Re: [Samba] Multiple winbindd processes

[Vladimir Levijev]

On Tuesday 11 January 2005 06:16, [EMAIL PROTECTED] wrote:

Hi,

> I had posted in the technical list about this sometime back. However, I
> don't think anything was available at that time, so I went ahead and wrote
> a small patch that allows multiple winbindd process to run at the same
> time :) . What it does is to create a seperate pipe for each winbindd
> process. However, this would need a patch for the nss library as well and
> I've only worked out a patch for the linux nss library. I'd also added a
> couple of extra parameters to the smb.conf file that allowed for
> specification of a list of domains that could be veto-ed or allowed. I
> could send you the patch if you're interested.

I'm really interested. Thank you :-)

-- 
[EMAIL PROTECTED]
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Multiple winbindd processes

[Sridhar . Venkatakrishnan]

Hi, 

I had posted in the technical list about this sometime back. However, I 
don't think anything was available at that time, so I went ahead and wrote 
a small patch that allows multiple winbindd process to run at the same 
time :) . What it does is to create a seperate pipe for each winbindd 
process. However, this would need a patch for the nss library as well and 
I've only worked out a patch for the linux nss library. I'd also added a 
couple of extra parameters to the smb.conf file that allowed for 
specification of a list of domains that could be veto-ed or allowed. I 
could send you the patch if you're interested. 

Sridhar





Vladimir Levijev <[EMAIL PROTECTED]>
Sent by: [EMAIL PROTECTED]
10/01/2005 11:10 PM

 
To: samba@lists.samba.org
cc: 
Subject:[Samba] Multiple winbindd processes



Hi,

My problem is that I'd like to have one GNU/Linux box with Samba installed 

serve multiple domains.

I have 2 Domains separated from each other. Connected Samba box to both 
domains and joined them successfully. Running 2 smbd and 2 nmbd processes 
bound to the appropreate network interface, with different settings 
serving 
appropreate domans.

Samba server is visible in both networks but here is the problem. I can 
start 
2 winbindd processes for each domain controller, but only one is actually 
working. So only users from that one are able to authenticate. Using 
'lsof' 
showed that both winbindd processes are connected to the pipe, but only 
the 
last one started is actually listening to requests?

The question is, what do I need to do to make 2 winbindd processes work 
simultaneously? Is there a solution available, or I will need to write a 
patch for winbind?

TIA,

-- 
[EMAIL PROTECTED]
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba


-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Problems adding a user

[Paul]

I am having problems adding a user.  Here is some background: OK this is my
first attempt to build a Samba server so be gentle.  

 

Operating System: Fedora Core 3

Samba version: 3.0.10-1.fc3

 

I have set up a Stand-alone server to support my 4 client machines (all
WinXP boxes w/o a domain).  I had some difficulties getting things to work
and eventually traced them down to a Firestarter (1.0.0) and I had to turn
"block broadcasts" off. 

 

Up to now I'd been playing with two user accounts.  

 

Linux user pst = Win user Paul

Linux user ljk  = Win user Lisa

 

I've added and deleted these accounts a number of times (both the Samba
accounts and the Fedora accounts). After I turned broadcasts off  I got Paul
working fine.  But when I tried to get Lisa working this is what happens:

 

Applications => System Settings => Server Settings => Samba

 

 From the Samba GUI I selected: Preferences => Samba Users

 

 From the "Samba Users" window I select Add Users

 

And enter:

 

Unix Username: ljk (from drop down menu) 

Windows Username: lisa 

Samba Password: Supersecret 

Confirm Samba Password: Supersercret

 

I get the following error message:

! An Account for this user already exists. Please try again.

 

Now neither ljk nor lisa is listed on the Samba Users window, and there is a
user account ljk on Fedora.

 

So I tried to delete ljk as follows:

 

[EMAIL PROTECTED] pst]# smbpasswd -x ljk

Deleted user ljk.

[EMAIL PROTECTED] pst]# smbpasswd -x lisa

Failed to initialise SAM_ACCOUNT for user lisa. Does this user exist in the
UNIX password database ?

Failed to modify password entry for user lisa [EMAIL PROTECTED] pst]#

 

What worries me is if I enter try and delete ljk again, expecting an error
message saying the user doesn't exist I get:

 

[EMAIL PROTECTED] pst]# smbpasswd -x ljk 

Deleted user ljk.

[EMAIL PROTECTED] pst]# smbpasswd -x ljk

Deleted user ljk.

 

This is not what I expected.  If I go back to the Samba GUI and try and add
ljk I get the same results as I showed at the start of this message.

 

Since then I have added two other users successfully.  So what am I doing
wrong with Lisa?

 

Paul

 

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] chinese characters

[Max Waterman]

Hello again,
This is causing my users a lot of pain. Is SAMBA not supposed to work in 
China?

Is there a better place to ask this question? Did I not give enough 
information?

I am feeling the pressure to move back to MS Windows, but I'd rather not 
give MS any more money.

Please advise...
Max.
Max Waterman wrote:
Hi,
I am using SME server 6.0 which has samba preconfigured on it. We 
upgraded from MS Windows 2000 server.

I am using the server in China and so many of the users wish to create 
files with Chinese characters in their names.

File names with Chinese characters seem to cause all sorts of problems. 
They have trouble creating them, and files which are copied off backup 
(from the W2K system) seem to stop them from logging in (because they 
cannot be copied off the server).

Can someone point me at any resources for debugging this sort of problem?
I have been to the SME forums but they haven't been any help - the only 
thing was a mention of a couple of parameters ('character set' should be 
commented out, and 'client code page' set to 936) in the smb.conf file 
(as per the man page).

Is there anything else I need to do? Is there anywhere that explains how 
this is supposed to work. How do I use the server with computers using 
different 'code pages', as reported by the dos command chcp?

Thanks for any help.
Max.
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Re: shifting samba machine

[Jim C.]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
| We were not using LDAP at all - just flat /etc/passwd, /etc/group and
...
| Perhaps I needed to port over the "SID" from the old PDC to the new?
That will probably be a requirement.  Check your /etc/samba/smbpasswd
files.  If they contain SID numbers then yeah.
Jim C.
- --
- -
| I can be reached on the following Instant Messenger services: |
|---|
| MSN: j_c_llings @ hotmail.com  AIM: WyteLi0n  ICQ: 123291844  |
|---|
| Y!: j_c_llingsJabber: jcllings @ njs.netlab.cz|
- -
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.2.5 (MingW32)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
iD8DBQFB4zGz57L0B7uXm9oRAts2AJ98O2nMYGcJOlsgePlWC6E/kzIRkwCeJ0SW
Re37NSpLbLAtK4S0GGxmrRs=
=qg4T
-END PGP SIGNATURE-
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] [PATCH] printing patch update

[Jeremy Allison]

On Mon, Jan 10, 2005 at 03:15:56PM +0100, Jerome Borsboom wrote:
> In reviewing the recent printing-3-0-10_v2 patch, I think I have 
> found an omitted 'release_print_db'. The following patch 
> corrects this.
> 
> Regards,
> 
> Jerome Borsboom
> 
> --- samba-3.0.10/source/printing/printing.c   2005-01-10 15:07:27.060999122 
> +0100
> +++ samba-3.0.10.new/source/printing/printing.c   2005-01-10 
> 15:07:36.784464292 +0100
> @@ -1077,6 +1077,7 @@
>  
>   if ( !print_cache_expired(sharename, False) ) {
>   DEBUG(5,("print_queue_update_internal: print cache for %s is 
> still ok\n", sharename));
> + release_print_db( pdb );
>   return;
>   }

Applied - thanks !

Jeremy.
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] WERR_BADFILE and Epson Stylus C62

[Stephen Martin]

Hello all,
I'm trying to set up an Epson Stylus C62 printer for automatic download
of windows XP drivers in Samba 3.0.9.  I have the printer successfully
set up on my Windows XP machine, and I can print from there without a
problem.  The trouble is when I try to tell samba about the drivers, it
fails.  This happens if I use the add printer wizard and if I try to do
it manually with the rpcclient adddriver command.  I used the
'getdriver' command on my win box to identify the driver files, and
they are all in the print$/W32X86 directory:
kilgore W32X86 #ls
EBPLPT3.DLL   E_ARCVEX.EXE  E_DM16CE.DAT  E_H13UIA.DLL  E_S290B1.DLL
EPIBSR30.EXE  E_DCON02.DLL  E_DM16CE.VIF  E_H290B2.DLL  E_S2E0B1.DLL
EPIPGI10.DLL  E_DD16CE.CFG  E_DMAI14.DLL  E_H2E0B2.DLL  E_SACK32.DLL
EPSET32.DLL   E_DDSP13.DLL  E_DMSG00.EXE  E_HUTX57.DXT  E_SMSTE3.HLP
EPUPDATE.EXE  E_DHMM11.DLL  E_DPPE03.EXE  E_QI021E.HLP  SETUP32.DLL
EPUTIX24.DLL  E_DHT3R0.DLL  E_DPUI03.DLL  E_S0BIC1.EXE
EPUTIX24.EXE  E_DI06CE.DLL  E_DSU0BE.DLL  E_S10MT1.EXE
E_A2X0C1.DAT  E_DI13AE.DOC  E_DU16CE.DLL  E_S10RN1.EXE
E_ARCV02.DLL  E_DJB303.DLL  E_DUMW02.DLL  E_S1T0A1.EXE
However, when I use the addprinter command like so:
kilgore W32X86 #rpcclient -Uroot -c 'adddriver "Windows NT x86" \
"epc62:E_DMAI14.DLL:E_DM16CE.VIF:E_DU16CE.DLL:E_QI021E.HLP:NULL:RAW: \
E_DDSP13.DLL,E_DJB303.DLL,E_DCON02.DLL,E_DMSG00.EXE,EPIBSR30.EXE, \
E_DI06CE.DLL,E_DD16CE.CFG,EPIPGI10.DLL,E_DPUI03.DLL,E_DPPE03.EXE, \
E_DI13AE.DOC,EPSET32.DLL,E_DHMM11.DLL,E_DUMW02.DLL,E_DHT3R0.DLL, \
E_DSU0BE.DLL,E_HUTX57.DXT,E_H290B2.DLL,EPUTIX24.DLL,EPUTIX24.EXE, \
E_H2E0B2.DLL,EBPLPT3.DLL,E_DM16CE.DAT,EPUPDATE.EXE,SETUP32.DLL, \
E_ARCV02.DLL,E_ARCVEX.EXE,E_S0BIC1.EXE,E_S10MT1.EXE,E_S10RN1.EXE, \
E_SMSTE3.HLP,E_SACK32.DLL,E_S1T0A1.EXE,E_H13UIA.DLL,E_S290B1.DLL, \
E_S2E0B1.DLL,E_A2X0C1.DAT" 3' localhost
I get:
result was WERR_BADFILE
After the error, W32X86 looks like this:
kilgore W32X86 #ls
3 E_DDSP13.DLL  E_DI13AE.DOC  E_H2E0B2.DLL  E_SMSTE3.HLP
E_ARCV02.DLL  E_DI06CE.DLL  E_DSU0BE.DLL  E_S2E0B1.DLL
W32X86/3 look like this:
kilgore 3 #ls
E_DM16CE.VIF  E_DMAI14.DLL  E_DU16CE.DLL  E_QI021E.HLP
Any suggestions?
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] removing a file lock

[David Mendenhall]

Can anyone tell me whether manually unlocking a file is possible? From 
the lack of response, I'd say no, but I thought I'd ask once more before 
giving up on the idea. Someone suggested killing the process that holds 
the lock, but I'd prefer to not disconnect the user. Any insight is 
appreciated. Thanks.

-david
David Mendenhall wrote:
Hi all,
I'm trying to find a way to remove a file lock. I haven't found any 
method using the smb tools. I'm assuming I could remove the file lock 
by deleting the entry in the locking.tbd file, but the keys are stored 
as binary, so I can't figure out a way to give tdbtool a proper key 
name to delete the entry. Anyone know how to remove a file lock? We're 
using samba version 3.0.10.

The reason I'm looking into this is that when saving a file using a 
Mac's smb client, it creates a "dot underscore" resource fork file, 
but doesn't unlock this resource fork when it unlocks the data file. 
The result is that other Macs can save the data file, but not the 
resource file, causing all kinds of strange behavior. I've seen 
mention of this problem on this list, but the only solution I've seen 
has been to buy Thursby's Mac client, which is cost prohibitive for 
us. As a hack, I hope was hoping to routinely parse the locking.tdb 
and delete any orphaned ._ file locks. Not the best solution, but it 
should get us by if we can't get a fix from Apple.

Any help would be appreciated.
-dmenden
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Solaris 9 winbind/getent group issues

[Michael Agard]

Hello everyone,

I've got samba 3.0.10 compiled --with-pam and --with-winbind , have put
libnss_winbind.so into /usr/lib and created the appropriate links, and
have edited /etc/nsswitch.conf to have group and password point to files
then winbind.  I joined my domain successfully. I'm running on a Solaris
9 system with the 9_Recommended patch cluster installed. Relevant
smb.conf lines:


security = DOMAIN

winbind uid = 1-2
winbind gid = 1-2
winbind template homedir = /export/home/%D/%U
winbind separator = +
winbind nested groups = yes

I am having a problem which seems to be widely reported but never
resolved (per any of my myriad of searches of the various lists).
wbinfo -u returns a nice list of all users in my domain, wbinfo -g
returns an equally attractive list of domain groups, and wbinfo -t tells
me that the trust secret succeeded.

getent passwd returns local and domain users- another great listing.
Unfortunately, despite my best efforts, getent group only returns one
group after my local group list- Domain Admins. 

Thinking that this might be a quirky Solaris thing, I compiled the
getent.c included in the testsuite directory of the samba distro, and
ran it, with the same unfortunate results.

I ran winbindd with the debug level set to 10, and apart from some
benign charset substitution that seems to be happening, log.winbindd
doesn't show any errors. 

Attempts to chown files to MYDOMAIN+username work with winbindd running.
Attempts to chgrp files to anything other than MYDOMAIN+Domain Admins
results in a long, long hang (I left it for 15 minutes before giving
up).  chgrp to MYDOMAIN+Domain Admins does work, however.

I must humbly ask for your assistance here- I VERY MUCH need this to
work.

Thank you,

Michael Agard
[EMAIL PROTECTED]
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Off line folders

[Richard Green]

Hi,
I am just wondering if anyone knows how to make working offline less
distruptive, I'm happy to sync on logoff and logon but is there any way
to stop the window popping up and displaying progress? I would rather
have it all done in the background and not be notified of syncronisation
errors. Any ideas?
Cheers Rich
Collins, Kevin wrote:
I may be able to help on this one...we were having a similar problem and
just last week cured it. (I hope!) 

I had to do two things:
1). On the clients having this problem, edit this registry key:
"HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\NetCache\GoOff
lineOnSlowLink".  If it's not there (as in my case) you may have to add the
last key.  Make sure it's a DWORD Value when you add it.  Then set it's
value to "1".  Restart the computer.
2). Next define a group policy that determines what a "Slow Link" is.  Run
"GPEDIT.msc" from a command line and then look for the following selection:
"Computer Configuration->Adminstrative Templates->Network->Offline
Files->Configure Slow Link Speed".  I set it to a ridulously low speed - 32k
- as I never hope to see my 100Mb/s network reduced to that little amount of
bandwidth.  Since then my users have not been offline once. (Unless of
course they actually are disconnected from my network.)
I hope I've helped.
Kevin

-Original Message-
From: Graeme Walker [mailto:[EMAIL PROTECTED] 
Sent: Sunday, January 09, 2005 2:24 PM
To: samba@lists.samba.org
Subject: [Samba] Off line folders

Hi
I keep having problems with XP machines connecting to a Samba 
server (3.0.9), where the users keep going off line, small 20 
user network, not network perfomance issues.

Disable off line folders and all works. Reason for off line 
folders, it is a laptop and mydocs sits on server, also acts 
as a backup and server is backed up.

Thanks
Graeme 

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] getent doesn't find the ldap users

[Choudary Mumtaz]

Hi All:
  I have configured LDAP and SAMBA following the instructions from 
samba.org. All the tests slapcat etc. are fine. I have also configured nss 
using ldap.conf, but getent passwd etc. doesn't find the ldap users. May you 
please point me to the right direction? Where should I look for errors?
   Thank you.
Asad.


-
Do you Yahoo!?
 Read only the mail you want - Yahoo! Mail SpamGuard.
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Samba 3.0.11pre1 Available for Download

[Thomas Bork]

Thomas Bork wrote:
I had two installations with old printjobs not deleting after printing 
with 3.0.10 with printing patch.
After updating to 3.0.11pre1 one of these installations still have this 
problems but not in the same manner. It is necessarily to update the 
windows status monitor with F5 to remove old jobs.
I think, I have a log from the error. Please see the "pid 21540 doesn't 
exist - deleting messages record" messages.
For which pid Samba checks here?
The log is from a client with old jobs in status monitor. Refreshing 
with F5 is possible, then old Jobs are beeing removed.

Another problem with printer status in 3.0.11pre1:
Cannot see the number of pages in status monitor. Only 'N/V'. Clients 
are Win 2000 and XP.

[2005/01/10 11:00:01, 4] printing/printing.c:print_cache_expired(1028)
  print_cache_expired: cache expired for queue hpclj450 
(last_qscan_time = 1105351088, time now = 1105351201, qcachetime = 30)
[2005/01/10 11:00:01, 10] printing/printing.c:print_queue_update(1433)
  print_queue_update: Sending message -> printer = hpclj450, type = 6, 
lpq command = [/usr/bin/lpq -Prepr4 -L]
[2005/01/10 11:00:01, 3] smbd/sec_ctx.c:push_sec_ctx(256)
  push_sec_ctx(2001, 0) : sec_ctx_stack_ndx = 1
[2005/01/10 11:00:01, 3] smbd/uid.c:push_conn_ctx(365)
  push_conn_ctx(100) : conn_ctx_stack_ndx = 0
[2005/01/10 11:00:01, 3] smbd/sec_ctx.c:set_sec_ctx(288)
  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2005/01/10 11:00:01, 5] auth/auth_util.c:debug_nt_user_token(486)
  NT user token: (NULL)
[2005/01/10 11:00:01, 5] auth/auth_util.c:debug_unix_user_token(505)
  UNIX token of user 0
  Primary group is 0 and contains 0 supplementary groups
[2005/01/10 11:00:01, 2] lib/messages.c:message_notify(154)
  pid 21540 doesn't exist - deleting messages record
[..]
[2005/01/10 11:00:01, 4] printing/printing.c:print_cache_expired(1028)
  print_cache_expired: cache expired for queue hplj1100 
(last_qscan_time = 1105351090, time now = 1105351201, qcachetime = 30)
[2005/01/10 11:00:01, 10] printing/printing.c:print_queue_update(1433)
  print_queue_update: Sending message -> printer = hplj1100, type = 6, 
lpq command = [/usr/bin/lpq -Prepr5 -L]
[2005/01/10 11:00:01, 3] smbd/sec_ctx.c:push_sec_ctx(256)
  push_sec_ctx(2001, 0) : sec_ctx_stack_ndx = 1
[2005/01/10 11:00:01, 3] smbd/uid.c:push_conn_ctx(365)
  push_conn_ctx(100) : conn_ctx_stack_ndx = 0
[2005/01/10 11:00:01, 3] smbd/sec_ctx.c:set_sec_ctx(288)
  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2005/01/10 11:00:01, 5] auth/auth_util.c:debug_nt_user_token(486)
  NT user token: (NULL)
[2005/01/10 11:00:01, 5] auth/auth_util.c:debug_unix_user_token(505)
  UNIX token of user 0
  Primary group is 0 and contains 0 supplementary groups
[2005/01/10 11:00:01, 2] lib/messages.c:message_notify(154)
  pid 21540 doesn't exist - deleting messages record
[..]
[2005/01/10 11:00:01, 4] printing/printing.c:print_cache_expired(1028)
  print_cache_expired: cache expired for queue hplj4100 
(last_qscan_time = 1105351088, time now = 1105351201, qcachetime = 30)
[2005/01/10 11:00:01, 4] printing/printing.c:print_cache_expired(1044)
  print_cache_expired: message already pending for hplj4100.  Accepting 
cache
[..]
[2005/01/10 11:00:01, 4] printing/printing.c:print_cache_expired(1028)
  print_cache_expired: cache expired for queue hplj2200 
(last_qscan_time = 1105349941, time now = 1105351201, qcachetime = 30)
[2005/01/10 11:00:01, 4] printing/printing.c:print_cache_expired(1044)
  print_cache_expired: message already pending for hplj2200.  Accepting 
cache
[..]
[2005/01/10 11:00:01, 4] printing/printing.c:print_cache_expired(1028)
  print_cache_expired: cache expired for queue hplj4100 
(last_qscan_time = 1105351088, time now = 1105351201, qcachetime = 30)
[2005/01/10 11:00:01, 4] printing/printing.c:print_cache_expired(1044)
  print_cache_expired: message already pending for hplj4100.  Accepting 
cache
[..]
[2005/01/10 11:00:01, 4] printing/printing.c:print_cache_expired(1028)
  print_cache_expired: cache expired for queue hpclj450 
(last_qscan_time = 1105351088, time now = 1105351201, qcachetime = 30)
[2005/01/10 11:00:01, 4] printing/printing.c:print_cache_expired(1044)
  print_cache_expired: message already pending for hpclj450.  Accepting 
cache
[..]
[2005/01/10 11:00:01, 4] printing/printing.c:print_cache_expired(1028)
  print_cache_expired: cache expired for queue hplj1100 
(last_qscan_time = 1105351090, time now = 1105351201, qcachetime = 30)
[2005/01/10 11:00:01, 4] printing/printing.c:print_cache_expired(1044)
  print_cache_expired: message already pending for hplj1100.  Accepting 
cache
[..]
[2005/01/10 11:00:01, 4] printing/printing.c:print_cache_expired(1028)
  print_cache_expired: cache expired for queue hplj4100 
(last_qscan_time = 1105351088, time now = 1105351201, qcachetime = 30)
[2005/01/10 11:00:01, 4] printing/printing.c:print_cache_expired(1044)
  print_cache_expired: message already pending for hplj4100.  Accepting 
cache
[.]

[Samba] /var/lib/samba vs /var/cache/samba

[mrojava4]

I just installed Fedora 3 with Samba using the Samba RPM's on Fedora.  It
appears that this version still uses /var/cache/samba.  Should I deinstall
this version and use the RPM's on the samba.org site?

Mark
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Re: shifting samba machine

[Chris Lawder]

When I moved our Samba PDC to a new box I found the following helpful
http://ftp.uoi.gr/mirror/net/samba/docs/htmldocs/Samba-BDC-HOWTO.html
The section "How do I set up a Samba BDC?" explained to me how to 
properly move the private/MACHINE.SID.

My PDC was a freeBSD system so the system passwd, group type files were 
moved as per this posting I found...

http://lists.freebsd.org/pipermail/freebsd-questions/2004-February/036123.html
Using those two docs I was able to get the new system running as the PDC.
Hope this helps
Chris

Abe Shelton wrote:

Jim C. wrote:
| I tried this a week ago and afterward, none of the windows clients on
| our network would recognize "admin users" (Domain admins) as actual
...
| admin users.
Could this have something to do with LDAP posixGroup's vrs.
groupOfNames?  posixGroup is outdated and cannot be used to gain access
to the database itself. This means that your admins would not be able to
do stuff like add/remove users but might be able to do things like
delete users files and stuff. If you want admins to be database admins
as well you need to add them to a groupOfNames type group also.
We were not using LDAP at all - just flat /etc/passwd, /etc/group and 
/etc/samba/smbpasswd files. There isn't anything special about our 
setup, but still the transfer/shift of PDC machines never did work. 
Perhaps I needed to port over the "SID" from the old PDC to the new?

Abe

--
Number 41 Media Corporation
Suite 103 - 645 Fort Street
Victoria BC V8W 1G2
T 250.414.0410
F 250.414.0411
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Samba and Kerberos V

[Gémes Géza]

[EMAIL PROTECTED] írta:
On Mon, 10 Jan 2005, "Jukka" == Jukka Salmi wrote:
   

 Jukka> Does Samba have native Kerberos V support, i.e. is it
 Jukka> possible to authenticate against a (Heimdal, in our case)
 Jukka> kdc?
 

On Mon, 10 Jan 2005, "Ganeshram" == Ganeshram Iyer wrote:
   

 Ganeshram> I had just recently asked this question on this.
I see this question pop up on this list every so often, but one thing 
I never see addressed is whether or not Samba can be used to 
autheticate to the localhost, which, using PAM, could then 
authenticate against Kerberos.  Apache can do this, or use it's 
mod_auth_krb5 module.  Why can't Samba do something similar?

People who have an existing MIT kerberos implementation aren't going
to want to switch over to Heimdal.  And storing kerberos data in LDAP
just seems like an inherently bad idea to begin with.
 

What you are asking for is not possible, as long as:
-Windows clients, and Samba server aren't configured to use plain text 
passwords (quite a bad idea IMHO).
-Windows clients do not treat Samba as an Active Directory controler 
(see Samba4) which trust your MIT Kerberos server.
-Windows clients aren't part of an Active Directory domain which trust 
your MIT Kerberos server.
The problem is, that when Windows clients send the encrypted NT hashes 
to the Samba server, there is no way to get back the plaintext from it, 
and thus no possibility, to authenticate using that against Kerberos.
I don't know too much about authenticating Windows workstations directly 
against MIT Kerberos, and have no idea, that in that condition the 
workstation attempt or not a Kerberos authentication, when trying to 
connect to Samba server. If no then you can't do anything :-(. If yes 
there would be a need for some patches to the winbind daemon which would 
allow it to authenticate against MIT Kerberos, instead of  Active 
Directory (also Kerberos based).

Cheers,
Geza
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Re: shifting samba machine

[Abe Shelton]

Jim C. wrote:
| I tried this a week ago and afterward, none of the windows clients on
| our network would recognize "admin users" (Domain admins) as actual
...
| admin users.
Could this have something to do with LDAP posixGroup's vrs.
groupOfNames?  posixGroup is outdated and cannot be used to gain access
to the database itself. This means that your admins would not be able to
do stuff like add/remove users but might be able to do things like
delete users files and stuff. If you want admins to be database admins
as well you need to add them to a groupOfNames type group also.
We were not using LDAP at all - just flat /etc/passwd, /etc/group and 
/etc/samba/smbpasswd files. There isn't anything special about our 
setup, but still the transfer/shift of PDC machines never did work. 
Perhaps I needed to port over the "SID" from the old PDC to the new?

Abe
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Samba and Kerberos V

[pll+samba]

> On Mon, 10 Jan 2005, "Jukka" == Jukka Salmi wrote:

  Jukka> Does Samba have native Kerberos V support, i.e. is it
  Jukka> possible to authenticate against a (Heimdal, in our case)
  Jukka> kdc?

> On Mon, 10 Jan 2005, "Ganeshram" == Ganeshram Iyer wrote:

  Ganeshram> I had just recently asked this question on this.

I see this question pop up on this list every so often, but one thing 
I never see addressed is whether or not Samba can be used to 
autheticate to the localhost, which, using PAM, could then 
authenticate against Kerberos.  Apache can do this, or use it's 
mod_auth_krb5 module.  Why can't Samba do something similar?

People who have an existing MIT kerberos implementation aren't going
to want to switch over to Heimdal.  And storing kerberos data in LDAP
just seems like an inherently bad idea to begin with.


-- 
Seeya,
Paul

GPG Key fingerprint = 1660 FECC 5D21 D286 F853  E808 BB07 9239 53F1 28EE

 If you're not having fun, you're not doing it right!


-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] AD group member troubles

[Franz Ferdinand]

Hidiho!
I have a win2k network with AD and some samba servers. About 1.5 months 
ago suddenly one user could not access any files on any samba server (no 
probs on the win2k servers). A few days ago a second user couldn't 
access anymore any files on any samba server. Both can access files only 
if  the user has access rights but if only a group (where the user is a 
member of) is granted access it does not work. :(
One server was running for more than one year without making troubles 
and now this.
I tested it with Samba 3.0 RC2, 3.0.8, 3.0.9, 3.0.10 - every time the 
same problem.
On a test server I took smb.conf and nsswitch.conf from chapter 9 of 
"HowTo By Example" (but the oldest machine was running for more than one 
year without troubles and the config is nearly identically).
I'm using "Debian Sarge 3.0", kernel 2.4.27 (also tested with 2.4.18, 
2.4.21), Samba 3.0.10, MIT-KRB5 1.3.6...
I have about 50 users and more than 125 groups. Every user is member of 
several groups and file access is managed by groups. It seems as if I 
have reached some sort of limit (too many users, too many groups, 
whatever) and now the two guys (funny: my boss and our main hardware 
developer) can't work anymore :(
If I use wbinfo and getent I see a lot of groups for both guys but well 
- it don't work :(

Any ideas?
Greetings
  Franz
PS: Sorry for my bad english
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Samba and Kerberos V

[Ganeshram Iyer]

I had just recently asked this question on this. I have pulled out the
archive url for you. see if this helps. you can search the archive for
the other related emails.
http://lists.samba.org/archive/samba/2005-January/098189.html
Ganesh


On Mon, 10 Jan 2005 14:22:10 +0100, Jukka Salmi <[EMAIL PROTECTED]> wrote:
> Hi,
> 
> this is possibly a FAQ, but I couldn't find an answer to it so far,
> neither in the "Official HOWTO" nor somewhere else.
> 
> Does Samba have native Kerberos V support, i.e. is it possible to
> authenticate against a (Heimdal, in our case) kdc?
> 
> Hints are appreciated!
> 
> TIA, Jukka
> 
> --
> bashian roulette:
> $ ((RANDOM%6)) || rm -rf ~
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/listinfo/samba
> 


-- 
Ganeshram Iyer
415 South Oak St #117
Arlington, TX, 76010
Ph (H) - 817-274-7827
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] force create mode

[Bart Hendrix]

Hi Patrick,
Try to use the following in your smb.conf.
force create mode = 0770
Greetz Bart
- Original Message - 
From: "Patrick DUBAU" <[EMAIL PROTECTED]>
To: 
Sent: Monday, January 10, 2005 5:30 PM
Subject: Re: [Samba] force create mode


This is an update.
I found for question 2. Just putforce group =   or set the 
setgid bit on the root directory of the share

But i still can't solve my first problem.
What do i have to do so that each file that a user creates has the 
following rights rwx rwx --- ?
Were is the trick ? i read about force mask , creat mask ... in man 
smb.conf but i really don't understand



i wan to force  the rights of a file that is created by a user at rwx 
rwx --- in the shared folder (samba 3.10)

here's the section in smb.conf file of the share
[compta]
comment = fichiers du service comptable
path = /home/services/compta
public = yes
writeable = yes
read only = no
force create mode = 0034
valid users = @compta
# le groupe superviseur a tous les droits sur ce partage
admin users = @superviseur
browseable = no
i put force create mode = 0034, because i read that samba will make a 
'OR' bit operation on it
The default creat mask is 0744 so when i create a file the rights are rwx 
r-- r--.
Ok
But when i put  force create mode = 0034 i get rwx rwx r--  instead of 
rwx  rwx  --- !!
Where is the mistake?

Second question :
What instruction do i have to add in the [compta] section so that all the 
files are created with the right group (for now they are created with 
'Domain Users' group)

Thanks for ant help

--

Patrick DUBAU
IUFM d'Alsace -  Service Informatique : "Parfois détruire, souvent 
construire, toujours Servir"
200 avenue de Colmar 67100 STRASBOURG
Téléphone: 03.88.40.79.76
--

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Multiple winbindd processes

[Vladimir Levijev]

Hi,

My problem is that I'd like to have one GNU/Linux box with Samba installed 
serve multiple domains.

I have 2 Domains separated from each other. Connected Samba box to both 
domains and joined them successfully. Running 2 smbd and 2 nmbd processes 
bound to the appropreate network interface, with different settings serving 
appropreate domans.

Samba server is visible in both networks but here is the problem. I can start 
2 winbindd processes for each domain controller, but only one is actually 
working. So only users from that one are able to authenticate. Using 'lsof' 
showed that both winbindd processes are connected to the pipe, but only the 
last one started is actually listening to requests?

The question is, what do I need to do to make 2 winbindd processes work 
simultaneously? Is there a solution available, or I will need to write a 
patch for winbind?

TIA,

-- 
[EMAIL PROTECTED]
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Security scan causing load on PDC to skyrocket

[Robert M. Martel]

Greetings,
This is not a problem with Samba as I see it but I am hoping that others 
on the list have some ideas for working around the issue.

Our central computer services group scans all the campus networks using 
Nessus and some custom rules to look for security problems.

What I am seeing within my college is my Samba PDC getting beat-up when 
the scans go though.  They scan a block of PCs at the same time looking 
for accounts w/o passwords.  I see the load average skyrocket for a 
nice, normal 1.x to 49 and above.  The smblogs show many lines like the 
following:

...
2005/01/10 12:19:10, 2] auth/auth.c:check_ntlm_password(312)
  check_ntlm_password:  Authentication for user [Guest] -> [Guest] 
FAILED with error NT_STATUS_NO_SUCH_USER
[2005/01/10 12:19:11, 2] auth/auth.c:check_ntlm_password(312)
  check_ntlm_password:  Authentication for user [Guest] -> [Guest] 
FAILED with error NT_STATUS_NO_SUCH_USER
[2005/01/10 12:19:13, 2] auth/auth.c:check_ntlm_password(312)
  check_ntlm_password:  Authentication for user [Guest] -> [Guest] 
FAILED with error NT_STATUS_NO_SUCH_USER
...

I have Samba 3.10 on a Sun 420R running solaris 9 as my PDC.  At this 
time the password back end on the PDC is plain old text smbpasswd file 
as we've not had a chance to move it to something more sophisticated - 
and we should because that has grown huge - which I am sure doesn't help 
this situation.

Short of getting the central people to back off of their testings  - 
which they don't want to do for obvious reasons - does anyone have 
thoughts on what I can do on my samba server to prevent this scanning 
from turning into a denial of service attack?

Thanks
Bob Martel
--
***
Bob Martel,System Administrator  I met someone who looks a lot like you
Levin College of Urban Affairs   She does the things you do
Cleveland State University   But she is an IBM
(216) 687-2214
[EMAIL PROTECTED]-Jeff Lynne
***
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Samba 3.x auth. and idmap_rid on RedHat AS 2.1

[jphml]

I try to use idmap_rid with Samba/Winbind authentication for Windows on Active 
Directory. The authentication works fine but I'm unable to compile the 
idmap_rid module.

Here is my configuration options:
./configure --prefix=/usr --sysconfdir=/etc/samba \
--localstatedir=/var/samba --with-ldap --with-ads \
--with-smbmount --with-pam --with-pam_smbpass \
--with-winbind --with-configdir=/etc/samba \
--with-logbasedir=/var/log/samba \
--with-shared-modules=idmap_rid


Here is the error:
Compiling sam/idmap_rid.c with -fPIC
sam/idmap_rid.c: In function `rid_idmap_parse':
sam/idmap_rid.c:55: parse error before `sid_str'
sam/idmap_rid.c:58: parse error before `tok'
sam/idmap_rid.c:65: `sid_str' undeclared (first use in this function)
sam/idmap_rid.c:65: (Each undeclared identifier is reported only once
sam/idmap_rid.c:65: for each function it appears in.)
sam/idmap_rid.c:79: `tok' undeclared (first use in this function)
sam/idmap_rid.c:103: `known_domain' undeclared (first use in this function)
make: *** [sam/idmap_rid.po] Error 1


I searched for docs about idmap_rid but I didn't find to much info. If someone 
could help me on that it would be appreciated.

Thanks,
Jean-Philippe Houde

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] force create mode

[Patrick DUBAU]

This is an update.
I found for question 2. Just putforce group =   or set 
the setgid bit on the root directory of the share

But i still can't solve my first problem.
What do i have to do so that each file that a user creates has the 
following rights rwx rwx --- ?
Were is the trick ? i read about force mask , creat mask ... in man 
smb.conf but i really don't understand



i wan to force  the rights of a file that is created by a user at rwx 
rwx --- in the shared folder (samba 3.10)

here's the section in smb.conf file of the share
[compta]
comment = fichiers du service comptable
path = /home/services/compta
public = yes
writeable = yes
read only = no
force create mode = 0034
valid users = @compta
# le groupe superviseur a tous les droits sur ce partage
admin users = @superviseur
browseable = no
i put force create mode = 0034, because i read that samba will make a 
'OR' bit operation on it
The default creat mask is 0744 so when i create a file the rights are 
rwx r-- r--.
Ok
But when i put  force create mode = 0034 i get rwx rwx r--  instead 
of  rwx  rwx  --- !!
Where is the mistake?

Second question :
What instruction do i have to add in the [compta] section so that all 
the files are created with the right group (for now they are created 
with 'Domain Users' group)

Thanks for ant help

--

Patrick DUBAU
IUFM d'Alsace -  Service Informatique : "Parfois détruire, souvent construire, 
toujours Servir"
200 avenue de Colmar 67100 STRASBOURG
Téléphone: 03.88.40.79.76
--
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] smbpasswd -e (3.0.10)

[William Jojo]

I really need to get some sleepmy problem. Please disregard this
message. It works. The user has no password entries. We migrated from
smbpasswd and this person did not have an smbpasswd entry.

My apologies for any wasted cycles :-)


Bill


On Mon, 10 Jan 2005, William Jojo wrote:

>
>
> AIX 5.2, OpenLDAP 2.2.20
>
> We've just moved to LDAP (this weekend) and when I do a smbpasswd -e to
> enable a user it is prompting for a "New SMB password:"
>
> I've secured the attributes like so:
>
> access to dn.subtree="ou=People,dc=hvcc,dc=edu" attrs=userPassword
>   by self write
>   by dn="cn=root,dc=hvcc,dc=edu" write
>   by * auth
>
> access to dn.subtree="ou=People,dc=hvcc,dc=edu" 
> attrs=sambaLMPassword,sambaNTPassword
>   by dn="cn=root,dc=hvcc,dc=edu" write
>   by * none
>
> Per the docs, but the problem is a -D10 shows:
>
> smbldap_get_single_attribute: [sambaUserWorkstations] = []
> smbldap_get_single_attribute: [sambaMungedDial] = []
> smbldap_get_single_attribute: [sambaLMPassword] = []
> smbldap_get_single_attribute: [sambaNTPassword] = []
>
> Which clearly indicates the security is too tight, but why doesn't it
> connect as rootdn since I'm running it as the root user anyway?
>
>
>
> Bill
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/listinfo/samba
>
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] PDC Trust problems

[Jason Self]

Here is the problem, I have convifgured samba to act as a PDC,  I have 
set an add user scipt serveral different ways and I have added my 
machine account as a trust...in windows the name of the computer is ids1 
so the the name of the computer in smbpasswd is ids1$.  I am able to 
"see" the domain,  I am able to query the PDC server and list the users 
available to me to create a domain user on this machine but I can not 
logon.  When I set windows to use a Domain I log in with root, it 
connects and welcomes me to the domain, then tells me to restart.  I do 
and then I try to logon at the logon screen with a user named on the 
PDCthat does not work.  I then logged on to the local account and 
tried to add a domain user, I do a browse, advance, find now, in the 
users control panel and enter my servers root logon/passwd...this lists 
the two users available to me on the PDC,  root and jasons.  Both of 
these users give a error about not being able to create a trust with 
this machine.  My only guesses left are that I have overlooked something 
in the configuration or that I have some sort of permission problem, but 
I don't know what would cause thisI am also hoping to be using 
roaming profiles.My relivant smb.conf parts are below if it helps.

--
[global]
   workgroup = INTERTECHDOMAIN
   netbios name = INTERTECHSERVER
   server string = Intertech Samba Server
   passwd program = /usr/bin/passwd %u
   passwd chat = *New*password* %n\n *Please*retype*new*password* %n\n 
*password*successfully*updated*
   unix password sync = Yes
   log level = 3
   log file = /var/log/samba/%m.log
   name resolve order = lmhosts wins hosts bcast
   socket options = TCP_NODELAY SO_SNDBUF=8192 SO_RCVBUF=8192
   domain admin group = @staff @root
   add user script = /usr/sbin/useradd -d /dev/null -g 100 -s 
/bin/false -M %u
   logon script = netlogon.bat
   logon path = \\%L\profiles\%U
   logon home = \\%L\%Ulogon drive = H:
   domain logons = Yes
   os level = 64
   preferred master = Yes
   domain master = Yes
   wins support = Yes
[homes]
   comment = Home Directories
   valid users = %S
   read only = No
   create mask = 0664
   directory mask = 0775
   browseable = No
[netlogon]
   comment = The domain logon service
   path = /home/samba/netlogon
   share modes = No

[Profiles]
   path = /home/samba/profiles
   browseable = No

--
Respectfully yours,
Jason Self
Electrical Designer /
Network Administrator
Intertech Design Services, Inc.
Get Firefox Get Thunderbird 


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] smbpasswd -e (3.0.10)

[William Jojo]

AIX 5.2, OpenLDAP 2.2.20

We've just moved to LDAP (this weekend) and when I do a smbpasswd -e to
enable a user it is prompting for a "New SMB password:"

I've secured the attributes like so:

access to dn.subtree="ou=People,dc=hvcc,dc=edu" attrs=userPassword
  by self write
  by dn="cn=root,dc=hvcc,dc=edu" write
  by * auth

access to dn.subtree="ou=People,dc=hvcc,dc=edu" 
attrs=sambaLMPassword,sambaNTPassword
  by dn="cn=root,dc=hvcc,dc=edu" write
  by * none

Per the docs, but the problem is a -D10 shows:

smbldap_get_single_attribute: [sambaUserWorkstations] = []
smbldap_get_single_attribute: [sambaMungedDial] = []
smbldap_get_single_attribute: [sambaLMPassword] = []
smbldap_get_single_attribute: [sambaNTPassword] = []

Which clearly indicates the security is too tight, but why doesn't it
connect as rootdn since I'm running it as the root user anyway?



Bill
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Re: Differences between Samba-related PAM modules

[William Enestvedt]

Jerry wrote:
> 
> Looks like a good summary to me.  You can also use
> pam_ldap and pam_krb5 with AD.
> 
   Is this also true on Solaris 8?
   I'm trying to get Samba 3.0.10 to authenticate some Windows users against
the Active Directory without making local Solaris accounts. Do I need to
build MIT Kerberos [done, v. 1.3.5], then OpenLDAP [having problems learning
how to configure this, 2.2.19], and *then* Samba?
   Does pam_ldap replace OpenLDAP? Does pam-krb5 replace Kerberos? Can I use
just one, or do both substitutions take place?
   I have the books and I try to read the newsgroup, but I'm having trouble
getting all three of these things going at once. (I have a late 2-series
Samba install running, but it doesn't have the snazzy AD integration.)
   Thanks for any pointers to more information.
-wde

-- 
William Enestvedt
]UNIX System Administrator   |   Johnson & Wales University, Providence, RI


-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Spool queue issue winxp and samba-3.0.x

[David Schlenk]

On Jan 10, 2005, at 2:42 AM, Samba List Unetix wrote:
On Friday 07 January 2005 18:40, Gerald (Jerry) Carter wrote:
Samba List Unetix wrote:
| Hai,
|
| Lately I am encountering a weird issue with spool queue
| under winxp and samba+cups.
try the printing patch at
http://www.samba.org/~jerry/patches/post-3.0.10/
I've got one report that its will correct the problem and
one that the problem still exists.  YMMV.
Thanx for the rapid answer , I'm actually using 3.0.11pre1 now , and 
the
problem still exists, is this patch in the .11pre1 version or should 
it be
applied still?

I deployed 3.0.10 with printing patch v2 on Friday night and although 
it did seem to operate correctly when I sent jobs to it right after the 
upgrade, it is not working properly now and is leaving jobs in the 
queue.  Are people finding success with the additional release_print_db 
call Jerome Borsboom mentioned?
--
David Schlenk
Operating Systems Analyst
Bethel University
Saint Paul, Minnesota
[EMAIL PROTECTED]

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Problem with mixed-case usernames and group mapping

[Gustavo Noronha Silva]

Hello,
I've got a problem with user<->group mapping. Our windows PDC has 
mixed-case usernames. 'getent passwd' is ok, as it simply ignores case 
and shows all users in lowercase, but 'getent group' will give me 
'group: User,User2', so when I 'id user' it will not be shown as member 
of 'group'.

A simple example:
# getent passwd fernando.rodrigues
fernando.rodrigues:[...]:Fernando Rodrigues Mendonca:[...]
# getent group cgmi
cgmi:[...]:gustavo.silva,Fernando.Rodrigues,Marcelo.Pellicano,[...]
# id fernando.rodrigues
[...] gid=1(Domain Users) grupos=1(Domain Users)
Any ideas?
Thanks,
--
Gustavo Noronha Silva <[EMAIL PROTECTED]>
Coordenador-Geral de Modernização e Informática
Ministério das Cidades
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] PDC + BDC + LDAP replication

[David Sonenberg]

So I've got my Samba test environment working great.  PDC and BDC are
both up with a LDAP backends.  I have the LDAP servers replicating.  The
only issue is when I create a new user account on the master with the
smbldap_useradd command, it does not create a system level account on
the BDC.  I don't really care about unix logons, but I wanted to know if
this will have any effect on the Samba environment?
-- 
David Sonenberg
Systems / Network Administrator
Stroz Friedberg, LLC
15 Maiden Lane, Suite 1208
New York, NY 10038
212.981.6527 (o) | 917.495.4918 (c)
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

RETRACT: Re: [Samba] [PATCH] printing patch update

[Misty Stanley-Jones]

This mail was sent in error.  The patch does compile.

On Monday 10 January 2005 09:33, Misty Stanley-Jones wrote:
> On Monday 10 January 2005 09:15, Jerome Borsboom wrote:
> > In reviewing the recent printing-3-0-10_v2 patch, I think I have
> > found an omitted 'release_print_db'. The following patch
> > corrects this.
> >
> > Regards,
> >
> > Jerome Borsboom
> >
> > --- samba-3.0.10/source/printing/printing.c 2005-01-10 15:07:27.060999122
> > +0100 +++ samba-3.0.10.new/source/printing/printing.c   2005-01-10
> > 15:07:36.784464292 +0100 @@ -1077,6 +1077,7 @@
> >
> > if ( !print_cache_expired(sharename, False) ) {
> > DEBUG(5,("print_queue_update_internal: print cache for %s is 
> > still
> > ok\n", sharename)); +   release_print_db( pdb );
> > return;
> > }
>
> I tried adding this to printing.c in 3.0.11pre1 and it does not compile:
> Compiling printing/printing.c
> printing/printing.c: In function `print_cache_expired':
> printing/printing.c:1038: warning: passing arg 3 of `tdb_fetch_uint32' from
> incompatible pointer type
> printing/printing.c: In function `print_queue_update_internal':
> printing/printing.c:2713: error: parse error at end of input
> printing/printing.c:30: warning: `remove_from_jobs_changed' used but never
> defined
> make: *** [printing/printing.o] Error 1
>
> Just thought you would like to know,
> Misty
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Samba + LDAP Computers OU

[Adam Tauno Williams]

> I would like to put Computer accounts in a different OU from the user
> accounts.
> Is this possible ?

YES.  And it has been discussed many times.  The archives should provide you 
with a variety of answers.

> I read that there is a bug regarding this and that Computer accounts can
> only be created in the People OU.
> Is this still true ?

It never was true.  This is an issue relating to the NSS search base for POSIX 
accounts.  NSS *MUST* resolve all posixAccounts used by the samba server, so if 
the machine posixAccounts are not subordinate to your search base for POSIX 
accounts..

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] [PATCH] printing patch update

[Misty Stanley-Jones]

On Monday 10 January 2005 09:15, Jerome Borsboom wrote:
> In reviewing the recent printing-3-0-10_v2 patch, I think I have
> found an omitted 'release_print_db'. The following patch
> corrects this.
>
> Regards,
>
> Jerome Borsboom
>
> --- samba-3.0.10/source/printing/printing.c   2005-01-10 15:07:27.060999122
> +0100 +++ samba-3.0.10.new/source/printing/printing.c 2005-01-10
> 15:07:36.784464292 +0100 @@ -1077,6 +1077,7 @@
>
>   if ( !print_cache_expired(sharename, False) ) {
>   DEBUG(5,("print_queue_update_internal: print cache for %s is 
> still
> ok\n", sharename)); + release_print_db( pdb );
>   return;
>   }

I tried adding this to printing.c in 3.0.11pre1 and it does not compile:
Compiling printing/printing.c
printing/printing.c: In function `print_cache_expired':
printing/printing.c:1038: warning: passing arg 3 of `tdb_fetch_uint32' from 
incompatible pointer type
printing/printing.c: In function `print_queue_update_internal':
printing/printing.c:2713: error: parse error at end of input
printing/printing.c:30: warning: `remove_from_jobs_changed' used but never 
defined
make: *** [printing/printing.o] Error 1

Just thought you would like to know,
Misty
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] [PATCH] printing patch update

[Jerome Borsboom]

In reviewing the recent printing-3-0-10_v2 patch, I think I have 
found an omitted 'release_print_db'. The following patch 
corrects this.

Regards,

Jerome Borsboom

--- samba-3.0.10/source/printing/printing.c 2005-01-10 15:07:27.060999122 
+0100
+++ samba-3.0.10.new/source/printing/printing.c 2005-01-10 15:07:36.784464292 
+0100
@@ -1077,6 +1077,7 @@
 
if ( !print_cache_expired(sharename, False) ) {
DEBUG(5,("print_queue_update_internal: print cache for %s is 
still ok\n", sharename));
+   release_print_db( pdb );
return;
}
 

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Samba + LDAP Computers OU

[Paul Gienger]

I would like to put Computer accounts in a different OU from the user
accounts.
Is this possible ?
 

Yes, but you'll have do some more configuration on your ldap server 
either to your data layout or your search.

I read that there is a bug regarding this and that Computer accounts can
only be created in the People OU.
Is this still true ?
 

Please search the archives, this one has been gone over to death, it 
seems to come up at least every other week.

--
--
Paul GiengerOffice: 701-281-1884
Applied Engineering Inc.
Systems Architect   Fax:701-281-1322
URL: www.ae-solutions.com   mailto: [EMAIL PROTECTED]
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Password Sync on cross/multiple-platforms

[Paul Gienger]

RH9 server running Samba, clients are Windows 2000, XP, MAC.  What are some
ways to synchronize the client passwords with the Samba server, even each
time when the user changes a password?
 

I get the feeling that you have users defined on the client machine, is 
that correct?  If so, I don't believe there is any way that the windows 
machines at least, provide you to hook into the password change 
mechanism to signal something else.  This is one of the many advantages 
to using domains, you don't have any local password to sync.  I would 
suggest looking into domains if you aren't running one.

--
--
Paul GiengerOffice: 701-281-1884
Applied Engineering Inc.
Systems Architect   Fax:701-281-1322
URL: www.ae-solutions.com   mailto: [EMAIL PROTECTED]
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Samba + LDAP Computers OU

[Nic le Roux]

Good day,
 
I would like to put Computer accounts in a different OU from the user
accounts.
Is this possible ?
I read that there is a bug regarding this and that Computer accounts can
only be created in the People OU.
Is this still true ?
 
I'm using Samba 3.0.10
 
 
Any help appreciated thanks and Regards
Nic
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] force create mode

[Patrick DUBAU]

Hi,
i wan to force  the rights of a file that is created by a user at rwx 
rwx --- in the shared folder (samba 3.10)

here's the section in smb.conf file of the share
[compta]
comment = fichiers du service comptable
path = /home/services/compta
public = yes
writeable = yes
read only = no
force create mode = 0034
valid users = @compta
# le groupe superviseur a tous les droits sur ce partage
admin users = @superviseur
browseable = no
i put force create mode = 0034, because i read that samba will make a 
'OR' bit operation on it
The default creat mask is 0744 so when i create a file the rights are 
rwx r-- r--.
Ok
But when i put  force create mode = 0034 i get rwx rwx r--  instead of  
rwx  rwx  --- !!
Where is the mistake?

Second question :
What instruction do i have to add in the [compta] section so that all 
the files are created with the right group (for now they are created 
with 'Domain Users' group)

Thanks for ant help
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Samba and Kerberos V

[Jukka Salmi]

Hi,

this is possibly a FAQ, but I couldn't find an answer to it so far,
neither in the "Official HOWTO" nor somewhere else.

Does Samba have native Kerberos V support, i.e. is it possible to
authenticate against a (Heimdal, in our case) kdc?


Hints are appreciated!

TIA, Jukka

-- 
bashian roulette:
$ ((RANDOM%6)) || rm -rf ~
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

RE: [Samba] Off line folders

[Collins, Kevin]

I may be able to help on this one...we were having a similar problem and
just last week cured it. (I hope!) 

I had to do two things:

1). On the clients having this problem, edit this registry key:
"HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\NetCache\GoOff
lineOnSlowLink".  If it's not there (as in my case) you may have to add the
last key.  Make sure it's a DWORD Value when you add it.  Then set it's
value to "1".  Restart the computer.

2). Next define a group policy that determines what a "Slow Link" is.  Run
"GPEDIT.msc" from a command line and then look for the following selection:
"Computer Configuration->Adminstrative Templates->Network->Offline
Files->Configure Slow Link Speed".  I set it to a ridulously low speed - 32k
- as I never hope to see my 100Mb/s network reduced to that little amount of
bandwidth.  Since then my users have not been offline once. (Unless of
course they actually are disconnected from my network.)

I hope I've helped.

Kevin


> -Original Message-
> From: Graeme Walker [mailto:[EMAIL PROTECTED] 
> Sent: Sunday, January 09, 2005 2:24 PM
> To: samba@lists.samba.org
> Subject: [Samba] Off line folders
> 
> Hi
> 
> I keep having problems with XP machines connecting to a Samba 
> server (3.0.9), where the users keep going off line, small 20 
> user network, not network perfomance issues.
> 
> Disable off line folders and all works. Reason for off line 
> folders, it is a laptop and mydocs sits on server, also acts 
> as a backup and server is backed up.
> 
> Thanks
> 
> Graeme 
> 
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/listinfo/samba
> 
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Sharing a vfat partition

[Gémes Géza]

Benjamin Bach írta:
Hi Everybody!
I'm sharing my VFAT partition on computer #1.
Computer #2 can both read and write stuff on computer #1, but every
once in a while - could be like 1 in 3 - my XP on computer #2 will
say "file system error". The second error will say something about
the file being locked.
Then I changed my smb.conf to make samba say that my share
was a FAT (instead of NTFS) and I removed ACL support (=no file
lock errors).
No problems now!
And I guess this ended up being all just a tip...
VFAT is probably the best kind of partition to share your documents
on since all OS can read it and Samba can, too.
/Benjamin
 

I would say, that it is the worst choice.
If your files are only accessed from the OS on wich Samba run, and Samba 
of course, then the best choice would be some journaling, ACL compliant 
fs, and specifying NTFS as the filesystem to clients.

Regards,
Geza
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Sharing a vfat partition

[Benjamin Bach]

Hi Everybody!
 
I'm sharing my VFAT partition on computer #1.
 
Computer #2 can both read and write stuff on computer #1, but every
once in a while - could be like 1 in 3 - my XP on computer #2 will
say "file system error". The second error will say something about
the file being locked.
 
Then I changed my smb.conf to make samba say that my share
was a FAT (instead of NTFS) and I removed ACL support (=no file
lock errors).
 
No problems now!
 
And I guess this ended up being all just a tip...
 
VFAT is probably the best kind of partition to share your documents
on since all OS can read it and Samba can, too.
 
/Benjamin
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] samba as PDC not working after switch to debian

[amir]

Hi !

I changed a working sama PDC installation on a box that used to run
slackware 8.1 to debian 3.0 (woody)
The previous samba version was 2.2.4 and now it is 2.2.3a-14.1.

When i try to login the clients i get an error message saying somethibng
about that the rights are wrong and that it won't load the server profile.
The netlogon script gets executed though.

The old /home got copied to the new location with the following command.

#find . -xdev | cpio -pm /home

Any suggestions on what to do?

Sincerly

Amir Mechouk

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Spool queue issue winxp and samba-3.0.x

[Samba List Unetix]

On Friday 07 January 2005 18:40, Gerald (Jerry) Carter wrote:
> Samba List Unetix wrote:
> | Hai,
> |
> | Lately I am encountering a weird issue with spool queue
> | under winxp and samba+cups.
>
> try the printing patch at
> http://www.samba.org/~jerry/patches/post-3.0.10/
>
> I've got one report that its will correct the problem and
> one that the problem still exists.  YMMV.

Thanx for the rapid answer , I'm actually using 3.0.11pre1 now , and the 
problem still exists, is this patch in the .11pre1 version or should it be
applied still?

TIA

Wim Bakker
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba