Re: [Samba] Setting up a server

2004-10-14 Thread Gerald
Thanks I think i will try it out.

Regards,
Gerald

On Thursday 14 October 2004 01:51 am, Laurenz, Dirk wrote:
 Hi,

 there's a nice project called unattended on sourceforge for
 installing windows automaticly via linux.
 http://unattended.sourceforge.net/

 Mit freundlichem Gruß,



 Dirk Laurenz
 Systems Engineer

 Fujitsu Siemens Computers
 Sales Central Europe Deutschland
 Professional Service Organisation Nord / Ost

 Hildesheimer Strasse 25
 30880 Laatzen
 Germany

 Telephone:+49 (511) 84 89 - 18 08
 Telefax:  +49 (511) 84 89 - 25 18 08
 Mobile:   +49 (170) 22 10 781
 Email:mailto:[EMAIL PROTECTED]
 Internet: http://www.fujitsu-siemens.com

 http://www.fujitsu-siemens.de/rl/servicesupport/itdienstleistungen/competen
cecenter.html
 ***



 -|  -Original Message-
 -|  From:
 -|  [EMAIL PROTECTED]
 -|  rg
 -|  [mailto:[EMAIL PROTECTED]
 -|  .samba.org] On Behalf Of Gerald
 -|  Sent: Thursday, October 14, 2004 9:24 AM
 -|  To: [EMAIL PROTECTED]
 -|  Subject: [Samba] Setting up a server
 -|
 -|   Good day
 -|
 -|   Please can you help me on this. I want to set up a server
 -|  on this PC using
 -|  the  Samba. This is what i want to do. have about 4 other
 -|  computers connect
 -|  to the  server. Now i need to install sooftware from this
 -|  server on all the
 -|  other  windows computers. So i dont need to keep doing one
 -|  at a time. I also
 -|  want to install Windows on some computers through this
 -|  server. I dont have a
 -|  clue how  to start.
 -|  --
 -|  To unsubscribe from this list go to the following URL and read the
 -|  instructions:  http://lists.samba.org/mailman/listinfo/samba
 -|
--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba


Re: [Samba] Photoshop Disk Full error, a linux filesystem NOT Samba issue

2004-10-14 Thread Drexx
I just follow the sample net use command in O'Reilly's Using Samba. I
tried to execute the command in Windows command prompt and it works,
the drive was map I can see it in my windows explorer, any idea?


On Thu, 14 Oct 2004 07:53:51 +0200, Laurenz, Dirk
[EMAIL PROTECTED] wrote:
 Hi,
 
 do you think /home is right in Win Platform?
 Put the \\smbnfs\MS Office in  like \\smbnfs\MS Office.
 I think Win98 doesn't like blanks and share names longer than eight characters
 
 Mit freundlichem Gruß,
 
 Dirk Laurenz
 Systems Engineer
 
 Fujitsu Siemens Computers
 Sales Central Europe Deutschland
 Professional Service Organisation Nord / Ost
 
 Hildesheimer Strasse 25
 30880 Laatzen
 Germany
 
 Telephone:  +49 (511) 84 89 - 18 08
 Telefax:+49 (511) 84 89 - 25 18 08
 Mobile: +49 (170) 22 10 781
 Email:  mailto:[EMAIL PROTECTED]
 Internet:   http://www.fujitsu-siemens.com
 
 http://www.fujitsu-siemens.de/rl/servicesupport/itdienstleistungen/competencecenter.html
 ***
 
 -|  -Original Message-
 -|  From:
 -|  [EMAIL PROTECTED]
 -|  rg
 -|  [mailto:[EMAIL PROTECTED]
 -|  .samba.org] On Behalf Of Drexx
 -|  Sent: Thursday, October 14, 2004 7:45 AM
 -|  To: [EMAIL PROTECTED]
 -|  Subject: Re: [Samba] Photoshop Disk Full error,a linux
 -|  filesystem NOT Samba issue
 -|
 -|  Hi lists
 -|  Just installed RHFC2 with Samba3.0.3-5. my problem is when
 -|  I log on my
 -|  windows98 logon script was run but it did not map my home directory
 -|  and MS Office to my windows98 machine. Logon bat script has
 -|  only this
 -|  net use h: /home
 -|  net use m: \\smbnfs\MS Office
 -|
 -|   here is the output of my testparm
 -|
 -|  # Global parameters
 -|  [global]
 -|  workgroup = BMCMNL
 -|  server string = Samba Server log-on domain for
 -|  win95 and win98
 -|  interfaces = 192.168.101.124/25
 -|  log file = /var/log/samba/%m.log
 -|  max log size = 50
 -|  socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
 -|  printcap name = /etc/printcap
 -|  logon script = logon.bat
 -|  logon path = \\%L\profiles\%U\%m
 -|  logon home = \\%L\%U\.win_profile\%m
 -|  domain logons = Yes
 -|  dns proxy = No
 -|  wins support = Yes
 -|  idmap uid = 16777216-33554431
 -|  idmap gid = 16777216-33554431
 -|  hosts allow = 192.168.101., 127.
 -|
 -|  [homes]
 -|  comment = Home Directories
 -|  read only = No
 -|  browseable = No
 -|
 -|  [netlogon]
 -|  comment = Network Logon Service
 -|  path = /home/netlogon
 -|  browseable = No
 -|  share modes = No
 -|
 -|  [profiles]
 -|  path = /home/profiles
 -|  read only = No
 -|  guest ok = Yes
 -|  browseable = No
 -|  root preexec = /bin/mkdir /home/profiles/%U; /bin/chown %U
 -|  /home/profiles/%U; /bin/chmod 700 /home/profiles/%U
 -|
 -|  [printers]
 -|  comment = All Printers
 -|  path = /var/spool/samba
 -|  printable = Yes
 -|  browseable = No
 -|
 -|  [MS Office]
 -|  comment = Microsoft Office 97 for all
 -|  path = /mnt/win/Program Files/Microsoft Office/Office
 -|  guest ok = Yes
 -|
 -|
 -|  thanks
 -|  drex
 -|  --
 -|  To unsubscribe from this list go to the following URL and read the
 -|  instructions:  http://lists.samba.org/mailman/listinfo/samba
 -|

--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba


[Samba] Linux and samba server + Mac OS Clients on LAN

2004-10-14 Thread shaf sum
Hi,

On my network, I have 30 PCs with Win98/XP/2000.  I
have a debian linux server with samba 3.0 which act as
PDC and it works pretty good.  No problem until the
management decided to buy some 15 Mac OS computer for
graphics purposes.  

Here, where my problem begins.  I need to integrate
these 15 MAC pcs in my network where there will be
file sharing and user logging.  

How can I proceed?? I found something at
http://netatalk.sourceforge.net .

Could someone please help me to sort this problem
out


Thanks


S.
--
Shafeek Sumser





___
Do you Yahoo!?
Declare Yourself - Register online to vote today!
http://vote.yahoo.com
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba


RE: [Samba] Linux and samba server + Mac OS Clients on LAN

2004-10-14 Thread Laurenz, Dirk
Hi,

i think newer versions of mac os support smb/cifs and nfs. Appletalk
is depreciated, i think. It shouldn't be used for new installations
from my point of view.

Mit freundlichem Gruß,



Dirk Laurenz
Systems Engineer

Fujitsu Siemens Computers
Sales Central Europe Deutschland 
Professional Service Organisation Nord / Ost

Hildesheimer Strasse 25
30880 Laatzen
Germany

Telephone:  +49 (511) 84 89 - 18 08
Telefax:+49 (511) 84 89 - 25 18 08
Mobile: +49 (170) 22 10 781
Email:  mailto:[EMAIL PROTECTED]
Internet:   http://www.fujitsu-siemens.com

http://www.fujitsu-siemens.de/rl/servicesupport/itdienstleistungen/competencecenter.html
***
  

-|  -Original Message-
-|  From: 
-|  [EMAIL PROTECTED]
-|  rg 
-|  [mailto:[EMAIL PROTECTED]
-|  .samba.org] On Behalf Of shaf sum
-|  Sent: Thursday, October 14, 2004 8:36 AM
-|  To: [EMAIL PROTECTED]
-|  Subject: [Samba] Linux and samba server + Mac OS Clients on LAN
-|  
-|  Hi,
-|  
-|  On my network, I have 30 PCs with Win98/XP/2000.  I
-|  have a debian linux server with samba 3.0 which act as
-|  PDC and it works pretty good.  No problem until the
-|  management decided to buy some 15 Mac OS computer for
-|  graphics purposes.  
-|  
-|  Here, where my problem begins.  I need to integrate
-|  these 15 MAC pcs in my network where there will be
-|  file sharing and user logging.  
-|  
-|  How can I proceed?? I found something at
-|  http://netatalk.sourceforge.net .
-|  
-|  Could someone please help me to sort this problem
-|  out
-|  
-|  
-|  Thanks
-|  
-|  
-|  S.
-|  --
-|  Shafeek Sumser
-|  
-|  
-|  
-|  
-|  
-|  ___
-|  Do you Yahoo!?
-|  Declare Yourself - Register online to vote today!
-|  http://vote.yahoo.com
-|  -- 
-|  To unsubscribe from this list go to the following URL and read the
-|  instructions:  http://lists.samba.org/mailman/listinfo/samba
-|  
--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba


[Samba] Samba ADS -- works with XP Pro, but not 2000 Pro

2004-10-14 Thread Gordon Hopper
I am using Samba with Active Directory.  I have successfully joined my 
Samba server to the domain D1 ( net ads join -U [EMAIL PROTECTED] 
).  I am able to succesfully connect from Windows XP clients ( with no 
password ), but not from Windows 2000 ( even when specifying a password 
).  With w2k, I always get Failed to verify incoming ticket!.

I think it has something to do with the key type of the Kerberos tickets 
( etype or enctype in krb5.conf ).  Does Windows 2000 speak the same 
Kerberos 5 as Windows XP?  Which key types are used by Windows?  How do 
I know which enctype I need, and why doesn't the default enctype setting 
negotiate something that works?

It might also have something to do with trust relationships, since my 
samba machine is in domain D1.DOMAIN.COM, but my users are in domain 
D2.DOMAIN.COM.  (And my client machine is in D3.DOMAIN.COM).  Each of 
these domains is an active directory tree, with trust relationships 
between them...

But it works with an XP client, so what's different between XP and 
Windows 2000?

Thanks,
Gordon
Configuration files follow.
-
# smb.conf:
[global]
workgroup = D1
realm = D1.DOMAIN.COM
security = ADS
password server = d1dc02.d1.domain.com
log file = /etc/samba/samba.log
[t]
comment = Test Share
path = /tmp
read only = No
guest ok = Yes
browseable = Yes
-
# krb5.conf:
[logging]
default = FILE:/var/log/krb5.log
[libdefaults]
ticket_lifetime = 24000
default_realm = D1.DOMAIN.COM
dns_lookup_realm = true
dns_lookup_kdc = true
# According to 
http://web.mit.edu/kerberos/www/krb5-1.2/krb5-1.2.8/doc/admin.html#SEC17
# the only supported encryption types are des3-hmac-sha1 and des-cbc-crc.
default_tkt_enctypes = des3-hmac-sha1 des-cbc-crc
default_tgs_enctypes = des3-hmac-sha1 des-cbc-crc
# However, http://lists.samba.org/archive/samba/2004-October/093761.html 
suggests:
# default_tgs_enctypes = des-cbc-crc des-cbc-md5
# default_tkt_enctypes = des-cbc-crc des-cbc-md5

[realms]
D1.DOMAIN.COM = {
 kdc = d1dc01.d1.domain.com
}
D2.DOMAIN.COM = {
 kdc = d2dc01.d2.domain.com
}
--
# from an XP machine in the d2 Domain
C:\net use * \\samba07\t
Drive Y: is now connected to \\samba07\t .
The command completed successfully.
-
# from an XP machine NOT in the Domain
C:\net use * \\samba07\t
The password or user name is invalid for \\samba07\t .
Enter the user name for 'samba07': d2\username
Enter the password for samba07:
Drive Z: is now connected to \\samba07\t .
The command completed successfully.
--
# from a Windows 2000 machine in the d2 Domain:
C:\net use * \\samba07\t
The password or user name is invalid for \\samba07\t.
Type the password for \\samba07\t:
System error 1326 has occurred.
Logon failure: unknown user name or bad password.
C:\net use * \\samba07\t /USER:d2\username
The password or user name is invalid for \\samba07\t .
Type the password for \\samba07\t :
System error 1326 has occurred.
Logon failure: unknown user name or bad password.
# I get this message in the samba.log:
[2004/10/13 17:44:51, 1] smbd/sesssetup.c:reply_spnego_kerberos(173)
 Failed to verify incoming ticket!

# List of relevant packages (These are the latest updates available for 
RHEL 3)
$ rpm -qa | egrep 'krb5|samba'
krb5-devel-1.2.7-28
krb5-libs-1.2.7-28
krb5-workstation-1.2.7-28
samba-3.0.7-1.3E
samba-client-3.0.7-1.3E
samba-common-3.0.7-1.3E


--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba


[Samba] cups logs ?

2004-10-14 Thread ip.guy
Hi all
What do you guys use for analyzing cups logs ?
I'm looking for a web based (apache style) log analyses tool
regards
-ipguy
--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba


Re: [Samba] RE: TOSHARG: Samba ADS domain membership notes

2004-10-14 Thread Andrew Bartlett
On Wed, 2004-10-13 at 23:40, John H Terpstra wrote:
 Jeremy,
 
 Thanks for this feedback. I will include this info as soon as  I get a
 moment. Good work.

 
  It also failed when using the ntlm_auth helper (with basic or NTLM
  authentication).  I found out this is because neither wbinfo or
  ntlm_auth support NTLMv2, and I had this setting in my Security
  Policy:
 
Network security: LAN Manager authentication level = Send NTLMv2
  response only\refuse LM  NTLM
 
  I configured Squid for NTLMv2 (ntlm_auth
  --helper-protocol=squid-2.5-ntlmssp) authentication and that worked
  fine.  I could have saved a lot of time had I realized the other tools
  would never work.

It was nothing more than a bug - I'm sorry for the delay in getting it
fixed.  The changes are in current SVN, which will be 3.0.8.

You will need to set 'client ntlmv2 auth = yes'.

Andrew Bartlett

-- 
Andrew Bartlett [EMAIL PROTECTED]
Authentication Developer, Samba Teamhttp://samba.org
Student Network Administrator, Hawker College   [EMAIL PROTECTED]


signature.asc
Description: This is a digitally signed message part
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] AD, smb 3.0.6, ticket: Request is a replay

2004-10-14 Thread Blindauer Emmanuel
I have some problems with samba 3.0.6, AD domain in mixed mode, and kerberos 
MIT 1.3.2:
Sometime when a user want to access a chare, he's getting a wrong password 
message. Looking further in logs, the problem is here:

ads_secrets_verify_ticket: enc type [23] failed to decrypt with error Request 
is a replay

The only solution I've found to resolve this issue is to remove all tickets on 
clients with klist.exe purge and to re-access the share.
Has someone found something to resolve this issue ?

Emmanuel
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba


Re: [Samba] Re: problem with samba, ldap and windows

2004-10-14 Thread Samuele Giovanni Tonon
Igor Belyi wrote:
Different people have different reason for this failure but in your case 
you need to remember that besides finding Administrator Samba need to 
find machine trust account as well. If it can't find it the same error 
message Can't find user is reported back to Windows.

Check that machine account was successfully created during joining of 
the Domain, that flag marks it as a Workstation trust account (W), and 
that you can see this account with 'getent passwd' request.
thanks to your suggestion i realized there weren't, so i managed to make
them available thorugh nsswitch and pam files and now all works.
the reason i didn't add that entries was because i thought there were
to let the linux system use as users, people in LDAP (like Nis do). By 
reading again all the tutorial i realized it was necessary to let the 
system sync with the ldap.

And a minor note, which probably is unrelated to your problem - don't 
use '-a' option to smbldap-useradd in your 'add user script' since Samba 
expects this script to create only Posix account.

ok
Many thanks
Samuele
--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba


Re: [Samba] Samba3 By Example - Suggested Update (Correction?) And Two Winbind Defects

2004-10-14 Thread Schlomo Schapiro
Hi,

probably your problem was caused by SuSE's .local problem. They patched 
their glibc to do a multicast DNS lookup (AKA Apple ZeroConf) for all 
.local domains. A fix is supposed to come soon ( I pushed them to make one 
:-), but if you have support try to ask for it directly. Unfortunateley I 
am not allowed to distribute this patch myself.

Using IP Addresses only of course also serves as a workaround, but with 
DNS-rooted domains this is a pain in the ass.

Regards,
Schlomo

PS: Look for previous traffic on this list regarding SuSE 9.1

On Wed, 13 Oct 2004, L. Mark Stone wrote:

 We were trying to build a SuSE 9.1 box in a lab as a Domain Member server in a 
 Windows Active Directory domain where the AD server was running Windows 2000 
 Server.
 
 We found that the instructions in Chapter 9.3.3 were, at least in our case, 
 incomplete.
 
 The AD server was managing a private domain, so following the Windows 
 Configure My Server wizard the domain was setup as smelug.local.
 
 When we attempted to have the Linux box (running SuSE 9.1 (fully patched) with 
 the Samba 3.0.7 rpm packages from the SuSE ftp site) join the domain, we got 
 an error indicating the Linux box could not find the Kerberos server.
 
 After Googling, we saw that others experiencing this problem had as the root 
 cause either a DNS configuration problem or a misconfigured realm in 
 krb5.conf.
 
 We checked DNS on the W2K server and on the Linux box, added entries in the 
 Linux and Windows hosts files, and then watched the packets go back and forth 
 with Ethereal between the Windows 2K AD server and the SuSE box, but we still 
 got the error. The two boxes were clearly exchanging packets, so we felt 
 pretty good that we didn't have any DNS configuration errors.
 
 Next, we undid all of the above changes, and simply edited the krb5.conf file 
 to include the realm information and the IP:port info for the AD server. The 
 join was successful now.
 
 May I therefore suggest that configuring the krb5.conf file be added to 
 Chapter 9.3.3 in S3BE?
 
 Separately, we found two winbind errors during testing:
 
 First, we found that winbind does not shut down cleanly during a reboot (we 
 used the SuSE runlevel editor in YaST to have smb, nmb and winbind startup 
 automagically during boot up). Winbind leaves /var/run/samba/winbindd.pid in 
 place, which we must remove manually before we can start winbind. 
 
 Second, even after starting/stopping/restarting winbind manually, wbinfo -u 
 (and -g) do not work at first. We found we needed to run net ads info 
 first, and then wbinfo -whatever would work just fine.
 
 Please let me know if you would like me to file bugzilla reports on these 
 errors, or if you would like more detail. We are not programmers so we don't 
 know how to narrow this down further.
 
 With best regards,
 Mark
 
 P.S. The lab machines are VMware 4.5.2 guests, running on a SuSE Linux 8.2 
 host. We can make the virtual machine files available to you if you would 
 like to run these machines locally for testing (assuming you have VMware and 
 a Windows 2000 Server license).
 
 

-- 
Regards,
Schlomo
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba


[Samba] Samba as PDC - Can't get user profiles to save properly

2004-10-14 Thread Felix Knoblach
Greetings,
I'm running desperate on a problem with my windows user profiles here, 
searched the net and read the docus alot but still no luck.

I've got an running Samba domain, an existing windows 2000 machine can 
log into the domain properly. Furthermore, a test account is made 
aswell, and the 2k machine is able to log in with that account. Now, my 
problem is: When I try to change windows settings (like switch active 
desktop to on) or delete/rename icons from my desktop, log out and in 
again, all changes are undone like they've been not saved on the server. 
But if I create new icons on the desktop and relog, those are still there.

Additionally, when I right-click in some folder and choose New- 
there's only Folder and Link to choose where you would expect things 
like new text file etc.

Now, when I log in locally on the client as admin and add an domain-user 
with the same name as my test user on the server, log out and back in on 
the domain again, then it's possible to delete/rename icons on the 
desktop, settings like active desktop can't be changed at all still though.

Access permissions on the home-folder of the user seem fine, I've even 
tried mask 0777 just to see if it would work.

Sorry for the long story, but maybe somebody is able to recognize the 
problem. I'm really running out of ideas what to try next...

Thanks alot
Felix
--
Append: My original smb.conf
# Global parameters
[global]
# Base Options
workgroup = SAMBA
netbios name = PDC
server string = Samba %v (PDC) @ biomax.de
interfaces = eth0
# Security Options
security = user
#encypted passwords = yes
update encrypted = Yes
passdb backend = smbpasswd
unix password sync = yes
passwd program = /usr/bin/passwd %u
passwd chat = *new*password* %n\n *new*password* %n\n 
*successfully*
allow trusted domains = yes
#   password server = ALBERICH
password server = PDC

# Logging Options
log level = 2
log file = /var/log.%m
# Tuning Options
deadtime = 15
# Logon Options
add machine script = /usr/sbin/useradd -d /dev/null -g ntclient 
-s /bin/false -M %u
logon script = logon.bat
logon path = \\%L\profile\%u
logon home = \\%N\%U
logon drive = Z:
domain logons = Yes

# Browse Options
os level = 65
preferred master = Yes
domain master = Yes
# Ldap Options
ldap ssl = no
# Misc
panic action = /usr/share/samba/panic-action %d
admin users = root
printing = cups
browseable = No
[homes]
comment = Benutzer-Verzeichnisse
path = /samba/profile/%u
read only = No
browseable = Yes
[netlogon]
comment = NetLogON
path = /samba/netlogon
[profile]
comment = Benutzerprofile
path = /samba/profile
read only = No
[public]
comment = Oeffentlicher Ordner
path = /samba/public
read only = No
guest ok = Yes
browseable = Yes
--
--
**
Felix Knoblach
Biomax Informatics AG
Lochhamer Str. 11
82152 Martinsried, Germany
Email: [EMAIL PROTECTED]
PGP: https://ssl.biomax.de/pgp/
**
--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba


Re: [Samba] Ex-PDC always loosing sync with new samba PDC

2004-10-14 Thread Andrew Bartlett
On Thu, 2004-10-14 at 07:30, Gustavo Lima wrote:
 Hi All,
 
 Ive migrated my Win NT4 PDC to a samba 3.0.7 with ldap backend. In all the
 22 citys I made this, the old PDC just let me connect on it if I go on
 srvmgr and ask it to syncronize wiht the PDC. After that I can open its
 shares normally.
 
 After a while the Win BDC starts again asking for username and password.
 
 Note that Im using the same SID of the NT server on the Samba server.

After you migrate to Samba, you *must* disconnect the NT4 PDC/BDC, and
not use them on the network again.

They will conflict, and Samba has no way to maintain a correct link with
them.

Andrew Bartlett

-- 
Andrew Bartlett [EMAIL PROTECTED]
Authentication Developer, Samba Teamhttp://samba.org
Student Network Administrator, Hawker College   [EMAIL PROTECTED]


signature.asc
Description: This is a digitally signed message part
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Looking for large-ish deployment advice

2004-10-14 Thread Andrew Bartlett
On Thu, 2004-10-14 at 03:00, Quentin Hartman wrote:
  Trying to understand this a bit better before I comment...
 
 Thanks for taking the time.
 
  First, won't roving users be disappointed if you have separate home 
  directories in each building?  Won't they expect that a document on which 
  they worked in one building be available when they go to the next building?
 
 That's part of the core mechanic that I am trying to work out. When a
 user logs on, the logon script figures out what their home building is
 and connects their home directory appropriately. In the case of logging
 in at their home building, it connects to their local server, in the
 case of logging in at another building, it connects to the appropriate
 server in another building. Using separate domains, this is easy, and
 somewhat the natural behavior. I would like to use a single domain to
 keep management overhead lower if possible. It's the figuring out part
 that I have to work out yet.

When you create the user in LDAP, set their sambaHomePath to the server
you want to put their profile on.  That's all!

  Second, are you contemplating using roaming profiles, and if so, are these 
  profiles likely to be large? E.g., users store big files on their Desktop, 
  and/or have 200MB Outlook pst files, etc
 
 I am contemplating roaming profiles, though they are unlikely to be
 large in most cases. To answer your examples specifically, as far as I
 know most users are not in the habit of saving files on their desktops,
 and we do not use Outlook.

If you are looking to save admin costs on the profiles, you could do as
I have at Hawker, and have just one single mandatory profile.  I use
that profile everywhere, and set the logon path to \\%L\manprof\manprof

(which maps to the local server)

  Lastly, if I read your post correctly you have T-1 speeds between buildings.  
  That's a pretty fat pipe to fill, so why do you say the building-to-building 
  networks links are slow?
 
 I suppose I left out an important point in my first post in that this
 network has about 3000 users and just over 1000 computers on it. Many of
 which who are working medium to large sized files stored in their home
 directories. Between that and the large volume of Internet traffic, my
 WAN links are pegged all day under the current setup, wherein there is a
 cluster of NT4 servers all centrally located and all user data has to
 traverse those links. During peak usage times, it can be painfully slow.

That's a nice big network :-)

 Another list member suggested using individual logon scripts, and as far
 as I can tell at this point, that is the only solution that will work.
 If that's the case, I then need to decide what's harder to manage, 10
 seperate domains, or 3000+ individual logon scripts, where I have a very
 high rate of user churn. Since this is for a public school district, I'm
 nearly constantly creating and destroying accounts as students enroll
 and depart.

Well, either way you script it, but I see no need for multiple logon
scripts.

Andrew Bartlett

-- 
Andrew Bartlett [EMAIL PROTECTED]
Authentication Developer, Samba Teamhttp://samba.org
Student Network Administrator, Hawker College   [EMAIL PROTECTED]


signature.asc
Description: This is a digitally signed message part
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Re: [Samba] time server directive and synchronizing Win XP clients

2004-10-14 Thread Andrew Bartlett
On Wed, 2004-10-13 at 21:39, Gmes Gza wrote:
 Jonathan Salomon rta:

 To set the timeserver 
 on the XP machines we use the domain policy, with an adm file (attached) 
 made by Andrew Bartlett.

Glad to see my ADM files are still doing the rounds :-)

Andrew Bartlett

-- 
Andrew Bartlett [EMAIL PROTECTED]
Authentication Developer, Samba Teamhttp://samba.org
Student Network Administrator, Hawker College   [EMAIL PROTECTED]


signature.asc
Description: This is a digitally signed message part
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] Samba 3.0.7 / AD Domain Group Resolving

2004-10-14 Thread Grzeski.Andreas
Hello List,

currently we have Samba 3.0.7 running on SLES8 systems with AD integration. We´re 
using the SerNet RPM´s (ftp.sernet.de)

Everything works fine so far, we just have a problem with resolving domain groups.

wbinfo -g works fine, the domain groups are correctly resolved. But when inserting a 
valid users = @AD_DOMAIN_GROUP statement in the smb.conf we get the following error:

smbd/service.c:make_connection_snum(314)
  user 'DOMAIN\User.Name' (from session setup) not permitted to access this share 
(sharename)

Inserting the user with his normal accountname does work (e.g. valid users = 
DOMAIN\User.Name)

We do have a lot of AD Groups, some users are member of more than 200 groups (and no, 
we cannot fix that, reducing the number of groups is unfortunately not an option).

I did find several post in the list archives on this topic, but no practical solution 
yet.

Is there a solution? Are more details necessary?

One more thing: we also have the problem that once in a while winbind dies when 
executing wbinfo -g or -u. I don´t know, if this is somehow connected.

Anyone any ideas? I´m a bit lost here...

Greetings

Andreas Grzeski
Systems Engineer/RHCE

Stadtwerke München GmbH

--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba


RE: [Samba] Samba 3.0.7 / AD Domain Group Resolving

2004-10-14 Thread Mark Le Noury
Hi,


I think that you are fomatting the valid users directive incorrectly.

Try valid users = DOMAIN+Group_name (I use + as my winbind separator,
substitute for whatever you have chosen)
No @ sign necessary

It works fine for me like that.

Thanks,

Mark

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of
[EMAIL PROTECTED]
Sent: 14 October 2004 12:38 PM
To: [EMAIL PROTECTED]
Subject: [Samba] Samba 3.0.7 / AD Domain Group Resolving


Hello List,

currently we have Samba 3.0.7 running on SLES8 systems with AD
integration. We´re using the SerNet RPM´s (ftp.sernet.de)

Everything works fine so far, we just have a problem with resolving
domain groups.

wbinfo -g works fine, the domain groups are correctly resolved. But when
inserting a valid users = @AD_DOMAIN_GROUP statement in the smb.conf
we get the following error:

smbd/service.c:make_connection_snum(314)
  user 'DOMAIN\User.Name' (from session setup) not permitted to access
this share (sharename)

Inserting the user with his normal accountname does work (e.g. valid
users = DOMAIN\User.Name)

We do have a lot of AD Groups, some users are member of more than 200
groups (and no, we cannot fix that, reducing the number of groups is
unfortunately not an option).

I did find several post in the list archives on this topic, but no
practical solution yet.

Is there a solution? Are more details necessary?

One more thing: we also have the problem that once in a while winbind
dies when executing wbinfo -g or -u. I don´t know, if this is somehow
connected.

Anyone any ideas? I´m a bit lost here...

Greetings

Andreas Grzeski
Systems Engineer/RHCE

Stadtwerke München GmbH

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba


RE: [Samba] Linux and samba server + Mac OS Clients on LAN

2004-10-14 Thread shaf sum

Thanks.  

The Mac OS version that we are buying is 8.x and 9.x. 
For these version, i am not so sure that smb/cifs 
NFS are supported.  


 Hi,
 
 i think newer versions of mac os support smb/cifs
 and nfs. Appletalk
 is depreciated, i think. It shouldn't be used for
 new installations
 from my point of view.
 
 Mit freundlichem Gruß,
 
 
 
 Dirk Laurenz
 Systems Engineer  
 
 Fujitsu Siemens Computers
 Sales Central Europe Deutschland 
 Professional Service Organisation Nord / Ost
 
 Hildesheimer Strasse 25
 30880 Laatzen
 Germany
 
 Telephone:+49 (511) 84 89 - 18 08
 Telefax:  +49 (511) 84 89 - 25 18 08
 Mobile:   +49 (170) 22 10 781
 Email:mailto:[EMAIL PROTECTED]
 Internet: http://www.fujitsu-siemens.com


http://www.fujitsu-siemens.de/rl/servicesupport/itdienstleistungen/competencecenter.html

***
   
 
 -|  -Original Message-
 -|  From: 
 -| 

[EMAIL PROTECTED]
 -|  rg 
 -| 

[mailto:[EMAIL PROTECTED]
 -|  .samba.org] On Behalf Of shaf sum
 -|  Sent: Thursday, October 14, 2004 8:36 AM
 -|  To: [EMAIL PROTECTED]
 -|  Subject: [Samba] Linux and samba server + Mac OS
 Clients on LAN
 -|  
 -|  Hi,
 -|  
 -|  On my network, I have 30 PCs with Win98/XP/2000.
  I
 -|  have a debian linux server with samba 3.0 which
 act as
 -|  PDC and it works pretty good.  No problem until
 the
 -|  management decided to buy some 15 Mac OS
 computer for
 -|  graphics purposes.  
 -|  
 -|  Here, where my problem begins.  I need to
 integrate
 -|  these 15 MAC pcs in my network where there will
 be
 -|  file sharing and user logging.  
 -|  
 -|  How can I proceed?? I found something at
 -|  http://netatalk.sourceforge.net .
 -|  
 -|  Could someone please help me to sort this
 problem
 -|  out
 -|  
 -|  
 -|  Thanks
 -|  
 -|  
 -|  S.
 -|  --
 -|  Shafeek Sumser
 -|  
 -|  
 -|  
 -|  
 -|
 -|  ___
 -|  Do you Yahoo!?
 -|  Declare Yourself - Register online to vote
 today!
 -|  http://vote.yahoo.com
 -|  -- 
 -|  To unsubscribe from this list go to the
 following URL and read the
 -|  instructions: 
 http://lists.samba.org/mailman/listinfo/samba
 -|  
 


__
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com 
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba


Re: [Samba] Samba ADS -- works with XP Pro, but not 2000 Pro

2004-10-14 Thread Christoph Scheeder
Hi,
AFAIR, this is a known problem with w2k clients.
You have to upgrade your kerberos to something  1.3
preferably to the latest available version.
Christoph
Gordon Hopper schrieb:
I am using Samba with Active Directory.  I have successfully joined my 
Samba server to the domain D1 ( net ads join -U [EMAIL PROTECTED] 
).  I am able to succesfully connect from Windows XP clients ( with no 
password ), but not from Windows 2000 ( even when specifying a password 
).  With w2k, I always get Failed to verify incoming ticket!.

I think it has something to do with the key type of the Kerberos tickets 
( etype or enctype in krb5.conf ).  Does Windows 2000 speak the same 
Kerberos 5 as Windows XP?  Which key types are used by Windows?  How do 
I know which enctype I need, and why doesn't the default enctype setting 
negotiate something that works?

It might also have something to do with trust relationships, since my 
samba machine is in domain D1.DOMAIN.COM, but my users are in domain 
D2.DOMAIN.COM.  (And my client machine is in D3.DOMAIN.COM).  Each of 
these domains is an active directory tree, with trust relationships 
between them...

But it works with an XP client, so what's different between XP and 
Windows 2000?

Thanks,
Gordon
Configuration files follow.
-
# smb.conf:
[global]
workgroup = D1
realm = D1.DOMAIN.COM
security = ADS
password server = d1dc02.d1.domain.com
log file = /etc/samba/samba.log
[t]
comment = Test Share
path = /tmp
read only = No
guest ok = Yes
browseable = Yes
-
# krb5.conf:
[logging]
default = FILE:/var/log/krb5.log
[libdefaults]
ticket_lifetime = 24000
default_realm = D1.DOMAIN.COM
dns_lookup_realm = true
dns_lookup_kdc = true
# According to 
http://web.mit.edu/kerberos/www/krb5-1.2/krb5-1.2.8/doc/admin.html#SEC17
# the only supported encryption types are des3-hmac-sha1 and des-cbc-crc.
default_tkt_enctypes = des3-hmac-sha1 des-cbc-crc
default_tgs_enctypes = des3-hmac-sha1 des-cbc-crc
# However, http://lists.samba.org/archive/samba/2004-October/093761.html 
suggests:
# default_tgs_enctypes = des-cbc-crc des-cbc-md5
# default_tkt_enctypes = des-cbc-crc des-cbc-md5

[realms]
D1.DOMAIN.COM = {
 kdc = d1dc01.d1.domain.com
}
D2.DOMAIN.COM = {
 kdc = d2dc01.d2.domain.com
}
--
# from an XP machine in the d2 Domain
C:\net use * \\samba07\t
Drive Y: is now connected to \\samba07\t .
The command completed successfully.
-
# from an XP machine NOT in the Domain
C:\net use * \\samba07\t
The password or user name is invalid for \\samba07\t .
Enter the user name for 'samba07': d2\username
Enter the password for samba07:
Drive Z: is now connected to \\samba07\t .
The command completed successfully.
--
# from a Windows 2000 machine in the d2 Domain:
C:\net use * \\samba07\t
The password or user name is invalid for \\samba07\t.
Type the password for \\samba07\t:
System error 1326 has occurred.
Logon failure: unknown user name or bad password.
C:\net use * \\samba07\t /USER:d2\username
The password or user name is invalid for \\samba07\t .
Type the password for \\samba07\t :
System error 1326 has occurred.
Logon failure: unknown user name or bad password.
# I get this message in the samba.log:
[2004/10/13 17:44:51, 1] smbd/sesssetup.c:reply_spnego_kerberos(173)
 Failed to verify incoming ticket!

# List of relevant packages (These are the latest updates available for 
RHEL 3)
$ rpm -qa | egrep 'krb5|samba'
krb5-devel-1.2.7-28
krb5-libs-1.2.7-28
krb5-workstation-1.2.7-28
samba-3.0.7-1.3E
samba-client-3.0.7-1.3E
samba-common-3.0.7-1.3E


--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba


[Samba] Problem adding users to the PDC

2004-10-14 Thread Anton K.
I have problem adding users after I set up a goupmap. Before there was no
problem.
net groupmap ntgroup=Users unixgroup=users
Users (S-1-5-32-545) - users
useradd pesho -g users
pdbedit -a pesho
new password:
retype new password:
tdb_update_sam: Failing to store a SAM_ACCOUNT for [pesho] without a primary
group RID
Unable to add user! (does it already exist?)
pesho of cource doesn´t exist
pdbedit -L | grep pesho
returns nothing.
I´m using two passwd backends:
 passdb backend = tdbsam:/etc/samba/passdb.tdb \
  smbpasswd:/etc/samba/smbpasswd
In this case I´m trying to add pesho to tdbsam,
when I remove it and only smbpasswd was in the smb.conf
I was able to add it sucessfully.
I´m using  samba 3.0.7-2.FC1.
Can somebody tell me what have I done wrong?
--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba


RE: [Samba] Samba 3.0.7 / AD Domain Group Resolving

2004-10-14 Thread Grzeski.Andreas
Hi Mark,

that did not resolve the problem for me. Removing the @ sign produced the same error 
message (see below)...

Greetings

Andreas

-Ursprüngliche Nachricht-
Von: Mark Le Noury [mailto:[EMAIL PROTECTED] 
Gesendet: Donnerstag, 14. Oktober 2004 12:43
An: [EMAIL PROTECTED]
Betreff: RE: [Samba] Samba 3.0.7 / AD Domain Group Resolving


Hi,


I think that you are fomatting the valid users directive incorrectly.

Try valid users = DOMAIN+Group_name (I use + as my winbind separator, substitute for 
whatever you have chosen) No @ sign necessary

It works fine for me like that.

Thanks,

Mark

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED]
Sent: 14 October 2004 12:38 PM
To: [EMAIL PROTECTED]
Subject: [Samba] Samba 3.0.7 / AD Domain Group Resolving


Hello List,

currently we have Samba 3.0.7 running on SLES8 systems with AD integration. We´re 
using the SerNet RPM´s (ftp.sernet.de)

Everything works fine so far, we just have a problem with resolving domain groups.

wbinfo -g works fine, the domain groups are correctly resolved. But when inserting a 
valid users = @AD_DOMAIN_GROUP statement in the smb.conf we get the following error:

smbd/service.c:make_connection_snum(314)
  user 'DOMAIN\User.Name' (from session setup) not permitted to access this share 
(sharename)

Inserting the user with his normal accountname does work (e.g. valid users = 
DOMAIN\User.Name)

We do have a lot of AD Groups, some users are member of more than 200 groups (and no, 
we cannot fix that, reducing the number of groups is unfortunately not an option).

I did find several post in the list archives on this topic, but no practical solution 
yet.

Is there a solution? Are more details necessary?

One more thing: we also have the problem that once in a while winbind dies when 
executing wbinfo -g or -u. I don´t know, if this is somehow connected.

Anyone any ideas? I´m a bit lost here...

Greetings

Andreas Grzeski
Systems Engineer/RHCE

Stadtwerke München GmbH

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba


--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba


Re: [Samba] Ex-PDC always loosing sync with new samba PDC

2004-10-14 Thread Gustavo Lima
Thanks for your answer Andrew,

Unfortunelly I cant take these NT out from the network now. I will have to
find a way to handle them.

Another question. Im having problems with Win 2k Server with SQL 2k. The 2k
cant see the users names from the 22 trusts I have, but only the SIDs. In
other way the local account s works fine.

Is there any solution to this problem?

Thanks,

Gustavo



- Original Message - 
From: Andrew Bartlett [EMAIL PROTECTED]
To: Gustavo Lima [EMAIL PROTECTED]
Cc: [EMAIL PROTECTED]
Sent: Thursday, October 14, 2004 7:13 AM
Subject: Re: [Samba] Ex-PDC always loosing sync with new samba PDC


-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba


Re: [Samba] can mount share, cannot join domain

2004-10-14 Thread jason kawaja
On Tue, 12 Oct 2004, jason kawaja wrote:

 i am not using ldap.  samba 3.0.7 on sparc solaris.  winxp pro client.

 [global]

 netbios name = bunny
 workgroup = ecel
 time server = yes
 security = user
 encrypt passwords = yes
 wins support = yes
 domain master = yes
 local master = yes
 os level = 65
 domain logons = yes
 logon path = \\%L\%u\.win_profile
 logon script = logon.bat
 logon drive = D:
 logon home = \\%L\%u\.win_home
 add user script = useradd -d /dev/null -g 100 -s /usr/bin/false %u

 [netlogon]

 path = /usr/local/samba/lib/netlogon
 writable = no
 browsable = no

 [homes]

 comment = Home Directories
 browsable = no
 writable = yes
 valid users = @student @despot
 invalid users = @other @sys @adm @uucp @mail @tty @lp @nuucp @staff \
 @daemon @sysadmin @bobody @noaccess @nogroup @nofiles @qmail
 max connections = 80

 drwxrwxr-x2 root other 512 Oct  8 13:21 netlogon/

 when attempting to set/join domain from My Computer - Properties, a
 window pops up asking for username password and i enter root along with
 the smbpassword for the root (uid=0) account.

 then an error box saying The user name could not be found. is
 displayed.

 i can mount a share using a non uid=0 samba account to this client.

 ideas?

how about a nudge in the right direction?

--
Jason Kawaja
http://www.ietf.org/rfc/rfc1855.txt
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba


RE: [Samba] Samba 3.0.7 / AD Domain Group Resolving

2004-10-14 Thread Mark Le Noury
Could you post the share definition from your smb.conf file? 

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of
[EMAIL PROTECTED]
Sent: 14 October 2004 02:10 PM
To: [EMAIL PROTECTED]
Subject: RE: [Samba] Samba 3.0.7 / AD Domain Group Resolving


Hi Mark,

that did not resolve the problem for me. Removing the @ sign produced
the same error message (see below)...

Greetings

Andreas

-Ursprüngliche Nachricht-
Von: Mark Le Noury [mailto:[EMAIL PROTECTED] 
Gesendet: Donnerstag, 14. Oktober 2004 12:43
An: [EMAIL PROTECTED]
Betreff: RE: [Samba] Samba 3.0.7 / AD Domain Group Resolving


Hi,


I think that you are fomatting the valid users directive incorrectly.

Try valid users = DOMAIN+Group_name (I use + as my winbind separator,
substitute for whatever you have chosen) No @ sign necessary

It works fine for me like that.

Thanks,

Mark

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of
[EMAIL PROTECTED]
Sent: 14 October 2004 12:38 PM
To: [EMAIL PROTECTED]
Subject: [Samba] Samba 3.0.7 / AD Domain Group Resolving


Hello List,

currently we have Samba 3.0.7 running on SLES8 systems with AD
integration. We´re using the SerNet RPM´s (ftp.sernet.de)

Everything works fine so far, we just have a problem with resolving
domain groups.

wbinfo -g works fine, the domain groups are correctly resolved. But when
inserting a valid users = @AD_DOMAIN_GROUP statement in the smb.conf
we get the following error:

smbd/service.c:make_connection_snum(314)
  user 'DOMAIN\User.Name' (from session setup) not permitted to access
this share (sharename)

Inserting the user with his normal accountname does work (e.g. valid
users = DOMAIN\User.Name)

We do have a lot of AD Groups, some users are member of more than 200
groups (and no, we cannot fix that, reducing the number of groups is
unfortunately not an option).

I did find several post in the list archives on this topic, but no
practical solution yet.

Is there a solution? Are more details necessary?

One more thing: we also have the problem that once in a while winbind
dies when executing wbinfo -g or -u. I don´t know, if this is somehow
connected.

Anyone any ideas? I´m a bit lost here...

Greetings

Andreas Grzeski
Systems Engineer/RHCE

Stadtwerke München GmbH

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba


-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba


Re: [Samba] smbfs mount issues

2004-10-14 Thread Anton K.
Culver, Chuck wrote:
I am having a similar problem on a Domain.
The problem only seems to be when mounting a share located on a Windows
2003 server.
My problem is this:   I run the mount command.  It completes without
error.  However, the mount path disappears.
In your example, /path/to/mount/dir would be mounted, but the dir
would disappear from view.
If I open a terminal, SU, and then ls -la /path/to/mount
It will not show anything at all.
If I run unmount the share, the folder reappears.
This used to work on an older version of Samba.. like 2.28 or early 3.
Now I am running 3.0.7-2 on Mandrake 10.1.
The stranger part is, I can preview the contents with SMB4K or LAN://
but once it is mounted


-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On
Behalf Of Jason Pirok
Sent: Wednesday, October 13, 2004 2:03 PM
To: [EMAIL PROTECTED]
Subject: [Samba] smbfs mount issues
This problem began a couple months ago with my new install of (you
guessed it) XP sp2.  Now, when i mount a share from the xp machine to
my debian box, everyone, including rot, gets a permission denied
trying to ls the dir.
I've read posts about switching to cifs, but that has opened a whole
new can of worms.  I'd just like to see smbfs mount my shares properly
the way they used to.
My version of samba is 3.0.7-1 according to dpkg on debian unstable.  
the mount command is

mount -t smbfs -o
credentials=cred.file,netbiosname=intruder,workgroup=workgroup,ip=111.11
1.111.111
//host/share /path/to/mount/dir
I've done lots of look ups on google regarding many combinations of xp
smbfs and the problems encountered to no avail.  I'm at wits end and
don't know what else to do.
Sincerely,
Jason
 

This might be coused by buggy kernel, I had sa similar problem with 
kernel 2.6.1-...
which come with Fedora Core2 test1.
When I upgrade the kernel it was OK.
What kernel are you using
--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba


Re: [Samba] can mount share, cannot join domain

2004-10-14 Thread Anton K.
jason kawaja wrote:
On Tue, 12 Oct 2004, jason kawaja wrote:
 

i am not using ldap.  samba 3.0.7 on sparc solaris.  winxp pro client.
[global]
   netbios name = bunny
   workgroup = ecel
   time server = yes
   security = user
   encrypt passwords = yes
   wins support = yes
   domain master = yes
   local master = yes
   os level = 65
   domain logons = yes
   logon path = \\%L\%u\.win_profile
   logon script = logon.bat
   logon drive = D:
   logon home = \\%L\%u\.win_home
   add user script = useradd -d /dev/null -g 100 -s /usr/bin/false %u
[netlogon]
   path = /usr/local/samba/lib/netlogon
   writable = no
   browsable = no
[homes]
   comment = Home Directories
   browsable = no
   writable = yes
   valid users = @student @despot
   invalid users = @other @sys @adm @uucp @mail @tty @lp @nuucp @staff \
   @daemon @sysadmin @bobody @noaccess @nogroup @nofiles @qmail
   max connections = 80
drwxrwxr-x2 root other 512 Oct  8 13:21 netlogon/
when attempting to set/join domain from My Computer - Properties, a
window pops up asking for username password and i enter root along with
the smbpassword for the root (uid=0) account.
then an error box saying The user name could not be found. is
displayed.
i can mount a share using a non uid=0 samba account to this client.
ideas?
   

how about a nudge in the right direction?
--
Jason Kawaja
http://www.ietf.org/rfc/rfc1855.txt
 

Maybe you forgot to add root in samba
like smbpasswd -a root
--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba


[Samba] AD

2004-10-14 Thread Jan Kellerhoff
Hi,
does anyone know if there is a chance to use samba + openldap and Heimdal
all together...?
Until know it samba seems to be only able to join as a member server...
Kelly
--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba


RE: [Samba] Samba 3.0.7 / AD Domain Group Resolving

2004-10-14 Thread Grzeski.Andreas
Hi Mark,

this is the Share definition from our smb.conf:

[install]
writeable = yes
path = /Path/to/directory
write list = DOMAIN\Domain_Group
valid users = DOMAIN\Domain_Group

The configuration is pretty straightforward...

Here is the Rest of our smb.conf:

[global]
workgroup = DOMAIN
realm = DOMAIN.DE
security = ADS
netbios name = servername
server string = Installserver
domain master = no
domain logons = no
wins support = no
wins server = ip.of.wins.server
password server = server1 server2 server3
idmap gid = 1-4
idmap uid = 1-4
winbind enum users = yes
winbind enum groups = yes
os level = 20
interfaces = 127.0.0.1 eth0
encrypt passwords = yes
utmp = yes
passdb backend = tdbsam:/etc/samba/passdb.tdb smbpasswd:/etc/samba/smbpasswd
preferred master = no
unix charset = LOCALE
bind interfaces only = true
template homedir = /home/%D/%U
template shell = /bin/bash
client use spnego = yes
local master = no

I hope that helps...

Greetings

Andreas

-Ursprüngliche Nachricht-
Von: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Im Auftrag von Mark Le Noury
Gesendet: Donnerstag, 14. Oktober 2004 14:31
An: [EMAIL PROTECTED]
Betreff: RE: [Samba] Samba 3.0.7 / AD Domain Group Resolving


Could you post the share definition from your smb.conf file? 

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED]
Sent: 14 October 2004 02:10 PM
To: [EMAIL PROTECTED]
Subject: RE: [Samba] Samba 3.0.7 / AD Domain Group Resolving


Hi Mark,

that did not resolve the problem for me. Removing the @ sign produced the same error 
message (see below)...

Greetings

Andreas

-Ursprüngliche Nachricht-
Von: Mark Le Noury [mailto:[EMAIL PROTECTED] 
Gesendet: Donnerstag, 14. Oktober 2004 12:43
An: [EMAIL PROTECTED]
Betreff: RE: [Samba] Samba 3.0.7 / AD Domain Group Resolving


Hi,


I think that you are fomatting the valid users directive incorrectly.

Try valid users = DOMAIN+Group_name (I use + as my winbind separator, substitute for 
whatever you have chosen) No @ sign necessary

It works fine for me like that.

Thanks,

Mark

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED]
Sent: 14 October 2004 12:38 PM
To: [EMAIL PROTECTED]
Subject: [Samba] Samba 3.0.7 / AD Domain Group Resolving


Hello List,

currently we have Samba 3.0.7 running on SLES8 systems with AD integration. We´re 
using the SerNet RPM´s (ftp.sernet.de)

Everything works fine so far, we just have a problem with resolving domain groups.

wbinfo -g works fine, the domain groups are correctly resolved. But when inserting a 
valid users = @AD_DOMAIN_GROUP statement in the smb.conf we get the following error:

smbd/service.c:make_connection_snum(314)
  user 'DOMAIN\User.Name' (from session setup) not permitted to access this share 
(sharename)

Inserting the user with his normal accountname does work (e.g. valid users = 
DOMAIN\User.Name)

We do have a lot of AD Groups, some users are member of more than 200 groups (and no, 
we cannot fix that, reducing the number of groups is unfortunately not an option).

I did find several post in the list archives on this topic, but no practical solution 
yet.

Is there a solution? Are more details necessary?

One more thing: we also have the problem that once in a while winbind dies when 
executing wbinfo -g or -u. I don´t know, if this is somehow connected.

Anyone any ideas? I´m a bit lost here...

Greetings

Andreas Grzeski
Systems Engineer/RHCE

Stadtwerke München GmbH

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba


-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba
--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba


Re: [Samba] smbfs mount issues

2004-10-14 Thread Charles Culver
Kernel 2.6.8.1-10


On Thu, 2004-10-14 at 15:38 +0300, Anton K. wrote:
 Culver, Chuck wrote:
 
 I am having a similar problem on a Domain.
 
 The problem only seems to be when mounting a share located on a Windows
 2003 server.
 
 My problem is this:   I run the mount command.  It completes without
 error.  However, the mount path disappears.
 
 In your example, /path/to/mount/dir would be mounted, but the dir
 would disappear from view.
 
 If I open a terminal, SU, and then ls -la /path/to/mount
 It will not show anything at all.
 
 If I run unmount the share, the folder reappears.
 
 
 This used to work on an older version of Samba.. like 2.28 or early 3.
 Now I am running 3.0.7-2 on Mandrake 10.1.
 
 The stranger part is, I can preview the contents with SMB4K or LAN://
 but once it is mounted
 
 
 
 
 
 -Original Message-
 From: [EMAIL PROTECTED]
 [mailto:[EMAIL PROTECTED] On
 Behalf Of Jason Pirok
 Sent: Wednesday, October 13, 2004 2:03 PM
 To: [EMAIL PROTECTED]
 Subject: [Samba] smbfs mount issues
 
 This problem began a couple months ago with my new install of (you
 guessed it) XP sp2.  Now, when i mount a share from the xp machine to
 my debian box, everyone, including rot, gets a permission denied
 trying to ls the dir.
 
 I've read posts about switching to cifs, but that has opened a whole
 new can of worms.  I'd just like to see smbfs mount my shares properly
 the way they used to.
 
 My version of samba is 3.0.7-1 according to dpkg on debian unstable.  
 the mount command is
 
 mount -t smbfs -o
 credentials=cred.file,netbiosname=intruder,workgroup=workgroup,ip=111.11
 1.111.111
 //host/share /path/to/mount/dir
 
 I've done lots of look ups on google regarding many combinations of xp
 smbfs and the problems encountered to no avail.  I'm at wits end and
 don't know what else to do.
 
 Sincerely,
 
 Jason
   
 
 This might be coused by buggy kernel, I had sa similar problem with 
 kernel 2.6.1-...
 which come with Fedora Core2 test1.
 When I upgrade the kernel it was OK.
 What kernel are you using

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba


Re: [Samba] can mount share, cannot join domain

2004-10-14 Thread jason kawaja
On Thu, 14 Oct 2004, Anton K. wrote:

 jason kawaja wrote:

 On Tue, 12 Oct 2004, jason kawaja wrote:
 
 i am not using ldap.  samba 3.0.7 on sparc solaris.  winxp pro client.

[snip smb.conf]

 when attempting to set/join domain from My Computer - Properties, a
 window pops up asking for username password and i enter root along
 with the smbpassword for the root (uid=0) account.
 
 then an error box saying The user name could not be found. is
 displayed.
 
 i can mount a share using a non uid=0 samba account to this client.

 Maybe you forgot to add root in samba like smbpasswd -a root

nope, i created the smb root account and even see this :

/usr/local/samba/var/log.smbd:  check_ntlm_password:  authentication for
user [root] - [root] - [root] succeeded

which im assuming means root authenticated.

--
Jason Kawaja
http://www.ietf.org/rfc/rfc1855.txt
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba


[Samba] script in netlogon isn't run

2004-10-14 Thread Patrick DUBAU
Hi,
i have samba 3.0.7 and set a logon.bat script in /home/samba/netlogon
But when i log in my domaine (from a windows xp sp1 machine) Domi the 
script isn't run, no error  message   at log in
Just going on the share netlogon i got the sand-hour and nothing more 
happens

What's wrong ?
Thanks for any help
*here my smb.conf *
[global]
# Do something sensible when Samba crashes: mail the admin a backtrace
netbios name = FS1
workgroup = DOMI
security = user
encrypt passwords = yes
#admin users= @Domain Admins
interfaces=192.168.251.8
#host allow= 192.168.251.0/255.255.255.0
#domain logons = Yes
os level = 65
preferred master = Yes
domain master = Yes
domain logons = Yes
logon script=logon.bat
log file = /var/log/samba/%m.log
log level = 5
max log size = 5000
add machine script = /usr/local/sbin/smbldap-useradd -w %u
add user script = /usr/sbin/useradd -d /dev/null -g 100 -s /bin/false -M %u
#add user script = /usr/local/sbin/smbldap-useradd -m %u
#add group script = /usr/local/sbin/smbldap-groupadd -p %g
#add user to group script = /usr/local/sbin/smbldap-groupmod -m %u %g
#delete user from group script = /usr/local/sbin/smbldap-groupmod -x 
%u %g
#set primary group script = /usr/local/sbin/smbldap-usermod -g %g %u
#delete user script = /usr/local/sbin/smbldap-userdel %u
#delete group script = /usr/local/sbin/smbldap-groupdel %g

obey pam restrictions = Yes
#** Pour LDAP 
*
passdb backend = ldapsam:ldap://127.0.0.1/
ldap suffix = dc=alsace,dc=iufm,dc=fr
ldap admin dn = cn=admin,dc=alsace,dc=iufm,dc=fr
ldap ssl=no
ldap user suffix = ou=People
ldap machine suffix = ou=Computers
ldap group suffix = ou=Groups
#ldap idmap suffix = ou=Users
# d'après http://cj.tronquet.free.fr/doc/samba3ldap.php et idealx p.17 
(smbtools)
ldap passwd sync = Yes
#***

[commun]
comment = commun aux profs et étudiants
volume = commun 
path = /home/samba/commun
guest ok=yes
read only = no
writeable = yes
#pas de partage visible dans vosinage réseau
browseable = no

[compta]
comment = fichiers du service comptable
path = /home/samba/fichiers/compta
public = yes
writeable = yes
read only = no
create mask = 0750
valid users = @compta
# le groupe superviseur a tous les droits sur ce partage
admin users = @superviseur
[prothee]
comment = accès à prothee
path=/home/samba/prothee
public = yes
writeable = yes
read only = no
create mask = 0750
valid users = prothee
admin users = @superviseur
[netlogon]
comment = Network Logon Service
path = /home/samba/netlogon
guest ok = yes
writable = no
share modes = no
*here my logon..bat file * (i did as simple as possible..)
net use j: \\FS1\netlogon
net use k: \\FS1\commun
--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba


[Samba] Re: Sage oplocks

2004-10-14 Thread Terry

I need to set oplocking in smb.conf.I had it running for a while but on
some windows pc's when i deleted a file it stayed there when attemping
to delete for second time it threw an error saying file did not exist
etc.
I suspect this is windows problem so when i enable oplocking do i need to
do anything on the windows pc's.
I noticed this in the samba docs and wanted to confirm its the right
thing to do ( nt4 and XP machines by the way )
-
The following registry entries on Microsoft Windows XP Professional, 2000
Professional and Windows NT4 workstation clients must be configured as
shown here:
REGEDIT4

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\LanmanServer\Parameters]
  EnableOplocks=dword:

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\LanmanWorkstation\Parameters]
  UseOpportunisticLocking=dword:

Sage is proving to be a pain in general
Regards Terry
--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba


Re: [Samba] script in netlogon isn't run

2004-10-14 Thread Mattia
Patrick DUBAU wrote:
Hi,
i have samba 3.0.7 and set a logon.bat script in /home/samba/netlogon
But when i log in my domaine (from a windows xp sp1 machine) Domi the 
script isn't run, no error  message   at log in
Just going on the share netlogon i got the sand-hour and nothing more 
happens

*here my logon..bat file * (i did as simple as possible..)
net use j: \\FS1\netlogon
net use k: \\FS1\commun
The first things I would try:
- check the permissions on the file
- make sure the file is in DOS text format, not Unix. You can do it with 
 the unix2dos logon.bat command
- check in the logs if the user can connect correctly to the [NETLOGON] 
share at login

Bye... Mattia
--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba


Re: [Samba] smbfs mount issues

2004-10-14 Thread Jason Pirok
sorry about forgetting that.  My kernel version is 2.6.8


 This might be coused by buggy kernel, I had sa similar problem with
 kernel 2.6.1-...
 which come with Fedora Core2 test1.
 When I upgrade the kernel it was OK.
 What kernel are you using

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba


Re: [Samba] smbfs mount issues

2004-10-14 Thread Jason Pirok
Whoops I should have run uname first.  kernel is 2.6.7


On Thu, 14 Oct 2004 08:55:47 -0500, Jason Pirok [EMAIL PROTECTED] wrote:
 sorry about forgetting that.  My kernel version is 2.6.8
 
 
 
 
  This might be coused by buggy kernel, I had sa similar problem with
  kernel 2.6.1-...
  which come with Fedora Core2 test1.
  When I upgrade the kernel it was OK.
  What kernel are you using
 

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba


Re: [Samba] NTFS ACLs - access denied

2004-10-14 Thread Gerald (Jerry) Carter
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Matías Barletta wrote:
| People, I had gone panic... there is no way to migrate
| Files from my NT 4, to the Samba BDC Server. I had vampired
| all the users. but still I get access denied in robocopy
| when it tries to copy the NTFS Security.
|
| Any Idea what could it be??
|
| I swear to god, that I will share a bit of my salary
| to solve this out!! 2 weeks fighting and going throw forums,
| and this weekend my boss will go with win2000 if I dont
| find a solution!!
What version of Samba ?  We'll need a lot more details.


cheers, jerry
- -
Alleviating the pain of Windows(tm)  --- http://www.samba.org
GnuPG Key- http://www.plainjoe.org/gpg_public.asc
If we're adding to the noise, turn off this song--Switchfoot (2003)
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.2.4 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFBboaBIR7qMdg1EfYRAm7QAJ9GCaJ57Y7ruymLyxeX/ycTjMU3OACgt4hX
CoW9En0CexPh6GnQYse19VQ=
=xYOW
-END PGP SIGNATURE-
--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba


Re: [Samba] kerberos and/or winbind ??

2004-10-14 Thread Gerald (Jerry) Carter
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Christian Merrill wrote:
| Here is an over simplified explanation.  Configuring
| kerberos with samba will not give you any additional features.
Actually it will.  You don't get support for transitive
trusts in winbindd without it.  Without krb5 you get the
non-transtive NT4 style trusts.

cheers, jerry
- -
Alleviating the pain of Windows(tm)  --- http://www.samba.org
GnuPG Key- http://www.plainjoe.org/gpg_public.asc
If we're adding to the noise, turn off this song--Switchfoot (2003)
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.2.4 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFBbocTIR7qMdg1EfYRAvMEAKCQlgScoCVr1MSjPvEQrvtWe/f0ZQCgmoFW
hoyWspetmyUWCZrXR0a22I4=
=RZWZ
-END PGP SIGNATURE-
--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba


Re: [Samba] Can't join domain - no message

2004-10-14 Thread Gerald (Jerry) Carter
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
[EMAIL PROTECTED] wrote:
| domain_client_validate: could not fetch trust account
| password for domain DOMAINNAME
Looks like it didn't really join the domain.  Run smbpasswd
with debug level of 10 and look for any errors at the tail end of the
join process.



cheers, jerry
- -
Alleviating the pain of Windows(tm)  --- http://www.samba.org
GnuPG Key- http://www.plainjoe.org/gpg_public.asc
If we're adding to the noise, turn off this song--Switchfoot (2003)
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.2.4 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFBbod2IR7qMdg1EfYRAku7AJ9fMm8DRGzNssZSoT1nzRL1DqNz3gCg1hKQ
AzSKc69xROl6TMcxYkawlOo=
=3pTA
-END PGP SIGNATURE-
--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba


Re: [Samba] Samba setup with Winbind connecting to NT4 PDC - Login is Slow...

2004-10-14 Thread Eric Murray

-|  PDC - Login isnow Slow...
-|  
-|  winbind enum users = yes
-|  winbind enum groups = yes
remove those two...

Mit freundlichem Gruß,
 

Ok, I removed those 2 lines and tried again... It still took at least 2 
minutes to login as it just Sit's on the KDE welcome screen with 
nothing and then all of a sudden up pops the KDE login box and proceeds 
as normal.

Questions :
- Is there a chance that becuase I'm on a trusted Domain with 3 
locations that it is trying to Syncronize with the PDC's on the 3 
domains on startup? Causing it to be slow like that?
- Is there a chance that PAM has something to do with it?  My SMB shares 
are all working and it authenticates with the PDC correctly so I would 
rather not mess with pam as I don't know what I'm doing with it.

Here is my current SMB.CONF and NSSWITCH.CONF files again now.
-
SMB.CONF
-
# version at /usr/share/doc/packages/samba/examples/smb.conf.SUSE
# Date: 2004-09-16
[global]
   workgroup = SHELTER
   printing = cups
   printcap name = cups
   printcap cache time = 750
   cups options = raw
   printer admin = @ntadmin, root, administrator
   username map = /etc/samba/smbusers
   map to guest = Bad User
###include = /etc/samba/dhcp.conf
#logon path = \\%L\profiles\.msprofile
#logon home = \\%L\%U\.9xprofile
#logon drive = P:
# My additions...
   security = DOMAIN
   encrypt passwords = yes
   password server = shelternt1 sriesrv2
   obey pam restrictions = yes
   socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
   wins server = shelternt1 sriesrv2
   dns proxy = no
   netbios name = sriemailsrv
   log level = 1
   winbind separator = +
   winbind uid = 1-2
   winbind gid = 1-2
   winbind cache time = 15
#winbind enum users = yes
#winbind enum groups = yes
   template homedir = /home/%U
   template shell = /bin/bash
   winbind use default domain = yes
   name resolve order = wins lmhosts host bcast
[pdf]
   comment = PDF creator
   path = /var/tmp
   printable = Yes
   print command = /usr/bin/smbprngenpdf -J '%J' -c %c -s %s -u '%u' -z %z
   create mask = 0600
[printers]
   comment = All Printers
   path = /var/tmp
   printable = Yes
   create mask = 0600
   browseable = No
[print$]
   comment = Printer Drivers
   path = /var/lib/samba/drivers
   write list = @ntadmin root
   force group = ntadmin
   create mask = 0664
   directory mask = 0775
[Public]
   comment = Public Folder
   path = /data/Public
   writable = yes
[NetworkAccess]
   writable = yes
   path = /data/NetworkAccess
   write list = @shelter+TestLinuxGroup
   force group = ntadmin
   force user = root
   comment = Network Share for Writability...
   create mode = 0660
   directory mode = 0770
[tmp]
   comment = Temporary File Space
   path = /data/tmp
   read only = no
   public = yes
-
NSSWITCH.CONF
-
#
# /etc/nsswitch.conf
#
# An example Name Service Switch config file. This file should be
# sorted with the most-used services at the beginning.
#
# The entry '[NOTFOUND=return]' means that the search for an
# entry should stop if the search in the previous entry turned
# up nothing. Note that if the search failed due to some other reason
# (like no NIS server responding) then the search continues with the
# next entry.
#
# Legal entries are:
#
#   compat  Use compatibility setup
#   nisplus Use NIS+ (NIS version 3)
#   nis Use NIS (NIS version 2), also called YP
#   dns Use DNS (Domain Name Service)
#   files   Use the local files
#   db  Use the /var/db databases
#   [NOTFOUND=return]   Stop searching if not found so far
#
# For more information, please read the nsswitch.conf.5 manual page.
#
# passwd: files nis
# shadow: files nis
# group:  files nis
passwd: compat winbind
group:  compat winbind
hosts:  files dns
networks:   files dns
services:   files
protocols:  files
rpc:files
ethers:files
netmasks:   files
netgroup:   files
publickey:files
bootparams: files
automount:  files nis
aliases:files

Thanks,
--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba


Re: [Samba] 2 log files for the same client workstation accessing a Samba sha re

2004-10-14 Thread Gerald (Jerry) Carter
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
[EMAIL PROTECTED] wrote:
| Hi,
|
| I am using Samba 3.0.7.
|
| Why is there a log filename with the IP address
| and another one with the machine name in the
| samba/var directory?
|
| For example :
|
|   log.10.x.x.x.
|   log.machine_name_at_10.x.x.x
|
| Note: I deleted all logs before restarting Samba and
| connecting to a share. Both log files are created at
| about the same time.
|
| Is this a normal Samba behavior?
Yes (when the client connects to port 445 we don't
have access to the machine name until the SMBsesssetupX
request).

cheers, jerry
- -
Alleviating the pain of Windows(tm)  --- http://www.samba.org
GnuPG Key- http://www.plainjoe.org/gpg_public.asc
If we're adding to the noise, turn off this song--Switchfoot (2003)
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.2.4 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFBboi1IR7qMdg1EfYRAhC/AJ9Wtk02xfo8sNupb62usLCI8RXd1QCeN2px
aoDVvuEPqak8yF99kVhKr1A=
=ef4y
-END PGP SIGNATURE-
--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba


Re: [Samba] Bad lockout attempt recorded 2x

2004-10-14 Thread Gerald (Jerry) Carter
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Jeremy Bender wrote:
| Example:
| I logon to my Windows box as 'bender'
| I also have the samba users 'bob', 'chuck' and 'bender'.
| If I Map a Share as bob and mess up twice (or once) and then
| successfully logon, the 'Bad password count' for 'bob' will
| correctly be 0, but for bender it will be 2.  If I logon
| as 'chuck' and mess up once - 'bender' is now locked
| out!!
This is windows trying to use cached credentials I think.
| that, all the shares on my samba server are
| locked out to EVERYONE until I either remove user 'bender' or
| ./pdbedit -z -c='[]' bender
That would be a bug.  Mind filing a report at bugzilla.samba.org.


cheers, jerry
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.2.4 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFBboqCIR7qMdg1EfYRAmhcAJ0TRxGWPRdare1uY1omV/XuL3MhMwCg3eig
NYTtMm/oL2YIBHmCL5ZPbE8=
=r2JR
-END PGP SIGNATURE-
--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba


RE: [Samba] Can't join domain - no message

2004-10-14 Thread smg
Output from smbpasswd with debug level 10:

./smbpasswd -D 10 -j DOMAINNAME -r PDC -U username
Initialising global parameters
params.c:pm_process() - Processing configuration file
/usr/local/samba/lib/smb.conf
Processing section [global]
doing parameter workgroup = DOMAINNAME
doing parameter netbios name = HOSTNAME
handle_netbios_name: set global_myname to: HOSTNAME
doing parameter server string = My Server
doing parameter security = DOMAIN
doing parameter encrypt passwords = Yes
doing parameter password server = *
doing parameter admin log = Yes
doing parameter log file = /var/log/samba
doing parameter dns proxy = No
doing parameter invalid users = root
pm_process() returned Yes
lp_servicenumber: couldn't find homes
set_server_role: ROLE_DOMAIN_MEMBER
codepage_initialise: client code page = 850
load_client_codepage: loading codepage 850.
Adding chars 0x85 0xb7 (l-u = True) (u-l = True)
Adding chars 0xa0 0xb5 (l-u = True) (u-l = True)
Adding chars 0x83 0xb6 (l-u = True) (u-l = True)
Adding chars 0xc6 0xc7 (l-u = True) (u-l = True)
Adding chars 0x84 0x8e (l-u = True) (u-l = True)
Adding chars 0x86 0x8f (l-u = True) (u-l = True)
Adding chars 0x91 0x92 (l-u = True) (u-l = True)
Adding chars 0x87 0x80 (l-u = True) (u-l = True)
Adding chars 0x8a 0xd4 (l-u = True) (u-l = True)
Adding chars 0x82 0x90 (l-u = True) (u-l = True)
Adding chars 0x88 0xd2 (l-u = True) (u-l = True)
Adding chars 0x89 0xd3 (l-u = True) (u-l = True)
Adding chars 0x8d 0xde (l-u = True) (u-l = True)
Adding chars 0xa1 0xd6 (l-u = True) (u-l = True)
Adding chars 0x8c 0xd7 (l-u = True) (u-l = True)
Adding chars 0x8b 0xd8 (l-u = True) (u-l = True)
Adding chars 0xd0 0xd1 (l-u = True) (u-l = True)
Adding chars 0xa4 0xa5 (l-u = True) (u-l = True)
Adding chars 0x95 0xe3 (l-u = True) (u-l = True)
Adding chars 0xa2 0xe0 (l-u = True) (u-l = True)
Adding chars 0x93 0xe2 (l-u = True) (u-l = True)
Adding chars 0xe4 0xe5 (l-u = True) (u-l = True)
Adding chars 0x94 0x99 (l-u = True) (u-l = True)
Adding chars 0x9b 0x9d (l-u = True) (u-l = True)
Adding chars 0x97 0xeb (l-u = True) (u-l = True)
Adding chars 0xa3 0xe9 (l-u = True) (u-l = True)
Adding chars 0x96 0xea (l-u = True) (u-l = True)
Adding chars 0x81 0x9a (l-u = True) (u-l = True)
Adding chars 0xec 0xed (l-u = True) (u-l = True)
Adding chars 0xe7 0xe8 (l-u = True) (u-l = True)
Adding chars 0x9c 0x0 (l-u = False) (u-l = False)
load_dos_unicode_map: 850
load_unicode_map: loading unicode map for codepage 850.
load_unix_unicode_map: ISO8859-1 (init_done=0, override=0)
load_unicode_map: loading unicode map for codepage ISO8859-1.
added interface ip=172.17.1.212 bcast=172.17.255.255 nmask=255.255.0.0
Password:
cli_init_creds: user username domain DOMAINNAME flgs: 0
ntlmssp_cli_flgs:0
cli_establish_connection: HOSTNAME00 connecting to PDC20 (0.0.0.0) -
username [DOMAINNAME]
resolve_lmhosts: Attempting lmhosts lookup for name PDC0x20
startlmhosts: Can't open lmhosts file /usr/local/samba/lib/lmhosts. Error
was No such file or directory
resolve_hosts: Attempting host lookup for name PDC0x20
resolve_wins: Attempting wins lookup for name PDC0x20
wins_srv_count: WINS status: 0 servers.
resolve_wins: WINS server resolution selected and no WINS servers listed.
name_resolve_bcast: Attempting broadcast lookup for name PDC0x20
bind succeeded on port 0
socket option SO_KEEPALIVE = 0
socket option SO_REUSEADDR = 4
socket option SO_BROADCAST = 32
Could not test socket option TCP_NODELAY.
socket option IPTOS_LOWDELAY = 0
socket option IPTOS_THROUGHPUT = 0
socket option SO_SNDBUF = 0
socket option SO_RCVBUF = 0
socket option SO_SNDLOWAT = 0
socket option SO_RCVLOWAT = 0
socket option SO_SNDTIMEO = 0
socket option SO_RCVTIMEO = 0
Sending a packet of len 50 to (172.17.255.255) on port 137
read_udp_socket: lastip 172.8.8.8 lastport 137 read: 62
parse_nmb: packet id = 14521
Received a packet of len 62 from (172.8.8.8) port 137
nmb packet from 172.8.8.8(137) header: id=14521 opcode=Query(0) response=Yes
header: flags: bcast=No rec_avail=No rec_des=Yes trunc=No auth=Yes
header: rcode=0 qdcount=0 ancount=1 nscount=0 arcount=0
answers: nmb_name=PDC20 rr_type=32 rr_class=1 ttl=30
answers   0 char `.   hex 6000AC110101
Got a positive name query response from 172.8.8.8 ( 172.8.8.8 )
parse_nmb: packet id = 123
parse_nmb: packet id = 123
parse_nmb: packet id = 123
parse_nmb: packet id = 123
parse_nmb: packet id = 123
parse_nmb: packet id = 123
internal_resolve_name: returning 1 addresses: 172.8.8.8
Connecting to 172.8.8.8 at port 445

As you can see, no message to say domain joined or not

Regards,

Stuart

-Original Message-
From: Gerald (Jerry) Carter [mailto:[EMAIL PROTECTED]
Sent: 14 October 2004 15:05
To: Stuart Manning
Cc: [EMAIL PROTECTED]
Subject: Re: [Samba] Can't join domain - no message




***
Gold Medal Travel E Mail disclaimer

This e-mail contains proprietary information some or all of which may 
be legally 

[Samba] Re: Problem adding users to the PDC

2004-10-14 Thread Igor Belyi
Users (S-1-5-32-545) is a local group. Domain users should have Domain 
group from their domain as their primary group. I would recommend to 
change mapping by removing 'Users - users' map and adding 'Domain Users 
- users' one.

The problem can be also caused if you already have 'Domain Users - 
users' and add 'Users - users' since Samba mapps gid - SID by finding 
the first SID - gid mapping with the right gid and will fail if 'Users 
- users' is the first map it encounters.

Hope it helps,
Igor
Anton K. wrote:
I have problem adding users after I set up a goupmap. Before there was no
problem.
net groupmap ntgroup=Users unixgroup=users
Users (S-1-5-32-545) - users
useradd pesho -g users
pdbedit -a pesho
new password:
retype new password:
tdb_update_sam: Failing to store a SAM_ACCOUNT for [pesho] without a 
primary
group RID
Unable to add user! (does it already exist?)
pesho of cource doesn´t exist
pdbedit -L | grep pesho
returns nothing.

I´m using two passwd backends:
 passdb backend = tdbsam:/etc/samba/passdb.tdb \
  smbpasswd:/etc/samba/smbpasswd
In this case I´m trying to add pesho to tdbsam,
when I remove it and only smbpasswd was in the smb.conf
I was able to add it sucessfully.
I´m using  samba 3.0.7-2.FC1.
Can somebody tell me what have I done wrong?
--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba


Re: [Samba] Can't join domain - no message

2004-10-14 Thread Gerald (Jerry) Carter
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
[EMAIL PROTECTED] wrote:
| Output from smbpasswd with debug level 10:
|
| ./smbpasswd -D 10 -j DOMAINNAME -r PDC -U username
| Password:

| Connecting to 172.8.8.8 at port 445
|
| As you can see, no message to say domain joined
| or not
You should get some configmarion such as joined domain BLAH
Is that IP address corret ?  Does smbpasswd every connect ?
The log file shouldn't just stop.  There should be a lot
more information after that last line.


cheers, jerry
- -
Alleviating the pain of Windows(tm)  --- http://www.samba.org
GnuPG Key- http://www.plainjoe.org/gpg_public.asc
If we're adding to the noise, turn off this song--Switchfoot (2003)
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.2.4 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFBbo8eIR7qMdg1EfYRAnqOAKDmgJmy2x44Wr59ecKftbJa7GQESgCgyGhv
GYJF+vpcYEdJ2ybTZq/BP5U=
=DUPc
-END PGP SIGNATURE-
--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba


Re: [Samba] Bad lockout attempt recorded 2x

2004-10-14 Thread Jeremy Bender
Thanks for input.  But before I file a bug report I was poking around 
and found what seemed to be a fix
back in 3.0beta2.

http://www.linux.israel.net/samba/whatsnew/samba-3.0.0rc1.html
Section: Changes since 3.0beta2 bullet number 6.
Is this the same issue?
Thanks.
Gerald (Jerry) Carter wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Jeremy Bender wrote:
| Example:
| I logon to my Windows box as 'bender'
| I also have the samba users 'bob', 'chuck' and 'bender'.
| If I Map a Share as bob and mess up twice (or once) and then
| successfully logon, the 'Bad password count' for 'bob' will
| correctly be 0, but for bender it will be 2.  If I logon
| as 'chuck' and mess up once - 'bender' is now locked
| out!!
This is windows trying to use cached credentials I think.
| that, all the shares on my samba server are
| locked out to EVERYONE until I either remove user 'bender' or
| ./pdbedit -z -c='[]' bender
That would be a bug.  Mind filing a report at bugzilla.samba.org.


cheers, jerry
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.2.4 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFBboqCIR7qMdg1EfYRAmhcAJ0TRxGWPRdare1uY1omV/XuL3MhMwCg3eig
NYTtMm/oL2YIBHmCL5ZPbE8=
=r2JR
-END PGP SIGNATURE-

--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba


Re: [Samba] can mount share, cannot join domain

2004-10-14 Thread jason kawaja
On Thu, 14 Oct 2004, jason kawaja wrote:

 On Thu, 14 Oct 2004, Anton K. wrote:

  jason kawaja wrote:
 
  On Tue, 12 Oct 2004, jason kawaja wrote:
  
  i am not using ldap.  samba 3.0.7 on sparc solaris.  winxp pro client.

 /usr/local/samba/var/log.smbd:  check_ntlm_password:  authentication for
 user [root] - [root] - [root] succeeded

 which im assuming means root authenticated.

log.smbd on an attempt to join domain (log level=2) :

[2004/10/14 10:41:18, 2] smbd/reply.c:reply_special(235)
  netbios connect: name1=BUNNY   name2=KOBILE
[2004/10/14 10:41:18, 2] smbd/reply.c:reply_special(242)
  netbios connect: local=bunny remote=kobile, name type = 0
[2004/10/14 10:41:18, 2] smbd/sesssetup.c:setup_new_vc_session(608)
  setup_new_vc_session: New VC == 0, if NT4.x compatible we would close
all old resources.
[2004/10/14 10:41:18, 2] smbd/sesssetup.c:setup_new_vc_session(608)
  setup_new_vc_session: New VC == 0, if NT4.x compatible we would close
all old resources.
[2004/10/14 10:41:18, 2] auth/auth.c:check_ntlm_password(305)
  check_ntlm_password:  authentication for user [root] - [root] -
[root] succeeded
[2004/10/14 10:41:18, 2]
rpc_server/srv_samr_nt.c:_samr_lookup_domain(2477)
  Returning domain sid for domain ECEL -
S-1-5-21-4249381265-1503177171-4108507800
[2004/10/14 10:41:18, 2] smbd/server.c:exit_server(571)
  Closing connections

log.smbd on another attempt to join domain (log level=5) :

[2004/10/14 10:44:36, 5] lib/username.c:Get_Pwnam_internals(251)
  Get_Pwnam_internals didn't find user [kobile$]!
[2004/10/14 10:44:36, 3]
rpc_server/srv_samr_nt.c:_samr_create_user(2251)
  _samr_create_user: winbind_create_user(kobile$) failed

is that perhaps the problem? kobile is the machine attempting to join.

--
Jason Kawaja
http://www.ietf.org/rfc/rfc1855.txt
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba


Re: [Samba] Bad lockout attempt recorded 2x

2004-10-14 Thread Gerald (Jerry) Carter
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Jeremy Bender wrote:
| Thanks for input.  But before I file a bug report I
| was poking around and found what seemed to be a fix
| back in 3.0beta2.
|
| http://www.linux.israel.net/samba/whatsnew/samba-3.0.0rc1.html
| Section: Changes since 3.0beta2 bullet number 6.
|
| Is this the same issue?
No.  That's unrelated.



cheers, jerry
- -
Alleviating the pain of Windows(tm)  --- http://www.samba.org
GnuPG Key- http://www.plainjoe.org/gpg_public.asc
If we're adding to the noise, turn off this song--Switchfoot (2003)
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.2.4 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFBbpNEIR7qMdg1EfYRAjj8AJ42j+bYf6Bf0XKty5aJEfhMgolXrgCg0I81
HwTHhxL/QD8Qxyr138P1OgQ=
=ATBE
-END PGP SIGNATURE-
--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba


RE: [Samba] Can't join domain - no message

2004-10-14 Thread smg
The IP has been changed for security, but yes it's correct.

The fact that no message is given is the problem - no message either way.
I've setup Samba loads of times and seen successes ans fails at this point,
but never nothing.  The same happened originally when I tried installing
Samba 3.  I installed this version as I knew is was working on another
system with the same O/S level.

This is why I'm stuck.

Regards,

Stuart

-Original Message-
From: Gerald (Jerry) Carter [mailto:[EMAIL PROTECTED]
Sent: 14 October 2004 15:37
To: Stuart Manning
Cc: [EMAIL PROTECTED]
Subject: Re: [Samba] Can't join domain - no message




***
Gold Medal Travel E Mail disclaimer

This e-mail contains proprietary information some or all of which may 
be legally privileged.  It is for the intended recipient only.  If an
addressing or transmission error has misdirected this e-mail, please 
notify the author by replying to this e-mail.  If you are not the 
intended recipient you must not use, disclose, distribute, copy, print or
rely on this e-mail.
***


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

[EMAIL PROTECTED] wrote:
| Output from smbpasswd with debug level 10:
|
| ./smbpasswd -D 10 -j DOMAINNAME -r PDC -U username
| Password:

| Connecting to 172.8.8.8 at port 445
|
| As you can see, no message to say domain joined
| or not

You should get some configmarion such as joined domain BLAH
Is that IP address corret ?  Does smbpasswd every connect ?
The log file shouldn't just stop.  There should be a lot
more information after that last line.






cheers, jerry
- -
Alleviating the pain of Windows(tm)  --- http://www.samba.org
GnuPG Key- http://www.plainjoe.org/gpg_public.asc
If we're adding to the noise, turn off this song--Switchfoot (2003)
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.2.4 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFBbo8eIR7qMdg1EfYRAnqOAKDmgJmy2x44Wr59ecKftbJa7GQESgCgyGhv
GYJF+vpcYEdJ2ybTZq/BP5U=
=DUPc
-END PGP SIGNATURE-
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba


RE: [Samba] Can't join domain - no message

2004-10-14 Thread smg
Now I'm confused!

If it is ending with no message either way, I guessed smbpasswd must be
aborting somehow, but not giving STDERR, so I just did a truss on smbpasswd.
It worked! ...giving the messge Joing Domain.

Tried again normally, but same result - no passwd.

Started samba, connected fine.

The end result has been achieved - ie samba working, but not sure why join
failed until I ran it under truss.

Anyone any ideas?

Thanks for your reply Jerry, I guess it got me to think about the problem
from another angle.

Regards,

Stuart

-Original Message-
From: Gerald (Jerry) Carter [mailto:[EMAIL PROTECTED]
Sent: 14 October 2004 15:37
To: Stuart Manning
Cc: [EMAIL PROTECTED]
Subject: Re: [Samba] Can't join domain - no message




***
Gold Medal Travel E Mail disclaimer

This e-mail contains proprietary information some or all of which may 
be legally privileged.  It is for the intended recipient only.  If an
addressing or transmission error has misdirected this e-mail, please 
notify the author by replying to this e-mail.  If you are not the 
intended recipient you must not use, disclose, distribute, copy, print or
rely on this e-mail.
***


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

[EMAIL PROTECTED] wrote:
| Output from smbpasswd with debug level 10:
|
| ./smbpasswd -D 10 -j DOMAINNAME -r PDC -U username
| Password:

| Connecting to 172.8.8.8 at port 445
|
| As you can see, no message to say domain joined
| or not

You should get some configmarion such as joined domain BLAH
Is that IP address corret ?  Does smbpasswd every connect ?
The log file shouldn't just stop.  There should be a lot
more information after that last line.






cheers, jerry
- -
Alleviating the pain of Windows(tm)  --- http://www.samba.org
GnuPG Key- http://www.plainjoe.org/gpg_public.asc
If we're adding to the noise, turn off this song--Switchfoot (2003)
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.2.4 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFBbo8eIR7qMdg1EfYRAnqOAKDmgJmy2x44Wr59ecKftbJa7GQESgCgyGhv
GYJF+vpcYEdJ2ybTZq/BP5U=
=DUPc
-END PGP SIGNATURE-
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba


[Samba] [PATCH] smbfs: smbfs do not honor uid, gid, file_mode and dir_mode supplied by user mount

2004-10-14 Thread Haroldo Gamal
Hi,
This patch fixes Samba Bugzilla Bug 999. The last version (2.6.8.1) of 
smbfs kernel module do not honor uid, gid, file_mode and dir_mode 
supplied by user during mount. This bug is also logged as Kernel Bug 
Tracker Bug 3330.  I think this stuff is related to the unix 
extensions.  This patch offers to the client side the opportunity to 
decide to use or not those extensions.  To fully work, some 
modifications are needed to samba smbmount.c and smbmnt.c files. Those 
patches are available at  Samba and Kernel Bug Tracker pages (Bug 999). 
After those patches, if the user do not supply any of the parameters 
above, the uid, gid, file_mode and dir_mode on the server will be used 
by the client.

I have  submitted this before, but I've got no answer. This is the last 
time. If it have no value, please send me a note.

Thank you in advance,
Haroldo Gamal
PS: Thank you Randy.
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Samba setup with Winbind connecting to NT4 PDC - Login isnow Slow...

2004-10-14 Thread Eric Murray

-|  PDC - Login isnow Slow...
-|  
-|  winbind enum users = yes
-|  winbind enum groups = yes
remove those two...

Mit freundlichem Gruß,
 

Couple of more things I found...
I tried removing my Linux Server from the NT domain and readding it as 
per a couple websites.  The linux server shows Joine Domain  so 
that looks good.
But on the NT server in the event log I get a Event Id 5722 saying :
- The session setup from the computer X failed to authenticate.
The name of the account referenced in the security database is XX$. 
the following error occured.
Access is denied.
- Shortly after that there is another event ID 5723 which is saying that 
there is no TRUST ACCOUNT reference in the database.

I'm confused with the fact that my linux server Joined the domain and is 
not running it's own domain so I don't have to add it to the Trust 
relationships, I tried but of course it said could not find domain 
(Because it isn't one)

Is there a step i'm missing that I should have added a trust account or 
something else to make it work, the shares are seen, everything works 
but my login is slow and that is from a timeout of 1 miliseconds 
becuase it's trying to resolve something.

Confused.
Thanks for all your help!
Eric
--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba


[Samba] Re: Trust between two samba domains

2004-10-14 Thread Igor Belyi
Please, read carefuly Samba doc regarding Interdomain Trust:
http://www.samba.org/samba/docs/man/Samba-HOWTO-Collection/InterdomainTrusts.html
Interdomain trust implies that one Domain will trust another that a user 
logged into it correctly. Your assumption that user from one Domain 
should be able to login into another is incorrect. Users from DomainA 
should login into DomainA but will be able to use resources of the 
DomainB if DomainB trust DomainA.

Hope it helps,
Igor
opk Bronislav wrote:
Hi,
I posted my problem to list but nobody answerd me. I have found a solution of
netsamlogon_cache.tdb but still I have a problem with authentication. I have
changed a smb.conf files. 
servera:
[global]
   workgroup = DOMAINA
   netbios name = SERVERA
   security = user
   passdb backend = smbpasswd
   local master = yes
   domain logons = yes
   os level = 33
   domain master = yes
   preferred master = yes
   log level = 3 
   allow trusted domains = yes
   wins support = yes
[netlogon]
   comment = Network Logon Service
   path = /var/lib/samba/netlogon
   read only = yes
[Documents]
   comment = Dokumenty
   path = /export/documents
   writeable = yes
   browseable = yes
   guest ok = yes 

serverb:
[global]
   workgroup = DOMAINB
   netbios name = SERVERB
   security = user
   passdb backend = smbpasswd
   local master = yes
   domain logons = yes
   os level = 33
   domain master = yes
   preferred master = yes
   log level = 3 
   allow trusted domains = yes
   wins support = yes
[netlogon]
   comment = Network Logon Service
   path = /var/lib/samba/netlogon
   read only = yes
[Documents]
   comment = Dokumenty
   path = /export/documents
   writeable = yes
   browseable = yes
   guest ok = yes 


loga:
[2004/10/13 16:40:21, 3] rpc_server/srv_pipe.c:api_rpcTNP(1541)
  api_rpcTNP: rpc command: NET_SAMLOGON
[2004/10/13 16:40:21, 3] rpc_server/srv_netlog_nt.c:_net_sam_logon(613)
  SAM Logon (Interactive). Domain:[DOMAINA].  User:[EMAIL PROTECTED] Requested
Domain:[DOMAINB]
[2004/10/13 16:40:21, 3] smbd/sec_ctx.c:push_sec_ctx(256)
  push_sec_ctx(65534, 65534) : sec_ctx_stack_ndx = 1
[2004/10/13 16:40:21, 3] smbd/uid.c:push_conn_ctx(365)
  push_conn_ctx(100) : conn_ctx_stack_ndx = 0
[2004/10/13 16:40:21, 3] smbd/sec_ctx.c:set_sec_ctx(288)
  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2004/10/13 16:40:21, 3] smbd/sec_ctx.c:pop_sec_ctx(386)
  pop_sec_ctx (65534, 65534) - sec_ctx_stack_ndx = 0
[2004/10/13 16:40:21, 3] auth/auth.c:check_ntlm_password(219)
  check_ntlm_password:  Checking password for unmapped user
[EMAIL PROTECTED] with the new password interface
[2004/10/13 16:40:21, 3] auth/auth.c:check_ntlm_password(222)
  check_ntlm_password:  mapped user is: [EMAIL PROTECTED]
[2004/10/13 16:40:21, 3] smbd/sec_ctx.c:push_sec_ctx(256)
  push_sec_ctx(65534, 65534) : sec_ctx_stack_ndx = 1
[2004/10/13 16:40:21, 3] smbd/uid.c:push_conn_ctx(365)
  push_conn_ctx(100) : conn_ctx_stack_ndx = 0
[2004/10/13 16:40:21, 3] smbd/sec_ctx.c:set_sec_ctx(288)
  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2004/10/13 16:40:21, 3] smbd/sec_ctx.c:pop_sec_ctx(386)
  pop_sec_ctx (65534, 65534) - sec_ctx_stack_ndx = 0
[2004/10/13 16:40:21, 3] smbd/sec_ctx.c:push_sec_ctx(256)
  push_sec_ctx(65534, 65534) : sec_ctx_stack_ndx = 1
[2004/10/13 16:40:21, 3] smbd/uid.c:push_conn_ctx(365)
  push_conn_ctx(100) : conn_ctx_stack_ndx = 0
[2004/10/13 16:40:21, 3] smbd/sec_ctx.c:set_sec_ctx(288)
  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2004/10/13 16:40:21, 3] smbd/sec_ctx.c:pop_sec_ctx(386)
  pop_sec_ctx (65534, 65534) - sec_ctx_stack_ndx = 0
[2004/10/13 16:40:21, 3] libsmb/namequery_dc.c:rpc_dc_name(145)
  rpc_dc_name: Returning DC SERVERB (192.168.100.11) for domain DOMAINB
[2004/10/13 16:40:21, 3] libsmb/cliconnect.c:cli_start_connection(1376)
  Connecting to host=SERVERB
[2004/10/13 16:40:21, 3] lib/util_sock.c:open_socket_out(752)
  Connecting to 192.168.100.11 at port 445
[2004/10/13 16:40:21, 3] auth/auth_util.c:make_server_info_info3(1114)
  User bronasek does not exist, trying to add it
[2004/10/13 16:40:21, 0] auth/auth_util.c:make_server_info_info3(1122)
  make_server_info_info3: pdb_init_sam failed!
[2004/10/13 16:40:21, 2] auth/auth.c:check_ntlm_password(312)
  check_ntlm_password:  Authentication for user [bronasek] - [bronasek] FAILED
with error NT_STATUS_NO_SUCH_USER
[2004/10/13 16:40:21, 3] rpc_server/srv_pipe_hnd.c:free_pipe_context(544)
  free_pipe_context: destroying talloc pool of size 6274
[2004/10/13 16:40:21, 3] smbd/pipes.c:reply_pipe_write_and_X(199)
  writeX-IPC pnum=73cc nwritten=336
[2004/10/13 16:40:21, 3] smbd/process.c:process_smb(1092)
  Transaction 39 of length 63
[2004/10/13 16:40:21, 3] smbd/process.c:switch_message(887)
  switch message SMBreadX (pid 10156) conn 0x83d8040
[2004/10/13 16:40:21, 3] smbd/pipes.c:reply_pipe_read_and_X(242)
  readX-IPC pnum=73cc min=1024 max=1024 nread=96 

logb:
[2004/10/13 16:17:06, 3] rpc_server/srv_netlog_nt.c:_net_sam_logon(620)
  SAM Logon (Network). 

Re: [Samba] ADS valid users can't map share

2004-10-14 Thread Greg Adams
Yeah, that solved the problem for valid users. Thanks.

However, I now have a different problem. The same kind of logic should
apply to the username map, right? But it doesn't seem to.


smb.conf:
*
[global]

workgroup = EDSADDDM
realm = EDSADDDM.DDM.APM.BPM.EDS.COM

server string = Maul Test Server

log level = 2

max log size = 100

security = ADS

local master = no

os level = 0

domain master = no

preferred master = no

wins server = 199.42.192.103
dns proxy = no

encrypt passwords = yes

idmap uid = 6-7
idmap gid = 8-9

winbind enum users = yes
winbind enum groups = yes

winbind separator = +

winbind use default domain = no

username map = /opt/samba/lib/username.map

[space]
comment = Space Partition Share
path = /space
writable = yes
browsable = yes
*

username.map:

*
!grega = EDSADDDM+imguser
*


If I map the share from my Windows XP client as EDSADDDM\imguser, it
doesn't do the mapping. I get the following messages in log.smbd:
*
[2004/10/14 09:57:39, 2] smbd/sesssetup.c:setup_new_vc_session(608)
  setup_new_vc_session: New VC == 0, if NT4.x compatible we would
close all old resources.
  open_sockets_smbd: accept: Software caused connection abort
[2004/10/14 09:57:39, 2] smbd/sesssetup.c:setup_new_vc_session(608)
  setup_new_vc_session: New VC == 0, if NT4.x compatible we would
close all old resources.
[2004/10/14 09:57:40, 2] auth/auth.c:check_ntlm_password(305)
  check_ntlm_password:  authentication for user [imguser] - [imguser]
- [EDSADDDM+imguser] succeeded
[2004/10/14 09:57:40, 1] smbd/service.c:make_connection_snum(648)
  mule (199.42.192.45) connect to service space initially as user
EDSADDDM+imguser (uid=60001, gid=8) (pid 25694)
*

and if I create a new file it gets the following ownership/permission:

*
# ls -l /space/tmp
total 0
-rwxr--r--   1 nobody   EDSADDDM+Domain Users   0 Oct 14 09:59 New
Text Document.txt
*

However, if I change username.map to the following and restart Samba:

*
!grega = imguser
*

The username map does what I think it should... The permissions on the
created file are as follows:

*
# ls -l /space/tmp
total 0
-rwxr--r--   1 gregaeng0 Oct 14 10:01 New Text Document.txt
*

So... it appears that the username map is not using the domain information. 

Any ideas on this one??


Greg Adams


On Tue, 12 Oct 2004 20:51:35 -0700, Doug VanLeuven [EMAIL PROTECTED] wrote:
 
 
 Greg Adams wrote:
 
 winbind separator = +
 
 winbind use default domain = no
 
 [space]
 comment = Space Partition Share
 path = /space
 writable = yes
 browsable = yes
 valid users = EDSADDDM\imguser
 
 
 
 Maybe it should be EDSADDDM+imguser ?
 
 Any ideas?
 
 
 Hope that helps.
 
 Regards, Doug
 

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba


[Samba] non-local accounts...

2004-10-14 Thread Michael J Wilson
I am having problems, can join domain, add users, etc, etc no problem 
using samba 3.0.6 and ldap 2.2.17, have the ldap working fine with samba.

The problem is that I cannot get this to work without having local unix 
accounts.  We are setting up a domain between 32 locations  (zero 
budget) , and of course want to just have our ldap directory replicate 
itself, not have to add local users.  Totally unix pdc/bdcs, not active 
directory at all.  

What is the easiest way to add ldap users without having to add local 
accounts as well?  smbldap-tools is giving me
failed to perform search; No such object at 
/usr/local/sbin//smbldap_tools.pm line 229, DATA line 283
errors, even though the conf files seem correct in every which way.

Any help would be appreciated.
MIke
--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba


[Samba] Re: Samba 3.0.7 adding machines. Wrong primary group.

2004-10-14 Thread Igor Belyi
I have a strange feeling that the clue is in the server-manager since 
I don't use it to join domain at all.

I have Debian/unstable x86 Linux 2.6.7 Samba 3.0.7 as a PDC.
Workstation is WinXP Pro SP1.
To join domain I just go into System Properties/Computer Name/Change... 
and put Domain name in the Member of/Domain: field. Then I click Ok, 
put Domain administrator's name and password in popuped Computer Name 
Changes window, and click Ok again. After getting Welcome to DOMAIN 
domain. and You must restart this computer for the changes to take 
effect. popups I reboot and have computer as a domain member.

Do you join domain some other way?
Igor
Michael Liebl wrote:
Am Mittwoch, den 13. Oktober 2004 schrubte Igor Belyi:

Using:  Debian/unstable x86 Linux 2.6.5
Samba:  Version 3.0.7-Debian
Interesting case... The request comes from Windows to update machine 
account with a bunch of new values and in this request RID of the 
primary group for the account (group_rid) is listed as 513 (0x201).

If you look at the 'fields_present' in the request you will notice that 
it requests almost all information to be updated - 09f827fa (this is a 
bitwise mask of fields to be updated). When I add a computer in my 
domain I have it only '00c4 fields_present : 0112'. Note, that on 

How do you add? Details welcome.

So, I suspect the problem is somewhere on Windows side. I haven't found 
any Domain Policy requiring all accounts to be in Domain Users group 
which is the only thing which comes to my mind as a probably cause for 
the problem.

Strange. @home I have WinXP SP1 only, with standard server-manager from
the WinNT4 Resource Kit.
At the customer we have W2K with a unknown server-manager, but same
results @ samba 3.0.7 on RH box.

I hope somebody having more experience with different Domain/Windows 
configurations can help in this case.

May I install an old samba 3.0.1 to test that?
--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba


[Samba] Re: Printer Device Modes

2004-10-14 Thread Igor Belyi
Gerald (Jerry) Carter wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Ryan Suarez wrote:
| Greetings Admins,
|
| The howto details setting the device mode using a windows client:
|
http://us4.samba.org/samba/docs/man/Samba-HOWTO-Collection/printing.html#id2552900 

|
|
| Is there a way to script this process?  We support 260+ printers and
| it's a pain in the ass.  (My wrist is hurting!)
There is actually. You can store default initialization
data for each printer driver and then a printer will
get this information assigned when it is bound to the
driver.
What you do is to set a printer bound to the driver in
quetion to be like you want it and the send a SetPrinterData()
call to set the registry value named _p_f_a_n_t_0_m_
(type REG_BINARY) to some arbitrary value.  The value doesn't
really matter.  This tells smbd to save a snapshot of that
printer's data as the default initialization data for that
driver.
Then when you bind a new printer to the same driver, it will
be assigned that get that initialization data.
Hope this helps.
Jerry, can you cut  paste what you just said into 
Samba-HOWTO-Collection? :o)

Igor
--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba


[Samba] VSS and Samba

2004-10-14 Thread Sim, Charles
Did you ever find a solution for using a linux working directory with
VSS?
 
Thanks,
Charles
--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba


[Samba] Re: Authentication woes

2004-10-14 Thread Igor Belyi
Can you also provide smbd log showing the error message during your 
attempts?

Igor
Brian Witowski wrote:
Hello,
I have a perplexing problem.  Im running Mandrake 10.0 and samba 3.0 setup
as a domain controller.  My client machines are XP Pro.  I can join the
domain and my Homes directory connects as it should.  But that's all I can
do.  I have other shares that I can't access.  For instance, I have a
downloads share.  Ive tried every conceivable setting but when I try to
access that share, it prompts for my username and password.  I enter it but
it doesn't take.  It just asks again.  I've tried different logins and get
the same result.  Ive tried setting guest=yes and that didn't help. Ive set
the attributes to 777 and that didn't help.
Evidently it doesn't see my netlogon share either because my logon script
never runs.  Ive included my samba.conf for inspection.  Keep in mind this
is only one of MANY configurations I've tried.  Any help would be greatly
appreciated.
Brian
---
# Samba config file created using SWAT
# from 0.0.0.0 (0.0.0.0)
# Date: 2004/10/07 07:23:18
# Global parameters
[global]
workgroup = PYRAMID
netbios name = SERVER
interfaces = eth1, lo
bind interfaces only = Yes
username map = /etc/samba/smbusers
log level = 31
syslog = 0
log file = /var/log/samba/%m
max log size = 50
smb ports = 139 445
name resolve order = wins bcast hosts
time server = Yes
add user script = /usr/sbin/useradd -m %u
delete user script = /usr/sbin/userdel -r %u
add group script = /usr/sbin/groupadd %g
delete group script = /usr/sbin/groupdel %g
add user to group script = /usr/sbin/usermod -G %g %u
add machine script = /usr/sbin/useradd -s /bin/false -d /dev/null %u
shutdown script = /var/lib/samba/scripts/shutdown.sh
abort shutdown script = /sbin/shutdown -c
logon script = \\%L\netlogon\default.bat
logon path = \\server\profiles\%U
logon drive = X:
logon home = \\%L\%U
domain logons = Yes
ldap ssl = no
default service = Downloads
winbind use default domain = Yes
[downloads]
path = /mnt/hda3/downloads
read only = No
create mask = 0777
force create mode = 0777
directory mask = 0777
force directory mode = 0777
[netlogon]
comment = Network Logon Service
path = /mnt/hda3/home/netlogon
read only = No
[brianw]
path = /mnt/hda3/home/brianw
read only = No
guest ok = Yes
[laptop]
path = /home/laptop
read only = No
guest ok = Yes
[profiles]
path = /mnt/hda3/home/samba/profiles
read only = No
guest ok = Yes
[homes]
path = /mnt/hda3/home
read only = No
[jan]
path = /mnt/hda3/home/jan
--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba


Re: [Samba] non-local accounts...

2004-10-14 Thread Matthias Spork
Michael J Wilson schrieb:
I am having problems, can join domain, add users, etc, etc no problem 
using samba 3.0.6 and ldap 2.2.17, have the ldap working fine with samba.

The problem is that I cannot get this to work without having local 
unix accounts.  
Every Samba-User must have a Unix-Account, but you can manage Local- and 
Sambaaccounts in one LDAP-Tree.

What is the easiest way to add ldap users without having to add local 
accounts as well? 
In the most Samba-LDAP-PDC-HowTo's you can read, that you have to 
authenticate the Unix AND the Samba by one LDAP-Tree.
The LDAP-Tree manage every Unix and Samba-Account in one container.

Please look at this:
http://samba.idealx.org/smbldap-howto.en.html
I use the web-based-Software LAM (http://lam.sourceforge.net/) to manage 
my 500 Unix- and Sambaccount Users.

matze
--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba


[Samba] Alerta de Vírus

2004-10-14 Thread nao_responda
 A L E R T A   D E   V Í R U S

  Esta é uma mensagem automática, não é preciso respondê-la!

  O servidor de e-mails da SitePlanet encontrou vírus no e-mail
  que você enviou para mcontabi.
  Por medida de segurança, o e-mail não foi entregue!
  Remova o vírus e envie o e-mail novamente.

  ATENÇÃO: Caso você não tenha enviado tal e-mail, por favor,
  desconsidere este alerta.

  Para sua referência, seguem os cabeçalhos do seu e-mail:

- INICIO DOS CABEÇALHOS -
Return-Path: [EMAIL PROTECTED]
Received: from mutter.com.br ([200.219.166.116])
by jupter.siteplanet.com.br (8.12.11/8.12.11) with SMTP id i9EIwrdu015826
for [EMAIL PROTECTED]; Thu, 14 Oct 2004 15:58:54 -0300
Message-Id: [EMAIL PROTECTED]
From: [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Subject: Sua saude esta bem?
Date: Thu, 14 Oct 2004 15:32:06 -0300
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary=46125860
X-AntiVirus: scanned for viruses by SitePlanet
--- FIM DOS CABEÇALHOS --

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba


[Samba] Alerta de Vírus

2004-10-14 Thread nao_responda
 A L E R T A   D E   V Í R U S

  Esta é uma mensagem automática, não é preciso respondê-la!

  O servidor de e-mails da SitePlanet encontrou vírus no e-mail
  que você enviou para tejada.
  Por medida de segurança, o e-mail não foi entregue!
  Remova o vírus e envie o e-mail novamente.

  ATENÇÃO: Caso você não tenha enviado tal e-mail, por favor,
  desconsidere este alerta.

  Para sua referência, seguem os cabeçalhos do seu e-mail:

- INICIO DOS CABEÇALHOS -
Return-Path: [EMAIL PROTECTED]
Received: from mutter.com.br ([200.219.166.116])
by jupter.siteplanet.com.br (8.12.11/8.12.11) with SMTP id i9EIwrdu015826
for [EMAIL PROTECTED]; Thu, 14 Oct 2004 15:58:54 -0300
Message-Id: [EMAIL PROTECTED]
From: [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Subject: Sua saude esta bem?
Date: Thu, 14 Oct 2004 15:32:06 -0300
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary=46125860
X-AntiVirus: scanned for viruses by SitePlanet
--- FIM DOS CABEÇALHOS --

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba


[Samba] Getting errors while running Samba 3.0.7 with ADS security mode under MIT Kerberos

2004-10-14 Thread Melfi . Marcello
Hi,
 
I compiled Samba 3.0.7, MIT Kerberos 1.3.5 and OpenLDAP 2.2.17. I did not
notice any errors during compilation. I searched and found the #define
HAVE_LDAP 1 and #define HAVE_KRB5 1 statements in the config.h file of Samba
3.0.7's include dir. So, ADS should be supported in the compiled Samba 3.0.7
version.
 
Here is what I did up to now. As described in the How-To Samba doc, I
created the /etc/krb5.conf file and I ran the kinit [EMAIL PROTECTED]
command. I had to provide the password for USERNAME.

When I run the klist command, I get the following output:

*
Ticket cache: FILE:/tmp/krb5cc_0 FILE:/tmp/krb5cc_0 
Default principal: [EMAIL PROTECTED] 

Valid starting ExpiresService principal 
10/08/04 15:57:48  10/09/04 01:59:26  krbtgt/REALM@REALM 
renew until 10/09/04 15:57:48

Kerberos 4 ticket cache: /tmp/tkt0
klist: You have no tickets cached
*

Is it OK or should I see more then just the TGT ticket?

My understanding is that I ran the kinit command just to make sure that
Kerberos was working between the Win2K3 server and the Samba machine. Am I
right?

Then, I joined successfully the Samba machine to the Win2K3 server's domain
with the net ads join -U Administrator%password command.

After starting Samba (i.e. only the smbd and nmbd processes), I tried to map
a Samba share from a Windows XP Pro workstation from which I was already
logged in with a user account defined in the Win2K3 server's domain.

The first try (i.e. after a reboot of the workstation so that the cache was
cleared) never works! At that point, a username/password box opened and I
entered the username and password information of that same user I was logged
in and it worked. It looks like the password was not OK the first time (I
did the map from a Windows CMD console to get the error message)... When I
look at the Samba log for that workstation (log=0 ... sorry!), I noticed the
following error messages:

*
[2004/10/08 17:31:34, 0] lib/util_sock.c:get_peer_addr(1000) 
  getpeername failed. Error was Transport endpoint is not connected 
[2004/10/08 17:31:34, 0] lib/util_sock.c:write_socket_data(430)

  write_socket_data: write failure. Error = Broken pipe [2004/10/08
17:31:34, 0] lib/util_sock.c:write_socket(455)
  write_socket: Error writing 4 bytes to socket 24: ERRNO = Broken 
pipe [2004/10/08 17:31:34, 0] lib/util_sock.c:send_smb(647)

  Error writing 4 bytes to client. -1. (Broken pipe)
*

When the Samba share was established, it seemed to work OK.

But today, I changed the log setting (i.e. log=2), I repeated the same steps
and I noticed that there were some additional messages about NTLM being used
the second time (i.e. after the username/password box)...

See the following Samba log output:

*
[2004/10/13 16:01:57, 2] smbd/sesssetup.c:setup_new_vc_session(608) 
  setup_new_vc_session: New VC == 0, if NT4.x compatible we would 
close all old resources. [2004/10/13 16:01:58, 1] 
smbd/sesssetup.c:reply_spnego_kerberos(250)
  Username DEV-TESTAD.HYDRO.QC.CA\mv90ddmexp02$ is invalid on this 
system
[2004/10/13 16:01:58, 2] smbd/sesssetup.c:setup_new_vc_session(608) 
  setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all
old resources. 
[2004/10/13 16:01:58, 2] smbd/service.c:make_connection_snum(314) 
  user 'qc' (from session setup) not permitted to access this share
(ddm_mv90data) 
[2004/10/13 16:01:58, 2] smbd/server.c:exit_server(571) 
  Closing connections 
[2004/10/13 16:02:13, 0] lib/util_sock.c:get_peer_addr(1000) 
  getpeername failed. Error was Transport endpoint is not connected 
[2004/10/13 16:02:13, 0] lib/util_sock.c:write_socket_data(430) 
  write_socket_data: write failure. Error = Broken pipe 
[2004/10/13 16:02:13, 0] lib/util_sock.c:write_socket(455) 
  write_socket: Error writing 4 bytes to socket 24: ERRNO = Broken pipe 
[2004/10/13 16:02:13, 0] lib/util_sock.c:send_smb(647) 
  Error writing 4 bytes to client. -1. (Broken pipe) 
[2004/10/13 16:02:13, 2] smbd/server.c:exit_server(571) 
  Closing connections 
[2004/10/13 16:02:13, 2] libsmb/namequery.c:name_query(492) 
  Got a positive name query response from 10.6.1.103 ( 10.6.1.103 ) 
[2004/10/13 16:02:13, 2] auth/auth.c:check_ntlm_password(305) 
  check_ntlm_password:  authentication for user [QC] - [ddmuser] -
[ddmuser] succeeded 
[2004/10/13 16:02:13, 1] smbd/service.c:make_connection_snum(648) 
  mv90ddmexp02 (10.4.114.22) connect to service ddm_mv90data initially as
user ddmuser (uid=40147, gid=30013) (pid 4162)
*

From that, I can only guess that when I try to map the Samba share from the
Windows XP Pro workstation, it fails and Samba seems to revert to the NTLM
authentication... Is that possible?

Here is my krb5.conf file:


Re: [Samba] NTFS ACLs - access denied

2004-10-14 Thread Matías Barletta
SuSE 9.1 Pro - Samba 3.0.7  - Reiserfs ACL is supported by default..
getfsacl setfsacl works great. 
thanks


On Thu, 2004-10-14 at 09:00 -0500, Gerald (Jerry) Carter wrote:

 -BEGIN PGP SIGNED MESSAGE-
 Hash: SHA1
 
 Matas Barletta wrote:
 | People, I had gone panic... there is no way to migrate
 | Files from my NT 4, to the Samba BDC Server. I had vampired
 | all the users. but still I get access denied in robocopy
 | when it tries to copy the NTFS Security.
 |
 | Any Idea what could it be??
 |
 | I swear to god, that I will share a bit of my salary
 | to solve this out!! 2 weeks fighting and going throw forums,
 | and this weekend my boss will go with win2000 if I dont
 | find a solution!!
 
 What version of Samba ?  We'll need a lot more details.
 
 
 
 
 
 cheers, jerry
 - -
 Alleviating the pain of Windows(tm)  --- http://www.samba.org
 GnuPG Key- http://www.plainjoe.org/gpg_public.asc
 If we're adding to the noise, turn off this song--Switchfoot (2003)
 -BEGIN PGP SIGNATURE-
 Version: GnuPG v1.2.4 (GNU/Linux)
 Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
 
 iD8DBQFBboaBIR7qMdg1EfYRAm7QAJ9GCaJ57Y7ruymLyxeX/ycTjMU3OACgt4hX
 CoW9En0CexPh6GnQYse19VQ=
 =xYOW
 -END PGP SIGNATURE-
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba


RE: [Samba] Cannot receive files from server 3.0.7 to W2K

2004-10-14 Thread Jim Canfield
Just FYI: 

This fixed file w2k file lock ups on my Gentoo installaion too. 

 -Original Message-
 From: [EMAIL PROTECTED] 
 [mailto:[EMAIL PROTECTED] 
 On Behalf Of Holger Krull
 Sent: Wednesday, October 13, 2004 4:50 PM
 To: Aymeric Berrendonner
 Cc: [EMAIL PROTECTED]
 Subject: Re: [Samba] Cannot receive files from server 3.0.7 to W2K
 
 Standard Debian Response, third time this day.
 Try adding
 use sendfile = no
 to global section.
 
 --
 To unsubscribe from this list go to the following URL and read the
 instructions:  http://lists.samba.org/mailman/listinfo/samba

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba


[Samba] Any way to use Samba 2.2 with OpenLDAP directory using Samba 3 schema?

2004-10-14 Thread Jason Joines
	I'm in the process of upgrading OpenLDAP from 2.0 to 2.2 and many Samba 
servers from 2.2 to 3.0 over the course of several weeks.  I have a test 
setup using Samba 3 against OpenLDAP 2.2 with the Samba 3 schema.
	I would like to be able to point all my existing Samba 2.2 servers at 
the new directory while they wait their turn to be upgraded.  I see that 
Samba 2.2 allows me to specify an alternative ldap filter so I can tell 
it to use ((uid=%u)(objectclass=sambaSamAccount)) instead of 
((uid=%u)(objectclass=sambaAccount)).  However, I would still need a 
way to point passwords at sambaNTPassword instead of ntpassword among 
other things?
	Any easy way to do this or should I just maintain two directories until 
the last box is upgraded?

Jason Joines
=
--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba


[Samba] Re: Any way to use Samba 2.2 with OpenLDAP directory using Samba 3 schema?

2004-10-14 Thread Jason Joines
Jason Joines wrote:
I'm in the process of upgrading OpenLDAP from 2.0 to 2.2 and many 
Samba servers from 2.2 to 3.0 over the course of several weeks.  I have 
a test setup using Samba 3 against OpenLDAP 2.2 with the Samba 3 schema.
I would like to be able to point all my existing Samba 2.2 servers 
at the new directory while they wait their turn to be upgraded.  I see 
that Samba 2.2 allows me to specify an alternative ldap filter so I can 
tell it to use ((uid=%u)(objectclass=sambaSamAccount)) instead of 
((uid=%u)(objectclass=sambaAccount)).  However, I would still need a 
way to point passwords at sambaNTPassword instead of ntpassword among 
other things?
Any easy way to do this or should I just maintain two directories 
until the last box is upgraded?

Jason Joines
=
	As an alternative, is it possible to enable both the Samba 2 and Samba 
3 schema in the same directory?

Jason
===
--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba


[Samba] rpcclient shutdown with -m

2004-10-14 Thread Flavio Fonseca
Hello,

  Am I posting this to the wrong list?

  I used the command rpcclient shutdowninit -m MESSAGE ... 
  to shutdown windows workstations and it used to work just fine.
  After an online update on the windows workstation the shutdown script 
stopped working.
  Trying the command manually I got this return error:
  result was NT code 0x0057

  when I cutoff -m MESSAGE from the script it works fine, but I can't display 
any message to the user on the workstation.

  anyone can help?
-- 
Att.

Flavio Fonseca
Administrador de Redes
Divisao de Redes
Universidade Federal de Uberlandia
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba


Re: [Samba] Samba ADS -- works with XP Pro, but not 2000 Pro

2004-10-14 Thread Doug VanLeuven
Gordon Hopper wrote:
# According to 
http://web.mit.edu/kerberos/www/krb5-1.2/krb5-1.2.8/doc/admin.html#SEC17
# the only supported encryption types are des3-hmac-sha1 and 
des-cbc-crc.
default_tkt_enctypes = des3-hmac-sha1 des-cbc-crc
default_tgs_enctypes = des3-hmac-sha1 des-cbc-crc
# However, 
http://lists.samba.org/archive/samba/2004-October/093761.html suggests:
# default_tgs_enctypes = des-cbc-crc des-cbc-md5
# default_tkt_enctypes = des-cbc-crc des-cbc-md5 

At the time, I was working from the MS KB article on permitted enctypes
http://support.microsoft.com/default.aspx?scid=kb;en-us;296842
and the IBM AIX security guide for authenticating to a 2000 ADS domain 
controller with an older version kerberos
http://publib16.boulder.ibm.com/doc_link/en_US/a_doc_lib/aixbman/security/securitytfrm.htm

It may very well be the only acceptable enctype is des-cbc-crc 
considering the limitation of that version of kerberos.  But MS seems to 
suggest the only acceptable ecntypes for AD are rc4-hmac, des-cbc-crc 
and des-cbc-md5

Regards, Doug
--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba


[Samba] Re: [PATCH] smbfs: smbfs do not honor uid, gid, file_mode and dir_mode supplied by user mount

2004-10-14 Thread Andrew Morton
Haroldo Gamal [EMAIL PROTECTED] wrote:

 This patch fixes Samba Bugzilla Bug 999. The last version (2.6.8.1) of 
 smbfs kernel module do not honor uid, gid, file_mode and dir_mode 
 supplied by user during mount.

I merged this into -mm when you first sent it.  See
ftp://ftp.kernel.org/pub/linux/kernel/people/akpm/patches/2.6/2.6.9-rc4/2.6.9-rc4-mm1/broken-out/smbfs-do-not-honor-uid-gid-file_mode-and-dir_mode-supplied.patch.

This latest patch seems to be significantly different from the earlier one.
What's up?
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba


[Samba] Re: [PATCH] smbfs: smbfs do not honor uid, gid, file_mode and dir_mode supplied by user mount

2004-10-14 Thread Haroldo Gamal
This is the same patch. As I do not receive any ack I sent it again...

On Thu, 2004-10-14 at 18:41, Andrew Morton wrote:
 Haroldo Gamal [EMAIL PROTECTED] wrote:
 
  This patch fixes Samba Bugzilla Bug 999. The last version (2.6.8.1) of 
  smbfs kernel module do not honor uid, gid, file_mode and dir_mode 
  supplied by user during mount.
 
 I merged this into -mm when you first sent it.  See
 ftp://ftp.kernel.org/pub/linux/kernel/people/akpm/patches/2.6/2.6.9-rc4/2.6.9-rc4-mm1/broken-out/smbfs-do-not-honor-uid-gid-file_mode-and-dir_mode-supplied.patch.
 
 This latest patch seems to be significantly different from the earlier one.
 What's up?
 -
 To unsubscribe from this list: send the line unsubscribe linux-kernel in
 the body of a message to [EMAIL PROTECTED]
 More majordomo info at  http://vger.kernel.org/majordomo-info.html
 Please read the FAQ at  http://www.tux.org/lkml/

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba


Re: [Samba] Samba3 By Example - Suggested Update (Correction?) And Two Winbind Defects

2004-10-14 Thread rruegner
Hi,
have you info if this bug will be fixed in the suse 9.2 which will 
arriving in a few weeks?
I am very wondering about that this patch is not disribute by suse
themselfes ( the novell case? ), if this is not getting fixed i will 
stop using suse cause in my oppinion they broke dns
Regards
Schlomo Schapiro schrieb:
Hi,
probably your problem was caused by SuSE's .local problem. They patched 
their glibc to do a multicast DNS lookup (AKA Apple ZeroConf) for all 
.local domains. A fix is supposed to come soon ( I pushed them to make one 
:-), but if you have support try to ask for it directly. Unfortunateley I 
am not allowed to distribute this patch myself.

Using IP Addresses only of course also serves as a workaround, but with 
DNS-rooted domains this is a pain in the ass.

Regards,
Schlomo
PS: Look for previous traffic on this list regarding SuSE 9.1
On Wed, 13 Oct 2004, L. Mark Stone wrote:

We were trying to build a SuSE 9.1 box in a lab as a Domain Member server in a 
Windows Active Directory domain where the AD server was running Windows 2000 
Server.

We found that the instructions in Chapter 9.3.3 were, at least in our case, 
incomplete.

The AD server was managing a private domain, so following the Windows 
Configure My Server wizard the domain was setup as smelug.local.

When we attempted to have the Linux box (running SuSE 9.1 (fully patched) with 
the Samba 3.0.7 rpm packages from the SuSE ftp site) join the domain, we got 
an error indicating the Linux box could not find the Kerberos server.

After Googling, we saw that others experiencing this problem had as the root 
cause either a DNS configuration problem or a misconfigured realm in 
krb5.conf.

We checked DNS on the W2K server and on the Linux box, added entries in the 
Linux and Windows hosts files, and then watched the packets go back and forth 
with Ethereal between the Windows 2K AD server and the SuSE box, but we still 
got the error. The two boxes were clearly exchanging packets, so we felt 
pretty good that we didn't have any DNS configuration errors.

Next, we undid all of the above changes, and simply edited the krb5.conf file 
to include the realm information and the IP:port info for the AD server. The 
join was successful now.

May I therefore suggest that configuring the krb5.conf file be added to 
Chapter 9.3.3 in S3BE?

Separately, we found two winbind errors during testing:
First, we found that winbind does not shut down cleanly during a reboot (we 
used the SuSE runlevel editor in YaST to have smb, nmb and winbind startup 
automagically during boot up). Winbind leaves /var/run/samba/winbindd.pid in 
place, which we must remove manually before we can start winbind. 

Second, even after starting/stopping/restarting winbind manually, wbinfo -u 
(and -g) do not work at first. We found we needed to run net ads info 
first, and then wbinfo -whatever would work just fine.

Please let me know if you would like me to file bugzilla reports on these 
errors, or if you would like more detail. We are not programmers so we don't 
know how to narrow this down further.

With best regards,
Mark
P.S. The lab machines are VMware 4.5.2 guests, running on a SuSE Linux 8.2 
host. We can make the virtual machine files available to you if you would 
like to run these machines locally for testing (assuming you have VMware and 
a Windows 2000 Server license).



--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba


[Samba] Join NT4 Domain.. Works but Event Log has error 5723...

2004-10-14 Thread Eric Murray
Hi,
I execute the net rpc join -S PDC -u account%password and it replys 
Joined Domain XXX and everything works good...

Samba Authenticates properly share works etc, etc...
My Login is SLOW but I tracked it down that I have a EventID on the NT 
Server saying there is no Trust account (Event ID 5723) and I also 
recieve a error on startup Event ID 5722 which is Access Denied because 
of the trust account message that followes.

Is there something in samba that I have to configure to shutoff a 
feature such as sign or seal etc in the smb.conf file.  I read if you 
get this problem on XP joining a NT4 domain you need to do that.

Looking for suggestions as once I fix this my login should be back to 
normal.

Thanks,
Eric
--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba


Re: [Samba] Roaming Profile Folder Redirection Problems

2004-10-14 Thread Rich Edelman
Sorry about the top post...

John and list... 

I have figured out what my problem was with Chaper 6 of Samba 3 By Example. 
Table 6.3 (page 167 of the print copy) has some incorrect values. That table 
says to set the Cache directory key, for example, to: 
\\%LOGONSERVER%\profdata\%USERNAME%\InternetFiles

That is incorrect! The leading \\ characters cause the profile path to be 
unreachable, as I believe the path would then expand to:
SMB-PDC\profdata\testuser\InternetFiles. Removing the two leading \ 
characters fixed all my problems on both Windows 2000 and XP. 

Both the print versions and the web versions of Samba 3 By Example have this 
typo in multiple places in section 6.6.1. (Step 3 under Redirect Folders In 
Default User Profile has it as an example of a network redirection that 
contains a macro, as well as the aforementioned Table 6.3 errors.)

The web version of TOSHARG, Chapter 23, does not contain this error and is 
what led me to figuring out what I was going incorrectly.

Rich Edelman

On Sunday 10 October 2004 09:43 pm, John H Terpstra wrote:
 Rich,

 I have seen a number of reports of problems with the procedure I outlined
 in the book. Rest assured that this was well tested prior to publication.
 Additionally, there are some large sites in Europe that use roaming
 profiles in precisely this fashion.

 That leaves us with the problem of the need to identify what you have done
 that is different, or to identify what is different in your client Windows
 configuration.

 I regret that at this time I do not have time to assist you further,
 however I am keen to hear of any progress you make in solving the issue and
 would much appreciate any comments that can be added to the chapter to help
 others to avoid your pain.

 Cheers,
 John T.

 On Sunday 10 October 2004 13:19, Rich Edelman wrote:
  I'm running Samba 3.0.7 on SuSE 9.1 with OpenLDAP for auth.
 
  I've been mostly following along Terpstra's Book Samba 3 By Example, as
  lots of other people here have been.
 
  The three big problems I'm having are:
  1) After a Windows XP user logs out for the first time, upon next login
  they get an error message saying Windows cannot log you in because your
  profile cannot be loaded. Deleting the NTUSER.DAT file for that user
  allows that user to log in again.
 
  2) It doesn't appear like the default user profile (located
  in /var/lib/samba/netlogon/Default User/) is getting used for anything,
  as when I log in for the first time and view the registry any changes
  that I made for the default user are not there!
 
  3) This one will probably be solved by #2 above, but whenever a user logs
  out, there is that stupid 'synchronizing' window, even though all profile
  folders have been redirected to a network drive. Why?
 
  Any help or suggestions on these would be greatly appreciated!
 
  Thanks,
 
  Rich Edelman

 --
 John H Terpstra
 Samba-Team Member
 Phone: +1 (650) 580-8668

 Author:
 The Official Samba-3 HOWTO  Reference Guide, ISBN: 0131453556
 Samba-3 by Example, ISBN: 0131472216
 Hardening Linux, ISBN: 0072254971
 OpenLDAP by Example, ISBN: 0131488732
 Other books in production.
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba


[Samba] Upgrading/Replacing Samba/Solaris 2.2.4 ?

2004-10-14 Thread EUPER, PATRICIA M
Due to Security audit items I'm having to patch/upgrade our SAMBA version
2.2.4  2.2.8a.
This needs to be as quick and effortless as possible. Can someone please
tell me if there
are patches available to fill security holes for these versions or is an
upgrade or total new
install required? If patches are available please tell me the url to
download from.
Thanks,
Pat E.
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba


[Samba] msdfs root in [homes] do not work in XP

2004-10-14 Thread F. Latorre
Hi
We setup a samba server (3.02a ) under Debian, acting as PDC.
Clients are w98 S.E. and XP sp1.
Server name is box-p
In smb.conf we configure:
[clouds]
...
[homes]
...
msdfs root = yes
We create dfs links in home directory of users : ln -s 
msdfs:box-p\\clouds shared
When users log into PDC using an win98 machine they find shared in his 
home, and can access it.
When users log into PDC using an win XP pro they find shared in his 
home, but can't access it: the resource is inaccesible or doesn't exists.

We tried to move the dfs to other share, acting as dfs root, and create 
mdfsd links there. Then any machine can see share and have access to 
its contents.

We need the first configuration, because we can create differents links 
for any user. (there are many shares, and we don't want show all for any 
user)

¿Any idea?
F. Latorre
Segovia
Spain
--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba


Re: [Samba] can mount share, cannot join domain

2004-10-14 Thread Adrian Hicks
Firstly, the man page says to use add machine script... AND

Can someone tell me why my thinking is wrong.  Isn't %u the username of the 
current service, if any, as described in the smb.conf man page?

If so, why do the doc's (including the man page) put %u in the command for 
adding a machine account to the UNIX side?

Doesn't the machine account need the NetBIOS name of the client, and isn't 
this represented in Samba by %m?

Wouldn't the command for adding a machine be something more like (3.0.x):


add machine script = /usr/sbin/useradd -c Machine -d /dev/null -g 100  \ 
-s /bin/false %m


Can't test right now as our only 2000 machine is busy.  Can anyone else 
confirm?


Adrian Hicks
-- 
MIS  Facilities Manager
Auston Int'l Group Ltd
45 Middle Rd, #01-00 Auston Unicentre
Singapore 188954

Tel: (65) 6334 5900  ext. 229
Fax: (65) 6339 7600


On 14 October 2004 pm 20:43, Anton K. wrote:
 jason kawaja wrote:
 On Tue, 12 Oct 2004, jason kawaja wrote:
 i am not using ldap.  samba 3.0.7 on sparc solaris.  winxp pro client.
 
 [global]
 
 netbios name = bunny
 workgroup = ecel
 time server = yes
 security = user
 encrypt passwords = yes
 wins support = yes
 domain master = yes
 local master = yes
 os level = 65
 domain logons = yes
 logon path = \\%L\%u\.win_profile
 logon script = logon.bat
 logon drive = D:
 logon home = \\%L\%u\.win_home
 add user script = useradd -d /dev/null -g 100 -s
  /usr/bin/false %u
 
 [netlogon]
 
 path = /usr/local/samba/lib/netlogon
 writable = no
 browsable = no
 
 [homes]
 
 comment = Home Directories
 browsable = no
 writable = yes
 valid users = @student @despot
 invalid users = @other @sys @adm @uucp @mail @tty @lp @nuucp
  @staff \ @daemon @sysadmin @bobody @noaccess @nogroup @nofiles @qmail
  max connections = 80
 
 drwxrwxr-x2 root other 512 Oct  8 13:21 netlogon/
 
 when attempting to set/join domain from My Computer - Properties, a
 window pops up asking for username password and i enter root along
  with the smbpassword for the root (uid=0) account.
 
 then an error box saying The user name could not be found. is
 displayed.
 
 i can mount a share using a non uid=0 samba account to this client.
 
 ideas?
 
 how about a nudge in the right direction?
 
 --
 Jason Kawaja
 http://www.ietf.org/rfc/rfc1855.txt

 Maybe you forgot to add root in samba
 like smbpasswd -a root
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba


[Samba] Samba Errors in my log file

2004-10-14 Thread Elijah Savage
FreeBSD 4.10
Latest version of Samba
Domain Member
WinXP machines with SP2

Why do these errors continue to come up, it does not seem to be hurting
a thing as the box is working perfectly no complaints other than these
errors in my log file.

Oct 14 16:07:00 ns1 smbd[82463]:   getpeername failed. Error was Socket
is not connected 
Oct 14 16:07:00 ns1 smbd[82463]: [2004/10/14 16:07:00, 0]
lib/util_sock.c:write_socket_data(430) 
Oct 14 16:07:00 ns1 smbd[82463]:   write_socket_data: write failure.
Error = Broken pipe 
Oct 14 16:07:00 ns1 smbd[82463]: [2004/10/14 16:07:00, 0]
lib/util_sock.c:write_socket(455) 
Oct 14 16:07:00 ns1 smbd[82463]:   write_socket: Error writing 4 bytes
to socket 22: ERRNO = Broken pipe 
Oct 14 16:07:00 ns1 smbd[82463]: [2004/10/14 16:07:00, 0]
lib/util_sock.c:send_smb(647) 
Oct 14 16:07:00 ns1 smbd[82463]:   Error writing 4 bytes to client. -1.
(Broken pipe
--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba


[Samba] Re: Linux freezes on large file transfers

2004-10-14 Thread Igor Belyi
Monty wrote:
I am running MD 10 (Community) as a file server on a Shuttle SB61G2. This 
setup worked very well under Mandrake 9.2 however, everytime I try to copy 
files larger than say 550 ~650MB using MD 10, my linux box freezes and must 
be rebooted. I can FTP the same file(s) perfectly fine to other PC 's on my 
home net.  Small volumes of files work fine as well as ISO images, the box 
seems to lock up only after it passes some type of treshold treshold.  I am 
not sure what to do here.  I have installed of the latest SMB packages for MD 
10.  The problem still persists.

Is there some config parameter that I must change? 
Have you tried use sendfile = no in smb.conf?
Igor
--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba


[Samba] Re: unable to change password on multi IP

2004-10-14 Thread Igor Belyi
Kris Van Bruwaene wrote:
When trying to connect to a new machine on our
internal network I first got:
session setup failed: NT_STATUS_PASSWORD_MUST_CHANGE
I searched the list archives and found the following
solution, which gave me a new error:
smbpasswd -U bruwaek -r //rto.be
Old SMB password:
New SMB password:
Retype new SMB password:
unable to find an IP address for machine //rto.be.
Failed to modify password entry for user bruwaek
Why did you put '//' in front of a machine name? Try just:
smbpasswd -U bruwaek -r rto.be
Hope it helps,
Igor
--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba


Re: [Samba] Photoshop Disk Full error, a linux filesystem NOT Samba issue

2004-10-14 Thread Jim Cunning
I changed my smb.conf (on a SuSE 9.1 system) to include max disk size = 
1000  I no longer get Disk Full errors when I try to do a file backup 
using Quicken 98 to an SMB share..but now I get a Drive not ready 
error.  I've tried several values and all behave the same.  I have a Reiser 
FS on 9.1, but had ext2 on 8.2 and got the same Disk Full errors.  I 
don't know whether the Drive not ready errors are particular to Reiser as 
I don't have ext2 partitions anywhere to compare.

Anybody have similar experiences?
Jim
--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba


[Samba] Re: Samba 3.0.7 adding machines. Wrong primary group.

2004-10-14 Thread Michael Liebl
Am Donnerstag, den 14. Oktober 2004 schrubte Igor Belyi:

 I have a strange feeling that the clue is in the server-manager since 
 I don't use it to join domain at all.

Maybe, yes.

 To join domain I just go into System Properties/Computer Name/Change...

That way I did also, but some Time ago. And some Samba-Versions ago.

 Do you join domain some other way?

Servermanager. I'll give it a try and let 1 Computer rejoin the Domain
without pre-work.

-- 
) .--.   Bei E-Mail Antworten muss der Betreff
)#=+  '  mit 'USENET' beginnen, sonst  /dev/null
   /## | .+.Liebe Grüsse,
,,/###,|,,| Michael

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba


svn commit: samba r2963 - in branches/SAMBA_4_0/source/build/pidl: .

2004-10-14 Thread tpot
Author: tpot
Date: 2004-10-14 06:35:42 + (Thu, 14 Oct 2004)
New Revision: 2963

WebSVN: 
http://websvn.samba.org/websvn/changeset.php?rep=sambapath=/branches/SAMBA_4_0/source/build/pidlrev=2963nolog=1

Log:
Handle structures that contain more than one union as members.

Modified:
   branches/SAMBA_4_0/source/build/pidl/swig.pm


Changeset:
Modified: branches/SAMBA_4_0/source/build/pidl/swig.pm
===
--- branches/SAMBA_4_0/source/build/pidl/swig.pm2004-10-14 05:59:28 UTC (rev 
2962)
+++ branches/SAMBA_4_0/source/build/pidl/swig.pm2004-10-14 06:35:42 UTC (rev 
2963)
@@ -216,7 +216,7 @@
my($extra_args) = ;
 
if (isunion($e-{TYPE})) {
-   $extra_args = , switch_is;
+   $extra_args = , $e-{NAME}_switch_is;
}
 
if ($e-{POINTERS} == 0) {
@@ -291,7 +291,7 @@
 
 foreach my $e (@{$fn-{DATA}}) {
if (isunion($e-{TYPE})) {
-   $result .= , int switch_is;
+   $result .= , int $e-{NAME}_switch_is;
}
 }
 $result .= )\n;



svn commit: samba r2964 - in branches/SAMBA_4_0/source: build/smb_build scripting/swig

2004-10-14 Thread tpot
Author: tpot
Date: 2004-10-14 06:45:25 + (Thu, 14 Oct 2004)
New Revision: 2964

WebSVN: 
http://websvn.samba.org/websvn/changeset.php?rep=sambapath=/branches/SAMBA_4_0/sourcerev=2964nolog=1

Log:
Add spoolss to list of wrapped client functions.

Modified:
   branches/SAMBA_4_0/source/build/smb_build/makefile.pl
   branches/SAMBA_4_0/source/scripting/swig/dcerpc.i


Changeset:
Modified: branches/SAMBA_4_0/source/build/smb_build/makefile.pl
===
--- branches/SAMBA_4_0/source/build/smb_build/makefile.pl   2004-10-14 06:35:42 
UTC (rev 2963)
+++ branches/SAMBA_4_0/source/build/smb_build/makefile.pl   2004-10-14 06:45:25 
UTC (rev 2964)
@@ -776,7 +776,7 @@
 
 PYTHON_DCERPC_LIBS = -lldap
 
-SWIG_INCLUDES = librpc/gen_ndr/samr.i librpc/gen_ndr/lsa.i librpc/gen_ndr/winreg.i
+SWIG_INCLUDES = librpc/gen_ndr/samr.i librpc/gen_ndr/lsa.i librpc/gen_ndr/winreg.i 
librpc/gen_ndr/spoolss.i
 
 scripting/swig/dcerpc.py: scripting/swig/dcerpc.i scripting/swig/samba.i 
\$(SWIG_INCLUDES)
swig -python scripting/swig/dcerpc.i

Modified: branches/SAMBA_4_0/source/scripting/swig/dcerpc.i
===
--- branches/SAMBA_4_0/source/scripting/swig/dcerpc.i   2004-10-14 06:35:42 UTC (rev 
2963)
+++ branches/SAMBA_4_0/source/scripting/swig/dcerpc.i   2004-10-14 06:45:25 UTC (rev 
2964)
@@ -377,3 +377,4 @@
 }
 
 %include librpc/gen_ndr/winreg.i
+%include librpc/gen_ndr/spoolss.i



svn commit: samba r2965 - in branches/SAMBA_4_0/source/scripting/swig/torture: .

2004-10-14 Thread tpot
Author: tpot
Date: 2004-10-14 07:25:47 + (Thu, 14 Oct 2004)
New Revision: 2965

WebSVN: 
http://websvn.samba.org/websvn/changeset.php?rep=sambapath=/branches/SAMBA_4_0/source/scripting/swig/torturerev=2965nolog=1

Log:
Ignore *.pyc files in torture directory.

Allow test module name to be specified on command line for pytorture
module.

Start spoolss torture test.

Added:
   branches/SAMBA_4_0/source/scripting/swig/torture/spoolss.py
Modified:
   branches/SAMBA_4_0/source/scripting/swig/torture/
   branches/SAMBA_4_0/source/scripting/swig/torture/pytorture


Changeset:

Property changes on: branches/SAMBA_4_0/source/scripting/swig/torture
___
Name: svn:ignore
   + *.pyc


Modified: branches/SAMBA_4_0/source/scripting/swig/torture/pytorture
===
--- branches/SAMBA_4_0/source/scripting/swig/torture/pytorture  2004-10-14 06:45:25 
UTC (rev 2964)
+++ branches/SAMBA_4_0/source/scripting/swig/torture/pytorture  2004-10-14 07:25:47 
UTC (rev 2965)
@@ -1,5 +1,6 @@
 #!/usr/bin/python
 
+import sys
 from optparse import OptionParser
 
 # Parse command line
@@ -31,7 +32,20 @@
 username = options.username
 password = options.password
 
-# Run tests
+if len(args) == 0:
+   parser.error('You must supply the name of a module to test')
 
-import samr
-samr.runtests(binding, domain, username, password)
+# Import and test
+
+for test in args:
+
+   try:
+  module = __import__(test)
+   except ImportError:
+  print 'No such module %s' % test
+  sys.exit(1)
+
+   if not hasattr(module, 'runtests'):
+  print 'Module %s does not have a runtests function' % test
+
+   module.runtests(binding, domain, username, password)

Added: branches/SAMBA_4_0/source/scripting/swig/torture/spoolss.py
===
--- branches/SAMBA_4_0/source/scripting/swig/torture/spoolss.py 2004-10-14 06:45:25 
UTC (rev 2964)
+++ branches/SAMBA_4_0/source/scripting/swig/torture/spoolss.py 2004-10-14 07:25:47 
UTC (rev 2965)
@@ -0,0 +1,24 @@
+import dcerpc
+
+def test_EnumPrinters(pipe):
+
+r = {}
+r['flags'] = 0x02
+r['server'] = None
+r['level'] = 1
+r['buffer'] = 392 * '\x00'
+r['buf_size'] = 392
+
+result = dcerpc.spoolss_EnumPrinters(pipe, r)
+
+print result
+
+def runtests(binding, domain, username, password):
+
+print 'Testing SPOOLSS pipe'
+
+pipe = dcerpc.pipe_connect(binding,
+dcerpc.DCERPC_SPOOLSS_UUID, dcerpc.DCERPC_SPOOLSS_VERSION,
+domain, username, password)
+
+test_EnumPrinters(pipe)



svn commit: samba r2966 - in branches/SAMBA_4_0/source: build/pidl scripting/swig

2004-10-14 Thread tpot
Author: tpot
Date: 2004-10-14 07:33:09 + (Thu, 14 Oct 2004)
New Revision: 2966

WebSVN: 
http://websvn.samba.org/websvn/changeset.php?rep=sambapath=/branches/SAMBA_4_0/sourcerev=2966nolog=1

Log:
Handle conversion of DATA_BLOB fields from Python in a slightly nicer
manner.  I'm hoping to get rid of DATA_BLOB's but for the moment they
make it easy to get some spoolss action happening quickly.

Modified:
   branches/SAMBA_4_0/source/build/pidl/swig.pm
   branches/SAMBA_4_0/source/scripting/swig/dcerpc.i


Changeset:
Modified: branches/SAMBA_4_0/source/build/pidl/swig.pm
===
--- branches/SAMBA_4_0/source/build/pidl/swig.pm2004-10-14 07:25:47 UTC (rev 
2965)
+++ branches/SAMBA_4_0/source/build/pidl/swig.pm2004-10-14 07:33:09 UTC (rev 
2966)
@@ -96,6 +96,11 @@
return $result;
 }
 
+if ($e-{TYPE} eq DATA_BLOB) {
+   $result .= \tDATA_BLOB_ptr_from_python(mem_ctx, s-$prefix$e-{NAME}, $obj, 
\$e-{NAME}\);\n;
+   return $result;
+}
+
 # Generate conversion for element
 
 if (util::is_scalar_type($e-{TYPE})) {

Modified: branches/SAMBA_4_0/source/scripting/swig/dcerpc.i
===
--- branches/SAMBA_4_0/source/scripting/swig/dcerpc.i   2004-10-14 07:25:47 UTC (rev 
2965)
+++ branches/SAMBA_4_0/source/scripting/swig/dcerpc.i   2004-10-14 07:33:09 UTC (rev 
2966)
@@ -254,28 +254,28 @@
 #define dom_sid2_ptr_to_python dom_sid_ptr_to_python
 #define dom_sid2_ptr_from_python dom_sid_ptr_from_python
 
-DATA_BLOB DATA_BLOB_from_python(PyObject *obj, char *name)
+void DATA_BLOB_ptr_from_python(TALLOC_CTX *mem_ctx, DATA_BLOB **s, 
+  PyObject *obj, char *name)
 {
-   DATA_BLOB ret;
-
-   /* Because we treat DATA_BLOB as a scalar type (why?) there 
-  doesn't seem to be a way to pass back when an error has
-  occured. */
-
if (obj == NULL) {
PyErr_Format(PyExc_ValueError, Expecting key %s, name);
return;
}
 
+   if (obj == Py_None) {
+   *s = NULL;
+   return;
+   }
+
if (!PyString_Check(obj)) {
PyErr_Format(PyExc_TypeError, Expecting string value for key '%s', 
name);
return;
}
 
-   ret.length = PyString_Size(obj);
-   ret.data = PyString_AsString(obj);
+   *s = talloc(mem_ctx, sizeof(DATA_BLOB));
 
-   return ret;
+   (*s)-length = PyString_Size(obj);
+   (*s)-data = PyString_AsString(obj);
 }
 
 PyObject *DATA_BLOB_to_python(DATA_BLOB obj)



svn commit: samba r2967 - in branches/SAMBA_4_0/source/librpc/idl: .

2004-10-14 Thread tpot
Author: tpot
Date: 2004-10-14 07:33:49 + (Thu, 14 Oct 2004)
New Revision: 2967

WebSVN: 
http://websvn.samba.org/websvn/changeset.php?rep=sambapath=/branches/SAMBA_4_0/source/librpc/idlrev=2967nolog=1

Log:
Add some printer enum constants from Samba3's rpc_spoolss.h

Modified:
   branches/SAMBA_4_0/source/librpc/idl/spoolss.idl


Changeset:
Modified: branches/SAMBA_4_0/source/librpc/idl/spoolss.idl
===
--- branches/SAMBA_4_0/source/librpc/idl/spoolss.idl2004-10-14 07:33:09 UTC (rev 
2966)
+++ branches/SAMBA_4_0/source/librpc/idl/spoolss.idl2004-10-14 07:33:49 UTC (rev 
2967)
@@ -129,6 +129,15 @@
[case(7)] spoolss_PrinterInfo7 info7;
} spoolss_PrinterInfo;
 
+   const int PRINTER_ENUM_DEFAULT = 0x0001;
+   const int PRINTER_ENUM_LOCAL   = 0x0002;
+   const int PRINTER_ENUM_CONNECTIONS = 0x0004;
+   const int PRINTER_ENUM_FAVORITE= 0x0004;
+   const int PRINTER_ENUM_NAME= 0x0008;
+   const int PRINTER_ENUM_REMOTE  = 0x0010;
+   const int PRINTER_ENUM_SHARED  = 0x0020;
+   const int PRINTER_ENUM_NETWORK = 0x0040;
+
/**/
/* Function: 0x00 */
WERROR spoolss_EnumPrinters(



svn commit: samba r2968 - in branches/SAMBA_4_0/source: build/pidl librpc/idl librpc/ndr

2004-10-14 Thread tridge
Author: tridge
Date: 2004-10-14 09:07:41 + (Thu, 14 Oct 2004)
New Revision: 2968

WebSVN: 
http://websvn.samba.org/websvn/changeset.php?rep=sambapath=/branches/SAMBA_4_0/sourcerev=2968nolog=1

Log:
fixed the byte order problem with the new RHS parsing on ncacn_ip_tcp

Modified:
   branches/SAMBA_4_0/source/build/pidl/parser.pm
   branches/SAMBA_4_0/source/librpc/idl/epmapper.idl
   branches/SAMBA_4_0/source/librpc/idl/idl_types.h
   branches/SAMBA_4_0/source/librpc/ndr/ndr.c


Changeset:
Modified: branches/SAMBA_4_0/source/build/pidl/parser.pm
===
--- branches/SAMBA_4_0/source/build/pidl/parser.pm  2004-10-14 07:33:49 UTC (rev 
2967)
+++ branches/SAMBA_4_0/source/build/pidl/parser.pm  2004-10-14 09:07:41 UTC (rev 
2968)
@@ -135,7 +135,7 @@
my $flags = util::has_property($e, flag);
if (defined $flags) {
pidl \t{ uint32_t _flags_save_$e-{TYPE} = ndr-flags;\n;
-   pidl \tndr-flags |= $flags;\n;
+   pidl \tndr_set_flags(ndr-flags, $flags);\n;
}
 }
 

Modified: branches/SAMBA_4_0/source/librpc/idl/epmapper.idl
===
--- branches/SAMBA_4_0/source/librpc/idl/epmapper.idl   2004-10-14 07:33:49 UTC (rev 
2967)
+++ branches/SAMBA_4_0/source/librpc/idl/epmapper.idl   2004-10-14 09:07:41 UTC (rev 
2968)
@@ -149,7 +149,7 @@
typedef struct {
} epm_rhs_ncalrpc;
 
-   typedef [nodiscriminant] union {
+   typedef [flag(NDR_BIG_ENDIAN),nodiscriminant] union {
[case(EPM_PROTOCOL_DNET_NSP)] epm_rhs_dnet_nsp dnet_nsp;
[case(EPM_PROTOCOL_OSI_TP4)] epm_rhs_osi_tp4 osi_tp4;
[case(EPM_PROTOCOL_OSI_CLNS)] epm_rhs_osi_clns osi_clns;

Modified: branches/SAMBA_4_0/source/librpc/idl/idl_types.h
===
--- branches/SAMBA_4_0/source/librpc/idl/idl_types.h2004-10-14 07:33:49 UTC (rev 
2967)
+++ branches/SAMBA_4_0/source/librpc/idl/idl_types.h2004-10-14 09:07:41 UTC (rev 
2968)
@@ -66,6 +66,7 @@
 /* this flag is used to force a section of IDL as little endian. It is
needed for the epmapper IDL, which is defined as always being LE */
 #define NDR_LITTLE_ENDIAN LIBNDR_FLAG_LITTLE_ENDIAN
+#define NDR_BIG_ENDIAN LIBNDR_FLAG_BIGENDIAN
 
 
 /*

Modified: branches/SAMBA_4_0/source/librpc/ndr/ndr.c
===
--- branches/SAMBA_4_0/source/librpc/ndr/ndr.c  2004-10-14 07:33:49 UTC (rev 2967)
+++ branches/SAMBA_4_0/source/librpc/ndr/ndr.c  2004-10-14 09:07:41 UTC (rev 2968)
@@ -350,6 +350,17 @@
talloc_free(ndr);
 }
 
+void ndr_set_flags(uint32_t *pflags, uint32_t new_flags)
+{
+   /* the big/little endian flags are inter-dependent */
+   if (new_flags  LIBNDR_FLAG_LITTLE_ENDIAN) {
+   (*pflags) = ~LIBNDR_FLAG_BIGENDIAN;
+   }
+   if (new_flags  LIBNDR_FLAG_BIGENDIAN) {
+   (*pflags) = ~LIBNDR_FLAG_LITTLE_ENDIAN;
+   }
+   (*pflags) |= new_flags;
+}
 
 static NTSTATUS ndr_map_error(enum ndr_err_code err)
 {



svn commit: samba r2969 - in branches/SAMBA_4_0/source/torture/rpc: .

2004-10-14 Thread tridge
Author: tridge
Date: 2004-10-14 09:21:12 + (Thu, 14 Oct 2004)
New Revision: 2969

WebSVN: 
http://websvn.samba.org/websvn/changeset.php?rep=sambapath=/branches/SAMBA_4_0/source/torture/rpcrev=2969nolog=1

Log:
inet_ntoa() takes an address in network byte order, so now that we
parse the RHS as IDL, we need to use htonl() to convert back to
network byte order before we can display the IP


Modified:
   branches/SAMBA_4_0/source/torture/rpc/epmapper.c


Changeset:
Modified: branches/SAMBA_4_0/source/torture/rpc/epmapper.c
===
--- branches/SAMBA_4_0/source/torture/rpc/epmapper.c2004-10-14 09:07:41 UTC (rev 
2968)
+++ branches/SAMBA_4_0/source/torture/rpc/epmapper.c2004-10-14 09:21:12 UTC (rev 
2969)
@@ -64,7 +64,7 @@
printf( IP:);
{
struct in_addr in;
-   in.s_addr = rhs-ip.address;
+   in.s_addr = htonl(rhs-ip.address);
printf(%s, inet_ntoa(in));
}
break;



svn commit: samba r2970 - in branches/SAMBA_4_0/source: librpc/idl rpc_server rpc_server/drsuapi torture/rpc

2004-10-14 Thread metze
Author: metze
Date: 2004-10-14 09:56:04 + (Thu, 14 Oct 2004)
New Revision: 2970

WebSVN: 
http://websvn.samba.org/websvn/changeset.php?rep=sambapath=/branches/SAMBA_4_0/sourcerev=2970nolog=1

Log:
- give somefields names and typdef enums for the possible values

- do more crackname tests in the torture test

- move server code for cracknames to a different file

metze

Added:
   branches/SAMBA_4_0/source/rpc_server/drsuapi/drsuapi_cracknames.c
Modified:
   branches/SAMBA_4_0/source/librpc/idl/drsuapi.idl
   branches/SAMBA_4_0/source/rpc_server/config.mk
   branches/SAMBA_4_0/source/rpc_server/drsuapi/dcesrv_drsuapi.c
   branches/SAMBA_4_0/source/torture/rpc/drsuapi.c


Changeset:
Sorry, the patch is too large (491 lines) to include; please use WebSVN to see it!
WebSVN: 
http://websvn.samba.org/websvn/changeset.php?rep=sambapath=/branches/SAMBA_4_0/sourcerev=2970nolog=1


svn commit: samba r2972 - in branches/SAMBA_4_0/source/librpc/idl: .

2004-10-14 Thread metze
Author: metze
Date: 2004-10-14 10:21:51 + (Thu, 14 Oct 2004)
New Revision: 2972

WebSVN: 
http://websvn.samba.org/websvn/changeset.php?rep=sambapath=/branches/SAMBA_4_0/source/librpc/idlrev=2972nolog=1

Log:
make names more consistent

metze

Modified:
   branches/SAMBA_4_0/source/librpc/idl/drsuapi.idl


Changeset:
Modified: branches/SAMBA_4_0/source/librpc/idl/drsuapi.idl
===
--- branches/SAMBA_4_0/source/librpc/idl/drsuapi.idl2004-10-14 10:16:22 UTC (rev 
2971)
+++ branches/SAMBA_4_0/source/librpc/idl/drsuapi.idl2004-10-14 10:21:51 UTC (rev 
2972)
@@ -15,11 +15,11 @@
typedef [flag(NDR_PAHEX)] struct {
[range(1,1)] uint32 length;
[size_is(length)] uint8 data[];
-   } drsuapi_BindInfo;
+   } drsuapi_DsBindInfo;
 
NTSTATUS drsuapi_DsBind(
[in]GUID *server_guid,
-   [in,out]drsuapi_BindInfo *bind_info,
+   [in,out]drsuapi_DsBindInfo *bind_info,
[out,ref]   policy_handle *bind_handle
);
 



svn commit: samba r2973 - in branches/SAMBA_4_0/source/build/pidl: .

2004-10-14 Thread jelmer
Author: jelmer
Date: 2004-10-14 10:30:08 + (Thu, 14 Oct 2004)
New Revision: 2973

WebSVN: 
http://websvn.samba.org/websvn/changeset.php?rep=sambapath=/branches/SAMBA_4_0/source/build/pidlrev=2973nolog=1

Log:
Allow comma's inside parentheses in property arguments

Modified:
   branches/SAMBA_4_0/source/build/pidl/idl.pm
   branches/SAMBA_4_0/source/build/pidl/idl.yp


Changeset:
Sorry, the patch is too large (1117 lines) to include; please use WebSVN to see it!
WebSVN: 
http://websvn.samba.org/websvn/changeset.php?rep=sambapath=/branches/SAMBA_4_0/source/build/pidlrev=2973nolog=1


svn commit: samba r2974 - in branches/SAMBA_4_0/source/rpc_server/drsuapi: .

2004-10-14 Thread metze
Author: metze
Date: 2004-10-14 11:11:21 + (Thu, 14 Oct 2004)
New Revision: 2974

WebSVN: 
http://websvn.samba.org/websvn/changeset.php?rep=sambapath=/branches/SAMBA_4_0/source/rpc_server/drsuapirev=2974nolog=1

Log:
fix the build

metze

Modified:
   branches/SAMBA_4_0/source/rpc_server/drsuapi/dcesrv_drsuapi.c


Changeset:
Modified: branches/SAMBA_4_0/source/rpc_server/drsuapi/dcesrv_drsuapi.c
===
--- branches/SAMBA_4_0/source/rpc_server/drsuapi/dcesrv_drsuapi.c   2004-10-14 
10:30:08 UTC (rev 2973)
+++ branches/SAMBA_4_0/source/rpc_server/drsuapi/dcesrv_drsuapi.c   2004-10-14 
11:11:21 UTC (rev 2974)
@@ -41,7 +41,7 @@
struct drsuapi_bind_state *b_state;
struct dcesrv_handle *handle;
 
-   r-out.info = NULL;
+   r-out.bind_info = NULL;
ZERO_STRUCTP(r-out.bind_handle);
 
b_state = talloc_p(dce_call-conn, struct drsuapi_bind_state);



svn commit: samba r2975 - in branches/SAMBA_4_0/source/scripting/swig: .

2004-10-14 Thread tpot
Author: tpot
Date: 2004-10-14 13:09:59 + (Thu, 14 Oct 2004)
New Revision: 2975

WebSVN: 
http://websvn.samba.org/websvn/changeset.php?rep=sambapath=/branches/SAMBA_4_0/source/scripting/swigrev=2975nolog=1

Log:
Try to emulate NT_STATUS_IS_ERR() functionality for WERRORs.  Unfortunately
this means enumerating all the ones we don't think are errors.

Modified:
   branches/SAMBA_4_0/source/scripting/swig/dcerpc.i


Changeset:
Modified: branches/SAMBA_4_0/source/scripting/swig/dcerpc.i
===
--- branches/SAMBA_4_0/source/scripting/swig/dcerpc.i   2004-10-14 11:11:21 UTC (rev 
2974)
+++ branches/SAMBA_4_0/source/scripting/swig/dcerpc.i   2004-10-14 13:09:59 UTC (rev 
2975)
@@ -286,7 +286,6 @@
 %}
 
 %include samba.i
-%include status_codes.i
 
 %pythoncode %{
NTSTATUS = _dcerpc.NTSTATUS
@@ -370,7 +369,8 @@
set_ntstatus_exception(NT_STATUS_V(result));
return NULL;
}
-   if (!W_ERROR_IS_OK(arg3-out.result)) {
+   if (!W_ERROR_IS_OK(arg3-out.result)  
+   !(W_ERROR_EQUAL(arg3-out.result, WERR_INSUFFICIENT_BUFFER))) {
set_werror_exception(W_ERROR_V(arg3-out.result));
return NULL;
}
@@ -378,3 +378,5 @@
 
 %include librpc/gen_ndr/winreg.i
 %include librpc/gen_ndr/spoolss.i
+
+%include status_codes.i



svn commit: samba r2976 - in trunk: examples/LDAP source/printing

2004-10-14 Thread vlendec
Author: vlendec
Date: 2004-10-14 21:00:57 + (Thu, 14 Oct 2004)
New Revision: 2976

WebSVN: 
http://websvn.samba.org/websvn/changeset.php?rep=sambapath=/trunkrev=2976nolog=1

Log:
Some routines to get the printer data into LDAP. Not used yet, just here for
review. Thanks a lot to jerry for the initial version of the printer schema.

To be changed.

Volker


Added:
   trunk/examples/LDAP/sambaprinter.schema
   trunk/source/printing/ntprint_ldap.c


Changeset:
Sorry, the patch is too large (1356 lines) to include; please use WebSVN to see it!
WebSVN: 
http://websvn.samba.org/websvn/changeset.php?rep=sambapath=/trunkrev=2976nolog=1


svn commit: samba r2977 - in trunk/source/lib: .

2004-10-14 Thread jra
Author: jra
Date: 2004-10-14 22:30:13 + (Thu, 14 Oct 2004)
New Revision: 2977

WebSVN: 
http://websvn.samba.org/websvn/changeset.php?rep=sambapath=/trunk/source/librev=2977nolog=1

Log:
Fix #1926 typo in debug. Found by Bill McGonigle [EMAIL PROTECTED].
Jeremy.

Modified:
   trunk/source/lib/util_sock.c


Changeset:
Modified: trunk/source/lib/util_sock.c
===
--- trunk/source/lib/util_sock.c2004-10-14 21:00:57 UTC (rev 2976)
+++ trunk/source/lib/util_sock.c2004-10-14 22:30:13 UTC (rev 2977)
@@ -43,7 +43,7 @@
}

if (getsockname(fd, sa, length)  0) {
-   DEBUG(0,(getpeername failed. Error was %s\n, strerror(errno) ));
+   DEBUG(0,(getsockname failed. Error was %s\n, strerror(errno) ));
return addr_buf;
}




svn commit: samba r2978 - in branches/SAMBA_3_0/source/lib: .

2004-10-14 Thread jra
Author: jra
Date: 2004-10-14 22:30:33 + (Thu, 14 Oct 2004)
New Revision: 2978

WebSVN: 
http://websvn.samba.org/websvn/changeset.php?rep=sambapath=/branches/SAMBA_3_0/source/librev=2978nolog=1

Log:
Fix #1926 typo in debug. Found by Bill McGonigle [EMAIL PROTECTED].
Jeremy.

Modified:
   branches/SAMBA_3_0/source/lib/util_sock.c


Changeset:
Modified: branches/SAMBA_3_0/source/lib/util_sock.c
===
--- branches/SAMBA_3_0/source/lib/util_sock.c   2004-10-14 22:30:13 UTC (rev 2977)
+++ branches/SAMBA_3_0/source/lib/util_sock.c   2004-10-14 22:30:33 UTC (rev 2978)
@@ -43,7 +43,7 @@
}

if (getsockname(fd, sa, length)  0) {
-   DEBUG(0,(getpeername failed. Error was %s\n, strerror(errno) ));
+   DEBUG(0,(getsockname failed. Error was %s\n, strerror(errno) ));
return addr_buf;
}




svn commit: samba r2979 - in branches/SAMBA_3_0/source/tdb: .

2004-10-14 Thread jra
Author: jra
Date: 2004-10-15 00:02:55 + (Fri, 15 Oct 2004)
New Revision: 2979

WebSVN: 
http://websvn.samba.org/websvn/changeset.php?rep=sambapath=/branches/SAMBA_3_0/source/tdbrev=2979nolog=1

Log:
Fix incorrect locks/unlocks in tdb_lockkeys()/tdb_unlockkeys().
Spotted by Taj Khattra [EMAIL PROTECTED].
Jeremy.

Modified:
   branches/SAMBA_3_0/source/tdb/tdb.c


Changeset:
Modified: branches/SAMBA_3_0/source/tdb/tdb.c
===
--- branches/SAMBA_3_0/source/tdb/tdb.c 2004-10-14 22:30:33 UTC (rev 2978)
+++ branches/SAMBA_3_0/source/tdb/tdb.c 2004-10-15 00:02:55 UTC (rev 2979)
@@ -1811,7 +1811,7 @@
if (tdb_already_open(st.st_dev, st.st_ino)) {
TDB_LOG((tdb, 2, tdb_open_ex: 
 %s (%d,%d) is already open in this process\n,
-name, st.st_dev, st.st_ino));
+name, (int)st.st_dev, (int)st.st_ino));
errno = EBUSY;
goto fail;
}
@@ -1982,13 +1982,13 @@
}
/* Finally, lock in order */
for (i = 0; i  number; i++)
-   if (tdb_lock(tdb, i, F_WRLCK))
+   if (tdb_lock(tdb, BUCKET(tdb-lockedkeys[i+1]), F_WRLCK))
break;
 
/* If error, release locks we have... */
if (i  number) {
for ( j = 0; j  i; j++)
-   tdb_unlock(tdb, j, F_WRLCK);
+   tdb_unlock(tdb, BUCKET(tdb-lockedkeys[j+1]), F_WRLCK);
SAFE_FREE(tdb-lockedkeys);
return TDB_ERRCODE(TDB_ERR_NOLOCK, -1);
}
@@ -2002,7 +2002,7 @@
if (!tdb-lockedkeys)
return;
for (i = 0; i  tdb-lockedkeys[0]; i++)
-   tdb_unlock(tdb, tdb-lockedkeys[i+1], F_WRLCK);
+   tdb_unlock(tdb, BUCKET(tdb-lockedkeys[i+1]), F_WRLCK);
SAFE_FREE(tdb-lockedkeys);
 }
 



svn commit: samba r2980 - in trunk/source/tdb: .

2004-10-14 Thread jra
Author: jra
Date: 2004-10-15 00:02:55 + (Fri, 15 Oct 2004)
New Revision: 2980

WebSVN: 
http://websvn.samba.org/websvn/changeset.php?rep=sambapath=/trunk/source/tdbrev=2980nolog=1

Log:
Fix incorrect locks/unlocks in tdb_lockkeys()/tdb_unlockkeys().
Spotted by Taj Khattra [EMAIL PROTECTED].
Jeremy.

Modified:
   trunk/source/tdb/tdb.c


Changeset:
Modified: trunk/source/tdb/tdb.c
===
--- trunk/source/tdb/tdb.c  2004-10-15 00:02:55 UTC (rev 2979)
+++ trunk/source/tdb/tdb.c  2004-10-15 00:02:55 UTC (rev 2980)
@@ -1811,7 +1811,7 @@
if (tdb_already_open(st.st_dev, st.st_ino)) {
TDB_LOG((tdb, 2, tdb_open_ex: 
 %s (%d,%d) is already open in this process\n,
-name, st.st_dev, st.st_ino));
+name, (int)st.st_dev, (int)st.st_ino));
errno = EBUSY;
goto fail;
}
@@ -1982,13 +1982,13 @@
}
/* Finally, lock in order */
for (i = 0; i  number; i++)
-   if (tdb_lock(tdb, i, F_WRLCK))
+   if (tdb_lock(tdb, BUCKET(tdb-lockedkeys[i+1]), F_WRLCK))
break;
 
/* If error, release locks we have... */
if (i  number) {
for ( j = 0; j  i; j++)
-   tdb_unlock(tdb, j, F_WRLCK);
+   tdb_unlock(tdb, BUCKET(tdb-lockedkeys[j+1]), F_WRLCK);
SAFE_FREE(tdb-lockedkeys);
return TDB_ERRCODE(TDB_ERR_NOLOCK, -1);
}
@@ -2002,7 +2002,7 @@
if (!tdb-lockedkeys)
return;
for (i = 0; i  tdb-lockedkeys[0]; i++)
-   tdb_unlock(tdb, tdb-lockedkeys[i+1], F_WRLCK);
+   tdb_unlock(tdb, BUCKET(tdb-lockedkeys[i+1]), F_WRLCK);
SAFE_FREE(tdb-lockedkeys);
 }
 



svn commit: samba r2981 - in branches/SAMBA_4_0/source/lib/tdb/common: .

2004-10-14 Thread jra
Author: jra
Date: 2004-10-15 00:03:26 + (Fri, 15 Oct 2004)
New Revision: 2981

WebSVN: 
http://websvn.samba.org/websvn/changeset.php?rep=sambapath=/branches/SAMBA_4_0/source/lib/tdb/commonrev=2981nolog=1

Log:
Fix incorrect locks/unlocks in tdb_lockkeys()/tdb_unlockkeys().
Spotted by Taj Khattra [EMAIL PROTECTED].
Jeremy.

Modified:
   branches/SAMBA_4_0/source/lib/tdb/common/tdb.c


Changeset:
Modified: branches/SAMBA_4_0/source/lib/tdb/common/tdb.c
===
--- branches/SAMBA_4_0/source/lib/tdb/common/tdb.c  2004-10-15 00:02:55 UTC (rev 
2980)
+++ branches/SAMBA_4_0/source/lib/tdb/common/tdb.c  2004-10-15 00:03:26 UTC (rev 
2981)
@@ -2037,13 +2037,13 @@
}
/* Finally, lock in order */
for (i = 0; i  number; i++)
-   if (tdb_lock(tdb, i, F_WRLCK))
+   if (tdb_lock(tdb, BUCKET(tdb-lockedkeys[i+1]), F_WRLCK))
break;
 
/* If error, release locks we have... */
if (i  number) {
for ( j = 0; j  i; j++)
-   tdb_unlock(tdb, j, F_WRLCK);
+   tdb_unlock(tdb, BUCKET(tdb-lockedkeys[j+1]), F_WRLCK);
SAFE_FREE(tdb-lockedkeys);
return TDB_ERRCODE(TDB_ERR_NOLOCK, -1);
}
@@ -2057,7 +2057,7 @@
if (!tdb-lockedkeys)
return;
for (i = 0; i  tdb-lockedkeys[0]; i++)
-   tdb_unlock(tdb, tdb-lockedkeys[i+1], F_WRLCK);
+   tdb_unlock(tdb, BUCKET(tdb-lockedkeys[i+1]), F_WRLCK);
SAFE_FREE(tdb-lockedkeys);
 }
 



svn commit: samba r2983 - in branches/SAMBA_4_0/source/torture/raw: .

2004-10-14 Thread tridge
Author: tridge
Date: 2004-10-15 01:37:06 + (Fri, 15 Oct 2004)
New Revision: 2983

WebSVN: 
http://websvn.samba.org/websvn/changeset.php?rep=sambapath=/branches/SAMBA_4_0/source/torture/rawrev=2983nolog=1

Log:
report a failure if a server doesn't update the write time at all
after 2 minutes

Modified:
   branches/SAMBA_4_0/source/torture/raw/write.c


Changeset:
Modified: branches/SAMBA_4_0/source/torture/raw/write.c
===
--- branches/SAMBA_4_0/source/torture/raw/write.c   2004-10-15 01:32:24 UTC (rev 
2982)
+++ branches/SAMBA_4_0/source/torture/raw/write.c   2004-10-15 01:37:06 UTC (rev 
2983)
@@ -690,6 +690,7 @@
 
fnum1 = smbcli_open(cli-tree, fname, O_RDWR|O_CREAT, DENY_NONE);
if (fnum1 == -1) {
+   printf(Failed to open %s\n, fname);
return False;
}
 
@@ -708,7 +709,7 @@
   nt_time_string(mem_ctx, finfo1.basic_info.out.write_time));
 
/* 3 second delay to ensure we get past any 2 second time
-  granularity (older systems may have that */
+  granularity (older systems may have that) */
sleep(3);
 
written =  smbcli_write(cli-tree, fnum1, 0, x, 0, 1);
@@ -738,7 +739,13 @@
sleep(1);
fflush(stdout);
}
+   
+   if (finfo1.basic_info.out.write_time == finfo2.basic_info.out.write_time) {
+   printf(Server did not update write time?!\n);
+   ret = False;
+   }
 
+
if (fnum1 != -1)
smbcli_close(cli-tree, fnum1);
smbcli_unlink(cli-tree, fname);



svn commit: samba r2984 - in branches/SAMBA_4_0/source/ntvfs/posix: .

2004-10-14 Thread tridge
Author: tridge
Date: 2004-10-15 05:40:13 + (Fri, 15 Oct 2004)
New Revision: 2984

WebSVN: 
http://websvn.samba.org/websvn/changeset.php?rep=sambapath=/branches/SAMBA_4_0/source/ntvfs/posixrev=2984nolog=1

Log:
fixed the error code for a non-terminal component of a path name not existing

Modified:
   branches/SAMBA_4_0/source/ntvfs/posix/pvfs_resolve.c


Changeset:
Modified: branches/SAMBA_4_0/source/ntvfs/posix/pvfs_resolve.c
===
--- branches/SAMBA_4_0/source/ntvfs/posix/pvfs_resolve.c2004-10-15 01:37:06 
UTC (rev 2983)
+++ branches/SAMBA_4_0/source/ntvfs/posix/pvfs_resolve.c2004-10-15 05:40:13 
UTC (rev 2984)
@@ -140,7 +140,7 @@
if (!de) {
if (i  num_components-1) {
closedir(dir);
-   return NT_STATUS_OBJECT_NAME_NOT_FOUND;
+   return NT_STATUS_OBJECT_PATH_NOT_FOUND;
}
} else {
components[i] = talloc_strdup(name, de-d_name);
@@ -271,7 +271,6 @@
  PVFS_RESOLVE_NO_WILDCARD = wildcards are considered illegal characters
  PVFS_RESOLVE_STREAMS = stream names are allowed
 
- TODO: add reserved name checking (for things like LPT1)
  TODO: ../ collapsing, and outside share checking
 */
 NTSTATUS pvfs_resolve_name(struct pvfs_state *pvfs, TALLOC_CTX *mem_ctx,



  1   2   >