[Samba] Re: Samba as PDC - Can't get user profiles to save properly
Hi, I'm still sitting fighting with this problem here I mentioned a little while ago. Say, it can't be that you need to add PDC users on every workstation if you want to have them working with admin-accounts (which they seem to need in order to be able to save their profiles on the PDC), can it? Any ideas? Felix Greetings, I'm running desperate on a problem with my windows user profiles here, searched the net and read the docus alot but still no luck. I've got an running Samba domain, an existing windows 2000 machine can log into the domain properly. Furthermore, a test account is made aswell, and the 2k machine is able to log in with that account. Now, my problem is: When I try to change windows settings (like switch active desktop to "on") or delete/rename icons from my desktop, log out and in again, all changes are undone like they've been not saved on the server. But if I create new icons on the desktop and relog, those are still there. Additionally, when I right-click in some folder and choose "New->" there's only "Folder" and "Link" to choose where you would expect things like new text file etc. Now, when I log in locally on the client as admin and add an domain-user with the same name as my test user on the server, log out and back in on the domain again, then it's possible to delete/rename icons on the desktop, settings like active desktop can't be changed at all still though. Access permissions on the home-folder of the user seem fine, I've even tried mask 0777 just to see if it would work. Sorry for the long story, but maybe somebody is able to recognize the problem. I'm really running out of ideas what to try next... Thanks alot Felix -- Append: My original smb.conf # Global parameters [global] # Base Options workgroup = SAMBA netbios name = PDC server string = Samba %v (PDC) @ biomax.de interfaces = eth0 # Security Options security = user #encypted passwords = yes update encrypted = Yes passdb backend = smbpasswd unix password sync = yes passwd program = /usr/bin/passwd %u passwd chat = *new*password* %n\n *new*password* %n\n *successfully* allow trusted domains = yes # password server = ALBERICH password server = PDC # Logging Options log level = 2 log file = /var/log.%m # Tuning Options deadtime = 15 # Logon Options add machine script = /usr/sbin/useradd -d /dev/null -g ntclient -s /bin/false -M %u logon script = logon.bat logon path = \\%L\profile\%u logon home = \\%N\%U logon drive = Z: domain logons = Yes # Browse Options os level = 65 preferred master = Yes domain master = Yes # Ldap Options ldap ssl = no # Misc panic action = /usr/share/samba/panic-action %d admin users = root printing = cups browseable = No [homes] comment = Benutzer-Verzeichnisse path = /samba/profile/%u read only = No browseable = Yes [netlogon] comment = NetLogON path = /samba/netlogon [profile] comment = Benutzerprofile path = /samba/profile read only = No [public] comment = Oeffentlicher Ordner path = /samba/public read only = No guest ok = Yes browseable = Yes -- -- ** Felix Knoblach Biomax Informatics AG Lochhamer Str. 11 82152 Martinsried, Germany Email: [EMAIL PROTECTED] Website: www.biomax.com PGP: https://ssl.biomax.de/pgp/ ** -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Query re. add machine script
Hi. I've managed to get a Win 2000 machine to join our Samba domain, though the result of the add machine script is not as I would expect. The command includes '-g machines'. The machines group is gid 2004, however in /etc/passwd the primary group is listed as 100. Any idea why the group for the machine becomes 100 when I've specified another group? Adrian Hicks -- MIS & Facilities Manager Auston Int'l Group Ltd 45 Middle Rd, #01-00 Auston Unicentre Singapore 188954 Tel: (65) 6334 5900 ext. 229 Fax: (65) 6339 7600 -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] scrambled filename.
On Tue, 2004-10-19 at 00:24, [EMAIL PROTECTED] wrote: > > > Hello there, > > If i create a file starting with nul. via command shell access, example: > nul.txt or nul.blaat.txt nul is a reserved word on windows filesystems. Bad things happen if you have files named with reserved words, so we mangle it for your protection ;-) Andrew Bartlett -- Andrew Bartlett [EMAIL PROTECTED] Authentication Developer, Samba Teamhttp://samba.org Student Network Administrator, Hawker College [EMAIL PROTECTED] signature.asc Description: This is a digitally signed message part -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] polling for options on printing commands
On Tue, 2004-10-19 at 07:08, Gerald (Jerry) Carter wrote: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA1 > > For people with print servers: > > I'm working on fixing a bug for 3.0.8 and need to know how many > people use smb.conf variables other than the standard printing > vars like %p, %j, etc... in the various printing commands. > Please send me examples if you use things like %U, or %m. > Thanks. Well, you know what buggery I get up to: include = smb.conf.%m and in that file (for a machine in room 900): printer name = rm900_laser (And yes, long term I think I'll try to get CUPS to handle this one for me :-) Andrew Bartlett -- Andrew Bartlett [EMAIL PROTECTED] Authentication Developer, Samba Teamhttp://samba.org Student Network Administrator, Hawker College [EMAIL PROTECTED] signature.asc Description: This is a digitally signed message part -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] 'credentials' file doesn't work - also observed by others
On Wed, 2004-10-13 at 23:45, Tony Breeds wrote: [on the format of the credentials file] > Isn't the syntax > --- > user = fred > password = * > domain = bloggs and another direct email suggested 'domain=' in fstab, and user without domain in the credentials file. I could not get anything with 'domain=' to work in any variation. However, the man page for 'smbmount' uses the terminology 'workgroup' instead of 'domain', and I have now succeeded with the following: fstab: //server/disk /mnt/point smbfs workgroup=DOMAIN,uid=me,gid=me,credentials=/etc/smbpassword 0 0 [that's all one line] and /etc/smbpassword: username = me password = pa55w0rd -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] browseable shares need password for browsing
Hello, I have a standalone samba server with security = user, and a collection of XP and Win2K clients. In this mode, listing the available shares on the server requires a password, even though I have set browseable = yes for each share. This behavior is consistent with the Samba documentation. But I wonder if there is a way to make the shares browseable without a password? I am running Samba version 3.0.7-2.FC2 on Fedora Core 2. -Nick Barov -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Re: password change error
Can you be a little bit more specific? What do you mean by 'users cannot change their passwords"? Does it mean that they cannot change it via Windows' "Change Password" dialog? What error message they get? Can Administrator do it for them? Can they change it under Linux with smbpasswd? Is there any error messages in smbd logs? Igor Gurnish Anand wrote: Hi, We migrated from redhat 7.1 to redhat 3 ES and ran into one road block after the other. Most of them were solved except this last one. Users cannot change their passwords and then I read somewhere that samba 3.0 and MS KB828471 or 741 don't want to be friends. Then I upgraded my samba to be samba 3.0.7 (which i guess is the latest) Then I un-installed the KBB patch being accused. Still cannot change my passwords. Please advice. The following is my smb.conf # Global parameters [global] workgroup = sambapdc netbios name = PCSERVER server string = primary domain server running samba%v min password length = 6 ; obey pam restrictions = Yes pam password change = Yes ; username map = /etc/passwd smb passwd file = /etc/samba/smbpasswd passwd program = /usr/bin/passwd %u encrypt passwords = yes passwd chat = *New*Unix*Password* %n\n *Retype*new*Unix*password*%n\n *passwd: all authentication tokens updated successfully* %n passwd chat debug = Yes username level = 10 unix password sync = Yes log level = 2 case sensitive = no log file = /var/log/samba/log.%m max log size = 50 time server = Yes unix extensions = Yes socket options = TCP_NODELAY SO_KEEPALIVE IPTOS_LOWDELAY SO_SNDBUF=8192 SO_RCVBUF=8192 admin users = worldofbanking\gurnish, @employee, administrator, @administrators add user script = /usr/sbin/useradd -d /dev/null -g machines -c 'Machine Account' -s /bin/false -M %u logon script = netlogon.bat logon path = \\%L\profile\%u.pds logon home = domain logons = Yes os level = 64 preferred master = Yes domain master = yes wins support = Yes hosts allow = 127.0.0.1 192.168.2.0/255.255.255.0 ; password server = None hosts deny = 0.0.0.0/0 @web 192.168.2.200 [profile] path = /home/samba/profile force user = %U writeable = yes create mask = 0600 directory mask = 0700 guest ok = Yes profile acls = Yes browseable = No csc policy = disable [netlogon] path = /home/samba/netlogon write list = root @administrator browseable = No [pcshare] path = /home/samba writeable = yes create mask = 0 directory mask = 0 guest ok = Yes [Wywo] path = /home/samba/WYWO writeable = yes create mask = 0 directory mask = 0 guest ok = Yes [temp] path = /home/samba/temp writeable = yes create mask = 0 directory mask = 0 guest ok = Yes [Docs] path = /home/samba/MB/DOCS writeable = yes create mask = 0 directory mask = 0 [epsonprint] path = /tmp printable = Yes [EMAIL PROTECTED] root]# -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Re: smbfs mount issues
Have you tried to browse this share with smbclient? Igor Jason Pirok wrote: This problem began a couple months ago with my new install of (you guessed it) XP sp2. Now, when i mount a share from the xp machine to my debian box, everyone, including rot, gets a permission denied trying to ls the dir. I've read posts about switching to cifs, but that has opened a whole new can of worms. I'd just like to see smbfs mount my shares properly the way they used to. My version of samba is 3.0.7-1 according to dpkg on debian unstable. the mount command is mount -t smbfs -o credentials=cred.file,netbiosname=intruder,workgroup=workgroup,ip=111.111.111.111 //host/share /path/to/mount/dir I've done lots of look ups on google regarding many combinations of xp smbfs and the problems encountered to no avail. I'm at wits end and don't know what else to do. Sincerely, Jason -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] problems with multiple linux boxes hitting WIN2000 shares, cifs cifs-1.20c-2.4, linux 2.4.27 kernel
We have a cluster of webservers running smbfs mounts. I switched one box to cifs, 5 shares pointing at a Win2000, Monday 11 Oct - a week ago. The box ran fine all week. It is a moderate use production system - /proc/fs/cifs/Stats reports several hundred thousand SMBs in a week. Today I switched another box in the cluster to cifs. Immediately both boxes began spewing errors like: Oct 18 11:35:42 dlib2 kernel: CIFS VFS: No response buffer Oct 18 11:35:42 dlib2 last message repeated 2 times Oct 18 11:35:42 dlib2 kernel: CIFS VFS: Error -104 sending data on socket to server. Oct 18 11:35:42 dlib2 kernel: CIFS VFS: Error -32 sending data on socket to server. Oct 18 11:35:42 dlib2 kernel: CIFS VFS: Error 0xffe0 or on cifs_get_inode_info in lookup Oct 18 11:35:42 dlib2 kernel: CIFS VFS: No response buffer Oct 18 11:35:42 dlib2 kernel: CIFS VFS: No response buffer Oct 18 11:35:42 dlib2 kernel: CIFS VFS: Send error in Close = -11 Oct 18 11:36:50 dlib2 kernel: CIFS VFS: No response buffer Stats also shows: 2156 session 1688 share reconnects One box finally gave up. I could not get apache to let go of the cifs mounts. When I did a shutdown the box hung and I had to do a power cycle. I switched the second box back to smbfs and now the first box is again happily running cfis. Any hints above how I can get both boxes to talk to the Win2000 server at the same time? The WIN2000 event logs didn't pick up any errors. Thanks, Joe Edwards UW Libraries -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Experience on using Samba with XP SP2
Hi Walter, i have the same setup samba 3.07 , cups win xp serv pack 2 german. I have noticed that something changed in behavior after the upgrade to win xp serv pack 2 , but non of your described failures are comming up in my setups for hp laser printers , and canon bjc 2000 as well as my pdf printer. I only noticed after upgrade to serv pack 2 that ich have to refresh the pinter icon in the taskbar now after printing is done to disapear. also my standart paper size is now switching to letter and not staying to default dina 4. But i have not upgraded my cups or/and win drivers ( which is allways recomended ), i wanted to cotroll this stuff these days but as this bugs are not really heavy for me , i will wait until there is time. I dont think this is really a problem with samba. Are you using cups? How is your smb.conf, have you checked cups logs, do you have the latest printers? What are this Printers ( Manufacter ) Have disabled the xp firewall as well as the webclient services on xp, what are the event logs talking at the win xp? Is file sharing running corect with your samba machine? Is it a stand alone spooler , do you do accounting, are you printing via a printserver device or direct over lpd/usb Do you use postscript/ghostscript filters, or direct win drivers? All this stuff must be tested and controlled to give you the right answer/help...there is no naturally reason why printing with samba should fail with win xp as far i know Best Regards Walter Willmertinger schrieb: We have problems with printing after installing XP SP2. In nearly every software it takes about 10 seconds to 30 seconds, if you click on "Print-Button" and wait for the print dialogue window. Extremly slow are programs like MS Word (30 seconds, when you open a document the first time). Another problem, (but I am sure it's not a samba related problem): In some word documents you have problems viewing embedded graphics. Sometimes you see the graphics, sometimes not. It is not a problem with wrong settings (View - Use placeholders for Graphics). In preview there is no graphics, maybe after some scrolling the graphics appear, on the printout graphics are contained. Samba installed is 3.0.7 (compiled on RH 9.0 with standard options)! Regards, Walter rruegner schrieb: CHAN YICK WAI schrieb: Just would like to ask if anyone has experience with Samba with XP SP2, can you share with us? Thanks, Yw Hi, for sure we share : it works read the samba faqs for more info, and/or give us more detailed questions Regards -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] domain member problem
> net join -S TSSI -Uaramos I'm not Samba expert, but try net rpc join -U user and also, if you have only one domain controller, try password server = * -- Eng. Dusan Djordjevic (RHCE) -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] polling for options on printing commands
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 For people with print servers: I'm working on fixing a bug for 3.0.8 and need to know how many people use smb.conf variables other than the standard printing vars like %p, %j, etc... in the various printing commands. Please send me examples if you use things like %U, or %m. Thanks. cheers, jerry - - Alleviating the pain of Windows(tm) --- http://www.samba.org GnuPG Key- http://www.plainjoe.org/gpg_public.asc "If we're adding to the noise, turn off this song"--Switchfoot (2003) -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFBdDDBIR7qMdg1EfYRAvk4AJ0QvMunvCcENe85oVjku04nG0TFbACcDnlB GscKyNThRnBxdPyymPeGdOA= =o+IQ -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Issues/Questions about Samba 3.x.x versus it's Working Status
Hi, I have been trying to setup Samba with ADS for a while now without success. I compiled Samba 3.0.7, along with MIT Kerberos 1.3.5 and OpenLDAP 2.2.17. I did not compiled PAM since I do not need to have Windows users to log on the Unix box. Although not necessary, I setup the krb5.conf file. I was able to do a "net join ads" after performing a "kinit" with the Win2K3 server's Administrator's username and password. With the "klist", I validated that tickets were issued, therefore the Kerberos installation seems to work correctly, at least without Samba. My success ends there. When trying to make this works with Samba, it doesn't. It looks like NTLM is used as a fallback... What am I missing here? Here are some questions I have which could shed some lights to the overall problem: 1. I once asked if it was possible not to use winbindd and just use the "username map" parameter/file. I never got any answer to that... Is that a tough question? 2. When using winbindd, can I still use the "username map" parameter/file so that I link Windows accounts to the same Unix one? Right now, this does not seem to work... Is there some issues with this? What is the exact syntax? 3. Is PAM absolutely required? I do not think so, but, hey, you never know... 4. I saw in a few mails on Google that the command "wbinfo --set-auth-user DOMAINNAME\\Administrator%password" is sometime required? Is it true? What is it all about? 5. I saw also in a lot of mails on Google and Samba list that it was required to copy the libnss_winbind.so (from the nsswitch directory in the samba source) to the /lib directory. However, the target filename is sometime nss_winbnid.so, sometime libnss_winbind.so, sometime ending with .so.1 or .so.2, etc. What is it all about? What is really required? Is this system specific? 6. Does the Samba server (aka the Unix box) need to be in the same domain as the Win2K3 server? Same question for the client workstations? 7. I saw in some other mails/documents (too many read in a short period) that it may be required to change the Windows account's password? Is this true? If so, when is it required and with what typical configuration? I really need some help to make this work. Maybe I am doing (or have done) something wrong. If asked for, I can provide all the various config files I am using. Regards, Marcello Melfi -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] print que not updating
All, There was a similar thread in August but I'm not sure if this is the same problem. Basically what's happening is that I'm printing a desktop file(Word/Excel/IE) to a printer served up on my samba server. The job prints, the file get deleted on the server but in my system tray, it seems like the job never gets removed from the que or it's extremely slow. Sometimes the job does get deleted from the que. It seems like once the job doesn't get removed from the que it won't unless I specifically cancel the job or I restart the samba server. I'm running 3.0.6 on Solaris 8. The desktop is NT 4 SP6. Can anyone help me out? Thanks! spike -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] suse 9.1Doing a node status request to the domain master browser - Cannot sync browser lists.
I changed the ip on my samba 3.0.4 server from using dhcpd allotted 192.168.0.165 to a static 192.168.0.5 Now my windows clients get a message: 'the specified domain either does not exist or could not be contacted' but it is contacting the domain because otherwise it would have given me an error saying it can't find it. I have done a gg: search to no avail please help i am goining on a few hours trying to solve this prob. i have shut off all machines on the net, restarted the smb box, still has this cache. I have modified the hosts file, done various nmblookup -U server01 -R lfsoffice if i use another domain name the windoze machines can join the domain. after i changed the domain name, i left the smb box on for 2 days, hoping it would clear the nmbd cache, but it did not. and i want to keep the lfsoffice domainname. here is a cut from my messages: ct 18 13:33:59 smb nmbd[11194]: [2004/10/18 13:33:59, 0] nmbd/nmbd_become_dmb.c:become_domain_master_browser_wins(327) Oct 18 13:33:59 smb nmbd[11194]: become_domain_master_browser_wins: Oct 18 13:33:59 smb nmbd[11194]: Attempting to become domain master browser on workgroup LFSOFFICE, subnet UNICAST_SUBNET. Oct 18 13:33:59 smb nmbd[11194]: [2004/10/18 13:33:59, 0] nmbd/nmbd_become_dmb.c:become_domain_master_browser_wins(341) Oct 18 13:33:59 smb nmbd[11194]: become_domain_master_browser_wins: querying WINS server from IP 192.168.0.5 for domain master browser name LFSOFFICE<1b> on workgroup LFSOFFICE Oct 18 13:34:00 smb nmbd[11194]: [2004/10/18 13:34:00, 0] nmbd/nmbd_become_dmb.c:become_domain_master_query_success(225) Oct 18 13:34:00 smb nmbd[11194]: become_domain_master_query_success: Oct 18 13:34:00 smb nmbd[11194]: There is already a domain master browser at IP 192.168.0.165 for workgroup LFSOFFICE registered on subnet UNICAST_SUBNET. Oct 18 13:34:21 smb nmbd[11194]: [2004/10/18 13:34:21, 0] nmbd/nmbd_browsesync.c:domain_master_node_status_fail(247) Oct 18 13:34:21 smb nmbd[11194]: domain_master_node_status_fail: Oct 18 13:34:21 smb nmbd[11194]: Doing a node status request to the domain master browser Oct 18 13:34:21 smb nmbd[11194]: for workgroup LFSOFFICE at IP 192.168.0.165 failed. Oct 18 13:34:21 smb nmbd[11194]: Cannot sync browser lists. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Intermittent "Network name cannot be found" error when accessing XP roaming profile
Further to my email earlier I've come across http://us3.samba.org/samba/docs/man/Samba-HOWTO-Collection/ProfileMgmt.html#id2577285 This explains that a group policy must be set up so that "Do not check for user ownership of Roaming Profile Folders" is enabled. Does anyone know of another way to do this other than doing it through active directory or on each XP workstation ? Could this be what's causing the problem I'm experiencing ? Thank you in advance. David. David Wilson wrote: Hi guys, How are you ? I've installed samba-3.0.7 from source on a Slackware Linux 10.0 server configured with "--with-ldap" as a backend (OpenLDAP-2.2.13) and with nss_ldap installed. I have my profiles share configured as follows: [profiles] comment = Profile Share path = /data/profiles writeable = yes guest ok = yes browseable = no profile acls = yes csc policy = disable Permissions on a user's profile folder: drwxrwxr-x 12 pupil Domain Admins 424 2004-10-14 13:46 pupil Most of the time logins from Windows X.P. (SP1) PCs work perfectly and the roaming profile comes across, however sometimes an error "Cannot access roaming profile ... ... .. network name cannot be found" comes up. The error is intermittent and does not seem to stick to any sort of pattern. I've looked all over and found that other people have experienced the same problem but I can't seem to find a solid fix for it. Perhaps installing X.P. Service Pack 2 will sort it out ? Can anyone point me in the right direction on how I can resolve this problem ? Thank you for your time. David. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] W2K can't join 3.0.7 domain
I've got an unpatched W2K Pro system and I'm trying to join it to the 3.0.7 domain. I put in root and root's password for the domain administrator. The root user's uid is 0 and root is in Domain Users and works for logging into other workstations in the domain. W2K reports "User not found" when I try to join the domain. However, the machine account is indeed created in LDAP! But the machine doesn't think it has joined. I saw some references to problems with the 'nobody' account in W2K. I have a "Domain Guests" group RID 514 mapped to UNIX GID 514. The GID exists on the domain only. THe mapping shows up in the 'net' command. Even on that W2K machine, I can browse the domain through Network Places. So it is some other user that is not found. Maybe the machine name isn't found?? I looked in the LDAP and Samba logs and I see nothing. Here is my "Add machine script" line: add machine script = /usr/local/sbin/smbldap-useradd -w "%u" -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Error in documentatio in interdomain trust relationships
Dear development team of samba, Reading over and over again samba docs, trying to solve a unstable trust relationship problem, I found http://www.samba.org/samba/docs/man/Samba-HOWTO-Collection/InterdomainTrusts.html#id2546222 Adding the machine account with smbldap-useradd.pl -w domain_name just creates it but no samba attributes are added. You need to add the samba attributes with the command smbldap-usermod -a domain_machine$ to solve it. Here in my servers just worked this way. If I´m wrong please correct me. Gustavo -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Samba Errors in my log file
So is this something I should need to do? I guess I need to read up on sendfile because I am not sure why this would improve my speed one way and make the errors go away. The speed issue I had was all clients no matter O/S could copy or move via drag and drop to the samba machine very quickly it has a gig'e' connection. But try to pull that same file back to the client using the same method and it took 5 times longer. -Original Message- From: Jeremy Allison [mailto:[EMAIL PROTECTED] Sent: Monday, October 18, 2004 2:58 PM To: Elijah Savage Cc: [EMAIL PROTECTED] Subject: Re: [Samba] Samba Errors in my log file On Mon, Oct 18, 2004 at 02:55:17PM -0400, Elijah Savage wrote: > Just for others to know. > > I am not sure why this has made m errors go away in my log files and > also fixed my speed issue when copying from the samba server to my > clients but it did. > > I added this > > server signing = auto > > To my smb.conf and it fixed bot the speed issue and the errors below I > pasted in my first email. I was read the Samba book and was reading > about signing and just decided to see what affect this might have > little did I know it would resovle my issues. This has the side effect of turning off sendfile (as we have to read the entire reply before signing) which is probably what fixed your problem... Jeremy. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba Errors in my log file
On Mon, Oct 18, 2004 at 02:55:17PM -0400, Elijah Savage wrote: > Just for others to know. > > I am not sure why this has made m errors go away in my log files and > also fixed my speed issue when copying from the samba server to my > clients but it did. > > I added this > > server signing = auto > > To my smb.conf and it fixed bot the speed issue and the errors below I > pasted in my first email. I was read the Samba book and was reading > about signing and just decided to see what affect this might have little > did I know it would resovle my issues. This has the side effect of turning off sendfile (as we have to read the entire reply before signing) which is probably what fixed your problem... Jeremy. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Samba Errors in my log file
Just for others to know. I am not sure why this has made m errors go away in my log files and also fixed my speed issue when copying from the samba server to my clients but it did. I added this server signing = auto To my smb.conf and it fixed bot the speed issue and the errors below I pasted in my first email. I was read the Samba book and was reading about signing and just decided to see what affect this might have little did I know it would resovle my issues. Just FYI -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Elijah Savage Sent: Thursday, October 14, 2004 11:29 PM To: [EMAIL PROTECTED] Subject: [Samba] Samba Errors in my log file FreeBSD 4.10 Latest version of Samba Domain Member WinXP machines with SP2 Why do these errors continue to come up, it does not seem to be hurting a thing as the box is working perfectly no complaints other than these errors in my log file. Oct 14 16:07:00 ns1 smbd[82463]: getpeername failed. Error was Socket is not connected Oct 14 16:07:00 ns1 smbd[82463]: [2004/10/14 16:07:00, 0] lib/util_sock.c:write_socket_data(430) Oct 14 16:07:00 ns1 smbd[82463]: write_socket_data: write failure. Error = Broken pipe Oct 14 16:07:00 ns1 smbd[82463]: [2004/10/14 16:07:00, 0] lib/util_sock.c:write_socket(455) Oct 14 16:07:00 ns1 smbd[82463]: write_socket: Error writing 4 bytes to socket 22: ERRNO = Broken pipe Oct 14 16:07:00 ns1 smbd[82463]: [2004/10/14 16:07:00, 0] lib/util_sock.c:send_smb(647) Oct 14 16:07:00 ns1 smbd[82463]: Error writing 4 bytes to client. -1. (Broken pipe -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] HELP: samba ldap pdc - windows xp problem
Hello, I configured samba+ldap+nss_ldap on fedora 2 like PDC. Now I have problem: windows XP joins domain, after that it asks to reboot, and after reboot user cannot login to domain (it gets error on windows, like wrong username or password). But in smaba log I see, that auth was successful: [2004/10/18 19:51:09, 3] auth/auth.c:check_ntlm_password(268) check_ntlm_password: sam authentication for user [adamsas] succeeded So, could you help me? What is the problem there? regards, Martynas Bieliauskas -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Group problems and at my wits' end!
Hi, I posted before that I was having problems with root showing up as a member of GID 1001 which I had set to 'engr'. Someone sent me an email saying that this was because gid=0 was also trying to map to RID=1001. Well, ok. So I made an explicit mapping from gid=0 to rid=0. I don't want "Domain Admins" to also be gid=0. It seems like it could cause more damage. So I have a grup mapping from gid=512 to rid=512 (Domain Admins). It always worked before. Everything worked except for the weird problem of root putting itself into rid=1001. Well, now after all of my messing around and changing things, I can't even join a Windows 2000 workstation to the domain. I get "The user name could not be found." I am using 'root' and the password for root. This same username and password works just fine with smbclient command which tells me that root is still in the database. And root still shows up as a member of Domain Admins. The funny thing is that I even restored the LDAP db from before I started messing with things and even then, it doesn't work. Something has happened to my root user in Samba, from me messing around with mappings, and I don't know what it is. Any help is greatly appreciated in debugging. I have looked at the level 10 debug log and I get nothing useful. The closest thing I see is: UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] domain member problem
Hi... I've installed samba3 from source onto a SuSE 8.1 system... I didn't do anything special when compiled, just a regular ./configure; make; make install... Now I added the following to the smb.conf file... security = domain workgroup = tssi password server = orl-fps netbios name = testbed server string = testbed (Samba3 source) socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 preferred master = No local master = No domain master = No dns proxy = No idmap uid = 1-2 idmap gid = 1-2 winbind separator = + winbind cache time = 15 ldap ssl = no log level = 2 os level = 10 [Tomcat] path = /var/lib/tomcat comment = Tomcat browseable = yes read only = No guest ok = no writeable = yes [homes] comment = Home Directories valid users = %S browseable = no read only = No guest ok = no writeable = yes [profiles] path = /home/samba/profiles profile acls = yes writeable = yes browseable = no guest ok = yes [tmp] comment = Temporary file space path = /tmp read only = no public = yes Then started smbd and winbindd Did the following to join the server to the domain... net join -S TSSI -Uaramos It gives me the following ... Unable to find a suitable server Unable to find a suitable server With the same configuration on a SuSE 9.1 server that already comes with samba3 worked fine, is there an option I should add when compiling or something in the conf file that I have to add in the source? I've been trying to figure it out for the last couple of weeks on my own with no success, so I'm asking for help!!! Alvin Ramos Operations ___ eSchool Solutions, Inc. 3330 Edgewater Drive Orlando, FL 32804 407.835.9899 Ext. 258 407.405.2676 Cell 407.835.9838 Fax -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Intermittent "Network name cannot be found" error when accessing XP roaming profile
Hi guys, How are you ? I've installed samba-3.0.7 from source on a Slackware Linux 10.0 server configured with "--with-ldap" as a backend (OpenLDAP-2.2.13) and with nss_ldap installed. I have my profiles share configured as follows: [profiles] comment = Profile Share path = /data/profiles writeable = yes guest ok = yes browseable = no profile acls = yes csc policy = disable Permissions on a user's profile folder: drwxrwxr-x 12 pupil Domain Admins 424 2004-10-14 13:46 pupil Most of the time logins from Windows X.P. (SP1) PCs work perfectly and the roaming profile comes across, however sometimes an error "Cannot access roaming profile ... ... .. network name cannot be found" comes up. The error is intermittent and does not seem to stick to any sort of pattern. I've looked all over and found that other people have experienced the same problem but I can't seem to find a solid fix for it. Perhaps installing X.P. Service Pack 2 will sort it out ? Can anyone point me in the right direction on how I can resolve this problem ? Thank you for your time. David. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] W2k Permissions to Samba Share- ACE convert to posix Failed
Guys. I did find when trying to set up permissions within W2k to a Samba Shared File, I get access denied, My Conf is Suse 9.1 Pro Samba 3.0.7 (ACL support) Reiserfs with ACL support - Winbind works great - Everything smooth The file has only 4 ACL, so its not a problem of amount of ACLs in the file. but I can see that log message says... Too many ACE entries for file . to convert to posix perms. -- I say... they are not so many! The log Message shows this [2004/10/18 09:13:40, 3] passdb/lookup_sid.c:fetch_uid_from_cache(173) fetch uid from cache 1 -> S-1-5-21-538738344-134243190-1478062314-1003 [2004/10/18 09:13:40, 3] passdb/lookup_sid.c:fetch_uid_from_cache(173) fetch uid from cache 1 -> S-1-5-21-538738344-134243190-1478062314-1003 [2004/10/18 09:13:40, 3] smbd/dosmode.c:unix_mode(111) unix_mode(.) returning 0744 [2004/10/18 09:13:40, 3] smbd/posix_acls.c:convert_canon_ace_to_posix_perms(2506) convert_canon_ace_to_posix_perms: Too many ACE entries for file . to convert to posix perms. [2004/10/18 09:13:40, 3] smbd/posix_acls.c:set_nt_acl(3147) set_nt_acl: failed to convert file acl to posix permissions for file .. [2004/10/18 09:13:40, 3] smbd/error.c:error_packet(105) error string = Function not implemented [2004/10/18 09:13:40, 3] smbd/error.c:error_packet(129) error packet at smbd/nttrans.c(2020) cmd=160 (SMBnttrans) NT_STATUS_ACCESS_DENIED Thanks!!! -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] offline files sync delay and Windows XP SP2
I'm scratching my head at the following issue that surfaced with Windows XP Prof. + SP2. First, a summary of my configuration: . Running Samba 3.0.7 in a LDAP-based PDC configuration, and with separate machine as member server for home directories. . The OS for PDC is Mandrake 9.2, the file server (FILES) is Mandrake 10.0. . 1000BaseT Ethernet. With XP SP1 and Samba 3.0.7 or prior, offline files work normally. Immediately after the application of SP2, about a minute delay (~67 seconds) is seen before the offline files sync operation actually does anything. This is easily replicated - back out SP2, delay goes away. Reapply it, delay reappears. I've found no other leads on this issue so far. Some facts: . Behaves same way in SP2 whether client Windows firewall is enabled or disabled. In fact, I have it enabled in SP1 and offline files work fine. In any case, nothing is logged as being blocked when it was on and logging enabled. . I also see nothing odd in packet captures - the client just seems to sit there; no network traffic is seen while it pauses, nor is there any obvious unreplied-to query from the client. . Doesn't matter whether the target server is FILES or PDC. (I have shares and offline files enabled on both/either.) . No problems accessing network drives with either SP - this just affects offline files sync. Searching the samba archives, the closest issue noted has to do with similar delays waiting to print and something about the client expecting a connection back, and mention of it being an unresolved issue in Samba 3.0.7 and 2.2.12. Maybe related? My smb.conf files for the pdc and file server are attached FYI. They both run in a high-availability configuration and so are set to talk only on their respective HA interfaces (caused no problems of itself). Thanks in advance for any help. Dave [global] workgroup = MYDOMAIN netbios name = FILES server string = Samba Server %v interfaces = 192.168.10.232 security = DOMAIN map to guest = Bad User log file = /var/log/samba/log.%m max log size = 50 socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 dns proxy = No wins server = 192.168.10.230 ldap ssl = no [homes] comment = Home Directories read only = No browseable = No [temp] comment = Temporary file space path = /ha3/tmp read only = No guest ok = Yes [global] workgroup = MYDOMAIN netbios name = PDC server string = Samba Server %v interfaces = 192.168.10.230 map to guest = Bad User private dir = /ha1/etc/samba passdb backend = ldapsam:ldap://ldap.mydomain.com pam password change = Yes username map = /ha1/etc/samba/smbusers lanman auth = No log level = 1 log file = /var/log/samba/log.%m time server = Yes socket options = TCP_NODELAY IPTOS_LOWDELAY SO_RCVBUF=8192 SO_SNDBUF=8192 SO_KEEPALIVE add user script = /usr/share/samba/scripts/smbldap-useradd.pl -amn delete user script = /usr/share/samba/scripts/smbldap-userdel.pl add group script = /usr/share/samba/scripts/smbldap-groupadd.pl -p delete group script = /usr/share/samba/scripts/smbldap-groupdel.pl add user to group script = /usr/share/samba/scripts/smbldap-groupmod.pl -m delete user from group script = /usr/share/samba/scripts/smbldap-groupmod.pl -x set primary group script = /usr/share/samba/scripts/smbldap-usermod.pl -g add machine script = /usr/share/samba/scripts/smbldap-useradd.pl -w logon script = LOGON.BAT logon path = logon drive = H: logon home = \\files\%U domain logons = Yes preferred master = Yes domain master = Yes dns proxy = No wins support = Yes ldap admin dn = uid=admin,dc=mydomain,dc=com ldap group suffix = ou=Groups ldap machine suffix = ou=Computers ldap passwd sync = Yes ldap suffix = dc=mydomain,dc=com ldap ssl = no ldap user suffix = ou=Users printer admin = @adm [netlogon] comment = Network Logon Service path = /ha1/var/lib/samba/netlogon write list = admin guest ok = Yes browseable = No [web] comment = Internal web root path = /ha1/var/www read only = No [shared] comment = Shared File Space path = /ha1/var/www/html/shared read only = No [software] comment = Software Downloads path = /ha1/var/www/html/dl read only = No [printers] comment = All Printers path = /ha1/var/spool/samba create mask = 0700 guest ok = Yes printable = Yes browseable = No [print$] path = /ha1/var/lib/samba/printers write list = @adm, root guest ok = Yes
Re: [Samba] can mount share, cannot join domain
On Thu, 14 Oct 2004, jason kawaja wrote: > On Thu, 14 Oct 2004, jason kawaja wrote: > > > On Thu, 14 Oct 2004, Anton K. wrote: > > > > > jason kawaja wrote: > > > > > > >On Tue, 12 Oct 2004, jason kawaja wrote: > > > > > > > >>i am not using ldap. samba 3.0.7 on sparc solaris. winxp pro client. > > > > /usr/local/samba/var/log.smbd: check_ntlm_password: authentication for > > user [root] -> [root] -> [root] succeeded > > > > which im assuming means root authenticated. > > log.smbd on another attempt to join domain (log level=5) : > > [2004/10/14 10:44:36, 5] lib/username.c:Get_Pwnam_internals(251) > Get_Pwnam_internals didn't find user [kobile$]! > [2004/10/14 10:44:36, 3] > rpc_server/srv_samr_nt.c:_samr_create_user(2251) > _samr_create_user: winbind_create_user(kobile$) failed > > is that perhaps the problem? kobile is the machine attempting to join. im sure that is why, anyhow... i manually created the /etc/passwd (manually entered the "add user script" from conf file) and smbpasswd entry for kobile$ (smbpasswd -a -m kobile$) and am able to join domain now, although that does not explain why the add user script was not working to begin with. -- Jason Kawaja http://www.ietf.org/rfc/rfc1855.txt -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Intermittent failed logon for one computer
Hello, We have been using Samba 3.0.7 for almost a month now, and today marks the second time that I see a machine (one out of twelve on our network" that gives this error when I log in: "The system cannot log you on to this domain because the system's computer account in its primary domain is missing or the password on that account is incorrect." Last time this happened, I thought it might be a problem with that computer needing to be removed and then rejoined to the domain, which didn't work (the user still was not able to log on), and then half an hour later, the user could log on again. Can anybody tell me what might be wrong - on other posts it looks like a problem with the guest account (nobody), but specifying the nobody account as guest doesn't seem to help (though I did check to make sure that a nobody account in fact existed). I should mention that the 2 computers that had this problem are on a subnet (192.168.1.0). I am sending my smb.conf as a post script. Thanks for your help!!! My best, Dan Gapinski [global] ; ;+ Server Settings + ; workgroup = QUASAR netbios name = Jupiter server string = QSI Office Server %v hosts allow = 192.168.1. 192.168.0. 192.168.2. 192.168.3. 192.168.4. 127.0.0.1 log level = 2 log file = /var/log/samba/%m.log max log size = 0 time server = yes ; ;+ Domain Settings + ; os level = 35 domain logons = yes ; ;+ Browse Settings + ; domain master = yes local master = yes preferred master = yes remote browse sync = 192.168.1.255 192.168.2.255 192.168.3.255 192.168.4.255 remote announce = 192.168.1.255 192.168.2.255 192.168.3.255 192.168.4.255 ; ;+ WINS Settings + ; wins support = yes guest ok = yes dns proxy = no ; ;+ User and Security Settings + ; logon drive = z: logon home = logon path = encrypt passwords = yes smb passwd file = /etc/samba/smbpasswd username map = /etc/samba/smbusers min password length = 3 guest account = nobody ;++ ;+ added 10-Sep-2003 for file server support + ;++ # admin users = @public nt acl support = yes security mask = 0777 force security mode = 0 directory security mask = 0777 force directory security mode = 0 ;++ ;+ Management Scripts + ;++ add user script = /usr/sbin/useradd -m %u delete user script = /usr/sbin/userdel -r %u add group script = /usr/sbin/groupadd %g delete group script = /usr/sbin/groupdel %g add user to group script = /usr/sbin/usermod -G %g %u add machine script = /usr/sbin/useradd -d /dev/null -g machines -s /bin/false -M %u ;++ ;+ Logon Scripts + ;++ # NOTE: SAMBA CAN ONLY RUN ONE SCRIPT AT A TIME! # run a general logon batch file for everyone logon script = logon.bat # run a specific logon batch file per workstation (machine) #logon script = %m.bat # run a specific logon batch file per username #logon script = %U.bat ;++ ;+ General Share Settings + ;++ preserve case = yes short preserve case = no default case = lower case sensitive = no (then the share settings...) -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] change password AS_ROOT=FALSE
Using Samba 3.07 i wanna the passwd program to be run as the user. Is this possible ? Here's my smb.conf the general section of my smb.conf. log level = 100 passwd program = passwd %u passwd chat = *old*password*%o\n *new*password*%n\n *new*password*%n\n * passwd chat debug = true unix password sync = yes Doing it this way forces samba to change it as root, and this is giving me another problem. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] connecting to resource IPC$ problems -samba 2.2.8
Hello, Sorry to bother you but I found your question from back in 2003 at http://lists.samba.org/archive/samba/2003-April/064960.html and wondered if you ever sorted it as I have simulair problems myself this week between XP-SP2 and an older Win98SE machine. regards Steve G hello I am running Samba 2.2.8 (latest) that I downloaded the binary from the Samba site. I have this problem in older versions of Samba as well. I have under Redhat 8.0 security level = user works fine under NT/2000/XP platforms, but when I try to login from a Windows 95/98/98se/Me machine, samba prompts me for a password to resource \\netbiosname\IPC$ how do I prevent this from happening in 95/98/se/me platforms and have it prompt the user for an id and password like it does in XP? I have about exhausted every option, I tried enabling domain master, I tried enabling wins logons, I tried enabling domain master, etc, nothing seems to have any affect :( still same problem. any ideas?? anyone? -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Problems with Samba on Mandrake
Hello just to let everyone know ima using Linux 9.2 installed via FTp from a Mandrake Mirror using inbuilt version of samba that came with it. the problem i have got is this i cannot get the PC to showup on my windows network it`s configured and if i use the internal IP address i acn access all the shares as normal i have changed the Samba name a few times and as a result somehow have three names on my workgroup display Lulu1, Lulus and Linux none of these are accessable and none of them show any file shares not to mention this i still have another workgroup MDKgroup which is not accessable and i assume has no PC`s in it, my question is howdo i setup the PC to show on my workgroup and give me access to it from \\lulu\ NOT \\10.0.0.163\ which is the only way i can currently access the machine i`m also a Linux newbie so if you want to know anything techincal you`ll have to let me know what i need todo to get it. thanks Kris p.s. this is very urgent as my present fileserver is`nt working and i`m trying to get this setup to replace it -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] samba with ldap and digest-md5
Hi again, > Also, there is a patch to cyrus-sasl so that cyrus-sasl can use domain > to check if a user is authenticated. I haven't tested it, but if I've > understood the patch correctly then the patch may be used to grant > clients SSO to saslenabled services. (Abartlett: yes or no?) Just for the record. Abartlet answered yes on this question. Tarjei > Even if it doesn't do that, you'll get a more secure passwordexchange > than just plaintext for those clients. > > Also, there's a module to Openldap 2.2.x that makes Openldap take over > the job of syncing passwords between the differen hashes stored in the > database. It might be worth looking at that. > > Tarjei > > > > > Here are relevant details from smb.conf: > >security = user > >encrypt passwords = yes > >smb passwd file = /etc/samba/smbpasswd > >unix password sync = Yes > >passwd program = /usr/bin/passwd %u > >passwd chat = *New*password* %n\n *Retype*new*password* %n\n > > *passwd:*all*authentication*tokens*updated*successfully* > >pam password change = yes > > encrypt passwords = yes > > smb passwd file = /etc/samba/smbpasswd > > obey pam restrictions = yes > > domain master = yes > > local master = yes > > domain logons = yes > > add user script = /usr/share/samba/scripts/smbldap-useradd.pl '%u' > > delete user script = /usr/share/samba/scripts/smbldap-userdel.pl '%u' > > add user to group script = /usr/share/samba/scripts/smbldap-groupmod.pl -m > > '%u' '%g' > > delete user from group script = /usr/share/samba/scripts/smbldap-groupmod.pl > > -x '%u' '%g' > > set primary group script = /usr/share/samba/scripts/smbldap-usermod.pl -g > > '%g' '%u' > > add group script = /usr/share/samba/scripts/smbldap-groupadd.pl '%g' && > > /usr/share/samba/scripts/smbldap-groupshow.pl %g|awk '/^gidNumber:/ {print > > $2}' > > delete group script = /usr/share/samba/scripts/smbldap-userdel.pl '%g' > > > > passdb backend = ldapsam:ldaps://newser1.cpc.net.au smbpasswd guest > > ldap admin dn = uid=administrator,ou=System,ou=People,dc=cpc > > ldap port = 389 > > ldap suffix = dc=cpc > > ldap machine suffix = ou=Hosts,ou=System > > ldap user suffix = ou=People > > ldap group suffix = ou=Group > > ldap machine suffix = ou=Hosts,ou=System > > ldap user suffix = ou=Utiba,ou=People > > ldap group suffix = ou=grpUtiba,ou=Group > > > > smb.log : > > ldap_connect_system: Binding to ldap server ldaps://newser1.cpc.net.au as > > "uid=administrator,ou=System,ou=People,dc=cpc" > > [2004/10/19 01:54:31, 2] lib/smbldap.c:smbldap_connect_system(796) > > failed to bind to server with dn= > > uid=administrator,ou=System,ou=People,dc=cpc Error: Invalid credentials > > > > Regards, > > > > Ben > > > > _ > > Don't just search. Find. Check out the new MSN Search! > > http://search.msn.com/ > > > -- > Tarjei Huse <[EMAIL PROTECTED]> > -- Tarjei Huse <[EMAIL PROTECTED]> -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] "Incorrect function" with Windows XP offline files
Hello, One of our users is trying to use the function "Make available offline" to locally store and sync some files on one of our network shares. However, since he upgraded to Windows XP (from Windows 2000), he now gets the error "Incorrect function" and no files are synched (directories are, however). Our samba version is 3.0.7 (well, 3.0.7-0.backports.org.1 on debian to be exact). Something that *might* be the cause is that that PC has Windows XP SP2 installed, while others (where the synchronizing works) are Windows XP SP1. Any pointers? Is this a bug? Did microsoft introduce something new in SP2 again which breaks Samba? Thanks, -- Tom Laermans System Administrator Luciad NV Parijsstraat 74, 3000 Leuven, Belgium Email [EMAIL PROTECTED] Web http://www.luciad.com -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: Group membership
Tarjei Huse írta: Wow! I think this is the best post I've seen on any mailinglist -ever- ! A minor comment/question: 3. If you want the Domain Admins group to be able to manage your Samba servers you must ensure that this group, or its members, somehow maps to the user 'root' or the group 'root' (GID=0, on some systems this maps to the group 'wheel'). So to add / remove users and join domains the vital part is not to have uid0==0 but gid == 0? I've always thought that the only way to do this was to have a user with uid 0. Geza Gemes: If you just want a set of users to add/remove users without beeing root when doing other tasks, use LDAP. Tarjei Sorry, but IMHO you are wrong at this point joining a machine to a domain with on the fly machine account creation relies on the fact of being root (uid=0), anyway I'm using LDAP from some years, and manage users and groups via scripts, and gived (via sudo) that right to the mentioned group. Thanks, Geza Gemes You can either map "Domain Admins" to the GID=0 group on the UNIX system, or as explained below, you can do this using the "admin users" parameter in the smb.conf global section. You have choice in how UNIX admin capability is provided for domain users. There are no right or wrong choices - but there are solutions that do or do not work. If you fail to think through the chain of rights and privileges as a user passes from a DMC to the domain then through to Samba and the UNIX OS that hosts it, you will find the result frustrating. But if you can figure out the simple steps from one point to another the solution is simple and frustration will be avoided. If someone would care to review the appropriate chapters of the Samba-HOWTO-Collection and suggest updates I will be happy to incorporate them into the document. - John T. On Sunday 17 October 2004 05:29, Gémes Géza wrote: Hi everybody, Ok, the logic goes like this... If you want to use root for Domain administration purposes it has to be in the Domain user database. If it's a Domain user its primary group should be a Domain group. All Domain groups in Samba are mappings from UNIX groups into SIDs. If mapping for a particular gid is not present it will be created automatically using arithmetic approach. Therefore, if you want your root user to keep its primary gid but to be associated with a Domain group 'Domain Admins' the best approach will be to map this Domain group into UNIX group 'root' instead of creating additional UNIX group 'Domain Admins'. Another approach will be to use some other user to administer your Domain and put it into 'admin users' list in smb.conf then you will be free to choose any primary group for it you like just keep the consistency between gidNumber and sambaPrimaryGroupSID. All users in the 'admin users' list are forced into been root when they access Samba so you will have the same control you would have with root. Some things to note here: admin users is not generally the same as domain admins. Members of the domain admin group will have administrator privileges on a Windows (NT based) workstation, but no special rights on the Samba shares, nor the right to manipulate the users, groups, or machines, databases. Members of the admin users will be able to act as root to Samba (all privileges), but not necessary to be administrators, for the Windows workstations, only if they are also members of the Domain Admins group. I steel have some things not very clear to me: can I have a group added to admin users in the global section, while in the share definitions specify another admin users (e.g. admin users = root), limiting in this way their access to other users data, while giving them the possibility, to join machines to the domain? I don't know why this is not documented... I don't read documentation that often.. I do know though that Samba team welcomes all suggestions to make documentation better. If you know which part of the documentation got you confused - let them know how to make it more clear. Hope it helps, Igor Thanks, Geza -- John H Terpstra Samba-Team Member Phone: +1 (650) 580-8668 Author: The Official Samba-3 HOWTO & Reference Guide, ISBN: 0131453556 Samba-3 by Example, ISBN: 0131472216 Hardening Linux, ISBN: 0072254971 OpenLDAP by Example, ISBN: 0131488732 Other books in production. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] User authentication on XP workstations from remote Domain
Dear All, I have a problem with authentication on XP workstaions from trusted domain. I have two domains: domaina servera trusting domain domainb serverb trusted domain When I try to logon the user from domainb on XP workstation(in domaina) it gave me a fail but when I write on servera: smbclient -L servera -W DOMAINB -U user the authenticaton is succeded and after then I authenticate user on XP workstations to. I thing that is the problem in creating unix account on servera for user from domainb. Thank you, Sopik Bronislav -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] script in netlogon isn't run
I found a part of my problem why my logon.bat script wasn't run on loging. I 've created my user with idealx tools like : smbldap-useradd -a -m -c "Pat DUBAU" pat and so the following fields where filed in ldap sambaLogonScript: pat.cmd sambaProfilePath: \\FS1\profiles\pat sambaHomePath: \\FS1\home\pat sambaHomeDrive: logondrive: (configuration found in /etc/smbldap-tools/smbldap.conf) It seems that samba won't take the instructions in smb.conf when this datas exists in LDAP... So i have a question : what's the sense to put this information in samba fields in LDAP ? Is there a special reason ? I removed this field from my ldap account. When i loging now the logon.bat script is run but VERY slowly (about 5 minutes) for just 2 mappings! The network drives are created. Second question : why is it so long for the script to be run ? also when i click on the netlogon share then on an another share i still have the sand-hour for several minutes (not when i go from share 'commun' at share 'prothee" thanks for any help -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] scrambled filename.
Hello there, If i create a file starting with nul. via command shell access, example: nul.txt or nul.blaat.txt Samba show's this file scrambled, i've tested this on samba 3.04 on AIX and FC2 Linux samba 3.0.7-2. My file nul.txt is showed via samba as: NDH6SA~M.TXT. I have a default samba configuration: [global] workgroup = C3D-VR.COM server string = C3D Samba Server log file = /var/log/samba/%m.log max log size = 50 socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 preferred master = Yes domain master = Yes dns proxy = No wins support = Yes ldap ssl = no idmap uid = 16777216-33554431 idmap gid = 16777216-33554431 [homes] comment = Home Directories read only = No browseable = No Does somebody know how samba can show the file as it is? With kind regards, J. Martens Lekkerland Nederland b.v. Department ICT E-mail: [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Timestamp problem
> bash-2.03# ls -al > total 20096 > drwxrwxrwx 2 dcenter hermes 13312 Oct 18 09:48 . > dr-xr-xr-x 13 dcenter hermes 512 Oct 14 17:03 .. > -rwxr--r-- 1 jblanco hermes30 Oct 18 2004 22626.log > -rwxr--r-- 1 jblanco hermes503011 Oct 18 2004 22626.pdf > > See the different timestamps, first two entries (local and parent dir) > have timestamps with "hour stamp" in the ls command output. > > The third and fourth entries do not shows hour stamp but only the date. These files probably have "future" timestamp. Wait an hour or two and try it again. Gabor -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Timestamp problem
Listing with -a bash-2.03# ls -al total 20096 drwxrwxrwx 2 dcenter hermes 13312 Oct 18 09:48 . dr-xr-xr-x 13 dcenter hermes 512 Oct 14 17:03 .. -rwxr--r-- 1 jblanco hermes30 Oct 18 2004 22626.log -rwxr--r-- 1 jblanco hermes503011 Oct 18 2004 22626.pdf See the different timestamps, first two entries (local and parent dir) have timestamps with "hour stamp" in the ls command output. The third and fourth entries do not shows hour stamp but only the date. Our application "sees" the same problem and do not process the files (the files has to have "complete timestamps" in order to be processed). Those file were created just copying and pasting in a Windows machine in our network to our Samba server. Previously we were using ftp as the method to upload the files without this issue so even considering i might not be completely understanding what's going on, it's a Samba 3 file creation issue in my Solaris 8. I really appreciate any help on this topic since the Samba is already in production and users are complaining already. regards Guillermo On Wed, 2004-10-13 at 06:10, Mac wrote: > > > >Hi > > > >When new files or copied files are putted in a Samba share (3.0.2 > >Solaris) from Win clients, it has no time stamp, only date stamp, > >example: > > > >-rwxr--r-- 1 me me 740762 Oct 11 2004 test.jpg > > This looks like an 'ls' command. > > Also, you have a slight misunderstanding of UNIX timestamps. > > Every file has a full time stamp with time and date. However, > the 'ls' command shows the time stamp in one of two different ways:- > >either 'Mon DD ' or 'Mon DD HH:MM' > > > It chooses the second form if the file has been modified within > the last three months. It chooses the first form (with the year) > if the file's modification time is not within the last three months. > > The important thing here is that when the time stamp on a file is _ahead_ > of the current time, then the 'within the last three months' test fails. > > I'll bet that you file has a timestamp that's further ahead in time than > the system clock of the server you ran the 'ls' command on. > > > Here's a rough timeline ('the past' on the left, 'the future' on the right) > > > <+++N-> > 321o > w > > |--| > > > The number represent months. The lower line is the period for which > 'ls' will display the 'Mon DD HH:MM' format. I think the timestamp > on your file is to the right of 'Now'. > > > There's various things you can do to check this. If your OS has > a command 'stat' then that will show you all the timestamps in full detail. > > > Or you can use the 'stat' function in perl maybe, or the stat(2) system call. > > Or, you can wait for a few hours, until the time on your server "catches up" > with the timestamp on the file and then 'ls' will display what you're > looking for. > > Remember all of this does not in any way affect the actual timestamp, > just the way 'ls' presents it to you. > > > > The underlying problme is almost certainly one of time-syncing. Or TimeZone > differences. Have a look at all of them. And have a look at the timestamp > from a client machine too. > > > > >Mac > Assistant Systems Adminstrator @nibsc.ac.uk > [EMAIL PROTECTED] >Work: +44 1707 641565 Everything else: +44 7956 237670 (anytime) -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] samba 3.0.5 dying
Samba seems to die now that we have an increase of users accessing it. It seems to lock up and I have to stop/start it. Here is my conf file. Is there something I am overlooking? I am fairly new to SAMBA. [global] ; [general settings] server string = Restricted Access File Server workgroup = unix-smb ; netbios name = CAD wins server = 136.180.45.97 lock directory = /opt/samba/var/locks log file = /opt/samba/var/samba.log log level = 2 interfaces = 136.180.70.24/255.255.255.0 # interfaces = 136.180.69.99/255.255.255.0 bind interfaces only = yes ; [security settings] hosts allow = 136.180. 127. password server = is002906, is002907, is002908 min protocol = NT1 lanman auth = No ; [performance settings] dead time = 5 max open files = 1000 socket options = TCP_NODELAY SO_KEEPALIVE getwd cache = yes netbios aliases = cad caerh pub asd ; include = /opt/samba/lib/smb.conf.caerh include = /opt/samba/lib/smb.conf.%L Scott Klimek CSC - Unix Admin. (586) 825-5701 This is a PRIVATE message. If you are not the intended recipient, please delete without copying and kindly advise us by e-mail of the mistake in delivery. NOTE: Regardless of content, this e-mail shall not operate to bind CSC to any order or other contract unless pursuant to explicit written agreement or government initiative expressly permitting the use of e-mail for such purpose. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] samba causing high load
We have experienced some trouble with samba lately. The servers load going from 5 to 20 causing everything to go very slow, but when I use top to check which process could be the cause of the trouble nothing uses CPU cycles. We have about 90% idle CPU usage, but load from 5-20. When I kill samba (service smb stop) the root-smb process still hangs and when I kill it (kill -9) the load goes back to normal (0.20). Then starting samba again and all is fine - for a couple of days. Any suggestion to what I can check for? I have tried checking the open files, network traffic (pr IP too) but nothing unnormal shows up. We're running samba-3.0.7-2.FC1 Vegard -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Winbind success BUT blank root password
I have just gotten my samba machine, a SuSE 9.1 install, to work completely with my Win2k domain (in my test network, anyway.) However, after rebooting, I was unable to log into my root account on the SuSE box. In disgust, I tried to login as root with no password. Imagine my shock when it worked. Now, no matter how many times I reset my root password, using passwd or SuSE's GUI tools, I can only log into my root account with a blank password. I'm guessing PAM is to blame, but I don't even know where to start on this one. Does anyone had any ideas? -Matt __ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Problem mapping to public share from XP
I have a stand alone RH ES 3 server which handles student email and a home directory for each student. It is not linked to the Active Directory side of my house and it does not need to be. No student accounts are in Active Directory. They exist solely on this Server. I am running Samba 3.0.4 (The upgrades after this have caused problems with how I create accounts and set passwords) Within this setup we have a share called Common that anybody is free to map to and deposit or withdraw files. There is no user name or password required to reach this share. The users should be able to browse to it. The problem is on some PC's when I map the drive it works fine, I am not prompted for a user name or password. On some PC's when I map the drive I am prompted for a user name and password. (Win XP or home or W2k, it makes no difference) Any legit username/password combo on the server will work, but according to the politics of the situation that is not sufficient. IT must be no username or password prompting. I suspect it is something on the windows side. Here are some particulars. # workgroup = NT-Domain-Name or Workgroup-Name workgroup = CURRYNET # server string is the equivalent of the NT Description field server string = Stumail Server # This option is important for security. It allows you to restrict # connections to machines which are on your local network. The # following example restricts access to two C class networks and # the "loopback" interface. For more examples of the syntax see # the smb.conf man page hosts allow = 192.168. 10.16. 127. ; guest account = pcguest # Cause this host to announce itself to local subnets here ; remote announce = 192.168.1.255 192.168.2.44 [common] path=/home/patches/common public = yes only guest = yes writable = yes printable = no thanks for any advice. Chris S. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Usuario Inexistente / User does not exist.
El usuario [EMAIL PROTECTED] no es un usuario valido / You sent mail to [EMAIL PROTECTED] . That's not a valid user here. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Can not access server after joining domain
Hi all, I use Samba 3.0.9 installed from .deb packages on Debian Woody system. Here is config file: [global] workgroup = testdomen netbios name = HASERVER server string = File Server interfaces = 192.168.0.50 127.0.0.1 bind interfaces only = Yes security = domain password server = * use sendfile = no encrypt passwords = Yes obey pam restrictions = Yes pam password change = Yes passwd program = /usr/bin/passwd %u passwd chat = *New*password* %n\n *Retype*new*password* %n\n *passwd:*all*authentication*tokens*updated*successfully* log file = /var/log/samba/%m.log max log size = 50 socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 load printers = No show add printer wizard = No dns proxy = No # socket address = 192.168.0.50 map to guest = Bad User idmap uid = 1-2 idmap gid = 1-2 winbind separator = + winbind enum users = Yes winbind enum groups = Yes invalid users = root include = /etc/samba/Shares.conf I can start samba and it seems to work fine. When I issue: net rpc join -U dj.dule%password it says it joined domain: Joined domain TESTDOMEN. wbinfo -u lists all users properly. I have few shares defined, including public one. But when i try to access server through network (either from XP Pro, or Win 2000 clients) it asks for user/password. Whatever user/password i try to use, server is still inaccessible. Any ideas ? TIA... -- Eng. Dusan Djordjevic (RHCE) -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Experience on using Samba with XP SP2
Hallo, > We have problems with printing after installing XP SP2. > In nearly every software it takes about 10 seconds to 30 seconds, if you > click on "Print-Button" and wait for the print dialogue window. > Extremly slow are programs like MS Word (30 seconds, when you open a > document the first time). same problem here. This a known but _unresolved_ problem for Samba 3.0.7 and 2.2.12 - you can read about in the mailing list archive (read the complete threads): http://marc.theaimsgroup.com/?l=samba&m=109410258903823&w=2 http://marc.theaimsgroup.com/?l=samba&m=108006188614178&w=2 Excerpt: # | Yes, but I was hoping for some way in Samba to make | it timeout faster when it cannot connect back. | | Or some way to have 'disable spoolss' not stop downloading | of drivers as this was still possible in the "old" days. XP sp2 seems to be forcing the issue. We'll have to code a way to turn off the change notify functionality somehow. cheers, jerry # It would be very nice, if the actual Samba versions 2.2.12/3.0.7 were not so painfully slow in printing with XP SP2 or XP SP1 with active XP-firewall. It's a real pain in the ass in production environments :( Kindly regards __ Mit WEB.DE FreePhone mit hoechster Qualitaet ab 0 Ct./Min. weltweit telefonieren! http://freephone.web.de/?mc=021201 -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] win98 and domain logins, Can't browse network
Hello, I've just replaced an NT4 server with a NetBSD box running Samba 3.0.7. There's 2 win98 boxes on the network, which were logging into the NT server, so I set up samba as : [global] workgroup = BENFAB2 log level = 1 browsable = yes server string = Samba %v (%h) security = user hosts allow = 10.0.0. 127. load printers = yes printcap name = /etc/printcap printing = bsd log file = /var/log/samba/log.%m password level = integer passdb backend = smbpasswd interfaces = 10.0.0.1/24 local master = yes domain master = yes preferred master = yes domain logons = yes logon path = \\%L\Profiles\%U wins support = yes [homes] comment = Home Directories browseable = yes writable = yes valid users = %S [printers] comment = All Printers path = /var/spool/samba browseable = no guest ok = yes public = yes writable = no printable = yes [print$] comment = Printer Driver Download Area path = /home/samba/drivers browseable = yes guest ok = yes read only = yes write list = @staff, root [groups] path = /home/samba/groups writable = yes valid users = ben,administrator,irene public = no create mask = 0765 [netlogon] path = /home/samba/netlogon [Profiles] path = /home/samba/profiles browsable = yes guest ok = yes writable = yes create mask = 0765 The 2 win98 boxes can log in to the domain (as far as I can tell), they load their profiles into the profiles directory anyway. They can both mount the server shares if I do a manual mount of a filesystem, they can use the printer that's set up on the samba server too. But they can't browse, if I click on 'browse' in the win98 GUI, I get errors telling me it can't see the network. This would be ok, except I need to share a printer on one of the PCs to the other one, and I'd like it to 'work properly' for aesthetic reasons. I don't mind having to rejig the PCs to just use workgroups rather than domain logins, if that's a 'better' way to do a pretty simple network. I was trying to reproduce the NT setup on the Sambe server, but am not idealogically committed to it. Can anyone make a suggestion for how to go about this? I'm no samba wiz, I've cobbled the config above from various howtos that seemed pretty close to what I wanted to achieve, but I've made mistakes, I'm sure! thanks! Carl -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Problem in SAMBA Installation & Configuration
Hello, I m in the process of installing SAMBA3.07 in my network.I have installed 1.2.4-1.krb5-devel, krb5-libs,krb5-workstation.i have installed SAMBA also.Now while testing the kerberos connection with the command/usr/kerberos/bin/bin/kinit [EMAIL PROTECTED] iget the following error message "/usr/kerberos/bin/kinit:relocation error: /usr/kerberos/lib/libkrb4.so.2:symbolerrno, version GLIBC_2.0not defined in file libc.so.6with link time reference". Also when i try to bind it gives following message "Bindingtodomainwithcommand/usr/bin/netjoin-U username-Sdomainname.. usernamepassword: [2004/10/0717:13:16,0] libads/kerberos.c:ads_kinit_password(136) [EMAIL PROTECTED] failed:Cannot find KDC for requested realm [2004/10/0717:13:16,0] utils/net_ads.c:ads_startup(183) ads_connect:Cannot find KDC for requested realm [2004/10/0717:13:16,0] rpc_client/cli_netlogon.c:cli_nt_setup_creds(256) cli_nt_setup_creds:request challenge failed [2004/10/0717:13:16,0] rpc_client/cli_netlogon.c:cli_nt_setup_creds(256) cli_nt_setup_creds:request challenge failed [2004/10/0717:13:16,0] utils/net_rpc_join.c:net_rpc_join_newstyle(319) Error domain join verification(reused connection): NT_STATUS_INVALID_COMPUTER_NAME Unable to join domain" Also i am not able to run KINIT deamon. Also when i try to telnet into my ADCserver with port 88 as it gives me the same error message. [EMAIL PROTECTED]/usr/kerberos/bin/kinit [EMAIL PROTECTED] /usr/kerberos/bin/kinit:relocation error: /usr/kerberos/lib/libkrb4.so.2:symbol errno,version GLIBC_2.0not defined in file libc.so.6with link time reference can anybody throw some light on this issue.Also pl.if you can proide me some guidelines for correct configuration & tests points i would be highly obliged. Shailesh __ Do you Yahoo!? Yahoo! Mail Address AutoComplete - You start. We finish. http://promotions.yahoo.com/new_mail -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Active directory
What kind of changes have to be made to samba to work with active directory. Roger Hall Public Works Information Resources 918-596-9454 email [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] remove wins entries - samba 3
Hi, I'm using samba 3.0.7 as file server and WINS server. We have a primary domain called BIKER which is working great. Anyhow, for some testing purpose we are using different Workgroups now and then. The problem is, those Workgroups stay in the "Network Neighborhood" although they are offline for quite a while. When I'm moving a Workstation from a workgroup to the domain, it still stays available in the Workgroup. Additionally when we switch off a Domain member for a few days it still stays in the Domain. This is quite annoying since we now have tons of entries currently not used any more. I was browsing the Net and the Mailing lists, ... The only solution was "remove wins.dat and browse.dat and restart samba" Despite that I'm not very happy with this solution in a productive environment, all the entries came back. Is there a possibility to limit the "network neighborhood" to one domain/workgroup? What is the best solution to permanently remove a workstation from the wins? Thx in advance Gerald p.s. here is my config (the relevant parts, ...): wins support = yes wins proxy = no domain master = yes local master = yes preferred master = yes os level = 50 name resolve order = wins host max ttl = 7200 max wins ttl = 7200 min wins ttl = 3600 dns proxy = no -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] script in netlogon isn't run
I did what Mattia and DA Forsyth said : - using unix2dos command (thks Mattia apt-get install sysutils works under Debian sarge) to have logon.bat in DOS format. But the script still isn't played while logging. New informations : When i go to the share netlogon in network neighberhood i got the sand-glass for a long time, then i launch logon.bat it takes about 6 minutes to open a DOS windows and to run (the maping are then created). Same behaviour when copying logon.bat in the "commun'" share and try to launch it from there. DA Forsyth a écrit : On 14 Oct 2004 , Patrick DUBAU entreated about "[Samba] script in netlogon isn't run": } i have samba 3.0.7 and set a logon.bat script in /home/samba/netlogon } But when i log in my domaine (from a windows xp sp1 machine) "Domi" the } script isn't run, no error message at log in Just going on the share } "netlogon" i got the sand-hour and nothing more happens hi you don't need to map anything to the netlogon share, Windows does this by itself, temporarily during login make sure that the batch file is in DOS format not unix format. I found that unix format won't run at all because it is read by Windows expecting a DOS format file. I ensure this by setting up all my scripts via an 'editable' share on the netlogon folder by using a write list = +admin and I am a member of the 'admin' group I do the mapping for this from the command line when I need it. -- DA Fo rsythNetwork Supervisor Principal Technical Officer -- Institute for Water Research http://www.ru.ac.za/institutes/iwr/ -- Patrick DUBAU IUFM d'Alsace - Service Informatique : "Parfois détruire, souvent construire, toujours Servir" 200 avenue de Colmar 67100 STRASBOURG Téléphone: 03.88.40.79.76 -- -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Samba + AD + NIS
Hello, I use UNIX/Linux machines, which are in a NIS domain and samba version 2.x in NT4 domain. The rights applied to the files systems are those of the NIS and the rights on the shares are those of NT4 domain. I wish to obtain the same result with Samba3 integrated into Active Directory. I succeeded has to integrate it into the AD with samba+winbind+MIT Kerberos 5. But not with NIS domain. Je souhaite obtenir le même résultat avec Samba3 intégré à un Active Directory. J'ai réussi 100% AD avec samba+winbind+MIT kerberos 5. Is there a solution? -- Martial Paupe IT Department Kudelski Group| Tel direct : +41 21 732 04 55 1033 Cheseaux | E-mail : martial.paupenagra.com Switzerland -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Experience on using Samba with XP SP2
We have problems with printing after installing XP SP2. In nearly every software it takes about 10 seconds to 30 seconds, if you click on "Print-Button" and wait for the print dialogue window. Extremly slow are programs like MS Word (30 seconds, when you open a document the first time). Another problem, (but I am sure it's not a samba related problem): In some word documents you have problems viewing embedded graphics. Sometimes you see the graphics, sometimes not. It is not a problem with wrong settings (View - Use placeholders for Graphics). In preview there is no graphics, maybe after some scrolling the graphics appear, on the printout graphics are contained. Samba installed is 3.0.7 (compiled on RH 9.0 with standard options)! Regards, Walter rruegner schrieb: CHAN YICK WAI schrieb: Just would like to ask if anyone has experience with Samba with XP SP2, can you share with us? Thanks, Yw Hi, for sure we share : it works read the samba faqs for more info, and/or give us more detailed questions Regards -- Mit freundlichen Grüßen, Dr. Walter Willmertinger CONSYS Gesellschaft für Softwaretechnologie und Systementwicklung mbH Dr. Walter Willmertinger Landsberger Strasse 402 EMail: [EMAIL PROTECTED] 81241 MuenchenPhone: 089-589 789 0 Germany Fax: 089-589 789 99 WWW-Homepage: http://www.consys.de So finden Sie zu uns: http://mail.map24.com/consys-muenchen -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] samba with ldap and digest-md5
man, 18,.10.2004 kl. 06.40 +, skrev Ben Booble: > Hi all, > > I am running samba-server-3.0.6-4.1.100mdk, openldap-servers-2.1.25-6mdk, > lib64sasl2-plug-digestmd5-2.1.15-10.1.100mdk. I have searched through the > lists and I am wondering if I am the only one doing this kind of set-up.. > > Anyway question is as follows: In my ldap server I have normal posix > accounts with plain text password that are sorted out by a sasl-regex in the > slapd.conf and that works well. With smb, how does it handle passwords > between it and ldap and does anyone know of any special configuration > settings should be in place to get it to work? I have read the IDEALX doco > and several contradictory ones so god knows which is right. At the moment > the smb server sees the request from a client (adding a pc to the domain), > goes off to authenticate but comes back with invalid credentials for the > "administrator" user. I am almost sure it is because of the way samba send > the password but I don't really know. > > I know more about ldap than I do about samba so I am hoping to get some > extra insight to how smb works. Will samba work with sasl digest-md5 at > all? No. Samba uses it's own passwordhashes that are stored in the sambaNTPassword and sambaLMpassword attributes to each user. The passwordexchange between samba and the windowscomputers is done using this passwordhash. So no digest-md5 there. But: As samba doesn't relate to the userPassword attribute at all, you may have digest-md5 for other uses, like mail etc. Also, there is a patch to cyrus-sasl so that cyrus-sasl can use domain to check if a user is authenticated. I haven't tested it, but if I've understood the patch correctly then the patch may be used to grant clients SSO to saslenabled services. (Abartlett: yes or no?) Even if it doesn't do that, you'll get a more secure passwordexchange than just plaintext for those clients. Also, there's a module to Openldap 2.2.x that makes Openldap take over the job of syncing passwords between the differen hashes stored in the database. It might be worth looking at that. Tarjei > > Here are relevant details from smb.conf: >security = user >encrypt passwords = yes >smb passwd file = /etc/samba/smbpasswd >unix password sync = Yes >passwd program = /usr/bin/passwd %u >passwd chat = *New*password* %n\n *Retype*new*password* %n\n > *passwd:*all*authentication*tokens*updated*successfully* >pam password change = yes > encrypt passwords = yes > smb passwd file = /etc/samba/smbpasswd > obey pam restrictions = yes > domain master = yes > local master = yes > domain logons = yes > add user script = /usr/share/samba/scripts/smbldap-useradd.pl '%u' > delete user script = /usr/share/samba/scripts/smbldap-userdel.pl '%u' > add user to group script = /usr/share/samba/scripts/smbldap-groupmod.pl -m > '%u' '%g' > delete user from group script = /usr/share/samba/scripts/smbldap-groupmod.pl > -x '%u' '%g' > set primary group script = /usr/share/samba/scripts/smbldap-usermod.pl -g > '%g' '%u' > add group script = /usr/share/samba/scripts/smbldap-groupadd.pl '%g' && > /usr/share/samba/scripts/smbldap-groupshow.pl %g|awk '/^gidNumber:/ {print > $2}' > delete group script = /usr/share/samba/scripts/smbldap-userdel.pl '%g' > > passdb backend = ldapsam:ldaps://newser1.cpc.net.au smbpasswd guest > ldap admin dn = uid=administrator,ou=System,ou=People,dc=cpc > ldap port = 389 > ldap suffix = dc=cpc > ldap machine suffix = ou=Hosts,ou=System > ldap user suffix = ou=People > ldap group suffix = ou=Group > ldap machine suffix = ou=Hosts,ou=System > ldap user suffix = ou=Utiba,ou=People > ldap group suffix = ou=grpUtiba,ou=Group > > smb.log : > ldap_connect_system: Binding to ldap server ldaps://newser1.cpc.net.au as > "uid=administrator,ou=System,ou=People,dc=cpc" > [2004/10/19 01:54:31, 2] lib/smbldap.c:smbldap_connect_system(796) > failed to bind to server with dn= > uid=administrator,ou=System,ou=People,dc=cpc Error: Invalid credentials > > Regards, > > Ben > > _ > Don't just search. Find. Check out the new MSN Search! > http://search.msn.com/ > -- Tarjei Huse <[EMAIL PROTECTED]> -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: Group membership
Wow! I think this is the best post I've seen on any mailinglist -ever- ! A minor comment/question: > 3. If you want the Domain Admins group to be able to manage your Samba servers > you must ensure that this group, or its members, somehow maps to the user > 'root' or the group 'root' (GID=0, on some systems this maps to the group > 'wheel'). So to add / remove users and join domains the vital part is not to have uid0==0 but gid == 0? I've always thought that the only way to do this was to have a user with uid 0. Geza Gemes: If you just want a set of users to add/remove users without beeing root when doing other tasks, use LDAP. Tarjei > > You can either map "Domain Admins" to the GID=0 group on the UNIX system, or > as explained below, you can do this using the "admin users" parameter in the > smb.conf global section. > > You have choice in how UNIX admin capability is provided for domain users. > There are no right or wrong choices - but there are solutions that do or do > not work. If you fail to think through the chain of rights and privileges as > a user passes from a DMC to the domain then through to Samba and the UNIX OS > that hosts it, you will find the result frustrating. But if you can figure > out the simple steps from one point to another the solution is simple and > frustration will be avoided. > > If someone would care to review the appropriate chapters of the > Samba-HOWTO-Collection and suggest updates I will be happy to incorporate > them into the document. > > - John T. > > > On Sunday 17 October 2004 05:29, Gémes Géza wrote: > > Hi everybody, > > > > > Ok, the logic goes like this... > > > > > > If you want to use root for Domain administration purposes it has to > > > be in the Domain user database. > > > If it's a Domain user its primary group should be a Domain group. > > > All Domain groups in Samba are mappings from UNIX groups into SIDs. > > > If mapping for a particular gid is not present it will be created > > > automatically using arithmetic approach. > > > > > > Therefore, if you want your root user to keep its primary gid but to > > > be associated with a Domain group 'Domain Admins' the best approach > > > will be to map this Domain group into UNIX group 'root' instead of > > > creating additional UNIX group 'Domain Admins'. > > > > > > Another approach will be to use some other user to administer your > > > Domain and put it into 'admin users' list in smb.conf then you will be > > > free to choose any primary group for it you like just keep the > > > consistency between gidNumber and sambaPrimaryGroupSID. All users in > > > the 'admin users' list are forced into been root when they access > > > Samba so you will have the same control you would have with root. > > > > Some things to note here: > > admin users is not generally the same as domain admins. > > Members of the domain admin group will have administrator privileges on > > a Windows (NT based) workstation, but no special rights on the Samba > > shares, nor the right to manipulate the users, groups, or machines, > > databases. > > Members of the admin users will be able to act as root to Samba (all > > privileges), but not necessary to be administrators, for the Windows > > workstations, only if they are also members of the Domain Admins group. > > > > I steel have some things not very clear to me: can I have a group added > > to admin users in the global section, while in the share definitions > > specify another admin users (e.g. admin users = root), limiting in this > > way their access to other users data, while giving them the possibility, > > to join machines to the domain? > > > > > I don't know why this is not documented... I don't read documentation > > > that often.. I do know though that Samba team welcomes all suggestions > > > to make documentation better. If you know which part of the > > > documentation got you confused - let them know how to make it more clear. > > > > > > Hope it helps, > > > Igor > > > > Thanks, > > > > Geza > > -- > John H Terpstra > Samba-Team Member > Phone: +1 (650) 580-8668 > > Author: > The Official Samba-3 HOWTO & Reference Guide, ISBN: 0131453556 > Samba-3 by Example, ISBN: 0131472216 > Hardening Linux, ISBN: 0072254971 > OpenLDAP by Example, ISBN: 0131488732 > Other books in production. -- Tarjei Huse <[EMAIL PROTECTED]> -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] cups logs ?
On Mon, Oct 18, 2004 at 05:20:07PM +1000, ip.guy wrote: > Doesn't anyone analise any cups logs ? You could ask this to the [EMAIL PROTECTED] mailing list instead. Anyway, these logs, particularly the page_log file, can't be trusted, because the page_log is only filled when the proper driver is used on the client (a PostScript driver). And even in this case the result can be incorrect. I'd suggest you to use a real print accounting system for CUPS instead. bye Jerome Alet -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] cups logs ?
Doesn't anyone analise any cups logs ? Hi all What do you guys use for analyzing cups logs ? I'm looking for a web based (apache style) log analyses tool regards -ipguy -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba