Re: [Samba] Home drives not as documented

[John Ryan]

Thanks. It worked a treat.

- Original Message - 
From: "Gerald (Jerry) Carter" <[EMAIL PROTECTED]>
To: "John Ryan" <[EMAIL PROTECTED]>
Cc: <[EMAIL PROTECTED]>
Sent: Friday, December 03, 2004 12:44 AM
Subject: Re: [Samba] Home drives not as documented


> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
> 
> John Ryan wrote:
> | Hi,
> |
> | I'm using Samba 3.0.5 on a Fedora Linux box.
> | I have in my smb.conf
> |
> | logon home = \\%L\%u\.profile
> | logon path = \\%L\profiles$\%u
> | logon drive = H:
> |
> | [profiles$]
> | comment = Windows XP profile directory
> | path = /home/profile
> |
> | [homes]
> | comment = home dirs
> | browseable = no
> | writeable =yes
> |
> | I have a mixture of Win95 and WinXP clients
> | The Win95 clients map the home drive correctly to the
> | users home directory, and store their profile in
> | ~/.profile, but the WinXP clients map H: to ~/.profile.
> | I've tried various combinations of logon home and logon
> | path, but whatever I set logon home to, is where H:
> | gets mapped to by WinXP
> |
> | I could change it to \\%L\%u but then the Win95 macines
> | dump their profile in the home directory. I want both XP
> | and 95 boxes to have H: as their home dir.
> 
> I would recommend using something like
> 
> include = /logon_%a.conf
> 
> to set the logon home on a per client arch basis.
> 
> 
> 
> 
> 
> 
> cheers, jerry
> - -
> Alleviating the pain of Windows(tm)  --- http://www.samba.org
> GnuPG Key- http://www.plainjoe.org/gpg_public.asc
> "If we're adding to the noise, turn off this song"--Switchfoot (2003)
> -BEGIN PGP SIGNATURE-
> Version: GnuPG v1.2.4 (GNU/Linux)
> Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
> 
> iD8DBQFBryMoIR7qMdg1EfYRAgY+AJwIbubPxGkUcOqR2fDeYSrhDQJISwCg8chc
> TKuFE9lvmrFz3z7MWTZYq3M=
> =x9MH
> -END PGP SIGNATURE-
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Re: Re: Re: SAMBA / LDAP / Domain Password change problem

[John Schmerold]

slapd.conf - password changed to proect the guilty:
include /etc/openldap/schema/core.schema
include /etc/openldap/schema/cosine.schema
include /etc/openldap/schema/inetorgperson.schema
include /etc/openldap/schema/nis.schema
include /etc/openldap/schema/samba.schema
pidfile /var/run/slapd.pid
databaseldbm
suffix  "dc=twinoakschurch,dc=org"
rootdn  "cn=Manager,dc=twinoakschurch,dc=org"
rootpw{crypt}ijFYNcSNctBYg
directory   /var/lib/ldap
index objectClass eq
index cn pres,sub,eq
index sn pres,sub,eq
index uid pres,sub,eq
index displayName pres,sub,eq
index uidNumber eq
index gidNumber eq
index memberUID eq
index sambaSID eq
index sambaPrimaryGroupSID eq
index sambaDomainName eq
index default sub
John Schmerold
Katy Computer & Wireless
20 Meramec Station Rd
Valley Park MO 63088
636-861-6900 v
775-227-6947 f

Danny Paul wrote:
Ok, now it sounds like the account SAMBA uses to sonnect to LDAP is too
restricted.  Attach your slapd.conf.
John Schmerold wrote:
 

First I setup DHCP on the server - we were using the Linksys router to
provide DHCP
Then did following:
service smb stop ; service winbind stop ; rm -f
/var/cache/samba/wins.dat ; service smb start ; service winbind start
Same problem
I looked at the log file for one of the computers that won't join the
domain. It says the following:
cat  /var/log/samba/log.ron_laptop
[2004/11/30 11:25:24, 0] passdb/pdb_ldap.c:ldapsam_add_sam_account(1870)
 ldapsam_add_sam_account: failed to modify/add user with uid =
ron_laptop$ (dn = uid=ron_laptop$,ou=Computers,dc=twinoakschurch,dc=org)
[2004/11/30 11:25:24, 0] rpc_server/srv_samr_nt.c:_samr_create_user(2277)
 could not add user/computer ron_laptop$ to passdb.  Check permissions?
   


 

--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Can RH AS3 be a ADS member with winbind+nss+krb5?

[John Stile]

On Thu, 2004-12-02 at 13:26 -0800, John Stile wrote:
> Samba is trying to be a member server in an AD in native mode, using
> winbind, nss, and kerberose.  There are 3 kdc's (2 are Win2003, 1 is
> Win2000), samba server is RH-AS3 + Samba version 3.0.9 (from samba.org)
> + krb5 1.3.1-6 (from Fedora Core).  I thought I had things working (join
> succeeded, could access shares, modify files), and then it stopped
> working.  After clearing out the host account from AD, when I try to add
> sever back to the domain, the host is added to AD but the join fails. 
> 
> When it broke the following changes had occurred:
>  I had restarted samba.
>  I changed some pam files (which have been reverted).
>  Windows administrators had turned on 'smb signing' around that time,
> but I don't know how samba 3.0.9 will handle this.
>  
> Questions:
>   Is this possible to setup samba as a member server in this
> configuration with this network and software versions or should i try
> another method?
>   What is the next best setup method?
> 
>   I am left wondering what the best options are available at this point,
> as things seem hopeless.  
>   I have followed steps outline in Samba-3 By Example, by John H.
> Terpstra, chapter 9.3.3
> -- 
> To unsubscribe from this list go to the following URL and read the
> instructions:  http://lists.samba.org/mailman/listinfo/samba

I'm still trying to find a solution.  Any ideas or feedback would really
help.  It seems like I'm seeing a lot of 'segmentation faults' and
'Cannot find kdc' from net commands but name resolution does work, so I
don't know what to make of it.   

More testing:
kinit stile
  New ticket is stored in cachefile /tmp/krb5cc_0
 
cat  /etc/nsswitch.conf  |egrep host
   hosts:  files dns winbind
   
getent  passwd  |grep 'ad-'
hcs-ad-c$:x:12439:10002:HCS-AD-C:/home/REALM/hcs-ad-c_:/bin/false
hcs-ad-a$:x:12440:10002:HCS-AD-A:/home/REALM/hcs-ad-a_:/bin/false
hcs-ad-b$:x:12441:10002:HCS-AD-B:/home/REALM/hcs-ad-b_:/bin/false
net ads info
LDAP server: 128.32.67.118
LDAP server name: hcs-ad-b
Realm: REALM.MY.DOMAIN.COM
Bind Path: dc=REALM,dc=MY,dc=DOMAIN,dc=COM
LDAP port: 389
Server time: Thu, 02 Dec 2004 16:35:41 GMT
KDC server: 128.32.67.118
Server time offset: 1
net ads testjoin -U admin 
Join is OK
net ads leave -U admin
Removed 'MYHOST' from realm 'REALM.MY.DOMAIN.COM' 
net time
correct time displayed
net ads info 
dumps correct info about the windows 2000 ADS.

When I did not have a machine account in AD
net ads keytab create -U admin
   libads/kerberose.c:get_service_ticket(335) 
   get_service_ticket: kerberose_kinit_password MYHOST2
[EMAIL PROTECTED]@REALM.MY.DOMAIN.COM failed: Client not found in
Kerberose database
   Segmentation fault
net ads join -U admin
   libads/kerberose.c:get_service_ticket(335) 
   get_service_tiket: kerberose_kinit_password MYHOST2
[EMAIL PROTECTED]@REALM.MY.DOMAIN.COM failed: Client not found in
Kerberose database  
   Segmentation fault
Though the join command failed, the host does appear in AD.
Now I rerun the keytab creation:
net ads keytab create -U admin 
   Warning: "use kerberose keytab" must be set to "true" in order to
use keytab functions.
After starting winbind with 'winbindd -S -i -F -d 8 -Y' and running
'getent passwd' the query ends with the following lines: 
   ads_krb5_mk_req: krb5_get_credentials failed for actdir05
[EMAIL PROTECTED]' (Cannot find KDC for requested realm)
   ads_krb5_mk_req: krb5_get_credentials failed for actdir05
[EMAIL PROTECTED]' (Cannot find KDC for requested realm)
   ads_connect for domain ROOTREALM failed: Cannot find KDC for
requested realm
   [ 3123]:   getpwent
   [ 3123]:   endpwent
   read failed on sock 18, pid 3123: EOF
  net ads lookup myhostname
   Information for Domain Controller: foo-ad-b
   Response Type: SAMLOGON
   GUID: 5d58ee7c-0e3d-4743-adfb-3f6289593630
   Flags:
   Is a PDC:   no
   Is a GC of the forest:  no
   Is an LDAP server:  yes
   Supports DS:yes
   Is running a KDC:   yes
   Is running time services:   yes
  Is the closest DC:  yes
   Is writable:yes
   Has a hardware clock:   no
   Is a non-domain NC serviced by LDAP server: no
   Forest: foo.domain.com
   Domain: realm.my.domain.com
   Domain Controller:  hcs-ad-b.realm.my.domain.com 
   Pre-Win2k Domain:   REALM
   Pre-Win2k Hostname: HCS-AD-B
   Site Nam

Re: [Samba] mixed local & roaming profiles?

[Justin Zachor]

Nevermind -- I just clued in on the "Profile Type" dialog.
Sorry for the static.
-J
Justin Zachor wrote:
Before I join all my W2K clients to my 3.0.8-2 Samba server (Debian),
I plan to remove "logon path = ..." due to sporatic problems I'm seeing.
We're only ~10 regular Windows2000 users, and ~30 VMware Win2K users, so 
 roaming doesn't buy us much.  However, it might be helpful if I could 
enable roaming either by user or by host, particularly with the VMware 
users.

Is there a _simple_ option for this?
Thanks!
--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Re: [Samba] root ownership on some profile files cause login errors

[Justin Zachor]

Okay, I'm making progress... here's a better directed question:
The problem is that when a profile is created on the Samba server 
(pushed up from the Win2K client by "Copy To..." dialog, run as Local 
Admin) some of the profile files are owned by root and not readable by 
group or other. This task is performed by a local Administrator, and 
using my account "zippy" as the PDC admin login
(admin users = @ntadmin) (I'm in Unix group 'ntadmin')

What I did to fix my account's roaming profile was to (as root on the 
Samba server) "chown -R zippy zippy" and "chmod -R 700 zippy"

So the question becomes:  Will a create mask, directory mask, or force 
create mode fix this? For every profile I push up to the server do I 
need to login to the server and tweak permissions as root?

Thanks again!!
-Justin
Gerald (Jerry) Carter wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Justin Zachor wrote:
| Here's another question related to how to use masks --
|
| In my PDC area I specify:
|
| logon path = \\netapp\profiles\%u
I recommend %U and not %u for the 'logon path' in most cases
-snip-
| So, is this the sytax for masks?
| Do I add "create mask = 0744" -OR- "force create mask = 0744"?
| Where do I put it? Anywhere in smb.conf?
|
| Should the mask be 0077? (it's a mask, not chown
| notation, right??)
the 'create mask' is a bitwise logical AND with the
requested permissions.  The force create mode is a bitwise
logical OR.
-snip-
>>  admin users = @ntadmins
>>  ^^
>
> It's probably this line.  See the smb.conf(5) man page for details.
--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] XP NetBT 4321 error when booting and trying to connect to the samba server

[Seth Bardash]

We just did a fresh load on a new Windows XP Pro machine.

Dual Opteron 248
Iwill DK8N Motherboard
with Nvidia Gigabit Ethernet controller
1GB (4 x 256MB) Memory
3ware 7006-2 RAID Controller
Dual 40GB Disks Striped
ATI 7000 VE Dual Graphics controller

All XP drivers installed and XP updates.
Connected to a Linksys EGW008 - 8 port gigabit hub

Our linux server is RH 9.0 with Samba 2.2.7a-security-rollup-fix from Redhat

When the machine boots it does not connect to the linux server properly and
takes about 4 minutes till it sees the samba shares correctly.

Initially it was trying to become the lmhosts master but the linux server is
set to 65 and denies this during an election.

I then turned off the XP registry entry for lmhosts master to prevent this
election.

Our domain internally is ISLLC, the server is 192.168.0.2 and the XP machine
is 192.168.0.3

The XP machine now gets the following error in the event log:

The name "ISLLC  :1d" could not be registered on the Interface with
IP address 192.168.0.3. The machine with the IP address 192.168.0.2 did not
allow the name to be claimed by this machine.

Any help would be appreciated.

Seth

Integrated Solutions and Systems



-- 
No virus found in this outgoing message.
Checked by AVG Anti-Virus.
Version: 7.0.289 / Virus Database: 265.4.3 - Release Date: 11/26/2004

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] Problem authenticating against Active Directory (samba 3.0.9 / fedora core 3)

[Bill Bradford]

I've spent all day on this, and I can't, for the life of me, get Samba
3.0.9 (updated RPM for Fedora Core 3) to authenticate properly against
Active Directory.

(I've edited out the actual domain name, username, etc)

I've synced up time (to within a half-second) with the domain controller.

Kerberos works:

[EMAIL PROTECTED] samba]# kinit [EMAIL PROTECTED]
Password for [EMAIL PROTECTED]:

Joining the domain works:

[EMAIL PROTECTED] samba]# net ads join -U 'username%password'
[2004/12/02 17:29:26, 0] libads/ldap.c:ads_add_machine_acct(1474)
  Warning: ads_set_machine_sd: Unexpected information received
Using short domain name -- AD
Joined 'PRINTSHOP' to realm 'AD.DOMAIN.COM'

but then I can't get a list of shares:

[EMAIL PROTECTED] samba]# smbclient -L localhost -U username
Password: 
session setup failed: NT_STATUS_LOGON_FAILURE

Here's my /etc/krb5.conf:

[logging]
 default = FILE:/var/log/krb5libs.log
 kdc = FILE:/var/log/krb5kdc.log
 admin_server = FILE:/var/log/kadmind.log
[libdefaults]
 ticket_lifetime = 24000
 default_realm = AD.DOMAIN.COM
 dns_lookup_realm = false
 dns_lookup_kdc = false
[realms]
 AD.DOMAIN.COM = {
 kdc = DC01.AD.DOMAIN.COM:88
 admin_server = dc01.ad.domain.com:749
 default_domain = ad.domain.com
 }
[domain_realms]
.domain.com = .DOMAIN.COM
domain.com = DOMAIN.COM
[appdefaults]
 pam = {
   debug = false
   ticket_lifetime = 36000
   renew_lifetime = 36000
   forwardable = true
   krb4_convert = false
 }

Here's my /etc/samba/smb.conf:

[global]
realm = AD.DOMAIN.COM
workgroup  = AD
password server = dc01.ad.domain.com
security = ADS
encrypt passwords = yes
server string = Print Server
load printers = yes
printing = cups
cups options = raw
log file = /var/log/samba/%m.log
max log size = 50
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
[printers]
   comment = All Printers
   path = /var/spool/samba
   browseable = yes
   guest ok = yes
   writable = no
   printable = yes
   public = yes

(yes, the only thing I'm trying to share is printers)

In the logfiles, I'm seeing a ton of this:

[2004/12/02 16:32:59, 0] auth/auth_util.c:make_server_info_info3(1134)
  make_server_info_info3: pdb_init_sam failed!
[2004/12/02 16:45:39, 0] auth/auth_util.c:make_server_info_info3(1134)
  make_server_info_info3: pdb_init_sam failed!
[2004/12/02 16:57:20, 0] auth/auth_util.c:make_server_info_info3(1134)
  make_server_info_info3: pdb_init_sam failed!
[2004/12/02 17:33:51, 0] auth/auth_util.c:make_server_info_info3(1134)
  make_server_info_info3: pdb_init_sam failed!

The same username/password works fine authenticating directly against the DC.

Any suggestions?  I've been working on this literally all day, and all
I want to do is share three printers with our Windows users..

Thanks.

Bill
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] Re: User e-rizzo in passdb, but getpwnam() fails

[Giuseppe Sacco]

Il giorno mer, 01-12-2004 alle 10:15 +0100, Giuseppe Sacco ha scritto:
> [Please CC to me since I am not subscribed to the list]
> 
> Hi all,
> I have a new samba installation, Debian + samba 3.0.8 configured as PDC.
> I added the first machine to the domain and now, after reboot, I cannot
> log in.
> The error I see, in samba log, is:
> 
>   User e-rizzo in passdb, but getpwnam() fails!
> 

The problem was that the linux user did not have a password. When I
specified a password for the linux user, then samba accepted the user
connections.

Bye,
Giuseppe

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

RE: [Samba] AD Domain member not authenticating

[John Stile]

I was just following directions on samba.org, and when one runs 'getent
passwd' or 'getent group' a '+' is used as a separator.  
However 'testparrm  -s' does warn:
  'winbind separator = +' might cause probles with group membership.
So I'm lost too.

On Thu, 2004-12-02 at 08:04 -0500, Edward Wissner wrote:
> I have been following this thread.  I have a similar configuration to John
> with the same problem.  I am running Mandrake 10.1 Community.  I have
> installed the latest krb5-1.3.X package from MIT.  I am trying to authorize
> users using a w2k AD server.
> One question (possibly silly), why does every example smb.conf file use '+'
> as the winbind separator?  If the defualt is '\' , why not leave it at that?
> I am able to authenticate to the serve, see the shared directories, but
> cannot authenticate to the directory.  If I create a Unix/Samba user, that
> user can use the shared directories.
> 
> ed
> -Original Message-
> From: John Stile [mailto:[EMAIL PROTECTED]
> Sent: Wednesday, December 01, 2004 4:41 PM
> To: [EMAIL PROTECTED]
> Subject: Re: [Samba] AD Domain member not authenticating
> 
> 
> On Wed, 2004-12-01 at 11:17 -0800, John Stile wrote:
> > On Wed, 2004-12-01 at 11:06 -0800, John Stile wrote:
> > > I had samba working, then I tried (unsuccessfully) to setup ssh pam
> auth.
> > > Now users are prompted for a password when accessing shares, but no
> password
> > > works.  I am using Redhat AS 3, samba-3.0.9-1, and krb5-1.3.
> > > I forgot to backup pam file system-auth before modifying things, so I'm
> not sure if that is the problem.
> > > ---
> > > These commands succeed:
> > >   wbinfo -u,
> > >   wbinfo -g
> > >   getent passwd
> > >   getent group
> > >   net ads info
> > > Time is within 2 seconds between 'net time' and 'date'
> > > ---
> > > Running winbind in interactive mode while trying to connect,
> > > winbindd -S -i -F -d 8 -Y
> > > The end of the output (as there is a lot) looks like this:
> > > ...
> > > remove_duplicate_gids: Enter 5 gids
> > > remove_duplicate_gids: Exit 5 gids
> > > [ 6411]: gid to sid 10001
> > > [ 6411]: gid to sid 10066
> > > [ 6411]: gid to sid 10067
> > > [ 6411]: gid to sid 10265
> > > [ 6411]: gid to sid 10274
> > > read failed on sock 20, pid 6411: EOF
> > > read failed on sock 19, pid 6411: EOF
> > > ---
> > > /etc/samba/smb.conf
> > > [global]
> > >server string = Samba Server
> > >workgroup = MYREALM
> > >realm = MYREALM.MY.DOMAIN.COM
> > >security = ADS
> > >username map = /etc/samba/smbusers
> > >map to guest = Bad User
> > >password server = *
> > >socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
> > >preferred master = no
> > >local master = no
> > >domain master = no
> > >os level = 33
> > >wins server = 128.32.68.75 128.32.67.118
> > >ldap ssl = no
> > >idmap uid = 1-2
> > >idmap gid = 1-2
> > >winbind enum users = yes
> > >winbind enum groups = yes
> > >winbind separator = +
> > >winbind use default domain = Yes
> > >template primary group = "Domain Users"
> > >template homedir = /home/%U
> > >template shell = /bin/bash
> > >load printers = no
> > >log level = 1
> > >syslog = 0
> > >log file = /var/log/samba/%m.log
> > >max log size = 0
> > > ---
> > > /etc/pam.d/system-auth
> > > #%PAM-1.0
> > > # This file is auto-generated.
> > > # User changes will be destroyed the next time authconfig is run.
> > > authrequired  /lib/security/$ISA/pam_env.so
> > > authsufficient/lib/security/$ISA/pam_unix.so likeauth nullok
> > > authsufficient/lib/security/$ISA/pam_smb_auth.so
> use_first_pass nolocal
> > > authrequired  /lib/security/$ISA/pam_deny.so
> > >
> > > account required  /lib/security/$ISA/pam_unix.so
> > >
> > > passwordrequired  /lib/security/$ISA/pam_cracklib.so retry=3
> type=
> > > passwordsufficient/lib/security/$ISA/pam_unix.so nullok
> use_authtok md5 shadow
> > > passwordrequired  /lib/security/$ISA/pam_deny.so
> > >
> > > session required  /lib/security/$ISA/pam_limits.so
> > > session required  /lib/security/$ISA/pam_unix.so
> > > --
> > I'm also seeing errors in /var/log/samba/winbindd.log
> >   [2004/12/01 11:14:40, 1] libsmb/clikrb5.c:ads_krb5_mk_req(390)
> > ads_krb5_mk_req: krb5_get_credentials failed for
> [EMAIL PROTECTED] (Cannot find KDC for requested realm)
> >   [2004/12/01 11:14:40, 1]
> nsswitch/winbindd_ads.c:ads_cached_connection(81)
> > ads_connect for domain CAMPUS failed: Cannot find KDC for requested
> realm
> >   [2004/12/01 11:14:40, 1] libsmb/clikrb5.c:ads_krb5_mk_req(390)
> > ads_krb5_mk_req: krb5_get_credentials failed for
> [EMAIL PROTECTED] (Cannot find KDC for requeste

Re: [Samba] Re: using samba through a VPN

[Adam Tauno Williams]

> If you find smb too slow, you should try using http to serve the files 
> across the VPN.
> Set up apache to use samba authentication and you should be all set.
> You could even run both Samba and Apache at the same time, and see for 
> yourself which works out better.

We use Davenport, which is a DAV<-->CIFS/SMB portal, to provide DAV
access to all our Samba volumes.  Davenport is a setup-and-go app, very
nice and has worked well for us.  http://{hostname}:8080/davenport and
you see the domains & workgroups listed, you drill down through hosts to
volumes just like using Network Neighborhood.  A volume can be browsed
as a web page (for non-DAV clients like Win9x) or as a DAV volume.

DAV is much faster over VPN links than native SMB.

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] Re: using samba through a VPN

[Tom]

If you find smb too slow, you should try using http to serve the files 
across the VPN.

Set up apache to use samba authentication and you should be all set.

You could even run both Samba and Apache at the same time, and see for 
yourself which works out better.


-tom

"Andrew Gaffney" <[EMAIL PROTECTED]> wrote in message 
news:[EMAIL PROTECTED]
>I already have an existing network that is managed by a samba PDC. In the 
>next few days, I will be linking another small LAN to the existing one over 
>the internet using openvpn. I've been told that samba (through no fault of 
>its own) doesn't work very well through a VPN.
>
> For the new network, there will be a box with 2 NICs: one for the internet 
> and one for the LAN. This box will use openvpn and iptables to allow the 
> entire LAN direct access to the PDC (which provides other services also) 
> through the VPN tunnel.
>
> I want the workstations in the new network to be able to logon to the 
> domain and access the file shares hosted by the samba PDC in the first 
> network. Will I be able to do this? Easily? :)
>
> -- 
> Andrew Gaffney
> Gentoo Linux Developer
> Installer Project
> -- 
> To unsubscribe from this list go to the following URL and read the
> instructions:  http://lists.samba.org/mailman/listinfo/samba
> 



-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] Can RH AS3 be a ADS member with winbind+nss+krb5?

[John Stile]

Samba is trying to be a member server in an AD in native mode, using
winbind, nss, and kerberose.  There are 3 kdc's (2 are Win2003, 1 is
Win2000), samba server is RH-AS3 + Samba version 3.0.9 (from samba.org)
+ krb5 1.3.1-6 (from Fedora Core).  I thought I had things working (join
succeeded, could access shares, modify files), and then it stopped
working.  After clearing out the host account from AD, when I try to add
sever back to the domain, the host is added to AD but the join fails. 

When it broke the following changes had occurred:
 I had restarted samba.
 I changed some pam files (which have been reverted).
 Windows administrators had turned on 'smb signing' around that time,
but I don't know how samba 3.0.9 will handle this.
 
Questions:
  Is this possible to setup samba as a member server in this
configuration with this network and software versions or should i try
another method?
  What is the next best setup method?

  I am left wondering what the best options are available at this point,
as things seem hopeless.  
  I have followed steps outline in Samba-3 By Example, by John H.
Terpstra, chapter 9.3.3
-- 
._.
|   \0/John Stile |
| UniX Administration |
|   / \  510-305-3800 | 
| [EMAIL PROTECTED] |
.-.



signature.asc
Description: This is a digitally signed message part
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] mixed local & roaming profiles?

[Justin Zachor]

Before I join all my W2K clients to my 3.0.8-2 Samba server (Debian),
I plan to remove "logon path = ..." due to sporatic problems I'm seeing.
We're only ~10 regular Windows2000 users, and ~30 VMware Win2K users, so 
 roaming doesn't buy us much.  However, it might be helpful if I could 
enable roaming either by user or by host, particularly with the VMware 
users.

Is there a _simple_ option for this?
Thanks!
--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] General Question

[Matt Schwartz]

In the upcoming Samba4, are there plans to make working with LDAP databases
easier?  I have just given up on an ldap backend due to time constraints.  I
simply cannot get it to work.  My guess is that net rpc vampire will not
work for account synchronization between PDC and BDC.

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

RE: [Samba] Printer permissions from W2K

[Andras Kende]

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of
[EMAIL PROTECTED]
Sent: Thursday, December 02, 2004 10:36 AM
To: [EMAIL PROTECTED]
Subject: [Samba] Printer permissions from W2K

Hey all...

I am trying to connect to a Epson FX-85 24-pin printer on my
file/print/samba server. I am running SuSE 9.1/Samba 3.0.2a with CUPS as the
print spool. When I try to connect to the printer from W2K land, I get this
error:
"Permission denied"

I am at a loss as to where to look (sorry I dont have my smb.conf file
posted. I am away from home for a couple of days). ALl else (drive mapping
to W2K, smbfs mounting) works great. But trying to map a linux printer to
WIndows has been the last great hangup.

Any suggstions?

Joe


The windows user connecting to printer share don't have the correct
permissions for printing...

Check the printer spool directory for guest permissions..

Something like this would work : chmod -R 777 /var/spool/samba



Andras Kende
http://www.kende.com







-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba



-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] Novell Edirectory

[Patricio Bruna]

Has anyone extend the edirectory schema with the samba one?
im using edir 8.7.3 for linux and samba 3.
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] Trying to configuring a G4 OS 10.2.8

[Sanders]

Hello,
 
I am working on configuring a G4 with OS 10.2.8(Jaguar). I  have read a
lot of email on the difficulty of adding this type of computer to a Windows
2000 Active Directory environment. This G4 computer's user is an
Adminstrator user. I have try Admit Mac 2.0 and ran into some problem
issues, because it was set up for an administrator user.  Admit Mac 2.0 was
able to see the Active Directory objects, but the libraries for the program
files like adobe photoshop and fonts would not work in this environment.  We
backed off so that we would not lose informationon. How does SAMBA work in
this environment? How should a person with very little Mac experience
approach this issue? I work with microsoft product like Windows 2000/NT
server, Windows 2000 and Windows XP. I would like to use Samba to allow the
G4 user to access our Windows 2000 network.
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] Re: Printer permissions from W2K

[Michael Lueck]

[EMAIL PROTECTED] wrote:
Any suggstions?
Get a wig as you will be pulling your hair out to get your "Hello, World!" 
first printer to work 100%. ;-)
I documented my findings about printing and the annoying "Access Denied" I was experiencing in this doc. It assumes you desire to use CUPS in RAW mode and Windows drivers on the clients to produce the 
printer-read data.

ftp://ftp.lueckdatasystems.com/pub/presentations/klugsamba3pdc-bookreview.pdf
--
Michael Lueck
Lueck Data Systems
Remove the upper case letters NOSPAM to contact me directly.
--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Re: [Samba] winbind: wbinfo -u errors

[Xavier Callejas]

El Jue 02 Dic 2004 08:06, Gerald (Jerry) Carter escribió:

Thankyou!

I had run: 'net rpc join' in the PDC server, and 'join rpc testjoin' reslut 
good. Is this what you told me to do???

> Xavier Callejas wrote:
> | Hi.
> |
> | My question is: do I need to run winbind in the samba PDC server???
> |
> | I'm trying to use ntlm_auth in squid but the server can not make
> | wbinfo -u succefully
> |
> | squid and samba PCD are in the same box, is this possible???
>
> In this case, you will need to join winbindd to the Samba
> PDC (running on the same box) as you would for a normal
> domain member server.
>
>
>
>
>
>
>
>
> cheers, jerry
> -
> Alleviating the pain of Windows(tm)  --- http://www.samba.org
> GnuPG Key- http://www.plainjoe.org/gpg_public.asc
> "If we're adding to the noise, turn off this song"--Switchfoot (2003)

-- 
Xavier Callejas
IT Manager
International Bonded Couriers
El Salvador
E-Mail + MSN: xcallejas at ibcinc.com.sv
ICQ: 6224
--
Open your Mind, use Open Source.
--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] This is an alert from eSafe

[eSafe]

*** CING Security System has  detected a hostile content in this email. ***


Time: 26 Nov 2004 18:52:53
Scan result: Mail modified to remove malicious content
Protocol: SMTP in
File Name\Mail Subject: mail_1101298953: Re: Hello
Source: [EMAIL PROTECTED]
Destination: [EMAIL PROTECTED]
Details: detail3_panm.zip   Infected with Win32.Netsky.p (Non-Removable) , 
Blocked   \document.txt 
  .exe   Infected with Win32.Netsky.q (Non-Removable), Blocked 

**
The contents of this email and any attachments are confidential.
It is intended for the named recipient(s) only.
If you have received this email in error please notify the system manager or  
the 
sender immediately and do not disclose the contents to any one or make copies.

** CING Security System scanned this email for viruses, vandals and malicious 
content **
**
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] AutoNotify: Re: Hello

[Spam_Agent]

Message [02c_1853inoe42b.pro] triggered rule [Cing SPAM] at 6:53:39 PM 12/2/2004

Sender: [EMAIL PROTECTED]
Recipient(s): [EMAIL PROTECTED]
Subject: Re: Hello

**
The contents of this email and any attachments are confidential.
It is intended for the named recipient(s) only.
If you have received this email in error please notify the system manager or  
the 
sender immediately and do not disclose the contents to any one or make copies.

** CING Security System scanned this email for viruses, vandals and malicious 
content **
**
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] Printer permissions from W2K

[joec]

Hey all...

I am trying to connect to a Epson FX-85 24-pin printer on my file/print/samba 
server. I am running SuSE 9.1/Samba 3.0.2a with CUPS as the print spool. When I 
try to connect to the printer from W2K land, I get this error:
"Permission denied"

I am at a loss as to where to look (sorry I dont have my smb.conf file posted. 
I am away from home for a couple of days). ALl else (drive mapping to W2K, 
smbfs mounting) works great. But trying to map a linux printer to WIndows has 
been the last great hangup.

Any suggstions?

Joe


-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] net ads commands and princs in krb5.keytab

[Rick Brown]

I don't think this is possible, but it should be!

I want to use net ads commands for administrators on the command line
without including the domain admin accounts password.

Currently, I'm doing so via command lines such as:
net ads password [EMAIL PROTECTED] \
-U [EMAIL PROTECTED] users_new_password

/net ads search sAMAccountName=username \
-U [EMAIL PROTECTED]

I can't stand having to include admin passwords on the command line,
and worse yet in the php scripts that call 'em.

What I'd prefer is to be able to use a krb5 princ in
/etc/krb5.keytab such as one would with kinit or kadmin with -p
and -k arguments.   Is this currently possible (but undocumented),
or planned for future development?

[ Rick Brown   ][  (404) 894-6175   ]
[ Office of Information Technology ][[EMAIL PROTECTED]  ]
[ Georgia Institute of Technology  ][  258 4th street. Atlanta, GA  ]
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

RE: [Samba] using samba through a VPN

[David Brodbeck]

> -Original Message-
> From: tom burkart [mailto:[EMAIL PROTECTED]

> The thing to use is a DHCP server that also provides clients 
> with the IP 
> address of the PDC through the netbios-name-servers option in the ISC 
> DHCP server.

Actually, the address you want to give them is the address of the WINS
server.  That can be the same as the PDC, but it doesn't have to be.
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Re: [Samba] using samba through a VPN

[Andrew Gaffney]

Adam Tauno Williams wrote:
The thing to use is a DHCP server that also provides clients with the IP 
address of the PDC through the netbios-name-servers option in the ISC 
DHCP server.
Yep,  whether this is DHCP or not depends on your VPN technology of choise, 
but
you need to get that information (WINS server) down to the client.  Also best
to set the clients node type to be WINS only and not use broadcast, but that is
always true.
How do I do tell the workstations not to broadcast?
--
Andrew Gaffney
Gentoo Linux Developer
Installer Project
--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] news.samba.org: Call for Stories

[Deryck Hodge]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi, all.
Just wanted to give everyone a heads up on a recent post to
news.samba.org.  We are looking for material for the news portion of
samba.org.  Here's the request as it appears on http://news.samba.org/:

news.samba.org is looking for stories, especially those about successful
Samba installations.  It doesn't matter if yours is a recent
install/migration or an existing setup that just works when you need it.
We want to hear from our community about how Samba is being put to good
use.  You would be surprised how your story can help spread the word
about Samba.
If you think you might have something interesting to share, go to our
story submission form  and let us
hear from you.  All stories will be credited to their submitter.

I'll look forward to hearing from you all. :-)  Cheers,
- -- deryck
- --
Deryck Hodge   http://www.devurandom.org/
Cataloging Department  http://www.lib.auburn.edu/
Samba Team  http://www.samba.org/
GnuPG Keyhttp://www.devurandom.org/gpg_pubkey.asc
I am flawed but I am cleaning up so well.
- --Dashboard Confessional, from "Vindicated"(2004)
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.2.4 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
iD8DBQFBrzY14glRK0DaE8gRAoz9AKDHtiaHtqH33wennjCKelk8qYT15gCeLx2y
kbkMijOMOCQ+9DqJvj93pNE=
=u2xY
-END PGP SIGNATURE-
--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] net ads join fails - "Preauthetication failed"

[birger]

After a lot of different problems and variations of krb5.conf and 
samba.conf files I am currently stuck with the following error trying to 
join a domain

net ads join -U [EMAIL PROTECTED] 'Klienter\IT\MatNat\IFT\Samba 
Servers\IT-gruppen'
[EMAIL PROTECTED]'s password:
[2004/12/02 15:34:36, 0] libads/ldap.c:ads_add_machine_acct(1367)
 ads_add_machine_acct: Host account for iftsmb100 already exists - 
modifying old account
Using short domain name -- KLIENT
[2004/12/02 15:34:39, 0] libads/kerberos.c:get_service_ticket(335)
 get_service_ticket: kerberos_kinit_password 
[EMAIL PROTECTED]@KLIENT.UIB.NO failed: Preauthentication failed
*** glibc detected *** free(): invalid pointer: 0x00632800 ***

Fedora Core 3, Samba  3.0.9 as installed by yum.
# klist
Ticket cache: FILE:/tmp/krb5cc_0
Default principal: [EMAIL PROTECTED]
Valid starting ExpiresService principal
12/02/04 14:45:02  12/03/04 00:45:04  krbtgt/[EMAIL PROTECTED]
   renew until 12/03/04 14:45:02
Kerberos 4 ticket cache: /tmp/tkt0
klist: You have no tickets cached
I have tried removing the definition in the AD server and recreating. 
Samba manages to create the account, but still fails like above. Note 
the double @KLIENT.UIB.NO. I think I'll go home now and take a break 
while my head clears after fighting with security = ads for 2 days...

In this AD environment hosts are defined in KLIENT.UIB.NO, while users 
belong to either UIB.NO or STUDENT.UIB.NO (a separate forest with trust 
relationships). I have had it working as far as wbinfo listing users 
from both worlds, but I still couldn't access shares. Then something 
broke, and now I can't join the domain again. What have I done wrong here?

My config files are at
http://www.ift.uib.no/~birger/krb5.conf and 
http://www.ift.uib.no/~birger/smb.conf

--
birger
--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Problem with static WINS entries

[Thomas Hannan]

I have also noticed this problem, and haven't been able to get around
it. (My main subnet is 192.168.100.0/24 and I was trying to add an entry
for a member samba server that acts as a fileserver in a different
subnet 192.168.99.60 which is in a network directly connected to the
PDC/WINS host via another network card)

I gave up and started simply using \\192.168.99.60\share in my logon
scripts.

I'd be happy to troubleshoot this with anyone willing.
-Tico

On Tue, 2004-11-30 at 08:00, Angel Galindo MuÃoz wrote:
> 
> 
>   It also doesn't work. I have stoped SAMBA, edited 'wins.dat' and once 
> SAMBA is started, in few seconds the file 'wins.dat' is rebuilded just 
> with the registered clients.
> 
>   Hope there are other solutions...
> 
> 
> 
> 
> Tomasz Chmielewski wrote:
> > Angel Galindo MuÃoz wrote:
> > 
> >>
> >> Hi!
> >>
> >> I need to add static entries to my Samba 3.0.9 WINS server but I 
> >> can't. Let's explain:
> >>
> > 
> >>
> >> What amb I doing wrong? Is there any way to add static entries to 
> >> my WINS server? Thanks a lot in advance,
> > 
> > 
> > 
> > Try stopping Samba, edit your file, and then start Samba again.
> > 
> > Tell if it worked.
> > 
> > 
> > Tomek
> 
> 
> -- 
> Angel Galindo MuÃoz
> University of Barcelona
> 
> 
> -- 
> To unsubscribe from this list go to the following URL and read the
> instructions:  http://lists.samba.org/mailman/listinfo/samba


--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Re: netlogin scripts

[Misty Stanley-Jones]

On Thursday 02 December 2004 07:32, DA Forsyth wrote:

> well, you can use some free utils to fix that.  I am using
> 'putinenv.exe' in my Win98 scripts to get what I need.
> I use winset.exe (off the Win98 CD) to set master environment
> variables and 'setenv.exe' on W2K for the same job.
>
> I have split my scripts into 2 sections.   one bit is loginall.bat
> that is run for everyone.  it is called from LGNusername.bat which
> then goes on to do user specific stuff.  I have not tried to
> integrate with the unix groups tha I am using, instead I keep a
> separate file with settings in it which is parsed by an AWK script to
> generate the login scripts.  this does mean that now and then I
> forget to correlate actual group members to the data file, but I plan
> to fix that sometime.  At the moment the server has been up (we
> switched from Novell last Thursday) nearly a week so I'm not changing
> too much at this point

That is a huge amount of work and a lot of extra utilities to do something 
that Kixtart does natively.  All it takes is one program to run login scripts 
for all OS's (you can use case statements or if/then constructs to test for 
what OS you are running if you need it for some setting), map network drives, 
change registry settings, add registry settings (your own custom ones 
perhaps?), copy files, install programs, everything you would wish to do.  I 
'learned' Kixtart in a couple hours and had my login scripts up and running 
in no time.  My login scripts are not trivial -- I have an initial set-up 
phase for first-time logins, I copy old "My Documents" to the server profile 
for non-laptop users, I set up printer connections automatically, and other 
things.  I don't understand why you would cobble together something that 
depends on more than one .exe being present and functioning, and only works 
on certain OS's, when there is something so easy and so free out there. :)

Just my .02 of course.

Misty


>
>
> --
>DA Fo rsythNetwork Supervisor
> Principal Technical Officer  -- Institute for Water Research
> http://www.ru.ac.za/institutes/iwr/
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

RE: [Samba] PDF Print From Windows 98

[Matthew Scarrow]

Thanks that's exactly it. It didn't even down on me when looking through
the huge amount of debug data :) Now that you said that I recall see the
username in all caps instead. To bad I gave up and installed PDFCreator
on the desktop for the people that needed it :)


On Wed, 2004-12-01 at 10:46, Jason Balicki wrote:
> Matthew Scarrow <> wrote:
> > I've got a pdf script on the server that converts postscript to pdf
> > files. The script works and prints but only when I'm using a windows
> > 2000 and up station. Try the same user on a windows 98 machine and it
> > doesn't work. I get a stopped with print status 249 in the cups log.
> > Even with logging set to 2 same there isn't much more info. Anyone
> > have this problem before. Thanks.
> 
> I don't know if it's the same, but I had an issue a LONG time
> ago with a Win9x client and PDF printing.
> 
> My script put the PDF files into /home/$user/PDF, but the 9x
> clients were reporting $user in all caps.  For example, the
> user "bob" became "BOB".  Since I only had one or two 9x
> clients at the time, I just made a symlink from BOB to bob,
> but I could have just as easily changed the script to
> convert the username to all lower case.
> 
> I don't know if that's what you're facing, but maybe this
> bit of info will help you.
> 
> HTH,
> 
> --J(K)
> 
> 

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] Symantec Mail Security detected a prohibited attachment in a message sent from your address (SYM:39696218922670522676)

[SecurityEx]

Subject of the message: Stolen document
Recipient of the message: "[EMAIL PROTECTED]" <[EMAIL PROTECTED]>

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] SAMBA 3.0.x and ADS v2.0

[Luis-Miguel Astudillo]

Question regarding Samba and ADS v2.0 (Win 2003)
Currently we have a NT4 domain and some stores running NT4 Server as BDCs.
We need to upgrade to W2003 and ADS and have DC in our stores.  Can
Samba be installed instead of a BDC/DC and can it act as an
authentication server when the PDC/ADS is down ?
Regards,
--
Luis
--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Re: [Samba] using samba through a VPN

[Adam Tauno Williams]

> > the internet using openvpn. I've been told that samba (through no fault of
> > its own) doesn't work very well through a VPN.

Rubbish.  I have a ~dozen users using it via a VPN, it works just the same as if
they were local (albiet more slowly, for obvious reasons).

> > I want the workstations in the new network to be able to logon to the
> > domain  and access the file shares hosted by the samba PDC in the first 
> > network.  Will  I be able to do this? Easily? :)

If you have WINS, etc... setup properly it will 'just work'.  All the same
requirements as if it was Win32 on your servers.

> The thing to use is a DHCP server that also provides clients with the IP 
> address of the PDC through the netbios-name-servers option in the ISC 
> DHCP server.

Yep,  whether this is DHCP or not depends on your VPN technology of choise, but
you need to get that information (WINS server) down to the client.  Also best
to set the clients node type to be WINS only and not use broadcast, but that is
always true.

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Home drives not as documented

[Gerald (Jerry) Carter]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
John Ryan wrote:
| Hi,
|
| I'm using Samba 3.0.5 on a Fedora Linux box.
| I have in my smb.conf
|
| logon home = \\%L\%u\.profile
| logon path = \\%L\profiles$\%u
| logon drive = H:
|
| [profiles$]
| comment = Windows XP profile directory
| path = /home/profile
|
| [homes]
| comment = home dirs
| browseable = no
| writeable =yes
|
| I have a mixture of Win95 and WinXP clients
| The Win95 clients map the home drive correctly to the
| users home directory, and store their profile in
| ~/.profile, but the WinXP clients map H: to ~/.profile.
| I've tried various combinations of logon home and logon
| path, but whatever I set logon home to, is where H:
| gets mapped to by WinXP
|
| I could change it to \\%L\%u but then the Win95 macines
| dump their profile in the home directory. I want both XP
| and 95 boxes to have H: as their home dir.
I would recommend using something like
include = /logon_%a.conf
to set the logon home on a per client arch basis.


cheers, jerry
- -
Alleviating the pain of Windows(tm)  --- http://www.samba.org
GnuPG Key- http://www.plainjoe.org/gpg_public.asc
"If we're adding to the noise, turn off this song"--Switchfoot (2003)
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.2.4 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
iD8DBQFBryMoIR7qMdg1EfYRAgY+AJwIbubPxGkUcOqR2fDeYSrhDQJISwCg8chc
TKuFE9lvmrFz3z7MWTZYq3M=
=x9MH
-END PGP SIGNATURE-
--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Re: [Samba] winbind: wbinfo -u errors

[Gerald (Jerry) Carter]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Xavier Callejas wrote:
| Hi.
|
| My question is: do I need to run winbind in the samba PDC server???
|
| I'm trying to use ntlm_auth in squid but the server can not make
| wbinfo -u succefully
|
| squid and samba PCD are in the same box, is this possible???
In this case, you will need to join winbindd to the Samba
PDC (running on the same box) as you would for a normal
domain member server.



cheers, jerry
- -
Alleviating the pain of Windows(tm)  --- http://www.samba.org
GnuPG Key- http://www.plainjoe.org/gpg_public.asc
"If we're adding to the noise, turn off this song"--Switchfoot (2003)
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.2.4 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
iD8DBQFBryFKIR7qMdg1EfYRAikOAJ4rcg48nPK/NF1FeAULxOM05qFQVwCfcVh9
Bv7llRIPmFPznxz0TBLsJ8Y=
=jhnS
-END PGP SIGNATURE-
--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Question about samba 3.0.9

[Paul Gienger]

I do this pretty regularly ... I just copy the desktop, mydocuments, 
cookies, favorites. The only thing I tend to loose is the desktop 
shortcut for the quick launch tool bar I can never get it back 
either .. been looking for it for years now...
Along with that you will also lose every possible application specific 
setting that was stored in the user's portion of the registry. In my 
case you would also lose Mozilla profiles, gaim history, and a whole 
host of other things scattered about.

BTW, in my particular case, using XP, the quick launch was in
C:\Documents and Settings\\Application Data\Microsoft\Internet 
Explorer\Quick Launch 

profiles.  When I move a user now, it makes a new desktop.  I want to 
use the user's local desktop, just transfer it to the server.  any ideas?

I've posted this solution several times and never heard anyone say "that 
really sucks because..." so I'll post it again.  Note that this is a bit 
tedious, but then again, your users will probably whine that it's also 
tedious for them to set everything back up again, so the choice is yours 
on who gets the pain of creating the settings.

When you've got some profile you need to migrate from one setting to 
another, that being from a local-on-the-machine/non-domain profile to a 
roaming/domain profile, or moving a profile from one domain to another, 
etc.  you can do the following.

before starting, make sure that you don't have any profile on the server 
with the username in question and you aren't using a network Default User.

1.Reboot to clear up any locks that may be on the profile's registry.
2. Log in as administrator (doesn't really matter which but I usually 
use local)
3. Find the user's profile you want to base the new user off of and move 
it to some safe/hidden location.  You do this mainly so that if the 
usernames match you don't end up with a user.domain profile directory.
4. Move the default user directory (it will be hidden) to a location not 
in Docs and Settings
5. Copy the old user profile back to Docs and Settings and then rename 
it Default User
6. Log in as the user on this workstation.  It may take a while to do 
the 'loading your personal settings' step depending on how large the old 
profile is.
7. Reboot and log back in as admin
8. Delete the new 'Default User' and move the original one back to where 
it was.

You can add tweaks such as changing the roaming to local profile and 
such as you see fit.  This may also work using a network Default user 
instead of the local one if you're so inclined, but I haven't tried.  
There are some variations that may need to be done if you've got some 
more complex situations, but hopefully this is close enough to get you 
going.

--
--
Paul GiengerOffice: 701-281-1884
Applied Engineering Inc.
Systems Architect   Fax:701-281-1322
URL: www.ae-solutions.com   mailto: [EMAIL PROTECTED]
--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] Sbmclient ( session request failed )

[PAULSON, DANIEL (SBCSI)]

I just found out about this tool and am learning.

I'm running smbclient Version 2.2.5 on a Sun Solaris 2.8 server and want
to send a WinPopup to windows 2000, XP etc. users for different windows
users.

I use the following and receive the following: Do I have to conf
something in smb.conf?

@@@
csdev5$ smbclient -M dans.sbc.com -N  
added interface ip=132.201.76.18 bcast=132.201.76.255
nmask=255.255.255.0
session request failed
csdev5$ 



Thank You,
Daniel J. Paulson
eVista/Artemis Architecture Team
SBC
Phone: 847-248-4636
Fax: 847-248-3953
Pager:  847-992-3592
Email: [EMAIL PROTECTED]


--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

RE: [Samba] AD Domain member not authenticating

[Edward Wissner]

I have been following this thread.  I have a similar configuration to John
with the same problem.  I am running Mandrake 10.1 Community.  I have
installed the latest krb5-1.3.X package from MIT.  I am trying to authorize
users using a w2k AD server.
One question (possibly silly), why does every example smb.conf file use '+'
as the winbind separator?  If the defualt is '\' , why not leave it at that?
I am able to authenticate to the serve, see the shared directories, but
cannot authenticate to the directory.  If I create a Unix/Samba user, that
user can use the shared directories.

ed
-Original Message-
From: John Stile [mailto:[EMAIL PROTECTED]
Sent: Wednesday, December 01, 2004 4:41 PM
To: [EMAIL PROTECTED]
Subject: Re: [Samba] AD Domain member not authenticating


On Wed, 2004-12-01 at 11:17 -0800, John Stile wrote:
> On Wed, 2004-12-01 at 11:06 -0800, John Stile wrote:
> > I had samba working, then I tried (unsuccessfully) to setup ssh pam
auth.
> > Now users are prompted for a password when accessing shares, but no
password
> > works.  I am using Redhat AS 3, samba-3.0.9-1, and krb5-1.3.
> > I forgot to backup pam file system-auth before modifying things, so I'm
not sure if that is the problem.
> > ---
> > These commands succeed:
> >   wbinfo -u,
> >   wbinfo -g
> >   getent passwd
> >   getent group
> >   net ads info
> > Time is within 2 seconds between 'net time' and 'date'
> > ---
> > Running winbind in interactive mode while trying to connect,
> > winbindd -S -i -F -d 8 -Y
> > The end of the output (as there is a lot) looks like this:
> > ...
> > remove_duplicate_gids: Enter 5 gids
> > remove_duplicate_gids: Exit 5 gids
> > [ 6411]: gid to sid 10001
> > [ 6411]: gid to sid 10066
> > [ 6411]: gid to sid 10067
> > [ 6411]: gid to sid 10265
> > [ 6411]: gid to sid 10274
> > read failed on sock 20, pid 6411: EOF
> > read failed on sock 19, pid 6411: EOF
> > ---
> > /etc/samba/smb.conf
> > [global]
> >server string = Samba Server
> >workgroup = MYREALM
> >realm = MYREALM.MY.DOMAIN.COM
> >security = ADS
> >username map = /etc/samba/smbusers
> >map to guest = Bad User
> >password server = *
> >socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
> >preferred master = no
> >local master = no
> >domain master = no
> >os level = 33
> >wins server = 128.32.68.75 128.32.67.118
> >ldap ssl = no
> >idmap uid = 1-2
> >idmap gid = 1-2
> >winbind enum users = yes
> >winbind enum groups = yes
> >winbind separator = +
> >winbind use default domain = Yes
> >template primary group = "Domain Users"
> >template homedir = /home/%U
> >template shell = /bin/bash
> >load printers = no
> >log level = 1
> >syslog = 0
> >log file = /var/log/samba/%m.log
> >max log size = 0
> > ---
> > /etc/pam.d/system-auth
> > #%PAM-1.0
> > # This file is auto-generated.
> > # User changes will be destroyed the next time authconfig is run.
> > authrequired  /lib/security/$ISA/pam_env.so
> > authsufficient/lib/security/$ISA/pam_unix.so likeauth nullok
> > authsufficient/lib/security/$ISA/pam_smb_auth.so
use_first_pass nolocal
> > authrequired  /lib/security/$ISA/pam_deny.so
> >
> > account required  /lib/security/$ISA/pam_unix.so
> >
> > passwordrequired  /lib/security/$ISA/pam_cracklib.so retry=3
type=
> > passwordsufficient/lib/security/$ISA/pam_unix.so nullok
use_authtok md5 shadow
> > passwordrequired  /lib/security/$ISA/pam_deny.so
> >
> > session required  /lib/security/$ISA/pam_limits.so
> > session required  /lib/security/$ISA/pam_unix.so
> > --
> I'm also seeing errors in /var/log/samba/winbindd.log
>   [2004/12/01 11:14:40, 1] libsmb/clikrb5.c:ads_krb5_mk_req(390)
> ads_krb5_mk_req: krb5_get_credentials failed for
[EMAIL PROTECTED] (Cannot find KDC for requested realm)
>   [2004/12/01 11:14:40, 1]
nsswitch/winbindd_ads.c:ads_cached_connection(81)
> ads_connect for domain CAMPUS failed: Cannot find KDC for requested
realm
>   [2004/12/01 11:14:40, 1] libsmb/clikrb5.c:ads_krb5_mk_req(390)
> ads_krb5_mk_req: krb5_get_credentials failed for
[EMAIL PROTECTED] (Cannot find KDC for requested realm)
>   [2004/12/01 11:14:40, 1] libsmb/clikrb5.c:ads_krb5_mk_req(390)
> ads_krb5_mk_req: krb5_get_credentials failed for
[EMAIL PROTECTED] (Cannot find KDC for requested realm)
>   [2004/12/01 11:14:40, 1]
nsswitch/winbindd_ads.c:ads_cached_connection(81)
> ads_connect for domain CAMPUS failed: Cannot find KDC for requested
realm
I'm still searching for a solution.
/var/log/messages shows
Dec  1 13:38:54 myhost smbd[7915]: [2004/12/01 13:38:54, 0]
lib/util_sock.c:get_peer_addr(1000)
Dec  1 13:38:54 myhost smbd[7915]

[Samba] migration from 3.0.2a to 3.0.8+

[Eric RABOTTEAU]

Hello all,
I use the 3.0.2a version on a Solaris 8 Box used as a PDC for 100+ users
I want to update to the 3.0.8 or 3.0.9
I would know which files (a part the smb.conf and the smbpasswd) do i 
must save.
maybe the tdb files ?
is it correct to think

1. I save thoses files,
2. I remove the 3.0.2a
3. I install the 3.0.8
4. I restore the saved files.
5. it's OK
Sorry for my English
Thanks in advance.
--
Eric RABOTTEAU
Ingénieur Systèmes

Clairis Technologies
+33 5 61 71 70 72
+33 5 61 71 71 00
--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Re: netlogin scripts

[DA Forsyth]

On 1 Dec 2004 , Michael Lueck entreated about
 "[Samba] Re: netlogin scripts":

> You do not get vars set in DOS with things like the server name, so
> alas it must be hard coded into LOGON.BAT. You could set an EnvVar at
> the top of the bat file and use it throughout the drive mappings.

well, you can use some free utils to fix that.  I am using 
'putinenv.exe' in my Win98 scripts to get what I need.
I use winset.exe (off the Win98 CD) to set master environment 
variables and 'setenv.exe' on W2K for the same job.

I have split my scripts into 2 sections.   one bit is loginall.bat 
that is run for everyone.  it is called from LGNusername.bat which 
then goes on to do user specific stuff.  I have not tried to 
integrate with the unix groups tha I am using, instead I keep a 
separate file with settings in it which is parsed by an AWK script to 
generate the login scripts.  this does mean that now and then I 
forget to correlate actual group members to the data file, but I plan 
to fix that sometime.  At the moment the server has been up (we 
switched from Novell last Thursday) nearly a week so I'm not changing 
too much at this point


--
   DA Fo rsythNetwork Supervisor
Principal Technical Officer  -- Institute for Water Research
http://www.ru.ac.za/institutes/iwr/



-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] Home drives not as documented

[John Ryan]

Hi,

I'm using Samba 3.0.5 on a Fedora Linux box.
I have in my smb.conf

logon home = \\%L\%u\.profile
logon path = \\%L\profiles$\%u
logon drive = H:

[profiles$]
comment = Windows XP profile directory
path = /home/profile

[homes]
comment = home dirs
browseable = no
writeable =yes

I have a mixture of Win95 and WinXP clients
The Win95 clients map the home drive correctly to the users home directory, and 
store their profile in ~/.profile, but the WinXP
clients map H: to ~/.profile. I've tried various combinations of logon home and 
logon path, but whatever I set logon home to, is
where H: gets mapped to by WinXP

I could change it to \\%L\%u but then the Win95 macines dump their profile in 
the home directory.
I want both XP and 95 boxes to have H: as their home dir.

I'd appreciate some help.
Thanks

John Ryan
Adelaide AUS

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] error on copying files to samba server

[Mike McCool]

Wondering if you had any luck with that problem, experiencing the same here 
intermittently.

Thanks in advance
Mike.
--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

Re: [Samba] mandatory profiles

[John H Terpstra]

On Thursday 02 December 2004 03:34, Bjørn-Sverre Nøttum wrote:
> Hello!
>
> I am running samba 3.0 on fc2 in a win2000 network.
>
> I want to use only mandatory profiles in the network, but can't get this to
> work properly. I have set up a "perfect user" on my local machine", and
> copied this profile to \\server\netlogon\Default User. I have also made
> this default profile mandatory by renaming ntuser.dat to ntuser.man.
>
> In smb.conf I have added: logon path = \\%L\profiles\%u
>
> Everything seems to work perfectly, and new users that log on get their
> profiles from \\server\netlogon\Default User - but the new users are not
> mandatory!!! In \\%L\profiles\%u I can see that the new users get a new
> ntuser.dat (and it is supposed to be ntuser.man!!).

First, do NOT copy a profile but rather migrate it using the Advanced User 
Profile management tool on the Windows XPP/2KP client and add security access 
for the group "Everyone".

Second, rename the NTUser.Dat file to NTUser.man

Third, on all client workstations set the profile to delete on exit if you 
want to use a "Default User" profile from the netlogon share. If you do not 
use a netlogon default user you need to rename the NTUser.Dat file in the 
users' profile directory to NTUser.Man.

>
> How can I force the new users to be mandatory?? I thought it would be
> enough when the Default User was mandatory - obviously it was'nt.

See above. Have you followed the guidelines I provided in "Samba-3 by 
Example"?  You can download it from:

http://www.samba.org/samba/docs/Samba-Guide.pdf

See chapter 6 for very comprehensive data on how to configure roaming profiles 
with folder redirection, etc. If any of this information does not work for 
you please work with me so I can fix it. I detest inaccurate or incorrect 
information.

Cheers,
John T.

>
> I'll appreciate all help and hints!
>
> Thanks a lot!
>
> Bjorn
>
> _
> MSN Hotmail  http://www.hotmail.com Med markedets beste SPAM-filter.
> Gratis!

-- 
John H Terpstra
Samba-Team Member
Phone: +1 (650) 580-8668

Author:
The Official Samba-3 HOWTO & Reference Guide, ISBN: 0131453556
Samba-3 by Example, ISBN: 0131472216
Hardening Linux, ISBN: 0072254971
Other books in production.
--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] mandatory profiles

[Bjørn-Sverre Nøttum]

Hello!
I am running samba 3.0 on fc2 in a win2000 network.
I want to use only mandatory profiles in the network, but can't get this to 
work properly. I have set up a "perfect user" on my local machine", and 
copied this profile to \\server\netlogon\Default User. I have also made this 
default profile mandatory by renaming ntuser.dat to ntuser.man.

In smb.conf I have added: logon path = \\%L\profiles\%u
Everything seems to work perfectly, and new users that log on get their 
profiles from \\server\netlogon\Default User - but the new users are not 
mandatory!!! In \\%L\profiles\%u I can see that the new users get a new 
ntuser.dat (and it is supposed to be ntuser.man!!).

How can I force the new users to be mandatory?? I thought it would be enough 
when the Default User was mandatory - obviously it was'nt.

I'll appreciate all help and hints!
Thanks a lot!
Bjorn
_
MSN Hotmail  http://www.hotmail.com Med markedets beste SPAM-filter. Gratis!
--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba

[Samba] Re: Tbench benchmark numbers seem to be limiting samba performance in the 2.4 and 2.6 kernel.

[TJ]

Using ttcp, I benchmarked my ethernet connection. I got in the realm of 
140 
Mb/s. I'm not sure, then, why throughput is significantly less over ethernet 
than over loopback.

TJ Harrell
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba