date:20050202

Ilia Chipitsine schrieb:
Hi,
is it possible to create the user profiles by copying a template, change 
file ownership and modify the SID in NTUSER.DAT using the profile tool?
We have many problems with broken profiles. This has become time consuming
  ^^^
there're few tips which I came to after using roaming profiles for several 
years, those tips will significately reduce number of problems with roaming 
profiles:

1) watch that profiles are less than 30Mb (number of files also is 
important)

2) when user first logs in, if there no profile exists, "Default User" 
profile is taken from \\$LOGONSERVER\NETLOGON, so you can have special 
default profile for new users. otherwise local "Default User" profile is 
taken.

3) redirect common folders like Desktop, My Documents out of roaming 
profile. they can live on network share in user's home directory, but not 
in the roaming profile. this can be achived either by manipulating registry 
directly or by using nt4 style domain policies, I can even send You custom 
ADM template for that.

Outlook.pst can also be redirected out of roaming profile.
simply move it to another place and start MS Outlook, it will ask You where 
to find outlook.pst

4) be careful with terminal services. samba doesn't understand separate 
profiles for terminal services, so you can ruin roaming profile.

5) make sure you are using the same version of Windows on all computers.
w2k <--> xp can also break many things in profile
6) make sure other things than Windows are the same on all computers.
particularly MS Office.
7) You can create "profile backup system",
put, for example
regedit /e \\SERVER\share\%UserName%-of2k3.reg 
"HKEY_CURRENT_USER\Software\Microsoft\Office\11.0"

at logon script and after that You can easily delete broken profile and 
restore required things from backup.

8) xp behave weird on roaming profiles.
even if You reqiure "delete cached copies of roaming profiles on exit", xp 
leaves copy and !!! if You delete network copy of roaming profile (in order 
to create profile from "Default User"), xp picks up local cached copy. so, 
in such case You need to remove both network and local cached copy of 
profile. no idea how to make xp delete it on exit.

and frustrating - when a user experiences an error or weird behaviour of 
an application I can never be sure wether the cause is a "wrong user 
error", a broken profile or defect in installation. If I want all users or 
groups of users to have the same profile I should be able to create it for 
them.
I already use the "default user", but with that I only can make a profile 
mandatory after the user's first logoff.
I could try myself, but I sometimes experience that "tricks" that work at 
first and look good have some side effects I didn't think of, so I would 
appreciate comments from people who tried that, or maybe someone knows why 
this is rather a bad idea.

With kind regards,
Malte Mueller
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Thanks a lot Ilia!
We have 200 PC and nearly all have a reborn-card or such, which prevents any 
lokal changes, so local copies of profiles do not exist. Users log in very 
often to different Computers and need to have a defined environment i.e. an 
available profile. I already use a "default user"-profile and redirected 
folders (thanks John, the book helped a lot). Nevertheless I feel that I 
cannot rely on the profiles' integrety once a user had a chance to modify it. 
Making a registry copy is a good tip, i will use that, at least for some 
users. But rather than backing up I would very much appreciate to set up a 
defined profile for each user. I think it would make life a lot easier for me 
(and the users).
I would left capability of changing profiles for users.
there's some VFS module for faking read-only access. but I'm afraid You 
will have even more problems this way.

Just regular registry backup (as I suggested) and it will work like charm.
You already did the rest :-)
With kind regards
Malte Mueller
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Problem while configuring Samba

2005-02-02 Thread shaista.bano

Hi ,

 

I am facing a problem while configuring Samba on AIX 5.2. The configure
completes without any issues , but getting an error while running

make . Any pointers to this problem will be helpfull.

 

Options used for Configure are - ./configure --with-winbind --with-ldap
--with-ads --with-pam 

Here is the Error - 

 

# make

Using FLAGS =  -O -I/usr/local/include -I./popt -Iinclude
-I/usr/samba-3.0.1/sou

rce/include -I/usr/samba-3.0.1/source/ubiqx
-I/usr/samba-3.0.1/source/smbwrapper

  -I. -I/usr/local/include -I/usr/samba-3.0.1/source

  LIBS =

  LDSHFLAGS = -Wl,-bexpall,-bM:SRE,-bnoentry,-berok

  LDFLAGS =

Compiling nsswitch/pam_winbind.c with -O2

nsswitch/pam_winbind.c: In function `converse':

nsswitch/pam_winbind.c:67: warning: passing arg 3 of `pam_get_item' from
incompa

tible pointer type

nsswitch/pam_winbind.c:70: warning: passing arg 2 of pointer to function
from in

compatible pointer type

nsswitch/pam_winbind.c: In function `_make_remark':

nsswitch/pam_winbind.c:85: warning: assignment discards qualifiers from
pointer

target type

nsswitch/pam_winbind.c: In function `_winbind_read_password':

nsswitch/pam_winbind.c:297: warning: passing arg 3 of `pam_get_item'
from incomp

atible pointer type

nsswitch/pam_winbind.c:309: error: `PAM_AUTHTOK_RECOVER_ERR' undeclared
(first u

se in this function)

nsswitch/pam_winbind.c:309: error: (Each undeclared identifier is
reported only

once

nsswitch/pam_winbind.c:309: error: for each function it appears in.)

nsswitch/pam_winbind.c:330: warning: assignment discards qualifiers from
pointer

 target type

nsswitch/pam_winbind.c:338: warning: assignment discards qualifiers from
pointer

 target type

nsswitch/pam_winbind.c:344: warning: assignment discards qualifiers from
pointer

 target type

nsswitch/pam_winbind.c:402: warning: passing arg 3 of `pam_get_item'
from incomp

atible pointer type

nsswitch/pam_winbind.c: At top level:

nsswitch/pam_winbind.c:417: error: syntax error before "int"

nsswitch/pam_winbind.c: In function `pam_sm_authenticate':

nsswitch/pam_winbind.c:428: warning: passing arg 2 of `pam_get_user'
from incomp

atible pointer type

nsswitch/pam_winbind.c: At top level:

nsswitch/pam_winbind.c:461: error: syntax error before "int"

nsswitch/pam_winbind.c:472: error: syntax error before "int"

nsswitch/pam_winbind.c: In function `pam_sm_acct_mgmt':

nsswitch/pam_winbind.c:482: warning: passing arg 2 of `pam_get_user'
from incomp

atible pointer type

nsswitch/pam_winbind.c: At top level:

nsswitch/pam_winbind.c:518: error: syntax error before "int"

nsswitch/pam_winbind.c:528: error: syntax error before "int"

nsswitch/pam_winbind.c:540: error: syntax error before "int"

nsswitch/pam_winbind.c: In function `pam_sm_chauthtok':

nsswitch/pam_winbind.c:559: warning: passing arg 2 of `pam_get_user'
from incomp

atible pointer type

nsswitch/pam_winbind.c:636: warning: passing arg 3 of `pam_get_item'
from incomp

atible pointer type

make: 1254-004 The error code from the last command is 1.

 

Stop.

 

Thanks

 

 



DISCLAIMER:
This message contains privileged and confidential information and is intended 
only for the individual named.If you are not the intended recipient you should 
not disseminate,distribute,store,print, copy or deliver this message.Please 
notify the sender immediately by e-mail if you have received this e-mail by 
mistake and delete this e-mail from your system.E-mail transmission cannot be 
guaranteed to be secure or error-free as information could be 
intercepted,corrupted,lost,destroyed,arrive late or incomplete or contain 
viruses.The sender therefore does not accept liability for any errors or 
omissions in the contents of this message which arise as a result of e-mail 
transmission. If verification is required please request a hard-copy version.
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Re: Samba bidirectional printing support

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On Wed, 2 Feb 2005, Viktor Remennik wrote:

> No answers so far.. So probably it is impossible to make bidirectional 
> printer connection using samba? One more question - are there another 
> smb implementations for unix-like operating systems?

If the driver is designed to talk directly to the printer over TCP/IP but 
spool through the Samba server, you will be ok.  However, as someone 
already mentioned, if the driver needs to talk to the printer over a local 
port (USB, LPT, etc...) you are out of luck.





cheers, jerry
=
Alleviating the pain of Windows(tm)  --- http://www.samba.org
GnuPG Key- http://www.plainjoe.org/gpg_public.asc 
"I never saved anything for the swim back." Ethan Hawk in Gattaca
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.2.5 (GNU/Linux)
Comment: For info see http://quantumlab.net/pine_privacy_guard/

iD8DBQFCAaWuIR7qMdg1EfYRAtx5AJ9NtslgZOYe7HjlLEU2mEhJUHgrfwCgzQFT
qF68PGwmOaUgq7dkBWpbiOw=
=8E4B
-END PGP SIGNATURE-
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Removing printer drivers?

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On Wed, 2 Feb 2005, Joe Konecny wrote:

> I have installed windows printer drivers and it worked but now I need to 
> remove several.  I have tried everything I can find but nothing will get 
> rid of them.  Using "remove" from a winxp machine in "server properties" 
> won't work.  It claims they are in use.  I'm not sure what "in use" 
> means.  Nothing is printing and the drivers should be local.  I've tried 
> the rpc client and it gives errors which I cannot post because I'm not 
> near the machine now but I believe it too states something about being 
> in use.  Any tips? 

In use on the server means that they are assigned to a printer.




cheers, jerry
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.2.5 (GNU/Linux)
Comment: For info see http://quantumlab.net/pine_privacy_guard/

iD8DBQFCAaTnIR7qMdg1EfYRAjJ3AJ9YHzoL5uvz4cnthIAvpARjIBHEVwCg2pBs
mfiegyDLzxK8y8dXFS2gCkw=
=Am27
-END PGP SIGNATURE-
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Removing printer drivers?

2005-02-02 Thread Joe Konecny

I have installed windows printer drivers and it worked
but now I need to remove several.  I have tried everything
I can find but nothing will get rid of them.  Using
"remove" from a winxp machine in "server properties"
won't work.  It claims they are in use.  I'm not sure
what "in use" means.  Nothing is printing and the drivers
should be local.  I've tried the rpc client and it gives
errors which I cannot post because I'm not near the
machine now but I believe it too states something about
being in use.  Any tips?
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Re: People with applications needing directories containing large numbers of files.

2005-02-02 Thread Jeremy Allison

On Wed, Feb 02, 2005 at 05:38:19PM -0800, Jeremy Allison wrote:
> 
> So please give this a test if you have problems with
> Samba and large sized directories. Remember this is in SVN code
> only, it isn't in the 3.0.11 pre releases or rc candidates,
> as we need to ensure this new code is correct. If you
> can help me test it it'll be in 3.0.12 (security problems
> notwithstanding :-).

Ok, I'm sorry - I spoke too soon :-(. I have one more fix to
do before this works Sorry for being stupid :-(.

Please ignore the earlier message :-(.

Jeremy.
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] People with applications needing directories containing large numbers of files.

2005-02-02 Thread Jeremy Allison

I've been working (inspired by James Peach of SGI) on the
problem of using Samba3 with applications that need large
numbers of file (100,000 or more) per directory.

I think the current code in SVN in the SAMBA_3_0 branch
may hold the fix for this problem, so I'd like to request
people who need this functionality to give it a try.

The key was fixing the directory handling to read only
the current list requested instead of the old (up to 3.0.11)
behaviour of reading the entire directory into memory before
doling out names. Normally this would have broken OS/2
applications which have *very* strange delete semantics :-),
but by stealing logic from Samba4 (thanks tridge) I think
the current code in SVN handles this correctly.

So here's how to set up an application that needs large
number of files per directory in a way that doesn't damage
performance.

Firstly, you need to canonicalize all the files in the
directory to have one case, upper or lower - take your
pick (I chose upper as all my files were already upper
case names). Then set up a new custom share for the
application as follows :

[bigshare]
path = /home/jeremy/tmp/manyfilesdir
read only = no
default case = upper
preserve case = no
short preserve case = no

Of course, use your own path and settings, but set the
case options to match the case of all the files in your
directory. The path should point at the large directory
needed for the application - any new files created in
there and in any paths under it will be forced by smbd
into upper case - but smbd will no longer have to scan
the directory for names - it knows that if a file doesn't
exist in upper case then it doesn't exist at all.

So please give this a test if you have problems with
Samba and large sized directories. Remember this is in SVN code
only, it isn't in the 3.0.11 pre releases or rc candidates,
as we need to ensure this new code is correct. If you
can help me test it it'll be in 3.0.12 (security problems
notwithstanding :-).

Cheers,

Jeremy.
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Iseries LPAR Virtual Ethernet PDC w/o LDAP

2005-02-02 Thread Larry W Growns

General Configuration:
IBM ISeries Model 520 partitioned using virtual ethernet (One to one NAT is
used for access from internal private network to virtual lan.)
Suse Enterprise (9.0)
Samba 3.X
 
 
Looking for a configuration example that provides a simple Primary Domain
Controller in this small but security conscious office environment?  I have
seen several for a physical ethernet adapter.
 
Reconcile the Linux host/domain settings with smb.conf settings.
A trim efficient approach is desired because of limited processing power in
the Linux partition.
 
 
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Unable to join domain using ldap backend

David,

Get rid of the "Administrator" account. Use the "root" account instead. You 
have ambiguous names that can NOT unambiguously resolve to one identity.

ie: Is uid=0 root or is it Administrator?
Does uid=0 map to the Administrator SID or to some other SID?

Also, use:
net rpc join -S 'PDC_Name' -Uroot%secret

PS: It is best to populate your LDAP directory using:
"smbldap-populate -a root",  not just the default which creates an  
  
"Administrator" account.

- John T.


On Wednesday 02 February 2005 15:11, MONGAN, DAVID (JSC-DV2) (USA) wrote:
> net rpc join
>
> Create of workstation account failed
> User specified does not have administrator privileges
> Unable to join domain BOB
>
>
> I'm logged in as root.
> I setup ldap using the Idealx instructions and latest scripts.
> I can add users  and see the samba server  ie  smbclient -L bob
> -Uroot%secret
> I set the password for the Administrator account and it is also set uid 0.
> I set the secrets.tdb password  smbpasswd -w secret.
> I also have a ldap-secret file.
> I checked the SID for net getlocalsid to the SID's in the ldap database,
> all matched up.
> I tried running net rpc join -Uadministrator%secret
> For simplicity all the passwords I set are the same "secret".
>
> Could someone please explain what the command;
>
>   net rpc join
>
> is trying to authenticate?  Why can't it create a "workstations account"?
> What "administrator privileges" is it looking for?
>
> I am able to join the domain if I don't use the ldap backend.
> What's the magic setting for ldap?
>
> Thanks,
>
> David Mongan

-- 
John H Terpstra
Samba-Team Member
Phone: +1 (650) 580-8668

Author:
The Official Samba-3 HOWTO & Reference Guide, ISBN: 0131453556
Samba-3 by Example, ISBN: 0131472216
Hardening Linux, ISBN: 0072254971
Other books in production.
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Unable to join domain using ldap backend

2005-02-02 Thread MONGAN, DAVID (JSC-DV2) (USA)



net rpc join

Create of workstation account failed
User specified does not have administrator privileges
Unable to join domain BOB


I'm logged in as root.
I setup ldap using the Idealx instructions and latest scripts.
I can add users  and see the samba server  ie  smbclient -L bob
-Uroot%secret
I set the password for the Administrator account and it is also set uid 0.
I set the secrets.tdb password  smbpasswd -w secret.
I also have a ldap-secret file.
I checked the SID for net getlocalsid to the SID's in the ldap database, all
matched up.
I tried running net rpc join -Uadministrator%secret
For simplicity all the passwords I set are the same "secret".

Could someone please explain what the command;

  net rpc join 

is trying to authenticate?  Why can't it create a "workstations account"?
What "administrator privileges" is it looking for?

I am able to join the domain if I don't use the ldap backend.
What's the magic setting for ldap?

Thanks,

David Mongan
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] access to all home directories for all users

2005-02-02 Thread Thomas Kreft

Thanks to Matthew and Sabine for their suggestions, which sadly are not 
solving my problem :). After some more reading and learning I've come up 
with another way which I'll describe below for those who are interested.

I skipped the idea of extensive read & write list parameters in the 
smb.conf and now handle almost everything with standard unix 
permissions, particularly by using the sgid bit on directories (which I 
never used before -- shame on me). In addition to the [homes] service I 
made a service called [users] which serves as a place for symlinks to 
the desired home directories. By mounting this share, my user "tim" can 
see the homes of joe, kate and himself, and can read (and write, if he 
is in the group "kate" resp. "joe").

My smb.conf:
[homes]
valid users = @users
write list = @%g
read only = No
inherit acls = Yes
browseable = No
create mask = 0664
force create mode = 020
directory mask = 0775
force directory mode = 020
[users]
path = /home/server/userlinks
valid users = @users
read only = no
create mask = 0664
force create mode = 020
directory mask = 0775
force directory mode = 020
# ls -l /home | grep joe
drwxrwsr-x   4 joejoe152 Feb  2 16:56 joe
# ls -l joe/
drwxrwsr-x   5 joejoe176 Feb  2 21:26 .
drwxr-xr-x  18 root   root   424 Feb  2 21:26 ..
drwx--   2 joeroot   136 Feb  2 14:36 secret
drwxr-sr-x   2 root   joe 48 Feb  2 21:26 test
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Creating mandatory profiles (not making profiles mandatory)

> Yes indeed that should have the same effect. As far as I can see I can
> test it with a smaller user group whom I give a "profilePath=" in their
> ldap-entry(?). So that would not be too dangerous.

That is the way to do it.

- John T.
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] samba 2 smbpasswd + ldap - not binding properly (solved)

2005-02-02 Thread Tyler R. Retzlaff

On Wednesday 02 February 2005 23:51, you wrote:

It looks like the new day has given me a fresh outlook.  I foolishly neglected 
the fact that the defaults in my test environment were using non-ssl.  Since 
samba defaults ldap port to 636 this was why I was never seeing the 
connections.  Works perfect if you try to connect to a service on the correct 
port amazing!

Thanks Bruno.

> Best Regards,
> Bruno Guerreiro
>

-- 
Tyler R. Retzlaff <[EMAIL PROTECTED]>
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Creating mandatory profiles (not making profiles mandatory)

2005-02-02 Thread "M. Müller"

John H Terpstra schrieb:
On Wednesday 02 February 2005 08:58, "M. Müller" wrote:
 

Thanks a lot Ilia!
We have 200 PC and nearly all have a reborn-card or such, which prevents
any lokal changes, so local copies of profiles do not exist. Users log
in very often to different Computers and need to have a defined
environment i.e. an available profile. I already use a "default
user"-profile and redirected folders (thanks John, the book helped a
lot). Nevertheless I feel that I cannot rely on the profiles' integrety
once a user had a chance to modify it. Making a registry copy is a good
tip, i will use that, at least for some users. But rather than backing
up I would very much appreciate to set up a defined profile for each
user. I think it would make life a lot easier for me (and the users).
   

The last time I tried to create a "Default User" profile that was set as a 
mandatory profile the Windows client could not handle this on login. You can 
of course use a normal "Default User" profile that has folder redirection, 
set the client to delete cached profiles on logout, and NOT have a profile 
share. This means that every user will get a fresh profile on login every 
time.

- John T.
 

Yes indeed that should have the same effect. As far as I can see I can 
test it with a smaller user group whom I give a "profilePath=" in their 
ldap-entry(?). So that would not be too dangerous.

Thanks a lot,
Malte Mueller
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Removing Everyone Can Print Permission

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On Wed, 2 Feb 2005, Adam Tauno Williams wrote:

> I can navigate to a printer on our print server and right click, go the
> securities tab, click "Advanced", select the 'Allow\Everyone\Print' line
> and click "Remove".  It goes away, without errors.  If I click apply it
> comes right back (gr).
> 
> Can one set ACLs on printer queues (cups backend)?  I'm almost 99%
> certain I've done this in the past.
> 
> samba-3.0.11rc1 (updated from samba-3.0.10 last night).

Close the property dialog and reopen it after hitting apply.
We don't implement the change notify event for security descriptors
on printers IIRC.




cheers,jerry
=
Alleviating the pain of Windows(tm)  --- http://www.samba.org
GnuPG Key- http://www.plainjoe.org/gpg_public.asc 
"I never saved anything for the swim back." Ethan Hawk in Gattaca
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.2.5 (GNU/Linux)
Comment: For info see http://quantumlab.net/pine_privacy_guard/

iD8DBQFCASfTIR7qMdg1EfYRAhPpAJ4knwmdvJ8TaoV0L5YclvwBPjzm3gCfcr9p
tmn1Sm5obRcr2yXjExg6Mb8=
=OzDu
-END PGP SIGNATURE-
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Printing from Unix to unix

2005-02-02 Thread Fábio Soares

Hi, 

I'm wondering how can I print from UNIX to a UNIX shared printer.
can anyone help me?
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] samba 2 smbpasswd + ldap - not binding properly

2005-02-02 Thread Tyler R. Retzlaff

On Wednesday 02 February 2005 23:51, you wrote:
> Hi,
> The problem isn't the authentication, as the server can't even connect to
> the LDAP server to try to authenticate.

Seems reasonable that this is actually the problem, though I still haven't 
been able to get things working.  

> Is your passdb backend correctly defined?

I checked the documentation on this, passdb backend seems to be a samba 3 
parameter only.  Since I'm using samba 2.x no joy.

Other suggestions?

>
> Best Regards,
> Bruno Guerreiro

Thanks

-- 
Tyler R. Retzlaff <[EMAIL PROTECTED]>
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] 16-bit application

2005-02-02 Thread Spike Burkhardt

  I've got a really weird problem.  A user is running a 16-bit
application called Jetform V2.2, originally from Delrina but now
supported by Adobe.  The user is storing the data files on their local
disk but the forms sit on a samba share.  We have moved the data files
to samba as well and this is where the weirdness comes in.  When the
application tries to open a file it brings down a pulldown list and in
the list is the DOS filename.  When the files were local the names
listed were the Windows filenames.  The same behavior is shown when the
data files are on a Novell volume so it seems like it's not a Samba
issue.  Does anyone have a clue on how to get the Windows filename to be
listed?  Thanks for the help.

spike
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] iPlanet Bug and PDC Problem

2005-02-02 Thread rhill

Josh,

Did you ever get an answer about the Samba problem ... 
smbd/sec_ctx.c:initialise_groups(247)
  This is probably a problem with the account \nobody

Thanks,

Rick

Hey Guys,

Ok, I've got a 2.2.9pre3 Samba box compilied with LDAP. I had to use 
2.2.9cvs cause 2.2.8a has some bug with iPlanet that doesn't allow it 
to compilie properly Anyway, I've got a 2.2.8 box setup with:

security = server
password server = mirage (the 2.2.9 Solaris box)

so when I try to loggin to the domain that the 2.2.8 box serves I get 
an error saying the username/password pair doesn't exist... Its like 
its not even talking to the 2.2.9 box... Here is the log with level 
2... Any ideas? Also, I'd apprecite a reply with a CC directed to me so 
I don't miss the reply in all the other threads... Thanks ever one!
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Removing Everyone Can Print Permission

2005-02-02 Thread Adam Tauno Williams

I can navigate to a printer on our print server and right click, go the
securities tab, click "Advanced", select the 'Allow\Everyone\Print' line
and click "Remove".  It goes away, without errors.  If I click apply it
comes right back (gr).

Can one set ACLs on printer queues (cups backend)?  I'm almost 99%
certain I've done this in the past.

samba-3.0.11rc1 (updated from samba-3.0.10 last night).

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] File Tranfer limits, if any?

On Wednesday 02 February 2005 09:12, Garies, Alan wrote:
> Are there any limits to the size of a file that can be sent to a SAMBA
> server?

How are you "sending" the file?

>
>
>
> I ask, because a year or so ago, I was using a SAMBA device to store
> data files from a Windowz system that were larger than 2 GIG.
>
> The Windows system came back saying that the drive was full.  A check of
> the space on the SAMBA location said 30 GIG was open.
>
> The same 2 GIG file between 2 Windows boxes did work.

What Linux kernel are you using? What version of Samba?

- John T.
-- 
John H Terpstra
Samba-Team Member
Phone: +1 (650) 580-8668

Author:
The Official Samba-3 HOWTO & Reference Guide, ISBN: 0131453556
Samba-3 by Example, ISBN: 0131472216
Hardening Linux, ISBN: 0072254971
Other books in production.

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Creating mandatory profiles (not making profiles mandatory)

On Wednesday 02 February 2005 08:58, "M. Müller" wrote:
> Thanks a lot Ilia!
>
> We have 200 PC and nearly all have a reborn-card or such, which prevents
> any lokal changes, so local copies of profiles do not exist. Users log
> in very often to different Computers and need to have a defined
> environment i.e. an available profile. I already use a "default
> user"-profile and redirected folders (thanks John, the book helped a
> lot). Nevertheless I feel that I cannot rely on the profiles' integrety
> once a user had a chance to modify it. Making a registry copy is a good
> tip, i will use that, at least for some users. But rather than backing
> up I would very much appreciate to set up a defined profile for each
> user. I think it would make life a lot easier for me (and the users).

The last time I tried to create a "Default User" profile that was set as a 
mandatory profile the Windows client could not handle this on login. You can 
of course use a normal "Default User" profile that has folder redirection, 
set the client to delete cached profiles on logout, and NOT have a profile 
share. This means that every user will get a fresh profile on login every 
time.

- John T.
-- 
John H Terpstra
Samba-Team Member
Phone: +1 (650) 580-8668

Author:
The Official Samba-3 HOWTO & Reference Guide, ISBN: 0131453556
Samba-3 by Example, ISBN: 0131472216
Hardening Linux, ISBN: 0072254971
Other books in production.

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Creating mandatory profiles (not making profiles mandatory)

On Wednesday 02 February 2005 08:58, "M. Müller" wrote:
> Thanks a lot Ilia!
>
> We have 200 PC and nearly all have a reborn-card or such, which prevents
> any lokal changes, so local copies of profiles do not exist. Users log
> in very often to different Computers and need to have a defined
> environment i.e. an available profile. I already use a "default
> user"-profile and redirected folders (thanks John, the book helped a
> lot). Nevertheless I feel that I cannot rely on the profiles' integrety
> once a user had a chance to modify it. Making a registry copy is a good
> tip, i will use that, at least for some users. But rather than backing
> up I would very much appreciate to set up a defined profile for each
> user. I think it would make life a lot easier for me (and the users).

The last time I tried to create a "Default User" profile that was set as a 
mandatory profile the Windows client could not handle this on login. You can 
of course use a normal "Default User" profile that has folder redirection, 
set the client to delete cached profiles on logout, and NOT have a profile 
share. This means that every user will get a fresh profile on login every 
time.

- John T.
-- 
John H Terpstra
Samba-Team Member
Phone: +1 (650) 580-8668

Author:
The Official Samba-3 HOWTO & Reference Guide, ISBN: 0131453556
Samba-3 by Example, ISBN: 0131472216
Hardening Linux, ISBN: 0072254971
Other books in production.
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] File Tranfer limits, if any?

On Wednesday 02 February 2005 09:12, Garies, Alan wrote:
> Are there any limits to the size of a file that can be sent to a SAMBA
> server?

How are you "sending" the file?

>
>
>
> I ask, because a year or so ago, I was using a SAMBA device to store
> data files from a Windowz system that were larger than 2 GIG.
>
> The Windows system came back saying that the drive was full.  A check of
> the space on the SAMBA location said 30 GIG was open.
>
> The same 2 GIG file between 2 Windows boxes did work.

What Linux kernel are you using? What version of Samba?

- John T.
-- 
John H Terpstra
Samba-Team Member
Phone: +1 (650) 580-8668

Author:
The Official Samba-3 HOWTO & Reference Guide, ISBN: 0131453556
Samba-3 by Example, ISBN: 0131472216
Hardening Linux, ISBN: 0072254971
Other books in production.
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Still no browse list and no help!

2005-02-02 Thread Tom Skeren

Marvin Bonilla wrote:
Unable to resolve my problem after long time of reading and searching I decide to ask for help to the experts. The problems is that there is no browse list even thought everything works fine. I can share files with others machines but don't see anything on network neighborhood. We use the OpenBSD 3.6 box with Samba 2.2 only for DNS and Wins.
Please Help!

Are you using static IP's on the win boxes, or DHCP? If you are using
DHCP, what DHCP server are you using? The reason I ask is that you need
to have the Win boxes point to the Samba wins server for browsing to
work right. It also helps to make sure the workgroup on the Win boxes is
the same as the workgroup name in smb.conf.

Here is my smb.conf file.
# This is the main Samba configuration file. You should read the
#=== Global Settings
[global]
##
## Basic Server Settings
##
# workgroup = NT-Domain-Name or Workgroup-Name, eg: REDHAT4
workgroup = TVGBCAST
netbios name = laxbcastdns01
# server string is the equivalent of the NT Description field
server string =

# This option is important for security. It allows you to restrict
# connections to machines which are on your local network. The
# following example restricts access to two C class networks and
# the "loopback" interface. For more examples of the syntax see
# the smb.conf man page
hosts allow = 10. 127.0.0.1
# Uncomment this if you want a guest account, you must add this to
/etc/passwd
# otherwise the user "nobody" is used
guest account = pcguest
# this tells Samba to use a separate log file for each machine
# that connects
# log file = /var/log/smbd.%m
# How much information do you want to see in the logs?
# default is only to log critical messages
; log level = 1
# Put a capping on the size of the log files (in Kb).
max log size = 550
# Security mode. Most people will want user level security. See
# security_level.txt for details.
security = user
# Using the following line enables you to customise your configuration
# on a per machine basis. The %m gets replaced with the netbios name # of the
machine that is connecting.
# Note: Consider carefully the location in the configuration file of
# this line. The included file is read at that point.
; include = /etc/samba/smb.conf.%m
# Most people will find that this option gives better performance.
# See speed.txt and the manual pages for details
# You may want to add the following on a Linux system:
# SO_RCVBUF?92 SO_SNDBUF?92
; socket options = TCP_NODELAY
# Configure Samba to use multiple interfaces
# If you have multiple network interfaces and want to limit smbd will #
use, list the ones desired here. Otherwise smbd & nmbd will bind to all #
active interfaces on the system. See the man page for details.
# interfaces = 10.4.100.2/24 10.3.100.2/24 10.7.50.1
# Should smbd report that it has MS-DFS Capabilities? Only available
# if-with-msdfs was passed to ./configure
; host msdfs = yes
##
## Network Browsing
##
# set local master to no if you don't want Samba to become a
master
# browser on your network. Otherwise the normal election rules
apply
local master = yes
# OS Level determines the precedence of this server in master browser
# elections. The default value (20) should be reasonable
os level = 65
# Domain Master specifies Samba to be the Domain Master
Browser. This
# allows Samba to collate browse lists between subnets. Don't
use this
# if you already have a Windows NT domain controller doing this
job
domain master = yes
# Preferred Master causes Samba to force a local browser election on
startup
# and gives it a slightly higher chance of winning the election
preferred master = yes
browse list = yes
##
## WINS & Name Resolution
##
# If you have multiple network interfaces and want to limit smbd will #
use, list the ones desired here. Otherwise smbd & nmbd will bind to all #
active interfaces on the system. See the man page for details.
# interfaces = 10.4.100.2/24 10.3.100.2/24 10.7.50.1
# Should smbd report that it has MS-DFS Capabilities? Only available
# if-with-msdfs was passed to ./configure
; host msdfs = yes
##
## Network Browsing
##
# set local master to no if you don't want Samba to become a
master
# browser on your network. Otherwise the normal election rules
apply
local master = yes
# OS Level determines the precedence of this server in master browser
#

Re: [Samba] Still no browse list and no help!

2005-02-02 Thread Aaron J. Zirbes

It looks like you have a bit of redundancy in your smb.conf, but other 
that that, seems OK.

I have a question for you:
Have you either:
a) hard-coded your WINS server IP (samba machine) into your windows clients?
b) setup your DHCP options to set your WINS server to your Samba 
Server's IP address.

The easy way to check this is to run
ipconfig /all
from your windows clients, and see if the line:
Primary WINS Server . . . . . . . : www.xxx.yyy.zzz
points to your Samba WINS server.
If it does not, therein lies your problem and solution
Enjoy!
Marvin Bonilla wrote:
Unable to resolve my problem after long time of reading and searching I decide 
to ask for help to the experts. The problems is that  there is no browse list 
even thought everything works fine. I can share files with others machines but 
don't see anything on network neighborhood. We use the OpenBSD 3.6 box with 
Samba 2.2 only for DNS and Wins.
Please Help!
Here is my smb.conf file.
workgroup = TVGBCAST
netbios name = laxbcastdns01
hosts allow = 10. 127.0.0.1
guest account = pcguest
max log size = 550
security = user
os level = 65
local master = yes
domain master = yes
preferred master = yes
browse list = yes
wins support = yes
remote announce = yes
announce as = NT Server
--
Aaron Zirbes
Systems Administrator
Environmental Health Sciences
University of Minnesota
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Still no browse list and no help!

2005-02-02 Thread Craig White

you can keep asking but the answer will always be the same - to browse
the network, you will want a wins server.

either this system...
wins support = yes

or another WinNT type server
wins server = ip_address_of_wins_server

and of course, the windows machines should have the ip address set for
the wins server that is operational - either manually or through dhcp

also - it helps to trim all the comments out of an smb.conf - either
manually (the hard way) or by using 
'testparm -s > /tmp/smb.conf.no.comments'
or
'testparm -sv > /tmp/smb.conf.no.comments.all.attributes

Craig

On Wed, 2005-02-02 at 10:28 -0800, Marvin Bonilla wrote:
> Unable to resolve my problem after long time of reading and searching I 
> decide to ask for help to the experts. The problems is that  there is no 
> browse list even thought everything works fine. I can share files with others 
> machines but don't see anything on network neighborhood. We use the OpenBSD 
> 3.6 box with Samba 2.2 only for DNS and Wins.
> Please Help!
> 
> Here is my smb.conf file.
> 
> # This is the main Samba configuration file. You should read the
> 
> #=== Global Settings  
> [global]
> 
> ##
> ## Basic Server Settings
> ##
> 
>   # workgroup = NT-Domain-Name or Workgroup-Name, eg: REDHAT4
>   workgroup = TVGBCAST
>   netbios name = laxbcastdns01
> 
>   # server string is the equivalent of the NT Description field
>   server string = 
> 
>   # This option is important for security. It allows you to restrict
>   # connections to machines which are on your local network. The
>   # following example restricts access to two C class networks and
>   # the "loopback" interface. For more examples of the syntax see
>   # the smb.conf man page
>   hosts allow = 10. 127.0.0.1
> 
>   # Uncomment this if you want a guest account, you must add this to 
> /etc/passwd
>   # otherwise the user "nobody" is used
>   guest account = pcguest
> 
>   # this tells Samba to use a separate log file for each machine
>   # that connects
>   # log file = /var/log/smbd.%m
> 
>   # How much information do you want to see in the logs?
>   # default is only to log critical messages
>   ; log level = 1
> 
>   # Put a capping on the size of the log files (in Kb).
>   max log size = 550
> 
>   # Security mode. Most people will want user level security. See
>   # security_level.txt for details.
>   security = user
> 
>   # Using the following line enables you to customise your configuration 
> # on a per machine basis. The %m gets replaced with the netbios name # of the 
> machine that is connecting.
>   # Note: Consider carefully the location in the configuration file of
> #   this line.  The included file is read at that point.
> ;   include = /etc/samba/smb.conf.%m
> 
> # Most people will find that this option gives better performance.
> # See speed.txt and the manual pages for details
> # You may want to add the following on a Linux system:
> # SO_RCVBUF92 SO_SNDBUF92
>   ; socket options = TCP_NODELAY
>   # Configure Samba to use multiple interfaces
>   # If you have multiple network interfaces and want to limit smbd will # 
> use, list the ones desired here.  Otherwise smbd & nmbd will bind to all # 
> active interfaces on the system.  See the man page for details.
>   # interfaces = 10.4.100.2/24 10.3.100.2/24 10.7.50.1
>   # Should smbd report that it has MS-DFS Capabilities? Only available
>   # if-with-msdfs was passed to ./configure
>   ; host msdfs = yes
> 
> ##
> ## Network Browsing
> ##
>   # set local master to no if you don't want Samba to become a 
> master
>   # browser on your network. Otherwise the normal election rules 
> apply
>   local master = yes
>   # OS Level determines the precedence of this server in master browser
>   # elections. The default value (20) should be reasonable
>   os level = 65
> 
>   # Domain Master specifies Samba to be the Domain Master 
> Browser. This
>   # allows Samba to collate browse lists between subnets. Don't 
> use this
>   # if you already have a Windows NT domain controller doing this 
> job
>   domain master = yes
>   # Preferred Master causes Samba to force a local browser election on 
> startup
>   # and gives it a slightly higher chance of winning the election
>   preferred master = yes
>   browse list = yes
> 
> ##
> ## WINS & Name Resolution
> ##
>   # If you have multiple network interfaces and want to limit smbd will # 
> use, list the ones desired here.  Otherwise smbd & nmbd will bind to all # 
> active interfaces on the system.  See the man page for details.
>   # interfaces = 10.4.100.2/24 10.3.100.2/24 10.7.50.1
>   # Should smbd report that it has M

[Samba] Still no browse list and no help!

2005-02-02 Thread Marvin Bonilla

Unable to resolve my problem after long time of reading and searching I decide 
to ask for help to the experts. The problems is that  there is no browse list 
even thought everything works fine. I can share files with others machines but 
don't see anything on network neighborhood. We use the OpenBSD 3.6 box with 
Samba 2.2 only for DNS and Wins.
Please Help!

Here is my smb.conf file.

# This is the main Samba configuration file. You should read the

#=== Global Settings  
[global]

##
## Basic Server Settings
##

# workgroup = NT-Domain-Name or Workgroup-Name, eg: REDHAT4
workgroup = TVGBCAST
netbios name = laxbcastdns01

# server string is the equivalent of the NT Description field
server string = 

# This option is important for security. It allows you to restrict
# connections to machines which are on your local network. The
# following example restricts access to two C class networks and
# the "loopback" interface. For more examples of the syntax see
# the smb.conf man page
hosts allow = 10. 127.0.0.1

# Uncomment this if you want a guest account, you must add this to 
/etc/passwd
# otherwise the user "nobody" is used
guest account = pcguest

# this tells Samba to use a separate log file for each machine
# that connects
# log file = /var/log/smbd.%m

# How much information do you want to see in the logs?
# default is only to log critical messages
; log level = 1

# Put a capping on the size of the log files (in Kb).
max log size = 550

# Security mode. Most people will want user level security. See
# security_level.txt for details.
security = user

# Using the following line enables you to customise your configuration 
# on a per machine basis. The %m gets replaced with the netbios name # of the 
machine that is connecting.
# Note: Consider carefully the location in the configuration file of
#   this line.  The included file is read at that point.
;   include = /etc/samba/smb.conf.%m

# Most people will find that this option gives better performance.
# See speed.txt and the manual pages for details
# You may want to add the following on a Linux system:
# SO_RCVBUF92 SO_SNDBUF92
; socket options = TCP_NODELAY
# Configure Samba to use multiple interfaces
# If you have multiple network interfaces and want to limit smbd will # 
use, list the ones desired here.  Otherwise smbd & nmbd will bind to all # 
active interfaces on the system.  See the man page for details.
# interfaces = 10.4.100.2/24 10.3.100.2/24 10.7.50.1
# Should smbd report that it has MS-DFS Capabilities? Only available
# if-with-msdfs was passed to ./configure
; host msdfs = yes

##
## Network Browsing
##
# set local master to no if you don't want Samba to become a 
master
# browser on your network. Otherwise the normal election rules 
apply
local master = yes
# OS Level determines the precedence of this server in master browser
# elections. The default value (20) should be reasonable
os level = 65

# Domain Master specifies Samba to be the Domain Master 
Browser. This
# allows Samba to collate browse lists between subnets. Don't 
use this
# if you already have a Windows NT domain controller doing this 
job
domain master = yes
# Preferred Master causes Samba to force a local browser election on 
startup
# and gives it a slightly higher chance of winning the election
preferred master = yes
browse list = yes

##
## WINS & Name Resolution
##
# If you have multiple network interfaces and want to limit smbd will # 
use, list the ones desired here.  Otherwise smbd & nmbd will bind to all # 
active interfaces on the system.  See the man page for details.
# interfaces = 10.4.100.2/24 10.3.100.2/24 10.7.50.1
# Should smbd report that it has MS-DFS Capabilities? Only available
# if-with-msdfs was passed to ./configure
; host msdfs = yes

##
## Network Browsing
##
# set local master to no if you don't want Samba to become a 
master
# browser on your network. Otherwise the normal election rules 
apply
local master = yes
# OS Level determines the precedence of this server in master browser
# elections. The default value (20) should be reasonable
os level = 65

# Domain Master specifies Samba to be the Domain Master 
Browser. This
# allows Samba to collate browse lists between subnets. Don't 
use this
# if you already have a Windows NT domain contr

Re: [Samba] Oplock errors in 2.2.8a

2005-02-02 Thread Jeremy Allison

On Wed, Feb 02, 2005 at 12:41:34PM -0500, Verlezza, Domenic wrote:
> Hi,
>  
> We are having connection timeout issues in Excel and Word.  Was this an
> issue that was resolved in post 3.0 versions?  We are running 2.2.8a.
>  
> Below is the samba log file and I have attached a netmon output.
>  
> Thanks,
> Domenic
>  
>  
> [2005/01/24 09:13:48, 0] smbd/oplock.c:oplock_break(797)
>   oplock_break: receive_smb timed out after 30 seconds.
>   oplock_break failed for file lotus/data/WeightedAverageFunction.xla
> (dev = 3996f31, inode = 66801, file_id = 197).
> [2005/01/24 09:13:48, 0] smbd/oplock.c:oplock_break(869)
>   oplock_break: client failure in oplock break in file
> lotus/data/WeightedAverageFunction.xla

This was an issue I fixed in the 3.x code w.r.t. 1 second deferred
closes, so I'd definately upgrade. However, many oplock bugs are
actually network hardware problems.

Jeremy.
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Modifying SWAT views for general users

2005-02-02 Thread Deryck Hodge

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Roy P Costa wrote:
| I'm looking at having my general Samba users change their own
passwords on
| my Linux server using SWAT.  Is there a way that I can have them have
| access to the password changing view and not be able to see the
| configuration and status information.  Is there an easy way for those
| "button" to not appear on the web page?
|
|
| Roy Costa
| roycosta at us.ibm.com
|
|
I've just committed the attached patch to SVN.  It adds a '-P'
command-line option to SWAT.  Running swat -P will now do what you asked
about above -- only show the "Password" menu to read-only users.  Please
test it, and let us know if it works out for you.  Cheers,
deryck
- --
Deryck Hodgehttp://www.devurandom.org/
Auburn University Libraries http://www.lib.auburn.edu/
Samba Team  http://www.samba.org/
I am flawed but I am cleaning up so well.
- --Dashboard Confessional, from "Vindicated"(2004)
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.2.4 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
iD8DBQFCARjn4glRK0DaE8gRAnA0AJ9kJD5ypPISeNc7XNtdUufkDVYKcACgow9Y
ztvJGe2eqhkDJ3Jt2msvRRk=
=5WaD
-END PGP SIGNATURE-
Index: source/web/swat.c
===
--- source/web/swat.c   (revision 5172)
+++ source/web/swat.c   (working copy)
@@ -32,6 +32,7 @@
 #include "web/swat_proto.h"
 
 static BOOL demo_mode = False;
+static BOOL passwd_only = False;
 static BOOL have_write_access = False;
 static BOOL have_read_access = False;
 static int iNumNonAutoPrintServices = 0;
@@ -530,7 +531,8 @@
image_link(_("Printers"), "printers", "images/printers.gif");
image_link(_("Wizard"), "wizard", "images/wizard.gif");
}
-   if (have_read_access) {
+   /* root always gets all buttons, otherwise look for -P */
+   if ( have_write_access || (!passwd_only && have_read_access) ) {
image_link(_("Status"), "status", "images/status.gif");
image_link(_("View Config"), "viewconfig", 
"images/viewconfig.gif");
}
@@ -1315,6 +1317,7 @@
struct poptOption long_options[] = {
POPT_AUTOHELP
{ "disable-authentication", 'a', POPT_ARG_VAL, &demo_mode, 
True, "Disable authentication (demo mode)" },
+{ "password-menu-only", 'P', POPT_ARG_VAL, &passwd_only, True, "Show 
only change password menu" }, 
POPT_COMMON_SAMBA
POPT_TABLEEND
};
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Oplock errors in 2.2.8a

2005-02-02 Thread Verlezza, Domenic

Hi,
 
We are having connection timeout issues in Excel and Word.  Was this an
issue that was resolved in post 3.0 versions?  We are running 2.2.8a.
 
Below is the samba log file and I have attached a netmon output.
 
Thanks,
Domenic
 
 
[2005/01/24 09:13:48, 0] smbd/oplock.c:oplock_break(797)
  oplock_break: receive_smb timed out after 30 seconds.
  oplock_break failed for file lotus/data/WeightedAverageFunction.xla
(dev = 3996f31, inode = 66801, file_id = 197).
[2005/01/24 09:13:48, 0] smbd/oplock.c:oplock_break(869)
  oplock_break: client failure in oplock break in file
lotus/data/WeightedAverageFunction.xla



**
This message, including any attachments, contains confidential information 
intended for a specific individual and purpose, and is protected by law.  If 
you are not the intended recipient, please contact sender immediately by reply 
e-mail and destroy all copies.  You are hereby notified that any disclosure, 
copying, or distribution of this message, or the taking of any action based on 
it, is strictly prohibited.
TIAA-CREF
**

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] stumped, security = domain FAILS for NTLMv2 only

2005-02-02 Thread Aaron J. Zirbes

I have a Samba only domain (Samba PDC, Samba Member Servers) where 
security = domain.

Versions are all 3.0.10
compiled with --enable-cups --with-utmp --with-acl-support
Backend is tdbsam
All smb.confs have the following:
...
pdc: security = user
members: security = domain
...
restrict anonymous = 2
encrypt passwords = yes
lanman auth = no
ntlm auth = no
client ntlmv2 auth = yes 

client schannel = yes
server schannel = yes
client signing = auto
server signing = auto
...
Domain controller works like a charm, all Windows2000/XP clients are 
locked down the same schannel=yes,ntlmv2 only,restrict anon=2.  All 
clients can auth through each other (I can view shares on other 
workstations)

net rpc testjoin returns "OK" from all samba-3.0.10 members
attempts to connect to samba-3.0.10 member server fail with
  session setup failed: NT_STATUS_LOGON_FAILURE
unix accounts exists for domain members.
winbindd is up and running on members as auth only (no account creation)
attempts to connect to windows members succeed.
If security = user is used on members, and a smbpasswd -a command is 
issued to assign the samba password on members (which makes the 
membership useless), connection attempts succeed.

Logs on the Samba member server [RHEL] look like this:
[2005/02/02 10:26:59, 10] auth/auth_util.c:make_user_info(201)
  made an encrypted user_info for myuser (myuser)
[2005/02/02 10:26:59, 3] auth/auth.c:check_ntlm_password(219)
  check_ntlm_password:  Checking password for unmapped user 
[EMAIL PROTECTED] with the new password interface
[2005/02/02 10:26:59, 3] auth/auth.c:check_ntlm_password(222)
  check_ntlm_password:  mapped user is: [EMAIL PROTECTED]
[2005/02/02 10:26:59, 10] auth/auth.c:check_ntlm_password(231)
  check_ntlm_password: auth_context challenge created by random
[2005/02/02 10:26:59, 10] auth/auth.c:check_ntlm_password(233)
  challenge is:
[2005/02/02 10:26:59, 10] auth/auth.c:check_ntlm_password(259)
  check_ntlm_password: guest had nothing to say
[2005/02/02 10:26:59, 6] auth/auth_sam.c:check_samstrict_security(358)
  check_samstrict_security: MYDOMAIN is not one of my local names 
(ROLE_DOMAIN_MEMBER)
[2005/02/02 10:26:59, 10] auth/auth.c:check_ntlm_password(259)
  check_ntlm_password: sam had nothing to say
[2005/02/02 10:26:59, 5] auth/auth.c:check_ntlm_password(271)
  check_ntlm_password: winbind authentication for user [myuser] FAILED 
with error NT_STATUS_WRONG_PASSWORD
[2005/02/02 10:26:59, 2] auth/auth.c:check_ntlm_password(312)
  check_ntlm_password:  Authentication for user [myuser] -> [myuser] 
FAILED with error NT_STATUS_WRONG_PASSWORD

Logs on the domain controller [FreeBSD] look like this:
[2005/02/02 10:26:59, 3] auth/auth.c:check_ntlm_password(219)
  check_ntlm_password:  Checking password for unmapped user 
[EMAIL PROTECTED] with the new password interface
[2005/02/02 10:26:59, 3] auth/auth.c:check_ntlm_password(222)
  check_ntlm_password:  mapped user is: [EMAIL PROTECTED]
[2005/02/02 10:26:59, 4] libsmb/ntlm_check.c:ntlm_password_check(288)
  ntlm_password_check: Checking NTLMv2 password with domain [MYDOMAIN]
[2005/02/02 10:26:59, 4] libsmb/ntlm_check.c:ntlm_password_check(298)
  ntlm_password_check: Checking NTLMv2 password with uppercased version 
of domain [MYDOMAIN]
[2005/02/02 10:26:59, 4] libsmb/ntlm_check.c:ntlm_password_check(308)
  ntlm_password_check: Checking NTLMv2 password without a domain
[2005/02/02 10:26:59, 3] libsmb/ntlm_check.c:ntlm_password_check(317)
  ntlm_password_check: NTLMv2 password check failed
[2005/02/02 10:26:59, 5] auth/auth.c:check_ntlm_password(271)
  check_ntlm_password: sam authentication for user [myuser] FAILED with 
error NT_STATUS_WRONG_PASSWORD
[2005/02/02 10:26:59, 3] auth/auth_winbind.c:check_winbind_security(80)
  check_winbind_security: Not using winbind, requested domain 
[MYDOMAIN] was for this SAM.
[2005/02/02 10:26:59, 2] auth/auth.c:check_ntlm_password(312)
  check_ntlm_password:  Authentication for user [myuser] -> [myuser] 
FAILED with error NT_STATUS_WRONG_PASSWORD

I am stumped.
Is a tdbsam backend unsupported for security = domain?
(not stated in docs)
Do I have to move to an LDAP backend?  Although this is not noted in any 
documentation I have found.

Side note:
I noticed that even though I am setting auth to NTLMv2 ONLY, the 
password databases are still storing the LANMAN hashes... is there a 
reason for this?

--
Aaron Zirbes
Systems Administrator
Environmental Health Sciences
University of Minnesota
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] libiconv.so.2 is not found in archive

2005-02-02 Thread Neil Loffhagen

Hi,

Have just spend the afternoon browsing and trying to find the solution to
this error.  We are running AIX 4.3.3, release 10.  I'm trying to get Samba
up and running.  It seems to install okay using smitty, at least all the
directories appear with the various samba files in them.  Though no smb.conf
is created.  I thought a default one would be created?  I'm coming from a
mainly Linux background where that happens.  Maybe Unix is slightly
different?

Anyway when I try to run anything related to samba get the following error:

exec(): 0509-036 Cannot load program ./testparm because of the following
errors:
0509-150   Dependent module /usr/lib/libiconv.a(libiconv.so.2) could
not be loaded.
0509-152   Member libiconv.so.2 is not found in archive

I've found several mails and newsgroup posts about this, but with no real
solution.

Is there a way round this?

Thanks,

Neil.

http://www.bbc.co.uk/

This e-mail (and any attachments) is confidential and may contain
personal views which are not the views of the BBC unless specifically
stated.
If you have received it in error, please delete it from your system. 
Do not use, copy or disclose the information in any way nor act in
reliance on it and notify the sender immediately. Please note that the
BBC monitors e-mails sent or received. 
Further communication will signify your consent to this.
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] File Tranfer limits, if any?

2005-02-02 Thread Robert Schetterer

Hi, this behavior is not really samba related, i guess youre using ext2 
on the samba host system,
there should be no problem if you use ext3 which has no 2GB limtitation
Regards

Garies, Alan schrieb:
Are there any limits to the size of a file that can be sent to a SAMBA
server?

I ask, because a year or so ago, I was using a SAMBA device to store
data files from a Windowz system that were larger than 2 GIG.
The Windows system came back saying that the drive was full.  A check of
the space on the SAMBA location said 30 GIG was open.
The same 2 GIG file between 2 Windows boxes did work.

Thanks for your help.
--alan
 

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Printing problems

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On Wed, 2 Feb 2005, Josh Kelley wrote:

> A couple of questions, keeping in mind that I know little about the SMB 
> protocol or Samba's internals:  If I'm reading the source code and the 
> log messages correctly, these are policy handles (policy handles on 
> pipes?).  Are those the same thing as printer handles?  The limit on 
> policy handles in 3.0.9 is apparently 1024, not 256.

Yes a policy handle is basically the same thing as a printer handle.
It's a different limit for printer handles:

rpc_server/srv_pipe_hnd.c:#define MAX_OPEN_SPOOLSS_PIPES 256

> Another oddity:  We'd been getting hundreds or thousands of these error 
> messages each day, then our server crashed yesterday morning for 
> as-yet-undetermined reasons.  Since the reboot, I've been seeing neither 
> the "old print jobs aren't cleared" bug nor the "too many handles" 
> messages.

hmm...bad tdb somewhere ?  ANy error messages about that ?





cheers, jerry
=
Alleviating the pain of Windows(tm)  --- http://www.samba.org
GnuPG Key- http://www.plainjoe.org/gpg_public.asc 
"I never saved anything for the swim back." Ethan Hawk in Gattaca
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.2.5 (GNU/Linux)
Comment: For info see http://quantumlab.net/pine_privacy_guard/

iD8DBQFCAPwzIR7qMdg1EfYRAhdkAJ0WD+YfGJm5ThKS7PCONFn/4ZB96ACfXXaw
+7SzruguxsXZNyCTwNUwka0=
=gnTa
-END PGP SIGNATURE-
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] File Tranfer limits, if any?

2005-02-02 Thread Garies, Alan

Are there any limits to the size of a file that can be sent to a SAMBA
server?

 

I ask, because a year or so ago, I was using a SAMBA device to store
data files from a Windowz system that were larger than 2 GIG.

The Windows system came back saying that the drive was full.  A check of
the space on the SAMBA location said 30 GIG was open.

The same 2 GIG file between 2 Windows boxes did work.

 

Thanks for your help.

--alan

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] A smbd process pegging CPU at near 100% with v3.0.10-1 FC2 RPM

2005-02-02 Thread Kel Way

CPU 99.3%:
2170 root  25   0 11656 3228  10m R 99.3  0.5   0:07.42 smbd

We're having the same problems as many others with print queues, client 
lock-ups, etc.  I think
maybe this CPU problem is related as we have two servers in two locations with 
the same versions,
and both had the problem immediately after upgrading to 3.0.10.  We use the YUM 
facility to
upgrade Samba.  To react to these problems without waiting for the .11 release, 
is it possible to
use the FC3 RPM of RC1 on a Fedora Core 2 box?  If not, a pointer to a FC2 
binary would be
appreciated.

Many Thanks-
Kel
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Samba 3.0 question, DOMAIN vs. SERVER method? Help!

2005-02-02 Thread Klebanov, Lev

Hello all!

We are attempting to get Samba-3.0.10 working on a new Solaris 8 machine in
preparation for upgrading an existing 2.2.8 installation (both use the
SMCsamba packages from SunFreeware.com).  We copied over the smb.conf file
and the usermap from the Samba-2 installation, and seeing some weird
symptoms when Windows users try to connect to the new machine.

We ran "net join" to join the local domain (referred to hereafter as
MYDOMAIN).  When we set "security = DOMAIN" in the smb.conf file (which is
how we have it on 2.2.8), it works for users that are not in the usermap
(i.e. whose UNIX login name is the same as their Windows login).  But users
who are in the usermap can't connect.  However, when we change the setting
to "security = SERVER" then it works for the users in the usermap.

The main difference I see between DOMAIN and SERVER logins is that the
DOMAIN uses winbind authentication, while SERVER uses smbserver
authentication.  Also, it looks like Samba tries to create a user with the
login of the UNIX user, and then fails because it can't.

If anyone can tell me where we're going wrong, I would really appreciate it!
Thanks in advance!


smb.conf global entries:

# Global parameters
[global]
workgroup = MYDOMAIN
netbios name = MYSERVER
security = DOMAIN
#   security = SERVER
encrypt passwords = Yes
password server = winserv1 winserv2 *
username map = /usr/local/samba/lib/usermap
wins server = x.x.x.x
log level = 3
log file = /var/log/smb.log


Contents of usermap:

unixuser=pcuser


Log entries for the successful DOMAIN login with an unmapped user:

[2005/02/01 15:57:58, 3] libsmb/ntlmssp.c:ntlmssp_server_auth(615)
  Got user=[myuser] domain=[MYDOMAIN] workstation=[MYPC] len1=24 len2=24
[2005/02/01 15:57:58, 3] auth/auth.c:check_ntlm_password(219)
  check_ntlm_password:  Checking password for unmapped user
[EMAIL PROTECTED] with the new password interface [2005/02/01
15:57:58, 3] auth/auth.c:check_ntlm_password(222)
  check_ntlm_password:  mapped user is: [EMAIL PROTECTED]
< SNIP >
[2005/02/01 15:57:58, 3] auth/auth.c:check_ntlm_password(268)
  check_ntlm_password: winbind authentication for user [myuser] succeeded
[2005/02/01 15:57:58, 3] smbd/sec_ctx.c:push_sec_ctx(256)
  push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
[2005/02/01 15:57:58, 3] smbd/uid.c:push_conn_ctx(365)
  push_conn_ctx(0) : conn_ctx_stack_ndx = 0
[2005/02/01 15:57:58, 3] smbd/sec_ctx.c:set_sec_ctx(288)
  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2005/02/01 15:57:58, 3] smbd/sec_ctx.c:pop_sec_ctx(386)
  pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
[2005/02/01 15:57:58, 2] auth/auth.c:check_ntlm_password(305)
  check_ntlm_password:  authentication for user [myuser] -> [myuser] ->
[myuser] succeeded [2005/02/01 15:57:58, 3]
libsmb/ntlmssp_sign.c:ntlmssp_sign_init(319)
  NTLMSSP Sign/Seal - Initialising with flags:
[2005/02/01 15:57:58, 3] libsmb/ntlmssp.c:debug_ntlmssp_flags(62)
  Got NTLMSSP neg_flags=0x60088215
[2005/02/01 15:57:58, 3] smbd/password.c:register_vuid(222)
  User name: myuser  Real name:
[2005/02/01 15:57:58, 3] smbd/password.c:register_vuid(241)
  UNIX uid 5489 is UNIX user myuser, and will be vuid 100
< SNIP >



The logs for the failed DOMAIN login for the mapped user:

[2005/02/01 15:35:41, 3] libsmb/ntlmssp.c:ntlmssp_server_auth(615)
  Got user=[PCuser] domain=[MYDOMAIN] workstation=[MYPC] len1=24 len2=24
[2005/02/01 15:35:41, 3] lib/username.c:map_username(173)
  Mapped user PCuser to unixuser
[2005/02/01 15:35:41, 3] auth/auth.c:check_ntlm_password(219)
  check_ntlm_password:  Checking password for unmapped user
[EMAIL PROTECTED] with the new password interface [2005/02/01
15:35:41, 3] auth/auth.c:check_ntlm_password(222)
  check_ntlm_password:  mapped user is: [EMAIL PROTECTED]
< SNIP >
[2005/02/01 15:35:41, 3] auth/auth_util.c:make_server_info_info3(1127)
  User unixuser does not exist, trying to add it
[2005/02/01 15:35:41, 0] auth/auth_util.c:make_server_info_info3(1134)
  make_server_info_info3: pdb_init_sam failed!
[2005/02/01 15:35:41, 2] auth/auth.c:check_ntlm_password(312)
  check_ntlm_password:  Authentication for user [PCuser] -> [unixuser]
FAILED with error NT_STATUS_NO_SUCH_USER
< SNIP >


Logs for the successful SERVER login for the mapped user:

[2005/02/01 15:36:22, 3] libsmb/ntlmssp.c:ntlmssp_server_auth(615)
  Got user=[PCuser] domain=[MYDOMAIN] workstation=[MYPC] len1=24 len2=24
[2005/02/01 15:36:22, 3] lib/username.c:map_username(173)
  Mapped user PCuser to unixuser
[2005/02/01 15:36:22, 3] auth/auth.c:check_ntlm_password(219)
  check_ntlm_password:  Checking password for unmapped user
[EMAIL PROTECTED] with the new password interface [2005/02/01
15:36:22, 3] auth/auth.c:check_ntlm_password(222)
  check_ntlm_password:  mapped user is: [EMAIL PROTECTED]
< SNIP >
[2005/02/01 15:36:26, 3] auth/auth.c:check_ntlm_password(268)
  check_ntlm_password: smbserver authentica

Re: [Samba] Printing problems

2005-02-02 Thread Josh Kelley

Gerald (Jerry) Carter wrote:
Josh Kelley wrote:
| Second, we're seeing lots of the following messages in
| our log files:
|
| [2005/01/27 13:31:34, 0] rpc_server/srv_lsa_hnd.c:create_policy_hnd(111)
|  create_policy_hnd: ERROR: too many handles (1025) on this pipe.
|
| I'm getting reports from users that they're intermittently
| unable to  print.  Windows reports, "Unable to create a print
| job"; this seems to  correspond with the "too many handles"
| errors, but I haven't gotten  details consistently enough
| to know for sure.  Any suggestions?
Are you using an XP client?  There's a limit on the
number of open printer handles that smbd will allow
to prevent a client from eating up too much memory.
it's set to 256 currently.
I would look at a network sniff to see what the client
is doing opening all those printer handles.
We are using XP clients.  I'll try running a network sniff; thanks for 
the suggestion.  (The problem is happening intermittently on a number of 
our lab computers, which makes that a bit harder.)

A couple of questions, keeping in mind that I know little about the SMB 
protocol or Samba's internals:  If I'm reading the source code and the 
log messages correctly, these are policy handles (policy handles on 
pipes?).  Are those the same thing as printer handles?  The limit on 
policy handles in 3.0.9 is apparently 1024, not 256.

Another oddity:  We'd been getting hundreds or thousands of these error 
messages each day, then our server crashed yesterday morning for 
as-yet-undetermined reasons.  Since the reboot, I've been seeing neither 
the "old print jobs aren't cleared" bug nor the "too many handles" messages.

Josh Kelley
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Creating mandatory profiles (not making profiles mandatory)

2005-02-02 Thread "M. Müller"

Ilia Chipitsine schrieb:
Hi,
is it possible to create the user profiles by copying a template, 
change file ownership and modify the SID in NTUSER.DAT using the 
profile tool?
We have many problems with broken profiles. This has become time 
consuming
  ^^^
there're few tips which I came to after using roaming profiles for 
several years, those tips will significately reduce number of problems 
with roaming profiles:

1) watch that profiles are less than 30Mb (number of files also is 
important)

2) when user first logs in, if there no profile exists, "Default User" 
profile is taken from \\$LOGONSERVER\NETLOGON, so you can have special 
default profile for new users. otherwise local "Default User" profile 
is taken.

3) redirect common folders like Desktop, My Documents out of roaming 
profile. they can live on network share in user's home directory, but 
not in the roaming profile. this can be achived either by manipulating 
registry directly or by using nt4 style domain policies, I can even 
send You custom ADM template for that.

Outlook.pst can also be redirected out of roaming profile.
simply move it to another place and start MS Outlook, it will ask You 
where to find outlook.pst

4) be careful with terminal services. samba doesn't understand 
separate profiles for terminal services, so you can ruin roaming profile.

5) make sure you are using the same version of Windows on all computers.
w2k <--> xp can also break many things in profile
6) make sure other things than Windows are the same on all computers.
particularly MS Office.
7) You can create "profile backup system",
put, for example
regedit /e \\SERVER\share\%UserName%-of2k3.reg 
"HKEY_CURRENT_USER\Software\Microsoft\Office\11.0"

at logon script and after that You can easily delete broken profile 
and restore required things from backup.

8) xp behave weird on roaming profiles.
even if You reqiure "delete cached copies of roaming profiles on 
exit", xp leaves copy and !!! if You delete network copy of roaming 
profile (in order to create profile from "Default User"), xp picks up 
local cached copy. so, in such case You need to remove both network 
and local cached copy of profile. no idea how to make xp delete it on 
exit.

and frustrating - when a user experiences an error or weird behaviour 
of an application I can never be sure wether the cause is a "wrong 
user error", a broken profile or defect in installation. If I want 
all users or groups of users to have the same profile I should be 
able to create it for them.
I already use the "default user", but with that I only can make a 
profile mandatory after the user's first logoff.
I could try myself, but I sometimes experience that "tricks" that 
work at first and look good have some side effects I didn't think of, 
so I would appreciate comments from people who tried that, or maybe 
someone knows why this is rather a bad idea.

With kind regards,
Malte Mueller
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Thanks a lot Ilia!
We have 200 PC and nearly all have a reborn-card or such, which prevents 
any lokal changes, so local copies of profiles do not exist. Users log 
in very often to different Computers and need to have a defined 
environment i.e. an available profile. I already use a "default 
user"-profile and redirected folders (thanks John, the book helped a 
lot). Nevertheless I feel that I cannot rely on the profiles' integrety 
once a user had a chance to modify it. Making a registry copy is a good 
tip, i will use that, at least for some users. But rather than backing 
up I would very much appreciate to set up a defined profile for each 
user. I think it would make life a lot easier for me (and the users).

With kind regards
Malte Mueller
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Samba 3.0.11rc1 Available for Download

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On Wed, 2 Feb 2005, David Landgren wrote:

> You raised an eyebrow at security = domain in my config. It's been that 
> way since 2.2.8 and (poor) performance was never sufficiently noticeable 
> to warrant benchmarking.

No.  I was just trying to understand the configuration that you were 
working with.  What we need to find out is whether the delay is on the 
server or in smbclient.  I would look at a level 4 log on smbd with 'debug 
timestamp = yes' and look for any obvious gaps.  Trying to narrow down
to a specific code path.

cheers, jerry
=
Alleviating the pain of Windows(tm)  --- http://www.samba.org
GnuPG Key- http://www.plainjoe.org/gpg_public.asc 
"I never saved anything for the swim back." Ethan Hawk in Gattaca
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.2.5 (GNU/Linux)
Comment: For info see http://quantumlab.net/pine_privacy_guard/

iD8DBQFCAPYrIR7qMdg1EfYRAoL7AKC+JSFWheeMWqZmiYr0Gx9/e/kD3ACgzch4
dC8UpB86DDkgM/VrVL5LSME=
=UFs8
-END PGP SIGNATURE-
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Samba network errors

2005-02-02 Thread "Bjørn Fahnøe"

Samba seems to work OK but I have the following problem:
In the log I get the following
Jan 27 10:33:53 test smbd[5055]: [2005/01/27 10:33:53, 0] 
lib/util_sock.c:get_peer_addr(1000)
Jan 27 10:33:53 test smbd[5055]: getpeername failed. Error was Transport 
endpoint is not connected
Jan 27 10:33:53 test smbd[5055]: [2005/01/27 10:33:53, 0] 
lib/util_sock.c:get_peer_addr(1000)
Jan 27 10:33:53 test smbd[5055]: getpeername failed. Error was Transport 
endpoint is not connected
Jan 27 10:33:53 test smbd[5055]: [2005/01/27 10:33:53, 0] 
lib/util_sock.c:write_socket_data(430)
Jan 27 10:33:53 test smbd[5055]: write_socket_data: write failure. Error = 
Connection reset by peer
Jan 27 10:33:53 test smbd[5055]: [2005/01/27 10:33:53, 0] 
lib/util_sock.c:write_socket(455)
Jan 27 10:33:53 test smbd[5055]: write_socket: Error writing 4 bytes to socket 
23: ERRNO = Connection reset by peer
Jan 27 10:33:53 test smbd[5055]: [2005/01/27 10:33:53, 0] 
lib/util_sock.c:send_smb(647)
Jan 27 10:33:53 test smbd[5055]: Error writing 4 bytes to client. -1. 
(Connection reset by peer)
It means at least that I temporarily looses the connection and if writing to a 
database it becomes corrupted.
I cannnot se i have made somthing wrong. Samba 2.x worked fine but Samba 3 is 
giving this problem.
What can be done? Is it a bug? Is Samba misconfigured? Or is the network 
misconfigured?

I have checked network configuration with webmin.
It now has a box in Routing and Gateways which says the folowing:

Destination  Gateway   Netmask  Interface
10.0.0.0   0.0.0.0 255.255.255.0   eth0
Default Route   10.0.0.10.0.0.0 eth0

My configuration is
IP: 10.0.0.10
Netmask 255.255.255.0
Gateway 10.0.0.1
Broaddcast 10.0.0.255
So what does the box mean? Have I misconfigured something in the network?
I have reconfigured my eth0 with MDK Controlecenter, and nothing changes.
It is really frustrating as it is the basic configuration I am loosing my time 
with and not the network for the benefits of the users.

I have another thing. In the Microsoft Network the Xp-workstations disappear 
after a time (5-20 minutes) I can find them via Find computer.
If I close down the Samba service it does not happen.

Bjørn

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Re: samba a la linux question?

2005-02-02 Thread David Collier-Brown

  I think you probably should ask this on the
samba@lists.samba.org list [redirected], as this
is the development list. 
  Hint: keepalive deals with part of this.

--dave


 --- "Behnam, Saman" <[EMAIL PROTECTED]>
wrote: 
> Dear Mr. Mrs. 
> 
> When a windows share is mounted in to a linux-share
> running samba and anohter windows mashine accesses
> the linux-share...then all is ok. But when the
> mounted mashine crashes for example (if running ms
> windows its not rare ;) and the another windows
> mashine trys to access the linux-share with the
> unmounted but crashed windows.so the request
> hangs!
> 
> Is there a workarround for this? e.g. mechanism that
> samba checks the mounted windows mashine and if not
> arrichable then force umount and when arrichable
> then mount it!
> 
>  Thank u verry much!
> 
> Mit freundlichen Grüßen / Kind regards 
> 
> Saman Behnam
> 
> Dipl.-Ing. (FH)
> 
> TÜV AUTOMOTIVE GmbH
> 
> Abt.: TAP-GAR
> 
> Daimlerstr.11
> 
> D-85748 Garching 
> 
> Tel: 089 32950-849 / 859 Fax: 858
> 
> mailto:[EMAIL PROTECTED]
> 
> http://www.tuev-sued.de  
>  

=
David Collier-Brown, | Always do right. This will gratify
System Programmer and Author | some people and astonish the rest
[EMAIL PROTECTED]   |  -- Mark Twain
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Re: Samba bidirectional printing support

2005-02-02 Thread Viktor Remennik

No answers so far..
So probably it is impossible to make bidirectional printer connection 
using samba?
One more question - are there another smb implementations for unix-like 
operating systems?

Viktor Remennik wrote:
Paul Gienger wrote:

trying to install Canon s900 printer but canon printer monitor on win 
PC is not working saying there's no bidirectional connection between win

That is probably the Canon app not wanting to work with a networked 
printer.  Those style apps are designed to work on a local machine 
with a local printer.  You could try to create a virtual LPR port and 
set the server to print in raw mode, but that probably won't get you 
over the hump.

I don't think so. Actualy there are two kind of tools. First is really 
working with local port. But I'm talking about win32 driver. Under win32 
(windows xp sp2) the driver is able to show when there's no ink in the 
network printer. but with samba shared printer win32 driver claims that 
bidirectional mode is unavailable and "Enable bidirectional support" 
checkbox in printer properties is disabled gray. Is it possible to let 
it alert me when ink is out?


So, am i right that it is impossible to use modern printers via samba?

No, you're wrong.  It may be very difficult or impossible to use 
printers whose driver writers expect that printer to be attached to 
USB or parallel ports and cannot function over the network, but this 
will only hinder the advanced properties, perhaps such as ink sensing 
and what not.  Pull virtually any network aware printer off of the 
shelf today, install the drivers on your server and client and you'll 
be just fine.  Naturally this works better if the printer talks 
PostScript or any open printing language, but even without, many 
companies make valid unix drivers for network printers.

But under win32 it works via smb net! Maybe the problem is in the samba 
configuration?


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] ERRinvnetname (HELP)

2005-02-02 Thread Fábio Soares

Please HELP me!

-- Forwarded message --
From: Fábio Soares <[EMAIL PROTECTED]>
Date: Tue, 1 Feb 2005 14:01:13 -0300
Subject: Error messages when trying to access a share
To: samba@lists.samba.org

Hi everyone!

Does anybody know what each of the error messages "ERRinvnetname" and
"ERRbadpw" mean?

The first one I get when I type my password after each of the
following commands:
smbclient -L localhost -U fabio
//it only asks me for a password (I think it's to be my password)
smbclient -L localhost -N
//it doesn't ask a password. what/who is the username?

The second one I get when I try this command:
smbclient -L localhost
//it does ask a password. but whatever password I type, the ERRbadpw
error message arises on my screen. Why?? where does samba take a
username for this password from?

my smb.conf file is attached. you might want to take a look at it.

--
Fabio Mendes Soares
Computing Student (yet newbie at Samba)
Ananindeua-PA-Brazil
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] forcing a file to have the same uid from parent directory

1) You can try "force user = %U", not sure it will work on [homes]
it even can have side effect that every user will gain access to any home 
directory.

2) SUID on directory ?
Hi,
I have a little problem, sometimes the administrator must put a file in  a
home directory.  But the owner of this file is root, not the user which
have the home directory.
Example :
/rsrv/data1/home/toto   toto  Utilisateurs0700
 + toto.id   root  Administrateurs 0700
 + fichier.xls toto  Utilisateurs0700
I would like to kown how I set up my conf (linux or samba ) for forcing uid
of new file to have the same uid which have the directory.
Thank you
 St?phane
---
St?phane PURNELLE [EMAIL PROTECTED]
Service Informatique   Corman S.A.   Tel : 00 32 087/342467
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

RE: [Samba] Auth failing - idmap_rid?

2005-02-02 Thread Brian Hoover

Guenther Deschner wrote:
> Hi Brian,

Thanks for the response.

> 
> On Tue, Feb 01, 2005 at 03:11:23PM -0500, Brian Hoover wrote:
>> The samba server is FC3 / samba 3.0.10 (Fedora package w/ idmap_rid
>> compiled) 
>> 
>> The samba server shows up in the browse list, but when you select it
>> from an XP machine windows spits up "\\ server is not accessable"
>> yada yada "The user name could not be found"  The following shows up
>> twice in /var/log/samba/winbindd:
>> 
>> [2005/02/01 14:00:27, 0]
>>   sam/idmap_rid.c:rid_idmap_get_id_from_sid(461)
>> rid_idmap_get_id_from_sid: no suitable range available for sid:
>> S-1-5-21-601769246-1165110998-860360866-2946 
> 
> 
> Could you please restart winbindd once with loglevel = 10 and post
> the rid_idmap respective idmap_rid relevant entries of log.winbindd? 
> 

This one may need to remain a mystery.  I went show the SID differences
to a colleague 4 hours after sending the original post and the symptom
had disappeared.  I had changed the uid / gid ranges from 1-2 to
1000-20 but even after changing them back I have not been able to
repeat the issue.

I'll post again if this happens again.  Since this is my first samba
server it is still in lab status and I will leave the log level set to
10.  Maybe I'll catch something.
 
The log you ask for does not show anything to me that is abnormal but
here it is:


[2005/02/02 07:43:43, 1] nsswitch/winbindd.c:main(864)
  winbindd version 3.0.10-1.fc3 started.
  Copyright The Samba Team 2000-2004
[2005/02/02 07:43:43, 5] lib/debug.c:debug_dump_status(366)
  INFO: Current debug levels:
all: True/10
tdb: False/0
printdrivers: False/0
lanman: False/0
smb: False/0
rpc_parse: False/0
rpc_srv: False/0
rpc_cli: False/0
passdb: False/0
sam: False/0
auth: False/0
winbind: False/0
vfs: False/0
idmap: False/0
quota: False/0
acls: False/0
--SNIP--
  doing parameter idmap backend = idmap_rid:VIDAR=1-2
  doing parameter idmap uid = 1-2
  doing parameter idmap gid = 1-2


-Brian


> Thanks,
> 
> Guenther


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] ntlm_auth + nt domain

2005-02-02 Thread durale

i have to use ntlm_auth command with freeradius.

Before, i want to execute ntlm_auth manually. For this job i use samba
and winbind.

the result command is : 

ntlm_auth --requeset-nt-key --domain=micro --username=alex   
password: 
NT_STATUS_NO_LOGON_SERVERS: No logon servers (0xc05e)

Before i entered my computer in nt domain which name is "DOMAIN" like
this:

net  rpc join -S micro -U administrator
Password:
Joined domain DOMAIN.

and wbinfo -u :wbinfo -u
Error looking up domain users

and wbinfo -g :

BUILTINSystem Operators,BUILTINReplicators
BUILTINGuests,BUILTINPower Users
BUILTINPrint Operators,BUILTINAdministrators
BUILTINAccount Operators,BUILTINBackup Operators
BUILTINUsers

So, can you please return your experience about this subjet, particulary
authentication with nt domain

Regards,

durale



-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] ntlm_auth + nt domain

2005-02-02 Thread Alexandre Durand

i have to use ntlm_auth command with freeradius.

Before, i want to execute ntlm_auth manually. For this job i use samba
and winbind.

the result command is : 

ntlm_auth --requeset-nt-key --domain=micro --username=alex   
password: 
NT_STATUS_NO_LOGON_SERVERS: No logon servers (0xc05e)

Before i entered my computer in nt domain which name is "DOMAIN" like
this:

net  rpc join -S micro -U administrator
Password:
Joined domain DOMAIN.

and wbinfo -u :wbinfo -u
Error looking up domain users

and wbinfo -g :

BUILTINSystem Operators,BUILTINReplicators
BUILTINGuests,BUILTINPower Users
BUILTINPrint Operators,BUILTINAdministrators
BUILTINAccount Operators,BUILTINBackup Operators
BUILTINUsers

So, can you please return your experience about this subjet, particulary
authentication with nt domain

Regards,

durale

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

RE: [Samba] samba 2 smbpasswd + ldap - not binding properly

2005-02-02 Thread Bruno Guerreiro

Hi,
The problem isn't the authentication, as the server can't even connect to
the LDAP server to try to authenticate.
Is your passdb backend correctly defined?

Best Regards,
Bruno Guerreiro

-Original Message-
From: Tyler R. Retzlaff [mailto:[EMAIL PROTECTED]
Sent: terça-feira, 1 de Fevereiro de 2005 23:15
To: samba@lists.samba.org
Subject: [Samba] samba 2 smbpasswd + ldap - not binding properly


I've been having difficulty getting smbpasswd -a working as follows.

wiggum:/etc# smbpasswd -D 10 -a rtr
New SMB password:
Retype new SMB password:
ldap_open_connection: connection opened
ldap_connect_system: Binding to ldap server as "cn=manager,dc=test,dc=net"
Bind failed: Can't contact LDAP server
ldap_open_connection: connection opened
ldap_connect_system: Binding to ldap server as "cn=manager,dc=test,dc=net"
Bind failed: Can't contact LDAP server
Failed to add entry for user rtr.
Failed to modify password entry for user rtr

Now it clearly says it's binding as "cn=manager,dc=test,dc=net".  But 
according to the ldap server debug info I see the following two binds.  
During the smbpasswd -a neither of which is cn=manager.

do_bind: version=3 dn="cn=nss,dc=test,dc=net" method=128
do_bind: v3 bind: "cn=nss,dc=test,dc=net" to "cn=nss,dc=test,dc=net"

My smb.conf looks like this:

ldap admin dn   = cn=manager,dc=test,dc=net
ldap server = ldap.test.net
ldap suffix = ou=People,dc=test,dc=net

So is smbpasswd ignoring it?  Just a note cn=nss comes from my 
libnss_ldap.conf so it's possible what I'm really seeing is the bind for nss

lookup of the the passwd entry and smbpasswd isn't attempting to bind at 
all..

I've been scanning the samba list for days and haven't seen any solutions,
so 
if someone could help me out I would appreciate it.

Thanks
-- 
Tyler R. Retzlaff <[EMAIL PROTECTED]>
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] (no subject)

2005-02-02 Thread SABINE ZARABIAN

Thomas Kreft wrote:
I have a rather complex access setup for my users home-directories. This is
because
a) All users have to be able to read other users files (minus some private
folders)
b) Some users additionally have write access to specific (not: all!)
home-directories
So a user Joe also has a group called 'Joe' with members Joe, Tim and Kate.
Hence,  Joe, Tim and Kate may write to /home/joe. I do this by editing
smb.conf as follows:
[homes]
   valid users = @users
   write list = @%g
   browseable = No
   create mask = 0660
   directory mask = 0770
Now the question is: How do I provide the users with an easy way to access
the various 'homes', ie. via a mapped network drive, and STILL preserve the
'write list' option of the smb.conf?
Of course, the users could type "\\SERVERNAME" into their windows explorer,
or browse through the network neighbourhood everytime, but this is rather
inconvenient.
Or I could create a share with symlinks to all the home folders, but this
would deprive me of the individual 'write list' access control.
Hope I could make myself clear! Any ideas are highly appreciated, I'm
completely lost.
Thomas
 

Hallo Thomas,
I would solve your problem this way:
I would create home folders like you have done /home/joe , /home/tim ...
I would create group folders like /group/joe, /group/...
in smb.conf :
[homes]
comment = private
browseable = yes
create mask = 0700
directory mask = 0700
public = no
writeable = yes
[group]
comment = group directory
path = /group/%g
create mask = 0770
directory mask = 0770
force directory mode = 0770
force create mode = 0770
public = no
writeable = yes
in logon.bat:
net use x: \\server\homes
net use y: \\server\group
In this way, data in x:\  are private f.e. joe,
data in y:\ are readable and writeable for the  whole group f. e. joe, 
tim and kate.

Sabine

--
Sabine Zarabian
Universität Bielefeld
Fakultät für Biologie
0521 - 106 5567
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] LDAP help!

2005-02-02 Thread Adam Tauno Williams

> > Right now I have Samba+LDAP working (like a charm acctually)  I just
> > have one issue.  Right now Samba is authenticating the user against
> > the sambaLMPassword and/or the sambaNTPassword attributes.

Yep.

> > I would rather it authenticated against the userPassword attribute
> > like my unix boxes and mail servers do.  Is samba capable of doing
> > this?  Otherwise I have to maintain two seperate passwords for each
> > user.
> yes, you have to support two separate passwords for samba and nss.

Yes.  But we are talking about Samba and PAM - not NSS.  NSS has nothing
to do with passwords.

> otherwise you have to keep passwords in clear and somehow emulate (is 
> OpenLDAP capable of this ?) sambaNTPassword via cleartext userPassword

Password syncronization is trivial.  See "ldap password sync" to do it
from the Samba side or the smbk5pwd overlay to extend the
password-modify exop on the LDAP side to always set all passwords.  Or
the third option is to use Kerberos for authentication of non-CIFS
connections as the Hiemdal KDC can use the same LDAP SAM as Samba.

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] mass user creation


1) how to do with ldiff file to put a user member of a group ?
You have the gid specified so that will get your primary group, adding 
secondary groups is not as easy though.  The secondary groups you are a 
member of is stored in the group, via the multi-value property memberUID. 
You'll have to ldapmodify the groups you want to be a member of with the 
appropriate member's uid.

2) Is there a solution to avoid this problem so that i also can generate 
mass user password ?
You could pipe your script, depending on the language, into the smbpasswd 
command.  I believe Jerry has posted something like this for a shell 
language:
echo $pass $pass > smbpasswd -a $username
smbpasswd also used to have an optional last parameter for user's 
password. which was never documented and recently has been removed :-(

Also, you may want to leave off your samba parameters in the ldif, they will 
get added by the smbpasswd command.

--
--
Paul GiengerOffice: 701-281-1884
Applied Engineering Inc.
Systems Architect   Fax:701-281-1322
URL: www.ae-solutions.com   mailto: [EMAIL PROTECTED]

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] smbcquotas (Need help with command syntax)

smbcquotas will definetely work under the following conditions:
1) SMB server is something nt-like (w2k or w2k3)
2) disk quotas are enabled
3) \\server\share is ROOT of filesystem.
ntfs5 doesn't allow to have different quotas for directories on a single 
partition.

not sure smbcquotas will work on samba. also I do not know any filesystem 
which allows disk quotas per directory. Usually you have to put 
directories on separates partitions in order to achive that.

I need to setup quota on //server/home for user a to 1GB
and
on //server/client (for all users on this share) to 10GB
May you please let me know the exact command to be used for this? Also, do I 
need to add any other parameter in smb.conf in order to make quotas work? I 
have compiled samba with quotas option.
Thank you.
-
Do you Yahoo!?
Yahoo! Search presents - Jib Jab's 'Second Term'
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] PDC + SAMBA + LDAP