Re: [Samba] Windows file permission abilities?
On Tuesday 08 March 2005 19:48, S Clark wrote: On Tuesday 08 March 2005 07:08 pm, Aaron P. Martinez wrote: [...] SNIPS To be honest, I'm still not sure what good it does - if you can WRITE to a file, you can effectively delete it. (Overwrite it with a different file and rename it. Literally no different than deleting the original file then writing a new one, if NTFS handles deletions the same way that FATxx does (new file begins writing in the spot last vacated by the most recently deleted file...). As far as I know, append only isn't very useful for most file - if I understand correctly (for example) when you load, edit, and save a Microsoft Word file, it completely re-writes the file, it doesn't just add changes to the end. (The one possible use for append-only that I can think of would be for plain-text log files...) Well consider the case of a simple database file (Access or a product my client uses called Clients and Profits. Users must be able to modify the file (using the proprietary application on their workstations) but we don't want them to actually drag it to the recycle bin or save a file with the same file name over it. So, yeah, modify but not delete would be a useful attribute. So instead, I create a hidden share ( sharename ends in dollar sign -- e.g. \\myserver\hiddenshare$ ) and point the application at it. File is still deletable, but harder for the clueless to accidentally access. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] mac osx : files automatically renamed
Matthew Easton wrote: On a Linux server (Mandrake 10 distribution), I installed Samba server 3.0.10. The clients are all Mac OS X 10.3 Word files are automatically renamed when the user save the file. Does someone already heard about this weirdness ? Thanks Stéphane Some example renames may help. I'm betting the issue is related to handling of certain characters like / ? ! and accents in Macintosh versus Windows file naming conventions. Or perhaps the Mandrake box and the Macintosh clients have different nationalization settings. Alternatively, Microsoft do some 'interesting' things when saving files, and I've seen a number of oddly named files left lying around on fileservers (mostly Netatalk though) as a result of Word having problems saving files. Simon -- Simon Hobson MA MIEE, Technology Specialist Colony Gift Corporation Limited Lindal in Furness, Ulverston, Cumbria, LA12 0LD Tel 01229 461100, Fax 01229 461101 Registered in England No. 1499611 Regd. Office : 100 New Bridge Street, London, EC4V 6JA. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Roaming Profiles and Mapped Drives
Hmm, try a higher verion of samba first, coz 3.02 is from the early stages.. could you send some part of the log file, coz it might be a permission thing, or maybe the drive letters are already used in the profile it self ? or some other thing. try logging in without the logonscript (where the drives get mapped), then you can see if the letters are already used.. if not, try entering the net use command when you are logged in (without script), to see if it returns an error.. Greetings, Collen [EMAIL PROTECTED] wrote: Hi, I have a weird problem with a Linux Server acting as a PDC with Samba 3.02. If I map a particular Samba share as the Z drive -- and I use roaming profiles with a logon.bat script -- the share will NEVER automatically reconnect when logging on again. This happens 100 percent of the time. And now the same thing seems to be happening for any shared mapped as the M drive. Using any other letter for any share works fine -- the mapped share always comes back as the same drive letter with each subsequent logon. Any ideas what could be causing this? It was no big deal to tell my users to NOT use the letter Z -- that's an easy workaround. But now things are getting messy if there's another letter that can't be used. Andy Liebman -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Logon script
On Tue, 8 Mar 2005 11:43:08 -0600 [EMAIL PROTECTED] wrote: Hi, i'm having roubles with samba as PDC, i want to modify some registry keys (relates with windows update) in XP 2000 clients. I've tryed logons scripts but it seems that i don have enough permissions to do that, so i tried to do a ntconfig.pol but when the client logs on domain y just get the file (ntconfig.pol) and any changes are made. So how can i modify windows registry keys? Thanks Go the ntconfig.pol way ! I assure you it works. Use poledit from W2k to create the NTConfig.pol Use the joined adm file. After installation of ntconfig.pol in the netlogon share the changes are applied in HKLM Software\Policies the first time somebody logon on a client machine. you can check with regedit. Reboot the machine and the changes are in effect. I'm using the same method to configure the XP firewall. ---SUS.ADM--- Go the ntconfig.pol way ! I assure you it works. Use poledit from W2k to create the NTConfig.pol Use the joined adm file. After installation of ntconfig.pol in the netlogon share the changes are applied in HKLM Software\Policies the first time somebody logon on a client machine. you can check with regedit. Reboot the machine and the changes are in effect. I'm using the same method to configure the XP firewall. CLASS MACHINE CATEGORY Windows Components CATEGORY Windows Update KEYNAME Software\Policies\Microsoft\Windows\WindowsUpdate\AU POLICY Configure Automatic Updates VALUENAME NoAutoUpdate VALUEOFF NUMERIC 1 VALUEON NUMERIC 0 PART Configure automatic updating: DROPDOWNLIST REQUIRED VALUENAME AUOptions ITEMLIST NAME 2 - Notify for download and notify for install VALUE NUMERIC 2 NAME 3 - Auto download and notify for install VALUE NUMERIC 3 DEFAULT NAME 4 - Auto download and schedule the install VALUE NUMERIC 4 END ITEMLIST END PART PART The following settings are only required TEXT END PART PART and applicable if 4 is selected. TEXT END PART PART Scheduled install day: DROPDOWNLIST REQUIRED VALUENAME ScheduledInstallDay ITEMLIST NAME 0 - Every dayVALUE NUMERIC 0 DEFAULT NAME 1 - Every Sunday VALUE NUMERIC 1 NAME 2 - Every Monday VALUE NUMERIC 2 NAME 3 - Every TuesdayVALUE NUMERIC 3 NAME 4 - Every Wednesday VALUE NUMERIC 4 NAME 5 - Every Thursday VALUE NUMERIC 5 NAME 6 - Every Friday VALUE NUMERIC 6 NAME 7 - Every Saturday VALUE NUMERIC 7 END ITEMLIST END PART PART Scheduled install time: DROPDOWNLIST REQUIRED VALUENAME ScheduledInstallTime ITEMLIST NAME 00:00VALUE NUMERIC 0 NAME 01:00VALUE NUMERIC 1 NAME 02:00VALUE NUMERIC 2 NAME 03:00VALUE NUMERIC 3 DEFAULT NAME 04:00VALUE NUMERIC 4 NAME 05:00VALUE NUMERIC 5 NAME 06:00VALUE NUMERIC 6 NAME 07:00VALUE NUMERIC 7 NAME 08:00VALUE NUMERIC 8 NAME 09:00VALUE NUMERIC 9 NAME 10:00VALUE NUMERIC 10 NAME 11:00VALUE NUMERIC 11 NAME 12:00VALUE NUMERIC 12 NAME 13:00VALUE NUMERIC 13 NAME 14:00VALUE NUMERIC 14 NAME 15:00VALUE NUMERIC 15 NAME 16:00VALUE NUMERIC 16 NAME 17:00VALUE NUMERIC 17 NAME 18:00VALUE NUMERIC 18 NAME 19:00VALUE NUMERIC 19 NAME 20:00VALUE NUMERIC 20 NAME 21:00VALUE NUMERIC 21 NAME 22:00VALUE NUMERIC 22 NAME 23:00VALUE NUMERIC 23 END ITEMLIST END PART END POLICY POLICY Use corporate SUS server instead of Windows Update KEYNAME
Re: [Samba] ADS question
Am Mittwoch, den 09.03.2005, 08:43 +0100 schrieb Marcus Franke: Greetings, I managed to join my samba server into my ActiveDirectory domain. wbinfo -g or -u shows the groups and users in my Windows domain. But how do I use it for granting or denying access to my shares? Ok, did some further investigations and found the following: [public] comment = Backup Verzeichnis path = /mnt/backup admin users = DOMAIN+Administrator, root valid users = DOMAIN+Administrator, root The administrator of my Windows domain now should be able to access the public share. But when I try to access the box I am asked for a username and a password. I found, that getent passwd and group does not list the domain users and groups, just my local users and groups from /etc/passwd and /etc/groups. Am I doing something completely wrong? I used the doc from: http://us2.samba.org/samba/docs/man/Samba-Guide/unixclients.html#ch9-adssdm Marcus -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] PGina Samba
Why use PGina when you can just join the Samba domain? Passwords. Even if you only use pGina to trap password changes, you get a chance at the plain-text password without having some other funky interface, just the standard ctrl+alt+del chage password. pGina allows chaining of ginas (which is actually what is supposed to happen, but most gina authors implement this incorrectly), so you can still use windows auth if you want. Anyway, Paul, have you tried the pgina site? Nate is usually very helpful. Jim McDonough IBM Linux Technology Center Samba Team 6 Minuteman Drive Scarborough, ME 04074 USA jmcd at us dot ibm dot com jmcd at samba dot org Phone: 1-877-228-1846 IBM tie-line: 349-5335-- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] samba 3 and ldapsam_compat
Hi, i'm trying to configure a samba-3.0.9-2.3 with suse 9.2 and openldap2-2.1.12-74 in another server but i have a strange problem. My samba schema is old and i have use the ldapsam_compat parameter on samba 3. My problem: I mount a share of samba 3 server on my linux: # mount -t smbfs -o username=joanr //192.9.200.147/dpd /mnt Password: 30004: tree connect failed: ERRDOS - ERRnoaccess (Access denied.) SMB connection failed The log: [...] [2005/03/09 13:00:19, 3] lib/smbldap.c:smbldap_connect_system(858) ldap_connect_system: succesful connection to the LDAP server [2005/03/09 13:00:19, 2] passdb/pdb_ldap.c:init_sam_from_ldap(518) init_sam_from_ldap: Entry found for user: joanr [2005/03/09 13:00:19, 5] passdb/login_cache.c:login_cache_init(41) Opening cache file at /var/lib/samba/login_cache.tdb [2005/03/09 13:00:19, 3] smbd/sec_ctx.c:pop_sec_ctx(386) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2005/03/09 13:00:19, 4] libsmb/ntlm_check.c:ntlm_password_check(326) ntlm_password_check: Checking NT MD4 password [2005/03/09 13:00:19, 4] auth/auth_sam.c:sam_account_ok(119) sam_account_ok: Checking SMB password for user joanr [2005/03/09 13:00:19, 5] auth/auth_sam.c:logon_hours_ok(101) logon_hours_ok: user joanr allowed to logon at this time (Wed Mar 9 13:00:19 2005 ) [2005/03/09 13:00:19, 1] auth/auth_util.c:make_server_info_sam(822) User joanr in passdb, but getpwnam() fails! [2005/03/09 13:00:19, 5] auth/auth_util.c:free_server_info(1387) attempting to free (and zero) a server_info structure [2005/03/09 13:00:19, 0] auth/auth_sam.c:check_sam_security(312) check_sam_security: make_server_info_sam() failed with 'NT_STATUS_NO_SUCH_USER' [2005/03/09 13:00:19, 5] auth/auth.c:check_ntlm_password(271) check_ntlm_password: sam authentication for user [JOANR] FAILED with error NT_STATUS_NO_SUCH_USER [2005/03/09 13:00:19, 2] auth/auth.c:check_ntlm_password(312) check_ntlm_password: Authentication for user [JOANR] - [JOANR] FAILED with error NT_STATUS_NO_SUCH_USER [2005/03/09 13:00:19, 5] auth/auth_util.c:free_user_info(1361) attempting to free (and zero) a user_info structure [2005/03/09 13:00:19, 10] auth/auth_util.c:free_user_info(1364) structure was created for JOANR [2005/03/09 13:00:19, 3] smbd/sesssetup.c:do_map_to_guest(41) No such user JOANR [LDAP] - using guest account [...] The most strange is that if i go to the entry of joanr on my openldap server, some fields are deleted, for example the ntPassword lmPassword... and the user is disabled. My smb.cof: # version at /usr/share/doc/packages/samba/examples/smb.conf.SUSE # Date: 2004-10-05 [global] workgroup = dpd username map = /etc/samba/smbusers map to guest = Bad User passdb backend = ldapsam_compat:ldap://192.168.1.146 ldap admin dn = cn=Manager,o=unipost ldap suffix = o=unipost security = user encrypt passwords = yes netbios name = serverdpd hosts allow = 192.9. 127.0.0.1 localhost 192.168. wins server = 192.168.1.146 name resolve order = host wins lmhosts bcast interfaces = lo, eth0, eth1, eth2 os level = 65 log level = 3 passdb:5 auth:10 winbind:2 [dpd] comment = dpd path = /home/dpd read only = no valid users = @informatica9 P.S: i have another samba 2 server and works correctly with this openldap server. Any help? Thanks Joan Ramos Ramos mailto:[EMAIL PROTECTED] Dpto. Informática Tel.: +34 932 232 552 (Ext. 260) Fax.: +34 932 230 151 Este mensaje es confidencial y atañe exclusivamente a las personas a las que va dirigido. Cualquier opinión en el contenida, es exclusivo de su autor y no representa necesariamente la opinion de UNIPOST, S.A. Si Ud. no es el destinatario del mensaje, considerese advertido que lo ha recibido por error y que cualquier difusión o copia estan terminantemente prohibidos. Si ha recibido por error, por favor comuniquelo a UNIPOST, S.A. al número +34 93 223 25 52 o correo electrónico a [EMAIL PROTECTED]. This e-mail is confidential and intended solely for the use of the individual to whom it is addressed. Any opinions presented are solely those of the author and do not necessarily represent those of UNIPOST, S.A. If you are not the intended recipient, be advised that you have received this e-mail in error and that dissemination, forwarding or copying of this e-mail is strictly prohibited. If you have received this e-mail in error please notify it to UNIPOST, S.A. by telephone on number +34 93 223 25 52 or by e-mail to [EMAIL PROTECTED]. -- To unsubscribe from this list go to the following URL and read the instructions:
RE: [Samba] PGina Samba
Jim: I have looked at the site. At first I was concerned about the security of using PGina instead of a regular Windows logon, but I posted on the forum and received some good responses there that convinced me that it is at least as secure as windows logon. Now comes the implementation! Unfortunately, I can only do it on the weekend as I think it will take some time for me to get it to work and we cannot have the network down while I'm trying to get it to work. Pgina from afar looks like a great program. I will give it a try. Paul _ From: Jim McDonough [mailto:[EMAIL PROTECTED] Sent: Wednesday, March 09, 2005 4:07 AM To: Andrew Bartlett Cc: Paul Barnick; samba@lists.samba.org; [EMAIL PROTECTED] Subject: Re: [Samba] PGina Samba Why use PGina when you can just join the Samba domain? Passwords. Even if you only use pGina to trap password changes, you get a chance at the plain-text password without having some other funky interface, just the standard ctrl+alt+del chage password. pGina allows chaining of ginas (which is actually what is supposed to happen, but most gina authors implement this incorrectly), so you can still use windows auth if you want. Anyway, Paul, have you tried the pgina site? Nate is usually very helpful. Jim McDonough IBM Linux Technology Center Samba Team 6 Minuteman Drive Scarborough, ME 04074 USA jmcd at us dot ibm dot com jmcd at samba dot org Phone: 1-877-228-1846 IBM tie-line: 349-5335 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] AIX/Samba vs. Large Files
I'm having trouble getting Samba 3.0.11 working properly on AIX 5.1.0.0. I've got a share set up, and I can connect fine, but I can't get it to transfer files 1GB. I've already set ulimit fsize to -1, and I can transfer large files via scp to the same directory just fine. The directory is on a JFS volume. There are no quotas on this system. I've even tried adding -D_LARGE_FILES to the cppflags [there was one google hit that mentioned that]. The log files tell me nothing [with loglevel ranging anywhere from 1-5]. The Max Volume Size is set to 0. When the configure script is run, it says checking if large file support can be enabled... yes. According to config.log: #define HAVE_EXPLICIT_LARGEFILE_SUPPORT 1. When I try it from OS X, it'll transfer until it hits 1GB, then it'll report the disk is full, and delete the file. From command line smbclient, it does the same, but doesn't delete the file, and tells me NT_STATUS_DISK_FULL. From Windows XP, it just reports that there's not enough space before the transfer starts. The disk has 13GB free. I've also tried 3.0.9 and got the same results. Any thoughts on what I could try next? -c. So shines a good deed in a weary world. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] server smbd[23036]: Unable to get jobs for ipp://localhost/printers/[printer-n
Hallo! Sorry for posting this two times - I forgot the subject!! I am running samba 3.01012 on a fc2 server. I have problems with samba/ cups for some of my printers, and samba is filling up /var/log/messages with the following lines: -printing/print_cups.c:cups_queue_get(900) -server smbd[23036]: Unable to get jobs for ipp://localhost/printers/[printer-name] - client-error-not-found The printers work, however, but printing is rather slow. Has anyone found a solution to this problem. I have been googling around and found that the problem is well known, but I have not found any solutions. Thanks! Bjrorn _ MSN Hotmail http://www.hotmail.com Med markedets beste SPAM-filter. Gratis! -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] AIX/Samba vs. Large Files
On Wed, 9 Mar 2005, Cameron Hanover wrote: I'm having trouble getting Samba 3.0.11 working properly on AIX 5.1.0.0. I've got a share set up, and I can connect fine, but I can't get it to transfer files 1GB. I've already set ulimit fsize to -1, and I can transfer large files via scp to the same directory just fine. The directory is on a JFS volume. There are no quotas on this system. I've even tried adding -D_LARGE_FILES to the cppflags [there was one google hit that mentioned that]. The log files tell me nothing [with loglevel ranging anywhere from 1-5]. The Max Volume Size is set to 0. When the configure script is run, it says checking if large file support can be enabled... yes. According to config.log: #define HAVE_EXPLICIT_LARGEFILE_SUPPORT 1. What does your /etc/security/limits look like? Also did you create the FS with large file support? JFS by default does not have this turned on. Did you create this with mkfs or smit? If it was mkfs the -o bf=true needed to be used and the fragment size must be 4096. Bill When I try it from OS X, it'll transfer until it hits 1GB, then it'll report the disk is full, and delete the file. From command line smbclient, it does the same, but doesn't delete the file, and tells me NT_STATUS_DISK_FULL. From Windows XP, it just reports that there's not enough space before the transfer starts. The disk has 13GB free. I've also tried 3.0.9 and got the same results. Any thoughts on what I could try next? -c. So shines a good deed in a weary world. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] AIX/Samba vs. Large Files
/etc/security/limits has fsize at -1, and i've used chuser to make sure all the users are set the same [some were created before I figured that part out]. Unfortunately, I didn't set up anything on this machine initially, I'm just trying to figure it out after the fact. [I've run linux servers, so they thought I could do AIX administration.] Anyway, it looks like you may be on to something: /dev/lv01 -- /ancept jfs 41156608 rw yes no (lv size: 41156608, fs size: 41156608, frag size: 4096, nbpi: 4096, compress: no, bf: false, ag: 8) What's weird, though, is scp can copy a 1296MB file to that mount, but Samba can't. Is there a way I can set bf=true without losing all the data on it? -c. So shines a good deed in a weary world. On Mar 9, 2005, at 8:43 AM, William Jojo wrote: On Wed, 9 Mar 2005, Cameron Hanover wrote: I'm having trouble getting Samba 3.0.11 working properly on AIX 5.1.0.0. I've got a share set up, and I can connect fine, but I can't get it to transfer files 1GB. I've already set ulimit fsize to -1, and I can transfer large files via scp to the same directory just fine. The directory is on a JFS volume. There are no quotas on this system. I've even tried adding -D_LARGE_FILES to the cppflags [there was one google hit that mentioned that]. The log files tell me nothing [with loglevel ranging anywhere from 1-5]. The Max Volume Size is set to 0. When the configure script is run, it says checking if large file support can be enabled... yes. According to config.log: #define HAVE_EXPLICIT_LARGEFILE_SUPPORT 1. What does your /etc/security/limits look like? Also did you create the FS with large file support? JFS by default does not have this turned on. Did you create this with mkfs or smit? If it was mkfs the -o bf=true needed to be used and the fragment size must be 4096. Bill When I try it from OS X, it'll transfer until it hits 1GB, then it'll report the disk is full, and delete the file. From command line smbclient, it does the same, but doesn't delete the file, and tells me NT_STATUS_DISK_FULL. From Windows XP, it just reports that there's not enough space before the transfer starts. The disk has 13GB free. I've also tried 3.0.9 and got the same results. Any thoughts on what I could try next? -c. So shines a good deed in a weary world. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] AIX/Samba vs. Large Files
On Wed, 9 Mar 2005, Cameron Hanover wrote: /etc/security/limits has fsize at -1, and i've used chuser to make sure all the users are set the same [some were created before I figured that part out]. Yeah, but look at default and root. Edit the file by hand, it's easier that way. Setting the default user is the simplest way to go. Unfortunately, I didn't set up anything on this machine initially, I'm just trying to figure it out after the fact. [I've run linux servers, so they thought I could do AIX administration.] Anyway, it looks like you may be on to something: /dev/lv01 -- /ancept jfs 41156608 rw yes no (lv size: 41156608, fs size: 41156608, frag size: 4096, nbpi: 4096, compress: no, bf: false, ag: 8) What's weird, though, is scp can copy a 1296MB file to that mount, but Samba can't. Is there a way I can set bf=true without losing all the data on it? Was the scp done as root? This just plays into the default/root thing mentioned earlier. -c. So shines a good deed in a weary world. Willy Wonka rules! :-) Bill On Mar 9, 2005, at 8:43 AM, William Jojo wrote: On Wed, 9 Mar 2005, Cameron Hanover wrote: I'm having trouble getting Samba 3.0.11 working properly on AIX 5.1.0.0. I've got a share set up, and I can connect fine, but I can't get it to transfer files 1GB. I've already set ulimit fsize to -1, and I can transfer large files via scp to the same directory just fine. The directory is on a JFS volume. There are no quotas on this system. I've even tried adding -D_LARGE_FILES to the cppflags [there was one google hit that mentioned that]. The log files tell me nothing [with loglevel ranging anywhere from 1-5]. The Max Volume Size is set to 0. When the configure script is run, it says checking if large file support can be enabled... yes. According to config.log: #define HAVE_EXPLICIT_LARGEFILE_SUPPORT 1. What does your /etc/security/limits look like? Also did you create the FS with large file support? JFS by default does not have this turned on. Did you create this with mkfs or smit? If it was mkfs the -o bf=true needed to be used and the fragment size must be 4096. Bill When I try it from OS X, it'll transfer until it hits 1GB, then it'll report the disk is full, and delete the file. From command line smbclient, it does the same, but doesn't delete the file, and tells me NT_STATUS_DISK_FULL. From Windows XP, it just reports that there's not enough space before the transfer starts. The disk has 13GB free. I've also tried 3.0.9 and got the same results. Any thoughts on what I could try next? -c. So shines a good deed in a weary world. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Samba2.x trusting samba3 domain
Hello, I have a samba 2.x domain. On another machine I created a samba3 domain (ldap). I want to migrate my users from samba2 domain to samba3 domain. It will take some time so I need a trust relationship between domain Can I establish a bidirectional trust relationship between those domain ? Using google I found how-to for samba3 but not for samba2. What is the samba2 equivalent command of : net rpc trustdom establish Thanks, FM -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] AIX/Samba vs. Large Files
default and root are set to -1 in the limits file. Both scp and Samba connections were done as root. [I know I shouldn't, but I don't really care about their server. :P] -c. So shines a good deed in a weary world. On Mar 9, 2005, at 8:59 AM, William Jojo wrote: On Wed, 9 Mar 2005, Cameron Hanover wrote: /etc/security/limits has fsize at -1, and i've used chuser to make sure all the users are set the same [some were created before I figured that part out]. Yeah, but look at default and root. Edit the file by hand, it's easier that way. Setting the default user is the simplest way to go. Unfortunately, I didn't set up anything on this machine initially, I'm just trying to figure it out after the fact. [I've run linux servers, so they thought I could do AIX administration.] Anyway, it looks like you may be on to something: /dev/lv01 -- /ancept jfs 41156608 rw yes no (lv size: 41156608, fs size: 41156608, frag size: 4096, nbpi: 4096, compress: no, bf: false, ag: 8) What's weird, though, is scp can copy a 1296MB file to that mount, but Samba can't. Is there a way I can set bf=true without losing all the data on it? Was the scp done as root? This just plays into the default/root thing mentioned earlier. -c. So shines a good deed in a weary world. Willy Wonka rules! :-) Bill On Mar 9, 2005, at 8:43 AM, William Jojo wrote: On Wed, 9 Mar 2005, Cameron Hanover wrote: I'm having trouble getting Samba 3.0.11 working properly on AIX 5.1.0.0. I've got a share set up, and I can connect fine, but I can't get it to transfer files 1GB. I've already set ulimit fsize to -1, and I can transfer large files via scp to the same directory just fine. The directory is on a JFS volume. There are no quotas on this system. I've even tried adding -D_LARGE_FILES to the cppflags [there was one google hit that mentioned that]. The log files tell me nothing [with loglevel ranging anywhere from 1-5]. The Max Volume Size is set to 0. When the configure script is run, it says checking if large file support can be enabled... yes. According to config.log: #define HAVE_EXPLICIT_LARGEFILE_SUPPORT 1. What does your /etc/security/limits look like? Also did you create the FS with large file support? JFS by default does not have this turned on. Did you create this with mkfs or smit? If it was mkfs the -o bf=true needed to be used and the fragment size must be 4096. Bill When I try it from OS X, it'll transfer until it hits 1GB, then it'll report the disk is full, and delete the file. From command line smbclient, it does the same, but doesn't delete the file, and tells me NT_STATUS_DISK_FULL. From Windows XP, it just reports that there's not enough space before the transfer starts. The disk has 13GB free. I've also tried 3.0.9 and got the same results. Any thoughts on what I could try next? -c. So shines a good deed in a weary world. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Logon script
Logon scripts are supposed to be msdos batch files, check documentation on regedit, but you should be able to do a line something like this: C:\windows\regedit.exe \\server\name\dir\someregimports.reg You'll need to figure out how to get regedit NOT to display a warning before it changes the registry or imports the file - check help, documentation, google on that one. -- Nathan Vidican [EMAIL PROTECTED] Windsor Match Plate Tool Ltd. http://www.wmplt.com/ -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: Tuesday, March 08, 2005 12:43 PM To: samba@lists.samba.org Subject: [Samba] Logon script Hi, i'm having roubles with samba as PDC, i want to modify some registry keys (relates with windows update) in XP 2000 clients. I've tryed logons scripts but it seems that i don have enough permissions to do that, so i tried to do a ntconfig.pol but when the client logs on domain y just get the file (ntconfig.pol) and any changes are made. So how can i modify windows registry keys? Thanks --- Este mensaje fue enviado por el servidor de correo de RedIFE: correo.ife.org.mx -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Excel File Open Issue - Possibly Samba Related
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Okay Problem did not go away. I un-shared (multi-user) the file to clear out the changelog, and the problem did go away. At this point I'm going to assume a malformed entry in the changelog or a changelog that was just too darn big. (Before, size was 25MB, after removing sharing it was 2.5MB and opened in 1/8th the time.) HOWEVER, upon upgrading to 3.0.11 as suggested, now ALL shared (multi-user) Excel files are, at apparent random, displaying a message This file has been locked. To save changes you must save under a different file name and merge(blah, blah) We never had this problem under 3.0.7. I have log level=1 and nothing is showing up in the logs. (Just for example, user A opens purchasing.xls fine, but B gets the error. B can open schedule.xls fine, but A gets the error. C can open both. Have not seen this behavior on non-shared files.) These files HAVE to be shared, and I have even tried with veto oplocks=/*.xls/ with no apparent change. Jeremy Allison wrote: On Tue, Feb 22, 2005 at 02:45:43PM -0500, Chad Vincent wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Having a workstation with an odd glitch, and I'm hoping someone can help. We have a 35MB shared Excel file with our purchasing history in it. (I know, I've been trying to talk them into a database of some sort, but they'll have none of that...) One workstation in the entire plant is having issues opening it. The file will load, it will change status to [Shared] in the titlebar, then stop. Bad Workstation: Windows 2000 Athlon 1600+ 256MB DDR 333 Soyo Dragon KT333 Ultra Black Realtek 8139 on-board (Also tried PCI 8139) Server: Debian Stable 2x Opteron 240 Broadcom tg3 1000Mb NIC Samba 3.0.7-1 as a PDC You need to upgrade. There have been several fixes in this area to do with the rather strange way Excel uses SMB. None of them should cause the client to disconnect, although a deferred open problem could conceivably do this. It's just that many people are reporting much better results with Excel and 3.0.11. Jeremy. - -- Chad Vincent RhiannonWeb [EMAIL PROTECTED] -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.0 (MingW32) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFCLwp2kDjwkvrkkmURArWdAJ4rEXG9n7LfPJ0SxX/BqIklEQkBRACfQj+5 FK70tlngjkpav/by6+B+LCI= =7xJk -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Transport endpoint is not connected
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 William Jojo wrote: | Here are a couple of links further describing your findings. | | http://www.petri.co.il/what_is_port_445_in_w2kxp.htm | | http://ntsecurity.nu/papers/port445/ | | http://www.windowsitpro.com/Windows/Article/ArticleID/26709/26709.html | | I wonder what the Samba developers suggest as a recommended | means of setting up both Samba and the clients. (Primarily | for our newbee's moving to Samba and such :-) ) Not sure what you mean here, Bill. cheers, jerry = Alleviating the pain of Windows(tm) --- http://www.samba.org GnuPG Key- http://www.plainjoe.org/gpg_public.asc I never saved anything for the swim back. Ethan Hawk in Gattaca -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.5 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD4DBQFCLw0ZIR7qMdg1EfYRAl3/AJiL/5ldiovFuSYdZ3kMHMWtZ/cHAJ9dODeK IJ2ZteApr1Rbmwqc7eGxsQ== =99jd -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] One machine be the LMB in two diferent subnets
Imagine I have a machine with two NICs each one in a diferent subnet (192.168.0.0/24 and 192.168.1.0/24), the NICs are the .1 address in each subnet. In that machine I run samba 3.0.10, and I listen in both interfaces. Then I assure that samba is the local master browser adjusting the correspondent parameters. Is then samba the local master browser in both subnets ? And if I say that samba is a DMB, then is the DMB in both subnets or there is only one DMB ? Or maybe I need to run two different instances of samba one listening only in one interface to make that machine be the LMB of the two subnets ? I really need a tip with this. Thanks ! __ Celebrate Yahoo!'s 10th Birthday! Yahoo! Netrospective: 100 Moments of the Web http://birthday.yahoo.com/netrospective/ -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Excel File Open Issue - Possibly Samba Related
We were having the same problem with Excel ... Different version of Samba. Applying a fix detailed in MS KB # 324491 solved the problem for us. (We use Office 11 although the fix talks about Office 10 -- Office 11 = Office 2003 Office 10 = Office XP for those who don't keep up with such things.) Do a search for QFE_Saskatchewan for the registry key. Anyone have any idea why the key is named Saskatchewan? Hope this helps Ken Lubar -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Chad Vincent Sent: Wednesday, March 09, 2005 9:39 AM To: samba@lists.samba.org Subject: Re: [Samba] Excel File Open Issue - Possibly Samba Related -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Okay Problem did not go away. I un-shared (multi-user) the file to clear out the changelog, and the problem did go away. At this point I'm going to assume a malformed entry in the changelog or a changelog that was just too darn big. (Before, size was 25MB, after removing sharing it was 2.5MB and opened in 1/8th the time.) HOWEVER, upon upgrading to 3.0.11 as suggested, now ALL shared (multi-user) Excel files are, at apparent random, displaying a message This file has been locked. To save changes you must save under a different file name and merge(blah, blah) We never had this problem under 3.0.7. I have log level=1 and nothing is showing up in the logs. (Just for example, user A opens purchasing.xls fine, but B gets the error. B can open schedule.xls fine, but A gets the error. C can open both. Have not seen this behavior on non-shared files.) These files HAVE to be shared, and I have even tried with veto oplocks=/*.xls/ with no apparent change. Jeremy Allison wrote: On Tue, Feb 22, 2005 at 02:45:43PM -0500, Chad Vincent wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Having a workstation with an odd glitch, and I'm hoping someone can help. We have a 35MB shared Excel file with our purchasing history in it. (I know, I've been trying to talk them into a database of some sort, but they'll have none of that...) One workstation in the entire plant is having issues opening it. The file will load, it will change status to [Shared] in the titlebar, then stop. Bad Workstation: Windows 2000 Athlon 1600+ 256MB DDR 333 Soyo Dragon KT333 Ultra Black Realtek 8139 on-board (Also tried PCI 8139) Server: Debian Stable 2x Opteron 240 Broadcom tg3 1000Mb NIC Samba 3.0.7-1 as a PDC You need to upgrade. There have been several fixes in this area to do with the rather strange way Excel uses SMB. None of them should cause the client to disconnect, although a deferred open problem could conceivably do this. It's just that many people are reporting much better results with Excel and 3.0.11. Jeremy. - -- Chad Vincent RhiannonWeb [EMAIL PROTECTED] -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.0 (MingW32) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFCLwp2kDjwkvrkkmURArWdAJ4rEXG9n7LfPJ0SxX/BqIklEQkBRACfQj+5 FK70tlngjkpav/by6+B+LCI= =7xJk -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] ADS question
Hi, [public] comment = Backup Verzeichnis path = /mnt/backup admin users = DOMAIN+Administrator, root valid users = DOMAIN+Administrator, root The administrator of my Windows domain now should be able to access the public share. But when I try to access the box I am asked for a username and a password. I found, that getent passwd and group does not list the domain users and groups, just my local users and groups from /etc/passwd and /etc/groups. After some more searching, I tuned the loglevel up to 10 and found these entries in winbindd.log: [2005/03/09 15:37:00, 0] libsmb/cliconnect.c:cli_session_setup_spnego(764) Kinit failed: Preauthentication failed [2005/03/09 15:38:12, 1] nsswitch/winbindd_group.c:winbindd_getgroups(1032) user 'marcus' does not exist [2005/03/09 15:38:28, 1] nsswitch/winbindd_group.c:winbindd_getgroups(1032) user 'root' does not exist [2005/03/09 15:40:00, 1] nsswitch/winbindd_group.c:winbindd_getgroups(1032) user 'root' does not exist [2005/03/09 15:42:00, 0] libsmb/cliconnect.c:cli_session_setup_spnego(764) Kinit failed: Preauthentication failed kinit failed? I can use wbinfo -[sgu] even from the local user marcus and get positive info from it, why not when invoked from the server? I can mail the smbd log for the machine I am trying to connect to the server. But the output is huge (41k) and I would not like to post it directly to the list :) Any suggestions? I would be happy for every hint. Marcus -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Update WINS database
I have a machine I use to connect either through WLAN or through Ethernet, then the IP that the machine has when connecting through one or the other is different. I have a entry in the WINS database of that machine with the IP it uses when I connect through Ethernet but there is no entry of the name and the IP it uses when it connects through WLAN. Is there any way to force WINS to update the database ? Thanks __ Celebrate Yahoo!'s 10th Birthday! Yahoo! Netrospective: 100 Moments of the Web http://birthday.yahoo.com/netrospective/ -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Excel File Open Issue - Possibly Samba Related
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 We're still on Office 9 (2000), and the article lists Share Workbook as a workaround, and those are the files we're having issues with. As far as why it's named Saskatchewan, that's listed as a time zone, and it's dealing with timestamps... Perhaps tricking the timestamp check? klubarpop wrote: We were having the same problem with Excel ... Different version of Samba. Applying a fix detailed in MS KB # 324491 solved the problem for us. (We use Office 11 although the fix talks about Office 10 -- Office 11 = Office 2003 Office 10 = Office XP for those who don't keep up with such things.) Do a search for QFE_Saskatchewan for the registry key. Anyone have any idea why the key is named Saskatchewan? Hope this helps Ken Lubar -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Chad Vincent Sent: Wednesday, March 09, 2005 9:39 AM To: samba@lists.samba.org Subject: Re: [Samba] Excel File Open Issue - Possibly Samba Related Okay Problem did not go away. I un-shared (multi-user) the file to clear out the changelog, and the problem did go away. At this point I'm going to assume a malformed entry in the changelog or a changelog that was just too darn big. (Before, size was 25MB, after removing sharing it was 2.5MB and opened in 1/8th the time.) HOWEVER, upon upgrading to 3.0.11 as suggested, now ALL shared (multi-user) Excel files are, at apparent random, displaying a message This file has been locked. To save changes you must save under a different file name and merge(blah, blah) We never had this problem under 3.0.7. I have log level=1 and nothing is showing up in the logs. (Just for example, user A opens purchasing.xls fine, but B gets the error. B can open schedule.xls fine, but A gets the error. C can open both. Have not seen this behavior on non-shared files.) These files HAVE to be shared, and I have even tried with veto oplocks=/*.xls/ with no apparent change. Jeremy Allison wrote: On Tue, Feb 22, 2005 at 02:45:43PM -0500, Chad Vincent wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Having a workstation with an odd glitch, and I'm hoping someone can help. We have a 35MB shared Excel file with our purchasing history in it. (I know, I've been trying to talk them into a database of some sort, but they'll have none of that...) One workstation in the entire plant is having issues opening it. The file will load, it will change status to [Shared] in the titlebar, then stop. Bad Workstation: Windows 2000 Athlon 1600+ 256MB DDR 333 Soyo Dragon KT333 Ultra Black Realtek 8139 on-board (Also tried PCI 8139) Server: Debian Stable 2x Opteron 240 Broadcom tg3 1000Mb NIC Samba 3.0.7-1 as a PDC You need to upgrade. There have been several fixes in this area to do with the rather strange way Excel uses SMB. None of them should cause the client to disconnect, although a deferred open problem could conceivably do this. It's just that many people are reporting much better results with Excel and 3.0.11. Jeremy. -- Chad Vincent RhiannonWeb [EMAIL PROTECTED] - -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba - -- Chad Vincent RhiannonWeb [EMAIL PROTECTED] -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.0 (MingW32) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFCLxELkDjwkvrkkmURArWgAKCjyFf/19mRdsIjJWmu0mGApHbgpgCgj2Zg BGbhAntuWNavKnGz4YY4tDY= =NM1m -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Excel File Open Issue - Possibly Samba Related
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Agh Don't mean to spam the mailing list, but found these that might be causes of the problem: KB 230556 / 130494 Perhaps Samba isn't changing the lock type fast enough? But with oplocks disabled, that shouldn't matter, I would think. klubarpop wrote: We were having the same problem with Excel ... Different version of Samba. Applying a fix detailed in MS KB # 324491 solved the problem for us. (We use Office 11 although the fix talks about Office 10 -- Office 11 = Office 2003 Office 10 = Office XP for those who don't keep up with such things.) Do a search for QFE_Saskatchewan for the registry key. Anyone have any idea why the key is named Saskatchewan? Hope this helps Ken Lubar -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Chad Vincent Sent: Wednesday, March 09, 2005 9:39 AM To: samba@lists.samba.org Subject: Re: [Samba] Excel File Open Issue - Possibly Samba Related Okay Problem did not go away. I un-shared (multi-user) the file to clear out the changelog, and the problem did go away. At this point I'm going to assume a malformed entry in the changelog or a changelog that was just too darn big. (Before, size was 25MB, after removing sharing it was 2.5MB and opened in 1/8th the time.) HOWEVER, upon upgrading to 3.0.11 as suggested, now ALL shared (multi-user) Excel files are, at apparent random, displaying a message This file has been locked. To save changes you must save under a different file name and merge(blah, blah) We never had this problem under 3.0.7. I have log level=1 and nothing is showing up in the logs. (Just for example, user A opens purchasing.xls fine, but B gets the error. B can open schedule.xls fine, but A gets the error. C can open both. Have not seen this behavior on non-shared files.) These files HAVE to be shared, and I have even tried with veto oplocks=/*.xls/ with no apparent change. Jeremy Allison wrote: On Tue, Feb 22, 2005 at 02:45:43PM -0500, Chad Vincent wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Having a workstation with an odd glitch, and I'm hoping someone can help. We have a 35MB shared Excel file with our purchasing history in it. (I know, I've been trying to talk them into a database of some sort, but they'll have none of that...) One workstation in the entire plant is having issues opening it. The file will load, it will change status to [Shared] in the titlebar, then stop. Bad Workstation: Windows 2000 Athlon 1600+ 256MB DDR 333 Soyo Dragon KT333 Ultra Black Realtek 8139 on-board (Also tried PCI 8139) Server: Debian Stable 2x Opteron 240 Broadcom tg3 1000Mb NIC Samba 3.0.7-1 as a PDC You need to upgrade. There have been several fixes in this area to do with the rather strange way Excel uses SMB. None of them should cause the client to disconnect, although a deferred open problem could conceivably do this. It's just that many people are reporting much better results with Excel and 3.0.11. Jeremy. -- Chad Vincent RhiannonWeb [EMAIL PROTECTED] - -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba - -- Chad Vincent RhiannonWeb [EMAIL PROTECTED] -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.0 (MingW32) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFCLxMKkDjwkvrkkmURAnCwAJwJBkbPQ5+oEe2CqzMrQqceCOMUHACfSS3j GF+ib9IK5wXLqn4fW5Yn4n4= =8p16 -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Logon script
Hmm, not quite true.. you can configure windows not to be able to use regedit, or to modify your registry! so useing regedit to modify your registry will not always work this way.. also logon scripts are not alway's batch files. we use VBS for example, but you can also use kix..! windows simply executes the file from the logon script. !! so makeing, lets say an exe with vb would also work, or startingup an aplication!! the only nice way is indeed poledit, or to have an update service running as admin in the background!! NT recource kit provides good registry altering tools! you could use that as well.. Have fun.. Collen. Nathan Vidican wrote: Logon scripts are supposed to be msdos batch files, check documentation on regedit, but you should be able to do a line something like this: C:\windows\regedit.exe \\server\name\dir\someregimports.reg You'll need to figure out how to get regedit NOT to display a warning before it changes the registry or imports the file - check help, documentation, google on that one. -- Nathan Vidican [EMAIL PROTECTED] Windsor Match Plate Tool Ltd. http://www.wmplt.com/ -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: Tuesday, March 08, 2005 12:43 PM To: samba@lists.samba.org Subject: [Samba] Logon script Hi, i'm having roubles with samba as PDC, i want to modify some registry keys (relates with windows update) in XP 2000 clients. I've tryed logons scripts but it seems that i don have enough permissions to do that, so i tried to do a ntconfig.pol but when the client logs on domain y just get the file (ntconfig.pol) and any changes are made. So how can i modify windows registry keys? Thanks --- Este mensaje fue enviado por el servidor de correo de RedIFE: correo.ife.org.mx -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Can set ACLs great from Windows, but see only SIDs when i reopen them
Good morning, Samba List, I'm setting ACLs from the security tab of the properties window of a folder via a Windows XP SP2 client. The Samba share in question is running on 3.0.11 with an ext3 file system and Fedora Core 3 underneath. All this works great -- I can set up ACLs beautifully from Windows and when I check them out with getfacl on the Linux side, the results make sense to me. However, when I close and re-open the properties window, the two groups I've set up ACLs for -- AD\salesgroup and AD\marketinggroup -- show up only as SIDs (S-bignumber-with-hyphens). Which, of course, is confusing. I've appended the output of getfacl, the relevant part of getent group, and my smb.conf file. Thanks for any thoughts on this. I could certainly just write this up as a frustrating quirk that will hopefully be fixed soon, but of course I'd rather present the fix! Is there some way in which Samba might not be correctly mapping SIDs back to names upon request from the client? Thanks again! GETFACL OUTPUT: [EMAIL PROTECTED] ~]# getfacl /research # file: research # owner: AD\134salesperson1 # group: root user::rwx group::--- group:10012:rwx group:10015:r-x mask::rwx other::--- default:user::rwx default:group::--- default:group:10012:rwx default:group:10015:r-x default:mask::rwx default:other::--- GETENT GROUP OUTPUT: AD\domain computers:x:10003: AD\domain controllers:x:10002: AD\schema admins:x:10005:AD\administrator AD\enterprise admins:x:10006:AD\administrator AD\domain admins:x:10007:AD\administrator AD\domain users:x:1: AD\domain guests:x:10001: AD\group policy creator owners:x:10004:AD\administrator AD\dnsupdateproxy:x:10013: AD\cheaters:x:10014: AD\salesgroup:x:10012:AD\salesperson2,AD\salesperson1 AD\marketinggroup:x:10015:AD\marketperson2,AD\marketperson1 AD\hrgroup:x:10016:AD\hrperson2,AD\hrperson1 MY SMB.CONF FILE: [global] log level = 3 log file = /var/log/samba/%m.log # Use CUPS for all back end printing chores printing = cups printcap = cups load printers = yes idmap gid = 1-2 map acl inherit = yes socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 admin users = AD\Administrator printer admin = AD\Administrator # winbind trusted domains only = yes encrypt passwords = YES realm = AD.CORP.COM template shell = /bin/bash dns proxy = no cups options = raw server string = Samba Server idmap uid = 1-2 workgroup = AD printcap name = /etc/printcap security = ads max log size = 50 winbind use default domain = no password server = windc1.ad.corp.com [homes] comment = Home Directories browseable = no writable = yes [printers] guest ok = no comment = All Printers printable = yes writable = no path = /var/spool/samba [research] comment = Research Files, Sales Writes, Marketing Reads writeable = yes path = /research [print$] comment = Printer Drivers for Windows path = /usr/local/samba/windrivers write list = AD\administrator -- Thomas Boutell Boutell.Com, Inc. http://www.boutell.com/ -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Logon script
Hi REGEDIT /S \\servername\netlogon\proxy.reg runs here to import proxy.reg, .bat file, thou the clients are Win98 so YMMV. HTH Neal -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Collen Sent: 10 March 2005 12:20 AM To: Nathan Vidican; samba@lists.samba.org Subject: Re: [Samba] Logon script Hmm, not quite true.. you can configure windows not to be able to use regedit, or to modify your registry! so useing regedit to modify your registry will not always work this way.. also logon scripts are not alway's batch files. we use VBS for example, but you can also use kix..! windows simply executes the file from the logon script. !! so makeing, lets say an exe with vb would also work, or startingup an aplication!! the only nice way is indeed poledit, or to have an update service running as admin in the background!! NT recource kit provides good registry altering tools! you could use that as well.. Have fun.. Collen. Nathan Vidican wrote: Logon scripts are supposed to be msdos batch files, check documentation on regedit, but you should be able to do a line something like this: C:\windows\regedit.exe \\server\name\dir\someregimports.reg You'll need to figure out how to get regedit NOT to display a warning before it changes the registry or imports the file - check help, documentation, google on that one. -- Nathan Vidican [EMAIL PROTECTED] Windsor Match Plate Tool Ltd. http://www.wmplt.com/ -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: Tuesday, March 08, 2005 12:43 PM To: samba@lists.samba.org Subject: [Samba] Logon script Hi, i'm having roubles with samba as PDC, i want to modify some registry keys (relates with windows update) in XP 2000 clients. I've tryed logons scripts but it seems that i don have enough permissions to do that, so i tried to do a ntconfig.pol but when the client logs on domain y just get the file (ntconfig.pol) and any changes are made. So how can i modify windows registry keys? Thanks --- Este mensaje fue enviado por el servidor de correo de RedIFE: correo.ife.org.mx -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] [BUG] VFS Netatalk and OSX/OS9
hi list, i searched bugzilla but couldn't find an open/fixed bug for my problem: [system] - AMD Opteron 248, 8GB - SuSE 9.1 Prof. x86_64 - Samba v3.0.11-2.1 from ftp.samba.org (ftp://ftp.samba.org/pub/samba/Binary_Packages/SuSE/3.0/x86_64/9.1/) - netatalk v2.0.2 (self compiled) [situation] we're accessing our samba fileserver (files, directories, ... ) from different platforms (MacOS9, MacOSX, WinXP) and we're using the vfs objects = netatalk module in our shares to keep the forks in sync [problem] if i create a file from MacOS9 (AFP via netatalk) without extension and move/rename it on a smb client samba doesn't take care for the fork - it simply deletes the fork in .AppleDouble and the meta information for the MAC is lost if i create a file from MacOS9 (AFP via netatalk) with extension and move/rename it on a smb client samba takes care for the fork! if i create a file from MacOSX via smb without extension and move/rename it on a smb PC (windows) the fork ._name is not updated but the file seems to be ok (icon is missing, but application opens correctly) - but i have a zombie file left (old fork before moving/renaming) we can reproduce this behaviour i tried with veto settings but that makes no changes i attached the smb.conf (a snip) any help is appreciated thanks in advance!!! -- Michael Gasch - Central IT Department - Max Planck Institute for Evolutionary Anthropology Deutscher Platz 6 04103 Leipzig Germany [global] workgroup = EVAN netbios name = nevanfs01 server string = Fileserver EVAN username map = /etc/samba/username.map admin users = @EVAN\edv @edv invalid users = root log level = 5 log file = /var/log/samba/log.%m max log size = 1 ldap suffix = dc=eva,dc=mpg,dc=de ldap admin dn = uid=sambamanager,ou=Users,dc=eva,dc=mpg,dc=de ldap machine suffix = ou=Computers ldap user suffix = ou=Users ldap group suffix = ou=Groups ldap replication sleep = 2000 idmap backend = ldap:ldap://nevanpdc.eva.mpg.de:389 ldap idmap suffix = ou=Idmap idmap uid = 1-5 idmap gid = 1-5 winbind use default domain = yes winbind enum users = yes winbind enum groups = yes winbind trusted domains only = no winbind cache time = 60 template shell = /bin/bash template homedir = /data/users/%U interfaces = 192.168.1.239 bind interfaces only = yes guest ok = no guest account = Gast security = domain local master = no os level = 32 domain master = no domain logons = no encrypt passwords = yes password server = evanpdc wins support = no dns proxy = no display charset = UTF8 unix charset = UTF8 store dos attributes = yes map archive = no map system = no map hidden = no unix extensions = no [homes] comment = Home-Drive for personal Data browseable = no writeable = yes create mode = 770 directory mode = 770 force create mode = 660 force directory mode = 2770 force group = edv force user = %S guest ok = no admin users = valid users = EVAN\%S nt acl support = no vfs object = netatalk hide files = /_*/:*/.*/.AppleDB/.AppleDouble/.bin/.AppleDesktop/Network Trash Folder/TheVolumeSettingsFolder/TheFindByContentFolder/Temporary Items/desktop.ini/ fake oplocks = yes -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Transport endpoint is not connected
On Wed, 9 Mar 2005, Gerald (Jerry) Carter wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 William Jojo wrote: | Here are a couple of links further describing your findings. | | http://www.petri.co.il/what_is_port_445_in_w2kxp.htm | | http://ntsecurity.nu/papers/port445/ | | http://www.windowsitpro.com/Windows/Article/ArticleID/26709/26709.html | | I wonder what the Samba developers suggest as a recommended | means of setting up both Samba and the clients. (Primarily | for our newbee's moving to Samba and such :-) ) Not sure what you mean here, Bill. Yeah, that was vague. :-) We are considering having a line: smb ports = 445 and leaving out the 139. The defaults for most untouched TCP/IP configurations in Windows is to use NetBT if the IP is hard coded or no DHCP option is offered wrt to NetBT. Both 445 and 139 are connected and 139 dumped in favor of 445 as you pointed out. That's cool with me, but are there risks in us *choosing* to only listen on 445, or should Samba admins be encouraged to use only 445 and abandon NetBT. Of course there are other applications that may *need* 139, so perhaps this conversation is in vain :-) The majority of connections on my server with netstat -an show 445, but there are a *few* using 139. For exmaple we use Ghost for rapid imaging and I'm researching speed differentials since moving from 2.2 to 3.0 and from ghost 6-7-8. Perhaps it has everything to do with 445 vs. 139 connectivity. I'm still researching that using MS-Client and Samba. These are the sort of things I and perhaps others are curious about and unfortunately, I've found limited and/or conflicting information on this topic and was wondering what the Samba developers thought was good/bad practice wrt port information and having a happy network. Thank you, Jerry, for your time. Bill cheers, jerry = Alleviating the pain of Windows(tm) --- http://www.samba.org GnuPG Key- http://www.plainjoe.org/gpg_public.asc I never saved anything for the swim back. Ethan Hawk in Gattaca -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.5 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD4DBQFCLw0ZIR7qMdg1EfYRAl3/AJiL/5ldiovFuSYdZ3kMHMWtZ/cHAJ9dODeK IJ2ZteApr1Rbmwqc7eGxsQ== =99jd -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Excel File Open Issue - Possibly Samba Related
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Chad Vincent wrote: | Okay Problem did not go away. I un-shared (multi-user) the file to | clear out the changelog, and the problem did go away. At this point I'm | going to assume a malformed entry in the changelog or a changelog that | was just too darn big. (Before, size was 25MB, after removing sharing | it was 2.5MB and opened in 1/8th the time.) | | HOWEVER, upon upgrading to 3.0.11 as suggested, now ALL shared | (multi-user) Excel files are, at apparent random, displaying a message | This file has been locked. To save changes you must save under a | different file name and merge(blah, blah) We never had this | problem under 3.0.7. I have log level=1 and nothing is showing up in | the logs. Known issue I'm afraid (or at least a reported one). https://bugzilla.samba.org/bug/2382 We're working on it. cheers, jerry -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.5 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFCLx+yIR7qMdg1EfYRAnZrAJ92qjyZJIaJsjEKpu1h6mHAVBW+fwCghHnw vrjMMgbog+UL5fi67JCqXLs= =jj0M -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] AD group membership limits?
Marc, Thanks for the info (and sorry about my delay in posting back). I've just tested FC3 running the 2.6 kernel and it does resolve the issue. So in an ideal world I'd prefer to wait for RHEL4 but because of required third party drivers and apps that are required it looks like I'm going to have to recompile with the patches. I've downloaded the patches from the paths you gave me but I'm not to sure how to apply them as I've never had to do anything like this before. Have you (or anyone else out there) got any good pointers - specifically for these patches. Thanks for your help. Simon From: Kaplan, Marc [EMAIL PROTECTED] Date: Wed, 2 Mar 2005 13:24:28 -0800 To: Gibbs, Simon [EMAIL PROTECTED], samba@lists.samba.org Subject: RE: [Samba] AD group membership limits? Simon, Yes, I have recompiled the kernel with support for a static NGROUPS with a patch from tridge and Rusty Russell. This does not seem to cause any problems at all on Samba servers, or with the Linux box in general and it does properly allow more supplementary groups. Here is what I used IIRC: http://ccache.samba.org/ftp/tridge/misc/more_groups_simple.patch http://ccache.samba.org/ftp/tridge/misc/maxgroups.patch Though I just checked on this, and maybe support for dynamic NGROUPS is now in the 2.6 kernel? See: http://www.linuxhq.com/kernel/changelog/v2.6/4/ -Marc -Original Message- From: [EMAIL PROTECTED] [mailto:samba- [EMAIL PROTECTED] On Behalf Of Gibbs, Simon Sent: Wednesday, March 02, 2005 2:58 AM To: samba@lists.samba.org Subject: [Samba] AD group membership limits? Hi, I'm running Samba 3.0.11 on RedHat ES 3 kernel version 2.4.21-15.0.4.ELsmp and have a quick question about AD group membership limits Am I right in assuming that Samba is limited by the group membership parameters (ie NGROUP = 32) imposed by the Linux kernel? Is there any workaround in Samba for this? At the moment if a user is a member of more then 32 domain groups they cannot access any shares. If I remove some of the groups to below the 32 group limit everything is fine. If there isn't a workaround in Samba has anyone reliably recompiled the kernel and run Samba after changing the group parameters? I guess this must be a fairly common problem in a lot of sites? Any help with this much appreciated. Cheers, Simon ** ** The information contained in this email message may be confidential. If you are not the intended recipient, any use, interference with, disclosure or copying of this material is unauthorised and prohibited. Although this message and any attachments are believed to be free of viruses, no responsibility is accepted by TF Informa for any loss or damage arising in any way from receipt or use thereof. Messages to and from the company are monitored for operational reasons and in accordance with lawful business practices. If you have received this message in error, please notify us by return and delete the message and any attachments. Further enquiries/returns can be sent to [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Filenames apparently truncated when acessing Samba share from XP.
Hi List, This one is puzzling me. I suspect it is largely due to a badly-behaved installer, but I would appreciate any help. I'm so puzzled, I'm not even sure how to explain the problem, but here goes... I have a Samba 3.0.1 system on AIX 5.2, which a number of XP users connect to, in order to access an application installed there. The upgrade installer for said application is causing me trouble. The installer gets almost all the way through the process, unpacking files and so on. The problem occurs when it tries to run one of those files. I can see this directory in My Computer, and using the DIR command in a dos box: G:\uniform7\hometest\installation Ths installer is complaining that it cannot access G:\uniform7\hometest\installation\definitions-SDE.bat (which is definitely there) Upon inspection I notice that when I use the 'ls' command from XP, I see that all the files have been truncated (not mangled - I turned that off) to 8 characters. I've tried with mangling turned on, and I get a slightly different error, in that the file which the installer cannot find is mangled. I suspect that the problem is that the installer is using an odd method of file access, and is for some reason seeing the directory structure as XP's 'ls' does, rather than as XP's file explorer does. Does anyone have any idea how I can make XP's 'ls' dispplay the full and unmangled filename? The share for this directory is: [uniform] comment = Uniform path = /uniform05 read only = no public = yes case sensitive = no preserve case = yes short preserve case = yes mangle case = no mangled names= no All suggestions gratefully received, I'm at a loss. Cheers, Richard This message was sent using IMP, the Internet Messaging Program. This e-mail message has been scanned for Viruses and Content and cleared by NetIQ MailMarshal. This e-mail (and any attachments) is confidential and may contain personal views which are not the views of Nottingham City Council unless specifically stated. If you have received it in error, please delete it from your system, do not use, copy or disclose the information in any way nor act in reliance on it and notify the sender immediately. Please note that Nottingham City Council monitors e-mails sent or received. Further communication will signify your consent to this. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Logon script
You can also use regini.exe to paste registry entries during logon. One of our admins set up a batch file to update the proxy settings this way. (both files need to be in the NETLOGON share dir) From logon.bat (logon script): REM * Requirements: Network access to %LOGONSERVER%\NETLOGON, regini.exe * REM * Restrictions: NT Intel * REM * if %CMDPATH%== set CMDPATH=%LOGONSERVER%\NETLOGON %CMDPATH%\regini.exe %CMDPATH%\proxy.ini From proxy.ini: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings ProxyEnable = REG_DWORD 0x0001 ProxyHttp1.1 = REG_DWORD 0x0001 ProxyServer = XXX.XXX.XXX.XXX:80 ProxyOverride = LOCAL; *.mycompany.com; intranetserver.mycompany.com Hope this helps, Jim -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: Tuesday, March 08, 2005 12:43 PM To: samba@lists.samba.org Subject: [Samba] Logon script Hi, i'm having troubles with samba as PDC, i want to modify some registry keys (relates with windows update) in XP 2000 clients. I've tryed logons scripts but it seems that i don have enough permissions to do that, so i tried to do a ntconfig.pol but when the client logs on domain y just get the file (ntconfig.pol) and any changes are made. So how can i modify windows registry keys? Thanks -- - Este mensaje fue enviado por el servidor de correo de RedIFE: correo.ife.org.mx -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Excel File Open Issue - Possibly Samba Related
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Jerry, Thanks much. In the meantime, do we know what version this bug was introduced? If so, is there an archive of older .deb versions so I can downgrade back to 3.0.7 - 3.0.10? Gerald (Jerry) Carter wrote: Chad Vincent wrote: | Okay Problem did not go away. I un-shared (multi-user) the file to | clear out the changelog, and the problem did go away. At this point I'm | going to assume a malformed entry in the changelog or a changelog that | was just too darn big. (Before, size was 25MB, after removing sharing | it was 2.5MB and opened in 1/8th the time.) | | HOWEVER, upon upgrading to 3.0.11 as suggested, now ALL shared | (multi-user) Excel files are, at apparent random, displaying a message | This file has been locked. To save changes you must save under a | different file name and merge(blah, blah) We never had this | problem under 3.0.7. I have log level=1 and nothing is showing up in | the logs. Known issue I'm afraid (or at least a reported one). https://bugzilla.samba.org/bug/2382 We're working on it. cheers, jerry - -- Chad Vincent RhiannonWeb [EMAIL PROTECTED] -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.0 (MingW32) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFCLyXukDjwkvrkkmURAtAEAJ9fcPznLjs50kn+r4J8n7OPEfqbKACfbVT0 HTOfw9+ixrmVzTI8cdEfim4= =Mf8B -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] I would like to create a Samba share supporting named writers, named readers, and no guests ...
I absolutely have a syntax error - read-list should be read list. I found my error last night by using the testparm program. Rats. Thanks for replying Matthew. John Spence -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Excel File Open Issue - Possibly Samba Related
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Chad Vincent wrote: | Jerry, | | Thanks much. In the meantime, do we know what version this bug was | introduced? If so, is there an archive of older .deb versions so I can | downgrade back to 3.0.7 - 3.0.10? It's specific to 3.0.11 as far as i know (but that version has a different bug with Excel). We'll try to get this one cleaned up soon and post a patch. cheers, jerry -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.5 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFCLyjsIR7qMdg1EfYRAppoAJ9lnzGv6/n1JLB0s/dcUiRRscCB2ACg47Xq FeNLSvs3He1PKHOqAVALZmk= =M/lJ -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] windows /bat script question
Subject isn't exactly samba, but samba people usually know a lot about windows bat scripting. Here's my problem: Currently our domain login script is doing this (among other things): ifmember.exe WINDOWS-DOMAIN\Projects if errorlevel 1 ( net use p: \\server1\projects ) This works fine. The problem is I'm moving the projects storage to a different server called server 2 (which is linux running samba 3, so it is samba related somewhat). The logic I need is: If p: is on server 1, remove the persistant share \\server1\projects, then if p: does not exist, create a persistant share p: \\server2\projects. Sounds easy enough, but I have no idea how to test if a share is on a particular remote server. I'm trying if exist \\server1\projects, but that doesn't work the way I want it as scripts seem to only understand the local drive letter names, not the remote names. I could try to spit out the contents of net use p: to a file, then parse out the remote name string, and compare that, but that seems like a hard way to accomplish it and I don't want the script parsing out stuff during a login. There's got to be an easier way. I could also just always remove the p:, then mount it from server2. But that adds an extra /delete every single time someone logs on, I'd prefer not to do that. I only want to /delete p: if p: is remote server1, not if it's remote server 2. Anyone have an idea? Thanks in advance, Alex -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] windows /bat script question
You could always create an empty txt file, set it to read only on server1, and test in your batch script if the file exists; if esists then re-map, else just map to server 2... If the file doesn't exist, then it's either already mapped to server2 (cause' the file only resides on server1), or there even isn't anything mapped to p:, then it will fix your problem... Sure there's other ways, but this would seem simplest to me; again only my two cents here, try it else see what anyone else comes up with for you. -- Nathan Vidican [EMAIL PROTECTED] Windsor Match Plate Tool Ltd. http://www.wmplt.com/ -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Alexander Lazarevich Sent: Wednesday, March 09, 2005 11:51 AM To: samba@lists.samba.org Subject: [Samba] windows /bat script question Subject isn't exactly samba, but samba people usually know a lot about windows bat scripting. Here's my problem: Currently our domain login script is doing this (among other things): ifmember.exe WINDOWS-DOMAIN\Projects if errorlevel 1 ( net use p: \\server1\projects ) This works fine. The problem is I'm moving the projects storage to a different server called server 2 (which is linux running samba 3, so it is samba related somewhat). The logic I need is: If p: is on server 1, remove the persistant share \\server1\projects, then if p: does not exist, create a persistant share p: \\server2\projects. Sounds easy enough, but I have no idea how to test if a share is on a particular remote server. I'm trying if exist \\server1\projects, but that doesn't work the way I want it as scripts seem to only understand the local drive letter names, not the remote names. I could try to spit out the contents of net use p: to a file, then parse out the remote name string, and compare that, but that seems like a hard way to accomplish it and I don't want the script parsing out stuff during a login. There's got to be an easier way. I could also just always remove the p:, then mount it from server2. But that adds an extra /delete every single time someone logs on, I'd prefer not to do that. I only want to /delete p: if p: is remote server1, not if it's remote server 2. Anyone have an idea? Thanks in advance, Alex -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] samba winbind pam problem
The specs: Fedora Core 1 samba-3.0.7-2.FC1 openssh-3.6.1p2-19 pam-0.77-15 The details: SAMBA is installed computer is connected to the a Windows 2000 domain wbinfo -u / -g / -t all give the desired results getent passwd lists domain users /etc/pam.d/sshd: auth sufficient pam_winbind.so auth required pam_stack.so service=system-auth auth required pam_nologin.so accountsufficient pam_winbind.so accountrequired pam_stack.so service=system-auth password sufficient pam_winbind.so use_authtok password required pam_stack.so service=system-auth sessionrequired pam_stack.so service=system-auth #sessionrequired pam_limits.so #sessionoptional pam_console.so /etc/pam.d/system-auth: # This file is auto-generated. # User changes will be destroyed the next time authconfig is run. authrequired /lib/security/$ISA/pam_env.so authsufficient/lib/security/$ISA/pam_unix.so likeauth nullok authrequired /lib/security/$ISA/pam_deny.so account required /lib/security/$ISA/pam_unix.so passwordrequired /lib/security/$ISA/pam_cracklib.so retry=3 type= passwordsufficient/lib/security/$ISA/pam_unix.so nullok use_authtok md5 shadow passwordrequired /lib/security/$ISA/pam_deny.so session required /lib/security/$ISA/pam_mkhomedir.so skel=/etc/skel uma sk=0022 session required /lib/security/$ISA/pam_limits.so session required /lib/security/$ISA/pam_unix.so The problem: If I try to log in through ssh the messages log file shows I have been granted access but the ssh session shows I have been disconnected from the server. The secure log shows: Mar 9 11:10:43 webb sshd[2315]: Accepted password for matt from 1xx.2xx.1x.1xx port 1022 Mar 9 11:10:43 webb sshd[2317]: fatal: PAM session setup failed[6]: Permission denied Now if I create a directory in /export/httpd/users/ called matt I can log in with no problem. If I change the permissions on the /export/httpd/users/ directory to 777 I can log in with no problem. So obviously pam_mkhomedir.so isn't being run with the correct permissions. I don't want to have to generate directories for each user in our AD so hopefully someone can point out what I am missing. As a test I set up another machine running Core3 with a standard install and it worked without a hitch. I have compared the files between the two systems and everything looks about the same Any help would be greatly appreciated! matt -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] windows /bat script question
This is definitely a kludgy way of doing it, but if I had that problem and wanted to solve it quickly, I would put a file named THISISSERVER1 on \\server1\projects\. This way you can do an if exist p:\THISISSERVER1 test. This is ugly, but it will work. -Marc -Original Message- From: [EMAIL PROTECTED] [mailto:samba- [EMAIL PROTECTED] On Behalf Of Alexander Lazarevich Sent: Wednesday, March 09, 2005 8:51 AM To: samba@lists.samba.org Subject: [Samba] windows /bat script question Subject isn't exactly samba, but samba people usually know a lot about windows bat scripting. Here's my problem: Currently our domain login script is doing this (among other things): ifmember.exe WINDOWS-DOMAIN\Projects if errorlevel 1 ( net use p: \\server1\projects ) This works fine. The problem is I'm moving the projects storage to a different server called server 2 (which is linux running samba 3, so it is samba related somewhat). The logic I need is: If p: is on server 1, remove the persistant share \\server1\projects, then if p: does not exist, create a persistant share p: \\server2\projects. Sounds easy enough, but I have no idea how to test if a share is on a particular remote server. I'm trying if exist \\server1\projects, but that doesn't work the way I want it as scripts seem to only understand the local drive letter names, not the remote names. I could try to spit out the contents of net use p: to a file, then parse out the remote name string, and compare that, but that seems like a hard way to accomplish it and I don't want the script parsing out stuff during a login. There's got to be an easier way. I could also just always remove the p:, then mount it from server2. But that adds an extra /delete every single time someone logs on, I'd prefer not to do that. I only want to /delete p: if p: is remote server1, not if it's remote server 2. Anyone have an idea? Thanks in advance, Alex -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba2.x trusting samba3 domain
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 FM wrote: | What is the samba2 equivalent command of : | net rpc trustdom establish There's not one. Samba 2.x does not support trusts when configured as a DC. cheers, jerry = Alleviating the pain of Windows(tm) --- http://www.samba.org GnuPG Key- http://www.plainjoe.org/gpg_public.asc I never saved anything for the swim back. Ethan Hawk in Gattaca -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.5 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFCLy9vIR7qMdg1EfYRAiMJAKDVZJw+xnxQITt8Z539VboXHO8l3ACg7FG2 p07mv0CTv0nCj8TGCHlTxTA= =DPEw -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Logon script
Collen wrote: Hmm, not quite true.. you can configure windows not to be able to use regedit, or to modify your registry! so useing regedit to modify your registry will not always work this way.. also logon scripts are not alway's batch files. we use VBS for example, but you can also use kix..! windows simply executes the file from the logon script. !! so makeing, lets say an exe with vb would also work, or startingup an aplication!! the only nice way is indeed poledit, or to have an update service running as admin in the background!! NT recource kit provides good registry altering tools! you could use that as well.. Have fun.. Collen. Nathan Vidican wrote: Logon scripts are supposed to be msdos batch files, check documentation on regedit, but you should be able to do a line something like this: C:\windows\regedit.exe \\server\name\dir\someregimports.reg You'll need to figure out how to get regedit NOT to display a warning before it changes the registry or imports the file - check help, documentation, google on that one. -- Nathan Vidican [EMAIL PROTECTED] Windsor Match Plate Tool Ltd. http://www.wmplt.com/ -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: Tuesday, March 08, 2005 12:43 PM To: samba@lists.samba.org Subject: [Samba] Logon script Hi, i'm having roubles with samba as PDC, i want to modify some registry keys (relates with windows update) in XP 2000 clients. I've tryed logons scripts but it seems that i don have enough permissions to do that, so i tried to do a ntconfig.pol but when the client logs on domain y just get the file (ntconfig.pol) and any changes are made. So how can i modify windows registry keys? Thanks --- Este mensaje fue enviado por el servidor de correo de RedIFE: correo.ife.org.mx -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba There is the issue with permissions, but you may use cpau.exe it is like runas but more features, then run it as the local system account. It works fine, here is an example like I used it. For the systemaccountpassword enter an empty space %windir%\system32\cpau -u localhost\system -p -ex reg DELETE HKLM\Software\Microsoft\Windows\CurrentVersion\Run /v Information Update /f Kelly -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Running two instances of Samba in the same machine
I have two subnets S1 and S2 and only one machine running samba, but this machine is connected to both subnets, ahs one interface in each subnet and is acting as a router. I want to have a workgroup that spans the two subnets, so any machine in subnet S1 should see all the machines regardless of their subnet when doing browsing. I know that to do this I need: -One LMB in each subnet using Samba. -One of the LMB of the two subnets should be a DMB and at the same time a WINS server. -I configure all the clients (Windows and Linux) to use WINS. Since I only have one machine connected to both subnets running samba, I think I need to run two instances of samba (smbd and nmbd) in that machine each one binded to one interface and using different smb.conf files. Is that the only solution ? Thanks __ Celebrate Yahoo!'s 10th Birthday! Yahoo! Netrospective: 100 Moments of the Web http://birthday.yahoo.com/netrospective/ -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] second time post please help samba =ads
hey friends, I have 2 problems in samba I am narrating my problems below: a) I have configured samba with security =ads in FC3 workstation and my domain controller is windows 2003 ,the samba is working fine with the configured options.As my domain consists of windows ,linux and unix clients and few of the users uses windows as well as Linux or Unix each user having its different machines. Now i want the users which uses both Linux/Unix and windows should be able to see their home directories and other folders through windows.Just like a normal configured samba as File server and users frm the network neighbourhood can see their home directories and other folders. Is it possible if the security = ads is setup and if then a user wants to see his/her home directories and other folders from the windows.I have created a directory for my domain in home folder and if any users who is first time logging its directory is created under /home/mydomain/user. If it is possible then please let me know. b) I have setup the linux box (FC3) with samba with security = domain and password server = s1.sun.com(internal).The domain controller is Windows 2003 and my system is FC3 server. I have created one folder in which i have created some directories.There are different types of users in my company some in development, some in administration , som e in top management.I have created some folders in which users can put their data to share among their colleagues or team. What happens is that when somebody clicks on samba server all the folders which i have explicitly mentioned in the smb.conf are shown .Whereas what i want is that only those folders should come when the user access the samba server on which he has the right to access it. Suppose james is a user having access rights on folders cpms, manager. Now when he clicks on the samba server he sees his home directory where he can put his data, a cpms folder which is shared among the other development team members(have set it with suid) and manager(have set it this also with suid) and all other folders (specified in smb.conf) on which he does not have the rights.He can't access those folders in which he don't have the rights but i don't want to show the james those folders on which he does not have any kind of right. Ideally is should be when james accesses the samba server he should see his home directory,his cpms and manager folder nothing else.So that he should know that he can access and only have access to these folders. I tried with u% variable but this variable works for only primary group not for secondary group.I hope that many of u have faced the same problem. Please anyone of you can give me solution. Thanks in advance . Regards Ankush -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Logon Script - edit registry
There is the issue with permissions, but you may use cpau.exe it is like runas but more features, then run it as the local system account. It works fine, here is an example like I used it. For the systemaccountpassword enter an empty space %windir%\system32\cpau -u localhost\system -p -ex reg DELETE HKLM\Software\Microsoft\Windows\CurrentVersion\Run /v Information Update /f Kelly -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Re: Namensauflösung über netbios im gemischten Netzwerk ohne DNS oder WINS Server
Ich habe mir das mit dem Netbios über TCP Protokoll zu Herzen genommen. Ich habe also bei beiden debian Rechnern wins proxy (deaktiviert) dns proxy (deaktiviert) wins support (deaktiviert) wins server (deaktiviert) Ein Rechner im Lan spielt jetzt immer Master Browser und ein anderer Rechner Backup Browser.(unabhängig vom OS) Da alle die IP-adresse des Master browsers haben, können dort auch alle reingucken über Netzwerkumgebung - Workgrgroup - Rechner Wie gesagt alle haben die IP Adresse des Master Browsers, nicht aber von den anderen clients der Workgroup. Dies ist auch der Fall wenn ich versuche von einem WinXP Client in einen anderen WinXp client reinzugucken, während keiner von beiden Master-browser ist, sondern ein debian Rechner Masterbrowser ist. Wenn ich also von dem debian Rechner(feld-bert) den WinXP Rechner(feld-nat) anpinge, ping feld-bert bekomme ich mit ethereal folgendes: No. TimeSourceDestination Protocol Info 2 6.864711192.168.0.146 192.168.0.255 NBNS /*Name query NB FELD-NAT00*/ Frame 2 (94 bytes on wire, 94 bytes captured) Linux cooked capture Internet Protocol, Src Addr: 192.168.0.146 (192.168.0.146), Dst Addr: 192.168.0.255 (192.168.0.255) User Datagram Protocol, Src Port: 32874 (32874), Dst Port: 137 (137) Source port: 32874 (32874) Destination port: 137 (137) Length: 58 Checksum: 0x832d (incorrect, should be 0x7b0a) NetBIOS Name Service No. TimeSourceDestination Protocol Info 3 7.135141192.168.0.146 192.168.0.255 NBNS /*Name query NB FELD-NAT00*/ Frame 3 (94 bytes on wire, 94 bytes captured) Linux cooked capture Internet Protocol, Src Addr: 192.168.0.146 (192.168.0.146), Dst Addr: 192.168.0.255 (192.168.0.255) User Datagram Protocol, Src Port: 32874 (32874), Dst Port: 137 (137) Source port: 32874 (32874) Destination port: 137 (137) Length: 58 Checksum: 0x832d (incorrect, should be 0x7b0a) NetBIOS Name Service No. TimeSourceDestination Protocol Info 4 7.405104192.168.0.146 192.168.0.255 NBNS /*Name query NB FELD-NAT00*/ Frame 4 (94 bytes on wire, 94 bytes captured) Linux cooked capture Internet Protocol, Src Addr: 192.168.0.146 (192.168.0.146), Dst Addr: 192.168.0.255 (192.168.0.255) User Datagram Protocol, Src Port: 32874 (32874), Dst Port: 137 (137) Source port: 32874 (32874) Destination port: 137 (137) Length: 58 Checksum: 0x832d (incorrect, should be 0x7b0a) NetBIOS Name Service Man kann sehen das ich 3 Namensanfragen zu feld-nat verschickt habe, darauf bekomme ich keine Antwort von feld-nat, ich habe noch c.a. 30 sek gewartet. Da diese Anfragen an den Port 137 gehen, habe ich auf feld-nat mir die Ports nochmal angeguckt: Microsoft Windows XP [Version 5.1.2600] (C) Copyright 1985-2001 Microsoft Corp. C:\Dokumente und Einstellungen\adminnetstat -an Aktive Verbindungen Proto Lokale Adresse Remoteadresse Status TCP0.0.0.0:7 0.0.0.0:0 ABHÖREN TCP0.0.0.0:9 0.0.0.0:0 ABHÖREN TCP0.0.0.0:13 0.0.0.0:0 ABHÖREN TCP0.0.0.0:17 0.0.0.0:0 ABHÖREN TCP0.0.0.0:19 0.0.0.0:0 ABHÖREN TCP0.0.0.0:1350.0.0.0:0 ABHÖREN TCP0.0.0.0:4450.0.0.0:0 ABHÖREN TCP0.0.0.0:18350 0.0.0.0:0 ABHÖREN TCP127.0.0.1:1025 0.0.0.0:0 ABHÖREN TCP127.0.0.1:1062 127.0.0.1:18350HERGESTELLT TCP127.0.0.1:18350127.0.0.1:1062 HERGESTELLT TCP192.168.0.130:139 0.0.0.0:0 ABHÖREN UDP0.0.0.0:7 *:* UDP0.0.0.0:9 *:* UDP0.0.0.0:13 *:* UDP0.0.0.0:17 *:* UDP0.0.0.0:19 *:* UDP0.0.0.0:445*:* UDP0.0.0.0:500*:* UDP0.0.0.0:1026 *:* UDP0.0.0.0:4500 *:* UDP127.0.0.1:123 *:* UDP192.168.0.130:123 *:* UDP192.168.0.130:137 *:* UDP192.168.0.130:138 *:* C:\Dokumente und Einstellungen\admin In der vorletzten Zeile steht noch was mit einem Port 137, aber es wird dort nicht gelauscht. Gibt es diesen lasuchenden Port nur bei Linux? Deshalb hiernochmal, die ports von feld-bert: feld-bert:/home/markus# netstat -an Aktive Internetverbindungen (Server und stehende Verbindungen) Proto Recv-Q Send-Q Local Address Foreign Address State tcp0 0 0.0.0.0:901 0.0.0.0:* LISTEN tcp0 0 0.0.0.0:37 0.0.0.0:* LISTEN tcp0 0 0.0.0.0:9 0.0.0.0:* LISTEN tcp0 0 0.0.0.0:874 0.0.0.0:* LISTEN tcp0 0
[Samba] RPC works ADS doesn't on Mandrake 10.1?
I'm trying to setup a Linux box to authenticate on Windows Active Directory. I have winbind and samba installed and running on Mandrake 10.1. When I boot the PC it prompts me with all the usernames from my Windows 2000 Active Directory. After I login I can run: net RPC TESTJOIN (works fine) net ADS TESTJOIN (failed: Malformed representation of principal) Why won't ADS work? Carlton. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Stange mappings of Linux permissions to Samba
Hello, can anyone explain me the following. in a share [homes] a user has a subfolder with permissions as follow rwxr-xr-x harry users From the Windows-client you see Group Administratorsno rights Users full Everyoneno rights a file has the permissions rw-r--r-- harry users From the Windows-client you see Group Administratorsread,write Users full Everyoneread another file with this permissions rwxr--r-- harry users From the Windows-client you see Group Administratorsfull Users full Everyoneread I dont´t understand this behaviour. Especially as the Windows-client tells me the group of Administrators was the owner of the files respectively the folder. What´s wrong? We have also difficulties in saving changed files especially those of Excel. When doing so (Linux-) permissions change from rw-r--r-- to r--r--r--. This behavior I have already mailed 3/1/05 (Access Problems). The special situation of this server is: After a crash of a prior installation (SuSE 8.2) we installed SuSE 9.2 (Samba 3.0.9) and copied the files /etc/passwd, etc/group, /etc/shadow, and the whole directory /etc/samba from the old to the new installation. Everything worked fine, also the login to the domain was no problem. The server based profiles were preserved. The only problem are the permissions and the change of them when accessing and changing existing files. We urgently need help. Thanks Harry -- Dr. Harry Knitter Hans-Herold-Str. 20 D-95326 Kulmbach Tel. 09221-97663 Fax. 09221-97664 [EMAIL PROTECTED] gpg key-ID 8A0657DB Fingerprint AE7B 61F1 ACC2 5944 A29A 8C31 2D12 2190 8A06 57DB pgphY1ihjGszY.pgp Description: PGP signature -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Re: LDAP mailing list for ldapsam people
Tony, It is very impressive that you installed successfully Samba and OpenLDAP. I am working on Samba + OpenLDAP integration. So I have a few questions for you. 1) Samba need computer account to be ended as $, however, with LDAP as a host name service, $ is not working. How do you design your ou=Computers or ou=Hosts subtree to solve this problem? 2) You did not use smbldap-tools, then what do you use to migrate NIS passwd and group and hosts into LDAP? Thanks a lot. Steve People, I came to Samba 3 or 4 weeks ago and now have a successful ldapsam 3.0.11 PDC installation for 1150+ users (around 80 Win 2000 and XP workstations) running together with a DHCP server as an afterthought service on a RHAS3 NAS server. I adopted/adapted my already existent Openldap (2.2.17) DSE at that site) and wrote to this list about my experiences. For example I couldn't use the samba-ldap tools, hadn't reached Appendix A of the Official Samba HOWTO yet and had to reinvent the wheel (my solution turned out to that detailed in Appendix A). I noticed on this list, that many people expect Samba/LDAP to be an out-of-the box solution without really understanding the ins and outs of LDAP. Sometimes the standard solutions don't work for them and they don't know why. Choosing the right version of OpenLDAP and configuring it correctly are not child's play. It is not intuitive. Problems can come with: Which OpenLDAP version to use How to configure it best for Samba How to configure Sleepycat BDB DSE/DIT architecture SSL/TLS configuration ACL design Security Sources of information on the web, FAQs. A suitable mailing list for these things would be ideal. However, the OpenLDAP mailing list does not allow application-oriented questions; they are considered OT. The list master of the following mailing list has told me that samba LDAP people would be welcome there. Subscribers to that list include many OpenLDAP ML people who are open to discussion about the above topics and more, and can help with them and more. For more info, go to: http://lists.fini.net/mailman/listinfo/ldap-interop LDAP is one of the most powerful concepts in present-day networking and a single Data Base can be used for many more applications than Samba. Best, --Tonni -- mail: [EMAIL PROTECTED] http://www.billy.demon.nl -- Regards, Steve Zeng Systems Administrator Mainframe Entertainment Inc T: (604) 628-1000 ext 5293 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] AD group membership limits?
I've just attempted to apply (in dry-run mode) the supplied kernel patch but received a number of errors. Does anyone know if these are critical errors? Thanks Here is the output: [ukfs02 linux-2.4]# patch -p1 --dry-run -i more_groups_simple.patch patching file arch/i386/kernel/init_task.c Hunk #1 succeeded at 11 with fuzz 2 (offset 1 line). patching file arch/s390/kernel/init_task.c Hunk #1 succeeded at 17 with fuzz 2 (offset 1 line). patching file include/asm-i386/param.h patching file include/asm-i386/processor.h Hunk #1 FAILED at 452. 1 out of 1 hunk FAILED -- saving rejects to file include/asm-i386/processor.h.rej patching file include/asm-s390/param.h Hunk #1 succeeded at 19 (offset 3 lines). patching file include/asm-s390/processor.h Hunk #1 FAILED at 144. 1 out of 1 hunk FAILED -- saving rejects to file include/asm-s390/processor.h.rej patching file include/linux/limits.h patching file include/linux/mm.h Hunk #1 FAILED at 454. 1 out of 1 hunk FAILED -- saving rejects to file include/linux/mm.h.rej patching file include/linux/sched.h Hunk #1 succeeded at 520 (offset 146 lines). Hunk #2 succeeded at 546 (offset 76 lines). Hunk #3 FAILED at 587. Hunk #4 succeeded at 1143 (offset 196 lines). 1 out of 4 hunks FAILED -- saving rejects to file include/linux/sched.h.rej patching file kernel/fork.c Hunk #1 FAILED at 580. Hunk #2 FAILED at 601. 2 out of 2 hunks FAILED -- saving rejects to file kernel/fork.c.rej patching file kernel/sched.c Hunk #1 FAILED at 1314. 1 out of 1 hunk FAILED -- saving rejects to file kernel/sched.c.rej patching file mm/page_alloc.c Hunk #1 FAILED at 439. 1 out of 1 hunk FAILED -- saving rejects to file mm/page_alloc.c.rej From: Gibbs, Simon [EMAIL PROTECTED] Date: Wed, 09 Mar 2005 16:19:22 + To: Kaplan, Marc [EMAIL PROTECTED], samba@lists.samba.org Subject: Re: [Samba] AD group membership limits? Marc, Thanks for the info (and sorry about my delay in posting back). I've just tested FC3 running the 2.6 kernel and it does resolve the issue. So in an ideal world I'd prefer to wait for RHEL4 but because of required third party drivers and apps that are required it looks like I'm going to have to recompile with the patches. I've downloaded the patches from the paths you gave me but I'm not to sure how to apply them as I've never had to do anything like this before. Have you (or anyone else out there) got any good pointers - specifically for these patches. Thanks for your help. Simon From: Kaplan, Marc [EMAIL PROTECTED] Date: Wed, 2 Mar 2005 13:24:28 -0800 To: Gibbs, Simon [EMAIL PROTECTED], samba@lists.samba.org Subject: RE: [Samba] AD group membership limits? Simon, Yes, I have recompiled the kernel with support for a static NGROUPS with a patch from tridge and Rusty Russell. This does not seem to cause any problems at all on Samba servers, or with the Linux box in general and it does properly allow more supplementary groups. Here is what I used IIRC: http://ccache.samba.org/ftp/tridge/misc/more_groups_simple.patch http://ccache.samba.org/ftp/tridge/misc/maxgroups.patch Though I just checked on this, and maybe support for dynamic NGROUPS is now in the 2.6 kernel? See: http://www.linuxhq.com/kernel/changelog/v2.6/4/ -Marc -Original Message- From: [EMAIL PROTECTED] [mailto:samba- [EMAIL PROTECTED] On Behalf Of Gibbs, Simon Sent: Wednesday, March 02, 2005 2:58 AM To: samba@lists.samba.org Subject: [Samba] AD group membership limits? Hi, I'm running Samba 3.0.11 on RedHat ES 3 kernel version 2.4.21-15.0.4.ELsmp and have a quick question about AD group membership limits Am I right in assuming that Samba is limited by the group membership parameters (ie NGROUP = 32) imposed by the Linux kernel? Is there any workaround in Samba for this? At the moment if a user is a member of more then 32 domain groups they cannot access any shares. If I remove some of the groups to below the 32 group limit everything is fine. If there isn't a workaround in Samba has anyone reliably recompiled the kernel and run Samba after changing the group parameters? I guess this must be a fairly common problem in a lot of sites? Any help with this much appreciated. Cheers, Simon ** ** The information contained in this email message may be confidential. If you are not the intended recipient, any use, interference with, disclosure or copying of this material is unauthorised and prohibited. Although this message and any attachments are believed to be free of viruses, no responsibility is accepted by TF Informa for any loss or damage arising in any way from receipt or use thereof. Messages to and from the company are monitored for operational reasons and in accordance with lawful business practices. If you have received this message in error, please notify us by return and delete the message and any
[Samba] Should smbclient -L get list of servers from master browser?
When I run smbclient -L server where the server is the browse master for my subnet, I get a list of shares on the server but I don't see the browse list of all servers on the subnet. Shouldn't the browse list be returned as well as the share list? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Trying to get ADS authentication working.
Hey Steve, Thanks for the response however I've gotten a little further along then I was last time. If you look in chapter 6 of the how to docs you will find that this syntax 'Net ads join HQ Servers' creates the machine account in a particular OU called HQ Servers. I finally tracked down the problem I was having to a Kerberos issue. I was getting a funny error on my domain controller the text of which follows: While processing a TGS request for the target server host/smbtest.hq.navis.net, the account [EMAIL PROTECTED] did not have a suitable key for generating a Kerberos ticket (the missing key has an ID of 8). The requested etypes were 16. The accounts available etypes were 3 1. For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp. I found a post some place mentioning that the version of Kerberos that ships with Redhat Linux 9.0 doesn't select the correct etype. So to correct this I downloaded the source for version 1.4. I had to forcefully remove the old Kerberos packages because of dependencies. After compiling and installing I recompiled Samba3.0.11 only to have the compile choke about 3/4 of the way through. Subsequently I downloaded the very latest Samba3.0.12pre1 which compiled fine with the new Kerberos 1.4. Now things seem to be working much better. I no longer get the error on my domain controller when requesting a ticket with kinit and wbinfo -t and all other wbinfo commands run successfully. Now though I'm having another issue. I'm trying to login to the share I've created from a Windows XPSP2 workstation with all latest patches applied. Here is the config for my share in the smb.conf file: [share] comment = this is a test share path = /test/share read only = no public = yes writable = yes printable = no browseable = yes valid users = @Domain Users Now that the Samba server is properly added to the domain and has it's machine account working I'm not sure why I get a password prompt when I try and login to this share as I am a member of Domain Users can anyone provide me with some sample configs to get this working right. Thanks in advance, Theo -Original Message- From: Steve [mailto:[EMAIL PROTECTED] Sent: Tuesday, March 08, 2005 7:49 PM To: Theodore Jencks Cc: samba@lists.samba.org Subject: Re: [Samba] Trying to get ADS authentication working. Hello, Your domain is called HQ Servers with a space in it? Are you sure that the 'net ads' command isn't misinterpreting that name and/or the quotes in the command? Also, did you specify a username (maybe 'adminName' in your example) for the 'net ads' command? Are you able to see this computer in Active Directory's Computers or another container? Steve On Tue, Mar 08, 2005 at 12:34:04PM -0800, Theodore Jencks wrote: I have been trying in vain to get ADS domain authentication working. I can't figure out what is wrong and have read the docs and looked through the mailing lists. I'm not sure why better documentation hasn't been written on the web site for the ADS feature since it's pretty spectacular to be able join a Samba server natively to an AD domain. I have successfully joined the samba server to the win 2k3 domain with this commands: Kinit [EMAIL PROTECTED] Net ads join HQ Servers This seems to work just fine but when I run wbinfo -t I get: checking the trust secret via RPC calls failed error code was NT_STATUS_DOMAIN_CONTROLLER_NOT_FOUND (0xc233) Could not check secret I have set the winbind to debug level 10 and when starting winbind I get this in the logs: [2005/03/08 12:13:33, 5] libsmb/namecache.c:namecache_fetch(201) name hqdc01.hq.navis.net#20 found. [2005/03/08 12:13:33, 10] libsmb/namequery.c:name_status_find(188) name_status_find: looking up HQ#1c at 192.168.192.60 [2005/03/08 12:13:33, 10] lib/gencache.c:gencache_get(285) Cache entry with key = NBT/HQ#1C.20.192.168.192.60 couldn't be found [2005/03/08 12:13:33, 5] libsmb/namecache.c:namecache_status_fetch(308) namecache_status_fetch: no entry for NBT/HQ#1C.20.192.168.192.60 found. [2005/03/08 12:13:33, 10] lib/gencache.c:gencache_del(214) Deleting cache entry (key = NBT/HQ#1C.20.192.168.192.60) [2005/03/08 12:13:33, 10] lib/util_sock.c:open_socket_in(717) bind succeeded on port 0 [2005/03/08 12:13:33, 5] libsmb/nmblib.c:send_udp(776) Sending a packet of len 50 to (192.168.192.60) on port 137 [2005/03/08 12:13:33, 10] lib/util_sock.c:read_udp_socket(230) read_udp_socket: lastip 192.168.192.60 lastport 137 read: 211 [2005/03/08 12:13:33, 10] libsmb/nmblib.c:parse_nmb(503) parse_nmb: packet id = 24973 [2005/03/08 12:13:33, 5] libsmb/nmblib.c:read_packet(754) Also of interest when I run kinit [EMAIL PROTECTED] I then type my password and the command appears to have worked however running klist
Re: [Samba] Should smbclient -L get list of servers from master browser?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Paul Galbraith wrote: | When I run smbclient -L server where the server is the browse master | for my subnet, I get a list of shares on the server but I don't see the | browse list of all servers on the subnet. Shouldn't the browse list be | returned as well as the share list? maybe related to https://bugzilla.samba.org/bug/1012 ? cheers, jerry -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.5 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFCLz3jIR7qMdg1EfYRAs6tAKCqZhNmkYj0uSSQ9/AcszNYhyiOJQCeLzyB xvaSvOBV11gZ25y8VAlwAKQ= =fuZl -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Re: Samba2.x trusting samba3 domain
Thank you, Si What do you think of that : I move all server in samba3 domain and samba3 trust samba2 users ? So with that setup I just have to move computers and servers to the new smb3 domain. Gerald (Jerry) Carter wrote: FM wrote: | What is the samba2 equivalent command of : | net rpc trustdom establish There's not one. Samba 2.x does not support trusts when configured as a DC. cheers, jerry = Alleviating the pain of Windows(tm) --- http://www.samba.org GnuPG Key- http://www.plainjoe.org/gpg_public.asc I never saved anything for the swim back. Ethan Hawk in Gattaca -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] XP Pro and offline files
All: Not sure if this is an XP Pro issue or a samba issue. I am running v3.0.3 of the samba server acting as a Domain controller and file server. The problem that I run into is that every once in a while, while connected to the network the network shares go offline. I am running XP Pro SP2 and I am not really sure where to start to troubleshoot this. TIA Ron -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] samba WINS problem on 2 networked LANS using a VPN connection
I found the problem: few of my Windows XP Stations located in LAN2, has configured as WINS server RouterB (192.168.1.65) and not the WINS server from LAN1 (192.168.1.49) which now is used for all stations. This caused Samba LMB from and for LAN2 (192.168.1.65) to be confused and don't know how to answer to their queries. So, now I can see all workroups and browse through it... Regards, Alex Alex Post wrote: Why? Do you have some arguments? 192.168.1.48/240 and 192.168.1.64/224 are not subnets? Regards, Alex Tom Skeren wrote: Your VPN looks problematic. You probably want a different subnet. Pml wrote: Hello Samba experts, Please read all email because i'm desperate! I have problem on joining to LAN-s using Samba. Finally i got a solution to see booth workgroups on Entire Network, but i'm having problem with stations located in LAN2. From any station located in LAN1, I can see LAN2 workgroup and the browse list with stations located in LAN2, but when i'm tring to access and station in it, i get connection refused. I want to mention that acces by IP address is working (eg: \\192.168.1.72)!!! It seems to be a probelm related to browse list and my wins server. From any station located in LAN2, i can access by name each networked station in LAN1. My networks scheme is printed below: (LAN1=192.168.1.48 network and 192.168.1.63 broadcast) --LAN1 (192.168.1.48/240)-- | | | | (192.168.1.49) Gateway/RouterA (83.84.85.86) | | Internet | | (83.84.85.87) Gateway/RouterB (192.168.1.65) | | | | --LAN2 (192.168.1.64/224)-- (LAN2=192.168.1.64 network and 192.168.1.95 broadcast) I have bidirectional ping between to/from any station located in my LANS. All stations from LAN1 and LAN2 are WindowsXP(SP2) and has firewall disabled. Booth Routers (A and B - RHEL 3.0) has samba installed and Router A is used as VPN server (tunel address 10.1.0.1) and RouterB is used as VPN client (tunel address 10.1.0.2). Here comes my smb.conf file from RouterA which i want to be used as WINS server by all my windows clients: [global] workgroup = LAN1 netbios name = router-LAN1 server string = Samba interfaces = 192.168.1.49/28 192.168.1.95/27 127.0.0.1/8 10.1.0.1/24 bind interfaces only = yes remote announce = 192.168.1.49/LAN1 192.168.1.65/LAN2 remote browse sync = 192.168.1.63 192.168.1.95 #broadcast address LAN1 and LAN2 public = yes browseable = yes browse list = yes auto services = yes announce as = NT os level = 200 local master = yes prefered master = yes domain master = yes name resolve order = wins wins support = yes Here comes my smb.conf file from RouterB (WINS client and Local Master Browser for LAN2). [global] workgroup = LAN2 netbios name = router-LAN2 server string = Samba interfaces = 192.168.1.65/27 192.168.1.63/28 127.0.0.1/8 10.1.0.2/24 bind interfaces only = yes remote announce = 192.168.1.65/LAN2 192.168.1.49/LAN1 remote browse sync = 192.168.1.63 192.168.1.95 #broadcast address LAN1 and LAN2 #politica de browsing si metoda de translatie ip-nume announce as = NT os level = 200 local master = yes prefered master = yes domain master = yes name resolve order = wins wins server = 192.168.1.49 Each Windows XP station from LAN2, has configured manually WINS server at 192.168.1.49. Also, on each LAN workgroup, i can see and access router-LAN1 and router-LAN2 which is not exactly what i really want (router-LAN1 should be present in WORKGROUP LAN1 and router-LAN2 should be present in WORKGROUP LAN2) More then that, if i'm tring to access from router-LAN2 a station located in LAN2, i get this error: # smbclient -L an13 Connection to an13 failed ...but browsing list is returned ok by router from LAN2: # smbclient -L router-LAN2 Password: Domain=[LAN2] OS=[Unix] Server=[Samba 3.0.9-1.3E.1] Server Comment ---- AN12 AN13 AN14 AN15 AN16 ROUTER-LAN1 Samba ROUTER-LAN2 Samba WorkgroupMaster ---- LAN1ROUTER-LAN1 LAN2ROUTER-LAN2 Please help me... Regards, Alex -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Excel File Open Issue - Possibly Samba Related
I have the same issue running 3.0.9. Only some users report the problem however. Steve Aden IS Manager ITS Communications Privileged/Confidential Information may be contained in this message. If you are not the addressee indicated in this message (or responsible for delivery of the message to such person), you may not copy or deliver this message to anyone. In such case, you should destroy this message and kindly notify the sender by reply email. Opinions, conclusions and other information contained in this message that do not relate to official business shall be understood as neither given nor endorsed by ITS -Original Message- From: Gerald (Jerry) Carter [mailto:[EMAIL PROTECTED] Sent: Wednesday, March 09, 2005 11:49 AM To: Chad Vincent Cc: samba@lists.samba.org; Jeremy Allison Subject: Re: [Samba] Excel File Open Issue - Possibly Samba Related -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Chad Vincent wrote: | Jerry, | | Thanks much. In the meantime, do we know what version this bug was | introduced? If so, is there an archive of older .deb versions so I can | downgrade back to 3.0.7 - 3.0.10? It's specific to 3.0.11 as far as i know (but that version has a different bug with Excel). We'll try to get this one cleaned up soon and post a patch. cheers, jerry -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.5 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFCLyjsIR7qMdg1EfYRAppoAJ9lnzGv6/n1JLB0s/dcUiRRscCB2ACg47Xq FeNLSvs3He1PKHOqAVALZmk= =M/lJ -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba _ This message was content-scanned by IXC Shield Powered by GatewayDefender -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] XP Pro and offline files
[EMAIL PROTECTED] (mailto:[EMAIL PROTECTED]) writes: All: Not sure if this is an XP Pro issue or a samba issue. I am running v3.0.3 of the samba server acting as a Domain controller and file server. The problem that I run into is that every once in a while, while connected to the network the network shares go offline. I am running XP Pro SP2 and I am not really sure where to start to troubleshoot this. I wrote in about a similar thing just yesterday. We're using Samba 3.02 on about 40 Linux servers and our users are complaining about the same thing once in a while. Really only on a few machines. But the symptom is there. Seems to happen more with SP2 than it happened with SP1 -- but that's not a scientific observation. In a couple of cases, we could see in the /var/log/messages that the link beat was being lost continually. Replacing cables and switches between Server and Client got rid of that problem (we don't know which element was causing the problem, but making everything new fixed it). But a few other users are still complaining about these random disconnections and we are not sure either how to troubleshoot. We have asked users to carefully document exactly when the disconnections occur -- and on what machine and subnet -- so that we can look for clues in the logs. But so far, nothing in the logs is sticking out. Not all machines on a given pathway from Server to Client disconnect at the same time -- so unless it's a last cable problem it's not likely to be a hardware issue. BTW, we're running the 2.6.6 kernel on a mainly Mandrake distribution. Hopefully, somebody who reads these postings will have a clue or two. Regards, Andy Liebman -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] windows /bat script question
Thanks Marc and Nat, I can't test for existence of anything on server1, since I'm actually moving the storage to server2, but I can do the following (in this case the testfile exists on some directory of server2): if not exist p:\testfile ( net use /delete p: ifmember.exe DOMAIN\Projects if errorlevel 1 net use p: \\server2\projects ) I still want to run the net use /delete p: command even though server1\projects is offline, just because I want to remove any persistant connections to server1, so the clients will stop asking for server1\projects in the future. The only downside here is if there is no connection to p: at all, the script still tries to remove p:, but that's no big deal since most profiles allready have p: persistantly mounted. Thanks for the help! Alex On Wed, 9 Mar 2005, Kaplan, Marc wrote: This is definitely a kludgy way of doing it, but if I had that problem and wanted to solve it quickly, I would put a file named THISISSERVER1 on \\server1\projects\. This way you can do an if exist p:\THISISSERVER1 test. This is ugly, but it will work. -Marc -Original Message- From: [EMAIL PROTECTED] [mailto:samba- [EMAIL PROTECTED] On Behalf Of Alexander Lazarevich Sent: Wednesday, March 09, 2005 8:51 AM To: samba@lists.samba.org Subject: [Samba] windows /bat script question Subject isn't exactly samba, but samba people usually know a lot about windows bat scripting. Here's my problem: Currently our domain login script is doing this (among other things): ifmember.exe WINDOWS-DOMAIN\Projects if errorlevel 1 ( net use p: \\server1\projects ) This works fine. The problem is I'm moving the projects storage to a different server called server 2 (which is linux running samba 3, so it is samba related somewhat). The logic I need is: If p: is on server 1, remove the persistant share \\server1\projects, then if p: does not exist, create a persistant share p: \\server2\projects. Sounds easy enough, but I have no idea how to test if a share is on a particular remote server. I'm trying if exist \\server1\projects, but that doesn't work the way I want it as scripts seem to only understand the local drive letter names, not the remote names. I could try to spit out the contents of net use p: to a file, then parse out the remote name string, and compare that, but that seems like a hard way to accomplish it and I don't want the script parsing out stuff during a login. There's got to be an easier way. I could also just always remove the p:, then mount it from server2. But that adds an extra /delete every single time someone logs on, I'd prefer not to do that. I only want to /delete p: if p: is remote server1, not if it's remote server 2. Anyone have an idea? Thanks in advance, Alex -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Filenames apparently truncated when acessing Samba share from XP.
Richard, Best advice is to update to Samba-3.0.11. If my memory is not missing too many bits the name trucation problem was a bug in 3.0.1 with certain clients. If the problem persists with 3.0.11 please file a bug report on https://bugzilla.samba.org. - John T. On Wednesday 09 March 2005 09:39, Richard Heggs wrote: Hi List, This one is puzzling me. I suspect it is largely due to a badly-behaved installer, but I would appreciate any help. I'm so puzzled, I'm not even sure how to explain the problem, but here goes... I have a Samba 3.0.1 system on AIX 5.2, which a number of XP users connect to, in order to access an application installed there. The upgrade installer for said application is causing me trouble. The installer gets almost all the way through the process, unpacking files and so on. The problem occurs when it tries to run one of those files. I can see this directory in My Computer, and using the DIR command in a dos box: G:\uniform7\hometest\installation Ths installer is complaining that it cannot access G:\uniform7\hometest\installation\definitions-SDE.bat (which is definitely there) Upon inspection I notice that when I use the 'ls' command from XP, I see that all the files have been truncated (not mangled - I turned that off) to 8 characters. I've tried with mangling turned on, and I get a slightly different error, in that the file which the installer cannot find is mangled. I suspect that the problem is that the installer is using an odd method of file access, and is for some reason seeing the directory structure as XP's 'ls' does, rather than as XP's file explorer does. Does anyone have any idea how I can make XP's 'ls' dispplay the full and unmangled filename? The share for this directory is: [uniform] comment = Uniform path = /uniform05 read only = no public = yes case sensitive = no preserve case = yes short preserve case = yes mangle case = no mangled names= no All suggestions gratefully received, I'm at a loss. Cheers, Richard This message was sent using IMP, the Internet Messaging Program. This e-mail message has been scanned for Viruses and Content and cleared by NetIQ MailMarshal. This e-mail (and any attachments) is confidential and may contain personal views which are not the views of Nottingham City Council unless specifically stated. If you have received it in error, please delete it from your system, do not use, copy or disclose the information in any way nor act in reliance on it and notify the sender immediately. Please note that Nottingham City Council monitors e-mails sent or received. Further communication will signify your consent to this. -- John H Terpstra Samba-Team Member Phone: +1 (650) 580-8668 Author: The Official Samba-3 HOWTO Reference Guide, ISBN: 0131453556 Samba-3 by Example, ISBN: 0131472216 Hardening Linux, ISBN: 0072254971 Other books in production. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] XP Pro and offline files
[EMAIL PROTECTED] writes: [EMAIL PROTECTED] (mailto:[EMAIL PROTECTED]) writes: All: Not sure if this is an XP Pro issue or a samba issue. I am running v3.0.3 of the samba server acting as a Domain controller and file server. The problem that I run into is that every once in a while, while connected to the network the network shares go offline. I am running XP Pro SP2 and I am not really sure where to start to troubleshoot this. I wrote in about a similar thing just yesterday. We're using Samba 3.02 on about 40 Linux servers and our users are complaining about the same thing once in a while. Really only on a few machines. But the symptom is there. Seems to happen more with SP2 than it happened with SP1 -- but that's not a scientific observation. In a couple of cases, we could see in the /var/log/messages that the link beat was being lost continually. Replacing cables and switches between Server and Client got rid of that problem (we don't know which element was causing the problem, but making everything new fixed it). But a few other users are still complaining about these random disconnections and we are not sure either how to troubleshoot. We have asked users to carefully document exactly when the disconnections occur -- and on what machine and subnet -- so that we can look for clues in the logs. But so far, nothing in the logs is sticking out. Not all machines on a given pathway from Server to Client disconnect at the same time -- so unless it's a last cable problem it's not likely to be a hardware issue. BTW, we're running the 2.6.6 kernel on a mainly Mandrake distribution. Hopefully, somebody who reads these postings will have a clue or two. Regards, Andy Liebman -- I also asked about this back in January...googles and searches through the archives turned up several people with the same issue, but not a resolution. I believe it's a Samba issue, mainly because the problem didn't appear until I retired our old Samba v2 server and migrated to a new Samba 3.0.7 one. The only solution I've been able to come with is disabling offline files...and of course, our president's laptop was one of the machines affected. Some machines took longer to become problematic than others and a few are still trouble-freeand I can't find any settings that make a difference. I don't know if SP2 is an issue or not, since all our XP (Pro) machines were patched with SP2 prior to doing the Samba upgrade. Good luck! Ron Bookman -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Chapter 6: Making Users Happy...
Not sure if this is the place to post this butI'm just going through the process of installing Samba and LDAP using the current version of Chapter 6: Making Users Happy (http://us4.samba.org/samba/docs/man/Samba-Guide/happy.html#id2557011 http://us4.samba.org/samba/docs/man/Samba-Guide/happy.html#id2557011 ) I found one error in the Install and Configure Idealx smbldap-tools Scripts...Item 4. Should read Change to the /etc/smbldap-tools/ directory, then edit the /etc/smbldap-tools/smbldap_conf.pm instead of CHange to the /opt/IDEALX/sbin/ directory then edit the /opt/IDEALX/sbin/smbldap_conf.pm . Kevin B. McCrory Network Engineer - COPS US Government Solutions 13600 EDS Drive Mail stop: A4S-B21 Herndon, VA 20171 * phone: +01-703-733-3255 * mailto:[EMAIL PROTECTED] mailto:[EMAIL PROTECTED] * AKO mailto:[EMAIL PROTECTED] mailto:[EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Samba 3.0.11 on AIX 4.3
Hi All, Pls has anyone successfully installed Samba 3 on an AIX 4.3 (RS6000) system? The only precompiled binary I was able to find - v 3.0.4 from bullfreeware.com did not work after installation. I haven't been successful trying to install it from source. I have downloaded various requisite programs such as kerberos (which won't compile either) and openldap. I am particularly interested in Samba's ability to join a Windows2K domain and its ACLs capabilities. Pls any help would be appreciated. Below is a mail I sent to someone about my experience installing from source. Thanks. Hi, I have spent a couple of days trying to install Keberos 5 and Samba 3.0.11 on an AIX 4.3 (RS6000) system. It just refuses to install! I have tried all sorts of things. First, it (kerberos) kept complaining about not being able to determine some thread stuff, I got past that by using the --disable-thread option. Then configure goes through, but make crashes out. I was partially successful by installing GNU bison, and GNU binutils, now it goes much further before crashing out. I have included the tail end of the message below. I noticed that make had made quite a few of the kerberos program binaries, so I went ahead and did a make install. That installed some of the binaries and then bombed out too! I tried to run kinit anyway and got Illegal instruction (core dumped) Bison 2.0 didn't work so I tried version 1.30 as suggested on the Net by someone experiencing the YACC's shift error for some other program he was trying to compile. I had some luck with version 1.30 Any ideas please? Samba won't successfully compile either. I couldn't locate any configure option that turns off threading in its case. I have also tried GNU make, but that bombed out almost immediately with some message about output file not specified or so. Openldap wouldn't compile either, but I was able to get a precompiled binary version which I just extracted out. Thanks. Tunde Itayemi. /libtelnet/misc-proto.h:82: error: conflicting types for 'setenv' ext.h:224: error: previous declaration of 'setenv' was here /libtelnet/misc-proto.h:82: error: conflicting types for 'setenv' ext.h:224: error: previous declaration of 'setenv' was here telnetd.c: In function `main': telnetd.c:261: warning: implicit declaration of function `strcasecmp' telnetd.c: In function `getterminaltype': telnetd.c:724: warning: implicit declaration of function `ttsuck' telnetd.c:720: warning: unused variable `retval' telnetd.c: In function `telnet': telnetd.c:1212: warning: passing arg 2 of `ioctl' as signed due to prototype telnetd.c:1213: warning: passing arg 2 of `ioctl' as signed due to prototype telnetd.c:1294: warning: passing arg 3 of `strncat' as unsigned due to prototype telnetd.c:1322: warning: implicit declaration of function `bzero' telnetd.c: At top level: telnetd.c:1563: warning: no previous prototype for 'readstream' telnetd.c: In function `readstream': telnetd.c:1610: warning: implicit declaration of function `readstream_termio' telnetd.c:1612: warning: implicit declaration of function `readstream_termios' telnetd.c:1569: warning: unused variable `tsp' telnetd.c:1570: warning: unused variable `tp' telnetd.c: At top level: telnetd.c:35: warning: 'copyright' defined but not used make[2]: *** [telnetd.o] Error 1 make[2]: Leaving directory `/ecocentral/extras/krb5-1.4/src/appl/telnet/telnetd' make[1]: *** [all-recurse] Error 1 make[1]: Leaving directory `/ecocentral/extras/krb5-1.4/src/appl/telnet' make: *** [all-recurse] Error 1 make: 1254-004 The error code from the last command is 1. Stop. bash-2.05b# == The error I got after the installation of v 3.0.4 when I tried to start the executables was (: # cd /usr/local # ls binlibmansamba # cd samba/sbin # ./swat exec(): 0509-036 Cannot load program ./swat because of the following errors: 0509-150 Dependent module /usr/lib/libiconv.a(libiconv.so.2) could not be loaded. 0509-152 Member libiconv.so.2 is not found in archive # ./samba ksh: ./samba: not found. # ls nmbd smbd swat # ./smbd exec(): 0509-036 Cannot load program ./smbd because of the following errors: 0509-150 Dependent module libldap.a(libldap.so.2) could not be loaded. 0509-022 Cannot load module libldap.a(libldap.so.2). 0509-026 System error: A file or directory in the path name does not exist. # ./nmbd exec(): 0509-036 Cannot load program ./nmbd because of the following errors: 0509-150 Dependent module /usr/lib/libiconv.a(libiconv.so.2) could not be loaded. 0509-152 Member libiconv.so.2 is not found in archive # === The error changed slightly after I extracted a precompiled version of openldap (openldap.2.2.21.tar) to: bash-2.05b# smbd exec(): 0509-036 Cannot load program smbd because of the following
[Samba] strange Samba3 / sudo / ldapsearch problem
Hi, I recently triied to set up a special PDF creation service for a customer. The Samba3 server is a AD2003 member server. Since the created PDF files need to be sent via e-mail to the creators, I need to issue an LDAP query against the AD, like ldapsearch -h 10.243.50.22 -Y GSSAPI -b ou=user,ou=... ... \ -LLL '(cn=lastname firstname*)' mail As long as I run this command as root everything is okay. Since ldapsearch isn't setuid root, and the Kerberos credentials cache /tmp/krb5cc_0 is mode 0600 root.root, normal users can't run an ldapsearch against the KDC. Creating KRBTGTs for 5000+ users isn't really an option :-) The PDF creating script (which was derived from smbgenpdfprn) needs to run this query but Samba runs the backend script with the connecting user's UID/GID mapped by winbind. I tried force user = root but that did not work. Using sudo w/ NOPASSWD appears to be the straightforward solution. As a local user, I can run sudo ldapsearch just fine, but when an AD user does that either nothing happens at all (command hangs) or I get an error like + sudo ldapsearch -v -h 10.243.50.22 -Y GSSAPI -b ou=user,ou=... -LLL '(cn=X XX*)' mail ldap_initialize( ldap://10.243.50.22 ) SASL/GSSAPI authentication started ldap_sasl_interactive_bind_s: Local error (-2) additional info: SASL(-1): generic failure: GSSAPI Error: Miscellaneous failure (see text) (No such file or directory) particularly within the backend script. What happens here? I did add winbind to /etc/pam.d/sudo but as I understand this should not be needed to sudo _from_ the AD user _to_ root (only the other way round). I googled for various ldap_sasl_interactive_bind_s errors but nothing useful comes up. I have no idea if that's a sudo, ldapsearch or Samba/winbind problem. A setuid root C wrapper did the trick but is that how it's designed? -- Due to lack of disk space, this fortune database has been discontinued. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] ADS question
On Wednesday 09 March 2005 8:56 am, Marcus Franke wrote: Hi, [public] comment = Backup Verzeichnis path = /mnt/backup admin users = DOMAIN+Administrator, root valid users = DOMAIN+Administrator, root The administrator of my Windows domain now should be able to access the public share. But when I try to access the box I am asked for a username and a password. I found, that getent passwd and group does not list the domain users and groups, just my local users and groups from /etc/passwd and /etc/groups. After some more searching, I tuned the loglevel up to 10 and found these entries in winbindd.log: [2005/03/09 15:37:00, 0] libsmb/cliconnect.c:cli_session_setup_spnego(764) Kinit failed: Preauthentication failed [2005/03/09 15:38:12, 1] nsswitch/winbindd_group.c:winbindd_getgroups(1032) user 'marcus' does not exist [2005/03/09 15:38:28, 1] nsswitch/winbindd_group.c:winbindd_getgroups(1032) user 'root' does not exist [2005/03/09 15:40:00, 1] nsswitch/winbindd_group.c:winbindd_getgroups(1032) user 'root' does not exist [2005/03/09 15:42:00, 0] libsmb/cliconnect.c:cli_session_setup_spnego(764) Kinit failed: Preauthentication failed kinit failed? I can use wbinfo -[sgu] even from the local user marcus and get positive info from it, why not when invoked from the server? I can mail the smbd log for the machine I am trying to connect to the server. But the output is huge (41k) and I would not like to post it directly to the list :) Any suggestions? I would be happy for every hint. Marcus -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Problem with XP but not 2K. Guru help please
My setup is very simple. I have samba 3.0.10 on Solaris 8. I have security = server and password server = 209.197.128.34 ( not the real IP ) When Win2K users map or browse to the shares, they get in fine. When XP users try to get in, they cannot access the samba shares at all. All users are on the same domain. When users are added localhost to smbpasswd, both work fine. Only XP fails with security = server Any assistance appreciated greatly. Here is my smb.conf for ref. # This is the main Samba configuration file. You should read the # smb.conf(5) manual page in order to understand the options listed # here. Samba has a huge number of configurable options (perhaps too # many!) most of which are not shown in this example # # Any line which starts with a ; (semi-colon) or a # (hash) # is a comment and is ignored. In this example we will use a # # for commentry and a ; for parts of the config file that you # may wish to enable # # NOTE: Whenever you modify this file you should run the command testparm # to check that you have not made any basic syntactic errors. # #=== Global Settings = [global] # workgroup = NT-Domain-Name or Workgroup-Name workgroup = MYDOMAIN # server string is the equivalent of the NT Description field server string = Samba Server # This option is important for security. It allows you to restrict # connections to machines which are on your local network. The # following example restricts access to two C class networks and # the loopback interface. For more examples of the syntax see # the smb.conf man page ; hosts allow = 192.168.1. 192.168.2. 127. # if you want to automatically load your printer list rather # than setting them up individually then you'll need this printcap name = /etc/printcap load printers = yes # It should not be necessary to spell out the print system type unless # yours is non-standard. Currently supported print systems include: # bsd, sysv, plp, lprng, aix, hpux, qnx ; printing = cups # This option tells cups that the data has already been rasterized cups options = raw # Uncomment this if you want a guest account, you must add this to /etc/passwd # otherwise the user nobody is used ; guest account = pcguest # this tells Samba to use a separate log file for each machine # that connects log file = /var/log/samba/%m.log # all log information in one file # log file = /var/log/samba/smbd.log # Put a capping on the size of the log files (in Kb). max log size = 50 # Security mode. Most people will want user level security. See # security_level.txt for details. security = server # Use password server option only with security = server password server = 209.191.24.234 # Password Level allows matching of _n_ characters of the password for # all combinations of upper and lower case. ; password level = 8 ; username level = 8 # You may wish to use password encryption. Please read # ENCRYPTION.txt, Win95.txt and WinNT.txt in the Samba documentation. # Do not enable this option unless you have read those documents ; encrypt passwords = yes ; smb passwd file = /etc/samba/smbpasswd # The following are needed to allow password changing from Windows to # update the Linux system password also. # NOTE: Use these with 'encrypt passwords' and 'smb passwd file' above. # NOTE2: You do NOT need these to allow workstations to change only #the encrypted SMB passwords. They allow the Unix password #to be kept in sync with the SMB password. ; unix password sync = Yes ; passwd program = /usr/bin/passwd %u ; passwd chat = *New*UNIX*password* %n\n *ReType*new*UNIX*password* %n\n *passwd:*all*authentication*tokens*updated*successfully* # Unix users can map to different SMB User names ; username map = /etc/samba/smbusers username map = /usr/local/samba/lib/users.map # Using the following line enables you to customise your configuration # on a per machine basis. The %m gets replaced with the netbios name # of the machine that is connecting ; include = /etc/samba/smb.conf.%m # Most people will find that this option gives better performance. # See speed.txt and the manual pages for details socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 # Configure Samba to use multiple interfaces # If you have multiple network interfaces then you must list them # here. See the man page for details. ; interfaces = 192.168.12.2/24 192.168.13.2/24 # Configure remote browse list synchronisation here # request announcement to, or browse list sync from: # a specific host or from / to a whole subnet (see below) ; remote browse sync = 192.168.3.25 192.168.5.255 # Cause this host to announce itself to local subnets here ; remote announce = 192.168.1.255 192.168.2.44 # Browser Control Options: # set local master to no if you don't want Samba to become a master # browser on your network. Otherwise the normal election rules apply ; local master = no # OS
[Samba] LDAP Account Manager 0.4.9 released
LDAP Account Manager (LAM) 0.4.9 - March 09th, 2005 === A web frontend for managing accounts stored in an OpenLDAP server. Announcement: - This version closes some minor bugs and includes a security fix for lamdaemon.pl. LAM is a set of PHP-scripts to administrate entries of a LDAP server. User, group and Samba accounts can be displayed, searched, filtered, added, removed and edited over an easy to use web interface. Even the configuration options are embedded in the interface. Features: - - management of Unix user and group accounts (posixAccount/posixGroup) - management of Samba 2.x/3 user and host accounts (sambaAccount/sambaSamAccount) - profiles for account creation - editor for organizational units (OU) - account creation via file upload - automatic creation/deletion of home directories - setting quotas - support for LDAP+SSL - multi-language support (English, French, German, Hungarian, Japanese) - multiple configuration files - PDF output for user/group/host accounts - additional text for user PDFs - supports multiple password hashes Availability: - This software is available under the GNU General Public License V2.0. You can get the newest version at http://lam.sf.net. File formats: DEB, tar.gz There is also a FreeBSD port. Debian users may use the packages in unstable. Support: If you find a bug please file a bug report. For questions or implementing new features please use the forum and feature request tracker at our Sourceforge homepage http://www.sf.net/projects/lam. Author Copyright: --- Copyright (C) 2003 - 2005: Michael Duergner [EMAIL PROTECTED] Roland Gruber [EMAIL PROTECTED] Tilo Lutz [EMAIL PROTECTED] This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Add machine script failure (Samba 3.X/Suse 9.0)
New to Linux/Samba and would appreciate some assistance with what is probably a simple fix. My smb.conf contains the following: Add machine script = /usr/sbin/useradd -d /dev/null -g machines -c machine account -s /bin/false %u When attempting to join a domain on either an XP Professional or 2000 Professional machine (firewall and antivirus turned off), I am prompted with the sign on screen. Using root and its associated samba password, Windows displays The user name could not be found. I thought to add the machine manually in linux using the above script inputs but substituting for %u the computer name (lwgtp) followed immediately by $. The result of this attempt is useradd: Invalid home directory '/dev/null'. The group, machines, does exist as does /dev/null. Any assistance will be appreciated. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] OW #10.09 - Google Desktop and Live Meeting
--== OFFICE WATCH ==-- The Microsoft Office newsletter from Woody's Watch. Your independent source for MS Office advice and news since 1996 9 March 2005 Vol 10 No 9 New! The Desktop Search Handbook - http://shop.woodyswatch.com/dsh/ @@@ Recover lost emails at http://ref.OfficeRecovery.com/?wow @@@ MailRecovery suites retrieve emails from corrupted Outlook, Outlook Express and Exchange mail storages. From small personal folders to gigabytes of corporate email - pick a solution that matches your needs. Use yourself, tell colleagues. *** Click http://ref.OfficeRecovery.com/?wow for a free demo *** 1. Google Desktop 2. Office Live Meeting 3. Pegasus with Onenote 4. DOJ moves to Corel 5. Office for Mac update 6. Apple shooting themselves 7. Rod's BUS in Sydney 8. Keep OW Alive and Free Believe it... hard disk crashes do happen and retrieving your data can cost more than a new computer. ZipBackup backs up to standard Zip files on CD, DVD, a hard drive or even over a network. ZipBackup's Wizard makes backing up a snap for beginners. Filtering, scheduling and automatic disk spanning makes it a powerful tool for experts. Get 25% off the regular price at http://www.zipbackup.com/partners/wow MAPILab Toolbox: the set of 10 must have Microsoft Outlook add-ins for $24 only. Free trial. http://www.mapilab.com/outlook/toolbox/?ww __ 1. GOOGLE DESKTOP The excellent Google Desktop Search (GDS) is now out of beta and is a full grown product. With this first official release comes a set of welcome new features and an established path for the development of extras. GDS now supports PDF files and does NOT index password protected Word documents (which it did during the beta). More email programs are supported as well as a wider range of browsers. There is an automatic update process for GDS but it may not have kicked in for your computer. You can tell the version that you are using by clicking on the About menu item from the system tray; look at the bottom of the page and you'll see a series of numbers. 20050227 indicates that it's the latest release. If you have another number then you can wait until the update process happens automatically, or you can download the update yourself. Go to http://desktop.google.com/ and download the new version. After installation you'll probably be prompted to restart your computer, so this is probably a good time to run Windows Update and see if there's anything major needing attention there. This update to Google Desktop Search is one reason why our Desktop Search Handbook (DSH) is an evolving ebook - instead of just one unchanging edition all buyers will get updated copies for no additional charge throughout 2005. Naturally we'll release a new version of the already popular DSH, with a revised look at Google Desktop Search in all its wonders. Details on the DSH below - we've been gratified by the response from Woody's Watch readers to this initiative. We've worked hard, and will continue our efforts, to provide a comprehensive guide to Desktop Searching for a very good price. Sales of the Desktop Search Handbook directly help keep all the Woody's Watch newsletters as free and fearless services to all. ___ The Desktop Search Handbook an Office Watch guide http://shop.woodyswatch.com/dsh/ This is the Woody's Watch teams first ebook - over 65 pages of in-depth and original info and how to's on the major desktop search products. Searchable text and color images throughout - naturally. * All new and expanded content * NO advertising - 65 pages plus appendices. * In depth reviews and how to for the major Desktop Search products o Copernic Desktop o Google Desktop Search o Lookout for Outlook o MSN Toolbar Suite o Yahoo Desktop (a version of X1) * Simple guide to making desktop searching work even better for you. o Effective indexing o Simple searching and beyond. o Tips on how to effectively index audio, video, OneNote, web caches and PDF's. o Search Command Reference Not only do you get the ebook but you also get FREE updates / new editions as they are released during 2005. We'll update the book throughout the year. Value for only US$14.95 but great value for Woody's Watch subscribers who pay just US$9.95 - our gift to those of you who have supported us over the years. We have options to pay in Canadian dollars, Sterling, Euro, Yen and Aussie dollars too. Check it out at http://shop.woodyswatch.com/dsh/ not only do we think you'll get a lot from the book and free updates -- but buying The Desktop Search Handbook is a practical way to support Woody's Watch as a free and independent newsletters. NEW - quicker delivery; we now send the link to your personal copy of the e-book fast - usually within minutes of your paid order. NEW! There's now a special diskette edition available via Amazon
[Samba] Domain Control
Hi all, I have a simple problem that i cant seem to figure out. Right now i have most of my confs in place to join my samba server to my Active Directory Domain. The problem is, is that i would like for the samba server to be added as a workstation and not a domain controller. However when i browse my AD tree i see that it has been added with the role of domain controller no matter what i do. Right now i have my samba.conf file stripped down to the following: [global] netbios name = my.server.name workgroup = workgroup realm = MYREALM.NET security = ADS encrypt passwords = yes #ThE following was added to rectify the problem preferred master = no domain master = no local master = no Thats it! How do i get my samba server to join the domain without activating it as a domain controller? R. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] XP Pro and offline files
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi you can take total control of offline folders behavior with policies, win xp is different in many ways ...i note that a simple redirect of my_files causes a offline folder behavior ( i think this should be a feature not a bug ) , i got out off all this problems with poledit.exe and ntconfig.pol and some special adms. Good Luck Ron Bookman schrieb: | [EMAIL PROTECTED] writes: | | | [EMAIL PROTECTED] (mailto:[EMAIL PROTECTED]) writes: | | All: | | Not sure if this is an XP Pro issue or a samba issue. | | I am running v3.0.3 of the samba server acting as a Domain | controller and file server. The problem that I run into is that every | once | in a while, while connected to the network the network shares go | offline. | | I am running XP Pro SP2 and I am not really sure where to start to | troubleshoot this. | | | | | I wrote in about a similar thing just yesterday. We're using Samba | 3.02 on | about 40 Linux servers and our users are complaining about the same | thing once | in a while. Really only on a few machines. But the symptom is there. | Seems to | happen more with SP2 than it happened with SP1 -- but that's not a | scientific observation. | | In a couple of cases, we could see in the /var/log/messages that the | link | beat was being lost continually. Replacing cables and switches | between Server | and Client got rid of that problem (we don't know which element was | causing | the problem, but making everything new fixed it). | | But a few other users are still complaining about these random | disconnections and we are not sure either how to troubleshoot. We have | asked users to | carefully document exactly when the disconnections occur -- and on | what machine | and subnet -- so that we can look for clues in the logs. But so far, | nothing | in the logs is sticking out. Not all machines on a given pathway from | Server | to Client disconnect at the same time -- so unless it's a last cable | problem | it's not likely to be a hardware issue. | | BTW, we're running the 2.6.6 kernel on a mainly Mandrake distribution. | | Hopefully, somebody who reads these postings will have a clue or two. | | Regards, | Andy Liebman | -- | | | I also asked about this back in January...googles and searches through | the archives turned up several people with the same issue, but not a | resolution. | | I believe it's a Samba issue, mainly because the problem didn't appear | until I retired our old Samba v2 server and migrated to a new Samba | 3.0.7 one. The only solution I've been able to come with is disabling | offline files...and of course, our president's laptop was one of the | machines affected. Some machines took longer to become problematic than | others and a few are still trouble-freeand I can't find any settings | that make a difference. I don't know if SP2 is an issue or not, since | all our XP (Pro) machines were patched with SP2 prior to doing the Samba | upgrade. | | Good luck! | Ron Bookman - -- Mit freundlichen Gruessen Best Regards Robert Schetterer robert_at_schetterer.org Munich / Bavaria / Germany https://www.schetterer.org \** \* gnupgp \* public key: \* https://www.schetterer.org/public.key \** -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.5 (MingW32) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFCL3aS+Jw+56iSjEkRAgL5AJ9vI0mO1fywiTvvZeZVRKZ5hoKuNQCcCQ2Y Gv0lGogNZbDKOBUyFecFXtw= =GgkF -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] ADS question
I had this issue and learned that it was a misunderstanding of mine that once i added the samba server to the domain and enabled winbind that it would authenticate all my ADS users without intervention. However, upon further investication I found that only users that had an account with the same name on the samba server would be authenticated to the share. To make a long story short, you need to do so more configuration with winbind allowing it to do the following, get domain user information, communicate with PDC for authentication and use PAM for something or the other. Just look up the winbind section in the samba reference guide and you will see what I'm speaking of. Good luck - Original Message - From: Michael Wray [EMAIL PROTECTED] To: samba@lists.samba.org Sent: Wednesday, March 09, 2005 4:04 PM Subject: Re: [Samba] ADS question On Wednesday 09 March 2005 8:56 am, Marcus Franke wrote: Hi, [public] comment = Backup Verzeichnis path = /mnt/backup admin users = DOMAIN+Administrator, root valid users = DOMAIN+Administrator, root The administrator of my Windows domain now should be able to access the public share. But when I try to access the box I am asked for a username and a password. I found, that getent passwd and group does not list the domain users and groups, just my local users and groups from /etc/passwd and /etc/groups. After some more searching, I tuned the loglevel up to 10 and found these entries in winbindd.log: [2005/03/09 15:37:00, 0] libsmb/cliconnect.c:cli_session_setup_spnego(764) Kinit failed: Preauthentication failed [2005/03/09 15:38:12, 1] nsswitch/winbindd_group.c:winbindd_getgroups(1032) user 'marcus' does not exist [2005/03/09 15:38:28, 1] nsswitch/winbindd_group.c:winbindd_getgroups(1032) user 'root' does not exist [2005/03/09 15:40:00, 1] nsswitch/winbindd_group.c:winbindd_getgroups(1032) user 'root' does not exist [2005/03/09 15:42:00, 0] libsmb/cliconnect.c:cli_session_setup_spnego(764) Kinit failed: Preauthentication failed kinit failed? I can use wbinfo -[sgu] even from the local user marcus and get positive info from it, why not when invoked from the server? I can mail the smbd log for the machine I am trying to connect to the server. But the output is huge (41k) and I would not like to post it directly to the list :) Any suggestions? I would be happy for every hint. Marcus -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Domain Control
Change your security from ads to server security = ADS to server Mark Sarria - Original Message - From: IslandBwoy [EMAIL PROTECTED] Date: Wednesday, March 9, 2005 2:17 pm Subject: [Samba] Domain Control Hi all, I have a simple problem that i cant seem to figure out. Right now i have most of my confs in place to join my samba server to my Active DirectoryDomain. The problem is, is that i would like for the samba server to be added as a workstation and not a domain controller. However when i browse my AD tree i see that it has been added with the role of domain controllerno matter what i do. Right now i have my samba.conf file stripped down to the following: [global] netbios name = my.server.name workgroup = workgroup realm = MYREALM.NET security = ADS encrypt passwords = yes #ThE following was added to rectify the problem preferred master = no domain master = no local master = no Thats it! How do i get my samba server to join the domain without activating it as a domain controller? R. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] XP Pro and offline files
I have done that to other machines on my network. But I need my laptop to have offline files. Ron -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Robert Schetterer Sent: Wednesday, March 09, 2005 5:20 PM To: Ron Bookman Cc: samba@lists.samba.org Subject: Re: [Samba] XP Pro and offline files -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi you can take total control of offline folders behavior with policies, win xp is different in many ways ...i note that a simple redirect of my_files causes a offline folder behavior ( i think this should be a feature not a bug ) , i got out off all this problems with poledit.exe and ntconfig.pol and some special adms. Good Luck Ron Bookman schrieb: | [EMAIL PROTECTED] writes: | | | [EMAIL PROTECTED] (mailto:[EMAIL PROTECTED]) writes: | | All: | | Not sure if this is an XP Pro issue or a samba issue. | | I am running v3.0.3 of the samba server acting as a Domain | controller and file server. The problem that I run into is that | every once in a while, while connected to the network the network | shares go offline. | | I am running XP Pro SP2 and I am not really sure where to start to | troubleshoot this. | | | | | I wrote in about a similar thing just yesterday. We're using Samba | 3.02 on | about 40 Linux servers and our users are complaining about the same | thing once in a while. Really only on a few machines. But the symptom | is there. | Seems to | happen more with SP2 than it happened with SP1 -- but that's not a | scientific observation. | | In a couple of cases, we could see in the /var/log/messages that the | link beat was being lost continually. Replacing cables and switches | between Server and Client got rid of that problem (we don't know | which element was causing the problem, but making everything new | fixed it). | | But a few other users are still complaining about these random | disconnections and we are not sure either how to troubleshoot. We | have asked users to carefully document exactly when the | disconnections occur -- and on what machine and subnet -- so that we | can look for clues in the logs. But so far, nothing in the logs is | sticking out. Not all machines on a given pathway from Server to | Client disconnect at the same time -- so unless it's a last cable | problem | it's not likely to be a hardware issue. | | BTW, we're running the 2.6.6 kernel on a mainly Mandrake distribution. | | Hopefully, somebody who reads these postings will have a clue or two. | | Regards, | Andy Liebman | -- | | | I also asked about this back in January...googles and searches through | the archives turned up several people with the same issue, but not a | resolution. | | I believe it's a Samba issue, mainly because the problem didn't appear | until I retired our old Samba v2 server and migrated to a new Samba | 3.0.7 one. The only solution I've been able to come with is disabling | offline files...and of course, our president's laptop was one of the | machines affected. Some machines took longer to become problematic | than others and a few are still trouble-freeand I can't find any | settings that make a difference. I don't know if SP2 is an issue or | not, since all our XP (Pro) machines were patched with SP2 prior to | doing the Samba upgrade. | | Good luck! | Ron Bookman - -- Mit freundlichen Gruessen Best Regards Robert Schetterer robert_at_schetterer.org Munich / Bavaria / Germany https://www.schetterer.org \** \* gnupgp \* public key: \* https://www.schetterer.org/public.key \** -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.5 (MingW32) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFCL3aS+Jw+56iSjEkRAgL5AJ9vI0mO1fywiTvvZeZVRKZ5hoKuNQCcCQ2Y Gv0lGogNZbDKOBUyFecFXtw= =GgkF -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Domain Control
So even though i want my machine to participate in a AD domain i can use security = ADS? I got that from the Samba reference manual under domain membership so i figured i had to follow that to the T. So if what you are saying is the correct way to make this happen without being a domain controller, what is that option really for? Thanks for the reply, R - Original Message - From: [EMAIL PROTECTED] To: IslandBwoy [EMAIL PROTECTED] Cc: samba@lists.samba.org Sent: Wednesday, March 09, 2005 5:40 PM Subject: Re: [Samba] Domain Control Change your security from ads to server security = ADS to server Mark Sarria - Original Message - From: IslandBwoy [EMAIL PROTECTED] Date: Wednesday, March 9, 2005 2:17 pm Subject: [Samba] Domain Control Hi all, I have a simple problem that i cant seem to figure out. Right now i have most of my confs in place to join my samba server to my Active DirectoryDomain. The problem is, is that i would like for the samba server to be added as a workstation and not a domain controller. However when i browse my AD tree i see that it has been added with the role of domain controllerno matter what i do. Right now i have my samba.conf file stripped down to the following: [global] netbios name = my.server.name workgroup = workgroup realm = MYREALM.NET security = ADS encrypt passwords = yes #ThE following was added to rectify the problem preferred master = no domain master = no local master = no Thats it! How do i get my samba server to join the domain without activating it as a domain controller? R. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Domain Control
BTW i tried that and it still added as domain controller. Maybe i should do a M$ reboot :-(. - Original Message - From: [EMAIL PROTECTED] To: IslandBwoy [EMAIL PROTECTED] Cc: samba@lists.samba.org Sent: Wednesday, March 09, 2005 5:40 PM Subject: Re: [Samba] Domain Control Change your security from ads to server security = ADS to server Mark Sarria - Original Message - From: IslandBwoy [EMAIL PROTECTED] Date: Wednesday, March 9, 2005 2:17 pm Subject: [Samba] Domain Control Hi all, I have a simple problem that i cant seem to figure out. Right now i have most of my confs in place to join my samba server to my Active DirectoryDomain. The problem is, is that i would like for the samba server to be added as a workstation and not a domain controller. However when i browse my AD tree i see that it has been added with the role of domain controllerno matter what i do. Right now i have my samba.conf file stripped down to the following: [global] netbios name = my.server.name workgroup = workgroup realm = MYREALM.NET security = ADS encrypt passwords = yes #ThE following was added to rectify the problem preferred master = no domain master = no local master = no Thats it! How do i get my samba server to join the domain without activating it as a domain controller? R. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Domain Control
You definitely don't have to stop using security = ads to make this work. I suggest that you delete the machine account for this server on the Active Directory domain controller via Active Directory Users and Groups. I think there's some stale information there about the role of the sever. Then join the domain again. Good luck! -- Thomas Boutell Boutell.Com, Inc. http://www.boutell.com/ -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Domain Control
Yeah. Thats what i've been doing. The problem is that if i leave it like this i'm affraid that as time goes more and more machines will try to authenticate through this server and eventually cause problems on our network. Either way, just to be sure, I'm going to my realm in my active directory tree and searching for the machine name. Then deleting it from there. Is there something i can do to assure there is no stail information being used? - Original Message - From: Thomas Boutell [EMAIL PROTECTED] To: [EMAIL PROTECTED] Cc: samba@lists.samba.org; IslandBwoy [EMAIL PROTECTED] Sent: Wednesday, March 09, 2005 5:53 PM Subject: Re: [Samba] Domain Control You definitely don't have to stop using security = ads to make this work. I suggest that you delete the machine account for this server on the Active Directory domain controller via Active Directory Users and Groups. I think there's some stale information there about the role of the sever. Then join the domain again. Good luck! -- Thomas Boutell Boutell.Com, Inc. http://www.boutell.com/ -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Problem with XP but not 2K. Guru help please
Try this in the global section: use spnego = no I saw a problem at our site where Samba would negotiate to the password server as it was nogiated against. So since in my case the password server was only NT, it did not succeed with spnego when the clients (Win2003) requested it. Anyway, might be worth a try, JES [EMAIL PROTECTED] wrote: My setup is very simple. I have samba 3.0.10 on Solaris 8. I have security = server and password server = 209.197.128.34 ( not the real IP ) When Win2K users map or browse to the shares, they get in fine. When XP users try to get in, they cannot access the samba shares at all. All users are on the same domain. When users are added localhost to smbpasswd, both work fine. Only XP fails with security = server Any assistance appreciated greatly. Here is my smb.conf for ref. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Samba-3.0.11installation - where is smb.conf
Hello list, I installed samba-3.0.11 from source on Redhat 9.0 by following commands. #./configure -with-winbind #make #make install Samba has been installed in /usr/local/samba directory. But I could not find smb.conf file. Is there any smb.conf file generated by the installation process? Or Do I have to create one manually? Which is the default directory for the smb.conf file? According to info of configure -help the default directory should be /usr/local/samba/etc in my case, but I did not see the creation of the directory. Some document says it should be in /etc/samba or /usr/local/samba/lib. Thanks in advance! Derek -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Illegal filenames produced by rename
Greetings. I have a Windows share mounted via Samba. I recently tried to rename some files; the destination filenames had some high-bit characters. The renaming had some completely unexpected consequences; the new filenames now contain the full pathname (including backslashes), plus other illegal characters (colons). The files can no longer be accessed or modified, either from the remote GNU/Linux or on the Windows 2000 machine itself. GNU/Linux gives me the error No such file or directory, and the Windows machine Die Quellendatei oder vom Quelldatenträger kann nicht gelesen werden (The source file or device cannot be read). It seems to me that Samba should not allow the creation of illegal filenames, but perhaps there's no way for it to know. So is this a bug? If so, I'll file a report. Regardless, is there any way I can rename the files to something proper? Here's what I did to cause the mangled names: [EMAIL PROTECTED]:/mnt/M/Tappi Tíkarrass/Miranda]$ ls (01) Miranda.mp3 (05) Tjet.mp3 (09) Hritibjorn.mp3(13) Myrinandar.mp3 (02) Skrid.mp3 (06) Laekning.mp3 (10) Sokkar.mp3 (03) Krid.mp3 (07) Drek Lek.mp3 (11) Med Tek.mp3 (04) Iprottir.mp3 (08) Beri Beri.mp3 (12) Getekkisofid.mp3 [EMAIL PROTECTED]:/mnt/M/Tappi Tíkarrass/Miranda]$ mv \(01\)\ Miranda.mp3 01 - Miranda.mp3 [EMAIL PROTECTED]:/mnt/M/Tappi Tíkarrass/Miranda]$ mv \(02\)\ Skrid.mp3 02 - Skrið.mp3 [EMAIL PROTECTED]:/mnt/M/Tappi Tíkarrass/Miranda]$ mv *03* 03 - Kríó.mp3 [EMAIL PROTECTED]:/mnt/M/Tappi Tíkarrass/Miranda]$ mv *04* 04 - Íþróttir.mp3 [EMAIL PROTECTED]:/mnt/M/Tappi Tíkarrass/Miranda]$ mv *05* 05 - Tjet.mp3 [EMAIL PROTECTED]:/mnt/M/Tappi Tíkarrass/Miranda]$ mv *06* 06 - Lækning.mp3 [EMAIL PROTECTED]:/mnt/M/Tappi Tíkarrass/Miranda]$ mv *07* 07 - Drek-Lek.mp3 [EMAIL PROTECTED]:/mnt/M/Tappi Tíkarrass/Miranda]$ mv *08* 08 - Beri-Beri.mp3 [EMAIL PROTECTED]:/mnt/M/Tappi Tíkarrass/Miranda]$ mv *09* 09 - Hvítibjörn.mp3 [EMAIL PROTECTED]:/mnt/M/Tappi Tíkarrass/Miranda]$ mv *10* 10 - Sokkar.mp3 [EMAIL PROTECTED]:/mnt/M/Tappi Tíkarrass/Miranda]$ mv *11* 11 - Með-Tek.mp3 [EMAIL PROTECTED]:/mnt/M/Tappi Tíkarrass/Miranda]$ mv *12* 12 - Get Ekki Sofið.mp3 [EMAIL PROTECTED]:/mnt/M/Tappi Tíkarrass/Miranda]$ mv *13* 13 - Mýrin Andar.mp3 [EMAIL PROTECTED]:/mnt/M/Tappi Tíkarrass/Miranda]$ ls 01 - Miranda.mp3 10 - Sokkar.mp3 03 - Kríó.mp3Tappi Tíkarrass\Miranda\02 - Skri:00f0.mp3 05 - Tjet.mp3Tappi Tíkarrass\Miranda\04 - :00cd:00feróttir.mp3 06 - Lækning.mp3 Tappi Tíkarrass\Miranda\11 - Me:00f0-Tek.mp3 07 - Drek-Lek.mp3Tappi Tíkarrass\Miranda\12 - Get Ekki Sofi:00f0.mp3 08 - Beri-Beri.mp3 Tappi Tíkarrass\Miranda\13 - M:00fdrin Andar.mp3 09 - Hvítibjörn.mp3 [EMAIL PROTECTED]:/mnt/M/Tappi Tíkarrass/Miranda]$ cat Tappi\ Tíkarrass\\Miranda\\02\ -\ Skri\:00f0.mp3 cat: Tappi Tíkarrass\Miranda\02 - Skri:00f0.mp3: No such file or directory [EMAIL PROTECTED]:/mnt/M/Tappi Tíkarrass/Miranda]$ Regards, Tristan -- _ _V.-o Tristan Miller [en,(fr,de,ia)]Space is limited / |`-' -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=In a haiku, so it's hard (7_\\http://www.nothingisreal.com/ To finish what you -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Privileges problem
Hi!!! I'm trying to implement a SUS server (local windows update) I-ve already solved my problem to modify registry in order to establish windows update configuration. Now i've a quiestion all my client logon my samba PDC enusing a netconfig.pol isend all configuration everithing works ok. But i've a trouble, my users don't have privileges to install anything and i don't want to give them privileges. So is there another way to update my system , i mean something like sudo o something like that in order to get privileges and install updates? Or is there another way to do that? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] could not join machine to the domain
Hi, I could not join the windows machine to the domain even when I added the machine to LDAP database. But in the same windows machine, I can map drive on the Samba server with LDAP based user account. I could not figure out why. Samba 3.0.10 OpenLDAP 2.1.29 Fedora Core 2 Domain: TESTDOMAIN Samba PDC host: enzo windows machine: ajatar The samba log: make_user_info_map: Mapping user [TESTDOMAIN]\[administrator] from workstation [AJATAR] push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 push_conn_ctx(0) : conn_ctx_stack_ndx = 0 setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 NT user token: (NULL) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups is_trusted_domain: Checking for domain trust with [TESTDOMAIN] secrets_fetch failed! pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 Cache entry with key = TDOM/TESTDOMAIN couldn't be found no entry for trusted domain TESTDOMAIN found. Thanks a lot. -- Regards, Steve Zeng Systems Administrator Mainframe Entertainment Inc T: (604) 628-1000 ext 5293 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Copy to 3.0.9-2.3-SUSE dies after 1.2 gb copied
I have Samba 3.0.9 on SuSE 9.2 on a P-III-500 with only 352mb of RAM. The share I'm copying to is on a SCSI RAID array handled by a Compaq Smart-2/P RAID Controller (rev 04) as identified by lspci. The RAID is all LVM and the share is ReiserFS-- maybe not the best choice for something which is so slow to write to. Anyhow, the problem is that when I copy to the share movies it will do about 1.2 to 1.4 gb and die-- my windows XP client (either one of them) reports The specified network name is no longer available and the only choice is to click OK. If I use a drag'n'drop copy, I'm all done. If I use a slightly smarter tool, one that apparently retries, I click ok and the copy takes off again, apparently none the worse. If I give up the first time it fails, the files it did manage to copy were between 133,122kb and 344,332kb in size. I was advised to try some smb.conf changes. In the global section, I added client use spnego = no. In the section for the movies share, I added use sendfile = no. Niether change seemed to make any difference. I also added write cache size = 262144 in that share. Also little help that I can tell-- maybe a little better. I'm slightly confused that I get two log files for the same machine, both seemingly updated concurrently, one called samba-log.172.20.0.186 and one called samba-log.elrond The one named for the machine name doesn't have any errors or warnings-- just file opens and closes. The one with the IP address has errors.This fragment is pretty representative: [2005/03/09 13:52:04, 1] lib/util_sock.c:get_peer_name(1095) Gethostbyaddr failed for 172.20.0.186 [2005/03/09 13:52:04, 2] lib/access.c:check_access(324) Allowed connection from 172.20.0.186 (172.20.0.186) [2005/03/09 13:52:04, 2] smbd/reply.c:reply_special(235) netbios connect: name1=TOLKIEN name2=ELROND [2005/03/09 13:52:04, 2] smbd/reply.c:reply_special(242) netbios connect: local=tolkien remote=elrond, name type = 0 [2005/03/09 14:23:12, 1] lib/util_sock.c:get_peer_name(1095) Gethostbyaddr failed for 172.20.0.186 [2005/03/09 14:23:12, 2] lib/access.c:check_access(324) Allowed connection from 172.20.0.186 (172.20.0.186) [2005/03/09 14:23:12, 2] smbd/reply.c:reply_special(235) netbios connect: name1=TOLKIEN name2=ELROND [2005/03/09 14:23:12, 2] smbd/reply.c:reply_special(242) netbios connect: local=tolkien remote=elrond, name type = 0 [2005/03/09 14:56:38, 1] lib/util_sock.c:get_peer_name(1095) Gethostbyaddr failed for 172.20.0.186 I also have stuff in my messages log, specifically, I see this every 15 minutes: Mar 9 16:21:08 tolkien nmbd[5713]: [2005/03/09 16:21:08, 0] nmbd/nmbd_browsesync.c:find_domain_master_name_query_fail(353) Mar 9 16:21:08 tolkien nmbd[5713]: find_domain_master_name_query_fail: Mar 9 16:21:08 tolkien nmbd[5713]: Unable to find the Domain Master Browser name RIVENDELL1b for the workgroup RIVENDELL. Mar 9 16:21:08 tolkien nmbd[5713]: Unable to sync browse lists in this workgroup. Any clue what tuning I need to be doing here? I'm pretty new to Linux and Samba and need a clue. TIA, Tom [Praise] The only way to escape the personal corruption of praise is to go on working. --Albert Einstein --... ...-- -.. . -. . --.- --.- -... [EMAIL PROTECTED] (remove nospam) N9QQB (amateur radio) HEY YOU (loud shouting) WEB ADDRESS http//www.mixweb.com/tpeters 43° 7' 17.2 N by 88° 6' 28.9 W, Elevation 815', Grid Square EN53wc WAN/LAN/Telcom Analyst, Tech Writer, MCP, Cisco Certified CCNA -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Domain Control
On Wed, 9 Mar 2005, IslandBwoy wrote: Yeah. Thats what i've been doing. The problem is that if i leave it like this i'm affraid that as time goes more and more machines will try to authenticate through this server and eventually cause problems on our network. Either way, just to be sure, I'm going to my realm in my active directory tree and searching for the machine name. Then deleting it from there. Is there something i can do to assure there is no stail information being used? Yes, deleting the machine from the active directory users and groups tool is what you need to do. Might help to turn off samba while you're doing that. If there are any other AD domain controllers make sure they all see the change. -- Thomas Boutell Boutell.Com, Inc. http://www.boutell.com/ -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Domain Control
I have this same problem. I wrote it up here: https://bugzilla.samba.org/show_bug.cgi?id=1423, but Jerry couldn't reproduce it so he (rightly) marked it invalid. This is 100% reproducible for me (and apparently you also), every samba server I join to the domain, shows up with the role Domain Controller. Just to be clear, this is not in OU display in the Active Directory Users and Computers screen, but in the results of a find. If anybody else is experiencing this problem, could you please place your notes, and smb.conf file in bugzilla at https://bugzilla.samba.org/show_bug.cgi?id=1423 -Marc -Original Message- From: [EMAIL PROTECTED] [mailto:samba- [EMAIL PROTECTED] On Behalf Of IslandBwoy Sent: Wednesday, March 09, 2005 3:06 PM To: Thomas Boutell; [EMAIL PROTECTED] Cc: samba@lists.samba.org Subject: Re: [Samba] Domain Control Yeah. Thats what i've been doing. The problem is that if i leave it like this i'm affraid that as time goes more and more machines will try to authenticate through this server and eventually cause problems on our network. Either way, just to be sure, I'm going to my realm in my active directory tree and searching for the machine name. Then deleting it from there. Is there something i can do to assure there is no stail information being used? - Original Message - From: Thomas Boutell [EMAIL PROTECTED] To: [EMAIL PROTECTED] Cc: samba@lists.samba.org; IslandBwoy [EMAIL PROTECTED] Sent: Wednesday, March 09, 2005 5:53 PM Subject: Re: [Samba] Domain Control You definitely don't have to stop using security = ads to make this work. I suggest that you delete the machine account for this server on the Active Directory domain controller via Active Directory Users and Groups. I think there's some stale information there about the role of the sever. Then join the domain again. Good luck! -- Thomas Boutell Boutell.Com, Inc. http://www.boutell.com/ -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Chapter 6: Making Users Happy...
On Wednesday 09 Mar 2005 19:53, Mccrory, Kevin B wrote: Not sure if this is the place to post this butI'm just going through the process of installing Samba and LDAP using the current version of Chapter 6: Making Users Happy (http://us4.samba.org/samba/docs/man/Samba-Guide/happy.html#id2557011 http://us4.samba.org/samba/docs/man/Samba-Guide/happy.html#id2557011 ) I found one error in the Install and Configure Idealx smbldap-tools Scripts...Item 4. Should read Change to the /etc/smbldap-tools/ directory, then edit the /etc/smbldap-tools/smbldap_conf.pm instead of CHange to the /opt/IDEALX/sbin/ directory then edit the /opt/IDEALX/sbin/smbldap_conf.pm . That's one for John ;-) Kevin B. McCrory Network Engineer - COPS US Government Solutions 13600 EDS Drive Mail stop: A4S-B21 Herndon, VA 20171 * phone: +01-703-733-3255 * mailto:[EMAIL PROTECTED] mailto:[EMAIL PROTECTED] * AKO mailto:[EMAIL PROTECTED] mailto:[EMAIL PROTECTED] -- Kind Regards, Gavin Henry. Managing Director. T +44 (0) 1224 279484 M +44 (0) 7930 323266 F +44 (0) 1224 742001 E [EMAIL PROTECTED] Open Source. Open Solutions(tm). http://www.suretecsystems.com/ -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Memory Question or ext3 question
I am new to linux and have maybe a dumb question. I have samba 3.0.11 up and running and everything works great. I notice that everytime I copy a file to the share the memory on the system increments the amount of the file. The memory never gets freed. When I delete the file the memory gets freed. The share is on an ext3 filesystem. I have read up on this and notice that ext3 uses journaling. Could this be that the journal is taking up the memory. Would it be better to convert the filesystem to ext2? Thanks in Advance, David -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] PGina Samba
On Wed, 2005-03-09 at 07:36 -0500, Paul Barnick wrote: Jim: I have looked at the site. At first I was concerned about the security of using PGina instead of a regular Windows logon, but I posted on the forum and received some good responses there that convinced me that it is at least as secure as windows logon. Now comes the implementation! Unfortunately, I can only do it on the weekend as I think it will take some time for me to get it to work and we cannot have the network down while I'm trying to get it to work. You should look into getting a copy of VMWare Workstation. You can setup a complete network of VM machines to do your testing and not touch the production network at all. I have VM Workstation for Linux running on my Laptop and routinely run 4 to 5 VM's all at once. I just bought a Dell PowerEdge 700 server with 4GB of RAM to run VMWare and it is going to replace the 4 computers currently residing in my office. Check it out. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] PGina Samba
Chuck: You're the second person to suggest vmware workstation to me. It is a little expensive for me but I'll look into it (it might be worth it if it saves me time in the long run - that's how I'll get my boss to look at it!). Does it allow you to use the Linux portion of your computer to act as a DHCP server and assign different IP addresses to the different windows workstations, all on the same computer? That sounds a little hard to believe for me, but I would think that it would be necessary in order to do some testing. Paul -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Chuck Stuettgen Sent: Wednesday, March 09, 2005 9:23 PM To: samba@lists.samba.org Subject: RE: [Samba] PGina Samba On Wed, 2005-03-09 at 07:36 -0500, Paul Barnick wrote: Jim: I have looked at the site. At first I was concerned about the security of using PGina instead of a regular Windows logon, but I posted on the forum and received some good responses there that convinced me that it is at least as secure as windows logon. Now comes the implementation! Unfortunately, I can only do it on the weekend as I think it will take some time for me to get it to work and we cannot have the network down while I'm trying to get it to work. You should look into getting a copy of VMWare Workstation. You can setup a complete network of VM machines to do your testing and not touch the production network at all. I have VM Workstation for Linux running on my Laptop and routinely run 4 to 5 VM's all at once. I just bought a Dell PowerEdge 700 server with 4GB of RAM to run VMWare and it is going to replace the 4 computers currently residing in my office. Check it out. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Summer Internship 2005
Dear professor, I am IIIrd year student of five year Integrated Course in Mathematics and Computing at Indian Institute of technology (IIT), New Delhi which is one of the premier engineering institutes in India. As a part of the curriculum, I am required to go on an Internship for a period of 60 days during summer 2005 beginning second week of May till July. As it forms a very important part of my curriculum and is the stepping stone of my career, I would like to work in your esteemed organization under your guidance and improve my skills and at the same time try to contribute to your organization as much as I can. I am also involved in many extra-curricular activities for my all round development and have held many positions of responsibility which has helped me to integrate my technical, managerial and communication skills. Proficiency in many engineering software and wide knowledge with some working experience adds to my qualifications. Dedication and commitment is what I can assure you from my side. If given a chance I assure that I shall not let you down. To let you know in detail about my qualifications and skills Im sending my resume which follows this letter. Please go through it once and if found worthy, I request you to give me a chance to work under your guidance. Yours sincerely Pranav Yadav E-mail: [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] Phone: 091-9818603015 Resume PRANAV YADAV C-27, Jwalamukhi Hostel IIT Delhi New Delhi - 110 016 India. Mobile: + 91-9818603015 [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] PURPOSE Summer Internship for a period of 60 days during summer 2005 beginning second week of May till July that provides me with: 1. An opportunity for intuitive thinking and learning while facing diverse problems. 2. An exposure to enhance my analytical and technical skills. Fields of Interest: Computer Networks Operating System Bioinfomatics Parallel Computing Design and analyses of Algorithms Graph Theory ALgebra Cryptology Optimization Partial Differtial Equations PROJECTS: SEMESTER 2005 INDIAN INSTITUTE OF TECHNOLOGY, NEW DELHI Using Microsoft Development Kit designed a driver to encrypt and decrypt all the packages going to and fro. Thus implemented a secure mode of communication between two machines using C language. Designed point to point (p2p) protocol for data communication between two computers. The main feature of the protocol was that data was transmitted byte by byte instead of packets and parameter negotiation using C. SEMESTER 2004 INDIAN INSTITUTE OF TECHNOLOGY, NEW DELHI Developed a full fledged Web-based Server Site which supported functions like login, registration, search, email, upload files using PHP, HTML and MYSQL on Windows Server and Apache under Prof. Lipika Dey (IITD Mathematics Department). Developed a Web Crawler which crawls pages and stores the pages as well produces the graph of as to how links are traversed during crawling following Robot Exclusion Protocol. Program was coded in Java and application was developed as an applet under the guidance of Prof. Lipika Dey (IITD Mathematics Department). Wrote the SRS (Software Requirement Specification), SDD(Software Design Document) for both the above two projects. SUMMER 2004 INDIAN INSTITUTE OF TECHNOLOGY, NEW DELHI Digitization, curve matching and character recognition which helped to recognise a single letter from a scanned file of a hand written letter under Prof. M. Hanmandlu (IITD Electrical Department). WINTER 2003 INDIAN INSTITUTE OF TECHNOLOGY, NEW DELHI Automata theory and Game of Life studying the time taken to attain the final state depending on the starting pattern of the cells under Prof. Anima Nagar (IITD Mathematics Department). EDUCATION 2002-2005 INDIAN INSTITUTE OF TECHNOLOGY, NEW DELHI Major: Mathematics and Computing (IIIrd year) Expected Degree: M.Tech Integrated (5 years) Courses Completed: Computer Science: Data Structure, Computer Architecture, File Structure Information System Design, Analysis and Design of Algorithm, Super Computing for Engineering Applications,Computer Technology Lab, Software Engineering, Database Management System, , Operating Systems, Computer Networks. Electrical Science / Electronics: Signal and Systems, Electronic Circuit Analyses, Digital Electronics Circuit, Digital Electronics Lab.. Mathematics: Advanced Calculus, Real and Complex Analyses, Metric space, Numerical methods and Computation, Linear Algebra, Discrete Mathematical Structures, Differential Equations, Optimization methods and Applications, Probability and Stochastic Processes Topology and Functional Analysis, Applied Mathematical Techniques, Computation Methods For Differential Equations, Modern Algebra.
Re: [Samba] PGina Samba
On 10 Mar 2005, at 13:37, Paul Barnick wrote: Does it allow you to use the Linux portion of your computer to act as a DHCP server and assign different IP addresses to the different windows workstations, all on the same computer? Yes. Believe it. The slightly longer answer: VMWare can use virtual point-to-point networks to communicate between the host and guest operating systems, and each guest operating system can have virtual ethernet interface(s) on your real Ethernet network. The longer answer: VMWare on Linux uses virtual interfaces, and can be configured with what is called a full internal network - meaning that the interfaces are virtual devices of which your host operating system sees one end, the guest operating system the other. The devices look like an Ethernet interface, and perform the role of a dedicated ethernet card in the host and guest hardware, connected by a crossover cable. That is, the virtual ethernet card provides a point to point link between the two systems. You can also configure VMWare to have virtual interfaces on the real Ethernet network. This ends up putting your physical network card in promiscuous mode, with each VMWare machine checking every packet and giving its guest OS those packets that have the right MAC address for that virtual Ethernet card. So you could conceivably configure your host operating system as a DHCP server and IP router for the virtual machines running inside it. Alex -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] second time post please help samba =ads
On Wed, 9 Mar 2005 13:20:04 -0500, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote: I made comments below Michael J Barber Computer Services Administrator WPTZ/WNNE Heart-Argyle Television p 518-561- x563 m 518-572-6639 f 518-561-5940 ankush grover [EMAIL PROTECTED] Sent by: [EMAIL PROTECTED] 03/09/2005 12:37 PM Please respond to ankush grover To:samba@lists.samba.org cc: Subject:[Samba] second time post please help samba =ads hey friends, I have 2 problems in samba I am narrating my problems below: a) I have configured samba with security =ads in FC3 workstation and my domain controller is windows 2003 ,the samba is working fine with the configured options.As my domain consists of windows ,linux and unix clients and few of the users uses windows as well as Linux or Unix each user having its different machines. Now i want the users which uses both Linux/Unix and windows should be able to see their home directories and other folders through windows.Just like a normal configured samba as File server and users frm the network neighbourhood can see their home directories and other folders. Is it possible if the security = ads is setup and if then a user wants to see his/her home directories and other folders from the windows.I have created a directory for my domain in home folder and if any users who is first time logging its directory is created under /home/mydomain/user. === This is a special setup...This is a relatively undocumented feature to have samba create the directories if they do not exist and it is NOT the default setup.. It is safest to create the directory and then chown it to 'DOMAIN\user' === Thanks for the reply, but the directories under the DOMAIN/user are getting created.Means any user who first time logs into that workstation the samba creates tbe directory for that user.(domain/user). Actually my question is ,I have a samba server running which the ppl in my company uses are File server means all the data resides on that server.The windows ppl from the network neighbourhood can see their home directories and they put their data into that folder and other folders on which they access.. For ppl who are using Linux workstations using winbind for authentication ,I want that they can use their workstations home directories through windows network neighbourhood just like they are able to access their directories of the samba server. One solution for this is NFS,i should mount the directories of the samba server on the workstations so that the users on workstation put their data in those mounted/shared directories and ofcourse from windows they can view their directories in this case they can have data both from the linux workstation as well as from the samba server. But I was looking for a solution where window users can see/access their Linux workstations directories through network neighbourhood.I think with security =ads or linux as workstation does not provide the facility for accessing the directories from windows network neighbourhood. If it is possible then please let me know. b) I have setup the linux box (FC3) with samba with security = domain and password server = s1.sun.com(internal).The domain controller is Windows 2003 and my system is FC3 server. I have created one folder in which i have created some directories.There are different types of users in my company some in development, some in administration , som e in top management.I have created some folders in which users can put their data to share among their colleagues or team. What happens is that when somebody clicks on samba server all the folders which i have explicitly mentioned in the smb.conf are shown .Whereas what i want is that only those folders should come when the user access the samba server on which he has the right to access it. A simpler strategy maybe: For each share define the users who have access browseable = no (this makes it a hidden share) Map drive for users who have access Well this can be an alternate or another alternate can be putting $: at the end of the share which makes it hidden.Actually problem is not in case of single folder ,like home directories only the real user or the user which has the right can access it,but the problem is about the folders which are shared by many.One possible solution is to make it hidden and map drive for users who have access as suggested by you. But it seems there is no exact solution for this problem. Suppose james is a user having access rights on folders cpms, manager. Now
[Samba] Question about Samba share security.
Dear All, Sorry about my poor english! I am using SAMBA 3.0.8 on Fedora Core 3 box. Otherwise, many winXP_pro_sp2 clients in my subnet. When I connect to my samba server (use windows nethood.) from one of clients. It prompted a window to authorize username and password. After given my username and password, I will saw my home directory and public directory very well. But~ the question happened! When I close the nethood's window with no opening file from samba server, and waiting more than 5 mins. I reconnect samba server, it doesn't prompt me the authorization window again except reboot or relogin. Why? What parameter I shoud add in my smb.conf for this security issue? Above is my smb.conf. [global] workgroup = BALI server string = Samba Server hosts allow = 127. 10.168.22.0/255.255.255.224 printcap name = /etc/printcap load printers = yes printing = cups cups options = raw log file = /var/log/samba/%m.log max log size = 1024 security = user encrypt passwords = yes smb passwd file = /etc/samba/smbpasswd unix password sync = Yes passwd program = /usr/bin/passwd %u passwd chat = *New*UNIX*password* %n\n *ReType*new*UNIX*password* %n\n *passwd:*all*authentication*tokens*updated*successfully* socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 interfaces = 10.168.22.1/27 local master = yes os level = 255 domain master = yes preferred master = yes wins support = yes dns proxy = no deadtime = 5 dos charset = CP950 unix charset = BIG5 hide dot files = yes # Share Definitions == idmap uid = 16777216-33554431 idmap gid = 16777216-33554431 template shell = /bin/false winbind use default domain = no [homes] comment = Home Directories browseable = no writable = yes valid users = %S hide dot files = yes [printers] comment = All Printers path = /var/spool/samba browseable = no guest ok = no writable = no printable = yes [public] path = /home/public public = no only guest = no writable = yes printable = no Thank you very much! -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Chapter 6: Making Users Happy...
On Wednesday 09 March 2005 12:53, Mccrory, Kevin B wrote: Not sure if this is the place to post this butI'm just going through the process of installing Samba and LDAP using the current version of Chapter 6: Making Users Happy (http://us4.samba.org/samba/docs/man/Samba-Guide/happy.html#id2557011 http://us4.samba.org/samba/docs/man/Samba-Guide/happy.html#id2557011 ) I found one error in the Install and Configure Idealx smbldap-tools Scripts...Item 4. Should read Change to the /etc/smbldap-tools/ directory, then edit the /etc/smbldap-tools/smbldap_conf.pm instead of CHange to the /opt/IDEALX/sbin/ directory then edit the /opt/IDEALX/sbin/smbldap_conf.pm My goof up, and yours too I suspect. The file that must be editted is smbldap_tools.pm. Thanks for pointing me at this though. Goes to show that more eyes are better! :) - John T. . Kevin B. McCrory Network Engineer - COPS US Government Solutions 13600 EDS Drive Mail stop: A4S-B21 Herndon, VA 20171 * phone: +01-703-733-3255 * mailto:[EMAIL PROTECTED] mailto:[EMAIL PROTECTED] * AKO mailto:[EMAIL PROTECTED] mailto:[EMAIL PROTECTED] -- John H Terpstra Samba-Team Member Phone: +1 (650) 580-8668 Author: The Official Samba-3 HOWTO Reference Guide, ISBN: 0131453556 Samba-3 by Example, ISBN: 0131472216 Hardening Linux, ISBN: 0072254971 Other books in production. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] struggling with smbldap_tools
Trying to net rpc vampire an NT4 server
Think I am good to go but I keep getting errors - obviously problem with
NextFreeUnixId attribute - which is created...
dn: cn=NextFreeUnixId,dc=myhomelenders,dc=net
objectClass: inetOrgPerson
objectClass: sambaUnixIdPool
uidNumber: 1000
gidNumber: 1000
cn: NextFreeUnixId
sn: NextFreeUnixId
structuralObjectClass: inetOrgPerson
Every item gets this error...
Error looking for next uid at /usr/sbin///smbldap_tools.pm line 880,
DATA line 283.
Could not create posix account info for 'DELL-3000-5$'
Same for Computers/Groups...
I have set up in smbldap_conf.pm
sambaUnixIdPooldn=NextFreeUnixId,${suffix}
It should be rockin' - but this is really painful. What's the trick?
I am not a fan of the smbldap-tools but it is a necessary evil for
vampire and tools have changed a bunch since I last used them.
Craig
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba
svn commit: samba-docs r385 - in trunk/smbdotconf/security: .
Author: jht Date: 2005-03-09 08:02:28 + (Wed, 09 Mar 2005) New Revision: 385 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=samba-docsrev=385 Log: Reverting from Global to pershare scope for printer admins parameter. Modified: trunk/smbdotconf/security/printeradmin.xml Changeset: Modified: trunk/smbdotconf/security/printeradmin.xml === --- trunk/smbdotconf/security/printeradmin.xml 2005-03-09 07:59:06 UTC (rev 384) +++ trunk/smbdotconf/security/printeradmin.xml 2005-03-09 08:02:28 UTC (rev 385) @@ -1,5 +1,5 @@ samba:parameter name=printer admin - context=G + context=S type=list print=1 xmlns:samba=http://samba.org/common; @@ -8,7 +8,10 @@ This lists users who can do anything to printers via the remote administration interfaces offered by MS-RPC (usually using a NT workstation). - Note: The root user always has admin rights. + This parameter can be set per-share or globally. + Note: The root user always has admin rights. Use + caution with use in the global stanza as this can + cause side effects. /para /description
svn commit: samba r5705 - in branches/SAMBA_3_0/examples/pdb/mysql: .
Author: jelmer Date: 2005-03-09 10:10:43 + (Wed, 09 Mar 2005) New Revision: 5705 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=5705 Log: Have unknown_6 default to 1260 (fixed #892) Modified: branches/SAMBA_3_0/examples/pdb/mysql/mysql.dump Changeset: Modified: branches/SAMBA_3_0/examples/pdb/mysql/mysql.dump === --- branches/SAMBA_3_0/examples/pdb/mysql/mysql.dump2005-03-09 01:02:38 UTC (rev 5704) +++ branches/SAMBA_3_0/examples/pdb/mysql/mysql.dump2005-03-09 10:10:43 UTC (rev 5705) @@ -31,7 +31,7 @@ logon_divs int(9), hours_len int(9), unknown_5 int(9), - unknown_6 int(9), + unknown_6 int(9) default 1260, bad_password_count int(9), logon_count int(9) );
svn commit: samba r5706 - in trunk/examples/pdb/mysql: .
Author: jelmer Date: 2005-03-09 10:41:24 + (Wed, 09 Mar 2005) New Revision: 5706 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=sambarev=5706 Log: Makea unknown_6 default to 1260 (fixed #892) Modified: trunk/examples/pdb/mysql/mysql.dump Changeset: Modified: trunk/examples/pdb/mysql/mysql.dump === --- trunk/examples/pdb/mysql/mysql.dump 2005-03-09 10:10:43 UTC (rev 5705) +++ trunk/examples/pdb/mysql/mysql.dump 2005-03-09 10:41:24 UTC (rev 5706) @@ -31,7 +31,7 @@ logon_divs int(9), hours_len int(9), unknown_5 int(9), - unknown_6 int(9), + unknown_6 int(9) default 1260, bad_password_count int(9), logon_count int(9) );
svn commit: samba-docs r386 - in trunk/smbdotconf/locking: .
Author: jerry Date: 2005-03-09 14:48:21 + (Wed, 09 Mar 2005) New Revision: 386 WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=revroot=samba-docsrev=386 Log: BUG 2431: fix documented default value for strict locking Modified: trunk/smbdotconf/locking/strictlocking.xml Changeset: Modified: trunk/smbdotconf/locking/strictlocking.xml === --- trunk/smbdotconf/locking/strictlocking.xml 2005-03-09 08:02:28 UTC (rev 385) +++ trunk/smbdotconf/locking/strictlocking.xml 2005-03-09 14:48:21 UTC (rev 386) @@ -13,7 +13,7 @@ paraWell-behaved clients always ask for lock checks when it is important. So in the vast majority of cases, command moreinfo=nonestrict - locking = no/command is preferable./para + locking = no/command is acceptable./para /description - value type=defaultno/value + value type=defaultyes/value /samba:parameter
