4_0/sourcerev=2970nolog=1 Log: - give somefields names and typdef enums for the possible values - do more crackname tests in the torture test - move server code for cracknames to a different file metze Added: branches/SAMBA_4_0/source/rpc_server/drsuapi/drsuapi_cracknames.c Modified: branches/SAMBA_4_0/source/librpc/idl/drsuapi.idl branches/SAMBA_4_0/source/rpc_server/config.mk branches/SAMBA_4_0/source/rpc_server/drsuapi/dcesrv_drsuapi.c branches/SAMBA_4_0/source/torture/rpc/drsuapi.c Changeset: Sorry, the patch is too large (491 lines) to include; please use WebSVN to see it! WebSVN: http://websvn.samba.org/websvn/changeset.php?rep=sambapath=/branches/SAMBA_4_0/sourcerev=2970nolog=1
svn commit: samba r2972 - in branches/SAMBA_4_0/source/librpc/idl: .
Author: metze Date: 2004-10-14 10:21:51 + (Thu, 14 Oct 2004) New Revision: 2972 WebSVN: http://websvn.samba.org/websvn/changeset.php?rep=sambapath=/branches/SAMBA_4_0/source/librpc/idlrev=2972nolog=1 Log: make names more consistent metze Modified: branches/SAMBA_4_0/source/librpc/idl/drsuapi.idl Changeset: Modified: branches/SAMBA_4_0/source/librpc/idl/drsuapi.idl === --- branches/SAMBA_4_0/source/librpc/idl/drsuapi.idl2004-10-14 10:16:22 UTC (rev 2971) +++ branches/SAMBA_4_0/source/librpc/idl/drsuapi.idl2004-10-14 10:21:51 UTC (rev 2972) @@ -15,11 +15,11 @@ typedef [flag(NDR_PAHEX)] struct { [range(1,1)] uint32 length; [size_is(length)] uint8 data[]; - } drsuapi_BindInfo; + } drsuapi_DsBindInfo; NTSTATUS drsuapi_DsBind( [in]GUID *server_guid, - [in,out]drsuapi_BindInfo *bind_info, + [in,out]drsuapi_DsBindInfo *bind_info, [out,ref] policy_handle *bind_handle );
svn commit: samba r2973 - in branches/SAMBA_4_0/source/build/pidl: .
Author: jelmer Date: 2004-10-14 10:30:08 + (Thu, 14 Oct 2004) New Revision: 2973 WebSVN: http://websvn.samba.org/websvn/changeset.php?rep=sambapath=/branches/SAMBA_4_0/source/build/pidlrev=2973nolog=1 Log: Allow comma's inside parentheses in property arguments Modified: branches/SAMBA_4_0/source/build/pidl/idl.pm branches/SAMBA_4_0/source/build/pidl/idl.yp Changeset: Sorry, the patch is too large (1117 lines) to include; please use WebSVN to see it! WebSVN: http://websvn.samba.org/websvn/changeset.php?rep=sambapath=/branches/SAMBA_4_0/source/build/pidlrev=2973nolog=1
svn commit: samba r2974 - in branches/SAMBA_4_0/source/rpc_server/drsuapi: .
Author: metze Date: 2004-10-14 11:11:21 + (Thu, 14 Oct 2004) New Revision: 2974 WebSVN: http://websvn.samba.org/websvn/changeset.php?rep=sambapath=/branches/SAMBA_4_0/source/rpc_server/drsuapirev=2974nolog=1 Log: fix the build metze Modified: branches/SAMBA_4_0/source/rpc_server/drsuapi/dcesrv_drsuapi.c Changeset: Modified: branches/SAMBA_4_0/source/rpc_server/drsuapi/dcesrv_drsuapi.c === --- branches/SAMBA_4_0/source/rpc_server/drsuapi/dcesrv_drsuapi.c 2004-10-14 10:30:08 UTC (rev 2973) +++ branches/SAMBA_4_0/source/rpc_server/drsuapi/dcesrv_drsuapi.c 2004-10-14 11:11:21 UTC (rev 2974) @@ -41,7 +41,7 @@ struct drsuapi_bind_state *b_state; struct dcesrv_handle *handle; - r-out.info = NULL; + r-out.bind_info = NULL; ZERO_STRUCTP(r-out.bind_handle); b_state = talloc_p(dce_call-conn, struct drsuapi_bind_state);
svn commit: samba r2975 - in branches/SAMBA_4_0/source/scripting/swig: .
Author: tpot Date: 2004-10-14 13:09:59 + (Thu, 14 Oct 2004) New Revision: 2975 WebSVN: http://websvn.samba.org/websvn/changeset.php?rep=sambapath=/branches/SAMBA_4_0/source/scripting/swigrev=2975nolog=1 Log: Try to emulate NT_STATUS_IS_ERR() functionality for WERRORs. Unfortunately this means enumerating all the ones we don't think are errors. Modified: branches/SAMBA_4_0/source/scripting/swig/dcerpc.i Changeset: Modified: branches/SAMBA_4_0/source/scripting/swig/dcerpc.i === --- branches/SAMBA_4_0/source/scripting/swig/dcerpc.i 2004-10-14 11:11:21 UTC (rev 2974) +++ branches/SAMBA_4_0/source/scripting/swig/dcerpc.i 2004-10-14 13:09:59 UTC (rev 2975) @@ -286,7 +286,6 @@ %} %include samba.i -%include status_codes.i %pythoncode %{ NTSTATUS = _dcerpc.NTSTATUS @@ -370,7 +369,8 @@ set_ntstatus_exception(NT_STATUS_V(result)); return NULL; } - if (!W_ERROR_IS_OK(arg3-out.result)) { + if (!W_ERROR_IS_OK(arg3-out.result) + !(W_ERROR_EQUAL(arg3-out.result, WERR_INSUFFICIENT_BUFFER))) { set_werror_exception(W_ERROR_V(arg3-out.result)); return NULL; } @@ -378,3 +378,5 @@ %include librpc/gen_ndr/winreg.i %include librpc/gen_ndr/spoolss.i + +%include status_codes.i
svn commit: samba r2976 - in trunk: examples/LDAP source/printing
Author: vlendec Date: 2004-10-14 21:00:57 + (Thu, 14 Oct 2004) New Revision: 2976 WebSVN: http://websvn.samba.org/websvn/changeset.php?rep=sambapath=/trunkrev=2976nolog=1 Log: Some routines to get the printer data into LDAP. Not used yet, just here for review. Thanks a lot to jerry for the initial version of the printer schema. To be changed. Volker Added: trunk/examples/LDAP/sambaprinter.schema trunk/source/printing/ntprint_ldap.c Changeset: Sorry, the patch is too large (1356 lines) to include; please use WebSVN to see it! WebSVN: http://websvn.samba.org/websvn/changeset.php?rep=sambapath=/trunkrev=2976nolog=1
svn commit: samba r2977 - in trunk/source/lib: .
Author: jra Date: 2004-10-14 22:30:13 + (Thu, 14 Oct 2004) New Revision: 2977 WebSVN: http://websvn.samba.org/websvn/changeset.php?rep=sambapath=/trunk/source/librev=2977nolog=1 Log: Fix #1926 typo in debug. Found by Bill McGonigle [EMAIL PROTECTED]. Jeremy. Modified: trunk/source/lib/util_sock.c Changeset: Modified: trunk/source/lib/util_sock.c === --- trunk/source/lib/util_sock.c2004-10-14 21:00:57 UTC (rev 2976) +++ trunk/source/lib/util_sock.c2004-10-14 22:30:13 UTC (rev 2977) @@ -43,7 +43,7 @@ } if (getsockname(fd, sa, length) 0) { - DEBUG(0,(getpeername failed. Error was %s\n, strerror(errno) )); + DEBUG(0,(getsockname failed. Error was %s\n, strerror(errno) )); return addr_buf; }
svn commit: samba r2978 - in branches/SAMBA_3_0/source/lib: .
Author: jra Date: 2004-10-14 22:30:33 + (Thu, 14 Oct 2004) New Revision: 2978 WebSVN: http://websvn.samba.org/websvn/changeset.php?rep=sambapath=/branches/SAMBA_3_0/source/librev=2978nolog=1 Log: Fix #1926 typo in debug. Found by Bill McGonigle [EMAIL PROTECTED]. Jeremy. Modified: branches/SAMBA_3_0/source/lib/util_sock.c Changeset: Modified: branches/SAMBA_3_0/source/lib/util_sock.c === --- branches/SAMBA_3_0/source/lib/util_sock.c 2004-10-14 22:30:13 UTC (rev 2977) +++ branches/SAMBA_3_0/source/lib/util_sock.c 2004-10-14 22:30:33 UTC (rev 2978) @@ -43,7 +43,7 @@ } if (getsockname(fd, sa, length) 0) { - DEBUG(0,(getpeername failed. Error was %s\n, strerror(errno) )); + DEBUG(0,(getsockname failed. Error was %s\n, strerror(errno) )); return addr_buf; }
svn commit: samba r2979 - in branches/SAMBA_3_0/source/tdb: .
Author: jra Date: 2004-10-15 00:02:55 + (Fri, 15 Oct 2004) New Revision: 2979 WebSVN: http://websvn.samba.org/websvn/changeset.php?rep=sambapath=/branches/SAMBA_3_0/source/tdbrev=2979nolog=1 Log: Fix incorrect locks/unlocks in tdb_lockkeys()/tdb_unlockkeys(). Spotted by Taj Khattra [EMAIL PROTECTED]. Jeremy. Modified: branches/SAMBA_3_0/source/tdb/tdb.c Changeset: Modified: branches/SAMBA_3_0/source/tdb/tdb.c === --- branches/SAMBA_3_0/source/tdb/tdb.c 2004-10-14 22:30:33 UTC (rev 2978) +++ branches/SAMBA_3_0/source/tdb/tdb.c 2004-10-15 00:02:55 UTC (rev 2979) @@ -1811,7 +1811,7 @@ if (tdb_already_open(st.st_dev, st.st_ino)) { TDB_LOG((tdb, 2, tdb_open_ex: %s (%d,%d) is already open in this process\n, -name, st.st_dev, st.st_ino)); +name, (int)st.st_dev, (int)st.st_ino)); errno = EBUSY; goto fail; } @@ -1982,13 +1982,13 @@ } /* Finally, lock in order */ for (i = 0; i number; i++) - if (tdb_lock(tdb, i, F_WRLCK)) + if (tdb_lock(tdb, BUCKET(tdb-lockedkeys[i+1]), F_WRLCK)) break; /* If error, release locks we have... */ if (i number) { for ( j = 0; j i; j++) - tdb_unlock(tdb, j, F_WRLCK); + tdb_unlock(tdb, BUCKET(tdb-lockedkeys[j+1]), F_WRLCK); SAFE_FREE(tdb-lockedkeys); return TDB_ERRCODE(TDB_ERR_NOLOCK, -1); } @@ -2002,7 +2002,7 @@ if (!tdb-lockedkeys) return; for (i = 0; i tdb-lockedkeys[0]; i++) - tdb_unlock(tdb, tdb-lockedkeys[i+1], F_WRLCK); + tdb_unlock(tdb, BUCKET(tdb-lockedkeys[i+1]), F_WRLCK); SAFE_FREE(tdb-lockedkeys); }
svn commit: samba r2980 - in trunk/source/tdb: .
Author: jra Date: 2004-10-15 00:02:55 + (Fri, 15 Oct 2004) New Revision: 2980 WebSVN: http://websvn.samba.org/websvn/changeset.php?rep=sambapath=/trunk/source/tdbrev=2980nolog=1 Log: Fix incorrect locks/unlocks in tdb_lockkeys()/tdb_unlockkeys(). Spotted by Taj Khattra [EMAIL PROTECTED]. Jeremy. Modified: trunk/source/tdb/tdb.c Changeset: Modified: trunk/source/tdb/tdb.c === --- trunk/source/tdb/tdb.c 2004-10-15 00:02:55 UTC (rev 2979) +++ trunk/source/tdb/tdb.c 2004-10-15 00:02:55 UTC (rev 2980) @@ -1811,7 +1811,7 @@ if (tdb_already_open(st.st_dev, st.st_ino)) { TDB_LOG((tdb, 2, tdb_open_ex: %s (%d,%d) is already open in this process\n, -name, st.st_dev, st.st_ino)); +name, (int)st.st_dev, (int)st.st_ino)); errno = EBUSY; goto fail; } @@ -1982,13 +1982,13 @@ } /* Finally, lock in order */ for (i = 0; i number; i++) - if (tdb_lock(tdb, i, F_WRLCK)) + if (tdb_lock(tdb, BUCKET(tdb-lockedkeys[i+1]), F_WRLCK)) break; /* If error, release locks we have... */ if (i number) { for ( j = 0; j i; j++) - tdb_unlock(tdb, j, F_WRLCK); + tdb_unlock(tdb, BUCKET(tdb-lockedkeys[j+1]), F_WRLCK); SAFE_FREE(tdb-lockedkeys); return TDB_ERRCODE(TDB_ERR_NOLOCK, -1); } @@ -2002,7 +2002,7 @@ if (!tdb-lockedkeys) return; for (i = 0; i tdb-lockedkeys[0]; i++) - tdb_unlock(tdb, tdb-lockedkeys[i+1], F_WRLCK); + tdb_unlock(tdb, BUCKET(tdb-lockedkeys[i+1]), F_WRLCK); SAFE_FREE(tdb-lockedkeys); }
svn commit: samba r2981 - in branches/SAMBA_4_0/source/lib/tdb/common: .
Author: jra Date: 2004-10-15 00:03:26 + (Fri, 15 Oct 2004) New Revision: 2981 WebSVN: http://websvn.samba.org/websvn/changeset.php?rep=sambapath=/branches/SAMBA_4_0/source/lib/tdb/commonrev=2981nolog=1 Log: Fix incorrect locks/unlocks in tdb_lockkeys()/tdb_unlockkeys(). Spotted by Taj Khattra [EMAIL PROTECTED]. Jeremy. Modified: branches/SAMBA_4_0/source/lib/tdb/common/tdb.c Changeset: Modified: branches/SAMBA_4_0/source/lib/tdb/common/tdb.c === --- branches/SAMBA_4_0/source/lib/tdb/common/tdb.c 2004-10-15 00:02:55 UTC (rev 2980) +++ branches/SAMBA_4_0/source/lib/tdb/common/tdb.c 2004-10-15 00:03:26 UTC (rev 2981) @@ -2037,13 +2037,13 @@ } /* Finally, lock in order */ for (i = 0; i number; i++) - if (tdb_lock(tdb, i, F_WRLCK)) + if (tdb_lock(tdb, BUCKET(tdb-lockedkeys[i+1]), F_WRLCK)) break; /* If error, release locks we have... */ if (i number) { for ( j = 0; j i; j++) - tdb_unlock(tdb, j, F_WRLCK); + tdb_unlock(tdb, BUCKET(tdb-lockedkeys[j+1]), F_WRLCK); SAFE_FREE(tdb-lockedkeys); return TDB_ERRCODE(TDB_ERR_NOLOCK, -1); } @@ -2057,7 +2057,7 @@ if (!tdb-lockedkeys) return; for (i = 0; i tdb-lockedkeys[0]; i++) - tdb_unlock(tdb, tdb-lockedkeys[i+1], F_WRLCK); + tdb_unlock(tdb, BUCKET(tdb-lockedkeys[i+1]), F_WRLCK); SAFE_FREE(tdb-lockedkeys); }
svn commit: samba r2983 - in branches/SAMBA_4_0/source/torture/raw: .
Author: tridge Date: 2004-10-15 01:37:06 + (Fri, 15 Oct 2004) New Revision: 2983 WebSVN: http://websvn.samba.org/websvn/changeset.php?rep=sambapath=/branches/SAMBA_4_0/source/torture/rawrev=2983nolog=1 Log: report a failure if a server doesn't update the write time at all after 2 minutes Modified: branches/SAMBA_4_0/source/torture/raw/write.c Changeset: Modified: branches/SAMBA_4_0/source/torture/raw/write.c === --- branches/SAMBA_4_0/source/torture/raw/write.c 2004-10-15 01:32:24 UTC (rev 2982) +++ branches/SAMBA_4_0/source/torture/raw/write.c 2004-10-15 01:37:06 UTC (rev 2983) @@ -690,6 +690,7 @@ fnum1 = smbcli_open(cli-tree, fname, O_RDWR|O_CREAT, DENY_NONE); if (fnum1 == -1) { + printf(Failed to open %s\n, fname); return False; } @@ -708,7 +709,7 @@ nt_time_string(mem_ctx, finfo1.basic_info.out.write_time)); /* 3 second delay to ensure we get past any 2 second time - granularity (older systems may have that */ + granularity (older systems may have that) */ sleep(3); written = smbcli_write(cli-tree, fnum1, 0, x, 0, 1); @@ -738,7 +739,13 @@ sleep(1); fflush(stdout); } + + if (finfo1.basic_info.out.write_time == finfo2.basic_info.out.write_time) { + printf(Server did not update write time?!\n); + ret = False; + } + if (fnum1 != -1) smbcli_close(cli-tree, fnum1); smbcli_unlink(cli-tree, fname);
svn commit: samba r2984 - in branches/SAMBA_4_0/source/ntvfs/posix: .
Author: tridge Date: 2004-10-15 05:40:13 + (Fri, 15 Oct 2004) New Revision: 2984 WebSVN: http://websvn.samba.org/websvn/changeset.php?rep=sambapath=/branches/SAMBA_4_0/source/ntvfs/posixrev=2984nolog=1 Log: fixed the error code for a non-terminal component of a path name not existing Modified: branches/SAMBA_4_0/source/ntvfs/posix/pvfs_resolve.c Changeset: Modified: branches/SAMBA_4_0/source/ntvfs/posix/pvfs_resolve.c === --- branches/SAMBA_4_0/source/ntvfs/posix/pvfs_resolve.c2004-10-15 01:37:06 UTC (rev 2983) +++ branches/SAMBA_4_0/source/ntvfs/posix/pvfs_resolve.c2004-10-15 05:40:13 UTC (rev 2984) @@ -140,7 +140,7 @@ if (!de) { if (i num_components-1) { closedir(dir); - return NT_STATUS_OBJECT_NAME_NOT_FOUND; + return NT_STATUS_OBJECT_PATH_NOT_FOUND; } } else { components[i] = talloc_strdup(name, de-d_name); @@ -271,7 +271,6 @@ PVFS_RESOLVE_NO_WILDCARD = wildcards are considered illegal characters PVFS_RESOLVE_STREAMS = stream names are allowed - TODO: add reserved name checking (for things like LPT1) TODO: ../ collapsing, and outside share checking */ NTSTATUS pvfs_resolve_name(struct pvfs_state *pvfs, TALLOC_CTX *mem_ctx,