[Samba] can print test page in the redhat, but can't print through the samba share print,why?

[gzis]

i can print test page in the redhat, but when i use the samba shared
printer to print test page,

it is said "test page failed to print"  why?


one part of my smb.conf as follow:


printcap name = CUPS
load printers = yes
disable spoolss = no
show add printer wizard = yes
printer admin = samhuang,GZ+samhuang
printing = cups


any help would be appreciate

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] samba failed to authenticate to openLDAP

[Tony Earnshaw]

Paul Gienger:

[...]

>> Is there anybody who might have some idea of what is wrong.
>>
>
> Yep.  You did nothing to create the samba attributes that will have to
> exist in each user account for the users to log in.   I suggest you read
> the documentation on setting up an LDAP/PDC system that is on the
> samba.org web site.  You've missed quite a few steps here, so you may want
> to read it through to get a complete idea.  Your solution is going to
> include the following:
>
> 1. Obtain and configure the smbldap-tools package.
> 2. Run the smbldap-populate script
> 3. Make sure you've got a sambaDomain (I think that's the object type)
> in the base of your DIT. 4. Join the machine to the domain (since you
> appear to want a domain setup) 4. Add samba attributes to each user's
> account.
>
> Yes there are 2 #4 entries.  Doesn't matter which one comes first.  As
> far as I can remember, those will be the critical steps to not miss. If
> you've followed the documentation and not done those steps, you've missed
> something.

Not that i don't appreciate your constant help and encouragement but:

1: I followed the docs to the letter;
2: doing that nearly fscked up my already existent DIT for always;
3: I found a different way "that worked for me";
4: I promised JHT to write up how (and more importantly why) but I didn't
get that far yet. The important thing is, that whoever wrote the (3.0.7
and higher) ldapsam code made it truly versatile: it can do things in more
ways than one. As my Walloon Belgian granny used to say: "there are more
ways of killing a cat than choking it with cheese" ;)

--Tonni

--
mail: [EMAIL PROTECTED]
http://www.billy.demon.nl

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

RE: [Samba] Srvtools causes smbldap_open: cannot access LDAP when not root

[Craig White]

On Wed, 2005-03-02 at 10:40 +0800, Doug Campbell wrote:

> >
> > Yes. I have to agree with Craig White here (I usually do ;) LDAP for me is
> > the be-all and end-all. i use it for across-platform authentication in
> > production for *everything* It is the corner stone to all services that my
> > users may use. If an application doesn't work with it, then that
> > application is useless to me. Examples of apps that use a single login and
> > password at one site I administer (runs 3 servers under RHAS3 using the
> > same LDAP DSA) are postfix smtp, Courier IMAP, Linux Terminal Server
> > Project, Pykota print quota admin, ssh and a Samba PDC. To be able to
> > master the LDAP part thoroughly, I chose to use source code and subscribe
> > to the 4-5 mailing lists dealing with this. Craig does the same.
> >
> > Get samba working without LDAP first, then make sure you master every
> > possible aspect of openldap and are completely confident with it. Then you
> > can adapt what you've done to Samba.
> 
> I will do that.  Thanks for your time in patiently helping me through this.

I will say the unpopular thing that people don't want to hear.

Learning LDAP through samba is probably one of the most obtuse angles
that one can take and it seems certain to confound, confuse and
frustrate those who try. I know this because I spent 2 or 3 days trying
and said to myself - "self, this isn't teaching me what I need to know
about LDAP"

So I put Samba on the side - bought Gerry Carter's LDAP System
Administration book (great book by the way - perhaps a bit dated but
definitely tells you the things you NEED to know). Set up LDAP on the
base server, added some users, tested it out with various packages like
ssh, imap etc. By this time, I was comfortable with
ldapadd/ldapmodify/ldapsearch etc. I was working. I then began working
on LDAP ACL's. This took time but by then, I was getting the picture.
All in all, this probably took me a week to get a 'basic' understanding
of LDAP and I was able to add in Samba stuff.

You need to understand LDAP to the point of troubleshooting connections,
errors etc. Without this ability, and putting total reliance upon
something like the IDEALX tools to populate and maintain LDAP, at the
first problem you don't know where to look for causes, you don't know
how to solve these problems and you are begging lists for help and you
can't even accurately describe the problems you are having except in the
most general ways.

I understand what people are saying when they say, it seems to be
working fine except for...I've been there. It means that they don't know
what they are doing and have gotten lucky to a point. Samba/IDEALX is
not a turnkey system to create the LDAP backend that works out of the
box. In a way, I fear the day that some distribution packages it up with
that claim since it will engender a lot of 'Administrators' that don't
have a clue what they're doing...Point and click know not the
ramification administration is not a Windows patented technology I
think.

I see all of the people like Steve Zeng - without a clue why things
aren't working. When I say, you really need to learn LDAP first - I get
a message back - why don't you give me some constructive feedback and I
think to myself, damn, I thought I just gave them the most constructive
advice that they could get - in case you haven't figured it out yet,
this is why I didn't respond to your personal email to me. (Doug - not
Steve)

I have this saved in my 'subscriptions' file...
Thu, 14 Jun 2001 01:14:45 GMT  (Wed, 18:14 MST)

Welcome to the openldap-software mailing list!
I 'monitored' the list for nearly 2 1/2 years before I actually
implemented my first DSA. (I admit that I had used LDAP for a year and
didn't know what DSA meant - but had the humility to ask what it meant a
few weeks ago). I observed. I am on several other lists - I observe. I
am not that smart and it probably takes me longer than most but I know
that I am not willing to trust the most powerful system on my network to
work without doing everything that I can to understand how it works.
Knowledge is the power to take responsibility for what I do.

Lastly, if LDAP provides core authentication for users on the system,
are you gonna feel comfortable relying upon it when you can't operate
it, troubleshoot it, articulate how it is structured and/or define the
security methods you are using to protect it?

Craig

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

RE: [Samba] Srvtools causes smbldap_open: cannot access LDAP when not root

[Doug Campbell]

> > I don't have any certificates to deal with as I am not using SSL/TLS.  I
> > actually tried to do this as a learning exercise but couldn't get it to
> > work based on the documentation I read.
>
> Try http://www.openldap.org/pub/ksoper/OpenLDAP_TLS_howto.html

I will check that out.

[snip]
>
> 'man ldapsearch'. ldapsearch without -x assumes that you are asking for
> SASL support that you have configured in slapd.conf, and you haven't. The
> fact that you get the same results for root or a non-root user doesn't
> have anything to do with the Unix user that you are logged in as; slapd
> doesn't care about the Unix )posix) user. It only cares about users in DNs
> that you feed it.

That makes sense to me and I think gives me a clue on some of the problems I
was having with the LDAP ACLs.

> > Does that give a better idea of what might be wrong in my setup?
>
> Yes. I have to agree with Craig White here (I usually do ;) LDAP for me is
> the be-all and end-all. i use it for across-platform authentication in
> production for *everything* It is the corner stone to all services that my
> users may use. If an application doesn't work with it, then that
> application is useless to me. Examples of apps that use a single login and
> password at one site I administer (runs 3 servers under RHAS3 using the
> same LDAP DSA) are postfix smtp, Courier IMAP, Linux Terminal Server
> Project, Pykota print quota admin, ssh and a Samba PDC. To be able to
> master the LDAP part thoroughly, I chose to use source code and subscribe
> to the 4-5 mailing lists dealing with this. Craig does the same.
>
> Get samba working without LDAP first, then make sure you master every
> possible aspect of openldap and are completely confident with it. Then you
> can adapt what you've done to Samba.

I will do that.  Thanks for your time in patiently helping me through this.

Doug

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] MIT Kerberos tickets gone..

[Scarry, Robert]

I have the following scenario.

Windows 2K Active Dir server,  Samba 3.0.7 running on Solaris 2.8.

Running MIT Kerberos to join and authenticate with the AD.  Things work ok,
can join the domain, and can access the samba server from trusted domains as
well as local domain.

However, when doing 'kinit' I have found that the default ticket life was
for 24 hours is seemed.  After I reboot the solaris / samba server the
Kerberos token was gone, and I had to manually generate a new ticket and do
a 'net ads join' again to get the server back up..

I found that I can us the "-d" option with kinit to increase the ticket life
and did so to 500 days.  Reboot the server and the token is gone again..
Have to then do a 'kinit' again as well as a 'net ads join' to get things
running again.

I read that I should not have a /etc/krb5.conf due to locking things down to
one kdc only.  Any ideas?
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Samba 3.0.11 Compile Error

[TAKEUHCI, Osamu]

(BSorry. I was not able to post the error log.
(BIt is this.
(B
(Bbash-2.05b# make
(B
(BWarning! One or more of your selected locales are not available.
(BPlease invoke the commands "locale" and "locale -a" to verify your
(Bselections and the available locales.
(B
(BContinuing processing using the "C" locale.
(B
(BUsing FLAGS =  -O -I./popt -Iinclude -I/var/tmp/test1/syc_work/samba-3.0.11/sour
(Bce/include -I/var/tmp/test1/syc_work/samba-3.0.11/source/ubiqx -I/var/tmp/test1/
(Bsyc_work/samba-3.0.11/source/smbwrapper  -I. -D_HPUX_SOURCE -D_POSIX_SOURCE -D_L
(BARGEFILE64_SOURCE -D_ALIGNMENT_REQUIRED=1 -D_MAX_ALIGNMENT=4 -DMAX_POSITIVE_LOCK
(B_OFFSET=0x1ffLL -I/var/tmp/test1/syc_work/samba-3.0.11/source
(B  LIBS = -lgen -lsec -lnsl -liconv
(B  LDSHFLAGS = -shared 
(B  LDFLAGS = 
(B
(BWarning! One or more of your selected locales are not available.
(BPlease invoke the commands "locale" and "locale -a" to verify your
(Bselections and the available locales.
(B
(BContinuing processing using the "C" locale.
(B
(BGenerating smbd/build_options.c
(B
(BWarning! One or more of your selected locales are not available.
(BPlease invoke the commands "locale" and "locale -a" to verify your
(Bselections and the available locales.
(B
(BContinuing processing using the "C" locale.
(B
(B
(BWarning! One or more of your selected locales are not available.
(BPlease invoke the commands "locale" and "locale -a" to verify your
(Bselections and the available locales.
(B
(BContinuing processing using the "C" locale.
(B
(BBuilding include/proto.h
(Bcreating /var/tmp/test1/syc_work/samba-3.0.11/source/include/proto.h
(B
(BWarning! One or more of your selected locales are not available.
(BPlease invoke the commands "locale" and "locale -a" to verify your
(Bselections and the available locales.
(B
(BContinuing processing using the "C" locale.
(B
(BBuilding include/wrepld_proto.h
(Bcreating /var/tmp/test1/syc_work/samba-3.0.11/source/include/wrepld_proto.h
(B
(BWarning! One or more of your selected locales are not available.
(BPlease invoke the commands "locale" and "locale -a" to verify your
(Bselections and the available locales.
(B
(BContinuing processing using the "C" locale.
(B
(BBuilding include/build_env.h
(B
(BWarning! One or more of your selected locales are not available.
(BPlease invoke the commands "locale" and "locale -a" to verify your
(Bselections and the available locales.
(B
(BContinuing processing using the "C" locale.
(B
(B
(BWarning! One or more of your selected locales are not available.
(BPlease invoke the commands "locale" and "locale -a" to verify your
(Bselections and the available locales.
(B
(BContinuing processing using the "C" locale.
(B
(Bcreating /var/tmp/test1/syc_work/samba-3.0.11/source/nsswitch/winbindd_proto.h
(Bcreating /var/tmp/test1/syc_work/samba-3.0.11/source/web/swat_proto.h
(Bcreating /var/tmp/test1/syc_work/samba-3.0.11/source/client/client_proto.h
(Bcreating /var/tmp/test1/syc_work/samba-3.0.11/source/utils/net_proto.h
(Bcreating /var/tmp/test1/syc_work/samba-3.0.11/source/utils/ntlm_auth_proto.h
(BWARNING: you need to run ./config.status
(B
(BWarning! One or more of your selected locales are not available.
(BPlease invoke the commands "locale" and "locale -a" to verify your
(Bselections and the available locales.
(B
(BContinuing processing using the "C" locale.
(B
(BCompiling dynconfig.c
(BIn file included from include/includes.h:421,
(B from dynconfig.c:21:
(B/usr/include/sys/ipc.h:51: error: parse error before "cid_t"
(B/usr/include/sys/ipc.h:56: error: parse error before '}' token
(BIn file included from include/includes.h:425,
(B from dynconfig.c:21:
(B/usr/include/sys/shm.h:82: error: field `shm_perm' has incomplete type
(B*** Error exit code 1
(B
(BStop.
(B
(B
(B
(BOn Wed, 02 Mar 2005 11:17:05 +0900
(B"TAKEUHCI, Osamu" <[EMAIL PROTECTED]> wrote:
(B
(B> Hello.
(B> 
(B> I'm trying to run Samba on HP-UX (IA64), but I can't compile Samba source.
(B> 
(B> I have this following packages:
(B> 
(B> Samba 3.0.11
(B> libiconv 1.9.1
(B> HP-UX 11.23 (IA64)
(B> 
(B> "configure" process is ok.
(B> At "make" process, I encounters the parsing error. 
(B> 
(B> I attached the compile error log.
(B> Do you have information how to compile Samba on HP-UX (IA64)?
(B> 
(B> -- 
(B> Osamu Takeuchi
(B
(B-- 
$BC]Fb(B $BM}!wJ<8K8)@>5\;T(B
(B
(B-- 
(BTo unsubscribe from this list go to the following URL and read the
(Binstructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] samba failed to authenticate to openLDAP

[Steve Zeng]

Paul,
I downloaded smbldap-tools-0.8.7 and tried the following:
1) run configure.pl
2) initialize LDAP base and then start LDAP server
dn: dc=mfelc
dc: mfelc
objectClass: top
objectClass: domain
3) run smbldap-populate
4) run the following migration tool to import users from NIS:
smbldap-migrate-unix-accounts -a -P /tmp/passwd.nis
5) run the following migration tool to import groups from NIS:
smbldap-migrate-unix-groups -a -G /tmp/group.nis
6) smbldap-useradd -a -m testuser1
   smbldap-passwd testuser1
6) smbclient //enzo/testuser1 -U testuser1
got the following errors:
-
  User testuser1 in passdb, but getpwnam() fails!
[2005/03/01 18:12:11, 5] auth/auth_util.c:free_server_info(1344)
  attempting to free (and zero) a server_info structure
[2005/03/01 18:12:11, 0] auth/auth_sam.c:check_sam_security(306)
  check_sam_security: make_server_info_sam() failed with 
'NT_STATUS_NO_SUCH_USER'
[2005/03/01 18:12:11, 5] auth/auth.c:check_ntlm_password(271)
  check_ntlm_password: sam authentication for user [testuser1] FAILED 
with error NT_STATUS_NO_SUCH_USER
[2005/03/01 18:12:11, 3] auth/auth_winbind.c:check_winbind_security(80)
  check_winbind_security: Not using winbind, requested domain [TESTDM] 
was for this SAM.
[2005/03/01 18:12:11, 10] auth/auth.c:check_ntlm_password(259)
  check_ntlm_password: winbind had nothing to say
[2005/03/01 18:12:11, 2] auth/auth.c:check_ntlm_password(312)
  check_ntlm_password:  Authentication for user [testuser1] -> 
[testuser1] FAILED with error NT_STATUS_NO_SUCH_USER
--

No idea what is missing. Thanks a lot for any hints.
Steve
Judicious snippage, post at the bottom.
I tried to let Samba authenticate against LDAP but could not figure 
out how to build the LDAP tree for Samba.

Fedora core 2
Samba 3.0.10
OpenLDAP 2.1.29
dc=mydomain
 |
 `--- ou=People: to store user accounts for Unix and Windows
 |
 `--- ou=Hosts : to store computer accounts for UNIXX & Windows
 |
 `--- ou=Groups: to store system groups for Unix and Windows
What I did were:

   [global]
workgroup = TESTDM
passdb backend = ldapsam:ldap://10.10.0.101/
log level = 1 passdb:8 auth:8
domain logons = Yes
wins support = Yes
ldap admin dn = cn=root,dc=mydomain
ldap delete dn = Yes
ldap group suffix = ou=Group
ldap machine suffix = ou=Hosts
ldap user suffix = ou=People
ldap suffix = dc=mfelc
ldap passwd sync = Yes
ldap ssl = no
3) start Samba server
4) run smbclient //smbserver -U myid
   Password:
   session setup failed: NT_STATUS_LOGON_FAILURE

Attached is the smbd.log, I deleted the normal log and keep failed 
messages as below:
  check_sam_security: Couldn't find user 'szeng' in passdb file.
auth/auth.c:check_ntlm_password(271)
  check_ntlm_password: sam authentication for user [szeng] FAILED with 
error NT_STATUS_NO_SUCH_USER

Is there anybody who might have some idea of what is wrong.

Yep.  You did nothing to create the samba attributes that will have to 
exist in each user account for the users to log in.   I suggest you read 
the documentation on setting up an LDAP/PDC system that is on the 
samba.org web site.  You've missed quite a few steps here, so you may 
want to read it through to get a complete idea.  Your solution is going 
to include the following:

1. Obtain and configure the smbldap-tools package.
2. Run the smbldap-populate script
3. Make sure you've got a sambaDomain (I think that's the object type) 
in the base of your DIT.
4. Join the machine to the domain (since you appear to want a domain setup)
4. Add samba attributes to each user's account.

Yes there are 2 #4 entries.  Doesn't matter which one comes first.  As 
far as I can remember, those will be the critical steps to not miss.   
If you've followed the documentation and not done those steps, you've 
missed something.


--
Regards,
Steve Zeng
Systems Administrator
Mainframe Entertainment Inc
T: (604) 628-1000 ext 5293
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Samba 3.0.11 Compile Error

[TAKEUHCI, Osamu]

Hello.

I'm trying to run Samba on HP-UX (IA64), but I can't compile Samba source.

I have this following packages:

Samba 3.0.11
libiconv 1.9.1
HP-UX 11.23 (IA64)

"configure" process is ok.
At "make" process, I encounters the parsing error. 

I attached the compile error log.
Do you have information how to compile Samba on HP-UX (IA64)?

-- 
Osamu Takeuchi
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Optimise Samba for MYOB

[Andrew Bartlett]

On Tue, 2005-03-01 at 07:30 +, Jackie Chan wrote:
> First a short background of the situation,
> 
> My work ran a MYOB file from a MS 2000 server.  They were getting problems 
> such as the,
> 
> "cannot send messages to so-and-so.  blah blah blah..."
> 
> They were planning to upgrade to MS 2003 in an attempt to eradicate all 
> error messages and remove the lag sometimes experienced when opening a large 
> list.

Is this a suggestion by MYOB's vendor, or just a hunch?

> Since i am a linux fan i suggested giving samba 3.0.11 a try, i was 
> convinced it would be an improvement.  After all Linux is the best right.

Samba emulates windows as closely as possible in areas of protocol
correctness, which in particular includes locking correctness.  While
Samba does allow more tweaks (in particular, it can deny oplocks on a
more granular basis) the locking behaviour (which is almost certainly to
blame for both MYOB issues this week) is identical.

The only thing I would suggest (which would be in common to both
systems) is to look very, very carefully at your network gear.  Most
reports of bad Samba performance are due to latency inflicted by poor
quality NICs and switches.  I have seen this on my network with other
locking-intensive applications.  

The money spent on Intel, or even Netgear FA-311 NICs, and *decent*
switches will be well worth it.  Ditch the RTL8139 cards as fast as you
can.  We have had good luck with the non-toy Dlink switches, and very
bad luck with anything cheaper.

Otherwise, as the performance problems are general to networked MYOB, I
suggest you instead chase the vendor.  

I realise everybody is in a rush, and it is coming up to tax time again
(at least for those who have Australian accountants :-), but as it
matches windows, I'm not sure we can help other than the oplock settings
you already use.

Andrew Bartlett

-- 
Andrew Bartletthttp://samba.org/~abartlet/
Authentication Developer, Samba Team   http://samba.org
Student Network Administrator, Hawker College  http://hawkerc.net


signature.asc
Description: This is a digitally signed message part
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Seeking Good Documentation for... (freebsd+ldap+samba(pdc)+kerberos)

[Thomas M. Skeren III]

Andrew Bartlett wrote:
On Tue, 2005-03-01 at 17:37 -0800, Thomas M. Skeren III wrote:
 

Andrew Bartlett wrote:
I've got it up with two way trusts to a w2k domain everything over a
ipsec vlan:
   

The kerberos stuff I refer to is all 'unix' (linking Samba and Heimdal
kerberos), I don't run windows servers in production, so I can't help
you on that side of things.  

Who is the kerberos for the benefit of?
 

Dunno.  I kinda hopped into the middle of the conversation.  Only thing 
I can think is that a samba server is authenticating off of w2k/w2k3.  
It hasn't come up in my trust stuff.  Just trying to help a FBSD user.  
No reason for someone else to have my forehead whelts.  ;-)

TMS III
Andrew Bartlett
 

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

RE: [Samba] Netbench controller crashs

[Kaplan, Marc]

Do you have another fileserver, perhaps a Windows box that you could
test this against? It really doesn't sound like a Samba problem, and if
you can rule that out, you should submit a bug to Veritest (who wrote
the NetBench software).

I have run multiple engines per client before without a problem, though
I have not done so recently.

-Marc

> -Original Message-
> From: [EMAIL PROTECTED]
[mailto:samba-
> [EMAIL PROTECTED] On Behalf Of Ephi
Dror
> Sent: Tuesday, March 01, 2005 4:28 PM
> To: samba@lists.samba.org
> Subject: [Samba] Netbench controller crashs
> 
> Hi All,
> 
> I'm running netbench against our samba based filer and having I
believe
> a controller problem.
> 
> When I configure the test to run multiple engines per client (about 5
in
> my case) and about 20 clients so all together I  have 100 engines, the
> controller  crashes.
> 
> My clients are a mix of NT4, winxp and win2000 systems.
> 
> If I run the controller on windows 2003, the controller simply quit
and
> all my netbench clients are terminating.
> 
> If I run the controller on winxp system, I am getting the familiar
> dialog box telling me:
> 
> "Controller MFC Application has encountered a problem and needs to
> close. We are sorry for the incovenenience." and of course if I want
to
> send error report to Microsoft...
> 
> It is pretty random   when it crashes. Sometimes at the beginning of
the
> test, sometimes later.
> 
> Has anyone else see similar problems with running netbench?
> 
> Is there anything special I need to do in smb.conf or so?
> 
> Is there any work around?
> 
> Your help is really appreciated.
> 
> Please advise,
> 
> Cheers,
> Ephi
> 
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/listinfo/samba
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Seeking Good Documentation for... (freebsd+ldap+samba(pdc)+kerberos)

[Andrew Bartlett]

On Tue, 2005-03-01 at 17:37 -0800, Thomas M. Skeren III wrote:
> Andrew Bartlett wrote:
> 
> I've got it up with two way trusts to a w2k domain everything over a
> ipsec vlan:

The kerberos stuff I refer to is all 'unix' (linking Samba and Heimdal
kerberos), I don't run windows servers in production, so I can't help
you on that side of things.  

Who is the kerberos for the benefit of?

Andrew Bartlett

-- 
Andrew Bartletthttp://samba.org/~abartlet/
Authentication Developer, Samba Team   http://samba.org
Student Network Administrator, Hawker College  http://hawkerc.net


signature.asc
Description: This is a digitally signed message part
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Seeking Good Documentation for... (freebsd+ldap+samba(pdc)+kerberos)

[Thomas M. Skeren III]

Andrew Bartlett wrote:
I've got it up with two way trusts to a w2k domain everything over a 
ipsec vlan:

s: 3.0.10 ports build
FBSD: 5.3
etc.   Any specific questions?
On Tue, 2005-03-01 at 15:43 -0800, Chris Lawder wrote:
 

... Setting up a Samba PDC with the following:
FreeBSD 5.3
Samba 3.0.x
OpenLDAP 2.2.x
Kerberos (Heimdal)
   

Have you read:
https://sec.miljovern.no/bin/view/Info/HeimdalKerberosSambaAndOpenLdap
Also, Howard Chu has a module in current OpenLDAP called smbk5pwd, which
was constructed to allow LDAP to 'set' all the different password types.
(Unfortunately I don't use it yet, despite being the person it was
constructed for...)
Andrew Bartlett
 

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Seeking Good Documentation for... (freebsd+ldap+samba(pdc)+kerberos)

[Andrew Bartlett]

On Tue, 2005-03-01 at 15:43 -0800, Chris Lawder wrote:
> ... Setting up a Samba PDC with the following:
> 
> FreeBSD 5.3
> Samba 3.0.x
> OpenLDAP 2.2.x
> Kerberos (Heimdal)

Have you read:

https://sec.miljovern.no/bin/view/Info/HeimdalKerberosSambaAndOpenLdap

Also, Howard Chu has a module in current OpenLDAP called smbk5pwd, which
was constructed to allow LDAP to 'set' all the different password types.
(Unfortunately I don't use it yet, despite being the person it was
constructed for...)

Andrew Bartlett

-- 
Andrew Bartletthttp://samba.org/~abartlet/
Authentication Developer, Samba Team   http://samba.org
Student Network Administrator, Hawker College  http://hawkerc.net


signature.asc
Description: This is a digitally signed message part
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Permission Denied with updated version of Samba

[Ryan Novosielski]

I would suggest you first look at your logfiles. This should give you SOME 
kind of clue. Turn up the log level if need be.

 _  _ _  _ ___  _  _  _
|Y#| |  | |\/| |  \ |\ |  |  | Ryan Novosielski - User Support Spec. III
|$&| |__| |  | |__/ | \| _|  | [EMAIL PROTECTED] - 973/972.0922 (2-0922)
\__/ Univ. of Med. and Dent. | IST/ACS - NJMS Medical Science Bldg - C630
On Tue, 1 Mar 2005, Mark Kunkel wrote:
I have changed from using samba version 2.0.3 running on SCO OpenServer 5 to
samba version 3.0.11 running on RedHat 8.0
My client computer is Windows XP. The problem also exists on Windows NT. The
Windows XP computer has MKS Toolkit 8.7 The Windows NT computer has
NuTCRACKER 4.2 These products provide Unix APIs to aid in porting
applications from Unix to Windows.
From my command shell, I can issue a cat command to list the contents of a
file, which exists on my server just fine. If however I try to open that
same file programatically, then, I get a permission denied error.
I have included a copy of the smb.conf file at then end of this email.
Any suggestions as to what could be wrong, and how to correct it. It seems
that this is a problem with the samba software, unless of course the MKS or
NuTCRACKER software exploited some previous bug that has now been fixed.
My hope is that I can change some setting in the samba to correct this.
Thank you for any assistance.
Mark
## smb.conf ###
# Samba config file created using SWAT
# from 0.0.0.0 (0.0.0.0)
# Date: 2005/02/25 09:25:14
# Global parameters
[global]
workgroup = IMMNET
server string = Samba Server
encrypt passwords = No
log file = /usr/local/samba/var/log.%m
max log size = 50
printcap name = lpstat
os level = 0
preferred master = No
local master = No
domain master = No
dns proxy = No
wins server = srvtrn01
create mask = 0775
case sensitive = Yes
[homes]
comment = Home Directories
read only = No
browseable = No
[hdrive]
comment = /h on enfs03
path = /h
write list = @D504_kgs, @D506_beh, kmp
read only = No
force create mode = 0444
force directory mode = 0555
hide dot files = No
delete readonly = Yes
fake directory create times = Yes
[printers]
comment = All Printers
path = /usr/spool/samba
printable = Yes
browseable = No
[tmp]
comment = Temporary file space
path = /tmp
read only = No
guest ok = Yes
[backup]
path = /backup
write list = @D504_kgs, @D506_beh, kmp
read only = No
force create mode = 0444
force directory mode = 0555
hide dot files = No
delete readonly = Yes
fake directory create times = Yes

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Netbench controller crashs

[Ephi Dror]

Hi All,
 
I'm running netbench against our samba based filer and having I believe
a controller problem.
 
When I configure the test to run multiple engines per client (about 5 in
my case) and about 20 clients so all together I  have 100 engines, the
controller  crashes. 
 
My clients are a mix of NT4, winxp and win2000 systems.
 
If I run the controller on windows 2003, the controller simply quit and
all my netbench clients are terminating.
 
If I run the controller on winxp system, I am getting the familiar
dialog box telling me:
 
"Controller MFC Application has encountered a problem and needs to
close. We are sorry for the incovenenience." and of course if I want to
send error report to Microsoft...
 
It is pretty random   when it crashes. Sometimes at the beginning of the
test, sometimes later.
 
Has anyone else see similar problems with running netbench?
 
Is there anything special I need to do in smb.conf or so?
 
Is there any work around?
 
Your help is really appreciated.
 
Please advise,
 
Cheers,
Ephi
 
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Seeking Good Documentation for... (freebsd+ldap+samba(pdc)+kerberos)

[Chris Lawder]

... Setting up a Samba PDC with the following:
FreeBSD 5.3
Samba 3.0.x
OpenLDAP 2.2.x
Kerberos (Heimdal)
Would like LDAP to take care of both posixAccount(s) and 
sambaSamAccount(s). Posix account via nsswitch+pam_ldap.

Hope to find one complete documentation that describes this setup from 
scratch, start to finish. A Ports style install of all packages is fine 
but I can download, compile and install packages by hand if needed.

Problem I am currently having is that I can set up a kerberos server and 
an ldap server, access both and use ldap for authentication to both the 
system and samba. I can add users via smbpasswd and use those users (in 
ldap) to access shares. Where I run into problems is trying to add 
computers (Windows 2kPro) from the windows systems. Have tried much 
playing around at this point but am unable to figure out the 
configuration that allows for this.

I have been working from the O'Reilly LDAP book and various differing 
documentation I have found on the net. The O'Reilly book describes a 
Samba 2.x style samba.schema but I have moved to a 3.x samba.schema set 
up now as I attempt to learn this. My current Kerb/LDAP server is 
FreeBSD 5.3. The Samba PDC is Slackware 10 and it's lack of PAM support 
is possibly causing some issues but do not know for sure. I want to drop 
Slackware at this point and make the PDC FreeBSD 5.3 as well. I want to 
keep the Kerb/LDAP server separate from the PDC. I don't have the 
resources to separate the Kerberos and LDAP servers at this time.

I hope to have documentation that describes setting up the needed ldap 
containers and how to populate them. I have worked from the samba.org 
documentation too but found I got stuck at a few points. This 
documentation shows me ldif examples of how records should look but I 
didn't get a good idea of how to add these records. I didn't believe 
that copying those and ldapadd(ing) them would be best due to wrong data 
in fields such as sambaNTPassword and sambaLMPassword. Maybe I wasn't 
looking in the right places of the samba.org docs?

I hope this well describes what I am hoping to find. Thank you all in 
advance.

Chris
--
Number 41 Media Corporation
Suite 103 - 645 Fort Street
Victoria BC V8W 1G2
T 250.414.0410
F 250.414.0411
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] SuSE9.2 Client to AD 2003

[Nerijus Baliunas]

On Tue, 1 Mar 2005 17:45:29 -0500 Elijah Savage <[EMAIL PROTECTED]> wrote:

> I have been pulling my hairs out about this for a while now. Running the
> latest version of SuSE with all patches applied, I have my machine
> joined to the domain no problem. But when I go to use mount -t smbfs I
> get this error.
> 
> Mounting share failed, smbmnt must be installed suid root for direct
> user mounts (1000,1000) smbmnt failed:1
> 
> Of course I hit Google and the list archives first before asking here

So you should have found that smbfs is not samba, but kernel question.
Wrong list here.

> and tried a few things first like
> 
> Chmod +s smbmnt and also making sure the kernel was compiled to support
> smbfs file system.
> 
> Can anyone in here save me a few hairs and point me to some help or
> offer some guidance before I pull what is left of my hair out :)

I'd suggest trying cifs instead of smbfs.

Regards,
Nerijus
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Audit Trail/Logging For Network Logons and Logoffs

[Andrew Bartlett]

On Fri, 2005-02-25 at 12:51 -0700, Gene Cooper wrote:
> Hi Folks,
> 
> I have searched the archives and the web for this issue, but I haven't found
> an answer.
> 
> I need to be able to log or audit the network access of our network users.
> This information needs to be used in conjuction with a time and attendance
> punch clock.
> 
> I have seen much discussion of using preexec and postexec for obtaining a
> network access log.  However, my testing has shown this as unreliable.  It
> seems Windows logs in and logs out at (nearly) random and the collected
> information seems useless as I haven't discovered a useful way to collect or
> parse the collected information.  I have tested on various shares as well. 

The best you will get is the utmp information, as this is more accurate
than the per-share info (due to multiple users of a given share).

I've long proposed to implement 'session exec' scripts for this purpose,
but never got around to it (and I don't do Samba3 any more).

However, if you read the discussion that occurred last year on
'preventing multiple simultaneous logons', you will see why this is so,
so hard to get right.

Andrew Bartlett

-- 
Andrew Bartletthttp://samba.org/~abartlet/
Authentication Developer, Samba Team   http://samba.org
Student Network Administrator, Hawker College  http://hawkerc.net


signature.asc
Description: This is a digitally signed message part
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] SuSE9.2 Client to AD 2003

[Elijah Savage]

I have been pulling my hairs out about this for a while now. Running the
latest version of SuSE with all patches applied, I have my machine
joined to the domain no problem. But when I go to use mount -t smbfs I
get this error.

Mounting share failed, smbmnt must be installed suid root for direct
user mounts (1000,1000) smbmnt failed:1

Of course I hit Google and the list archives first before asking here
and tried a few things first like

Chmod +s smbmnt and also making sure the kernel was compiled to support
smbfs file system.

Can anyone in here save me a few hairs and point me to some help or
offer some guidance before I pull what is left of my hair out :)

Thank you
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Domain Tursts Revisited

[Tom Skeren]

OK Jerry, I think I got it sorted.  The documentation in Chap 17 says:
   Problems With LDAP ldapsam And The smbldap-tools
   If you use the smbldap-useradd.pl script to create a trust account 
to set up Interdomain trusts the process of setting up the trust 
will fail. The account that was created in the LDAP database will have 
an account flags field that has [W ], when it must have [I ] for 
Interdomain trusts to work.

   Answer: Here is a simple solution. Create a machine account as follows:
   root#  smbldap-useradd.pl -w domain_name
   Then set the desired trust account password as shown here:
   root#  smbldap-passwd.pl domain_name\$
I think it needs to be clear that domain_name here is the NetBIOS name 
of the w2k domain and not the samba domain.

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

RE: [Samba] Problem with 3.0.10 and 3.0.11 with 1 smbd process using99% cpu

[Kaplan, Marc]

I have this same problem on 3.0.10, and I also "fixed" it by deleting
the tdbs. My problem, had nothing to do with printing, it was happening
once I started winbindd with security = ADS. 

Jerry, what would we need to do to track this bug down in the tdb code?
I have logs at level 10, ltrace output, and a backtrace.

Do you think that there were changes made to the tdb code in 3.0.12 that
might fix this?

-Marc

> -Original Message-
> From: [EMAIL PROTECTED]
[mailto:samba-
> [EMAIL PROTECTED] On Behalf Of John C.
> Hennessy
> Sent: Tuesday, March 01, 2005 12:07 PM
> To: samba@lists.samba.org
> Cc: [EMAIL PROTECTED]
> Subject: Re: [Samba] Problem with 3.0.10 and 3.0.11 with 1 smbd
process
> using99% cpu
> 
> Just to let everyone know I was able to fix the problem. I cleaned out
> the tdb files which appearntly had been corrupted.
> 
> -John
> 
> John C. Hennessy wrote:
> 
> > I've been having problems since updating to samba 3.0.10 on Debian
3.1
> > Below is the output of ltrace and gdb on the offending smbd process.
> > I tried upgrading to 3.0.11 and the problem still exists. Anyone
have
> > any suggestions?
> >
> >
> > [ltrace output]
> > After about 20 seconds on the processes ltrace loops this
> >
> > iconv(0x82cecc8, 0xb218, 0xb21c, 0xb220, 0xb224) =
-1
> > __errno_location()   = 0x403ac560
> > iconv(0x82cecc8, 0, 0, 0, 0) = 0
> > __errno_location()   = 0x403ac560
> > iconv(0x82cecc8, 0xb218, 0xb21c, 0xb220, 0xb224) =
-1
> > __errno_location()   = 0x403ac560
> > iconv(0x82cecc8, 0, 0, 0, 0) = 0
> > __errno_location()   = 0x403ac560
> > iconv(0x82cecc8, 0xb218, 0xb21c, 0xb220, 0xb224) =
-1
> > __errno_location()   = 0x403ac560
> > iconv(0x82cecc8, 0, 0, 0, 0) = 0
> > __errno_location()   = 0x403ac560
> > iconv(0x82cecc8, 0xb218, 0xb21c, 0xb220, 0xb224) =
-1
> > __errno_location()   = 0x403ac560
> > iconv(0x82cecc8, 0, 0, 0, 0) = 0
> > __errno_location()   = 0x403ac560
> >
> > [gdb backtrace]
> > Attaching to program: /usr/sbin/smbd, process 10657
> > 
> > 0x40202cf9 in memcpy () from /lib/tls/libc.so.6
> > (gdb) bt
> > #0  0x40202cf9 in memcpy () from /lib/tls/libc.so.6
> > #1  0x081ac059 in tdb_set_lock_alarm ()
> > #2  0x081ac20d in tdb_set_lock_alarm ()
> > #3  0x081ad49b in tdb_exists ()
> > #4  0x081ad6e3 in tdb_traverse ()
> > #5  0x081b4a79 in pjob_delete ()
> > #6  0x081b4f61 in pjob_delete ()
> > #7  0x081a450b in message_dispatch ()
> > #8  0x081b5186 in start_background_queue ()
> > #9  0x081ffd62 in main ()
> > (gdb)
> >
> > John C. Hennessy
> > President/CTO
> > HNK Technology Solutions, Inc.
> >
> >
> >
> 
> 
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/listinfo/samba
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Permission Denied with updated version of Samba

[Mark Kunkel]

I have changed from using samba version 2.0.3 running on SCO OpenServer 5 to
samba version 3.0.11 running on RedHat 8.0

My client computer is Windows XP. The problem also exists on Windows NT. The
Windows XP computer has MKS Toolkit 8.7 The Windows NT computer has
NuTCRACKER 4.2 These products provide Unix APIs to aid in porting
applications from Unix to Windows.

>From my command shell, I can issue a cat command to list the contents of a
file, which exists on my server just fine. If however I try to open that
same file programatically, then, I get a permission denied error.

I have included a copy of the smb.conf file at then end of this email.

Any suggestions as to what could be wrong, and how to correct it. It seems
that this is a problem with the samba software, unless of course the MKS or
NuTCRACKER software exploited some previous bug that has now been fixed.

My hope is that I can change some setting in the samba to correct this.

Thank you for any assistance.

Mark

## smb.conf ###

# Samba config file created using SWAT
# from 0.0.0.0 (0.0.0.0)
# Date: 2005/02/25 09:25:14

# Global parameters
[global]
workgroup = IMMNET
server string = Samba Server
encrypt passwords = No
log file = /usr/local/samba/var/log.%m
max log size = 50
printcap name = lpstat
os level = 0
preferred master = No
local master = No
domain master = No
dns proxy = No
wins server = srvtrn01
create mask = 0775
case sensitive = Yes

[homes]
comment = Home Directories
read only = No
browseable = No

[hdrive]
comment = /h on enfs03
path = /h
write list = @D504_kgs, @D506_beh, kmp
read only = No
force create mode = 0444
force directory mode = 0555
hide dot files = No
delete readonly = Yes
fake directory create times = Yes

[printers]
comment = All Printers
path = /usr/spool/samba
printable = Yes
browseable = No

[tmp]
comment = Temporary file space
path = /tmp
read only = No
guest ok = Yes

[backup]
path = /backup
write list = @D504_kgs, @D506_beh, kmp
read only = No
force create mode = 0444
force directory mode = 0555
hide dot files = No
delete readonly = Yes
fake directory create times = Yes




-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Problem with 3.0.10 and 3.0.11 with 1 smbd process using 99% cpu

[John C. Hennessy]

Just to let everyone know I was able to fix the problem. I cleaned out 
the tdb files which appearntly had been corrupted.

-John
John C. Hennessy wrote:
I've been having problems since updating to samba 3.0.10 on Debian 3.1
Below is the output of ltrace and gdb on the offending smbd process.
I tried upgrading to 3.0.11 and the problem still exists. Anyone have 
any suggestions?

[ltrace output]
After about 20 seconds on the processes ltrace loops this
iconv(0x82cecc8, 0xb218, 0xb21c, 0xb220, 0xb224) = -1
__errno_location()   = 0x403ac560
iconv(0x82cecc8, 0, 0, 0, 0) = 0
__errno_location()   = 0x403ac560
iconv(0x82cecc8, 0xb218, 0xb21c, 0xb220, 0xb224) = -1
__errno_location()   = 0x403ac560
iconv(0x82cecc8, 0, 0, 0, 0) = 0
__errno_location()   = 0x403ac560
iconv(0x82cecc8, 0xb218, 0xb21c, 0xb220, 0xb224) = -1
__errno_location()   = 0x403ac560
iconv(0x82cecc8, 0, 0, 0, 0) = 0
__errno_location()   = 0x403ac560
iconv(0x82cecc8, 0xb218, 0xb21c, 0xb220, 0xb224) = -1
__errno_location()   = 0x403ac560
iconv(0x82cecc8, 0, 0, 0, 0) = 0
__errno_location()   = 0x403ac560
[gdb backtrace]
Attaching to program: /usr/sbin/smbd, process 10657

0x40202cf9 in memcpy () from /lib/tls/libc.so.6
(gdb) bt
#0  0x40202cf9 in memcpy () from /lib/tls/libc.so.6
#1  0x081ac059 in tdb_set_lock_alarm ()
#2  0x081ac20d in tdb_set_lock_alarm ()
#3  0x081ad49b in tdb_exists ()
#4  0x081ad6e3 in tdb_traverse ()
#5  0x081b4a79 in pjob_delete ()
#6  0x081b4f61 in pjob_delete ()
#7  0x081a450b in message_dispatch ()
#8  0x081b5186 in start_background_queue ()
#9  0x081ffd62 in main ()
(gdb)
John C. Hennessy
President/CTO
HNK Technology Solutions, Inc.


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Samba 3.0.12pre1 build failure

[Rex Dieter]

Jay Fenlason wrote:
On Tue, Mar 01, 2005 at 12:57:54PM -0600, Rex Dieter wrote:
Gerald (Jerry) Carter wrote:
Rex Dieter wrote:
|> $ grep interpret_long_unix_date */*.[ch]
|
| It's there in samba-3.0.12pre1/source/smbd/trans2.c:
| BUILD/samba-3.0.12pre1/source $grep -r interpret_long_unix_date *
| smbd/trans2.c:  tvs.actime =
| interpret_long_unix_date(pdata+8);
| smbd/trans2.c:  write_time =
| interpret_long_unix_date(pdata+16);
| smbd/trans2.c:  changed_time =
| interpret_long_unix_date(pdata+24);
That's not our 3.0.12pre1 I don't think.  Did you get it

from Fedora ?
I downloaded the source from us4.samba.org.
I'll go get it again, and compare.

Is your spec file applying the 64bit_timestamps patch?  As of
3.0.12pre1 it's obsolete, because interpret_date() changed.
Bingo.  My fault for not seeing the file in question had been patched.
OK everyone, move along... nothing to see here.
-- Rex
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Access Problems

[Harry Knitter]

Hello,

I have a very strange access problem, and do not know how to get rid of it.

We have a server with a Raid 1 installed running under SuSE 9.2 (Samba 
3.0.9-2.3).
There are some shares where several users need access to. The permissions of 
the directories are
rwxrwxr-x  user1   users

when files on that shares are accessed by a Windows Client a strange behaviour 
occurs.
Accessing files with Excel or Access (opening changing and saving them) 
results in a change oft the permissions, so that the group doesn´t have write 
permissions any more. The same change of permissions occurs when a Backup 
over the LAN from a Windows Client is made of these directories.
Other programs like Word or Notepad leave the permissions alone.
First I thought ist was a problem of Posix ACLs that I first had set to the 
whole home-directory (see my mail a few days ago).
However, the problem remained after deleting these ACLs and the default ACL I 
had set to the home-directory.
I have tried a lot of things, but couldn´t get the problem solved.

Another strange thing I observed ist that different users belonging to the 
same group get different permissions for new files.
some have
rw-rw-rw 
others
rw-r--r--
others
rw-rw-r--
in their home-directories (share [homes])
I hope anyone can help me. I´m really desperate.

Harry


Here is the whole smb.conf
# Samba config file created using SWAT
# from 127.0.0.1 (127.0.0.1)
# Date: 2005/03/01 14:46:24

# Global parameters
[global]
workgroup = MYDOMAIN.LOCAL
interfaces = eth0
bind interfaces only = Yes
map to guest = Never
username map = /etc/samba/smbusers
log level = 1
syslog = 5
time server = Yes
printcap name = CUPS
add user script = /usr/sbin/useradd -d /dev/null -g 100 -s /bin/false 
-M %u
add machine script = /usr/sbin/useradd -g 100 -s /bin/false -M %u
logon drive = H:
domain logons = Yes
os level = 64
preferred master = Yes
domain master = Yes
ldap ssl = no
admin users = @ntadmin, root, administrator
printer admin = user1, user2
hosts allow = 192.168.0.0/255.255.255.0
profile acls = Yes
veto files = /*.eml/*.nws/riched20.dll/*.{*}/

[homes]
comment = %Us Daten auf  %L
valid users = %S
read only = No
create mask = 0770
directory mask = 0770
browseable = No
inherit acls = yes
map archive = no

[printers]
comment = All Printers
path = /var/tmp
create mask = 0600
printable = Yes
browseable = No

[print$]
comment = Printer Drivers
path = /var/lib/samba/drivers
write list = @ntadmin, root
force group = ntadmin
create mask = 0664
directory mask = 0775

[daten]
comment = Alle Daten auf %L
path = /home
valid users = user1,user2, administrator, root
admin users = administrator, root
read only = No
map archive = no
[test]
comment = Alle Daten auf %L
path = /test
admin users = administrator, root
read only = No
map archive = no

[netlogon]
path = /home/netlogon
write list = Administrator, root

[alles]
comment = Gemeinsame Dateien auf %L
path = /home/alle
admin users = administrator, root
read only = No
create mask = 0777
directory mask = 0777
inherit acls = no
map archive = no

[db]
comment = Datenbank
path = /home/db
read only = No
create mask = 0777
directory mask = 0777
inherit acls = no
map archive = no

[Trumpf]
comment = Laser
path = /home/alle/Daten/Trumpf
read only = No
create mask = 0777
directory mask = 0777
map archive = no

[GL]
path = /home/chefs
valid users = user1,user2, administrator
admin users = administrator
read only = No
create mask = 0770
directory mask = 0770
map archive = no

[install]
path = /home/install
read only = No
create mask = 0777
directory mask = 0777
map archive = no

[Office]
path = /home/install/Office
create mask = 0777
directory mask = 0777
map archive = no

[OfficePro]
path = /home/install/OfficePro
create mask = 0777
directory mask = 0777
map archive = no

[fs1000]
comment = Kyocera Mita FS-1000+
path = /var/tmp
read only = No
create mask = 0600
printable = Yes
printer name = fs1000
oplocks = No
share modes = No
[pdf]
comment = PDF creator
path = /var/tmp
printable = Yes
print command = /usr/bin/smbprngenpdf -J '%J' -c %c -s %s -u '%u' -z %z
create mask = 0600


-- 
Dr. Harry Knitter
Hans-Herold-St

Re: [Samba] Samba 3.0.12pre1 build failure

[Jay Fenlason]

On Tue, Mar 01, 2005 at 12:57:54PM -0600, Rex Dieter wrote:
> Gerald (Jerry) Carter wrote:
> >Rex Dieter wrote:
> >
> >|> $ grep interpret_long_unix_date */*.[ch]
> >|
> >| It's there in samba-3.0.12pre1/source/smbd/trans2.c:
> >| BUILD/samba-3.0.12pre1/source $grep -r interpret_long_unix_date *
> >| smbd/trans2.c:  tvs.actime =
> >| interpret_long_unix_date(pdata+8);
> >| smbd/trans2.c:  write_time =
> >| interpret_long_unix_date(pdata+16);
> >| smbd/trans2.c:  changed_time =
> >| interpret_long_unix_date(pdata+24);
> >
> >That's not our 3.0.12pre1 I don't think.  Did you get it
> >from Fedora ?
> 
> I downloaded the source from us4.samba.org.
> 
> I'll go get it again, and compare.

Is your spec file applying the 64bit_timestamps patch?  As of
3.0.12pre1 it's obsolete, because interpret_date() changed.

-- JF
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] ACL Question [Repost]

[David Sonenberg]

Thought it might help to have some debugging info:
smbcacls //localhost/work for_david -a 
ACL:STROZLLC\dsonenberg:ALLOWED/0/RWX -Udsonenberg -d9
Password:
INFO: Current debug levels:
  all: True/9
  tdb: False/0
  printdrivers: False/0
  lanman: False/0
  smb: False/0
  rpc_parse: False/0
  rpc_srv: False/0
  rpc_cli: False/0
  passdb: False/0
  sam: False/0
  auth: False/0
  winbind: False/0
  vfs: False/0
  idmap: False/0
  quota: False/0
  acls: False/0
Connecting to host=localhost
Opening cache file at /var/cache/samba/gencache.tdb
name localhost#20 found.
Connecting to 127.0.0.1 at port 445
socket option SO_KEEPALIVE = 0
socket option SO_REUSEADDR = 0
socket option SO_BROADCAST = 0
socket option TCP_NODELAY = 1
socket option IPTOS_LOWDELAY = 0
socket option IPTOS_THROUGHPUT = 0
socket option SO_SNDBUF = 50232
socket option SO_RCVBUF = 87408
socket option SO_SNDLOWAT = 1
socket option SO_RCVLOWAT = 1
socket option SO_SNDTIMEO = 0
socket option SO_RCVTIMEO = 0
write_socket(4,183)
write_socket(4,183) wrote 183
size=127
smb_com=0x72
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=136
smb_flg2=51201
smb_tid=0
smb_pid=31691
smb_uid=0
smb_mid=1
smt_wct=17
smb_vwv[ 0]=7 (0x7)
smb_vwv[ 1]=12803 (0x3203)
smb_vwv[ 2]=  256 (0x100)
smb_vwv[ 3]= 1024 (0x400)
smb_vwv[ 4]=   65 (0x41)
smb_vwv[ 5]=0 (0x0)
smb_vwv[ 6]=  256 (0x100)
smb_vwv[ 7]=52480 (0xCD00)
smb_vwv[ 8]=  123 (0x7B)
smb_vwv[ 9]=64768 (0xFD00)
smb_vwv[10]=32995 (0x80E3)
smb_vwv[11]=32896 (0x8080)
smb_vwv[12]=56752 (0xDDB0)
smb_vwv[13]=36907 (0x902B)
smb_vwv[14]=50462 (0xC51E)
smb_vwv[15]=11265 (0x2C01)
smb_vwv[16]=14849 (0x3A01)
smb_bcc=58
size=127
smb_com=0x72
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=136
smb_flg2=51201
smb_tid=0
smb_pid=31691
smb_uid=0
smb_mid=1
smt_wct=17
smb_vwv[ 0]=7 (0x7)
smb_vwv[ 1]=12803 (0x3203)
smb_vwv[ 2]=  256 (0x100)
smb_vwv[ 3]= 1024 (0x400)
smb_vwv[ 4]=   65 (0x41)
smb_vwv[ 5]=0 (0x0)
smb_vwv[ 6]=  256 (0x100)
smb_vwv[ 7]=52480 (0xCD00)
smb_vwv[ 8]=  123 (0x7B)
smb_vwv[ 9]=64768 (0xFD00)
smb_vwv[10]=32995 (0x80E3)
smb_vwv[11]=32896 (0x8080)
smb_vwv[12]=56752 (0xDDB0)
smb_vwv[13]=36907 (0x902B)
smb_vwv[14]=50462 (0xC51E)
smb_vwv[15]=11265 (0x2C01)
smb_vwv[16]=14849 (0x3A01)
smb_bcc=58
Serverzone is 18000
Doing spnego session setup (blob length=58)
got OID=1 3 6 1 4 1 311 2 2 10
got principal=NONE
write_socket(4,166)
write_socket(4,166) wrote 166
size=290
smb_com=0x73
smb_rcls=22
smb_reh=0
smb_err=49152
smb_flg=136
smb_flg2=51201
smb_tid=0
smb_pid=31691
smb_uid=0
smb_mid=2
smt_wct=4
smb_vwv[ 0]=  255 (0xFF)
smb_vwv[ 1]=0 (0x0)
smb_vwv[ 2]=0 (0x0)
smb_vwv[ 3]=  193 (0xC1)
smb_bcc=247
size=290
smb_com=0x73
smb_rcls=22
smb_reh=0
smb_err=49152
smb_flg=136
smb_flg2=51201
smb_tid=0
smb_pid=31691
smb_uid=0
smb_mid=2
smt_wct=4
smb_vwv[ 0]=  255 (0xFF)
smb_vwv[ 1]=0 (0x0)
smb_vwv[ 2]=0 (0x0)
smb_vwv[ 3]=  193 (0xC1)
smb_bcc=247
Got challenge flags:
Got NTLMSSP neg_flags=0x60890215
  NTLMSSP_NEGOTIATE_UNICODE
  NTLMSSP_REQUEST_TARGET
  NTLMSSP_NEGOTIATE_SIGN
  NTLMSSP_NEGOTIATE_NTLM
  NTLMSSP_NEGOTIATE_NTLM2
  NTLMSSP_CHAL_TARGET_INFO
  NTLMSSP_NEGOTIATE_128
  NTLMSSP_NEGOTIATE_KEY_EXCH
NTLMSSP: Set final flags:
Got NTLMSSP neg_flags=0x60080215
  NTLMSSP_NEGOTIATE_UNICODE
  NTLMSSP_REQUEST_TARGET
  NTLMSSP_NEGOTIATE_SIGN
  NTLMSSP_NEGOTIATE_NTLM
  NTLMSSP_NEGOTIATE_NTLM2
  NTLMSSP_NEGOTIATE_128
  NTLMSSP_NEGOTIATE_KEY_EXCH
NTLMSSP challenge set by NTLM2
challenge is:
[000] E4 26 A7 6C EA B9 D6 E1   .&.l
NTLMSSP Sign/Seal - Initialising with flags:
Got NTLMSSP neg_flags=0x60080215
  NTLMSSP_NEGOTIATE_UNICODE
  NTLMSSP_REQUEST_TARGET
  NTLMSSP_NEGOTIATE_SIGN
  NTLMSSP_NEGOTIATE_NTLM
  NTLMSSP_NEGOTIATE_NTLM2
  NTLMSSP_NEGOTIATE_128
  NTLMSSP_NEGOTIATE_KEY_EXCH
write_socket(4,276)
write_socket(4,276) wrote 276
size=106
smb_com=0x73
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=136
smb_flg2=51201
smb_tid=0
smb_pid=31691
smb_uid=100
smb_mid=3
smt_wct=4
smb_vwv[ 0]=  255 (0xFF)
smb_vwv[ 1]=0 (0x0)
smb_vwv[ 2]=0 (0x0)
smb_vwv[ 3]=9 (0x9)
smb_bcc=63
size=106
smb_com=0x73
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=136
smb_flg2=51201
smb_tid=0
smb_pid=31691
smb_uid=100
smb_mid=3
smt_wct=4
smb_vwv[ 0]=  255 (0xFF)
smb_vwv[ 1]=0 (0x0)
smb_vwv[ 2]=0 (0x0)
smb_vwv[ 3]=9 (0x9)
smb_bcc=63
write_socket(4,88)
write_socket(4,88) wrote 88
size=54
smb_com=0x75
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=136
smb_flg2=51201
smb_tid=1
smb_pid=31691
smb_uid=100
smb_mid=4
smt_wct=3
smb_vwv[ 0]=  255 (0xFF)
smb_vwv[ 1]=0 (0x0)
smb_vwv[ 2]=1 (0x1)
smb_bcc=13
Connecting to host=localhost
name localhost#20 found.
Connecting to 127.0.0.1 at port 445
socket option SO_KEEPALIVE = 0
socket option SO_REUSEADDR = 0
socket option SO_BROADCAST = 0
socket option TCP_NODELAY = 1
socket option IPTOS_LOWDELAY = 0
socket option IPTOS_THROUGHPUT = 0
socket option SO_SNDBUF = 50232
socket option SO_RCVBUF = 87408
socket option SO_SNDLOWAT = 1
socket option SO_RCVLOWAT = 1
socket option SO_SNDTIMEO = 0
socket opti

Re: [Samba] Samba 3.0.12pre1 build failure

[Rex Dieter]

Gerald (Jerry) Carter wrote:
Rex Dieter wrote:
|> $ grep interpret_long_unix_date */*.[ch]
|
| It's there in samba-3.0.12pre1/source/smbd/trans2.c:
| BUILD/samba-3.0.12pre1/source $grep -r interpret_long_unix_date *
| smbd/trans2.c:  tvs.actime =
| interpret_long_unix_date(pdata+8);
| smbd/trans2.c:  write_time =
| interpret_long_unix_date(pdata+16);
| smbd/trans2.c:  changed_time =
| interpret_long_unix_date(pdata+24);
That's not our 3.0.12pre1 I don't think.  Did you get it
from Fedora ?
I downloaded the source from us4.samba.org.
I'll go get it again, and compare.
-- Rex
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Samba 3.0.12pre1 build failure

[Gerald (Jerry) Carter]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Rex Dieter wrote:
|> $ grep interpret_long_unix_date */*.[ch]
|
| It's there in samba-3.0.12pre1/source/smbd/trans2.c:
| BUILD/samba-3.0.12pre1/source $grep -r interpret_long_unix_date *
| smbd/trans2.c:  tvs.actime =
| interpret_long_unix_date(pdata+8);
| smbd/trans2.c:  write_time =
| interpret_long_unix_date(pdata+16);
| smbd/trans2.c:  changed_time =
| interpret_long_unix_date(pdata+24);
That's not our 3.0.12pre1 I don't think.  Did you get it
from Fedora ?
$ grep interpret_long_unix_date samba-3.0.12pre1/source/*.[ch]
?
| I'm building a slighty modified version from fedora-devel.
|
| Wierder still, it seemed to build fine on my rhel3 box,
| though I still  can't find where interpret_long_unix_date
| is defined.
I can't find it anywhere either.  This looks like a
Fedora specific thing.  Try the SRPM at
http://us4.samba.org/samba/ftp/Binary_Packages/Fedora/SRPMS/
Or maybe talk to the Fedora maintainers.


cheers, jerry
=
Alleviating the pain of Windows(tm)  --- http://www.samba.org
GnuPG Key- http://www.plainjoe.org/gpg_public.asc
"I never saved anything for the swim back." Ethan Hawk in Gattaca
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.2.5 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
iD8DBQFCJLmRIR7qMdg1EfYRAhmfAKCD58JrGsxO429FCy7ZPwv2nVI6NQCfZALw
Wr1PAsFR1ronsO1Dj4E/VFU=
=+7Wf
-END PGP SIGNATURE-
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] ACL Question [Repost]

[David Sonenberg]

Well, I'm not the only one who's experiencing this problem.  Does anyone 
out there have any ideas?  Is this a bug or just a misconfiguration. 
I'd really like to get this resolved.

Thomas Boutell wrote:
I experience similar symptoms with both 3.0.10-as-found-in-fedora-core-3
and samba-3.0.11. One difference is that I haven't been able to make
smbcacls get as far as denying permission. Shouldn't this command work?
smbcacls //localhost/research research1.txt -a 
ACL:AD\\MarketingGroup:ALLOWED/0/RWX -U AD\\administrator
Password:
Failed to parse ACL ACL:AD\MarketingGroup

Note that when I remove the -a to just list ACLs, it works fine, so a 
parsing error doesn't make much sense here:

[EMAIL PROTECTED] ~]# smbcacls //localhost/research research1.txt 
ACL:AD\\MarketingGroup:ALLOWED/0/RWX -U AD\\administrator
Password:
REVISION:1
OWNER:AD\salesperson1
GROUP:S-1-5-21-875667829-2241442456-3328505926-1130
ACL:AD\salesperson1:ALLOWED/0/RW
ACL:S-1-5-21-875667829-2241442456-3328505926-1130:ALLOWED/0/R
ACL:\Everyone:ALLOWED/0/R

Yes, I can use getfacl and setfacl successfully and yes, ACLs are enabled
in Samba and on the ext3 file system in question (POSIX ACLs).
Thanks for any information.
On Mon, 28 Feb 2005, David Sonenberg wrote:
OK so I've got samba-3.0.11 compiled with ACL support.  I've running 
2.4.25 with the ACL/ATTR patch applied.  I can read and set ACLS's 
using the getfacl/setfacl programs.  ldd /usr/sbin/smbd shows it's 
linked to libattr.so.1 and libacl.so.1.  I can read ACL with the 
smbcacls program, but when I try to set them I get:
ERROR:  Unable to open credentials file!

Also from the windows side, in the properties of a file in it show the 
users and groups for that file but it lists the perms is all blank, 
and when I try to change the perms I get a window labeled 'Security'  
with the message:
Unable to save premission changes on .
Access is denied.
--
David Sonenberg
Systems / Network Administrator
Stroz Friedberg, LLC
15 Maiden Lane
15th Floor
New York, NY 10038
Tel 212.981.6527
Fax 917.495.4918

This message is for the named person's use only.  It may contain 
confidential, proprietary or legally privileged information. No right 
to confidential or privileged treatment of this message is waived or 
lost by any error in transmission.  If you have received this message 
in error, please immediately notify the sender by e-mail or by 
telephone at 212.981.6540, delete the message and all copies from your 
system and destroy any hard copies.  You must not, directly or 
indirectly, use, disclose, distribute, print or copy any part of this 
message if you are not the intended recipient.
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

--
Thomas Boutell
Boutell.Com, Inc. http://www.boutell.com/

--
David Sonenberg
Systems / Network Administrator
Stroz Friedberg, LLC
15 Maiden Lane
15th Floor
New York, NY 10038
Tel 212.981.6527
Fax 917.495.4918
This message is for the named person's use only.  It may contain 
confidential, proprietary or legally privileged information. No right to 
confidential or privileged treatment of this message is waived or lost 
by any error in transmission.  If you have received this message in 
error, please immediately notify the sender by e-mail or by telephone at 
212.981.6540, delete the message and all copies from your system and 
destroy any hard copies.  You must not, directly or indirectly, use, 
disclose, distribute, print or copy any part of this message if you are 
not the intended recipient.
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] creating link to disk from Nautilis 2.2.4

[kkken]

Hi,
Sorry if this question has been asked before.
I have just installed Redhat 9 and am trying to set up a permanent link 
to another system running a Samba client. I can launch the network 
servers and get access to the disk(s). When i right click on any of the 
disks and try and make a link to the device i get the following message

Error "unsupported operation" while creating a link to "smb://...".
Is this a config problem or a know issue ?
What i really want to have is the disk appear on my desktop so that i 
can have things on the disk always be available

--
Sláinte
kkken
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Samba 3.0.12pre1 build failure

[Rex Dieter]

Gerald (Jerry) Carter wrote:
Rex Dieter wrote:
| Gerald (Jerry) Carter wrote:
|> This is a preview release of the Samba 3.0.12 code base and
|> is provided for testing only.
|
| I'm seeing a build failure, rh90, gcc-3.2.2: (using same config as for
| samba-3.0.11):

Builds fine on my rh9 box. I can't find any references to
interpret_long_unix_date().
$ grep interpret_long_unix_date */*.[ch]
It's there in samba-3.0.12pre1/source/smbd/trans2.c:
BUILD/samba-3.0.12pre1/source $grep -r interpret_long_unix_date *
smbd/trans2.c:  tvs.actime = 
interpret_long_unix_date(pdata+8);
smbd/trans2.c:  write_time = 
interpret_long_unix_date(pdata+16);
smbd/trans2.c:  changed_time = 
interpret_long_unix_date(pdata+24);


have you checked the differences in the specfile for
the 3.0.12pre1 src.rpm at
http://us4.samba.org/samba/ftp/Binary_Packages/RedHat/SRPMS/
and the one you are using ?
I'm building a slighty modified version from fedora-devel.
Wierder still, it seemed to build fine on my rhel3 box, though I still 
can't find where interpret_long_unix_date is defined.

--
Rex A. Dieter   [EMAIL PROTECTED]
Computer System Administrator   http://www.math.unl.edu/~rdieter/
Department of Mathematics   University of Nebraska Lincoln
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Re: [homes] share problems

[james]

Robert  connectfree.co.uk> writes:


> James
> 
> I have now managed to resolve this issue using the following :-
> 
> valid users = DOMAIN\%S
> 
> where DOMAIN is replaced by your domain name. This assumes the default 
> winbind separator \
> 
> Regards
> Rob

Rob

Thanks - I'll give it a go.

Is this documented anywhere or was it a case of trial and error

James


-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Problem with 3.0.10 and 3.0.11 with 1 smbd process using 99% cpu

[Gerald (Jerry) Carter]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
John C. Hennessy wrote:
| I've been having problems since updating
| to samba 3.0.10 on Debian 3.1 Below is the output of
| ltrace and gdb on the offending smbd process.
| I tried upgrading to 3.0.11 and the problem
| still exists. Anyone have  any suggestions?
|
| [gdb backtrace]
| Attaching to program: /usr/sbin/smbd, process 10657
| 
| 0x40202cf9 in memcpy () from /lib/tls/libc.so.6
| (gdb) bt
| #0  0x40202cf9 in memcpy () from /lib/tls/libc.so.6
| #1  0x081ac059 in tdb_set_lock_alarm ()
| #2  0x081ac20d in tdb_set_lock_alarm ()
| #3  0x081ad49b in tdb_exists ()
| #4  0x081ad6e3 in tdb_traverse ()
| #5  0x081b4a79 in pjob_delete ()
| #6  0x081b4f61 in pjob_delete ()
| #7  0x081a450b in message_dispatch ()
| #8  0x081b5186 in start_background_queue ()
| #9  0x081ffd62 in main ()
| (gdb)
There were a lot of printing fixes in 3.0.11.
I would really suggest an upgrade.  Particularly due
to loading issues like this one.

cheers, jerry
=
Alleviating the pain of Windows(tm)  --- http://www.samba.org
GnuPG Key- http://www.plainjoe.org/gpg_public.asc
"I never saved anything for the swim back." Ethan Hawk in Gattaca
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.2.5 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
iD8DBQFCJK5mIR7qMdg1EfYRAp4VAJ0Snpx98UQFocnUjqQX5hRz3iOTSwCg6hxB
kCy0gZ4uUC38l7o0YZLlKFk=
=VUq3
-END PGP SIGNATURE-
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Samba 3.0.12pre1 build failure

[Gerald (Jerry) Carter]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Rex Dieter wrote:
| Gerald (Jerry) Carter wrote:
|> This is a preview release of the Samba 3.0.12 code base and
|> is provided for testing only.
|
| I'm seeing a build failure, rh90, gcc-3.2.2: (using same config as for
| samba-3.0.11):
|
| Compiling modules/vfs_expand_msdfs.c with -fPIC
| Compiling modules/vfs_shadow_copy.c with -fPIC
| Compiling sam/idmap_rid.c with -fPIC
| Compiling modules/CP850.c with -fPIC
| Compiling modules/CP437.c with -fPIC
| Linking bin/smbd
| Linking bin/nmbd
| Linking bin/swat
| Linking bin/winbindd
| smbd/trans2.o(.text+0xa20a): In function `call_trans2setfilepathinfo':
| : undefined reference to `interpret_long_unix_date'
| smbd/trans2.o(.text+0xa221): In function `call_trans2setfilepathinfo':
| : undefined reference to `interpret_long_unix_date'
| smbd/trans2.o(.text+0xa234): In function `call_trans2setfilepathinfo':
| : undefined reference to `interpret_long_unix_date'
Builds fine on my rh9 box. I can't find any references to
interpret_long_unix_date().
$ grep interpret_long_unix_date */*.[ch]
have you checked the differences in the specfile for
the 3.0.12pre1 src.rpm at
http://us4.samba.org/samba/ftp/Binary_Packages/RedHat/SRPMS/
and the one you are using ?

cheers, jerry
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.2.5 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
iD8DBQFCJK3/IR7qMdg1EfYRAspYAKDIYvi+vMq/jOyfURPyxT7fGZadlACdHeH/
ZfAfJiLu3KJSCd+lPI+st9k=
=URAP
-END PGP SIGNATURE-
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Fedora core 2 domain trust account fails

[Gerald (Jerry) Carter]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Misty Stanley-Jones wrote:
| On Tuesday 01 March 2005 11:30 am, kent wrote:
|>Hello,
|>Having a problem with trust accounts failing after creation. The following
|>is the system that I'm running Samba on:
|>
|>Fedora Core 2
|>(compiled from source)
|>Samba 3.0.11
|>OpenLDAP 2.2.23
|>BerkeleyDB 4.3.27
|
| If you read the release notes for 3.0.12pre1 you will see there
| is a bug with  interdomain trusts in 3.0.11.  Nobody ever
| told me that even though I have  asked repeated on the
| mailing list.  I wlll save you the time I wasted and
| let you know.
Just to clarify:
The bug in 3.0.11 was only with 'net rpc trust establish'
Once a trust was setup (or upgrading from a previous version)
everything is fine.
And for the record, the patch was always available at
http://www.samba.org/~jerry/patches/post-3.0.11/
And was also logged as a issue in bugzilla.samba.org.

cheers, jerry
=
Alleviating the pain of Windows(tm)  --- http://www.samba.org
GnuPG Key- http://www.plainjoe.org/gpg_public.asc
"I never saved anything for the swim back." Ethan Hawk in Gattaca
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.2.5 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
iD8DBQFCJKjgIR7qMdg1EfYRAp9RAKDVOwXMD2TlBSRhZxYBgiztNVRurwCfelEp
cy2yuNaLiwGr+oeaOcv8Dv8=
=seql
-END PGP SIGNATURE-
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Samba 3.0.12pre1 build failure

[Rex Dieter]

Gerald (Jerry) Carter wrote:
This is a preview release of the Samba 3.0.12 code base and
is provided for testing only.
I'm seeing a build failure, rh90, gcc-3.2.2: (using same config as for 
samba-3.0.11):

Compiling modules/vfs_expand_msdfs.c with -fPIC
Compiling modules/vfs_shadow_copy.c with -fPIC
Compiling sam/idmap_rid.c with -fPIC
Compiling modules/CP850.c with -fPIC
Compiling modules/CP437.c with -fPIC
Linking bin/smbd
Linking bin/nmbd
Linking bin/swat
Linking bin/winbindd
smbd/trans2.o(.text+0xa20a): In function `call_trans2setfilepathinfo':
: undefined reference to `interpret_long_unix_date'
smbd/trans2.o(.text+0xa221): In function `call_trans2setfilepathinfo':
: undefined reference to `interpret_long_unix_date'
smbd/trans2.o(.text+0xa234): In function `call_trans2setfilepathinfo':
: undefined reference to `interpret_long_unix_date'
collect2: ld returned 1 exit status
make[1]: *** [bin/smbd] Error 1
make[1]: *** Waiting for unfinished jobs
make[1]: Leaving directory `/usr/local/tmp/BUILD/samba-3.0.12pre1/source'
-- Rex
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Authentication via both domain controller and local Sambapassword file

[Gerald (Jerry) Carter]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Kaplan, Marc wrote:
| Try setting auth methods = sam winbind. IIRC
| when in domain authentication auth methods
| does not include users in the local sam, but
| my knowledge could be based upon an older
| version of samba, so you'll have to try it out.
your memory is off a little Marc :-)
The default in security = domain is set to
'guest sam winbind:ntdomain'.  This issue is that the
'sam' method will only handle those requests that
match the SERVER\user format.  An explicit
net use * \\server\share /user:SERVER\user
will connect using a local account from smbpasswd.




cheers, jerry
=
Alleviating the pain of Windows(tm)  --- http://www.samba.org
GnuPG Key- http://www.plainjoe.org/gpg_public.asc
"I never saved anything for the swim back." Ethan Hawk in Gattaca
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.2.5 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
iD8DBQFCJKhHIR7qMdg1EfYRAmLnAJ0f4ShLTJ4fzcScW34tlng4fkojTgCeLDV4
V9IPvagjkqGLNMq4Y5JOhNA=
=GMv5
-END PGP SIGNATURE-
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Problem with 3.0.10 and 3.0.11 with 1 smbd process using 99% cpu

[John C. Hennessy]

I've been having problems since updating to samba 3.0.10 on Debian 3.1
Below is the output of ltrace and gdb on the offending smbd process.
I tried upgrading to 3.0.11 and the problem still exists. Anyone have 
any suggestions?

[ltrace output]
After about 20 seconds on the processes ltrace loops this
iconv(0x82cecc8, 0xb218, 0xb21c, 0xb220, 0xb224) = -1
__errno_location()   = 0x403ac560
iconv(0x82cecc8, 0, 0, 0, 0) = 0
__errno_location()   = 0x403ac560
iconv(0x82cecc8, 0xb218, 0xb21c, 0xb220, 0xb224) = -1
__errno_location()   = 0x403ac560
iconv(0x82cecc8, 0, 0, 0, 0) = 0
__errno_location()   = 0x403ac560
iconv(0x82cecc8, 0xb218, 0xb21c, 0xb220, 0xb224) = -1
__errno_location()   = 0x403ac560
iconv(0x82cecc8, 0, 0, 0, 0) = 0
__errno_location()   = 0x403ac560
iconv(0x82cecc8, 0xb218, 0xb21c, 0xb220, 0xb224) = -1
__errno_location()   = 0x403ac560
iconv(0x82cecc8, 0, 0, 0, 0) = 0
__errno_location()   = 0x403ac560
[gdb backtrace]
Attaching to program: /usr/sbin/smbd, process 10657

0x40202cf9 in memcpy () from /lib/tls/libc.so.6
(gdb) bt
#0  0x40202cf9 in memcpy () from /lib/tls/libc.so.6
#1  0x081ac059 in tdb_set_lock_alarm ()
#2  0x081ac20d in tdb_set_lock_alarm ()
#3  0x081ad49b in tdb_exists ()
#4  0x081ad6e3 in tdb_traverse ()
#5  0x081b4a79 in pjob_delete ()
#6  0x081b4f61 in pjob_delete ()
#7  0x081a450b in message_dispatch ()
#8  0x081b5186 in start_background_queue ()
#9  0x081ffd62 in main ()
(gdb)
John C. Hennessy
President/CTO
HNK Technology Solutions, Inc.

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] samba failed to authenticate to openLDAP

[Steve Zeng]

Paul,
Great Tips... Thanks you. I will take a look at smbldap-tools and try again.
Steve
Judicious snippage, post at the bottom.
I tried to let Samba authenticate against LDAP but could not figure 
out how to build the LDAP tree for Samba.

Fedora core 2
Samba 3.0.10
OpenLDAP 2.1.29
dc=mydomain
 |
 `--- ou=People: to store user accounts for Unix and Windows
 |
 `--- ou=Hosts : to store computer accounts for UNIXX & Windows
 |
 `--- ou=Groups: to store system groups for Unix and Windows
What I did were:

   [global]
workgroup = TESTDM
passdb backend = ldapsam:ldap://10.10.0.101/
log level = 1 passdb:8 auth:8
domain logons = Yes
wins support = Yes
ldap admin dn = cn=root,dc=mydomain
ldap delete dn = Yes
ldap group suffix = ou=Group
ldap machine suffix = ou=Hosts
ldap user suffix = ou=People
ldap suffix = dc=mfelc
ldap passwd sync = Yes
ldap ssl = no
3) start Samba server
4) run smbclient //smbserver -U myid
   Password:
   session setup failed: NT_STATUS_LOGON_FAILURE

Attached is the smbd.log, I deleted the normal log and keep failed 
messages as below:
  check_sam_security: Couldn't find user 'szeng' in passdb file.
auth/auth.c:check_ntlm_password(271)
  check_ntlm_password: sam authentication for user [szeng] FAILED with 
error NT_STATUS_NO_SUCH_USER

Is there anybody who might have some idea of what is wrong.

Yep.  You did nothing to create the samba attributes that will have to 
exist in each user account for the users to log in.   I suggest you read 
the documentation on setting up an LDAP/PDC system that is on the 
samba.org web site.  You've missed quite a few steps here, so you may 
want to read it through to get a complete idea.  Your solution is going 
to include the following:

1. Obtain and configure the smbldap-tools package.
2. Run the smbldap-populate script
3. Make sure you've got a sambaDomain (I think that's the object type) 
in the base of your DIT.
4. Join the machine to the domain (since you appear to want a domain setup)
4. Add samba attributes to each user's account.

Yes there are 2 #4 entries.  Doesn't matter which one comes first.  As 
far as I can remember, those will be the critical steps to not miss.   
If you've followed the documentation and not done those steps, you've 
missed something.


--
Regards,
Steve Zeng
Systems Administrator
Mainframe Entertainment Inc
T: (604) 628-1000 ext 5293
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] compile problems on SuSE 7.2

[Jochen Witte]

Hello,

I try to compile Samba 3.0.11 on SuSE 7.2 (Kernel 2.4.10, glibc 2.2.2,
gcc 2.95.3) and get a lot of warnings and then the compilation fails
with

---snip---
Linking nsswitch/libnss_wins.so
lib/system.po: In function `sys_dlopen':
lib/system.po(.text+0xf3f): undefined reference to `dlopen'
lib/system.po: In function `sys_dlsym':
lib/system.po(.text+0xf6f): undefined reference to `dlsym'
lib/system.po: In function `sys_dlclose':
lib/system.po(.text+0xf9b): undefined reference to `dlclose'
lib/system.po: In function `sys_dlerror':
lib/system.po(.text+0xfc4): undefined reference to `dlerror'
lib/username.po: In function `user_in_netgroup_list':
lib/username.po(.text+0xbd2): undefined reference to
`yp_get_default_domain'
lib/access.po: In function `string_match':
lib/access.po(.text+0x200): undefined reference to
`yp_get_default_domain'
Compiling nsswitch/pam_winbind.c with -fPIC
Linking nsswitch/pam_winbind.so
Compiling libsmb/libsmbclient.c with -fPIC
Compiling libsmb/libsmb_compat.c with -fPIC
make: *** wait: No child processes.  Stop.
make: *** Waiting for unfinished jobs
make: *** wait: No child processes.  Stop.
---snip---

Is compiling with such an old system not supported? Or: what Do I have
to do to get it compiled?

Regards
Jochen

-- 
Jochen Witte <[EMAIL PROTECTED]>


-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Is it feasable?

[Franco \"Sensei\"]

Am I asking something OT?
If there's a more appropriate Samba ML, let me know...
--
Sensei  
   
   
   


signature.asc
Description: OpenPGP digital signature
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

RE: [Samba] Authentication via both domain controller and local Sambapassword file

[Kaplan, Marc]

Try setting auth methods = sam winbind. IIRC when in domain
authentication auth methods does not include users in the local sam, but
my knowledge could be based upon an older version of samba, so you'll
have to try it out.

-Marc

> -Original Message-
> From: [EMAIL PROTECTED]
[mailto:samba-
> [EMAIL PROTECTED] On Behalf Of Juer Lee
> Sent: Tuesday, March 01, 2005 12:46 AM
> To: samba@lists.samba.org
> Subject: [Samba] Authentication via both domain controller and local
> Sambapassword file
> 
> Hi Guys,
> 
> 
> 
> Does anybody know that if Samba is able to authenticate the user via
both
> domain controller and local Samba password file when the Samba is
running
> under 'Domain' mode??
> 
> 
> 
> The test steps:
> 
> 1. Add some Samba users when the Samba is configured running under
'User'
> mode, then the share is accessible by those added users.
> 
> 2. Try to join the Samba a Windows 2000 domain, then the user logs
into
> the
> domain can access the share.
> 
> 
> 
> My question is:
> 
>  Can the user created in step 1 can still access the share?
> 
> 
> 
> I have done the test on Samba 3.0.7 and Samba 3.0.11, the answer is
'No'.
> But I do remember that the share can be accessed by both domain user
or
> local Samba user in this case in earlier Samba 3.0.x than 3.0.
> 
> 
> 
> Thanks in advance,
> 
> Juer
> 
> 
> 
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/listinfo/samba
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Fedora core 2 domain trust account fails

[kent]

I haven't read them but I will, thanks.

Kent


Misty Stanley-Jones <[EMAIL PROTECTED]> wrote: 
> On Tuesday 01 March 2005 11:30 am, kent wrote:
> > Hello,
> > Having a problem with trust accounts failing after creation. The following
> > is the system that I'm running Samba on:
> >
> > Fedora Core 2
> > (compiled from source)
> > Samba 3.0.11
> > OpenLDAP 2.2.23
> > BerkeleyDB 4.3.27
> 
> If you read the release notes for 3.0.12pre1 you will see there is a bug with 
> interdomain trusts in 3.0.11.  Nobody ever told me that even though I have 
> asked repeated on the mailing list.  I wlll save you the time I wasted and 
> let you know.
> 
> Misty
> 
> -- 
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/listinfo/samba
> 

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Migrate profiles from one domain to another

[John H Terpstra]

Misty,

You can use the Samb 'profiles' tool to change the SIDs in your user profiles.

- John T.

On Tuesday 01 March 2005 08:22, Misty Stanley-Jones wrote:
> Hi all,
>
> I need to migrate profiles from one running domain to another.  I can't use
> the standard Windows Profile tools, because when I am a member of one
> domain, profiles for the other domain say "Account Unknown" and the Copy
> function is disabled.  I can't get interdomain trusts working and have no
> responses to my email about that, so I am looking for another way to get
> this done.  I have a feeling that my missing link is interdomain trusts. 
> Any help would be appreciated, so I can merge these two domains together. 
> :(
>
> Misty

-- 
John H Terpstra
Samba-Team Member
Phone: +1 (650) 580-8668

Author:
The Official Samba-3 HOWTO & Reference Guide, ISBN: 0131453556
Samba-3 by Example, ISBN: 0131472216
Hardening Linux, ISBN: 0072254971
Other books in production.
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Fedora core 2 domain trust account fails

[Misty Stanley-Jones]

On Tuesday 01 March 2005 11:30 am, kent wrote:
> Hello,
> Having a problem with trust accounts failing after creation. The following
> is the system that I'm running Samba on:
>
> Fedora Core 2
> (compiled from source)
> Samba 3.0.11
> OpenLDAP 2.2.23
> BerkeleyDB 4.3.27

If you read the release notes for 3.0.12pre1 you will see there is a bug with 
interdomain trusts in 3.0.11.  Nobody ever told me that even though I have 
asked repeated on the mailing list.  I wlll save you the time I wasted and 
let you know.

Misty

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Fedora core 2 domain trust account fails

[kent]

Hello,
Having a problem with trust accounts failing after creation. The following is
the system that I'm running Samba on:

Fedora Core 2
(compiled from source)
Samba 3.0.11
OpenLDAP 2.2.23
BerkeleyDB 4.3.27

Windows 2000 client machine

I have a script to add machine trust accounts to LDAP. The first part adds a
posix Account and attributes to LDAP, the second uses smbpasswd to add the Samba
account and attributes. I use PAM to point to the LDAP directory for user, group
info and authentication.

This method has worked on Samba 3.0.0 with ldap 2.1.30 backend systems fine.

I add the account using root, the account is created in LDAP, and I get a
"Welcome to blah blah domain" message. After I reboot and attempt to login, I
get a trust account failure error message. I compared the sid for the domain and
the machine account and they are identical. The only password that is created is
sambaNTPassword. The following are attributes that are found in LDAP after
account creation:

[EMAIL PROTECTED] root]# ldapsearch -xv -b "ou=computers,dc=tow,dc=net"
uid=wms-0106$ldap_initialize(  )
filter: uid=wms-0106$
requesting: ALL
# extended LDIF
#
# LDAPv3
# base  with scope sub
# filter: uid=wms-0106$
# requesting: ALL
#
 

# wms-0106$, Computers, tow.net
dn: uid=wms-0106$,ou=Computers,dc=tow,dc=net
objectClass: inetOrgPerson
objectClass: posixAccount
objectClass: sambaSamAccount
uid: wms-0106$
cn: wms-0106$
sn: wms-0106$
uidNumber: 8049
gidNumber: 502
homeDirectory: /dev/null
description: Computer
loginShell: /bin/false
sambaSID: S-1-5-21-1129281578-1295143107-3311307472-17098
sambaPrimaryGroupSID: S-1-5-21-1129281578-1295143107-3311307472-515
displayName: wms-0106$
sambaPwdCanChange: 1109349002
sambaPwdMustChange: 2147483647
sambaNTPassword: 6B92BAAA9FAD3E498BF4665F0B42BF95
sambaPwdLastSet: 1109349002
sambaAcctFlags: [W  ]
 
# search result
search: 2
result: 0 Success

Any suggestions?


Kent L. Nasveschuk
Wareham Public Schools

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Migrate profiles from one domain to another

[Misty Stanley-Jones]

Hi all,

I need to migrate profiles from one running domain to another.  I can't use 
the standard Windows Profile tools, because when I am a member of one domain, 
profiles for the other domain say "Account Unknown" and the Copy function is 
disabled.  I can't get interdomain trusts working and have no responses to my 
email about that, so I am looking for another way to get this done.  I have a 
feeling that my missing link is interdomain trusts.  Any help would be 
appreciated, so I can merge these two domains together.  :(

Misty
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Unable to login to the domain

[Ali Naddaf]

Hello everyone.
I am having a problem loging into my domain (although I can log into my 
shares successfully). Here are the details.

Servers and applications:
PDC Server:
Name: ACME-SERVER
Domain: ACME
Samba: 3.0.10-1 (Debian)
smbldap-tools: 0.8.5-3
Distribution: Debian, running kernel 2.6.8-1-k7
IP Address: 192.168.1.106
Backend Database: ldap (OpenLdap)
Windows Machine:
OS: Win2K
Name: naddaf2
IP Address: 192.168.1.108
username used in creating the log files: "maunelie"
I have been able to add my windows machine (i.e. naddaf2) to the ACME 
domain (and a "naddaf2$" entry was added to my ldap backend as a 
result). After cleaning up my /var/log/samba/ content, I started my 
samba and tried to login from naddaf2 to my domain and it created a 
number of log files that I have zipped in a 20K file and have put here 
for your access:
http://naddaf.net:82/samba/all_samba_logs.zip

Looking at the naddaf2 log file (included in the above zipped file), it 
seems that logon has gone through successfully, but what I see on my 
windows box is the standard error:

"The system could not log you in. make sure your User name and Domain
are correct, then type your password again. Letters in passwords must
be typed using the correct case. Make sure Caps Lock is not accidently
on."
I have also put my smb.conf file there: 
http://naddaf.net:82/samba/smb.conf . If there is any other information 
I can add, please let me know.

I appreciate it if someone could help me fix the issue.
Many thanks,
Ali Naddaf.
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] local users in domain member security.

[Gerald (Jerry) Carter]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Meli Marco wrote:
| Hi,
| I have samba 3.0.7 installed and it works fine in security=domain with
| domain user accounts, ACL and so on but now we would like to add some
users
| in local database account (/etc/passwd & /etc/smbpasswd file I though, so
| they are few users).
| I try to use "smbclient /server/data -Ulocal_linux_user_name%password"
| to test it's everithing ok, but I always receive the same error:
| session setup failed: NT_STATUS_LOGON_FAILURE, I presume
add -W 

cheers, jerry
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.2.5 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
iD8DBQFCJHqFIR7qMdg1EfYRAo3BAJ9L+UqwP2txsJ2nLE799eUcg5yW2QCgyUa7
rEJlMDtfM5OPs0SCFnODP+k=
=QIrj
-END PGP SIGNATURE-
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Re: [homes] share problems

[Gerald (Jerry) Carter]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Christoph Scheeder wrote:
| Hi all,
| some month ago i had the same problem and was told
| to replace %S by %U. That solved the problem for me.
| BUT i have a standalone samba-pdc, so it may help
| you or not, but it's worth a try, isn't it?
valid users = %U in [homes] has no real effect.  If you
expand out the smb.conf variables, you should see why.


cheers, jerry
=
Alleviating the pain of Windows(tm)  --- http://www.samba.org
GnuPG Key- http://www.plainjoe.org/gpg_public.asc
"I never saved anything for the swim back." Ethan Hawk in Gattaca
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.2.5 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
iD8DBQFCJHolIR7qMdg1EfYRAloLAKC9upb19xfZAJuluoR+YDqAqAnHTQCePV6/
Jnn449P6AkhdiIs/XSzEsNQ=
=zKzh
-END PGP SIGNATURE-
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Access Denied when trying to change permissions on Samba share

[Paul Gienger]

click the file/directory, click properties, click Security tab, choose a
user and try to modify the permissions or add a user or group for access
rights the share it fails. The message given is "Unable to save
permission changes...Access is denied".
I compared both smb.conf files before and after the upgrade and they are
the same. What am I missing here?
 

Do you have ACLs enabled on your FS?
--
--
Paul GiengerOffice: 701-281-1884
Applied Engineering Inc.
Systems Architect   Fax:701-281-1322
URL: www.ae-solutions.com   mailto: [EMAIL PROTECTED]

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] samba failed to authenticate to openLDAP

[Paul Gienger]

Judicious snippage, post at the bottom.
I tried to let Samba authenticate against LDAP but could not figure 
out how to build the LDAP tree for Samba.

Fedora core 2
Samba 3.0.10
OpenLDAP 2.1.29
dc=mydomain
 |
 `--- ou=People: to store user accounts for Unix and Windows
 |
 `--- ou=Hosts : to store computer accounts for UNIXX & Windows
 |
 `--- ou=Groups: to store system groups for Unix and Windows
What I did were:

   [global]
workgroup = TESTDM
passdb backend = ldapsam:ldap://10.10.0.101/
log level = 1 passdb:8 auth:8
domain logons = Yes
wins support = Yes
ldap admin dn = cn=root,dc=mydomain
ldap delete dn = Yes
ldap group suffix = ou=Group
ldap machine suffix = ou=Hosts
ldap user suffix = ou=People
ldap suffix = dc=mfelc
ldap passwd sync = Yes
ldap ssl = no
3) start Samba server
4) run smbclient //smbserver -U myid
   Password:
   session setup failed: NT_STATUS_LOGON_FAILURE

Attached is the smbd.log, I deleted the normal log and keep failed 
messages as below:
  check_sam_security: Couldn't find user 'szeng' in passdb file.
auth/auth.c:check_ntlm_password(271)
  check_ntlm_password: sam authentication for user [szeng] FAILED with 
error NT_STATUS_NO_SUCH_USER

Is there anybody who might have some idea of what is wrong.
Yep.  You did nothing to create the samba attributes that will have to 
exist in each user account for the users to log in.   I suggest you read 
the documentation on setting up an LDAP/PDC system that is on the 
samba.org web site.  You've missed quite a few steps here, so you may 
want to read it through to get a complete idea.  Your solution is going 
to include the following:

1. Obtain and configure the smbldap-tools package.
2. Run the smbldap-populate script
3. Make sure you've got a sambaDomain (I think that's the object type) 
in the base of your DIT.
4. Join the machine to the domain (since you appear to want a domain setup)
4. Add samba attributes to each user's account.

Yes there are 2 #4 entries.  Doesn't matter which one comes first.  As 
far as I can remember, those will be the critical steps to not miss.   
If you've followed the documentation and not done those steps, you've 
missed something.

--
--
Paul GiengerOffice: 701-281-1884
Applied Engineering Inc.
Systems Architect   Fax:701-281-1322
URL: www.ae-solutions.com   mailto: [EMAIL PROTECTED]

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Winbind - how to map ADS group to Unix group

[Gerald (Jerry) Carter]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Miles, Noal wrote:
| OK I set "winbind nested group = yes"
use `net groupmap {addmem,delmem,listmem}'

cheers, jerry
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.2.5 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
iD8DBQFCJHV4IR7qMdg1EfYRAgauAJ9zI4gmGpn/9H0E0zA4Y3Nips3nnACdHAUj
HOXXv8XrN7gaVl2mBrpxLcs=
=/mab
-END PGP SIGNATURE-
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Error on samba installation

[jean-marc . viguier]

Hello,

I want to install samba 3.0.11 on a Mandrake 10.1. Once all source
compiled, the "make" command gives an error message that you can see on the
attached file.

Thanks in advance for any advice.

(See attached file: instal-samba.doc)

Jean-Marc VIGUIER
Service Informatique
Mairie de Six-Fours-Les-Plages
04 94 34 94 91
06 87 13 62 00-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] [SOLVED] Samba 3.0.11 doesn't work on Fedora Core 2

[Philip Burrow]

Philip Burrow wrote:
Andrew Bartlett wrote:
I think it's a bug in the version of nss_ldap included in FC2.  I run
with this patch (removing an optimisation in our handling on LDAP).
Perhaps the smbldap part of the changes are not required...

Hi Andrew,
What I have found is that 3.0.10 works fine on Fedora 1 and 2, but 
3.0.11 and the 3.0.12 prerelease suffers the issue described by me 
earlier and by Dimitry here. I built from SRPMS provided on samba.org in 
all cases.
Just following up my own post, I obtained nss_ldap-220-3.src.rpm (used 
in FC3) for a FC1 machine, built and installed it then rebuilt Samba 
3.0.12pre1 and installed.

This appears to have fixed the problem. I was using nss_ldap-217-1 on 
both my FC1 and FC2 machines, hence why it wasn't working on both. I 
since tested 3.0.11 and it worked too.

Thanks Andrew for your comments.
Phil
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

RE: [Samba] Windows 2003 Active Directory - Cannot authenticate

[James Gardiner]

I've been checking the authentication with "wbinfo -a
%", which is failing with the following error:

plaintext password authentication failed
error code was NT_STATUS_NO_SUCH_USER (0xc064)
error messsage was: No such user
Could not authenticate user % with plaintext
password
challenge/response password authentication failed
error code was NT_STATUS_NO_LOGON_SERVERS (0xc05e)
error messsage was: No logon servers
Could not authenticate user  with challenge/response

Strangely, "wbinfo -g" and "wbinfo -u" seem to work, as mentioned in my
previous post.

Logging winbindd, at level 10, during this process, shows the following
(apologies for length):

[2005/02/28 13:24:27, 6] nsswitch/winbindd.c:new_connection(356)
  accepted socket 19
[2005/02/28 13:24:27, 10]
nsswitch/winbindd.c:winbind_client_read(470)
  client_read: read 1824 bytes. Need 0 more for a full request.
[2005/02/28 13:24:27, 10] nsswitch/winbindd.c:process_request(321)
  process_request: request fn INTERFACE_VERSION
[2005/02/28 13:24:27, 3]
nsswitch/winbindd_misc.c:winbindd_interface_version(261)
  [14536]: request interface version
[2005/02/28 13:24:27, 10] nsswitch/winbindd.c:client_write(524)
  client_write: wrote 1300 bytes.
[2005/02/28 13:24:27, 10]
nsswitch/winbindd.c:winbind_client_read(470)
  client_read: read 1824 bytes. Need 0 more for a full request.
[2005/02/28 13:24:27, 10] nsswitch/winbindd.c:process_request(321)
  process_request: request fn WINBINDD_PRIV_PIPE_DIR
[2005/02/28 13:24:27, 3]
nsswitch/winbindd_misc.c:winbindd_priv_pipe_dir(297)
  [14536]: request location of privileged pipe
[2005/02/28 13:24:27, 10] nsswitch/winbindd.c:client_write(524)
  client_write: wrote 1300 bytes.
[2005/02/28 13:24:27, 10] nsswitch/winbindd.c:client_write(569)
  client_write: need to write 35 extra data bytes.
[2005/02/28 13:24:27, 10] nsswitch/winbindd.c:client_write(524)
  client_write: wrote 35 bytes.
[2005/02/28 13:24:27, 10] nsswitch/winbindd.c:client_write(558)
  client_write: client_write: complete response written.
[2005/02/28 13:24:27, 6] nsswitch/winbindd.c:new_connection(356)
  accepted socket 20
[2005/02/28 13:24:27, 10]
nsswitch/winbindd.c:winbind_client_read(470)
  client_read: read 0 bytes. Need 1824 more for a full request.
[2005/02/28 13:24:27, 5]
nsswitch/winbindd.c:winbind_client_read(477)
  read failed on sock 19, pid 14536: EOF
[2005/02/28 13:24:27, 10]
nsswitch/winbindd.c:winbind_client_read(470)
  client_read: read 1824 bytes. Need 0 more for a full request.
[2005/02/28 13:24:27, 10] nsswitch/winbindd.c:process_request(321)
  process_request: request fn PAM_AUTH
[2005/02/28 13:24:27, 3]
nsswitch/winbindd_pam.c:winbindd_pam_auth(179)
  [14536]: pam auth 
[2005/02/28 13:24:27, 8] lib/util.c:is_myname(1810)
  is_myname("EASTLONDON") returns 1
[2005/02/28 13:24:27, 3]
nsswitch/winbindd_pam.c:winbindd_pam_auth(259)
  Authentication for domain EASTLONDON (local domain to this server)
not supported at this stage
[2005/02/28 13:24:27, 2]
nsswitch/winbindd_pam.c:winbindd_pam_auth(361)
  Plain-text authentication for user  returned
NT_STATUS_NO_SUCH_USER (PAM: 10)
[2005/02/28 13:24:27, 10] nsswitch/winbindd.c:client_write(524)
  client_write: wrote 1300 bytes.
[2005/02/28 13:24:27, 10]
nsswitch/winbindd.c:winbind_client_read(470)
  client_read: read 1824 bytes. Need 0 more for a full request.
[2005/02/28 13:24:27, 10] nsswitch/winbindd.c:process_request(321)
  process_request: request fn INFO
[2005/02/28 13:24:27, 3] nsswitch/winbindd_misc.c:winbindd_info(248)
  [14536]: request misc info
[2005/02/28 13:24:27, 10] nsswitch/winbindd.c:client_write(524)
  client_write: wrote 1300 bytes.
[2005/02/28 13:24:27, 10]
nsswitch/winbindd.c:winbind_client_read(470)
  client_read: read 1824 bytes. Need 0 more for a full request.
[2005/02/28 13:24:27, 10] nsswitch/winbindd.c:process_request(321)
  process_request: request fn DOMAIN_NAME
[2005/02/28 13:24:27, 3]
nsswitch/winbindd_misc.c:winbindd_domain_name(273)
  [14536]: request domain name
[2005/02/28 13:24:27, 10] nsswitch/winbindd.c:client_write(524)
  client_write: wrote 1300 bytes.
[2005/02/28 13:24:27, 10]
nsswitch/winbindd.c:winbind_client_read(470)
  client_read: read 1824 bytes. Need 0 more for a full request.
[2005/02/28 13:24:27, 10] nsswitch/winbindd.c:process_request(321)
  process_request: request fn AUTH_CRAP
[2005/02/28 13:24:27, 3]
nsswitch/winbindd_pam.c:winbindd_pam_auth_crap(465)
  [14536

Re: [Samba] Samba 3.0.11 doesn't work on Fedora Core 2

[Philip Burrow]

Andrew Bartlett wrote:
On Tue, 2005-03-01 at 09:46 +0300, Dmitry V. Korotkov wrote:
Hi!
I am not alone. Philip Burrow 
[http://lists.samba.org/archive/samba/2005-February/100848.html]
has the same problem on Fedora Core 1.

I've downloaded samba-3.0.11-1.src.rpm from samba.org, built samba RPM 
packages and
updated samba-3.0.8 (it is configured to be PDC with LDAP sam database). 
When I restart
samba, server appears in network and shares are working, but soon server 
disappears.

I think it's a bug in the version of nss_ldap included in FC2.  I run
with this patch (removing an optimisation in our handling on LDAP).
Perhaps the smbldap part of the changes are not required...
Hi Andrew,
What I have found is that 3.0.10 works fine on Fedora 1 and 2, but 
3.0.11 and the 3.0.12 prerelease suffers the issue described by me 
earlier and by Dimitry here. I built from SRPMS provided on samba.org in 
all cases.

It is related to LDAP, as if I comment out the
passdb backend=ldapsam:ldap://localhost
directive from the config file, the errors from smbclient stop. 
Unfortunately it doesn't use LDAP, which is what I want.

After restarting smbd/nmbd with 3.0.11 or 3.0.12pre1, I get a share list 
and this error when I do smbclient -L localhost:

"session setup failed: Call returned zero bytes (EOF)
NetBIOS over TCP disabled -- no workgroup available"
Then if I repeat smbclient -L localhost, I get the following only:
"protocol negotiation failed"
With the above smb.conf directive enabled, the LDAP logs show Samba 
querying the LDAP server, and there doesn't appear to be a lot wrong 
with whats happening. It just doesn't work right!

Is there a known working version of nss_ldap that we can try? Which 
patch are you referring to?

Many thanks,
Phil
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Samba 2.2.8 - authentication and nscd

[Peter Dods]

 

 

 

 

Peter Dods 
Senior Consultant
STR Technology Ltd - IT & Telecoms Staffing Specialists

e-mail: [EMAIL PROTECTED]
Tel: 01483 510130

Fax:01483  510140
Mobile:  07906 162 871

View a selection of our vacancies online www.strecruitment.co.uk 

 

PRIVACY AND CONFIDENTIALITY NOTICE 
The information in this email is for the named addressee only. As this
email may contain confidential or privileged information if you are not,
or suspect that you are not, the named addressee or the person
responsible for delivering the message to the named addressee, please
contact us immediately. Please note that we cannot guarantee that this
message has not been intercepted and amended. The views of the author
may not necessarily reflect those of STR Ltd. Should this email contain
a curriculum vitae of an STR Ltd candidate then this shall be classed as
an 'Introduction' by STR Ltd as per our terms and conditions of
business.

VIRUS NOTICE 
The contents of any attachment may contain software viruses, which could
damage your own computer. While STR Ltd has taken reasonable precautions
to minimise the risk of software viruses, it cannot accept liability for
any damage, which you may suffer as a result of such viruses. We
recommend that you carry out your own virus checks before opening any
attachment.

 

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Problem joining w2k server into samba3 domain

[Andreas Schneider]

Hello.

We like to join an existing and working samba3 domain (Debian/sarge, just pam, 
no ldap or kerberos) with a win2k server. 

When I try to join the domain I have to authenticate with an domain
Admin Account as usual. This proves in my opinion, that it can talk to the 
samba-pdc.  After that an error message says that the samba domain can't
be found. Why is it, that I can't add a Windows server?

Does anybody know this problem? I don't understand why this should
not work, its a normally domain join like Win2k pro and Windows xp join. Is 
anything different here?

We need this server in our domain to install a domain-wide SuS-service. 

Any help is greatly appreciated.

--
regards
Andreas Schneider ...

--
ANW GmbH & Co. KG
Mainzer Str. 4-6 
66424 Homburg

Telefon 06841 - 1897760
Telefax 06841 - 1897770
mailto:[EMAIL PROTECTED]
http://www.anw.de


-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] local users in domain member security.

[Meli Marco]

Hi,
I have samba 3.0.7 installed and it works fine in security=domain with
domain user accounts, ACL and so on but now we would like to add some users
in local database account (/etc/passwd & /etc/smbpasswd file I though, so
they are few users).
I try to use "smbclient /server/data -Ulocal_linux_user_name%password" to
test it's everithing ok, but I always receive the same error:
session setup failed: NT_STATUS_LOGON_FAILURE, I presume that it try to find
the user in the domain, but I have configure nsswitch to search in files
before and winbind after.
What's wrong?
Thanks a lot.
Marco.  
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

RE: [Samba] Srvtools causes smbldap_open: cannot access LDAP when not root

[Tony Earnshaw]

Doug Campbell:

[...]

> Sorry, I forgot to put some of these answers in last time :(
>
>
> slapd appears to be running as user ldap when I run  ps aux
>
> I enabled it to start automatically on boot up using the chkconfig
> utility in FC3.
>
> All config files are owned by root and have root as their group with the
> one exception of slapd.conf which has ldap as it's group


> The DB files are owned by ldap and the group is ldap.

O.k.

> I don't have any certificates to deal with as I am not using SSL/TLS.  I
> actually tried to do this as a learning exercise but couldn't get it to
> work based on the documentation I read.

Try http://www.openldap.org/pub/ksoper/OpenLDAP_TLS_howto.html

> "cn=Manager,dc=swro,dc=local" is the rootdn user in slapd.conf
>
>
> I wanted to have a proxy user but again when I tried using the example
> slapd.conf files for ACLs they never worked even though I followed the
> examples as given.

You *have* to get ACLs working. You can't possibly use OpenLDAP (in
production, at least) without some quite complex ACLs.

> if I just type ldapsearch at the console, it will prompt me for a
> password. I don't know what password it is asking though.  I tried all
> that I have used and there is still no luck.  The error I get is "user not
> found: no
> secret in database".  If instead I type ldapsearch -x.  It displays
> information from my ldap store.  If I now switch users to a non-root user
>  and execute the same two commands, I also get the same two results.

'man ldapsearch'. ldapsearch without -x assumes that you are asking for
SASL support that you have configured in slapd.conf, and you haven't. The
fact that you get the same results for root or a non-root user doesn't
have anything to do with the Unix user that you are logged in as; slapd
doesn't care about the Unix )posix) user. It only cares about users in DNs
that you feed it.

> Does that give a better idea of what might be wrong in my setup?

Yes. I have to agree with Craig White here (I usually do ;) LDAP for me is
the be-all and end-all. i use it for across-platform authentication in
production for *everything* It is the corner stone to all services that my
users may use. If an application doesn't work with it, then that
application is useless to me. Examples of apps that use a single login and
password at one site I administer (runs 3 servers under RHAS3 using the
same LDAP DSA) are postfix smtp, Courier IMAP, Linux Terminal Server
Project, Pykota print quota admin, ssh and a Samba PDC. To be able to
master the LDAP part thoroughly, I chose to use source code and subscribe
to the 4-5 mailing lists dealing with this. Craig does the same.

Get samba working without LDAP first, then make sure you master every
possible aspect of openldap and are completely confident with it. Then you
can adapt what you've done to Samba.

Best,

--Tonni

--
mail: [EMAIL PROTECTED]
http://www.billy.demon.nl

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] samba failed to authenticate to openLDAP

[Tony Earnshaw]

Steve Zeng:

> I tried to let Samba authenticate against LDAP but could not figure out
> how to build the LDAP tree for Samba.
>
> Fedora core 2
> Samba 3.0.10
> OpenLDAP 2.1.29
>
>
> I used the migration tool bundled with OpenLDAP and successfully
> imported passwd, group and hosts from NIS into LDAP. I can authenticate
> from any of linux client against LDAP server. My LDAP DIT is as follows:
>
> dc=mydomain |
> `--- ou=People: to store user accounts for Unix and Windows
> |
> `--- ou=Hosts : to store computer accounts for UNIXX & Windows
> |
> `--- ou=Groups: to store system groups for Unix and Windows

O.k. But you could find at a later stage (on, for example, a large
installation) that you could do better to separate Samba specific stuff
into a subtree, f.ex. under an ou smb. You can still have Samba users in
your People container.

[...]

No comment on the specific OpenLDAP stuff, it looks o.k. and you made it
work :)

> 2) Configure smb.conf with SWAT

You might find out later that a CLI editor is a better choice; it gives
you the chance of commenting and trying different settings out
temporarily.

[...]

> ldap suffix = dc=mfelc

This is your immediate problem. Where on earth did you get this from? Your
ldap suffix should normally be that of the suffix used in your slapd.conf
DSE (could possibly be a subtree): in this case dc=mydomain.

--Tonni

--
mail: [EMAIL PROTECTED]
http://www.billy.demon.nl

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Srvtools causes smbldap_open: cannot access LDAP when not root

[Tony Earnshaw]

Sergey Loskutov:

[...]

> samba have next code in smbldap.c:
>
> #ifndef NO_LDAP_SECURITY
> if (geteuid() != 0) { DEBUG(0, ("smbldap_open: cannot access LDAP when not
> root..\n")); return  LDAP_INSUFFICIENT_ACCESS; }
> #endif
>
>
> If you user account not have uid=0 sometimes you have a problem
> described above.


This would be it, yes. This is covered in the Samba (3.0) docs.

--Tonni

-- 
mail: [EMAIL PROTECTED]
http://www.billy.demon.nl

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Re: profiles not loading

[Tony Earnshaw]

Jeff Umbach:

> I'm having the same issue as well, though it normally happens after the
> server locks up and needs to be rebooted.  The server is RedHat ES 3
> running Samba 3.0.9 and the workstations are WinXP Pro SP1.

Server locks up? We had a Samba 3.0.11 running on RHAS3 update 4 - IBM 235
X series (Jeff Carter's Red Hat srpm compiled on the same machine)
suddenly refuse ssh and console logins after Samba had been running for a
week. The server had been running perfectly up to then, for more than 6
months. The users could carry on with what they were doing, logins just
hung. We had to use the on/off button to reboot.

Is this what you mean?

--Tonni

--
mail: [EMAIL PROTECTED]
http://www.billy.demon.nl

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] permissions modified on shared excel files

[Tony Earnshaw]

Tyler R. Retzlaff:

> Having difficulty with samba & permissions being changed when windows
> clients save files.
>
> Initially files may be shared 0774 (e.g. some excel file) after it is
> opened and saved by a windows client the permissions are 0744.  Thus the
> next access by a group user cannot write the file.
>
> No mask options are specified in the smb.conf so all defaults are being
> used. Is there a reason why the permissions are being changed when a file
> is saved?

Have a look at the various mask settings (SWAT's a good help for looking
at what's possible, but i don't use it for real). 3.0.11 here, but it
should be the same across the board.

I have:

create mask = 0770
security mask = 0770
directory mask = 0770
directory security mask = 0770
inherit permissions = Yes

In [global] It's probably overkill, but can be modified in each share and
avoids what you describe.

--Tonni

--
mail: [EMAIL PROTECTED]
http://www.billy.demon.nl

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Two smbd daemons and clustered environment

[Buozis, Martynas]

Hello

I have a question about running two SMBD daemons on one host. Background
for this request is Samba failover in parallel services mode. The actual
requirement is to start Samba processes bind to specific IP address.
This can be done by specifying following parameters in smb.conf file :

interfaces = 192.168.100.1/24
bind interfaces only = yes

But nmbd process always is listening on *, instead of specific
interface. So does it mean, that nmbd should be started once on a hosts
event two smbd daemons will run ?  Maybe running two smbd's on one node
is not a good idea at all ? But how to deal with failovering IP address
in case of one smbd process ?

Does anybody have experience in running two smbd daemons with different
configuration options on one host and can share his/her experience ? Or
running smbd service as parallel service in clustered environment on two
nodes ?


Thank you for any tips and/or advises.

With best regards
Martynas

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Authentication via both domain controller and local Samba password file

[Juer Lee]

Hi Guys,

 

Does anybody know that if Samba is able to authenticate the user via both
domain controller and local Samba password file when the Samba is running
under 'Domain' mode??

 

The test steps:

1. Add some Samba users when the Samba is configured running under 'User'
mode, then the share is accessible by those added users.

2. Try to join the Samba a Windows 2000 domain, then the user logs into the
domain can access the share. 

 

My question is: 

 Can the user created in step 1 can still access the share?

 

I have done the test on Samba 3.0.7 and Samba 3.0.11, the answer is 'No'.
But I do remember that the share can be accessed by both domain user or
local Samba user in this case in earlier Samba 3.0.x than 3.0.

 

Thanks in advance,

Juer 

 

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

RE: [Samba] Srvtools causes smbldap_open: cannot access LDAP when not root - SOLUTION

[Doug Campbell]

Thanks to those of you who responded.  Andrew Bartlett came through with the
answer I needed to hear, which was that I was trying to do something that
wasn't supported.

 I am it has two weeks trying to twirl the PDC with samba + LDAP and
ties
 the moment only migraines. It would like to know which is the problem,
 now, below described in mine log's?
>>>
>>> What user are you trying to use to join the domain.  It must either be
>>> root (Samba < 3.0.11) or an user with the SeMachineAccount privilege
>>> (Samba >= 3.0.11).
>>>
>>> Andrew Bartlett
>>
>> Is it also true in Samba < 3.0.11 that only root can add users/groups
>> and make modifications using the SRVTOOLS package?
>
>Correct.

Thanks Andrew for the answer!

Doug

> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] Behalf Of Tony
> Earnshaw
> Sent: Monday, February 28, 2005 9:41 PM
> To: samba@lists.samba.org
> Subject: RE: [Samba] Srvtools causes smbldap_open: cannot access LDAP
> when not root
>
>
>
> Doug Campbell:
>
> [...]
>
> >>> smbldap_open: cannot access LDAP when not root...
>
> [...]
>
> >> As which user (Unix) is slapd (presume this is OpenLDAP)running?
> >> Do you have an 'ldap admin dn' entry in smb.conf with rights
> to all LDAP
> >>  ACLs?
> >>
> >>
> >> I.e., I don't have this problem with Samba 3.0.11/OL 2.2.17-23 and
> >> didn't with 3.0.7, either.
> >
> > My smb.conf file does have the ldap admin dn entry.  The
> relevant section
> > of my smb.conf file is as follows:
>
> [...]
>
> Again, as which Unix user is slapd running? Who is the owner of your DB
> files, config files, etc.? What are the permissions on them? Have you
> certificates (i.e. the CA cert) or anything that smbd has to try to read
> that can only be read by root? Is "cn=Manager,dc=swro,dc=local" a proxy
> user in your DIT, or the rootdn user in slapd.conf (it's better to make a
> proxy user in the DIT and comment out the rootdn). Can a normal user run
> ldapsearch, for example, without being root?Etc. ;)
>
>
> --Tonni
>
> --
> mail: [EMAIL PROTECTED]
> http://www.billy.demon.nl
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/listinfo/samba

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Re: [homes] share problems

[Robert]

james wrote:
Robert  connectfree.co.uk> writes:
 

I am experiencing the following problems with the [homes] shares.
Using Samba 3.0.9 and winbind on SLES9 with NT PDC.
Running wbinfo -a authenticates users ok but I cannot connect using 
smbclient.
If I comment out 'valid users = %S' from [homes] in smb.conf then it is 
possible to connect using valid user/password combinations but otherwise 
I get
tree connect failed: NT_STATUS_ACCESS_DENIED

Could anyone please throw some light on this while I still have some 
hair left.
Thanks

Rob
   

Help also wanted with the same issue:-
I am using the the same version of Samba, same version of SLES and experiencing
an identical problem with the "valid users=%S" setting on the homes  share  - "
tree connect failed: NT_STATUS_ACCESS_DENIED". 

One key difference between my environment and Rob's is my environment is relying
on a Windows AD server for authentication and I am running smbclient -k. 

smbclient work okay with the %S commented out but fails when uncommented
Any help would be appreciated
Thanks
James
 

James
I have now managed to resolve this issue using the following :-
valid users = DOMAIN\%S
where DOMAIN is replaced by your domain name. This assumes the default 
winbind separator \

Regards
Rob
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Re: [homes] share problems

[Christoph Scheeder]

james schrieb:
Robert  connectfree.co.uk> writes:

I am experiencing the following problems with the [homes] shares.
Using Samba 3.0.9 and winbind on SLES9 with NT PDC.
Running wbinfo -a authenticates users ok but I cannot connect using 
smbclient.
If I comment out 'valid users = %S' from [homes] in smb.conf then it is 
possible to connect using valid user/password combinations but otherwise 
I get
tree connect failed: NT_STATUS_ACCESS_DENIED

Could anyone please throw some light on this while I still have some 
hair left.
Thanks

Rob
Help also wanted with the same issue:-
I am using the the same version of Samba, same version of SLES and experiencing
an identical problem with the "valid users=%S" setting on the homes  share  - "
tree connect failed: NT_STATUS_ACCESS_DENIED". 

One key difference between my environment and Rob's is my environment is relying
on a Windows AD server for authentication and I am running smbclient -k. 

smbclient work okay with the %S commented out but fails when uncommented
Any help would be appreciated
Thanks
James

Hi all,
some month ago i had the same problem and was told to replace %S by %U.
That solved the problem for me.
BUT i have a standalone samba-pdc, so it may help you or not,
but it's worth a try, isn't it?
Christoph
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Undeliverable message returned to sender

[Content Filter]

This message was created automatically by mail delivery software.

Delivery failed for the following recipient(s):
[EMAIL PROTECTED]


The message you sent contained an attachment which the recipient has chosen to 
block.
Usually these sort of attachments are blocked to prevent malicious software 
from being sent to the recipient in question.

The name(s) of the blocked file(s) follow:

document_word.pif

To send this file, please place it in a compressed archive using WinZip 
(http://www.winzip.com) or the archive software of your choice.


- Original Message Header -
Received: by mail35-ash.bigfish.com (MessageSwitch) id 1109664063361974_4769; 
Tue,  1 Mar 2005 08:01:03 + (UCT)
Received: from wabco-auto.com (pD955DC27.dip.t-dialin.net [217.85.220.39])
by mail35-ash.bigfish.com (Postfix) with ESMTP id 5C58730BD2D
for <[EMAIL PROTECTED]>; Tue,  1 Mar 2005 08:00:51 + (UCT)
From: samba@lists.samba.org
To: [EMAIL PROTECTED]
Subject: Re: Word file
Date: Tue, 1 Mar 2005 09:19:58 +0100
MIME-Version: 1.0
Content-Type: multipart/mixed;
boundary="=_NextPart_000_0006_4062.3B8E"
X-Priority: 3
X-MSMail-Priority: Normal
Message-Id: <[EMAIL PROTECTED]>

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba