Re: [Samba] Access2k Sharing Problem
I meant Access2000 of course, and the samba versions I tried were samba-3.0.7 3.0.10 and the prerelease 3.0.11rc1. Any help would be appreciated, Peter Huetmannsberger, RHCE On Tue, 18 Jan 2005, Peter Huetmannsberger wrote: > > Hi! > > Using samba-3.0.11 or 3.0.11rc1 on RH9 > Win Clients are XP SP2 > > > I have a problem with sharing an ACCESS2000 mdb file on a samba share. The > first user can open the file without any trouble. The next user (or the > same user again) has to wait a timed 4 minutes before the database opens > for him. > > I have tried a number of various locking options (oplocks = no, veto > oplocks file = *\.mdb, even fake oplocks = yes) in order to improve the > situation, but to no avail. > > One of the debugging messages I got was NT_STATUS_LOCK_NOT_GRANTED amongst > a number of things I did not understand. > > A downgrade to 2.2.12 improved the situation immediately, the second user > has no trouble opening the file, and working with it. > > I would like to use the features of samba-3.0.10 for a samba PDC which is > why I am not happy about downgrading. But the database is the main tool > for the film festival I work for, so it must work. > > HAs anyone else found a solution to ACCESS2000 sharing problems. > > Any help would be appreciated. > > Many thanks, > > Peter Huetmannsberger, RHCE > > -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Two Samba Servers in one domain ?
- Original Message - From: "kurt weiss" <[EMAIL PROTECTED]> To: "remote" <[EMAIL PROTECTED]> Sent: Monday, January 17, 2005 7:20 PM Subject: Re: [Samba] Two Samba Servers in one domain ? remote schrieb: it's possible, but only 1 can be PDC. Yes, but I don´t want either of them to be the PDC anyway. I have a small network with official IPs (some Windows, some Linux) and two computing clusters with a range of private IPs each. Each cluster is connected to the machines on the official IP range via a gateway machine with two NICs, one for the private and one for the official IP range. Several directories on the cluster nodes are mounted to the respective gateway box via NFS and I now to try to make these directories available to the Windows machines via SAMBA. until here i did understand (i hope)... summary: - global network is (a) - private segment (b) - private segment (c) you've linked directories via NFS on gw(a) and gw(b) and you want to access from clients in the private networks. if it's the best solution will be another question, but... Actually, you got it the wrong way around... :) My Windows machines are in the global network, the aim is that they can access the chosen directories within the private segments. Your solution should be applicable anyway, though (I hope). BTW, what would be the best solution, in your opinion ? no problem: - install samba on the gw's (2.2.9) - use "interfaces" and "bind interfaces only" to ensure, that samba answers only in the private network. - use "domain master = no" if there's already servers in the networks, - create a share entry, that points to the NFS structure on the given gw. Is this possible with only one Samba server ? If so, how ? Thanks, Jörg -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba authentication slow against PDC
On Mon, Jan 17, 2005 at 04:22:09PM -0600, Chris Snider wrote: > We are currently running three Samba 3.0.x file servers which authenticate The "x" in 3.0.x is interesting. There has been a serious optimization in 3.0.10, significant more work there is to come in 3.0.11 Volker -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Re: samba periodically access the disk even when idle ?
On 2005-01-18, gary ng <[EMAIL PROTECTED]> wrote: > does samba server access the disk periodically even it > is not serving any client ? I am trying to setup a > home server which is not frequently used and set the > HD to spin down after 60s inactivity. But it get kicks > up again apparently by samba(stoping samba and the > disk won't spin up anymore). I think it is a 3 minute > or so interval. > > Is there a way to tell it not to as I can sacrifice > some performance in exchange for much less noise and > some power savings. Short of a good answer, here's a guess: Logging with disk buffering. Set your loglevel to 0 and see if it stops. Wil -- Wil Cooley [EMAIL PROTECTED] Naked Ape Consultinghttp://nakedape.cc * * * * Linux, UNIX, Networking and Security Solutions * * * * -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] samba periodically access the disk even when idle ?
Hi, does samba server access the disk periodically even it is not serving any client ? I am trying to setup a home server which is not frequently used and set the HD to spin down after 60s inactivity. But it get kicks up again apparently by samba(stoping samba and the disk won't spin up anymore). I think it is a 3 minute or so interval. Is there a way to tell it not to as I can sacrifice some performance in exchange for much less noise and some power savings. thanks. gary ps. please cc if possible as I am not on this list(but would check the archive). __ Do you Yahoo!? Take Yahoo! Mail with you! Get it on your mobile phone. http://mobile.yahoo.com/maildemo -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Re: Unable to connect to smb shares from second machine in workgroup
I upped the log level to 5 and restarted Samba. From Starbase I did a simple: C:\> net use w: \\earth\web Enter the user name for 'earth': System error 1223 has occurred. The operation was canceled by the user. The password is invalid for \\earth\web. The logfile follows. It seems clear that it's confused as to which user is requesting access and I get mapped to nobody (but I'm not nobody! I'm not, I'm not, I'm not!). [2005/01/17 20:23:31, 5] smbd/connection.c:claim_connection(156) claiming 0 [2005/01/17 20:23:31, 5] smbd/reply.c:reply_special(152) init msg_type=0x81 msg_flags=0x0 [2005/01/17 20:23:31, 3] smbd/process.c:process_smb(878) Transaction 1 of length 137 [2005/01/17 20:23:31, 5] lib/util.c:show_msg(275) size=133 smb_com=0x72 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51283 [2005/01/17 20:23:31, 5] lib/util.c:show_msg(281) smb_tid=0 smb_pid=65279 smb_uid=0 smb_mid=0 smt_wct=0 [2005/01/17 20:23:31, 5] lib/util.c:show_msg(291) smb_bcc=98 [2005/01/17 20:23:31, 3] smbd/process.c:switch_message(685) switch message SMBnegprot (pid 15356) [2005/01/17 20:23:31, 3] smbd/sec_ctx.c:set_sec_ctx(329) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2005/01/17 20:23:31, 5] smbd/uid.c:change_to_root_user(217) change_to_root_user: now uid=(0,0) gid=(0,0) [2005/01/17 20:23:31, 3] smbd/negprot.c:reply_negprot(342) Requested protocol [PC NETWORK PROGRAM 1.0] [2005/01/17 20:23:31, 3] smbd/negprot.c:reply_negprot(342) Requested protocol [LANMAN1.0] [2005/01/17 20:23:31, 3] smbd/negprot.c:reply_negprot(342) Requested protocol [Windows for Workgroups 3.1a] [2005/01/17 20:23:31, 3] smbd/negprot.c:reply_negprot(342) Requested protocol [LM1.2X002] [2005/01/17 20:23:31, 3] smbd/negprot.c:reply_negprot(342) Requested protocol [LANMAN2.1] [2005/01/17 20:23:31, 3] smbd/negprot.c:reply_negprot(342) Requested protocol [NT LM 0.12] [2005/01/17 20:23:31, 3] smbd/negprot.c:reply_negprot(426) Selected protocol NT LM 0.12 [2005/01/17 20:23:31, 5] smbd/negprot.c:reply_negprot(433) negprot index=5 [2005/01/17 20:23:31, 5] lib/util.c:show_msg(275) size=86 smb_com=0x72 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=1 [2005/01/17 20:23:31, 5] lib/util.c:show_msg(281) smb_tid=0 smb_pid=65279 smb_uid=0 smb_mid=0 smt_wct=17 [2005/01/17 20:23:31, 5] lib/util.c:show_msg(286) smb_vwv[0]=5 (0x5) [2005/01/17 20:23:31, 5] lib/util.c:show_msg(286) smb_vwv[1]=12803 (0x3203) [2005/01/17 20:23:31, 5] lib/util.c:show_msg(286) smb_vwv[2]=256 (0x100) [2005/01/17 20:23:31, 5] lib/util.c:show_msg(286) smb_vwv[3]=1024 (0x400) [2005/01/17 20:23:31, 5] lib/util.c:show_msg(286) smb_vwv[4]=65 (0x41) [2005/01/17 20:23:31, 5] lib/util.c:show_msg(286) smb_vwv[5]=0 (0x0) [2005/01/17 20:23:31, 5] lib/util.c:show_msg(286) smb_vwv[6]=256 (0x100) [2005/01/17 20:23:31, 5] lib/util.c:show_msg(286) smb_vwv[7]=64512 (0xFC00) [2005/01/17 20:23:31, 5] lib/util.c:show_msg(286) smb_vwv[8]=59 (0x3B) [2005/01/17 20:23:31, 5] lib/util.c:show_msg(286) smb_vwv[9]=63744 (0xF900) [2005/01/17 20:23:31, 5] lib/util.c:show_msg(286) smb_vwv[10]=227 (0xE3) [2005/01/17 20:23:31, 5] lib/util.c:show_msg(286) smb_vwv[11]=32768 (0x8000) [2005/01/17 20:23:31, 5] lib/util.c:show_msg(286) smb_vwv[12]=16227 (0x3F63) [2005/01/17 20:23:31, 5] lib/util.c:show_msg(286) smb_vwv[13]=5495 (0x1577) [2005/01/17 20:23:31, 5] lib/util.c:show_msg(286) smb_vwv[14]=50429 (0xC4FD) [2005/01/17 20:23:31, 5] lib/util.c:show_msg(286) smb_vwv[15]=57345 (0xE001) [2005/01/17 20:23:31, 5] lib/util.c:show_msg(286) smb_vwv[16]=2049 (0x801) [2005/01/17 20:23:31, 5] lib/util.c:show_msg(291) smb_bcc=17 [2005/01/17 20:23:31, 3] smbd/process.c:process_smb(878) Transaction 2 of length 150 [2005/01/17 20:23:31, 5] lib/util.c:show_msg(275) size=146 smb_com=0x73 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=18439 [2005/01/17 20:23:31, 5] lib/util.c:show_msg(281) smb_tid=0 smb_pid=65279 smb_uid=0 smb_mid=64 smt_wct=13 [2005/01/17 20:23:31, 5] lib/util.c:show_msg(286) smb_vwv[0]=117 (0x75) [2005/01/17 20:23:31, 5] lib/util.c:show_msg(286) smb_vwv[1]=115 (0x73) [2005/01/17 20:23:31, 5] lib/util.c:show_msg(286) smb_vwv[2]=16644 (0x4104) [2005/01/17 20:23:31, 5] lib/util.c:show_msg(286) smb_vwv[3]=50 (0x32) [2005/01/17 20:23:31, 5] lib/util.c:show_msg(286) smb_vwv[4]=0 (0x0) [2005/01/17 20:23:31, 5] lib/util.c:show_msg(286) smb_vwv[5]=15356 (0x3BFC) [2005/01/17 20:23:31, 5] lib/util.c:show_msg(286) smb_vwv[6]=0 (0x0) [2005/01/17 20:23:31, 5] lib/util.c:show_msg(286) smb_vwv[7]=1 (0x1) [2005/01/17 20:23:31, 5] lib/util.c:show_msg(286) smb_vwv[8]=0 (0x0) [2005/01/17 20:23:31, 5] lib/util.c:show_msg(286) smb_vwv[9]=0 (0x0) [2005/01/17 20:23:31, 5] lib/util.c:show_msg(286) smb_vwv[10]=0 (0x0) [2005/01/17 20:23:31, 5] lib/util.c:show_msg(286) smb_vwv[11]=212 (0xD4) [2005/01/17 20:23:31, 5] lib/util.c:show_msg(286) smb_vwv[12]=0 (0x0) [2005/01/17 20:23:31, 5] lib/util.c:show_msg(291) smb_bcc=54 [2005/01/17 20:23:31, 3] smbd/process.c:sw
[Samba] Pocket PC and SPNego
Hi all, I have a Samba 3.0.9 PDC, I cant get Pocket PC (WM2003SE) to access it. I've tried using commerical softwares (Resco File Explorer and PocketLAN -> was discussed once in this list) but no Luck... I tried to disabling SPNego to a samba domain member (my desktop) seems to enable access to this specific machine... What is the function of SPNego??? what happens if i disable it on the PDC?? Thanks Wisu -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Getting "The network path was not found" error message
I am trying to get a simple case of sharing files on a SUSE 9.2 Pro machine for my local windows machines. No DNS, etc. Just want to be able to read and write files on Linux box. Am getting "The network path was not found" error message. Have pored through mailing lists as well as books. No luck. Samba daemons are running. IP addresses are served to all machines from a DHCP firewall. Here is my smb.conf: global] netbios name = Churchill security = share workgroup = Workgroup encrypt passwords = yes [homes] comment = Home Directories valid users = %S browseable = no read only = no guest ok = yes [users] comment = All users path = /home read only = no inherit acls = yes guest 0k = yes veto files = /aquota.user/groups/shares/ [general] comment = file share path = /general writeable = yes guest ok = yes When I do a smbclient command, I get: Churchill:~ # smbclient -L Churchill -U% Domain=[WORKGROUP] OS=[Unix] Server=[Samba 3.0.9-2.1-SUSE] Sharename Type Comment - --- users Disk All users general Disk file share IPC$IPC IPC Service (Samba 3.0.9-2.1-SUSE) ADMIN$ IPC IPC Service (Samba 3.0.9-2.1-SUSE) Domain=[WORKGROUP] OS=[Unix] Server=[Samba 3.0.9-2.1-SUSE] Server Comment ---- CHURCHILLSamba 3.0.9-2.1-SUSE WorkgroupMaster ---- WORKGROUPCHURCHILL It seems like I must have something misconfigured, but I can't figure out what. Can anyone offer some guidance? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Win2K. Raw CUPS printing, driver download
On Mon, 17 Jan 2005 00:43:24 -0700, you wrote: >On Sun, 2005-01-16 at 19:35 -0500, Indiana Epilepsy and Child Neurology >wrote: >> Does anyone have a suggestion? >> >> The only replies I got were automated vacation responses. >> >> On Wed, 12 Jan 2005 10:27:52 -0500, you wrote: >> >> >Using Debian Sarge, samba, CUPS, and an HP G85 mutifunction with HPOJ >> >to use the G85 USB connection, I've been able to get raw printing to >> >work, and Point 'n' Print driver download to work, but not at the same >> >time. >> >If I use the driver download, the output from a WordPad document with >> >just the word "test" spits out multiple pages, each being either blank >> >or just one line of garbage. The first page has a line which begins >> >with @ and character like a capital C with a tail, then the printer >> >URL in the form \\server\printer, cut off near the end by a smiley >> >face and various other odd characters. The URL appears to repeat near >> >the end of the line but is cut off when the printer runs out of room >> >on the right. >The first page with @PJL etc. Not seeing anything like "PJL". Most are foreign characters or symbols, except for the printer UNC, which appears twice. > is HP's page description language coming >through and the rasterizer Raw queue; doesn't that mean no rasterizer? Bytes go in, same bytes go out? Maybe that's the problem: maybe queue is not so raw (slightly cooked, perhaps? ;) ) >not knowing how to deal with it. My >understanding is that Samba doesn't do much with printing other than >apply ACL's and pass through to the cups facility. In fact, I'm not sure >that this is a samba question/problem at all. > >Craig Samba shouldn't do anything much (other than reassembling the data after decoding the smb), and neither should CUPS when configured with a raw queue. Since the raw queue works with a manually installed Windows driver, but not with the one uploaded to Windows by Samba, my thinking is Samba is doing something wrong, either in how it supports the driver upload, or how it handles the smb. I know little about smb, but being a network protocol, it is the logical place to expect a printer UNC to be removed. Here's the difference between what works and what doesn't: Right click the shared printer and choose connect, and a printer appears in the local machine's "Printers" folder. Use it and you get garbage out. Look at its Properties page, Ports tab, you see "Samba Printer Port". Of course to do this I had to first configure Samba to provide the driver upload. Install the same printer driver using the local "Printers" folder's "Add Printer" wizard, then in its Properties page, Ports tab, choose "Add Port", click "Local Port", then "New Port", then enter the printer UNC and OK everything. Use it and it works. So what exactly is the difference between these two ways of using the same Samba share? -- Don Stauffer, Office Manager Indiana Epilepsy and Child Neurology, Inc. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Re: OT - Software deployment
Misty Stanley-Jones wrote: Do you guys use anything other than brute force to deploy software and updates to your client PCs? For now, in my opinion your term of "brute force" describes the free and cheap solutions for automated deployment rather well. Better software costs money, and the best solution ignores the market which has less than 5000 nodes. For now, that is the situation of the playing field. Today, your best option is to assemble tools and scripts together based on your environment in an effort to make your job a bit easier. Such implementations become highly tied to the LAN they were developed in, thus you will not find code out there that fits well and just drops into your LAN. Grab ideas, make some dust, and never forget that the sun will be out tomorrow! :-) -- Michael Lueck Lueck Data Systems Remove the upper case letters NOSPAM to contact me directly. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Samba authentication slow against PDC
Paul, Thanks for your reply. >How many clients do you have running against your server(s). Just shy of 1000. 952 total clients. > ever considered a BDC? We do have a BDC although it doesn't take as much of a load off of our PDC as I would like. The PDC will run around 70% utilization during real busy times, usually in the morning, while the BDC will be running around 30-40%. People are still able to authenticate against the BDC and run their login scripts from the BDC so I know it is working. I was kicking around the idea of having BDCs at each customer location however client authentication doesn't seem to be the issue as much as our third samba server deciding if the user has access to a share. > What program is chewing up the most cpu when you're at 30%? SMBD takes up 30% on the file server and SLAPD takes up to 70% on the PDC. >How many distinct samba processes do you have going? Didn't look on the file server but I know the PDC had 1200 LDAP connections when it usually only has 200-500. Once I rebooted the problematic Samba server that number dropped to 170 or so. I will check tomorrow and let you know how many smbd processes I have running. > Try dropping in with a console and seeing how well a command like getent > passwd or getent group, or even an ls -alF responds. When I run getent passwd from the problem file server it responds almost immediately streaming user entries. Same with getent group. I can also do id username and it returns information within 1 second. A little slower than if the PDC and Fileserver had no load on them but it wasn't painfully slow. I did notice that when I ran ls -al in /homes it took a real long time(7 seconds) to display the directories. I'm wondering if the samba problem is because we have 1000 user home directories under /home. I'm not real familiar with the way Samba authenticates a user to access a share but this could definitely be a problem. > If it's slow then your LDAP link could be to blame. Possibly, however our other 2 samba servers don't seem to have any issues when the third one does. >Make sure that you've got nscd running on your PDC. I didn't enable nscd since I've read nscd can chew up system resources and cause stability issues. Since we are having stability issues anyway I'll enable it and let you know Tuesday if that made a difference. I'll keep working on it and let you know if I find anything. Thanks, Chris -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Access200 Sharing Problem
Hi! Using samba-3.0.11 or 3.0.11rc1 on RH9 Win Clients are XP SP2 I have a problem with sharing an ACCESS2000 mdb file on a samba share. The first user can open the file without any trouble. The next user (or the same user again) has to wait a timed 4 minutes before the database opens for him. I have tried a number of various locking options (oplocks = no, veto oplocks file = *\.mdb, even fake oplocks = yes) in order to improve the situation, but to no avail. One of the debugging messages I got was NT_STATUS_LOCK_NOT_GRANTED amongst a number of things I did not understand. A downgrade to 2.2.12 improved the situation immediately, the second user has no trouble opening the file, and working with it. I would like to use the features of samba-3.0.10 for a samba PDC which is why I am not happy about downgrading. But the database is the main tool for the film festival I work for, so it must work. HAs anyone else found a solution to ACCESS2000 sharing problems. Any help would be appreciated. Many thanks, Peter Huetmannsberger, RHCE -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] OT - Software deployment
Misty Stanley-Jones wrote: > Hi all, > > I have been fishing through the archives and have not found a lot of posts about this that were not 'golden oldies.' Do you guys use anything other than brute force to deploy software and updates to your client PCs? I would be interested to know what you are using, whether you use it for initial OS install, software deployment/upgrades, or other things, and roughly how much it costs. Also how many PCs you maintain. My preferences of course run to the free and Opensource options, but I am not sure how far they can take me. If I understood you right: 1) for initial OS and software installation there is Unattended - http://unattended.sourceforge.net 2) for easy software deployment / software installing / removing / upadting on many workstations there is WPKG - http://wpkg.sourceforge.net Both are opensource and free, and will just cost your time. Tomek -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Move 3.0.10 PDC to server with diifferent hostname an IP address
Nicholas Brealey wrote: I want to move my Samba 3.0.10 server which is acting as PDC and WINS server to a new server with a differenent hostname and IP address. The old server is being used as a NIS+ server which means it would be very difficult for me to move the old hostname and IP to the new server. I have used the IP of the old server in the WINS server settings in DHCP and have set it by hand on a handful of PCs with don't get there IP address by DHCP. I realise I will have to change that IP address in DHCP and the clients. I know what files I need to copy from one server to another. Is it sufficient to set netbios name = the old name on the new server given that the old name will still correspond to the old server in DNS? don't forget to set the localsid after you change the netbios name: 1) before you move: # net getlocalsid SID. 2) after you move: # net setlocalsid SID.. Tomek -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba authentication slow against PDC
We are currently running three Samba 3.0.x file servers which authenticate against a Samba PDC running LDAP. 2 out of the 3 samba servers authenticate quickly(<5 seconds) when using smbclient -L localhost -U username however the third will eventually time out saying "Server did not respond in 2 milliseconds. NetBIOS over TCP disabled" when there is any sort of load on it ~30% cpu usage. How many clients do you have running against your server(s). Have you ever considered a BDC? What program is chewing up the most cpu when you're at 30%? How many distinct samba processes do you have going? Try dropping in with a console and seeing how well a command like getent passwd or getent group, or even an ls -alF responds. If it's slow then your LDAP link could be to blame. Make sure that you've got nscd running on your PDC. Maybe you need to split your LDAP master off the machine (assuming it's not). These are some guesses I've seen cause issues, but maybe with more load information as to what is chewing up your cpu it will be more clear. -- -- Paul GiengerOffice: 701-281-1884 Applied Engineering Inc. Systems Architect Fax:701-281-1322 URL: www.ae-solutions.com mailto: [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Samba authentication slow against PDC
We are currently running three Samba 3.0.x file servers which authenticate against a Samba PDC running LDAP. 2 out of the 3 samba servers authenticate quickly(<5 seconds) when using smbclient -L localhost -U username however the third will eventually time out saying "Server did not respond in 2 milliseconds. NetBIOS over TCP disabled" when there is any sort of load on it ~30% cpu usage. If there is no load on the server then authentication still takes around 15 seconds using the smbclient command. When the server is under a load domain computers are unable to map drives when running their login script although once authenticated they can browse and map drives without issue. The only way to fix the problem is to reboot the server several times until all users get their drives mapped then everything is fine. The box in question is running Fedora core 2 with all patches applied using yum. If you need my configuration or any other information please let me know. Thanks, Chris -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Problem with username map parameter in 3.0.9
Is there a problem with "username map" in version 3.0.9? It seems to be ignoring the map file on my system. I have the line: root = administrator in the file but when the administrator account tries to access the system the add user script is run for the user "administrator". -- Michael St. Laurent Hartwell Corporation -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Samba and Windows, Logining in to home dir's
Hello Everyone, I have just installed FC3/k12ltsp 4.2.0 and when it come to samba, i have a problem i can seem to fix. I am not sure if this is a windows or samba issue. before when a user goes on their windows machine to \\server\theirusername like ben so \\server\ben this would bring up a password box to login to server, before i just typed in my username and then password and away i went, into 'bens' home dir. Now when i type in \\server\ben i cant change the password from 'SERVER\guest' I cant remember what i had the server mode on, share, user etc. a still have alot of public shares that i want to keep active. ps. I am running XP Home and it did work. Thanks BEn May -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Move 3.0.10 PDC to server with diifferent hostname an IP address
I want to move my Samba 3.0.10 server which is acting as PDC and WINS server to a new server with a differenent hostname and IP address. The old server is being used as a NIS+ server which means it would be very difficult for me to move the old hostname and IP to the new server. I have used the IP of the old server in the WINS server settings in DHCP and have set it by hand on a handful of PCs with don't get there IP address by DHCP. I realise I will have to change that IP address in DHCP and the clients. I know what files I need to copy from one server to another. Is it sufficient to set netbios name = the old name on the new server given that the old name will still correspond to the old server in DNS? Thanks Nick -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Unable to view samba shares
Hi list. I'm new to this list, so please bear with me. I've got samba 2.2.8a on Solaris 9 (SPARC). I've run all the tests. testparm runs fine. Other tests: # nmblookup -B stage __SAMBA__ querying __SAMBA__ on 192.168.18.25 192.168.18.25 __SAMBA__<00> # # nmblookup -B 192.168.1.9 '*' querying * on 192.168.1.9 192.168.1.9 *<00> # # nmblookup -d 2 '*' added interface ip=192.168.18.25 bcast=192.168.23.255 nmask=255.255.248.0 querying * on 192.168.23.255 Got a positive name query response from 192.168.18.25 ( 192.168.18.25 ) Got a positive name query response from 192.168.18.5 ( 192.168.18.5 ) 192.168.18.25 *<00> 192.168.18.5 *<00> # nmblookup -d 2 '*' added interface ip=192.168.18.25 bcast=192.168.23.255 nmask=255.255.248.0 querying * on 192.168.23.255 Got a positive name query response from 192.168.18.25 ( 192.168.18.25 ) Got a positive name query response from 192.168.18.5 ( 192.168.18.5 ) 192.168.18.25 *<00> 192.168.18.5 *<00> # I got this far, and everything's cool. Now I run net view. The server name doens't show up at all. So where do I go from here? I'm confused. Thanks. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Samba and windows client logon scripts
Does anybody know of a way to disallow user's from cancelling their logon script? Possibly a registry value? Darren -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] preexec
Seg, 2005-01-17 às 08:40 -0600, Paul Gienger escreveu: > I'm curious as the the expected goal of this script, perhaps you could > expand upon that? Some time ago I thought in something like that as a way to allow only one simultaneous login per user in a computer network. Does anyone has a better suggestion for doing this? -- Paulo Silva <[EMAIL PROTECTED]> Eurotux Informática, SA signature.asc Description: Esta =?ISO-8859-1?Q?=E9?= uma parte de mensagem assinada digitalmente -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] question about useradd, userdel, etc
Hello, I see these parameters often in the global section of the smb.conf file and I just don't understand what these parameters actually do? I understand what the commands do, but in what way does samba call these? Can someone explain a bit about how they are used? Thanks, Mike Partyka Stonepath Logistics Systems Administrator (651)405-4300 Desk (651)208-5734 Cell (651)405-4342 Fax -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Samba PDC and logon.bat questions
>as for the group share, create a share like: >[group] >comment = group share >path = /home/groups/%G Ahh I see, no need to declare each group share explicately, as long as users are placed in the appropriate groups then they'll get the right share mapped. >"profile home = \home\samba\profile" and I logon using an XP >I can't say i've ever seen this parameter!!! >You want this in your global section: >logon path = \\sambahost\Profiles >create a share called Profiles >[Profiles] >comment = profile share >path = /home/profiles/%u Sorry, I was typing the email from memory and didn't get the profile parameter for XP machines right, but It looks as though you understood what I meant. As all users are now using just local profiles in a workgroup setup I wonder at the need for roaming profiles, if I just blank out the right hand side of the "logon path" parameter then doesn't that disable roaming profiles without the need to do a regedit on each workstation? Thanks for your help! -Original Message- From: Kristyan Osborne [mailto:[EMAIL PROTECTED] Sent: Sunday, January 16, 2005 6:45 AM To: Mike Partyka; samba@lists.samba.org Subject: RE: [Samba] Samba PDC and logon.bat questions -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 > Hello, > Hi > > > Since logon.bat is being processed by a windows client > machine that has no > idea what to do with Samba variables, how do you avoid having > to create a > separate logon script for each user? To flesh this out bit, I > am attempting > to setup a very common set of shares, they are; 1) a personal share, > /home/username 2) a group share, /home/samba/group 3) a public share, > /home/samba/public. And my login script is very basic and > looks like this: > > > > Net time \\sambahost /set /yes > > Net use h: \\sambahost\username > > Net use g: \\sambahost\group > > Net use p: \\sambahost\public > You want something like this: net time \\sambahost /set /yes net use h: \\sambahost\homes net use g: \\sambahost\group net use p: \\sambahost\public > > But there username varies as does the group name, so for now > I have setup > the netlogon share like this: > > > [netlogon] > > Path = /home/samba/netlogon/u% > Change this back to path = /home/samba/netlogon as for the group share, create a share like: [group] comment = group share path = /home/groups/%G providing you have put users in to appropiate groups it should work. > > > And in the /home/samba/netlogon directory, I have a > directories for each > user and a logon.bat. I'm sure there's a better way to do this, could > someone help a guy out? > delete all the user directories and have a single login.bat file > > Second question: > > When using roaming profiles, and I have a global parameter like this > "profile home = \home\samba\profile" and I logon using an XP I can't say i've ever seen this parameter!!! You want this in your global section: logon path = \\sambahost\Profiles create a share called Profiles [Profiles] comment = profile share path = /home/profiles/%u you'll need to create the /home/profile directory and the user directories under it. Make sure they have the correct permissions for each user. > Thanks so much, > Mike Partyka The majority of this is covered in the samba HOWTO collection. Cheers - - Kristyan Osborne - IT Technician Longhill High School 01273 391672 / 304086 - -- Computers are like airconditioners: They stop working properly if you open windows. Win95: A 32-bit patch for a 16-bit GUI shell running on top of an 8-bit operating system written for a 4-bit processor by a 2-bit company who cannot stand 1 bit of competition. -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (MingW32) iD8DBQFB6mHOqrr+KdRYU5gRAsF7AJ999TBu+PROv2q6Jvl9O/r7hFZMNgCgtxa3 iVDorE8KhBqJ1rNSN/vYsDw= =0e5d -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] OT - Software deployment
Hi all, I have been fishing through the archives and have not found a lot of posts about this that were not 'golden oldies.' Do you guys use anything other than brute force to deploy software and updates to your client PCs? I would be interested to know what you are using, whether you use it for initial OS install, software deployment/upgrades, or other things, and roughly how much it costs. Also how many PCs you maintain. My preferences of course run to the free and Opensource options, but I am not sure how far they can take me. Thanks, Misty -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] win host is not able to connect
hi list, ill using samba with pam an mysql with the following smb.conf: [global] log file = /var/log/samba/log.%m log level = 10 syslog = 10 workgroup = Workgroup server string = samba file services at WORKGROUP-NAME security = User #must be set to 'no' to use PAM encrypt passwords = No # update encrypted = No allow trusted domains = Yes [samba] path = /home/samba valid users = root,user1 writeable = Yes = now, i can auth with `smbclient -L localhost -U user1 -W WORKGROUP` without any problems and pam is working fine. But when i try to connect with a windows machine (same workgroup and user) the host is not able to connect to that server. only when i set encrypt passwords = Yes but in that case samba did not use the pam auth, only the own smbdpassdb. Do i have to set another config option to? thanks luke -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Samba3 by example problems
> -Original Message- > From: [EMAIL PROTECTED] [mailto:samba- > [EMAIL PROTECTED] On Behalf Of Angela Williams > Sent: lundi 17 janvier 2005 17:34 > To: samba@lists.samba.org > Subject: [Samba] Samba3 by example problems [snipped] > > Be that as it may i then pressed on to checking the ldap database for per > section 5 after ldap was stopped and started. > root# slapcat | grep -i idmap gave no output so idmap does not exist in > the > database. > Then followed the instructions to create and ldif with the required ou for > idmap but when I tried to run > ldapadd -x -D "cn=Manager,dc=rossmould,dc=biz" -w not24get > < /etc/openldap/idmap.LDIF > (All one line!) > I got back > ldap_add: Constraint violation > additional info: structuralObjectClass: no user modification > allowed This is correct behaviour of (Open)LDAP ;) The samba-docs is wrong here, though. >From the website: dn: ou=Idmap,dc=abmas,dc=biz objectClass: organizationalUnit ou: idmap structuralObjectClass: organizationalUnit Remove the last line (structural...Unit) and rerun the ldapadd. That should be it. John, Could you pls update accordingly? ;) TIA Guus -- No virus found in this outgoing message. Checked by AVG Anti-Virus. Version: 7.0.300 / Virus Database: 265.6.13 - Release Date: 16/01/2005 -- No virus found in this outgoing message. Checked by AVG Anti-Virus. Version: 7.0.300 / Virus Database: 265.6.13 - Release Date: 16/01/2005 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] XP pro user can not change password in SMB PDC
Recently I set up a PDC with SMB samba-3.0.9-r1 on Gentoo Linux. Everything seems going well. BUt now I still encounter few problems, pls help me, 3x. 1. Client computer with XP professional with SP2 successfully joined the SMB PDC. But now the problem is the user can not change passwd from windows. When user changes password, the XP gives such a message: "you do not have permission to change your password." I googled the solutions, I got some threads, from samba maillist, which said this: Just an update. After reading others posts, I uninstalled Microsoft Cumulative Update MS04-012 (KB828741). Sure enough this fixed the problem. Hope Samba folks can correct this in Samba 3.0.3 so we don't have to uninstall this update on all computers. But I think this problem should have solved by now, haven't it? What shoud I do to solve this problems? 2. Does samba 3.X wholely supports XP group policy? I just still use ntconfig.pol to restrict user, for I can not find some useful doc. Can you give me some useful hints. Thanks. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Slow write access with Samba 3.0.10-Debian
Hi! I've got a problem with write access on samba fileshares mounted via fstab on two Debian Sarge servers. These servers are behind firewalls and can only access each other, so security is not an issue. They are configured as follows: I'll use placeholders for IP-adresses, usernames, passwords etc. just out of paranoia, I do know, that these IPs do not make sense ;) the servers are server1 with the ip 123.123.123.101 and server2 with the ip 213.123.123.102 fstab-entry of server1: //123.123.123.101/service /path/to/mountpoint smbfs password=mypass,uid=myuser,gid=mygroup,fmask=666,dmask=777,rw 0 0 fstab-entry of server2: //123.123.123.102/service /path/to/mountpoint smbfs password=mypass,uid=myuser,gid=mygroup,fmask=666,dmask=777,rw 0 0 smb.conf for server1 is --- # Global parameters [global] workgroup = MYWORKGROUP netbios name = SERVER1 security = SHARE time server = Yes map to guest = Bad User guest account = myuser log level = 1 syslog = 0 socket options = SO_KEEPALIVE IPTOS_LOWDELAY TCP_NODELAY printcap name = cups os level = 2 default service = service printing = cups print command = lpq command = lprm command = veto files = /*.eml/*.nws/riched20.dll/*.{*}/ [service] path = /path/to/folder read only = No guest ok = Yes guest only = Yes hosts allow = All nt acl support = No hide dot files = No --- smb.conf for server2 is identical, except for netbios name = SERVER2. When I connect to Server1, cd to /path/to/mountpoint and issue echo 1234 > test.txt, it takes 30 seconds before the command prompt returns. The file is written okay. An rm test.txt is executed instantaneously, as is an ls or any read-operation on a file on the mounted fileshare. It's just write-access which is always delayed by half a minute. The curious thing is, that I can connect from a windows box and just write to the fileshare like to a local drive with no noticeable delay whatsoever. The same applies to an older SuSE Linux 8.2 box with Samba version 2.2.7a-SuSE - I can write to the shares on server1 and server2 without any such delay. This leads me to the conclusion, that there must be some problem in the way, the two boxes are accessing each others' shares. Unfortunately I haven't got a clue how I could further diagnose the problem. I'd be very happy if someone could give me a hint in the right direction. Thank you very much! Kind regards Markus -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] lpq: Unknown destination "pdf"!
Hi! How can I get rid off "lpq: Unknown destination "pdf"!" warning message in my /var/log/samba/smbd file. I have a pdf maker defined in my smb.conf as follows and it works allright: ... [pdf] comment = PDF creator printing = bsd path = /var/tmp printable = yes print command = /usr/bin/smbprngenpdf -J '%J' -c %c -s %s -u '%u' -z %z create mask = 0600 browseable = no guest ok = no Thank you, Gregor -- ___ Sign-up for Ads Free at Mail.com http://promo.mail.com/adsfreejump.htm -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] How to disable client NetBT via DHCP options?
I've just about given up on trying to get WinXP SP2, Cisco VPN Client 4.6.x, Samba 3.0.x PDC and NetBT working properly - without long login and offline file sync delays. The VPN client is most of the problem when SP2 is installed, but all is fine with SP1. Being we have nothing but WinXP clients on the network, I'd like to explore disabling NetBT altogether, since the slowness completely goes away. Everything seems to work except Network Neighborhood - which we can likely do without. Dynamic DNS is working as it should. Rather than disable NetBIOS over TCP/IP manually in each client's network settings, I want to disable it at the (ISC) DHCP server so laptops can go home and use resources on NetBT-enabled networks, without making the user adjust network settings every time. Here's as detailed info as I can find about it - but it pertains to a Windows DHCP server. What I want to know is the ISC DHCPD equivalent: http://support.microsoft.com/?kbid=313314 This could be an ISC DHCPD quesiton, but I'm just asking here first because many Samba users are probably also using a Unix-based DHCP server and might want to know the same. Thanks, Dave P.S.: If anyone knows how to get browsing or equivalent (I've heard of such a thing as AD share browsing) working in a Samba environment, please let me know. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Samba3 by example problems
Hi All, I am going through a setup of a test samba3 box with rh9 with my self rolled copy of 3.0.10. I have removed the old rpm version of samba. I compiled 3.0.10 with all defaults except for the install prefix which I set to /usr/local/samba3. I followed the steps given in Chap 6 - making users happy in the online html version. I changed a few things. Instead of MASSIVE as the PDC name I used ROSSMOULD and also changed the abmas to rossmould in all the ldap configs. I also left off most of the shares so the my smb.conf file looks thusly -- [global] unix charset = LOCALE workgroup = ROSSMOULD netbios name = ROSSPDC interfaces = eth0, lo bind interfaces only = Yes passdb backend = ldapsam:ldap://rosspdc.rossmould.biz username map = /usr/local/samba3/private/smbusers log level = 1 syslog = 0 log file = /var/log/samba/%m max log size = 50 smb ports = 139 445 name resolve order = wins bcast hosts time server = Yes printcap name = CUPS show add printer wizard = No add user script = /var/lib/samba/sbin/smbldap-useradd.pl -a -m '%u' delete user script = /var/lib/samba/sbin/smbldap-userdel.pl '%u' add group script = /var/lib/samba/sbin/smbldap-groupadd.pl -p '%g' delete group script = /var/lib/samba/sbin/smbldap-groupdel.pl '%g' add user to group script = /var/lib/samba/sbin/ smbldap-groupmod.pl -m '%u' '%g' delete user from group script = /var/lib/samba/sbin/ smbldap-groupmod.pl -x '%u' '%g' set primary group script = /var/lib/samba/sbin/ smbldap-usermod.pl -g '%g' '%u' add machine script = /var/lib/samba/sbin/ smbldap-useradd.pl -w '%u' logon script = scripts\logon.bat logon path = \\%L\profiles\%U logon drive = X: domain logons = Yes preferred master = Yes wins support = Yes ldap suffix = dc=rossmould,dc=biz ldap machine suffix = ou=People ldap group suffix = ou=Groups ldap idmap suffix = ou=Idmap ldap admin dn = cn=Manager,dc=rossmould,dc=biz idmap backend = ldap:ldap://rosspdc.rossmould.biz idmap uid = 1-2 idmap gid = 1-2 map acl inherit = Yes printing = cups printer admin = Administrator, sreynolds # The shares [netlogon] comment = Network Logon Service path = /home/netlogon guest ok = Yes locking = No [profiles] comment = Profile Share path = /home/profiles read only = No profile acls = Yes [profdata] comment = Profile Data Share path = /home/profdata read only = No profile acls = Yes [print$] comment = Printer Drivers path = /home/drivers browseable = yes guest ok = no read only = yes write list = Administrator, sreynolds [homes] comment = Home Directories valid users = %S read only = No browseable = No [printers] comment = SMB Print Spool path = /var/spool/samba guest ok = Yes printable = Yes browseable = No -- I have found the following inconsistencies. First one was in Samba-3 PDC Configuration section 2 root# testparm -s > test.conf The $IPC share does not display which I assumed to be correct Section 5 is also problematic. root# smbclient -L localhost -U% Times out and if the smbd log is checked it falls over in trying to have chatties with the ldap server which is needless to say not running. Ofcourse the net command fails as well. I then plodded on and did the config of the ldap server and got it up and running. This is in LDAP Initialization and Creation of User and Group Accounts section 1. I used service ldap start - being redhatish I then reran the sbclient -L massive -U% command, Worked as advertised. I could then run the net command to get the SID anf put it into /var/lib/samba/sbin/smbldap_conf.pm I used the IdealX scripts that came with the 3.0.10 source and compiled mkntpwd just fine. Next problem cropped up in adding the users with root# ./smbldap-populate.pl. First crash was missing cpan module Net::LDAP so no probs just configured cpan and loaded it! Now the perl script ran but barfed at adding new entry: ou=People,dc=rossmould,dc=biz failed to add entry: Already exists at ./smbldap-populate.pl line 323, line 5. The script had already added People and Groups ou's and then went on the add the Administrators ou after the error (Rather confusing to have this list say that having computers in their own ou works but a big warning in the the e-book say it does not work!) Be that as it may i then pressed on to checking the ldap database for per section 5 after ldap was stopped and started. root# slapcat | grep -i idmap gave no output so idmap does not exist in the database. Then followed the instructions to create and ldif with the required ou for idmap but when I tried to run ldapadd -x -D "cn=Manager,dc=rossmould,dc=biz" -w not24get < /etc/openldap/idmap.LDIF (All one line!) I got back ldap_add: Constraint violation additional info: structuralObjectClass: no user modification allowed ldif_record() = 19 I'm rather new to ldap and other than playing around with some basic settings and adding and changing records with ldapadd and ldapmodify and ldi
[Samba] slow directory browsing w2k and win xp
hi everybody! iÂve got a little problem with my samba 3.0.10-2. when i connect from any w2k or win xp client in the lan area to my linux smb server there is no problem but if i mount shares and go to some directory and select a file bigger than 3 KB the client machine freezes. (directories or file smaller than 3 KB there is no problem; also with win98 machines (all file sizes)) any idea? all the best ~mh -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Antwort: Re: [Samba] sambaPwdMustChange
with acctflags set to UX our users are not forced to changed the password, but the dialog to change the password comes up, when the password is expired. The User can cancel the dialog. So we set sambaPwdMustChange to 99 and have peace. regards MW Mathias Wohlfarth EDV-Beratung Thomas-Mann-Str.1 53111 Bonn Tel.0172 / 53 45 591 01801 / 777 555 33 01 Fax 0228 / 9469181 Email [EMAIL PROTECTED] "Gustavo Lima" <[EMAIL PROTECTED]> Gesendet von: [EMAIL PROTECTED] 17.01.2005 16:32 An: "Patrick DUBAU" <[EMAIL PROTECTED]>, Kopie: Thema: Re: [Samba] sambaPwdMustChange Patrick, This number is a timestamp. To figure out what day it means paste it in this url http://www.4webhelp.net/us/timestamp.php?action=stamp&stamp=&timezone=0 To set an account to never expire it´s password you have to set sambaacctflags to [UX] Regards, Gustavo - Original Message - From: "Patrick DUBAU" <[EMAIL PROTECTED]> To: Sent: Monday, January 17, 2005 1:14 PM Subject: [Samba] sambaPwdMustChange > Hi, > > i have samba 3.0.10 installed with LDAP. > I noticed few days ago that my adminsitrator account has expired. I think > it's because of the sambaPwdMustChange field of LDAP. I changed the passwd > now i have the value 1108741705 in it. What does it mean (when will i be > prompted again to change my passwd) and do i have to put in this field so > that the password will never expire ? > > Thanks for any help > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/listinfo/samba > -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] samba3+ADS
Hi Andrew, First of all thanks for your quick response. As you suggest I have recompiled samba without --with-winbind-auth-challenge --with-dce-dfs option. Following parameter I made it true. dns_lookup_realm = true dns_lookup_kdc = true Now I am able to see ADS and local users when I give getent passwd Thanks a lot again. -Original Message- From: Andrew Bartlett [mailto:[EMAIL PROTECTED] Sent: Friday, January 14, 2005 8:18 AM To: Subramanian Ponnusamy -IP Cc: [EMAIL PROTECTED] Subject: Re: [Samba] samba3+ADS On Fri, 2005-01-14 at 04:10 +0530, [EMAIL PROTECTED] wrote: > Hi , > > > > I'm using RH9, and I have compiled samba 3.0.1 compiled from sources, > with the following options: > > ./configure --with-winbind --with-winbind-auth-challenge --with-pam \ --with-winbind-auth-challenge no longer exists in Samba 3.0, it was a Samba 2.2 only option, for squid sites. > --with-acl-support --with-ldapsam --with-pam_smbpass \ > --with-ads --with-ldap --with-dce-dfs --with-smbwrapper --enable-pam Do you really need --with-dce-dfs? > net ads join -S server.domain.com -U support > worked fine. > > > I started winbindd. 'wbinfo -u' & 'wbinfo -g' can get all users & groups > from domain. > > But the command 'getent passwd' could only show local accounts, without > any > domain mapped accounts inside. dns_lookup_realm = false I would set that to true, and ensure that your internal DNS is all correct. It's better not to have things in your krb5.conf, and have teh DNS lookups handle it - it tends to be more reliable once it's going. Andrew Bartlett -- Andrew Bartlett http://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org Student Network Administrator, Hawker College http://hawkerc.net DISCLAIMER: This message contains privileged and confidential information and is intended only for the individual named.If you are not the intended recipient you should not disseminate,distribute,store,print, copy or deliver this message.Please notify the sender immediately by e-mail if you have received this e-mail by mistake and delete this e-mail from your system.E-mail transmission cannot be guaranteed to be secure or error-free as information could be intercepted,corrupted,lost,destroyed,arrive late or incomplete or contain viruses.The sender therefore does not accept liability for any errors or omissions in the contents of this message which arise as a result of e-mail transmission. If verification is required please request a hard-copy version. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] sambaPwdMustChange
The number (1108741705) is a unix time stamp (number of seconds since 1st jan 1970) use this webs ite to convert it to a readable date (http://www.4webhelp.net/us/timestamp.php), the number you have provided tells me that your password will expire on (1108741705 translates to *Friday, February 18^th 2005, 15:48:25 (GMT)) if you dont want it to expire create a date for 30 years time or so? bash# perl -e 'print time+94608;' this should always give you a unixtime stamp in 30 years time! This will make your password expire in 2035 !! * Patrick DUBAU wrote: Hi, i have samba 3.0.10 installed with LDAP. I noticed few days ago that my adminsitrator account has expired. I think it's because of the sambaPwdMustChange field of LDAP. I changed the passwd now i have the value 1108741705 in it. What does it mean (when will i be prompted again to change my passwd) and do i have to put in this field so that the password will never expire ? Thanks for any help -- Daniel Wilson Systems Administrator IT & Communications Service University of Sunderland Unit1 Technology Park Chester Road Sunderland SR2 7PT Tel: 0191 515 2695 This e-mail contains information which is confidential and may be privileged and is for the exclusive use of the recipient. It is the responsibility of the recipient to ensure that this message and its attachments are virus free. Any views or opinions presented are solely those of the author and do not necessarily represent those of the University, unless otherwise specifically stated. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Does Samba3 support AD trusts?
So this must be down to some error in our configuration then, as we can't get this to work, and we have tried pretty much everything we can think of and its still refuses to play ball. In our environment we have two Windows 2003 forests. The forest that contains the Samba servers and client Windows workstations is RESOURCE.COMPANY.COM. The forest that contains the account used to access the Samba servers is COMPANY.NET. A one way transitive forest trust exists between the root domains (realms) of each forest where RESOURCE.COMPANY.COM trusts COMPANY.NET RESOURCE.COMPANY.COM --(forest trust)--> COMPANY.NET The Windows accounts used to access the Samba server are from a sub-domain (realm) in the COMPANY.NET forest, specifically ACCOUNTS.COMPANY.NET All is well when using accounts, workstations & Samba servers all from the RESOURCE.COMPANY.COM. Seamless access to the Samba provided shares from the Windows workstations when logged into the workstations consoles using RESOURCE.COMPANY.COM accounts is possible. The problems start when you log onto the console of the RESOURCE.COMPANY.COM member workstations with accounts from the other side of the forest trust, specifically ACCOUNTS.COMPANY.NET accounts. Under these circumstances, when trying to mount the Samba share access is prevented due to a no such users error (NT_STATUS_NO_SUCH_USER). It appears that the Samba server is trying to authenticate a user RESOURCE\username rather than ACCOUNTS\username (RESOURCE\username does not exist). The Samba server is able to 'kinit' the user ACCOUNTS\username principle and net ads status returns the Samba servers RESOURCE domain principle properties without error. So has anyone else seen this problem? or have any ideas on how to get this working? Thanks in advance. Rich Cardwell =--- By way of an example: Samba server = SAMBA-SRV Windows Client = WINXP-WKS Resource domain domain controller = dc.resource.company.com Account domain account = ACCOUNT\username ([EMAIL PROTECTED]) Connection command = "net use * \\SAMBA-SRV\username" Logfile extract: [2005/01/17 14:22:24, 5] auth/auth_util.c:make_user_info_map(225) make_user_info_map: Mapping user [ACCOUNTS]\[username] from workstation [WINXP-WKS] [2005/01/17 14:22:24, 4] libsmb/namequery_dc.c:ads_dc_name(43) ads_dc_name: domain=RESOURCE [2005/01/17 14:22:24, 3] libsmb/namequery.c:resolve_lmhosts(855) resolve_lmhosts: Attempting lmhosts lookup for name dc.resource.company.com<0x20> [2005/01/17 14:22:24, 4] libsmb/namequery.c:startlmhosts(548) startlmhosts: Can't open lmhosts file /etc/samba/lmhosts. Error was No such file or directory [2005/01/17 14:22:24, 3] libsmb/namequery.c:resolve_wins(752) resolve_wins: Attempting wins lookup for name dc.resource.company.com<0x20> [2005/01/17 14:22:24, 4] lib/wins_srv.c:wins_srv_is_dead(109) wins_srv_is_dead: 26.57.7.253 is alive [2005/01/17 14:22:24, 4] lib/wins_srv.c:wins_srv_is_dead(109) wins_srv_is_dead: 26.57.7.253 is alive [2005/01/17 14:22:24, 3] libsmb/namequery.c:resolve_wins(791) resolve_wins: using WINS server 26.57.7.253 and tag '*' [2005/01/17 14:22:24, 4] libsmb/nmblib.c:debug_nmb_packet(109) nmb packet from 26.57.7.253(137) header: id=19141 opcode=Query(0) response=Yes header: flags: bcast=No rec_avail=Yes rec_des=Yes trunc=No auth=Yes header: rcode=3 qdcount=0 ancount=0 nscount=0 arcount=0 [2005/01/17 14:22:24, 3] libsmb/namequery.c:name_query(440) Negative name query response, rcode 0x03: The name requested does not exist. [2005/01/17 14:22:24, 3] libsmb/namequery.c:resolve_hosts(917) resolve_hosts: Attempting host lookup for name dc.resource.company.com<0x20> [2005/01/17 14:22:24, 4] libsmb/namequery.c:get_dc_list(1406) get_dc_list: returning 1 ip addresses in an ordered list [2005/01/17 14:22:24, 4] libsmb/namequery.c:get_dc_list(1407) get_dc_list: 25.144.25.21:389 [2005/01/17 14:22:24, 3] libads/ldap.c:ads_connect(247) Connected to LDAP server 25.144.25.21 [2005/01/17 14:22:24, 3] libads/ldap.c:ads_server_info(2432) got ldap server name [EMAIL PROTECTED], using bind path: dc=RESOURCE,dc=COMPANY,dc=COM [2005/01/17 14:22:24, 4] libads/ldap.c:ads_server_info(2438) time offset is 24 seconds [2005/01/17 14:22:24, 4] libsmb/namequery_dc.c:ads_dc_name(63) ads_dc_name: using server='dc' IP=25.144.25.21 [2005/01/17 14:22:24, 3] libsmb/cliconnect.c:cli_start_connection(1382) Connecting to host=dc [2005/01/17 14:22:24, 3] lib/util_sock.c:open_socket_out(752) Connecting to 25.144.25.21 at port 445 [2005/01/17 14:22:24, 3] rpc_parse/parse_lsa.c:lsa_io_sec_qos(181) lsa_io_sec_qos: length c does not match size 8 [2005/01/17 14:22:24, 5] auth/auth_util.c:make_user_info(133) attempting to make a user_info for username (username) [2005/01/17 14:22:24, 5] auth/auth_util.c:make_user_info(143) making strings for username's user_info struct [2005/01/17 14:22:24, 5] auth/auth_util.c:make_user_info(185) making blobs for username's user_info struct [2005/01/17 14:22:24, 10
[Samba] Stop users from connecting from two machines
Hi, Can anyone tell me if there is a relativelysimple way to prevent users from connecting to a Samba server from more than one machine? Do you have to use a preexec script? If so, could someone give me a complete example? I would appreciate it. Andy Liebman -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] sambaPwdMustChange
Patrick, This number is a timestamp. To figure out what day it means paste it in this url http://www.4webhelp.net/us/timestamp.php?action=stamp&stamp=&timezone=0 To set an account to never expire it´s password you have to set sambaacctflags to [UX] Regards, Gustavo - Original Message - From: "Patrick DUBAU" <[EMAIL PROTECTED]> To: Sent: Monday, January 17, 2005 1:14 PM Subject: [Samba] sambaPwdMustChange Hi, i have samba 3.0.10 installed with LDAP. I noticed few days ago that my adminsitrator account has expired. I think it's because of the sambaPwdMustChange field of LDAP. I changed the passwd now i have the value 1108741705 in it. What does it mean (when will i be prompted again to change my passwd) and do i have to put in this field so that the password will never expire ? Thanks for any help -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] sambaPwdMustChange
Hi, i have samba 3.0.10 installed with LDAP. I noticed few days ago that my adminsitrator account has expired. I think it's because of the sambaPwdMustChange field of LDAP. I changed the passwd now i have the value 1108741705 in it. What does it mean (when will i be prompted again to change my passwd) and do i have to put in this field so that the password will never expire ? Thanks for any help -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] [Fwd: password quality compliance]
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 fandino wrote: | | ok, I will do a more direct question. | | How is supposed Samba will prevent users from selecting | weak passwords? There have been several variants opf patches that would allow smbd to use the libcrack library to enforce string passwords. The final agreed upon design was never implemented to my knowlege (at least I don't remember seeing a patch). What we need is just a hook that allows you to call an external script to check the password strength. Would be very easy to do. The main issue would be good error returns from the script to smbd (such as dictionary word, password to short, etc...) and then translating these to an NTSTATUS error code for the client. If you are interested in implementing this, I'd take it up on the samba-technical mailing list. cheers, jerry = Alleviating the pain of Windows(tm) --- http://www.samba.org GnuPG Key- http://www.plainjoe.org/gpg_public.asc "I never saved anything for the swim back." Ethan Hawk in Gattaca -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFB69M6IR7qMdg1EfYRAkZUAKDwmG0hWW4pVPbNvXz5lm+TzFUwFgCg5Xg5 dPX0CYSiY/c6OwA2JWGeNVo= =KeH1 -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Samba 3.0.x 2-node cluster / ID mapping
Hi, I¹m looking to implement a 2-node Samba cluster using Samba version 3.0.9 running on Redhat Enterprise 3 Taroon update 3. Each node will be located in a separate location and connected via dual fibre to individual EMC storage (the data will be mirrored between each storage unit) and we are aiming to run Legato AAM to provide the clustering. At the moment each Samba node is a member of our Windows domain and can individually authenticate users against Active Directory and share files with ACL¹s etc. My understanding is that both nodes within the cluster must have an understanding of the ID mappings allocated on each node otherwise when a failover is initiated the mappings will be inconsistent and the defined permissions will be incorrect. How do I go about ensuring the ID mappings are correct? Is it a case of adding the users to an LDAP backend and then pointing both smb.conf files to that? I did read a small section in the Samba How-To under Section 6: Domain Membership that covered ³Sharing User ID Mappings between Samba Domain members² but it didn¹t go into to much detail. Is this the correct path to go down or am I barking up the wrong tree? If anyone has any advice/experience or ²best practice² ideas please let me know. Thanks in advance, Simon The information contained in this email message may be confidential. If you are not the intended recipient, any use, interference with, disclosure or copying of this material is unauthorised and prohibited. Although this message and any attachments are believed to be free of viruses, no responsibility is accepted by T&F Informa for any loss or damage arising in any way from receipt or use thereof. Messages to and from the company are monitored for operational reasons and in accordance with lawful business practices. If you have received this message in error, please notify us by return and delete the message and any attachments. Further enquiries/returns can be sent to [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] preexec
when i use it with samba (with the root preexec option) the user cant connect to the server even he's not already connected Unless my understanding of how the preexec works, that connects as the user and then simply execs the script as root. What that would mean for your setup is that you always have a session open by the user when you come looking, and then proceed to close that connection thereby disconnecting the user. I'm curious as the the expected goal of this script, perhaps you could expand upon that? -- -- Paul GiengerOffice: 701-281-1884 Applied Engineering Inc. Systems Architect Fax:701-281-1322 URL: www.ae-solutions.com mailto: [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] preexec
hello, in first sorry for my poor english i use this script to test if a user is already connected. #!/bin/bash resultat=$(/usr/local/samba/bin/net status sessions |grep $1 | awk '{print$2}') if [ "X${resultat}" == X ]; then exit 0 else exit 1 fi in the smb.conf i add these lines : [home] root preexec = /usr/local/samba/bin/check-session %u root preexec close = yes when i test this script alone without samba it works fine. /usr/local/samba/bin/net status sessions |grep utilisateur | awk '{print$2}' give 0 if the user is not connected, and 1 if the user is connected when i use it with samba (with the root preexec option) the user cant connect to the server even he's not already connected in the log file i've got this [2005/01/04 11:13:27, 1] smbd/service.c:make_connection_snum(616) root preexec gave 1 - failing connection if someone could help me thank you -- Pascal Legrand *IUT de Chartres* - _Service Informatique_ 1 place Pierre Mendès France - 28000 Chartres Tel: 02 37 91 83 36 - Fax: 02 37 91 83 01 [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Timeout password and UNIX password file
Hi there !!! 2 very simple questions for you, specialists : I'm Using Samba on a UNIX 11.i box. This box has some users defined on it in /etc/passwd, and associated with /home/ home directories. The goal of SAMBA here is for me just to be able for each user to see its own user directory. Everytihing working fine so far, except 2 thigs : * When doing a search computer on my windows 2000, and clicking on it, it is asking for the username and password to connect via SAMba and browse the user home dir. But Next time I want to do it again, logging in as a different user name, the system is even not asking for the user and password again, but just connecting with my first username and password automatically ... Rebooting the PC seems to reset it. Is there any kind of timeout I can set so the the system is prompting me each time for user and password ? * I have some users defined on the UNIX box ... how do I synchroniza the SAMBA password with the UNIX one defined in /etc/passwd ? Many Thanks ! Cedric. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Sync password (with MIT-kerberos server) and migration
Hello turbo, It's funny that you help me in all mailing List connected to ldap as a backend ;-) Yes my LDAP server is openldap. Because I use your how-to, my UserPassword is : [EMAIL PROTECTED] And It is working because I can use simple bind to do a ldapsearch. Sorry but I do not understand : > Use userPassword: [EMAIL PROTECTED] > then ldap will 'ask' the KDC, and samba don't have to care... Correct me if I am wrong but : UserPassword is for unix password right ? Can samba use UserPassword (so in my case, sasl, so kerberos password) to authenticate the user ? Thanks, FM On 17/01/05 03:30, "Turbo Fredriksson" <[EMAIL PROTECTED]> wrote: >> "FM" == FM <[EMAIL PROTECTED]> writes: > > FM> Now, LDAP /KERBEROS is replacing NIS and Samba (with ldap > FM> backend) will replace the local backend . > > Is your LDAP server by any chance OpenLDAP? If not, my examples probably > won't work... > > FM> 2- Because Samba can not use MIT-Kerberos for password (as far > FM> as I know) > > Don't know if this is true, but it doesn't matter. Use > userPassword: [EMAIL PROTECTED] > then ldap will 'ask' the KDC, and samba don't have to care... > > FM> When user from Windows want to change his password, > FM> samba will use a custom script (not created yet ) to also so > FM> update the Kerberos password (if you have examples they're > FM> more then welcome). > > With some additional tests around this, all you need is a one liner: > > kadmin -q "cpw -pw secret principal" > > FM> But the big problem is Linux users : If > FM> they want to update they password, they use kpasswd but it > FM> will not update samba password. > > As said above, using {SASL}, that doesn't matter... > > > Please have a look at http://www.bayour.com/LDAPv3-HOWTO.html. It's > old, but there should be SOMETHING in there for you... -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Two Samba Servers in one domain ?
>it's possible, but only 1 can be PDC. Yes, but I don´t want either of them to be the PDC anyway. I have a small network with official IPs (some Windows, some Linux) and two computing clusters with a range of private IPs each. Each cluster is connected to the machines on the official IP range via a gateway machine with two NICs, one for the private and one for the official IP range. Several directories on the cluster nodes are mounted to the respective gateway box via NFS and I now to try to make these directories available to the Windows machines via SAMBA. Is this possible with only one Samba server ? If so, how ? Thanks, Jörg -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Problem resolving groups in 3.0.10
Hi, we are running a Solaris 8 server on which we installed Samba 3.0.10. We configured it with: --prefix=/usr/local/samba --with-pam --with-acl-support --with-winbind If Samba is started and I use wbinfo -u I can see a list of all our user. If I use wbinfo -g I can see a list of all our groups. But listing all the file in a share, when logged in via ssh, not all of our groups are resolved. For some groups I can see their names and for other groups I can see their GID. Now I take one of this GIDs and try to query their name doing wbinfo --gid-to-sid= --> here I get wbinfo --sid-to-name= --> here I get Name of the group everything is fine. Are there any hints, why this is happenig? TIA Sven -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] "smbclient -L host" to list IP addresses - possible?
Is it possible to get the list of IP addresses used by machines listed by smbclient -L host? This is the normal behaviour: $ smbclient -L pdc (...) Server Comment ---- AC-PC0005 AC-PC001 AC-PC002 AC-PC003 AC-PC004 AC-PC005 AC-PC009 AC-PC010 AC-PC011 AC-PC012 PDC Samba 3.0.10 SERVER-ALSDORF Samba 3.0.10 I would like to know which machine has what IP address: $ smbclient -L pdc --list-ip-addresses (...) IPServer Comment ----- 192.168.1.5AC-PC0005 192.168.1.6AC-PC001 192.168.1.7AC-PC002 192.168.1.8AC-PC003 192.168.1.9AC-PC004 etc. Is it possible? Tomek -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Two Samba Servers in one domain ?
Hi all ! Is it possible to have two Samba Servers running in one IP range ? I seem to remember that this wasn´t possible, but I haven´t looked into it for quite some time now, and I am rather new when it comes to Samba ! Thanks, Jörg -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Re: Samba & Tivoli Storage Mgr (TSM) Integration Query ???
Graham Helsby wrote: I found the following link: http://publib.boulder.ibm.com/infocenter/tivihelp/topic/com.ibm.itsmc.doc/ans595.htm#acltbl regards Franz > All, > Can anyone confirm that Samba/Solaris will integrate with TSM (Tivoli > Storage Manager) when deployed into a Wintel client environment. > ie. Solaris/Samba as a TSM client > > - we need to be sure that the ACL's will be maintained correctly via a > TSM backup/restore (full or partial) > > > Or confirm this does not work, which is not what we want to hear - but > the truth will suffice. > > Many thanks, Graham. > > > > > > > > > -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] [Fwd: password quality compliance]
ok, I will do a more direct question. How is supposed Samba will prevent users from selecting weak passwords? Something like this: http://www.microsoft.com/resources/documentation/windows/xp/all/proddocs/en-us/pptopnode.mspx -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Migration PDC from Samba 2.2.8a to 3.0.9 -> Error NT_STATUS_WRONG_PASSWORD [Solved]
OK, found it myself. sambaPwdLastSet should not be Zero. == Release Notes for Samba 3.0.2a February 13, 2004 == Samba 3.0.2a is a minor patch release for the 3.0.2 code base to address, in particular, a problem when using pdbedit to sanitize (--force-initialized-passwords) Samba's tdbsam backend. This is the latest stable release of Samba. This is the version that all production Samba servers should be running for all current bug-fixes. *** Attention! Achtung! Kree! * Beginning with Samba 3.0.2, passwords for accounts with a last change time (LCT-XXX in smbpasswd, sambaPwdLastSet attribute in ldapsam, etc...) of zero (0) will be regarded as uninitialized strings. This will cause authentication to fail for such accounts. If you have valid passwords that meet this criteria, you must update the last change time to a non-zero value. If you do not, then 'pdbedit --force-initialized-passwords' will disable these accounts and reset the password hashes to a string of X's. *** Attention! Achtung! Kree! * --- Jörg Junge IT-Koordinator Paritätischer Wohlfahrtsverband Landesverband Thüringen e.V. Bergstr. 11 99192 Neudietendorf Deutschland Tel : +49 36202 26 204 Fax: +49 36202 26 234 http://www.paritaet-th.de -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Sync password (with MIT-kerberos server) and migration
On Sun, 2005-01-16 at 15:52 -0500, FM wrote: > Hello, my first post here :-), > > > For several years, I are using samba 2.0 with local backend for windows > stations and servers. > NIS was our used for Linux stations and servers > > Now, LDAP /KERBEROS is replacing NIS and Samba (with ldap backend) will > replace the local backend . > > My questions : > 1- How can I migrate information form server1 (samba 2) to server2 (samba 3) > ? I read the official Samba how-to but this scenario is not covered. Use the ldapsam_compat passdb backend, for compatability with Samba 2.2. I'm not sure about Samba 2.0 however, that's before my time... > 2- Because Samba can not use MIT-Kerberos for password (as far as I know), I > need to sync samba password with Kerberos database. When user from Windows > want to change his password, samba will use a custom script (not created yet > ) to also so update the Kerberos password (if you have examples they're more > then welcome). > But the big problem is Linux users : If they want to update they password, > they use kpasswd but it will not update samba password. > Is one of you manage to create a script to update both DB form command line > ? I not a kerberos/samba expert but I suppose it's possible to change samba > password form linux command linux and then call the kerberos kpasswd to also > change this password. Then, I'll add it to all users ~/bin The solution I use is to back Heimdal kerberos onto the Samba password backend. https://sec.miljovern.no/bin/view/Info/HeimdalKerberosSambaAndOpenLdap Andrew Bartlett -- Andrew Bartletthttp://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org Student Network Administrator, Hawker College http://hawkerc.net signature.asc Description: This is a digitally signed message part -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] samba vfs recycle problem
Hello, VERSIONS tried: 3.0.9 and 3.0.10 Function: Domain Controller Summary: Using the recycle vfs module, files deleted are not "touched" Details: I've set up VFS recycle so that when a user deletes a file it gets moved to the .salvage directory. recycle:touch = yes is set, but the moved (deleted) file still contains the original time stamp when doing an "ls -al". Because the files are not touched, the timestamp remains the same, hence I can figure out when a file was deleted hence I can't automatically empty files in the .salvage directory based on the age its been there fore. Info: - Kernel 2.6.10 - This is a testing domain controller hence /home is in / - Partition is reiserfs3.6, and has quotas enabled. - FSTAB entry: /dev/hda3 / reiserfs notail,usrquota,grpquota 0 1 Homes share looks like this: [homes] comment = Home Directories valid users = %S read only = No browseable = No valid users = @ntadmins @ntresident # Hide files that linux permissions prevent access to hide unreadable = yes vfs object = recycle recycle:repository = .salvage recycle:keeptree = No recycle:touch = Yes recycle:versions = Yes recycle:exclude = ?~$*,~$*,*.tmp,*.temp,*.TMP recycle:exclude_dir = /tmp,/temp,/cache recycle:noversions = *.doc recycle:maxsize = 0 # Don't allow access to any of the following files. # Useful for preventing the spread of virus infections on your server # should a Windows-connected client become infected. # The last match bit prevents accessing files with a CLSID in its file extension #veto files = /*.{*}/ Finally, I can login as to a users linux account and touch files myself... I'm not sure if this is a problem, but I'e redirected the Desktop the user to a hidden directory of their profile (so profiles load quicker) What do you think is the matter? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] profile troubles
i've some trouble with logging and win-profile creating. Users don't log in their profile and don't even create their ones the first time they log on. Here's a smb.conf extract username map=/etc/samba/smbuser passwd program = /usr/bin/passwd %u passwd chat = *New* %n\n *Retype* %n\n *success* logon script =\\%L\netlogon\logon.bat logon path = \\%L\Profiles\%U logon drive = P: ogon path = \\%L\Profiles\%U logon drive = P: logon home = \\%L\Profiles\%U log file=/var/samba/log/log.%m domain logons = Yes os level = 35 preferred master = Yes domain master = Yes idmap uid = 15000-2 idmap gid = 15000-2 printing = cups unix password sync=yes admin users = @ntadmins [netlogon] comment = Network Logon Service path = /var/netlogon admin users = @ntadmin guest ok = Yes browseable = No [Profiles] comment = Roaming Profile Share path = /var/profiles create mask = 0600 directory mask = 0700 read only = No profile acls = Yes Thanks in advance L.Cerini -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Sync password (with MIT-kerberos server) and migration
> "FM" == FM <[EMAIL PROTECTED]> writes: FM> Now, LDAP /KERBEROS is replacing NIS and Samba (with ldap FM> backend) will replace the local backend . Is your LDAP server by any chance OpenLDAP? If not, my examples probably won't work... FM> 2- Because Samba can not use MIT-Kerberos for password (as far FM> as I know) Don't know if this is true, but it doesn't matter. Use userPassword: [EMAIL PROTECTED] then ldap will 'ask' the KDC, and samba don't have to care... FM> When user from Windows want to change his password, FM> samba will use a custom script (not created yet ) to also so FM> update the Kerberos password (if you have examples they're FM> more then welcome). With some additional tests around this, all you need is a one liner: kadmin -q "cpw -pw secret principal" FM> But the big problem is Linux users : If FM> they want to update they password, they use kpasswd but it FM> will not update samba password. As said above, using {SASL}, that doesn't matter... Please have a look at http://www.bayour.com/LDAPv3-HOWTO.html. It's old, but there should be SOMETHING in there for you... -- jihad fissionable domestic disruption smuggle Saddam Hussein munitions 767 Kennedy plutonium PLO spy assassination Ft. Bragg Ft. Meade subway [See http://www.aclu.org/echelonwatch/index.html for more about this] -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba