[Samba] Can't browse the network
Hi, I have a Mandrake 10.1 with Samba 3.0.10 and clients with windows 98 XP. I can't browse the network from clients computers. Logfile: Mar 8 09:21:27 www smbd[13792]: [2005/03/08 09:21:27, 0] smbd/service.c:make_connection_snum(570) Mar 8 09:21:27 www smbd[13792]: Can't become connected user My smb.conf: #=== Global Settings = [global] log file = /var/log/samba/log.%m smb passwd file = /etc/samba/smbpasswd load printers = yes socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 force group = estmas map to guest = bad user encrypt passwords = yes printer admin = @adm allow hosts = 192.168.0. dns proxy = no netbios name = fileserver server string = Samba Server %v printing = cups workgroup = ESTMA os level = 255 local master = yes preferred master = yes interfaces = 192.168.0.0/24 bind interfaces only = yes valid users = @estmas printcap name = cups create mode = 775 security = user max log size = 50 directory mode = 775 Anyone else know anything about this ? Please, help! Kindest regards Oleg Minakov. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] samba ldap bind problems.
warning I'm just getting started with samba-ldap myself, on linux. \warning Check your ldap.conf file for the correct binddn and bindpw. If it's correct, is ldap.conf readable by the user Samba runs as? Hudson --- Barry Haycock [EMAIL PROTECTED] wrote: I have a solaris 9 box that I am configuring to be a PDC using the latest version of samba authenticating off of an Openldap db. This machine uses the same ldap server to authenticate the unix users but after following documentation for setting up samba/ldap PDC. Using smbldap-populate populated the database with no problems but when I try and run smblclient -L master I get the following errors in syslog and the command times out eventually. basically from what I am seeing I believe that somewhere there is wrong bind being made to my ldap server. Nothing is appearing in the logs of the ldap server. I have looked through all files that I can think of that has bind information and that is correct. I have dumped secrets.tbd and that is correct. If anyone can offer any problems it would be much appreciated. Mar 8 16:18:29 usfr140 smbd[4441]: [ID 702911 daemon.error] [2005/03/08 16:18:29, 0] lib/smbldap.c:smbldap_connect_system(850) Mar 8 16:18:29 usfr140 smbd[4441]: [ID 702911 daemon.error] failed to bind to server with dn= cn=Manager,dc=sage,dc=ato Error: Can't contact LDAP server Mar 8 16:18:29 usfr140 smbd[4441]: [ID 702911 daemon.error] (unknown) # more /etc/samba/smb.conf netbios name = master workgroup = SAGE ldap admin dn = cn=Manager,dc=sage,dc=ato ldap suffix = dc=sage,dc=ato os level = 32 preferred master = yes domain master = yes local master = yes domain logons = yes smbldap_conf.pm # LDAP Suffix # Ex: $suffix = dc=IDEALX,dc=ORG; $suffix = dc=sage,dc=ato; # Where are stored Users # Ex: $usersdn = ou=Users,$suffix; for ou=Users,dc=IDEALX,dc=ORG $usersou = q(USERS); $usersdn = ou=people,$suffix; # Where are stored Computers # Ex: $computersdn = ou=Computers,$suffix; for ou=Computers,dc=IDEALX,dc=ORG $computersou = q(COMPUTERS); $computersdn = ou=computers,ou=services,$suffix; # Where are stored Groups # Ex $groupsdn = ou=Groups,$suffix; for ou=Groups,dc=IDEALX,dc=ORG $groupsou = q(GROUPS); $groupsdn = ou=groups,$suffix; # Default scope Used $scope = sub; # Unix password encryption (CRYPT, MD5, SMD5, SSHA, SHA) $hash_encrypt=CRYPT; # Bind DN used # Ex: $binddn = cn=Manager,$suffix; for cn=Manager,dc=IDEALX,dc=org $binddn = cn=Manager,$suffix; # Bind DN passwd used # Ex: $bindpasswd = 'secret'; for 'secret' $bindpasswd = secret; S-1-5-21-4058613952-3403335136-1230151498 Barry Haycock T +61 2 6216 8905 Cybertrust Pty Limited 243 Northbourne Ave Lyneham ACT 2602 There are 10 types of people in the world. Those that understand binary and those that don't. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba __ Celebrate Yahoo!'s 10th Birthday! Yahoo! Netrospective: 100 Moments of the Web http://birthday.yahoo.com/netrospective/ -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] samba with ldap
Hi I am using samba on a woody distribution. Is it possible to ask a remote ldap server to determine permission access to users for shares folders and printers? I have tried it but without any success. Which pam authentification do I configure ? Thanks -- Faites un voeu et puis Voila ! www.voila.fr -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Command tests work but can't browse the network
I am a Samba newbie who has just set up a Samba server running under Fedora Core 3 and a client running under Win 98. Any attempt to see the network from Network Neighborhood or from Windows Explorer fails with the error box: Unable to browse the network . The network is not accessible For more information ... I have run all the tests in the HOWTO section: .../Samba-HOWTO-Collection/diagnosis.html up to and including the last two: C:\WINDOWSnet use x: \\claremont\TMP on the client, which does, in fact make the device x: on my client equivalent to /tmp on my server, and $ nmblookup -M MYGROUP querying MYGROUP on 192.168.255.255 192.168.1.35 MYGROUP1d on the server, which looks OK. Nevertheless (to repeat) attempts to browse the network from Network Neighborhood or from Windows Explorer all fail. Is my installation of Win 98 broken? Should I reinstall? What's going on? -- Jonathan Ryshpan [EMAIL PROTECTED] Berkeley Linux Team -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] joining a domain without having Windows admin privileges
On Mon, 2005-03-07 at 11:00 +0100, David Landgren wrote: On Fri, 04 Mar 2005 00:06:10 -0600, J Raynor [EMAIL PROTECTED] wrote: I would like to use security = domain for a samba server, but the only way I've found to do that is to issue the command net rpc join -U admin%password where admin is a Windows user that has the authority to create machine accounts. I don't have that authority, and I don't think I can get it. Is there another way to do this? For instance, if the Windows admins add the machine account for me, can I issue a different command to join the domain? What command? Ask the admins to insert if for you into the domain. There's a reason it's done this way, so that the admins have a nominal idea of what machines are on their network, and thus, potentially responsible for. If you do a 'net rpc join', it should first try to take up this account (added from the server side) and change the preset password (the machine name) to something random. Or get the admin to put their password into the the 'net rpc join'. Andrew Bartlett -- Andrew Bartletthttp://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org Student Network Administrator, Hawker College http://hawkerc.net signature.asc Description: This is a digitally signed message part -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] mac osx : files automatically renamed
Hi, On a Linux server (Mandrake 10 distribution), I installed Samba server 3.0.10. The clients are all Mac OS X 10.3 Word files are automatically renamed when the user save the file. Does someone already heard about this weirdness ? Thanks Stéphane -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Command tests work but can't browse the network [REVISED]
I am a Samba newbie who has just set up a Samba server running under Fedora Core 3 and a client running under Win 98. Any attempt to see the network from Network Neighborhood or from Windows Explorer fails with the error box: Unable to browse the network . The network is not accessible For more information ... Also, when I log in, I get the message: No domain server was available to validate your password. You may not be able to gain access to some network resources. Something isn't running on the server. What is it? I have run all the tests in the HOWTO section: .../Samba-HOWTO-Collection/diagnosis.html up to and including the last two: C:\WINDOWSnet use x: \\claremont\TMP on the client, which does, in fact make the device x: on my client equivalent to /tmp on my server, and $ nmblookup -M MYGROUP querying MYGROUP on 192.168.255.255 192.168.1.35 MYGROUP1d on the server, which looks OK. Nevertheless (to repeat) attempts to browse the network from Network Neighborhood or from Windows Explorer all fail. What's going on? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Sharing an nfs mounted directory from two different samba servers?
Luca Olivetti wrote: Due to the problems I experienced switching my users to a new server, I'd like now to migrate only some workstations at a time. Since they all have to work on the same files, I though of nfs mounting the new server disk on the old one, so the old server would be sharing the nfs mounted directory while the new one would be sharing the same directory but from its own disk. Is this an acceptable plan or am I going to have issues with locking/oplocks? I made a simple test. Server A has nfs mounted a directory of server B. If I'm using server B I can see that accessing a file from A modifies the oplocks on server B. Viceversa if I'm using server A, accessing a file from B doesn't propagate the oplock change to A :-( Any suggestion? Bye -- Luca Olivetti Wetron Automatización S.A. http://www.wetron.es/ Tel. +34 93 5883004 Fax +34 93 5883007 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Hi, my darling :)
Look at my new screensaver. I hope you will enjoy... Your Liza MIME-Version: 1.0 Content-Type: multipart/mixed; boundary==_NextPart_000_0008_1E234AC0.935A180A X-Priority: 3 X-MSMail-Priority: Normal This is a multi-part message in MIME format. --=_NextPart_000_0008_1E234AC0.935A180A Content-Type: text/plain; charset=windows-1252 Content-Transfer-Encoding: 7bit For you --=_NextPart_000_0008_1E234AC0.935A180A Content-Type: application/x-msdownload; name=demo.exe Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename=demo.exe --=_NextPart_000_0008_1E234AC0.935A180A-- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] (no subject)
Un message dont vous etes le destinataire a ete refuse par exim Il contenait un fichier attache non autorise : exe,bat,zip,... l'auteur de ce mail est : [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Win98 refuses to share printers after migration to PDC
Hello everybody: Recently we migrated one LAN from a simple WORKGROUP based net to a Samba PDC. Everything was quite good, but after the process, The Win98 oses started to refuse sharing printers. Lets'see the problems: Using smbclient: smbclient PC-03\\HP -c print /tmp/ex.txt -U gestion Password: tree connect failed: ERRSRV - ERRinvdevice (Invalid device - printer request made to non-printer connection or non-printer request made to printer connection.) using smbspool: smbspool smb://gestion:[EMAIL PROTECTED]/PC-03/HP prueba gestion prueba 1 1 /dev/null failed tcon_X with NT_STATUS_BAD_DEVICE_TYPE ERROR: Connection failed with error NT_STATUS_BAD_DEVICE_TYPE ERROR: Unable to connect to SAMBA host, will retry in 60 seconds... We have a couple of XP in the LAN, and both are sharing the printers ok. I saw this message far time ago : http://lists.samba.org/archive/samba/2003-February/062096.html but nobody answered, maybe I'd have some more luck. Thanks in advance. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] NT Domain to Samba-LDAP just disabling netlogon on NT PDC?
Hi group Quick question before I switch my domain from NT4 PDC to Samba-LDAP: Can I leave the old NT-PDC in my subnet, if I just disable it's netlogon service? Reason: This old NT-Server has a database running which is still needed after the migration to samba, but it doesn't need to have any NETBIOS-NTDomain functionality after the switch, just TCP-IP. I know of third-party tools like UPromote, but if I can avoid them, I think this is a much easier and transparent way of doing it. Thanks for comments Paul -- Paul Coray Administrator Server und Netzwerk Oeffentliche Bibliothek der Universitaet Basel EDV-Abteilung Schoenbeinstrasse 18-20 CH-4056 Basel Tel: +41 61 267 05 13 Fax: +41 61 267 31 03 mailto:[EMAIL PROTECTED] http://www.ub.unibas.ch -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba as PDC and BDC on the same network.
Jean-Jacques Moulis a écrit : On Mon, 07 Mar 2005 09:57:47 + Clement DIEBOLD [EMAIL PROTECTED] wrote: CD CD Then, if I put : CD CD @echo off CD CD echo Script de demarrage CD CD net use T: \\PDC\temp /PERSISTENT:NO CD CD CD CD Then, if the PDC becomes down, this script wouldn't work and i must CD CD be there to change the name of the server in the script. CD CD CD CD So, what should I do ?? CD CD CD CD Thanks for the responses. CD CD CD CD Any idea ?? CD CD CD CD Thanks CD CD CD CD Nobody :( CD CD A preexec script on the BDC netlogon share could modify the logon script CD according to the availability of the PDC. CD CD CD Can you give me an example of the preexec script please? in smb.conf .. [netlogon] . browseable = no public = no root preexec = search_for_life_signs search_for_life_signs: #! /bin/sh if ping PDC /dev/null 21 ; then cp epitaph_for_the_PDC LOGON.BAT fi Even if you are located at a place with such mournful connotation I don't think your PDC will expire so often. This idea of a preexec script is not that good after all Instead of a preexec script you should run a cron job on the BDC that make the LOGON.BAT change when the PDC is unavailable. You should also have a better check than ping, perhaps something with smbclient. The check should also allow for some transient failures of the PDC. The change should be oneway, I suppose, you probably want to know where the most recent data is. CD -- CD Clément DIEBOLD CD Service Informatique CD LMARC Université de Franche-Comté CD 24, chemin de l'Epitaphe CD 25000 Besançon CD Tel : 03 81 66 60 53 CD Fax : 03 81 66 67 00 OK, but know how to change the logon home = \\%L\%U logon path = \\%L\Profiles\%U in my smb.conf when the PDC is down? Thanks for your answers. -- Clément DIEBOLD Service Informatique LMARC Université de Franche-Comté 24, chemin de l'Epitaphe 25000 Besançon Tel : 03 81 66 60 53 Fax : 03 81 66 67 00 -- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Difference Copy and Move at inheriting
Hello, if I copy or create a file or directory, it inherits the permissions of it's parent. If I move a file from one directory to another, it will not inherit the permissions of the target-directory. Why? [daten] comment = Daten path = /samba/daten inherit permissions = yes inherit ACLS = yes nt acl support = no writeable = yes hide unreadable = yes veto files = /.*/ root preexec = /etc/samba/scripts/mk_sambadir /samba/daten/.recycle/%U %U %g vfs object = recycle recycle:repository=.recycle/%U recycle:versions=True recycle:keeptree=True Thanks for your responses. matze -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Problems with file names
Hi, I have a Samba server working on my LAN and it have some problems with some characters in the file name, eg. 123:testedearq:123456 In the Linux console, the file name is displayed like this: [EMAIL PROTECTED] teste]# ls 123:testedearq:123456 [EMAIL PROTECTED] teste]# But in Samba share, the file name is displayed like this: 123TE~M3 Any ideia about how can I fix it to show the correct name in the Samba share? smb.conf configuration (withou this configuration, I have the same problem and some others one): character set = iso8859-1 client code page = 850 valid chars = áÁéÉíÍóÓúÚâÂêÊôÔãÃõÕàÀòÒ:; PS: I believe that is caused by the : because long file names are displayed correctly, but the files need : in the name. Thank's a lot. -- Márcio Oliveira LPIC-2 PAMSIST - Unidade de Serviços, Informações, Sistemas e Tecnologia. Pamcary Sistemas de Gerenciamento de Riscos. 55 11 3889-1376 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Sharing an nfs mounted directory from two different samba servers?
Luca Olivetti wrote: Due to the problems I experienced switching my users to a new server, I'd like now to migrate only some workstations at a time. Since they all have to work on the same files, I though of nfs mounting the new server disk on the old one, so the old server would be sharing the nfs mounted directory while the new one would be sharing the same directory but from its own disk. Is this an acceptable plan or am I going to have issues with locking/oplocks? I made a simple test. Server A has nfs mounted a directory of server B. If I'm using server B I can see that accessing a file from A modifies the oplocks on server B. Viceversa if I'm using server A, accessing a file from B doesn't propagate the oplock change to A :-( Any suggestion? NFS v4 has things to do locking. what is Your version of NFS ? Bye -- Luca Olivetti Wetron Automatizaci?n S.A. http://www.wetron.es/ Tel. +34 93 5883004 Fax +34 93 5883007 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] SMBD loading CPU
Hi I am running samba Version 2.2.8a-SuSE on a SuSE Linux 9.0 box. It has dual 700MHz CPU's and 512MB RAM It is used as a file server, serving files to Win XP and Win 2k users. I have noticed it is using between 30% and 75% of CPU usage per smbd session, which slows the network to a grind. I thought samba and smbd used very little of the CPU. Is tehre anything i can do to reduce this ? Thanks --Mark This communication is confidential to the intended recipient(s). If you are not that person you are not permitted to make use of the information and you are requested to notify the sender immediately of its receipt then destroy the copy in your possession. Any views or opinions expressed are those of the originator and may not represent those of Advanced System Architectures Ltd. *** This Email Has Been Virus Checked *** -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] machine account locations
OK I'm confused. Can machines be in ou=Computers,dc=somewhere,dc=net ? yes, if nss_ldap will find them there (or if you store machine accounts without ldap). Every thing works fine if I configure so that machine accounts are created under ou=Users. If configured for machines to be in ou=Computers, I can't add a new machine. Error returned is The user name could not be found. This is from the w2k machine itself. The release notes for 3.0.11 seem to say adding machines under ou=Computers should work. The IDEALX Samba-OpenLDAP Howto (Revision 1.9) seems to indicate it should work. But ldap.conf needs to be set to: nss_base_passwd dc=somewhere,dc=net?sub nss_base_shadow dc=somewhere,dc=net?sub nss_base_group ou=Group,dc=somewhere,dc=net?one (I did this.) The IDEALX Smbldap-tools User Manual (Release:0.8.7) In section 6.9 on page 18 says no, _unless_ you apply the fix as listed above. Note that the IDEALX howtos were released after Samba 3.0.11. I'm using SUSE Pro 9.2 with all patches up to date. Samba version is samba-3.0.11-2.1 from the binaries on the ftp site. The /var/log/messages seem to indicate that add machine script = /usr/local/sbin/smbldap-useradd -w %u is trying to add the machine directly in dc=somewhere,dc=net. Any help would be appreciated. Hudson __ Celebrate Yahoo!'s 10th Birthday! Yahoo! Netrospective: 100 Moments of the Web http://birthday.yahoo.com/netrospective/ -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Sharing an nfs mounted directory from two different samba servers?
Ilia Chipitsine wrote: Luca Olivetti wrote: [...] Viceversa if I'm using server A, accessing a file from B doesn't propagate the oplock change to A :-( Any suggestion? NFS v4 has things to do locking. what is Your version of NFS ? The new server's kernel shoud have support for nfs v4 compiled in, but the old one has only support for v3. Bye -- Luca Olivetti Wetron Automatización S.A. http://www.wetron.es/ Tel. +34 93 5883004 Fax +34 93 5883007 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] cupsaddsmb fails - files are not copied
Hello, i have problems getting the automatic driver installation for windows clients running. i am using cupsaddsmb, it creates the WIN40 Directory and tells me its putting files - but the Directory remains empty - and thats, so i guess, the reason for the rpccleint command failing (DOS error 0x0042 smth.) what am i doing wrong? regards sven wandersleb transcript of cupsaddsmb and smb.conf follow: edelstoff printer # ls -la total 0 drwxrwxrwx 2 root root 48 8. Mär 13:10 . drwxr-xr-x 4 root root 240 8. Mär 13:10 .. edelstoff printer # cupsaddsmb -U root -a -v Password for root required to access localhost via SAMBA: Running command: smbclient //localhost/print\$ -N -U'root%xxx' -c 'mkdir WIN40;put /var/spool/cups/tmp/422d962f9af3d WIN40/Laserknecht.PPD;put /usr/share/cups/drivers/ADFONTS.MFM WIN40/ADFONTS.MFM;put /usr/share/cups/drivers/ADOBEPS4.DRV WIN40/ADOBEPS4.DRV;put /usr/share/cups/drivers/ADOBEPS4.HLP WIN40/ADOBEPS4.HLP;put /usr/share/cups/drivers/ICONLIB.DLL WIN40/ICONLIB.DLL;put /usr/share/cups/drivers/PSMON.DLL WIN40/PSMON.DLL;' Domain=[EDELSTOFF] OS=[Unix] Server=[Samba 3.0.11] putting file /var/spool/cups/tmp/422d962f9af3d as \WIN40/Laserknecht.PPD (4696.0 kb/s) (average 4696.0 kb/s) putting file /usr/share/cups/drivers/ADFONTS.MFM as \WIN40/ADFONTS.MFM (43236.8 kb/s) (average 26480.1 kb/s) putting file /usr/share/cups/drivers/ADOBEPS4.DRV as \WIN40/ADOBEPS4.DRV (46921.1 kb/s) (average 37518.4 kb/s) putting file /usr/share/cups/drivers/ADOBEPS4.HLP as \WIN40/ADOBEPS4.HLP (37979.2 kb/s) (average 37567.8 kb/s) putting file /usr/share/cups/drivers/ICONLIB.DLL as \WIN40/ICONLIB.DLL (28839.1 kb/s) (average 36985.9 kb/s) putting file /usr/share/cups/drivers/PSMON.DLL as \WIN40/PSMON.DLL (18666.1 kb/s) (average 36113.6 kb/s) Running command: rpcclient localhost -N -U'root%xxx' -c 'adddriver Windows 4.0 Laserknecht:ADOBEPS4.DRV:Laserknecht.PPD:NULL:ADOBEPS4.HLP:PSMON.DLL:RAW:ADOBEPS4.DRV,Laserknecht.PPD,ADOBEPS4.HLP,PSMON.DLL,ADFONTS.MFM,ICONLIB.DLL' result was DOS code 0x0042 Password for root required to access localhost via SAMBA: [i just press enter, repeating does not help] Running command: rpcclient localhost -N -U'root%' -c 'adddriver Windows 4.0 Laserknecht:ADOBEPS4.DRV:Laserknecht.PPD:NULL:ADOBEPS4.HLP:PSMON.DLL:RAW:ADOBEPS4.DRV,Laserknecht.PPD,ADOBEPS4.HLP,PSMON.DLL,ADFONTS.MFM,ICONLIB.DLL' Cannot connect to server. Error was NT_STATUS_LOGON_FAILURE cupsaddsmb: Unable to install Windows 9x printer driver files (256)! edelstoff printer # ls -la total 0 drwxrwxrwx 3 root root 72 8. Mär 13:10 . drwxr-xr-x 4 root root 240 8. Mär 13:10 .. drwxr-xr-x 2 root root 48 8. Mär 13:10 WIN40 edelstoff printer # ls -la WIN40/ total 0 drwxr-xr-x 2 root root 48 8. Mär 13:10 . drwxrwxrwx 3 root root 72 8. Mär 13:10 .. edelstoff printer # smb.conf: [global] workgroup = MARCHIONINI server string = Samba Server map to guest = bad user security = user wins support = yes default case = lower load printers = yes default = public map to guest = Bad User encrypt passwords = yes update encrypted = Yes pam password change = Yes printcap name = cups passwd chat debug = Yes printing = cups max disk size = 1000 [print$] comment = Drucker-Treiber path = /etc/samba/printer guest ok = yes browseable = no public = yes writable = no printable = yes valid users = root,swandersleb write list = root,swandersleb printer admin = root,swandersleb [printers] comment = HP Color LaserJet 4500N print ok = yes guest ok = no [... some more file shares follow] -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Re: Re: Delivery Server - IMPORTANT
Bonjour * MERCI DE LIRE CE MAIL EN ENTIER ! * * CECI N'EST PAS UN AUTOREPONDEUR ! * Vous venez d'envoyer un mail a l'adresse suivante : [EMAIL PROTECTED] Cette adresse est protégée par un programme anti-spam / anti-virus. Si vous recevez ce mail, c'est que votre adresse email n'est pas encore dans la liste de celles acceptées par [EMAIL PROTECTED] Pour entrer dans cette liste, et faire en sorte que [EMAIL PROTECTED] puisse recevoir votre email, il vous suffit de cliquer sur le lien ci-dessous : http://mail.k-network.com/?e=504037k=wp5buuyabfvgiyw Si vous ne cliquez pas sur ce lien dans les 2 jours, votre message sera effacé. Cette manipulation ne sera faite qu'une fois et une seule, vous serez ensuite automatiquement reconnu(e). En cas de probleme, vous pouvez envoyer un message à [EMAIL PROTECTED] en vous rendant à cette adresse : http://mail.k-network.com/ Je vous remercie de votre comprehension. vpopspam v1.00 - K-network -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] lost passdb, workstations lost trust relation ship
On Mon, 7 Mar 2005, Nicolas Kowalski wrote: After a catastrophic disk failure, I restored all the contents of /var/lib/samba of our Samba 3.0.11 PDC (debian 3.0). However, when logging on any workstation, we keep having an error about a failed trust relationship. Here is a sample: I was in a hurry, so I had to make all the workstations rejoin the domain. I do understand why restoring the secrets.tdb and all others .tdb files in /var/lib/samba was not sufficient to get our domain back. To prevent this kind of disappointment in the future, may anyone give me some directions for backing up a Samba 3.0.11 PDC on a Debian server, using tdbsam as password information ? I already have backups of /etc/samba and /var/lib/samba. What else should I include, or what commands (tdbbackup?) do you recommend ? Thanks. -- Nicolas -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
R: R: [Samba] local users in domain member security.
Jerry, I have installed a dos client with WFW network, I have insert these parameters in the system.ini file: workgroup=sambamachine domain=sambamachine, but an error occured, it's said that the specified name is already used for a machine, just my samba machine.So I have try to use the reality domain and with net use command I have try to connect to the share: net use f: \\sambapc\data , it asked me the password and answer me that the access is denied but with smbclient it works. It's probably the password mode accross the network wrong I have an smb.conf configured as domain security and so encryptpasswod = yes? This is necessary for the others users that have to authenticate by ADS. It is possible? Thanks again. -Messaggio originale- Da: Gerald (Jerry) Carter [SMTP:[EMAIL PROTECTED] Inviato: lunedì 7 marzo 2005 18.02 A:Meli Marco Cc: 'samba@lists.samba.org' Oggetto: Re: R: [Samba] local users in domain member security. -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Meli Marco wrote: | it works but I would like to ask you how can I translate | the same situation for my ms dos client, maybe I have to insert | workgroup = sambamachine instead of domain name? | Practically they aren't domain users but localy users isn't | it?Or I'm wrong? That would work, but probably mess up browsing. You could try setting auth methods = guest sam_ignoredomain winbind:ntdomain in smb.conf to make smbpasswd ignore the domain specified for the user and only look at the username. cheers, jerry -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.5 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFCLIkhIR7qMdg1EfYRAheXAJwP/RlV5rx5pvAFp/UATm7BPkhMkwCcD4xY ERBdU0DUh2q9LUyabIPyuvw= =CnSL -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] security = ads or domain
hey friends, I have 2 problems in samba I am narrating my problems below: a) I have configured samba with security =ads in FC3 workstation and my domain controller is windows 2003 ,the samba is working fine with the configured options.As my domain consists of windows ,linux and unix clients and few of the users uses windows as well as Linux or Unix each user having its different machines. Now i want the users which uses both Linux/Unix and windows should be able to see their home directories and other folders through windows.Just like a normal configured samba as File server and users frm the network neighbourhood can see their home directories and other folders. Is it possible if the security = ads is setup and if then a user wants to see his/her home directories and other folders from the windows.I have created a directory for my domain in home folder and if any users who is first time logging its directory is created under /home/mydomain/user. If it is possible then please let me know. b) I have setup the linux box (FC3) with samba with security = domain and password server = s1.sun.com(internal).The domain controller is Windows 2003 and my system is FC3 server. I have created one folder in which i have created some directories.There are different types of users in my company some in development, some in administration , som e in top management.I have created some folders in which users can put their data to share among their colleagues or team. What happens is that when somebody clicks on samba server all the folders which i have explicitly mentioned in the smb.conf are shown .Whereas what i want is that only those folders should come when the user access the samba server on which he has the right to access it. Suppose james is a user having access rights on folders cpms, manager. Now when he clicks on the samba server he sees his home directory where he can put his data, a cpms folder which is shared among the other development team members(have set it with suid) and manager(have set it this also with suid) and all other folders (specified in smb.conf) on which he does not have the rights.He can't access those folders in which he don't have the rights but i don't want to show the james those folders on which he does not have any kind of right. Ideally is should be when james accesses the samba server he should see his home directory,his cpms and manager folder nothing else.So that he should know that he can access and only have access to these folders. I tried with u% variable but this variable works for only primary group not for secondary group.I hope that many of u have faced the same problem. Please anyone of you can give me solution. Thanks in advance . Regards Ankush -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Re: [linux-cifs-client] Mounting directories below share level
On Friday 4th March 2005, Steven French said, in part: I did some experiments and confirmed that for this deep mapping (http://www.windowsnetworking.com/articles_tutorials/w2kdmap.html) mount of a complex target ie \\server\share\dir 1) the path component following the share name is not sent by windows (it is sent by linux cifs and smbfs - and samba then rejects the tree connect) 2) the permissions of the parent directory (the root of the server share) can be deny for the user doing the Windows NET USE (since the root of the server share is not visible on the client) 3) the permissions of the parent directory (the root of the server share) can be deny for the user doing a Linux cifs client mount of \\server\share as well (it will look like no files are present) and mount --bind /mnt/some_sub_dir_of_the_server_share /some_local_dir works fine for achieving the deep mapping effect (at least to Windows server from Linux cifs) even if the user has no permissions on root of server share I hesitate to take issue with people who are obviously much more knowledgeable about the subject than I am, but my limited tests on our system haven't been able to cifs mount a share that I don't have rights to. As I said in my mail of 7th March, I can mount -t smb a share that I have no rights to; however I cannot mount -t cifs the same share. If I set cifsFYI to 1, I get the attached information logged through syslog. I assume, naively, that it is the cifs_read_inode that generates the ACCESS_DENIED error. Just to save going back up the thread, the command I tried was: mount -t cifs //ip.address/UserShare1$ /mnt -v -o user=test,pass=**,netbiosname=ma As the mount appears to have been OK, can I stop cifs trying to access the share after mount? I tried -o noserverino but it comes back as an unknown option. mount.cifs version 1.5 kernel 2.6.9 TIA for any help advice John John Landamore School of Mathematics Computer Science University of Leicester University Road, LEICESTER, LE1 7RH [EMAIL PROTECTED] Phone: +44 (0)116 2523410 Fax: +44 (0)116 2523604 Mar 8 13:26:46 ma kernel: fs/cifs/cifsfs.c: Devname: //ip.address/UserShare1$ flags: 64 Mar 8 13:26:46 ma kernel: fs/cifs/connect.c: CIFS VFS: in cifs_mount as Xid: 62 with uid: 0 Mar 8 13:26:46 ma kernel: fs/cifs/connect.c: Username: test Mar 8 13:26:46 ma kernel: fs/cifs/connect.c: UNC: \\ip.address\UserShare1$ ip: ip.address Mar 8 13:26:46 ma kernel: fs/cifs/connect.c: Socket created Mar 8 13:26:46 ma kernel: fs/cifs/connect.c: Existing smb sess not found Mar 8 13:26:46 ma kernel: fs/cifs/transport.c: For smb_command 114 Mar 8 13:26:46 ma kernel: fs/cifs/transport.c: Sending smb of length 47 Mar 8 13:26:46 ma kernel: fs/cifs/connect.c: Demultiplex PID: 3631 Mar 8 13:26:46 ma kernel: fs/cifs/connect.c: Peek length rcvd: 0x24 beginning 0x65) Mar 8 13:26:46 ma kernel: fs/cifs/connect.c: Mid 0xa9 matched - waking up Mar 8 13:26:46 ma kernel: fs/cifs/connect.c: Security Mode: 0x3 Capabilities: 0x1f3fd Time Zone: 0 Mar 8 13:26:46 ma kernel: fs/cifs/connect.c: In sesssetup Mar 8 13:26:46 ma kernel: fs/cifs/transport.c: For smb_command 115 Mar 8 13:26:46 ma kernel: fs/cifs/transport.c: Sending smb of length 234 Mar 8 13:26:46 ma kernel: fs/cifs/connect.c: Peek length rcvd: 0x24 beginning 0x97) Mar 8 13:26:46 ma kernel: fs/cifs/connect.c: Mid 0xaa matched - waking up Mar 8 13:26:46 ma kernel: fs/cifs/connect.c: UID = 2050 Mar 8 13:26:46 ma kernel: fs/cifs/connect.c: CIFS Session Established successfully Mar 8 13:26:46 ma kernel: fs/cifs/connect.c: file mode: 0x7f7 dir mode: 0x1ff Mar 8 13:26:46 ma kernel: fs/cifs/transport.c: For smb_command 117 Mar 8 13:26:46 ma kernel: fs/cifs/transport.c: Sending smb of length 106 Mar 8 13:26:46 ma kernel: fs/cifs/connect.c: Peek length rcvd: 0x24 beginning 0x42) Mar 8 13:26:46 ma kernel: fs/cifs/connect.c: Mid 0xab matched - waking up Mar 8 13:26:46 ma kernel: fs/cifs/connect.c: Tcon flags: 0x1 Mar 8 13:26:46 ma kernel: fs/cifs/connect.c: CIFS Tcon rc = 0 Mar 8 13:26:46 ma kernel: fs/cifs/cifssmb.c: In QFSDeviceInfo Mar 8 13:26:46 ma kernel: fs/cifs/transport.c: For smb_command 50 Mar 8 13:26:46 ma kernel: fs/cifs/transport.c: Sending smb of length 68 Mar 8 13:26:46 ma kernel: fs/cifs/connect.c: Peek length rcvd: 0x24 beginning 0x44) Mar 8 13:26:46 ma kernel: fs/cifs/connect.c: Mid 0xac matched - waking up Mar 8 13:26:46 ma kernel: fs/cifs/cifssmb.c: In QFSAttributeInfo Mar 8 13:26:46 ma kernel: fs/cifs/transport.c: For smb_command 50 Mar 8 13:26:46 ma kernel: fs/cifs/transport.c: Sending smb of length 68 Mar 8 13:26:46 ma kernel: fs/cifs/connect.c: Peek length rcvd: 0x24 beginning 0x50) Mar 8 13:26:46 ma kernel: fs/cifs/connect.c: Mid 0xad matched - waking up Mar 8 13:26:46 ma kernel: fs/cifs/connect.c: CIFS VFS: leaving cifs_mount (xid = 62) rc = 0 Mar 8 13:26:46 ma kernel:
Re: [Samba] Links followed to my local filesystem
I upgraded the client, (from 3.0.0-15 to 3.0.10) the server remains the same (3.0.4), it seems like the linux client changed it's behavior regarding following links on the server side. Any ideas ? Thanks, Pablo On Wed, 02 Mar 2005 08:42:35 -0600, Paul Gienger [EMAIL PROTECTED] wrote: After upgrading to fedora core 3 and therefore to samba 3.0.10 I found Who did you upgrade? client or server? that the link in the samba folder is broken because it's pointing to a non existen directory in my machine instead of pointing to the directory located in the server. Try looking for the follow symlinks options, they may be your key. -- Paul GiengerOffice: 701-281-1884 Applied Engineering Inc. Systems Architect Fax:701-281-1322 URL: www.ae-solutions.com mailto: [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Your remove request has been successfully processed!
We have processed your remove request successfully. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Help with multiple subnets
I have two subnets in may LAN 192.168.0.0/24 and 192.168.1.0/24. Both subnets go out to the Internet through a Linux box acting as a gateway, so the gateway has one interface in each subnet (192.168.1.1 and 192.168.0.1). In both subnets I have Windows and Linux machines and I want to configure SMB networking using a workgroup (not a domain), so one workgroup for more than one subnet. I know that to enable SMB networking in multiple IP subnets I need a domain master browser and one local master browser per each subnet, or I need to use the remote browse sync to make the local master browsers in each subnet talk each other. My problem is that the only machine that has a fixed IP in both subnets is the Linux gateway. To use this remote browse sync would I need two instances of samba one running in each interface ? By now I just have one instance of samba listening in both interfaces in the gateway machine, in the gateway machine there is also a WINS server. I have this Linux gateway configured to be the domain master and the local master browser, but I am bit confused about if this machine is the local master browser in both subnets or not. Basically my configuration in the gateway is the following: - hosts allow=127. 192.168.0. 192.168.1. ... socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 ... interfaces=192.168.0.1/24 192.168.1.1/24 127.0.0.1/8 bind interfaces only=yes ... #To be the DMB domain master = yes local master = yes os level = 255 preferred master = yes ... #To be the WINS server name resolve order = wins lmhosts bcast wins support = yes dns proxy = no -- It's quite weird because if I check the /var/cache/samba/browse.dat file in the gateway I see that the machines in both subnets are there and in the wins.dat file the ip of the machine is there. But then when I try to browse the workgroup form a windows machine I get the famous Error 53 and I can not browse the workgroup. Thanks ! __ Celebrate Yahoo!'s 10th Birthday! Yahoo! Netrospective: 100 Moments of the Web http://birthday.yahoo.com/netrospective/ -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Extremely slow during browsing some directories
From: Linwei Cheng [EMAIL PROTECTED] Hello, The issues I had before seems all disappeared after I rebooted my machine( Fedora3, kernel 2.6.10-1.770_FC3 ). I don't really understand what benefited the samba on rebooting... The information is, before this reboot, I updated the kernel from 2.6.10-1.760_FC3, and updated samba from 3.0.10 to 3.0.12pre1-1. I really doubt it's the client requirement of GET FULL FS SIZE caused the slowness. Before rebooting, I tried using smbclient on another linux machine to connect the shared folder on samba server, and found that when I use ls to list the directories, the directories can be returned immediately but it get stuck on display the filesystem size information at the bottom until timeout. I think it's the same issue for mapping a disk on windows machines, since the windows will try to grab filesystem size information on every operation as well. After rebooting, the ... block of size . blocks available returned immediately and everything goes smoothly. linwei I am seeing the exact same problem and I can confirm that a reboot of Win XP helps the problem temporarily. (this is my laptop so it is restarted regularly) It seems something is getting cached or stuck somewhere after XP is up and running for a while that is causing the 30 second delay descending down the directory tree when using the file-open dialog from MS office applications. There is nothing on the MS lack of knowledge base and google hasn't been my friend on this issue. Do you have any other ideas that might help get this issue resolved?? -- David C. Rankin, J.D., P.E. RANKIN LAW FIRM, PLLC 510 Ochiltree Street Nacogdoches, Texas 75961 (936) 715-9333 (936) 715-9339 fax www.rankinlawfirm.com -- - Original Message - From: Linwei Cheng [EMAIL PROTECTED] Hello, I've read the relative thread on STATUS_OBJECT_NAME_NOT_FOUND, and I think that's part of my issue: 1. When I map the shared folder as a disk to my windowsXP and Windows2K machine, then every step exploring the mapped disk or directories under this disk, takes more than 30sec to response from the samba server. I use ethereal to trace the network, and found that there are a lot of SMB Trans2 request, QUERY_PATH_INFO and SMB Trans2 response QUERY_PATH_INFO roundtrip while my windows machine waiting. 2. When I don't map the shared folder to my windows machines, things are better -- the slowness doesn't happen frequently, but it does happend randomly. When it happens, I got STATUS_OBJECT_PATH_NOT_FOUND error reported. I just updated my Samba to 3.0.12pre-1 from 3.0.10.fc3, but it seems all my issues remain as before. Does this issue introduced in certain Samba version? Does anybody suffer the same problem as mine now or before? Regards, linwei - Original Message - From: david rankin [EMAIL PROTECTED] To: Linwei Cheng [EMAIL PROTECTED] Sent: Thursday, March 03, 2005 7:32 PM Subject: Re: [Samba] Extremely slow during browsing some directories See all of the posts from the last few days with the subject: Re: [Samba] Re: Samba errors with smb QUERY_PATH_INFO,Error: STATUS_OBJECT_NAME_NOT_FOUND -- David C. Rankin, J.D., P.E. RANKIN LAW FIRM, PLLC 510 Ochiltree Street Nacogdoches, Texas 75961 (936) 715-9333 (936) 715-9339 fax www.rankinlawfirm.com -- - Original Message - From: Linwei Cheng [EMAIL PROTECTED] To: Jason Balicki [EMAIL PROTECTED]; samba@lists.samba.org Sent: Thursday, March 03, 2005 7:35 PM Subject: Re: [Samba] Extremely slow during browsing some directories I disabled the web client service on my computer, but it does no good. ( There are also other sharing folders from windows machinces on my network, but I didn't suffer the same problem from those windows sharings...). And I also tried to work on the samba server machine locally using smbclient, and it seems no this kind of issue - Original Message - From: Jason Balicki [EMAIL PROTECTED] To: Linwei Cheng [EMAIL PROTECTED] Sent: Thursday, March 03, 2005 5:16 PM Subject: Re: [Samba] Extremely slow during browsing some directories Linwei Cheng wrote: hi, I am quite new on using Samba and sorry maybe ask a silly question here. I set up simple Samba server on Fedora3 using the samba rpm package comes with fedora3( version 3.0.10-1.fc3). I use the SHARE security level to make things easier. Everything goes fine so far, except that for some windows user, some times, on browsing some directories, it takes extremely long time to display the folders/files list. This seems weird because it happened radomly: sometimes for the same user, same machine and browse same directory, it works quickly, but sometimes it take about a minute to get the response from server. What's the possibilities for this issue? Deperately need help. Try turning off the webclient service on the windows client machines. --J(K) -- To unsubscribe from this list go to the following URL and read the instructions:
Re: [Samba] Help with multiple subnets
I already have all the clients using a WINS server. But if the WINS server is in the gateway machine that has one interface in each subnet (192.168.0.1 and 192.168.1.1), the WINS server for the clients in each subnet must be the gateway of that subnet or it doesn't matter ? I mean is there any problem if the clients in the 192.168.1.0/24 subnet have the WINS server pointing at 192.168.0.1 ? I guess that no, just trying to find out what might be failing. Thanks --- Aaron J. Zirbes [EMAIL PROTECTED] wrote: set all your clients WINS server to point to the the Samba machine. All your worries should go away. Dani Camps wrote: I have two subnets in may LAN 192.168.0.0/24 and 192.168.1.0/24. Both subnets go out to the Internet through a Linux box acting as a gateway, so the gateway has one interface in each subnet (192.168.1.1 and 192.168.0.1). In both subnets I have Windows and Linux machines and I want to configure SMB networking using a workgroup (not a domain), so one workgroup for more than one subnet. I know that to enable SMB networking in multiple IP subnets I need a domain master browser and one local master browser per each subnet, or I need to use the remote browse sync to make the local master browsers in each subnet talk each other. My problem is that the only machine that has a fixed IP in both subnets is the Linux gateway. To use this remote browse sync would I need two instances of samba one running in each interface ? By now I just have one instance of samba listening in both interfaces in the gateway machine, in the gateway machine there is also a WINS server. I have this Linux gateway configured to be the domain master and the local master browser, but I am bit confused about if this machine is the local master browser in both subnets or not. Basically my configuration in the gateway is the following: - hosts allow=127. 192.168.0. 192.168.1. ... socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 ... interfaces=192.168.0.1/24 192.168.1.1/24 127.0.0.1/8 bind interfaces only=yes ... #To be the DMB domain master = yes local master = yes os level = 255 preferred master = yes ... #To be the WINS server name resolve order = wins lmhosts bcast wins support = yes dns proxy = no -- It's quite weird because if I check the /var/cache/samba/browse.dat file in the gateway I see that the machines in both subnets are there and in the wins.dat file the ip of the machine is there. But then when I try to browse the workgroup form a windows machine I get the famous Error 53 and I can not browse the workgroup. Thanks ! __ Celebrate Yahoo!'s 10th Birthday! Yahoo! Netrospective: 100 Moments of the Web http://birthday.yahoo.com/netrospective/ -- Aaron Zirbes Systems Administrator Environmental Health Sciences University of Minnesota [EMAIL PROTECTED] 612-625-3460 __ Celebrate Yahoo!'s 10th Birthday! Yahoo! Netrospective: 100 Moments of the Web http://birthday.yahoo.com/netrospective/ -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] NT Domain to Samba-LDAP just disabling netlogon on NT PDC?
On Tue, 2005-03-08 at 11:27 +0100, Paul Coray wrote: Hi group Quick question before I switch my domain from NT4 PDC to Samba-LDAP: Can I leave the old NT-PDC in my subnet, if I just disable it's netlogon service? Reason: This old NT-Server has a database running which is still needed after the migration to samba, but it doesn't need to have any NETBIOS-NTDomain functionality after the switch, just TCP-IP. I know of third-party tools like UPromote, but if I can avoid them, I think this is a much easier and transparent way of doing it. won't work for password changes, new users, all changes made to domain after the NT4 server has been 'dumbed' down since it only considers it's own SAM Craig -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Help with multiple subnets
Dani Camps wrote: I already have all the clients using a WINS server. But if the WINS server is in the gateway machine that has one interface in each subnet (192.168.0.1 and 192.168.1.1), the WINS server for the clients in each subnet must be the gateway of that subnet or it doesn't matter ? In your case, I don't think it matters, since both addresses are of the same machine - you should be able to use either address for any client. I mean is there any problem if the clients in the 192.168.1.0/24 subnet have the WINS server pointing at 192.168.0.1 ? It is quite OK (and normally required) for some of your clients to talk to a WINS server that is on a different subnet - that's what IP routing is there for, to get packets from one network to a machine on another. Simon -- Simon Hobson MA MIEE, Technology Specialist Colony Gift Corporation Limited Lindal in Furness, Ulverston, Cumbria, LA12 0LD Tel 01229 461100, Fax 01229 461101 Registered in England No. 1499611 Regd. Office : 100 New Bridge Street, London, EC4V 6JA. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Difference Copy and Move at inheriting
This is just the way filesystems work. Doing a move of a file/directory does no kind of re-evaluation of permissions/ACLs, because it's essentially just doing a rename. You can see the same thing with Windows, create a file named c:\a.txt, then create a directory named c:\a.dir. Set some inheritance permissions on c:\a.dir, create a new file named c:\a.dir\file1.txt. Notice that file1.txt has inherited the permissions from a.dir. Now, do a move of c:\a.txt to c:\a.dir. Look at the permissions of c:\a.dir\a.txt and notice that a.txt did *not* inherit the permissions that are set on the directory c:\a.dir. Again, this is just the way that filesystems work. -Marc -Original Message- From: [EMAIL PROTECTED] [mailto:samba- [EMAIL PROTECTED] On Behalf Of Matthias Spork Sent: Tuesday, March 08, 2005 3:36 AM To: samba@lists.samba.org Subject: [Samba] Difference Copy and Move at inheriting Hello, if I copy or create a file or directory, it inherits the permissions of it's parent. If I move a file from one directory to another, it will not inherit the permissions of the target-directory. Why? [daten] comment = Daten path = /samba/daten inherit permissions = yes inherit ACLS = yes nt acl support = no writeable = yes hide unreadable = yes veto files = /.*/ root preexec = /etc/samba/scripts/mk_sambadir /samba/daten/.recycle/%U %U %g vfs object = recycle recycle:repository=.recycle/%U recycle:versions=True recycle:keeptree=True Thanks for your responses. matze -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] RE: Mail Delivery (failure itpmjob@wynnlasvegas.com)
Thank you for your interest in the Information Technology group at Wynn Las Vegas, LLC. Should your background and experience match one of our current openings, you will be contacted within 4 weeks. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Samba Shares Disconnecting
Hi Samba list We have about 40 Linux Servers in use at various locations. All are running Samba 3.02. On some of the servers, we seem to be experiencing periodic disconnection of Windows XP client machines to their Samba shares (BTW, some are Windows SP1 and some SP2). In a couple of cases, we were able to see many events in /var/log/messages stating link beat lost or link beat detected. Our assumption was that we had a bad cable or switch in the pathway between the Server and Client machines. Replacing all cables and switches in a particular path seemed to resolve the problem (we'll figure out later which component was the defective one. The important thing is that the client machines on that path are no longer disconnecting). But in some other cases, users seem to be experiencing continued random disconnections. By the way, we are using the Linux Servers to store files for video editing. Sometimes, an editor will go to lunch or take a phone call and leave the Windows editing machine just sitting idle -- and upon returning will discover that the machine has been disconnected from the Samba server. Most of the time, however, the disconnection does NOT occur, even after many hours of idleness. This is a very random thing. Does anybody have any clues what it could be other than defective hardware? Is there some timeout mechanism coming into play? We haven't specified any keep alive or dead time intervals in our smb.conf file, so I assume we're just getting the default values for those variables. Andy Liebman -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] samba WINS problem on 2 networked LANS using a VPN connection
Hello Samba experts, Please read all email because i'm desperate! I have problem on joining to LAN-s using Samba. Finally i got a solution to see booth workgroups on Entire Network, but i'm having problem with stations located in LAN2. From any station located in LAN1, I can see LAN2 workgroup and the browse list with stations located in LAN2, but when i'm tring to access and station in it, i get connection refused. I want to mention that acces by IP address is working (eg: \\192.168.1.72)!!! It seems to be a probelm related to browse list and my wins server. From any station located in LAN2, i can access by name each networked station in LAN1. My networks scheme is printed below: (LAN1=192.168.1.48 network and 192.168.1.63 broadcast) --LAN1 (192.168.1.48/240)-- | | | | (192.168.1.49) Gateway/RouterA (83.84.85.86) | | Internet | | (83.84.85.87) Gateway/RouterB (192.168.1.65) | | | | --LAN2 (192.168.1.64/224)-- (LAN2=192.168.1.64 network and 192.168.1.95 broadcast) I have bidirectional ping between to/from any station located in my LANS. All stations from LAN1 and LAN2 are WindowsXP(SP2) and has firewall disabled. Booth Routers (A and B - RHEL 3.0) has samba installed and Router A is used as VPN server (tunel address 10.1.0.1) and RouterB is used as VPN client (tunel address 10.1.0.2). Here comes my smb.conf file from RouterA which i want to be used as WINS server by all my windows clients: [global] workgroup = LAN1 netbios name = router-LAN1 server string = Samba interfaces = 192.168.1.49/28 192.168.1.95/27 127.0.0.1/8 10.1.0.1/24 bind interfaces only = yes remote announce = 192.168.1.49/LAN1 192.168.1.65/LAN2 remote browse sync = 192.168.1.63 192.168.1.95 #broadcast address LAN1 and LAN2 public = yes browseable = yes browse list = yes auto services = yes announce as = NT os level = 200 local master = yes prefered master = yes domain master = yes name resolve order = wins wins support = yes Here comes my smb.conf file from RouterB (WINS client and Local Master Browser for LAN2). [global] workgroup = LAN2 netbios name = router-LAN2 server string = Samba interfaces = 192.168.1.65/27 192.168.1.63/28 127.0.0.1/8 10.1.0.2/24 bind interfaces only = yes remote announce = 192.168.1.65/LAN2 192.168.1.49/LAN1 remote browse sync = 192.168.1.63 192.168.1.95 #broadcast address LAN1 and LAN2 #politica de browsing si metoda de translatie ip-nume announce as = NT os level = 200 local master = yes prefered master = yes domain master = yes name resolve order = wins wins server = 192.168.1.49 Each Windows XP station from LAN2, has configured manually WINS server at 192.168.1.49. Also, on each LAN workgroup, i can see and access router-LAN1 and router-LAN2 which is not exactly what i really want (router-LAN1 should be present in WORKGROUP LAN1 and router-LAN2 should be present in WORKGROUP LAN2) More then that, if i'm tring to access from router-LAN2 a station located in LAN2, i get this error: # smbclient -L an13 Connection to an13 failed ...but browsing list is returned ok by router from LAN2: # smbclient -L router-LAN2 Password: Domain=[LAN2] OS=[Unix] Server=[Samba 3.0.9-1.3E.1] Server Comment ---- AN12 AN13 AN14 AN15 AN16 ROUTER-LAN1 Samba ROUTER-LAN2 Samba WorkgroupMaster ---- LAN1ROUTER-LAN1 LAN2ROUTER-LAN2 Please help me... Regards, Alex -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Roaming Profiles and Mapped Drives
Hi, I have a weird problem with a Linux Server acting as a PDC with Samba 3.02. If I map a particular Samba share as the Z drive -- and I use roaming profiles with a logon.bat script -- the share will NEVER automatically reconnect when logging on again. This happens 100 percent of the time. And now the same thing seems to be happening for any shared mapped as the M drive. Using any other letter for any share works fine -- the mapped share always comes back as the same drive letter with each subsequent logon. Any ideas what could be causing this? It was no big deal to tell my users to NOT use the letter Z -- that's an easy workaround. But now things are getting messy if there's another letter that can't be used. Andy Liebman -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] I would like to create a Samba share supporting named writers, named readers, and no guests ...
I have not hit on the correct combination of parameters. Closest I come still allows the readers to modify - but not create - files. Not what I want. If someone can give me a hint, I would really appreciate it. Thank you. If I do this, reader1 can see the files (good), cannot create files (good), but can modify (write) existing files (bad!) --- smb.conf --- [native6-stuff] path = /native6-stuff valid users = write1 write2 write3 reader1 guest ok = no read-list = reader1 write-list write1 write2 write3 force group = writers public = no writable = yes printable = no create mask = 0664 directory mask = 0664 --- /etc/group writers:x:598:write1,write2,write3 end --- end --- The directory permissions are set so that the three writers are all in the writers group, so the share ends up containing files owned by the various three writers, who can all modify each others files (group privs are read/write), and the file and directory permissions grant world readership. I want it to allow the three named writers to write, and other Samba users to list directories and read files only. I want other people on the network - people with no valid Samba account at all - to have no access at all. John Spence Native6, Inc. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] samba WINS problem on 2 networked LANS using a VPN connection
Your VPN looks problematic. You probably want a different subnet. Pml wrote: Hello Samba experts, Please read all email because i'm desperate! I have problem on joining to LAN-s using Samba. Finally i got a solution to see booth workgroups on Entire Network, but i'm having problem with stations located in LAN2. From any station located in LAN1, I can see LAN2 workgroup and the browse list with stations located in LAN2, but when i'm tring to access and station in it, i get connection refused. I want to mention that acces by IP address is working (eg: \\192.168.1.72)!!! It seems to be a probelm related to browse list and my wins server. From any station located in LAN2, i can access by name each networked station in LAN1. My networks scheme is printed below: (LAN1=192.168.1.48 network and 192.168.1.63 broadcast) --LAN1 (192.168.1.48/240)-- | | | | (192.168.1.49) Gateway/RouterA (83.84.85.86) | | Internet | | (83.84.85.87) Gateway/RouterB (192.168.1.65) | | | | --LAN2 (192.168.1.64/224)-- (LAN2=192.168.1.64 network and 192.168.1.95 broadcast) I have bidirectional ping between to/from any station located in my LANS. All stations from LAN1 and LAN2 are WindowsXP(SP2) and has firewall disabled. Booth Routers (A and B - RHEL 3.0) has samba installed and Router A is used as VPN server (tunel address 10.1.0.1) and RouterB is used as VPN client (tunel address 10.1.0.2). Here comes my smb.conf file from RouterA which i want to be used as WINS server by all my windows clients: [global] workgroup = LAN1 netbios name = router-LAN1 server string = Samba interfaces = 192.168.1.49/28 192.168.1.95/27 127.0.0.1/8 10.1.0.1/24 bind interfaces only = yes remote announce = 192.168.1.49/LAN1 192.168.1.65/LAN2 remote browse sync = 192.168.1.63 192.168.1.95 #broadcast address LAN1 and LAN2 public = yes browseable = yes browse list = yes auto services = yes announce as = NT os level = 200 local master = yes prefered master = yes domain master = yes name resolve order = wins wins support = yes Here comes my smb.conf file from RouterB (WINS client and Local Master Browser for LAN2). [global] workgroup = LAN2 netbios name = router-LAN2 server string = Samba interfaces = 192.168.1.65/27 192.168.1.63/28 127.0.0.1/8 10.1.0.2/24 bind interfaces only = yes remote announce = 192.168.1.65/LAN2 192.168.1.49/LAN1 remote browse sync = 192.168.1.63 192.168.1.95 #broadcast address LAN1 and LAN2 #politica de browsing si metoda de translatie ip-nume announce as = NT os level = 200 local master = yes prefered master = yes domain master = yes name resolve order = wins wins server = 192.168.1.49 Each Windows XP station from LAN2, has configured manually WINS server at 192.168.1.49. Also, on each LAN workgroup, i can see and access router-LAN1 and router-LAN2 which is not exactly what i really want (router-LAN1 should be present in WORKGROUP LAN1 and router-LAN2 should be present in WORKGROUP LAN2) More then that, if i'm tring to access from router-LAN2 a station located in LAN2, i get this error: # smbclient -L an13 Connection to an13 failed ...but browsing list is returned ok by router from LAN2: # smbclient -L router-LAN2 Password: Domain=[LAN2] OS=[Unix] Server=[Samba 3.0.9-1.3E.1] Server Comment ---- AN12 AN13 AN14 AN15 AN16 ROUTER-LAN1 Samba ROUTER-LAN2 Samba WorkgroupMaster ---- LAN1ROUTER-LAN1 LAN2ROUTER-LAN2 Please help me... Regards, Alex -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Logon script
Hi, i'm having roubles with samba as PDC, i want to modify some registry keys (relates with windows update) in XP 2000 clients. I've tryed logons scripts but it seems that i don have enough permissions to do that, so i tried to do a ntconfig.pol but when the client logs on domain y just get the file (ntconfig.pol) and any changes are made. So how can i modify windows registry keys? Thanks --- Este mensaje fue enviado por el servidor de correo de RedIFE: correo.ife.org.mx -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] samba WINS problem on 2 networked LANS using a VPN connection
Why? Do you have some arguments? 192.168.1.48/240 and 192.168.1.64/224 are not subnets? Regards, Alex Tom Skeren wrote: Your VPN looks problematic. You probably want a different subnet. Pml wrote: Hello Samba experts, Please read all email because i'm desperate! I have problem on joining to LAN-s using Samba. Finally i got a solution to see booth workgroups on Entire Network, but i'm having problem with stations located in LAN2. From any station located in LAN1, I can see LAN2 workgroup and the browse list with stations located in LAN2, but when i'm tring to access and station in it, i get connection refused. I want to mention that acces by IP address is working (eg: \\192.168.1.72)!!! It seems to be a probelm related to browse list and my wins server. From any station located in LAN2, i can access by name each networked station in LAN1. My networks scheme is printed below: (LAN1=192.168.1.48 network and 192.168.1.63 broadcast) --LAN1 (192.168.1.48/240)-- | | | | (192.168.1.49) Gateway/RouterA (83.84.85.86) | | Internet | | (83.84.85.87) Gateway/RouterB (192.168.1.65) | | | | --LAN2 (192.168.1.64/224)-- (LAN2=192.168.1.64 network and 192.168.1.95 broadcast) I have bidirectional ping between to/from any station located in my LANS. All stations from LAN1 and LAN2 are WindowsXP(SP2) and has firewall disabled. Booth Routers (A and B - RHEL 3.0) has samba installed and Router A is used as VPN server (tunel address 10.1.0.1) and RouterB is used as VPN client (tunel address 10.1.0.2). Here comes my smb.conf file from RouterA which i want to be used as WINS server by all my windows clients: [global] workgroup = LAN1 netbios name = router-LAN1 server string = Samba interfaces = 192.168.1.49/28 192.168.1.95/27 127.0.0.1/8 10.1.0.1/24 bind interfaces only = yes remote announce = 192.168.1.49/LAN1 192.168.1.65/LAN2 remote browse sync = 192.168.1.63 192.168.1.95 #broadcast address LAN1 and LAN2 public = yes browseable = yes browse list = yes auto services = yes announce as = NT os level = 200 local master = yes prefered master = yes domain master = yes name resolve order = wins wins support = yes Here comes my smb.conf file from RouterB (WINS client and Local Master Browser for LAN2). [global] workgroup = LAN2 netbios name = router-LAN2 server string = Samba interfaces = 192.168.1.65/27 192.168.1.63/28 127.0.0.1/8 10.1.0.2/24 bind interfaces only = yes remote announce = 192.168.1.65/LAN2 192.168.1.49/LAN1 remote browse sync = 192.168.1.63 192.168.1.95 #broadcast address LAN1 and LAN2 #politica de browsing si metoda de translatie ip-nume announce as = NT os level = 200 local master = yes prefered master = yes domain master = yes name resolve order = wins wins server = 192.168.1.49 Each Windows XP station from LAN2, has configured manually WINS server at 192.168.1.49. Also, on each LAN workgroup, i can see and access router-LAN1 and router-LAN2 which is not exactly what i really want (router-LAN1 should be present in WORKGROUP LAN1 and router-LAN2 should be present in WORKGROUP LAN2) More then that, if i'm tring to access from router-LAN2 a station located in LAN2, i get this error: # smbclient -L an13 Connection to an13 failed ...but browsing list is returned ok by router from LAN2: # smbclient -L router-LAN2 Password: Domain=[LAN2] OS=[Unix] Server=[Samba 3.0.9-1.3E.1] Server Comment ---- AN12 AN13 AN14 AN15 AN16 ROUTER-LAN1 Samba ROUTER-LAN2 Samba WorkgroupMaster ---- LAN1ROUTER-LAN1 LAN2ROUTER-LAN2 Please help me... Regards, Alex -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Unable to set ACLs with Samba 3.0.11, near publication deadline
I'd be interested in finding out whatever information comes of your query as well - I think I'm running into the same limitations. In short, I've added a Samba file sharing server to an existing ActiveDirectory domain. It seems to work fine, except that the Windows administrator there is complaining about the chunky permissions scheme (he can't revoke part of the write access in the Windows security tab for the share - any write box checked ends up coming back as full access on update, I presume because it's just being mapped to the *nix write permission rather than enforcing the more fine-grained permissions which I gathered should have been stored as extended attributes...) Is the capability to support the Windows permissions model new in 3.0.11 or later? On Monday 07 March 2005 07:04 pm, Thomas Boutell wrote: Hello, Jeremy and Jerry, I met both of you at LinuxWorld in Boston, where I learned tons and tons of great stuff from your presentations. I'm writing on deadline for publication and would really, really, really like to show off Samba's ability to map NT ACLs to POSIX ACLs. But right now, I can't make them work. I've spent some time on the Samba list trying to make this work, but haven't received much of a response. I'm also CC'ing David Sonenberg who has reported the same or a similar problem in well documented emails to the samba list. I've made the effort to pull together as much information about my configuration as possible in the hopes that we can nail down this bug, or user error, or whatever it turns out to be in time to write great things about Samba's abilities in this area. Thank you! [...] -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Boston Job for Samba Person
Hi, We don't know the following is forbidden material on this list. We hope not. We're looking for a Samba/Linux Networking Consultant in the Boston area who can help us with a number of issues, among them: -- migration to Samba 3.11 -- cross subnet browsing -- adding router capabilities to a Linux server and making this work with other routers and firewalls -- PDC fine tuning -- Linux tuning to optimize network for 10 Gb Ethernet If you are interested and live in the Boston area (no long-distance folks on this job) -- or if you know somebody who fits the bill for us -- please contact: [EMAIL PROTECTED] Thanks. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] PGina Samba
Does anyone have any experience using PGina with Samba for a simple single sign on approach using Windows clients? If so, I would love to know how it is working for you. I tried posting here a bit ago for a way to do this (single sign on) with samba only, but I didn't get any responses and therefore looked into other opportunities. Thanks. Paul -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] I would like to create a Samba share supporting named writers, named readers, and no guests ...
For completeness, can you post a directory listing of the file(s) that reader1 can modify? Your write-list directive might have a syntax error. (missing '='?) -mtw On Tue, Mar 08, 2005 at 09:31:53AM -0800, John Spence, CCSI, CCNA, CISSP ([EMAIL PROTECTED]) wrote: I have not hit on the correct combination of parameters. Closest I come still allows the readers to modify - but not create - files. Not what I want. If someone can give me a hint, I would really appreciate it. Thank you. If I do this, reader1 can see the files (good), cannot create files (good), but can modify (write) existing files (bad!) --- smb.conf --- [native6-stuff] path = /native6-stuff valid users = write1 write2 write3 reader1 guest ok = no read-list = reader1 write-list write1 write2 write3 force group = writers public = no writable = yes printable = no create mask = 0664 directory mask = 0664 --- /etc/group writers:x:598:write1,write2,write3 end --- end --- The directory permissions are set so that the three writers are all in the writers group, so the share ends up containing files owned by the various three writers, who can all modify each others files (group privs are read/write), and the file and directory permissions grant world readership. I want it to allow the three named writers to write, and other Samba users to list directories and read files only. I want other people on the network - people with no valid Samba account at all - to have no access at all. John Spence Native6, Inc. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- Matthew White District Systems Administrator Tigard-Tualatin School District -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Trying to get ADS authentication working.
I have been trying in vain to get ADS domain authentication working. I can't figure out what is wrong and have read the docs and looked through the mailing lists. I'm not sure why better documentation hasn't been written on the web site for the ADS feature since it's pretty spectacular to be able join a Samba server natively to an AD domain. I have successfully joined the samba server to the win 2k3 domain with this commands: Kinit [EMAIL PROTECTED] Net ads join HQ Servers This seems to work just fine but when I run wbinfo -t I get: checking the trust secret via RPC calls failed error code was NT_STATUS_DOMAIN_CONTROLLER_NOT_FOUND (0xc233) Could not check secret I have set the winbind to debug level 10 and when starting winbind I get this in the logs: [2005/03/08 12:13:33, 5] libsmb/namecache.c:namecache_fetch(201) name hqdc01.hq.navis.net#20 found. [2005/03/08 12:13:33, 10] libsmb/namequery.c:name_status_find(188) name_status_find: looking up HQ#1c at 192.168.192.60 [2005/03/08 12:13:33, 10] lib/gencache.c:gencache_get(285) Cache entry with key = NBT/HQ#1C.20.192.168.192.60 couldn't be found [2005/03/08 12:13:33, 5] libsmb/namecache.c:namecache_status_fetch(308) namecache_status_fetch: no entry for NBT/HQ#1C.20.192.168.192.60 found. [2005/03/08 12:13:33, 10] lib/gencache.c:gencache_del(214) Deleting cache entry (key = NBT/HQ#1C.20.192.168.192.60) [2005/03/08 12:13:33, 10] lib/util_sock.c:open_socket_in(717) bind succeeded on port 0 [2005/03/08 12:13:33, 5] libsmb/nmblib.c:send_udp(776) Sending a packet of len 50 to (192.168.192.60) on port 137 [2005/03/08 12:13:33, 10] lib/util_sock.c:read_udp_socket(230) read_udp_socket: lastip 192.168.192.60 lastport 137 read: 211 [2005/03/08 12:13:33, 10] libsmb/nmblib.c:parse_nmb(503) parse_nmb: packet id = 24973 [2005/03/08 12:13:33, 5] libsmb/nmblib.c:read_packet(754) Also of interest when I run kinit [EMAIL PROTECTED] I then type my password and the command appears to have worked however running klist tickets produces: klist: No credentials cache found (ticket cache FILE:tickets) Please help anyone that has any info on how I might begin diagnosing this problem. I have the following in my smb.conf file: [global] workgroup = HQ server string = Samba 3.0.11 Test Server security = ADS encrypt passwords = yes load printers = no log file = /var/log/samba/%m.log max log size = 50 socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 local master = no domain master = no dns proxy = no realm = HQ.NAVIS.NET password server = hqdc01.hq.navis.net winbind cache time = 10 idmap uid = 1-2 idmap gid = 1-2 winbind enum users = yes winbind enum groups = yes winbind use default domain = yes client use spnego = yes # Share Definitions == # This one is useful for people to share files [share] comment = this is a test share path = /test/share read only = no public = yes writable = yes printable = no browseable = yes valid users = @Domain Users This is the contents of my krb5.conf: [logging] default = FILE:/var/log/krb5libs.log kdc = FILE:/var/log/krb5kdc.log admin_server = FILE:/var/log/kadmind.log [libdefaults] ticket_lifetime = 24000 default_realm = HQ.NAVIS.NET default_tkt_enctypes = des-cbc-md5 des-cbc-crc default_tgs_enctypes = des-cbc-md5 des-cbc-crc dns_lookup_realm = true dns_lookup_kdc = true [realms] HQ.NAVIS.NET = { kdc = hqdc01.hq.navis.net:88 admin_server = hqdc01.hq.navis.net:749 default_domain = hq.navis.net } [domain_realm] .hq.navis.net = HQ.NAVIS.NET hq.navis.net = HQ.NAVIS.NET [kdc] profile = /var/kerberos/krb5kdc/kdc.conf [appdefaults] pam = { debug = false ticket_lifetime = 36000 renew_lifetime = 36000 forwardable = true krb4_convert = false } -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] winbindd will not connect to samba pdc
I'm trying to migrate to a Samba PDC from an NT PDC. Right now I'm testing whether a Samba member server can effectively grab user account info from a Samba PDC. Both the PDC and the member server are vanilla, no-frills Redhat 9 machines, the PDC is running Samba 3.0.9 and the member is running 3.0.11. I've followed the instructions in the Samba HOWTO for setting up winbindd, that is, I've moved or created the .so files, I've added the winbind entries to nsswitch.conf, etc. From the docs, it appears that winbindd should work at this point without even making changes to the pam.d/ stuff. I start Samba on the PDC and it runs fine. I start Samba on the member server. Then I run the net rpc join command on the member server and it joins the domain with no errors. Then I start winbindd. At this point wbinfo -u returns Error looking up domain users and wbinfo -g returns only the local (member server's) groups. What I'd expect to see is any users that exist in the PDC's /etc/passwd file and the Samba tdb file. Is this what I should expect? This is the Member server's smb.conf: unix charset = CP1252 workgroup = QUACK server string = Big bowl of Samba security = DOMAIN password server = 192.168.74.71 log level = 100 log file = /var/log/smb.log name cache timeout = 0 wins server = eth0:192.168.74.65 idmap uid = 20-60 idmap gid = 20-60 winbind separator = + winbind cache time = 10 inherit acls = Yes The PDC's smb.conf is here: [global] unix charset = CP1252 workgroup = QUACK server string = Nina Williams...Wins! bind interfaces only = Yes passdb backend = tdbsam:/etc/samba/passdb.tdb passwd program = /usr/bin/passwd %u passwd chat = *New*password* %n\n *Re-enter*new*password* %n\n *Password*changed* passwd chat debug = Yes log level = 100 log file = /var/log/smb.log smb ports = 139 445 name resolve order = hosts wins lmhosts time server = Yes add user script = /usr/sbin/useradd -m %u -s /bin/tcsh -c QC User delete user script = /usr/sbin/userdel -r %u add group script = /usr/sbin/groupadd %g delete group script = /usr/sbin/groupdel %g add user to group script = /usr/sbin/usermod -G %g %u add machine script = /usr/sbin/useradd -s /sbin/nologin -c QC Samba Machine -d /dev/null %u logon script = scripts\%U.bat logon path = \\%L\profiles\%U domain logons = Yes os level = 60 preferred master = Yes domain master = Yes wins server = eth0:192.168.74.65 idmap uid = 2-60 idmap gid = 2-60 winbind separator = + winbind cache time = 10 admin users = gerry, GerryV, Administrator [netlogon] comment = Network Logon Service path = /usr/local/samba/netlogon write list = gerry, @wheel [profiles] comment = Profile Share path = /usr/local/samba/profiles read only = No create mask = 0600 directory mask = 0700 profile acls = Yes The 192.168.74.71 address is the Samba PDC. I've tried password server = * but no there's no difference. I've worked on this issue on and off for months and have never been able to get winbindd to work, **EXCEPT** if the PDC is an actual Windows NT PDC; then winbindd works exactly as advertised. I have pored over the logs (with log level=100) and the only thing I've found to indicate a problem is when I run wbinfo -t. When I do this, the following entries appear: [2005/03/08 12:39:39, 3] nsswitch/winbindd_cm.c:new_cm_connection(755) Could not open a connection to QUACK for \PIPE\NETLOGON (NT_STATUS_DOMAIN_CONTROLLER_NOT_FOUND) [2005/03/08 12:39:39, 3] nsswitch/winbindd_misc.c:winbindd_check_machine_acct(68) could not open handle to NETLOGON pipe [2005/03/08 12:39:39, 2] nsswitch/winbindd_misc.c:winbindd_check_machine_acct(98) Checking the trust account password returned NT_STATUS_DOMAIN_CONTROLLER_NOT_FOUND Yet, when I run net lookup dc QUACK, it returns the domain controller's IP, 192.168.74.71. So something still isn't right. What other tests can I try? I've read so many people that have winbindd working on similar installations, but I can't even get past the most basic function. Any suggestions would be greatly appreciated. Og -- == Gerry Valle Quantum Consulting, Inc. System Administratorhttp://www.qcworld.com == -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] PGina Samba
On Tue, 2005-03-08 at 13:55 -0500, Paul Barnick wrote: Does anyone have any experience using PGina with Samba for a simple single sign on approach using Windows clients? If so, I would love to know how it is working for you. I tried posting here a bit ago for a way to do this (single sign on) with samba only, but I didn't get any responses and therefore looked into other opportunities. Why use PGina when you can just join the Samba domain? Andrew Bartlett -- Andrew Bartletthttp://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org Student Network Administrator, Hawker College http://hawkerc.net signature.asc Description: This is a digitally signed message part -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] smb log error-Transport end point/getpeername
better late than never I would suggest you take a look at the File and Record Locking section [http://us4.samba.org/samba/docs/man/Samba-HOWTO-Collection/locking.html] of the samba official howto [http://us4.samba.org/samba/docs/man/Samba-HOWTO-Collection/] (must read if you have not ;) ) regarding your database corruption problems I hope this helps or that you already found your problem -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Win98 refuses to share printers after migration to PDC
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Augusto Beiro wrote: | smbclient PC-03\\HP -c print /tmp/ex.txt -U gestion | Password: | tree connect failed: ERRSRV - ERRinvdevice (Invalid device - printer request | made to non-printer connection or non-printer request made to printer | connection.) If you would send me a raw tcpdump trace (or ethereal) off list, I'll take a look. Also include what version of Samba you are using. cheers, jerry -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.5 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFCLh3sIR7qMdg1EfYRAlwOAJ9fF5n0glxU2jtvWuz7WawdlX99wgCfe+vJ rvW8d5602S+wZ9jCXE+DAnY= =5T4K -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Is possible? --- reposting + new
Hi. I'm trying to find a solution for our windows clients. I will explain my situation. We have kerberos 5 (mit) kdc, openafs without kaserver (authentication using kerberos), openldap, everything on debian stable servers. What do our unix/linux clients do? They authenticate over kerberos (pam), gain tickets and consequently gain the afs token (krb5afs or openafs_session), call ldap and find their home under /afs/cell/usr/username (posixAccount, posixGroup). Nothing is local. Every file, desktop and stuff, is stored under afs (no matter what, a user sees just a directory /afs... nothing different from any other directory they will see). I'd like to do the same thing on windows using samba, but I need some advices because I'm not sure. Just two points before asking. These things apply clearly for windows only, since linux, unix (aix, irix, and solaris), and macosx do what I've said before (all remotely). - Kerberos for Windows: KFW after a successful windows login, if the username and password match the kerberos principal and password, automatically gains all kerberos tickets. - OpenAFS for Windows: AFS after a successful windows login, if the username and password match the kaserver principal and password, automatically gains the AFS token. --- If OpenAFS is installed under a kerberos environment, so with KFW present on the system, will convert the previously obtained kerberos ticket into an AFS token. --- OpenAFS uses a UNC name \\AFS in windows, so no letter Z: Y: or whatever is needed anymore, anyway, they can be present. Now, I'd like to have the same thing without a windows server, doing the same thing with samba, having remote profiles and all the user's stuff on afs, and authenticating users NOT locally... is that possible? I'd like to know some things. My user authentication and authorization data is created on kerberos, afs and ldap servers. I'd like to create users just on samba, not modifying users locally on each machine... would be quite crazy (and not feasable... ~500 users...). Can samba help me? In what way? I know I can create an NT4 domain with samba alone. Good. Can samba tell the windows client to use \\AFS or have I to export a drive for afs? Are there issues in doing that? If I specify ``\\AFS\cellname\users\username'' as the profile storing directory, will windows go on afs or will samba screw it up all since samba do not understand \\AFS since it is working on linux? I mean, windows understands \\AFS\blah\blah but I don't know if it's a I know the answer is no, but I will ask it anyway :) Can samba have no password and get authentication/authorization from a kerberos kdc? How can I sinchronize passwords? I mean, if samba can't use kerberos, the user will change just the samba password... I need to modify also kerberos passwords since they should be able to use the same username and password on every pc in the department. In particular... I was discouraged to use samba, because all windows clients would be using plain text passowrds, sending them clear-text on the network. Is it true? Is there a way of avoiding this? Any help, even if little, is really appreciated!!! -- Sensei mailto:[EMAIL PROTECTED] pgp:8998A2DB icqnum:241572242 yahoo!:sensei_sen msn-id:[EMAIL PROTECTED] signature.asc Description: OpenPGP digital signature -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Re: Unable to set ACLs with Samba 3.0.11, near publication deadline
Anybody have a roadkill cookbook? Because I have some crow to eat, and I'm not sure how best to prepare it. Sigh. I didn't have writable = yes set on the share. The fact that smbcacls didn't work (and still doesn't work!) blinded me to this more obvious issue. Once I set writable = yes, of course, I was able to change acls from a true Windows client... which was of course my actual goal. I'd created my test files in advance on the Linux side, so the no-write-permissions-at-all issue wasn't obvious at any other time. Thanks for the attention you gave to the matter. Next time, if I'm not able to spot the issue myself, I'll be sure to include my *entire* smb.conf in the report. -- Thomas Boutell Boutell.Com, Inc. http://www.boutell.com/ -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Re: Unable to set ACLs with Samba 3.0.11, near publication deadline
On Tue, Mar 08, 2005 at 03:59:38PM -0600, Thomas Boutell wrote: Anybody have a roadkill cookbook? Because I have some crow to eat, and I'm not sure how best to prepare it. Sigh. I didn't have writable = yes set on the share. The fact that smbcacls didn't work (and still doesn't work!) blinded me to this more obvious issue. Once I set writable = yes, of course, I was able to change acls from a true Windows client... which was of course my actual goal. I'd created my test files in advance on the Linux side, so the no-write-permissions-at-all issue wasn't obvious at any other time. Thanks for the attention you gave to the matter. Next time, if I'm not able to spot the issue myself, I'll be sure to include my *entire* smb.conf in the report. I'm glad you spotted it - your request was next on my queue once I'd fixed the findfirst/findnext problem with smbclient Cheers, Jeremy. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Interdomain trust problem
On Monday 28 February 2005 08:13, Misty Stanley-Jones wrote: Hi all, I have two different domains. At one point I had them trusting eaach other but then I ruined it. Now I am trying to get them back. They both have LDAP backend. I need them bot to trust each other and be trusted by each other. Here are the steps I am following: 1. On each domain, create a computer account called the other domain: CORP: smbldap-useradd -ai FURN$ CORP: smbldap-passwd FURN$ (for the example lets say I used the password secret) CORP: smbpasswd -a -i FURN (entered secret again) FURN: net rpc trustdom establish CORP (entered secret) Could not connect to server CORPSRV The username or password was not correct. [2005/02/28 10:11:02, 0] utils/net_rpc.c:rpc_trustdom_establish(4516) Couldn't verify trusting domain account. Error was NT_STATUS_LOGON_FAILURE The same exact thing happens the opposite way. No real error messages that I can find in any log files. Can someone please tell me the step I am missing? Thanks, Misty PS - John, it would be great if you could update chapter 16 of _Samba 3 By Example_ to include steps for establishing interdomain trusts when using LDAP backend, because it is not immediately obvious to me what to do. I will update this chapter as part of the preps for release of 3.0.12. - John T. -- John H Terpstra, CTO PrimaStasys Inc. Phone: +1 (650) 580-8668 Author: The Official Samba-3 HOWTO Reference Guide, ISBN: 0131453556 Samba-3 by Example, ISBN: 0131472216 Hardening Linux, ISBN: 0072254971 Other books in production. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] 'profiles' command with WinXP Profiles
On Friday 04 March 2005 08:59, Misty Stanley-Jones wrote: Hi all, I have gotten the 'profiles' command to work for NT and Win2K profiles very well. In Windows XP, I am able to change the 'owner' but not the 'group' SID. It gives no errors but it just doesn't change them. A snippet of the profile in question is below: furnsrv:/data/samba/profiles/jon # profiles NTUSER.DAT |grep S-1-5 Owner SID: S-1-5-32-544 Group SID: S-1-5-21-2127521184-1604012920-1887927527-513 Perms: 000F003F, SID: S-1-5-18 Perms: 000F003F, SID: S-1-5-32-544 Perms: 1000, SID: S-1-5-18 Perms: 1000, SID: S-1-5-32-544 Owner SID: S-1-5-32-544 Group SID: S-1-5-21-1505131970-119759924-475665672-513 Perms: 000F003F, SID: S-1-5-18 Perms: 000F003F, SID: S-1-5-32-544 Perms: 1000, SID: S-1-5-18 Perms: 1000, SID: S-1-5-32-544 Owner SID: S-1-5-21-725326080-1709766072-2910717368-2060 Group SID: S-1-5-21-383998039-2845272951-4289691644-2061 Perms: 000F003F, SID: Perms: 1000, SID: S-1-5-18 Perms: 000F003F, SID: S-1-5-32-544 Perms: 1000, SID: S-1-5-32-544 Owner SID: S-1-5-32-544 Not only are the groups all wrong, but I don't even know where most of the SIDs in there came from. The S-1-5-21-383998039-2845272951-4289691644-2061 is from the old domain. The others I haven't a clue. Anyway, if I use the following syntax: profiles -c S-1-5-21-383998039-2845272951-4289691644-2061 -n S-1-5-21-725326080-1709766072-2910717368-513 /path/to/NTUSER.DAT I get no errors, but the SID doesn't really change. The user gets access denied trying to load his profile. I would rather not have to redo this user's profile, so if anyone can give me some wisdom it would be great. I did read in the man page for 'profiles' that only NT is supported, but I am hoping there might be a workaround. You can log onto a workstation as the domain administrator (probably 'root' on your domain) and then start up regedt32. Then load the NTUser.DAT file as a branch off the HKLM hive. You can now edit the contents of the NTUser.DAT file to your heart's content. My advice would be to replace the foreign SIDs with your domain SID. You could make an intelligent guess as to what group the user previously belonged to and change the RID part of the SID to match the RID of the group in your Samba DC environment. You can get this by runnning: net groupmap list PS: When you have finished editting the NTUser.DAT hive do not forget to unload it. Unloading will write the changes back to the NTUser.DAT file. Hope that helps. - John T. -- John H Terpstra, CTO PrimaStasys Inc. Phone: +1 (650) 580-8668 Author: The Official Samba-3 HOWTO Reference Guide, ISBN: 0131453556 Samba-3 by Example, ISBN: 0131472216 Hardening Linux, ISBN: 0072254971 Other books in production. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: rpc trust gives NT_STATUS_INVALID_HANDLE with 3.0.11
Gerald (Jerry) Carter wrote: Wolfgang Ratzka wrote: | I get exactly the same error message when trying to build a trust from | Samba 3.0.11 (samba.org binaries on Debian, using ldap backend) to | Windows NT 4.0. | I see EventID 537 on the NT 4.0 Server (An error occured during | logon...) which is different from what I get when I enter a wrong | trust password. Patch is at http://www.samba.org/~jerry/patches/post-3.0.11/ I decided to go for the bleeding edge and built debian packages from 3.0.12-pre1, which as far as I can see contains the patch. I now get: Could not connect to server NTRZ04 [2005/03/08 23:14:51, 0] rpc_parse/parse_prs.c:prs_mem_get(537) prs_mem_get: reading data of size 4 would overrun buffer. [2005/03/08 23:14:51, 0] utils/net_rpc.c:rpc_trustdom_establish(4566) WksQueryInfo call failed. (I can produce more output, if necessary.) Regards, Wolfgang -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Workgroup that spans more than one subnet
I want a workgroup that spands two IP subnets. My configuration is: INTERNET | __eth1__ |---eth0||eth2---| 192.168.0.0/24 Gateway 192.168.1.0/24 WORKGROUP eth0:192.168.0.1 and gateway of the 192.168.0.0/24 eth2:192.168.1.1 and gateway of the 192.168.1.0/24 eth1:public IP, doing NAT of the internal subnets The Gateway is a Fedora Core 3 box where I have Samba installed. I have Samba configured to be a WINS server in that machine. What I have now and it doesn't work is the following: In the gateway machine I have one instance of Samba running with this configuration: - hosts allow=127. 192.168.0. 192.168.1. ... socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 ... interfaces=192.168.0.1/24 192.168.1.1/24 127.0.0.1/8 bind interfaces only=yes ... #To be the DMB domain master = yes local master = yes os level = 255 preferred master = yes ... #To be the WINS server name resolve order = wins lmhosts bcast wins support = yes dns proxy = no -- So the Gateway machine is the local master browser, of both subnets ? (I am not sure) and is the domain master browser and the WINS server. Then all the clients in both subnets are configured to use the WINS server in either eth0 or eth1. This configuration doesn't work at all and I don't understand why ... Well looking at the post in the mailing list I see that the most people what have is a local master browser in each subnet, and then both LMB syncrohronize each other using the remote browse sync instruction. I can not do this since I don't have a machines with samba in eeach subnet I only have the gateway. Then my question is should I run in the gateway two instances of samba each one listening on one interface, being the LMB of its subnet and with the remote browse sync option in each one, and having one of the two instances act as a domain name server and a WINS server? If this is the case how can I run two instances of Samba in the same machine ? The only thing I need is another configuration file and passed it to samba when I start it ? In each configuration file I would have: interfaces=192.168.0.x bind interfaces only=yes Is this correct ? Any idea is apreciated I have already been a quite long time dealing with this question... Thanks __ Celebrate Yahoo!'s 10th Birthday! Yahoo! Netrospective: 100 Moments of the Web http://birthday.yahoo.com/netrospective/ -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Joining an NT4-type Domain with Samba-3
I trying to join a samba-3 box with shares to a Windows 2k dc running in pre 2k mode and act as a member server. Is winbind best to use in something like this? I want to have share abcd to be started to the users that is apart of the windows 2k dc. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Winbind and a home directory on a file server, question ..
All: I have been using winbind to successfully authenticate users on a Linux machine, using AD as the authentication store. My challenge now is to some how get the user's home directory (which exists on a File Server) to auto-magically map as their home directory on the linux machine. Has anyone done this before? If so, could you point me in the right direction as to how I can accomplish this? Thanks, Sam -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] AutoCad 2004, Samba 3.0.11 file locking issues
Sorry for such a long post as my first to the list, but in an effort to forego a long back and forth question/answer session via email, I think if I post all the information that I currently have someone may be able to more quickly spot my issue. The server in question is a Gentoo server running Samba 3.0.11. The basic problem is that when person A opens an AutoCad file, person B is unable to open the file and is told (by an Autocad dialog box): Cannot find the scpcified drawing file. Please verify that the network drive is available and the file exists Now, this Samba server replaced an NT 4 server and the client says that in the past, when ever person b tried to open an already opened Autocad file, they would be allowed to open it in Read-only mode, which is exactly what they expect and want to happen. So, on to the troubleshooting: I had my client open an AutoCad file called A1_1 and here is what tdbdump showed for that file. (info on the .dwl file is further below) # tdbdump /var/cache/samba/locking.tdb | grep A1_1 data = [EMAIL PROTECTED]: got kernel oplock\AAa\00\00\07\9D\03\00!\00\00\00\96\01\02\00\B6\80,B\C9\A9\03\00\03\08\00\00\00\00\00\00\85\D6\0F\00\00\00\00\00\AF;\00\00/home/shared/projects/A1_1.dwl\00 data = [EMAIL PROTECTED]: got kernel oplock\AAa\00\00\00\00\00\00\22\00\00\00\9F\01\02\00\B4\80,B\FF\E7\09\00\03\08\00\00\00\00\00\00\B3\B3\0A\00\00\00\00\00\1E;\00\00/home/shared/projects/A1_1.dwg\00 smbstatus shows: louis 25002 louis_laptop Mon Mar 7 08:25:49 2005 25002 DENY_WRITE 0x20196 WRONLY EXCLUSIVE+BATCH /home/shared/projects/A1_1.dwl MonMar 7 10:55:55 2005 25002 DENY_WRITE 0x2019f RDWR NONE /home/shared/projects/A1_1.dwg MonMar 7 10:55:53 2005 lsof -p 25002 | grep A1_1 shows: smbd25002 louis 27uR REG 8,3110753701363 /home/shared/projects/A1_1.dwg smbd25002 louis 61wR REG 8,352 1037957 /home/shared/projects/A1_1.dwl The .dwl file is a 'log file' that AutoCad uses to inform others that the file is opened and who it is opened by. Here are it's contents: louis LOUIS_LAPTOP Monday, March 07, 2005 11:02:28 AM If this user, Louis, tries to open this file again, Autocad tells him that louis has this file open, would you like to open it as a read only file? This is the correct functionality. This is how it's supposed to work when other network users attempt to open an AutoCad file that someone already had opened. And this is how it used to work on their NT Server. Instead, on the Samba server, when someone else on the network using AutoCad attempts to open that file, they get an error dialog of the nature Cannot find the specified drawing file. Please verify that the network drive is available and the file exists In another test, using Explorer, Louis was able to copy to his desktop an AutoCad drawing that was already in use by another user. I was initially thinking that we could over-ride samba's locking mechanisms for that share or something, but when he was able to copy an in-use file it started to look like an Autocad-specific issue rather than a Linux/Samba file locking issue. Any ideas that anyone can offer to help solve this would be appreciated. If this is strictly an AutoCad issue, I'd like to know for sure before we go to AutoCad with an issue. And again, if it is an AutoCad issue, why did everything work as expected on the NT server? Was NT ignoring AutoCad's file locking requests? Thanks again! - Bill Arlofski [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Samba Auto-Reconnect to XP PC Fails
I'm having a problem with a samba connection failing to reconnect. I have 2 Linux servers that have a local share mounted on an XP workstation. The purpose is to enable jobs running on the server to access files on the XP workstation. The problem is that if the workstation is rebooted, the share for one of the servers auto-reconnects while the other does not. To illustrate: - Linux Server A (Debian woody) is running Samba 2.2.12 Linux Server B (Debian sarge) is running Samba 3.0.10 Start with both server shares mounted, all is well, running ls -al shows the contents of the share on the XP workstation. Now reboot the Xp workstation. Run ls -al /mnt/xpdrive on each server, the ls hangs while waiting for the connection to resestablish. The XP workstation comes back online. Server A (2.2.12) reconnects and the ls finishes and displays the XP listing as expected. Server B (3.0.10) never reconnects and the ls continues to hang. Trying an smbumount also hangs, but running umount as root will drop the mount point and a subsequent smbmount reconnects to the XP workstation just fine. - I've compared the smb.conf files between the two server and all options are the same. Both servers are in the same subnet, same WINS server. Any suggestions? Known problems with 3.0.10? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] PGina Samba
Thanks for the reply. That is exactly what I'm trying to do - bypass the Windows authentication. I guess if you're able to get Samba/LDAP working and can't get Pgina to work, it might not be as easy as it seems (I'm still new to this and was impressed with myself when I got Samba working with a pretty simple configuration file!). I just wished that Samba could bypass the Windows authentication. Paul -Original Message- From: Fiordilino, Rudy [mailto:[EMAIL PROTECTED] Sent: Tuesday, March 08, 2005 7:12 PM To: Paul Barnick Subject: RE: [Samba] PGina Samba Hey Paul, We've been able to get Samba/LDAP working and are just now starting to play with PGina in order to someday bypass Windows authentication completely and use LDAP directly. I downloaded it a few weeks ago and wasn't able to login to LDAP during the configuration of the plugin. Let me know if you get something similar working. Thanks, Rudy Fiordilino Talk America, inc. www.talk.com -Original Message- From: Paul Barnick [mailto:[EMAIL PROTECTED] Sent: Tuesday, March 08, 2005 1:55 PM To: samba@lists.samba.org Subject: [Samba] PGina Samba Does anyone have any experience using PGina with Samba for a simple single sign on approach using Windows clients? If so, I would love to know how it is working for you. I tried posting here a bit ago for a way to do this (single sign on) with samba only, but I didn't get any responses and therefore looked into other opportunities. Thanks. Paul -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Interdomain trust problem
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 John H Terpstra wrote: |PS - John, it would be great if you could update chapter 16 of _Samba 3 By |Example_ to include steps for establishing interdomain trusts when using |LDAP backend, because it is not immediately obvious to me what to do. | | I will update this chapter as part of the preps for release of 3.0.12. Speaking on trusts John, btwI forgot to tell you. Jim McD. got 'net rpc trustdom add DOMAIN' working so this will be the eventual replacement for 'smbpasswd -a -i'. cheers, jerry = Alleviating the pain of Windows(tm) --- http://www.samba.org GnuPG Key- http://www.plainjoe.org/gpg_public.asc I never saved anything for the swim back. Ethan Hawk in Gattaca -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.5 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFCLkmtIR7qMdg1EfYRAr9gAJ4z2DgC2VjcO4UbdKgMmM2Ud+wyCQCdHc3L Izpo1ObbyT4dno048OcSJjU= =smJg -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] PGina Samba
I'm currently using pGina with LDAP for authentication. For the purpose of bypassing Window's authentication. It's been working very well. The problem to overcome is the fact that LDAP authentication is via userPassword field in ldap schema but Window's SMB/CIFS uses The sambaNTPassword samba field for authentication. Bummer. I've worked around this issue via Linux scripts but pGina may have a plugin that addresses this issue directly. jay -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Paul Barnick Sent: Tuesday, March 08, 2005 7:39 PM To: 'Fiordilino, Rudy' Cc: samba@lists.samba.org Subject: RE: [Samba] PGina Samba Thanks for the reply. That is exactly what I'm trying to do - bypass the Windows authentication. I guess if you're able to get Samba/LDAP working and can't get Pgina to work, it might not be as easy as it seems (I'm still new to this and was impressed with myself when I got Samba working with a pretty simple configuration file!). I just wished that Samba could bypass the Windows authentication. Paul -Original Message- From: Fiordilino, Rudy [mailto:[EMAIL PROTECTED] Sent: Tuesday, March 08, 2005 7:12 PM To: Paul Barnick Subject: RE: [Samba] PGina Samba Hey Paul, We've been able to get Samba/LDAP working and are just now starting to play with PGina in order to someday bypass Windows authentication completely and use LDAP directly. I downloaded it a few weeks ago and wasn't able to login to LDAP during the configuration of the plugin. Let me know if you get something similar working. Thanks, Rudy Fiordilino Talk America, inc. www.talk.com -Original Message- From: Paul Barnick [mailto:[EMAIL PROTECTED] Sent: Tuesday, March 08, 2005 1:55 PM To: samba@lists.samba.org Subject: [Samba] PGina Samba Does anyone have any experience using PGina with Samba for a simple single sign on approach using Windows clients? If so, I would love to know how it is working for you. I tried posting here a bit ago for a way to do this (single sign on) with samba only, but I didn't get any responses and therefore looked into other opportunities. Thanks. Paul -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] mac osx : files automatically renamed
On Tuesday 08 March 2005 01:24, Stéphane VERGNAUD wrote: Hi, On a Linux server (Mandrake 10 distribution), I installed Samba server 3.0.10. The clients are all Mac OS X 10.3 Word files are automatically renamed when the user save the file. Does someone already heard about this weirdness ? Thanks Stéphane Some example renames may help. I'm betting the issue is related to handling of certain characters like / ? ! and accents in Macintosh versus Windows file naming conventions. Or perhaps the Mandrake box and the Macintosh clients have different nationalization settings. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Windows file permission abilities?
I'm potentially about to deploy a samba 3.0.11 file server on RHEL 3.4 or perhaps 4.0 and before i do i'm wondering if it can do a couple things. I read the howto and googled but didn't find exactly what i was looking for. Most importantly i'm wondering if it can implement the create dir/append to file permissions. My client wants users to be able to create files on the server but have only a few people who can actually delete the files. I thought about using the force user and umask properties, but wondered if when using samba as a domain controller the file permissions would be the same as window's file permissions or if that is a function of ntfs and samba always uses the unix file permissions. Second thing that the client is requesting is for files on the server to not be able to be copied to a remote storage device (prevent theft). Lets say the user is at a workstation and her logon permits her to read a specific file on the samba server. She has a dvd burner or a usb external drive, he doesn't want her to be able to copy the file either directly to the device or to copy it to a local drive and then burn it. He does however want the user to be able to burn dvds of locally stored data, or from the user's samba $home directory. I suspect this isn't very feasible as if you can read the data you should be able to copy it to your local machine and then put it wherever you want, but i figured i'd doublecheck. TIA, Aaron Martinez -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Windows file permission abilities?
On Tuesday 08 March 2005 07:08 pm, Aaron P. Martinez wrote: [...] Most importantly i'm wondering if it can implement the create dir/append to file permissions. My client wants users to be able to create files on the server but have only a few people who can actually delete the files. I thought about using the force user and umask properties, but wondered if when using samba as a domain controller the file permissions would be the same as window's file permissions or if that is a function of ntfs and samba always uses the unix file permissions. I'm trying to find this out myself on behalf of a Windows guy who is trying to do this for some reason. To be honest, I'm still not sure what good it does - if you can WRITE to a file, you can effectively delete it. (Overwrite it with a different file and rename it. Literally no different than deleting the original file then writing a new one, if NTFS handles deletions the same way that FATxx does (new file begins writing in the spot last vacated by the most recently deleted file...). As far as I know, append only isn't very useful for most file - if I understand correctly (for example) when you load, edit, and save a Microsoft Word file, it completely re-writes the file, it doesn't just add changes to the end. (The one possible use for append-only that I can think of would be for plain-text log files...) Nonetheless, somewhere along the way I got the impression that Samba would store the windows permissions bits as extended attributes, just as it does (or at least can) with DOS attributes. I'm not sure where I got this impression, though, and even if it stores the attributes I don't know if it enforces them. Nobody's stepped up yet to say one way or another whether Samba handles Windows file permissions or not in the last couple of days since the question came up. Second thing that the client is requesting is for files on the server to not be able to be copied to a remote storage device (prevent theft). Lets say the user is at a workstation and her logon permits her to read a specific file on the samba server. She has a dvd burner or a usb external drive, he doesn't want her to be able to copy the file either directly to the device or to copy it to a local drive and then burn it. He does however want the user to be able to burn dvds of locally stored data, or from the user's samba $home directory. I suspect this isn't very feasible as if you can read the data you should be able to copy it to your local machine and then put it wherever you want, but i figured i'd doublecheck. Literally impossible, as far as I know - as you say, if you can read it, you can copy it somewhere else. One alternative that would take some bureaucracy to implement would be to take away all end-user portable media (block off the USB storage options, remove DVD-R's and CD-R's, etc.) and set up a CENTRAL place, overseen by a trusted administrator, where users save files that they want saved to portable media. It'd be a huge hassle, but it WOULD at least give you controls over what files get exported to portable media - if the data is sensitive enough it might be worth it. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Trying to get ADS authentication working.
Hello, Your domain is called HQ Servers with a space in it? Are you sure that the 'net ads' command isn't misinterpreting that name and/or the quotes in the command? Also, did you specify a username (maybe 'adminName' in your example) for the 'net ads' command? Are you able to see this computer in Active Directory's Computers or another container? Steve On Tue, Mar 08, 2005 at 12:34:04PM -0800, Theodore Jencks wrote: I have been trying in vain to get ADS domain authentication working. I can't figure out what is wrong and have read the docs and looked through the mailing lists. I'm not sure why better documentation hasn't been written on the web site for the ADS feature since it's pretty spectacular to be able join a Samba server natively to an AD domain. I have successfully joined the samba server to the win 2k3 domain with this commands: Kinit [EMAIL PROTECTED] Net ads join HQ Servers This seems to work just fine but when I run wbinfo -t I get: checking the trust secret via RPC calls failed error code was NT_STATUS_DOMAIN_CONTROLLER_NOT_FOUND (0xc233) Could not check secret I have set the winbind to debug level 10 and when starting winbind I get this in the logs: [2005/03/08 12:13:33, 5] libsmb/namecache.c:namecache_fetch(201) name hqdc01.hq.navis.net#20 found. [2005/03/08 12:13:33, 10] libsmb/namequery.c:name_status_find(188) name_status_find: looking up HQ#1c at 192.168.192.60 [2005/03/08 12:13:33, 10] lib/gencache.c:gencache_get(285) Cache entry with key = NBT/HQ#1C.20.192.168.192.60 couldn't be found [2005/03/08 12:13:33, 5] libsmb/namecache.c:namecache_status_fetch(308) namecache_status_fetch: no entry for NBT/HQ#1C.20.192.168.192.60 found. [2005/03/08 12:13:33, 10] lib/gencache.c:gencache_del(214) Deleting cache entry (key = NBT/HQ#1C.20.192.168.192.60) [2005/03/08 12:13:33, 10] lib/util_sock.c:open_socket_in(717) bind succeeded on port 0 [2005/03/08 12:13:33, 5] libsmb/nmblib.c:send_udp(776) Sending a packet of len 50 to (192.168.192.60) on port 137 [2005/03/08 12:13:33, 10] lib/util_sock.c:read_udp_socket(230) read_udp_socket: lastip 192.168.192.60 lastport 137 read: 211 [2005/03/08 12:13:33, 10] libsmb/nmblib.c:parse_nmb(503) parse_nmb: packet id = 24973 [2005/03/08 12:13:33, 5] libsmb/nmblib.c:read_packet(754) Also of interest when I run kinit [EMAIL PROTECTED] I then type my password and the command appears to have worked however running klist tickets produces: klist: No credentials cache found (ticket cache FILE:tickets) Please help anyone that has any info on how I might begin diagnosing this problem. I have the following in my smb.conf file: [global] workgroup = HQ server string = Samba 3.0.11 Test Server security = ADS encrypt passwords = yes load printers = no log file = /var/log/samba/%m.log max log size = 50 socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 local master = no domain master = no dns proxy = no realm = HQ.NAVIS.NET password server = hqdc01.hq.navis.net winbind cache time = 10 idmap uid = 1-2 idmap gid = 1-2 winbind enum users = yes winbind enum groups = yes winbind use default domain = yes client use spnego = yes # Share Definitions == # This one is useful for people to share files [share] comment = this is a test share path = /test/share read only = no public = yes writable = yes printable = no browseable = yes valid users = @Domain Users This is the contents of my krb5.conf: [logging] default = FILE:/var/log/krb5libs.log kdc = FILE:/var/log/krb5kdc.log admin_server = FILE:/var/log/kadmind.log [libdefaults] ticket_lifetime = 24000 default_realm = HQ.NAVIS.NET default_tkt_enctypes = des-cbc-md5 des-cbc-crc default_tgs_enctypes = des-cbc-md5 des-cbc-crc dns_lookup_realm = true dns_lookup_kdc = true [realms] HQ.NAVIS.NET = { kdc = hqdc01.hq.navis.net:88 admin_server = hqdc01.hq.navis.net:749 default_domain = hq.navis.net } [domain_realm] .hq.navis.net = HQ.NAVIS.NET hq.navis.net = HQ.NAVIS.NET [kdc] profile = /var/kerberos/krb5kdc/kdc.conf [appdefaults] pam = { debug = false ticket_lifetime = 36000 renew_lifetime = 36000 forwardable = true krb4_convert = false } -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Please Help me
Dear All, I want help to access my window machine from linux machine , with samba server configure on it. Linux - 192.168.0.2 - with samba server Windows 2000 - 192.168.0.1 - with share directory \\FORTEIT\linux_map file:///\\FORTEIT\linux_map I already create one directory /mnt/share .. ok.. Now I want to mount /mnt/share to \\FORTEIT\linux_map file:///\\FORTEIT\linux_map ... using smbmount command So , I can copy files from linux to windows 2000 machine .( want to automate the process ..) Please guide me for the same.. Waiting for your positive reply. Email id ::: [EMAIL PROTECTED] , [EMAIL PROTECTED] Have A Nice Time.. Regards, Bhargav Patel -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Help .. Please !!!
Dear All, I want help to access my window machine from linux machine , with samba server configure on it. Linux - 192.168.0.2 - with samba server Windows 2000 - 192.168.0.1 - with share directory \\FORTEIT\linux_map file:///\\FORTEIT\linux_map I already create one directory /mnt/share .. ok.. Now I want to mount /mnt/share to \\FORTEIT\linux_map file:///\\FORTEIT\linux_map ... using smbmount command When trying for the same receive following error :: 5360: session setup failed: ERRDOS - ERRnoaccess (Access denied.) SMB connection failed So , I can copy files from linux to windows 2000 machine .( want to automate the process ..) Please guide me for the same.. Waiting for your positive reply. Email id ::: [EMAIL PROTECTED] , [EMAIL PROTECTED] Have A Nice Time.. Regards, Bhargav Patel -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] ADS question
Greetings, I managed to join my samba server into my ActiveDirectory domain. wbinfo -g or -u shows the groups and users in my Windows domain. But how do I use it for granting or denying access to my shares? Marcus -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] (no subject)
Hallo! I am running samba 3.01012 on a fc2 server. I have problems with samba/ cups for some of my printers, and samba is filling up /var/log/messages with the following lines: -printing/print_cups.c:cups_queue_get(900) -server smbd[23036]: Unable to get jobs for ipp://localhost/printers/[printer-name] - client-error-not-found The printers work, however, but printing is rather slow. Has anyone found a solution to this problem. I have been googgling around and found that the problem is well known, but I have not found any solutions. Thanks! Bjrorn _ MSN Messenger http://www.msn.no/messenger Den korteste veien mellom deg og dine venner -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Please Help me
On Wed, 9 Mar 2005 12:01:51 +0530, Bhargav [EMAIL PROTECTED] wrote: Dear All, I want help to access my window machine from linux machine , with samba server configure on it. Linux - 192.168.0.2 - with samba server Windows 2000 - 192.168.0.1 - with share directory \\FORTEIT\linux_map file:///\\FORTEIT\linux_map I already create one directory /mnt/share .. ok.. Now I want to mount /mnt/share to \\FORTEIT\linux_map file:///\\FORTEIT\linux_map ... using smbmount command So , I can copy files from linux to windows 2000 machine .( want to automate the process ..) Please guide me for the same.. Waiting for your positive reply. Email id ::: [EMAIL PROTECTED] , [EMAIL PROTECTED] Have A Nice Time.. Hey , For mounting the windows drive on linux you have to use mount command mount -t smbfs //windows machine name/share directory /mnt/share -o user=windows user then it will ask for the password.give the password of the windows user If you want to kept it forever edit /etc/fstab file and add an entry //windowsmahcine name/share folder /mnt/sharesmbfs credentials= /etc/.smb 0 0 in /etc/.smb file give this username = windows username password = windows user password you can give any file means against /etc/.smb file but make sure that permissions for that are 600 . like this ,you can also make a file like this /etc//home/bhargav/.smb Regards Ankush and make -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
URL for mailing list seems to have changed.
David Gudewicz just gave me a heads up: The URL for the mailing list seems to have changed and the old one no longer works. I do not know if this is a bug or a permanent change. The current working URL is: https://lists.samba.org/mailman/listinfo/samba-vms -John [EMAIL PROTECTED] Personal Opinion Only PLEASE READ THIS IMPORTANT ETIQUETTE MESSAGE BEFORE POSTING: http://www.catb.org/~esr/faqs/smart-questions.html
svn commit: samba r5689 - in branches/SAMBA_3_0/examples/LDAP: .
Author: jmcd Date: 2005-03-08 11:02:48 + (Tue, 08 Mar 2005) New Revision: 5689 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=5689 Log: Allow for better protection of sensitive attributes in IBM Directory Server. Modified: branches/SAMBA_3_0/examples/LDAP/samba.schema.at.IBM-DS Changeset: Modified: branches/SAMBA_3_0/examples/LDAP/samba.schema.at.IBM-DS === --- branches/SAMBA_3_0/examples/LDAP/samba.schema.at.IBM-DS 2005-03-08 00:00:13 UTC (rev 5688) +++ branches/SAMBA_3_0/examples/LDAP/samba.schema.at.IBM-DS 2005-03-08 11:02:48 UTC (rev 5689) @@ -1,8 +1,10 @@ ## Samba 3.0 schema for IBM Directory Server 5.1 - object classes only attributetypes=( 1.3.6.1.4.1.7165.2.1.24 NAME 'sambaLMPassword'DESC 'LanManager Password' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{32} SINGLE-VALUE ) +IBMAttributetypes=( 1.3.6.1.4.1.7165.2.1.24 DBNAME( 'sambaLMPassword' 'sambaLMPassword' ) ACCESS-CLASS critical ) attributetypes=( 1.3.6.1.4.1.7165.2.1.25 NAME 'sambaNTPassword' DESC 'MD4 hash of the unicode password'EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{32} SINGLE-VALUE ) +IBMAttributetypes=( 1.3.6.1.4.1.7165.2.1.25 DBNAME( 'sambaNTPassword' 'sambaNTPassword' ) ACCESS-CLASS critical ) attributetypes=( 1.3.6.1.4.1.7165.2.1.26 NAME 'sambaAcctFlags' DESC 'Account Flags' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{16} SINGLE-VALUE ) @@ -67,6 +69,7 @@ attributetypes=( 1.3.6.1.4.1.7165.2.1.53 NAME 'sambaTrustFlags' DESC 'Trust Password Flags' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) attributetypes=( 1.3.6.1.4.1.7165.2.1.54 NAME 'sambaPasswordHistory' DESC 'Concatenated MD4 hashes of the unicode passwords used on this account' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{32} ) +IBMAttributetypes=( 1.3.6.1.4.1.7165.2.1.54 DBNAME( 'sambaPasswordHistory' 'sambaPasswordHistory' ) ACCESS-CLASS critical ) attributetypes=( 1.3.6.1.4.1.7165.2.1.55 NAME 'sambaLogonHours' DESC 'Logon Hours' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{42} SINGLE-VALUE )
svn commit: samba r5690 - in trunk/examples/LDAP: .
Author: jmcd Date: 2005-03-08 11:04:08 + (Tue, 08 Mar 2005) New Revision: 5690 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=5690 Log: Allow for better protection of sensitive attributes in IBM Directory Server. Modified: trunk/examples/LDAP/samba.schema.at.IBM-DS Changeset: Modified: trunk/examples/LDAP/samba.schema.at.IBM-DS === --- trunk/examples/LDAP/samba.schema.at.IBM-DS 2005-03-08 11:02:48 UTC (rev 5689) +++ trunk/examples/LDAP/samba.schema.at.IBM-DS 2005-03-08 11:04:08 UTC (rev 5690) @@ -1,8 +1,10 @@ ## Samba 3.0 schema for IBM Directory Server 5.1 - object classes only attributetypes=( 1.3.6.1.4.1.7165.2.1.24 NAME 'sambaLMPassword'DESC 'LanManager Password' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{32} SINGLE-VALUE ) +IBMAttributetypes=( 1.3.6.1.4.1.7165.2.1.24 DBNAME( 'sambaLMPassword' 'sambaLMPassword' ) ACCESS-CLASS critical ) attributetypes=( 1.3.6.1.4.1.7165.2.1.25 NAME 'sambaNTPassword' DESC 'MD4 hash of the unicode password'EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{32} SINGLE-VALUE ) +IBMAttributetypes=( 1.3.6.1.4.1.7165.2.1.25 DBNAME( 'sambaNTPassword' 'sambaNTPassword' ) ACCESS-CLASS critical ) attributetypes=( 1.3.6.1.4.1.7165.2.1.26 NAME 'sambaAcctFlags' DESC 'Account Flags' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{16} SINGLE-VALUE ) @@ -67,6 +69,7 @@ attributetypes=( 1.3.6.1.4.1.7165.2.1.53 NAME 'sambaTrustFlags' DESC 'Trust Password Flags' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) attributetypes=( 1.3.6.1.4.1.7165.2.1.54 NAME 'sambaPasswordHistory' DESC 'Concatenated MD4 hashes of the unicode passwords used on this account' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{32} ) +IBMAttributetypes=( 1.3.6.1.4.1.7165.2.1.54 DBNAME( 'sambaPasswordHistory' 'sambaPasswordHistory' ) ACCESS-CLASS critical ) attributetypes=( 1.3.6.1.4.1.7165.2.1.55 NAME 'sambaLogonHours' DESC 'Logon Hours' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{42} SINGLE-VALUE )
svn commit: samba r5691 - in branches/SAMBA_3_0/source/printing: .
Author: jerry Date: 2005-03-08 17:22:39 + (Tue, 08 Mar 2005) New Revision: 5691 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=5691 Log: wrapping the pause/resume/purge printer commands in {become,unbecome}_root() blocks. We've already done a print_access_check() to ensure the user is admin. The means that non-root users can pause and manage printers. I really don't see how this worked before without setuid binaries on the server. Also update print_queue_update() interface to allow an smbd to update the print queue cache locally rather than going through the bg lpq daemon. This is needed for things like pjob_delete() to ensure the cache is current for the specific client. Modified: branches/SAMBA_3_0/source/printing/printing.c Changeset: Sorry, the patch is too large (285 lines) to include; please use WebSVN to see it! WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=5691
svn commit: samba r5692 - in branches/SAMBA_3_0/source/sam: .
Author: vlendec Date: 2005-03-08 17:42:59 + (Tue, 08 Mar 2005) New Revision: 5692 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=5692 Log: Fix compile warnings Modified: branches/SAMBA_3_0/source/sam/idmap_rid.c Changeset: Modified: branches/SAMBA_3_0/source/sam/idmap_rid.c === --- branches/SAMBA_3_0/source/sam/idmap_rid.c 2005-03-08 17:22:39 UTC (rev 5691) +++ branches/SAMBA_3_0/source/sam/idmap_rid.c 2005-03-08 17:42:59 UTC (rev 5692) @@ -146,9 +146,9 @@ uint32 des_access = SEC_RIGHTS_MAXIMUM_ALLOWED; fstring dc_name; struct in_addr dc_ip; - char *password = NULL; - char *username = NULL; - char *domain = NULL; + const char *password = NULL; + const char *username = NULL; + const char *domain = NULL; uint32 info_class = 5; char *domain_name = NULL; DOM_SID *domain_sid, sid;
svn commit: samba r5693 - in trunk/source/sam: .
Author: vlendec Date: 2005-03-08 17:43:38 + (Tue, 08 Mar 2005) New Revision: 5693 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=5693 Log: Merges from 3_0 Modified: trunk/source/sam/idmap_rid.c Changeset: Modified: trunk/source/sam/idmap_rid.c === --- trunk/source/sam/idmap_rid.c2005-03-08 17:42:59 UTC (rev 5692) +++ trunk/source/sam/idmap_rid.c2005-03-08 17:43:38 UTC (rev 5693) @@ -51,9 +51,9 @@ int i; fstring sid_str; BOOL known_domain = False; - p = init_param; fstring tok; + p = init_param; trust.number = 0; /* falling back to automatic mapping when there were no options given */ @@ -146,9 +146,9 @@ uint32 des_access = SEC_RIGHTS_MAXIMUM_ALLOWED; fstring dc_name; struct in_addr dc_ip; - char *password = NULL; - char *username = NULL; - char *domain = NULL; + const char *password = NULL; + const char *username = NULL; + const char *domain = NULL; uint32 info_class = 5; char *domain_name = NULL; DOM_SID *domain_sid, sid; @@ -159,6 +159,7 @@ DOM_SID *trusted_domain_sids; uint32 enum_ctx = 0; DOM_SID builtin_sid; + int own_domains = 2; /* put the results together */ *num_domains = 1; @@ -270,7 +271,6 @@ i, trusted_domain_names[i], sid_str)); } - int own_domains = 2; if (!sid_equal(domain_sid, get_global_sam_sid())) ++own_domains;
svn commit: samba r5694 - in trunk/source: include lib libsmb printing
Author: jerry Date: 2005-03-08 19:07:38 + (Tue, 08 Mar 2005) New Revision: 5694 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=5694 Log: janitor work for myself and others Modified: trunk/source/include/printing.h trunk/source/lib/privileges.c trunk/source/libsmb/clidfs.c trunk/source/libsmb/ntlmssp.c trunk/source/printing/nt_printing.c trunk/source/printing/pcap.c trunk/source/printing/print_svid.c trunk/source/printing/printing.c Changeset: Sorry, the patch is too large (508 lines) to include; please use WebSVN to see it! WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=5694
Re: svn commit: samba-docs r381 - in trunk/smbdotconf/security: .
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 [EMAIL PROTECTED] wrote: | Author: jht | Date: 2005-03-08 19:44:19 + (Tue, 08 Mar 2005) | New Revision: 381 | | WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=samba-docsrev=381 | | Log: | Fixing note in bug #2364 | Modified: |trunk/smbdotconf/security/printeradmin.xml | John, 'printer admin' is a service level parameter. if people want to install/remove drivers or give the 'add printer wizard' option to accounts, then they should use the SePrintOperatorPrivilege. The reason this bug came up is that it is a common practice to define the 'printer admin's in [global] to allow a default printer admin list of users/groups. cheers, jerry -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.5 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFCLh0PIR7qMdg1EfYRAjfmAJ0W4OEIjxSF7JIDiutPmQFSSg/vDQCguvea q/1T//T+Q04NUg1qOswm5eM= =TrWF -END PGP SIGNATURE-
svn commit: samba r5698 - in trunk/source/printing: .
Author: gd Date: 2005-03-08 22:42:32 + (Tue, 08 Mar 2005) New Revision: 5698 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=5698 Log: fix the build. Guenther Modified: trunk/source/printing/nt_printing.c Changeset: Modified: trunk/source/printing/nt_printing.c === --- trunk/source/printing/nt_printing.c 2005-03-08 22:24:47 UTC (rev 5697) +++ trunk/source/printing/nt_printing.c 2005-03-08 22:42:32 UTC (rev 5698) @@ -2404,7 +2404,7 @@ Allocate and initialize a new slot. ***/ -static int add_new_printer_key( NT_PRINTER_DATA *data, const char *name ) +int add_new_printer_key( NT_PRINTER_DATA *data, const char *name ) { NT_PRINTER_KEY *d; int key_index;
svn commit: samba r5699 - in trunk/source/smbd: .
Author: jra Date: 2005-03-08 23:03:30 + (Tue, 08 Mar 2005) New Revision: 5699 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=5699 Log: Fix problems where we're not pointing to the start of entry for a couple of info levels - W2K3 always points to the start, not the name. Jeremy. Modified: trunk/source/smbd/trans2.c Changeset: Modified: trunk/source/smbd/trans2.c === --- trunk/source/smbd/trans2.c 2005-03-08 22:42:32 UTC (rev 5698) +++ trunk/source/smbd/trans2.c 2005-03-08 23:03:30 UTC (rev 5699) @@ -811,7 +811,7 @@ BOOL dont_descend,char **ppdata, char *base_data, int space_remaining, BOOL *out_of_space, BOOL *got_exact_match, -int *last_name_off) +int *last_entry_off) { const char *dname; BOOL found = False; @@ -828,6 +828,7 @@ uint32 len; time_t mdate=0, adate=0, cdate=0; char *nameptr; + char *last_entry_ptr; BOOL was_8_3; int nt_extmode; /* Used for NT connections instead of mode */ BOOL needslash = ( conn-dirpath[strlen(conn-dirpath) -1] != '/'); @@ -964,7 +965,7 @@ mangle_map(fname,False,True,SNUM(conn)); p = pdata; - nameptr = p; + last_entry_ptr = p; nt_extmode = mode ? mode : FILE_ATTRIBUTE_NORMAL; @@ -1294,8 +1295,8 @@ return False; /* Not finished - just out of space */ } - /* Setup the last_filename pointer, as an offset from base_data */ - *last_name_off = PTR_DIFF(nameptr,base_data); + /* Setup the last entry pointer, as an offset from base_data */ + *last_entry_off = PTR_DIFF(last_entry_ptr,base_data); /* Advance the data pointer to the next slot */ *ppdata = p; @@ -1327,7 +1328,7 @@ pstring directory; pstring mask; char *p; - int last_name_off=0; + int last_entry_off=0; int dptr_num = -1; int numentries = 0; int i; @@ -1454,7 +1455,7 @@ mask,dirtype,info_level, requires_resume_key,dont_descend, p,pdata,space_remaining, out_of_space, got_exact_match, - last_name_off); + last_entry_off); } if (finished out_of_space) @@ -1499,7 +1500,7 @@ SSVAL(params,2,numentries); SSVAL(params,4,finished); SSVAL(params,6,0); /* Never an EA error */ - SSVAL(params,8,last_name_off); + SSVAL(params,8,last_entry_off); send_trans2_replies( outbuf, bufsize, params, 10, pdata, PTR_DIFF(p,pdata)); @@ -1554,7 +1555,7 @@ char *p; uint16 dirtype; int numentries = 0; - int i, last_name_off=0; + int i, last_entry_off=0; BOOL finished = False; BOOL dont_descend = False; BOOL out_of_space = False; @@ -1691,7 +1692,7 @@ mask,dirtype,info_level, requires_resume_key,dont_descend, p,pdata,space_remaining, out_of_space, got_exact_match, - last_name_off); + last_entry_off); } if (finished out_of_space) @@ -1723,7 +1724,7 @@ SSVAL(params,0,numentries); SSVAL(params,2,finished); SSVAL(params,4,0); /* Never an EA error */ - SSVAL(params,6,last_name_off); + SSVAL(params,6,last_entry_off); send_trans2_replies( outbuf, bufsize, params, 8, pdata, PTR_DIFF(p,pdata));
svn commit: samba r5700 - in branches/SAMBA_3_0/source/smbd: .
Author: jra Date: 2005-03-08 23:03:38 + (Tue, 08 Mar 2005) New Revision: 5700 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=5700 Log: Fix problems where we're not pointing to the start of entry for a couple of info levels - W2K3 always points to the start, not the name. Jeremy. Modified: branches/SAMBA_3_0/source/smbd/trans2.c Changeset: Modified: branches/SAMBA_3_0/source/smbd/trans2.c === --- branches/SAMBA_3_0/source/smbd/trans2.c 2005-03-08 23:03:30 UTC (rev 5699) +++ branches/SAMBA_3_0/source/smbd/trans2.c 2005-03-08 23:03:38 UTC (rev 5700) @@ -811,7 +811,7 @@ BOOL dont_descend,char **ppdata, char *base_data, int space_remaining, BOOL *out_of_space, BOOL *got_exact_match, -int *last_name_off) +int *last_entry_off) { const char *dname; BOOL found = False; @@ -828,6 +828,7 @@ uint32 len; time_t mdate=0, adate=0, cdate=0; char *nameptr; + char *last_entry_ptr; BOOL was_8_3; int nt_extmode; /* Used for NT connections instead of mode */ BOOL needslash = ( conn-dirpath[strlen(conn-dirpath) -1] != '/'); @@ -964,7 +965,7 @@ mangle_map(fname,False,True,SNUM(conn)); p = pdata; - nameptr = p; + last_entry_ptr = p; nt_extmode = mode ? mode : FILE_ATTRIBUTE_NORMAL; @@ -1294,8 +1295,8 @@ return False; /* Not finished - just out of space */ } - /* Setup the last_filename pointer, as an offset from base_data */ - *last_name_off = PTR_DIFF(nameptr,base_data); + /* Setup the last entry pointer, as an offset from base_data */ + *last_entry_off = PTR_DIFF(last_entry_ptr,base_data); /* Advance the data pointer to the next slot */ *ppdata = p; @@ -1327,7 +1328,7 @@ pstring directory; pstring mask; char *p; - int last_name_off=0; + int last_entry_off=0; int dptr_num = -1; int numentries = 0; int i; @@ -1454,7 +1455,7 @@ mask,dirtype,info_level, requires_resume_key,dont_descend, p,pdata,space_remaining, out_of_space, got_exact_match, - last_name_off); + last_entry_off); } if (finished out_of_space) @@ -1499,7 +1500,7 @@ SSVAL(params,2,numentries); SSVAL(params,4,finished); SSVAL(params,6,0); /* Never an EA error */ - SSVAL(params,8,last_name_off); + SSVAL(params,8,last_entry_off); send_trans2_replies( outbuf, bufsize, params, 10, pdata, PTR_DIFF(p,pdata)); @@ -1554,7 +1555,7 @@ char *p; uint16 dirtype; int numentries = 0; - int i, last_name_off=0; + int i, last_entry_off=0; BOOL finished = False; BOOL dont_descend = False; BOOL out_of_space = False; @@ -1691,7 +1692,7 @@ mask,dirtype,info_level, requires_resume_key,dont_descend, p,pdata,space_remaining, out_of_space, got_exact_match, - last_name_off); + last_entry_off); } if (finished out_of_space) @@ -1723,7 +1724,7 @@ SSVAL(params,0,numentries); SSVAL(params,2,finished); SSVAL(params,4,0); /* Never an EA error */ - SSVAL(params,6,last_name_off); + SSVAL(params,6,last_entry_off); send_trans2_replies( outbuf, bufsize, params, 8, pdata, PTR_DIFF(p,pdata));
Build status as of Wed Mar 9 00:00:02 2005
URL: http://build.samba.org/ --- /home/build/master/cache/broken_results.txt.old 2005-03-08 00:00:42.0 + +++ /home/build/master/cache/broken_results.txt 2005-03-09 00:00:40.0 + @@ -1,4 +1,4 @@ -Build status as of Tue Mar 8 00:00:01 2005 +Build status as of Wed Mar 9 00:00:02 2005 Build counts: Tree Total Broken Panic @@ -8,12 +8,11 @@ rsync40 4 0 samba1 1 1 samba-docs 0 0 0 -samba4 45 14 0 -samba_3_042 19 1 +samba4 45 15 0 +samba_3_042 18 1 Currently broken builds: Host Tree Compiler Status -aix1 samba_3_0gccok/ok/ok/ 1 cyberone samba4 gccok/ 2/?/? cyberone samba_3_0gcc 1/?/?/? fusberta samba4 gccok/ 2/?/? @@ -30,7 +29,6 @@ gwen distcc cc ok/ 1/?/? gwen samba4 cc ok/ 1/?/? gwen samba_3_0cc ok/ 1/?/? -us4samba4 cc 127/?/?/? us4samba_3_0cc ok/ok/ok/ 2 us4samba_3_0gccok/ok/ok/ 2 flock samba4 gccok/ 1/?/? @@ -59,7 +57,9 @@ m30samba4 gccok/ 2/?/? m30samba_3_0gccok/ok/ok/ 1 metze02sambagccok/ok/ok/ 1/PANIC +metze02samba4 gccok/ 2/?/? metze02samba_3_0gccok/ 2/?/? +metze02samba4 gcc-3.4 1/?/?/? l390vme1 samba_3_0gccok/ 2/?/? opippp gccok/ 2/?/?
svn commit: samba r5702 - in branches/SAMBA_3_0/source/libsmb: .
Author: jra Date: 2005-03-09 00:06:27 + (Wed, 09 Mar 2005) New Revision: 5702 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=5702 Log: Fix bug #2271. Correctly pull out and use resume names in a directory listing (we were incorrectly understanding what was returned in the last name entry). Jeremy. Modified: branches/SAMBA_3_0/source/libsmb/clilist.c Changeset: Modified: branches/SAMBA_3_0/source/libsmb/clilist.c === --- branches/SAMBA_3_0/source/libsmb/clilist.c 2005-03-09 00:06:03 UTC (rev 5701) +++ branches/SAMBA_3_0/source/libsmb/clilist.c 2005-03-09 00:06:27 UTC (rev 5702) @@ -268,24 +268,6 @@ p = rdata; /* we might need the lastname for continuations */ - if (ff_lastname 0) { - switch(info_level) { - case 260: - clistr_pull(cli, mask, p+ff_lastname, - sizeof(mask), - data_len-ff_lastname, - STR_TERMINATE); - break; - case 1: - clistr_pull(cli, mask, p+ff_lastname+1, - sizeof(mask), - -1, - STR_TERMINATE); - break; - } - } else { - pstrcpy(mask,); - } /* and add them to the dirlist pool */ tdl = SMB_REALLOC(dirlist,dirlist_len + data_len); @@ -299,10 +281,18 @@ /* put in a length for the last entry, to ensure we can chain entries into the next packet */ - for (p2=p,i=0;i(ff_searchcount-1);i++) - p2 += interpret_long_filename(cli,info_level,p2,NULL); + for (p2=p,i=0;i(ff_searchcount-1);i++) { + p2 += interpret_long_filename(cli,info_level,p2,finfo); + } SSVAL(p2,0,data_len - PTR_DIFF(p2,p)); + /* we might need the lastname for continuations */ + if (ff_lastname 0) { + pstrcpy(mask, finfo.name); + } else { + pstrcpy(mask,); + } + /* grab the data for later use */ memcpy(dirlist+dirlist_len,p,data_len); dirlist_len += data_len;
svn commit: samba r5703 - in trunk/source: . include rpc_parse rpc_server
Author: jerry Date: 2005-03-09 01:01:19 + (Wed, 09 Mar 2005) New Revision: 5703 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=5703 Log: add more svcctl api's; swap to WERROR instead of NT_STATUS Modified: trunk/source/Makefile.in trunk/source/include/doserr.h trunk/source/include/rpc_svcctl.h trunk/source/rpc_parse/parse_svcctl.c trunk/source/rpc_server/srv_svcctl.c trunk/source/rpc_server/srv_svcctl_nt.c Changeset: Sorry, the patch is too large (445 lines) to include; please use WebSVN to see it! WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=5703
svn commit: samba r5704 - in trunk/source: .
Author: jerry Date: 2005-03-09 01:02:38 + (Wed, 09 Mar 2005) New Revision: 5704 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=5704 Log: reverting accidental changes to Makefile.in Modified: trunk/source/Makefile.in Changeset: Modified: trunk/source/Makefile.in === --- trunk/source/Makefile.in2005-03-09 01:01:19 UTC (rev 5703) +++ trunk/source/Makefile.in2005-03-09 01:02:38 UTC (rev 5704) @@ -417,7 +417,7 @@ PRINTBASE_OBJ = printing/notify.o printing/printing_db.o -PRINTBACKEND_OBJ = printing/printing.o printing/nt_printing.o $(PRINTBASE_OBJ) +PRINTBACKEND_OBJ = printing/printing.o printing/nt_printing.o $(PRINTBASE_OBJ) printing/ntprint_ldap.o SMBD_OBJ = $(SMBD_OBJ_BASE) $(SMBD_OBJ_MAIN) NMBD_OBJ1 = nmbd/asyncdns.o nmbd/nmbd.o nmbd/nmbd_become_dmb.o \
svn commit: samba-docs r384 - in trunk/Samba-Guide: .
Author: jht Date: 2005-03-09 07:59:06 + (Wed, 09 Mar 2005) New Revision: 384 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=samba-docsrev=384 Log: Updated new Migration from NetWare Chapter Modified: trunk/Samba-Guide/Chap08b-MigrateNW4Samba3.xml Changeset: Sorry, the patch is too large (1199 lines) to include; please use WebSVN to see it! WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=samba-docsrev=384