[Samba] Re: [Off Topic] Managed desktop virus scanner in Samba 3 Enviroment
I have managed to get Norman AV working where the Linux file server pulls down the DAT files and the Windows clients pull from the server. The on-access scanner has not been installed as the kernel module it wishes to install needs default kernel security removed. Since Linux viruses are a haa haa haa, need not have the on-access protection! It can be a tricky beast to get installed / configured, but then for as cheap as it is... "Good Enough" for now in my book. Oh, so a cron job runs the command line update to keep the server in sync with Norman. Simple enough. -- Michael Lueck Lueck Data Systems Remove the upper case letters NOSPAM to contact me directly. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Re: [Off Topic] Managed desktop virus scanner in Samba 3 Enviroment
I spent some time looking for this also... Based on what I found there really isn't a solution that I could find that meet all of my needs. you should checkout the following http://www.clamav.net/ Robert Gil Freund wrote: Hi, As we are moving away from an NT based enviroment to SAMBA we are looking for a managed virus scanner for our desktops. Managed means: 1. Remote deployment 2. Updates from a local repository 3. Notification and reporting. The existing solutions (Symantec, TrendMicro, Mcafee) assume that you have an NT server. I would much rather have a Linux/Samba based managment console. Any ideas/leads? Thanks Gil -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Re: A little help with nss_ldap - User xxx in passdb, but getpwnam() fails!
One of the reasons I choose to go with openldap as my backend for samba was I intended to eventually have my cyrus server authenticate against the same server thus creating a single point of autherization for network services. That being said if samba 4 does have it's own ldap "like" backend unless people are able to use it for other services I beleive that openldap will still be the back end of choice. Robert Alex Satrapa wrote: On 27 Nov 2004, at 06:05, Tomasz Chmielewski wrote: I got lots of gray hair when I compared how hard it is to establish Samba + OpenLDAP, and then MS solutions, even with "official" documentation. FWIW, I've just given a presentation to the local Linux Users' Group on this subject, based on notes made during my own installations. Until Samba 4 comes out (which includes its own "LDAP" style backend), we'll have to live with the nightmare that is Samba + OpenLDAP. Once the notes are published, I'll notify this list too - then there can be another document for people to get confused by in addition to the material by Terpstra, IDEALX, et al ;) Alex -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Re: A little help with nss_ldap - User xxx in passdb, but getpwnam() fails!
I've given up on Yast... it doesn't always catch dependences; refusing to install something with no message indicting why. I found that installing apt from guru's rpm site is the best way to go in terms of updates and installing additional software. I know I will no longer use Suse as a server, I'm sure if I purchased the enterprise addition with all the support it would be a very nice solution; but without the support it is very frustrating. I do however enjoy it as a desktop (well 9.2 at least) for my laptop, their replacement for acpi works very well with my laptop's speed stepping. Robert Tomasz Chmielewski wrote: Robert Silvia wrote: I can say this if Tomak is using Suse then this may very well be how Suse built the package. I left suse for this exact reason, a perfect example of how they changed Samba's "ldap ssl = "parameter for what ever reason they set this parameter to relate to start_tls / false instead of start_tls / off. so they may have change other settings as well. Using redhat 9 %u works as it should. I can't begin to explain the nightmares I had setting up cyrus on suse because of all the proprietary settings they have. Indeed. The more and more I use it, the more and more I begin to dislike it, because of the simple issues with it (like not working Webmin if not updated, downgrading performed by Yast in order to install something, just to upgrade right after that, wiping out your /etc/resolv.conf by Yast etc.). Tomek -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: A little help with nss_ldap - User xxx in passdb, but getpwnam() fails!
Robert Silvia wrote: I can say this if Tomak is using Suse then this may very well be how Suse built the package. I left suse for this exact reason, a perfect example of how they changed Samba's "ldap ssl = "parameter for what ever reason they set this parameter to relate to start_tls / false instead of start_tls / off. so they may have change other settings as well. Using redhat 9 %u works as it should. I can't begin to explain the nightmares I had setting up cyrus on suse because of all the proprietary settings they have. Indeed. The more and more I use it, the more and more I begin to dislike it, because of the simple issues with it (like not working Webmin if not updated, downgrading performed by Yast in order to install something, just to upgrade right after that, wiping out your /etc/resolv.conf by Yast etc.). Tomek -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: A little help with nss_ldap - User xxx in passdb, but getpwnam() fails!
Robert Silvia wrote: Great... I wonder what type of mirgration will be available when samba 4 comes... and when it comes? :) Don't know of migration, but if Samba 4 will use LDAP-compatibile backed, it should be something like dumping old LDAP and importing it to Samba. Tomek -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] BDC with mysql
On Tue, 2004-11-23 at 21:01 -0200, Giuliano Silva de Oliveira wrote: > Hi everybody, > > > > I read the official HOWTO that explain how to use mysql as password backends > but I couldn't find anything about PDC and BDC with mysql. Have anybody an > idea how to implements this solution? A BDC with MySQL would require some kind of database replication protocol, with a means to update the master when the slave makes changes. In short, this is not supported, use LDAP instead. Andrew Bartlett -- Andrew Bartlett <[EMAIL PROTECTED]> signature.asc Description: This is a digitally signed message part -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Re: A little help with nss_ldap - User xxx in passdb, but getpwnam() fails!
Great... I wonder what type of mirgration will be available when samba 4 comes... Alex Satrapa wrote: On 27 Nov 2004, at 06:05, Tomasz Chmielewski wrote: I got lots of gray hair when I compared how hard it is to establish Samba + OpenLDAP, and then MS solutions, even with "official" documentation. FWIW, I've just given a presentation to the local Linux Users' Group on this subject, based on notes made during my own installations. Until Samba 4 comes out (which includes its own "LDAP" style backend), we'll have to live with the nightmare that is Samba + OpenLDAP. Once the notes are published, I'll notify this list too - then there can be another document for people to get confused by in addition to the material by Terpstra, IDEALX, et al ;) Alex -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Re: A little help with nss_ldap - User xxx in passdb, but getpwnam() fails!
I can say this if Tomak is using Suse then this may very well be how Suse built the package. I left suse for this exact reason, a perfect example of how they changed Samba's "ldap ssl = "parameter for what ever reason they set this parameter to relate to start_tls / false instead of start_tls / off. so they may have change other settings as well. Using redhat 9 %u works as it should. I can't begin to explain the nightmares I had setting up cyrus on suse because of all the proprietary settings they have. Robert John H Terpstra wrote: On Friday 26 November 2004 11:19, Tomasz Chmielewski wrote: ... Of all howtos etc. I made through, I was only able to setup Samba + LDAP using Samba Guide (chapter 6, Making users happy) - it has the smallest number of bugs - without correcting them (like %m needed instead of %u), running Samba + LDAP would be impossible. I guess you are absolutely certain that the use of %u in the "add machine script" is a bug. Please file a bug report on bugzilla.samba.org with a reproducible test case to prove that this is a bug. If it is a bug then we MUST fix it, and then I will update the documentation also. At this time, in my test environment, using %u (not %m) works perfectly as I have documented it. If this does not work in your environment please help me to see why. At this time I can not reproduce your problem and thus I fear that your advice is misleading. Given that one of us is wrong, let's get to the bottom of the problem and fix it. There is explained how to check which ldap.conf your system uses (for authentication). Cheers, John T. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Re: A little help with nss_ldap - User xxx in passdb, but getpwnam() fails!
Yeah good information... on redhat it's ldap.conf in /etc/ too go figure Tomasz Chmielewski wrote: Adam Tauno Williams wrote: I just tested your settings and they seem to be working. The auth takes much longer now, maybe because it is working. When checking shares the getpwnam does not even get called any more. I noticed many SMB_VFS, NT_STATUS_NO_SUCH_OBJECT in the log, I guess that let's me know VFS was complied in my binary. How is the ldap.conf in the /etc/ directory different then the one found in /etc/openldap/ There is a very simple way to determine this. [EMAIL PROTECTED]:~> rpm -qf /etc/ldap.conf pwdutils-2.6.90-6 [EMAIL PROTECTED]:~> rpm -qf /etc/openldap/ldap.conf openldap2-client-2.2.15-5 So you know from what packages came which file. I didn't know that, too. It's confusing to have two config files with the same names in the system, isn't it? They could call this file /etc/nss-ldap.conf (like they did on RedHat i think). But it's not a Samba issue, anyway (although confusing) :) Tomek -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: A little help with nss_ldap - User xxx in passdb, but getpwnam() fails!
On 27 Nov 2004, at 06:05, Tomasz Chmielewski wrote: I got lots of gray hair when I compared how hard it is to establish Samba + OpenLDAP, and then MS solutions, even with "official" documentation. FWIW, I've just given a presentation to the local Linux Users' Group on this subject, based on notes made during my own installations. Until Samba 4 comes out (which includes its own "LDAP" style backend), we'll have to live with the nightmare that is Samba + OpenLDAP. Once the notes are published, I'll notify this list too - then there can be another document for people to get confused by in addition to the material by Terpstra, IDEALX, et al ;) Alex -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] 500 Email Leads For $25 ( 24 Hours Only )
For the next 24 hours we are having an unbeatable sale. We have a large supply of email leads and we thought it would be a great day to set the price so low that everybody would take advantage of it. We know that once you try our leads, you will be very pleased, and you will refer your friends and teams to us. Also you will use us again in the furture. For the next 24 hours, you will be able to purchase our email leads at the lowest price ever. Our normal price for 500 email leads is $49. This is already very low considering most lead companies sell the same leads for $99. If you order within the next 24 hours, and you promise to use us in the future and refer your teams to us, you will be able to purchase 500 of our email leads for only $25 This is a great opportunity for you to test us out for a very low cost. Don't miss out on this great sale http://growmybiz.info To your success, Charles Ryder HB Match Leads http://growmybiz.info Don't want more? Click here: http://www.hbleadsale.com/mail/rem.php?u=585cd62 -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Re: Problems with samba under FreeBSD, not under Linux
TO WHOM IT MAY CONCERN Found the solution for the problem widely described below, after the <><> symbols. Here you are the solution: I created under /root the following °°° .nsmbrc file [default] workgroup=BOH_SS # The 'FSERVER' is an NT server. [SRVS1] #charsets=koi8-r:cp866 addr=srvs1.boh_ss [SRVS1:A00BCDD] # use persistent password cache for user 'A00BCD' password=giulietta I didn't change a line in my °°°smb.conf file [global] workgroup = BOH_SS # server string is the equivalent of the NT Description field server string = VicBSD load printers = no log file = /var/log/samba/log.%m log level = 1 max log size = 50 security = user nt acl support = no encrypt passwords = yes smb passwd file = /usr/local/private/smbpasswd domain master = no # wins support = yes wins server = 10.155.1.122 10.155.1.211 # Share Definitions == [homes] # comment = Home Directories # browseable = no # writable = yes read only = No Thanks to the .nsmbrc file I was able to connect to the windows share with the following command line (adding the option -N to force samba read the password from .nsmbrc): mount_smbfs -N //[EMAIL PROTECTED]/Data /mnt/smb in so doing samba desn't ask for the password and connects to the share smoothlhy! What puzzles me (any explanation?) is that: 1) Even though I declare my username a00bcd in the .nsmbrc file I have to repeat it in the mount_smbsf line otherwise, issuing e.g mount_smbfs -N //srvs1/Data /mnt/smb it doesn't mount the share complaining about something wrong with the authorization; 2) I still don't understand why - without the -N option I'm correctly asked for a password but samba continues to be unable to connect the share. Anyway my occasional solution works fine! Thanks to ALL for the many suggestions Vittorio <><><><><><><><><><><><><><><><><><><><><> <><><><><><><><><><><><><><><><><><><><><> <><><><><><><><><><><><><><><><><><><><><> Alle 08:45, venerdì 26 novembre 2004, Vittorio ha scritto: > (Context: Office windows LAN; PC Pentium 3 with 128 MB, FreeBSD 5.3.) > > > Here you are the unanswered message I had sent to the FreeBSD mailing > list: > > \BEGIN{MESSAGE} > - >-- --- After installing and launching samba 3.0.7 daemons > under my postgresql FBSD5.3 > stable server at office, I'm having trouble in connecting to whatever > windows > share in the M$ LAN. > > Here you are what's going on: > 1) I can ping to my windows server srvs1.myco; > > 2) If I issue > smbclient -L srvs1.myco -U myuserid > pasword: > Domain=[BOH_SS] OS=[Windows 5.0] Server=[Windows 2000 LAN Manager] > > Sharename Type Comment > - --- > DataDisk > ADMIN$ Disk Remote Admin > H$ Disk Default share > . > Domain=[BOH_SS] OS=[Windows 5.0] Server=[Windows 2000 LAN Manager] > > Server Comment > ---- > > WorkgroupMaster My very short smb.conf > > > > ---- > > > > > 3) If I issue > smbclient //srvs1.myco/Data -U myuserid > pasword: > Domain=[BOH_SS] OS=[Windows 5.0] Server=[Windows 2000 LAN Manager] > smb: \> dir > . DA0 Tue Nov 23 09:13:08 > 2004 > .. DA0 Tue Nov 23 09:13:08 > 2004 > ScambioDA0 Tue Nov 23 09:13:09 > 2004 > Utenti My very short smb.conf > > > DA0 Tue Nov 23 09:13:09 > 2004 > > > > BUT if I issue > > mount_smbfs -I srvs1.myco //[EMAIL PROTECTED]/Data /mnt/smb > password:* > mount_smbfs: unable to open connection: syserr = Connection reset by > peer > > This error pops up. > > Could you please help me, a poor samba newbie, straight things up? > > Thanks in advance > > Vittorio > - >-- -- \END{MESSAGE} > > Now, I can add that I had a go with Samba 3.08 under a linux gentoo > slice on the same box, replicating all the commands I had given under > FreBSD (with the exception of smbmount under gentoo & mount_smbfs > under freebsd, somewhat different synthax, too) and - under linux - > it works perfectly well. > > > My very short smb.conf (both under linux and FreeBSD) > > > [global] > >workgroup = BOH_SS >server string = Samba >load printers = no >log file = /var/log/samba3/log.%m >max log size = 50 >security = user > encrypt passwords = yes > > smb passwd file = /etc/samba/private/smbpasswd >domain master = no > # Share Definitions > == > [homes] >comment = Home Directories >browseable = no >writable = yes > > > From
[Samba] split samba/cups into separate machines
Greetings Admins, We use samba 3.0.7 and cups 1.1.20 on debian woody to serve point'n'print to XP clients. This works great, much kudos to the samba team! We are seeing high load on the printserver and we would like to know if it's possible to split the samba and cups installation into 2 separate machines. How do I configure samba to detect a cups installation on another host? If this is a case of RTFM then kindly point me to the doc :) regards, Ryan My current config on the samba install is '--with-ads' '--with-ldap' '--enable-cups' 'LDFLAGS=-L/usr/local/ssl/lib' -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: A little help with nss_ldap - User xxx in passdb, but getpwnam() fails!
Adam Tauno Williams wrote: I just tested your settings and they seem to be working. The auth takes much longer now, maybe because it is working. When checking shares the getpwnam does not even get called any more. I noticed many SMB_VFS, NT_STATUS_NO_SUCH_OBJECT in the log, I guess that let's me know VFS was complied in my binary. How is the ldap.conf in the /etc/ directory different then the one found in /etc/openldap/ There is a very simple way to determine this. [EMAIL PROTECTED]:~> rpm -qf /etc/ldap.conf pwdutils-2.6.90-6 [EMAIL PROTECTED]:~> rpm -qf /etc/openldap/ldap.conf openldap2-client-2.2.15-5 So you know from what packages came which file. I didn't know that, too. It's confusing to have two config files with the same names in the system, isn't it? They could call this file /etc/nss-ldap.conf (like they did on RedHat i think). But it's not a Samba issue, anyway (although confusing) :) Tomek -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: A little help with nss_ldap - User xxx in passdb, but getpwnam() fails!
John H Terpstra wrote: On Friday 26 November 2004 11:19, Tomasz Chmielewski wrote: ... Of all howtos etc. I made through, I was only able to setup Samba + LDAP using Samba Guide (chapter 6, Making users happy) - it has the smallest number of bugs - without correcting them (like %m needed instead of %u), running Samba + LDAP would be impossible. I guess you are absolutely certain that the use of %u in the "add machine script" is a bug. Please file a bug report on bugzilla.samba.org with a reproducible test case to prove that this is a bug. I don't know. For me it didn't work with %u, I spent hours trying to figure out what's wrong. Then I found a post of someone who just changed %u to %m and everything began to work (there was a longer discussion about it in / after this post). When I changed %u to %m - adding machines began to work. Switched back to %u - not working. Switched to %m again - works. If it is a bug then we MUST fix it, and then I will update the documentation also. Maybe it's just a bug that just happens on certain distributions? At this time, in my test environment, using %u (not %m) works perfectly as I have documented it. If this does not work in your environment please help me to see why. At this time I can not reproduce your problem and thus I fear that your advice is misleading. And for me %m works, %u not (SuSE 9.1 packages; I don't like SuSE anyway :) So, assuming that I file a bug, what does it change? For you and several others (I guess most) it is working with %u, so it won't be confirmed. Or maybe I have to give a temporary shell access to some of the developers to convince them? :) Given that one of us is wrong, let's get to the bottom of the problem and fix it. Yeah, Samba should be working with the same settings in the same way, no matter on what distribution / platform it is running. I got lots of gray hair when I compared how hard it is to establish Samba + OpenLDAP, and then MS solutions, even with "official" documentation. Tomek -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: A little help with nss_ldap - User xxx in passdb, but getpwnam() fails!
On Friday 26 November 2004 11:19, Tomasz Chmielewski wrote: ... > Of all howtos etc. I made through, I was only able to setup Samba + LDAP > using Samba Guide (chapter 6, Making users happy) - it has the smallest > number of bugs - without correcting them (like %m needed instead of %u), > running Samba + LDAP would be impossible. I guess you are absolutely certain that the use of %u in the "add machine script" is a bug. Please file a bug report on bugzilla.samba.org with a reproducible test case to prove that this is a bug. If it is a bug then we MUST fix it, and then I will update the documentation also. At this time, in my test environment, using %u (not %m) works perfectly as I have documented it. If this does not work in your environment please help me to see why. At this time I can not reproduce your problem and thus I fear that your advice is misleading. Given that one of us is wrong, let's get to the bottom of the problem and fix it. > There is explained how to check which ldap.conf your system uses (for > authentication). Cheers, John T. -- John H Terpstra Samba-Team Member Phone: +1 (650) 580-8668 Author: The Official Samba-3 HOWTO & Reference Guide, ISBN: 0131453556 Samba-3 by Example, ISBN: 0131472216 Hardening Linux, ISBN: 0072254971 Other books in production. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: A little help with nss_ldap - User xxx in passdb, but getpwnam() fails!
> > I just tested your settings and they seem to be working. > > The auth takes much longer now, maybe because it is working. > > When checking shares the getpwnam does not even get called any more. > > I noticed many SMB_VFS, NT_STATUS_NO_SUCH_OBJECT in the log, I guess > > that let's me know VFS was complied in my binary. > > How is the ldap.conf in the /etc/ directory different then the one found > > in /etc/openldap/ There is a very simple way to determine this. [EMAIL PROTECTED]:~> rpm -qf /etc/ldap.conf pwdutils-2.6.90-6 [EMAIL PROTECTED]:~> rpm -qf /etc/openldap/ldap.conf openldap2-client-2.2.15-5 So you know from what packages came which file. > > When I check the MAN page only /etc/openldap/ldap.conf comes up, I'm > > curious about the other options I am seeing in the other ldap.conf > > located in the /etc/ directory. Look in the /etc/ldap.conf, it should be very verbosely commented. > > Most of the I can make an educated guess as to their function, but it > > would be nice to have a verified definition of some of these parameters. The PAM and NSS modules come from PADL (www.padl.com) you can download the tgz's and look at the documentation they contain. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: A little help with nss_ldap - User xxx in passdb, but getpwnam() fails!
Robert Silvia wrote: Tomak, I just tested your settings and they seem to be working. The auth takes much longer now, maybe because it is working. When checking shares the getpwnam does not even get called any more. I noticed many SMB_VFS, NT_STATUS_NO_SUCH_OBJECT in the log, I guess that let's me know VFS was complied in my binary. How is the ldap.conf in the /etc/ directory different then the one found in /etc/openldap/ When I check the MAN page only /etc/openldap/ldap.conf comes up, I'm curious about the other options I am seeing in the other ldap.conf located in the /etc/ directory. Most of the I can make an educated guess as to their function, but it would be nice to have a verified definition of some of these parameters. Of all howtos etc. I made through, I was only able to setup Samba + LDAP using Samba Guide (chapter 6, Making users happy) - it has the smallest number of bugs - without correcting them (like %m needed instead of %u), running Samba + LDAP would be impossible. There is explained how to check which ldap.conf your system uses (for authentication). The rest you could get from openldap.org, I guess. Tomek -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] VFS module to block directory listing
Hi, no, because you need the "x" permision in order to "enter" the diretory. Maybe I need to install the ext3 ACL in the kernel. Oliver Adam Tauno Williams wrote: I wonder if it is posible to write a VFS module to block the listing of directory in a share? The files inside the directory should be accesible for read/write operations, but should be able to list the files in the directory. Is that posible? Can't you do this exact thing with UNIX filesystem permissions? Remove the "x" permission from the directory. -- Oliver Schulze L. <[EMAIL PROTECTED]> -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Logon Problems with Samba 3.07 after password changes
Hallo Martin Rode, > > The whole thing happens since we have moved servers (new, but same > Debian testing installation). /etc/samba was copied to the new server. Have you only copied /etc/samba ? Forgot to copied the /var/lib/samba/*tdb files ? Is it the same Samba Version ? Greetings Thomas -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] net rpc shutdown not working
hi jI'm trying to shutdown some windows XP clients with net rpc shutdown -S -U administrator%password but all i get is this error [2004/11/26 10:44:32, 0] utils/net_rpc.c:rpc_shutdown_internals(4113) Shutdown of remote machine failed! I'm using Version 3.0.8-Debian and le client are using winXP SP2 (the firewall is not activated) if someone can help thank cyril -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Re: A little help with nss_ldap - User xxx in passdb, but getpwnam() fails!
Tomak, I just tested your settings and they seem to be working. The auth takes much longer now, maybe because it is working. When checking shares the getpwnam does not even get called any more. I noticed many SMB_VFS, NT_STATUS_NO_SUCH_OBJECT in the log, I guess that let's me know VFS was complied in my binary. How is the ldap.conf in the /etc/ directory different then the one found in /etc/openldap/ When I check the MAN page only /etc/openldap/ldap.conf comes up, I'm curious about the other options I am seeing in the other ldap.conf located in the /etc/ directory. Most of the I can make an educated guess as to their function, but it would be nice to have a verified definition of some of these parameters. -- Anyway thanks for your help it is greatly appreciated. Robert Robert Silvia wrote: Here's my configuration: My system auth looks like: authrequired /lib/security/pam_env.so authsufficient/lib/security/pam_unix.so likeauth nullok authsufficient/lib/security/pam_ldap.so use_first_pass authrequired /lib/security/pam_deny.so account required /lib/security/pam_unix.so account sufficient/lib/security/pam_ldap.so passwordrequired /lib/security/pam_cracklib.so retry=3 type= passwordsufficient/lib/security/pam_unix.so nullok use_authtok md5 shadow passwordsufficient/lib/security/pam_ldap.so use_authtok passwordrequired /lib/security/pam_deny.so session required /lib/security/pam_limits.so session required /lib/security/pam_unix.so session optional /lib/security/pam_ldap.so My /etc/ldap.conf is setup as (world readable): base dc=pds-support,dc=net rootbinddn cn=nssldap,ou=DSA,dc=pds-support,dc=net nss_base_passwd dc=pds-support,dc=net?sub nss_base_shadow dc=pds-support,dc=net?sub nss_base_group ou=Groups,dc=pds-support,dc=net?one ssl no pam_password md5 and my /etc/nsswitch.conf (world readable) passwd: files ldap shadow: files ldap group: files ldap I have /etc/ldap.secret set to world readable atm moment with the password (I plan on changing this once I have it working) Yeah setting Samba to work with LDAP properly can be really painful. Could you try setting /etc/ldap.conf like below (witout ldap.secret file): SIZELIMIT 200 TIMELIMIT 15 DEREF never host 127.0.0.1 base dc=magista,dc=de binddn cn=Manager,dc=magista,dc=de bindpw secret-password-in-plain pam_password exop nss_base_passwd dc=magista,dc=de?sub nss_base_shadow dc=magista,dc=de?sub nss_base_group ou=Groups,dc=magista,dc=de?one Tomek -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] SAMBA 3.0.7 domain member can't be browsed
Hi all, I am using debian 3.1 and samba 3.0.7. I configured samba as a member of a w2K domain and set up a share in /tmp. Now, when I issue the command 'smbclient -L localhost -Uuser_domain%pass' I get NT_STATUS_LOGON_FAILURE but as guest it works 'smbclient -L localhost -U%'. wbinfo -u and wbinfo -g work well after joining the domain. Thank you for your help. Nirina. Vous manquez despace pour stocker vos mails ? Yahoo! Mail vous offre GRATUITEMENT 100 Mo ! Créez votre Yahoo! Mail sur http://fr.benefits.yahoo.com/ Le nouveau Yahoo! Messenger est arrivé ! Découvrez toutes les nouveautés pour dialoguer instantanément avec vos amis. A télécharger gratuitement sur http://fr.messenger.yahoo.com -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] VFS module to block directory listing
> I wonder if it is posible to write a VFS module to block the listing of > directory in a share? > The files inside the directory should be accesible for read/write > operations, but should be able to list the files in the directory. > Is that posible? Can't you do this exact thing with UNIX filesystem permissions? Remove the "x" permission from the directory. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] samba 3.0.9, winbind and NT4
Hi I'm trying to set up samba 3.0.9 as domain member server. When I try to join NT4 domain using "net rpc join" it added an account in NT4 domain but in lowercase !! I have to delete it on nt4 and add it again using uppercase letters - then it works. Why?? In smb.conf I have netbios name written in uppercase. I've even tried net -n !! Another problem is that when I try to join to domain and I'm allready in domain - I get "joined domain xxx" but wbinfo -u says "error looking up domain users". wbinfo -t get: checking the trust secret vie rpc calls failed. error code was NT_STATUS_PIPE_NOT_AVAILABLE. Could not check secret. What is wrong???I don't have this problem in samba 3.0.2a althought I use the same linux and samba configuration. -- Regards Pawel Gawenda [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Re: [cups.general] User notification for jobs - windows clients
On Fri, Nov 26, 2004 at 01:43:22PM +0200, Gil Freund wrote: > > Sorry for cross-posting, but this seems to be an interdiciplinary issue. > > I would like our users to get a popup notification of the completion / > failure of their jobs. > > I think that best way to implement this would be from CUPS, but I > don't know how to generate the required information for SAMBA to send > the message to the client. > > Any pointers welcome http://www.librelogiciel.com/software/PyKota/action_Presentation You can use this software in accounting only mode, and use its integrated user notification possibilities to suit your needs. hth Jerome Alet -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] User notification for jobs - windows clients
Hi, Sorry for cross-posting, but this seems to be an interdiciplinary issue. I would like our users to get a popup notification of the completion / failure of their jobs. I think that best way to implement this would be from CUPS, but I don't know how to generate the required information for SAMBA to send the message to the client. Any pointers welcome Thanks Gil -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] [Off Topic] Managed desktop virus scanner in Samba 3 Enviroment
Hi, As we are moving away from an NT based enviroment to SAMBA we are looking for a managed virus scanner for our desktops. Managed means: 1. Remote deployment 2. Updates from a local repository 3. Notification and reporting. The existing solutions (Symantec, TrendMicro, Mcafee) assume that you have an NT server. I would much rather have a Linux/Samba based managment console. Any ideas/leads? Thanks Gil -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba 3.0.8 using NT PDC for authentication - Unable to login/logon from Windows 2003 or CIFS - no guest too
James MacLean wrote: James MacLean wrote: Hi Folks, Recently (I believe since recent 3.0.x releases), I have been unable to login to a Samba instance using CIFS (Linux mount) or Windows 2003. If I change the smb.conf from: security = server to security = user I _can_ login again fine. The NT PDC always replies with NT_STATUS_LOGON_FAILURE. It's event viewer shows that the proper username is being used, but that the password is not correct. Logging in with smbclient or 2000 or XP is fine, although possibly slow as if it is trying one way, failing then trying another. Always failing at auth/auth_server.c:check_smbserver_security(363). I'm usually not too bad at digging in and at least having a clue with these problems, but this time I am lost. Did Google searches, looked at the archives and although I saw similar problems, they where either fixed with something that didn't work here, or the question was not answered :(. Any help, even to look at something obvious, appreciated, JES By setting "use spnego = no" I am able to authenticate the Windows 2003 servers against the Samba server that uses an NT4 server for authentication. It appears that Windows 2003 makes Samba think that it should use spnego to authenticate against an old NT domain :(? According to the man : Unless further issues are discovered with our SPNEGO implementation, there is no reason this should ever be disabled. So having now found a reason ;), I still can not log in from a Linux system using CIFS (smbfs is fine). Some logging: [2004/11/20 22:32:49, 3] smbd/oplock.c:init_oplocks(1302) open_oplock_ipc: opening loopback UDP socket. [2004/11/20 22:32:49, 3] smbd/oplock_linux.c:linux_init_kernel_oplocks(303) Linux kernel oplocks enabled [2004/11/20 22:32:49, 3] smbd/oplock.c:init_oplocks(1333) open_oplock ipc: pid = 6701, global_oplock_port = 44311 [2004/11/20 22:32:49, 3] lib/access.c:check_access(313) check_access: no hostnames in host allow/deny list. [2004/11/20 22:32:49, 2] lib/access.c:check_access(324) Allowed connection from (10.227.7.66) [2004/11/20 22:32:49, 3] smbd/process.c:process_smb(1092) Transaction 0 of length 51 [2004/11/20 22:32:49, 3] smbd/process.c:switch_message(887) switch message SMBnegprot (pid 6701) conn 0x0 [2004/11/20 22:32:49, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2004/11/20 22:32:49, 3] smbd/negprot.c:reply_negprot(461) Requested protocol [NT LM 0.12] [2004/11/20 22:32:49, 3] lib/util_sock.c:open_socket_out(752) Connecting to 10.227.0.8 at port 445 [2004/11/20 22:32:49, 2] lib/util_sock.c:open_socket_out(789) error connecting to 10.227.0.8:445 (Connection refused) [2004/11/20 22:32:49, 3] lib/util_sock.c:open_socket_out(752) Connecting to 10.227.0.8 at port 139 [2004/11/20 22:32:49, 3] auth/auth_server.c:server_cryptkey(75) connected to password server MYSERVER [2004/11/20 22:32:49, 3] auth/auth_server.c:server_cryptkey(100) got session [2004/11/20 22:32:49, 3] auth/auth_server.c:server_cryptkey(133) password server OK [2004/11/20 22:32:49, 3] auth/auth_server.c:auth_get_challenge_server(183) using password server validation [2004/11/20 22:32:49, 3] smbd/negprot.c:reply_nt1(327) not using SPNEGO [2004/11/20 22:32:49, 3] smbd/negprot.c:reply_negprot(549) Selected protocol NT LM 0.12 [2004/11/20 22:32:49, 3] smbd/process.c:process_smb(1092) Transaction 1 of length 220 [2004/11/20 22:32:49, 3] smbd/process.c:switch_message(887) switch message SMBsesssetupX (pid 6701) conn 0x0 [2004/11/20 22:32:49, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2004/11/20 22:32:49, 3] smbd/sesssetup.c:reply_sesssetup_and_X(655) wct=13 flg2=0xc001 [2004/11/20 22:32:49, 3] smbd/sesssetup.c:reply_sesssetup_and_X(789) Domain=[EDUC] NativeOS=[Linux version 2.6.10-rc1] NativeLanMan=[CIFS VFS Client for Linux] PrimaryDomain=[] [2004/11/20 22:32:49, 2] smbd/sesssetup.c:setup_new_vc_session(608) setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all old resources. [2004/11/20 22:32:49, 3] smbd/sesssetup.c:reply_sesssetup_and_X(804) sesssetupX:[EMAIL PROTECTED] [2004/11/20 22:32:49, 3] auth/auth.c:check_ntlm_password(219) check_ntlm_password: Checking password for unmapped user [EMAIL PROTECTED] withthe new password interface [2004/11/20 22:32:49, 3] auth/auth.c:check_ntlm_password(222) check_ntlm_password: mapped user is: [EMAIL PROTECTED] [2004/11/20 22:32:55, 1] auth/auth_server.c:check_smbserver_security(363) password server MYSERVER rejected the password [2004/11/20 22:32:55, 2] auth/auth.c:check_ntlm_password(312) check_ntlm_password: Authentication for user [JUSTME] -> [JUSTME] FAILED with error NT_STATUS_LOGON_FAILURE [2004/11/20 22:32:55, 3] smbd/error.c:error_packet(129) error packet at smbd/sesssetup.c(887) cmd=115 (SMBsesssetupX) NT_STATUS_LOGON_FAILURE [2004/11/20 22:32:55, 3] smbd/process.c:timeout_processing(1337) timeout_processing: End of file from client (client h
[Samba] How to increase the max connections allowed on samba 3.0.8
Hello, I have 300 users and each one needs at least 5 shared disk via samba, but with my samba version 3.0.8 I have no more than 350 smbd processes enable so I have the message : [2004/11/26 11:14:20, 0] smbd/service.c:(340) Couldn't find free connection. The variable MAX_CONNECTIONS is no more present in smbd/conn.c, so how can I increase my free connection set. I'm in production please help _ Don't just search. Find. Check out the new MSN Search! http://search.msn.com/ -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Logon Problems with Samba 3.07 after password changes
Hi guys, My ealier post did not get answered, so I am trying to rephrase my problem (which gets bigger every day). We have a working Samba PDC installation. Clients authenticate for sharing profiles and get a home directory mounted. Very straight forward. Now, when I change a users password with smbpasswd, that user cannot logon to the Samba PDC anymore, but can mount Shares only manually. So: Whenever I change a password or create a new user, that user is blocked from loggin on in our intranet. The whole thing happens since we have moved servers (new, but same Debian testing installation). /etc/samba was copied to the new server. Please help, adivse, hint!! Best, Martin -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [samba] calculate machine SID?
Andrew Bartlett wrote: On Wed, 2004-11-24 at 10:05 +, Daniel Wilson wrote: hi list, How do you calculate a machine SID and primarygroupSID? On a user you would do 2*uidNumber+1000 and 2*uidNumber+1001 But machines accounts dont have a uidNumber so how is the SID genrated?? Machines do and must have a uidNumber, and a full posixAccount. From there they are just like other users. Andrew Bartlett hmmm, "smbpasswd -a -m netbios" only adds "account,top,sambaSamAccount" object classes, it doesnt add posixAccount! dan -- Daniel Wilson Systems Administrator IT & Communications Service University of Sunderland Unit1 Technology Park Chester Road Sunderland SR2 7PT Tel: 0191 515 2695 This e-mail contains information which is confidential and may be privileged and is for the exclusive use of the recipient. It is the responsibility of the recipient to ensure that this message and its attachments are virus free. Any views or opinions presented are solely those of the author and do not necessarily represent those of the University, unless otherwise specifically stated. -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] migrating domain user accounts
can anyone help me with how to migrate NT4 domain accounts to a samba server accounts, I'm trying to setup a new workgroup for file sharing purposes, but I'd like to be able to use the existing user database, the SAMBA howto lists how to migrate between NT4 domain to SAMBA as PDC, but I'm to make a standalone file sharing server and I relly don't want to re input all of the users again into the smbpasswd, and is there any user accounts manager tool for linux and samba, please help me I need to get it runing next week -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Mounting
Hi, Ik solved the problem my self by disabling all server and client signing in Windows 2003. Mark -Oorspronkelijk bericht- Van: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Namens Mark van Gurchom Verzonden: donderdag 25 november 2004 9:34 Aan: [EMAIL PROTECTED] Onderwerp: [Samba] Mounting Hi, When I try to mount a Windows 2003 server share using: mount -t smbfs -o username=administrator,password=xx //server/c$ /mnt/data I get the following error: cli_negprot: SMB signing is mandatory and we have disabled it. 3141: protocol negotiation failed SMB connection failed What to do? Thanks in Advance... Mark -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba