[Samba] Performance Issues
Hi, I've noticed this type of issue has been raised a few times, but I haven't been able to find a solution yet. I'm having transfer performance issues from various clients to my new file server : Server config is : Athlon 3200+ on Nforce 2 Yukon Gb NIC Gentoo with 2.6.9 samba 3.0.7-r1 ebuild 3Ware Escalade 9500S-12 x 2 Clients are XP SP2,2K3 on similar hardware and G5s with OS X 10.3, all with Gb NICs on Cat6, and all of which are transferring like dogs ;( smbmount from server to 2003Server transfers ok, but one directory with ~2500 files appears as empty! Also, my old G4 w/Os X 10.2 is transferring ok also... go figure. # hdapram -t /dev/sda1 /dev/sda1: Timing buffered disk reads: 268 MB in 3.01 seconds = 88.96 MB/sec During transfer smdb reports only 0.7 %cpu or thereabouts. Various changes to the socket options have not yielded any results. Winbind is authenticating ok and I can't see anything in any of the logs which would indicate a catastrophic problem. smb.conf : [global] socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 netbios name = VAULT workgroup = DOMAIN realm = DOMAIN.LOCAL security = ADS password server = dc.domain.local wins server = dc.domain.local dns proxy = no wins proxy = no encrypt passwords = yes idmap uid = 1-2 winbind enum users = yes winbind gid = 1-2 winbind enum groups = yes winbind separator = + os level = 20 preferred master = no log level = 1 max log size = 50 log file = /var/log/samba/log.%m [vault] comment = Big Thing writeable = yes path = /mnt/vault force user = vaultuser valid users = DOMAIN+"Power Users" Any help would be greatly appreciated. Sincerely, Simon -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Re: SAMBA PDC
When the problem occure, on the Windows machine I find that %LOGONSERVER% variable is changed... So I think that the problem is near WINS, but I can not find where... OK, then let's look at something else that might be relevant. What settings do you have for the user's sambaHomePath and sambaProfilePath in the database? I believe these will be used by default over the "logon path" and "logon home" settings in smb.conf. I set mine to blank in the user's record just after adding a user. That way the system defaults to the smb.conf settings. Jim C. -- - | I can be reached on the following Instant Messenger services: | |---| | MSN: j_c_llings @ hotmail.com AIM: WyteLi0n ICQ: 123291844 | |---| | Y!: j_c_llingsJabber: jcllings @ njs.netlab.cz| - -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Errors converting postscript file to ascii
Greetings Admins, I'm using the sambafax backend for cups to serve Point'n'Print->Fax to XP clients using samba 3.0.7 and cups 1.1.20. The problem is that the users printjob, converted to postscript from samba/cups, can't be converted to ascii using ps2ascii: xprint-admin:/SC/ss/cupspykota/spool/fax# ps2ascii psfile.ps %%[ ProductName: ESP Ghostscript ]%% ERROR: rangecheckOFFENDING COMMAND: get STACK: 1 [0 ] true 239 (\Delta \Theta \Lambda \Delta )7134 566 -savelevel- %%[ Error: rangecheck; OffendingCommand: get ]%% ESP Ghostscript 7.07.1: Unrecoverable error, exit code 1 I need the ps file converted to ascii so that I can get the destination fax number from the printfile. I don't know if the problem lies with cups or samba! I am using the adobe print drivers for this fax queue(defprtr2.ppd, ps5ui.dll, pscript.hlp, pscript.ntf, pscript5.dll) with the postscript option set for "Optimize for Portability". Please hel p! regards, Ryan -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: Trusting and trusted domain (home mapping) problem
Hi Igor, I did not change any settings in the PDC and suddenly "getent group" in domain_B_pdc does not show "Domain Users" of domain_A_pdc (397 users). The log says this : [2004/11/04 13:27:00, 1] nsswitch/winbindd_group.c:fill_grent_mem(133) could not lookup membership for group rid S-1-5-21-1803233979-822103454-943392455-513 in domain STAFF (error: NT_STATUS_UNSUCCESSFUL) [2004/11/04 13:27:00, 0] nsswitch/winbindd_group.c:winbindd_getgrent(795) could not lookup domain group STAFF\Domain Users [2004/11/04 13:27:00, 4] nsswitch/winbindd_group.c:get_sam_group_entries(564) get_sam_group_entries: Native Mode 2k domain; enumerating local groups as well How should I proceed? Is it a winbind memory cache issue? adrian Igor Belyi wrote: Adrian Chow wrote: Hi Igor, Do you have trustdomains in your "auth methods"? Currently I removed the winbind from nsswitch.conf. And "smbclient //domain_B_PDC//shared -U domain_A/domain_A_user" does not work. Have you tried "smbclient //domain_B_PDC//shared -W domain_A -U domain_A_user"? If I put winbind in the nsswitch.conf, then I will be able to authenticated but cannot connect to shared folder with the following error:- Domain=[Domain_B] OS=[Unix] Server=[Samba 3.0.7-Debian] tree connect failed: NT_STATUS_ACCESS_DENIED I would also guess that since "valid users" and "write list" accept only UNIX and NIS groups you will need to have winbind in your nsswitch.conf for @"Domain_A\Domain Users" to work... Does Samba allows Domain_A\domain_a_user to access this share if you list the user without domain specification: "valid users = domain_a_user"? The log file from the Domain_B_PDC:- [2004/11/02 20:50:03, 4] smbd/reply.c:reply_tcon_and_X(408) Client requested device type [?] for share [SHARED] [2004/11/02 20:50:03, 5] smbd/service.c:make_connection(812) making a connection to 'normal' service shared [2004/11/02 20:50:03, 5] lib/username.c:user_in_netgroup_list(315) Unable to get default yp domain [2004/11/02 20:50:03, 5] lib/username.c:user_in_netgroup_list(315) Unable to get default yp domain [2004/11/02 20:50:03, 2] smbd/service.c:make_connection_snum(314) user 'Domain_A\domain_a_user' (from session setup) not permitted to access this share (Shared) [2004/11/02 20:50:03, 3] smbd/error.c:error_packet(105) error string = No such file or directory [2004/11/02 20:50:03, 3] smbd/error.c:error_packet(129) error packet at smbd/reply.c(416) cmd=117 (SMBtconX) NT_STATUS_ACCESS_DENIED -- My smb.conf :- [Shared] path = /shared valid users = @"Domain Users", @"Domain_A\Domain Users" write list = @"Domain Users", @"Domain_A\Domain Users" browsable = yes guest ok = no writeable =no --- Do you have winbind in your nsswitch.conf? No, I don't. How did you managed to get the mapped home directory for domain_a_user when he log on to the joined_domain_B_computer? Yes, I have XP computer joined domain_A and this domain has mutual trust with domain_B. I can login on this computer as user_a into domain_A and as user_b into domain_B and their corresponding home directories get correctly mapped into drive H: dn: uid=user_a,ou=People,dc=domain_A,dc=org sambaHomeDrive: H: sambaHomePath: \\server_A\homes dn: uid=user_b,ou=People,dc=domain_B,dc=org sambaHomeDrive: H: sambaHomePath: \\server_B\homes Hope to hear from you on this... thanks a lot. adrian p/s: hope you got my previous mail cos I forgotten to cc to sambalists Yes, I did. I apologize for delays - I work with Samba only in my spare time. Igor Igor Belyi wrote: == (Header) e-mail Filtrado == I would guess that it means that DomainA trust DomainB but DomainB does not trust DomainA. Can you verify that trust is mutual between them? Check 'net rpc trustom list' on both machines. No, I do not use winbind for NSS (no winbind in /etc/nsswitch.conf). Winbind is used only by Samba when it maps users from trust domain into local space. Adrian Chow wrote: Hi Igor, I got stuck now. I did my best. I got stuck at the winbind which I suspected is the reason why the domainA_computer cannot map the domain_B user's home directory. 1. What are the settings of your winbind? I have the following winbind related entries in smb.conf: ldap idmap suffix = ou=Idmap idmap backend = ldap:ldap://localhost idmap uid = 1-2 idmap gid = 1-2 To see if winbind works you can also try to resolve a name into SID and SID into gid. For examle, if wbinfo -g returns you 'STAFF\wheel'. Try to do the following: wbinfo -n 'STAFF\wheel' wbinfo -Y 2. Do you use only "winbind" in your libnss_ldap or use "ldap" as well? In my /etc/nsswitch.conf I have only "ldap" without winbind. As far as I understand this, winbind usage via NSS can confuse Samba into thinking that those users and groups are defined locally and maybe allowing Samba to use winbind directly is a better approach for trust between domains. I don't k
[Samba] Problem in restarting samba server
Hello, I am using Red-hat Linux Application Server 3.0. I have installed and successfully configured samba server & thus able to connect from windows m/cIt works perfectly fine. But when I install our product( Its a java application and one kernel loadable module) on the same machine The samba server does not restart. Following are the messages in /var/log/samba/smbd.log. after restart. Can any body please help me. I think there is some conflict of aour product with samba server. I'm new user of samba and not able to figure it out from logs that what is problem. I'm using samba server version 3.0.6-2.3E. [2004/11/04 10:39:56, 0] tdb/tdbutil.c:tdb_log(725) tdb(/var/cache/samba/connections.tdb): tdb_read failed at 508 len=4 (Invalid argument) [2004/11/04 10:39:56, 0] smbd/connection.c:yield_connection(76) yield_connection: tdb_delete for name failed with error IO Error. [2004/11/04 10:39:56, 0] tdb/tdbutil.c:tdb_log(725) tdb(/var/cache/samba/connections.tdb): tdb_read failed at 236 len=4 (Invalid argument) [2004/11/04 10:39:56, 0] smbd/connection.c:yield_connection(76) yield_connection: tdb_delete for name failed with error IO Error. [2004/11/04 10:40:00, 0] smbd/server.c:main(760) smbd version 3.0.6-2.3E started. Copyright Andrew Tridgell and the Samba Team 1992-2004 [2004/11/04 10:40:00, 0] tdb/tdbutil.c:tdb_log(725) tdb(/var/cache/samba/connections.tdb): expand_file write of 1024 failed (Invalid argument) [2004/11/04 10:40:00, 0] smbd/connection.c:claim_connection(196) claim_connection: tdb_store failed with error IO Error. [2004/11/04 10:40:00, 0] tdb/tdbutil.c:tdb_log(725) tdb(/var/cache/samba/connections.tdb): tdb_read failed at 400 len=4 (Invalid argument) [2004/11/04 10:40:00, 0] tdb/tdbutil.c:tdb_log(725) tdb(/var/cache/samba/connections.tdb): tdb_read failed at 400 len=4 (Invalid argument) [2004/11/04 10:40:00, 0] tdb/tdbutil.c:tdb_log(725) tdb(/var/cache/samba/connections.tdb): tdb_read failed at 168 len=4 (Invalid argument) [2004/11/04 10:40:00, 0] smbd/connection.c:claim_connection(196) claim_connection: tdb_store failed with error IO Error. Regards vaibhav -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: Trusting and trusted domain (home mapping) problem
Hi Igor, Just to let you now that the "smbclient //domain_b_pdc/shared -U domain_a/domain_a_user" is working. To make it work, I have to put winbind in the nsswitch.conf. The reason why it did not work is 2 fold:- 1. The Domain Users in the domain_A is very large (397 users). When I did "getent group" on domain_b, it does not actually show up "domain_A\domain users". But after a while after restarting the daemon, it will appear. Maybe through out my testing, every change in the smb.conf file, I will restart the winbind daemon and hence have lots of problem. 2. I did not test the smbclient on domain_b_pdc. "smbclient //domain_a_pdc/shared -U domain_b/domain_b_user" would also have work earlier as the domain users in domain_b is very small. Also to let you know that I have upgraded to samba 3.07 for both PDCs. I think partial to the problem I had earlier, it is because of using different versions (3.04 and 3.07). HOWEVER, the original problem of mapping the home directory still exist. adrian Igor Belyi wrote: Adrian Chow wrote: Hi Igor, Do you have trustdomains in your "auth methods"? Currently I removed the winbind from nsswitch.conf. And "smbclient //domain_B_PDC//shared -U domain_A/domain_A_user" does not work. Have you tried "smbclient //domain_B_PDC//shared -W domain_A -U domain_A_user"? If I put winbind in the nsswitch.conf, then I will be able to authenticated but cannot connect to shared folder with the following error:- Domain=[Domain_B] OS=[Unix] Server=[Samba 3.0.7-Debian] tree connect failed: NT_STATUS_ACCESS_DENIED I would also guess that since "valid users" and "write list" accept only UNIX and NIS groups you will need to have winbind in your nsswitch.conf for @"Domain_A\Domain Users" to work... Does Samba allows Domain_A\domain_a_user to access this share if you list the user without domain specification: "valid users = domain_a_user"? The log file from the Domain_B_PDC:- [2004/11/02 20:50:03, 4] smbd/reply.c:reply_tcon_and_X(408) Client requested device type [?] for share [SHARED] [2004/11/02 20:50:03, 5] smbd/service.c:make_connection(812) making a connection to 'normal' service shared [2004/11/02 20:50:03, 5] lib/username.c:user_in_netgroup_list(315) Unable to get default yp domain [2004/11/02 20:50:03, 5] lib/username.c:user_in_netgroup_list(315) Unable to get default yp domain [2004/11/02 20:50:03, 2] smbd/service.c:make_connection_snum(314) user 'Domain_A\domain_a_user' (from session setup) not permitted to access this share (Shared) [2004/11/02 20:50:03, 3] smbd/error.c:error_packet(105) error string = No such file or directory [2004/11/02 20:50:03, 3] smbd/error.c:error_packet(129) error packet at smbd/reply.c(416) cmd=117 (SMBtconX) NT_STATUS_ACCESS_DENIED -- My smb.conf :- [Shared] path = /shared valid users = @"Domain Users", @"Domain_A\Domain Users" write list = @"Domain Users", @"Domain_A\Domain Users" browsable = yes guest ok = no writeable =no --- Do you have winbind in your nsswitch.conf? No, I don't. How did you managed to get the mapped home directory for domain_a_user when he log on to the joined_domain_B_computer? Yes, I have XP computer joined domain_A and this domain has mutual trust with domain_B. I can login on this computer as user_a into domain_A and as user_b into domain_B and their corresponding home directories get correctly mapped into drive H: dn: uid=user_a,ou=People,dc=domain_A,dc=org sambaHomeDrive: H: sambaHomePath: \\server_A\homes dn: uid=user_b,ou=People,dc=domain_B,dc=org sambaHomeDrive: H: sambaHomePath: \\server_B\homes Hope to hear from you on this... thanks a lot. adrian p/s: hope you got my previous mail cos I forgotten to cc to sambalists Yes, I did. I apologize for delays - I work with Samba only in my spare time. Igor Igor Belyi wrote: == (Header) e-mail Filtrado == I would guess that it means that DomainA trust DomainB but DomainB does not trust DomainA. Can you verify that trust is mutual between them? Check 'net rpc trustom list' on both machines. No, I do not use winbind for NSS (no winbind in /etc/nsswitch.conf). Winbind is used only by Samba when it maps users from trust domain into local space. Adrian Chow wrote: Hi Igor, I got stuck now. I did my best. I got stuck at the winbind which I suspected is the reason why the domainA_computer cannot map the domain_B user's home directory. 1. What are the settings of your winbind? I have the following winbind related entries in smb.conf: ldap idmap suffix = ou=Idmap idmap backend = ldap:ldap://localhost idmap uid = 1-2 idmap gid = 1-2 To see if winbind works you can also try to resolve a name into SID and SID into gid. For examle, if wbinfo -g returns you 'STAFF\wheel'. Try to do the following: wbinfo -n 'STAFF\wheel' wbinfo -Y 2. Do you use only "winbind" in your libnss_ldap or use "ldap" as well? In my /etc/nss
Re: [Samba] Re: Trusting and trusted domain (home mapping) problem
Hi Igor, I left out something. Regarding your question:- >Does Samba allows Domain_A\domain_a_user to access this share if you > list the user without domain specification: "valid users = domain_a_user"? The answer is yes ONLY if "valid users = Domain_A\domain_A_user". "Valid users = domain_a_user" does not work. adrian Igor Belyi wrote: Adrian Chow wrote: Hi Igor, Do you have trustdomains in your "auth methods"? Currently I removed the winbind from nsswitch.conf. And "smbclient //domain_B_PDC//shared -U domain_A/domain_A_user" does not work. Have you tried "smbclient //domain_B_PDC//shared -W domain_A -U domain_A_user"? If I put winbind in the nsswitch.conf, then I will be able to authenticated but cannot connect to shared folder with the following error:- Domain=[Domain_B] OS=[Unix] Server=[Samba 3.0.7-Debian] tree connect failed: NT_STATUS_ACCESS_DENIED I would also guess that since "valid users" and "write list" accept only UNIX and NIS groups you will need to have winbind in your nsswitch.conf for @"Domain_A\Domain Users" to work... Does Samba allows Domain_A\domain_a_user to access this share if you list the user without domain specification: "valid users = domain_a_user"? The log file from the Domain_B_PDC:- [2004/11/02 20:50:03, 4] smbd/reply.c:reply_tcon_and_X(408) Client requested device type [?] for share [SHARED] [2004/11/02 20:50:03, 5] smbd/service.c:make_connection(812) making a connection to 'normal' service shared [2004/11/02 20:50:03, 5] lib/username.c:user_in_netgroup_list(315) Unable to get default yp domain [2004/11/02 20:50:03, 5] lib/username.c:user_in_netgroup_list(315) Unable to get default yp domain [2004/11/02 20:50:03, 2] smbd/service.c:make_connection_snum(314) user 'Domain_A\domain_a_user' (from session setup) not permitted to access this share (Shared) [2004/11/02 20:50:03, 3] smbd/error.c:error_packet(105) error string = No such file or directory [2004/11/02 20:50:03, 3] smbd/error.c:error_packet(129) error packet at smbd/reply.c(416) cmd=117 (SMBtconX) NT_STATUS_ACCESS_DENIED -- My smb.conf :- [Shared] path = /shared valid users = @"Domain Users", @"Domain_A\Domain Users" write list = @"Domain Users", @"Domain_A\Domain Users" browsable = yes guest ok = no writeable =no --- Do you have winbind in your nsswitch.conf? No, I don't. How did you managed to get the mapped home directory for domain_a_user when he log on to the joined_domain_B_computer? Yes, I have XP computer joined domain_A and this domain has mutual trust with domain_B. I can login on this computer as user_a into domain_A and as user_b into domain_B and their corresponding home directories get correctly mapped into drive H: dn: uid=user_a,ou=People,dc=domain_A,dc=org sambaHomeDrive: H: sambaHomePath: \\server_A\homes dn: uid=user_b,ou=People,dc=domain_B,dc=org sambaHomeDrive: H: sambaHomePath: \\server_B\homes Hope to hear from you on this... thanks a lot. adrian p/s: hope you got my previous mail cos I forgotten to cc to sambalists Yes, I did. I apologize for delays - I work with Samba only in my spare time. Igor Igor Belyi wrote: == (Header) e-mail Filtrado == I would guess that it means that DomainA trust DomainB but DomainB does not trust DomainA. Can you verify that trust is mutual between them? Check 'net rpc trustom list' on both machines. No, I do not use winbind for NSS (no winbind in /etc/nsswitch.conf). Winbind is used only by Samba when it maps users from trust domain into local space. Adrian Chow wrote: Hi Igor, I got stuck now. I did my best. I got stuck at the winbind which I suspected is the reason why the domainA_computer cannot map the domain_B user's home directory. 1. What are the settings of your winbind? I have the following winbind related entries in smb.conf: ldap idmap suffix = ou=Idmap idmap backend = ldap:ldap://localhost idmap uid = 1-2 idmap gid = 1-2 To see if winbind works you can also try to resolve a name into SID and SID into gid. For examle, if wbinfo -g returns you 'STAFF\wheel'. Try to do the following: wbinfo -n 'STAFF\wheel' wbinfo -Y 2. Do you use only "winbind" in your libnss_ldap or use "ldap" as well? In my /etc/nsswitch.conf I have only "ldap" without winbind. As far as I understand this, winbind usage via NSS can confuse Samba into thinking that those users and groups are defined locally and maybe allowing Samba to use winbind directly is a better approach for trust between domains. I don't know why would you want to put winbind into libnss_ldap which is configuration for LDAP interface for NSS (when you use 'ldap' in /etc/nssswitch.conf file) 3. My winbind works with :- (For both sides) wbinfo -t wbinfo -p wbinfo -u wbinfo -g getent passwd (For DomainA) "getent group" shows all the local groups and also the groups shown in "wbinfo -g" (For DomainB) "getent group" shows all the local groups
Re: [Samba] Re: Trusting and trusted domain (home mapping) problem
Hi Igor, I did "smbclient //domain_B_PDC//shared -W domain_A -U domain_A_user" and I got :- Domain=[UWCSTU] OS=[Unix] Server=[Samba 3.0.7-Debian] tree connect failed: NT_STATUS_ACCESS_DENIED I think it has to do with the UNIX and NIS groups required for @"Domain_A\Domain Users" to work. On the Domain_B_PDC 's log file on Domain_A, it is like this:- [2004/11/04 08:40:48, 5] lib/username.c:Get_Pwnam(293) Finding user STAFF\achow [2004/11/04 08:40:48, 5] lib/username.c:Get_Pwnam_internals(223) Trying _Get_Pwnam(), username as lowercase is staff\achow [2004/11/04 08:40:52, 5] lib/username.c:Get_Pwnam_internals(251) Get_Pwnam_internals did find user [STAFF\achow]! [2004/11/04 08:40:52, 5] auth/auth_util.c:fill_sam_account(960) fill_sam_account: located username was [STAFF\achow] [2004/11/04 08:40:52, 3] smbd/sec_ctx.c:push_sec_ctx(256) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2004/11/04 08:40:52, 3] smbd/uid.c:push_conn_ctx(365) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2004/11/04 08:40:52, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2004/11/04 08:40:52, 5] auth/auth_util.c:debug_nt_user_token(486) NT user token: (NULL) [2004/11/04 08:40:52, 5] auth/auth_util.c:debug_unix_user_token(505) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2004/11/04 08:40:52, 5] lib/smbldap.c:smbldap_search(963) smbldap_search: base => [ou=Group,ou=studentnet,dc=uwcsea,dc=org], filter => [(&(objectClass=sambaGroupMapping)(gidNumber=1))], scope => [2] [2004/11/04 08:40:52, 4] passdb/pdb_ldap.c:ldapsam_getgroup(2008) ldapsam_getgroup: Did not find group [2004/11/04 08:40:52, 3] smbd/sec_ctx.c:pop_sec_ctx(386) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2004/11/04 08:40:52, 4] lib/substitute.c:automount_server(323) Home server: gloin [2004/11/04 08:40:52, 5] auth/auth_util.c:debug_unix_user_token(505) UNIX token of user 10139 Primary group is 1 and contains 3 supplementary groups Group[ 0]: 1 Group[ 1]: 10013 Group[ 2]: 10014 [2004/11/04 08:40:52, 3] auth/auth.c:check_ntlm_password(268) check_ntlm_password: winbind authentication for user [achow] succeeded [2004/11/04 08:40:52, 3] smbd/sec_ctx.c:push_sec_ctx(256) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2004/11/04 08:40:52, 3] smbd/uid.c:push_conn_ctx(365) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2004/11/04 08:40:52, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2004/11/04 08:40:52, 5] auth/auth_util.c:debug_nt_user_token(486) NT user token: (NULL) [2004/11/04 08:40:52, 5] auth/auth_util.c:debug_unix_user_token(505) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2004/11/04 08:40:52, 3] smbd/sec_ctx.c:pop_sec_ctx(386) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2004/11/04 08:40:52, 5] auth/auth.c:check_ntlm_password(292) check_ntlm_password: PAM Account for user [STAFF\achow] succeeded [2004/11/04 08:40:52, 2] auth/auth.c:check_ntlm_password(305) check_ntlm_password: authentication for user [achow] -> [achow] -> [STAFF\achow] succeeded [2004/11/04 08:40:52, 5] auth/auth_util.c:free_user_info(1306) attempting to free (and zero) a user_info structure [2004/11/04 08:40:52, 3] libsmb/ntlmssp_sign.c:ntlmssp_sign_init(319) NTLMSSP Sign/Seal - Initialising with flags: [2004/11/04 08:40:52, 3] libsmb/ntlmssp.c:debug_ntlmssp_flags(62) Got NTLMSSP neg_flags=0x60080215 NTLMSSP_NEGOTIATE_UNICODE NTLMSSP_REQUEST_TARGET NTLMSSP_NEGOTIATE_SIGN NTLMSSP_NEGOTIATE_NTLM NTLMSSP_NEGOTIATE_NTLM2 NTLMSSP_NEGOTIATE_128 NTLMSSP_NEGOTIATE_KEY_EXCH [2004/11/04 08:40:52, 3] smbd/password.c:register_vuid(222) User name: STAFF\achowReal name: Adrian Chow [2004/11/04 08:40:52, 3] smbd/password.c:register_vuid(241) UNIX uid 10139 is UNIX user STAFF\achow, and will be vuid 100 [2004/11/04 08:40:52, 3] smbd/password.c:register_vuid(270) Adding homes service for user 'STAFF\achow' using home directory: '/home/STAFF/achow' [2004/11/04 08:40:52, 3] param/loadparm.c:lp_add_home(2341) adding home's share [achow] for user 'STAFF\achow' at '/home/STAFF/achow' [2004/11/04 08:40:52, 3] smbd/process.c:process_smb(1092) Transaction 3 of length 84 [2004/11/04 08:40:52, 5] lib/util.c:show_msg(439) [2004/11/04 08:40:52, 5] lib/util.c:show_msg(449) size=80 smb_com=0x75 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=8 smb_flg2=51201 smb_tid=0 smb_pid=26725 smb_uid=100 smb_mid=4 smt_wct=4 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=0 (0x0) smb_vwv[ 2]=0 (0x0) smb_vwv[ 3]=1 (0x1) smb_bcc=37 [2004/11/04 08:40:52, 3] smbd/process.c:switch_message(887) switch message SMBtconX (pid 20987) conn 0x0 [2004/11/04 08:40:52, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2004/11/04 08:40:52, 5] auth/auth_util.c:debug_nt_user_token(486) NT
[Samba] ADS Domain Member Server + PAM problem
Hi all I have set my Samba server up to join an AD realm. Winbind is working fine and I am able to use it for authentication as needed. When I try to connect to one of my shares via a Windows client, I get the following error: [2004/11/04 11:57:54, 0] auth/pampass.c:smb_pam_account(573) smb_pam_account: PAM: UNKNOWN PAM ERROR (9) during Account Management for User: MYDOMAIN+room1 [2004/11/04 11:57:54, 2] auth/pampass.c:smb_pam_error_handler(73) smb_pam_error_handler: PAM: Account Check Failed : Authentication service cannot retrieve authentication info. [2004/11/04 11:57:54, 0] auth/pampass.c:smb_pam_accountcheck(781) smb_pam_accountcheck: PAM: Account Validation Failed - Rejecting User MYDOMAIN+room1! [2004/11/04 11:57:54, 2] auth/auth.c:check_ntlm_password(312) check_ntlm_password: Authentication for user [room1] -> [room1] FAILED with error NT_STATUS_LOGON_FAILURE My smb.conf file looks something like this: [global] winbind separator = + winbind uid = 1-2 winbind gid = 1-2 winbind cache time = 15 winbind enum users = yes winbind enum groups = yes template homedir = /home/%U template shell = /bin/false winbind use default domain = yes panic action = /usr/share/samba/panic-action %d # passwd program = /usr/bin/passwd %u printing = bsd netbios name = proxy dns proxy = no syslog only = no name resolve order = lmhosts host wins bcast encrypt passwords = true # passdb backend = smbpasswd guest socket options = IPTOS_LOWDELAY TCP_NODELAY SO_SNDBUF=4096 SO_RCVBUF=4096 short preserve case = yes printcap name = /etc/printcap invalid users = root max log size = 1000 obey pam restrictions = yes # passwd chat = *Enter\snew\sUNIX\spassword:* %n\n Retype\snew\sUNIX\spassword:* %n\n . security = ads password server = DC1 realm = MYDOMAIN.BLAH preserve case = yes unix password sync = false workgroup = MYDOMAIN server string = %h server (Samba %v) syslog = 0; guest account = nobody load printers = yes For what it's worth, my /etc/pam.d/samba file is as follows: authrequired /lib/security/pam_env.so authsufficient/lib/security/pam_unix.so likeauth nullok authsufficient/lib/security/pam_winbind.so use_first_pass authrequired /lib/security/pam_deny.so account required /lib/security/pam_unix.so account sufficient/lib/security/pam_winbind.so use_first_pass passwordrequired /lib/security/pam_cracklib.so retry=3 type= # Note: The above line is complete. There is nothing following the '=' passwordsufficient/lib/security/pam_unix.so \ nullok use_authtok md5 shadow passwordsufficient/lib/security/pam_winbind.so use_first_pass passwordrequired /lib/security/pam_deny.so session required /lib/security/pam_limits.so session sufficient/lib/security/pam_unix.so session sufficient/lib/security/pam_winbind.so use_first_pass` Interestingly enough, if I connect using smbclient and force it to use kerberos with the -k option, I am able to connect. It's not until I try to use NTLM that I receive the error. Any suggestions? Cheers Richard This message was sent using InSPire Net Webmail. http://www.inspire.net.nz -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] WINS setup / browsing
I just successfully upgraded a server from v 2.2.8 to v3.0.7. When I execute smbstatus or swat it correctly shows v 3.0.7. When I browse thru network neighborhood it still shows v 2.2.8. I stopped samba, and removed /usr/local/samba/var/locks/browse.dat & wins.dat. Then restarted samba. It still reports v2.2.8 thru network neighborhood. In viewing browse.dat it shows 2.2.8. Where is this coming from & how do I correct it? Thanks Tom -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Setting uid and gid with smbmount
I'm having a problem setting the uid and gid properly using smbmount. I'm hoping someone can help with this issue. I run: mount -t smbfs -o username=technician,uid=500,gid=500 //fileserver/technician /mnt/technician and it mounts, but the uid and gid are all set to 1003 and 103 respectively which is the uid and gid of the files on the server. Am I making a mistake here? Also, how can I make it follow the symlinks server-side, rather than deliver the symlinks to this client? Some background for details if it's helpful. I'm running slackware 10.0 as a samba server with samba 3.0.5. Most of the users run windows and Mac OS X, but I wanted to set up a demonstration workstation running open source software. I set up a box with Red Hat Enterprise Linux Workstation 4.0 beta. There appear to be a couple ways to connect to a samba share with it. Nautilus has a built in samba client that works quite well, making the files all readable, and following symlinks just like I want. The problem is that it isn't actually mounted in the filesystem, so programs such as the GIMP can't open remote files unless they are copied locally. The alternative is to mount the smb filesystem as I'm trying to do. I've added a line matching the mount command above to fstab, but I still run into two problems. The most significant is that, as mentioned, the uid and gid are all incorrect, and I don't know how to correct it. Secondly, and if anyone can help with this as well, symlinks don't work as I would like. I would prefer for the symlinks to be followed on the server, rather than delivered as a symlink that points to an incorrect location on the client. Or have other people solved this general Linux workstation using a shared server space in a different manner? Thanks for the help, Joel Ebel -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Samba Issue
We currently have Samba installed on a Solaris 8 server. It is serving several fileshares. Within the last couple of months we have had an issue with connecting to the share from the XP desktops. On the same share it will work fine for a while and then all of a sudden when you try to mount the share it will ask for an ID and password (it normally does not). If you try again a few seconds later it will mount fine without the ID and password. It is not password protected. Does anyone have any idea what the problem could be? In further investigation I find that when you CAN'T get in, this error is recorded in the individuals log file. [2004/11/03 16:23:49, 0] passdb/pdb_smbpasswd.c:pdb_getsampwnam(1367) unable to open passdb database. Brian M. Miley UNIX Administrator NCAA Technical Services Ph: (317) 917-6709 Fax: (317) 917-6888 -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] File case sensitivity
Hi; I've run into a somewhat interesting issue in regards to IIS serving content from a samba share. Occasionly, IIS will return 404 errors for content that does infact exist. >From the samba machine, I captured the following: This is an example of the site http://www.mysite.co.nz/foo not working: [2004/11/04 09:30:14, 3] smbd/trans2.c:call_trans2qfilepathinfo(2353) call_trans2qfilepathinfo: SMB_VFS_STAT of USER/MYSITE.CO.NZ/HTDOCS/FOO failed (No such file or directory) [2004/11/04 09:30:14, 3] smbd/error.c:error_packet(94) error string = No such file or directory [2004/11/04 09:30:14, 3] smbd/error.c:error_packet(114) error packet at smbd/trans2.c(2217) cmd=50 (SMBtrans2) NT_STATUS_OBJECT_PATH_NOT_FOUND [2004/11/04 09:30:14, 3] smbd/process.c:process_smb(890) This is an example of the same site working, after I visited http://www.mysite.co.nz/ first, a few seconds later: [2004/11/04 09:34:02, 3] smbd/trans2.c:call_trans2qfilepathinfo(2361) call_trans2qfilepathinfo user/mysite.co.nz/htdocs/foo (fnum = -1) level=1004 call=5 total_data=0 [2004/11/04 09:34:02, 3] smbd/process.c:process_smb(890) Transaction 8253551 of length 154 [2004/11/04 09:34:02, 3] smbd/process.c:switch_message(685) switch message SMBtrans2 (pid 14455) [2004/11/04 09:34:02, 3] smbd/trans2.c:call_trans2qfilepathinfo(2331) call_trans2qfilepathinfo: TRANSACT2_QPATHINFO: level = 1004 [2004/11/04 09:34:02, 3] smbd/trans2.c:call_trans2qfilepathinfo(2361) call_trans2qfilepathinfo user/mysite.co.nz/htdocs/foo (fnum = -1) level=1004 call=5 total_data=0 [2004/11/04 09:34:02, 3] smbd/process.c:process_smb(890) Transaction 8253552 of length 164 So the issue appears to be that samba is returning NT_STATUS_OBJECT_PATH_NOT_FOUND errors when IIS is requesting the file/path in uppercase. What I don't understand is that samba, by default, is configured to ignore case sensitivity. Has anyone else had similar problems and/or could point me in the right direction? TIA. --Brent -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] 3.0.8pre2 and smbstatus
Hallo, in 3.0.8pre2 the smbstatus command always shows connections _and_ shares even if using the switches '-p' for showing processes only or '-S' for showing shares only or '-B' for showing locks only: test2 # smbstatus --help Usage: [OPTION...] -p, --processes Show processes only -v, --verboseBe verbose -L, --locks Show locks only -S, --shares Show shares only -u, --user=ARG Switch to user -b, --brief Be brief -B, --byterange Include byte range locks Help options -?, --help Show this help message --usage Display brief usage message Common samba options: -d, --debuglevel=DEBUGLEVEL Set debug level -s, --configfile=CONFIGFILE Use alternative configuration file -l, --log-basename=LOGFILEBASE Basename for log/debug files -V, --versionPrint version test2 # smbstatus -p Samba version 3.0.8pre2 PID Username Group Machine --- 3164 root root tb2 (192.168.0.7) Service pid machine Connected at --- public3164 tb2 Wed Nov 3 21:06:26 2004 test2 # smbstatus -S Samba version 3.0.8pre2 PID Username Group Machine --- 3164 root root tb2 (192.168.0.7) Service pid machine Connected at --- public3164 tb2 Wed Nov 3 21:06:26 2004 test2 # smbstatus -B Samba version 3.0.8pre2 PID Username Group Machine --- 3164 root root tb2 (192.168.0.7) Service pid machine Connected at --- public3164 tb2 Wed Nov 3 21:06:26 2004 No locked files I would expect this: test2 # smbstatus -p Samba version 3.0.8pre2 PID Username Group Machine --- 3164 root root tb2 (192.168.0.7) test2 # smbstatus -S Service pid machine Connected at --- public3164 tb2 Wed Nov 3 21:06:26 2004 test2 # smbstatus -B No locked files der tom Verschicken Sie romantische, coole und witzige Bilder per SMS! Jetzt neu bei WEB.DE FreeMail: http://freemail.web.de/?mc=021193 -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Samba Issue
We currently have Samba installed on a Solaris 8 server. It is serving several fileshares. Within the last couple of months we have had an issue with connecting to the share from the XP desktops. On the same share it will work fine for a while and then all of a sudden when you try to mount the share it will ask for an ID and password (it normally does not). If you try again a few seconds later it will mount fine without the ID and password. It is not password protected. Does anyone have any idea what the problem could be? Brian M. Miley UNIX Administrator NCAA Technical Services Ph: (317) 917-6709 Fax: (317) 917-6888 -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] samba browsing not responding
i have a samba server named CCFILES set up on a domain. i've successfully set up the server and joined it to the domain. we're running in an 2000 domain, but it's not running AD. most of our workstations are win2000 pro. all i want to do is serve files. i can browse the server fine and even copy some things, but explorer frequently locks up while browsing the server. looking at the server, everything seems fine. the server's a 450 mhz g3 powerpc with 512 MB of RAM and a 40 GB HDD, which would seem to me to be more than enough to serve files. i'm running Mandrake Linux on it and Samba 3.0.7. i set the machine up with a high security setting. not sure if that might be the cause of some of my problems. i'm not exactly sure what it entails, but i can't log into the machine direcly as root (i have to su), it will automatically log out of root after a while if not being used, and pings to the machine aren't returned. i tried copying the smb.conf file over to my workstation using samba, and only the first 16 kb copied for some reason. here are some settings i changed: [global] workgroup = DOMAIN security = DOMAIN password server = * encrypt passwords = yes idmap uid = 15000-2 idmap gid = 15000-2 winbind separator = + local master = no wins server = 192.168.1.10 [Files] comment = shared files path = /files public = yes writable = no write list = DOMAIN+user1 DOMAIN+user2 DOMAIN+user3 i don't want any kind of shared printing, so i commented all of the printing options out. are there any settings i missed or configured incorrectly? could my security settings possibly have something to do with this? could i possibly change this setting and fix the problem: socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 i appreciate any suggestions. thanks for the help. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: SAMBA PDC
No, I have not problems with this... The profile is created normaly... When the problem occure, on the Windows machine I find that %LOGONSERVER% variable is changed... So I think that the problem is near WINS, but I can not find where... Could you send me some smb.conf example which works fine? On Wednesday 03 November 2004 22:47, Jim C. wrote: > > Thanks for help. > > OK there is attached output from $ testparm -vs > > I have heard something about using SRV records in DDNS, are they > > necessary in this case? > > I doubt it. I've never used them before and mine runs fine. > > This could be a profile permissions issue. Is your system having any > trouble createing a profile with the correct perms/ownerships? To find > out, use: > > ls -l /var/lib/samba/profiles | grep [username] > > Like so: > > [EMAIL PROTECTED] 0 samba]$ ls -l /var/lib/samba/profiles | grep njim > drwx-- 19 njim Domain Users 4096 Nov 2 23:55 njim > > Assumeing you want roaming profiles and not mandatory profiles, it may > > be best to omit the profdata share. My profiles section looks like this: > > [profiles] > > comment = Profile Share > > path = /var/lib/samba/profiles > > read only = No > > profile acls = Yes > > browseable = No > > hide dot files = Yes > > root preexec = PROFILE=/var/lib/samba/profiles/%u; if [ ! -e $PROFILE ]; > > \ then mkdir -pm700 $PROFILE; chown "%u"."%g" $PROFILE; fi > > Now for a test, you can create the users profile directory by hand using > the correct permissions and ownerships. Then log in and if the problem > goes away, you know that this is the issue. > > The root preexec statement mentioned above causes a short script to be > executed before user login. The script I've specified above will check > to see if the user has a valid profile and if not it will create one > with the appropriate permissions and ownerships. One would expect this > to be automatic but what I found was that permissions for the parent > directory nescesary for automatic profile directory creation were > unexceptable (i.e. the user could save or delete files in the directory > beneath thier own which is /var/lib/samba/profiles). > > Of course this is a bit of overhead each time someone logs in. If you > want a little more of a scaleable solution, write a short script that > creates the directory as the user is added to the system. > > Let me know if this works for you. > > > > Jim C. > -- > - > > | I can be reached on the following Instant Messenger services: | > |---| > | MSN: j_c_llings @ hotmail.com AIM: WyteLi0n ICQ: 123291844 | > |---| > | Y!: j_c_llingsJabber: jcllings @ njs.netlab.cz | > > - -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: Trusting and trusted domain (home mapping) problem
Adrian Chow wrote: Hi Igor, Do you have trustdomains in your "auth methods"? Currently I removed the winbind from nsswitch.conf. And "smbclient //domain_B_PDC//shared -U domain_A/domain_A_user" does not work. Have you tried "smbclient //domain_B_PDC//shared -W domain_A -U domain_A_user"? If I put winbind in the nsswitch.conf, then I will be able to authenticated but cannot connect to shared folder with the following error:- Domain=[Domain_B] OS=[Unix] Server=[Samba 3.0.7-Debian] tree connect failed: NT_STATUS_ACCESS_DENIED I would also guess that since "valid users" and "write list" accept only UNIX and NIS groups you will need to have winbind in your nsswitch.conf for @"Domain_A\Domain Users" to work... Does Samba allows Domain_A\domain_a_user to access this share if you list the user without domain specification: "valid users = domain_a_user"? The log file from the Domain_B_PDC:- [2004/11/02 20:50:03, 4] smbd/reply.c:reply_tcon_and_X(408) Client requested device type [?] for share [SHARED] [2004/11/02 20:50:03, 5] smbd/service.c:make_connection(812) making a connection to 'normal' service shared [2004/11/02 20:50:03, 5] lib/username.c:user_in_netgroup_list(315) Unable to get default yp domain [2004/11/02 20:50:03, 5] lib/username.c:user_in_netgroup_list(315) Unable to get default yp domain [2004/11/02 20:50:03, 2] smbd/service.c:make_connection_snum(314) user 'Domain_A\domain_a_user' (from session setup) not permitted to access this share (Shared) [2004/11/02 20:50:03, 3] smbd/error.c:error_packet(105) error string = No such file or directory [2004/11/02 20:50:03, 3] smbd/error.c:error_packet(129) error packet at smbd/reply.c(416) cmd=117 (SMBtconX) NT_STATUS_ACCESS_DENIED -- My smb.conf :- [Shared] path = /shared valid users = @"Domain Users", @"Domain_A\Domain Users" write list = @"Domain Users", @"Domain_A\Domain Users" browsable = yes guest ok = no writeable =no --- Do you have winbind in your nsswitch.conf? No, I don't. How did you managed to get the mapped home directory for domain_a_user when he log on to the joined_domain_B_computer? Yes, I have XP computer joined domain_A and this domain has mutual trust with domain_B. I can login on this computer as user_a into domain_A and as user_b into domain_B and their corresponding home directories get correctly mapped into drive H: dn: uid=user_a,ou=People,dc=domain_A,dc=org sambaHomeDrive: H: sambaHomePath: \\server_A\homes dn: uid=user_b,ou=People,dc=domain_B,dc=org sambaHomeDrive: H: sambaHomePath: \\server_B\homes Hope to hear from you on this... thanks a lot. adrian p/s: hope you got my previous mail cos I forgotten to cc to sambalists Yes, I did. I apologize for delays - I work with Samba only in my spare time. Igor Igor Belyi wrote: == (Header) e-mail Filtrado == I would guess that it means that DomainA trust DomainB but DomainB does not trust DomainA. Can you verify that trust is mutual between them? Check 'net rpc trustom list' on both machines. No, I do not use winbind for NSS (no winbind in /etc/nsswitch.conf). Winbind is used only by Samba when it maps users from trust domain into local space. Adrian Chow wrote: Hi Igor, I got stuck now. I did my best. I got stuck at the winbind which I suspected is the reason why the domainA_computer cannot map the domain_B user's home directory. 1. What are the settings of your winbind? I have the following winbind related entries in smb.conf: ldap idmap suffix = ou=Idmap idmap backend = ldap:ldap://localhost idmap uid = 1-2 idmap gid = 1-2 To see if winbind works you can also try to resolve a name into SID and SID into gid. For examle, if wbinfo -g returns you 'STAFF\wheel'. Try to do the following: wbinfo -n 'STAFF\wheel' wbinfo -Y 2. Do you use only "winbind" in your libnss_ldap or use "ldap" as well? In my /etc/nsswitch.conf I have only "ldap" without winbind. As far as I understand this, winbind usage via NSS can confuse Samba into thinking that those users and groups are defined locally and maybe allowing Samba to use winbind directly is a better approach for trust between domains. I don't know why would you want to put winbind into libnss_ldap which is configuration for LDAP interface for NSS (when you use 'ldap' in /etc/nssswitch.conf file) 3. My winbind works with :- (For both sides) wbinfo -t wbinfo -p wbinfo -u wbinfo -g getent passwd (For DomainA) "getent group" shows all the local groups and also the groups shown in "wbinfo -g" (For DomainB) "getent group" shows all the local groups and only the GUESTs group. Very weird. The rest of the groups in "wbinfo -g" does not come up. The logs is something like this:- --- nsswitch/winbindd_group.c:fill_grent_mem(133) could not lookup membership for group rid S-1-5-21-1803233979-822103454-943392455-3005 in domain STAFF (error: NT_STATUS_NO_SUCH_
[Samba] Re: SAMBA PDC
Thanks for help. OK there is attached output from $ testparm -vs I have heard something about using SRV records in DDNS, are they necessary in this case? I doubt it. I've never used them before and mine runs fine. This could be a profile permissions issue. Is your system having any trouble createing a profile with the correct perms/ownerships? To find out, use: ls -l /var/lib/samba/profiles | grep [username] Like so: [EMAIL PROTECTED] 0 samba]$ ls -l /var/lib/samba/profiles | grep njim drwx-- 19 njim Domain Users 4096 Nov 2 23:55 njim Assumeing you want roaming profiles and not mandatory profiles, it may be best to omit the profdata share. My profiles section looks like this: [profiles] comment = Profile Share path = /var/lib/samba/profiles read only = No profile acls = Yes browseable = No hide dot files = Yes root preexec = PROFILE=/var/lib/samba/profiles/%u; if [ ! -e $PROFILE ]; \ then mkdir -pm700 $PROFILE; chown "%u"."%g" $PROFILE; fi Now for a test, you can create the users profile directory by hand using the correct permissions and ownerships. Then log in and if the problem goes away, you know that this is the issue. The root preexec statement mentioned above causes a short script to be executed before user login. The script I've specified above will check to see if the user has a valid profile and if not it will create one with the appropriate permissions and ownerships. One would expect this to be automatic but what I found was that permissions for the parent directory nescesary for automatic profile directory creation were unexceptable (i.e. the user could save or delete files in the directory beneath thier own which is /var/lib/samba/profiles). Of course this is a bit of overhead each time someone logs in. If you want a little more of a scaleable solution, write a short script that creates the directory as the user is added to the system. Let me know if this works for you. Jim C. -- - | I can be reached on the following Instant Messenger services: | |---| | MSN: j_c_llings @ hotmail.com AIM: WyteLi0n ICQ: 123291844 | |---| | Y!: j_c_llingsJabber: jcllings @ njs.netlab.cz| - -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: SAMBA PDC
Thanks for help. OK there is attached output from $ testparm -vs I have heard something about using SRV records in DDNS, are they necessary in this case? On Wednesday 03 November 2004 20:46, Jim C. wrote: > > OK, I still have problems to run samba as PDC. > > ... > > > Can some help me, please! > > We'll need some data first. To start with, post the output of the > "testparm" command. This will tell us much about your setup and will > also test smb.conf for syntax errors. > > > Jim C. > -- > - > > | I can be reached on the following Instant Messenger services: | > |---| > | MSN: j_c_llings @ hotmail.com AIM: WyteLi0n ICQ: 123291844 | > |---| > | Y!: j_c_llingsJabber: jcllings @ njs.netlab.cz | > > - # Global parameters [global] dos charset = CP850 unix charset = UTF8 display charset = LOCALE workgroup = REYCON-1 realm = netbios name = PDC netbios aliases = netbios scope = server string = Samba 3.0.5 interfaces = eth0, lo bind interfaces only = Yes security = USER auth methods = encrypt passwords = Yes update encrypted = No client schannel = Auto server schannel = Auto allow trusted domains = Yes hosts equiv = min passwd length = 5 map to guest = Never null passwords = No obey pam restrictions = No password server = * smb passwd file = /etc/samba/smbpasswd private dir = /etc/samba passdb backend = ldapsam:ldap://pdc.reycon.com algorithmic rid base = 1000 root directory = guest account = nobody pam password change = No passwd program = passwd chat = *new*password* %n\n *new*password* %n\n *changed* passwd chat debug = No passwd chat timeout = 2 username map = /etc/samba/smbusers password level = 0 username level = 0 unix password sync = No restrict anonymous = 0 lanman auth = Yes ntlm auth = Yes client NTLMv2 auth = No client lanman auth = Yes client plaintext auth = Yes preload modules = log level = 1 syslog = 0 syslog only = No log file = /var/log/samba/%m max log size = 50 timestamp logs = Yes debug hires timestamp = No debug pid = No debug uid = No smb ports = 139 445 protocol = NT1 large readwrite = Yes max protocol = NT1 min protocol = CORE read bmpx = No read raw = Yes write raw = Yes disable netbios = No acl compatibility = nt pipe support = Yes nt status support = Yes announce version = 4.9 announce as = NT max mux = 50 max xmit = 16644 name resolve order = wins bcast hosts max ttl = 259200 max wins ttl = 518400 min wins ttl = 21600 time server = Yes unix extensions = Yes use spnego = Yes client signing = auto server signing = No client use spnego = Yes change notify timeout = 60 deadtime = 0 getwd cache = Yes keepalive = 300 kernel change notify = Yes lpq cache time = 10 max smbd processes = 0 paranoid server security = Yes max disk size = 0 max open files = 1 socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 use mmap = Yes hostname lookups = No name cache timeout = 660 load printers = Yes printcap name = cups disable spoolss = No enumports command = addprinter command = deleteprinter command = show add printer wizard = No os2 driver map = mangling method = hash2 mangle prefix = 1 stat cache = Yes machine password timeout = 604800 add user script = /var/lib/samba/sbin/smbldap-useradd.pl -a -m '%u' delete user script = /var/lib/samba/sbin/smbldap-userdel.pl %u add group script = /var/lib/samba/sbin/smbldap-groupadd.pl -p '%g' delete group script = /var/lib/samba/sbin/smbldap-groupdel.pl '%g' add user to group script = /var/lib/samba/sbin/smbldap-groupmod.pl -m '%u' '%g' delete user from group script = /var/lib/samba/sbin/smbldap-groupmod.pl -x '%u' '%g' set primary group script = /var/lib/samba/sbin/smbldap-usermod.pl -g '%g' '%u' add machine script = /var/lib/samba/sbin/smbldap-useradd.pl -w '%u' shutdown script = abort shutdown script = logon script = scripts\logon.bat logo
[Samba] Re: SAMBA PDC
OK, I still have problems to run samba as PDC. ... Can some help me, please! We'll need some data first. To start with, post the output of the "testparm" command. This will tell us much about your setup and will also test smb.conf for syntax errors. Jim C. -- - | I can be reached on the following Instant Messenger services: | |---| | MSN: j_c_llings @ hotmail.com AIM: WyteLi0n ICQ: 123291844 | |---| | Y!: j_c_llingsJabber: jcllings @ njs.netlab.cz| - -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Password server is not connected.
Hi Paul, thanks for your advice. I succeded in avoiding "password server is not connected" introducing "security=domain" instead of "security=server" and 2.2.12. About our choice on samba2 vs 3: compiling 3.x with Openldap was my first try but I encurred in the known problem on supplemtary groups documented on https://bugzilla.samba.org/show_bug.cgi?id=943 and http://lists.samba.org/archive/samba-technical/2003-December/033162.html. This can be avoided compiling with Sun/Netscape Ldap lib, and this was smoothful for me only with samba2 (and Sun DS 5.2). Bye. -roberto Paul Gienger wrote: We are using "security=server", which is an Active Directory. I'm pretty sure that 2.2.x doesn't do active directory well, if at all. In any case, I would suggest 2.2.12 if you must use the old unsupported version. To compile 3.0.x to run against Sun's LDAP server, the stated procedure is to compile against openldap libraries, which will give you the abilitiy to talk to any ldap server. You just need to tell samba how to speak the language of ldap, not Sun's particular dialect. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba3 + LDAP - troubles joining domain (have to do it twice)
Paul Gienger wrote: In case someone was using smbldap-tool 0.85, this change is around line 390, and looks like below (note there is no "$ldap_master->unbind;" and there is "return 1;") - I set it to 15, just in case: Hrm, coulda sworn that I was using 0.85... but I have been wrong before, just once. To be *perfectly* correct, I am using smbldap-tools 0.85-2. Another approach to solve this problem could be to have some sort of machine-management naming scheme; what I mean is to have all machine names already in LDAP database: pc001, pc002, pc003 etc. *before* joining the domain. Tomek -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba3 + LDAP - troubles joining domain (have to do it twice)
Paul Gienger wrote: In case someone was using smbldap-tool 0.85, this change is around line 390, and looks like below (note there is no "$ldap_master->unbind;" and there is "return 1;") - I set it to 15, just in case: Hrm, coulda sworn that I was using 0.85... but I have been wrong before, just once. It should be noted that you should make sure that LDAP is your issue before doing this just so that you aren't masking the real issue. In my case you could watch the LDAP query come through while watching the samba logs and you'd actually see samba asking for the sambaSAMAccount entry before it replicated through to the slave. This sounds like your issue as well if your 'high latency link' is slow enough. If you're running a simple non-replicated setup or if your slave isn't over a high(ish) latency link I'd keep looking for other issues. I spent all yesterday thinking what can be wrong, and today the whole day trying to figure out by changing different settings / watching logs etc. I googled for people with similar problem, but there weren't many, the only solution to the problem I had was this "sleep" added to smbldap-tools (thanks for that). In logs I could see that Samba is complaining that it can't find the machine/name [it just added] (writing happens to a remote master over worst case slow ADSL/VPN link, then it's replicated to a slave over the same link), so I think that approach with adding "sleep" is good. But finally it works; sometimes I was thinking that these M$ guys talking about higher Linux TCO might be right :) Tomek -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] SAMBA PDC
OK, I still have problems to run samba as PDC. I have followed the instructions from Samba By Examples chapter 6. Also I have configured dynamic dns + dhcp. But, I still doesn't work. I have possibility to logon on Windows machine 2 times. At the 3 i have recieve erroe message, that windows can not copy profile from server. I have check that at fist 2 times I am connecting as any user from pdc, the: cmd> echo %LOGONSERVER% is equal to //PDC, When I have meet problems login in I have answear: cmd>echo %LOGONSERVER eq //LOCALMACHINE Can some help me, please! -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Re: Winbind type email
Hello all Sorry to post this hugely off-topic, but i have no clue where to start. Start with the phrase "exchange server replacement" as that is what I see most often in regards to the topic at hand. This may assist you in your searches. It could be that all you are looking for is an IMAP server. Alternatively, you could try something like oGo (OpenGroupWare) or EGroupware. Jim C. -- - | I can be reached on the following Instant Messenger services: | |---| | MSN: j_c_llings @ hotmail.com AIM: WyteLi0n ICQ: 123291844 | |---| | Y!: j_c_llingsJabber: jcllings @ njs.netlab.cz| - -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Local administrator for domain user, vs local user
Hi, If I add a domain user to a local client's Administrator group, that user seems to have less rights than if I add a local user to the local Administrator's group. Specifically Windows XP SP2, and Samba 3.0.7. I notice that the domain user can't load user hives, can't delete registry keys owned by local Administrators, and things like that. Is this a problem with Windows or with Samba? I had expected that a local administrator was a local administrator, no matter where they were authenticated from. Thanks for your help. I apologize if this is a duplicate -- my local system crashed and it doesn't look like it sent this mail when I composed it the first time. Misty -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Adding domain user as local administrator
Hi, I've noticed that if I add a domain user as a local administrator on the client system (WinXP logging into Samba 3.0.7 domain) they seem to have less local rights than a local user as a local administrator. Is this a Windows thing or is this something to do with Samba? Thanks, Misty -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] %D returning machine name instead of domain/workgroup
I have a samba 3.0.8pre2 server in a "standalone server" mode which is replacing %D with the server's netbios name instead of workgroup. I tested this with a root preexec script and connecting to that share from a remote client in the same workgroup. Is this expected? Would %D only be replaced with the domain/workgroup name if the server were a PDC, BDC or domain member server? -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[samba] uid not being set
Hi, Does anybody know what causes this to happen? (not setting uid) [2004/11/03 15:54:30, 1] smbd/service.c:make_connection_snum(648) d-conway-lap (157.228.35.236) connect to service profiles initially as user ws0dwi (uid=186712, gid=513) (pid 6500) [2004/11/03 15:54:30, 0] lib/util_sec.c:assert_uid(95) Failed to set uid privileges to (-1,186712) now set to (0,0) [2004/11/03 15:54:30, 0] lib/util.c:smb_panic2(1381) PANIC: failed to set uid [2004/11/03 15:54:30, 0] lib/util.c:smb_panic2(1389) BACKTRACE: 22 stack frames: #0 /usr/local/sbin/smbd(smb_panic2+0x18c) [0x8193e16] #1 /usr/local/sbin/smbd(smb_panic+0x10) [0x8193c88] #2 /usr/local/sbin/smbd [0x819806d] #3 /usr/local/sbin/smbd(set_effective_uid+0x1e) [0x81981bc] #4 /usr/local/sbin/smbd [0x80b58a8] #5 /usr/local/sbin/smbd [0x80b5952] #6 /usr/local/sbin/smbd(pop_sec_ctx+0xf1) [0x80b61a7] #7 /usr/local/sbin/smbd(unbecome_root+0xb) [0x80aecdf] #8 /usr/local/sbin/smbd(local_uid_to_sid+0xfa) [0x816a56c] #9 /usr/local/sbin/smbd(uid_to_sid+0x122) [0x8171209] #10 /usr/local/sbin/smbd [0x80ba4e7] #11 /usr/local/sbin/smbd(get_nt_acl+0x291) [0x80bdcc2] #12 /usr/local/sbin/smbd(vfswrap_fget_nt_acl+0x14) [0x80b89c9] #13 /usr/local/sbin/smbd [0x809516e] #14 /usr/local/sbin/smbd(reply_nttrans+0x94a) [0x809674f] #15 /usr/local/sbin/smbd [0x80c0b45] #16 /usr/local/sbin/smbd [0x80c0bd7] #17 /usr/local/sbin/smbd(process_smb+0x1c6) [0x80c0ee6] #18 /usr/local/sbin/smbd(smbd_process+0x157) [0x80c1a0e] #19 /usr/local/sbin/smbd(main+0x716) [0x81eb561] #20 /lib/libc.so.6(__libc_start_main+0xce) [0x400d28ae] #21 /usr/local/sbin/smbd(strcpy+0x35) [0x8076a91] [2004/11/03 15:55:42, 1] smbd/service.c:make_connection_snum(648) d-conway-lap (157.228.35.236) connect to service netlogon initially as user ws0dwi (uid=186712, gid=513) (pid 6502) i have read that if your nobody account has a uid of -1 and gid -2 you get this error, however i created a new user and set "guest account = " in smb.conf and this still doesnt fix. I think this could be th answer to my groups not working. -- Daniel Wilson Systems Administrator IT & Communications Service University of Sunderland Unit1 Technology Park Chester Road Sunderland SR2 7PT Tel: 0191 515 2695 This e-mail contains information which is confidential and may be privileged and is for the exclusive use of the recipient. It is the responsibility of the recipient to ensure that this message and its attachments are virus free. Any views or opinions presented are solely those of the author and do not necessarily represent those of the University, unless otherwise specifically stated. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba3 + LDAP - troubles joining domain (have to do it twice)
In case someone was using smbldap-tool 0.85, this change is around line 390, and looks like below (note there is no "$ldap_master->unbind;" and there is "return 1;") - I set it to 15, just in case: Hrm, coulda sworn that I was using 0.85... but I have been wrong before, just once. It should be noted that you should make sure that LDAP is your issue before doing this just so that you aren't masking the real issue. In my case you could watch the LDAP query come through while watching the samba logs and you'd actually see samba asking for the sambaSAMAccount entry before it replicated through to the slave. This sounds like your issue as well if your 'high latency link' is slow enough. If you're running a simple non-replicated setup or if your slave isn't over a high(ish) latency link I'd keep looking for other issues. -- -- Paul GiengerOffice: 701-281-1884 Applied Engineering Inc. Systems Architect Fax:701-281-1322 URL: www.ae-solutions.com mailto: [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba3 + LDAP - troubles joining domain (have to do it twice)
Paul Gienger wrote: The first time I try to join a domain I get an error after about 10-12 seconds, no matter value "ldap replication sleep" has. I have had this happen almost perfectly consistantly on my network. To fix it, I've added a sleep line in the smbldap tools scripts to make it wait. While this isn't foolproof, I get about a 75% success on the first try, probably more if I'd increase the wait. In smbldap_tools.pm, around line 380 I added the sleep line in this snippet: $add->code && warn "failed to add entry: ", $add->error ; # take down the session $ldap_master->unbind; sleep(5); } OK, thanks for the hint, it worked :) In case someone was using smbldap-tool 0.85, this change is around line 390, and looks like below (note there is no "$ldap_master->unbind;" and there is "return 1;") - I set it to 15, just in case: $add->code && warn "failed to add entry: ", $add->error ; # take down the session sleep(15); return 1; } Tomek -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] samba 3.0.2a with windows XP
Hi All, Samba 3.0.2a is installed on Solaris and works fine with windows NT clients, but it doesn't work with windows XP client which complains that the share path can't find. Here is the basic coniguration: workgroup = GLOBAL netbios name = test netbios aliases = test server string = test Samba 3.0.2a interfaces = hme0 bind interfaces only = Yes security = server encrypt passwords = Yes password server = passwd_server log level = 10 preferred master = False local master = No domain master = False wins server = win_server The log file always shows: smbd/process.c:timeout_processing(1337), timeout_processing: End of file from client (client has disconnected) . Dose anybody have ideaes how to solve this? Any possibility that the samba version 3 is not compatible with windows XP? Any help would be appreciated! Thanks, Shirley -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Question on Samba 3.07 compared to 2.2.6
Hi, I was just using samba 3.07 as a file sharing server, but the workstations that use Win 2K was unable to access the shared file (took to long about 10-15 minutes just to view the files) where as workstaions using linux was using the shared file as usual, so we decided to go back to samba 2.26, and it worked for Win 2K, anyone know why this happens, any configuration that i might have missed ?, BTW I'm using basic file sharing server configuration taken straight from the Official Samba howto. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba3 + LDAP - troubles joining domain (have to do it twice)
The first time I try to join a domain I get an error after about 10-12 seconds, no matter value "ldap replication sleep" has. I have had this happen almost perfectly consistantly on my network. To fix it, I've added a sleep line in the smbldap tools scripts to make it wait. While this isn't foolproof, I get about a 75% success on the first try, probably more if I'd increase the wait. In smbldap_tools.pm, around line 380 I added the sleep line in this snippet: $add->code && warn "failed to add entry: ", $add->error ; # take down the session $ldap_master->unbind; sleep(5); } -- -- Paul GiengerOffice: 701-281-1884 Applied Engineering Inc. Systems Architect Fax:701-281-1322 URL: www.ae-solutions.com mailto: [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] error with script on win xp
Hi, i have samba 3.0.7 on debian. My logon.bat script is not run when i log in from a win xp sp1 station. It does from a win 98. When i go on the netlogon share and launch logon.bat i get this error message (translate from french) "\\fs2\netlogon\logon.bat is not a valid win 32 application" (only with win xp sp1). I created a bat file locally on win xp sp1 and run it without problem so i think it's on the samba side. Can someone help me ? here my smb.conf [global] netbios name = FS2 workgroup = DOME #admin users= @"Domain Admins" interfaces=192.168.251.9 #host allow= 192.168.251.0/255.255.255.0 os level = 35 security = user encrypt passwords = yes preferred master = Yes domain master = Yes # * * * * * * * * * * * * * * * * * * * * local master = Yes domain logons = Yes #logon path = \\%N\profiles\%u logon path = \\%L\profiles\%U logon script=logon.bat logon drive = H: logon home = \\%L\home\%U #logon home = \\FS2\%u\winprofile logon home = logon path = \\%L\profiles\%u #* wins support = Yes log file = /var/log/samba/%m.log log level = 5 max log size = 5000 add machine script = /usr/local/sbin/smbldap-useradd -w %u add user script = /usr/sbin/useradd -d /dev/null -g 100 -s /bin/false -M %u #add user script = /usr/local/sbin/smbldap-useradd -m "%u" #add group script = /usr/local/sbin/smbldap-groupadd -p "%g" #add user to group script = /usr/local/sbin/smbldap-groupmod -m "%u" "%g" #delete user from group script = /usr/local/sbin/smbldap-groupmod -x "%u" "%g" #set primary group script = /usr/local/sbin/smbldap-usermod -g "%g" "%u" #delete user script = /usr/local/sbin/smbldap-userdel "%u" #delete group script = /usr/local/sbin/smbldap-groupdel "%g" obey pam restrictions = Yes #** Pour LDAP * passdb backend = ldapsam:ldap://127.0.0.1/ ldap suffix = dc=alsace,dc=iufm,dc=fr ldap admin dn = "cn=admin,dc=alsace,dc=iufm,dc=fr" ldap ssl=no ldap user suffix = ou=People ldap machine suffix = ou=Computers ldap group suffix = ou=Groups #ldap idmap suffix = ou=Users ldap passwd sync = Yes #*** [commun] Comment = commun aux profs et étudiants volume = commun path = /home/samba/fichiers/commun guest ok=yes read only = no writeable = yes #pas de partage visible dans vosinage réseau #browseable = no [compta] comment = fichiers du service comptable path = /home/samba/fichiers/compta public = yes writeable = yes read only = no create mask = 0750 valid users = @compta admin users = @superviseur [prothee] comment = accès à prothee path=/home/samba/fichiers/prothee public = yes writeable = yes read only = no create mask = 0750 guest ok =yes #valid users = "prothee" admin users = @superviseur [homes] valid users=%S read only=no [netlogon] comment = Network Logon Service path = /home/netlogon guest ok = yes read only = no writable = yes #share modes = no [profiles] path = /home/profiles read only = no create mask = 0600 directory mask = 0700 # browseable = No guest ok = Yes profile acls = yes csc policy = disable # next line is a great way to secure the profiles force user = %U # next line allows administrator to access all profiles valid users = %U @"Domain Admins" -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Trust between SAMBA and NT server
My intention is to make NT domain the trusted domain, and SAMBA the trusting domain. I was able to pull off the vice-versa exercise though, that enabled users in the SAMBA domain - the TRUSTED domain - to be able to use the resources of the NT domain - the TRUSTING domain. -Madhu -Original Message- From: Daniel Wilson [mailto:[EMAIL PROTECTED] Sent: Wednesday, November 03, 2004 7:23 PM To: Madhusudan, R Cc: [EMAIL PROTECTED] Subject: Re: [Samba] Trust between SAMBA and NT server Sorry i dont understand you, do you want samba to be the trusted domain or Windows to be the trusted domain? what i told you before was to make samba the trusted domain, so users in the windows domain can access resources in samba domain without entering username and passwords again! Madhusudan, R wrote: >Thanks for the response! > >The inter-domain trust A/C, namely ASNT01$, was created when I tried successfully in >getting the NT domain to trust the SAMBA domain. > >The NT domain is called ASNT01, and COBRA.DOM is SAMBA domain. > >If you think your procedure would help me, then I'd request you >to please make it available. > >-Madhu > >-Original Message- >From: Daniel Wilson [mailto:[EMAIL PROTECTED] >Sent: Wednesday, November 03, 2004 7:03 PM >To: Madhusudan, R >Cc: [EMAIL PROTECTED] >Subject: Re: [Samba] Trust between SAMBA and NT server > > >You need to have an inter-trust user account in samba before you attempt >to add a trust in your windows domain, like this: > >bash# useradd service-domain$ >bash# smbpasswd -a -i service-domain >New SMB password: >retype New SMB password: >Added user systems-domain$. > >if you get stuck i have a wiki detailing how i went about it, it explains for >NT4->2003 domains > >regards > > > >Madhusudan, R wrote: > > > >>FWIW, I'm running SAMBA-3.0.3-5 on Fedora Core 2. >> >>-Madhu >> >>-Original Message- >>From: Madhusudan, R >>Sent: Wednesday, November 03, 2004 6:42 PM >>To: [EMAIL PROTECTED] >>Subject: [Samba] Trust between SAMBA and NT server >> >> >>Hello, >> >>I'm having problems getting the SAMBA domain to trust an NT domain. The following is >>how I went about the exercise: >> >>1. On the NT domain, I added the SAMBA domain A/C in the TRUSTING DOMAINS list, >>providing a certain password. >>2. On the SAMBA domain, I executed the following command feeding the same password >>given in step 1, but without >>success: >> >>[EMAIL PROTECTED] root]# net rpc trustdom establish asnt01 >>Password: >>Could not connect to server ASNT1 >>[2004/11/03 17:43:37, 0] rpc_parse/parse_prs.c:prs_mem_get(530) >> prs_mem_get: reading data of size 4 would overrun buffer. >>[2004/11/03 17:43:37, 0] utils/net_rpc.c:rpc_trustdom_establish(3035) >> WksQueryInfo call failed. >>[EMAIL PROTECTED] root]# >> >>Any ideas as to what the problem is? I was able to get the NT domain to trust the >>SAMBA domain though. >> >>Given below is the SMB.CONF contents: >> >>[global] >> >> workgroup = COBRA.DOM >> netbios name = COBRA >> server string = Samba Server >> printcap name = /etc/printcap >> load printers = yes >> log file = /var/log/samba/%m.log >> max log size = 50 >> security = user >> socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 >> domain master = yes >> domain logons = yes >> wins server = 16.138.244.55 >> dns proxy = no >> admin users = madhu >> >>[homes] >> comment = Home Directories >> read only = No >> browseable = No >> >>[netlogon] >> comment = Network Logon Service >> path = /usr/lib/samba/netlogon >> guest ok = Yes >> share modes = No >> >>[printers] >> comment = All Printers >> path = /var/spool/samba >> printable = Yes >> browseable = No >>- >>Regards, >>Madhu >> >> >> >> >> > > > > -- Daniel Wilson Systems Administrator IT & Communications Service University of Sunderland Unit1 Technology Park Chester Road Sunderland SR2 7PT Tel: 0191 515 2695 This e-mail contains information which is confidential and may be privileged and is for the exclusive use of the recipient. It is the responsibility of the recipient to ensure that this message and its attachments are virus free. Any views or opinions presented are solely those of the author and do not necessarily represent those of the University, unless otherwise specifically stated. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Trust between SAMBA and NT server
Sorry i dont understand you, do you want samba to be the trusted domain or Windows to be the trusted domain? what i told you before was to make samba the trusted domain, so users in the windows domain can access resources in samba domain without entering username and passwords again! Madhusudan, R wrote: Thanks for the response! The inter-domain trust A/C, namely ASNT01$, was created when I tried successfully in getting the NT domain to trust the SAMBA domain. The NT domain is called ASNT01, and COBRA.DOM is SAMBA domain. If you think your procedure would help me, then I'd request you to please make it available. -Madhu -Original Message- From: Daniel Wilson [mailto:[EMAIL PROTECTED] Sent: Wednesday, November 03, 2004 7:03 PM To: Madhusudan, R Cc: [EMAIL PROTECTED] Subject: Re: [Samba] Trust between SAMBA and NT server You need to have an inter-trust user account in samba before you attempt to add a trust in your windows domain, like this: bash# useradd service-domain$ bash# smbpasswd -a -i service-domain New SMB password: retype New SMB password: Added user systems-domain$. if you get stuck i have a wiki detailing how i went about it, it explains for NT4->2003 domains regards Madhusudan, R wrote: FWIW, I'm running SAMBA-3.0.3-5 on Fedora Core 2. -Madhu -Original Message- From: Madhusudan, R Sent: Wednesday, November 03, 2004 6:42 PM To: [EMAIL PROTECTED] Subject: [Samba] Trust between SAMBA and NT server Hello, I'm having problems getting the SAMBA domain to trust an NT domain. The following is how I went about the exercise: 1. On the NT domain, I added the SAMBA domain A/C in the TRUSTING DOMAINS list, providing a certain password. 2. On the SAMBA domain, I executed the following command feeding the same password given in step 1, but without success: [EMAIL PROTECTED] root]# net rpc trustdom establish asnt01 Password: Could not connect to server ASNT1 [2004/11/03 17:43:37, 0] rpc_parse/parse_prs.c:prs_mem_get(530) prs_mem_get: reading data of size 4 would overrun buffer. [2004/11/03 17:43:37, 0] utils/net_rpc.c:rpc_trustdom_establish(3035) WksQueryInfo call failed. [EMAIL PROTECTED] root]# Any ideas as to what the problem is? I was able to get the NT domain to trust the SAMBA domain though. Given below is the SMB.CONF contents: [global] workgroup = COBRA.DOM netbios name = COBRA server string = Samba Server printcap name = /etc/printcap load printers = yes log file = /var/log/samba/%m.log max log size = 50 security = user socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 domain master = yes domain logons = yes wins server = 16.138.244.55 dns proxy = no admin users = madhu [homes] comment = Home Directories read only = No browseable = No [netlogon] comment = Network Logon Service path = /usr/lib/samba/netlogon guest ok = Yes share modes = No [printers] comment = All Printers path = /var/spool/samba printable = Yes browseable = No - Regards, Madhu -- Daniel Wilson Systems Administrator IT & Communications Service University of Sunderland Unit1 Technology Park Chester Road Sunderland SR2 7PT Tel: 0191 515 2695 This e-mail contains information which is confidential and may be privileged and is for the exclusive use of the recipient. It is the responsibility of the recipient to ensure that this message and its attachments are virus free. Any views or opinions presented are solely those of the author and do not necessarily represent those of the University, unless otherwise specifically stated. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Question about size folder
Hi everybody Does somebody know if it's possible to send a email when a folder has a specific size? thanks Bart -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Trust between SAMBA and NT server
Thanks for the response! The inter-domain trust A/C, namely ASNT01$, was created when I tried successfully in getting the NT domain to trust the SAMBA domain. The NT domain is called ASNT01, and COBRA.DOM is SAMBA domain. If you think your procedure would help me, then I'd request you to please make it available. -Madhu -Original Message- From: Daniel Wilson [mailto:[EMAIL PROTECTED] Sent: Wednesday, November 03, 2004 7:03 PM To: Madhusudan, R Cc: [EMAIL PROTECTED] Subject: Re: [Samba] Trust between SAMBA and NT server You need to have an inter-trust user account in samba before you attempt to add a trust in your windows domain, like this: bash# useradd service-domain$ bash# smbpasswd -a -i service-domain New SMB password: retype New SMB password: Added user systems-domain$. if you get stuck i have a wiki detailing how i went about it, it explains for NT4->2003 domains regards Madhusudan, R wrote: >FWIW, I'm running SAMBA-3.0.3-5 on Fedora Core 2. > >-Madhu > >-Original Message- >From: Madhusudan, R >Sent: Wednesday, November 03, 2004 6:42 PM >To: [EMAIL PROTECTED] >Subject: [Samba] Trust between SAMBA and NT server > > >Hello, > >I'm having problems getting the SAMBA domain to trust an NT domain. The following is >how I went about the exercise: > >1. On the NT domain, I added the SAMBA domain A/C in the TRUSTING DOMAINS list, >providing a certain password. >2. On the SAMBA domain, I executed the following command feeding the same password >given in step 1, but without >success: > >[EMAIL PROTECTED] root]# net rpc trustdom establish asnt01 >Password: >Could not connect to server ASNT1 >[2004/11/03 17:43:37, 0] rpc_parse/parse_prs.c:prs_mem_get(530) > prs_mem_get: reading data of size 4 would overrun buffer. >[2004/11/03 17:43:37, 0] utils/net_rpc.c:rpc_trustdom_establish(3035) > WksQueryInfo call failed. >[EMAIL PROTECTED] root]# > >Any ideas as to what the problem is? I was able to get the NT domain to trust the >SAMBA domain though. > >Given below is the SMB.CONF contents: > >[global] > > workgroup = COBRA.DOM > netbios name = COBRA > server string = Samba Server > printcap name = /etc/printcap > load printers = yes > log file = /var/log/samba/%m.log > max log size = 50 > security = user > socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 > domain master = yes > domain logons = yes > wins server = 16.138.244.55 > dns proxy = no > admin users = madhu > >[homes] >comment = Home Directories >read only = No >browseable = No > >[netlogon] >comment = Network Logon Service >path = /usr/lib/samba/netlogon >guest ok = Yes >share modes = No > >[printers] >comment = All Printers >path = /var/spool/samba >printable = Yes >browseable = No >- >Regards, >Madhu > > > -- Daniel Wilson Systems Administrator IT & Communications Service University of Sunderland Unit1 Technology Park Chester Road Sunderland SR2 7PT Tel: 0191 515 2695 This e-mail contains information which is confidential and may be privileged and is for the exclusive use of the recipient. It is the responsibility of the recipient to ensure that this message and its attachments are virus free. Any views or opinions presented are solely those of the author and do not necessarily represent those of the University, unless otherwise specifically stated. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Problem with smbmount
Jerome Tytgat wrote: >> >> Does something like the following work for you: >> >> mount -t smbfs -o username=user1,password=xxx,uid=0,gid=0,dmask=770 >> //server/Archive /mnt/server/archive it works for the mount point but not for any folder inside. Thanks anyway >> >> Christian >> try adding "fmask=770" as well Christian -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Trust between SAMBA and NT server
You need to have an inter-trust user account in samba before you attempt to add a trust in your windows domain, like this: bash# useradd service-domain$ bash# smbpasswd -a -i service-domain New SMB password: retype New SMB password: Added user systems-domain$. if you get stuck i have a wiki detailing how i went about it, it explains for NT4->2003 domains regards Madhusudan, R wrote: FWIW, I'm running SAMBA-3.0.3-5 on Fedora Core 2. -Madhu -Original Message- From: Madhusudan, R Sent: Wednesday, November 03, 2004 6:42 PM To: [EMAIL PROTECTED] Subject: [Samba] Trust between SAMBA and NT server Hello, I'm having problems getting the SAMBA domain to trust an NT domain. The following is how I went about the exercise: 1. On the NT domain, I added the SAMBA domain A/C in the TRUSTING DOMAINS list, providing a certain password. 2. On the SAMBA domain, I executed the following command feeding the same password given in step 1, but without success: [EMAIL PROTECTED] root]# net rpc trustdom establish asnt01 Password: Could not connect to server ASNT1 [2004/11/03 17:43:37, 0] rpc_parse/parse_prs.c:prs_mem_get(530) prs_mem_get: reading data of size 4 would overrun buffer. [2004/11/03 17:43:37, 0] utils/net_rpc.c:rpc_trustdom_establish(3035) WksQueryInfo call failed. [EMAIL PROTECTED] root]# Any ideas as to what the problem is? I was able to get the NT domain to trust the SAMBA domain though. Given below is the SMB.CONF contents: [global] workgroup = COBRA.DOM netbios name = COBRA server string = Samba Server printcap name = /etc/printcap load printers = yes log file = /var/log/samba/%m.log max log size = 50 security = user socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 domain master = yes domain logons = yes wins server = 16.138.244.55 dns proxy = no admin users = madhu [homes] comment = Home Directories read only = No browseable = No [netlogon] comment = Network Logon Service path = /usr/lib/samba/netlogon guest ok = Yes share modes = No [printers] comment = All Printers path = /var/spool/samba printable = Yes browseable = No - Regards, Madhu -- Daniel Wilson Systems Administrator IT & Communications Service University of Sunderland Unit1 Technology Park Chester Road Sunderland SR2 7PT Tel: 0191 515 2695 This e-mail contains information which is confidential and may be privileged and is for the exclusive use of the recipient. It is the responsibility of the recipient to ensure that this message and its attachments are virus free. Any views or opinions presented are solely those of the author and do not necessarily represent those of the University, unless otherwise specifically stated. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Sharing a Samba Share?
hello sir I would like to know how to shar a file or a folder from SOLARIS. Because we are running One Application server in Solaris. After starting the service one log file will be created & all the developer will refer that log file for errors. So i want to share that file so that all the developers can acces that file & i want to give only read acces to the developer. All the developers are using WINDOWS 2000 Professional. Please give me some suggestions. Thanks & Regards Sanjeev -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Trust between SAMBA and NT server
FWIW, I'm running SAMBA-3.0.3-5 on Fedora Core 2. -Madhu -Original Message- From: Madhusudan, R Sent: Wednesday, November 03, 2004 6:42 PM To: [EMAIL PROTECTED] Subject: [Samba] Trust between SAMBA and NT server Hello, I'm having problems getting the SAMBA domain to trust an NT domain. The following is how I went about the exercise: 1. On the NT domain, I added the SAMBA domain A/C in the TRUSTING DOMAINS list, providing a certain password. 2. On the SAMBA domain, I executed the following command feeding the same password given in step 1, but without success: [EMAIL PROTECTED] root]# net rpc trustdom establish asnt01 Password: Could not connect to server ASNT1 [2004/11/03 17:43:37, 0] rpc_parse/parse_prs.c:prs_mem_get(530) prs_mem_get: reading data of size 4 would overrun buffer. [2004/11/03 17:43:37, 0] utils/net_rpc.c:rpc_trustdom_establish(3035) WksQueryInfo call failed. [EMAIL PROTECTED] root]# Any ideas as to what the problem is? I was able to get the NT domain to trust the SAMBA domain though. Given below is the SMB.CONF contents: [global] workgroup = COBRA.DOM netbios name = COBRA server string = Samba Server printcap name = /etc/printcap load printers = yes log file = /var/log/samba/%m.log max log size = 50 security = user socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 domain master = yes domain logons = yes wins server = 16.138.244.55 dns proxy = no admin users = madhu [homes] comment = Home Directories read only = No browseable = No [netlogon] comment = Network Logon Service path = /usr/lib/samba/netlogon guest ok = Yes share modes = No [printers] comment = All Printers path = /var/spool/samba printable = Yes browseable = No - Regards, Madhu -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Problem with smbmount
>> >> Does something like the following work for you: >> >> mount -t smbfs -o username=user1,password=xxx,uid=0,gid=0,dmask=770 >> //server/Archive /mnt/server/archive it works for the mount point but not for any folder inside. Thanks anyway >> >> Christian >> -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Trust between SAMBA and NT server
Hello, I'm having problems getting the SAMBA domain to trust an NT domain. The following is how I went about the exercise: 1. On the NT domain, I added the SAMBA domain A/C in the TRUSTING DOMAINS list, providing a certain password. 2. On the SAMBA domain, I executed the following command feeding the same password given in step 1, but without success: [EMAIL PROTECTED] root]# net rpc trustdom establish asnt01 Password: Could not connect to server ASNT1 [2004/11/03 17:43:37, 0] rpc_parse/parse_prs.c:prs_mem_get(530) prs_mem_get: reading data of size 4 would overrun buffer. [2004/11/03 17:43:37, 0] utils/net_rpc.c:rpc_trustdom_establish(3035) WksQueryInfo call failed. [EMAIL PROTECTED] root]# Any ideas as to what the problem is? I was able to get the NT domain to trust the SAMBA domain though. Given below is the SMB.CONF contents: [global] workgroup = COBRA.DOM netbios name = COBRA server string = Samba Server printcap name = /etc/printcap load printers = yes log file = /var/log/samba/%m.log max log size = 50 security = user socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 domain master = yes domain logons = yes wins server = 16.138.244.55 dns proxy = no admin users = madhu [homes] comment = Home Directories read only = No browseable = No [netlogon] comment = Network Logon Service path = /usr/lib/samba/netlogon guest ok = Yes share modes = No [printers] comment = All Printers path = /var/spool/samba printable = Yes browseable = No - Regards, Madhu -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Samba3 + LDAP - troubles joining domain (have to do it twice)
Hello, I have the following test setup: 1) Samba3 + slave OpenLDAP - the same PC, win2k in same LAN 2) OpenLDAP master OpenLDAP slave and master are divided by a rather slow internet VPN link. Whenever I want to add a PC to a domain, I have to do it twice - with first time I get an error on a client side, second join is successful. I guess it's because master and slave are divided by slow link, and it takes some time to replicate from a master to slave, too, and it all confuses Samba as it can't find a username (machine name) it just added. I tried setting "ldap replication sleep", started with 5000, and tried setting it as high as 10, but it didn't help. The only consequence of setting "ldap replication sleep = 10" is that I have to wait a couple of minutes before it joins the domain when I try to do it for the second time (and succeeds). With "ldap replication sleep = 5000", it joins the domain in about 15 secs (when I join the domain for the second time). The first time I try to join a domain I get an error after about 10-12 seconds, no matter value "ldap replication sleep" has. I use smbldap-tools 0.85 for adding users/machines. Any clue? Tomek -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] configure with ldap and ads
i think you have to install libldap2-dev (ldap.h is in this package) Hope that help you debian a écrit : hello, I want to configure my samba with ads support and for that i need ldap support. when i compile i get: configure: error: ldap.h is needed for LDAP support. what do i have to install further more ? grtz. Ph. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Idmap_ad troubleshooting assistance
I have Samba 3.0.7 installed and running in security = ADS mode and I've built and installed the Idmap_ad backend according to the instructions. Group lookups seem to work fine, but getent passwd and id functions fail with the message - ad_idmap_get_id_from_sid: ads_pull_uint32 : could not read attribute 'gidNumber'. If I manually run an ldap query against Active Directory the attribute shows up just fine in either root's or a user's context using GSSAPI. I've extended the AD schema using MKSADplugins and I'm using the RFC2307 schema style. Any suggestions on troubleshooting this problem would be greatly appreciated. Additional info - I'm in Active Directory 2003 in Native Mode. Samba is built with local installations of kerberos and openssl to get around deficiencies in the system versions. The platforms are Red Hat Enterprise Linux AS 3.0, Fedora Core 2 x86_64 and Sun SPARC Solaris 8. I'll gladly supply neutered copies of configuration files, log files and ldap searches, but I think the ability to crank up the logging level of the ldap retrieval functions would be more valuable. Thanks, Scott -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] SAMBA - Access control to printer sharings
Hi you all! I am mantaining a few printer severs using Samba 2.2.8 on a WinNT domain. I've got some disk sharings controlled by 'read list' and 'write list', limiting some groups. It worked just fine. But now I need to get only one group printing on a printer sharing and everybody else must be rejected. As I said, people are logging in a WinNT Server. So that's the main part of the global section: [global] workgroup = DOMINIO security = server password server = winnt encrypt passwords = yes And my printers section is like this: [printers] guest ok = yes browseable = no writable = no printable = yes printer admin = root print command = /usr/bin/lpr -r -P %p -J"%J" %s lpq command = /usr/bin/lpq -P %p lprm command = /usr/bin/lprm -P %p %j valid users = @docentes You can see that I'm using 'guest ok = yes'. That's just because WinXP and Win2K users can't connect to the printer servers if I don't set this option. The problem is: If I don't set guest ok = yes, nobody using WinXP/2K prints. If I set guest ok = yes, everybody prints. Even if valid users is set to a special group (@docentes for instance). So, what's the right option to get only one group getting access to my printer sharing? Thanks in advance! -- Fabiano Caixeta Duarte Seção Técnica de Informática FEA-RP/USP -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Winbind type email
On Tue, 2004-11-02 at 23:02, Holger Krull wrote: > > Sorry to post this hugely off-topic, but i have no clue where to start. > > We are looking to replace an Exchange server with something with less > > licencing issues, is there a way to use windbind (or winbind-ish > > behaviour) for an email server (ie users authenticate through winbind to > > log on to imap server etc). Look at 'winbind use default domain = yes', to get your e-mail addresses 'sane' (not with domain\ on the front). > cyrus sasl mechanism can be used. Look at option ntlm_server. More particularly, look at the patches here: http://download.samba.org/ftp/unpacked/lorikeet/trunk/patches/ This uses winbind directly and Samba's NTLMSSP implementation. This is more robust than the original cyrus code. Currently Davenport supports NTLM, but not via ntlm_auth, but given their good internal design, it would be trivial to patch. (Just not enough hours in the day yet). Andrew Bartlett -- Andrew Bartlett [EMAIL PROTECTED] Authentication Developer, Samba Teamhttp://samba.org Student Network Administrator, Hawker College [EMAIL PROTECTED] signature.asc Description: This is a digitally signed message part -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Trust between two samba
i increased the debug level and found, that the ntlm password of trusting account is wrong, how can i fix this? check_ntlm_password: Authentication for user [BERLIN$] -> [BERLIN$] FAILED with error NT_STATUS_WRONG_PASSWORD log output [2004/11/03 12:07:56, 5] lib/smbldap.c:smbldap_search(963) smbldap_search: base => [o=munich,dc=foo,dc=org], filter => [(&(&(uid=BERLIN$)(objectClass=sambaSamAccount))(objectclass=sambaSamAccount))], scope => [2] [2004/11/03 12:07:56, 2] passdb/pdb_ldap.c:init_sam_from_ldap(485) init_sam_from_ldap: Entry found for user: BERLIN$ [2004/11/03 12:07:56, 5] passdb/login_cache.c:login_cache_init(41) Opening cache file at /usr/local/samba-3.0.6/var/locks/login_cache.tdb [2004/11/03 12:07:56, 7] passdb/login_cache.c:login_cache_read(83) Looking up login cache for user BERLIN$ [2004/11/03 12:07:56, 7] passdb/login_cache.c:login_cache_read(97) No cache entry found [2004/11/03 12:07:56, 9] passdb/pdb_ldap.c:init_sam_from_ldap(804) No cache entry, bad count = 0, bad time = 0 [2004/11/03 12:07:56, 3] smbd/sec_ctx.c:pop_sec_ctx(386) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2004/11/03 12:07:56, 4] libsmb/ntlm_check.c:ntlm_password_check(322) ntlm_password_check: Checking NT MD4 password [2004/11/03 12:07:56, 3] libsmb/ntlm_check.c:ntlm_password_check(340) ntlm_password_check: NT MD4 password check failed for user BERLIN$ [2004/11/03 12:07:56, 9] passdb/passdb.c:pdb_update_bad_password_count(2277) No bad password attempts. [2004/11/03 12:07:56, 5] auth/auth.c:check_ntlm_password(271) check_ntlm_password: sam authentication for user [BERLIN$] FAILED with error NT_STATUS_WRONG_PASSWORD [2004/11/03 12:07:56, 3] auth/auth_winbind.c:check_winbind_security(80) check_winbind_security: Not using winbind, requested domain [MUNICH] was for this SAM. [2004/11/03 12:07:56, 2] auth/auth.c:check_ntlm_password(312) check_ntlm_password: Authentication for user [BERLIN$] -> [BERLIN$] FAILED with error NT_STATUS_WRONG_PASSWORD [2004/11/03 12:07:56, 5] auth/auth_util.c:free_user_info(1306) attempting to free (and zero) a user_info structure [2004/11/03 12:07:56, 6] lib/util_sock.c:write_socket(449) write_socket(24,114) [2004/11/03 12:07:56, 6] lib/util_sock.c:write_socket(452) write_socket(24,114) wrote 114 [2004/11/03 12:07:56, 3] smbd/process.c:timeout_processing(1332) timeout_processing: End of file from client (client has disconnected). [2004/11/03 12:07:56, 5] lib/gencache.c:gencache_shutdown(88) Closing cache file [2004/11/03 12:07:56, 5] libsmb/namecache.c:namecache_shutdown(79) namecache_shutdown: netbios namecache closed successfully. [2004/11/03 12:07:56, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2004/11/03 12:07:56, 5] auth/auth_util.c:debug_nt_user_token(486) NT user token: (NULL) [2004/11/03 12:07:56, 5] auth/auth_util.c:debug_unix_user_token(505) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2004/11/03 12:07:56, 5] smbd/uid.c:change_to_root_user(295) change_to_root_user: now uid=(0,0) gid=(0,0) [2004/11/03 12:07:56, 2] smbd/server.c:exit_server(571) Closing connections [2004/11/03 12:07:56, 3] smbd/connection.c:yield_connection(69) Yielding connection to [2004/11/03 12:07:56, 3] smbd/connection.c:yield_connection(76) yield_connection: tdb_delete for name failed with error Record does not exist. [2004/11/03 12:07:56, 5] smbd/oplock.c:receive_local_message(107) receive_local_message: doing select with timeout of 1 ms [2004/11/03 12:07:56, 3] smbd/server.c:exit_server(614) Server exit (normal exit) [EMAIL PROTECTED] wrote on 03.11.2004 10:47:26: > hi, > > I want to make trust between two Samba domains BERLIN and MUNICH. I have > setup the trusting accounts on both machines and get the following output: > > BERLIN PDC2 (net rpc trustdom list) > Trusted domains list: > none > Trusting domains list: > MUNICH S-1-5-21-3721446601-1596180916-2001326887 > > BERLIN PDC1 LDAP entry > dn: uid=MUNICH$,sambaDomainName=BERLIN,ou=samba,o=berlin,dc=foo,dc=foo > objectClass: top > objectClass: account > objectClass: posixAccount > objectClass: shadowAccount > objectClass: sambaSAMAccount > uid: MUNICH$ > cn: MUNICH$ > uidNumber: 20254 > gidNumber: 100 > homeDirectory: /dev/null > loginShell: /bin/false > description: Munich > sambaLogonTime: 0 > sambaLogoffTime: 2147483647 > sambaKickoffTime: 2147483647 > sambaPwdMustChange: 2147483647 > sambaAcctFlags: [I ] > sambaSID: S-1-5-21-1097058062-1980963795-1926144585-41510 > sambaPrimaryGroupSID: S-1-5-21-1097058062-1980963795-1926144585-0 > sambaPwdLastSet: 1099396376 > sambaPwdCanChange: 1099396376 > sambaLMPassword: 1D8478A7A4356C1E064C1222EF6B7213 > sambaNTPassword: A81CF52120D8AFF06E2302B63B18C1B3 > > MUNICH PDC (net rpc trustdom list) > Trusted domains list: > none > Trusting domains list: > BERLIN S-1-5-21-1097058062-1980963795-1926144585 > > MUNICH LDAP entry > dn: uid=BERLIN$,s
[Samba] configure with ldap and ads
hello, I want to configure my samba with ads support and for that i need ldap support. when i compile i get: configure: error: ldap.h is needed for LDAP support. what do i have to install further more ? grtz. Ph. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Trust between two samba
hi, I want to make trust between two Samba domains BERLIN and MUNICH. I have setup the trusting accounts on both machines and get the following output: BERLIN PDC2 (net rpc trustdom list) Trusted domains list: none Trusting domains list: MUNICH S-1-5-21-3721446601-1596180916-2001326887 BERLIN PDC1 LDAP entry dn: uid=MUNICH$,sambaDomainName=BERLIN,ou=samba,o=berlin,dc=foo,dc=foo objectClass: top objectClass: account objectClass: posixAccount objectClass: shadowAccount objectClass: sambaSAMAccount uid: MUNICH$ cn: MUNICH$ uidNumber: 20254 gidNumber: 100 homeDirectory: /dev/null loginShell: /bin/false description: Munich sambaLogonTime: 0 sambaLogoffTime: 2147483647 sambaKickoffTime: 2147483647 sambaPwdMustChange: 2147483647 sambaAcctFlags: [I ] sambaSID: S-1-5-21-1097058062-1980963795-1926144585-41510 sambaPrimaryGroupSID: S-1-5-21-1097058062-1980963795-1926144585-0 sambaPwdLastSet: 1099396376 sambaPwdCanChange: 1099396376 sambaLMPassword: 1D8478A7A4356C1E064C1222EF6B7213 sambaNTPassword: A81CF52120D8AFF06E2302B63B18C1B3 MUNICH PDC (net rpc trustdom list) Trusted domains list: none Trusting domains list: BERLIN S-1-5-21-1097058062-1980963795-1926144585 MUNICH LDAP entry dn: uid=BERLIN$,sambaDomainName=MUNICH,ou=samba,o=munich,dc=foo,dc=foo objectClass: top objectClass: account objectClass: posixAccount objectClass: shadowAccount objectClass: sambaSAMAccount uid: BERLIN$ cn: BERLIN$ uidNumber: 20255 gidNumber: 100 homeDirectory: /dev/null loginShell: /bin/false description: Berlin sambaLogonTime: 0 sambaLogoffTime: 2147483647 sambaKickoffTime: 2147483647 sambaPwdMustChange: 2147483647 sambaAcctFlags: [I ] sambaSID: S-1-5-21-3721446601-1596180916-2001326887-41508 sambaPrimaryGroupSID: S-1-5-21-3721446601-1596180916-2001326887-0 sambaPwdLastSet: 1099396363 sambaPwdCanChange: 1099396363 sambaLMPassword: 8A38C8AF81EC51ED27F6F0EF4DF14322 sambaNTPassword: 563AEC08AA9A12AC304A813719EC882D but with "net rpc trustdom establish MUNICH" on BERLIN PDC2 i get the following error: Password: (i typed the password for the root account, on both domains is the same) Could not connect to server PDC1 The username or password was not correct. [2004/11/03 10:27:44, 0] utils/net_rpc.c:rpc_trustdom_establish(3075) Couldn't verify trusting domain account. Error was NT_STATUS_LOGON_FAILURE on the ldapserver i got no error, samba founds the trusting account. both pdc machines uses the same windows 2003 wins server, which is a machine member account of berlin. what i forgot? is there a hint or i have to use another password? thx tom -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Problem with smbmount
Jerome Tytgat wrote: Hello list, Sorry for the reposting, but I think someone may have an idea, I don't think I'm the only one with this kind of problem. I have a problem with my samba shares. I have a server with samba installed on it (3.0.7-Debian). I have workstations under wxp and workstations under linux. I have a common share which looks like this : [Archive] available = yes valid users = user1, user2 comment = Repertoire Archive browseable = yes write list = user1, user2 writable = yes admin users = user1 path = /home/archives user = user1, user2 force user = root I connect my wxp to the share without problem and can read/write. Of course all new files are created under the "root" user as requested by the "force user" option. I can connect my linux to this share using mount -t smbfs -o rw,username=user1,password=xxx //server/Archive /mnt/server/archive, (either using smbmount does the same behaviour) I can do all the read I want, but I can't make any write. It looks like my workstation get confused by the rights. If I go in a directory where the user1 have RW access, I can create a file, and it is automaticllay given to root (according to the option "force user"), but I can't make any write where the user "root" is the owner of the directory. It works well under Windows XP workstation, it does not works under linux workstation (which is a Kanotix/Knoppix/Debian distribution), that's why I think it's a problem with smbmount/mount -t smbfs Any idea ? Thanks Does something like the following work for you: mount -t smbfs -o username=user1,password=xxx,uid=0,gid=0,dmask=770 //server/Archive /mnt/server/archive Christian -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Problem with smbmount
Hello list, Sorry for the reposting, but I think someone may have an idea, I don't think I'm the only one with this kind of problem. I have a problem with my samba shares. I have a server with samba installed on it (3.0.7-Debian). I have workstations under wxp and workstations under linux. I have a common share which looks like this : [Archive] available = yes valid users = user1, user2 comment = Repertoire Archive browseable = yes write list = user1, user2 writable = yes admin users = user1 path = /home/archives user = user1, user2 force user = root I connect my wxp to the share without problem and can read/write. Of course all new files are created under the "root" user as requested by the "force user" option. I can connect my linux to this share using mount -t smbfs -o rw,username=user1,password=xxx //server/Archive /mnt/server/archive, (either using smbmount does the same behaviour) I can do all the read I want, but I can't make any write. It looks like my workstation get confused by the rights. If I go in a directory where the user1 have RW access, I can create a file, and it is automaticllay given to root (according to the option "force user"), but I can't make any write where the user "root" is the owner of the directory. It works well under Windows XP workstation, it does not works under linux workstation (which is a Kanotix/Knoppix/Debian distribution), that's why I think it's a problem with smbmount/mount -t smbfs Any idea ? Thanks -- > Jérôme Tytgat Administrateur Réseau et Sécurité -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Compiling Samba 3.0.7 on FreeBSD 5.2.1
BTQ - Why don't you try the FreeBSD Samba port if it's there. The port provides a configuration screen which allows one to select the desired installation options. [...] Denis Vlasenko wrote: On Wednesday 03 November 2004 04:44, Matt Schwartz wrote: I am desperately seeking help. I get an error related to not being able to find ldap.h when I know that it is there. It is located in my /usr/local/include directory. I have built and installed openldap from the source. When I use ./configure -with-readline=/usr/local, I get an error that libldap cannot be found. How do I compile from the source on samba 3.0.7? What mandatory pre-reqs are there? readline and ldan have nothing in common. Try CFLAGS="-I/usr/local/include" Also, configure --help says: "--with-ldap LDAP support (default yes)" and I'd try --with-ldap=/usr/local, maybe help is not complete. -- vda -- Mit freundlichen Gruessen / With kind regards Daniel S. Haischt | phone:+49 -7032-992909 Grabenstrasse 11| +49 -700-DHAISCHT | fax: +49 -7032-992910 D-71083 Herrenberg | fax2mail: +49 -7032-7999738 GERMANY | cell: +49 -172-7668936 email: [EMAIL PROTECTED] web: http://www.daniel.stefan.haischt.name/ -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Netlogon
Hi, I've just configure my Samba 3.0.7 as a PDC with an LDAP-based backend. Everthing seems fine except that my logon.bat is unable to execute when my users login to their XP. If I manually run //bilbo/netlogon/logon.bat on XP, the script will run without any problems. Is this purely a samba problem or it is due to my ldap configuration? Do I need to include ntconfig.POL in the netlogon directory? If only someone can help as I cannot seem to find any solution. Below is my smb.conf file: [global] workgroup = test netbios name = BILBO #interfaces = 192.168.88.13 #username map = /etc/samba/smbusers #admin users= @"Domain Admins" server string = Samba Server %v security = user encrypt passwords = Yes min passwd length = 3 obey pam restrictions = No ldap passwd sync = Yes #unix password sync = Yes passwd program = /usr/local/sbin/smbldap-passwd -u %u #passwd chat = "Changing password for*\nNew password*" %n\n "*Retype new password*" %n\n" passwd chat = "Changing password for*\nNew password*" %n\n *success* passwd chat debug = Yes #ldap passwd sync = Yes log level = 2 syslog = 0 log file = /var/log/samba/log.%m max log size = 10 name resolve order = wins bcast hosts time server = Yes socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 #mangling method = hash2 Dos charset = 850 Unix charset = ISO8859-1 logon script = logon.bat logon drive = H: logon home = #logon path = logon path = \\%L\profiles\%u domain logons = Yes os level = 65 preferred master = Yes domain master = Yes wins support = Yes passdb backend = ldapsam:ldap://127.0.0.1/ # passdb backend = ldapsam:"ldap://127.0.0.1/ ldap://slave.idealx.com"; # ldap filter = (&(objectclass=sambaSamAccount)(uid=%u)) ldap admin dn = cn=Manager,dc=muvee,dc=com ldap suffix = dc=muvee,dc=com ldap group suffix = ou=Groups ldap user suffix = ou=Users ldap machine suffix = ou=Computers #ldap idmap suffix = ou=Users ldap idmap suffix = ou=Idmap idmap backend = ldap:ldap://127.0.0.1 idmap uid = 1-2 idmap gid = 1-2 map acl inherit = Yes #ldap ssl = start tls add user script = /usr/local/sbin/smbldap-useradd -m "%u" ldap delete dn = Yes delete user script = /usr/local/sbin/smbldap-userdel "%u" add machine script = /usr/local/sbin/smbldap-useradd -w "%u" add group script = /usr/local/sbin/smbldap-groupadd -p "%g" delete group script = /usr/local/sbin/smbldap-groupdel "%g" add user to group script = /usr/local/sbin/smbldap-groupmod -m "%u" "%g" delete user from group script = /usr/local/sbin/smbldap-groupmod -x "%u" "%g" set primary group script = /usr/local/sbin/smbldap-usermod -g "%g" "%u" [netlogon] comment = Network Logon Service path = /var/lib/samba/netlogon guest ok = Yes #locking = No [profiles] comment = Profile Share path = /var/lib/samba/profiles read only = No profile acls = Yes nt acl support = Yes hidden files=desktop.ini hide files = /desktop.ini/ntuser.ini/NTUSER.*/ hide files = /desktop.ini/ hide files = /var/lib/samba/profiles/*/Start\ Menu/Programs/Startup/desktop.ini -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
