Re: [Samba] Trying to find a bottleneck

[Henti Smith]

On Thu, 18 Nov 2004 22:53:05 -0800
Jeff Morrow <[EMAIL PROTECTED]> wrote:


> I then put a roughly 7 MB file on the linux ramdisk 
> and mounted that disk on my windows box via Samba.  I then wrote a
> .bat script on the windows side that copies the file from the linux
> ramdisk to the windows ramdisk over and over again.

I'm a complete newbie, but would using a bigger file not be more accurate. 

Using a 7MB file on a 1Gbit (+- 130Mbit/sec transfer *theoretical*)
is not going to stress the connection. 

My guess would be that the file is transfered without utilizing the line.
and since it's copying back and forth it's est a new connection for each 
transfer.

then again .. I might be completely wrong ;P 


-- 
Henti Smith
[EMAIL PROTECTED]
+27 82 958 2525
http://www.geekware.co.za

DISCLAIMER : 

Unauthorised use of characters, images, sounds, odors, severed limbs, noodles, 
wierd dreams, strange looking fruit, oxygen, and certain parts of Jupiter are 
strictly forbidden.  If I find you violating, or molesting my property in any 
way, I will employ a pair of burly convicts to find you, kidnap you, and 
perform god-awful sexual experiments on you until you lose the ability to sound 
out vowels.  I don't know why you are still reading this, but by doing so you 
have proven that you have far too much time on your hands, and you should go 
plant a tree, or read a book or something.
- http://www.ctrlaltdel-online.com/
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] Trying to find a bottleneck

[Jeff Morrow]

I'm trying to get my network setup as streamlined as possible.  I ran a 
brain-dead-simple speed test of Samba and I'm very confused by the 
results.  Here's my setup:

Fast new WinXP Pro machine
NetGear GA311 gigabit ethernet
  ^
  | dedicated gigabit ethernet line (no switch)
  v
RTL8169 gigabit ethernet
Relatively fast new Debian Linux machine
I set up ramdisks on both machines to ensure that the hard drives were 
not the bottleneck.  I then put a roughly 7 MB file on the linux ramdisk 
and mounted that disk on my windows box via Samba.  I then wrote a .bat 
script on the windows side that copies the file from the linux ramdisk 
to the windows ramdisk over and over again.

On the windows side, the network utilization monitor says that network 
load stays around 25-30%.  It occasionally gets as high as 40%.  CPU 
usage on the windows side is negligible.  On the linux side, top reports 
that smbd is taking about 30% CPU.

I'm confused by the fact that neither network utilization nor CPU usage 
on either computer is getting anywhere near 100%.  I'm wondering if 
there are any config settings I can tweak to get Samba to fill my 
gigabit line more fully.

Thanks alot.
Jeff Morrow
--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

RE: [Samba] segmentation fault

[bensi.bose]

Dear sir,

 Thank u for ur reply.. I found one thing in server that, I had
installed samba two times in my system. One in /etc/samba directory and
another in /usr/local/samba. After this installation one samba is
working perfectly.. Only with one the 'segmentation fault' error message
is coming..

Thanks & Rgds
Bensi Bose T.C.

-Original Message-
From: Sundaram Ramasamy [mailto:[EMAIL PROTECTED]
Sent: Thursday, November 18, 2004 8:12 PM
To: Bensi Bose
Cc: [EMAIL PROTECTED]
Subject: Re: [Samba] segmentation fault

Bensi,


Looks like this is bug in samba 3, we are also having same kind of
problem. lets wait some Samba develpers will address this problem.

-Sundaram



On Thu, 18 Nov 2004 12:40:46 +0530, [EMAIL PROTECTED]
<[EMAIL PROTECTED]> wrote:
>
> Dear sir,
>
> I have configured samba with ads integration and it was working
> perfectly in RedHat Linux 9.0. But Yesterday I changed that
> configuration as simple user level security. But my problem was when I

> run 'smbpasswd' command I am getting one error as 'Segmentation
fault'.
> What I can do to trouble shoot this problem. Kindly reply me as soon
> as possible..
>
> Thanks & Rgds
> Bensi Bose T.C.
> RHCE
>
> Confidentiality Notice
>
> The information contained in this electronic message and any
> attachments to this message are intended for the exclusive use of the
> addressee(s) and may contain confidential or privileged information.
> If you are not the intended recipient, please notify the sender at
Wipro or [EMAIL PROTECTED] immediately and destroy all copies of this
message and any attachments.
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  http://lists.samba.org/mailman/listinfo/samba
>


--
Software Groups (SFG)
http://sfg.homeunix.com



Confidentiality Notice

The information contained in this electronic message and any attachments to 
this message are intended
for the exclusive use of the addressee(s) and may contain confidential or 
privileged information. If
you are not the intended recipient, please notify the sender at Wipro or [EMAIL 
PROTECTED] immediately
and destroy all copies of this message and any attachments.
--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

RE: [Samba] iplanet ldap and samba

[christian merrill]

I am not aware of a good guide that takes iplanet into account.  I am almost
finished working through this with a customer and should hopefully have some
documentation put together soon.  In this case the customer is running
Directory Server 5.2 in a solaris environment with Samba 3.0.7 on RHEL3...my
test environment is using Directory Server 5.2/6.0 on AS 2.1 and Samba 3.0.8
on RHEL3.

In general we have been working off of the official howto's and the idealx
documentation.

Christian

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Behalf Of
synrat
Sent: Wednesday, November 17, 2004 1:50 PM
To: [EMAIL PROTECTED]
Subject: [Samba] iplanet ldap and samba


Is there a good how-to on getting samba to work
with Iplanet LDAP ? I already installed it and started
configuring from bits and pieces I could find with google, but
there're still many things missing. I also found a posting that said
samba schema for Iplanet5 shipped with Samba 3.0.8 isn't up to date.
What would need to be changed ?

Basically I'm looking for a complete walkthrough, modify/import schema,
settings, users to create, etc...

also, is it at all possible to get Samba users authenticated via LDAP or
PAM without having any lm, SSID and other attributes, basically relying
only on successful LDAP bind or PAM success ?

thank you
--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] Samba and UNC Question

[Hendershot, Zach]

Good afternoon,
We have a program that we run on a customer's machine. This program
will essentially run a bash script stored on a network server via samba.
During the execution of this script it runs a variety of Cygwin programs
over the wire. Normally, during our tests and on a variety of other machines
the commands it runs locally are executed very quickly. However, we have
found a few customers who have groups of machines that will run incredibly
slowly, universally the commands that are run take up to 40 times longer to
execute. While examining the network traffic between the machines we see
that the server response times are perfectly acceptable. Also data transfer
rates are within limits. My question is, do you know of any particular
configuration variables or server configuration variables that might lead to
the problems that we are currently seeing? I understand that this might be a
Cygwin problem, but since samba is playing an integral role in the delivery
and coordination between the two machines I though somebody might have seen
something like this before. Thank you very much for any comments you might
have.


Zach Hendershot
/
|  Software Engineer
|  Cranel, Inc.
|  Email: [EMAIL PROTECTED]
\

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] root ownership on some profile files cause login errors

[Justin Zachor]

On a newly migrated profile (migrated onto Samba server, from local) 
some files/dirs get root ownership.

How can I stop this from happening, without having to manually adjust 
the permissions?  Should I use "force create mode = 0600" or "force 
directory mode = 0700"? If so, then where?

For example
drwx--2 root   daemon4096 Nov 12 14:58 S-1-5-21-515...
"Windows cannot copy file \\netapp\profiles\user\Application
Data\Microsoft\Protect\S-1-5-21-515...\ to location C:\Documents and
Settings\user.FOOBAR\Application
Data\Microsoft\Protect\S-1-5-21-515...\. Contact your network
administrator.
DETAIL - Access is denied."
"Windows cannot load the profile and is logging you on with a
temporary profile. Changes you make to this profile will be lost when
you log off."
smb.conf--
[global]
# -- BEGIN PDC --
domain logons = yes
logon path = \\netapp\profiles\%u
logon drive = H:
logon home = \\netapp\%u\.winprofile
logon script = logon.bat
add user to group script = /usr/sbin/usermod -G %g %u
add machine script = /usr/sbin/adduser --firstuid 9001 \
--lastuid 9500 \
--gid 9000 --home /dev/null --shell /bin/false \
--no-create-home \
--disabled-password --gecos "%u Samba Machine Account" \
--force-badname %u
admin users = @ntadmins
workgroup = FOOBAR
# -- END PDC --
invalid users = root
 (many misc settings here -- omitted for ease of reading)
[netlogon]
comment = Network Logon Service
browseable = no
path = /var/lib/samba/netlogon
read only = yes
write list = @ntadmins
#[profiles]
#path = /var/lib/samba/profiles # path = /netapp/profiles ???
#read only = no
#create mask = 0600
#directory mask = 0700
[homes]
   comment = Home Directories
   browseable = no
   force create mode = 0755
   force directory mode = 0755
   writable = yes

Thanks in advance
JAZ
==
--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Recycle VFS Second Pair of Eyes

[Holger Krull]

[infosys]
vfs objects = recycle
recycle:repository = .recycle/%U
recycle:keeptree = Yes
recycle:touch = Yes
recycle:versions = Yes
recycle:exclude = *.tmp *.temp *.~??
recycle:excludedir = /tmp /temp /cache
recycle:maxsize = 0
i can see no error.
Does smbd -b |grep recycle 
give
vfs_recycle_init ?
--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] why does samba need "anonymous access enabled" on windows to join AD server?

[Jason V. Mock]

 DId you ever come across an answer?

JVM
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] Recycle VFS Second Pair of Eyes

[Tim Hodgkinson]

Here is my set up:

 

Fedora Core 2

Samba 3.0.7

 

Smb.conf:

 

[infosys]

comment = Information Systems Drive

path = /home/depts/infosys

valid users = @SSVMTN+it

admin users = @SSVMTN+"Domain Admins"

create mask = 0770

directory mask = 0770

force create mode = 0770

force directory mode = 0770

security mask = 0770

force group = SSVMTN+it

vfs objects = recycle

recycle:repository = .recycle/%U

recycle:keeptree = Yes

recycle:touch = Yes

recycle:versions = Yes

recycle:exclude = *.tmp *.temp *.~??

recycle:excludedir = /tmp /temp /cache

recycle:maxsize = 0

 

Recycle directory:

 

drwxrwxrwx   2 root itWinners 4096 Nov 18 11:36 .recycle

 

The problem is that nothing is going into the .reycle directory. What have I
missed?

 

Cheers,

 

Tim Hodgkinson

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] date/time stamp

[Guillermo]

Hi

ÂIs there any way to reproduce the FTP behavior with Samba 3?

The desired effect is not to respect timestamps from Windows files and
just create them with Samba server date/time stamp when we drag/drop,
copy/paste, cut/paste, old files to a disk share.

We are replacing an FTP server with Samba3, so far it's doing great job,
but this effect is needed (don't ask why please, app requirement)...

regards
Guillermo


-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] (no subject)

[Tim Hodgkinson]

 

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Re: net ads join fails using Red Hat samba 3.0.7-1.3E.1 (Re: Samba 3 as domain member of w2k realm)

[Christian Merrill]

Matt Seitz wrote:
Resending with corrected subject line
Matt Seitz wrote:
R.B. wrote:
i've a problem joining a samba 3.0.7-1.3E.1 in a w2k domain:
[EMAIL PROTECTED] squid]# net ads join -U myuser
myuser's password:
[2004/11/18 13:29:32, 0] utils/net_ads.c:ads_startup(183)
 ads_connect: Program lacks support for encryption type

This appears to be a bug in Red Hat's version of Samba.  See:
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=139668


Red Hat samba versions > 3.0.4 seem to have done a thorough job of 
breaking compatibility with AD's in Native Mode.  It *looks* like this 
is fixed in 3.0.8 which we have not yet released as a supported RH 
package.  Reviewing your configs may be worthwhile as you might be 
encountering other problems -- also in some cases it is required to 
reset the domain admin password and select the account to "Use DES 
encryption types for this account".  Otherwise you can test with 3.0.8 
(the RH9 rpm made available via samba.org does install without issue on 
RHEL3), but keep in mind that it is not officially supported by RH at 
this point in time.

Christian
--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] Re: net ads join fails using Red Hat samba 3.0.7-1.3E.1 (Re: Samba 3 as domain member of w2k realm)

[Matt Seitz]

Resending with corrected subject line
Matt Seitz wrote:
R.B. wrote:
i've a problem joining a samba 3.0.7-1.3E.1 in a w2k domain:
[EMAIL PROTECTED] squid]# net ads join -U myuser
myuser's password:
[2004/11/18 13:29:32, 0] utils/net_ads.c:ads_startup(183)
 ads_connect: Program lacks support for encryption type

This appears to be a bug in Red Hat's version of Samba.  See:
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=139668


--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Connecting Suse9.2 to Samba shares in a windows network

[Michael Kelly]

Sounds good. I have looked at the [homes] share in samba but have not
implemented it. I will do some research on that ans await the info from
your smb.conf tomorrow. 
 
Thanks again 
Michael Kelly 
 
>>><[EMAIL PROTECTED]> 11/18 9:54 am >>> 
 
Michael Kelly <[EMAIL PROTECTED]> wrote : 
 
 
>Hi and thank you for your reply, 
 
>  
 
>I am reasonably knowledgeably about Linux. I tried using fstab as
kindof 
 
>a last resort, almost something you know is not going to work, but you 
 
>do it anyway out of frustration. 
 
 
Yup.. been there done that... 
 
 
>  
 
>I will explain a little further. 
 
>  
 
>The users who will be testing the Linux Workstations also have Windows 
 
>workstations, not dual boot, but a different machine. While on Windows,

 
>these users My Documents directories are stored on the file server. To 
 
>the user, all data appearing to be stored in the local My Documents 
 
>directory is actually on the file server. When the user logs into their

 
>Windows workstation they are connected to their My Documents directory 
 
>on the Samba file server by means of their username. I do not have 
 
>access to the smb.conf at this moment, but from what I remember this is

 
>the share definition to achieve to above. 
 
 
Okay... makes perfect sense now! 
 
1 - Create user accounts for all of your users on the linux stations 
 
2 - Create a 'My Documents' directory on each account 
 
3 - There is a smba share command that allows users to map directly to
their own account. I think it is the [homes] share. 
 
 
There is a Craig Hunt Publishers book on Samba. This is one of the
better ones out there. I am away from my home network, but I can send
the link from my smb.conf file when I return home tomorrow. But I think
the above will work. No scripts, just edits to your smb.conf file should
do it. 
 
 
This is what I suspected you wanted to do. Thank you for verifying. 
 
 
Joe 
 

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Empty Network Neighborhood"

[Andreas]

On Thu, Nov 18, 2004 at 09:50:16PM +0300, Peter Volkov Alexandrovich wrote:
> Hello.
> 
> My problem is not samba realted, but I might hope that it can help me to 
> solve 
> it.
> 
> Our network is about 200 users. Some of them are using windows. But today 
> Network Neighborhood on all computers became empty. I've tried smbtree and 
> its listing is empty too. If I enable -d10 I can see in the last string:
> "Unable to find master browser by broadcast"
> 
> The only idea I have, some one have configured samba server, and so it may 
> become master browser and then closed by bad firewall rules. But how can I 
> inspect this?

You can try forcing an election and monitoring network traffic to see who
participates and wins.

smbcontrol nmbd force-election

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] Re: winbind: authenticating UNIX user before Win Domain user

[Matt Seitz]

Luke Mewburn wrote:
 > I have the same requirement; except samba can't currently do this.  See:
  http://lists.samba.org/archive/samba/2004-October/094981.html
I implemented a "trim default domain" option and provided a patch in:
  http://www.dragoninc.on.ca/mail-archives/samba-technical/2004-10/0342.html
What about the following scenario?
1.  User1 is not in NIS.
2.  DOMAIN\User1 logs into Samba
3.  Winbind creates UID for User1
4.  NIS administrator then adds User1 to NIS
It appears you could end up with conflicting UIDs for User1, unless Winbind 
automatically added the user to NIS at the same time.

--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] Samba 3.0.8 - Unable to login/logon from Windows 2003 or CIFS

[James MacLean]

Hi Folks,
Recently (I believe since recent 3.0.x releases), I have been unable to 
login to a Samba instance using CIFS (Linux mount) or Windows 2003. If I 
change the smb.conf from:

security = server
to
security = user
I _can_ login again fine. The NT PDC always replies with 
NT_STATUS_LOGON_FAILURE. It's event viewer shows that the proper 
username is being used, but that the password is not correct.

Logging in with smbclient or 2000 or XP is fine, although possibly slow 
as if it is trying one way, failing then trying another.

Always failing at auth/auth_server.c:check_smbserver_security(363).
I'm usually not too bad at digging in and at least having a clue with 
these problems, but this time I am lost. Did Google searches, looked at 
the archives and although I saw similar problems, they where either 
fixed with something that didn't work here, or the question was not 
answered :(.

Any help, even to look at something obvious, appreciated,
JES
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] Empty Network Neighborhood"

[Peter Volkov Alexandrovich]

Hello.

My problem is not samba realted, but I might hope that it can help me to solve 
it.

Our network is about 200 users. Some of them are using windows. But today 
Network Neighborhood on all computers became empty. I've tried smbtree and 
its listing is empty too. If I enable -d10 I can see in the last string:
"Unable to find master browser by broadcast"

The only idea I have, some one have configured samba server, and so it may 
become master browser and then closed by bad firewall rules. But how can I 
inspect this?

Thank you in advance,
___
Peter.

P.S. Our network enviroment, do not allow me to see what is running on users 
computers. They can do with their computers, whatever they want.
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] Re: share names longer than 12 characters

[Matt Seitz]

Kristof Van Landschoot wrote:
The problem is this: using smbclient -L, the
shares are just not listed.  
This is a known limitation, but there is a workaround.  See:
https://bugzilla.samba.org/show_bug.cgi?id=1629
--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] net ads joing fails using Red Hat samba 3.0.7-1.3E.1 (Re: Samba 3 as domain member of w2k realm)

[Matt Seitz]

R.B. wrote:
i've a problem joining a samba 3.0.7-1.3E.1 in a w2k domain:
[EMAIL PROTECTED] squid]# net ads join -U myuser
myuser's password:
[2004/11/18 13:29:32, 0] utils/net_ads.c:ads_startup(183)
 ads_connect: Program lacks support for encryption type
This appears to be a bug in Red Hat's version of Samba.  See:
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=139668
--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] Trouble compiling / using mysql plugin on FreeBSD 4.8

[Mitch (Bitblock)]

I was following docs from
http://ftp.easynet.be/samba/docs/man/Samba-HOWTO-Collection/passdb.html#mysq
lsam
But I’m stumped…

I’m running FreeBSD 4.8, and need to create a mapped relationship between
SOME windows users and SOME freebsd users…
I got Samba 3.0.8 running based on :
./configure --with-krb5=/usr/heimdal
And everything works if I manually add matching Windows usernames to my
etc/passwd, so on to the next step – using the mysql.so to create the
mapping.

The docs are a little sketchy, but I think I can do this right?

After reading the above doc didn’t help, I did some googling and tried:
./configure --with-krb5=/usr/heimdal --with-mysql-prefix=/usr/local/db/mysql
--with-expsam=mysql
Which doesn’t work as I think it starts to build pieces of nss_switch or
winbind, which don’t work on FreeBSD 4.8

After more reading I saw someone reference manually running:
make bin/pdb_mysql.so
But this didn’t work either… 

After much experimentation and reading of Makefile I did this:
make passdb/pdb_mysql.o
make bin/mysql.so
cp /home/sysop/wce-install/samba-3.0.8/source/bin/mysql.so
/usr/local/samba/lib

So it seems the name has changed from pdb_mysql.so to mysql.so?
However I’m still getting:
[2004/11/18 00:22:07, 0] passdb/pdb_interface.c:make_pdb_methods_name(664)
  No builtin nor plugin backend for mysql found
[2004/11/18 00:22:07, 1] passdb/pdb_interface.c:make_pdb_context_list(765)
  Loading mysql:mom failed!
My config looks like this – I tried them one at a time of course…:
passdb backend = plugin:/usr/local/samba/lib/mysql.so:mom
passdb backend = mysql:mom

I also tried:
passdb backend = mysql:/usr/local/samba/lib/mysql.so:mom
and got: 
[2004/11/18 00:33:33, 0] lib/module.c:do_smb_load_module(57)
  Error trying to resolve symbol 'init_module' in
/usr/local/samba/lib/mysql.so: Undefined symbol "init_module"

I also tried renaming mysql.so to pdb_mysql.so

When I copied mysql.so to /usr/local/samba/lib/pdb/mysql.so I got this
again:
[2004/11/18 00:39:25, 0] lib/module.c:do_smb_load_module(57)
  Error trying to resolve symbol 'init_module' in
/usr/local/samba/lib/pdb/mysql.so: Undefined symbol "init_module"

So I think I must be close with that…. ANY help appreciated…

Thanks!


--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

RE: [Samba] Connecting Suse9.2 to Samba shares in a windows network

[Michael Kelly]

Thank you for your reply Michael, 
 
I will look further into the generalization of my current script. When I
was writing it I was looking at it only for one specific user, and then
once working correctly, hopefully moving it to a more general approach
that used the system to determine the actual user logging in. I will
also check into running it from .profile as well since the more I can
automate the setup of new users the better. 
 
I am glad to see that I may have been on the right track with my script.

 
Thanks again for the ideas 
Michael Kelly 
 
 
>>>Michael Wray <[EMAIL PROTECTED]> 11/18 9:10 am >>> 
 
It seems to me the only more elegant solution would be to make a a mount

 
script that runs from .profile instead.  (This way it can be copied to
their 
 
home directory at user setup.) 
 
you could write a script to do the mounting that used things like the
output 
 
of whoami and the contents of $HOME to determine username and HOME 
 
directories for the mount points, and share names. 
 
combining it with smbpasswd as an authmethod, the server hosting the My 
 
Documents directory could then see when someone was logged in and pre
auth 
 
the mount.  Or you could have it done as a login script on the samba 
 
server. 
 
 
 
-Original Message- 
 
From: [EMAIL PROTECTED] 
 
[mailto:[EMAIL PROTECTED] Behalf Of Michael

 
Kelly 
 
Sent: Thursday, November 18, 2004 11:43 AM 
 
To: [EMAIL PROTECTED] 
 
Subject: [Samba] Connecting Suse9.2 to Samba shares in a windows network

 
 
 
Hi All, 
 
 
Our office is running somes tests by introducing a couple of Linux 
 
workstations into the mix to see how they fair. I am however having some

 
issues connecting these workstations to the shares offered by our Samba 
 
3.02 server. 
 
 
I know that this is not really a samba issue, but I thought I might be 
 
able to get some help here to rectify my problems. I apologize if this 
 
is too far off topic for this list. 
 
 
Here is the setup: 
 
 
It is a basic workgroup network, no domain, with no PDC or anything of 
 
that sort. Authentication for the shares is done simply by having a 
 
macthing username/password on a win2000Pro workstation. The majority of 
 
shares on the server have the SUID and SGID set to a certain user for 
 
simplicity and to resolve the Microsoft Office file locking issues. 
 
However, each user's My Documents directory is a server share that is 
 
accessed automatically by way of the username used on the workstation. I

 
have left out a few details, but they are unimportant. 
 
 
I do not want the users to have to mount any drives themselves on the 
 
Linux workstations so I would like them to be mounted automatically when

 
the user logs in, not at boot time, but login time as these Linux 
 
workstations will be multiuser so will need to mount different My 
 
Documents directories. 
 
 
I have put the share definitions into fstab, but that will not do the My

 
Documents correctly. I have also tried using autofs which works well for

 
the regular shares, but again does not work for My Documents. I have 
 
found info on doing something similar with an NFS filesystem but nothing

 
pertaining to smbfs and what I am trying to do with the My Documents 
 
share 
 
 
I am currently mounting them via a script that is called from .bashrc. 
 
This works, but it just does not seem very elegant and I know that it 
 
can be done better in Linux, I am just not sure how. 
 
 
I would like these tests to pass with flying colors to show the higher 
 
ups that Linux will work as a workstation, but having to write a custom 
 
script for each user to be able to mount the Samba shares will not help 
 
my case. 
 
 
As I said before, I need everything to happen at automatically as any 
 
people that will be working with these Linux workstations are not 
 
computer savy. 
 
 
Thanks for any ideas 
 
Michael Kelly 
 
 
-- 
 
To unsubscribe from this list go to the following URL and read the 
 
instructions:  http://lists.samba.org/mailman/listinfo/samba 

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] Re: SOLVED: More Printing Fun (Point and print not working)

[Michael Lueck]

Jason Balicki wrote:
Now if I can just fix the "printer on x.x.x.x" instead
of "printer on " problem.
1) I saw a posting from someone on the Samba team, maybe Jerry, that this 
was getting fixed.
2) For me it happens when the client box has been up but the server has been 
bounced. Reboot the workstation again and create the printer connections, then 
it is back to normal.
--
Michael Lueck
Lueck Data Systems
Remove the upper case letters NOSPAM to contact me directly.
--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

RE: [Samba] auth against unix accounts

[Jason Balicki]

wolfgang pauli <> wrote:
> I am wondering how I can tell samba to auth against the linux accounts
> without needing to add the users to with "smbpasswd -a username". I
> thought this is easy but I can't make it.

You can't do this very easily.  The reason you need a seperate
user authentication is because the passwords from the windows
clients are sent to the server in hashed ("encrypted") form.
There is no way of reversing this hash to match against the
linux shadow password entry.

So, you have two choices to handle this simply:

1)  Use smbpasswd (recommended, it's not that difficult
to set up and it's worth it.)

2)  Disable encrypted passwords on your windows clients.
I don't even know if this is possible on Win2k and up,
but I don't recommend it at all.  Passwords will be
sent in cleartext over the wire.

HTH,

--J(K)

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Connecting Suse9.2 to Samba shares in a windows network

[Michael Kelly]

Hi and thank you for your reply, 
 
I am reasonably knowledgeably about Linux. I tried using fstab as kindof
a last resort, almost something you know is not going to work, but you
do it anyway out of frustration. 
 
I will explain a little further. 
 
The users who will be testing the Linux Workstations also have Windows
workstations, not dual boot, but a different machine. While on Windows,
these users My Documents directories are stored on the file server. To
the user, all data appearing to be stored in the local My Documents
directory is actually on the file server. When the user logs into their
Windows workstation they are connected to their My Documents directory
on the Samba file server by means of their username. I do not have
access to the smb.conf at this moment, but from what I remember this is
the share definition to achieve to above. 
 
[mydocs] 
  path = /mnt/file_server/mydocs/%u 
  public = no 
  writable = yes 
  browseable = no 
 
What I would like to have happen is when a user moves from their Windows
work station to the Linux workstation they will have access to their My
Documents directory the same as they have it on their Windows
workstation. 
 
I am currently not concerned about making any of the file system on the
Linux workstations available to the Windows systems. We are moving away
from the sharing of documents between individual workstations, it should
all be done via the file server. 
 
I apologize for not being clear enough in my original post. 
 
Thanks for any further suggestions 
Michael Kelly 
 
>>><[EMAIL PROTECTED]> 11/18 9:01 am >>> 
 
Michael Kelly <[EMAIL PROTECTED]> wrote : 
 
 
>Hi All, 
 
> 
 
 
First and foremost, post your smb.conf file. That is the best way for us
to help you. 
 
 
>Our office is running somes tests by introducing a couple of Linux 
 
>workstations into the mix to see how they fair. I am however having
some 
 
>issues connecting these workstations to the shares offered by our Samba

 
>3.02 server. 
 
>  
 
>I know that this is not really a samba issue, but I thought I might be 
 
>able to get some help here to rectify my problems. I apologize if this 
 
>is too far off topic for this list. 
 
 
Sorry.. but it kinda IS a samba issue. :) Trying to get two disparate
(in the case of Windows, desperate?) OS'es to talk is never entirely
easy. 
 
>  
 
>Here is the setup: 
 
>  
 
>It is a basic workgroup network, no domain, with no PDC or anything of 
 
>that sort. Authentication for the shares is done simply by having a 
 
>macthing username/password on a win2000Pro workstation. The majority of

 
>shares on the server have the SUID and SGID set to a certain user for 
 
>simplicity and to resolve the Microsoft Office file locking issues. 
 
>However, each user's My Documents directory is a server share that is 
 
>accessed automatically by way of the username used on the workstation.
I 
 
>have left out a few details, but they are unimportant. 
 
 
Documents is a good place to share data with... 
 
>  
 
>I do not want the users to have to mount any drives themselves on the 
 
>Linux workstations so I would like them to be mounted automatically
when 
 
>the user logs in, not at boot time, but login time as these Linux 
 
>workstations will be multiuser so will need to mount different My 
 
>Documents directories. 
 
>  
 
Tha nature of Samba and Linux is that if your samba server is running,
once the user logs in, then they will have access to the samba shares
listed in your smb.conf file. This is the file in which you determine
what shares to make available to your Windows users. 
 
 
>I have put the share definitions into fstab, but that will not do the
My 
 
>Documents correctly. I have also tried using autofs which works well
for 
 
>the regular shares, but again does not work for My Documents. I have 
 
>found info on doing something similar with an NFS filesystem but
nothing 
 
>pertaining to smbfs and what I am trying to do with the My Documents 
 
>share 
 
 
Um how familiar are you with linux/unix? fstab is meant for mounting
files that are to be distributed among linux workstations. You can use
this one of two ways: 
 
1 - You have a large pool of file servers that you want to distribute to
other linux workstations 
 
2 - You have a collection of Windows PCs that contains specific data
(i.e. documents, CAD drawings or database info) that you want to mount
via smbfs (samba file share). 
 
 
In this case, with only two linux machines, you do not have to be
concerned about mounting the windows shares to the linux machine. You do
have to make entries in the smb.conf file in order to make the linux
shares visible to the windows users. 
 
 
>  
 
>I am currently mounting them via a script that is called from .bashrc. 
 
>This works, but it just does not seem very elegant and I know that it 
 
>can be done better in Linux, I am just not sure how. 
 
>  
 
>I would like these tests to pass with flying colors to show the higher 

[Samba] storing profiles on a 3rd host (NetApp), and [profiles] section of smb.conf

[Justin Zachor]

1.
Is it okay to use an NFS-mounted path in the [profiles] path statement?
2.
How do I make sure that owner & permissions don't get set to root on 
certain profile files when the user profile is migrated to the PDC 
'logon path' area?


I've set out to move our Windows PCs into a samba PDC domain, and my 
first profile migration was tripped up by some improper permissions that 
were set on some of the profile files when I copied the profile (as 
Administrator, on the Windows client) from the Win2K client to the PDC. 
(this was using the typical Windows utility: System | User Profiles | 
Copy To...) Plus, our previous Samba admin set a few things in smb.conf 
that I don't understand:

1. There's a [profiles] section that is commented --
Can I change /var/lib/samba/profiles to a directory on our NetApp filer? 
(the Samba server has root privilege on the NetApp, and the NetApp is a 
PDC client of Samba).

2. Do I even need this section? The "logon path = \\netapp\profiles\%u" 
in PDC section seems to work somewhat, but my permissions need to be 
tweaked after being uploaded; How do I force create/directory modes? 
Should I use a [profiles] section for that? (please see smb.conf below)

3. In the [netlogon] section, can I move /var/lib/samba/netlogon to
a path nfs-mounted from my NetApp? (e.g. would /netapp/samba/netlogon 
only be accessed by the smb/PDC daemon?)

4. path was left out of [Homes] section --
I don't know why this section has no paths.
BTW,
I know there's a ton of info on this around the web, but I didn't find
much of anything written about this scenario, where the general file
server is a third host, not the Samba server. Also, the NetApp can act
as a PDC, but we're using NIS in a mostly Debian/Max OSX environment.

What happens now:
After adding a Win2K system to the domain, using local Administrator I
copied a local user profile to \\netapp\profiles\
However, upon trying to login I get these errors:
"Windows cannot copy file \\netapp\profiles\user\Application
Data\Microsoft\Protect\S-1-5-21-515...\ to location C:\Documents and
Settings\user.FOOBAR\Application
Data\Microsoft\Protect\S-1-5-21-515...\. Contact your network
administrator.
DETAIL - Access is denied."
"Windows cannot load the profile and is logging you on with a
temporary profile. Changes you make to this profile will be lost when
you log off."
Performing a chown -R user:group to the profile makes the errors go 
away. Is there a better fix, such as Otto's notes below?


Otto writes:
http://lists.samba.org/archive/samba/1999-November/015480.html
Excerpt of above URL -- use these in [profiles] section
  force create mode = 0600
  force directory mode = 0700
Sure enough, permissions are:
drwx--2 root   daemon4096 Nov 12 14:58 S-1-5-21-515...
Only after recursively chown'ing user's profile can they login:
netapp:/profiles#  chown -R user /profiles/user
My setup is:
  -  Debian Samba server
  -  NetApp filer (fileserver)
  -  Win2K clients
smb.conf--
[global]
# -- BEGIN PDC --
domain logons = yes
logon path = \\netapp\profiles\%u
logon drive = H:
logon home = \\netapp\%u\.winprofile
logon script = logon.bat
add user to group script = /usr/sbin/usermod -G %g %u
add machine script = /usr/sbin/adduser --firstuid 9001 \
--lastuid 9500 \
--gid 9000 --home /dev/null --shell /bin/false \
--no-create-home \
--disabled-password --gecos "%u Samba Machine Account" \
--force-badname %u
admin users = @ntadmins
workgroup = FOOBAR
# -- END PDC --
invalid users = root
 (many misc settings)
[netlogon]
comment = Network Logon Service
browseable = no
path = /var/lib/samba/netlogon
read only = yes
write list = @ntadmins
#[profiles]
#path = /var/lib/samba/profiles # path = /netapp/profiles ???
#read only = no
#create mask = 0600
#directory mask = 0700
[homes]
   comment = Home Directories
   browseable = no
   force create mode = 0755
   force directory mode = 0755
   writable = yes

Thanks in advance
JAZ
==
--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] Connecting Suse9.2 to Samba shares in a windows network

[Michael Kelly]

Hi All, 
 
Our office is running somes tests by introducing a couple of Linux
workstations into the mix to see how they fair. I am however having some
issues connecting these workstations to the shares offered by our Samba
3.02 server. 
 
I know that this is not really a samba issue, but I thought I might be
able to get some help here to rectify my problems. I apologize if this
is too far off topic for this list. 
 
Here is the setup: 
 
It is a basic workgroup network, no domain, with no PDC or anything of
that sort. Authentication for the shares is done simply by having a
macthing username/password on a win2000Pro workstation. The majority of
shares on the server have the SUID and SGID set to a certain user for
simplicity and to resolve the Microsoft Office file locking issues.
However, each user's My Documents directory is a server share that is
accessed automatically by way of the username used on the workstation. I
have left out a few details, but they are unimportant. 
 
I do not want the users to have to mount any drives themselves on the
Linux workstations so I would like them to be mounted automatically when
the user logs in, not at boot time, but login time as these Linux
workstations will be multiuser so will need to mount different My
Documents directories. 
 
I have put the share definitions into fstab, but that will not do the My
Documents correctly. I have also tried using autofs which works well for
the regular shares, but again does not work for My Documents. I have
found info on doing something similar with an NFS filesystem but nothing
pertaining to smbfs and what I am trying to do with the My Documents
share 
 
I am currently mounting them via a script that is called from .bashrc.
This works, but it just does not seem very elegant and I know that it
can be done better in Linux, I am just not sure how. 
 
I would like these tests to pass with flying colors to show the higher
ups that Linux will work as a workstation, but having to write a custom
script for each user to be able to mount the Samba shares will not help
my case. 
 
As I said before, I need everything to happen at automatically as any
people that will be working with these Linux workstations are not
computer savy. 
 
Thanks for any ideas 
Michael Kelly 

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] auth against unix accounts

[wolfgang pauli]

Hi,

I am wondering how I can tell samba to auth against the linux accounts
without needing to add the users to with "smbpasswd -a username". I thought
this is easy but I can't make it. 

Thank you,

Wolfgang

-- 
Geschenkt: 3 Monate GMX ProMail + 3 Top-Spielfilme auf DVD
++ Jetzt kostenlos testen http://www.gmx.net/de/go/mail ++
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Re: [Samba] segmentation fault

[Sundaram Ramasamy]

Bensi,


Looks like this is bug in samba 3, we are also having same kind of
problem. lets wait some Samba develpers will address this problem.

-Sundaram



On Thu, 18 Nov 2004 12:40:46 +0530, [EMAIL PROTECTED]
<[EMAIL PROTECTED]> wrote:
> 
> Dear sir,
> 
> I have configured samba with ads integration and it was working
> perfectly in RedHat Linux 9.0. But Yesterday I changed that
> configuration as simple user level security. But my problem was when I
> run 'smbpasswd' command I am getting one error as 'Segmentation fault'.
> What I can do to trouble shoot this problem. Kindly reply me as soon as
> possible..
> 
> Thanks & Rgds
> Bensi Bose T.C.
> RHCE
> 
> Confidentiality Notice
> 
> The information contained in this electronic message and any attachments to 
> this message are intended
> for the exclusive use of the addressee(s) and may contain confidential or 
> privileged information. If
> you are not the intended recipient, please notify the sender at Wipro or 
> [EMAIL PROTECTED] immediately
> and destroy all copies of this message and any attachments.
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  http://lists.samba.org/mailman/listinfo/samba
> 


-- 
Software Groups (SFG)
http://sfg.homeunix.com
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] Difficulty joining domain

[Chris St. Pierre]

I'm trying to get an LDAP PDC running, and when I try to join a
Windows computer to the domain, I get the following error:

"The specified domain either does not exist or could not be contacted"

That's from Win2K.  WinXP gives more information:

---

The domain name NWU_FLUFFY might be a NetBIOS domain name.  If this is
the case, verify that the domain name is properly registered with
WINS.

If you are certain that the name is not a NetBIOS domain name, then
the following information can help you troubleshoot your DNS
configuration.

The following error occurred when DNS was queried for the service
location (SRV) resource record used to locate a domain controller for
domain NWU_FLUFFY:

The error was: "DNS name does not exist."
(error code 0x232B RCODE_NAME_ERROR)

The query was for the SRV record for _ldap._tcp.dc._msdcs.NWU_FLUFFY

Common causes of this error include the following:

- The DNS SRV record is not registered in DNS.

- One or more of the following zones do not include delegation to its
  child zone:

NWU_FLUFFY
. (the root zone)

For information about correcting this problem, click Help.

--

The domain is called "NWU_FLUFFY" (as I presume you guessed) and the
domain master is "fluffy".  I did some looking around, and it appears
that Windows wants an entry in DNS pointing to the domain master.

Now, this is not my first PDC.  I set up one before that worked fine
without a DNS entry; the difference is that my first PDC was in the
same subnet as my test client.  Is that what's causing the problem?
And, moreover, does anyone know a way around this that doesn't
involve DNS?  Isn't Windows networking supposed to use WINS?

Chris St. Pierre
Unix Systems Administrator
Nebraska Wesleyan University
402.465.7549
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] Questions about Domain Member server

[Remy Zandwijk]

Hi list,

I have a couple of questions regarding Samba being a Domain Member
of a Samba PDC and BDC.

Situation:

3 servers, running Solaris 9 and Samba 3.0.7. The Solaris
machines are LDAP clients (getpwent fetches info from LDAP).
The Samba domain is called 'ALW'.


Machine 1: PDC + LDAP master(PDC1)
Machine 2: BDC + LDAP slave (BDC1)
Machine 3: Domain Member server (FS1)


A Windows XP client, joined to the domain, can be used to log on to the
domain. This works without problems. Files created on the shares of
the PDC and BDC are owned by users/groups 'ALW\username'  and 'ALW\groupname'.

The Domain Member server is joined to the ALW domain, which is confirmed
to be OK by the 'net rpc testjoin' command. Shares on the FS1 server can be
browsed. When creating files however, the files are owned by the users/groups
'FS1\username' and 'FS1\groupname'.

I would expect the same ownership as the files created on the PDC and BDC.
Why is this FS1\... on the Domain Member server?

Besides the above problem, I cannot explain entirely why this line appears
in the logs:

--
[2004/11/17 11:08:57, 1] lib/smbldap.c:add_new_domain_info(1289)
  failed to add domain dn= sambaDomainName=FS1,dc=falw,dc=vu,dc=nl with:
Insufficient access no write access to parent
[2004/11/17 11:08:57, 0] lib/smbldap.c:smbldap_search_domain_info(1338)
  Adding domain info for FS1 failed with NT_STATUS_UNSUCCESSFUL
--

I do understand why this fails; the LDAP bind dn of Samba does not have
the rights to add this information. The thing I don't understand is why
Samba wants to add info to LDAP about the domain 'FS1', while the domain
the server joined is 'ALW'.

In the logs of the LDAP server, I see queries for uid 'alwremy', when I
mount shares on the FS1 server as user 'remy'. These queries are a result
of the Solaris system 'getpwent' call, as I can tell from the bind-dn.

To summarise:

-   Why is the ownership of files created on the Domain Member server
SERVERNAME\username instead of DOMAINNAME\username ?

-   Why does Samba want to add info about the 'FS1' domain in LDAP?

-   Why does Samba perform a getpwent call with the Samba domainname and
the username merged together?


Best regards,
Remy
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] share names longer than 12 characters

[Kristof Van Landschoot]

Hello,

from browsing the internet I found that there used to be problems with share
names longer than 12 characters.  The problem is this: using smbclient -L, the
shares are just not listed.  It's also impossible to connect to them.  Using
MacOS X, 10.3, panther as they call it.

Microsoft has even written an article about this problem, see
http://support.microsoft.com/kb/q145949/ for that.

Now, it was fixed somewhere in the samba 2 series I've found in the mailing list
archives, but it seems the same problem is still there with this smbclient on
Mac Os X 10.3 (panther), which reports as version 3.0.2.

The question is: could it be that the bug has been reintroduced somewhere along
the lines and is back in samba 3.0.2.  I don't have a linux version or self
compiled version at hand, so I need to check that I know and will when I find
time, but maybe someone can already confirm/deny the fact that such bug exists
or not?

Thanks,
Kristof


-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] Samba Training in UK - Dec 06-09, 2004

[John H Terpstra]

Folks,

If anyone is interested in Samba training in the UK at the above time please 
contact:

Mark Taylor ([EMAIL PROTECTED])
OR
Tom Callway ([EMAIL PROTECTED])

Office Phone: +44 (0)870 608 0063
Mobile Phone: +44 (0)79 67 687 379

Course details will be posted within 24 hours on: http://www.siriusit.co.uk

I have been asked to run this course by OpenAdvantage and Sirius (UK).
Information on OpenAdvantage may be found at: http://www.openadvantage.org
See: 
http://www.openadvantage.org/index.php?option=content&task=view&id=56&Itemid=36

- John T.
-- 
John H Terpstra
Samba-Team Member
Phone: +1 (650) 580-8668

Author:
The Official Samba-3 HOWTO & Reference Guide, ISBN: 0131453556
Samba-3 by Example, ISBN: 0131472216
Hardening Linux, ISBN: 0072254971
Other books in production.
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Samba 3 as domain member of w2k realm

[R.B.]

Hi John,
thank for your reply...but the time is ok... 0 seconds difference.
Any other ideas?
Riccardo
John H Terpstra wrote:
On Thursday 18 November 2004 06:07, R.B. wrote:
 

Meanwhile i've done an ethereal sniff:
 5.886351 192.168.0.52 -> 192.168.0.10 KRB5 AS-REQ
 5.887142 192.168.0.10 -> 192.168.0.52 KRB5 KRB Error:
KRB5KDC_ERR_PREAUTH_REQUIRED
 5.888002 192.168.0.52 -> 192.168.0.10 KRB5 AS-REQ
 5.889317 192.168.0.10 -> 192.168.0.52 KRB5 AS-REP
   

Check that the time on both your Samba server and the Win2kx ADS server are 
within 5 sec.

- John T.
 

R.B. wrote:
   

Hi Guys,
i've a problem joining a samba 3.0.7-1.3E.1 in a w2k domain:
[EMAIL PROTECTED] squid]# net ads join -U myuser
myuser's password:
[2004/11/18 13:29:32, 0] utils/net_ads.c:ads_startup(183)
ads_connect: Program lacks support for encryption type
I've also changed the Administrator's password for key generation...
what can i check? I have a similar server in the same net that works
fine.
Thanks
Riccardo
 

 

--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Samba 3 as domain member of w2k realm

[John H Terpstra]

On Thursday 18 November 2004 06:07, R.B. wrote:
> Meanwhile i've done an ethereal sniff:
>
>   5.886351 192.168.0.52 -> 192.168.0.10 KRB5 AS-REQ
>   5.887142 192.168.0.10 -> 192.168.0.52 KRB5 KRB Error:
> KRB5KDC_ERR_PREAUTH_REQUIRED
>   5.888002 192.168.0.52 -> 192.168.0.10 KRB5 AS-REQ
>   5.889317 192.168.0.10 -> 192.168.0.52 KRB5 AS-REP

Check that the time on both your Samba server and the Win2kx ADS server are 
within 5 sec.

- John T.

>
> R.B. wrote:
> > Hi Guys,
> > i've a problem joining a samba 3.0.7-1.3E.1 in a w2k domain:
> >
> > [EMAIL PROTECTED] squid]# net ads join -U myuser
> > myuser's password:
> > [2004/11/18 13:29:32, 0] utils/net_ads.c:ads_startup(183)
> >  ads_connect: Program lacks support for encryption type
> >
> > I've also changed the Administrator's password for key generation...
> > what can i check? I have a similar server in the same net that works
> > fine.
> >
> > Thanks
> > Riccardo

-- 
John H Terpstra
Samba-Team Member
Phone: +1 (650) 580-8668

Author:
The Official Samba-3 HOWTO & Reference Guide, ISBN: 0131453556
Samba-3 by Example, ISBN: 0131472216
Hardening Linux, ISBN: 0072254971
Other books in production.
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Samba 3 as domain member of w2k realm

[R.B.]

Meanwhile i've done an ethereal sniff:
 5.886351 192.168.0.52 -> 192.168.0.10 KRB5 AS-REQ
 5.887142 192.168.0.10 -> 192.168.0.52 KRB5 KRB Error: 
KRB5KDC_ERR_PREAUTH_REQUIRED
 5.888002 192.168.0.52 -> 192.168.0.10 KRB5 AS-REQ
 5.889317 192.168.0.10 -> 192.168.0.52 KRB5 AS-REP


R.B. wrote:
Hi Guys,
i've a problem joining a samba 3.0.7-1.3E.1 in a w2k domain:
[EMAIL PROTECTED] squid]# net ads join -U myuser
myuser's password:
[2004/11/18 13:29:32, 0] utils/net_ads.c:ads_startup(183)
 ads_connect: Program lacks support for encryption type
I've also changed the Administrator's password for key generation...
what can i check? I have a similar server in the same net that works 
fine.

Thanks
Riccardo

--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] Samba 3 as domain member of w2k realm

[R.B.]

Hi Guys,
i've a problem joining a samba 3.0.7-1.3E.1 in a w2k domain:
[EMAIL PROTECTED] squid]# net ads join -U myuser
myuser's password:
[2004/11/18 13:29:32, 0] utils/net_ads.c:ads_startup(183)
 ads_connect: Program lacks support for encryption type
I've also changed the Administrator's password for key generation...
what can i check? I have a similar server in the same net that works fine.
Thanks
Riccardo
--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Re: [samba] create account that can join machines but not admin access on domain

[Daniel Wilson]

MaTT wrote:
daniel, increase the log level and check if the information provided 
give any help

MRB
http://www.lionix.com
Linux
Daniel Wilson wrote:
MaTT wrote:
Hi Daniel... this is from the Samba Docs... will help
 One of my junior staff needs the ability to add machines to the 
Domain, but I do not want to give him root access. How can we do this?
   Users who are members of the Domain Admins group can add machines 
to the Domain. This group is mapped to the UNIX group account called 
root (or equivalent on wheel on some UNIX systems) that has a GID of 
0. This must be the primary GID of the account of the user who is a 
member of the Windows Domain Admins account.

MRB
http://www.lionix.com
Linux
Daniel Wilson wrote:
hi list,
im using samba 3.0.8 with LDAP,
To add a machine to the domain i currently use the administrator 
account (which has uidNumber=0), which means this account has 
automatic root on all of the shares (my shares arnt using samba, im 
using NetApps Filers, which have been configured to authenticate 
via samba), when we roll this project out accross the university 
(approx 50,000 users) we want the technicians in each school to be 
able to add machines to the domain but not get root/admin access to 
all the shares.

So my question is, Can you create an account that can add machines 
to the domain but doesnt get root/admin priveldges on all the 
shares/domain (as the would conflict with human rights issues etc...)

Regards
ive tried to set GID to 0 to an account, but i get unkwon username or 
password error when i try to add it, if i use administrtor adding is 
successful! 

this is what i get from the log level, i have even mapped my domain 
admin group to a posixGroup called root with gidNumber=0, also set the 
user gidnumber to 0 and also added them to domain admin group, the only 
way it works is if i set the uidNumber =0 which isnt acceptable inour 
environment. This is loglevel =2

quigon1:/opt/smbldap-tools-0.8.5 # tail -n 0 -f /usr/local/var/log.smbd 
| more
[2004/11/18 11:43:07, 2] lib/smbldap.c:smbldap_search_domain_info(1374)
 Searching for:[(&(objectClass=sambaDomain)(sambaDomainName=UNI-STAFF))]
[2004/11/18 11:43:07, 2] lib/smbldap.c:smbldap_open_connection(693)
 smbldap_open_connection: connection opened
[2004/11/18 11:43:07, 2] smbd/sesssetup.c:setup_new_vc_session(608)
 setup_new_vc_session: New VC == 0, if NT4.x compatible we would close 
all old
resources.
[2004/11/18 11:43:07, 2] smbd/sesssetup.c:setup_new_vc_session(608)
 setup_new_vc_session: New VC == 0, if NT4.x compatible we would close 
all old
resources.
[2004/11/18 11:43:07, 2] passdb/pdb_ldap.c:init_sam_from_ldap(511)
 init_sam_from_ldap: Entry found for user: ws0dwi
[2004/11/18 11:43:07, 2] passdb/pdb_ldap.c:init_group_from_ldap(2011)
 init_group_from_ldap: Entry found for group: 0
[2004/11/18 11:43:07, 2] passdb/pdb_ldap.c:init_group_from_ldap(2011)
 init_group_from_ldap: Entry found for group: 901
[2004/11/18 11:43:07, 2] auth/auth.c:check_ntlm_password(305)
 check_ntlm_password:  authentication for user [ws0dwi] -> [ws0dwi] -> 
[ws0dwi]
succeeded
[2004/11/18 11:43:08, 2] rpc_server/srv_samr_nt.c:_samr_lookup_domain(2487)
 Returning domain sid for domain UNI-STAFF -> 
S-1-5-21-82148923-2461359520-1342
846908
[2004/11/18 11:43:08, 2] 
rpc_server/srv_samr_nt.c:access_check_samr_object(93)
 _samr_open_domain: ACCESS DENIED  (requested: 0x0211)
[2004/11/18 11:43:08, 2] rpc_server/srv_samr_nt.c:_samr_lookup_domain(2487)
 Returning domain sid for domain UNI-STAFF -> 
S-1-5-21-82148923-2461359520-1342
846908
[2004/11/18 11:43:08, 2] 
rpc_server/srv_samr_nt.c:access_check_samr_function(115
)
 _samr_create_user: ACCESS DENIED (granted: 0x0201;  required: 
0x0010)
[2004/11/18 11:43:08, 2] smbd/server.c:exit_server(571)
 Closing connections
[2004/11/18 11:43:09, 2] lib/smbldap.c:smbldap_search_domain_info(1374)
 Searching for:[(&(objectClass=sambaDomain)(sambaDomainName=UNI-STAFF))]
[2004/11/18 11:43:09, 2] lib/smbldap.c:smbldap_search_domain_info(1374)
 Searching for:[(&(objectClass=sambaDomain)(sambaDomainName=UNI-STAFF))]
[2004/11/18 11:43:09, 2] lib/smbldap.c:smbldap_open_connection(693)
 smbldap_open_connection: connection opened
[2004/11/18 11:43:09, 2] lib/smbldap.c:smbldap_open_connection(693)
 smbldap_open_connection: connection opened
[2004/11/18 11:43:09, 2] smbd/sesssetup.c:setup_new_vc_session(608)
 setup_new_vc_session: New VC == 0, if NT4.x compatible we would close 
all old
resources.
[2004/11/18 11:43:09, 2] smbd/reply.c:reply_special(235)
 netbios connect: name1=QUIGON1 name2=D-CONWAY-LAP
[2004/11/18 11:43:09, 2] smbd/reply.c:reply_special(242)
 netbios connect: local=quigon1 remote=d-conway-lap, name type = 0
[2004/11/18 11:43:09, 2] smbd/sesssetup.c:setup_new_vc_session(608)
 setup_new_vc_session: New VC == 0, if NT4.x compatible we would close 
all old
resources.
[2004/11/18 11:43:09, 2] smbd/server.c:exit_server(571)
 Closing connections
[2004/11/18 11:43:09, 2] passdb/pdb

[Samba] Strange Errors appearing in my log

[Chris Roubekas]

Dear all,

I have a SuSE9.1 box running as a file server with mp3's on it.
The /var/log/messages log file is recording the following errors which
I don't understand and perhaps you could assist me:

Nov 17 11:25:05 mp3-nrg smbd[7903]: [2004/11/17 11:25:05, 0] 
lib/util_sock.c:get_peer_addr(975)
Nov 17 11:25:05 mp3-nrg smbd[7903]:   getpeername failed. Error was Transport 
endpoint is not connected
Nov 17 11:25:05 mp3-nrg smbd[7903]: [2004/11/17 11:25:05, 0] 
lib/util_sock.c:get_peer_addr(975)
Nov 17 11:25:05 mp3-nrg smbd[7903]:   getpeername failed. Error was Transport 
endpoint is not connected
Nov 17 11:25:05 mp3-nrg smbd[7903]: [2004/11/17 11:25:05, 0] 
lib/access.c:check_access(328)
Nov 17 11:25:05 mp3-nrg smbd[7903]: [2004/11/17 11:25:05, 0] 
lib/util_sock.c:get_peer_addr(975)
Nov 17 11:25:05 mp3-nrg smbd[7903]:   getpeername failed. Error was Transport 
endpoint is not connected
Nov 17 11:25:05 mp3-nrg smbd[7903]:   Denied connection from  (0.0.0.0)
Nov 17 11:25:05 mp3-nrg smbd[7903]: [2004/11/17 11:25:05, 0] 
lib/util_sock.c:get_peer_addr(975)
Nov 17 11:25:05 mp3-nrg smbd[7903]: [2004/11/17 11:25:05, 0] 
lib/util_sock.c:get_peer_addr(975)
Nov 17 11:25:05 mp3-nrg smbd[7903]:   getpeername failed. Error was Transport 
endpoint is not connected
Nov 17 11:25:05 mp3-nrg smbd[7903]:   Connection denied from 0.0.0.0
Nov 17 11:25:05 mp3-nrg smbd[7903]: [2004/11/17 11:25:05, 0] 
lib/util_sock.c:write_socket_data(411)
Nov 17 11:25:05 mp3-nrg smbd[7903]:   write_socket_data: write failure. Error = 
Connection reset by peer
Nov 17 11:25:05 mp3-nrg smbd[7903]: [2004/11/17 11:25:05, 0] 
lib/util_sock.c:write_socket(436)
Nov 17 11:25:05 mp3-nrg smbd[7903]:   write_socket: Error writing 5 bytes to 
socket 22: ERRNO = Connection reset by peer
Nov 17 11:25:05 mp3-nrg smbd[7903]: [2004/11/17 11:25:05, 0] 
lib/util_sock.c:send_smb(628)
Nov 17 11:25:05 mp3-nrg smbd[7903]:   Error writing 5 bytes to client. -1. 
(Connection reset by peer)
Nov 17 11:25:05 mp3-nrg smbd[7904]: [2004/11/17 11:25:05, 0] 
rpc_server/srv_pipe.c:api_pipe_netsec_process(1371)
Nov 17 11:25:05 mp3-nrg smbd[7904]:   failed to decode PDU
Nov 17 11:25:05 mp3-nrg smbd[7904]: [2004/11/17 11:25:05, 0] 
rpc_server/srv_pipe_hnd.c:process_request_pdu(605)
Nov 17 11:25:05 mp3-nrg smbd[7904]:   process_request_pdu: failed to do 
schannel processing.

The network is comprised of Win9X and WinXP machines. Currently the Win9x is 
playing the songs
on a 24/7 basis. There have been many incidents (at least twice on a daily 
basis) that some songs
are being "skipped". That is, although they are playing on the Win9X, they 
would stop in the middle 
and continue with the next one... Thought that maybe that might help...

Chris

--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] Inplace upgrade 2.2.12 -> 3.0.7

[Angela Williams]

Hi All!
A feww weeks ago I upgraded one of my customers from 2.2.7a to 2.2.12.
I chose the download and compile for 2.2.12 so that I had full control over 
what was going on and where the new version would live. This went very well 
until I found missing bits and pieces like smbpasswd etc etc. They live in 
new places on 12! I could quite happily swap between the two versions by 
killing the smbd and nmbd processes for one and restarted them for the other. 
Worked like a wiz! System runs as a PDC as well but now with flaky XP things 
connecting to samba for authentication etc and also wanting more out of samba 
I have decided to upgrade them to 3.0.7. I downloaded 3.0.7 and compiled it 
after making the RH9 change to the config files and have installed it 
in /usr/local/samba3 as the base. I have not linked any of the files yet!
I have followed many of the steps in "Chapter 6. Making Users Happy" of the 
really super Samba Guide on the samba site(s) - well done writers!
Almost ready to test out the ldap server when the thought struck me - what if 
I break this system? Not really a major train smash but still a problem.

So this begs the question can I swap happily between samba 2 sans ldap and 
samba 3 with? 
Are there files I need to backup other than those in /usr/local/samba where my 
2.2.12 version lives. What about the tdb files in /var/cache/samba?
Any other things I need to do?
Any docs to look at?

Cheers
Ang 
-- 
Angela Williams Enterprise Outsourcing
SCO Unix/Linux & Cisco spoken here! Bedfordview
[EMAIL PROTECTED]   Gauteng South Africa

Smile!! Jesus Loves You!!
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Administrator

[Christoph Scheeder]

Hi,
this is no problem at all with samba 3.x, all you need is to
get your groupmapping set up correct and all is fine.
Have a look at the "net groupmap" command in 3.x.
In samba 3.x the handling of NT/Windows-groups was changed complete.
for details read through the fine doc's at samba.org about setting up a 
PDC with samba 3.x
Christoph

Ronald James schrieb:
Hi there
 

I have a question and it appears it cannot be done on Samba 3 and higher. I
want to have administrator rights on each pc in my network. I notice that
Domain Admin Groups was removed. I never used this feature so would not know
exactly what it does. However since I am now using Samba 3 it wont really be
of any use to me.
 

Is there a way, without having to goto each computer and allow domain users
to have administrator rights ? I am supporting clients and some of them have
150 pc's, I cant see myself having to go to 150 machines to allow the
administrator admin privelages etc. I also install a software (anti virus)
that requires admin rights, this is done automatically through the network,
however not when you don't have actual admin privies.
 

If it cannot be done, could someone here who is into development possibly
look into the source and try to get it to work ?
 

Thanks
 

Ronald James
NetXactics
Tel: +27 21 680-5069
Fax: +27 21 680-5011
http://www.netxactics.co.za  
Sophos - protecting businesses against viruses and spam

 

--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] Win SBS 2003 ADS and samba 3.0.8 authentication problem for 11th user

[Jens Kammermeier]

Hi,
I'm running samba 3.0.8 on SuSE 9.0 (heimdal 0.6-161) as a ADS member server
in a Windows SBS 2003 Domain (with 15 client access licences).
My problem is, that every morning, when people login the eleventh user
cannot connect to the samba shares.
After restarting nmb, smb and winbind, they can.

The log file for the client pc shows following error:

...
[2004/11/18 08:56:55, 1] smbd/sesssetup.c:reply_spnego_kerberos(265)
  make_server_info_from_pw failed!
[2004/11/18 08:56:55, 1] smbd/sesssetup.c:reply_spnego_kerberos(265)
  make_server_info_from_pw failed!
...

Now I reboot nmb, smb and winbind...

...
[2004/11/18 09:11:33, 1] smbd/service.c:make_connection_snum(648)
  zchwws12 (192.168.50.112) connect to service Daten initially as user
DOMAIN+username (uid=10021, gid=1) (pid 7047)
[2004/11/18 09:11:33, 1] smbd/service.c:make_connection_snum(648)
  zchwws12 (192.168.50.112) connect to service Daten initially as user
DOMAIN+username (uid=10021, gid=1) (pid 7047)
[2004/11/18 09:12:45, 1] smbd/service.c:close_cnum(836)
  zchwws12 (192.168.50.112) closed connection to service Daten
...

Connection works.

Does anyone know, what's wrong?
Thanks for help!


-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] Administrator

[Ronald James]

Hi there

 

I have a question and it appears it cannot be done on Samba 3 and higher. I
want to have administrator rights on each pc in my network. I notice that
Domain Admin Groups was removed. I never used this feature so would not know
exactly what it does. However since I am now using Samba 3 it wont really be
of any use to me.

 

Is there a way, without having to goto each computer and allow domain users
to have administrator rights ? I am supporting clients and some of them have
150 pc's, I cant see myself having to go to 150 machines to allow the
administrator admin privelages etc. I also install a software (anti virus)
that requires admin rights, this is done automatically through the network,
however not when you don't have actual admin privies.

 

If it cannot be done, could someone here who is into development possibly
look into the source and try to get it to work ?

 

Thanks

 

Ronald James
NetXactics
Tel: +27 21 680-5069
Fax: +27 21 680-5011
http://www.netxactics.co.za  
Sophos - protecting businesses against viruses and spam

 

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba