[Samba] Re: Samba - CPU and memory usage - Proposed solution(?)
On Sat, 2005-01-22 at 07:53 +0200, Nikos Balkanas wrote: > Hello, > > Solution developed against samba 2.2.22. Didn't and do not have the > opportunity to test samba 3.0.0. > No browsing or wildmasks of files needed, only > exact file request through the database. > > Putting samba through the debugger, I noticed that on every file request, it > would scan all the files in the large directory, while converting to Unix > filenames and building up the filename cash until it reaches 150 MB. I > developed a configurable parameter "many files", which when set, disables > file browsing (who needs listing of ~1,000,000 files?) and performs a "stat" > to get the file. Yes, this is a well-known problem with Samba's case insensitive filename handling, on case-sensitive Unix systems. If, as occurs in your case, the name is known exactly, such that a stat () will determine the result, then you may set 'case sensitive = yes', and Samba will do exactly that. This is best in 3.0.11pre2, (ie, the current code, I'm not sure how far back the changes were applied) where jra applied some patches to ensure that the directory listing was not performed. So, you may wish to advise your former employer that an 'out of the box' solution should now be available. Finally, I'm pleased to see Samba used being used in such big applications. It's a joy to hear about these kind of installations. Andrew Bartlett -- Andrew Bartletthttp://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org Student Network Administrator, Hawker College http://hawkerc.net signature.asc Description: This is a digitally signed message part -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Samba - CPU and memory usage - Proposed solution(?)
Hello, Solution developed against samba 2.2.22. Didn't and do not have the opportunity to test samba 3.0.0. At the time I was working as a technical architect for Tellas, the 2nd largest Telcom in Greece. We used large billing and CRM systems (Geneva, Siebel). Filesystem and Database were hosted on Solaris SF68000 servers (4-6 CPUs/domain). Therefore, we used samba on the Unix servers. These systems generate lots of data, and they use the proper interface between database and filesystem. That is, bulk (bills, contracts) are kept as files, and only the path is in the database. This of course (depending on company size and traffic) generates single directories with millions of files in each one. Samba can handle up to ~20,000 files/per directory without significant server or service degradation. At 70,000 files/directory (10 directories), siebel would delay ~20" to display a customer's contracts making it very difficult for CRM to work. At the same time geneva with ~1,000,000/directory would delay ~20' to display a particular bill. All this time geneva smbd processes were ~150 MB RAM and CPU 100%. 4 simultaneous such requests by CRM and support could stonewall the domain. 10 simultaneous requests would crash the server (easy to do when a single request lasts ~20'). No browsing or wildmasks of files needed, only exact file request through the database. Putting samba through the debugger, I noticed that on every file request, it would scan all the files in the large directory, while converting to Unix filenames and building up the filename cash until it reaches 150 MB. I developed a configurable parameter "many files", which when set, disables file browsing (who needs listing of ~1,000,000 files?) and performs a "stat" to get the file. The improvement was huge and manyfold. Response went down to < 1", CPU to ~ .1% and RAM ~ 2.5 MB/process. More importantly, these results are independent on how many files are in a directory (as long as the filesystem doesn't run out of inodes!). Even more, security is better, since CRM agents cannot view, modify or delete files from the mapped filesystem, but instead they go only through the application as intended. Since this is a per directory configurable parameter, other samba directories with fewer files can have full browsing/listing at the same time. The solution was tested against Windows XP. Windows XP must use a similar "stat" mechanism, since it went very fast with ~1,000,000 files/directory. Directory listing is slow (as expected), and in batches of 200 or so files at a time. However, you cannot disable browsing, and therefore it is an inferior solution, since security is more lax, and each time that a bill is about to be saved, the full browsing window is opened, with all the side-efects on the server. It uses, however, fewer packets than samba to do file requests. As mentioned I have no idea, and I am not able to test 3.0. My apologies if you already have corrected for it. If not, and there is interest for the patch let me know - but it will be against 2.2.22. The patch has been tested succesfully on Telas' production environment for ~1 year without any complains. With this patch, samba can be the top choice for large serious professional production systems. Otherwise directories should be kept less than 20,000 files. Cheers, Nikos Balkanas -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Plans for BUG 2170 (phantom jobs in queue listing on Windows clients)
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Due to the varied responses that we received with the 'phantom jobs in the windows print queue listing' bug, I'm encouraging people to test 3.0.11pre2 and let me know if you still see the bug after ensuring that the $(lockdir)/printing/*tdb files have been removed. Thanks. cheers, jerry = Alleviating the pain of Windows(tm) --- http://www.samba.org GnuPG Key- http://www.plainjoe.org/gpg_public.asc "I never saved anything for the swim back." Ethan Hawk in Gattaca -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (Darwin) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFB8cU8IR7qMdg1EfYRAvW+AJ9HKVM53YJIX/IInEED2E2bI2bWNACeM2yt j5p4n6gUyK+zBdqvdXciUSg= =CWhL -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Samba 3.0.11pre2 Available for Download
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 This is a preview release of the Samba 3.0.11 code base and is provided for testing only. This release is *not* intended for production servers. However, there have been several bug fixes since 3.0.10 that we feel are important to make available to the Samba community for wider testing. Common bugs fixed in 3.0.11pre2 include: ~ o Inefficiencies when searching non-AD LDAP directories. ~ o Failure to expand variables in user domain attributes ~in tdbsam and ldapsam. ~ o Memory leaks. ~ o Failure to retrieve certain attribute when migrating from ~a Windows DC to a Samba DC via 'net rpc vampire'. Additional features introduced in Samba 3.0.11pre2: ~ o Support for the Windows privilege model to assign rights ~to specific SIDs. ~ o New administrative options to the 'net rpc' command. LDAP Changes - If "ldap user suffix" or "ldap machine suffix" are defined in smb.conf, all user-accounts must reside below the user suffix, and all machine trust-accounts must be located below the machine suffix. Privilege Model - --- Samba 3.0.11pre2 supports the following assignable rights SeMachineAccountPrivilege Add machines to domain SePrintOperatorPrivilege Manage printers SeAddUsersPrivilegeAdd users and groups to the domain SeRemoteShutdownPrivilege Force shutdown from a remote system SeDiskOperatorPrivilegeManage disk shares These rights can be assigned to arbitrary users or groups via the 'net rpc rights grant/revoke' command. Only members of the Domain Admins group may assign rights to a SID. More details of Samba's privilege implementation will be available in a forthcoming HOWTO. Download Details - The uncompressed tarball and patch file have been signed using GnuPG (ID F17F9772). The source code and release notes can be downloaded from: http://download.samba.org/samba/ftp/pre/ Binary packages are available at http://download.samba.org/samba/ftp/Binary_Packages/ Our Code, Our Bugs, Our Responsibility. (https://bugzilla.samba.org/) --Enjoy The Samba Team -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (Darwin) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFB8byUIR7qMdg1EfYRAiraAKDjvtfMhmjQs+28LH2dUWB9xy8Y1wCgr5bV NZjYQqUQWaPwRtFitRSubs4= =7hOB -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] auth samba+squid+ntlm (ANS)
El Mar 18 Ene 2005 12:09, Xavier Callejas escribió:
I'm answering my self: the problem use to be that I don't realize that I've
running selinux in my fc3, it was blocking access to the /var mounted
partition.
but, I still have the problem with wbinfo -u since fedora core 2, I can't see
a list of users with that command.
Please help me.
> Hi.
>
> I need to use the ntlm_auth module to auth. users so a group can use
> Internet and other not, using squid. The users that belong to "Internet"
> group may use Internet.
>
> I've being looking for info. about this but there is no much info. in
> google.
>
> Until now this is the only info. that I had found:
>
> for squid.conf:
> auth_param ntlm program /usr/bin/ntlm_auth
> --helper-protocol=squid-2.5-ntlmssp
> --require-membership-of="dominio+Internet"
>
> the "dominio+internet": I made proof of "dominio\internet" ,
> "dominio\\internet" and always there is an error like this:
>
> [2005/01/18 11:58:23, 0] utils/ntlm_auth.c:get_require_membership_sid(237)
> Winbindd lookupname failed to resolve dominio+Internet into a SID!
>
> so I tried the SID:
>
> auth_param ntlm program /usr/bin/ntlm_auth
> --helper-protocol=squid-2.5-ntlmssp
> --require-membership-of=S-1-5-21-2357639956-1676252757-504000632-2005
>
> and:
>
> [2005/01/18 11:59:20, 10] utils/ntlm_auth.c:manage_squid_request(1610)
> Got 'ibcinc+xavier acacadac' from squid (length: 22).
> [2005/01/18 11:59:21, 3] utils/ntlm_auth.c:check_plaintext_auth(292)
> NT_STATUS_OK: Success (0x0)
> OK
>
> But, even doing this (putting the SID) the users can't be authenticated by
> the server. Squid and the smb PDC are the same box, is this possible???
>
> this the error from log when a user run its web browser and ask for a
> user/password:
>
> Jan 18 12:12:16 brain kernel: audit(1106071936.271:0): avc: denied
> { getattr } for pid=17126 exe=/usr/bin/ntlm_auth
> path=/var/run/winbindd/pipe dev=hda7 ino=108681
> scontext=root:system_r:squid_t
> tcontext=root:object_r:var_run_t tclass=sock_file
>
> this are the permissions on the /var/cache/samba:
> -rw--- 1 root root 8192 ene 13 00:02 account_policy.tdb
> -rw-r--r-- 1 root root 8192 ene 17 08:52 brlock.tdb
> -rw-r--r-- 1 root root695 ene 18 12:13 browse.dat
> -rw-r--r-- 1 root root 16384 ene 14 08:00 connections.tdb
> -rw-r--r-- 1 root root 8192 ene 13 00:10 gencache.tdb
> -rw--- 1 root root 8192 ene 13 00:02 group_mapping.tdb
> -rw-r--r-- 1 root root 16384 ene 17 08:52 locking.tdb
> -rw--- 1 root root 16384 ene 14 08:56 messages.tdb
> -rw-r--r-- 1 root root 11438 ene 16 04:02 namelist.debug
> -rw--- 1 root root 8192 ene 13 03:50 netsamlogon_cache.tdb
> -rw--- 1 root root 8192 ene 13 00:02 ntdrivers.tdb
> -rw--- 1 root root696 ene 13 00:02 ntforms.tdb
> -rw--- 1 root root 8192 ene 13 00:02 ntprinters.tdb
> drwxr-xr-x 2 root root 4096 ene 13 00:02 printing
> -rw--- 1 root root 8192 ene 13 00:02 registry.tdb
> -rw-r--r-- 1 root root 24576 ene 14 08:00 sessionid.tdb
> -rw--- 1 root root 8192 ene 13 00:02 share_info.tdb
> -rw-r--r-- 1 root root 8192 ene 13 19:08 unexpected.tdb
> -rw--- 1 root root 20172 ene 14 14:15 winbindd_cache.tdb
> -rw-r--r-- 1 root root 8192 ene 13 00:21 winbindd_idmap.tdb
> drwxr-x--- 2 root squid 4096 ene 14 14:15 winbindd_privileged
> -rw-r--r-- 1 root root 1523 ene 18 12:12 wins.dat
>
> What can I do???
>
> thanks!
>
> --
> Xavier Callejas
>
> E-Mail + MSN: xcallejas at ibcinc.com.sv
> ICQ: 6224
> --
> Open your Mind, use Open Source.
--
Xavier Callejas
IT Manager
International Bonded Couriers
El Salvador
E-Mail + MSN: xcallejas at ibcinc.com.sv
ICQ: 6224
--
Open your Mind, use Open Source.
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: LDAP + SASL (kerberos) password syncing
On Fri, 2005-01-21 at 11:56 +0100, paul kölle wrote: > Mark Roach wrote: > > I have already wrapped some of the kadmin library for use from python, > > I'm not quite sure how to accomplish this piece of it, but it might be > > worth the effort... > I'd be very interested in that pyhon stuff. Do you consider sharing the > code? Yup, it's part of EDSAdmin: http://edsadmin.sf.net just snag the kadm5, mit_error, and heimdal_error files from the edsadmin source. It uses ctypes, so you'll need that too. It is still in a testing state, and it is likely that I forgot to free some of objects, and that it doesn't work on 64 bit systems, but it works here with heimdal and mit kadmin servers. Email me if you have any trouble/suggestions etc. -Mark -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Access denied changing file attributes
Hi Max, are you owner of the files you want to handle? Only file owner is allowed to change file permissions (where attributes are mapped), write access isn't enough. Daniel > I've been tearing my hair out trying to get DOS file attributes > to work with Samba. "An error occured applying attributes > to the file Access is denied". -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] winbind debugging help..
smb.conf (relavent section) [global] workgroup = WPTZ security = DOMAIN map to guest = Bad User password server = WPTZSRV1, WPTZ-BDC username map = /etc/samba/smbusers log level = 2 syslog = 3 time server = Yes printcap cache time = 750 printcap name = cups logon path = \\%L\profiles\.msprofile logon drive = N: logon home = \\%L\%U\.9xprofile preferred master = No local master = No domain master = No dns proxy = No wins server = 192.168.67.12, 192.168.67.11 ldap idmap suffix = ou=Idmap ldap machine suffix = ou=Computers ldap suffix = dc=example,dc=com ldap ssl = no idmap uid = 1-3 idmap gid = 1-3 template shell = /bin/bash printer admin = @ntadmin, root, administrator cups options = raw hide special files = Yes strict locking = No # include = /etc/samba/dhcp.conf Suse 9.2, samba 3.0.9, NT4 Domain structure, linux box has been successfully added to domain. I start winbindd up with -Si --debuglevel=3 and this is part of the startup... IPC$ connections done anonymously bind_rpc_pipe: transfer syntax differs rpc_pipe_bind: check_bind_response failed. cli_nt_session_open: rpc bind to \PIPE\lsarpc failed rpc: trusted_domains IPC$ connections done anonymously add_trusted_domain: ENPS is an NT4 domain Added domain ENPS S-1-5-21-1959819392-1564699789-355810188 add_trusted_domain: BUILTIN is an NT4 domain Added domain BUILTIN S-1-5-32 add_trusted_domain: WPTZHOME is an NT4 domain Added domain WPTZHOME S-1-5-21-299585271-4192769577-2397001913 rpc: trusted_domains IPC$ connections done anonymously add_trusted_domain: ENPS is an NT4 domain Added domain ENPS S-1-5-21-1959819392-1564699789-355810188 add_trusted_domain: BUILTIN is an NT4 domain Added domain BUILTIN S-1-5-32 add_trusted_domain: WPTZHOME is an NT4 domain Added domain WPTZHOME S-1-5-21-299585271-4192769577-2397001913 rpc: trusted_domains [ 2472]: request interface version [ 2472]: request location of privileged pipe [ 2472]: getgroups root user 'root' does not exist if I do a wbinfo -u it returns all users from the WPTZ domain just fine. if I do a wbinfo -u --domain=ENPS if fails here is the output [ 2474]: request interface version [ 2474]: request location of privileged pipe [ 2474]: getgroups root user 'root' does not exist [ 2492]: request interface version [ 2492]: request location of privileged pipe [ 2492]: list users IPC$ connections done anonymously resolve_lmhosts: Attempting lmhosts lookup for name WPTZ-ENPS-BDC2<0x20> resolve_wins: Attempting wins lookup for name WPTZ-ENPS-BDC2<0x20> resolve_wins: using WINS server 192.168.67.12 and tag '*' Negative name query response, rcode 0x03: The name requested does not exist. resolve_hosts: Attempting host lookup for name WPTZ-ENPS-BDC2<0x20> name_resolve_bcast: Attempting broadcast lookup for name WPTZ-ENPS-BDC2<0x20> Got a positive name query response from 192.168.67.9 ( 192.168.67.9 ) IPC$ connections done anonymously resolve_lmhosts: Attempting lmhosts lookup for name ENPS<0x1c> resolve_wins: Attempting wins lookup for name ENPS<0x1c> resolve_wins: using WINS server 192.168.67.12 and tag '*' Negative name query response, rcode 0x03: The name requested does not exist. name_resolve_bcast: Attempting broadcast lookup for name ENPS<0x1c> Got a positive name query response from 192.168.67.9 ( 192.168.67.9 ) Could not open a connection to ENPS for \PIPE\samr (NT_STATUS_DOMAIN_CONTROLLER_NOT_FOUND) Not really sure what to do to look into this deeper... any help is great. Thanks, Michael J Barber WPTZ/WNNE Computer Services Administrator p 518-561- x563 m 518-572-6639 f 518-561-5940 smb.conf (relavent section) [global] workgroup = WPTZ security = DOMAIN map to guest = Bad User password server = WPTZSRV1, WPTZ-BDC username map = /etc/samba/smbusers log level = 2 syslog = time server = Yes printcap cache time = 750 printcap name = cups logon path = \\%L\profiles\.msprofile logon drive = N: logon home = \\%L\%U\.9xprofile preferred master = No local master = No domain master = No dns proxy = No wins server = 192.168.67.12, 192.168.67.11 ldap idmap suffix = ou=Idmap ldap machine suffix = ou=Computers ldap suffix = dc=example,dc=com ldap ssl = no idmap uid = 1-3 idmap gid = 1-3 template shell = /bin/bash printer admin = @ntadmin, root, administrator cups options = raw hide special files = Yes strict locking = No # include = /etc/samba/dhcp.conf Suse 9.2, samba 3.0.9, NT4 Domain structure, linux box has been successfully added to domain. I start winbindd up with -Si --debuglevel=3 a
RE: [Samba] SAMBA + OPENLDAP - Getent - Please help :)
Yes. I have followed the instructions from the book, and I have also tried to use authconfig as it is RedHat AS 3. Thank you. Jeff Saxton <[EMAIL PROTECTED]> wrote: Have you configured pam and nss? Jeff Saxton Sr. Support Engineer SenSage, Inc. ( Formerly Addamark Technologies, Inc. ) http://www.sensage.com mailto:[EMAIL PROTECTED] OFFICE: +1 415-281-1900x128 CELL: +1 415-640-6392 -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Choudary Mumtaz Sent: Friday, January 21, 2005 2:48 PM To: samba@lists.samba.org Subject: [Samba] SAMBA + OPENLDAP - Getent - Please help :) I have setup a SAMBA + OPENLDAP server following Samba-3 By Example, but I have run into several problems. All the tests described in the Chapter 6 such as pdbedit -Lv, slapcat, and ldapsearch -x -b give the desired results. But, getent can't read passwd or group information from ldap backend. I have done my best to solve the problem, but it just doesn't work. I have compiled the nss_ldap from Idealx and configured the /etc/ldap.conf as well as nsswitch.conf according to the instructions, but without any success. May someone please point me, how to troubleshoot this issue? Thank you. - Do you Yahoo!? Yahoo! Search presents - Jib Jab's 'Second Term' -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba - Do you Yahoo!? Yahoo! Mail - 250MB free storage. Do more. Manage less. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] SAMBA + OPENLDAP - Getent - Please help :)
Have you configured pam and nss? Jeff Saxton Sr. Support Engineer SenSage, Inc. ( Formerly Addamark Technologies, Inc. ) http://www.sensage.com mailto:[EMAIL PROTECTED] OFFICE: +1 415-281-1900x128 CELL: +1 415-640-6392 -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Choudary Mumtaz Sent: Friday, January 21, 2005 2:48 PM To: samba@lists.samba.org Subject: [Samba] SAMBA + OPENLDAP - Getent - Please help :) I have setup a SAMBA + OPENLDAP server following Samba-3 By Example, but I have run into several problems. All the tests described in the Chapter 6 such as pdbedit -Lv, slapcat, and ldapsearch -x -b give the desired results. But, getent can't read passwd or group information from ldap backend. I have done my best to solve the problem, but it just doesn't work. I have compiled the nss_ldap from Idealx and configured the /etc/ldap.conf as well as nsswitch.conf according to the instructions, but without any success. May someone please point me, how to troubleshoot this issue? Thank you. - Do you Yahoo!? Yahoo! Search presents - Jib Jab's 'Second Term' -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] SAMBA + OPENLDAP - Getent - Please help :)
I have setup a SAMBA + OPENLDAP server following Samba-3 By Example, but I have run into several problems. All the tests described in the Chapter 6 such as pdbedit -Lv, slapcat, and ldapsearch -x -b give the desired results. But, getent can't read passwd or group information from ldap backend. I have done my best to solve the problem, but it just doesn't work. I have compiled the nss_ldap from Idealx and configured the /etc/ldap.conf as well as nsswitch.conf according to the instructions, but without any success. May someone please point me, how to troubleshoot this issue? Thank you. - Do you Yahoo!? Yahoo! Search presents - Jib Jab's 'Second Term' -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Samba 3, SLES 9 and ldap
Hi all, I am using Chapter 6 of the Samba by Example series from the web site to set up our ldap server. When I issue the command "net getlocalsid" I receive the following error: lib/smbldap.c:smbldap_search_suffix(1159) smbldap_search_suffix: Problem during the LDAP search: (No such object) SID for domain SLES9T is: S-1-5-21-1056785705-3799760564-261985621 Based on some google searches I tried setting the machine to PDC, BDC and Standalone all of which generated the error. I am not sure where to go looking for my error. I would appreciate it if someone could steer me in the right direction or tell me some things to check. Thanks! John Little Network Engineer Hendricks Regional Health __ Do you Yahoo!? The all-new My Yahoo! - Get yours free! http://my.yahoo.com -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] tdbsam (local) to ldap (tdbldap) backend migration causespam restrictions not to work anymore?
> What I would need to have is: > - remember 5 last passwords > - have the ability to force use of letters and numbers in passwords > - force minimal length. Read the man pages for pdbedit. You will be able to do 2 of the 3 using pdbedit. The force use of strong passwords isn't implemented yet although I believe(don't quote me) they will be adding that feature in later releases. Chris -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Upgrading samba.schema post 3.0.6
> When I browse the directory, however, I don't see the that the changes > appear to have taken hold. Nor can I edit a user entry directly to add > the attribute. Do I need to perform some sort of compilation on the > schemas before restarting openldap? I believe you have to set the password history policy using pdbedit first. pdbedit -P "password history" -C 3 Also the attribute doesn't show up until the user changes their password for the first time. Have a user change their password and it should add the attribute. Chris -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: Why does nobody answere??? WG: [Samba] username map - same problem
Mathias, What exactly is failing? Are you doing a smbclient -L localhost -U stotadmin and it's not showing you the shares or are you attempting to login from a domain member PC and its failing? It looks like your usermap is working just fine as shown by your log entry > check_ntlm_password: authentication for user [stotadmin] -> [p01user] > -> > [p01user] succeeded More information would be needed to help you. I believe the problem that Bjorn has is he needs to add a root user to the samba password database. smbpasswd -a root should do the trick if he's not using ldap the backend. Chris -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Re: Access denied changing file attributes
Max Bolingbroke wrote: Hi! I've been tearing my hair out trying to get DOS file attributes to work with Samba. Basically, I have it all set up so the user mbolingbroke (me) can write to this Supernova Backup share I have - this all works fine. However, since this is going to backup my Windows machine I want to preserve the file attributes. To this end, I've set up mapping of the attributess using "map archive = yes" and so on. However, whenever I try to change the file attributes using either Windows or the smbclient, I get the error: "An error occured applying attributes to the file Access is denied". I've tried using both extended attributes and the "map * = yes" approach to do this - neither has worked. Both extended attributes and ACLs for my filesystem are compiled into the kernel, although I removed the ACL I had set up from my backup share at one stage trying to get this to work and still no joy. The user mbolingbroke is mapped to the NT username of "Max Bolingbroke" in smbusers and there is a corresponding entry in smbpasswd. I'd be really greatful for any insight on this problem! Thanks! Max Bolingbroke - getfacl output on share: # file: supernova # owner: mbolingbroke # group: users user::rwx group::r-x other::r-x - smb.conf: [global] netbios name = Nebula server string = An Expanding Cloud Of Vapour workgroup = BOLINGBROKE security = user client ntlmv2 auth = yes username map = /etc/samba/smbusers encrypt passwords = yes smb passwd file = /etc/samba/smbpasswd hosts allow = 192.168.1. wins server = 192.168.1.2 name resolve order = wins hosts lmhosts bcase log file = /var/log/samba/log.%m max log size = 1024 preserve case = yes short preserve case = yes map archive = yes map hidden = yes map system = yes [Supernova Backup] comment = Supernova backup area guest ok = no path = /data/supernova/ public = yes writeable = yes create mask = 755 Does anyone have any idea about this? I'm desperate enough that I'm about ready to buy another Windows licence for the trouble it'll save me. Hell, if all else fails can anyone suggest another networkable file system that's well supported in Windows and Linux? Thanks, Max Bolingbroke -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: RE: [Samba] Samba LDAP and add machine script problems
I have done some further investigation and this is what I found. If I change the uidNumber of "uid=Administrator,ou=Users,dc=somedomain,dc=org" to 0 Samba will add a computer to ou=Computers. However, it will still return an error to the XP machine that is attempting to join the domain. The error code is "The user name could not be found". I plowed through the Samba logs and found this interesting tidbit, though I'm not sure what to make of it. Any help analyzing it would be greatly appreciated. // Begin log 2005/01/21 15:11:08, 3] rpc_server/srv_samr_nt.c:_samr_create_user(2250) _samr_create_user: Running the command `/var/lib/samba/sbin/smbldap-useradd.pl -w 'amp$'' gave 0 [2005/01/21 15:11:08, 5] lib/username.c:Get_Pwnam(293) Finding user amp$ [2005/01/21 15:11:08, 5] lib/username.c:Get_Pwnam_internals(223) Trying _Get_Pwnam(), username as lowercase is amp$ [2005/01/21 15:11:08, 5] lib/username.c:Get_Pwnam_internals(239) Trying _Get_Pwnam(), username as uppercase is AMP$ [2005/01/21 15:11:08, 5] lib/username.c:Get_Pwnam_internals(247) Checking combinations of 0 uppercase letters in amp$ [2005/01/21 15:11:08, 5] lib/username.c:Get_Pwnam_internals(251) Get_Pwnam_internals didn't find user [amp$]! [2005/01/21 15:11:08, 5] rpc_parse/parse_prs.c:prs_debug(82) 00 samr_io_r_create_user [2005/01/21 15:11:08, 5] rpc_parse/parse_prs.c:prs_uint32(642) data1: [2005/01/21 15:11:08, 5] rpc_parse/parse_prs.c:prs_uint32(642) 0004 data2: [2005/01/21 15:11:08, 5] rpc_parse/parse_prs.c:prs_uint16(613) 0008 data3: [2005/01/21 15:11:08, 5] rpc_parse/parse_prs.c:prs_uint16(613) 000a data4: [2005/01/21 15:11:08, 5] rpc_parse/parse_prs.c:prs_uint8s(729) 000c data5: 00 00 00 00 00 00 00 00 [2005/01/21 15:11:08, 5] rpc_parse/parse_prs.c:prs_uint32(642) 0014 access_granted: [2005/01/21 15:11:08, 5] rpc_parse/parse_prs.c:prs_uint32(642) 0018 user_rid : [2005/01/21 15:11:08, 5] rpc_parse/parse_prs.c:prs_ntstatus(672) 001c status: NT_STATUS_NO_SUCH_USER [2005/01/21 15:11:08, 5] rpc_server/srv_pipe.c:api_rpcTNP(1578) api_rpcTNP: called samr successfully // End log >> >> I'm trying to integrate Openldap with Samba version 3.0.10. I have >> populated my LDAP server via smbldap-populate.pl and I've gotten PAM to recognize >> LDAP as an authentication mechanism. Thus, I can add a user with smbldap- >> useradd.pl and su to that user. >Can you do a straight login / ssh as that new user? Yes >> The problem I am having is when I attempt to add a computer from MS >> Windoze XP. >> When I attempt to join my domain XP prompts me for a user ID and password. >> If I >> enter a user ID of "root" with either my box's actual root password or the >> password for the LDAP user >> "uid=Administrator,ou=Users,dc=somedomain,dc=org" >> I get the following: "unknown user or bad password". I suppose this >> makes sense >> because there are only two users in ou=Users (Administrator and nobody) >> neither >> of which is "root". Alternatively, if I attempt to join the domain >> with a user ID >> of "Administrator" I get "Access is denied". >Somewhere in those howto's and example books that JHT, et al, has written he >says to set the uid of the Administrator to 0. what UID does your >administrator have? I believe from vague memory that the smbldap-populate >script automatically sets the uid of the Administrator to 0. Just use >smbldap-passwd Administrator to make sure that the password is set. then try >adding your Machine again. This worked for me last night when I got the >same error. >tell us what happens. >Regards Geoff. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] net ads password
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Is this command secure? net ads password [EMAIL PROTECTED] [EMAIL PROTECTED] You must supply an administrator username/password I don't want to put my administrator password on the command line; but it won't prompt me for it. Is there another way to use this functionality? Also, my administrator password cannot be typed on a command line easily (contains % and !) Thank you. Does samba 3.0.10 require the latest openldap code to get domain joining working? - -Tom -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFB8Wdk2dxAfYNwANIRAkqzAJ0YeIJA1lsoNEqy4+4/jTL4mnBjugCgorLZ h1Y7iV+srAKLU4psbc8VjBE= =hJPY -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Case Sensitive Problem in SMBFS mount
In Reply To: It might not be Samba at all. Look in your ~/.bash_profile, ~/.bashrc, and /etc/bashrc files for this line: shopt -s cdspell It causes the bash shell to "correct" minor misspellings, like a lower case 't'. -Ken Jackson > I am using Redhat Linux 9.0 on one machine and Windows XP on > another machine. There is a folder named "Test" on WinXP which is > mounted on my linux machine using > > mount -t smbfs //servername/Test /mount-point. > > Everything is working fine and I am able to get into this > folder. My problem is when I am trying to access Test in linux > using " cd test", I am able to access it but from Linux point of > view this should not be permitted, as linux is case sensitive, I > should access this folder as " cd Test" and not "cd test". > > Please tell me how to make this mount case sensitive. > > Thanks & Regards, > Saurabh Pendharker -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Directory readonly with rw permission for files
Hi folks, I'm migrating a customer old NT server to a Samba/Mandrake server. Everything is working fine and fast. The only problem I found is that some directory structures must be readonly but the files inside this directories must be read-write to the group. Only the administrator can create/delete directories and he did it manually. Is it possible to do that with Samba without using ACL ? Thanks in advance for any tip. Josir Gomes Rio de Janeiro - Brasil -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Windows XP and Samba, slow access with many subdirectories...
I know this may not be a Samba specific issue, but I have a client running Samba on the server side as a PDC with Windows XP clients. They have a data share on the server where there are currently about 7000 subdirectories in a directory... when windows clients browse to the directory the performance is very slow as I presume windows has to read in all of the directory entries and attributes each time. Is there any way that anyone is aware of (short of rearranging their subdirectory structure), either through tweaks to the samba config or tweaks to the workstations themselves that can improve this performance? This is a small office and they are running over gigabit ethernet so the network part of the equation is as good as it's going to get. Any hints or tips appreciated. Cheers, > Mike < -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
samba@lists.samba.org
I have a similar problem with samba-3.0.6-4.3.100mdk on Makdrake
Linux 10.0.
But it only affects my USB harddrive. It's line in /etc/fstab
looks like this:
none /mnt/backup supermount dev=/dev/sda1,fs=ext2:vfat,--,umask=0,...
I just moved the relevant data to my main harddrive and stopped
trying to use the USB drive with samba.
-Ken Jackson
> I experience strange problems with samba-3.0.7-5 running on SuSE
> Linux 9.2. Clients are windows 98 and windows 2000.
>
> The clients can browse through the samba share without problems. But
> if a client tries to create or copy a file onto the share, windows
> says: "the file cannot be created, because it already exists" (in
> fact the file doesn't exist!). After this, an empty file (0 bytes)
> with the right name was created on the share.
> Deletion of a file on the share leads to an error ("the file cannot
> be found"), but the file is deleted anyway.
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Fwd: Export cd's without mounting them. samba vfs module using gnu's libcdio
Hi, Sorry about posting to both lists, but I didn't get any feedback from samba-technical. I'm developing a vfs module that allows CDs to behave in a more "Windows" like fashion. If anyone out there cares about the ability to export cds without mounting them, please try this out and let me know what you think, if it works for you, whats wrong with my code, etc. Thanks, Dan Sturtevant -- Forwarded message -- From: Dan Sturtevant <[EMAIL PROTECTED]> Date: Wed, 19 Jan 2005 13:57:34 -0500 Subject: Export cd's without mounting them. samba vfs module using gnu's libcdio To: samba-technical@lists.samba.org, [EMAIL PROTECTED] Hi, We have begun implementing a samba vfs module that uses libcdio to export cd's over samba. This removes the need to mount the cd's before they are exported. It also gives us the potential to directly export music tracks (although this isn't implemented yet.) The code works, but needs a fair amount of fixup and optimization. A first pass at this code and instructions can be downloaded at: www.ontologistics.net/OpenSource/Samba/index.php Major things left to do are: 1 Detect when the drive has been opened and respond appropriately by cleaning up memory and informing windows of a media change. 2 Fix how we keep track of dirent structures and file descriptors. Currently it's a hack, but it works (at least on x86 boxes). 3 Get other things besides ISO's working such as music tracks, etc. - etc. We're not sure of the best way to go about doing 1 & 2. If anyone tests this out and looks at the code please give us feedback. Let us know if it works for you or if you have any trouble. Thanks, Dan Sturtevant & Chris Lalancette -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Unable to map drives to samba shares
Hello, We're running SCO open server 5.0.6 and Samba 2.2.0 and get recurring problems when people try to map drives. Windows produces the error: "No more connections can be made to this remote computer at this time [...] already as many connections as the computer can accept." The "max connections" parameter is not set in our smb.conf file. From what the man page says, it defaults to 0, and should mean there is no restriction on the number of connections, but we don't have a vast number of people connecting anyway (currently smbstatus -S shows about 11 shares). Does anyone know how to resolve this issue? Many thanks, Alistair Lord -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] More help on ACL problem please...anyone...anyone...Bueller?
Hello, I am running Fedora Core 2. Kernel: linux-2.6.5-1.358 Kernel supports ACL: [EMAIL PROTECTED] configs]# grep FS_SECURITY kernel-2.6.5-i686-smp.config CONFIG_EXT2_FS_SECURITY=y CONFIG_EXT3_FS_SECURITY=y CONFIG_XFS_SECURITY=y CONFIG_DEVPTS_FS_SECURITY=y [EMAIL PROTECTED] configs]# grep XATTR kernel-2.6.5-i686-smp.config CONFIG_EXT2_FS_XATTR=y CONFIG_EXT3_FS_XATTR=y CONFIG_DEVPTS_FS_XATTR=y Have extended attributes set in /etc/fstab is as follows: /dev/Goliath/root / ext3acl,user_xattr 1 1 I have a directory called Planning with ACL permissions assigned via the setfacl command: drwxrwx---+ 2 root AVMAX+Planning 4096 Jan 14 09:55 Planning which looks like this with getfacl: [EMAIL PROTECTED] avamx_shares]# getfacl Planning/ # file: Planning # owner: root # group: AVMAX+Planning user::rwx group::rwx group:AVMAX+Domain Users:r-- mask::rwx other::--- Problem: If I add my user to the AVMAX+Planning group on my NT DOMAIN PDC there is no problem. I can browse to the Planning directory via My Network Places. However if I remove my account from the AVMAX+Planning group and browse to the Planning directory it prompts me for a password. Because my account is by default a member of the AVMAX+Domain Users and I have configured (i think) the Planning directory ACL to allow read access to the AVMAX+Domain Users group.I should be able to browse this directory without being prompted for a username and password QUESTION: What did I do wrong or not do at all to make the applied ACL function correctly and allow all users in the AVMAX+Domain Users group read acces to the Planning samba share? Cheers, Travis -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Netbios Aliases and %L and port 445
| |Andrew Bartlett wrote: | || If there was, we would use it. This information is || simply no longer supplied by the client, when it talks to || port 445. | | |Andrew's right. | |The only alternative is to use a multi-homed samba host |(even virtual IPs) and the %i variable. If my memory serves |me correctly. | | |cheers, jerry | What's the downside to 'disabling' port 445 with "smb ports =" ? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Netbios Aliases and %L and port 445
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Andrew Bartlett wrote: | If there was, we would use it. This information is | simply no longer supplied by the client, when it talks to | port 445. Andrew's right. The only alternative is to use a multi-homed samba host (even virtual IPs) and the %i variable. If my memory serves me correctly. cheers, jerry -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFB8SKyIR7qMdg1EfYRApzEAKDuBPbY61b84svTfJszJKHt0Qu0gQCfeqni C/ukPdgP5ESxj4zskPsc6So= =ww4d -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] "Access Denied" from Windows
I've actually had this configuration in the past, but I have no recollection of how I managed to make it happen. I have a small NT 4.0 domain, and have just built a Red Hat 9 machine, which I would like to make a member of the domain. My networking is okay -- I can ping the Linux machine from any of my windows boxes, and vice versa. In Linux, I can see all of my domain shares, and can acces them--only problem is that it's asking me for a windows password to access. >From the Windows side, I can see the machine in my Network Neighborhood, but when I click on the machine, I'm asked for a name and password. When I enter Root/root-password, it redisplays the same login screen, replacing the user name "root" with "MY_WIN_DOMAIN_NAME\root. In the NT Server Administrator, I've added the Linux machine as a member, but when I double-click on the name, it tells me "Access Denied". Any help would be greatly appreciated. I have the sense that I'm pretty close here. The following is a list of my Samba settings: Thanks Joe == # Samba config file created using SWAT # from viking (127.0.0.1) # Date: 2005/01/21 09:26:55 # Global parameters [global] workgroup = SKYLAND netbios name = VIKING server string = samba server security = DOMAIN encrypt passwords = Yes obey pam restrictions = Yes password server = trouble pam password change = Yes passwd program = /usr/bin/passwd %u passwd chat = *New*password* %n\n *Retype*new*password* %n\n *passwd:*all*authentication*tokens*updated*successfully* unix password sync = Yes log file = /var/log/samba/%m.log max log size = 0 socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 domain master = No dns proxy = No wins server = trouble printing = cups [homes] comment = Home Directories valid users = %S read only = No create mask = 0664 directory mask = 0775 browseable = No [printers] comment = All Printers path = /var/spool/samba printable = Yes browseable = No [share] comment = Share drive on Viking path = /share read only = No guest ok = Yes [\share] path = /share read only = No guest ok = Yes hosts allow = 192.168.255. mangled names = No set directory = Yes -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Samba 3.0.9: 2 Domains on one server (browse.dat location)
Hi, I'm trying to run 2 domains from the one server. I've got my 2 config files and both servers run, bound to the correct interface if started normally. The problem I have occurs when I try to start both at once. nmdb seems to be hardwired to write to $SAMBA_ROOT/var/locks/browse.dat so each instance of nmbd overwrites the data of the other. Have I missed an option to configure it to write elsewhere? ( log, lock & pid dirs don't do it) or, do I have to recompile samba with a new root? Feature Request:: Is it possible to have an option to reset this location if it doesn't exist? Is there a good howto anywhere on 2 domains / one machine or a good reason not to do it? (Pref for Solaris) We've got the same users in each domain, with the same ldap backend, The problem being solved is that of giving some users escalated permissions when logged into their own domain (Set group of machines ) but allowing them to log into the "World usable" domain (open access machines) with normal permissions. Joe Blogs shouldn't be able to login to the 2nd domain, & I've controlled access using the ldap filter in smb.conf. (Good / Bad idea?) Any comments from those who done this appreciated. Cheers, Duncan -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: Using ssh for samba authentication?
Andrew Bartlett wrote: On Tue, 2005-01-18 at 22:30 +0100, Igor Bukanov wrote: On Tue, 18 Jan 2005 11:49:00 -0800, "Jim C." <[EMAIL PROTECTED]> said: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 | I use ssh port forwarding to connect to a samba server from Windows ... | ask for any password for shares? Why not set ssh up for public key auth? Coupled with Samba's own encryption, it should be secure enough. ;-) I already use public key authentication in ssh and for this reason the additional password typing is annoyance that can potentially leak passwords. So I thought that maybe there was a way to start samba from ssh connection and assume that user already authentificated among the lines of sftp subsystem in ssh. Yes, it is possible to construct such a system, but I really doubt it is worth the pain. You would need to construct an auth module that understood that SSH had already authenticated the user, while still using the same username/password on the client as the server (this is important for session key stuff), run smbd as the user initially (which breaks certain behaviours where we become root). On the client, you would need to forward the socket to the SSH process. For me it seems that it is straightforward to modify an ssh client to allow to forward local ports to input/output of remote process instead of remote port. With such port-to-process forwarding in place I can then start smbd in the same way as inetd can do it. Then I configure smbd to write all logs etc. to files in the home directory with a guest read/write share pointing to the whole filesystem. Yes, it is a lot of work, but so far I did not loose an interest to play with ssh. Regards, Igor Regards, Igor -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Only show shares a user have permission to access
Hi Jacob You can do this with the optio": hide unreadable = yes in smb.conf You have to set it for each share. Greetz Bart - Original Message - From: "Jacob Friis Larsen" <[EMAIL PROTECTED]> To: Sent: Friday, January 21, 2005 2:34 PM Subject: [Samba] Only show shares a user have permission to access How can I make Samba only show shares a user have permission to access? Thanks, Jacob -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Only show shares a user have permission to access
How can I make Samba only show shares a user have permission to access? Thanks, Jacob -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Netlogon scripts
Hi Robert, thanks a lot for that this is what i searched. Arno Robert Schetterer schrieb: Hi Arno, if you have a default.bat for all clients you can do the cascade to groups users or machine in this file itself i.e. for the client machine itself echo %COMPUTERNAME% call %COMPUTERNAME%.bat Regards Arno Seidel schrieb: Hi List, maybe i missed a hint on google, but i didnÂt find a answer to following question: is it possible to cascade the logon scripts...? for example: there is a standard script for all client-pcÂs called: netlogon.bat and in addition there is for some client-pcÂs a additional script called by the %m switch in smb.conf kind regards Arno -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Netlogon scripts
Hi Simon, thanks... for that hints... arno Simon Hobson schrieb: Arno Seidel wrote: maybe i missed a hint on google, but i didn´t find a answer to following question: is it possible to cascade the logon scripts...? for example: there is a standard script for all client-pc´s called: netlogon.bat and in addition there is for some client-pc´s a additional script called by the %m switch in smb.conf No, but you can 'roll your own' ... There are several techniques you can use : 1) Use pre-exec to run a server based script and generate a per-user (or per machine) logon script at each logon. You then have access to everything the host (Linux/Unix) system knows about the user/machine. 2) Use the basic batch file commands to test for various things and call other batch files as required - search the archives for ifmember.exe which is useful for this. You then have every machine/user use a common logon.bat and take runtime decisions on what to do. 3) Use a client side scripting environment such as Kixtart and write much more complex scripts. Simon -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Netlogon scripts
Hi Arno, if you have a default.bat for all clients you can do the cascade to groups users or machine in this file itself i.e. for the client machine itself echo %COMPUTERNAME% call %COMPUTERNAME%.bat Regards Arno Seidel schrieb: Hi List, maybe i missed a hint on google, but i didnÂt find a answer to following question: is it possible to cascade the logon scripts...? for example: there is a standard script for all client-pcÂs called: netlogon.bat and in addition there is for some client-pcÂs a additional script called by the %m switch in smb.conf kind regards Arno -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Netlogon scripts
Arno Seidel wrote: maybe i missed a hint on google, but i didn´t find a answer to following question: is it possible to cascade the logon scripts...? for example: there is a standard script for all client-pc´s called: netlogon.bat and in addition there is for some client-pc´s a additional script called by the %m switch in smb.conf No, but you can 'roll your own' ... There are several techniques you can use : 1) Use pre-exec to run a server based script and generate a per-user (or per machine) logon script at each logon. You then have access to everything the host (Linux/Unix) system knows about the user/machine. 2) Use the basic batch file commands to test for various things and call other batch files as required - search the archives for ifmember.exe which is useful for this. You then have every machine/user use a common logon.bat and take runtime decisions on what to do. 3) Use a client side scripting environment such as Kixtart and write much more complex scripts. Simon -- Simon Hobson MA MIEE, Technology Specialist Colony Gift Corporation Limited Lindal in Furness, Ulverston, Cumbria, LA12 0LD Tel 01229 461100, Fax 01229 461101 Registered in England No. 1499611 Regd. Office : 100 New Bridge Street, London, EC4V 6JA. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] change SID in ntuser.dat
Hi Peter, yes, you can do this with the command: profiles -c old-sid -n new-sid ntuser.dat to display the stored sid: profiles -v ntuser.dat greets arno peter grotz schrieb: Hi all, I want to migrate from 2.2.6 to 3.0.10 (with ldap). Is it possible to change the SID in the ntuser.dat on the server-saved profile? -Peter -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] change SID in ntuser.dat
On Fri, 21 Jan 2005, peter grotz wrote: > Hi all, > > I want to migrate from 2.2.6 to 3.0.10 (with ldap). Is it possible to change > the SID in the ntuser.dat on the server-saved profile? > Yes. The profiles command is what you seek. But, the server SID is only part of the picture. If the user and group RID's do not match after the migration, you will have a bit more work ahead of you. Is there a reason for changing the server SID? Why not just take the SID from 2.2.x with smbpasswd -X and put it into 3.0.x with "net setlocalsid"? If your RID's are algorithmic or tdb, this would be a much simpler solution for you. Of course, I offer this based on the limited information you've provided. Bill > -Peter > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/listinfo/samba > -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] change SID in ntuser.dat
Hi all, I want to migrate from 2.2.6 to 3.0.10 (with ldap). Is it possible to change the SID in the ntuser.dat on the server-saved profile? -Peter -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Active Directory integration - where to go next??
Am Donnerstag 20 Januar 2005 16:59 schrieb Gibbs, Simon: > If so do I need to create a single repository to store > the user mappings that both Samba members use? Again how does this work?? Don't worry. I have not done this, but thereis a paranmeter called "idmap backend". Specifying ldap and having the üproper object classes will probably handle your challenge. Check the docs on that. hth dan -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Netlogon scripts
Hi List, maybe i missed a hint on google, but i didnÂt find a answer to following question: is it possible to cascade the logon scripts...? for example: there is a standard script for all client-pcÂs called: netlogon.bat and in addition there is for some client-pcÂs a additional script called by the %m switch in smb.conf kind regards Arno -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Upgrading samba.schema post 3.0.6
List, I upgraded to 3.0.10 the other day, and completely missed the fact that the samba.schema for openldap had to be upgraded as well. I learnt that this was the case when passwords could no longer be changed... Searching the web revealed that the only thing to do was to "copy over samba.schema" and everything would be fine. So I backed up the previous copy of samba.schema, copied the new version over (and I see it contains the definition for sambaPasswordHistory, which is what I need) and then restarted openldap. When I browse the directory, however, I don't see the that the changes appear to have taken hold. Nor can I edit a user entry directly to add the attribute. Do I need to perform some sort of compilation on the schemas before restarting openldap? Thanks for the pointers, David -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] FlashMX creates BAD .swf file on Samba
Hi, Have you already been able to solve this problem? I'm running in the same problem too. Thanks, Maurice -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Re: LDAP + SASL (kerberos) password syncing
Mark Roach wrote: I have already wrapped some of the kadmin library for use from python, I'm not quite sure how to accomplish this piece of it, but it might be worth the effort... I'd be very interested in that pyhon stuff. Do you consider sharing the code? thanks Paul -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] tdbsam (local) to ldap (tdbldap) backend migration causes pam restrictions not to work anymore?
Hi, I am using samba 3.0.10 on Debian and have had my users in tdbsam backend untill now. They have had the ability to change their unix password along with samba password and besides that I was able to apply some PAM restrictions to the users password strength via pam_cracklib.so library. I have now moved the users into ldap and auth works ok, but I cannot change users password and still have the password restrictions set (or can I)? My previous setup was like this: smb.conf: encrypt passwords = yes obey pam restrictions = yes passwd chat debug = yes smb passwd file = /etc/samba/smbpasswd unix password sync = Yes passwd program = /usr/bin/passwd %u passwd chat = *New*password* %n\n *Retype*new*password* %n\n *passwd:*all*authentication*tokens*updated*successfully* /etc/pam.d/samba: auth requiredpam_unix.so nullok accountrequiredpam_unix.so sessionrequiredpam_unix.so password required pam_cracklib.so minlen=20 ocredit=5 ucredit=3 dcredit=3 lcredit=1 password requiredpam_unix.so Now I have changed the part in smb.conf to be like this: passwd program = /usr/bin/ldappasswd -D cn=root,dc=neonatus,dc=net -x -w 'password_for_root_user' -S uid=%u,ou=People,dc=neonatus,dc=net passwd chat = *New*password*%n\n*new*password*%n\n I can however use the ldap password sync = yes and users can change passwords than, but again no pam restriction is applied (no restriction but password length). What I would need to have is: - remember 5 last passwords - have the ability to force use of letters and numbers in passwords - force minimal length. I can do the last, but don't know how to force the other . I would appreciate any help. Regards, Bostjan -- buhdej evridej -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] WinXP lost connection to Samba fileserver
Hello, I have big problem with WinXP clients on my network. I tried to find some solution via google, but without success. I have Win2K Server as a PDC and Linux machine as a fileserver. Linux box is joined in domain and all users are authorised against W2K server. When I start WXP client everything works OK. But after about 30 minutes client workstation lost connection to Samba server and only way how to get it working is to reboot workstation. Samba server is visibe in network neighbourhood, but when I try to access network drives, computer freeze for long time and few minutes after show me login dialog or message that drive is not accessible. I really don't know what I can do with it. Thanx Rudiik Tech details: PDC: Windows 2000 Server SP4 Linux: Mandrakelinux 9.1 Samba: Samba 3.0.2a from samba.org binary packages for Mdk 9.1 smb.conf - global part: [global] workgroup = mycomp netbios name = server3 server string = File Server printcap name = cups load printers = yes printing = cups log file = /var/log/samba3/log.%m max log size = 50 log level = 3 hosts allow = 10.1. 10.2. 127. map to guest = bad user security = domain encrypt passwords = yes smb passwd file = /etc/samba3/smbpasswd socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 interfaces = 10.1.1.252 local master = no os level = 2 domain master = no preferred master = no domain logons = no name resolve order = wins lmhosts bcast wins server = 10.1.1.1 dns proxy = no case sensitive = no dos charset = 852 unix charset = ISO8859-2 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Samba / Cups / ADS problem
Hi folks, I'm trying to set up a printserver with Linux, Cups and Samba that will authenticate users via a windows 2000 ADS. I'm nearly there, but I'm having a few troubles with Samba / Windbind. I'm at the point where I can connect to the server from a windows box connected to the Active Directory and see the printers on the server, and if I'm logged into the windows box as Administrator, it will print fine. However, if I'm logged in as a normal user, it won't print (windows gives an error message 'test page failed to printunable to create print job') I've put the main files and a snippet of log file that may indicate the problem at http://ian.internet-assist.com/samba-files.txt Something I've noticed is that home directories do not get created in /home/ for the active directory users, is there something I've missed out of my smb.conf? The system is samba 3.0.9 running on Gentoo Linux if that helps - any advice or ideas would be greatly appreciated! Thanks, Ian. -- Ian Taylor Technical Support Internet Assist Ltd Tel: +44 (0)1621 840014 Fax : +44 (0)1621 853 959 Web: http://www.i-a.co.ukEmail : [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Antwort: [Samba] compiling libldap error??
LDFLAG=-L"" regards Mathias Wohlfarth EDV-Beratung Thomas-Mann-Str.1 53111 Bonn Tel. +49 172 / 53 45 591 +49 1801 / 777 555 33 01 Fax +49 228 / 9469181 Email [EMAIL PROTECTED] Tim Tyler <[EMAIL PROTECTED]> Gesendet von: [EMAIL PROTECTED] 20.01.2005 17:35 An: samba@lists.samba.org Kopie: Thema: [Samba] compiling libldap error?? Samba experts, Ok, we are having so many problems getting ldap to work, we decided to start over with our compile. We are compiling Samba --with-ldap on our AIX 5.1 system which uses gcc. Openldap (for client support) exists in /usr/local/openldap/2.2.17. In order for Samba to find the ldap.h file, we had to configure with CPPFLAGS="-I/usr/local/openldap/2.2.17/include" which worked great! Now it finds ldap.h with no problem. However, now the ./configure gives this error: configure: error: libldap is needed for LDAP support What exactly is it looking for now.? Is libldap supposed to be a binary or library? We can't find libldap anywhere. There is a lib directory in openldap that contains a bunch of files such as: # pwd /usr/local/openldap/2.2.17/lib # dir total 12560 drwx-- 2 root system 512 Dec 15 13:59 . drwx-- 7 root system 512 Dec 15 13:59 .. -rw-r--r-- 1 root system 454117 Dec 15 13:59 liblber.a -rw-r--r-- 1 root system 646 Dec 15 13:59 liblber.la -rw-r--r-- 1 root system 2507942 Dec 15 13:59 libldap.a -rw-r--r-- 1 root system 692 Dec 15 13:59 libldap.la -rw-r--r-- 1 root system 3442991 Dec 15 13:59 libldap_r.a -rw-r--r-- 1 root system 698 Dec 15 13:59 libldap_r.la Is it looking for libldap.a? Note: we tried to configure with LDFLAGS="-L/usr/local/openldap/2.2.17/lib" but that didn't resolve it. Any suggestions for what we may need to do? Tim Tyler Network Engineer - Beloit College [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Why does nobody answere??? WG: [Samba] username map - same problem
regards Mathias Wohlfarth EDV-Beratung Thomas-Mann-Str.1 53111 Bonn Tel. +49 172 / 53 45 591 +49 1801 / 777 555 33 01 Fax +49 228 / 9469181 Email [EMAIL PROTECTED] - Weitergeleitet von Mathias am 21.01.2005 10:40 - [EMAIL PROTECTED] Gesendet von: [EMAIL PROTECTED] 19.01.2005 17:35 An: Bjørn-Sverre Nøttum <[EMAIL PROTECTED]> Kopie: samba@lists.samba.org, [EMAIL PROTECTED] Thema: Antwort: [Samba] username map - same problem We are just working on the same problem. We are using "domain logons =yes". Samba version is 3.0.10 In the logfile it seems, that the mapping is ok. But then something happens, so that the logon fails. I cannot see any error in the following records - not very helpfull. Need help. this is a part of the logfile, showing, that the maping work and the right password is given. I can mail the rest, if someone can understand it. check_ntlm_password: authentication for user [stotadmin] -> [p01user] -> [p01user] succeeded [2005/01/19 17:01:48, 5] auth/auth_util.c:free_user_info(1318) attempting to free (and zero) a user_info structure [2005/01/19 17:01:48, 10] auth/auth_util.c:free_user_info(1321) structure was created for stotadmin [2005/01/19 17:01:48, 5] rpc_server/srv_netlog_nt.c:_net_sam_logon(716) _net_sam_logon: check_password returned status NT_STATUS_OK Mathias Wohlfarth EDV-Beratung Thomas-Mann-Str.1 53111 Bonn Tel.0172 / 53 45 591 01801 / 777 555 33 01 Fax 0228 / 9469181 Email [EMAIL PROTECTED] Bjørn-Sverre Nøttum <[EMAIL PROTECTED]> Gesendet von: [EMAIL PROTECTED] 19.01.2005 10:37 An: samba@lists.samba.org Kopie: Thema: [Samba] username map Hello! I want to permit the root account to be called administrator from the win clients in my network. Therefore I have added 'root = administrator' in my /etc/samba/smbusers. I have also added 'username map = /etc/samba/smbusers' in smb.conf. When I try to log on as administrator from a windows client I get a message that the user does not exist. I am running samba 3 on fc2. Can anyone help me on this? Thanks! Bjorn _ MSN Hotmail http://www.hotmail.com Med markedets beste SPAM-filter. Gratis! -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Logon hours
Hi guys, Another quick question: I'm running Samba-3.0.9 with an LDAP backend. User logon restrictions, in terms of allowed logon hours are set by using NT's "User Manager.exe" which connects to the Samba controlled domain. The restrictions appear to work OK except when there are multiple rules for the logon hours. .e.g Logon restrictions work pefectly if the logon time is: 13:00-17:00, but not when there is more than one 'rule' e.g. 13:00-14:00 and 15:00-17:00. As soon as there is more than one rule users cannot log on and if I try to use smbclient I get something like and error like INVALID_LOGON_HOURS. Any ideas ? Your assistance is greatly appreciated. Kindest regards David Wilson ___ D c D a t a Tel +27 33 342 7003 Fax +27 33 345 4155 Cell +27 82 4147413 http://www.dcdata.co.za [EMAIL PROTECTED] Powered by Linux, driven by passion ! ___ -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] guest smbmount across networks
Hi, I've got a Samba 3 PDC, that enables a few shares to be accessed in gusest mode. What I'm experiencing is that, while in the same subnetwork, I'm able to mount those shares in guest mode (smbmount //pdc/coge /mnt/samba -o guest), mounting the share from other subnetworks is possible only giving a valid username and password. Furthermore, even mounting the share with an user, I cannot access the share for writing, but only for reading. How can I fix this? Thanks, Luca -- Luca Ferrari, [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba-3 PDC: Home directories in other machine
I've this configuration: LDAP#1 LDAP#2 | | ---ALTEON--- | | <<< NFS SAMBA-3 PDC <--- NAS/SAN | | | | | | CLI1 CLI2 CLIn · Samba-3 PDC use nsswitch to authenticante LDAP. · NAS/SAN use its own /etc/passwd Thanks El jue, 20-01-2005 a las 14:26 +0100, David Landgren escribió: > On Thu, 20 Jan 2005 14:05:09 +0100, Juan José Vidal <[EMAIL PROTECTED]> wrote: > > > > Hi, > > > > I've a Samba-3 PDC LDAP Based and I want to put the home directories in > > other machine. It's impossible that this machine was a BDC; this machine > > only exports via NFS. > > > > My idea is mount via NFS this machine in my Samba-3 PDC machine > > (i.e: /users/), and share this directory from my users. > > > > Is it possible? > > Yes, I've already done this. > > > I've searched, but nothing... Some links?? > > This depends on your OS. Just find a recipe that tells you how to set > up NFS. From experience, the HOWTOs for Linux, FreeBSD and Solaris are > all very straightforward. > > Samba doesn't care really care one way or another whether the path of > a share is an NFS mount or not. Well, it may underneath, but not that > I noticed. > > The main question is one of permissions. Does the exporting server use > nsswitch to authenticate off LDAP, or does it use its own /etc/passwd? > > David -- Juan José Vidal Agustín Universidad de Murcia (ÁTICA) Área de Tecnologías de la Información y las Comunicaciones Aplicadas Proyecto SOFTLA - Software Libre y Abierto Universidad de Murcia Edificio Ática, Campus Univ. de Espinardo E-30100 Murcia (SPAIN) Tlf.: +34 968 39 8741 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
