date:20050321

On Monday 21 March 2005 12:23, Mccrory, Kevin B wrote:
> userpaddword

Yikes! Thanks for bumping me with this. It's fixed in the source tree now.

- John T.
-- 
John H Terpstra
Samba-Team Member
Phone: +1 (650) 580-8668

Author:
The Official Samba-3 HOWTO & Reference Guide, ISBN: 0131453556
Samba-3 by Example, ISBN: 0131472216
Hardening Linux, ISBN: 0072254971
Other books in production.
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] smb.conf man page error

Doug,

Thanks for spotting that. I've fixed that in the man page sources.

- John T.

On Monday 21 March 2005 19:41, Doug Campbell wrote:
> I think this is an error in the man page smb.conf:
>
>ldap group suffix (G)
>   This  parameters  specifies  the suffix that is used for
> groups
>   when these are added to the LDAP directory. If  this
> parameter
>   is unset, the value of ldap suffix will be used instead.
>
>   Default: ldap group suffix =
>
>   Example: ldap group suffix = dc=samba,ou=Groups
>
> Shouldn't the example line read:
>
> Example: ldap group suffix = ou=Groups,dc=samba
>
>
> Doug

-- 
John H Terpstra
Samba-Team Member
Phone: +1 (650) 580-8668

Author:
The Official Samba-3 HOWTO & Reference Guide, ISBN: 0131453556
Samba-3 by Example, ISBN: 0131472216
Hardening Linux, ISBN: 0072254971
Other books in production.
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Login time

2005-03-21 Thread Gerd-Christian Michalke

hi !

I am quite sure this issue has been raised several times, but could not find 
any info on the net or on the list, so here it is:

is it possible to refuse or accept a logon depending on the hour where a user 
tries to. 

If yes, how ?

If not, what can be done about it ?

Thanks in advance for any information about that !

Kind regards,
G. Michalke
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

RE: [Samba] Coule really use some help (Samba PDC)

2005-03-21 Thread Craig White

On Tue, 2005-03-22 at 10:41 +0800, Doug Campbell wrote:

> > ldap suffix = o=ventusnetworks.com,dc=na
> > ldap filter = (&(uid=%u)(objectclass=sambaSamAccount))
> > ldap machine suffix = ou=Computers
> > ldap user suffix = ou=Staff
> > ldap group suffix = ou=Groups
> > ldap admin dn = "cn=Manager,dc=na"
> 
> Also, I am a newbie to LDAP too but shouldn't your suffixes be the full DN.
> For example, instead of
> 
> ldap machine suffix = ou=Computers
> 
> shouldn't it be
> 
> ldap machine suffix = ou=Computers,o=vertusnetworks.com,dc=na
---
No - I think that 

ldap machine suffix = ou=Computers

is sufficient and proper for the above

the ldap filter should probably be commented out though - but it should
work.

Craig

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

RE: [Samba] idmap LDAP backend

2005-03-21 Thread Ted Kaczmarek

On Mon, 2005-03-21 at 11:30 -0800, Theodore Jencks wrote:
> Figure this out a little further:
> 
> I had the following in my smb.conf:
> idmap uid = 1-2
> idmap gid = 1-2
> idmap backend = ldap:ldap://localhost
> ldap admin dn = cn=manager,dc=navis,dc=net
> ldap suffix = "ou=smb,dc=navis,dc=net"
> ldap idmap suffix = "ou=idmap"
> 
> I took the quotes off and now Winbind seems to connect to LDAP fine:
> ldap suffix = ou=smb,dc=navis,dc=net
> ldap idmap suffix = ou=idmap
> 
> 
> I'm now getting this when I start Winbind in the Winbind log:
> [2005/03/21 11:16:25, 5] lib/gencache.c:gencache_init(59)
>   Opening cache file at /var/lock/samba/gencache.tdb
> [2005/03/21 11:16:25, 5] libsmb/namecache.c:namecache_enable(58)
>   namecache_enable: enabling netbios namecache, timeout 660 seconds
> [2005/03/21 11:16:25, 5] sam/idmap.c:smb_register_idmap(91)
>   smb_register_idmap: Successfully added idmap backend 'ldap'
> [2005/03/21 11:16:25, 5] sam/idmap.c:smb_register_idmap(91)
>   smb_register_idmap: Successfully added idmap backend 'tdb'
> [2005/03/21 11:16:25, 3] sam/idmap.c:idmap_init(132)
>   idmap_init: using 'ldap' as remote backend
> [2005/03/21 11:16:25, 5] lib/smbldap.c:smbldap_search(1038)
>   smbldap_search: base => [ou=idmap,ou=smb,dc=navis,dc=net], filter =>
> [(objectclass=sambaUnixIdPool)], scope => [2]
> [2005/03/21 11:16:25, 5] lib/smbldap.c:smbldap_close(949)
>   The connection to the LDAP server was closed
> [2005/03/21 11:16:25, 2] lib/smbldap.c:smbldap_open_connection(692)
>   smbldap_open_connection: connection opened
> [2005/03/21 11:16:26, 3] lib/smbldap.c:smbldap_connect_system(866)
>   ldap_connect_system: succesful connection to the LDAP server
>   ldap_connect_system: LDAP server does support paged results
> [2005/03/21 11:16:26, 4] lib/smbldap.c:smbldap_open(929)
>   The LDAP server is succesfully connected
> [2005/03/21 11:16:26, 2] lib/tallocmsg.c:register_msg_pool_usage(57)
>   Registered MSG_REQ_POOL_USAGE
> [2005/03/21 11:16:26, 2] lib/dmallocmsg.c:register_dmalloc_msgs(71)
>   Registered MSG_REQ_DMALLOC_MARK and LOG_CHANGED
> [2005/03/21 11:16:26, 2]
> nsswitch/winbindd_util.c:add_trusted_domain(175)
>   Added domain HQ HQ.NAVIS.NET S-0-0
> [2005/03/21 11:16:26, 4]
> passdb/secrets.c:secrets_fetch_trust_account_password(290)
>   Using cleartext machine password
> 
> 
> However I still think there is a problem because getent passwd only
> returns local usernames.  When I'm not using the ldap idmap backend
> getent passwd runs as expected giving both local and domain usernames.
> 
> Any help appreciated,
> Theo
> 
> 
> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] On Behalf Of
> Theodore Jencks
> Sent: Monday, March 21, 2005 9:52 AM
> To: samba@lists.samba.org
> Subject: RE: [Samba] idmap LDAP backend
> 
> Ok, I made the change however the LDAP backend for idmap is still not
> working.  I set Winbind to debugging level 5 and get the following in
> the logs:
> 
> [2005/03/21 09:45:05, 2] lib/interface.c:add_interface(81)
>   added interface ip=192.168.192.112 bcast=192.168.195.255
> nmask=255.255.252.0
> [2005/03/21 09:45:05, 5] lib/util.c:init_names(256)
>   Netbios name list:-
>   my_netbios_names[0]="THEO"
> [2005/03/21 09:45:05, 2] lib/interface.c:add_interface(81)
>   added interface ip=192.168.192.112 bcast=192.168.195.255
> nmask=255.255.252.0
> [2005/03/21 09:45:05, 5] lib/gencache.c:gencache_init(59)
>   Opening cache file at /var/lock/samba/gencache.tdb
> [2005/03/21 09:45:05, 5] libsmb/namecache.c:namecache_enable(58)
>   namecache_enable: enabling netbios namecache, timeout 660 seconds
> [2005/03/21 09:45:05, 5] sam/idmap.c:smb_register_idmap(91)
>   smb_register_idmap: Successfully added idmap backend 'ldap'
> [2005/03/21 09:45:05, 5] sam/idmap.c:smb_register_idmap(91)
>   smb_register_idmap: Successfully added idmap backend 'tdb'
> [2005/03/21 09:45:05, 3] sam/idmap.c:idmap_init(132)
>   idmap_init: using 'ldap' as remote backend
> [2005/03/21 09:45:05, 5] lib/smbldap.c:smbldap_search(1038)
>   smbldap_search: base => ["ou=idmap","ou=smb,dc=navis,dc=net"], filter
> => [(objectclass=sambaUnixIdPool)], scope => [2]
> [2005/03/21 09:45:05, 5] lib/smbldap.c:smbldap_close(949)
>   The connection to the LDAP server was closed
> [2005/03/21 09:45:05, 2] lib/smbldap.c:smbldap_open_connection(692)
>   smbldap_open_connection: connection opened
> [2005/03/21 09:45:05, 3] lib/smbldap.c:smbldap_connect_system(866)
>   ldap_connect_system: succesful connection to the LDAP server
>   ldap_connect_system: LDAP server does support paged results
> [2005/03/21 09:45:05, 4] lib/smbldap.c:smbldap_open(929)
>   The LDAP server is succesfully connected
> [2005/03/21 09:45:05, 0] sam/idmap.c:idmap_init(138)
>   idmap_init: failed to initialize remote backend!
> 
> 
> Looks like it tries to get what are called paged results and then it
> fails to initialize remote backend.  I'm not quite sure what is going on
> here and any further guidance w

[Samba] win2k vs smbmount, number of cifs ops required

2005-03-21 Thread Barry Robison

I'm working on some data pipeline issues, and found some interesting results in 
comparing win2k vs samba. The volume being mounted is a NetApp 960. NetApp 
provides a way see the # of cifs operations on a given volume/qtree. So I 
compared how many ops are generated by copying a 12MB file ( a single 2k image 
). 

The initial reasoning behind this testing was seeing if copying a file at the 
end of a render was more efficient than trickling data in as it rendered. Here 
are the results, and the script used to simulate the "trickle". On win32 I used 
cygwins dd. Any insight or comments would be welcome.

Thanks!

#!/usr/bin/perl
# 12288000 byte file

# win32 explorer cp 213 ops
# win32 shell cp 210 ops
# win32 dd @ 1024 bs 1068 ops
# win32 dd @ 2048 bs 869 ops
# win32 dd @ 4096 bs 833 ops

# linux cp 3006 ops
# dd @ 1024 bs 12321 ops
# dd @ 2048 bs 6321 ops
# dd @ 4096 bs 3321 ops

my $bs = 2048;
my $skip = 0;
my $count = 94;

for(0..63) {
$skip = $_ * $count;
my $dd = qq|dd if=/home/users/barryr/test.jpg of=/mnt/sc65/foo.jpg 
bs=$bs count=$count seek=$skip skip=$skip|;
warn "$dd\n";
system( $dd );
}

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] smb.conf man page error

2005-03-21 Thread Doug Campbell

I think this is an error in the man page smb.conf:

   ldap group suffix (G)
  This  parameters  specifies  the suffix that is used for
groups
  when these are added to the LDAP directory. If  this
parameter
  is unset, the value of ldap suffix will be used instead.

  Default: ldap group suffix =

  Example: ldap group suffix = dc=samba,ou=Groups

Shouldn't the example line read:

Example: ldap group suffix = ou=Groups,dc=samba


Doug

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

RE: [Samba] Coule really use some help (Samba PDC)

2005-03-21 Thread Doug Campbell

John,

> Anyway, I am here. When trying to join a domain with the administrator
> account I get "no mapping between account name and security ID's was done"
> And the joining fails...
>
> All the needed files are attached, from the ldap log. to the samba.conf
> to the ldifs of the machine, root and admin account.
> Trying with the root account nets me the same error
>
> in smbusers I noticed an entry i never made
>
> root = administrator
>
> software versions:
>
> [EMAIL PROTECTED] openldap-data]# rpm -qa |grep samba
> samba-3.0.11-1
> samba-swat-3.0.11-1
> samba-client-3.0.11-1
> samba-common-3.0.11-1
>
> I am assumine the rpm or something else made that mapping. I dunno...

This entry is normal, I believe.  But according to you smb.conf file, you
aren't using the username map parameter, so the fact the file is their
shouldn't matter.

> net groupmap list
>
> Engineering (S-1-5-21-1391849139-953726148-1374988380-9005) -> Engineering
> Staff (S-1-5-21-1391849139-953726148-1374988380-9003) -> Staff
> Sales (S-1-5-21-1391849139-953726148-1374988380-9007) -> Sales
> Administration (S-1-5-21-1391849139-953726148-1374988380-9009) ->
> Administration
> Domain Admins (S-1-5-21-3107161993-1039155829-3332455197-512) ->
> Domain Admins
> Domain Users (S-1-5-21-3107161993-1039155829-3332455197-513) ->
> Domain Users
> Domain Guests (S-1-5-21-3107161993-1039155829-3332455197-514) ->
> Domain Guests
> Domain Computers (S-1-5-21-3107161993-1039155829-3332455197-515)
> -> Domain Computers
> Administrators (S-1-5-32-544) -> Administrators
> Print Operators (S-1-5-32-550) -> Print Operators
> Backup Operators (S-1-5-32-551) -> Backup Operators
> Replicators (S-1-5-32-552) -> Replicators

I don't know if this will help you with your problem or not.  I'm very new
to Samba but you will notice that you group SIDs aren't consistent.  My
guess is that this could be causing someone of your problems.

You could try:

net getlocalsid

to find out what your SID is supposed to be.  Then verify that you have set
that correctyl in your smbldap.conf file for the Idealx tools.

> ldap suffix = o=ventusnetworks.com,dc=na
> ldap filter = (&(uid=%u)(objectclass=sambaSamAccount))
> ldap machine suffix = ou=Computers
> ldap user suffix = ou=Staff
> ldap group suffix = ou=Groups
> ldap admin dn = "cn=Manager,dc=na"

Also, I am a newbie to LDAP too but shouldn't your suffixes be the full DN.
For example, instead of

ldap machine suffix = ou=Computers

shouldn't it be

ldap machine suffix = ou=Computers,o=vertusnetworks.com,dc=na

or whatever you DN is?

Doug

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

RE: [Samba] idmap LDAP backend

2005-03-21 Thread Theodore Jencks

Ok so things seem to be working better now.  The LDAP backend is
populated with SID to Unix ID mappings however if I run "getent passwd"
the local user list is returned followed by a long pause then nothing.
I would like to correct this behavior because it means that something is
screwed up someplace.

I have created a couple file shares in my smb.conf as follows:

[software]
   comment = Software for IT personnel
   path = /share/software
   read only = no
   public = no
   writable = yes
   printable = no
   browseable = yes
   valid users = @"HQ+Domain Admins"

[backup]
   comment = Misc. data backups
   path = /share/backup
   read only = no
   public = no
   writable = yes
   printable = no
   browseable = yes
   valid users = HQ+tjencks

I can access both of these shares from my windows domain account however
other users that are in the Domain Admins group get prompted for a
password when trying to access the "software" share.  I can't figure out
why my domain account is the only one that seems to work for this share.
I've checked permissions on the /share/software directory and they were
set as follows:

'chown "HQ+tjencks":"HQ+Domain Admins" software' then I did
'chmod 775 software'

Ls -l shows
drwxrwxr-x  4 tjencks domain admins 96 Mar 21 07:10 software


I don't know what could be wrong?

Thanks in advance for any and all help, tip or snippet of info.
Theo


-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of
Theodore Jencks
Sent: Monday, March 21, 2005 11:30 AM
To: samba@lists.samba.org
Subject: RE: [Samba] idmap LDAP backend

Figure this out a little further:

I had the following in my smb.conf:
idmap uid = 1-2
idmap gid = 1-2
idmap backend = ldap:ldap://localhost
ldap admin dn = cn=manager,dc=navis,dc=net
ldap suffix = "ou=smb,dc=navis,dc=net"
ldap idmap suffix = "ou=idmap"

I took the quotes off and now Winbind seems to connect to LDAP fine:
ldap suffix = ou=smb,dc=navis,dc=net
ldap idmap suffix = ou=idmap


I'm now getting this when I start Winbind in the Winbind log:
[2005/03/21 11:16:25, 5] lib/gencache.c:gencache_init(59)
  Opening cache file at /var/lock/samba/gencache.tdb
[2005/03/21 11:16:25, 5] libsmb/namecache.c:namecache_enable(58)
  namecache_enable: enabling netbios namecache, timeout 660 seconds
[2005/03/21 11:16:25, 5] sam/idmap.c:smb_register_idmap(91)
  smb_register_idmap: Successfully added idmap backend 'ldap'
[2005/03/21 11:16:25, 5] sam/idmap.c:smb_register_idmap(91)
  smb_register_idmap: Successfully added idmap backend 'tdb'
[2005/03/21 11:16:25, 3] sam/idmap.c:idmap_init(132)
  idmap_init: using 'ldap' as remote backend
[2005/03/21 11:16:25, 5] lib/smbldap.c:smbldap_search(1038)
  smbldap_search: base => [ou=idmap,ou=smb,dc=navis,dc=net], filter =>
[(objectclass=sambaUnixIdPool)], scope => [2]
[2005/03/21 11:16:25, 5] lib/smbldap.c:smbldap_close(949)
  The connection to the LDAP server was closed
[2005/03/21 11:16:25, 2] lib/smbldap.c:smbldap_open_connection(692)
  smbldap_open_connection: connection opened
[2005/03/21 11:16:26, 3] lib/smbldap.c:smbldap_connect_system(866)
  ldap_connect_system: succesful connection to the LDAP server
  ldap_connect_system: LDAP server does support paged results
[2005/03/21 11:16:26, 4] lib/smbldap.c:smbldap_open(929)
  The LDAP server is succesfully connected
[2005/03/21 11:16:26, 2] lib/tallocmsg.c:register_msg_pool_usage(57)
  Registered MSG_REQ_POOL_USAGE
[2005/03/21 11:16:26, 2] lib/dmallocmsg.c:register_dmalloc_msgs(71)
  Registered MSG_REQ_DMALLOC_MARK and LOG_CHANGED
[2005/03/21 11:16:26, 2]
nsswitch/winbindd_util.c:add_trusted_domain(175)
  Added domain HQ HQ.NAVIS.NET S-0-0
[2005/03/21 11:16:26, 4]
passdb/secrets.c:secrets_fetch_trust_account_password(290)
  Using cleartext machine password


However I still think there is a problem because getent passwd only
returns local usernames.  When I'm not using the ldap idmap backend
getent passwd runs as expected giving both local and domain usernames.

Any help appreciated,
Theo


-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of
Theodore Jencks
Sent: Monday, March 21, 2005 9:52 AM
To: samba@lists.samba.org
Subject: RE: [Samba] idmap LDAP backend

Ok, I made the change however the LDAP backend for idmap is still not
working.  I set Winbind to debugging level 5 and get the following in
the logs:

[2005/03/21 09:45:05, 2] lib/interface.c:add_interface(81)
  added interface ip=192.168.192.112 bcast=192.168.195.255
nmask=255.255.252.0
[2005/03/21 09:45:05, 5] lib/util.c:init_names(256)
  Netbios name list:-
  my_netbios_names[0]="THEO"
[2005/03/21 09:45:05, 2] lib/interface.c:add_interface(81)
  added interface ip=192.168.192.112 bcast=192.168.195.255
nmask=255.255.252.0
[2005/03/21 09:45:05, 5] lib/gencache.c:gencache_init(59)
  Opening cache file at /var/lock/samba/gencache.tdb
[2005/03/21 09:45:05, 5] libsmb/namecache.c:namecache_enable(58)
  namecache_enable: enabling netbios namecache, ti

Re: [Samba] Coule really use some help (Samba PDC)

2005-03-21 Thread Craig White

On Tue, 2005-03-22 at 00:12 +0100, Tony Earnshaw wrote:
> John Zakhar:
> 
> > First email was rejected due to size so the log files are inline in the
> > msg now..
> >
> > I have NEVER had so much trouble with a
> > samba PDC before. I need to turn in my unix admin license, this is
> > pathetic...
> 
> Hey wait a minute, we all get fits like that now and again. Have to admit
> that mine mostly come with Windows, I can always get Unix/Linux to work ;)
> 
> This could take some time, I live in Europe, it's near my bedtime, I'm
> licked for today and I need sleep. What's more, I'm a modem person at home
> and am only connected a couple of times a day.
> 
> Anyway: I have a 75+ PDC running "at work", with Samba 3.0.11 and OpenLDAP
> 2.2.23. on RHAS3, so ...
> 
> > Anyway, I am here. When trying to join a domain with the administrator
> > account I get "no mapping between account name and security ID's was done"
> >  And the joining fails...
> >
> >
> > All the needed files are attached, from the ldap log. to the samba.conf
> > to the ldifs of the machine, root and admin account. Trying with the root
> > account nets me the same error
> 
> There's too much shit there. You're getting hung up in the details. And I
> didn't see any LDAP log, even if I had, it probably would have been
> useless. You need to do a 'tail -f' on it (-d 256) while things are
> happening to get any sense from it.
> 
> Your local SIDs are all messed up for a start. You have:
> 
> S-1-5-21-1391849139-953726148-1374988380
> and
> S-1-5-21-3107161993-1039155829-3332455197
> 
> all mixed up together.

yeah - this is a problem for sure

> 
> And the following SIDs can surely not be right:
> 
> Administrators (S-1-5-32-544) -> Administrators
> Print Operators (S-1-5-32-550) -> Print Operators
> Backup Operators (S-1-5-32-551) -> Backup Operators
> Replicators (S-1-5-32-552) -> Replicators

actually - these are considered to be 'local groups' and not domain
groups so these would be correct

> 
> Get all that sorted out before you go on.
> 
> Your smb.conf looks more or less o.k. (didn't dwell on it)
> 
> You're using the Idealx crap without understanding LDAP or what you're
> doing. Use GQ 1.0beta1 for managing your Your mappings are all wrong. Look
> at the alternative Appendix A method of using LDAP in Samba in the Samba
> HOWTO. Here are my mappings up to now at my production site (sorry about
> the wrapping, I decided to use SquirrelMail for this mail and it always
> breaks at 76 chars):
> 
> Domain Admins (S-1-5-21-2520587299-2798274336-2978297563-512) -> domadmin
> Domain Guests (S-1-5-21-2520587299-2798274336-2978297563-514) -> domguest
> Domain Users (S-1-5-21-2520587299-2798274336-2978297563-513) -> domuser
> Leden van Personeel (S-1-5-21-2520587299-2798274336-2978297563-8001) ->
> personeel
> Leden van Docenten (S-1-5-21-2520587299-2798274336-2978297563-1001) ->
> docenten
> Leden van Leerlingen (S-1-5-21-2520587299-2798274336-2978297563-2001) ->
> leerlingen
> Leden van Directie (S-1-5-21-2520587299-2798274336-2978297563-10001) ->
> directie
> Administratie (S-1-5-21-2520587299-2798274336-2978297563-15007) ->
> administratie
> 
> Never mind that you don't know what the Dutch words mean. See that I map
> from NT IDs to Unix IDs where the Unix IDs are Posix IDs? See that the
> domain SIDs are all the same?
> 
> The secrets are in Appendix A of the Samba HOWTO and in getting things
> working with GQ.
> 
> Get those right, and I'll see if I can come back tomorrow ;)

there was too much to sift through in the first post

Craig

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Coule really use some help (Samba PDC)

2005-03-21 Thread Tony Earnshaw


John Zakhar:

> First email was rejected due to size so the log files are inline in the
> msg now..
>
> I have NEVER had so much trouble with a
> samba PDC before. I need to turn in my unix admin license, this is
> pathetic...

Hey wait a minute, we all get fits like that now and again. Have to admit
that mine mostly come with Windows, I can always get Unix/Linux to work ;)

This could take some time, I live in Europe, it's near my bedtime, I'm
licked for today and I need sleep. What's more, I'm a modem person at home
and am only connected a couple of times a day.

Anyway: I have a 75+ PDC running "at work", with Samba 3.0.11 and OpenLDAP
2.2.23. on RHAS3, so ...

> Anyway, I am here. When trying to join a domain with the administrator
> account I get "no mapping between account name and security ID's was done"
>  And the joining fails...
>
>
> All the needed files are attached, from the ldap log. to the samba.conf
> to the ldifs of the machine, root and admin account. Trying with the root
> account nets me the same error

There's too much shit there. You're getting hung up in the details. And I
didn't see any LDAP log, even if I had, it probably would have been
useless. You need to do a 'tail -f' on it (-d 256) while things are
happening to get any sense from it.

Your local SIDs are all messed up for a start. You have:

S-1-5-21-1391849139-953726148-1374988380
and
S-1-5-21-3107161993-1039155829-3332455197

all mixed up together.

And the following SIDs can surely not be right:

Administrators (S-1-5-32-544) -> Administrators
Print Operators (S-1-5-32-550) -> Print Operators
Backup Operators (S-1-5-32-551) -> Backup Operators
Replicators (S-1-5-32-552) -> Replicators

Get all that sorted out before you go on.

Your smb.conf looks more or less o.k. (didn't dwell on it)

You're using the Idealx crap without understanding LDAP or what you're
doing. Use GQ 1.0beta1 for managing your Your mappings are all wrong. Look
at the alternative Appendix A method of using LDAP in Samba in the Samba
HOWTO. Here are my mappings up to now at my production site (sorry about
the wrapping, I decided to use SquirrelMail for this mail and it always
breaks at 76 chars):

Domain Admins (S-1-5-21-2520587299-2798274336-2978297563-512) -> domadmin
Domain Guests (S-1-5-21-2520587299-2798274336-2978297563-514) -> domguest
Domain Users (S-1-5-21-2520587299-2798274336-2978297563-513) -> domuser
Leden van Personeel (S-1-5-21-2520587299-2798274336-2978297563-8001) ->
personeel
Leden van Docenten (S-1-5-21-2520587299-2798274336-2978297563-1001) ->
docenten
Leden van Leerlingen (S-1-5-21-2520587299-2798274336-2978297563-2001) ->
leerlingen
Leden van Directie (S-1-5-21-2520587299-2798274336-2978297563-10001) ->
directie
Administratie (S-1-5-21-2520587299-2798274336-2978297563-15007) ->
administratie

Never mind that you don't know what the Dutch words mean. See that I map
from NT IDs to Unix IDs where the Unix IDs are Posix IDs? See that the
domain SIDs are all the same?

The secrets are in Appendix A of the Samba HOWTO and in getting things
working with GQ.

Get those right, and I'll see if I can come back tomorrow ;)

Best,

--Tonni

--
mail: [EMAIL PROTECTED]
http://www.billy.demon.nl

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[SAMBA] authentication problem with openldap-2.2.24

2005-03-21 Thread John Kakritz

My problem consists of Samba + Winbindd + Ldap + Kerberos not 
authenticating with Active Directory. For example, if I do 'smbclient -L 
localhost -U username%password(active directory account)' I get 
NT_STATUS_LOGIN_FAILURE.  Ive debugged for quite sometime trying to 
pinpoint some sort of configuration that needs to be changed or added. 
To my experience I think the problem resolves at ldap, but I cannot find 
anything. I can do a kerberos successfully(kinit), wbinfo 
succesfully(wbinfo -u), join the domain successfully(net ads join), a 
ldapsearch successfully(ldapsearch -h host.domain.com). The 
smb.conf,krb5.conf configs were pulled from other older but stable Linux 
servers and were modified for each server.

I see a lot of folks posting similar problems relating to openLADP but 
cannot seem to relate exactly what I'm experiencing.  I'm stumped.

The thing that is realy throwing me is that i seem to be able in some 
odd way to authenticate to my active directory accounts using the 
smbclient command, I just can't do it unless an account with the same 
name exists on my BSD box.

I ran the following test:
1) created a user named smbuser with the password "password"
2) placed the user in the mitsadmin group to give access to the share
3) tried an smbclient -L localhost -Usmbuser, the error returned was:
#
session setup failed: NT_STATUS_LOGON_FAILURE
#
4) i then created an account smbuser with the password "diffpass"
5) tried an smbclient -L localhost -Usmbuser again this with the AD 
passwd "pasword" and got:

#
Domain=[TECH] OS=[Unix] Server=[Samba 3.0.11]
   Sharename   Type  Comment
   -     ---
   IPC$IPC   IPC Service (FreeBSD Samba Server)
   ADMIN$  IPC   IPC Service (FreeBSD Samba Server)
Domain=[TECH] OS=[Unix] Server=[Samba 3.0.11]
   Server   Comment
   ----
   CDSRV4   FreeBSD Samba Server
   ADC3
   WorkgroupMaster
   ----
   TECH ADC3
#
5) tried an smbclient -L localhost -Usmbuser again this with the unix 
passwd "diffpass" and got:

session setup failed: NT_STATUS_LOGON_FAILURE
It seems there may be some intermediate step before the AD lookup that 
may be holding up authentication.

The error message in my log file is as follows
#
[2005/03/21 14:53:37, 3] auth/auth.c:check_ntlm_password(219)
 check_ntlm_password:  Checking password for unmapped user 
[EMAIL PROTECTED]
DSRV4] with the new password interface
[2005/03/21 14:53:37, 3] auth/auth.c:check_ntlm_password(222)
 check_ntlm_password:  mapped user is: [EMAIL PROTECTED]
[2005/03/21 14:53:37, 3] smbd/sec_ctx.c:push_sec_ctx(256)
 push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
[2005/03/21 14:53:37, 3] smbd/uid.c:push_conn_ctx(365)
 push_conn_ctx(0) : conn_ctx_stack_ndx = 0
[2005/03/21 14:53:37, 3] smbd/sec_ctx.c:set_sec_ctx(288)
 setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2005/03/21 14:53:37, 3] smbd/sec_ctx.c:pop_sec_ctx(386)
 pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
[2005/03/21 14:53:37, 3] auth/auth_util.c:make_server_info_info3(1156)
 User smbuser does not exist, trying to add it
[2005/03/21 14:53:37, 0] auth/auth_util.c:make_server_info_info3(1163)
 make_server_info_info3: pdb_init_sam failed!
[2005/03/21 14:53:37, 2] auth/auth.c:check_ntlm_password(312)
 check_ntlm_password:  Authentication for user [smbuser] -> [smbuser] 
FAILED
with error NT_STATUS_NO_SUCH_USER
[2005/03/21 14:53:37, 3] smbd/process.c:timeout_processing(1334)
 timeout_processing: End of file from client (client has disconnected).
[2005/03/21 14:53:37, 3] smbd/sec_ctx.c:set_sec_ctx(288)
 setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2005/03/21 14:53:37, 2] smbd/server.c:exit_server(609)
 Closing connections
[2005/03/21 14:53:37, 3] smbd/connection.c:yield_connection(69)
 Yielding connection to
[2005/03/21 14:53:37, 3] smbd/server.c:exit_server(652)
 Server exit (normal exit)
#

Versions of packages installed:
samba-3.0.11.tar.gz
openldap-2.2.24.tgz
freebsd-5.3-RELEASE-i386
heimdal-0.6.1(kerberos)
*also compilied samba with ldap,winbindd,krb5
Configuration Files:
smb.conf
#
[global]
   workgroup = TECH
   netbios name = SERVER3
   realm = host.domain.com
   security = ads
   encrypt passwords = yes
   password server = server.host.domain.com
   wins server = server.host.domain.com
   name resolve order = lmhosts host wins bcast
   log file = /var/log/samba/%m.log
   server string = FreeBSD Samba Server
   log level = 10
   allow trusted domains = No
   winbind use default domain = yes
   winbind trusted domains only = No
   winbind cache time = 10

[Samba] Problem Administering Permissions on Samba Server

2005-03-21 Thread Tom Naves

I have a Samba-3 server on a Linux Fedora server configured as a member
server on a Windows NT domain.

Winbind works great.  I can do a getent group or getent passwd and it will
list the users and groups of the domain.
I can also set permissions on the Samba shares on the Linux server using
chmod or chown etc.  I have the Official Samba-3 HOWTO and Referencd Guide.
The HOWTO Guide says you should be able to set permissions on Samba share
using NT Server Manager and File Manager on NT/2000/XP systems.  When I try
to do this I can see the permissions, I can add a user from my domain but
when I hit O.K. I get an Access Denied message.  The HOWTO Guide says that
"if the parameter nt acl support is set to false, any attempt to set
security permissions will fail with an "Access Denied" message.  Alas, I
don't know what this means.  I have no parameter like this in my smb.conf
nor can I find on in the smb.conf man page.

Any tips will be appreciated.

Tom Naves
System Administrator
Orthodyne Electronics

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Cant connect to samba server

2005-03-21 Thread Adam Williams

DO you have your new range of ip's put in smb.conf hosts allow = line 
and the ip of the linux server/24 on the interfaces = line? and bind 
interfaces only = true and remote announce = your.sub.net.255

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Multiple Samba Server

2005-03-21 Thread cbrodka

Hi,
I need to set up multiple samba server on one sparc / solaris 5.8 Box.
With an older samba version (2.0.8) on Reliant Unix this works fine.
The s/nmbd.pid files are stored in the "lock dir path" specified in 
smb.conf.
The newer Verisons of samba only use the --piddir path specified at 
build time.

Is there any other way using multiple servers without rebuilding ??
Thanks for help.
Chris

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] (CONFIMED-SOLVED) File copying under WIN9X (and Opening Databases)

2005-03-21 Thread Greg Folkert

On Mon, 2005-03-21 at 12:55 -0600, Gerald (Jerry) Carter wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
> 
> Jeremy Allison wrote:
> |
> | I've attached my proposed patch but more testing
> | would be welcome.
> 
> I've put a copy in http://samba.org/~jerry/patches/post-3.0.12/
> (named win98_explorer.patch) for anyone looking for it at a
> later date.

Confirmed this fixes all file copying problems associated with Win9X and
DB Opening problems also associated with Win9X.

It never did affect and effect for Win2K/XP/2K3 opening the same
file(s).

Thanks.
-- 
greg, [EMAIL PROTECTED]

The technology that is
Stronger, better, faster: Linux


signature.asc
Description: This is a digitally signed message part
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] File copying under WIN98

2005-03-21 Thread Greg Folkert

On Mon, 2005-03-21 at 14:01 +0100, Jens Wulf wrote:
> with the Samba3.0.12 release i encountered the following problem :
> when i try to copy a file from a samba share to the local disk then the 
> process hangs with the windows-message
> "Preparing to copy" (my translation from the german message).
> In a WIN98-DOS-Windows the copy command hangs too, but the file is created.
> The copying from my WIN-XP HOME works.
> My previous installed version 3.0.9 worked fine with the same configuration 
> (smb.conf)
> 
> does anyone have this problem too - and maybe a solution except reinstalling 
> old samba ?

Hahahaha... I have also been experiencing this too.

Break open a DOS Prompt, try to copy a file from the SAMBA server to the
local machine. it always asks if you wanna overwrite the file.

The file didna exist before the copy, but completely loops through a
transfer. If you hit ALL (Yes, No, All) your network falls overs.
Literally.

Nice one Jeremy!

Oh, BTW any DB you try to open never does either.
-- 
greg, [EMAIL PROTECTED]

The technology that is
Stronger, better, faster: Linux


signature.asc
Description: This is a digitally signed message part
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Double posts (anyone else receiving two copies of every email to this list?)

2005-03-21 Thread Nathan Vidican

For some reason, to which I've yet been able to figure out, I keep getting
two copies of all messages posted to this list... Have not re-subscribed nor
changed anything since Friday, and the same issue is not applicable with all
outside/incoming email from other sources today - just trying to figure out
if it's something on our end or yours; so is anyone else getting double
posts or is the problem solely on my end?


--
Nathan Vidican
[EMAIL PROTECTED]
Windsor Match Plate & Tool Ltd.
http://www.wmplt.com/


-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Upcoming 3.0.13 release -- please test now

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Nathan Vidican wrote:
| Have noted a bug, in bin/net, which reports unknown
| parameter for 'veto oplocks', I have sent details to the
| list, and pretty sure I even posted a report on
| bugzilla too... Anything on that yet?
There's no bugzilla account associated with your email address.
And the reason that you get that error message is that there
really is not 'veto oplocks' smb.conf option.  Maybe you mean
'veto oplock files'.

cheers, jerry
=
Alleviating the pain of Windows(tm)  --- http://www.samba.org
GnuPG Key- http://www.plainjoe.org/gpg_public.asc
"I never saved anything for the swim back." Ethan Hawk in Gattaca
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.2.5 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
iD8DBQFCPyqlIR7qMdg1EfYRArVdAJ42rMGhZ/64bJy5I4dh7ZBKkzfEcgCg1RWU
+AjIUMsdeK/cZyctgR2aBFA=
=6WLM
-END PGP SIGNATURE-
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

RE: [Samba] Upcoming 3.0.13 release -- please test now

2005-03-21 Thread Nathan Vidican

Have noted a bug, in bin/net, which reports unknown parameter for 'veto
oplocks', I have sent details to the list, and pretty sure I even posted a
report on bugzilla too... Anything on that yet?


--
Nathan Vidican
[EMAIL PROTECTED]
Windsor Match Plate & Tool Ltd.
http://www.wmplt.com/


-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of
Gerald (Jerry) Carter
Sent: Monday, March 21, 2005 2:53 PM
To: [EMAIL PROTECTED]; [EMAIL PROTECTED]
Subject: [Samba] Upcoming 3.0.13 release -- please test now


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Heads up everyone:

Due to the win98 explorer bug (https://bugzilla.samba.org/bug/2501),
we will be release 3.0.13 on Thursday morning, March 24 (GMT-6).

So if you have any outstanding bugs in the 3.0.12 that we should know about,
let us know now.  Please file any defect reports at
https://bugzilla.samba.org/.

Thanks.





cheers, jerry
=
Alleviating the pain of Windows(tm)  --- http://www.samba.org
GnuPG Key- http://www.plainjoe.org/gpg_public.asc
"I never saved anything for the swim back." Ethan Hawk in Gattaca
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.2.5 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFCPyYIIR7qMdg1EfYRAieAAKCaKra9mDk7Sv+x/3O8oA02ijihFwCg6pmP
stHO/uvuqESCbJK2/InzPjo=
=9PQs
-END PGP SIGNATURE-
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba


-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Upcoming 3.0.13 release -- please test now

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Heads up everyone:
Due to the win98 explorer bug (https://bugzilla.samba.org/bug/2501),
we will be release 3.0.13 on Thursday morning, March 24 (GMT-6).
So if you have any outstanding bugs in the 3.0.12 that we
should know about, let us know now.  Please file any defect
reports at https://bugzilla.samba.org/.
Thanks.


cheers, jerry
=
Alleviating the pain of Windows(tm)  --- http://www.samba.org
GnuPG Key- http://www.plainjoe.org/gpg_public.asc
"I never saved anything for the swim back." Ethan Hawk in Gattaca
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.2.5 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
iD8DBQFCPyYIIR7qMdg1EfYRAieAAKCaKra9mDk7Sv+x/3O8oA02ijihFwCg6pmP
stHO/uvuqESCbJK2/InzPjo=
=9PQs
-END PGP SIGNATURE-
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] users db problem

2005-03-21 Thread Carsten Sander

Hi,
John H Terpstra schrieb:
Marco,
Did you update the LDAP schema to the new one that ships with 3.0.12?
- John T.
Same problem here too after updating from 3.0.11 to 3.0.12. I'm using 
the LDAP schema that was shiped with 3.0.11.

On Monday 21 March 2005 00:31, Marco Marinelli tiscali wrote:
# smbpasswd Administrator
New SMB password:
Retype new SMB password:
account_policy_get: tdb_fetch_uint32 failed for field 4 (maximum
password age (seconds since 1970)), returning 0
account_policy_get: tdb_fetch_uint32 failed for field 5 (minimum
password age (seconds since 1970)), returning 0
same thing when i try to modify the account's policy:
# pdbedit -P 'maximum password age (seconds since 1970)' -C 0
account_policy_get: tdb_fetch_uint32 failed for field 4 (maximum
password age (seconds since 1970)), returning 0
valid account policy, but unable to fetch value!
The commandline options of pdbedit changed from
'{max,min}imum password age' to
'{max,min}imum password age (seconds since 1970)'
You can see this also in:
# tdbdump /var/lib/samba/account_policy.tdb | grep minimum
key = "minimum password age\00"
key = "minimum password age (seconds since 1970)\00"
'seconds since 1970' should also be 'seconds since last change'
Thanks
  Carsten
--
.
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

RE: [Samba] idmap LDAP backend

2005-03-21 Thread Theodore Jencks

Figure this out a little further:

I had the following in my smb.conf:
idmap uid = 1-2
idmap gid = 1-2
idmap backend = ldap:ldap://localhost
ldap admin dn = cn=manager,dc=navis,dc=net
ldap suffix = "ou=smb,dc=navis,dc=net"
ldap idmap suffix = "ou=idmap"

I took the quotes off and now Winbind seems to connect to LDAP fine:
ldap suffix = ou=smb,dc=navis,dc=net
ldap idmap suffix = ou=idmap


I'm now getting this when I start Winbind in the Winbind log:
[2005/03/21 11:16:25, 5] lib/gencache.c:gencache_init(59)
  Opening cache file at /var/lock/samba/gencache.tdb
[2005/03/21 11:16:25, 5] libsmb/namecache.c:namecache_enable(58)
  namecache_enable: enabling netbios namecache, timeout 660 seconds
[2005/03/21 11:16:25, 5] sam/idmap.c:smb_register_idmap(91)
  smb_register_idmap: Successfully added idmap backend 'ldap'
[2005/03/21 11:16:25, 5] sam/idmap.c:smb_register_idmap(91)
  smb_register_idmap: Successfully added idmap backend 'tdb'
[2005/03/21 11:16:25, 3] sam/idmap.c:idmap_init(132)
  idmap_init: using 'ldap' as remote backend
[2005/03/21 11:16:25, 5] lib/smbldap.c:smbldap_search(1038)
  smbldap_search: base => [ou=idmap,ou=smb,dc=navis,dc=net], filter =>
[(objectclass=sambaUnixIdPool)], scope => [2]
[2005/03/21 11:16:25, 5] lib/smbldap.c:smbldap_close(949)
  The connection to the LDAP server was closed
[2005/03/21 11:16:25, 2] lib/smbldap.c:smbldap_open_connection(692)
  smbldap_open_connection: connection opened
[2005/03/21 11:16:26, 3] lib/smbldap.c:smbldap_connect_system(866)
  ldap_connect_system: succesful connection to the LDAP server
  ldap_connect_system: LDAP server does support paged results
[2005/03/21 11:16:26, 4] lib/smbldap.c:smbldap_open(929)
  The LDAP server is succesfully connected
[2005/03/21 11:16:26, 2] lib/tallocmsg.c:register_msg_pool_usage(57)
  Registered MSG_REQ_POOL_USAGE
[2005/03/21 11:16:26, 2] lib/dmallocmsg.c:register_dmalloc_msgs(71)
  Registered MSG_REQ_DMALLOC_MARK and LOG_CHANGED
[2005/03/21 11:16:26, 2]
nsswitch/winbindd_util.c:add_trusted_domain(175)
  Added domain HQ HQ.NAVIS.NET S-0-0
[2005/03/21 11:16:26, 4]
passdb/secrets.c:secrets_fetch_trust_account_password(290)
  Using cleartext machine password


However I still think there is a problem because getent passwd only
returns local usernames.  When I'm not using the ldap idmap backend
getent passwd runs as expected giving both local and domain usernames.

Any help appreciated,
Theo


-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of
Theodore Jencks
Sent: Monday, March 21, 2005 9:52 AM
To: samba@lists.samba.org
Subject: RE: [Samba] idmap LDAP backend

Ok, I made the change however the LDAP backend for idmap is still not
working.  I set Winbind to debugging level 5 and get the following in
the logs:

[2005/03/21 09:45:05, 2] lib/interface.c:add_interface(81)
  added interface ip=192.168.192.112 bcast=192.168.195.255
nmask=255.255.252.0
[2005/03/21 09:45:05, 5] lib/util.c:init_names(256)
  Netbios name list:-
  my_netbios_names[0]="THEO"
[2005/03/21 09:45:05, 2] lib/interface.c:add_interface(81)
  added interface ip=192.168.192.112 bcast=192.168.195.255
nmask=255.255.252.0
[2005/03/21 09:45:05, 5] lib/gencache.c:gencache_init(59)
  Opening cache file at /var/lock/samba/gencache.tdb
[2005/03/21 09:45:05, 5] libsmb/namecache.c:namecache_enable(58)
  namecache_enable: enabling netbios namecache, timeout 660 seconds
[2005/03/21 09:45:05, 5] sam/idmap.c:smb_register_idmap(91)
  smb_register_idmap: Successfully added idmap backend 'ldap'
[2005/03/21 09:45:05, 5] sam/idmap.c:smb_register_idmap(91)
  smb_register_idmap: Successfully added idmap backend 'tdb'
[2005/03/21 09:45:05, 3] sam/idmap.c:idmap_init(132)
  idmap_init: using 'ldap' as remote backend
[2005/03/21 09:45:05, 5] lib/smbldap.c:smbldap_search(1038)
  smbldap_search: base => ["ou=idmap","ou=smb,dc=navis,dc=net"], filter
=> [(objectclass=sambaUnixIdPool)], scope => [2]
[2005/03/21 09:45:05, 5] lib/smbldap.c:smbldap_close(949)
  The connection to the LDAP server was closed
[2005/03/21 09:45:05, 2] lib/smbldap.c:smbldap_open_connection(692)
  smbldap_open_connection: connection opened
[2005/03/21 09:45:05, 3] lib/smbldap.c:smbldap_connect_system(866)
  ldap_connect_system: succesful connection to the LDAP server
  ldap_connect_system: LDAP server does support paged results
[2005/03/21 09:45:05, 4] lib/smbldap.c:smbldap_open(929)
  The LDAP server is succesfully connected
[2005/03/21 09:45:05, 0] sam/idmap.c:idmap_init(138)
  idmap_init: failed to initialize remote backend!


Looks like it tries to get what are called paged results and then it
fails to initialize remote backend.  I'm not quite sure what is going on
here and any further guidance would be greatly appreciated.

Thanks in advance,
Theo

-Original Message-
From: Gerald (Jerry) Carter [mailto:[EMAIL PROTECTED] 
Sent: Friday, March 18, 2005 7:18 AM
To: Theodore Jencks
Cc: samba@lists.samba.org
Subject: Re: [Samba] idmap LDAP backend

-BEGIN PG

[Samba] Samba-3 By Example correction...

2005-03-21 Thread Mccrory, Kevin B

Chapter 7, Section 7.3 Step 3 needs a correction:

The step has users create an admin-accts.ldif file.

As currently written the userpaddword: not24get should be userPassword
with the P capitalized. Failure to have this causes a replication error:
access denied since the password for updateuser is never loaded. 

Kevin B. McCrory
Network Engineer - COPS
US Government Solutions
13600 EDS Drive
Mail stop:  A4S-B21
Herndon, VA 20171
* phone: +01-703-733-3255
* mailto:[EMAIL PROTECTED]
* AKO mailto:[EMAIL PROTECTED]


-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Somebody had problem with long user names

2005-03-21 Thread Tony Earnshaw


Tony Earnshaw:

> Schlomo Schapiro:
>
>
>> read the recent thread on vampire, there we discussed the question, if
>> usernames with spaces work on Linux. For example useradd "hello world"
>> won't work on any Linux system around me here (various SuSE). So maybe
>> you just have bad luck (sorry to tell you, but having usernames with
>> spaces can be only a MS invention) ? Or maybe you can use the username
>> map feature to map Jon Doe to Jon_Doe in Samba ? Or maybe write a patch
>> to do that on a lower level ?

> Names with spaces can be made to work work with LDAP (i.e. CN=John Doe,
> UID=jdoe (and is for that matter already more or less implemented with the
>  smbldap-tools for groups) but it's *a bad idea* and will break many
> tender things, complicate others unnecessarily.
>
> Posix-based systems were never meant for this.

FWIW I tested this out on:

Red Hat RHAS3
Samba 3-0.11
Openldap 2.2.23
Windows XP5 w/o patches Professional workstation.

Samba LDAP CNs and corresponding UIDs with spaces work. On my
installation, Windows (i.e. Samba) home directories and profile
directories get made automatically, correctly, at the first user logon.

Bugger it, I didn't want it to work, but it does.

What's more, the user can log into a normal Unix/Linux console using his
double-barreled name, perfectly normally (if only his $HOME env is set
correctly in LDAP). Whether or not this Unix login works with anyone's own
particular LDAP setup or not, depends greatly on the value for the
pam_login_attribute in /etc/ldap.conf (PADL's *not* OpenLDAP's
configuration file). Mine's set to "CN", but yours might be set to "UID"
(the default).

What this means in practice is, (the good news) that OP doesn't have to go
over to Windows on his workstation, but (the bad news) that he he *does*
have to implement an up-to-date Samba/OpenLDAP solution. If he hasn't used
OpenLDAP earlier, this might take him a while (like weeks, took me many
months, couple of years).

Anyone who wants further info would do best to start a separate thread,
since this one is old.

--Tonni

--
mail: [EMAIL PROTECTED]
http://www.billy.demon.nl


-- 
mail: [EMAIL PROTECTED]
http://www.billy.demon.nl

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] users db problem

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Paul Gienger wrote:
|
|> Did you update the LDAP schema to the new one
|> that ships with 3.0.12?
|>
|>
| Was this mentioned in the release notes?  I think I missed
| it if it was...
There were no changes to the OpenLDAP schema file in 3.0.12.
The SunOne and NDS schema files got some corrections to bring
them up to date.  But no new attributes or abject classes.

cheers, jerry
=
Alleviating the pain of Windows(tm)  --- http://www.samba.org
GnuPG Key- http://www.plainjoe.org/gpg_public.asc
"I never saved anything for the swim back." Ethan Hawk in Gattaca
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.2.5 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
iD8DBQFCPxk7IR7qMdg1EfYRAqsaAKDYjfzAeW9GFov/b+pplG8jc5SZVACdFWdh
XA3Xr7JqkeHRMxA6u2X8L80=
=OA9A
-END PGP SIGNATURE-
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] File copying under WIN98

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Jeremy Allison wrote:
|
| I've attached my proposed patch but more testing
| would be welcome.
I've put a copy in http://samba.org/~jerry/patches/post-3.0.12/
(named win98_explorer.patch) for anyone looking for it at a
later date.


cheers, jerry
=
Alleviating the pain of Windows(tm)  --- http://www.samba.org
GnuPG Key- http://www.plainjoe.org/gpg_public.asc
"I never saved anything for the swim back." Ethan Hawk in Gattaca
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.2.5 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
iD8DBQFCPxiYIR7qMdg1EfYRAkmlAKC7U5V28IieQGoSUPWNge83UrQz/wCg6KK9
d8osE7fYmFX4opV1vBs0OIc=
=vr8B
-END PGP SIGNATURE-
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Cant connect to samba server

2005-03-21 Thread indgirl 6

Hi All,
 
I just found out that i was not even my backup server could conect to the samba 
server. The IP of the backup server had changed too. So basically i can login 
to the samba server from the machines with new IP using ssh etc, and can even 
ping. but for some reasons some services are not working. I know for sure this 
is not a firewall issue coz i can see all the traffice passing sucessfully, 
also all ports on firewall are open (for testing purprose)
 
One thing i notices was that the hosts.allow file did not have the new IP range 
into it. I have added the new IP range and restarted network services but that 
did not help either.
 
The hosts.allow file is now as below:
portmap: 10.0.0.0/255.255.0.0 , 169.143.0.0/255.255.0.0 , 12.20.194.8 , 
12.20.194.7 , 12.20.194.22
lockd: 10.0.0.0/255.255.0.0 , 169.143.0.0/255.255.0.0 , 12.20.194.8 , 
12.20.194.7 , 12.20.194.22
rquotad: 10.0.0.0/255.255.0.0 , 169.143.0.0/255.255.0.0 , 12.20.194.8 , 
12.20.194.7 , 12.20.194.22
mountd: 10.0.0.0/255.255.0.0 , 169.143.0.0/255.255.0.0 , 12.20.194.8 , 
12.20.194.7 , 12.20.194.22
statd: 10.0.0.0/255.255.0.0 , 169.143.0.0/255.255.0.0 , 12.20.194.8 , 
12.20.194.7 , 12.20.194.22
nfsd: 10.0.0.0/255.255.0.0 , 169.143.0.0/255.255.0.0 , 12.20.194.8 , 
12.20.194.7 , 12.20.194.22
 
Please advice if i should add anything more to it.
 
Is there any other file in linux that restricts connections based on iprange or 
something. I am new to linux. Please help.
 


Adam Williams <[EMAIL PROTECTED]> wrote:
is samba bound to both interfaces? have you tried pinging both and 
teltenneting to the ports on both? if you still can't connect after 
that, sounds like smbd isn't running ont he samba server.


indgirl 6 wrote:

> hi,
> 
> i am not able to telnet to any of these ports from the windows 
> machine. i get the error, Connecting To 12.20.194.28...Could not open 
> connection to the host, on port 137:
> Connect failed
> 
> my linux machine has 2 9nterface, the IP address og one interface is 
> 12.20.194.27 and the other one is 12.20.194.28.
> 
>
>
> */Adam Williams /* wrote:
>
> did you restart samba after making the changes to smb.conf? Also, try
> telnetting to the samba tcp/ip ports. so telnet samba_server_ip 135
> (and 137, 139, 445) see if you can connect to any or go to
> www.insecure.org/nmap and run the nmap scanner against the TCP
> ports of
> the samba server ip and see what it reports to you (do all of this
> from
> one of the windows pc's unable to connect to the samba server)
>
>
> indgirl 6 wrote:
>
> >Hi,
> >
> >I can ping to the server form windows machine, and vice versa. I
> can even telnet to server form windows machine. PLease tell me
> what other check i should do.
> >
> >
> >
> >Ted Kaczmarek wrote:
> >On Fri, 2005-03-18 at 14:26 -0800, indgirl 6 wrote:
> >
> >
> >>Hi All,
> >>This is very urgent, please help me.
> >>
> >>I have! a redhat machine (2.4.9-e.24) which is acting as a samba
> server (samba - 2.2.7)
> >>Everything was going smoothly until we changes the ip address of
> our windows machines.
> >>Now if i try to connect to the server it gives me the error:
> >>"windows cannot find '\\titan". Check the spelling and try again."
> >>I have tried connecting by using the IP address too but i get
> the same error.
> >>
> >>I have added the new ip range in to the smb.conf file. I even
> tried (for testing purpose) adding the IP address of my windows
> machine and see if i can connect but i still cant connect. Please
> advice what i am doing wrong here.
> >>
> >>I went through the DIAGNOSTICS.txt and failed at
> >>test 8 with the error: System error 53 has occurred. The network
> path was not found.
> >>test 9 with the error: System error 59 has occurred. An
> unexpected network error occurred.
> >>
> >>test 10 with the error: querying de! lta on 12.20.194.255
> >>querying delta on 12.20.194.255
> >>name_query failed to find name delta#1d
> >>
> >>Test 11: cant browse
> >>
> >>I know this is sone kind of network issue, but i fail to see
> where...
> >>
> >>
> >>
> >>
> >Can the windows machine even ping the samba server?
> >
> >Ping, traceroute (tracert) tcpdump and or ethereal, as well as
> the samba
> >logs files might tell you more.
> >
> >
> >Look at things in smaller pieces, make sure the little pieces are
> doing
> >their work before you look at the assembly of pieces.
> >
> >Ted
> >
> >
> >
> >-
> >Do you Yahoo!?
> > Yahoo! Small Business - Try our new resources site!
> >
> >
>
>
> 
> Do you Yahoo!?
> Take Yahoo! Mail with you! 
> 
> Get it on your mobile phone. 





-
Do you Yahoo!?
 Yahoo! Small Business - Try our new resources site! 
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] SMB share/MS networking + Novell = major lag

2005-03-21 Thread Dan Kirkpatrick

I am hoping someone else has found a solution for this:
"A Delay Occurs When You Open a Mapped Network Drive on a Novell
NetWare or UNIX NFS Server"
This delay is usually 25sec for any mapped drive or network printer
when accessed the first time since timeout.  Painful for users who need
novell and samba shares.  (Windows XP sp2, exists on Novell clients 4.9 
sp1a, sp1b, sp2, & latest 4.91)

I have tried all of the registry "fixes" to no avail.
http://support.microsoft.com/?kbid=814952
http://support.microsoft.com/default.aspx?scid=kb;en-us;171386
Has anyone found a resolution?
Regards,
Dan
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] users db problem

2005-03-21 Thread Paul Gienger


Did you update the LDAP schema to the new one that ships with 3.0.12?
 

Was this mentioned in the release notes?  I think I missed it if it was...
--
Paul GiengerOffice: 701-281-1884
Applied Engineering Inc.
Systems Architect   Fax:701-281-1322
URL: www.ae-solutions.com   mailto: [EMAIL PROTECTED]

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Coule really use some help (Samba PDC)

2005-03-21 Thread John Zakhar

First email was rejected due to size so the log files are inline in the msg 
now..
I have NEVER had so much trouble with a 
samba PDC before. I need to turn in my unix admin license, this is 
pathetic...

Anyway, I am here. When trying to join a domain with the administrator 
account I get "no mapping between account name and security ID's was done"
And the joining fails...

All the needed files are attached, from the ldap log. to the samba.conf 
to the ldifs of the machine, root and admin account.
Trying with the root account nets me the same error

in smbusers I noticed an entry i never made
root = administrator
software versions:
[EMAIL PROTECTED] openldap-data]# rpm -qa |grep samba
samba-3.0.11-1
samba-swat-3.0.11-1
samba-client-3.0.11-1
samba-common-3.0.11-1
I am assumine the rpm or something else made that mapping. I dunno...
I have really about had it here, it's been well over a week, we are 
working on close to two. I need to get this resolved or move on to a 
Windows PDC. I have a deadline to meet with a domain controller (that is 
no one problem here, i realize this)

If more information is needed please ask. I will be happy to provide 
anything but passwords..
If anyone has any insite, advice, or whatever I would very much 
appreciate it

net groupmap list
Engineering (S-1-5-21-1391849139-953726148-1374988380-9005) -> Engineering
Staff (S-1-5-21-1391849139-953726148-1374988380-9003) -> Staff
Sales (S-1-5-21-1391849139-953726148-1374988380-9007) -> Sales
Administration (S-1-5-21-1391849139-953726148-1374988380-9009) -> Administration
Domain Admins (S-1-5-21-3107161993-1039155829-3332455197-512) -> Domain Admins
Domain Users (S-1-5-21-3107161993-1039155829-3332455197-513) -> Domain Users
Domain Guests (S-1-5-21-3107161993-1039155829-3332455197-514) -> Domain Guests
Domain Computers (S-1-5-21-3107161993-1039155829-3332455197-515) -> Domain 
Computers
Administrators (S-1-5-32-544) -> Administrators
Print Operators (S-1-5-32-550) -> Print Operators
Backup Operators (S-1-5-32-551) -> Backup Operators
Replicators (S-1-5-32-552) -> Replicators
smb.conf
[global]
  workgroup = VENTUS_OFFICE
  netbios name = vnpdc01 
  server string = Ventus File Server
  hosts allow = 172.28.0. 192.168.1 127.
  printcap name = /etc/printcap
  load printers = yes
  log file = /var/log/samba/%m.log
  max log size = 50
  ldap passwd sync = Yes
passdb backend = ldapsam:ldap://192.168.1.242/
ldap suffix = o=ventusnetworks.com,dc=na
ldap filter = (&(uid=%u)(objectclass=sambaSamAccount))
ldap machine suffix = ou=Computers
ldap user suffix = ou=Staff
ldap group suffix = ou=Groups
ldap admin dn = "cn=Manager,dc=na"
ldap delete dn = no
#ldap ssl = ssl
  security = user
  socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
  log level = 10 
  local master = yes
  os level = 255
  domain master = yes
  preferred master = yes
  domain logons = yes
#   logon script = netlogon.bat
  logon path = \\%L\Profiles\%U
#   logon drive = U:

  name resolve order = wins lmhosts bcast
  wins support = yes
  dns proxy = no 

   #delete user script = /usr/local/sbin/smbldap-userdel "%u"
   add machine script = /opt/IDEALX/sbin/smbldap-useradd -w "%u" -H W
   add group script = /opt/IDEALX/sbin/smbldap-groupadd -p "%g"
   #delete group script = /usr/local/sbin/smbldap-groupdel "%g"
   add user to group script = /opt/IDEALX/sbin/smbldap-groupmod -m "%u" "%g"
   delete user from group script = /opt/IDEALX/sbin/smbldap-groupmod -x "%u" "%g"
   set primary group script = /opt/IDEALX/sbin/smbldap-usermod -g "%g" "%u"
admin ldif
dn: uid=administrator, ou=Staff, o=ventusnetworks.com, dc=na
sambaLMPassword: 
sambaPrimaryGroupSID: S-1-5-21-3107161993-1039155829-3332455197-512
objectClass: inetOrgPerson
objectClass: sambaSamAccount
objectClass: posixAccount
objectClass: shadowAccount
userPassword:: 
sambaLogonTime: 0
sambaHomeDrive: H:
uid: administrator
uidNumber: 0
cn: administrator
sambaLogoffTime: 2147483647
sambaPwdLastSet: 419696
loginShell: /bin/bash
sambaAcctFlags: [U  ]
sambaProfilePath: \\vnpdc01\profiles\administrator\
gidNumber: 512
sambaPwdMustChange: 2147483647
sambaNTPassword: 
sambaPwdCanChange: 419696
gecos: Netbios Domain Administrator
sambaSID: S-1-5-21-3107161993-1039155829-3332455197-2996
homeDirectory: /home/administrator
sambaKickoffTime: 2147483647
sn: administrator
sambaHomePath: \\vnpdc01\home\administrator
sambaPasswordHistory: 000
0

computer ldif
dn: uid=ibm-zus90725eca$, ou=Computers, o=ventusnetworks.com, dc=na
sambaPwdLastSet: 418025
sn: ibm-zus90725eca$
sambaAcctFlags: [W  ]
userPassword:: e1NNRDV9cHVjZlRnck5MWVFmaENjcjFJQUp6RHdZbHBBPQ==
uidNumber: 1023
gidNumber: 515
sambaPwdMustChange: 2147483647
uid: ibm-zus90725eca$
objectClass: inetOrgPerson
objectClass: organizationalPerson
objectClass: posixAccount
objectClass: sambaSamAccount
objectClass: person
objectClass: top
sambaSID: S-1-5-21-31071

Re: [Samba] File copying under WIN98

2005-03-21 Thread Jeremy Allison

On Mon, Mar 21, 2005 at 02:01:17PM +0100, Jens Wulf wrote:
> with the Samba3.0.12 release i encountered the following problem :
> when i try to copy a file from a samba share to the local disk then the 
> process hangs with the windows-message
> "Preparing to copy" (my translation from the german message).
> In a WIN98-DOS-Windows the copy command hangs too, but the file is created.
> The copying from my WIN-XP HOME works.
> My previous installed version 3.0.9 worked fine with the same configuration 
> (smb.conf)
> 
> does anyone have this problem too - and maybe a solution except 
> reinstalling old samba ?

Ok, I screwed up bigtime :-(. This one is my fault. I've attached my
proposed patch but more testing would be welcome.

We'll probably have to do a brown-paper-bag 3.0.13 over this one :-(.

Sorry.

Jeremy.
Index: smbd/dir.c
===
--- smbd/dir.c  (revision 5921)
+++ smbd/dir.c  (working copy)
@@ -595,6 +595,13 @@
 BOOL dptr_SearchDir(struct dptr_struct *dptr, const char *name, long *poffset, 
SMB_STRUCT_STAT *pst)
 {
ZERO_STRUCTP(pst);
+
+   if (!dptr->has_wild && (dptr->dir_hnd->offset == -1)) {
+   /* This is a singleton directory and we're already at the end. 
*/
+   *poffset = -1;
+   return False;
+   }
+
while (SearchDir(dptr->dir_hnd, name, poffset) == True) {
if (is_visible_file(dptr->conn, dptr->path, name, pst, True)) {
return True;
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] PDC Migration - Mapping user []\[] from...

2005-03-21 Thread Mike Boyd

P.S.  I did change the SID of the new server to be the same as the old 
server as well.

Cheers,
Mike.
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

RE: [Samba] idmap LDAP backend

2005-03-21 Thread Theodore Jencks

Ok, I made the change however the LDAP backend for idmap is still not
working.  I set Winbind to debugging level 5 and get the following in
the logs:

[2005/03/21 09:45:05, 2] lib/interface.c:add_interface(81)
  added interface ip=192.168.192.112 bcast=192.168.195.255
nmask=255.255.252.0
[2005/03/21 09:45:05, 5] lib/util.c:init_names(256)
  Netbios name list:-
  my_netbios_names[0]="THEO"
[2005/03/21 09:45:05, 2] lib/interface.c:add_interface(81)
  added interface ip=192.168.192.112 bcast=192.168.195.255
nmask=255.255.252.0
[2005/03/21 09:45:05, 5] lib/gencache.c:gencache_init(59)
  Opening cache file at /var/lock/samba/gencache.tdb
[2005/03/21 09:45:05, 5] libsmb/namecache.c:namecache_enable(58)
  namecache_enable: enabling netbios namecache, timeout 660 seconds
[2005/03/21 09:45:05, 5] sam/idmap.c:smb_register_idmap(91)
  smb_register_idmap: Successfully added idmap backend 'ldap'
[2005/03/21 09:45:05, 5] sam/idmap.c:smb_register_idmap(91)
  smb_register_idmap: Successfully added idmap backend 'tdb'
[2005/03/21 09:45:05, 3] sam/idmap.c:idmap_init(132)
  idmap_init: using 'ldap' as remote backend
[2005/03/21 09:45:05, 5] lib/smbldap.c:smbldap_search(1038)
  smbldap_search: base => ["ou=idmap","ou=smb,dc=navis,dc=net"], filter
=> [(objectclass=sambaUnixIdPool)], scope => [2]
[2005/03/21 09:45:05, 5] lib/smbldap.c:smbldap_close(949)
  The connection to the LDAP server was closed
[2005/03/21 09:45:05, 2] lib/smbldap.c:smbldap_open_connection(692)
  smbldap_open_connection: connection opened
[2005/03/21 09:45:05, 3] lib/smbldap.c:smbldap_connect_system(866)
  ldap_connect_system: succesful connection to the LDAP server
  ldap_connect_system: LDAP server does support paged results
[2005/03/21 09:45:05, 4] lib/smbldap.c:smbldap_open(929)
  The LDAP server is succesfully connected
[2005/03/21 09:45:05, 0] sam/idmap.c:idmap_init(138)
  idmap_init: failed to initialize remote backend!


Looks like it tries to get what are called paged results and then it
fails to initialize remote backend.  I'm not quite sure what is going on
here and any further guidance would be greatly appreciated.

Thanks in advance,
Theo

-Original Message-
From: Gerald (Jerry) Carter [mailto:[EMAIL PROTECTED] 
Sent: Friday, March 18, 2005 7:18 AM
To: Theodore Jencks
Cc: samba@lists.samba.org
Subject: Re: [Samba] idmap LDAP backend

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Theodore Jencks wrote:

| ldap idmap suffix = "ou=idmap,ou=smb,dc=navis,dc=net"
| ldap suffix = "ou=smb,dc=navis,dc=net"


change this to

ldap suffix = "ou=smb,dc=navis,dc=net"
ldap idmap suffix = "ou=idmap"



cheers, jerry
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.2.5 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFCOvELIR7qMdg1EfYRAqkxAJ4wivlVYXp6DmKIaXbl786I7CQOLwCfXL6w
XIO2bFqLhparOqZGF0BdgWo=
=MKbV
-END PGP SIGNATURE-

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] I need to rename libnss_winbind.so ...

2005-03-21 Thread Emmanuel Willems

Hi!
For a dual samba configuration on a Linux system, I need to rename the 
/lib/libnss_winbind.so .
Simply changing the file name and adapting /etc/nsswitch.conf is aparently not 
enough.
what am I missing? I couldn't find it in the source code ...
thanks for your time
Emmanuel 
--

Emmanuel Willems 

+--+---+--+ 
| Ingénieur-système| Systeem ingenieur | System engineer  | 
+--+---+--+ 
| Sénat de Belgique| Belgische Senaat  | Belgian Senate   | 
| Place de la Nation 1 | Natieplein 1  | Place de la Nation 1 | 
| 1009 Bruxelles   | 1009 Brussel  | 1009 Brussels|
|  |   | Belgium  | 
+--+---+--+ 
| e-mail: [EMAIL PROTECTED]|   
| URL: http://www.senate.be   | 
| tel: +32 (2) 501.72.39  |
| fax: +32 (2) 514.06.85  | 
+-+


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] SAMBA3 + LDAP = PDC => ROUND 4 ;o)

smbpasswd -w is set, I've try to write a wrong password for see the 
error, the error is not the same (Invalid credential)
I've add root user for seeing if it's working .. but it's the same error 
than with Administrator.

When joining with Administrator (Access Deny) :
###
[2005/03/21 18:14:23, 2] lib/smbldap.c:smbldap_open_connection(692)
 smbldap_open_connection: connection opened
[2005/03/21 18:14:23, 2] passdb/pdb_ldap.c:init_sam_from_ldap(518)
 init_sam_from_ldap: Entry found for user: Administrator
[2005/03/21 18:14:23, 2] passdb/pdb_ldap.c:init_group_from_ldap(2057)
 init_group_from_ldap: Entry found for group: 512
[2005/03/21 18:14:23, 2] auth/auth.c:check_ntlm_password(305)
 check_ntlm_password:  authentication for user [administrator] -> 
[administrator] -> [Administrator] succeeded
[2005/03/21 18:14:24, 2] rpc_server/srv_samr_nt.c:_samr_lookup_domain(2482)
 Returning domain sid for domain ARZUR-NT -> 
S-1-5-21-1874299889-3982645529-2160850509
[2005/03/21 18:14:24, 2] 
rpc_server/srv_samr_nt.c:access_check_samr_object(93)
 _samr_open_domain: ACCESS DENIED  (requested: 0x0211)
[2005/03/21 18:14:24, 2] rpc_server/srv_samr_nt.c:_samr_lookup_domain(2482)
 Returning domain sid for domain ARZUR-NT -> 
S-1-5-21-1874299889-3982645529-2160850509
[2005/03/21 18:14:24, 2] 
rpc_server/srv_samr_nt.c:access_check_samr_function(115)
 _samr_create_user: ACCESS DENIED (granted: 0x0201;  required: 
0x0010)
[2005/03/21 18:14:24, 2] smbd/server.c:exit_server(575)
 Closing connections


Bruno Guerreiro a écrit :
Hi,
Did you execute smbpasswd -w  ?
Another thing you're trying to add your Computer with the user root?
This user, by default, doesn't belong to the Domain Admins groups. At least
not with the scripts provided by smbldap-tools.
If so, try adding the machine using the Administrator account.
Best Regards,
Bruno Guerreiro
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]
Sent: segunda-feira, 21 de Março de 2005 16:46
To: samba@lists.samba.org
Subject: [Samba] SAMBA3 + LDAP = PDC => ROUND 4 ;o)
Okay
I try this thing :
mastok:/etc/samba # smbldap-useradd root
mastok:/etc/samba # smbldap-usermod -u 0 -g 0 root
mastok:/etc/samba # smbldap-usermod -a root
mastok:/etc/samba # smbldap-passwd root
#
Administrator:x:998:512:Netbios Domain 
Administrator:/home/data1/samba/Administrator:/sbin/nologin
nobody:x:999:514:nobody:/dev/null:/sbin/nologin
root:x:0:0:System User:/home/data1/samba/root:/sbin/nologin
#
Connecting to the domain with account root.
Computer Accout created : 
poil-barebone$:x:1005:515:Computer:/dev/null:/sbin/nologin
But Access Deny on my Windows computer :(

check_ntlm_password:  authentication for user [root] -> [root] -> 
[root] succeeded
[2005/03/21 17:38:14, 2] rpc_server/srv_samr_nt.c:_samr_lookup_domain(2482)
 Returning domain sid for domain ARZUR-NT -> 
S-1-5-21-1874299889-3982645529-2160850509
[2005/03/21 17:38:14, 2] passdb/pdb_ldap.c:init_group_from_ldap(2057)
 init_group_from_ldap: Entry found for group: 515
[2005/03/21 17:38:14, 2] passdb/pdb_ldap.c:init_ldap_from_sam(929)
 init_ldap_from_sam: Setting entry for user: poil-barebone$
[2005/03/21 17:38:14, 1] passdb/pdb_ldap.c:ldapsam_modify_entry(1552)
 ldapsam_modify_entry: Failed to modify user dn= 
uid=poil-barebone$,ou=Computers,dc=arzur,dc=local with: Insufficient access

[2005/03/21 17:38:14, 0] passdb/pdb_ldap.c:ldapsam_add_sam_account(1994)
 ldapsam_add_sam_account: failed to modify/add user with uid = 
poil-barebone$ (dn = uid=poil-barebone$,ou=Computers,dc=arzur,dc=local)
[2005/03/21 17:38:14, 0] rpc_server/srv_samr_nt.c:_samr_create_user(2272)
 could not add user/computer poil-barebone$ to passdb.  Check permissions?
[2005/03/21 17:38:15, 2] smbd/server.c:exit_server(575)

 

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

RE: [Samba] SAMBA3 + LDAP = PDC => ROUND 4 ;o)

2005-03-21 Thread Bruno Guerreiro

Hi,
Did you execute smbpasswd -w  ?
Another thing you're trying to add your Computer with the user root?
This user, by default, doesn't belong to the Domain Admins groups. At least
not with the scripts provided by smbldap-tools.
If so, try adding the machine using the Administrator account.

Best Regards,
Bruno Guerreiro

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]
Sent: segunda-feira, 21 de Março de 2005 16:46
To: samba@lists.samba.org
Subject: [Samba] SAMBA3 + LDAP = PDC => ROUND 4 ;o)


Okay

I try this thing :
mastok:/etc/samba # smbldap-useradd root
mastok:/etc/samba # smbldap-usermod -u 0 -g 0 root
mastok:/etc/samba # smbldap-usermod -a root
mastok:/etc/samba # smbldap-passwd root
#
Administrator:x:998:512:Netbios Domain 
Administrator:/home/data1/samba/Administrator:/sbin/nologin
nobody:x:999:514:nobody:/dev/null:/sbin/nologin
root:x:0:0:System User:/home/data1/samba/root:/sbin/nologin
#
Connecting to the domain with account root.
Computer Accout created : 
poil-barebone$:x:1005:515:Computer:/dev/null:/sbin/nologin
But Access Deny on my Windows computer :(

 check_ntlm_password:  authentication for user [root] -> [root] -> 
[root] succeeded
[2005/03/21 17:38:14, 2] rpc_server/srv_samr_nt.c:_samr_lookup_domain(2482)
  Returning domain sid for domain ARZUR-NT -> 
S-1-5-21-1874299889-3982645529-2160850509
[2005/03/21 17:38:14, 2] passdb/pdb_ldap.c:init_group_from_ldap(2057)
  init_group_from_ldap: Entry found for group: 515
[2005/03/21 17:38:14, 2] passdb/pdb_ldap.c:init_ldap_from_sam(929)
  init_ldap_from_sam: Setting entry for user: poil-barebone$
[2005/03/21 17:38:14, 1] passdb/pdb_ldap.c:ldapsam_modify_entry(1552)
  ldapsam_modify_entry: Failed to modify user dn= 
uid=poil-barebone$,ou=Computers,dc=arzur,dc=local with: Insufficient access
 
[2005/03/21 17:38:14, 0] passdb/pdb_ldap.c:ldapsam_add_sam_account(1994)
  ldapsam_add_sam_account: failed to modify/add user with uid = 
poil-barebone$ (dn = uid=poil-barebone$,ou=Computers,dc=arzur,dc=local)
[2005/03/21 17:38:14, 0] rpc_server/srv_samr_nt.c:_samr_create_user(2272)
  could not add user/computer poil-barebone$ to passdb.  Check permissions?
[2005/03/21 17:38:15, 2] smbd/server.c:exit_server(575)

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] SAMBA3 + LDAP = PDC => ROUND 4 ;o)

On Monday 21 March 2005 09:45, [EMAIL PROTECTED] wrote:
> Okay
>
> I try this thing :
> mastok:/etc/samba # smbldap-useradd root
> mastok:/etc/samba # smbldap-usermod -u 0 -g 0 root
> mastok:/etc/samba # smbldap-usermod -a root
> mastok:/etc/samba # smbldap-passwd root
> #
> Administrator:x:998:512:Netbios Domain
> Administrator:/home/data1/samba/Administrator:/sbin/nologin
> nobody:x:999:514:nobody:/dev/null:/sbin/nologin
> root:x:0:0:System User:/home/data1/samba/root:/sbin/nologin
> #
> Connecting to the domain with account root.
> Computer Accout created :
> poil-barebone$:x:1005:515:Computer:/dev/null:/sbin/nologin
> But Access Deny on my Windows computer :(
>
>  check_ntlm_password:  authentication for user [root] -> [root] ->
> [root] succeeded
> [2005/03/21 17:38:14, 2] rpc_server/srv_samr_nt.c:_samr_lookup_domain(2482)
>   Returning domain sid for domain ARZUR-NT ->
> S-1-5-21-1874299889-3982645529-2160850509
> [2005/03/21 17:38:14, 2] passdb/pdb_ldap.c:init_group_from_ldap(2057)
>   init_group_from_ldap: Entry found for group: 515
> [2005/03/21 17:38:14, 2] passdb/pdb_ldap.c:init_ldap_from_sam(929)
>   init_ldap_from_sam: Setting entry for user: poil-barebone$
> [2005/03/21 17:38:14, 1] passdb/pdb_ldap.c:ldapsam_modify_entry(1552)
>   ldapsam_modify_entry: Failed to modify user dn=
> uid=poil-barebone$,ou=Computers,dc=arzur,dc=local with: Insufficient access
^^^

It would appear that your Samba configuration does not permit write access to 
the LDAP server. Did you set the LDAP admin password? This is done using:

smbpasswd -w 'secret'

- John T.

>
> [2005/03/21 17:38:14, 0] passdb/pdb_ldap.c:ldapsam_add_sam_account(1994)
>   ldapsam_add_sam_account: failed to modify/add user with uid =
> poil-barebone$ (dn = uid=poil-barebone$,ou=Computers,dc=arzur,dc=local)
> [2005/03/21 17:38:14, 0] rpc_server/srv_samr_nt.c:_samr_create_user(2272)
>   could not add user/computer poil-barebone$ to passdb.  Check permissions?
> [2005/03/21 17:38:15, 2] smbd/server.c:exit_server(575)

-- 
John H Terpstra
Samba-Team Member
Phone: +1 (650) 580-8668

Author:
The Official Samba-3 HOWTO & Reference Guide, ISBN: 0131453556
Samba-3 by Example, ISBN: 0131472216
Hardening Linux, ISBN: 0072254971
Other books in production.
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] SAMBA3 + LDAP = PDC => ROUND 4 ;o)

Okay
I try this thing :
mastok:/etc/samba # smbldap-useradd root
mastok:/etc/samba # smbldap-usermod -u 0 -g 0 root
mastok:/etc/samba # smbldap-usermod -a root
mastok:/etc/samba # smbldap-passwd root
#
Administrator:x:998:512:Netbios Domain 
Administrator:/home/data1/samba/Administrator:/sbin/nologin
nobody:x:999:514:nobody:/dev/null:/sbin/nologin
root:x:0:0:System User:/home/data1/samba/root:/sbin/nologin
#
Connecting to the domain with account root.
Computer Accout created : 
poil-barebone$:x:1005:515:Computer:/dev/null:/sbin/nologin
But Access Deny on my Windows computer :(

check_ntlm_password:  authentication for user [root] -> [root] -> 
[root] succeeded
[2005/03/21 17:38:14, 2] rpc_server/srv_samr_nt.c:_samr_lookup_domain(2482)
 Returning domain sid for domain ARZUR-NT -> 
S-1-5-21-1874299889-3982645529-2160850509
[2005/03/21 17:38:14, 2] passdb/pdb_ldap.c:init_group_from_ldap(2057)
 init_group_from_ldap: Entry found for group: 515
[2005/03/21 17:38:14, 2] passdb/pdb_ldap.c:init_ldap_from_sam(929)
 init_ldap_from_sam: Setting entry for user: poil-barebone$
[2005/03/21 17:38:14, 1] passdb/pdb_ldap.c:ldapsam_modify_entry(1552)
 ldapsam_modify_entry: Failed to modify user dn= 
uid=poil-barebone$,ou=Computers,dc=arzur,dc=local with: Insufficient access

[2005/03/21 17:38:14, 0] passdb/pdb_ldap.c:ldapsam_add_sam_account(1994)
 ldapsam_add_sam_account: failed to modify/add user with uid = 
poil-barebone$ (dn = uid=poil-barebone$,ou=Computers,dc=arzur,dc=local)
[2005/03/21 17:38:14, 0] rpc_server/srv_samr_nt.c:_samr_create_user(2272)
 could not add user/computer poil-barebone$ to passdb.  Check permissions?
[2005/03/21 17:38:15, 2] smbd/server.c:exit_server(575)

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] what are *.tdb files?

2005-03-21 Thread Adam Williams

In /varcache/samba/ I have several .tdb files.  Like brlock.tdb, 
locking.tdb, ntdrivers.tdb, etc.  Excusing my ignorance, what are these 
files, and what do they do?  And why must they be copied when migrating 
from one samba server to a new one?

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Re: Samba 2.2 vs. 3: Domain Member & Winbind quick question

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Tyler Thueson wrote:
|>search the list archives of samba-users for my name, I posted a patch to
|>winbindd a couple of years ago that solved this problem for me back then.
|
|
| Thank you very much for the reply!!
|
| I found your patch but it worries me that there is such
| a glaring bug in winbindd and that it's been there for four
| years.
Tyler,
I remember looking at your original mail.  I don't
remember the behavior striking me as a bug.  But if it is
a bug, then the way to get it fixed si to file a  bug
report at https://bugzilla.samba.org/.  Also, I don't remember
seeing the original patch so if you wouldn't mind attaching
that as well it would help.

cheers, jerry
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.2.5 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
iD8DBQFCPvjLIR7qMdg1EfYRAuFWAJ4mSgvmiwZ2MVVeWifee/FH3rj11QCfYNHx
TeozN42nKHCq1HhSMSVuA+4=
=xkVe
-END PGP SIGNATURE-
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Re: Samba 2.2 vs. 3: Domain Member & Winbind quick question

2005-03-21 Thread Tyler Thueson

> search the list archives of samba-users for my name, I posted a patch to 
> winbindd a couple of years ago that solved this problem for me back then. 

Thank you very much for the reply!!

I found your patch but it worries me that there is such a glaring bug
in winbindd and that it's been there for four years. One of the goals
of the Samba project is to replace Windows servers, but in this case
3.0 fails to do something that 2.2 did -- something I consider basic
functionality. But maybe using Samba as a member server in a Windows
domain is something that not very many people do?
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] users db problem

Marco,

Did you update the LDAP schema to the new one that ships with 3.0.12?

- John T.

On Monday 21 March 2005 00:31, Marco Marinelli tiscali wrote:
> Hi, i never post in this list before becouse all the developers did a
> great job before, but
> now i have a problem.
> I used samba 3.0.x for a long time without any problem with openldap as
> passwd backend, now with samba 3.0.12
> there are stange message when i try to change account's passwd:
>
> # smbpasswd Administrator
> New SMB password:
> Retype new SMB password:
> account_policy_get: tdb_fetch_uint32 failed for field 4 (maximum
> password age (seconds since 1970)), returning 0
> account_policy_get: tdb_fetch_uint32 failed for field 5 (minimum
> password age (seconds since 1970)), returning 0
>
> same thing when i try to modify the account's policy:
>
> # pdbedit -P 'maximum password age (seconds since 1970)' -C 0
> account_policy_get: tdb_fetch_uint32 failed for field 4 (maximum
> password age (seconds since 1970)), returning 0
> valid account policy, but unable to fetch value!
>
> I'm using slackware current with kernel 2.6.9, openldap 2.2.20 and
> nss_ldap, there are some changes that i must do for samba 3.0.12?
>
> Thanks!

-- 
John H Terpstra
Samba-Team Member
Phone: +1 (650) 580-8668

Author:
The Official Samba-3 HOWTO & Reference Guide, ISBN: 0131453556
Samba-3 by Example, ISBN: 0131472216
Hardening Linux, ISBN: 0072254971
Other books in production.
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

RE: [Samba] SAMBA3 + LDAP = PDC => ROUND 3!

2005-03-21 Thread Bruno Guerreiro

Yes it does allow ...
You must have in your smb.conf
add machine script = /path/to/smbldap-tools/smbldap-useradd -w "%u"

Best regards,
Bruno Guerreiro

-Original Message-
From: Mandar Kulkarni/PUN/IN/STTL [mailto:[EMAIL PROTECTED]
Sent: segunda-feira, 21 de Março de 2005 15:40
To: [EMAIL PROTECTED]
Cc: Bruno Guerreiro; samba@lists.samba.org;
[EMAIL PROTECTED]
Subject: Re: [Samba] SAMBA3 + LDAP = PDC => ROUND 3!



hi, 

I think you will have to create computer account in ldap using
smbldap-useradd.pl -w option before joining the system to domain. 
As far as i know, Samba does not allow to create the computer account on the
fly, i.e. when your joining the system to domain. 

If you have any idea about this then do let me know.

Thanks & Regards,
Mandar Kulkarni
Systems Administrator
Softcell Technologies Ltd. 


"[EMAIL PROTECTED]" <[EMAIL PROTECTED]> 
Sent by: [EMAIL PROTECTED] 
21/03/2005 08:44 PM ToBruno Guerreiro <[EMAIL PROTECTED]> 
[EMAIL PROTECTED] 
SubjectRe: [Samba] SAMBA3 + LDAP  = PDC => ROUND 3!







Thanks ...

Done,
Now When my windows XP try to join the domain, Accès refusé (Access Deny)
So my log :
 /var/lob/samba/log.poil-barebone
[2005/03/21 16:05:40, 2] lib/smbldap.c:smbldap_open_connection(692)
 smbldap_open_connection: connection opened
[2005/03/21 16:05:40, 2] passdb/pdb_ldap.c:init_sam_from_ldap(518)
 init_sam_from_ldap: Entry found for user: Administrator
[2005/03/21 16:05:40, 2] passdb/pdb_ldap.c:init_group_from_ldap(2057)
 init_group_from_ldap: Entry found for group: 512
[2005/03/21 16:05:40, 2] auth/auth.c:check_ntlm_password(305)
 check_ntlm_password:  authentication for user [Administrator] -> 
[Administrator] -> [Administrator] succeeded
[2005/03/21 16:05:40, 2] rpc_server/srv_samr_nt.c:_samr_lookup_domain(2482)
 Returning domain sid for domain ARZUR-NT -> 
S-1-5-21-1874299889-3982645529-2160850509
[2005/03/21 16:05:40, 2] 
rpc_server/srv_samr_nt.c:access_check_samr_object(93)
 _samr_open_domain: ACCESS DENIED  (requested: 0x0211)
[2005/03/21 16:05:40, 2] rpc_server/srv_samr_nt.c:_samr_lookup_domain(2482)
 Returning domain sid for domain ARZUR-NT -> 
S-1-5-21-1874299889-3982645529-2160850509
[2005/03/21 16:05:40, 2] 
rpc_server/srv_samr_nt.c:access_check_samr_function(115)
 _samr_create_user: ACCESS DENIED (granted: 0x0201;  required: 
0x0010)
[2005/03/21 16:05:41, 2] smbd/server.c:exit_server(575)
 Closing connections


Any Idea?

>Hi,
>Just my 2 cents.
>You're mapping administrator to root in your smbusers file.
>Try commenting the "root = Administrator admin "   line.
>
>Best regards,
>Bruno Guerreiro
>
>-Original Message-
>From: [EMAIL PROTECTED]
>[mailto:[EMAIL PROTECTED]
>Sent: segunda-feira, 21 de Março de 2005 14:56
>To: samba@lists.samba.org
>Subject: [Samba] SAMBA3 + LDAP = PDC => ROUND 3!
>
>
>Okay, I've upgrade samba, now I use samba3.schema who is with my suse 9.2
>So I delete all in /var/lib/ldap and in /var/lib/samba
>Redo smb-populate blablabla (from the howto 
>http://samba.idealx.org/smbldap-howto.en.html)
>
>So now when i would like to join my Samba domain :
>
>[2005/03/21 15:45:51, 2] auth/auth.c:check_ntlm_password(312)
>  check_ntlm_password:  Authentication for user [Administrator] -> 
>[root] FAILED with error NT_STATUS_NO_SUCH_USER
>
>When I SSH my box with login Administrator, it's okay! (no bash 
>/sbin/nologin)
>
>I go to cry !
>
>
>getent passwd :
>mastok:/etc/samba # getent passwd
>root:x:0:0:root:/root:/bin/bash
>...
>Administrator:x:998:512:Netbios Domain 
>Administrator:/home/data1/samba/Administrator:/sbin/nologin
>nobody:x:999:514:nobody:/dev/null:/sbin/nologin
>
>vi /etc/samba/smbusers :
>root = administrator
>
>
>
>
>  
>

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Multipile domain controllers?

2005-03-21 Thread TBMDF

Have set up a network with multipile Samba PDC's - one each network 
segment in
different locations - i.e. 10.3.x.x in Cardiff, 10.2.x.x in Glasgow 
with their
own PDC server.  Anyway, the networks are connected to each other via 
VPN - is
it possible for a computer in Cardiff to log on into the PDC 
controller in
Glasgow, even tho it's already set up to log in the Cardiff PDC?

You should also be able to with a TRUST RELATIONSHIP, between the 2 
domains.

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] PDC Migration - Mapping user []\[] from...

2005-03-21 Thread Mike Boyd

Hi,
I'm trying to migrate our PDC from samba 2.2.3 on redhat 7.3 to samba
3.0.10 on fedora core 3.  We use smbpasswd which I have copied to the
new server - all the unix users and groups are yp'd so they're the same
on both servers.
Everything seems to work fine initially.  Most people can log on and get
their roaming profile from most machines (they can all log in from their
own computer).  Only some combinations of user and machine fail (and no
combinations fail using the old server).  With logging set to auth:10
the first difference in the log between a successful login and an
unsuccessful one is:
successful:
[2005/03/18 11:11:27, 5] auth/auth_util.c:make_user_info_map(225)
  make_user_info_map: Mapping user [NTPSA]\[mb] from workstation [NAIAD]
unsuccessful:
[2005/03/18 11:15:05, 5] auth/auth_util.c:make_user_info_map(225)
  make_user_info_map: Mapping user []\[] from workstation [CORDELIA]
It seems like there is some user/machine state information being held
somewhere rather than the server just authenticating the machine and
user using smbpasswd and the unix users and groups.  I tried copying
over all the *.tdb files from /var/cache/samba as well, no dfference.  I
also tried deleting all the cached user info in c:\Docouments and
Settings on one of the machines with the problem, still no difference.
Any ideas? I'm really stuck :(  Oh yeah, here's my smb.conf
[global]
   workgroup = NTPSA
   netbios name = NT-AuthSvr
   netbios aliases = NT-PrintSvr NT-FileSvr
   server string = theta - Samba Server
   hosts allow = 62.189.125. 127. 81.86.215.217
   interfaces = 62.189.125.41/25
   socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
   load printers = no
   log level = auth:10
   log file = /var/log/samba/%m.log
   max log size = 1000
   security = user
   password level = 50
   username level = 10
   encrypt passwords = yes
   smb passwd file = /etc/samba/private/smbpasswd
   preserve case = yes
   short preserve case = yes
   default case = lower
   case sensitive = no
   mangled names = no
   nt acl support = no
   logon home = \\%N\%U
   logon drive = u:
   logon path = \\%N\%U\.winprofile\ntprofile
   local master = yes
   os level = 35
   domain master = yes
   preferred master = yes
   domain logons = yes
   time server = yes
   dns proxy = no
# Share Definitions
==
   idmap uid = 16777216-33554431
   idmap gid = 16777216-33554431
   template shell = /bin/false
   winbind use default domain = no
[homes]
   comment = %U's Home Directory
   browseable = no
   writeable = yes
[netlogon]
   comment = Network Logon Service
   path = /home/ntpsa/groups/%g
   browseable = no
[tmp]
   comment = Temporary file space
   path = /tmp
   writeable = yes
   inherit permissions = yes
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [samba] spelling mistake in utils/net_groupmap.c but isnt really a bug

Daniel,

Thanks. Fixed.

- John T.

On Monday 21 March 2005 06:37, Daniel Wilson wrote:
> Hi developers
>
> i have noticed a spelling mistake when you execute a net groupmap add
> command.
>
> For example
>
> bash#  net groupmap add unixgroup=uni-staff-planningfinance
> ntgroup=uni-staff-planningfinance type=domain comment='All Planning and
> Finance Staff'
> No rid or sid specified, choosing algorithmic mapping
> Successully added group uni-staff-planningfinance to the mapping db
>
>
> You noticed successully is missing an 'f' :)
>
> didnt think it was worth filling out a bug
>
> the error is in 'source/utils/net_groupmap.c' line 306, in version 3.0.12
>
> Regards
>
>
> --
> 
> Daniel Wilson
> Systems Administrator
>
> IT & Communications Service
> University of Sunderland
> Unit 1a Technology Park
> Chester Road
> Sunderland
> SR2 7PT
>
> Tel: 0191 515 2695
>
> This e-mail contains information which is confidential and may be
> privileged and is for the exclusive use of the recipient.
> It is the responsibility of the recipient to ensure that this message
> and its attachments are virus free.
> Any views or opinions presented are solely those of the author and do
> not necessarily represent those of the University, unless otherwise
> specifically
> stated.

-- 
John H Terpstra
Samba-Team Member
Phone: +1 (650) 580-8668

Author:
The Official Samba-3 HOWTO & Reference Guide, ISBN: 0131453556
Samba-3 by Example, ISBN: 0131472216
Hardening Linux, ISBN: 0072254971
Other books in production.
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] SAMBA3 + LDAP = PDC => ROUND 3!

2005-03-21 Thread Mandar Kulkarni/PUN/IN/STTL

hi,

I think you will have to create computer account in ldap using 
smbldap-useradd.pl -w option before joining the system to domain. 
As far as i know, Samba does not allow to create the computer account on 
the fly, i.e. when your joining the system to domain.

If you have any idea about this then do let me know.

Thanks & Regards,
Mandar Kulkarni
Systems Administrator
Softcell Technologies Ltd.



"[EMAIL PROTECTED]" <[EMAIL PROTECTED]> 
Sent by: [EMAIL PROTECTED]
21/03/2005 08:44 PM

To
Bruno Guerreiro <[EMAIL PROTECTED]>
cc
samba@lists.samba.org
Subject
Re: [Samba] SAMBA3 + LDAP  = PDC => ROUND 3!






Thanks ...

Done,
Now When my windows XP try to join the domain, Accès refusé (Access Deny)
So my log :
 /var/lob/samba/log.poil-barebone
[2005/03/21 16:05:40, 2] lib/smbldap.c:smbldap_open_connection(692)
  smbldap_open_connection: connection opened
[2005/03/21 16:05:40, 2] passdb/pdb_ldap.c:init_sam_from_ldap(518)
  init_sam_from_ldap: Entry found for user: Administrator
[2005/03/21 16:05:40, 2] passdb/pdb_ldap.c:init_group_from_ldap(2057)
  init_group_from_ldap: Entry found for group: 512
[2005/03/21 16:05:40, 2] auth/auth.c:check_ntlm_password(305)
  check_ntlm_password:  authentication for user [Administrator] -> 
[Administrator] -> [Administrator] succeeded
[2005/03/21 16:05:40, 2] 
rpc_server/srv_samr_nt.c:_samr_lookup_domain(2482)
  Returning domain sid for domain ARZUR-NT -> 
S-1-5-21-1874299889-3982645529-2160850509
[2005/03/21 16:05:40, 2] 
rpc_server/srv_samr_nt.c:access_check_samr_object(93)
  _samr_open_domain: ACCESS DENIED  (requested: 0x0211)
[2005/03/21 16:05:40, 2] 
rpc_server/srv_samr_nt.c:_samr_lookup_domain(2482)
  Returning domain sid for domain ARZUR-NT -> 
S-1-5-21-1874299889-3982645529-2160850509
[2005/03/21 16:05:40, 2] 
rpc_server/srv_samr_nt.c:access_check_samr_function(115)
  _samr_create_user: ACCESS DENIED (granted: 0x0201;  required: 
0x0010)
[2005/03/21 16:05:41, 2] smbd/server.c:exit_server(575)
  Closing connections


Any Idea?

>Hi,
>Just my 2 cents.
>You're mapping administrator to root in your smbusers file.
>Try commenting the "root = Administrator admin "   line.
>
>Best regards,
>Bruno Guerreiro
>
>-Original Message-
>From: [EMAIL PROTECTED]
>[mailto:[EMAIL PROTECTED]
>Sent: segunda-feira, 21 de Março de 2005 14:56
>To: samba@lists.samba.org
>Subject: [Samba] SAMBA3 + LDAP = PDC => ROUND 3!
>
>
>Okay, I've upgrade samba, now I use samba3.schema who is with my suse 9.2
>So I delete all in /var/lib/ldap and in /var/lib/samba
>Redo smb-populate blablabla (from the howto 
>http://samba.idealx.org/smbldap-howto.en.html)
>
>So now when i would like to join my Samba domain :
>
>[2005/03/21 15:45:51, 2] auth/auth.c:check_ntlm_password(312)
>  check_ntlm_password:  Authentication for user [Administrator] -> 
>[root] FAILED with error NT_STATUS_NO_SUCH_USER
>
>When I SSH my box with login Administrator, it's okay! (no bash 
>/sbin/nologin)
>
>I go to cry !
>
>
>getent passwd :
>mastok:/etc/samba # getent passwd
>root:x:0:0:root:/root:/bin/bash
>...
>Administrator:x:998:512:Netbios Domain 
>Administrator:/home/data1/samba/Administrator:/sbin/nologin
>nobody:x:999:514:nobody:/dev/null:/sbin/nologin
>
>vi /etc/samba/smbusers :
>root = administrator
>
>
>
>
> 
>

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Re: Winbind vs pam_krb5/nss_ldap

2005-03-21 Thread Rex Dieter

AD. wrote:
Winbind users need to log on using DOMAIN\USER, while pam_krb5 users
just need to use USER for their default realm. Or am I wrong about
that one?
Wrong.  I believe you need to set in smb.conf
realm = DOMAIN
to make that work.
-- Rex
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] SAMBA3 + LDAP = PDC => ROUND 3!

Thanks ...
Done,
Now When my windows XP try to join the domain, Accès refusé (Access Deny)
So my log :
 /var/lob/samba/log.poil-barebone
[2005/03/21 16:05:40, 2] lib/smbldap.c:smbldap_open_connection(692)
 smbldap_open_connection: connection opened
[2005/03/21 16:05:40, 2] passdb/pdb_ldap.c:init_sam_from_ldap(518)
 init_sam_from_ldap: Entry found for user: Administrator
[2005/03/21 16:05:40, 2] passdb/pdb_ldap.c:init_group_from_ldap(2057)
 init_group_from_ldap: Entry found for group: 512
[2005/03/21 16:05:40, 2] auth/auth.c:check_ntlm_password(305)
 check_ntlm_password:  authentication for user [Administrator] -> 
[Administrator] -> [Administrator] succeeded
[2005/03/21 16:05:40, 2] rpc_server/srv_samr_nt.c:_samr_lookup_domain(2482)
 Returning domain sid for domain ARZUR-NT -> 
S-1-5-21-1874299889-3982645529-2160850509
[2005/03/21 16:05:40, 2] 
rpc_server/srv_samr_nt.c:access_check_samr_object(93)
 _samr_open_domain: ACCESS DENIED  (requested: 0x0211)
[2005/03/21 16:05:40, 2] rpc_server/srv_samr_nt.c:_samr_lookup_domain(2482)
 Returning domain sid for domain ARZUR-NT -> 
S-1-5-21-1874299889-3982645529-2160850509
[2005/03/21 16:05:40, 2] 
rpc_server/srv_samr_nt.c:access_check_samr_function(115)
 _samr_create_user: ACCESS DENIED (granted: 0x0201;  required: 
0x0010)
[2005/03/21 16:05:41, 2] smbd/server.c:exit_server(575)
 Closing connections


Any Idea?
Hi,
Just my 2 cents.
You're mapping administrator to root in your smbusers file.
Try commenting the "root = Administrator admin "   line.
Best regards,
Bruno Guerreiro
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]
Sent: segunda-feira, 21 de Março de 2005 14:56
To: samba@lists.samba.org
Subject: [Samba] SAMBA3 + LDAP = PDC => ROUND 3!
Okay, I've upgrade samba, now I use samba3.schema who is with my suse 9.2
So I delete all in /var/lib/ldap and in /var/lib/samba
Redo smb-populate blablabla (from the howto 
http://samba.idealx.org/smbldap-howto.en.html)

So now when i would like to join my Samba domain :
[2005/03/21 15:45:51, 2] auth/auth.c:check_ntlm_password(312)
 check_ntlm_password:  Authentication for user [Administrator] -> 
[root] FAILED with error NT_STATUS_NO_SUCH_USER

When I SSH my box with login Administrator, it's okay! (no bash 
/sbin/nologin)

I go to cry !

getent passwd :
mastok:/etc/samba # getent passwd
root:x:0:0:root:/root:/bin/bash
...
Administrator:x:998:512:Netbios Domain 
Administrator:/home/data1/samba/Administrator:/sbin/nologin
nobody:x:999:514:nobody:/dev/null:/sbin/nologin

vi /etc/samba/smbusers :
root = administrator



 

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Cant connect to samba server

2005-03-21 Thread indgirl 6

i dont think i am using WINS. I have tried putting the entry of samba server 
into the locan lmhosts file but of no consequence.

Also i restart the smb and nbm service after any change i make, be it on the 
windows side or linux / samba side.

Please advice.

TBMDF <[EMAIL PROTECTED]> wrote:

On Mar 21, 2005, at 6:31 AM, indgirl 6 wrote:

> Hi,
>
> I can ping to the server form windows machine, and vice versa. I can 
> even telnet to server form windows machine. PLease tell me what other 
> check i should do.
>
>
>
Do you have WINS running? canyou see the server in the Net Hood? try 
using a hosts/lmhosts file temporarily on the workstations.

-
Do you Yahoo!?
 Yahoo! Small Business - Try our new resources site! 
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Problem with domain membership

2005-03-21 Thread Jochen Witte

One update: when trying security=server on the fileserver side, I can
log on to the fileserver. But i do not want security=server! Any hints
out there?

Regards
Jochen


Am Samstag, den 19.03.2005, 13:11 +0100 schrieb Jochen Witte:
> Hello,
> 
> I have a Samba 3.0.11/LDAP-Backend PDC configured and I am able to join
> all kinds of machines quite well. However my Samba 2.2.12 Linux
> Fileserver is just able to join the domain:
> 
> ---snip---
> 
> [EMAIL PROTECTED]/opt/samba> smbpasswd -j  -r  -U
> Administrator
> Password: 
> Joined domain 
> ---snip---
> 
> When I now try to access my Fileserver with a valid PDC account, I get:
> 
> ---snip---
> [EMAIL PROTECTED]/opt/samba> /opt/samba/bin/smbclient -L //hal -U jwitte -W
>   -d4
> Serverzone is 0
> Initialising global parameters
> params.c:pm_process() - Processing configuration file
> "/opt/samba-2.2.12/lib/smb.conf"
> Processing section "[global]"
> doing parameter workgroup = 
> doing parameter netbios name = HAL
> handle_netbios_name: set global_myname to: HAL
> doing parameter server string = Samba 2.2.12 on HAL
> doing parameter log file = /var/log/samba/%m-log.smbd
> doing parameter lock dir = /var/lock/samba
> doing parameter template homedir = /home/%U
> doing parameter guest account = ftp
> doing parameter socket options = IPTOS_LOWDELAY TCP_NODELAY
> SO_SNDBUF=8192 SO_RCVBUF=8192 SO_KEEPALIVE
> doing parameter kernel oplocks = yes
> doing parameter log level = 4
> doing parameter debuglevel = 4
> doing parameter security = domain
> doing parameter encrypt passwords = yes
> doing parameter password server = *
> doing parameter os level = 33
> doing parameter local master = no
> doing parameter wins server = 10.128.0.24
> wins_srv_load_list(): Building WINS server list:
> 10.128.0.24,
> 1 WINS server listed.
> doing parameter dns proxy = no
> pm_process() returned Yes
> added interface ip=10.128.0.23 bcast=10.128.0.255 nmask=255.255.255.0
> Client started (version 2.2.12).
> resolve_lmhosts: Attempting lmhosts lookup for name hal<0x20>
> resolve_hosts: Attempting host lookup for name hal<0x20>
> Connecting to 10.128.0.23 at port 139
>  session request ok
> Password: 
> session setup failed: NT_STATUS_LOGON_FAILURE
> 
> ---snip---
> 
> On the PDC side I get the following:
> 
> ---snip---
> 
> [2005/03/19 13:08:22, 3] smbd/oplock.c:init_oplocks(1345)
>   open_oplock_ipc: opening loopback UDP socket.
> [2005/03/19 13:08:22, 3] smbd/oplock_linux.c:linux_init_kernel_oplocks
> (303)
>   Linux kernel oplocks enabled
> [2005/03/19 13:08:22, 3] smbd/oplock.c:init_oplocks(1376)
>   open_oplock ipc: pid = 349, global_oplock_port = 36763
> [2005/03/19 13:08:22, 4] lib/time.c:get_serverzone(122)
>   Serverzone is -3600
> [2005/03/19 13:08:22, 3] smbd/process.c:process_smb(1091)
>   Transaction 0 of length 168
> [2005/03/19 13:08:22, 3] smbd/process.c:switch_message(886)
>   switch message SMBnegprot (pid 349) conn 0x0
> [2005/03/19 13:08:22, 3] smbd/sec_ctx.c:set_sec_ctx(288)
>   setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
> [2005/03/19 13:08:22, 3] smbd/negprot.c:reply_negprot(461)
>   Requested protocol [PC NETWORK PROGRAM 1.0]
> [2005/03/19 13:08:22, 3] smbd/negprot.c:reply_negprot(461)
>   Requested protocol [MICROSOFT NETWORKS 1.03]
> [2005/03/19 13:08:22, 3] smbd/negprot.c:reply_negprot(461)
>   Requested protocol [MICROSOFT NETWORKS 3.0]
> [2005/03/19 13:08:22, 3] smbd/negprot.c:reply_negprot(461)
>   Requested protocol [LANMAN1.0]
> [2005/03/19 13:08:22, 3] smbd/negprot.c:reply_negprot(461)
>   Requested protocol [LM1.2X002]
> [2005/03/19 13:08:22, 3] smbd/negprot.c:reply_negprot(461)
>   Requested protocol [Samba]
> [2005/03/19 13:08:22, 3] smbd/negprot.c:reply_nt1(327)
>   not using SPNEGO
> [2005/03/19 13:08:22, 3] smbd/negprot.c:reply_negprot(555)
>   Selected protocol NT LANMAN 1.0
> [2005/03/19 13:08:22, 3] smbd/process.c:process_smb(1091)
>   Transaction 1 of length 92
> [2005/03/19 13:08:22, 3] smbd/process.c:switch_message(886)
>   switch message SMBsesssetupX (pid 349) conn 0x0
> [2005/03/19 13:08:22, 3] smbd/sec_ctx.c:set_sec_ctx(288)
>   setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
> [2005/03/19 13:08:22, 3] smbd/sesssetup.c:reply_sesssetup_and_X(655)
>   wct=13 flg2=0xc001
> [2005/03/19 13:08:22, 3] smbd/sesssetup.c:reply_sesssetup_and_X(789)
>   Domain=[]  NativeOS=[Unix] NativeLanMan=[Samba] PrimaryDomain=[]
> [2005/03/19 13:08:22, 3] smbd/sesssetup.c:reply_sesssetup_and_X(804)
>   sesssetupX:[EMAIL PROTECTED]
> [2005/03/19 13:08:22, 3] smbd/sesssetup.c:check_guest_password(116)
>   Got anonymous request
> [2005/03/19 13:08:22, 3] auth/auth.c:check_ntlm_password(219)
>   check_ntlm_password:  Checking password for unmapped user [EMAIL PROTECTED]
> with the new password interface
> [2005/03/19 13:08:22, 3] auth/auth.c:check_ntlm_password(222)
>   check_ntlm_password:  mapped user is: [EMAIL PROTECTED]
> [2005/03/19 13:08:22, 3] auth/auth.c:check_ntlm_password(268)
>   check_ntlm_password: guest authentication for user [] succeeded
>

RE: [Samba] SAMBA3 + LDAP = PDC => ROUND 3!

2005-03-21 Thread Bruno Guerreiro

Hi,
Just my 2 cents.
You're mapping administrator to root in your smbusers file.
Try commenting the "root = Administrator admin "   line.

Best regards,
Bruno Guerreiro

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]
Sent: segunda-feira, 21 de Março de 2005 14:56
To: samba@lists.samba.org
Subject: [Samba] SAMBA3 + LDAP = PDC => ROUND 3!


Okay, I've upgrade samba, now I use samba3.schema who is with my suse 9.2
So I delete all in /var/lib/ldap and in /var/lib/samba
Redo smb-populate blablabla (from the howto 
http://samba.idealx.org/smbldap-howto.en.html)

So now when i would like to join my Samba domain :

[2005/03/21 15:45:51, 2] auth/auth.c:check_ntlm_password(312)
  check_ntlm_password:  Authentication for user [Administrator] -> 
[root] FAILED with error NT_STATUS_NO_SUCH_USER

When I SSH my box with login Administrator, it's okay! (no bash 
/sbin/nologin)

I go to cry !


getent passwd :
mastok:/etc/samba # getent passwd
root:x:0:0:root:/root:/bin/bash
...
Administrator:x:998:512:Netbios Domain 
Administrator:/home/data1/samba/Administrator:/sbin/nologin
nobody:x:999:514:nobody:/dev/null:/sbin/nologin

vi /etc/samba/smbusers :
root = administrator




-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] SAMBA3 + LDAP = PDC => ROUND 3!

Okay, I've upgrade samba, now I use samba3.schema who is with my suse 9.2
So I delete all in /var/lib/ldap and in /var/lib/samba
Redo smb-populate blablabla (from the howto 
http://samba.idealx.org/smbldap-howto.en.html)

So now when i would like to join my Samba domain :
[2005/03/21 15:45:51, 2] auth/auth.c:check_ntlm_password(312)
 check_ntlm_password:  Authentication for user [Administrator] -> 
[root] FAILED with error NT_STATUS_NO_SUCH_USER

When I SSH my box with login Administrator, it's okay! (no bash 
/sbin/nologin)

I go to cry !

getent passwd :
mastok:/etc/samba # getent passwd
root:x:0:0:root:/root:/bin/bash
...
Administrator:x:998:512:Netbios Domain 
Administrator:/home/data1/samba/Administrator:/sbin/nologin
nobody:x:999:514:nobody:/dev/null:/sbin/nologin

vi /etc/samba/smbusers :
root = administrator



--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Top posting is evil

2005-03-21 Thread Ted Kaczmarek

Please don't top post to mailing lists, many people will send your mail
to /dev/null it is also very hard to read a thread when replies are top
posted. I can understand one liners but even then you get enough one
liners and you end up with a mess.


Ted

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Cant connect to samba server

2005-03-21 Thread Adam Williams

did you restart samba after making the changes to smb.conf? Also, try
telnetting to the samba tcp/ip ports. so telnet samba_server_ip 135
(and 137, 139, 445) see if you can connect to any or go to
www.insecure.org/nmap and run the nmap scanner against the TCP ports of
the samba server ip and see what it reports to you (do all of this from
one of the windows pc's unable to connect to the samba server)

indgirl 6 wrote:
Hi,
I can ping to the server form windows machine, and vice versa. I can even
telnet to server form windows machine. PLease tell me what other check i should
do.

Ted Kaczmarek <[EMAIL PROTECTED]> wrote:
On Fri, 2005-03-18 at 14:26 -0800, indgirl 6 wrote:

Hi All,
This is very urgent, please help me.
I have a redhat machine (2.4.9-e.24) which is acting as a samba server (samba - 2.2.7)
Everything was going smoothly until we changes the ip address of our windows machines.
Now if i try to connect to the server it gives me the error:
"windows cannot find '\\titan". Check the spelling and try again."
I have tried connecting by using the IP address too but i get the same error.

I have added the new ip range in to the smb.conf file. I even tried (for
testing purpose) adding the IP address of my windows machine and see if i can
connect but i still cant connect. Please advice what i am doing wrong here.
I went through the DIAGNOSTICS.txt and failed at
test 8 with the error: System error 53 has occurred. The network path was not found.
test 9 with the error: System error 59 has occurred. An unexpected network error occurred.

test 10 with the error: querying delta on 12.20.194.255
querying delta on 12.20.194.255
name_query failed to find name delta#1d
Test 11: cant browse
I know this is sone kind of network issue, but i fail to see where...

Can the windows machine even ping the samba server?
Ping, traceroute (tracert) tcpdump and or ethereal, as well as the samba
logs files might tell you more.

Look at things in smaller pieces, make sure the little pieces are doing
their work before you look at the assembly of pieces.
Ted

-
Do you Yahoo!?
Yahoo! Small Business - Try our new resources site!

--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Cant connect to samba server

2005-03-21 Thread indgirl 6

Hi,
 
I can ping to the server form windows machine, and vice versa. I can even 
telnet to server form windows machine. PLease tell me what other check i should 
do.
 


Ted Kaczmarek <[EMAIL PROTECTED]> wrote:
On Fri, 2005-03-18 at 14:26 -0800, indgirl 6 wrote:
> Hi All,
> This is very urgent, please help me.
> 
> I have a redhat machine (2.4.9-e.24) which is acting as a samba server (samba 
> - 2.2.7)
> Everything was going smoothly until we changes the ip address of our windows 
> machines. 
> Now if i try to connect to the server it gives me the error:
> "windows cannot find '\\titan". Check the spelling and try again."
> I have tried connecting by using the IP address too but i get the same error.
> 
> I have added the new ip range in to the smb.conf file. I even tried (for 
> testing purpose) adding the IP address of my windows machine and see if i can 
> connect but i still cant connect. Please advice what i am doing wrong here.
> 
> I went through the DIAGNOSTICS.txt and failed at 
> test 8 with the error: System error 53 has occurred. The network path was not 
> found.
> test 9 with the error: System error 59 has occurred. An unexpected network 
> error occurred.
> 
> test 10 with the error: querying delta on 12.20.194.255
> querying delta on 12.20.194.255
> name_query failed to find name delta#1d
> 
> Test 11: cant browse
> 
> I know this is sone kind of network issue, but i fail to see where... 
> 
> 
Can the windows machine even ping the samba server?

Ping, traceroute (tracert) tcpdump and or ethereal, as well as the samba
logs files might tell you more. 


Look at things in smaller pieces, make sure the little pieces are doing
their work before you look at the assembly of pieces.

Ted



-
Do you Yahoo!?
 Yahoo! Small Business - Try our new resources site! 
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] quota support in samba

2005-03-21 Thread Christoph Klein

Hi,
We have a samba server with quota enforced on our mounts. linux tools
like repquota, quota and edquota work, but samba cant retrieve quota
information from the fs. i think the interesting log lines are as
follows:
[2005/03/21 15:01:46, 10]
lib/sysquotas_linux.c:sys_get_linux_gen_quota(316)
  sys_get_linux_gen_quota: path[/home] bdev[/dev/sda3]
  SMB_USER_QUOTA_TYPE uid[2 0692]
[2005/03/21 15:01:46, 10]
  lib/sysquotas_linux.c:sys_get_linux_gen_quota(319)
  errno 3
  sys_get_linux_v2_quota: path[/home] bdev[/dev/sda3]
  SMB_USER_QUOTA_TYPE uid[20692]
[2005/03/21 15:01:46, 10]
  lib/sysquotas_linux.c:sys_get_linux_v2_quota(184)
  errno 22
  sys_get_linux_v1_quota: path[/home] bdev[/dev/sda3]
  SMB_USER_QUOTA_TYP E uid[20692]
[2005/03/21 15:01:46, 10]
  lib/sysquotas_linux.c:sys_get_linux_v1_quota(49)
  errno 22
  sys_get_vfs_quota() failed for mntpath[/home]
  bdev[/dev/sda3] qtype[2] id[20692]: Invalid argument

my smbd is compiled withe the following options:
smbd -b | grep -i quota:
   HAVE_SYS_QUOTA_H
   HAVE_LINUX_XFS_QUOTAS
   HAVE_QUOTACTL_LINUX
   HAVE_SYS_QUOTAS
   HAVE_XFS_QUOTAS
   WITH_QUOTAS
   WITH_QUOTAS
   vfs_default_quota_init


does anyone of you have a similar problem?

thanks in advance

christoph
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] File copying under WIN98

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Jens Wulf wrote:
| with the Samba3.0.12 release i encountered the following
| problem : when i try to copy a file from a samba
| share to the local disk then the  process hangs with
| the windows-message "Preparing to copy" (my translation
| from the german message). In a WIN98-DOS-Windows the
| copy command hangs too, but the file is created.
| The copying from my WIN-XP HOME works.
| My previous installed version 3.0.9 worked fine with
| the same  configuration (smb.conf)
|
| does anyone have this problem too - and maybe a
| solution except  reinstalling old samba ?
I've been able to reproduce this.  Looks like eitehr (a) we
stumbled on a Win98 bug, or (b) more probably we stuffed
the trans2FindNext response.
See
https://bugzilla.samba.org/show_bug.cgi?id=2501
for the actual bug report.  We'll have a patch out later
today.


cheers, jerry
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.2.5 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
iD8DBQFCPs60IR7qMdg1EfYRAhBuAJ4zKn+B6H9gwN/PffQUttNAlxRUJgCeNNxp
NZVMwT0HpbNouEO+P4vUvDE=
=44cj
-END PGP SIGNATURE-
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[samba] spelling mistake in utils/net_groupmap.c but isnt really a bug

2005-03-21 Thread Daniel Wilson

Hi developers
i have noticed a spelling mistake when you execute a net groupmap add 
command.

For example
bash#  net groupmap add unixgroup=uni-staff-planningfinance 
ntgroup=uni-staff-planningfinance type=domain comment='All Planning and 
Finance Staff'
No rid or sid specified, choosing algorithmic mapping
Successully added group uni-staff-planningfinance to the mapping db

You noticed successully is missing an 'f' :)
didnt think it was worth filling out a bug
the error is in 'source/utils/net_groupmap.c' line 306, in version 3.0.12
Regards
--

Daniel Wilson
Systems Administrator
IT & Communications Service
University of Sunderland
Unit 1a Technology Park
Chester Road
Sunderland
SR2 7PT
Tel: 0191 515 2695
This e-mail contains information which is confidential and may be 
privileged and is for the exclusive use of the recipient.
It is the responsibility of the recipient to ensure that this message 
and its attachments are virus free.
Any views or opinions presented are solely those of the author and do 
not necessarily represent those of the University, unless otherwise 
specifically
stated.

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Winbind and openSSH problem on Solaris 8/Sparc

2005-03-21 Thread Disatnik Gil

Hello there,
 
I have winbind configured and working fine on a Solaris 8 machine
pam is configured ok (I guess) as telnet/su'ing/smb access  is working
fine, OpenSSH 3.9 is configured with the following options:
--prefix=/usr/local --sysconfdir=/etc/ssh --with-md5-passwords
--with-default-path=/usr/local/sbin:/usr/sbin:/sbin:/usr/local/bin:/usr/
bin:/bin --with-ipv4-default --with-privsep-path=/var/empty
--with-privsep-user=sshd --with-ssl-dir=/tmp/openssl-0.9.7e
--with-zlib=/tmp/zlib1.2.2 --with-pam

Yet, when trying to login, this is what I see in the messages file:

sshd[21182]: [ID 401707 auth.error] open_module:
/usr/lib/security/pam_winbind.so failed: ld.so.1: /usr/local/sbin/sshd:
fatal: relocation error: file /usr/lib/security/pam_winbind.so: symbol
main: referenced symbol not found
sshd[21182]: [ID 487707 auth.error] load_modules: can not open module
/usr/lib/security/pam_winbind.so
sshd[21180]: [ID 800047 auth.error] error: PAM: Dlopen failure for
illegal user my_user from x.x.x.x 
 
Another issue, not related to this problem - 
(happens on Solaris 8/sparc machines only) - sometimes when I login
while winbind is enabled and running, every command I run is running in
the background automatically... this is really annoying...
 
Any suggestions?
 
Thanks.
 
pam.conf:
 
#
#ident  "@(#)pam.conf   1.1601/01/24 SMI"
#
# Copyright (c) 1996-2000 by Sun Microsystems, Inc.
# All rights reserved.
#
# PAM configuration
#
# Authentication management
#
login   auth required/usr/lib/security/pam_winbind.so
login   auth requisite  pam_authtok_get.so.1
login   auth required   pam_dhkeys.so.1
login   auth required   pam_unix_auth.so.1 try_first_pass
login   auth required   pam_dial_auth.so.1 try_first_pass
#
rlogin  auth sufficient /usr/lib/security/pam_winbind.so
rlogin  auth sufficient pam_rhosts_auth.so.1
rlogin  auth requisite  pam_authtok_get.so.1
rlogin  auth required   pam_dhkeys.so.1
rlogin  auth required   pam_unix_auth.so.1 try_first_pass
#
dtlogin auth sufficient /usr/lib/security/pam_winbind.so
dtlogin auth requisite  pam_authtok_get.so.1
dtlogin auth required   pam_dhkeys.so.1
dtlogin auth required   pam_unix_auth.so.1 try_first_pass
#
rsh auth sufficient pam_rhosts_auth.so.1
rsh auth required   pam_unix_auth.so.1
other   auth sufficient /usr/lib/security/pam_winbind.so
other   auth requisite  pam_authtok_get.so.1
other   auth required   pam_dhkeys.so.1
other   auth required   pam_unix_auth.so.1 try_first_pass
#
# Account management
#
login   account sufficient  /usr/lib/security/pam_winbind.so
login   account requisite   pam_roles.so.1
login   account requiredpam_projects.so.1
login   account requiredpam_unix_account.so.1
#
dtlogin account sufficient  /usr/lib/security/pam_winbind.so
dtlogin account requisite   pam_roles.so.1
dtlogin account requiredpam_projects.so.1
dtlogin account requiredpam_unix_account.so.1
#
other   account sufficient  /usr/lib/security/pam_winbind.so
other   account requisite   pam_roles.so.1
other   account requiredpam_projects.so.1
other   account requiredpam_unix_account.so.1
#
# Session management
#
other   session requiredpam_unix_session.so.1
#
# Password management
#
#other  password sufficient /usr/lib/security/pam_winbind.so
other   password required   pam_dhkeys.so.1
other   password requisite  pam_authtok_get.so.1
other   password requisite  pam_authtok_check.so.1
other   password required   pam_authtok_store.so.1
dtsession   auth requisite  pam_authtok_get.so.1
dtsession   auth required   pam_dhkeys.so.1
dtsession   auth required   pam_unix_auth.so.1
#
# Support for Kerberos V5 authentication (uncomment to use Kerberos)
#
#rlogin auth optional   pam_krb5.so.1 try_first_pass
#login  auth optional   pam_krb5.so.1 try_first_pass
#dtloginauth optional   pam_krb5.so.1 try_first_pass
#other  auth optional   pam_krb5.so.1 try_first_pass
#dtloginaccount optionalpam_krb5.so.1
#other  account optionalpam_krb5.so.1
#other  session optionalpam_krb5.so.1
#other  password optional   pam_krb5.so.1 try_first_pass
#
# Support for Solaris PPP (sppp)
ppp auth requisite  pam_authtok_get.so.1
ppp auth required   pam_dhkeys.so.1
ppp auth required   pam_unix_auth.so.1
ppp authrequiredpam_dial_auth.so.1
ppp account requisite   pam_roles.so.1
ppp account requiredpam_projects.so.1
ppp account requiredpam_unix_account.so.1
ppp session required

[Samba] HOWTO critics wanted :-) No, seriously

2005-03-21 Thread Jim C.

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Take your best shots! ;-)
Help me make this page better by telling me what is wrong.  I'll even
give you some tips on what I am unsatisfied with:
1. M$'s User Manager for Domains has never worked.
2. I've never been able to get virus scanning operational.
http://tinyurl.com/4x3bl
- --
- -
| I can be reached on the following Instant Messenger services: |
|---|
| MSN: j_c_llings @ hotmail.com  AIM: WyteLi0n  ICQ: 123291844  |
|---|
| Y!: j_c_llingsJabber: jcllings @ njs.netlab.cz|
- -
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.2.5 (MingW32)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
iD8DBQFCPsgS57L0B7uXm9oRAhzpAJ9GSk95d42rGbAiQ3niHIvbedzpAACdEWWl
tfX5w1XJIKI4mJ6axaTDfcQ=
=5c/6
-END PGP SIGNATURE-
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] File copying under WIN98

2005-03-21 Thread Jens Wulf

with the Samba3.0.12 release i encountered the following problem :
when i try to copy a file from a samba share to the local disk then the 
process hangs with the windows-message
"Preparing to copy" (my translation from the german message).
In a WIN98-DOS-Windows the copy command hangs too, but the file is created.
The copying from my WIN-XP HOME works.
My previous installed version 3.0.9 worked fine with the same configuration 
(smb.conf)

does anyone have this problem too - and maybe a solution except reinstalling 
old samba ?

Greetings
Jens
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] repost: permission mix-up happening

2005-03-21 Thread Banibrata Dutta

Reposting -- didn't notice my post appear.

Hi,

Presently I am facing a problem configuring our new SAMBA based file-server.
Previously we used my workstation as a fileserver for our team (of
about 12 users). Recently I moved all that stuff to a machine running
Mandrak 10.1 Official (IA32). The way I configured samba is as follows
(from smb.conf):

[global]
 workgroup = ASIAPACIFIC
 netbios name = ocscfs
 security = user
 encrypt passwords = yes
 dns proxy = no

[USC-REPOSITORY]
  comment = USC-REPOSITORY
  path = /home/USC-REPOSITORY
  browseable = yes
  writable = yes

I've copied the entire repository of info. from Win2000 machine (old
Server) to /home/USC-REPOSITORY (on this server), as "root/root". I've
created the unix user id's for all 12 users, with their shell as
/usr/bin/false, as recommended in a SAMBA tutorial. Now what happens
is that all 12 of us are able to connect, and able to access all files
in READ-ONLY mode, but not able to write/change anything. So what I
did was did a # chown - R guest:users /home/USC-REPOSITORY # find
/home/USC-REPOSITORY -type d -print | xargs chmod 777 # find
/home/USC-REPOSITORY -type f -print | xargs chmod 666 i..e. all
directories have rwx & all files have rw- permissions, and owner for
everything is "guest:users". Note that all other 12 users also have
group-id="users" and "guest" is the 13th user with exactly same
properties as other users.

Now I am still able to read everything and browse thru all
directories, but when I see the "Properties->Security" of the
directories and files from within the Win2K-Pro or WinXP-Pro clients,
it show no-permission to "Everyone" or anyone!! So basically we can
neither edit/create/delete files/directories, nor change their
permissions.

Could someone suggest as to how we can configure SAMBA and the files
in the repository s.t. everyone is able to create files/directories,
edit/delete them, and maybe even change Security settings for the
files.

Thanks & regards,
Bani
-- 

Diamond is a piece of coal that did well under pressure.
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Denied connection for correct conf inside firewall protec tion

2005-03-21 Thread Santos Rodrigo-ARS052


I did some tests with test server using Samba 2.2.8a. I received some 
strange messages in the log file that cannot be with below configuration:
_
# ../bin/testparm -x -L pscdv001 ../lib/smb.conf | more
Load smb config files from ../lib/smb.conf
Processing section "[DVfcsload]"
Processing section "[rodrigo]"
Processing section "[ipc$]"
Loaded services file OK.
WARNING: You have some share names that are longer than 8 chars
These may give errors while browsing or may not be accessible
to some older clients
Press enter to see a dump of your service definitions
# Global parameters
[global]
workgroup = MFG4
netbios aliases = pscdv001
server string = Samba Server - Desenvolvimento 3
encrypt passwords = Yes
null passwords = Yes
smb passwd file = /etc/smbpasswd
password level = 8
username level = 8
log level = 0
log file = /var/log/samba/%L/log.%m
max log size = 50
deadtime = 4
socket options = TCP_NODELAY SO_SNDBUF=8192 SO_RCVBUF=8192
include = /usr/local/samba/lib/smb.conf.pscdv001

[rodrigo]
comment = My folder
path = /home/rodrigo
read only = No
create mask = 0775
directory mask = 0775
hosts allow = 187.10.16.XXX

[ipc$]
path = /tmp
hosts allow = 187.10.16.0/23 127.0.0.1
hosts deny = 0.0.0.0/0
_

From my desktop I mapped the SHARE [rodrigo] and I have no problems to 
access it. Therefore, analysing the logs files, specifically the client log 
file in the server, I saw some weird messages:

...
[2005/03/15 18:04:18, 0] lib/access.c:check_access(333)
  Denied connection from  (187.10.16.XXX)
...

The weird thing is that this messages are logged only when I open some 
file inside the shared directory from samba. Using "windows explorer", I mapped 
the share inside windows explorer and using on the server the command "tail -f 
log.client". At the moment of openning file, a tenth of this messages are 
logged. The IP address showed is the IP of my Desktop and the open file 
operation is sucedeed without any error messages from windows. See also that in 
the smb.conf file, on the SHARE [rodrigo] I put a explicit configuration that 
allow my host 187.10.16.216 to access that SHARE.

Why these messages are logged ?? What is wrong inside my configuration 
?? Is wrong ?

Tks in advance,


Rodrigo José dos Santos
Solvo S.A. 
IT UNIX Administrator Senior (Solaris Specialist) 
Computing Engineer 
Phone: (55) 19 3847 6003 
Fax: (55) 19 3847 6230 
Mobile: (55) 19 8111 8560 

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

RE: [Samba] AD: Password problem?

2005-03-21 Thread Datatal AB - Gauffin, Jonas

Yes.

Changed passwd and shadow from "compat" to "files winbind"

Do i need to restart anything afterwards?

The docs says something about pam.d too. 
I dont have a pam_winbind.so anywhere, where do I get/compile it?

Additional info:
I've tried "wbinfo --authenticate %xxx" and it worked.

(It's running the debian 3.0 r4)

> -Original Message-
> From: Stuart Westbury [mailto:[EMAIL PROTECTED] 
> Sent: den 21 mars 2005 12:00
> To: Datatal AB - Gauffin, Jonas
> Subject: Re: [Samba] AD: Password problem?
> 
> have you added winbind to /etc/nsswitch.conf ?
> 
> Stuart
> 
> > Hello
> >
> > I can do wbinfo -u and wbinfo -g to see users and groups from our 
> > domain.
> > But if I do getent passwd I only see local passwords (and 
> acessing the 
> > shares from a winxp machine failes with incorrect name/password).
> > What can be wrong?
> >
> > Thanks,
> >   Jonas
> > --
> > To unsubscribe from this list go to the following URL and read the
> > instructions:  https://lists.samba.org/mailman/listinfo/samba
> >
> 
> 
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] SAMBA3+LDAP PDC - Cannot join the domain