[Samba] Policy Violation
The following message sent by this account has violated system policy: From: [EMAIL PROTECTED] To: [EMAIL PROTECTED] Date: Sat, 25 Dec 2004 01:06:57 -0500 Subject: Is that your password? The following violations were detected: --- Scan information follows --- Virus Name: [EMAIL PROTECTED] File Attachment: private_01.pif Attachment Status: deleted --- File name Block information follows --- File Attachment: M2004122501065718581.mes/private_01.pif Matching file name: *.pif -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] domain authentication from a samba server in a samba domain
I have a box running 3.0.7 that is running my domain. I added another samba server at another location to host a few shares for that building. I successfully joined the second machine to the domain and set the 'password server' option correctly. In order to get the second machine to give me anything other than NT_STATUS_LOGIN_FAILURE, I have to create a dummy UNIX account for the domain user and 'smbpasswd -a' it. After this, it will use domain authentication correctly for that user only. I know it is doing domain auth because I set the password with 'smbpasswd -a' to something different than the domain password. The domain password works and the local one doesn't. While this is a workaround, I don't want to have to add dummy UNIX accounts on the 2nd machine for every domain user that should have access to this particular share. How can I set this up so I don't have to do that? I don't really care about the permissions on the share (multiple domain users accessing as the same UNIX user is okay). -- Andrew Gaffney Gentoo Linux Developer Installer Project -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: Connection reset by peer
> I agree. This indicates a packet loss on the LAN. I would check the cables > and switches. If you can, try using a > 10,000 packet flood ping from the server to a suspect host, with a 1500=byte > packet size. This is a nice quick test > of network health. Oh - a bad NIC at either end can also do this. So can voltage drops, and having cables wrapped around a thermostatically controlled space heater sitting under an employees desk. So if the ping flood doesn't find anything, do it again periodically, as this kind of problem can have intermittent causes. Best to use managed switches which log bad-packet events. > >I had some of those showing up on a test network with home-made LAN cables. > >I switched it to pre-fab tested onces > and the errors went away. So, one vote for LAN cable issues. Connection > resets are a > >TCP/IP stack condition you could pick up the existance of with a sniffer, > >Samba in my opinion is being nice and > logging that it detected it happening. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] LDAP problem, with samba and groups
> [2004/12/24 10:59:46, 0] lib/smbldap.c:smbldap_open_connection(545) > ldap_initialize: Time limit exceeded > [2004/12/24 10:59:46, 1] lib/smbldap.c:another_ldap_try(936) > Connection to LDAP server failed for the 1 try! > [2004/12/24 10:59:47, 0] lib/smbldap.c:smbldap_open_connection(545) > ldap_initialize: Time limit exceeded > [2004/12/24 10:59:47, 1] lib/smbldap.c:another_ldap_try(936) > Connection to LDAP server failed for the 2 try! > I think there is a problem that it takes to long for samba before they it get > an answer back. > Any idea how to solve this? > Is there also an option to configure that ldap works faster? It seems that if > users are member of 15 groups, ldap checks this groups and then give a OK > sign to samba? Why not test your LDAP server with "ldapsearch"? (You didn't say what LDAP server you are using). If performance is bad, address that, which has nothing to do with Samba. Also test "id", make sure NSS is really working, and try using name service caching if you aren't using the DSA via a domain socket. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Re: domain administrator is always mapped to root
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 | root is root (Unix admin, Domain admin). tango is tango (NOT an Unix | admin, but Domain admin). Is there a technical necessity of mapping | tango to root? I surmise that in order to properly emulate Windows behavior Samba must do some of these things that we *nix guys find pesky. I imagine that the only way around this behaviour would probably include coming up with a special PAM module and that may be outside the scope of the Samba project. Otherwise you are going to need to be able to do root things like change passwords, delete users and stuff. Jim C. - -- - - | I can be reached on the following Instant Messenger services: | |---| | MSN: j_c_llings @ hotmail.com AIM: WyteLi0n ICQ: 123291844 | |---| | Y!: j_c_llingsJabber: jcllings @ njs.netlab.cz| - - -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFBzF1v57L0B7uXm9oRAs9rAJwJU0hmDHOdqGtWoeSNZ2XXYdDKJQCfaKWe 4zO74GZ30AyIDHYEt3pKy38= =4t7v -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: Connection reset by peer
I agree. This indicates a packet loss on the LAN. I would check the cables and switches. If you can, try using a 10,000 packet flood ping from the server to a suspect host, with a 1500=byte packet size. This is a nice quick test of network health. Oh - a bad NIC at either end can also do this. On Fri, 24 Dec 2004 07:15:52 -0500, Michael Lueck wrote: >I had some of those showing up on a test network with home-made LAN cables. I >switched it to pre-fab tested onces and the errors went away. So, one vote for LAN cable issues. Connection resets are a >TCP/IP stack condition you could pick up the existance of with a sniffer, >Samba in my opinion is being nice and logging that it detected it happening. > >-- >Michael Lueck >Lueck Data Systems > >Remove the upper case letters NOSPAM to contact me directly. > >-- >To unsubscribe from this list go to the following URL and read the >instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Re: Connection reset by peer
I had some of those showing up on a test network with home-made LAN cables. I switched it to pre-fab tested onces and the errors went away. So, one vote for LAN cable issues. Connection resets are a TCP/IP stack condition you could pick up the existance of with a sniffer, Samba in my opinion is being nice and logging that it detected it happening. -- Michael Lueck Lueck Data Systems Remove the upper case letters NOSPAM to contact me directly. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Slow XP -> Samba 3 (but not FTP etc)
Dear All, Sorry to repeat a question I've seen mentioned before, but have not been able to find a solution to my specific instance. I have an XP SP2 box (and one with no SP), and some Win2K boxes, and a Samba server (3.0.9-2). The Win2K boxes can all copy files to the server at a reasonable speed, but the XP boxes are all dreadfully slow. FTP from the XP boxes is fine. The XP boxes can also copy to the Win2k boxes at a reasonable speed. I have tried: - attaching the XP boxes to the network cables of the desktops & vice-verca. This results in unchanged behaviour (XP slow, 2K fast) - FTP from the XP machines (runs fast) - rebooting XP - rebooting server - directly connecting XP machine to server - XP copy to Win2k (fast) But with no luck. The time (estimated) to copy a 2 GB file is > 200 minutes. Microsoft KB articles talk about changing TcpAckFrequency Values on the server, for slow comms from XP to a Win2K PDC (http://support.microsoft.com/?kbid=321169) but this is on the server, and the same article talks about changing RequireSecuritySignature & EnableSecuritySignature (on the client, I think), but these are already set to 0. The most odd thing about this is that the poor performance started happening during a copy operation: 10GB were copied in a few minutes, then the connection ran slow and has run slow ever since. Any help would be greatly appreciated. Relevant smb.conf sections below: [global] workgroup = ALBATROSS printing = cups printcap name = cups printcap cache time = 750 cups options = raw printer admin = @ntadmin, root, administrator username map = /etc/samba/smbusers map to guest = Bad User include = /etc/samba/dhcp.conf logon path = \\%L\profiles\.msprofile logon home = \\%L\%U\.9xprofile logon drive = L: security = user encrypt passwords = yes add machine script = /usr/sbin/useradd -c Machine -d /var/lib/nobody -s /bin/false %m$ domain logons = yes domain master = yes ldap idmap suffix = ou=Idmap ldap machine suffix = ou=Computers local master = yes os level = 65 preferred master = yes ldap suffix = dc=example,dc=com netbios name = Alexandria unix charset = ISO8859-1 display charset = ISO8859-1 [nobackup] comment = Un-backed-up Files path = /nobackup/netfiles/%u read only = no directory mask = 0700 hide dot files = no create mask = 0700 Philip Warner| __---_ Albatross Consulting Pty. Ltd. |/ - \ (A.B.N. 75 008 659 498) | /(@) __---_ Tel: (+61) 0500 83 82 81 | _ \ Fax: (+61) 03 5330 3172 | ___ | Http://www.rhyme.com.au |/ \| |---- PGP key available upon request, | / and from pgp.mit.edu:11371 |/ -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: domain administrator is always mapped to root
Hi, Get what fixed? The OS is Unix. The administrator IS root. What is there to "fix"? root is root (Unix admin, Domain admin). tango is tango (NOT an Unix admin, but Domain admin). Is there a technical necessity of mapping tango to root? Florian -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: domain administrator is always mapped to root
Florian Effenberger wrote: Hi Michael, 2) Anyone who is a Samba Domain Admin will cause things in the log to equate the user to being the root user. Just how Samba thinks about things. okay. Any chance to get that "fixed" by the Samba development team? :-) Get what fixed? The OS is Unix. The administrator IS root. What is there to "fix"? Florian -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Gerhard Schaller/HOL_DV/Kuester/DE ist außer Haus. ['Watchdog': checked]
Ich bin außer Haus ab 23.12.2004 und für Sie wieder erreichbar ab 05.01.2005. I'm not in the office on 23.12.2004 and will be available to you on 05.01.2005. Ich werde Ihre Nachricht nach meiner Rückkehr beantworten. Diese E-mail ist nur für den bezeichneten Adressaten bestimmt und kann vertrauliche und/oder rechtlich geschützte Informationen enthalten. Sollten Sie diese E-mail irrtümlich erhalten haben, informieren Sie bitte sofort den Absender und vernichten Sie diese E-mail. Wenn Sie nicht der vorgesehene Adressat dieser E-mail sein sollten, so beachten Sie bitte, dass jede Überarbeitung, Weiterleitung, Verbreitung oder jeder weitere Gebrauch dieser E-mail ausdrücklich untersagt ist. This e-mail is intended solely for the addressee and may contain confidential and/or privileged information. If you are not the intended recipient, please notify the sender immediately and destroy this e-mail. In this case any form of reproduction, disclosure, distribution or any action taken or refrained from in reliance on it, is strictly prohibited. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] LDAP problem, with samba and groups
Hi All We have the following problem: We configured samba with LDAP and this works fine. As soon as they try to login wit a user who is member of 15 groups, it takes very long to login with Windows and then an mostly an errormessage appears. On win 2000 is the error: There has been made a change to the server. Contact you sysadmin When a user logins (member of 15 groups) ldap shows the following logging: Dec 24 10:43:45 localhost slapd[3322]: <= root access granted Dec 24 10:43:45 localhost slapd[3322]: <= test_filter 6 Dec 24 10:43:45 localhost slapd[3322]: => test_filter Dec 24 10:43:45 localhost slapd[3322]: EQUALITY Dec 24 10:43:45 localhost slapd[3322]: => access_allowed: search access to "cn=engineering_w,ou=Groups,dc=sif-group,dc=nl" "gidNumber" requested Dec 24 10:43:45 localhost slapd[3322]: <= root access granted Dec 24 10:43:45 localhost slapd[3322]: <= test_filter 6 Dec 24 10:43:45 localhost slapd[3322]: <= test_filter_and 6 Dec 24 10:43:45 localhost slapd[3322]: <= test_filter 6 Dec 24 10:43:45 localhost slapd[3322]: => access_allowed: read access to "cn=engineering_w,ou=Groups,dc=sif-group,dc=nl" "entry" requested Dec 24 10:43:45 localhost slapd[3322]: <= root access granted Dec 24 10:43:45 localhost slapd[3322]: => access_allowed: read access to "cn=engineering_w,ou=Groups,dc=sif-group,dc=nl" "objectClass" requested Dec 24 10:43:45 localhost slapd[3322]: <= root access granted Dec 24 10:43:45 localhost slapd[3322]: => access_allowed: read access to "cn=engineering_w,ou=Groups,dc=sif-group,dc=nl" "objectClass" requested Dec 24 10:43:45 localhost slapd[3322]: <= root access granted Dec 24 10:43:45 localhost slapd[3322]: => access_allowed: read access to "cn=engineering_w,ou=Groups,dc=sif-group,dc=nl" "objectClass" requested Dec 24 10:43:45 localhost slapd[3322]: <= root access granted Dec 24 10:43:45 localhost slapd[3322]: => access_allowed: read access to "cn=engineering_w,ou=Groups,dc=sif-group,dc=nl" "cn" requested Dec 24 10:43:45 localhost slapd[3322]: <= root access granted Dec 24 10:43:45 localhost slapd[3322]: => access_allowed: read access to "cn=engineering_w,ou=Groups,dc=sif-group,dc=nl" "cn" requested Dec 24 10:43:45 localhost slapd[3322]: <= root access granted Dec 24 10:43:45 localhost slapd[3322]: => access_allowed: read access to "cn=engineering_w,ou=Groups,dc=sif-group,dc=nl" "gidNumber" requested Dec 24 10:43:45 localhost slapd[3322]: <= root access granted Dec 24 10:43:45 localhost slapd[3322]: => access_allowed: read access to "cn=engineering_w,ou=Groups,dc=sif-group,dc=nl" "gidNumber" requested Dec 24 10:43:45 localhost slapd[3322]: <= root access granted Dec 24 10:43:45 localhost slapd[3322]: => access_allowed: read access to "cn=engineering_w,ou=Groups,dc=sif-group,dc=nl" "description" requested Dec 24 10:43:45 localhost slapd[3322]: <= root access granted Dec 24 10:43:46 localhost slapd[3322]: => access_allowed: read access to "cn=engineering_w,ou=Groups,dc=sif-group,dc=nl" "description" requested Dec 24 10:43:46 localhost slapd[3322]: <= root access granted Dec 24 10:43:46 localhost slapd[3322]: => access_allowed: read access to "cn=engineering_w,ou=Groups,dc=sif-group,dc=nl" "sambaSID" requested Dec 24 10:43:46 localhost slapd[3322]: <= root access granted Dec 24 10:43:46 localhost slapd[3322]: => access_allowed: read access to "cn=engineering_w,ou=Groups,dc=sif-group,dc=nl" "sambaSID" requested Dec 24 10:43:46 localhost slapd[3322]: <= root access granted Dec 24 10:43:46 localhost slapd[3322]: => access_allowed: read access to "cn=engineering_w,ou=Groups,dc=sif-group,dc=nl" "sambaGroupType" requested Dec 24 10:43:46 localhost slapd[3322]: <= root access granted Dec 24 10:43:46 localhost slapd[3322]: => access_allowed: read access to "cn=engineering_w,ou=Groups,dc=sif-group,dc=nl" "sambaGroupType" requested Dec 24 10:43:46 localhost slapd[3322]: <= root access granted Dec 24 10:43:46 localhost slapd[3322]: => access_allowed: read access to "cn=engineering_w,ou=Groups,dc=sif-group,dc=nl" "displayName" requested Dec 24 10:43:46 localhost slapd[3322]: <= root access granted Dec 24 10:43:46 localhost slapd[3322]: => access_allowed: read access to "cn=engineering_w,ou=Groups,dc=sif-group,dc=nl" "displayName" requested Dec 24 10:43:46 localhost slapd[3322]: <= root access granted And then really realy much, very long. With continuesly an other cn = groupname Now I see that the logging winbindd in /etc/samba/ shows: [2004/12/24 10:58:36, 1] lib/smbldap.c:another_ldap_try(936) Connection to LDAP server failed for the 11 try! [2004/12/24 10:58:37, 0] lib/smbldap.c:smbldap_open_connection(545) ldap_initialize: Time limit exceeded [2004/12/24 10:58:37, 1] lib/smbldap.c:another_ldap_try(936) Connection to LDAP server failed for the 12 try! [2004/12/24 10:58:38, 0] lib/smbldap.c:smbldap_open_connection(545) ldap_initialize: Time limit exceeded [2004/12/24 10:58:38, 1] lib/smbldap.c:another_ldap_try(9
Re: [Samba] Re: domain administrator is always mapped to root
Hi Michael, 2) Anyone who is a Samba Domain Admin will cause things in the log to equate the user to being the root user. Just how Samba thinks about things. okay. Any chance to get that "fixed" by the Samba development team? :-) Florian -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Samba doesn't see other computers
I'm fairly new to linux. I've set up everything and it works, except seeing other computer s in the network. I can connect with my windows machine to the SMB shares (user) on the linux machine (also with other windows computers) but I can't see the workgroup and/or it's pc's/servers from the linux machine I use Fedora Core 3 now (in FC1 everything worked perfect) in the firewall the ports 137, 138, 139 and 445 are open on TCP and UDP. In the config I setup my machine and the workgroup correctly the (hobby wifi) network consists of 7 servers and 53 pc's/clients The servers run win 2k3 and the clients vary from win95 to xp prof. My linux machine is server and client I for myself think I made a simple error (connecting to is working great) but I can't see what I do wrong. Anyone here with a suggestion? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Replacement of a windows 2000 PDC with active directory by samba/LDAP
Hi I'm currently working on a project aiming at replacing all windows servers (about 20) in my company by linux servers. Some of these windows servers are windows 2000 domain controlers (one PDC and few BDCs) with active directory. We have about 900 client windows 2000 workstations and about 2/3 of them are domain members. Our goal is to replace the windows servers that are domain controlers by samba servers, and of course, to avoid as much as possible a migration of the windows workstations because that would be a very long and human resource intensive task. Reading the samba documentation, I understand that samba 3 can act roughly like a windows NT 4 PDC, but not like an active directory server. My first conclusion is that our windows domain will probably have to "downgrade" to a "NT 4 like" domain, but I don't really know what impact this will have on windows 2000 workstations. So these are my questions: - Will we be able to achieve the replacement of the windows 2000 PDC et BDCs without any action on windows workstations ? Or should we prepare for bad days of workstations migration ? - Does anybody have a similar experience ? Thanks for your help. -- Olivier Navas Groupement Informatique et Télécommunications SDIS 33 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: Re: Question about win2000 and samba
Marco De Vitis írta: Il 24/12/2004, alle ore 10:02, Gémes Géza ha scritto: It happens to me to at any W2k machine on the network, and also to other users, so I suspect it is not a network problem. Maybe faulty network card/cable on the server or something like that? Check the Samba logs for errors; if the problem is in Samba, they should show some traces of it. Changed the NICs and other hardware (even the servers), and of course the Samba release (a couple of times) since the problem first apeared in 2001 (then we got our first Win2k workstations). I haven't inspected Samba logs (yet) haunting for such simptoms, but I've did it many times for other problems. Anyway transfer problems were allways close to the 100Mbps hardware offered maximum. Could it have anything to do with specifying /PERSIST:NO with every NET USE command? Cheers Geza -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Re: Re: Question about win2000 and samba
Il 24/12/2004, alle ore 10:02, Gémes Géza ha scritto: > It happens to me to at any W2k machine on the network, and also to other > users, so I suspect it is not a network problem. Maybe faulty network card/cable on the server or something like that? Check the Samba logs for errors; if the problem is in Samba, they should show some traces of it. -- Ciao, Marco. ..."Close To The Edge", Yes 1972 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: Question about win2000 and samba
Marco De Vitis írta: Il 23/12/2004, alle ore 18:28, Adam Tauno Williams ha scritto: The connections have been idled out, this is normal Windows 2000 behaviour. There are many articles about changing the value or disabling the 'feature' This can be changed or disabled only in Windows servers, AFAIK, which indeed have a default idle value of 15 minutes or so. This should not happen with Samba, and the fact that Bart experiences the problem right from boot up confirms that this is a different problem. Bart, do you have the problems on ALL (how many?) Win2000 machines you use? I also had the problem on a particular Win2000 machine in the past, it seemed to be due to the installation of Roxio Easy CD Creator 5 Platinum. Now I'm having the same problem on another machine which does not have that program installed (although it does have a CD writer), and I suspect it's due to a somehow faulty network card, I'm going to try replacing it. It happens to me to at any W2k machine on the network, and also to other users, so I suspect it is not a network problem. It happened at a different building, and different network infrastructure too. Cheers Geza -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Re: Question about win2000 and samba
Il 23/12/2004, alle ore 18:28, Adam Tauno Williams ha scritto: > The connections have been idled out, this is normal Windows 2000 > behaviour. There are many articles about changing the value or > disabling the 'feature' This can be changed or disabled only in Windows servers, AFAIK, which indeed have a default idle value of 15 minutes or so. This should not happen with Samba, and the fact that Bart experiences the problem right from boot up confirms that this is a different problem. Bart, do you have the problems on ALL (how many?) Win2000 machines you use? I also had the problem on a particular Win2000 machine in the past, it seemed to be due to the installation of Roxio Easy CD Creator 5 Platinum. Now I'm having the same problem on another machine which does not have that program installed (although it does have a CD writer), and I suspect it's due to a somehow faulty network card, I'm going to try replacing it. -- Ciao, Marco. ..."Have a Little Faith", Bill Frisell 1993 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba