[Samba] net utility (3.0.12) acting strange
Hi all I am running a Suse-9.1 distribution on a server and have been runnig samba from 3.0.4 up to 3.0.11 succesfully on the beast. I have got openldap 2.2.11 running and the server works as a PDC using the LDAP repository I always downloaded the sources compiled the stuff and off it went without any problems. Yesterday I compiled the 3.0.12 on the machine and when I fired it up I realized certain strange things concernig the "net utility" If I do a: "net user -Uusername%passwd -S PDC" I get Could not connect to server PDC The username or password was not correct. The username and password is correct because if I run this command with the net utility version 3.0.11 it works. If I do a "net groupmap list" with the 3.0.12 version it also works. If I get the "net" binary (version 3.0.12) from another server running suse-9.0 it also works. On both servers suse-9.1 and suse-9.0 I installed the the same tar ball (3.0.12) yesterday, compiled the source using exactly the same configure options and compiled the code without any errors only a couple of compiler warnings. My configure options: ./configure --prefix=/usr/local/samba-3.0.12-run --with-ldap --with-smbmount --enable-cups=yes --with-acl-support On the 9.1 server where it is broken, ldd gives: linux-gate.so.1 => (0xe000) libcrypt.so.1 => /lib/libcrypt.so.1 (0x4001f000) libresolv.so.2 => /lib/libresolv.so.2 (0x4005) libnsl.so.1 => /lib/libnsl.so.1 (0x40062000) libdl.so.2 => /lib/libdl.so.2 (0x40078000) libldap-2.2.so.7 => /usr/local/lib/libldap-2.2.so.7 (0x4007b000) liblber-2.2.so.7 => /usr/local/lib/liblber-2.2.so.7 (0x400a9000) libc.so.6 => /lib/tls/libc.so.6 (0x400b5000) /lib/ld-linux.so.2 => /lib/ld-linux.so.2 (0x4000) libsasl2.so.2 => /usr/lib/libsasl2.so.2 (0x401ca000) libssl.so.0.9.7 => /usr/lib/libssl.so.0.9.7 (0x401e) libcrypto.so.0.9.7 => /usr/lib/libcrypto.so.0.9.7 (0x4021) The compiler version is: gcc -v Reading specs from /usr/lib/gcc-lib/i586-suse-linux/3.3.3/specs Configured with: ../configure --enable-threads=posix --prefix=/usr --with-local-prefix=/usr/local --infodir=/usr/share/info --mandir=/usr/share/man --enable-languages=c,c++,f77,objc,java,ada --disable-checking --libdir=/usr/lib --enable-libgcj --with-gxx-include-dir=/usr/include/g++ --with-slibdir=/lib --with-system-zlib --enable-shared --enable-__cxa_atexit i586-suse-linux Thread model: posix gcc version 3.3.3 (SuSE Linux) The linker: ld -version GNU ld version 2.15.90.0.1.1 20040303 (SuSE Linux) Copyright 2002 Free Software Foundation, Inc. This program is free software; you may redistribute it under the terms of the GNU General Public License. This program has absolutely no warranty. [EMAIL PROTECTED]:/usr/local/samba-3.0.12-run/bin # man ld On the Suse-9.0 Server the gcc version is 3.3.1 and ld gives 2.14.90.0.5 20030722 (SuSE Linux) What am I missing here? -- Best Regards Robert Gehr "It you want to live a happy life, tie it to a goal - not to people or things." ~ Albert Einstein o /\ /_ o__ o* ~(_) ,>/'_ o__ Robert Gehr (_)\(_) ,>/'_ o__ o__ Baumann GmbH, 92224 Amberg (_)\(_) ,>/'_ ,>/' visit: http://www.baumann-gmbh.de (_)\(_) (_)\(_) -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba --- -- Best Regards Robert Gehr "It you want to live a happy life, tie it to a goal - not to people or things." ~ Albert Einstein o /\ /_ o__ o* ~(_) ,>/'_ o__ Robert Gehr (_)\(_) ,>/'_ o__ o__ Baumann GmbH, 92224 Amberg (_)\(_) ,>/'_ ,>/' visit: http://www.baumann-gmbh.de (_)\(_) (_)\(_) -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Problem with "ldapsam:trusted = yes"
Hi, I updated from 3.0.11 to 3.0.12 and tried the new ldapsam:trusted parameter. Alas smbd dies silently a second after startup. With debug level 2 I can't see any reason in the logfile. My smb.conf is (relevant part I hope): = [global] workgroup = BBS_XXX netbios aliases = fileserver revreselif passdb backend = ldapsam:ldap://localhost idmap backend = ldapsam:ldap://localhost ldap suffix = dc=bbs-xxx,dc=schule ldap user suffix = ou=accounts ldap group suffix = ou=groups ldap machine suffix = ou=hardware ldap idmap suffix = ou=idmap idmap uid = 4-6 idmap gid = 4-6 ldap admin dn = cn=root,dc=bbs-xxx,dc=schule ldap ssl = off #ldapsam:trusted = yes #smbd doesn't work with ldapsam:trusted = yes utmp = yes invalid users = @wheel, mail, daemon, adt interfaces = eth0 bind interfaces only = yes log level = 2 syslog = 0 log file = /var/log/samba-%G.log getwd cache = yes socket options = TCP_NODELAY IPTOS_LOWDELAY SO_KEEPALIVE SO_RCVBUF=8192 SO_SNDBUF=8192 keep alive = 60 dead time = 50 locking = yes map hidden = yes map archive = yes map system = yes security = user encrypt passwords = yes domain master = yes domain logons = yes preferred master = yes os level = 30 time server = yes logon script = %U.cmd logon path = logon home = logon drive = p: load printers = yes printing = cups printcap name = cups dos charset = 850 unix charset = ISO-8859-15 display charset = ISO-8859-15 = All acounts samba should know have a posixAccount and sambaSamAccount e.g.: == dn: uid=administrator,ou=accounts,dc=bbs-xxx,dc=schule displayName: administrator mailLocalAddress: [EMAIL PROTECTED] objectClass: posixAccount objectClass: account objectClass: mailRecipient objectClass: spezifikumUser objectClass: sambaSamAccount sambaLogonTime: 0 sambaHomeDrive: P: uid: administrator mail: administrator@ uidNumber: 5471 cn: administrator cn: M. Mueller cn:: TS4gTcO8bGxlcg== sambaLogoffTime: 2147483647 mailDeliveryOption: accept loginShell: /bin/bash gidNumber: 501 description: Administrator homeDirectory: /home/lehrer/administrator sambaKickoffTime: 2147483647 sambaHomePath: \\fileserver\administrator script: if not exist t: net use t: \\revreselif\treiber sambaPrimaryGroupSID: S-1-5-21-1091375802-1471697927-1951840895-2003 sambaSID: S-1-5-21-1091375802-1471697927-1951840895-512 sambaAcctFlags: [U ] mailAlternateAddress: [EMAIL PROTECTED] sambaPwdMustChange: 2147483647 sambaPasswordHistory: sambaPwdCanChange: 1108028782 sambaPwdLastSet: 1108028782 == Neither root, nor the ldap-manager do have their account in the directory (doesn't make sense i believe). Besides that, samba is running flawlessly, but I always had some perfomance problems due to large groups so i wondered if ldapsam:trusted could help me. Nscd is not running, winbindd is not running. I tried both a self compiled samba and the binaries. System is SuSE9.2. Can anybody give me a hint what I could test to find the source of this problem? Thanks a lot, Malte Mueller -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] 3.0.12 net utility acting strange
Hi all I am running a Suse-9.1 distribution on a server and have been runnig samba from 3.0.4 up to 3.0.11 succesfully on the beast. I have got openldap 2.2.11 running and the server works as a PDC using the LDAP repository I always downloaded the sources compiled the stuff and off it went without any problems. Yesterday I compiled the 3.0.12 on the machine and when I fired it up I realized certain strange things concernig the "net utility" If I do a: "net user -Uusername%passwd -S PDC" I get Could not connect to server PDC The username or password was not correct. The username and password is correct because if I run this command with the net utility version 3.0.11 it works. If I do a "net groupmap list" with the 3.0.12 version it also works. If I get the "net" binary (version 3.0.12) from another server running suse-9.0 it also works. On both servers suse-9.1 and suse-9.0 I installed the the same tar ball (3.0.12) yesterday, compiled the source using exactly the same configure options and compiled the code without any errors only a couple of compiler warnings. My configure options: ./configure --prefix=/usr/local/samba-3.0.12-run --with-ldap --with-smbmount --enable-cups=yes --with-acl-support On the 9.1 server where it is broken, ldd gives: linux-gate.so.1 => (0xe000) libcrypt.so.1 => /lib/libcrypt.so.1 (0x4001f000) libresolv.so.2 => /lib/libresolv.so.2 (0x4005) libnsl.so.1 => /lib/libnsl.so.1 (0x40062000) libdl.so.2 => /lib/libdl.so.2 (0x40078000) libldap-2.2.so.7 => /usr/local/lib/libldap-2.2.so.7 (0x4007b000) liblber-2.2.so.7 => /usr/local/lib/liblber-2.2.so.7 (0x400a9000) libc.so.6 => /lib/tls/libc.so.6 (0x400b5000) /lib/ld-linux.so.2 => /lib/ld-linux.so.2 (0x4000) libsasl2.so.2 => /usr/lib/libsasl2.so.2 (0x401ca000) libssl.so.0.9.7 => /usr/lib/libssl.so.0.9.7 (0x401e) libcrypto.so.0.9.7 => /usr/lib/libcrypto.so.0.9.7 (0x4021) The compiler version is: gcc -v Reading specs from /usr/lib/gcc-lib/i586-suse-linux/3.3.3/specs Configured with: ../configure --enable-threads=posix --prefix=/usr --with-local-prefix=/usr/local --infodir=/usr/share/info --mandir=/usr/share/man --enable-languages=c,c++,f77,objc,java,ada --disable-checking --libdir=/usr/lib --enable-libgcj --with-gxx-include-dir=/usr/include/g++ --with-slibdir=/lib --with-system-zlib --enable-shared --enable-__cxa_atexit i586-suse-linux Thread model: posix gcc version 3.3.3 (SuSE Linux) The linker: ld -version GNU ld version 2.15.90.0.1.1 20040303 (SuSE Linux) Copyright 2002 Free Software Foundation, Inc. This program is free software; you may redistribute it under the terms of the GNU General Public License. This program has absolutely no warranty. [EMAIL PROTECTED]:/usr/local/samba-3.0.12-run/bin # man ld On the Suse-9.0 Server the gcc version is 3.3.1 and ld gives 2.14.90.0.5 20030722 (SuSE Linux) What am I missing here? -- Best Regards Robert Gehr "It you want to live a happy life, tie it to a goal - not to people or things." ~ Albert Einstein o /\ /_ o__ o* ~(_) ,>/'_ o__ Robert Gehr (_)\(_) ,>/'_ o__ o__ Baumann GmbH, 92224 Amberg (_)\(_) ,>/'_ ,>/' visit: http://www.baumann-gmbh.de (_)\(_) (_)\(_) -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba-3 By Example correction...
On Monday 21 March 2005 12:23, Mccrory, Kevin B wrote: > userpaddword Yikes! Thanks for bumping me with this. It's fixed in the source tree now. - John T. -- John H Terpstra Samba-Team Member Phone: +1 (650) 580-8668 Author: The Official Samba-3 HOWTO & Reference Guide, ISBN: 0131453556 Samba-3 by Example, ISBN: 0131472216 Hardening Linux, ISBN: 0072254971 Other books in production. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] smb.conf man page error
Doug, Thanks for spotting that. I've fixed that in the man page sources. - John T. On Monday 21 March 2005 19:41, Doug Campbell wrote: > I think this is an error in the man page smb.conf: > >ldap group suffix (G) > This parameters specifies the suffix that is used for > groups > when these are added to the LDAP directory. If this > parameter > is unset, the value of ldap suffix will be used instead. > > Default: ldap group suffix = > > Example: ldap group suffix = dc=samba,ou=Groups > > Shouldn't the example line read: > > Example: ldap group suffix = ou=Groups,dc=samba > > > Doug -- John H Terpstra Samba-Team Member Phone: +1 (650) 580-8668 Author: The Official Samba-3 HOWTO & Reference Guide, ISBN: 0131453556 Samba-3 by Example, ISBN: 0131472216 Hardening Linux, ISBN: 0072254971 Other books in production. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Login time
hi ! I am quite sure this issue has been raised several times, but could not find any info on the net or on the list, so here it is: is it possible to refuse or accept a logon depending on the hour where a user tries to. If yes, how ? If not, what can be done about it ? Thanks in advance for any information about that ! Kind regards, G. Michalke -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Coule really use some help (Samba PDC)
On Tue, 2005-03-22 at 10:41 +0800, Doug Campbell wrote: > > ldap suffix = o=ventusnetworks.com,dc=na > > ldap filter = (&(uid=%u)(objectclass=sambaSamAccount)) > > ldap machine suffix = ou=Computers > > ldap user suffix = ou=Staff > > ldap group suffix = ou=Groups > > ldap admin dn = "cn=Manager,dc=na" > > Also, I am a newbie to LDAP too but shouldn't your suffixes be the full DN. > For example, instead of > > ldap machine suffix = ou=Computers > > shouldn't it be > > ldap machine suffix = ou=Computers,o=vertusnetworks.com,dc=na --- No - I think that ldap machine suffix = ou=Computers is sufficient and proper for the above the ldap filter should probably be commented out though - but it should work. Craig -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] idmap LDAP backend
On Mon, 2005-03-21 at 11:30 -0800, Theodore Jencks wrote: > Figure this out a little further: > > I had the following in my smb.conf: > idmap uid = 1-2 > idmap gid = 1-2 > idmap backend = ldap:ldap://localhost > ldap admin dn = cn=manager,dc=navis,dc=net > ldap suffix = "ou=smb,dc=navis,dc=net" > ldap idmap suffix = "ou=idmap" > > I took the quotes off and now Winbind seems to connect to LDAP fine: > ldap suffix = ou=smb,dc=navis,dc=net > ldap idmap suffix = ou=idmap > > > I'm now getting this when I start Winbind in the Winbind log: > [2005/03/21 11:16:25, 5] lib/gencache.c:gencache_init(59) > Opening cache file at /var/lock/samba/gencache.tdb > [2005/03/21 11:16:25, 5] libsmb/namecache.c:namecache_enable(58) > namecache_enable: enabling netbios namecache, timeout 660 seconds > [2005/03/21 11:16:25, 5] sam/idmap.c:smb_register_idmap(91) > smb_register_idmap: Successfully added idmap backend 'ldap' > [2005/03/21 11:16:25, 5] sam/idmap.c:smb_register_idmap(91) > smb_register_idmap: Successfully added idmap backend 'tdb' > [2005/03/21 11:16:25, 3] sam/idmap.c:idmap_init(132) > idmap_init: using 'ldap' as remote backend > [2005/03/21 11:16:25, 5] lib/smbldap.c:smbldap_search(1038) > smbldap_search: base => [ou=idmap,ou=smb,dc=navis,dc=net], filter => > [(objectclass=sambaUnixIdPool)], scope => [2] > [2005/03/21 11:16:25, 5] lib/smbldap.c:smbldap_close(949) > The connection to the LDAP server was closed > [2005/03/21 11:16:25, 2] lib/smbldap.c:smbldap_open_connection(692) > smbldap_open_connection: connection opened > [2005/03/21 11:16:26, 3] lib/smbldap.c:smbldap_connect_system(866) > ldap_connect_system: succesful connection to the LDAP server > ldap_connect_system: LDAP server does support paged results > [2005/03/21 11:16:26, 4] lib/smbldap.c:smbldap_open(929) > The LDAP server is succesfully connected > [2005/03/21 11:16:26, 2] lib/tallocmsg.c:register_msg_pool_usage(57) > Registered MSG_REQ_POOL_USAGE > [2005/03/21 11:16:26, 2] lib/dmallocmsg.c:register_dmalloc_msgs(71) > Registered MSG_REQ_DMALLOC_MARK and LOG_CHANGED > [2005/03/21 11:16:26, 2] > nsswitch/winbindd_util.c:add_trusted_domain(175) > Added domain HQ HQ.NAVIS.NET S-0-0 > [2005/03/21 11:16:26, 4] > passdb/secrets.c:secrets_fetch_trust_account_password(290) > Using cleartext machine password > > > However I still think there is a problem because getent passwd only > returns local usernames. When I'm not using the ldap idmap backend > getent passwd runs as expected giving both local and domain usernames. > > Any help appreciated, > Theo > > > -Original Message- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of > Theodore Jencks > Sent: Monday, March 21, 2005 9:52 AM > To: samba@lists.samba.org > Subject: RE: [Samba] idmap LDAP backend > > Ok, I made the change however the LDAP backend for idmap is still not > working. I set Winbind to debugging level 5 and get the following in > the logs: > > [2005/03/21 09:45:05, 2] lib/interface.c:add_interface(81) > added interface ip=192.168.192.112 bcast=192.168.195.255 > nmask=255.255.252.0 > [2005/03/21 09:45:05, 5] lib/util.c:init_names(256) > Netbios name list:- > my_netbios_names[0]="THEO" > [2005/03/21 09:45:05, 2] lib/interface.c:add_interface(81) > added interface ip=192.168.192.112 bcast=192.168.195.255 > nmask=255.255.252.0 > [2005/03/21 09:45:05, 5] lib/gencache.c:gencache_init(59) > Opening cache file at /var/lock/samba/gencache.tdb > [2005/03/21 09:45:05, 5] libsmb/namecache.c:namecache_enable(58) > namecache_enable: enabling netbios namecache, timeout 660 seconds > [2005/03/21 09:45:05, 5] sam/idmap.c:smb_register_idmap(91) > smb_register_idmap: Successfully added idmap backend 'ldap' > [2005/03/21 09:45:05, 5] sam/idmap.c:smb_register_idmap(91) > smb_register_idmap: Successfully added idmap backend 'tdb' > [2005/03/21 09:45:05, 3] sam/idmap.c:idmap_init(132) > idmap_init: using 'ldap' as remote backend > [2005/03/21 09:45:05, 5] lib/smbldap.c:smbldap_search(1038) > smbldap_search: base => ["ou=idmap","ou=smb,dc=navis,dc=net"], filter > => [(objectclass=sambaUnixIdPool)], scope => [2] > [2005/03/21 09:45:05, 5] lib/smbldap.c:smbldap_close(949) > The connection to the LDAP server was closed > [2005/03/21 09:45:05, 2] lib/smbldap.c:smbldap_open_connection(692) > smbldap_open_connection: connection opened > [2005/03/21 09:45:05, 3] lib/smbldap.c:smbldap_connect_system(866) > ldap_connect_system: succesful connection to the LDAP server > ldap_connect_system: LDAP server does support paged results > [2005/03/21 09:45:05, 4] lib/smbldap.c:smbldap_open(929) > The LDAP server is succesfully connected > [2005/03/21 09:45:05, 0] sam/idmap.c:idmap_init(138) > idmap_init: failed to initialize remote backend! > > > Looks like it tries to get what are called paged results and then it > fails to initialize remote backend. I'm not quite sure what is going on > here and any further guidance w
[Samba] win2k vs smbmount, number of cifs ops required
I'm working on some data pipeline issues, and found some interesting results in comparing win2k vs samba. The volume being mounted is a NetApp 960. NetApp provides a way see the # of cifs operations on a given volume/qtree. So I compared how many ops are generated by copying a 12MB file ( a single 2k image ). The initial reasoning behind this testing was seeing if copying a file at the end of a render was more efficient than trickling data in as it rendered. Here are the results, and the script used to simulate the "trickle". On win32 I used cygwins dd. Any insight or comments would be welcome. Thanks! #!/usr/bin/perl # 12288000 byte file # win32 explorer cp 213 ops # win32 shell cp 210 ops # win32 dd @ 1024 bs 1068 ops # win32 dd @ 2048 bs 869 ops # win32 dd @ 4096 bs 833 ops # linux cp 3006 ops # dd @ 1024 bs 12321 ops # dd @ 2048 bs 6321 ops # dd @ 4096 bs 3321 ops my $bs = 2048; my $skip = 0; my $count = 94; for(0..63) { $skip = $_ * $count; my $dd = qq|dd if=/home/users/barryr/test.jpg of=/mnt/sc65/foo.jpg bs=$bs count=$count seek=$skip skip=$skip|; warn "$dd\n"; system( $dd ); } -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] smb.conf man page error
I think this is an error in the man page smb.conf: ldap group suffix (G) This parameters specifies the suffix that is used for groups when these are added to the LDAP directory. If this parameter is unset, the value of ldap suffix will be used instead. Default: ldap group suffix = Example: ldap group suffix = dc=samba,ou=Groups Shouldn't the example line read: Example: ldap group suffix = ou=Groups,dc=samba Doug -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Coule really use some help (Samba PDC)
John, > Anyway, I am here. When trying to join a domain with the administrator > account I get "no mapping between account name and security ID's was done" > And the joining fails... > > All the needed files are attached, from the ldap log. to the samba.conf > to the ldifs of the machine, root and admin account. > Trying with the root account nets me the same error > > in smbusers I noticed an entry i never made > > root = administrator > > software versions: > > [EMAIL PROTECTED] openldap-data]# rpm -qa |grep samba > samba-3.0.11-1 > samba-swat-3.0.11-1 > samba-client-3.0.11-1 > samba-common-3.0.11-1 > > I am assumine the rpm or something else made that mapping. I dunno... This entry is normal, I believe. But according to you smb.conf file, you aren't using the username map parameter, so the fact the file is their shouldn't matter. > net groupmap list > > Engineering (S-1-5-21-1391849139-953726148-1374988380-9005) -> Engineering > Staff (S-1-5-21-1391849139-953726148-1374988380-9003) -> Staff > Sales (S-1-5-21-1391849139-953726148-1374988380-9007) -> Sales > Administration (S-1-5-21-1391849139-953726148-1374988380-9009) -> > Administration > Domain Admins (S-1-5-21-3107161993-1039155829-3332455197-512) -> > Domain Admins > Domain Users (S-1-5-21-3107161993-1039155829-3332455197-513) -> > Domain Users > Domain Guests (S-1-5-21-3107161993-1039155829-3332455197-514) -> > Domain Guests > Domain Computers (S-1-5-21-3107161993-1039155829-3332455197-515) > -> Domain Computers > Administrators (S-1-5-32-544) -> Administrators > Print Operators (S-1-5-32-550) -> Print Operators > Backup Operators (S-1-5-32-551) -> Backup Operators > Replicators (S-1-5-32-552) -> Replicators I don't know if this will help you with your problem or not. I'm very new to Samba but you will notice that you group SIDs aren't consistent. My guess is that this could be causing someone of your problems. You could try: net getlocalsid to find out what your SID is supposed to be. Then verify that you have set that correctyl in your smbldap.conf file for the Idealx tools. > ldap suffix = o=ventusnetworks.com,dc=na > ldap filter = (&(uid=%u)(objectclass=sambaSamAccount)) > ldap machine suffix = ou=Computers > ldap user suffix = ou=Staff > ldap group suffix = ou=Groups > ldap admin dn = "cn=Manager,dc=na" Also, I am a newbie to LDAP too but shouldn't your suffixes be the full DN. For example, instead of ldap machine suffix = ou=Computers shouldn't it be ldap machine suffix = ou=Computers,o=vertusnetworks.com,dc=na or whatever you DN is? Doug -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] idmap LDAP backend
Ok so things seem to be working better now. The LDAP backend is populated with SID to Unix ID mappings however if I run "getent passwd" the local user list is returned followed by a long pause then nothing. I would like to correct this behavior because it means that something is screwed up someplace. I have created a couple file shares in my smb.conf as follows: [software] comment = Software for IT personnel path = /share/software read only = no public = no writable = yes printable = no browseable = yes valid users = @"HQ+Domain Admins" [backup] comment = Misc. data backups path = /share/backup read only = no public = no writable = yes printable = no browseable = yes valid users = HQ+tjencks I can access both of these shares from my windows domain account however other users that are in the Domain Admins group get prompted for a password when trying to access the "software" share. I can't figure out why my domain account is the only one that seems to work for this share. I've checked permissions on the /share/software directory and they were set as follows: 'chown "HQ+tjencks":"HQ+Domain Admins" software' then I did 'chmod 775 software' Ls -l shows drwxrwxr-x 4 tjencks domain admins 96 Mar 21 07:10 software I don't know what could be wrong? Thanks in advance for any and all help, tip or snippet of info. Theo -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Theodore Jencks Sent: Monday, March 21, 2005 11:30 AM To: samba@lists.samba.org Subject: RE: [Samba] idmap LDAP backend Figure this out a little further: I had the following in my smb.conf: idmap uid = 1-2 idmap gid = 1-2 idmap backend = ldap:ldap://localhost ldap admin dn = cn=manager,dc=navis,dc=net ldap suffix = "ou=smb,dc=navis,dc=net" ldap idmap suffix = "ou=idmap" I took the quotes off and now Winbind seems to connect to LDAP fine: ldap suffix = ou=smb,dc=navis,dc=net ldap idmap suffix = ou=idmap I'm now getting this when I start Winbind in the Winbind log: [2005/03/21 11:16:25, 5] lib/gencache.c:gencache_init(59) Opening cache file at /var/lock/samba/gencache.tdb [2005/03/21 11:16:25, 5] libsmb/namecache.c:namecache_enable(58) namecache_enable: enabling netbios namecache, timeout 660 seconds [2005/03/21 11:16:25, 5] sam/idmap.c:smb_register_idmap(91) smb_register_idmap: Successfully added idmap backend 'ldap' [2005/03/21 11:16:25, 5] sam/idmap.c:smb_register_idmap(91) smb_register_idmap: Successfully added idmap backend 'tdb' [2005/03/21 11:16:25, 3] sam/idmap.c:idmap_init(132) idmap_init: using 'ldap' as remote backend [2005/03/21 11:16:25, 5] lib/smbldap.c:smbldap_search(1038) smbldap_search: base => [ou=idmap,ou=smb,dc=navis,dc=net], filter => [(objectclass=sambaUnixIdPool)], scope => [2] [2005/03/21 11:16:25, 5] lib/smbldap.c:smbldap_close(949) The connection to the LDAP server was closed [2005/03/21 11:16:25, 2] lib/smbldap.c:smbldap_open_connection(692) smbldap_open_connection: connection opened [2005/03/21 11:16:26, 3] lib/smbldap.c:smbldap_connect_system(866) ldap_connect_system: succesful connection to the LDAP server ldap_connect_system: LDAP server does support paged results [2005/03/21 11:16:26, 4] lib/smbldap.c:smbldap_open(929) The LDAP server is succesfully connected [2005/03/21 11:16:26, 2] lib/tallocmsg.c:register_msg_pool_usage(57) Registered MSG_REQ_POOL_USAGE [2005/03/21 11:16:26, 2] lib/dmallocmsg.c:register_dmalloc_msgs(71) Registered MSG_REQ_DMALLOC_MARK and LOG_CHANGED [2005/03/21 11:16:26, 2] nsswitch/winbindd_util.c:add_trusted_domain(175) Added domain HQ HQ.NAVIS.NET S-0-0 [2005/03/21 11:16:26, 4] passdb/secrets.c:secrets_fetch_trust_account_password(290) Using cleartext machine password However I still think there is a problem because getent passwd only returns local usernames. When I'm not using the ldap idmap backend getent passwd runs as expected giving both local and domain usernames. Any help appreciated, Theo -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Theodore Jencks Sent: Monday, March 21, 2005 9:52 AM To: samba@lists.samba.org Subject: RE: [Samba] idmap LDAP backend Ok, I made the change however the LDAP backend for idmap is still not working. I set Winbind to debugging level 5 and get the following in the logs: [2005/03/21 09:45:05, 2] lib/interface.c:add_interface(81) added interface ip=192.168.192.112 bcast=192.168.195.255 nmask=255.255.252.0 [2005/03/21 09:45:05, 5] lib/util.c:init_names(256) Netbios name list:- my_netbios_names[0]="THEO" [2005/03/21 09:45:05, 2] lib/interface.c:add_interface(81) added interface ip=192.168.192.112 bcast=192.168.195.255 nmask=255.255.252.0 [2005/03/21 09:45:05, 5] lib/gencache.c:gencache_init(59) Opening cache file at /var/lock/samba/gencache.tdb [2005/03/21 09:45:05, 5] libsmb/namecache.c:namecache_enable(58) namecache_enable: enabling netbios namecache, ti
Re: [Samba] Coule really use some help (Samba PDC)
On Tue, 2005-03-22 at 00:12 +0100, Tony Earnshaw wrote: > John Zakhar: > > > First email was rejected due to size so the log files are inline in the > > msg now.. > > > > I have NEVER had so much trouble with a > > samba PDC before. I need to turn in my unix admin license, this is > > pathetic... > > Hey wait a minute, we all get fits like that now and again. Have to admit > that mine mostly come with Windows, I can always get Unix/Linux to work ;) > > This could take some time, I live in Europe, it's near my bedtime, I'm > licked for today and I need sleep. What's more, I'm a modem person at home > and am only connected a couple of times a day. > > Anyway: I have a 75+ PDC running "at work", with Samba 3.0.11 and OpenLDAP > 2.2.23. on RHAS3, so ... > > > Anyway, I am here. When trying to join a domain with the administrator > > account I get "no mapping between account name and security ID's was done" > > And the joining fails... > > > > > > All the needed files are attached, from the ldap log. to the samba.conf > > to the ldifs of the machine, root and admin account. Trying with the root > > account nets me the same error > > There's too much shit there. You're getting hung up in the details. And I > didn't see any LDAP log, even if I had, it probably would have been > useless. You need to do a 'tail -f' on it (-d 256) while things are > happening to get any sense from it. > > Your local SIDs are all messed up for a start. You have: > > S-1-5-21-1391849139-953726148-1374988380 > and > S-1-5-21-3107161993-1039155829-3332455197 > > all mixed up together. yeah - this is a problem for sure > > And the following SIDs can surely not be right: > > Administrators (S-1-5-32-544) -> Administrators > Print Operators (S-1-5-32-550) -> Print Operators > Backup Operators (S-1-5-32-551) -> Backup Operators > Replicators (S-1-5-32-552) -> Replicators actually - these are considered to be 'local groups' and not domain groups so these would be correct > > Get all that sorted out before you go on. > > Your smb.conf looks more or less o.k. (didn't dwell on it) > > You're using the Idealx crap without understanding LDAP or what you're > doing. Use GQ 1.0beta1 for managing your Your mappings are all wrong. Look > at the alternative Appendix A method of using LDAP in Samba in the Samba > HOWTO. Here are my mappings up to now at my production site (sorry about > the wrapping, I decided to use SquirrelMail for this mail and it always > breaks at 76 chars): > > Domain Admins (S-1-5-21-2520587299-2798274336-2978297563-512) -> domadmin > Domain Guests (S-1-5-21-2520587299-2798274336-2978297563-514) -> domguest > Domain Users (S-1-5-21-2520587299-2798274336-2978297563-513) -> domuser > Leden van Personeel (S-1-5-21-2520587299-2798274336-2978297563-8001) -> > personeel > Leden van Docenten (S-1-5-21-2520587299-2798274336-2978297563-1001) -> > docenten > Leden van Leerlingen (S-1-5-21-2520587299-2798274336-2978297563-2001) -> > leerlingen > Leden van Directie (S-1-5-21-2520587299-2798274336-2978297563-10001) -> > directie > Administratie (S-1-5-21-2520587299-2798274336-2978297563-15007) -> > administratie > > Never mind that you don't know what the Dutch words mean. See that I map > from NT IDs to Unix IDs where the Unix IDs are Posix IDs? See that the > domain SIDs are all the same? > > The secrets are in Appendix A of the Samba HOWTO and in getting things > working with GQ. > > Get those right, and I'll see if I can come back tomorrow ;) there was too much to sift through in the first post Craig -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Coule really use some help (Samba PDC)
John Zakhar: > First email was rejected due to size so the log files are inline in the > msg now.. > > I have NEVER had so much trouble with a > samba PDC before. I need to turn in my unix admin license, this is > pathetic... Hey wait a minute, we all get fits like that now and again. Have to admit that mine mostly come with Windows, I can always get Unix/Linux to work ;) This could take some time, I live in Europe, it's near my bedtime, I'm licked for today and I need sleep. What's more, I'm a modem person at home and am only connected a couple of times a day. Anyway: I have a 75+ PDC running "at work", with Samba 3.0.11 and OpenLDAP 2.2.23. on RHAS3, so ... > Anyway, I am here. When trying to join a domain with the administrator > account I get "no mapping between account name and security ID's was done" > And the joining fails... > > > All the needed files are attached, from the ldap log. to the samba.conf > to the ldifs of the machine, root and admin account. Trying with the root > account nets me the same error There's too much shit there. You're getting hung up in the details. And I didn't see any LDAP log, even if I had, it probably would have been useless. You need to do a 'tail -f' on it (-d 256) while things are happening to get any sense from it. Your local SIDs are all messed up for a start. You have: S-1-5-21-1391849139-953726148-1374988380 and S-1-5-21-3107161993-1039155829-3332455197 all mixed up together. And the following SIDs can surely not be right: Administrators (S-1-5-32-544) -> Administrators Print Operators (S-1-5-32-550) -> Print Operators Backup Operators (S-1-5-32-551) -> Backup Operators Replicators (S-1-5-32-552) -> Replicators Get all that sorted out before you go on. Your smb.conf looks more or less o.k. (didn't dwell on it) You're using the Idealx crap without understanding LDAP or what you're doing. Use GQ 1.0beta1 for managing your Your mappings are all wrong. Look at the alternative Appendix A method of using LDAP in Samba in the Samba HOWTO. Here are my mappings up to now at my production site (sorry about the wrapping, I decided to use SquirrelMail for this mail and it always breaks at 76 chars): Domain Admins (S-1-5-21-2520587299-2798274336-2978297563-512) -> domadmin Domain Guests (S-1-5-21-2520587299-2798274336-2978297563-514) -> domguest Domain Users (S-1-5-21-2520587299-2798274336-2978297563-513) -> domuser Leden van Personeel (S-1-5-21-2520587299-2798274336-2978297563-8001) -> personeel Leden van Docenten (S-1-5-21-2520587299-2798274336-2978297563-1001) -> docenten Leden van Leerlingen (S-1-5-21-2520587299-2798274336-2978297563-2001) -> leerlingen Leden van Directie (S-1-5-21-2520587299-2798274336-2978297563-10001) -> directie Administratie (S-1-5-21-2520587299-2798274336-2978297563-15007) -> administratie Never mind that you don't know what the Dutch words mean. See that I map from NT IDs to Unix IDs where the Unix IDs are Posix IDs? See that the domain SIDs are all the same? The secrets are in Appendix A of the Samba HOWTO and in getting things working with GQ. Get those right, and I'll see if I can come back tomorrow ;) Best, --Tonni -- mail: [EMAIL PROTECTED] http://www.billy.demon.nl -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[SAMBA] authentication problem with openldap-2.2.24
My problem consists of Samba + Winbindd + Ldap + Kerberos not authenticating with Active Directory. For example, if I do 'smbclient -L localhost -U username%password(active directory account)' I get NT_STATUS_LOGIN_FAILURE. Ive debugged for quite sometime trying to pinpoint some sort of configuration that needs to be changed or added. To my experience I think the problem resolves at ldap, but I cannot find anything. I can do a kerberos successfully(kinit), wbinfo succesfully(wbinfo -u), join the domain successfully(net ads join), a ldapsearch successfully(ldapsearch -h host.domain.com). The smb.conf,krb5.conf configs were pulled from other older but stable Linux servers and were modified for each server. I see a lot of folks posting similar problems relating to openLADP but cannot seem to relate exactly what I'm experiencing. I'm stumped. The thing that is realy throwing me is that i seem to be able in some odd way to authenticate to my active directory accounts using the smbclient command, I just can't do it unless an account with the same name exists on my BSD box. I ran the following test: 1) created a user named smbuser with the password "password" 2) placed the user in the mitsadmin group to give access to the share 3) tried an smbclient -L localhost -Usmbuser, the error returned was: # session setup failed: NT_STATUS_LOGON_FAILURE # 4) i then created an account smbuser with the password "diffpass" 5) tried an smbclient -L localhost -Usmbuser again this with the AD passwd "pasword" and got: # Domain=[TECH] OS=[Unix] Server=[Samba 3.0.11] Sharename Type Comment - --- IPC$IPC IPC Service (FreeBSD Samba Server) ADMIN$ IPC IPC Service (FreeBSD Samba Server) Domain=[TECH] OS=[Unix] Server=[Samba 3.0.11] Server Comment ---- CDSRV4 FreeBSD Samba Server ADC3 WorkgroupMaster ---- TECH ADC3 # 5) tried an smbclient -L localhost -Usmbuser again this with the unix passwd "diffpass" and got: session setup failed: NT_STATUS_LOGON_FAILURE It seems there may be some intermediate step before the AD lookup that may be holding up authentication. The error message in my log file is as follows # [2005/03/21 14:53:37, 3] auth/auth.c:check_ntlm_password(219) check_ntlm_password: Checking password for unmapped user [EMAIL PROTECTED] DSRV4] with the new password interface [2005/03/21 14:53:37, 3] auth/auth.c:check_ntlm_password(222) check_ntlm_password: mapped user is: [EMAIL PROTECTED] [2005/03/21 14:53:37, 3] smbd/sec_ctx.c:push_sec_ctx(256) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2005/03/21 14:53:37, 3] smbd/uid.c:push_conn_ctx(365) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2005/03/21 14:53:37, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2005/03/21 14:53:37, 3] smbd/sec_ctx.c:pop_sec_ctx(386) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2005/03/21 14:53:37, 3] auth/auth_util.c:make_server_info_info3(1156) User smbuser does not exist, trying to add it [2005/03/21 14:53:37, 0] auth/auth_util.c:make_server_info_info3(1163) make_server_info_info3: pdb_init_sam failed! [2005/03/21 14:53:37, 2] auth/auth.c:check_ntlm_password(312) check_ntlm_password: Authentication for user [smbuser] -> [smbuser] FAILED with error NT_STATUS_NO_SUCH_USER [2005/03/21 14:53:37, 3] smbd/process.c:timeout_processing(1334) timeout_processing: End of file from client (client has disconnected). [2005/03/21 14:53:37, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2005/03/21 14:53:37, 2] smbd/server.c:exit_server(609) Closing connections [2005/03/21 14:53:37, 3] smbd/connection.c:yield_connection(69) Yielding connection to [2005/03/21 14:53:37, 3] smbd/server.c:exit_server(652) Server exit (normal exit) # Versions of packages installed: samba-3.0.11.tar.gz openldap-2.2.24.tgz freebsd-5.3-RELEASE-i386 heimdal-0.6.1(kerberos) *also compilied samba with ldap,winbindd,krb5 Configuration Files: smb.conf # [global] workgroup = TECH netbios name = SERVER3 realm = host.domain.com security = ads encrypt passwords = yes password server = server.host.domain.com wins server = server.host.domain.com name resolve order = lmhosts host wins bcast log file = /var/log/samba/%m.log server string = FreeBSD Samba Server log level = 10 allow trusted domains = No winbind use default domain = yes winbind trusted domains only = No winbind cache time = 10
[Samba] Problem Administering Permissions on Samba Server
I have a Samba-3 server on a Linux Fedora server configured as a member server on a Windows NT domain. Winbind works great. I can do a getent group or getent passwd and it will list the users and groups of the domain. I can also set permissions on the Samba shares on the Linux server using chmod or chown etc. I have the Official Samba-3 HOWTO and Referencd Guide. The HOWTO Guide says you should be able to set permissions on Samba share using NT Server Manager and File Manager on NT/2000/XP systems. When I try to do this I can see the permissions, I can add a user from my domain but when I hit O.K. I get an Access Denied message. The HOWTO Guide says that "if the parameter nt acl support is set to false, any attempt to set security permissions will fail with an "Access Denied" message. Alas, I don't know what this means. I have no parameter like this in my smb.conf nor can I find on in the smb.conf man page. Any tips will be appreciated. Tom Naves System Administrator Orthodyne Electronics -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Cant connect to samba server
DO you have your new range of ip's put in smb.conf hosts allow = line and the ip of the linux server/24 on the interfaces = line? and bind interfaces only = true and remote announce = your.sub.net.255 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Multiple Samba Server
Hi, I need to set up multiple samba server on one sparc / solaris 5.8 Box. With an older samba version (2.0.8) on Reliant Unix this works fine. The s/nmbd.pid files are stored in the "lock dir path" specified in smb.conf. The newer Verisons of samba only use the --piddir path specified at build time. Is there any other way using multiple servers without rebuilding ?? Thanks for help. Chris -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] (CONFIMED-SOLVED) File copying under WIN9X (and Opening Databases)
On Mon, 2005-03-21 at 12:55 -0600, Gerald (Jerry) Carter wrote: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA1 > > Jeremy Allison wrote: > | > | I've attached my proposed patch but more testing > | would be welcome. > > I've put a copy in http://samba.org/~jerry/patches/post-3.0.12/ > (named win98_explorer.patch) for anyone looking for it at a > later date. Confirmed this fixes all file copying problems associated with Win9X and DB Opening problems also associated with Win9X. It never did affect and effect for Win2K/XP/2K3 opening the same file(s). Thanks. -- greg, [EMAIL PROTECTED] The technology that is Stronger, better, faster: Linux signature.asc Description: This is a digitally signed message part -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] File copying under WIN98
On Mon, 2005-03-21 at 14:01 +0100, Jens Wulf wrote: > with the Samba3.0.12 release i encountered the following problem : > when i try to copy a file from a samba share to the local disk then the > process hangs with the windows-message > "Preparing to copy" (my translation from the german message). > In a WIN98-DOS-Windows the copy command hangs too, but the file is created. > The copying from my WIN-XP HOME works. > My previous installed version 3.0.9 worked fine with the same configuration > (smb.conf) > > does anyone have this problem too - and maybe a solution except reinstalling > old samba ? Hahahaha... I have also been experiencing this too. Break open a DOS Prompt, try to copy a file from the SAMBA server to the local machine. it always asks if you wanna overwrite the file. The file didna exist before the copy, but completely loops through a transfer. If you hit ALL (Yes, No, All) your network falls overs. Literally. Nice one Jeremy! Oh, BTW any DB you try to open never does either. -- greg, [EMAIL PROTECTED] The technology that is Stronger, better, faster: Linux signature.asc Description: This is a digitally signed message part -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Double posts (anyone else receiving two copies of every email to this list?)
For some reason, to which I've yet been able to figure out, I keep getting two copies of all messages posted to this list... Have not re-subscribed nor changed anything since Friday, and the same issue is not applicable with all outside/incoming email from other sources today - just trying to figure out if it's something on our end or yours; so is anyone else getting double posts or is the problem solely on my end? -- Nathan Vidican [EMAIL PROTECTED] Windsor Match Plate & Tool Ltd. http://www.wmplt.com/ -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Upcoming 3.0.13 release -- please test now
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Nathan Vidican wrote: | Have noted a bug, in bin/net, which reports unknown | parameter for 'veto oplocks', I have sent details to the | list, and pretty sure I even posted a report on | bugzilla too... Anything on that yet? There's no bugzilla account associated with your email address. And the reason that you get that error message is that there really is not 'veto oplocks' smb.conf option. Maybe you mean 'veto oplock files'. cheers, jerry = Alleviating the pain of Windows(tm) --- http://www.samba.org GnuPG Key- http://www.plainjoe.org/gpg_public.asc "I never saved anything for the swim back." Ethan Hawk in Gattaca -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.5 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFCPyqlIR7qMdg1EfYRArVdAJ42rMGhZ/64bJy5I4dh7ZBKkzfEcgCg1RWU +AjIUMsdeK/cZyctgR2aBFA= =6WLM -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Upcoming 3.0.13 release -- please test now
Have noted a bug, in bin/net, which reports unknown parameter for 'veto oplocks', I have sent details to the list, and pretty sure I even posted a report on bugzilla too... Anything on that yet? -- Nathan Vidican [EMAIL PROTECTED] Windsor Match Plate & Tool Ltd. http://www.wmplt.com/ -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Gerald (Jerry) Carter Sent: Monday, March 21, 2005 2:53 PM To: [EMAIL PROTECTED]; [EMAIL PROTECTED] Subject: [Samba] Upcoming 3.0.13 release -- please test now -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Heads up everyone: Due to the win98 explorer bug (https://bugzilla.samba.org/bug/2501), we will be release 3.0.13 on Thursday morning, March 24 (GMT-6). So if you have any outstanding bugs in the 3.0.12 that we should know about, let us know now. Please file any defect reports at https://bugzilla.samba.org/. Thanks. cheers, jerry = Alleviating the pain of Windows(tm) --- http://www.samba.org GnuPG Key- http://www.plainjoe.org/gpg_public.asc "I never saved anything for the swim back." Ethan Hawk in Gattaca -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.5 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFCPyYIIR7qMdg1EfYRAieAAKCaKra9mDk7Sv+x/3O8oA02ijihFwCg6pmP stHO/uvuqESCbJK2/InzPjo= =9PQs -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Upcoming 3.0.13 release -- please test now
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Heads up everyone: Due to the win98 explorer bug (https://bugzilla.samba.org/bug/2501), we will be release 3.0.13 on Thursday morning, March 24 (GMT-6). So if you have any outstanding bugs in the 3.0.12 that we should know about, let us know now. Please file any defect reports at https://bugzilla.samba.org/. Thanks. cheers, jerry = Alleviating the pain of Windows(tm) --- http://www.samba.org GnuPG Key- http://www.plainjoe.org/gpg_public.asc "I never saved anything for the swim back." Ethan Hawk in Gattaca -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.5 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFCPyYIIR7qMdg1EfYRAieAAKCaKra9mDk7Sv+x/3O8oA02ijihFwCg6pmP stHO/uvuqESCbJK2/InzPjo= =9PQs -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] users db problem
Hi, John H Terpstra schrieb: Marco, Did you update the LDAP schema to the new one that ships with 3.0.12? - John T. Same problem here too after updating from 3.0.11 to 3.0.12. I'm using the LDAP schema that was shiped with 3.0.11. On Monday 21 March 2005 00:31, Marco Marinelli tiscali wrote: # smbpasswd Administrator New SMB password: Retype new SMB password: account_policy_get: tdb_fetch_uint32 failed for field 4 (maximum password age (seconds since 1970)), returning 0 account_policy_get: tdb_fetch_uint32 failed for field 5 (minimum password age (seconds since 1970)), returning 0 same thing when i try to modify the account's policy: # pdbedit -P 'maximum password age (seconds since 1970)' -C 0 account_policy_get: tdb_fetch_uint32 failed for field 4 (maximum password age (seconds since 1970)), returning 0 valid account policy, but unable to fetch value! The commandline options of pdbedit changed from '{max,min}imum password age' to '{max,min}imum password age (seconds since 1970)' You can see this also in: # tdbdump /var/lib/samba/account_policy.tdb | grep minimum key = "minimum password age\00" key = "minimum password age (seconds since 1970)\00" 'seconds since 1970' should also be 'seconds since last change' Thanks Carsten -- . -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] idmap LDAP backend
Figure this out a little further: I had the following in my smb.conf: idmap uid = 1-2 idmap gid = 1-2 idmap backend = ldap:ldap://localhost ldap admin dn = cn=manager,dc=navis,dc=net ldap suffix = "ou=smb,dc=navis,dc=net" ldap idmap suffix = "ou=idmap" I took the quotes off and now Winbind seems to connect to LDAP fine: ldap suffix = ou=smb,dc=navis,dc=net ldap idmap suffix = ou=idmap I'm now getting this when I start Winbind in the Winbind log: [2005/03/21 11:16:25, 5] lib/gencache.c:gencache_init(59) Opening cache file at /var/lock/samba/gencache.tdb [2005/03/21 11:16:25, 5] libsmb/namecache.c:namecache_enable(58) namecache_enable: enabling netbios namecache, timeout 660 seconds [2005/03/21 11:16:25, 5] sam/idmap.c:smb_register_idmap(91) smb_register_idmap: Successfully added idmap backend 'ldap' [2005/03/21 11:16:25, 5] sam/idmap.c:smb_register_idmap(91) smb_register_idmap: Successfully added idmap backend 'tdb' [2005/03/21 11:16:25, 3] sam/idmap.c:idmap_init(132) idmap_init: using 'ldap' as remote backend [2005/03/21 11:16:25, 5] lib/smbldap.c:smbldap_search(1038) smbldap_search: base => [ou=idmap,ou=smb,dc=navis,dc=net], filter => [(objectclass=sambaUnixIdPool)], scope => [2] [2005/03/21 11:16:25, 5] lib/smbldap.c:smbldap_close(949) The connection to the LDAP server was closed [2005/03/21 11:16:25, 2] lib/smbldap.c:smbldap_open_connection(692) smbldap_open_connection: connection opened [2005/03/21 11:16:26, 3] lib/smbldap.c:smbldap_connect_system(866) ldap_connect_system: succesful connection to the LDAP server ldap_connect_system: LDAP server does support paged results [2005/03/21 11:16:26, 4] lib/smbldap.c:smbldap_open(929) The LDAP server is succesfully connected [2005/03/21 11:16:26, 2] lib/tallocmsg.c:register_msg_pool_usage(57) Registered MSG_REQ_POOL_USAGE [2005/03/21 11:16:26, 2] lib/dmallocmsg.c:register_dmalloc_msgs(71) Registered MSG_REQ_DMALLOC_MARK and LOG_CHANGED [2005/03/21 11:16:26, 2] nsswitch/winbindd_util.c:add_trusted_domain(175) Added domain HQ HQ.NAVIS.NET S-0-0 [2005/03/21 11:16:26, 4] passdb/secrets.c:secrets_fetch_trust_account_password(290) Using cleartext machine password However I still think there is a problem because getent passwd only returns local usernames. When I'm not using the ldap idmap backend getent passwd runs as expected giving both local and domain usernames. Any help appreciated, Theo -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Theodore Jencks Sent: Monday, March 21, 2005 9:52 AM To: samba@lists.samba.org Subject: RE: [Samba] idmap LDAP backend Ok, I made the change however the LDAP backend for idmap is still not working. I set Winbind to debugging level 5 and get the following in the logs: [2005/03/21 09:45:05, 2] lib/interface.c:add_interface(81) added interface ip=192.168.192.112 bcast=192.168.195.255 nmask=255.255.252.0 [2005/03/21 09:45:05, 5] lib/util.c:init_names(256) Netbios name list:- my_netbios_names[0]="THEO" [2005/03/21 09:45:05, 2] lib/interface.c:add_interface(81) added interface ip=192.168.192.112 bcast=192.168.195.255 nmask=255.255.252.0 [2005/03/21 09:45:05, 5] lib/gencache.c:gencache_init(59) Opening cache file at /var/lock/samba/gencache.tdb [2005/03/21 09:45:05, 5] libsmb/namecache.c:namecache_enable(58) namecache_enable: enabling netbios namecache, timeout 660 seconds [2005/03/21 09:45:05, 5] sam/idmap.c:smb_register_idmap(91) smb_register_idmap: Successfully added idmap backend 'ldap' [2005/03/21 09:45:05, 5] sam/idmap.c:smb_register_idmap(91) smb_register_idmap: Successfully added idmap backend 'tdb' [2005/03/21 09:45:05, 3] sam/idmap.c:idmap_init(132) idmap_init: using 'ldap' as remote backend [2005/03/21 09:45:05, 5] lib/smbldap.c:smbldap_search(1038) smbldap_search: base => ["ou=idmap","ou=smb,dc=navis,dc=net"], filter => [(objectclass=sambaUnixIdPool)], scope => [2] [2005/03/21 09:45:05, 5] lib/smbldap.c:smbldap_close(949) The connection to the LDAP server was closed [2005/03/21 09:45:05, 2] lib/smbldap.c:smbldap_open_connection(692) smbldap_open_connection: connection opened [2005/03/21 09:45:05, 3] lib/smbldap.c:smbldap_connect_system(866) ldap_connect_system: succesful connection to the LDAP server ldap_connect_system: LDAP server does support paged results [2005/03/21 09:45:05, 4] lib/smbldap.c:smbldap_open(929) The LDAP server is succesfully connected [2005/03/21 09:45:05, 0] sam/idmap.c:idmap_init(138) idmap_init: failed to initialize remote backend! Looks like it tries to get what are called paged results and then it fails to initialize remote backend. I'm not quite sure what is going on here and any further guidance would be greatly appreciated. Thanks in advance, Theo -Original Message- From: Gerald (Jerry) Carter [mailto:[EMAIL PROTECTED] Sent: Friday, March 18, 2005 7:18 AM To: Theodore Jencks Cc: samba@lists.samba.org Subject: Re: [Samba] idmap LDAP backend -BEGIN PG
[Samba] Samba-3 By Example correction...
Chapter 7, Section 7.3 Step 3 needs a correction: The step has users create an admin-accts.ldif file. As currently written the userpaddword: not24get should be userPassword with the P capitalized. Failure to have this causes a replication error: access denied since the password for updateuser is never loaded. Kevin B. McCrory Network Engineer - COPS US Government Solutions 13600 EDS Drive Mail stop: A4S-B21 Herndon, VA 20171 * phone: +01-703-733-3255 * mailto:[EMAIL PROTECTED] * AKO mailto:[EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Somebody had problem with long user names
Tony Earnshaw: > Schlomo Schapiro: > > >> read the recent thread on vampire, there we discussed the question, if >> usernames with spaces work on Linux. For example useradd "hello world" >> won't work on any Linux system around me here (various SuSE). So maybe >> you just have bad luck (sorry to tell you, but having usernames with >> spaces can be only a MS invention) ? Or maybe you can use the username >> map feature to map Jon Doe to Jon_Doe in Samba ? Or maybe write a patch >> to do that on a lower level ? > Names with spaces can be made to work work with LDAP (i.e. CN=John Doe, > UID=jdoe (and is for that matter already more or less implemented with the > smbldap-tools for groups) but it's *a bad idea* and will break many > tender things, complicate others unnecessarily. > > Posix-based systems were never meant for this. FWIW I tested this out on: Red Hat RHAS3 Samba 3-0.11 Openldap 2.2.23 Windows XP5 w/o patches Professional workstation. Samba LDAP CNs and corresponding UIDs with spaces work. On my installation, Windows (i.e. Samba) home directories and profile directories get made automatically, correctly, at the first user logon. Bugger it, I didn't want it to work, but it does. What's more, the user can log into a normal Unix/Linux console using his double-barreled name, perfectly normally (if only his $HOME env is set correctly in LDAP). Whether or not this Unix login works with anyone's own particular LDAP setup or not, depends greatly on the value for the pam_login_attribute in /etc/ldap.conf (PADL's *not* OpenLDAP's configuration file). Mine's set to "CN", but yours might be set to "UID" (the default). What this means in practice is, (the good news) that OP doesn't have to go over to Windows on his workstation, but (the bad news) that he he *does* have to implement an up-to-date Samba/OpenLDAP solution. If he hasn't used OpenLDAP earlier, this might take him a while (like weeks, took me many months, couple of years). Anyone who wants further info would do best to start a separate thread, since this one is old. --Tonni -- mail: [EMAIL PROTECTED] http://www.billy.demon.nl -- mail: [EMAIL PROTECTED] http://www.billy.demon.nl -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] users db problem
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Paul Gienger wrote: | |> Did you update the LDAP schema to the new one |> that ships with 3.0.12? |> |> | Was this mentioned in the release notes? I think I missed | it if it was... There were no changes to the OpenLDAP schema file in 3.0.12. The SunOne and NDS schema files got some corrections to bring them up to date. But no new attributes or abject classes. cheers, jerry = Alleviating the pain of Windows(tm) --- http://www.samba.org GnuPG Key- http://www.plainjoe.org/gpg_public.asc "I never saved anything for the swim back." Ethan Hawk in Gattaca -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.5 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFCPxk7IR7qMdg1EfYRAqsaAKDYjfzAeW9GFov/b+pplG8jc5SZVACdFWdh XA3Xr7JqkeHRMxA6u2X8L80= =OA9A -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] File copying under WIN98
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Jeremy Allison wrote: | | I've attached my proposed patch but more testing | would be welcome. I've put a copy in http://samba.org/~jerry/patches/post-3.0.12/ (named win98_explorer.patch) for anyone looking for it at a later date. cheers, jerry = Alleviating the pain of Windows(tm) --- http://www.samba.org GnuPG Key- http://www.plainjoe.org/gpg_public.asc "I never saved anything for the swim back." Ethan Hawk in Gattaca -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.5 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFCPxiYIR7qMdg1EfYRAkmlAKC7U5V28IieQGoSUPWNge83UrQz/wCg6KK9 d8osE7fYmFX4opV1vBs0OIc= =vr8B -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Cant connect to samba server
Hi All, I just found out that i was not even my backup server could conect to the samba server. The IP of the backup server had changed too. So basically i can login to the samba server from the machines with new IP using ssh etc, and can even ping. but for some reasons some services are not working. I know for sure this is not a firewall issue coz i can see all the traffice passing sucessfully, also all ports on firewall are open (for testing purprose) One thing i notices was that the hosts.allow file did not have the new IP range into it. I have added the new IP range and restarted network services but that did not help either. The hosts.allow file is now as below: portmap: 10.0.0.0/255.255.0.0 , 169.143.0.0/255.255.0.0 , 12.20.194.8 , 12.20.194.7 , 12.20.194.22 lockd: 10.0.0.0/255.255.0.0 , 169.143.0.0/255.255.0.0 , 12.20.194.8 , 12.20.194.7 , 12.20.194.22 rquotad: 10.0.0.0/255.255.0.0 , 169.143.0.0/255.255.0.0 , 12.20.194.8 , 12.20.194.7 , 12.20.194.22 mountd: 10.0.0.0/255.255.0.0 , 169.143.0.0/255.255.0.0 , 12.20.194.8 , 12.20.194.7 , 12.20.194.22 statd: 10.0.0.0/255.255.0.0 , 169.143.0.0/255.255.0.0 , 12.20.194.8 , 12.20.194.7 , 12.20.194.22 nfsd: 10.0.0.0/255.255.0.0 , 169.143.0.0/255.255.0.0 , 12.20.194.8 , 12.20.194.7 , 12.20.194.22 Please advice if i should add anything more to it. Is there any other file in linux that restricts connections based on iprange or something. I am new to linux. Please help. Adam Williams <[EMAIL PROTECTED]> wrote: is samba bound to both interfaces? have you tried pinging both and teltenneting to the ports on both? if you still can't connect after that, sounds like smbd isn't running ont he samba server. indgirl 6 wrote: > hi, > > i am not able to telnet to any of these ports from the windows > machine. i get the error, Connecting To 12.20.194.28...Could not open > connection to the host, on port 137: > Connect failed > > my linux machine has 2 9nterface, the IP address og one interface is > 12.20.194.27 and the other one is 12.20.194.28. > > > > */Adam Williams /* wrote: > > did you restart samba after making the changes to smb.conf? Also, try > telnetting to the samba tcp/ip ports. so telnet samba_server_ip 135 > (and 137, 139, 445) see if you can connect to any or go to > www.insecure.org/nmap and run the nmap scanner against the TCP > ports of > the samba server ip and see what it reports to you (do all of this > from > one of the windows pc's unable to connect to the samba server) > > > indgirl 6 wrote: > > >Hi, > > > >I can ping to the server form windows machine, and vice versa. I > can even telnet to server form windows machine. PLease tell me > what other check i should do. > > > > > > > >Ted Kaczmarek wrote: > >On Fri, 2005-03-18 at 14:26 -0800, indgirl 6 wrote: > > > > > >>Hi All, > >>This is very urgent, please help me. > >> > >>I have! a redhat machine (2.4.9-e.24) which is acting as a samba > server (samba - 2.2.7) > >>Everything was going smoothly until we changes the ip address of > our windows machines. > >>Now if i try to connect to the server it gives me the error: > >>"windows cannot find '\\titan". Check the spelling and try again." > >>I have tried connecting by using the IP address too but i get > the same error. > >> > >>I have added the new ip range in to the smb.conf file. I even > tried (for testing purpose) adding the IP address of my windows > machine and see if i can connect but i still cant connect. Please > advice what i am doing wrong here. > >> > >>I went through the DIAGNOSTICS.txt and failed at > >>test 8 with the error: System error 53 has occurred. The network > path was not found. > >>test 9 with the error: System error 59 has occurred. An > unexpected network error occurred. > >> > >>test 10 with the error: querying de! lta on 12.20.194.255 > >>querying delta on 12.20.194.255 > >>name_query failed to find name delta#1d > >> > >>Test 11: cant browse > >> > >>I know this is sone kind of network issue, but i fail to see > where... > >> > >> > >> > >> > >Can the windows machine even ping the samba server? > > > >Ping, traceroute (tracert) tcpdump and or ethereal, as well as > the samba > >logs files might tell you more. > > > > > >Look at things in smaller pieces, make sure the little pieces are > doing > >their work before you look at the assembly of pieces. > > > >Ted > > > > > > > >- > >Do you Yahoo!? > > Yahoo! Small Business - Try our new resources site! > > > > > > > > Do you Yahoo!? > Take Yahoo! Mail with you! > > Get it on your mobile phone. - Do you Yahoo!? Yahoo! Small Business - Try our new resources site! -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] SMB share/MS networking + Novell = major lag
I am hoping someone else has found a solution for this: "A Delay Occurs When You Open a Mapped Network Drive on a Novell NetWare or UNIX NFS Server" This delay is usually 25sec for any mapped drive or network printer when accessed the first time since timeout. Painful for users who need novell and samba shares. (Windows XP sp2, exists on Novell clients 4.9 sp1a, sp1b, sp2, & latest 4.91) I have tried all of the registry "fixes" to no avail. http://support.microsoft.com/?kbid=814952 http://support.microsoft.com/default.aspx?scid=kb;en-us;171386 Has anyone found a resolution? Regards, Dan -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] users db problem
Did you update the LDAP schema to the new one that ships with 3.0.12? Was this mentioned in the release notes? I think I missed it if it was... -- Paul GiengerOffice: 701-281-1884 Applied Engineering Inc. Systems Architect Fax:701-281-1322 URL: www.ae-solutions.com mailto: [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Coule really use some help (Samba PDC)
First email was rejected due to size so the log files are inline in the msg now.. I have NEVER had so much trouble with a samba PDC before. I need to turn in my unix admin license, this is pathetic... Anyway, I am here. When trying to join a domain with the administrator account I get "no mapping between account name and security ID's was done" And the joining fails... All the needed files are attached, from the ldap log. to the samba.conf to the ldifs of the machine, root and admin account. Trying with the root account nets me the same error in smbusers I noticed an entry i never made root = administrator software versions: [EMAIL PROTECTED] openldap-data]# rpm -qa |grep samba samba-3.0.11-1 samba-swat-3.0.11-1 samba-client-3.0.11-1 samba-common-3.0.11-1 I am assumine the rpm or something else made that mapping. I dunno... I have really about had it here, it's been well over a week, we are working on close to two. I need to get this resolved or move on to a Windows PDC. I have a deadline to meet with a domain controller (that is no one problem here, i realize this) If more information is needed please ask. I will be happy to provide anything but passwords.. If anyone has any insite, advice, or whatever I would very much appreciate it net groupmap list Engineering (S-1-5-21-1391849139-953726148-1374988380-9005) -> Engineering Staff (S-1-5-21-1391849139-953726148-1374988380-9003) -> Staff Sales (S-1-5-21-1391849139-953726148-1374988380-9007) -> Sales Administration (S-1-5-21-1391849139-953726148-1374988380-9009) -> Administration Domain Admins (S-1-5-21-3107161993-1039155829-3332455197-512) -> Domain Admins Domain Users (S-1-5-21-3107161993-1039155829-3332455197-513) -> Domain Users Domain Guests (S-1-5-21-3107161993-1039155829-3332455197-514) -> Domain Guests Domain Computers (S-1-5-21-3107161993-1039155829-3332455197-515) -> Domain Computers Administrators (S-1-5-32-544) -> Administrators Print Operators (S-1-5-32-550) -> Print Operators Backup Operators (S-1-5-32-551) -> Backup Operators Replicators (S-1-5-32-552) -> Replicators smb.conf [global] workgroup = VENTUS_OFFICE netbios name = vnpdc01 server string = Ventus File Server hosts allow = 172.28.0. 192.168.1 127. printcap name = /etc/printcap load printers = yes log file = /var/log/samba/%m.log max log size = 50 ldap passwd sync = Yes passdb backend = ldapsam:ldap://192.168.1.242/ ldap suffix = o=ventusnetworks.com,dc=na ldap filter = (&(uid=%u)(objectclass=sambaSamAccount)) ldap machine suffix = ou=Computers ldap user suffix = ou=Staff ldap group suffix = ou=Groups ldap admin dn = "cn=Manager,dc=na" ldap delete dn = no #ldap ssl = ssl security = user socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 log level = 10 local master = yes os level = 255 domain master = yes preferred master = yes domain logons = yes # logon script = netlogon.bat logon path = \\%L\Profiles\%U # logon drive = U: name resolve order = wins lmhosts bcast wins support = yes dns proxy = no #delete user script = /usr/local/sbin/smbldap-userdel "%u" add machine script = /opt/IDEALX/sbin/smbldap-useradd -w "%u" -H W add group script = /opt/IDEALX/sbin/smbldap-groupadd -p "%g" #delete group script = /usr/local/sbin/smbldap-groupdel "%g" add user to group script = /opt/IDEALX/sbin/smbldap-groupmod -m "%u" "%g" delete user from group script = /opt/IDEALX/sbin/smbldap-groupmod -x "%u" "%g" set primary group script = /opt/IDEALX/sbin/smbldap-usermod -g "%g" "%u" admin ldif dn: uid=administrator, ou=Staff, o=ventusnetworks.com, dc=na sambaLMPassword: sambaPrimaryGroupSID: S-1-5-21-3107161993-1039155829-3332455197-512 objectClass: inetOrgPerson objectClass: sambaSamAccount objectClass: posixAccount objectClass: shadowAccount userPassword:: sambaLogonTime: 0 sambaHomeDrive: H: uid: administrator uidNumber: 0 cn: administrator sambaLogoffTime: 2147483647 sambaPwdLastSet: 419696 loginShell: /bin/bash sambaAcctFlags: [U ] sambaProfilePath: \\vnpdc01\profiles\administrator\ gidNumber: 512 sambaPwdMustChange: 2147483647 sambaNTPassword: sambaPwdCanChange: 419696 gecos: Netbios Domain Administrator sambaSID: S-1-5-21-3107161993-1039155829-3332455197-2996 homeDirectory: /home/administrator sambaKickoffTime: 2147483647 sn: administrator sambaHomePath: \\vnpdc01\home\administrator sambaPasswordHistory: 000 0 computer ldif dn: uid=ibm-zus90725eca$, ou=Computers, o=ventusnetworks.com, dc=na sambaPwdLastSet: 418025 sn: ibm-zus90725eca$ sambaAcctFlags: [W ] userPassword:: e1NNRDV9cHVjZlRnck5MWVFmaENjcjFJQUp6RHdZbHBBPQ== uidNumber: 1023 gidNumber: 515 sambaPwdMustChange: 2147483647 uid: ibm-zus90725eca$ objectClass: inetOrgPerson objectClass: organizationalPerson objectClass: posixAccount objectClass: sambaSamAccount objectClass: person objectClass: top sambaSID: S-1-5-21-31071
Re: [Samba] File copying under WIN98
On Mon, Mar 21, 2005 at 02:01:17PM +0100, Jens Wulf wrote: > with the Samba3.0.12 release i encountered the following problem : > when i try to copy a file from a samba share to the local disk then the > process hangs with the windows-message > "Preparing to copy" (my translation from the german message). > In a WIN98-DOS-Windows the copy command hangs too, but the file is created. > The copying from my WIN-XP HOME works. > My previous installed version 3.0.9 worked fine with the same configuration > (smb.conf) > > does anyone have this problem too - and maybe a solution except > reinstalling old samba ? Ok, I screwed up bigtime :-(. This one is my fault. I've attached my proposed patch but more testing would be welcome. We'll probably have to do a brown-paper-bag 3.0.13 over this one :-(. Sorry. Jeremy. Index: smbd/dir.c === --- smbd/dir.c (revision 5921) +++ smbd/dir.c (working copy) @@ -595,6 +595,13 @@ BOOL dptr_SearchDir(struct dptr_struct *dptr, const char *name, long *poffset, SMB_STRUCT_STAT *pst) { ZERO_STRUCTP(pst); + + if (!dptr->has_wild && (dptr->dir_hnd->offset == -1)) { + /* This is a singleton directory and we're already at the end. */ + *poffset = -1; + return False; + } + while (SearchDir(dptr->dir_hnd, name, poffset) == True) { if (is_visible_file(dptr->conn, dptr->path, name, pst, True)) { return True; -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] PDC Migration - Mapping user []\[] from...
P.S. I did change the SID of the new server to be the same as the old server as well. Cheers, Mike. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] idmap LDAP backend
Ok, I made the change however the LDAP backend for idmap is still not working. I set Winbind to debugging level 5 and get the following in the logs: [2005/03/21 09:45:05, 2] lib/interface.c:add_interface(81) added interface ip=192.168.192.112 bcast=192.168.195.255 nmask=255.255.252.0 [2005/03/21 09:45:05, 5] lib/util.c:init_names(256) Netbios name list:- my_netbios_names[0]="THEO" [2005/03/21 09:45:05, 2] lib/interface.c:add_interface(81) added interface ip=192.168.192.112 bcast=192.168.195.255 nmask=255.255.252.0 [2005/03/21 09:45:05, 5] lib/gencache.c:gencache_init(59) Opening cache file at /var/lock/samba/gencache.tdb [2005/03/21 09:45:05, 5] libsmb/namecache.c:namecache_enable(58) namecache_enable: enabling netbios namecache, timeout 660 seconds [2005/03/21 09:45:05, 5] sam/idmap.c:smb_register_idmap(91) smb_register_idmap: Successfully added idmap backend 'ldap' [2005/03/21 09:45:05, 5] sam/idmap.c:smb_register_idmap(91) smb_register_idmap: Successfully added idmap backend 'tdb' [2005/03/21 09:45:05, 3] sam/idmap.c:idmap_init(132) idmap_init: using 'ldap' as remote backend [2005/03/21 09:45:05, 5] lib/smbldap.c:smbldap_search(1038) smbldap_search: base => ["ou=idmap","ou=smb,dc=navis,dc=net"], filter => [(objectclass=sambaUnixIdPool)], scope => [2] [2005/03/21 09:45:05, 5] lib/smbldap.c:smbldap_close(949) The connection to the LDAP server was closed [2005/03/21 09:45:05, 2] lib/smbldap.c:smbldap_open_connection(692) smbldap_open_connection: connection opened [2005/03/21 09:45:05, 3] lib/smbldap.c:smbldap_connect_system(866) ldap_connect_system: succesful connection to the LDAP server ldap_connect_system: LDAP server does support paged results [2005/03/21 09:45:05, 4] lib/smbldap.c:smbldap_open(929) The LDAP server is succesfully connected [2005/03/21 09:45:05, 0] sam/idmap.c:idmap_init(138) idmap_init: failed to initialize remote backend! Looks like it tries to get what are called paged results and then it fails to initialize remote backend. I'm not quite sure what is going on here and any further guidance would be greatly appreciated. Thanks in advance, Theo -Original Message- From: Gerald (Jerry) Carter [mailto:[EMAIL PROTECTED] Sent: Friday, March 18, 2005 7:18 AM To: Theodore Jencks Cc: samba@lists.samba.org Subject: Re: [Samba] idmap LDAP backend -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Theodore Jencks wrote: | ldap idmap suffix = "ou=idmap,ou=smb,dc=navis,dc=net" | ldap suffix = "ou=smb,dc=navis,dc=net" change this to ldap suffix = "ou=smb,dc=navis,dc=net" ldap idmap suffix = "ou=idmap" cheers, jerry -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.5 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFCOvELIR7qMdg1EfYRAqkxAJ4wivlVYXp6DmKIaXbl786I7CQOLwCfXL6w XIO2bFqLhparOqZGF0BdgWo= =MKbV -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] I need to rename libnss_winbind.so ...
Hi! For a dual samba configuration on a Linux system, I need to rename the /lib/libnss_winbind.so . Simply changing the file name and adapting /etc/nsswitch.conf is aparently not enough. what am I missing? I couldn't find it in the source code ... thanks for your time Emmanuel -- Emmanuel Willems +--+---+--+ | Ingénieur-système| Systeem ingenieur | System engineer | +--+---+--+ | Sénat de Belgique| Belgische Senaat | Belgian Senate | | Place de la Nation 1 | Natieplein 1 | Place de la Nation 1 | | 1009 Bruxelles | 1009 Brussel | 1009 Brussels| | | | Belgium | +--+---+--+ | e-mail: [EMAIL PROTECTED]| | URL: http://www.senate.be | | tel: +32 (2) 501.72.39 | | fax: +32 (2) 514.06.85 | +-+ -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] SAMBA3 + LDAP = PDC => ROUND 4 ;o)
smbpasswd -w is set, I've try to write a wrong password for see the error, the error is not the same (Invalid credential) I've add root user for seeing if it's working .. but it's the same error than with Administrator. When joining with Administrator (Access Deny) : ### [2005/03/21 18:14:23, 2] lib/smbldap.c:smbldap_open_connection(692) smbldap_open_connection: connection opened [2005/03/21 18:14:23, 2] passdb/pdb_ldap.c:init_sam_from_ldap(518) init_sam_from_ldap: Entry found for user: Administrator [2005/03/21 18:14:23, 2] passdb/pdb_ldap.c:init_group_from_ldap(2057) init_group_from_ldap: Entry found for group: 512 [2005/03/21 18:14:23, 2] auth/auth.c:check_ntlm_password(305) check_ntlm_password: authentication for user [administrator] -> [administrator] -> [Administrator] succeeded [2005/03/21 18:14:24, 2] rpc_server/srv_samr_nt.c:_samr_lookup_domain(2482) Returning domain sid for domain ARZUR-NT -> S-1-5-21-1874299889-3982645529-2160850509 [2005/03/21 18:14:24, 2] rpc_server/srv_samr_nt.c:access_check_samr_object(93) _samr_open_domain: ACCESS DENIED (requested: 0x0211) [2005/03/21 18:14:24, 2] rpc_server/srv_samr_nt.c:_samr_lookup_domain(2482) Returning domain sid for domain ARZUR-NT -> S-1-5-21-1874299889-3982645529-2160850509 [2005/03/21 18:14:24, 2] rpc_server/srv_samr_nt.c:access_check_samr_function(115) _samr_create_user: ACCESS DENIED (granted: 0x0201; required: 0x0010) [2005/03/21 18:14:24, 2] smbd/server.c:exit_server(575) Closing connections Bruno Guerreiro a écrit : Hi, Did you execute smbpasswd -w ? Another thing you're trying to add your Computer with the user root? This user, by default, doesn't belong to the Domain Admins groups. At least not with the scripts provided by smbldap-tools. If so, try adding the machine using the Administrator account. Best Regards, Bruno Guerreiro -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: segunda-feira, 21 de Março de 2005 16:46 To: samba@lists.samba.org Subject: [Samba] SAMBA3 + LDAP = PDC => ROUND 4 ;o) Okay I try this thing : mastok:/etc/samba # smbldap-useradd root mastok:/etc/samba # smbldap-usermod -u 0 -g 0 root mastok:/etc/samba # smbldap-usermod -a root mastok:/etc/samba # smbldap-passwd root # Administrator:x:998:512:Netbios Domain Administrator:/home/data1/samba/Administrator:/sbin/nologin nobody:x:999:514:nobody:/dev/null:/sbin/nologin root:x:0:0:System User:/home/data1/samba/root:/sbin/nologin # Connecting to the domain with account root. Computer Accout created : poil-barebone$:x:1005:515:Computer:/dev/null:/sbin/nologin But Access Deny on my Windows computer :( check_ntlm_password: authentication for user [root] -> [root] -> [root] succeeded [2005/03/21 17:38:14, 2] rpc_server/srv_samr_nt.c:_samr_lookup_domain(2482) Returning domain sid for domain ARZUR-NT -> S-1-5-21-1874299889-3982645529-2160850509 [2005/03/21 17:38:14, 2] passdb/pdb_ldap.c:init_group_from_ldap(2057) init_group_from_ldap: Entry found for group: 515 [2005/03/21 17:38:14, 2] passdb/pdb_ldap.c:init_ldap_from_sam(929) init_ldap_from_sam: Setting entry for user: poil-barebone$ [2005/03/21 17:38:14, 1] passdb/pdb_ldap.c:ldapsam_modify_entry(1552) ldapsam_modify_entry: Failed to modify user dn= uid=poil-barebone$,ou=Computers,dc=arzur,dc=local with: Insufficient access [2005/03/21 17:38:14, 0] passdb/pdb_ldap.c:ldapsam_add_sam_account(1994) ldapsam_add_sam_account: failed to modify/add user with uid = poil-barebone$ (dn = uid=poil-barebone$,ou=Computers,dc=arzur,dc=local) [2005/03/21 17:38:14, 0] rpc_server/srv_samr_nt.c:_samr_create_user(2272) could not add user/computer poil-barebone$ to passdb. Check permissions? [2005/03/21 17:38:15, 2] smbd/server.c:exit_server(575) -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] SAMBA3 + LDAP = PDC => ROUND 4 ;o)
Hi, Did you execute smbpasswd -w ? Another thing you're trying to add your Computer with the user root? This user, by default, doesn't belong to the Domain Admins groups. At least not with the scripts provided by smbldap-tools. If so, try adding the machine using the Administrator account. Best Regards, Bruno Guerreiro -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: segunda-feira, 21 de Março de 2005 16:46 To: samba@lists.samba.org Subject: [Samba] SAMBA3 + LDAP = PDC => ROUND 4 ;o) Okay I try this thing : mastok:/etc/samba # smbldap-useradd root mastok:/etc/samba # smbldap-usermod -u 0 -g 0 root mastok:/etc/samba # smbldap-usermod -a root mastok:/etc/samba # smbldap-passwd root # Administrator:x:998:512:Netbios Domain Administrator:/home/data1/samba/Administrator:/sbin/nologin nobody:x:999:514:nobody:/dev/null:/sbin/nologin root:x:0:0:System User:/home/data1/samba/root:/sbin/nologin # Connecting to the domain with account root. Computer Accout created : poil-barebone$:x:1005:515:Computer:/dev/null:/sbin/nologin But Access Deny on my Windows computer :( check_ntlm_password: authentication for user [root] -> [root] -> [root] succeeded [2005/03/21 17:38:14, 2] rpc_server/srv_samr_nt.c:_samr_lookup_domain(2482) Returning domain sid for domain ARZUR-NT -> S-1-5-21-1874299889-3982645529-2160850509 [2005/03/21 17:38:14, 2] passdb/pdb_ldap.c:init_group_from_ldap(2057) init_group_from_ldap: Entry found for group: 515 [2005/03/21 17:38:14, 2] passdb/pdb_ldap.c:init_ldap_from_sam(929) init_ldap_from_sam: Setting entry for user: poil-barebone$ [2005/03/21 17:38:14, 1] passdb/pdb_ldap.c:ldapsam_modify_entry(1552) ldapsam_modify_entry: Failed to modify user dn= uid=poil-barebone$,ou=Computers,dc=arzur,dc=local with: Insufficient access [2005/03/21 17:38:14, 0] passdb/pdb_ldap.c:ldapsam_add_sam_account(1994) ldapsam_add_sam_account: failed to modify/add user with uid = poil-barebone$ (dn = uid=poil-barebone$,ou=Computers,dc=arzur,dc=local) [2005/03/21 17:38:14, 0] rpc_server/srv_samr_nt.c:_samr_create_user(2272) could not add user/computer poil-barebone$ to passdb. Check permissions? [2005/03/21 17:38:15, 2] smbd/server.c:exit_server(575) -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] SAMBA3 + LDAP = PDC => ROUND 4 ;o)
On Monday 21 March 2005 09:45, [EMAIL PROTECTED] wrote: > Okay > > I try this thing : > mastok:/etc/samba # smbldap-useradd root > mastok:/etc/samba # smbldap-usermod -u 0 -g 0 root > mastok:/etc/samba # smbldap-usermod -a root > mastok:/etc/samba # smbldap-passwd root > # > Administrator:x:998:512:Netbios Domain > Administrator:/home/data1/samba/Administrator:/sbin/nologin > nobody:x:999:514:nobody:/dev/null:/sbin/nologin > root:x:0:0:System User:/home/data1/samba/root:/sbin/nologin > # > Connecting to the domain with account root. > Computer Accout created : > poil-barebone$:x:1005:515:Computer:/dev/null:/sbin/nologin > But Access Deny on my Windows computer :( > > check_ntlm_password: authentication for user [root] -> [root] -> > [root] succeeded > [2005/03/21 17:38:14, 2] rpc_server/srv_samr_nt.c:_samr_lookup_domain(2482) > Returning domain sid for domain ARZUR-NT -> > S-1-5-21-1874299889-3982645529-2160850509 > [2005/03/21 17:38:14, 2] passdb/pdb_ldap.c:init_group_from_ldap(2057) > init_group_from_ldap: Entry found for group: 515 > [2005/03/21 17:38:14, 2] passdb/pdb_ldap.c:init_ldap_from_sam(929) > init_ldap_from_sam: Setting entry for user: poil-barebone$ > [2005/03/21 17:38:14, 1] passdb/pdb_ldap.c:ldapsam_modify_entry(1552) > ldapsam_modify_entry: Failed to modify user dn= > uid=poil-barebone$,ou=Computers,dc=arzur,dc=local with: Insufficient access ^^^ It would appear that your Samba configuration does not permit write access to the LDAP server. Did you set the LDAP admin password? This is done using: smbpasswd -w 'secret' - John T. > > [2005/03/21 17:38:14, 0] passdb/pdb_ldap.c:ldapsam_add_sam_account(1994) > ldapsam_add_sam_account: failed to modify/add user with uid = > poil-barebone$ (dn = uid=poil-barebone$,ou=Computers,dc=arzur,dc=local) > [2005/03/21 17:38:14, 0] rpc_server/srv_samr_nt.c:_samr_create_user(2272) > could not add user/computer poil-barebone$ to passdb. Check permissions? > [2005/03/21 17:38:15, 2] smbd/server.c:exit_server(575) -- John H Terpstra Samba-Team Member Phone: +1 (650) 580-8668 Author: The Official Samba-3 HOWTO & Reference Guide, ISBN: 0131453556 Samba-3 by Example, ISBN: 0131472216 Hardening Linux, ISBN: 0072254971 Other books in production. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] SAMBA3 + LDAP = PDC => ROUND 4 ;o)
Okay I try this thing : mastok:/etc/samba # smbldap-useradd root mastok:/etc/samba # smbldap-usermod -u 0 -g 0 root mastok:/etc/samba # smbldap-usermod -a root mastok:/etc/samba # smbldap-passwd root # Administrator:x:998:512:Netbios Domain Administrator:/home/data1/samba/Administrator:/sbin/nologin nobody:x:999:514:nobody:/dev/null:/sbin/nologin root:x:0:0:System User:/home/data1/samba/root:/sbin/nologin # Connecting to the domain with account root. Computer Accout created : poil-barebone$:x:1005:515:Computer:/dev/null:/sbin/nologin But Access Deny on my Windows computer :( check_ntlm_password: authentication for user [root] -> [root] -> [root] succeeded [2005/03/21 17:38:14, 2] rpc_server/srv_samr_nt.c:_samr_lookup_domain(2482) Returning domain sid for domain ARZUR-NT -> S-1-5-21-1874299889-3982645529-2160850509 [2005/03/21 17:38:14, 2] passdb/pdb_ldap.c:init_group_from_ldap(2057) init_group_from_ldap: Entry found for group: 515 [2005/03/21 17:38:14, 2] passdb/pdb_ldap.c:init_ldap_from_sam(929) init_ldap_from_sam: Setting entry for user: poil-barebone$ [2005/03/21 17:38:14, 1] passdb/pdb_ldap.c:ldapsam_modify_entry(1552) ldapsam_modify_entry: Failed to modify user dn= uid=poil-barebone$,ou=Computers,dc=arzur,dc=local with: Insufficient access [2005/03/21 17:38:14, 0] passdb/pdb_ldap.c:ldapsam_add_sam_account(1994) ldapsam_add_sam_account: failed to modify/add user with uid = poil-barebone$ (dn = uid=poil-barebone$,ou=Computers,dc=arzur,dc=local) [2005/03/21 17:38:14, 0] rpc_server/srv_samr_nt.c:_samr_create_user(2272) could not add user/computer poil-barebone$ to passdb. Check permissions? [2005/03/21 17:38:15, 2] smbd/server.c:exit_server(575) -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] what are *.tdb files?
In /varcache/samba/ I have several .tdb files. Like brlock.tdb, locking.tdb, ntdrivers.tdb, etc. Excusing my ignorance, what are these files, and what do they do? And why must they be copied when migrating from one samba server to a new one? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: Samba 2.2 vs. 3: Domain Member & Winbind quick question
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Tyler Thueson wrote: |>search the list archives of samba-users for my name, I posted a patch to |>winbindd a couple of years ago that solved this problem for me back then. | | | Thank you very much for the reply!! | | I found your patch but it worries me that there is such | a glaring bug in winbindd and that it's been there for four | years. Tyler, I remember looking at your original mail. I don't remember the behavior striking me as a bug. But if it is a bug, then the way to get it fixed si to file a bug report at https://bugzilla.samba.org/. Also, I don't remember seeing the original patch so if you wouldn't mind attaching that as well it would help. cheers, jerry -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.5 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFCPvjLIR7qMdg1EfYRAuFWAJ4mSgvmiwZ2MVVeWifee/FH3rj11QCfYNHx TeozN42nKHCq1HhSMSVuA+4= =xkVe -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Re: Samba 2.2 vs. 3: Domain Member & Winbind quick question
> search the list archives of samba-users for my name, I posted a patch to > winbindd a couple of years ago that solved this problem for me back then. Thank you very much for the reply!! I found your patch but it worries me that there is such a glaring bug in winbindd and that it's been there for four years. One of the goals of the Samba project is to replace Windows servers, but in this case 3.0 fails to do something that 2.2 did -- something I consider basic functionality. But maybe using Samba as a member server in a Windows domain is something that not very many people do? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] users db problem
Marco, Did you update the LDAP schema to the new one that ships with 3.0.12? - John T. On Monday 21 March 2005 00:31, Marco Marinelli tiscali wrote: > Hi, i never post in this list before becouse all the developers did a > great job before, but > now i have a problem. > I used samba 3.0.x for a long time without any problem with openldap as > passwd backend, now with samba 3.0.12 > there are stange message when i try to change account's passwd: > > # smbpasswd Administrator > New SMB password: > Retype new SMB password: > account_policy_get: tdb_fetch_uint32 failed for field 4 (maximum > password age (seconds since 1970)), returning 0 > account_policy_get: tdb_fetch_uint32 failed for field 5 (minimum > password age (seconds since 1970)), returning 0 > > same thing when i try to modify the account's policy: > > # pdbedit -P 'maximum password age (seconds since 1970)' -C 0 > account_policy_get: tdb_fetch_uint32 failed for field 4 (maximum > password age (seconds since 1970)), returning 0 > valid account policy, but unable to fetch value! > > I'm using slackware current with kernel 2.6.9, openldap 2.2.20 and > nss_ldap, there are some changes that i must do for samba 3.0.12? > > Thanks! -- John H Terpstra Samba-Team Member Phone: +1 (650) 580-8668 Author: The Official Samba-3 HOWTO & Reference Guide, ISBN: 0131453556 Samba-3 by Example, ISBN: 0131472216 Hardening Linux, ISBN: 0072254971 Other books in production. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] SAMBA3 + LDAP = PDC => ROUND 3!
Yes it does allow ... You must have in your smb.conf add machine script = /path/to/smbldap-tools/smbldap-useradd -w "%u" Best regards, Bruno Guerreiro -Original Message- From: Mandar Kulkarni/PUN/IN/STTL [mailto:[EMAIL PROTECTED] Sent: segunda-feira, 21 de Março de 2005 15:40 To: [EMAIL PROTECTED] Cc: Bruno Guerreiro; samba@lists.samba.org; [EMAIL PROTECTED] Subject: Re: [Samba] SAMBA3 + LDAP = PDC => ROUND 3! hi, I think you will have to create computer account in ldap using smbldap-useradd.pl -w option before joining the system to domain. As far as i know, Samba does not allow to create the computer account on the fly, i.e. when your joining the system to domain. If you have any idea about this then do let me know. Thanks & Regards, Mandar Kulkarni Systems Administrator Softcell Technologies Ltd. "[EMAIL PROTECTED]" <[EMAIL PROTECTED]> Sent by: [EMAIL PROTECTED] 21/03/2005 08:44 PM ToBruno Guerreiro <[EMAIL PROTECTED]> [EMAIL PROTECTED] SubjectRe: [Samba] SAMBA3 + LDAP = PDC => ROUND 3! Thanks ... Done, Now When my windows XP try to join the domain, Accès refusé (Access Deny) So my log : /var/lob/samba/log.poil-barebone [2005/03/21 16:05:40, 2] lib/smbldap.c:smbldap_open_connection(692) smbldap_open_connection: connection opened [2005/03/21 16:05:40, 2] passdb/pdb_ldap.c:init_sam_from_ldap(518) init_sam_from_ldap: Entry found for user: Administrator [2005/03/21 16:05:40, 2] passdb/pdb_ldap.c:init_group_from_ldap(2057) init_group_from_ldap: Entry found for group: 512 [2005/03/21 16:05:40, 2] auth/auth.c:check_ntlm_password(305) check_ntlm_password: authentication for user [Administrator] -> [Administrator] -> [Administrator] succeeded [2005/03/21 16:05:40, 2] rpc_server/srv_samr_nt.c:_samr_lookup_domain(2482) Returning domain sid for domain ARZUR-NT -> S-1-5-21-1874299889-3982645529-2160850509 [2005/03/21 16:05:40, 2] rpc_server/srv_samr_nt.c:access_check_samr_object(93) _samr_open_domain: ACCESS DENIED (requested: 0x0211) [2005/03/21 16:05:40, 2] rpc_server/srv_samr_nt.c:_samr_lookup_domain(2482) Returning domain sid for domain ARZUR-NT -> S-1-5-21-1874299889-3982645529-2160850509 [2005/03/21 16:05:40, 2] rpc_server/srv_samr_nt.c:access_check_samr_function(115) _samr_create_user: ACCESS DENIED (granted: 0x0201; required: 0x0010) [2005/03/21 16:05:41, 2] smbd/server.c:exit_server(575) Closing connections Any Idea? >Hi, >Just my 2 cents. >You're mapping administrator to root in your smbusers file. >Try commenting the "root = Administrator admin " line. > >Best regards, >Bruno Guerreiro > >-Original Message- >From: [EMAIL PROTECTED] >[mailto:[EMAIL PROTECTED] >Sent: segunda-feira, 21 de Março de 2005 14:56 >To: samba@lists.samba.org >Subject: [Samba] SAMBA3 + LDAP = PDC => ROUND 3! > > >Okay, I've upgrade samba, now I use samba3.schema who is with my suse 9.2 >So I delete all in /var/lib/ldap and in /var/lib/samba >Redo smb-populate blablabla (from the howto >http://samba.idealx.org/smbldap-howto.en.html) > >So now when i would like to join my Samba domain : > >[2005/03/21 15:45:51, 2] auth/auth.c:check_ntlm_password(312) > check_ntlm_password: Authentication for user [Administrator] -> >[root] FAILED with error NT_STATUS_NO_SUCH_USER > >When I SSH my box with login Administrator, it's okay! (no bash >/sbin/nologin) > >I go to cry ! > > >getent passwd : >mastok:/etc/samba # getent passwd >root:x:0:0:root:/root:/bin/bash >... >Administrator:x:998:512:Netbios Domain >Administrator:/home/data1/samba/Administrator:/sbin/nologin >nobody:x:999:514:nobody:/dev/null:/sbin/nologin > >vi /etc/samba/smbusers : >root = administrator > > > > > > -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Multipile domain controllers?
Have set up a network with multipile Samba PDC's - one each network segment in different locations - i.e. 10.3.x.x in Cardiff, 10.2.x.x in Glasgow with their own PDC server. Anyway, the networks are connected to each other via VPN - is it possible for a computer in Cardiff to log on into the PDC controller in Glasgow, even tho it's already set up to log in the Cardiff PDC? You should also be able to with a TRUST RELATIONSHIP, between the 2 domains. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] PDC Migration - Mapping user []\[] from...
Hi, I'm trying to migrate our PDC from samba 2.2.3 on redhat 7.3 to samba 3.0.10 on fedora core 3. We use smbpasswd which I have copied to the new server - all the unix users and groups are yp'd so they're the same on both servers. Everything seems to work fine initially. Most people can log on and get their roaming profile from most machines (they can all log in from their own computer). Only some combinations of user and machine fail (and no combinations fail using the old server). With logging set to auth:10 the first difference in the log between a successful login and an unsuccessful one is: successful: [2005/03/18 11:11:27, 5] auth/auth_util.c:make_user_info_map(225) make_user_info_map: Mapping user [NTPSA]\[mb] from workstation [NAIAD] unsuccessful: [2005/03/18 11:15:05, 5] auth/auth_util.c:make_user_info_map(225) make_user_info_map: Mapping user []\[] from workstation [CORDELIA] It seems like there is some user/machine state information being held somewhere rather than the server just authenticating the machine and user using smbpasswd and the unix users and groups. I tried copying over all the *.tdb files from /var/cache/samba as well, no dfference. I also tried deleting all the cached user info in c:\Docouments and Settings on one of the machines with the problem, still no difference. Any ideas? I'm really stuck :( Oh yeah, here's my smb.conf [global] workgroup = NTPSA netbios name = NT-AuthSvr netbios aliases = NT-PrintSvr NT-FileSvr server string = theta - Samba Server hosts allow = 62.189.125. 127. 81.86.215.217 interfaces = 62.189.125.41/25 socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 load printers = no log level = auth:10 log file = /var/log/samba/%m.log max log size = 1000 security = user password level = 50 username level = 10 encrypt passwords = yes smb passwd file = /etc/samba/private/smbpasswd preserve case = yes short preserve case = yes default case = lower case sensitive = no mangled names = no nt acl support = no logon home = \\%N\%U logon drive = u: logon path = \\%N\%U\.winprofile\ntprofile local master = yes os level = 35 domain master = yes preferred master = yes domain logons = yes time server = yes dns proxy = no # Share Definitions == idmap uid = 16777216-33554431 idmap gid = 16777216-33554431 template shell = /bin/false winbind use default domain = no [homes] comment = %U's Home Directory browseable = no writeable = yes [netlogon] comment = Network Logon Service path = /home/ntpsa/groups/%g browseable = no [tmp] comment = Temporary file space path = /tmp writeable = yes inherit permissions = yes -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [samba] spelling mistake in utils/net_groupmap.c but isnt really a bug
Daniel, Thanks. Fixed. - John T. On Monday 21 March 2005 06:37, Daniel Wilson wrote: > Hi developers > > i have noticed a spelling mistake when you execute a net groupmap add > command. > > For example > > bash# net groupmap add unixgroup=uni-staff-planningfinance > ntgroup=uni-staff-planningfinance type=domain comment='All Planning and > Finance Staff' > No rid or sid specified, choosing algorithmic mapping > Successully added group uni-staff-planningfinance to the mapping db > > > You noticed successully is missing an 'f' :) > > didnt think it was worth filling out a bug > > the error is in 'source/utils/net_groupmap.c' line 306, in version 3.0.12 > > Regards > > > -- > > Daniel Wilson > Systems Administrator > > IT & Communications Service > University of Sunderland > Unit 1a Technology Park > Chester Road > Sunderland > SR2 7PT > > Tel: 0191 515 2695 > > This e-mail contains information which is confidential and may be > privileged and is for the exclusive use of the recipient. > It is the responsibility of the recipient to ensure that this message > and its attachments are virus free. > Any views or opinions presented are solely those of the author and do > not necessarily represent those of the University, unless otherwise > specifically > stated. -- John H Terpstra Samba-Team Member Phone: +1 (650) 580-8668 Author: The Official Samba-3 HOWTO & Reference Guide, ISBN: 0131453556 Samba-3 by Example, ISBN: 0131472216 Hardening Linux, ISBN: 0072254971 Other books in production. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] SAMBA3 + LDAP = PDC => ROUND 3!
hi, I think you will have to create computer account in ldap using smbldap-useradd.pl -w option before joining the system to domain. As far as i know, Samba does not allow to create the computer account on the fly, i.e. when your joining the system to domain. If you have any idea about this then do let me know. Thanks & Regards, Mandar Kulkarni Systems Administrator Softcell Technologies Ltd. "[EMAIL PROTECTED]" <[EMAIL PROTECTED]> Sent by: [EMAIL PROTECTED] 21/03/2005 08:44 PM To Bruno Guerreiro <[EMAIL PROTECTED]> cc samba@lists.samba.org Subject Re: [Samba] SAMBA3 + LDAP = PDC => ROUND 3! Thanks ... Done, Now When my windows XP try to join the domain, Accès refusé (Access Deny) So my log : /var/lob/samba/log.poil-barebone [2005/03/21 16:05:40, 2] lib/smbldap.c:smbldap_open_connection(692) smbldap_open_connection: connection opened [2005/03/21 16:05:40, 2] passdb/pdb_ldap.c:init_sam_from_ldap(518) init_sam_from_ldap: Entry found for user: Administrator [2005/03/21 16:05:40, 2] passdb/pdb_ldap.c:init_group_from_ldap(2057) init_group_from_ldap: Entry found for group: 512 [2005/03/21 16:05:40, 2] auth/auth.c:check_ntlm_password(305) check_ntlm_password: authentication for user [Administrator] -> [Administrator] -> [Administrator] succeeded [2005/03/21 16:05:40, 2] rpc_server/srv_samr_nt.c:_samr_lookup_domain(2482) Returning domain sid for domain ARZUR-NT -> S-1-5-21-1874299889-3982645529-2160850509 [2005/03/21 16:05:40, 2] rpc_server/srv_samr_nt.c:access_check_samr_object(93) _samr_open_domain: ACCESS DENIED (requested: 0x0211) [2005/03/21 16:05:40, 2] rpc_server/srv_samr_nt.c:_samr_lookup_domain(2482) Returning domain sid for domain ARZUR-NT -> S-1-5-21-1874299889-3982645529-2160850509 [2005/03/21 16:05:40, 2] rpc_server/srv_samr_nt.c:access_check_samr_function(115) _samr_create_user: ACCESS DENIED (granted: 0x0201; required: 0x0010) [2005/03/21 16:05:41, 2] smbd/server.c:exit_server(575) Closing connections Any Idea? >Hi, >Just my 2 cents. >You're mapping administrator to root in your smbusers file. >Try commenting the "root = Administrator admin " line. > >Best regards, >Bruno Guerreiro > >-Original Message- >From: [EMAIL PROTECTED] >[mailto:[EMAIL PROTECTED] >Sent: segunda-feira, 21 de Março de 2005 14:56 >To: samba@lists.samba.org >Subject: [Samba] SAMBA3 + LDAP = PDC => ROUND 3! > > >Okay, I've upgrade samba, now I use samba3.schema who is with my suse 9.2 >So I delete all in /var/lib/ldap and in /var/lib/samba >Redo smb-populate blablabla (from the howto >http://samba.idealx.org/smbldap-howto.en.html) > >So now when i would like to join my Samba domain : > >[2005/03/21 15:45:51, 2] auth/auth.c:check_ntlm_password(312) > check_ntlm_password: Authentication for user [Administrator] -> >[root] FAILED with error NT_STATUS_NO_SUCH_USER > >When I SSH my box with login Administrator, it's okay! (no bash >/sbin/nologin) > >I go to cry ! > > >getent passwd : >mastok:/etc/samba # getent passwd >root:x:0:0:root:/root:/bin/bash >... >Administrator:x:998:512:Netbios Domain >Administrator:/home/data1/samba/Administrator:/sbin/nologin >nobody:x:999:514:nobody:/dev/null:/sbin/nologin > >vi /etc/samba/smbusers : >root = administrator > > > > > > -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Re: Winbind vs pam_krb5/nss_ldap
AD. wrote: Winbind users need to log on using DOMAIN\USER, while pam_krb5 users just need to use USER for their default realm. Or am I wrong about that one? Wrong. I believe you need to set in smb.conf realm = DOMAIN to make that work. -- Rex -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] SAMBA3 + LDAP = PDC => ROUND 3!
Thanks ... Done, Now When my windows XP try to join the domain, Accès refusé (Access Deny) So my log : /var/lob/samba/log.poil-barebone [2005/03/21 16:05:40, 2] lib/smbldap.c:smbldap_open_connection(692) smbldap_open_connection: connection opened [2005/03/21 16:05:40, 2] passdb/pdb_ldap.c:init_sam_from_ldap(518) init_sam_from_ldap: Entry found for user: Administrator [2005/03/21 16:05:40, 2] passdb/pdb_ldap.c:init_group_from_ldap(2057) init_group_from_ldap: Entry found for group: 512 [2005/03/21 16:05:40, 2] auth/auth.c:check_ntlm_password(305) check_ntlm_password: authentication for user [Administrator] -> [Administrator] -> [Administrator] succeeded [2005/03/21 16:05:40, 2] rpc_server/srv_samr_nt.c:_samr_lookup_domain(2482) Returning domain sid for domain ARZUR-NT -> S-1-5-21-1874299889-3982645529-2160850509 [2005/03/21 16:05:40, 2] rpc_server/srv_samr_nt.c:access_check_samr_object(93) _samr_open_domain: ACCESS DENIED (requested: 0x0211) [2005/03/21 16:05:40, 2] rpc_server/srv_samr_nt.c:_samr_lookup_domain(2482) Returning domain sid for domain ARZUR-NT -> S-1-5-21-1874299889-3982645529-2160850509 [2005/03/21 16:05:40, 2] rpc_server/srv_samr_nt.c:access_check_samr_function(115) _samr_create_user: ACCESS DENIED (granted: 0x0201; required: 0x0010) [2005/03/21 16:05:41, 2] smbd/server.c:exit_server(575) Closing connections Any Idea? Hi, Just my 2 cents. You're mapping administrator to root in your smbusers file. Try commenting the "root = Administrator admin " line. Best regards, Bruno Guerreiro -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: segunda-feira, 21 de Março de 2005 14:56 To: samba@lists.samba.org Subject: [Samba] SAMBA3 + LDAP = PDC => ROUND 3! Okay, I've upgrade samba, now I use samba3.schema who is with my suse 9.2 So I delete all in /var/lib/ldap and in /var/lib/samba Redo smb-populate blablabla (from the howto http://samba.idealx.org/smbldap-howto.en.html) So now when i would like to join my Samba domain : [2005/03/21 15:45:51, 2] auth/auth.c:check_ntlm_password(312) check_ntlm_password: Authentication for user [Administrator] -> [root] FAILED with error NT_STATUS_NO_SUCH_USER When I SSH my box with login Administrator, it's okay! (no bash /sbin/nologin) I go to cry ! getent passwd : mastok:/etc/samba # getent passwd root:x:0:0:root:/root:/bin/bash ... Administrator:x:998:512:Netbios Domain Administrator:/home/data1/samba/Administrator:/sbin/nologin nobody:x:999:514:nobody:/dev/null:/sbin/nologin vi /etc/samba/smbusers : root = administrator -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Cant connect to samba server
i dont think i am using WINS. I have tried putting the entry of samba server into the locan lmhosts file but of no consequence. Also i restart the smb and nbm service after any change i make, be it on the windows side or linux / samba side. Please advice. TBMDF <[EMAIL PROTECTED]> wrote: On Mar 21, 2005, at 6:31 AM, indgirl 6 wrote: > Hi, > > I can ping to the server form windows machine, and vice versa. I can > even telnet to server form windows machine. PLease tell me what other > check i should do. > > > Do you have WINS running? canyou see the server in the Net Hood? try using a hosts/lmhosts file temporarily on the workstations. - Do you Yahoo!? Yahoo! Small Business - Try our new resources site! -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Problem with domain membership
One update: when trying security=server on the fileserver side, I can log on to the fileserver. But i do not want security=server! Any hints out there? Regards Jochen Am Samstag, den 19.03.2005, 13:11 +0100 schrieb Jochen Witte: > Hello, > > I have a Samba 3.0.11/LDAP-Backend PDC configured and I am able to join > all kinds of machines quite well. However my Samba 2.2.12 Linux > Fileserver is just able to join the domain: > > ---snip--- > > [EMAIL PROTECTED]/opt/samba> smbpasswd -j -r -U > Administrator > Password: > Joined domain > ---snip--- > > When I now try to access my Fileserver with a valid PDC account, I get: > > ---snip--- > [EMAIL PROTECTED]/opt/samba> /opt/samba/bin/smbclient -L //hal -U jwitte -W > -d4 > Serverzone is 0 > Initialising global parameters > params.c:pm_process() - Processing configuration file > "/opt/samba-2.2.12/lib/smb.conf" > Processing section "[global]" > doing parameter workgroup = > doing parameter netbios name = HAL > handle_netbios_name: set global_myname to: HAL > doing parameter server string = Samba 2.2.12 on HAL > doing parameter log file = /var/log/samba/%m-log.smbd > doing parameter lock dir = /var/lock/samba > doing parameter template homedir = /home/%U > doing parameter guest account = ftp > doing parameter socket options = IPTOS_LOWDELAY TCP_NODELAY > SO_SNDBUF=8192 SO_RCVBUF=8192 SO_KEEPALIVE > doing parameter kernel oplocks = yes > doing parameter log level = 4 > doing parameter debuglevel = 4 > doing parameter security = domain > doing parameter encrypt passwords = yes > doing parameter password server = * > doing parameter os level = 33 > doing parameter local master = no > doing parameter wins server = 10.128.0.24 > wins_srv_load_list(): Building WINS server list: > 10.128.0.24, > 1 WINS server listed. > doing parameter dns proxy = no > pm_process() returned Yes > added interface ip=10.128.0.23 bcast=10.128.0.255 nmask=255.255.255.0 > Client started (version 2.2.12). > resolve_lmhosts: Attempting lmhosts lookup for name hal<0x20> > resolve_hosts: Attempting host lookup for name hal<0x20> > Connecting to 10.128.0.23 at port 139 > session request ok > Password: > session setup failed: NT_STATUS_LOGON_FAILURE > > ---snip--- > > On the PDC side I get the following: > > ---snip--- > > [2005/03/19 13:08:22, 3] smbd/oplock.c:init_oplocks(1345) > open_oplock_ipc: opening loopback UDP socket. > [2005/03/19 13:08:22, 3] smbd/oplock_linux.c:linux_init_kernel_oplocks > (303) > Linux kernel oplocks enabled > [2005/03/19 13:08:22, 3] smbd/oplock.c:init_oplocks(1376) > open_oplock ipc: pid = 349, global_oplock_port = 36763 > [2005/03/19 13:08:22, 4] lib/time.c:get_serverzone(122) > Serverzone is -3600 > [2005/03/19 13:08:22, 3] smbd/process.c:process_smb(1091) > Transaction 0 of length 168 > [2005/03/19 13:08:22, 3] smbd/process.c:switch_message(886) > switch message SMBnegprot (pid 349) conn 0x0 > [2005/03/19 13:08:22, 3] smbd/sec_ctx.c:set_sec_ctx(288) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 > [2005/03/19 13:08:22, 3] smbd/negprot.c:reply_negprot(461) > Requested protocol [PC NETWORK PROGRAM 1.0] > [2005/03/19 13:08:22, 3] smbd/negprot.c:reply_negprot(461) > Requested protocol [MICROSOFT NETWORKS 1.03] > [2005/03/19 13:08:22, 3] smbd/negprot.c:reply_negprot(461) > Requested protocol [MICROSOFT NETWORKS 3.0] > [2005/03/19 13:08:22, 3] smbd/negprot.c:reply_negprot(461) > Requested protocol [LANMAN1.0] > [2005/03/19 13:08:22, 3] smbd/negprot.c:reply_negprot(461) > Requested protocol [LM1.2X002] > [2005/03/19 13:08:22, 3] smbd/negprot.c:reply_negprot(461) > Requested protocol [Samba] > [2005/03/19 13:08:22, 3] smbd/negprot.c:reply_nt1(327) > not using SPNEGO > [2005/03/19 13:08:22, 3] smbd/negprot.c:reply_negprot(555) > Selected protocol NT LANMAN 1.0 > [2005/03/19 13:08:22, 3] smbd/process.c:process_smb(1091) > Transaction 1 of length 92 > [2005/03/19 13:08:22, 3] smbd/process.c:switch_message(886) > switch message SMBsesssetupX (pid 349) conn 0x0 > [2005/03/19 13:08:22, 3] smbd/sec_ctx.c:set_sec_ctx(288) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 > [2005/03/19 13:08:22, 3] smbd/sesssetup.c:reply_sesssetup_and_X(655) > wct=13 flg2=0xc001 > [2005/03/19 13:08:22, 3] smbd/sesssetup.c:reply_sesssetup_and_X(789) > Domain=[] NativeOS=[Unix] NativeLanMan=[Samba] PrimaryDomain=[] > [2005/03/19 13:08:22, 3] smbd/sesssetup.c:reply_sesssetup_and_X(804) > sesssetupX:[EMAIL PROTECTED] > [2005/03/19 13:08:22, 3] smbd/sesssetup.c:check_guest_password(116) > Got anonymous request > [2005/03/19 13:08:22, 3] auth/auth.c:check_ntlm_password(219) > check_ntlm_password: Checking password for unmapped user [EMAIL PROTECTED] > with the new password interface > [2005/03/19 13:08:22, 3] auth/auth.c:check_ntlm_password(222) > check_ntlm_password: mapped user is: [EMAIL PROTECTED] > [2005/03/19 13:08:22, 3] auth/auth.c:check_ntlm_password(268) > check_ntlm_password: guest authentication for user [] succeeded >
RE: [Samba] SAMBA3 + LDAP = PDC => ROUND 3!
Hi, Just my 2 cents. You're mapping administrator to root in your smbusers file. Try commenting the "root = Administrator admin " line. Best regards, Bruno Guerreiro -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: segunda-feira, 21 de Março de 2005 14:56 To: samba@lists.samba.org Subject: [Samba] SAMBA3 + LDAP = PDC => ROUND 3! Okay, I've upgrade samba, now I use samba3.schema who is with my suse 9.2 So I delete all in /var/lib/ldap and in /var/lib/samba Redo smb-populate blablabla (from the howto http://samba.idealx.org/smbldap-howto.en.html) So now when i would like to join my Samba domain : [2005/03/21 15:45:51, 2] auth/auth.c:check_ntlm_password(312) check_ntlm_password: Authentication for user [Administrator] -> [root] FAILED with error NT_STATUS_NO_SUCH_USER When I SSH my box with login Administrator, it's okay! (no bash /sbin/nologin) I go to cry ! getent passwd : mastok:/etc/samba # getent passwd root:x:0:0:root:/root:/bin/bash ... Administrator:x:998:512:Netbios Domain Administrator:/home/data1/samba/Administrator:/sbin/nologin nobody:x:999:514:nobody:/dev/null:/sbin/nologin vi /etc/samba/smbusers : root = administrator -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] SAMBA3 + LDAP = PDC => ROUND 3!
Okay, I've upgrade samba, now I use samba3.schema who is with my suse 9.2 So I delete all in /var/lib/ldap and in /var/lib/samba Redo smb-populate blablabla (from the howto http://samba.idealx.org/smbldap-howto.en.html) So now when i would like to join my Samba domain : [2005/03/21 15:45:51, 2] auth/auth.c:check_ntlm_password(312) check_ntlm_password: Authentication for user [Administrator] -> [root] FAILED with error NT_STATUS_NO_SUCH_USER When I SSH my box with login Administrator, it's okay! (no bash /sbin/nologin) I go to cry ! getent passwd : mastok:/etc/samba # getent passwd root:x:0:0:root:/root:/bin/bash ... Administrator:x:998:512:Netbios Domain Administrator:/home/data1/samba/Administrator:/sbin/nologin nobody:x:999:514:nobody:/dev/null:/sbin/nologin vi /etc/samba/smbusers : root = administrator -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Top posting is evil
Please don't top post to mailing lists, many people will send your mail to /dev/null it is also very hard to read a thread when replies are top posted. I can understand one liners but even then you get enough one liners and you end up with a mess. Ted -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Cant connect to samba server
did you restart samba after making the changes to smb.conf? Also, try telnetting to the samba tcp/ip ports. so telnet samba_server_ip 135 (and 137, 139, 445) see if you can connect to any or go to www.insecure.org/nmap and run the nmap scanner against the TCP ports of the samba server ip and see what it reports to you (do all of this from one of the windows pc's unable to connect to the samba server) indgirl 6 wrote: Hi, I can ping to the server form windows machine, and vice versa. I can even telnet to server form windows machine. PLease tell me what other check i should do. Ted Kaczmarek <[EMAIL PROTECTED]> wrote: On Fri, 2005-03-18 at 14:26 -0800, indgirl 6 wrote: Hi All, This is very urgent, please help me. I have a redhat machine (2.4.9-e.24) which is acting as a samba server (samba - 2.2.7) Everything was going smoothly until we changes the ip address of our windows machines. Now if i try to connect to the server it gives me the error: "windows cannot find '\\titan". Check the spelling and try again." I have tried connecting by using the IP address too but i get the same error. I have added the new ip range in to the smb.conf file. I even tried (for testing purpose) adding the IP address of my windows machine and see if i can connect but i still cant connect. Please advice what i am doing wrong here. I went through the DIAGNOSTICS.txt and failed at test 8 with the error: System error 53 has occurred. The network path was not found. test 9 with the error: System error 59 has occurred. An unexpected network error occurred. test 10 with the error: querying delta on 12.20.194.255 querying delta on 12.20.194.255 name_query failed to find name delta#1d Test 11: cant browse I know this is sone kind of network issue, but i fail to see where... Can the windows machine even ping the samba server? Ping, traceroute (tracert) tcpdump and or ethereal, as well as the samba logs files might tell you more. Look at things in smaller pieces, make sure the little pieces are doing their work before you look at the assembly of pieces. Ted - Do you Yahoo!? Yahoo! Small Business - Try our new resources site! -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Cant connect to samba server
Hi, I can ping to the server form windows machine, and vice versa. I can even telnet to server form windows machine. PLease tell me what other check i should do. Ted Kaczmarek <[EMAIL PROTECTED]> wrote: On Fri, 2005-03-18 at 14:26 -0800, indgirl 6 wrote: > Hi All, > This is very urgent, please help me. > > I have a redhat machine (2.4.9-e.24) which is acting as a samba server (samba > - 2.2.7) > Everything was going smoothly until we changes the ip address of our windows > machines. > Now if i try to connect to the server it gives me the error: > "windows cannot find '\\titan". Check the spelling and try again." > I have tried connecting by using the IP address too but i get the same error. > > I have added the new ip range in to the smb.conf file. I even tried (for > testing purpose) adding the IP address of my windows machine and see if i can > connect but i still cant connect. Please advice what i am doing wrong here. > > I went through the DIAGNOSTICS.txt and failed at > test 8 with the error: System error 53 has occurred. The network path was not > found. > test 9 with the error: System error 59 has occurred. An unexpected network > error occurred. > > test 10 with the error: querying delta on 12.20.194.255 > querying delta on 12.20.194.255 > name_query failed to find name delta#1d > > Test 11: cant browse > > I know this is sone kind of network issue, but i fail to see where... > > Can the windows machine even ping the samba server? Ping, traceroute (tracert) tcpdump and or ethereal, as well as the samba logs files might tell you more. Look at things in smaller pieces, make sure the little pieces are doing their work before you look at the assembly of pieces. Ted - Do you Yahoo!? Yahoo! Small Business - Try our new resources site! -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] quota support in samba
Hi, We have a samba server with quota enforced on our mounts. linux tools like repquota, quota and edquota work, but samba cant retrieve quota information from the fs. i think the interesting log lines are as follows: [2005/03/21 15:01:46, 10] lib/sysquotas_linux.c:sys_get_linux_gen_quota(316) sys_get_linux_gen_quota: path[/home] bdev[/dev/sda3] SMB_USER_QUOTA_TYPE uid[2 0692] [2005/03/21 15:01:46, 10] lib/sysquotas_linux.c:sys_get_linux_gen_quota(319) errno 3 sys_get_linux_v2_quota: path[/home] bdev[/dev/sda3] SMB_USER_QUOTA_TYPE uid[20692] [2005/03/21 15:01:46, 10] lib/sysquotas_linux.c:sys_get_linux_v2_quota(184) errno 22 sys_get_linux_v1_quota: path[/home] bdev[/dev/sda3] SMB_USER_QUOTA_TYP E uid[20692] [2005/03/21 15:01:46, 10] lib/sysquotas_linux.c:sys_get_linux_v1_quota(49) errno 22 sys_get_vfs_quota() failed for mntpath[/home] bdev[/dev/sda3] qtype[2] id[20692]: Invalid argument my smbd is compiled withe the following options: smbd -b | grep -i quota: HAVE_SYS_QUOTA_H HAVE_LINUX_XFS_QUOTAS HAVE_QUOTACTL_LINUX HAVE_SYS_QUOTAS HAVE_XFS_QUOTAS WITH_QUOTAS WITH_QUOTAS vfs_default_quota_init does anyone of you have a similar problem? thanks in advance christoph -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] File copying under WIN98
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Jens Wulf wrote: | with the Samba3.0.12 release i encountered the following | problem : when i try to copy a file from a samba | share to the local disk then the process hangs with | the windows-message "Preparing to copy" (my translation | from the german message). In a WIN98-DOS-Windows the | copy command hangs too, but the file is created. | The copying from my WIN-XP HOME works. | My previous installed version 3.0.9 worked fine with | the same configuration (smb.conf) | | does anyone have this problem too - and maybe a | solution except reinstalling old samba ? I've been able to reproduce this. Looks like eitehr (a) we stumbled on a Win98 bug, or (b) more probably we stuffed the trans2FindNext response. See https://bugzilla.samba.org/show_bug.cgi?id=2501 for the actual bug report. We'll have a patch out later today. cheers, jerry -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.5 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFCPs60IR7qMdg1EfYRAhBuAJ4zKn+B6H9gwN/PffQUttNAlxRUJgCeNNxp NZVMwT0HpbNouEO+P4vUvDE= =44cj -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[samba] spelling mistake in utils/net_groupmap.c but isnt really a bug
Hi developers i have noticed a spelling mistake when you execute a net groupmap add command. For example bash# net groupmap add unixgroup=uni-staff-planningfinance ntgroup=uni-staff-planningfinance type=domain comment='All Planning and Finance Staff' No rid or sid specified, choosing algorithmic mapping Successully added group uni-staff-planningfinance to the mapping db You noticed successully is missing an 'f' :) didnt think it was worth filling out a bug the error is in 'source/utils/net_groupmap.c' line 306, in version 3.0.12 Regards -- Daniel Wilson Systems Administrator IT & Communications Service University of Sunderland Unit 1a Technology Park Chester Road Sunderland SR2 7PT Tel: 0191 515 2695 This e-mail contains information which is confidential and may be privileged and is for the exclusive use of the recipient. It is the responsibility of the recipient to ensure that this message and its attachments are virus free. Any views or opinions presented are solely those of the author and do not necessarily represent those of the University, unless otherwise specifically stated. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Winbind and openSSH problem on Solaris 8/Sparc
Hello there, I have winbind configured and working fine on a Solaris 8 machine pam is configured ok (I guess) as telnet/su'ing/smb access is working fine, OpenSSH 3.9 is configured with the following options: --prefix=/usr/local --sysconfdir=/etc/ssh --with-md5-passwords --with-default-path=/usr/local/sbin:/usr/sbin:/sbin:/usr/local/bin:/usr/ bin:/bin --with-ipv4-default --with-privsep-path=/var/empty --with-privsep-user=sshd --with-ssl-dir=/tmp/openssl-0.9.7e --with-zlib=/tmp/zlib1.2.2 --with-pam Yet, when trying to login, this is what I see in the messages file: sshd[21182]: [ID 401707 auth.error] open_module: /usr/lib/security/pam_winbind.so failed: ld.so.1: /usr/local/sbin/sshd: fatal: relocation error: file /usr/lib/security/pam_winbind.so: symbol main: referenced symbol not found sshd[21182]: [ID 487707 auth.error] load_modules: can not open module /usr/lib/security/pam_winbind.so sshd[21180]: [ID 800047 auth.error] error: PAM: Dlopen failure for illegal user my_user from x.x.x.x Another issue, not related to this problem - (happens on Solaris 8/sparc machines only) - sometimes when I login while winbind is enabled and running, every command I run is running in the background automatically... this is really annoying... Any suggestions? Thanks. pam.conf: # #ident "@(#)pam.conf 1.1601/01/24 SMI" # # Copyright (c) 1996-2000 by Sun Microsystems, Inc. # All rights reserved. # # PAM configuration # # Authentication management # login auth required/usr/lib/security/pam_winbind.so login auth requisite pam_authtok_get.so.1 login auth required pam_dhkeys.so.1 login auth required pam_unix_auth.so.1 try_first_pass login auth required pam_dial_auth.so.1 try_first_pass # rlogin auth sufficient /usr/lib/security/pam_winbind.so rlogin auth sufficient pam_rhosts_auth.so.1 rlogin auth requisite pam_authtok_get.so.1 rlogin auth required pam_dhkeys.so.1 rlogin auth required pam_unix_auth.so.1 try_first_pass # dtlogin auth sufficient /usr/lib/security/pam_winbind.so dtlogin auth requisite pam_authtok_get.so.1 dtlogin auth required pam_dhkeys.so.1 dtlogin auth required pam_unix_auth.so.1 try_first_pass # rsh auth sufficient pam_rhosts_auth.so.1 rsh auth required pam_unix_auth.so.1 other auth sufficient /usr/lib/security/pam_winbind.so other auth requisite pam_authtok_get.so.1 other auth required pam_dhkeys.so.1 other auth required pam_unix_auth.so.1 try_first_pass # # Account management # login account sufficient /usr/lib/security/pam_winbind.so login account requisite pam_roles.so.1 login account requiredpam_projects.so.1 login account requiredpam_unix_account.so.1 # dtlogin account sufficient /usr/lib/security/pam_winbind.so dtlogin account requisite pam_roles.so.1 dtlogin account requiredpam_projects.so.1 dtlogin account requiredpam_unix_account.so.1 # other account sufficient /usr/lib/security/pam_winbind.so other account requisite pam_roles.so.1 other account requiredpam_projects.so.1 other account requiredpam_unix_account.so.1 # # Session management # other session requiredpam_unix_session.so.1 # # Password management # #other password sufficient /usr/lib/security/pam_winbind.so other password required pam_dhkeys.so.1 other password requisite pam_authtok_get.so.1 other password requisite pam_authtok_check.so.1 other password required pam_authtok_store.so.1 dtsession auth requisite pam_authtok_get.so.1 dtsession auth required pam_dhkeys.so.1 dtsession auth required pam_unix_auth.so.1 # # Support for Kerberos V5 authentication (uncomment to use Kerberos) # #rlogin auth optional pam_krb5.so.1 try_first_pass #login auth optional pam_krb5.so.1 try_first_pass #dtloginauth optional pam_krb5.so.1 try_first_pass #other auth optional pam_krb5.so.1 try_first_pass #dtloginaccount optionalpam_krb5.so.1 #other account optionalpam_krb5.so.1 #other session optionalpam_krb5.so.1 #other password optional pam_krb5.so.1 try_first_pass # # Support for Solaris PPP (sppp) ppp auth requisite pam_authtok_get.so.1 ppp auth required pam_dhkeys.so.1 ppp auth required pam_unix_auth.so.1 ppp authrequiredpam_dial_auth.so.1 ppp account requisite pam_roles.so.1 ppp account requiredpam_projects.so.1 ppp account requiredpam_unix_account.so.1 ppp session required
[Samba] HOWTO critics wanted :-) No, seriously
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Take your best shots! ;-) Help me make this page better by telling me what is wrong. I'll even give you some tips on what I am unsatisfied with: 1. M$'s User Manager for Domains has never worked. 2. I've never been able to get virus scanning operational. http://tinyurl.com/4x3bl - -- - - | I can be reached on the following Instant Messenger services: | |---| | MSN: j_c_llings @ hotmail.com AIM: WyteLi0n ICQ: 123291844 | |---| | Y!: j_c_llingsJabber: jcllings @ njs.netlab.cz| - - -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.5 (MingW32) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFCPsgS57L0B7uXm9oRAhzpAJ9GSk95d42rGbAiQ3niHIvbedzpAACdEWWl tfX5w1XJIKI4mJ6axaTDfcQ= =5c/6 -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] File copying under WIN98
with the Samba3.0.12 release i encountered the following problem : when i try to copy a file from a samba share to the local disk then the process hangs with the windows-message "Preparing to copy" (my translation from the german message). In a WIN98-DOS-Windows the copy command hangs too, but the file is created. The copying from my WIN-XP HOME works. My previous installed version 3.0.9 worked fine with the same configuration (smb.conf) does anyone have this problem too - and maybe a solution except reinstalling old samba ? Greetings Jens -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] repost: permission mix-up happening
Reposting -- didn't notice my post appear. Hi, Presently I am facing a problem configuring our new SAMBA based file-server. Previously we used my workstation as a fileserver for our team (of about 12 users). Recently I moved all that stuff to a machine running Mandrak 10.1 Official (IA32). The way I configured samba is as follows (from smb.conf): [global] workgroup = ASIAPACIFIC netbios name = ocscfs security = user encrypt passwords = yes dns proxy = no [USC-REPOSITORY] comment = USC-REPOSITORY path = /home/USC-REPOSITORY browseable = yes writable = yes I've copied the entire repository of info. from Win2000 machine (old Server) to /home/USC-REPOSITORY (on this server), as "root/root". I've created the unix user id's for all 12 users, with their shell as /usr/bin/false, as recommended in a SAMBA tutorial. Now what happens is that all 12 of us are able to connect, and able to access all files in READ-ONLY mode, but not able to write/change anything. So what I did was did a # chown - R guest:users /home/USC-REPOSITORY # find /home/USC-REPOSITORY -type d -print | xargs chmod 777 # find /home/USC-REPOSITORY -type f -print | xargs chmod 666 i..e. all directories have rwx & all files have rw- permissions, and owner for everything is "guest:users". Note that all other 12 users also have group-id="users" and "guest" is the 13th user with exactly same properties as other users. Now I am still able to read everything and browse thru all directories, but when I see the "Properties->Security" of the directories and files from within the Win2K-Pro or WinXP-Pro clients, it show no-permission to "Everyone" or anyone!! So basically we can neither edit/create/delete files/directories, nor change their permissions. Could someone suggest as to how we can configure SAMBA and the files in the repository s.t. everyone is able to create files/directories, edit/delete them, and maybe even change Security settings for the files. Thanks & regards, Bani -- Diamond is a piece of coal that did well under pressure. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Denied connection for correct conf inside firewall protec tion
I did some tests with test server using Samba 2.2.8a. I received some strange messages in the log file that cannot be with below configuration: _ # ../bin/testparm -x -L pscdv001 ../lib/smb.conf | more Load smb config files from ../lib/smb.conf Processing section "[DVfcsload]" Processing section "[rodrigo]" Processing section "[ipc$]" Loaded services file OK. WARNING: You have some share names that are longer than 8 chars These may give errors while browsing or may not be accessible to some older clients Press enter to see a dump of your service definitions # Global parameters [global] workgroup = MFG4 netbios aliases = pscdv001 server string = Samba Server - Desenvolvimento 3 encrypt passwords = Yes null passwords = Yes smb passwd file = /etc/smbpasswd password level = 8 username level = 8 log level = 0 log file = /var/log/samba/%L/log.%m max log size = 50 deadtime = 4 socket options = TCP_NODELAY SO_SNDBUF=8192 SO_RCVBUF=8192 include = /usr/local/samba/lib/smb.conf.pscdv001 [rodrigo] comment = My folder path = /home/rodrigo read only = No create mask = 0775 directory mask = 0775 hosts allow = 187.10.16.XXX [ipc$] path = /tmp hosts allow = 187.10.16.0/23 127.0.0.1 hosts deny = 0.0.0.0/0 _ From my desktop I mapped the SHARE [rodrigo] and I have no problems to access it. Therefore, analysing the logs files, specifically the client log file in the server, I saw some weird messages: ... [2005/03/15 18:04:18, 0] lib/access.c:check_access(333) Denied connection from (187.10.16.XXX) ... The weird thing is that this messages are logged only when I open some file inside the shared directory from samba. Using "windows explorer", I mapped the share inside windows explorer and using on the server the command "tail -f log.client". At the moment of openning file, a tenth of this messages are logged. The IP address showed is the IP of my Desktop and the open file operation is sucedeed without any error messages from windows. See also that in the smb.conf file, on the SHARE [rodrigo] I put a explicit configuration that allow my host 187.10.16.216 to access that SHARE. Why these messages are logged ?? What is wrong inside my configuration ?? Is wrong ? Tks in advance, Rodrigo José dos Santos Solvo S.A. IT UNIX Administrator Senior (Solaris Specialist) Computing Engineer Phone: (55) 19 3847 6003 Fax: (55) 19 3847 6230 Mobile: (55) 19 8111 8560 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] AD: Password problem?
Yes. Changed passwd and shadow from "compat" to "files winbind" Do i need to restart anything afterwards? The docs says something about pam.d too. I dont have a pam_winbind.so anywhere, where do I get/compile it? Additional info: I've tried "wbinfo --authenticate %xxx" and it worked. (It's running the debian 3.0 r4) > -Original Message- > From: Stuart Westbury [mailto:[EMAIL PROTECTED] > Sent: den 21 mars 2005 12:00 > To: Datatal AB - Gauffin, Jonas > Subject: Re: [Samba] AD: Password problem? > > have you added winbind to /etc/nsswitch.conf ? > > Stuart > > > Hello > > > > I can do wbinfo -u and wbinfo -g to see users and groups from our > > domain. > > But if I do getent passwd I only see local passwords (and > acessing the > > shares from a winxp machine failes with incorrect name/password). > > What can be wrong? > > > > Thanks, > > Jonas > > -- > > To unsubscribe from this list go to the following URL and read the > > instructions: https://lists.samba.org/mailman/listinfo/samba > > > > -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] SAMBA3+LDAP PDC - Cannot join the domain
Okay, so I've RAZ my ldap-database since last week, I've check all my config from samba. Now I have another error :( When I try to join the domain in Administrator; (samba create the computer but ...) : Administrator:x:998:512:Netbios Domain Administrator:/home/data1/samba/Administrator:/sbin/nologin Here's the log of Samba log.poil-barebone ** [2005/03/21 10:51:41, 2] lib/smbldap.c:smbldap_open_connection(692) smbldap_open_connection: connection opened [2005/03/21 10:51:41, 2] passdb/pdb_ldap.c:init_sam_from_ldap(518) init_sam_from_ldap: Entry found for user: root [2005/03/21 10:51:41, 2] passdb/pdb_ldap.c:init_group_from_ldap(2057) init_group_from_ldap: Entry found for group: 513 [2005/03/21 10:51:41, 2] auth/auth.c:check_ntlm_password(305) check_ntlm_password: authentication for user [root] -> [root] -> [root] succeeded [2005/03/21 10:51:42, 2] smbd/server.c:exit_server(575) Closing connections [2005/03/21 10:51:42, 2] lib/smbldap.c:smbldap_open_connection(692) smbldap_open_connection: connection opened [2005/03/21 10:51:42, 2] passdb/pdb_ldap.c:init_sam_from_ldap(518) init_sam_from_ldap: Entry found for user: root [2005/03/21 10:51:42, 2] passdb/pdb_ldap.c:init_group_from_ldap(2057) init_group_from_ldap: Entry found for group: 513 [2005/03/21 10:51:42, 2] auth/auth.c:check_ntlm_password(305) check_ntlm_password: authentication for user [root] -> [root] -> [root] succeeded [2005/03/21 10:51:42, 2] rpc_server/srv_samr_nt.c:_samr_lookup_domain(2482) Returning domain sid for domain ARZURNT -> S-1-5-21-1874299889-3982645529-2160850509 [2005/03/21 10:51:42, 2] passdb/pdb_ldap.c:init_group_from_ldap(2057) init_group_from_ldap: Entry found for group: 515 [2005/03/21 10:51:42, 2] passdb/pdb_ldap.c:init_ldap_from_sam(929) init_ldap_from_sam: Setting entry for user: poil-barebone$ [2005/03/21 10:51:42, 1] passdb/pdb_ldap.c:ldapsam_modify_entry(1552) ldapsam_modify_entry: Failed to modify user dn= uid=poil-barebone$,ou=Computers,dc=arzur,dc=local with: Insufficient access [2005/03/21 10:51:42, 0] passdb/pdb_ldap.c:ldapsam_add_sam_account(1994) ldapsam_add_sam_account: failed to modify/add user with uid = poil-barebone$ (dn = uid=poil-barebone$,ou=Computers,dc=arzur,dc=local) [2005/03/21 10:51:42, 0] rpc_server/srv_samr_nt.c:_samr_create_user(2272) could not add user/computer poil-barebone$ to passdb. Check permissions? [2005/03/21 10:51:42, 2] smbd/server.c:exit_server(575) Closing connections ** So I try to add a root user : root:x:0:0:System User:/home/data1/samba/root:/sbin/nologin When login with it : Here's the log of Samba log.poil-barebone ** [2005/03/21 10:57:36, 2] lib/smbldap.c:smbldap_open_connection(692) smbldap_open_connection: connection opened [2005/03/21 10:57:36, 2] passdb/pdb_ldap.c:init_sam_from_ldap(518) init_sam_from_ldap: Entry found for user: root [2005/03/21 10:57:36, 2] passdb/pdb_ldap.c:init_group_from_ldap(2057) init_group_from_ldap: Entry found for group: 513 [2005/03/21 10:57:36, 2] auth/auth.c:check_ntlm_password(305) check_ntlm_password: authentication for user [root] -> [root] -> [root] succeeded [2005/03/21 10:57:37, 2] smbd/server.c:exit_server(575) Closing connections [2005/03/21 10:57:37, 2] lib/smbldap.c:smbldap_open_connection(692) smbldap_open_connection: connection opened [2005/03/21 10:57:37, 2] passdb/pdb_ldap.c:init_sam_from_ldap(518) init_sam_from_ldap: Entry found for user: root [2005/03/21 10:57:37, 2] passdb/pdb_ldap.c:init_group_from_ldap(2057) init_group_from_ldap: Entry found for group: 513 [2005/03/21 10:57:37, 2] auth/auth.c:check_ntlm_password(305) check_ntlm_password: authentication for user [root] -> [root] -> [root] succeeded [2005/03/21 10:57:37, 2] rpc_server/srv_samr_nt.c:_samr_lookup_domain(2482) Returning domain sid for domain ARZURNT -> S-1-5-21-1874299889-3982645529-2160850509 [2005/03/21 10:57:37, 2] passdb/pdb_ldap.c:init_group_from_ldap(2057) init_group_from_ldap: Entry found for group: 515 [2005/03/21 10:57:37, 2] passdb/pdb_ldap.c:init_ldap_from_sam(929) init_ldap_from_sam: Setting entry for user: poil-barebone$ [2005/03/21 10:57:37, 1] passdb/pdb_ldap.c:ldapsam_modify_entry(1552) ldapsam_modify_entry: Failed to modify user dn= uid=poil-barebone$,ou=Computers,dc=arzur,dc=local with: Insufficient access [2005/03/21 10:57:37, 0] passdb/pdb_ldap.c:ldapsam_add_sam_account(1994) ldapsam_add_sam_account: failed to modify/add user with uid = poil-barebone$ (dn = uid=poil-barebone$,ou=Computers,dc=arzur,dc=local) [2005/03/21 10:57:37, 0] rpc_server/srv_samr_nt.c:_samr_create_user(2272) could not add user/computer poil-barebone$ to passdb. Check permissions? [2005/03/21 10:57:38, 2] smbd/server.c:exit_server(575) Closing connections ** HELP! :-) Than
Re: [Samba] I think I have found the problem, now whats the solution?
On Monday 21 March 2005 08:43, Phil Foxton wrote: > I am trying to setup a Debian Sarge box as a file/print server for a > Win2k3 AD. The linux box can join the AD domain (using kinit > [EMAIL PROTECTED] then net ads join) > > A wbinfo -u gives me "error retreive user list" > A wbinfo -g just list the groups in the "BUILTIN" object on the 2k3 > server > A wbinfo --sequence gives me : > BUILTIN 1 > EBUYER 1 > > Now, as far as I can tell winbind is trying to use the BUILTIN group and > not the actual domain for it's groups and users. > > Am I barking up the wrong tree, or if I am correct how do I force > winbindd to look at the right groups and users? Without some more info on your setup (extract from smb.conf would be nice) it's tricky. What precisely did you join with 'net ads join'... you may want to create your machine account within a *particular* organizational unit if your AD setup is complex... > > Phil > -- > Phil Foxton > Systems Administrator > Ebuyer (UK) Ltd > 201 Woodbourn Road, Sheffield, S9 3LR -- Mark Taylor Sirius www.siriusit.co.uk Tel +44 (0)870 608 0063 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Solaris ACLs + Linux ACLS - Files Becoming Read Only
Samba 3.0.11 + acl (ext3) - I have to second this, but actually we are seeing the same problem with Linux ACLS (ext3) and Office 97. Further investigation showed that although the acls seem to be inherited (eg the group has write access) the do not seem to be honoured with regard to the user. Let me give an example to clarify: 2 users: y,x belogn to group: mygroup user x creates a file: A user y modifies file A user x cannot modify file A anymore Permissions for user X are being set to read-only. Note: In our case the user (X) is actually able to change the permissions and to write to the file again. It would greatly appreciated if someone know a solution to this problem. regards, Bolke de Bruin Solaris ACLs - Files Becoming Read Only --- Problem: Since we have upgraded to Microsoft Office 2003 from Microsoft Office 2000 we have had problems with files becoming Read Only. Background: --- We have read-only and write groups which have access to files. We control access using both the Samba configuration file and file system ACLs. This give our users the flexibilty to access files via NFS, FTP or Samba. We have had no problems until upgrading to Microsoft Office 2003 on our client devices. Rolling back to Microsoft Office 2000 is unfortunately not an option. When more than one users accesses a document using either Microsoft Word 2003 or Microsoft Excel 2003 Samba will change permissions on the file and also modify the underlying ACL. The access does NOT have to be concurrent. One user can finish working with the file and another user can attempt to edit the file and cause it to become read-only. System Information: --- Operating System - Solaris 9 (sparc) Samba Version - 3.08 Samba has been compiled with ACL support. Abridged Samba Configuration: - [global] kernel oplocks = No create mask = 0770 oplocks = No level2 oplocks = No [sharename] valid users = @"readgroup",@"writegroup" read list = @"readgroup" write list = @"writegroup" force group = "readgroup" create mask = 0740 force create mode = 0740 inherit permissions = yes inherit acls = yes Solaris ACL Configuration - The following is the ACL information on a file. user::rwx group::--- #effective:--- group:readgroup:r-x#effective:r-x group:writegroup:rwx #effective:rwx mask:rwx other:--- Standard Unix permissions on this file appear as -rwx--+ (the + symbolises that the file has ACLs set) The following is the resulting file permissions and ACLs on an AFFECTED FILE. user::r-x user:username:rwx #effective:rwx group::r-x #effective:r-x group:writegroup:rwx #effective:rwx mask:rwx other:--- -r-xr-x---+ Whats Been Tried We have tried enabling and disabling OpLocks without success. We have also tried to disable ACLs on the file system and use standard UNIX permissions. This DOES stop files from becoming read only, but only provides the required access when accessing the file system via Samba. We need to continue using ACLs as Samba is not the only method used to access files. Any ideas on how we may solve this problem would be greatly appreciated. Thanks, Damien -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] samba frond-end (load balancing)
On Sat, Mar 19, 2005 at 10:14:47PM +0100, [EMAIL PROTECTED] wrote: >Hi All, > >I work on HA samba project for my company. My plan is use some samba >server like front-ends with remotely storage mouted by nfs to this >servers. > >Questions: > >1) I read some information about this in official Samba HOW-TO, but i >still don't know if this solution is posible or not? This is not a question of possibility but a question of sense. Does this idea have sense ? In my eyes - she doesn't. Fileserver services are mostly I/O expensive, not CPU. That's why your problem is storage and network throughput; not the smb servers nor their count, nor their speed. >2) and which software or hardware must be use for balancing? Divide the storage accross multiple disks and RAIDs, use DFS for application layer share management, use faster network and maybe FC instead of NFS. >3) May I use dns for load balancig ( I think not, but I'm not sure) DNS gives you yet more overhead, but (I guess) your bottleneck is I/O. >4) Excuse me for my bad english and thanks for your time. Your welcome. My english is bad, too. So what ? Most important is: I understood you. >Look on picture (hope this will ok after send :) ) > > >| LoadBalancing | >- > | > --- > | | | | > >| smb | | smb | | smb | | smb | > > | | | | > --- >| > > > | storage | > - Have a look at this scheme one more time: the "smb" nodes do not compute anything. They read and write to/from storage and send/receive the packets over network. They are - in fact - I/O <-> network converter. If you want accelerate your services, balance the load on storage level: use multiple storages, use different sets of RAIDs. The addition of succesives smb servers will not increase the global availability of your fileserver. This goal you can achieve using i.a. heartbeat as ha-cluster. Greetigs, mpr. -- Marcin Przyczyna Net & Sys Admin, citiworks AG [EMAIL PROTECTED] +49 89 9925 75356 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] I think I have found the problem, now whats the solution?
I am trying to setup a Debian Sarge box as a file/print server for a Win2k3 AD. The linux box can join the AD domain (using kinit [EMAIL PROTECTED] then net ads join) A wbinfo -u gives me "error retreive user list" A wbinfo -g just list the groups in the "BUILTIN" object on the 2k3 server A wbinfo --sequence gives me : BUILTIN 1 EBUYER 1 Now, as far as I can tell winbind is trying to use the BUILTIN group and not the actual domain for it's groups and users. Am I barking up the wrong tree, or if I am correct how do I force winbindd to look at the right groups and users? Phil -- Phil Foxton Systems Administrator Ebuyer (UK) Ltd 201 Woodbourn Road, Sheffield, S9 3LR -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] permission mix-up happening
Hi, Presently I am facing a problem configuring our new SAMBA based file-server. Previously we used my workstation as a fileserver for our team (of about 12 users). Recently I moved all that stuff to a machine running Mandrak 10.1 Official (IA32). The way I configured samba is as follows (from smb.conf): [global] workgroup = ASIAPACIFIC netbios name = ocscfs security = user encrypt passwords = yes dns proxy = no [USC-REPOSITORY] comment = USC-REPOSITORY path = /home/USC-REPOSITORY browseable = yes writable = yes I've copied the entire repository of info. from Win2000 machine (old Server) to /home/USC-REPOSITORY (on this server), as "root/root". I've created the unix user id's for all 12 users, with their shell as /usr/bin/false, as recommended in a SAMBA tutorial. Now what happens is that all 12 of us are able to connect, and able to access all files in READ-ONLY mode, but not able to write/change anything. So what I did was did a # chown - R guest:users /home/USC-REPOSITORY # find /home/USC-REPOSITORY -type d -print | xargs chmod 777 # find /home/USC-REPOSITORY -type f -print | xargs chmod 666 i..e. all directories have rwx & all files have rw- permissions, and owner for everything is "guest:users". Note that all other 12 users also have group-id="users" and "guest" is the 13th user with exactly same properties as other users. Now I am still able to read everything and browse thru all directories, but when I see the "Properties->Security" of the directories and files from within the Win2K-Pro or WinXP-Pro clients, it show no-permission to "Everyone" or anyone!! So basically we can neither edit/create/delete files/directories, nor change their permissions. Could someone suggest as to how we can configure SAMBA and the files in the repository s.t. everyone is able to create files/directories, edit/delete them, and maybe even change Security settings for the files. Thanks & regards, Bani -- Diamond is a piece of coal that did well under pressure. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] error Samba 3.0.12 on Fedora3 ( winbind )
I have upgraded my samba from version 3.0.10 to version 3.0.12, but after I check by order of " dmesg" there is order the the following mistake : audit(379728.999:0): avc: denied { search } for pid=24686 exe=/usr/sbin/winbindd name=lib dev=dm-0 ino=7815170 scontext=root:system_r:winbind_t tcontext=system_u:object_r:var_lib_t tclass=dir audit(379729.041:0): avc: denied { search } for pid=24687 exe=/usr/sbin/winbindd name=lib dev=dm-0 ino=7815170 scontext=root:system_r:winbind_t tcontext=system_u:object_r:var_lib_t tclass=dir audit(379729.042:0): avc: denied { search } for pid=24687 exe=/usr/sbin/winbindd name=lib dev=dm-0 ino=7815170 scontext=root:system_r:winbind_t tcontext=system_u:object_r:var_lib_t tclass=dir audit(379729.042:0): avc: denied { search } for pid=24687 exe=/usr/sbin/winbindd name=lib dev=dm-0 ino=7815170 scontext=root:system_r:winbind_t tcontext=system_u:object_r:var_lib_t tclass=dir what samba 3.0.12 have full support in fedora 3 ? regard, Dadang -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] error Samba 3.0.12 on Fedora3 ( winbind )
I have upgraded my samba from version 3.0.10 to version 3.0.12, but after I check by order of " dmesg" there is order the the following mistake : audit(379728.999:0): avc: denied { search } for pid=24686 exe=/usr/sbin/winbindd name=lib dev=dm-0 ino=7815170 scontext=root:system_r:winbind_t tcontext=system_u:object_r:var_lib_t tclass=dir audit(379729.041:0): avc: denied { search } for pid=24687 exe=/usr/sbin/winbindd name=lib dev=dm-0 ino=7815170 scontext=root:system_r:winbind_t tcontext=system_u:object_r:var_lib_t tclass=dir audit(379729.042:0): avc: denied { search } for pid=24687 exe=/usr/sbin/winbindd name=lib dev=dm-0 ino=7815170 scontext=root:system_r:winbind_t tcontext=system_u:object_r:var_lib_t tclass=dir audit(379729.042:0): avc: denied { search } for pid=24687 exe=/usr/sbin/winbindd name=lib dev=dm-0 ino=7815170 scontext=root:system_r:winbind_t tcontext=system_u:object_r:var_lib_t tclass=dir what samba 3.0.12 have full support in fedora 3 ? regard, Dadang -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] AD: Password problem?
Hello I can do wbinfo -u and wbinfo -g to see users and groups from our domain. But if I do getent passwd I only see local passwords (and acessing the shares from a winxp machine failes with incorrect name/password). What can be wrong? Thanks, Jonas -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba