Re: [Samba] smbd 100% systemload

[Matthias Henze]

hi jose,
thanks for the hint, but i do not think, dat this causes the problem. i use 
ldap on the whole system (pam, nss, mail, samba ...) so goups "should" be 
consistent.

# net groupmap list
users (S-1-5-21-2136796781-1836600926-1834964671-513) -> users
admins (S-1-5-21-2136796781-1836600926-1834964671-512) -> admins
guests (S-1-5-21-2136796781-1836600926-1834964671-514) -> guests
buchhaltung (S-1-5-21-2136796781-1836600926-1834964671-3005) -> buchhaltung
cheers
matthias
--On Freitag, April 01, 2005 09:27:30 +0200 "José M. Fandiño" 
<[EMAIL PROTECTED]> wrote:

Matthias Henze wrote:
hi,
thanks for the reply. this solves the problem only partialy. by now, i've
no more userer porcesses causing this. at the moment i've one root smbd
that causes 100% system load ...
root  8668 60.8  0.1 10356 2972 ?RMar31 1173:14
/usr/sbin/smbd -D
can some one please help? this is killing me ...
I remember a thread in the samba mailing list about 100% of cpu use and
the cause was a mapping to an inexistent group or user.
--
-BEGIN GEEK CODE BLOCK-
Version: 3.1
GCS/IT d- s+:+() a31 C+++ UBL+++$ P+ L+++ E--- W++ N+ o++ K- w---
O+ M+ V- PS+ PE+ Y++ PGP+>+++ t+ 5 X+$ R- tv-- b+++ DI D++>+++
G++ e- h+(++) !r !z
--END GEEK CODE BLOCK--

Matthias Henze[EMAIL PROTECTED]
Use PGP!! http://www.mhcsoftware.de/MatthiasHenze.asc
- - - - - - - - - - - - - - - - - - - - - - - - - - -
MHC SoftWare GmbH  voice: +49-(0)9533-92006-0
Fichtera 17  fax: +49-(0)9533-92006-6
96274 Itzgrund/Germanye-Mail: [EMAIL PROTECTED]
- - - - - - - - - - - - - - - - - - - - - - - - - - -
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Samba 3.x SVN and OS/2 support.

[Andrea Venturoli]

Jeremy Allison wrote:
> Hi all Samba OS/2 users. I've just added OS/2 style
> extended attribute support into the SAMBA_3_0 subversion
> branch code.
Great!

> This depends on the underlying OS supporting EA's and
> (on linux) the filesystem being mounted with the "user_xattr"
> mount option and the parameter "ea support = yes" being set
> in smb.conf.
What about FreeBSD as a server?

 bye & Thanks
av.
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Domain master vs. workgroup master?? (messages about domain master browser)

[John H Terpstra]

On Friday 01 April 2005 00:17, Tom Peters wrote:
> Can anyone tell me what to do about the messages I'm getting, or should I
> ignore them?
>
> I think my SuSE 9.2 box is configured to expect a doman, and there isn't

What does this mean: "configured to expect a domain"?

Why have you configured your smb.conf as shown below? It makes little sense 
without some context.

> one, just a workgroup. Most things seem to be working ok, except for the
> messages:
>
> tolkien:/var/log # tail messages
> Apr  1 00:43:05 tolkien nmbd[3962]:   Unable to sync browse lists in this
> workgroup.
> Apr  1 00:56:28 tolkien -- MARK --
> Apr  1 00:58:13 tolkien nmbd[3962]: [2005/04/01 00:58:13, 0]
> nmbd/nmbd_browsesync.c:find_domain_master_name_query_fail(353)
> Apr  1 00:58:13 tolkien nmbd[3962]:   find_domain_master_name_query_fail:
> Apr  1 00:58:13 tolkien nmbd[3962]:   Unable to find the Domain Master

No wonder! You have turned off domain master functionality. Why?

> Browser name RIVENDELL<1b> for the workgroup RIVENDELL.
> Apr  1 00:58:13 tolkien nmbd[3962]:   Unable to sync browse lists in this
> workgroup.

Of course! You told it you don't want this. Why?

>
> Tolkien is the should be the Wins server.
>
>
>
> configuration:
>
> # version at /usr/share/doc/packages/samba/examples/smb.conf.SUSE
> # Date: 2004-10-05
> [global]
> workgroup = rivendell
> printcap cache time = 750
> cups options = raw
> printer admin = @ntadmin, root, administrator
> username map = /etc/samba/smbusers
> map to guest = Bad User
> include = /etc/samba/dhcp.conf
> logon path = \\%L\profiles\.msprofile
> logon home = \\%L\%U\.9xprofile
> logon drive = P:
> add machine script = /usr/sbin/useradd  -c Machine -d /var/lib/nobody -s
> /bin/false %m$
> domain master = no
> ldap idmap suffix = ou=Idmap
> ldap machine suffix = ou=Computers
> os level = 65
> preferred master = yes
> ldap suffix = dc=example,dc=com
> log file = /var/log/samba/samba-log.%m
> log level = 2
> max log size = 2000
> hosts allow = 172.16.0.5/24 localhost
> # greater file safety, reduced performance, oplocks off
> # oplocks = off
> wins support = yes
> restrict anonymous = no
> max protocol = NT
> ldap ssl = No
> server signing = Auto
> # Gary Nutbeam suggests client use spnego = no
> client use spnego = no
>
> [homes]
> comment = Home Directories
> valid users = %S
> browseable = no
> read only = no
> inherit acls = yes
>
> [profiles]
> comment = Network Profiles Service
> path = /archive
> store dos attributes = yes
> create mask = 0600
> directory mask = 0700
>
> [users]
> comment = All users
> path = /home/
> inherit acls = yes
> veto files = /aquota.user/groups/shares/
>
> [groups]
> comment = All groups
> path = /home/groups
> read only = no
> inherit acls = yes
>
> [pdf]
> comment = PDF creator
> path = /var/tmp
> printable = yes
> print command = /usr/bin/smbprngenpdf -J '%J' -c %c -s %s -u '%u' -z %z
> create mask = 0600
>
> [printers]
> comment = All Printers
> path = /var/tmp
> printable = yes
> create mask = 0600
> browseable = no
>
> [print$]
> comment = Printer Drivers
> path = /var/lib/samba/drivers
> write list = @ntadmin root
> force group = ntadmin
> create mask = 0664
> directory mask = 0775
>
> [archive]
> comment = archived files
> path = /archive/
> read only = no
> case sensitive = no
> msdfs proxy = no
>
> [movies]
> comment = movies-multimedia
> path = /movies/
> read only = no
> case sensitive = no
> msdfs proxy = no
> write cache size = 393216
> # Gary Nutbeam suggests use sendfile = no
> use sendfile = no
>
>
>
>
> [Philosophy] As long as war is regarded as wicked, it will always
> have its fascination. When it is looked upon as vulgar, it will cease
> to be popular. --Oscar Wilde
> --... ...--  -.. .  -. . --.- --.- -...
> [EMAIL PROTECTED]   (remove "nospam") N9QQB (amateur radio)
> "HEY YOU" (loud shouting)  WEB ADDRESS http//www.mixweb.com/tpeters
> 43° 7' 17.2" N by 88° 6' 28.9" W,  Elevation 815',  Grid Square EN53wc
> WAN/LAN/Telcom Analyst, Tech Writer, MCP, CCNA, Registered Linux User
> 385531


- John T.
-- 
John H Terpstra
Samba-Team Member
Phone: +1 (650) 580-8668

Author:
The Official Samba-3 HOWTO & Reference Guide, ISBN: 0131453556
Samba-3 by Example, ISBN: 0131472216
Hardening Linux, ISBN: 0072254971
Other books in production.
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] smbd 100% systemload

[Ulrik Guenther]

Heya,
nice to hear that I could (at least partially) help you.
The one 100%-taking smbd process, does it constantly take up 100%?
I am asking because we have sometimes the same problem, especially when 
somebody is printing large sketches from AutoCAD.
Have you already tried restarting Samba? Do you have any log files?

Regards,
Ulrik
Matthias Henze wrote:
hi,
thanks for the reply. this solves the problem only partialy. by now, 
i've no more userer porcesses causing this. at the moment i've one root 
smbd that causes 100% system load ...

root  8668 60.8  0.1 10356 2972 ?RMar31 1173:14 
/usr/sbin/smbd -D

can some one please help? this is killing me ...
TIA
matthias
--On Dienstag, März 29, 2005 17:20:29 +0200 Ulrik Guenther 
<[EMAIL PROTECTED]> wrote:

Heya,
the growing number of smbd process and therewith the resulting 100% cpu
usage have their reason in samba not killing processes which are not used
anymore (since every client causes Samba to spawn a new process).
You can resolve this issue by putting
deadtime = 60
into your smb.conf. This causes Samba to kill processes which are not
used anymore after 60 minutes which should be sufficient.
Hope I helped!
Have a nice day,
Ulrik
Matthias Henze wrote:
hi,
i've a debian sarge setup with samba 3.0.10 with ldap as SAM backend.
every thing used to work as expected, but last week the machine went
down. an analysis of the problem has showen, that with increasing uptime
there is a growing number of smbd processes that caus 100% CPU
utilation. tests have showen, that i can kill these processes without
harming smb conecctivtiy. this is a workaround but no soulution.
i've absolutely no idea what causes this and what i can/should do to
track this down.
any suggestions ?
TIA
Matthias Henze[EMAIL PROTECTED]
Use PGP!! http://www.mhcsoftware.de/MatthiasHenze.asc
- - - - - - - - - - - - - - - - - - - - - - - - - - -
MHC SoftWare GmbH  voice: +49-(0)9533-92006-0
Fichtera 17  fax: +49-(0)9533-92006-6
96274 Itzgrund/Germanye-Mail: [EMAIL PROTECTED]
- - - - - - - - - - - - - - - - - - - - - - - - - - -


Matthias Henze[EMAIL PROTECTED]
Use PGP!! http://www.mhcsoftware.de/MatthiasHenze.asc
- - - - - - - - - - - - - - - - - - - - - - - - - - -
MHC SoftWare GmbH  voice: +49-(0)9533-92006-0
Fichtera 17  fax: +49-(0)9533-92006-6
96274 Itzgrund/Germanye-Mail: [EMAIL PROTECTED]
- - - - - - - - - - - - - - - - - - - - - - - - - - -
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Extremely slow during browsing some directories

[Jonathan Johnson]

David Rankin wrote:
>>
I am seeing the exact same problem and I can confirm that a reboot of 
Win XP helps the problem temporarily. (this is my laptop so it is 
restarted regularly) It seems something is getting cached or stuck 
somewhere after XP is up and running for a while that is causing the 30 
second delay descending down the directory tree when using the 
"file-open" dialog from MS office applications.
<<

David,
For what it's worth, I've experienced very similar behavior with a 
Novell server in the back end. Unfortunately, I don't know enough about 
Novell, and there isn't a Samba server on this particular network that I 
can use for troubleshooting. I mainly wanted to let you know that it's 
not just a Samba problem, but perhaps some "optimization" that Microsoft 
has used to make sure that their server OS works better. We can always 
suspect that, can't we?

In my situation, browsing works fine with explorer but not in the file 
open dialog in MS Office apps. Just like you experienced.

In regards to Linwei Cheng's original problem, I have to ask, is there a 
machine account in the /etc/passwd file? For one of my customers who has 
a Samba box that authenticates against a true Windows Active Directory 
server, I found that I needed to add local machine accounts to the Linux 
user database (/etc/passwd) in order to get reasonable performance. The 
Samba logs were full of messages whining about user MACHINE$ not 
existing. Now, I might have solved this by adding winbind to the hosts 
entry in /etc/nsswitch.conf, but I didn't think of that. It works now, 
so why fix it?

--Jonathan Johnson
Sutinen Consulting, Inc.
www.sutinen.com
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Domain master vs. workgroup master?? (messages about domain master browser)

[Tom Peters]

Can anyone tell me what to do about the messages I'm getting, or should I 
ignore them?

I think my SuSE 9.2 box is configured to expect a doman, and there isn't 
one, just a workgroup. Most things seem to be working ok, except for the 
messages:

tolkien:/var/log # tail messages
Apr  1 00:43:05 tolkien nmbd[3962]:   Unable to sync browse lists in this 
workgroup.
Apr  1 00:56:28 tolkien -- MARK --
Apr  1 00:58:13 tolkien nmbd[3962]: [2005/04/01 00:58:13, 0] 
nmbd/nmbd_browsesync.c:find_domain_master_name_query_fail(353)
Apr  1 00:58:13 tolkien nmbd[3962]:   find_domain_master_name_query_fail:
Apr  1 00:58:13 tolkien nmbd[3962]:   Unable to find the Domain Master 
Browser name RIVENDELL<1b> for the workgroup RIVENDELL.
Apr  1 00:58:13 tolkien nmbd[3962]:   Unable to sync browse lists in this 
workgroup.

Tolkien is the should be the Wins server.

configuration:
# version at /usr/share/doc/packages/samba/examples/smb.conf.SUSE
# Date: 2004-10-05
[global]
workgroup = rivendell
printcap cache time = 750
cups options = raw
printer admin = @ntadmin, root, administrator
username map = /etc/samba/smbusers
map to guest = Bad User
include = /etc/samba/dhcp.conf
logon path = \\%L\profiles\.msprofile
logon home = \\%L\%U\.9xprofile
logon drive = P:
add machine script = /usr/sbin/useradd  -c Machine -d /var/lib/nobody -s 
/bin/false %m$
domain master = no
ldap idmap suffix = ou=Idmap
ldap machine suffix = ou=Computers
os level = 65
preferred master = yes
ldap suffix = dc=example,dc=com
log file = /var/log/samba/samba-log.%m
log level = 2
max log size = 2000
hosts allow = 172.16.0.5/24 localhost
# greater file safety, reduced performance, oplocks off
# oplocks = off
wins support = yes
restrict anonymous = no
max protocol = NT
ldap ssl = No
server signing = Auto
# Gary Nutbeam suggests client use spnego = no
client use spnego = no

[homes]
comment = Home Directories
valid users = %S
browseable = no
read only = no
inherit acls = yes
[profiles]
comment = Network Profiles Service
path = /archive
store dos attributes = yes
create mask = 0600
directory mask = 0700
[users]
comment = All users
path = /home/
inherit acls = yes
veto files = /aquota.user/groups/shares/
[groups]
comment = All groups
path = /home/groups
read only = no
inherit acls = yes
[pdf]
comment = PDF creator
path = /var/tmp
printable = yes
print command = /usr/bin/smbprngenpdf -J '%J' -c %c -s %s -u '%u' -z %z
create mask = 0600
[printers]
comment = All Printers
path = /var/tmp
printable = yes
create mask = 0600
browseable = no
[print$]
comment = Printer Drivers
path = /var/lib/samba/drivers
write list = @ntadmin root
force group = ntadmin
create mask = 0664
directory mask = 0775
[archive]
comment = archived files
path = /archive/
read only = no
case sensitive = no
msdfs proxy = no
[movies]
comment = movies-multimedia
path = /movies/
read only = no
case sensitive = no
msdfs proxy = no
write cache size = 393216
# Gary Nutbeam suggests use sendfile = no
use sendfile = no

[Philosophy] As long as war is regarded as wicked, it will always
have its fascination. When it is looked upon as vulgar, it will cease
to be popular. --Oscar Wilde
--... ...--  -.. .  -. . --.- --.- -...
[EMAIL PROTECTED]   (remove "nospam") N9QQB (amateur radio)
"HEY YOU" (loud shouting)  WEB ADDRESS http//www.mixweb.com/tpeters
43° 7' 17.2" N by 88° 6' 28.9" W,  Elevation 815',  Grid Square EN53wc
WAN/LAN/Telcom Analyst, Tech Writer, MCP, CCNA, Registered Linux User 385531

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] smbd 100% systemload

[Matthias Henze]

hi,
thanks for the reply. this solves the problem only partialy. by now, i've 
no more userer porcesses causing this. at the moment i've one root smbd 
that causes 100% system load ...

root  8668 60.8  0.1 10356 2972 ?RMar31 1173:14 
/usr/sbin/smbd -D

can some one please help? this is killing me ...
TIA
matthias
--On Dienstag, März 29, 2005 17:20:29 +0200 Ulrik Guenther <[EMAIL PROTECTED]> 
wrote:

Heya,
the growing number of smbd process and therewith the resulting 100% cpu
usage have their reason in samba not killing processes which are not used
anymore (since every client causes Samba to spawn a new process).
You can resolve this issue by putting
deadtime = 60
into your smb.conf. This causes Samba to kill processes which are not
used anymore after 60 minutes which should be sufficient.
Hope I helped!
Have a nice day,
Ulrik
Matthias Henze wrote:
hi,
i've a debian sarge setup with samba 3.0.10 with ldap as SAM backend.
every thing used to work as expected, but last week the machine went
down. an analysis of the problem has showen, that with increasing uptime
there is a growing number of smbd processes that caus 100% CPU
utilation. tests have showen, that i can kill these processes without
harming smb conecctivtiy. this is a workaround but no soulution.
i've absolutely no idea what causes this and what i can/should do to
track this down.
any suggestions ?
TIA
Matthias Henze[EMAIL PROTECTED]
Use PGP!! http://www.mhcsoftware.de/MatthiasHenze.asc
- - - - - - - - - - - - - - - - - - - - - - - - - - -
MHC SoftWare GmbH  voice: +49-(0)9533-92006-0
Fichtera 17  fax: +49-(0)9533-92006-6
96274 Itzgrund/Germanye-Mail: [EMAIL PROTECTED]
- - - - - - - - - - - - - - - - - - - - - - - - - - -


Matthias Henze[EMAIL PROTECTED]
Use PGP!! http://www.mhcsoftware.de/MatthiasHenze.asc
- - - - - - - - - - - - - - - - - - - - - - - - - - -
MHC SoftWare GmbH  voice: +49-(0)9533-92006-0
Fichtera 17  fax: +49-(0)9533-92006-6
96274 Itzgrund/Germanye-Mail: [EMAIL PROTECTED]
- - - - - - - - - - - - - - - - - - - - - - - - - - -
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Error when add Samba 3.0.10-1.fc3 to Windows NT Domain

[John H Terpstra]

On Thursday 31 March 2005 12:08, Tony Earnshaw wrote:
> Cristian Thiago Moecke:
> > I am trying to install a File server using samba on a NT 4.0 domain.
> > I will call the domain DOMAIN, the pec PDC, the samba file server SAMBA,
> > and so on... :D
> >
> > The linux is an updated Fedora Core 3, and the samba version is
> > 3.0.10-1.fc3
> >
> >
> > I used SWAT to configure. Here is some lines of my smb.conf:
>
> Sorry, but as soon as you write just that, my mind goes blank.
>
> Next time you come back and write: "I used the official Samba HOWTO
> Collection to configure and it didn't work".
>
> Like that's what I mostly did when I first started with Samba, it works,
> so I have no particular questions (apart from ACLs, which refuse to work
> at all), it all works as documented.

I am adding ACLs documentation to the HOWTO so as to help clarify this 
black-art area. :-) Just give me a few days to get it together.

>
> SWAT is only useful for seeing what you have and could have. Never use it
> as a shortcut to a configuration.
>
> That's my opinion and I'm sticking to it ;)

Me too! :-/)

- John T.

>
> --Tonni
>
> --
> mail: [EMAIL PROTECTED]
> http://www.billy.demon.nl

-- 
John H Terpstra
Samba-Team Member
Phone: +1 (650) 580-8668

Author:
The Official Samba-3 HOWTO & Reference Guide, ISBN: 0131453556
Samba-3 by Example, ISBN: 0131472216
Hardening Linux, ISBN: 0072254971
Other books in production.
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Samba over ssh ?

[Craig White]

On Fri, 2005-04-01 at 00:12 -0500, Madhusudan Singh wrote:

> Thanks for your suggestion. I have installed openvpn and the lzo library on 
> which it depends. 
> 
> One nagging question that I still have is :
> 
> Does using openvpn (or any VPN solution in general) obviate the need to open 
> these vulnerable ports ? The little documentation that I have read so far 
> talk a lot about encryption. While that is important, I also need to think 
> about the ports (strangely, the firewall does not open any of those ports but 
> nmap -P0 run on the machine reveals that these ports are open :
> 
> 139/tcp   open  netbios-ssn
> 445/tcp   open  microsoft-ds )
> 
> Anyways, another concern I have is that while I have the samba server up and 
> running and all my users are happy with it, how much disruption and user 
> effort can I expect when I implement openvpn ? Like typical windows users, 
> they value ease of use over security. Don't take me wrong, I will definitely 
> implement this if it contributes towards security, but I need to know this to 
> be able to tell my users what to expect.

openvpn has a support list and excellent documentation

NO - you don't open any ports on a firewall except what is needed for
openvpn...IIRC you need port(s) starting at 5000 but you could choose
any ports you want in the setup of server & client - these ports would
be in the 'unprivileged' range (1025+)

Obviously, you have to install client software and configure tun/tap
adaptors, pre-shared keys or create certificates, configure
dhcp/dns/wins for clients accordingly.

If you have a firewall, you would have to forward the packets through to
the openvpn server

As for your nmap - I haven't a clue what you are talking about, Windows
client, Linux server, internal network, external network etc. Security
is the point of VPN but also most Internet Service Providers would block
NETBIOS packets so they don't eat up their bandwidth, at least somewhere
before it gets to the Internet but it's your responsibility to stop them
at your router since you can't trust your ISP to handle your security.
VPN would encapsulate the NETBIOS packets in an encrypted tunnel -
either between remote computer and local network or between 2 local
networks or between 2 remote computers. You need to read through the
documentation that openvpn provides.

good luck

Craig

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] pdbedit - question on migration

[jonlists]

Didn't have the ldap machine suffix set. thanks for the input. 
Oversight on my part.

Jon Johnston
Creative Business Solutions
IBM, Microsoft, Novell/Suse, Sophos Consultants
http://www.cbsol.com
blog:http://bingo.cbsol.com

"Tony Earnshaw" <[EMAIL PROTECTED]> wrote on 03/30/2005 03:32:41 PM:

> jonlists:
> 
> > question on pdbedit - when using it for a migration - existing data is
> > stored in tdbsam.
> >
> > pbdedit -i tdbsam -e ldapsam
> >
> > It wants to take existing machine accounts and put them into an
> > ou=Computers. I'd rather it put them in ou=People.
> >
> > Samba version is 3.09
> 
> Why not? Who said computers were different from people, anyway?
> 
> What does 'ldap machine suffix" say in your smb.conf?
> 
> --Tonni
> 
> -- 
> mail: [EMAIL PROTECTED]
> http://www.billy.demon.nl
> 
> 
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Samba over ssh ?

[jonlists]

[snip other stuff]

> Thanks for your suggestion. I have installed openvpn and the lzo library 
on 
> which it depends. 
> 
> One nagging question that I still have is :
> 
> Does using openvpn (or any VPN solution in general) obviate the need to 
open 
> these vulnerable ports ? The little documentation that I have read so 
far 
> talk a lot about encryption. While that is important, I also need to 
think 
> about the ports (strangely, the firewall does not open any of those 
ports but 
> nmap -P0 run on the machine reveals that these ports are open :
> 
> 139/tcp   open  netbios-ssn
> 445/tcp   open  microsoft-ds )
> 
> Anyways, another concern I have is that while I have the samba server up 
and 
> running and all my users are happy with it, how much disruption and user 

> effort can I expect when I implement openvpn ? Like typical windows 
users, 
> they value ease of use over security. Don't take me wrong, I will 
definitely 
> implement this if it contributes towards security, but I need to know 
this to 
> be able to tell my users what to expect.
> -- 
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/listinfo/samba

Maybe I'm missing something, but wouldn't you want to place the VPN 
connections between your firewall and the mobile/end user, but not on the 
Samba server? I am assuming that you're not talking about the firewall on 
your server itself, but your firewall on the Internet/public connection. 

Those ports are particularly nasty because of the Windows operating system 
on which they typically run, not because of problems on linux. There's 
always the possibility of DOS attacks, or of some buffer overrun exploit 
being discovered, but I believe the chances of those happening are far 
less than your users being angry because you've tightened security to the 
point it's difficult to use the network. 

Jon Johnston
Creative Business Solutions
IBM, Microsoft, Novell/Suse, Sophos Consultants
http://www.cbsol.com
blog:http://bingo.cbsol.com
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] ntlm_auth, samba PDC

[Dmitry Melekhov]

Andrew Bartlett wrote:
On Fri, 2005-04-01 at 09:40 +0500, Dmitry Melekhov wrote:
 

Hello!
I want to provide ntlm authentification for my squid proxy users :-)
I have only samba PDCs.
But looks like winbind still doesn't work against samba PDC or I did 
something wrong:
   

Just like the member server case, you must join the PDC to itself with
'net join'.
 

Thank you!
I forgot about this step, sorry...

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Error when add Samba 3.0.10-1.fc3 to Windows NT Domain

[Tony Earnshaw]

Cristian Thiago Moecke:

> I am trying to install a File server using samba on a NT 4.0 domain.
> I will call the domain DOMAIN, the pec PDC, the samba file server SAMBA,
> and so on... :D
>
> The linux is an updated Fedora Core 3, and the samba version is
> 3.0.10-1.fc3
>
>
> I used SWAT to configure. Here is some lines of my smb.conf:

Sorry, but as soon as you write just that, my mind goes blank.

Next time you come back and write: "I used the official Samba HOWTO
Collection to configure and it didn't work".

Like that's what I mostly did when I first started with Samba, it works,
so I have no particular questions (apart from ACLs, which refuse to work
at all), it all works as documented.

SWAT is only useful for seeing what you have and could have. Never use it
as a shortcut to a configuration.

That's my opinion and I'm sticking to it ;)

--Tonni

-- 
mail: [EMAIL PROTECTED]
http://www.billy.demon.nl


-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] ntlm_auth, samba PDC

[Andrew Bartlett]

On Fri, 2005-04-01 at 09:40 +0500, Dmitry Melekhov wrote:
> Hello!
> 
> I want to provide ntlm authentification for my squid proxy users :-)
> I have only samba PDCs.
> 
> But looks like winbind still doesn't work against samba PDC or I did 
> something wrong:

Just like the member server case, you must join the PDC to itself with
'net join'.

Andrew Bartlett

-- 
Andrew Bartletthttp://samba.org/~abartlet/
Authentication Developer, Samba Team   http://samba.org
Student Network Administrator, Hawker College  http://hawkerc.net


signature.asc
Description: This is a digitally signed message part
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Samba over ssh ?

[Madhusudan Singh]

On Thursday 31 March 2005 23:34, Craig White wrote:
> On Thu, 2005-03-31 at 23:25 -0500, Madhusudan Singh wrote:
> > On Thursday 31 March 2005 16:29, Andrew Bartlett wrote:
> > > On Thu, 2005-03-31 at 12:37 -0500, Madhusudan Singh wrote:
> > > > Hi
> > > >
> > > >  I need to make my samba server available over the internet to a
> > > > mobile user base.
> > > >
> > > >  I was wondering if samba could be run over ssh (at both client and
> > > > server ends). I am not comfortable about opening ports 139 and 445.
> > >
> > > The standard answer is to use a VPN.
> > >
> > > Andrew Bartlett
> >
> > Thanks. Would CIPE be an appropriate solution ? I am beginning to read up
> > on it. Does it work the following way :
> >
> > Linux Server : Samba (139,445) -- 22  Internet  22 --
> > Windows
>
> 
> been a while since I used Cipe - I don't recall which ports it used but
> it surely wasn't the ssh port (22).
>
> would recommend against starting with it since you won't find it to be
> supported by many 2.6 distro's without a bunch of extra work.
>
> Suggest that you use openvpn
> openvpn.sourceforge.net
>
> Craig

Thanks for your suggestion. I have installed openvpn and the lzo library on 
which it depends. 

One nagging question that I still have is :

Does using openvpn (or any VPN solution in general) obviate the need to open 
these vulnerable ports ? The little documentation that I have read so far 
talk a lot about encryption. While that is important, I also need to think 
about the ports (strangely, the firewall does not open any of those ports but 
nmap -P0 run on the machine reveals that these ports are open :

139/tcp   open  netbios-ssn
445/tcp   open  microsoft-ds )

Anyways, another concern I have is that while I have the samba server up and 
running and all my users are happy with it, how much disruption and user 
effort can I expect when I implement openvpn ? Like typical windows users, 
they value ease of use over security. Don't take me wrong, I will definitely 
implement this if it contributes towards security, but I need to know this to 
be able to tell my users what to expect.
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] ntlm_auth, samba PDC

[Dmitry Melekhov]

Hello!
I want to provide ntlm authentification for my squid proxy users :-)
I have only samba PDCs.
But looks like winbind still doesn't work against samba PDC or I did 
something wrong:

gopher:~ # wbinfo -a user0%user0
plaintext password authentication failed
error code was NT_STATUS_CANT_ACCESS_DOMAIN_INFO (0xc0da)
error messsage was: NT_STATUS_CANT_ACCESS_DOMAIN_INFO
Could not authenticate user user0%user0 with plaintext password
challenge/response password authentication failed
error code was NT_STATUS_CANT_ACCESS_DOMAIN_INFO (0xc0da)
error messsage was: NT_STATUS_CANT_ACCESS_DOMAIN_INFO
Could not authenticate user user0 with challenge/response
Is there howto? :-)
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Samba over ssh ?

[Craig White]

On Thu, 2005-03-31 at 23:25 -0500, Madhusudan Singh wrote:
> On Thursday 31 March 2005 16:29, Andrew Bartlett wrote: 
> 
> > On Thu, 2005-03-31 at 12:37 -0500, Madhusudan Singh wrote:
> > > Hi
> > >
> > >  I need to make my samba server available over the internet to a mobile
> > > user base.
> > >
> > >  I was wondering if samba could be run over ssh (at both client and
> > > server ends). I am not comfortable about opening ports 139 and 445.
> >
> > The standard answer is to use a VPN.
> >
> > Andrew Bartlett
> 
> Thanks. Would CIPE be an appropriate solution ? I am beginning to read up on 
> it. Does it work the following way :
> 
> Linux Server : Samba (139,445) -- 22  Internet  22 -- Windows
> 

been a while since I used Cipe - I don't recall which ports it used but
it surely wasn't the ssh port (22).

would recommend against starting with it since you won't find it to be
supported by many 2.6 distro's without a bunch of extra work.

Suggest that you use openvpn
openvpn.sourceforge.net

Craig

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Samba over ssh ?

[Madhusudan Singh]

On Thursday 31 March 2005 16:29, Andrew Bartlett wrote: 

> On Thu, 2005-03-31 at 12:37 -0500, Madhusudan Singh wrote:
> > Hi
> >
> >  I need to make my samba server available over the internet to a mobile
> > user base.
> >
> >  I was wondering if samba could be run over ssh (at both client and
> > server ends). I am not comfortable about opening ports 139 and 445.
>
> The standard answer is to use a VPN.
>
> Andrew Bartlett

Thanks. Would CIPE be an appropriate solution ? I am beginning to read up on 
it. Does it work the following way :

Linux Server : Samba (139,445) -- 22  Internet  22 -- Windows

? (numbers are port numbers)
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] File Locking using smbmount

[Rishi]

Hi

I have a Samba Server on RH9 and when I map the shares on Windows client 
computers, the files are locked so the users do not accidentally overwrite 
other people's files on the network. (This is the good news) 

However, the Linux client computers use smbmount to map the shares within 
their home folders, which do not lock the files... so when two users on the 
network try to access the same file, the contents of the file will belong to 
the person that saved the file the last.

I've looked at the man page of smbmount to see if I can enable file locking at 
the client level  no joy.

Any tips on how to fix around this?

Thanks

Rishi
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] User names longer than 8 characters

[Octavio Alvarez]

Hello.
I set up my samba server and added two users, "alvarezp" and "lunablack".  
The first one works, but the second one gives Access Denied errors.

I already tried to map "lunablack" to "luna" via 'username map', with no  
luck.

Both passwords are under or equal 8 chars long.
Here is some info:
[EMAIL PROTECTED]:/home/alvarezp# cat /etc/samba/smb.conf
# Samba config file created using SWAT
# from 192.168.0.65 (192.168.0.65)
# Date: 2005/03/31 15:36:25
# Global parameters
[global]
workgroup = ALVAREZ
netbios name = SERVIDOR
log level = 3 passdb:5 auth:10 winbind:2
ldap ssl = no
username map = /etc/samba/usernamemap
[printers]
path = /tmp
printable = Yes
browseable = No
[EMAIL PROTECTED]:/home/alvarezp# uname -a
Linux .xxx 2.6.7 #1 Wed Jun 16 16:23:03 PDT 2004 i686 unknown  
unknown GNU/Linux

[EMAIL PROTECTED]:/home/alvarezp# cat /etc/slackware-version
Slackware 10.1.0
[EMAIL PROTECTED]:/home/alvarezp# smbpasswd lunablack
New SMB password: xx
Retype new SMB password: xx
[EMAIL PROTECTED]:/home/alvarezp# smbclient -L //localhost -U lunablack
Password: xx
session setup failed: NT_STATUS_LOGON_FAILURE
[EMAIL PROTECTED]:/home/alvarezp# smbclient -L //localhost -U alvarezp
Password:
Domain=[SERVIDOR] OS=[Unix] Server=[Samba 3.0.10]
Sharename   Type  Comment
-     ---
IPC$IPC   IPC Service (Samba 3.0.10)
ADMIN$  IPC   IPC Service (Samba 3.0.10)
Domain=[SERVIDOR] OS=[Unix] Server=[Samba 3.0.10]
Server   Comment
----
WorkgroupMaster
----
ALVAREZ  OCTAVIO
I'd appreciate any help.
--Octavio.
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Re: Problem with pdf printing (SOLVED)

[Bruce Hohl]

> Luca Olivetti wrote:
> > Vincent Mikalinis wrote:
> > 
> > > Hi all,
> > >
> > > Has anyone figured out why some people are not having
a
> > > problem with similar configurations, however some
> > > people require that we add the "lpq command =
/bin/true" 
> > > line?  It is a very good and simple solution. Should
all 
> > > pdf printers be set with this option for future
reference? 
> > 
> > I don't know, but I bypassed the problem by using a pdf
> > backend in cups  (which is really a simple shell script
> > that I tailored to my needs), so  even the pdf printer
> > is a "normal" cups printer. 
> 
> Somebody called "misty" said the same thing in IRC #samba
> yesterday, but  they had to run before they could show me
> the contents of the file.  Would you mind sending this to
> the list? I think it is still at least  slighlty
> "on-topic".
> 
> The person on IRC said they then have another cron job
> that goes and  emails the so created pdf every 5 minutes
> to the users that created  them. For one situation here
> that would be THE ideal solution. So if  misty or anybody
> else that happens to have the same solution wouldn't  mind
> emailing me the details for that, that would be really
> appreciated.
> 

There is a cups backend pdf creator tool by Volker Behr
which
can be set up to write the pdf file to the user's home
directory.  To do this the tool must be compiled with this
option (documentation is available).  Using this option
there is
no need to use a script + cron job to move the pdf to the
user's 
home directory.  The drawback of using this method is that
cups 
security must be relaxed a bit to include "RunAsUser=No". 
The 
tool can be found at:  

http://cip.physik.uni-wuerzburg.de/~vrbehr/cups-pdf/
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

RE: [Samba] Input/Output problems with smbfs mount

[David Sonenberg]

smbfs is not part of the Samba project.  You should try cifs, it's from the 
Samba project and doesn't suffer the same limitations as smbfs.


-Original Message-
From: [EMAIL PROTECTED] on behalf of Jason Self
Sent: Thu 3/31/2005 2:53 PM
To: samba@lists.samba.org
Subject: [Samba] Input/Output problems with smbfs mount
 
I have a disk on a samba 3 server that works great with all the windows 
machines connected to it.  However my backup server tries to connect and 
constantly gets Input/Output errors, cp and rsync have given errors like 
can not stat file etc.  I am using mount -t smbfs to mount the share.  I 
would be glad to give any more information that would help.  Thanks
-- 
Respectfully yours,
Jason Self
Electrical Designer /
Network Administrator
Intertech Design Services, Inc.


-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Input/Output problems with smbfs mount

[Jason Self]

I have a disk on a samba 3 server that works great with all the windows 
machines connected to it.  However my backup server tries to connect and 
constantly gets Input/Output errors, cp and rsync have given errors like 
can not stat file etc.  I am using mount -t smbfs to mount the share.  I 
would be glad to give any more information that would help.  Thanks
--
Respectfully yours,
Jason Self
Electrical Designer /
Network Administrator
Intertech Design Services, Inc.

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Can't connect to new domain

[David Sonenberg]

I'm trying to set up a second domain(on a physically separated network) 
at my office but I'm running into a road block.  I've got the PDC, and 
LDAP setup up but can't seem to connect.  I suspect it's something with 
either nss_ldap or pam but I can't track it down.  Since I've already 
posted this elsewhere, with no response, here's the links to the 
details(from the Gentoo Forums):
http://forums.gentoo.org/viewtopic-t-313860-highlight-.html
http://forums.gentoo.org/viewtopic-t-314010-highlight-.html
--
David Sonenberg
Systems / Network Administrator
Stroz Friedberg, LLC
15 Maiden Lane
15th Floor
New York, NY 10038
Tel 212.981.6527
Fax 917.495.4918

This message is for the named person's use only.  It may contain 
confidential, proprietary or legally privileged information. No right to 
confidential or privileged treatment of this message is waived or lost 
by any error in transmission.  If you have received this message in 
error, please immediately notify the sender by e-mail or by telephone at 
212.981.6540, delete the message and all copies from your system and 
destroy any hard copies.  You must not, directly or indirectly, use, 
disclose, distribute, print or copy any part of this message if you are 
not the intended recipient.
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] ACL support

[Gerald (Jerry) Carter]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Tony Earnshaw wrote:
|> I have added --with-acl-support in the CFLAGS section in the SPEC file.
|
|
| This should be "--with-acl" according to my RH spec.
That's wrong.
$ ./configure --help | grep acl
~  --with-acl-support  Include ACL support (default=no)


cheers, jerry
=
Alleviating the pain of Windows(tm)  --- http://www.samba.org
GnuPG Key- http://www.plainjoe.org/gpg_public.asc
"I never saved anything for the swim back." Ethan Hawk in Gattaca
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.2.5 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
iD8DBQFCTHNRIR7qMdg1EfYRAoRRAJ91PY4gIBDQKTZXMIBN2wh3aH6qmACg0kty
OHyiO8rbbg6hgUJ9/3xukUo=
=1Uuc
-END PGP SIGNATURE-
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

RE: [Samba] ntlm_auth question

[Andrew Bartlett]

On Thu, 2005-03-31 at 07:36 -0600, Snodgrass, Micah wrote:
> Thank you much Andrew, joining the domain did the trick. For the
> record, doing a net rpc join -U administrator from the 
> Linux/FreeRADIUS box joined the machine to the domain, 
> but still no luck. I took a look at the Win2k3 AD server, 
> and had to check the foolish little check box on the account 
> for the Linux computer that said something like 
> "This machine is a Pre-Windows 2000 machine"  and then we were talking. 

Had you done a 'net ads join' and set 'security=ads' in your smb.conf,
then it would have worked.

I'm lining up a micro-patch to make the error message indicate the need
for a domain join.

Andrew bartlett

-- 
Andrew Bartletthttp://samba.org/~abartlet/
Authentication Developer, Samba Team   http://samba.org
Student Network Administrator, Hawker College  http://hawkerc.net


signature.asc
Description: This is a digitally signed message part
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Samba over ssh ?

[Andrew Bartlett]

On Thu, 2005-03-31 at 12:37 -0500, Madhusudan Singh wrote:
> Hi
> 
>  I need to make my samba server available over the internet to a mobile user 
> base.
> 
>  I was wondering if samba could be run over ssh (at both client and server 
> ends). I am not comfortable about opening ports 139 and 445.

The standard answer is to use a VPN.

Andrew Bartlett

-- 
Andrew Bartletthttp://samba.org/~abartlet/
Authentication Developer, Samba Team   http://samba.org
Student Network Administrator, Hawker College  http://hawkerc.net


signature.asc
Description: This is a digitally signed message part
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] exclude_dir option for VFS recycle module

[Kevin Kobb]

Hello all,

I am testing the VFS recycle module, and have a question.

The module is working the way I hoped with the exception of the
exclude_dir option. I have an entry like:
exclude_dir = dir1  -- files I place in dir1 are not sent to the recycle
location. However, if I have a folder beneath dir1 like dir1/dir2, files
in dir2 get sent to the recycle location. I've tried using wildcards in
my smb.conf like exclude_dir = dir1/*, exclude_dir = dir1*, and other
combinations, but still can't get it to work.

Can somebody advise me if this is an intended mode of operation, a bug,
or a configuration error on my part?

I am using Samba 3.12 on 5.3-RELEASE-p6.

Thanks.

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Help with: "Cannot copy Filename: The specified network

[Sarita Dangeti]

Hi,

Did you get a resolution on this? I am having similar problem in windows
environment while copying large files to servers. It says "Cannot copy
filename: The specified network name is no longer available" error.

 

Any input would be appreciated.

 

Thanks

Sarita

 

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Notification

[Spamserver]

* eManager Notification **

Recipient, Content filter has detected a sensitive e-mail.

Destination mailbox(es): "samba@lists.samba.org"

*** End of message ***
Received: from 208.8.92.60 by jupiter.INSIDEAI.COM (InterScan E-Mail VirusWall 
NT); Thu, 31 Mar 2005 15:12:27 -0500
Received: from lists.samba.org ([66.70.73.150]) by viruswall.ai-logix.com
  (Post.Office MTA v3.5.3 release 223 ID# 0-0U10L2S100V35)
  with ESMTP id com for <[EMAIL PROTECTED]>;
  Thu, 31 Mar 2005 15:12:26 -0500
Received: from dp.samba.org (localhost [127.0.0.1])
by lists.samba.org (Postfix) with ESMTP id D5FD9163A26
for <[EMAIL PROTECTED]>; Thu, 31 Mar 2005 20:12:26 + (GMT)
X-Original-To: samba@lists.samba.org
Delivered-To: samba@lists.samba.org
Received: from spider.rnuno.com (unknown [213.63.141.3])
by lists.samba.org (Postfix) with ESMTP id A1483162BDE
for ; Thu, 31 Mar 2005 20:10:47 + (GMT)
Received: from localhost (localhost [127.0.0.1])
by spider.rnuno.com (Postfix) with ESMTP id E6F99213D17
for ; Thu, 31 Mar 2005 21:11:37 +0100 (WEST)
Received: from spider.rnuno.com ([127.0.0.1])
by localhost (spider.rnuno.com [127.0.0.1]) (amavisd-new, port 10024)
with ESMTP id 19964-08 for ;
Thu, 31 Mar 2005 21:11:37 +0100 (WEST)
Received: from [127.0.0.1] (bl3-24-181.dsl.telepac.pt [213.13.24.181])
by spider.rnuno.com (Postfix) with ESMTP id 08C4AE021C
for ; Thu, 31 Mar 2005 21:11:37 +0100 (WEST)
Message-ID: <[EMAIL PROTECTED]>
Date: Thu, 31 Mar 2005 21:17:20 +0100
From: RNuno <[EMAIL PROTECTED]>
Organization: Moonlight
User-Agent: Mozilla Thunderbird 1.0.2 (Windows/20050317)
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: samba@lists.samba.org
Subject: Re: [Samba] Profiles permissions
References: <[EMAIL PROTECTED]>
<[EMAIL PROTECTED]>
In-Reply-To: <[EMAIL PROTECTED]>
X-Enigmail-Version: 0.90.0.0
X-Enigmail-Supports: pgp-inline, pgp-mime
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
X-Virus-Scanned: by amavisd-new
X-Spam-Checker-Version: SpamAssassin 3.0.2 (2004-11-16) on dp.samba.org
X-Spam-Status: No, score=-2.6 required=3.8 tests=BAYES_00 autolearn=ham 
version=3.0.2
X-Spam-Level: 
X-BeenThere: samba@lists.samba.org
X-Mailman-Version: 2.1.5
Precedence: list
Reply-To: [EMAIL PROTECTED]
List-Id: General questions regarding Samba 
List-Unsubscribe: ,

List-Archive: 
List-Post: 
List-Help: 
List-Subscribe: ,

Sender: [EMAIL PROTECTED]
Errors-To: [EMAIL PROTECTED]
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Notification

[Spamserver]

* eManager Notification **

Recipient, Content filter has detected a sensitive e-mail.

Destination mailbox(es): "samba@lists.samba.org"

*** End of message ***
Received: from 208.8.92.60 by jupiter.INSIDEAI.COM (InterScan E-Mail VirusWall 
NT); Thu, 31 Mar 2005 15:11:27 -0500
Received: from lists.samba.org ([66.70.73.150]) by viruswall.ai-logix.com
  (Post.Office MTA v3.5.3 release 223 ID# 0-0U10L2S100V35)
  with ESMTP id com for <[EMAIL PROTECTED]>;
  Thu, 31 Mar 2005 15:11:27 -0500
Received: from dp.samba.org (localhost [127.0.0.1])
by lists.samba.org (Postfix) with ESMTP id 17CA3163A26
for <[EMAIL PROTECTED]>; Thu, 31 Mar 2005 20:11:27 + (GMT)
X-Original-To: samba@lists.samba.org
Delivered-To: samba@lists.samba.org
Received: from spider.rnuno.com (unknown [213.63.141.3])
by lists.samba.org (Postfix) with ESMTP id A1483162BDE
for ; Thu, 31 Mar 2005 20:10:47 + (GMT)
Received: from localhost (localhost [127.0.0.1])
by spider.rnuno.com (Postfix) with ESMTP id E6F99213D17
for ; Thu, 31 Mar 2005 21:11:37 +0100 (WEST)
Received: from spider.rnuno.com ([127.0.0.1])
by localhost (spider.rnuno.com [127.0.0.1]) (amavisd-new, port 10024)
with ESMTP id 19964-08 for ;
Thu, 31 Mar 2005 21:11:37 +0100 (WEST)
Received: from [127.0.0.1] (bl3-24-181.dsl.telepac.pt [213.13.24.181])
by spider.rnuno.com (Postfix) with ESMTP id 08C4AE021C
for ; Thu, 31 Mar 2005 21:11:37 +0100 (WEST)
Message-ID: <[EMAIL PROTECTED]>
Date: Thu, 31 Mar 2005 21:17:20 +0100
From: RNuno <[EMAIL PROTECTED]>
Organization: Moonlight
User-Agent: Mozilla Thunderbird 1.0.2 (Windows/20050317)
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: samba@lists.samba.org
Subject: Re: [Samba] Profiles permissions
References: <[EMAIL PROTECTED]>
<[EMAIL PROTECTED]>
In-Reply-To: <[EMAIL PROTECTED]>
X-Enigmail-Version: 0.90.0.0
X-Enigmail-Supports: pgp-inline, pgp-mime
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
X-Virus-Scanned: by amavisd-new
X-Spam-Checker-Version: SpamAssassin 3.0.2 (2004-11-16) on dp.samba.org
X-Spam-Status: No, score=-2.6 required=3.8 tests=BAYES_00 autolearn=ham 
version=3.0.2
X-Spam-Level: 
X-BeenThere: samba@lists.samba.org
X-Mailman-Version: 2.1.5
Precedence: list
Reply-To: [EMAIL PROTECTED]
List-Id: General questions regarding Samba 
List-Unsubscribe: ,

List-Archive: 
List-Post: 
List-Help: 
List-Subscribe: ,

Sender: [EMAIL PROTECTED]
Errors-To: [EMAIL PROTECTED]
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Profiles permissions

[RNuno]

Tony Earnshaw wrote:
Well the only thing I can tell you, is that the + sign means that a Posix
ACL has been set. Potverdorrie, I've been trying to get that to work out
of an XP unpatched to a Samba 3.0.11 PDC for days. My partition is on
RHAS3, with fstap "defaul,acl,user_xattr" And yes, the OS and kernel do
support them all. Posix ACLs work (getfacl, setfacl, chacl etc), but no
way can I get Samba to play (in spite of strict adherence to the official
Samba docs).
You lucky bastard, you :)
 

I have all XP Workstations fully patched, my partition is XFS on
2.6.11 kernel with ACL support. For me it just works(TM), but like
I said before it only start with samba-3.0.12 before with 3.0.10
it didn't have this behavior, try it maybe the catch is there.
regards :)
-- RNuno
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] BUG -- winbindd and Windows 2003 sp1

[Gerald (Jerry) Carter]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
apparently Windows 2003 sp1 does not like the LsaOpenPolicy()
call being done over a schannel'd connection.  Fix for winbindd
is at:
http://samba.org/~jerry/patches/post-3.0.13/winbindd_2k3sp1.patch
The symptoms are that the lsa.*open_pol DC reply contains
0xc0020041 (RPC_NT_CANNOT_SUPPORT).
Please test this some more if you can.  This patch  will
be included in 3.0.14pre1 due out next week sometime.

cheers, jerry
=
Alleviating the pain of Windows(tm)  --- http://www.samba.org
GnuPG Key- http://www.plainjoe.org/gpg_public.asc
"I never saved anything for the swim back." Ethan Hawk in Gattaca
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.2.5 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
iD8DBQFCTFibIR7qMdg1EfYRAgXgAJ4y4lMG5O3RGGJhjIQ6KgNec9lWvQCglUuh
nCWidOLS0/endH6Qwb+nXS0=
=uP0n
-END PGP SIGNATURE-
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] poppassd and pam_winbind.so

[Keith Conger]

Hi,

I saw your post about poppassd and winbind and wondered if you got
anywhere or found a solution.

Thanks,
Keith
-- 
 
Keith Conger 
Server Systems Administrator  
Information Technology 
Onondaga Community College  
phone:(315)498-2767 
nextel:(315)575-7197 
email:[EMAIL PROTECTED]
jabber: [EMAIL PROTECTED] 
http://www.sunyocc.edu/~congerk/
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Re: Primard Domain Controller feature not working

[Mark Ratering]

I have done a bunch of research and i can find nothing.  I read
O'reilly's "Using Samba" from cover to cover.  I still cannot fix this
stupid error that happens when i attempt to add a computer to the
domain.

Recap:
I go to system properties, to computer name tab, click the button to
change hostname and domain/workgroup membership, type in the domain
name and then i get a box requesting that i enter the username and
password of a user who has right to add a user to the domain.  I tpe
in root and the root password and i get this error: "The user name
could not be found". When i try a username that i know does not existi
get: "Logon failure: unknown username or bad password".  My
configuration is the same as it was in the original email.

-Mark
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

One more detail... [Samba] Error when add Samba 3.0.10-1.fc3 to

[Cristian Thiago Moecke]

I noticed that the SAMBA account is created in the Server Manager in the
NT PDC, but it appears as a offline computer.

-- 
Cristian Thiago Moecke
CPD do Laboratório de Mecânica de Precisão - UFSC

> I am trying to install a File server using samba on a NT 4.0 domain.
> I will call the domain DOMAIN, the pec PDC, the samba file server SAMBA,
> and so on... :D
>
> The linux is an updated Fedora Core 3, and the samba version is
> 3.0.10-1.fc3
>
> I used SWAT to configure. Here is some lines of my smb.conf:
>
> workgroup = DOMAIN
> server string = SAMBA
> interfaces = eth
> security = domain
>
> Then i looked on the interrnet how to add it to a domain, and found that:
> # net join member -S IP_OF_PDC -U moecke
> [2005/03/31 15:44:45, 0] lib/interface.c:load_interfaces(220)
>   WARNING: no network interfaces found
> moecke's password:
> [2005/03/31 15:44:53, 0] utils/net_ads.c:ads_startup(186)
>   ads_connect: Argumento inválido
> [2005/03/31 15:44:53, 0] rpc_client/cli_netlogon.c:cli_nt_setup_creds(256)
>   cli_nt_setup_creds: request challenge failed
> [2005/03/31 15:44:54, 0] rpc_client/cli_netlogon.c:cli_nt_setup_creds(256)
>   cli_nt_setup_creds: request challenge failed
> [2005/03/31 15:44:54, 0] utils/net_rpc_join.c:net_rpc_join_newstyle(319)
>   Error domain join verification (reused connection):
> NT_STATUS_INVALID_COMPUTER_NAME
>
> Unable to join domain LMP.
>
> I get this errors... I found many things about it on internet, but nothing
> helped me. What should I do???
>
> Thanks
> Cristian
>
> --
> Cristian Thiago Moecke
> CPD do Laboratório de Mecânica de Precisão - UFSC
>
>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/listinfo/samba
>


-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

RE: [Samba] Error when add Samba 3.0.10-1.fc3 to Windows NT Domain

[daniel.jarboe]

> workgroup = DOMAIN
> server string = SAMBA
> interfaces = eth
> security = domain
>
> Then i looked on the interrnet how to add it to a domain, and found
that:
> # net join member -S IP_OF_PDC -U moecke
> [2005/03/31 15:44:45, 0] lib/interface.c:load_interfaces(220)
>   WARNING: no network interfaces found


This is probably your first problem:

interfaces = eth

My guess is you want something like
interfaces = eth0

or maybe interfaces = eth* 127.0.0.1/24 or leave it blank

~ Daniel

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Notification

[Spamserver]

* eManager Notification **

Recipient, Content filter has detected a sensitive e-mail.

Destination mailbox(es): "samba@lists.samba.org"

*** End of message ***
Received: from 208.8.92.60 by jupiter.INSIDEAI.COM (InterScan E-Mail VirusWall 
NT); Thu, 31 Mar 2005 13:51:50 -0500
Received: from lists.samba.org ([66.70.73.150]) by viruswall.ai-logix.com
  (Post.Office MTA v3.5.3 release 223 ID# 0-0U10L2S100V35)
  with ESMTP id com for <[EMAIL PROTECTED]>;
  Thu, 31 Mar 2005 13:51:49 -0500
Received: from dp.samba.org (localhost [127.0.0.1])
by lists.samba.org (Postfix) with ESMTP id 95331163C4C
for <[EMAIL PROTECTED]>; Thu, 31 Mar 2005 18:51:49 + (GMT)
X-Original-To: samba@lists.samba.org
Delivered-To: samba@lists.samba.org
Received: from billy.demon.nl (billy.demon.nl [212.238.97.135])
by lists.samba.org (Postfix) with ESMTP id A8926163866
for ; Thu, 31 Mar 2005 18:50:35 + (GMT)
Received: from sqm.intern (tru.leerlingen [192.168.0.3])
(using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
(No client certificate requested) (Authenticated sender: tonni)
by billy.demon.nl (Postfix) with ESMTP id E6FEA43CFB
for ; Thu, 31 Mar 2005 20:38:05 +0200 (CEST)
Received: from 192.168.1.10 (SquirrelMail authenticated user tonni)
by sqm.intern with HTTP; Thu, 31 Mar 2005 20:38:05 +0200 (CEST)
Message-ID: <[EMAIL PROTECTED]>
In-Reply-To: <[EMAIL PROTECTED]>
References: <[EMAIL PROTECTED]>
Date: Thu, 31 Mar 2005 20:38:05 +0200 (CEST)
Subject: Re: [Samba] Profiles permissions
From: "Tony Earnshaw" <[EMAIL PROTECTED]>
To: samba@lists.samba.org
User-Agent: SquirrelMail/1.5.1 [CVS]
MIME-Version: 1.0
Content-Type: text/plain;charset=iso-8859-1
X-Priority: 3 (Normal)
Importance: Normal
X-Spam-Checker-Version: SpamAssassin 3.0.2 (2004-11-16) on dp.samba.org
X-Spam-Status: No, score=-2.6 required=3.8 tests=AWL,BAYES_00 autolearn=ham 
version=3.0.2
X-Spam-Level: 
X-BeenThere: samba@lists.samba.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: General questions regarding Samba 
List-Unsubscribe: ,

List-Archive: 
List-Post: 
List-Help: 
List-Subscribe: ,

Sender: [EMAIL PROTECTED]
Errors-To: [EMAIL PROTECTED]
Content-Transfer-Encoding: quoted-printable
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Notification

[Spamserver]

* eManager Notification **

Recipient, Content filter has detected a sensitive e-mail.

Destination mailbox(es): "samba@lists.samba.org"

*** End of message ***
Received: from 208.8.92.60 by jupiter.INSIDEAI.COM (InterScan E-Mail VirusWall 
NT); Thu, 31 Mar 2005 13:51:20 -0500
Received: from lists.samba.org ([66.70.73.150]) by viruswall.ai-logix.com
  (Post.Office MTA v3.5.3 release 223 ID# 0-0U10L2S100V35)
  with ESMTP id com for <[EMAIL PROTECTED]>;
  Thu, 31 Mar 2005 13:51:20 -0500
Received: from dp.samba.org (localhost [127.0.0.1])
by lists.samba.org (Postfix) with ESMTP id 13F471639C0
for <[EMAIL PROTECTED]>; Thu, 31 Mar 2005 18:51:20 + (GMT)
X-Original-To: samba@lists.samba.org
Delivered-To: samba@lists.samba.org
Received: from billy.demon.nl (billy.demon.nl [212.238.97.135])
by lists.samba.org (Postfix) with ESMTP id A8926163866
for ; Thu, 31 Mar 2005 18:50:35 + (GMT)
Received: from sqm.intern (tru.leerlingen [192.168.0.3])
(using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
(No client certificate requested) (Authenticated sender: tonni)
by billy.demon.nl (Postfix) with ESMTP id E6FEA43CFB
for ; Thu, 31 Mar 2005 20:38:05 +0200 (CEST)
Received: from 192.168.1.10 (SquirrelMail authenticated user tonni)
by sqm.intern with HTTP; Thu, 31 Mar 2005 20:38:05 +0200 (CEST)
Message-ID: <[EMAIL PROTECTED]>
In-Reply-To: <[EMAIL PROTECTED]>
References: <[EMAIL PROTECTED]>
Date: Thu, 31 Mar 2005 20:38:05 +0200 (CEST)
Subject: Re: [Samba] Profiles permissions
From: "Tony Earnshaw" <[EMAIL PROTECTED]>
To: samba@lists.samba.org
User-Agent: SquirrelMail/1.5.1 [CVS]
MIME-Version: 1.0
Content-Type: text/plain;charset=iso-8859-1
X-Priority: 3 (Normal)
Importance: Normal
X-Spam-Checker-Version: SpamAssassin 3.0.2 (2004-11-16) on dp.samba.org
X-Spam-Status: No, score=-2.6 required=3.8 tests=AWL,BAYES_00 autolearn=ham 
version=3.0.2
X-Spam-Level: 
X-BeenThere: samba@lists.samba.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: General questions regarding Samba 
List-Unsubscribe: ,

List-Archive: 
List-Post: 
List-Help: 
List-Subscribe: ,

Sender: [EMAIL PROTECTED]
Errors-To: [EMAIL PROTECTED]
Content-Transfer-Encoding: quoted-printable
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Profiles permissions

[Tony Earnshaw]

RNuno:

> Maybe this is a simple filesystem question.. but here it goes.
>
>
> We have a samba-3.0.12 + LDAP domain, today a profile of mine got borked
> it just stands there like it was loading but it freezes, I went to the
> server and deleted the profile dir and on the workstation to start a new
> one.
>
> It worked as expected but now I see it was created with diferent perms
> on 3.0.12 that with 3.0.10 ?
>
> This is what I get:
>
>
> drwx--  16 Administrator Domain Admins 4096 Mar 31 17:48
> Administrator
> drwx--  17 amartins  Domain Users  4096 Mar 31 17:59 amartins
> drwx--+ 13 dpereira  Domain Users  4096 Mar 31 18:01 dpereira
>
> dpereira is the new profile, was there any changes? what is this + sign?

Well the only thing I can tell you, is that the + sign means that a Posix
ACL has been set. Potverdorrie, I've been trying to get that to work out
of an XP unpatched to a Samba 3.0.11 PDC for days. My partition is on
RHAS3, with fstap "defaul,acl,user_xattr" And yes, the OS and kernel do
support them all. Posix ACLs work (getfacl, setfacl, chacl etc), but no
way can I get Samba to play (in spite of strict adherence to the official
Samba docs).

You lucky bastard, you :)

--Tonni


-- 
mail: [EMAIL PROTECTED]
http://www.billy.demon.nl

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Guide for Idmap on LDAP.

[Meli Marco]

John,
It's very kind of you, I will wait your email.
To answer you about the previous message:
No I don't have initialized the LDAP server as you have mentionated in the
chapter 6 because I tought that it was not necessary  if I want only to
store the Idmap resolution and neither I have to include the samba.schema in
slapd.conf file also because I don't want to replicate the users on the
samba server but only resolve them.
Yes, I have smbpasswd -w secret, the same password for the ldap entry with
ldif.
Aniway all is born because I would like to use the LDAP only for Idmap
backend since every time I have to change samba release with tdb files,
samba changes the users and groups resolution or better the ADSLDAP or
NT4SAM source account change.
So if there is a method to made this relocation clearly I will appreciated
it since I use also the ACL features and setting them everytime is a lot of
work, but I'm also interest into LDAP.
Thanks a lot.
Marco.
[EMAIL PROTECTED]  

 
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Error when add Samba 3.0.10-1.fc3 to Windows NT Domain

[Cristian Thiago Moecke]

I am trying to install a File server using samba on a NT 4.0 domain.
I will call the domain DOMAIN, the pec PDC, the samba file server SAMBA,
and so on... :D

The linux is an updated Fedora Core 3, and the samba version is 3.0.10-1.fc3

I used SWAT to configure. Here is some lines of my smb.conf:

workgroup = DOMAIN
server string = SAMBA
interfaces = eth
security = domain

Then i looked on the interrnet how to add it to a domain, and found that:
# net join member -S IP_OF_PDC -U moecke
[2005/03/31 15:44:45, 0] lib/interface.c:load_interfaces(220)
  WARNING: no network interfaces found
moecke's password:
[2005/03/31 15:44:53, 0] utils/net_ads.c:ads_startup(186)
  ads_connect: Argumento inválido
[2005/03/31 15:44:53, 0] rpc_client/cli_netlogon.c:cli_nt_setup_creds(256)
  cli_nt_setup_creds: request challenge failed
[2005/03/31 15:44:54, 0] rpc_client/cli_netlogon.c:cli_nt_setup_creds(256)
  cli_nt_setup_creds: request challenge failed
[2005/03/31 15:44:54, 0] utils/net_rpc_join.c:net_rpc_join_newstyle(319)
  Error domain join verification (reused connection):
NT_STATUS_INVALID_COMPUTER_NAME

Unable to join domain LMP.

I get this errors... I found many things about it on internet, but nothing
helped me. What should I do???

Thanks
Cristian

-- 
Cristian Thiago Moecke
CPD do Laboratório de Mecânica de Precisão - UFSC



-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] last file missing from wildcard searches (3.0.13)

[Jeremy Allison]

On Thu, Mar 31, 2005 at 01:20:30PM +0100, Mac wrote:
> Hi all,
> 
>   We're at the preliminary stages of investigating this, but I
> can't find any references to it on a Google etc.
> 
> 
> Anyway.  We've just moved from 3.0.6 to 3.0.13 and users report a file
> being missing.
> 
> 
> On investigation it turns out that (as far as we could tell in a 5
> minute minor panic) the last file in a directory is not included in
> a wildcard search.  (last file is defined by 'ls -f').
> 
> 
> Naming the file explicitly is not affected, but any wildcard (such as
> 'ls' or 'ls *B' fails to find the file.
> 
> This behaviour is consistent with both  Win XP SP1  and  smbclient
> 
> We're continuing to investigate, and when we've got the minimal
> reproducible test cvase, we'll file a bugzilla report, but I just wanted
> to flag this up here and now.
> 
> We've rolled back to 3.0.6 for now.
> 
> IRIX 6.5.5, Samba 3.0.6 with quotas support compiled in.  All compiled
> from source.

Can you get me a ethereal capture trace, and also a debug level 10 from
the smbd please ? This code did change for 3.0.13 to fix a bug with Win9x,
but it was tested extensively before release (ie. I can't reproduce this bug).

Thanks,

Jeremy.
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Guide for Idmap on LDAP.

[John H Terpstra]

On Thursday 31 March 2005 10:50, Meli Marco wrote:
> Hi,
> Can anyone give me a link for a step-by-step guide how to openLDAP with
> samba only for store the idmap in the directory?
> Specially with LDAP side configuration files examples?
> Thank you a lot.
> Marco.

Marco,

Your configuration previously sent to this list looks OK. I will help you to 
resolve the issues. See previous emails.

I just updated the IDMAP chapter of the Samba-HOWTO-Collection because I found 
that the step to set the LDAP server access password had been left out for 
the example that you appear to be following. I sent you an email about that 
already. The updates HOWTO will appear on our web servers within 48 hours.

- John T.
-- 
John H Terpstra
Samba-Team Member
Phone: +1 (650) 580-8668

Author:
The Official Samba-3 HOWTO & Reference Guide, ISBN: 0131453556
Samba-3 by Example, ISBN: 0131472216
Hardening Linux, ISBN: 0072254971
Other books in production.
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Guide for Idmap on LDAP.

[Meli Marco]

Hi,
Can anyone give me a link for a step-by-step guide how to openLDAP with
samba only for store the idmap in the directory?
Specially with LDAP side configuration files examples?
Thank you a lot.
Marco. 
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Does pam is needed with winbind?

[John H Terpstra]

On Thursday 31 March 2005 08:39, Guillaume chardin wrote:
> I have some problem to compile samba 3.0.13 on a
> debian distrib. I tried to compile the source, and
> when configure check for PAM, it give me an error that
> "pam module blablabla" cannot be found. Then, I
> compile the source without the '--with-pam' parameter
> and compilation run well. All I want to know is: does
> winbind need the presence of PAM (in compilation) for
> autenticate on an ADS structure?

If you want to log onto your Linux system using ADS accounts you need PAM.
If you want to run a Samba server on Linux, and then access it from a Windows 
workstation you just need winbind for NSS support. However, I suspect you 
need PAM support to permit winbind to be compiled so it  is available for NSS 
support - suggest you check the dependencies in the  Makefile.

To build PAM support you need the pam-devel libraries installed.

- John T.
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] IDMAP LDAP problems

[John H Terpstra]

On Thursday 31 March 2005 04:40, Meli Marco wrote:
> Hi,
> I running samba-3.0.13-1 on RH9
> (openldap-2.0.27-8,krb5-1.2.7-10,nss_ldap-202-5) and configured as show
> below, my intention is only to make IDMAP storage in LDAP using winbind.
> I've looked on SAMBA3 by example book and relatives official guide on the
> site.
> First I have try to run samba and winbind retriving users and groups from
> ADS and storing them in winbindd_idmap.tdb and winbindd_cache.tdb files and
> it seems to work fine.
> After I have introduce the LDAP backend and relative configuration as shown
> below, but I have received the errors at the bottom of the message.
> Why it doesn't work? I found only example that show domains with only one
> prefix could I wrong the ldap configuration?
> Thanks.
> Marco.
>
> /etc/samba/smb.conf
> netbios name = 03
> os level = 16
> wins server = XXX.XXX.XXX.XXX
> socket options = IPTOS_LOWDELAY TCP_NODELAY SO_KEEPALIVE
> unix charset = LOCALE
> workgroup = WORKGROUP
> realm = PREFIX1.PREFIX2.COM
> security = ADS
> password server = kdc01.sinter.gkn.com
> encrypt passwords = yes
> winbind use default domain = Yes
> winbind separator = /
> winbind enum users = Yes
> winbind enum groups = Yes
> ldap ssl = No
> ldap admin dn = cn=Manager,dc=prefix1,dc=prefix2,dc=com
> ldap idmap suffix = ou=Idmap
> ldap suffix = dc=prefix1,dc=prefix2,dc=com
> idmap backend = ldap:ldap://localhost
> idmap uid = 1-4
> idmap gid = 1-4
> hide unreadable = Yes
> template homedir = /data/user/%U
> template shell = /bin/false
> use sendfile = Yes
>
> /etc/nsswitch.conf
> passwd: compat ldap
> shadow: compat ldap
> group:compat ldap
> hosts:files dns wins
>
> /etc/ldap.conf
> host 127.0.0.1
> base dc=prefix1,dc=prefix2,dc=com
> binddn cn=Manager,dc=prefix1,dc=prefix2,dc=com
> bindpw secret
> pam_password exop
> nss_base_passwd ou=People,dc=prefix1,dc=prefix2,dc=com?one
> nss_base_shadow ou=People,dc=prefix1,dc=prefix2,dc=com?one
> nss_base_group  ou=Group,dc=prefix1,dc=prefix2,dc=com?one
> ssl no
>
> /etc/openldap/idmap.ldif
> dn: dc=prefix1,dc=prefix2,dc=com
> objectClass: dcObject
> objectClass: organization
> dc: prefix1.prefix2
> o: xxx
> description: xxx
>
> dn: cn=Manager,dc=prefix1,dc=prefix2,dc=com
> objectClass: organizationalRole
> cn: Manager
> description: Directory Manager
>
> dn: ou=Idmap,dc=prefix1,dc=prefix2,dc=com
> objectClass: organizationalUnit
> ou: idmap
>
> /etc/krb5.conf
> [logging]
>  default = FILE:/var/log/krb5libs.log 
>  >
>  kdc = FILE:/var/log/krb5kdc.log 
>  >
>  admin_server = FILE:/var/log/kadmind.log 
>  >
>
> [libdefaults]
>  ticket_lifetime = 24000
>  default_realm = PREFIX1.PREFIX2.COM
>  dns_lookup_realm = false
>  dns_lookup_kdc = false
>
> [realms]
>  PREFIX1.PREFIX2.COM = {
>   kdc = KDC01.PREFIX1.PREFIX2.COM
>  }
>
> [domain_realm]
>  .prefix1.prefix2.com = PREFIX1.PREFIX2.COM
>  prefix1.prefix2.com = PREFIX1.PREFIX2.COM
>
> [kdc]
>  profile = /var/kerberos/krb5kdc/kdc.conf
>
> [appdefaults]
>  pam = {
>debug = false
>ticket_lifetime = 36000
>renew_lifetime = 36000
>forwardable = true
>krb4_convert = false
>
> /var/spool/samba/log.winbindd
> [2005/03/30 17:53:26, 0] sam/idmap.c:idmap_init(138)
>   idmap_init: failed to initialize remote backend!
> [2005/03/30 17:53:26, 1] nsswitch/winbindd.c:main(897)
>   Could not init idmap -- netlogon proxy only
> [2005/03/30 17:54:34, 1] nsswitch/winbindd_user.c:winbindd_fill_pwent(50)
>   error getting user id for sid
> S-1-5-21-597916725-1483147915-620655208-19426
> [2005/03/30 17:54:34, 1] nsswitch/winbindd_user.c:winbindd_fill_pwent(50)
>   error getting user id for sid
> S-1-5-21-597916725-1483147915-620655208-19426

Did you store the LDAP server access password 'secret' into the Samba 
secrets.tdb file?

smbpasswd -w secret


- John T.
-- 
John H Terpstra
Samba-Team Member
Phone: +1 (650) 580-8668

Author:
The Official Samba-3 HOWTO & Reference Guide, ISBN: 0131453556
Samba-3 by Example, ISBN: 0131472216
Hardening Linux, ISBN: 0072254971
Other books in production.
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Samba over ssh ?

[Madhusudan Singh]

Hi

 I need to make my samba server available over the internet to a mobile user 
base.

 I was wondering if samba could be run over ssh (at both client and server 
ends). I am not comfortable about opening ports 139 and 445.

Thanks.
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] sending messages via smbclient fails beginning with version 3.0.1 2

[John H Terpstra]

On Thursday 31 March 2005 04:20, Thomas Bork wrote:
> Masopust Christian wrote:
> > i'm sending some messages via "smbclient -M " from my
> > solaris-system to my windows-pc and this fails now since i installed
> > 3.0.12 (it also does with 3.0.13).
> > comparing the debug-output of 3.0.11 and 3.0.12 shows that it now tries
> > to open a connection to port 445 instead of 139!
>
> Use "smbclient -p 139 -M ..." or try this patch against 3.0.13:
>
> http://www.mail-archive.com/samba%40lists.samba.org/msg55524.html
>
> Don't know, why nobody answers, if this patch is ok or not. But with
> this patch, sending messages is possible again.

Patches should be submitted to https://bugzilla.samba.org/

By submitting patches to Bugzilla you force someone to act on it and you can 
always see why it was or was not used. All Samba activities are prioritized 
via Bugzilla.

- John T.
-- 
John H Terpstra
Samba-Team Member
Phone: +1 (650) 580-8668

Author:
The Official Samba-3 HOWTO & Reference Guide, ISBN: 0131453556
Samba-3 by Example, ISBN: 0131472216
Hardening Linux, ISBN: 0072254971
Other books in production.
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] LDAP storage for idmap.

[John H Terpstra]

On Thursday 31 March 2005 01:20, Meli Marco wrote:
> Hi,
> I try to store the idmap in LDAP storage, but it gives me the follows
> errors.
> What's wrong? (further details are in the message post before)
> Thanks, Marco.
> /var/spool/samba/log.winbindd
>  [2005/03/30 17:53:26, 0] sam/idmap.c:idmap_init(138)
>  idmap_init: failed to initialize remote backend!
>  [2005/03/30 17:53:26, 1] nsswitch/winbindd.c:main(897)
> Could not init idmap -- netlogon proxy only [2005/03/30 17:54:34, 1]
> nsswitch/winbindd_user.c:winbindd_fill_pwent(50) error getting user id for
> sid S-1-5-21-597916725-1483147915-620655208-19426
> [2005/03/30 17:54:34, 1] nsswitch/winbindd_user.c:winbindd_fill_pwent(50)
> error getting user id for sid S-1-5-21-597916725-1483147915-620655208-19426

Did you initialize the LDAP Directory? See Chapter 6 of "Samba-3 by Example" 
downloadable from: http://www.samba.org/samba/docs/Samba-Guide.pdf

Also check the Appendix of this book.

- John T.
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Profiles permissions

[RNuno]

Hi list,
Maybe this is a simple filesystem question.. but here it goes.
We have a samba-3.0.12 + LDAP domain, today a profile of mine got borked
it just stands there like it was loading but it freezes, I went to the
server and deleted the profile dir and on the workstation to start a new 
one.

It worked as expected but now I see it was created with diferent perms 
on 3.0.12
that with 3.0.10 ?

This is what I get:
drwx--  16 Administrator Domain Admins 4096 Mar 31 17:48 Administrator
drwx--  17 amartins  Domain Users  4096 Mar 31 17:59 amartins
drwx--+ 13 dpereira  Domain Users  4096 Mar 31 18:01 dpereira
dpereira is the new profile, was there any changes? what is this + sign?
Thanks
-- RNuno
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Entries in etc/passwd is this correct?

[Bruno Quintas]

I'm having some troubles with a samba PDC (very slow logons, and several
crashes in windows boxes). The users are 1001,1002

1001:x:508:509::/home/1001:/bin/bash
1002:x:509:510::/home/1002:/bin/bash
1003:x:510:511::/home/1003:/bin/bash
1004:x:511:512::/home/1004:/bin/bash
1005:x:512:513::/home/1005:/bin/bash
1006:x:513:514::/home/1006:/bin/bash






-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] last file missing from wildcard searches (3.0.13)

[Mac]

>Hi all,
>
>   We're at the preliminary stages of investigating this, but I
>can't find any references to it on a Google etc.

Of course I should have checked bugzilla too! :-)

This looks exactly like bug 2452.  


We can only add that the problem isn't in 3.0.6 and we'd very much like
it fixed.


We're currently creating testcases all over the place, and we have level
10 debug logs of failure.


   Mac
  Assistant Systems Adminstrator @nibsc.ac.uk
   [EMAIL PROTECTED]
   Work: +44 1707 641565  Everything else: +44 7956 237670 (anytime)
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] change samba user password in WinXP

[Fabio Marcone]

Hi!
I'm using samba3+ldap like PDC. I need to change user password using account 
management in WinXP, but xp show me an error like "User haven't rights to 
change password", but I want to change my own password (user logged wants to 
change his password) and I'm logged as samba administrator!

How I can solve it?

Thanks,
Fabio
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Does pam is needed with winbind?

[Guillaume chardin]

I have some problem to compile samba 3.0.13 on a
debian distrib. I tried to compile the source, and
when configure check for PAM, it give me an error that
"pam module blablabla" cannot be found. Then, I
compile the source without the '--with-pam' parameter
and compilation run well. All I want to know is: does
winbind need the presence of PAM (in compilation) for
autenticate on an ADS structure?
best regards
Guillaume.






__
Découvrez le nouveau Yahoo! Mail : 250 Mo d'espace de stockage pour vos mails ! 
Créez votre Yahoo! Mail sur http://fr.mail.yahoo.com/
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] sending messages via smbclient fails beginning with version 3.0.1 2

[Gerald (Jerry) Carter]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Thomas Bork wrote:
| Use "smbclient -p 139 -M ..." or try this patch against 3.0.13:
|
| http://www.mail-archive.com/samba%40lists.samba.org/msg55524.html
|
| Don't know, why nobody answers, if this patch is ok
| or not. But with this patch, sending messages is possible again.
Thomas,
It's on my todo list.  I still have you mail.  Sorry for
being such as black hole of email lately.

cheers, jerry
=
Alleviating the pain of Windows(tm)  --- http://www.samba.org
GnuPG Key- http://www.plainjoe.org/gpg_public.asc
"I never saved anything for the swim back." Ethan Hawk in Gattaca
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.2.5 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
iD8DBQFCTBXbIR7qMdg1EfYRAvdwAKCmj4bxX7LdxQ11EF37nCb5gteiJACfacwR
xr2F5qTPVEUWcuVsTOfv7+s=
=t+iL
-END PGP SIGNATURE-
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Re: Windows XP & greyed-out Guest user password prompt

[Tom Schaefer]

Look at the username directive in the smb.conf man page.  I
believe it could solve things for you.  In the section for a particular
share just specify "username = validuser1, validuser2" etc. and then
samba will attempt to validate whatever password the XP system with the greyed
out username field supplies against all the usernames specified in the
username directive for the share.  Username = %S is very useful for homes
shares.

Check it out, I really think it could do the trick for you. 

Tom Schaefer


On Wed, 30 Mar 2005 17:33:45 -0800
Jules Agee <[EMAIL PROTECTED]> wrote:

> Tom Schaefer wrote:
> > It is because you are using
> > 
> > security = share
> > 
> > which is emulating the old Win9x way of sharing where the username is
> > irrelevant, which is why XP just sets it to guest and greys it out,
and> > all that matters is knowing the password to the particular share. 
> > 
> > Share a folder from Win9x using the type of sharing where you set a
> > password to access a folder and then access it from XP.  You'll see
the> > same thing - greyed out guest.
> > 
> > Tom Schaefer
> 
> I'm sure you're right. But I'm stuck using security=share, and Windows 
> 2000 clients behave just fine with the exact same server and the same 
> shares, prompting the user for a username *and* password if using the 
> local system authentication data fails.
> 
> Right now, the only idea I have is to force people to use the same 
> username and password on their local config as in our ldap database, and
> train them to keep the info in sync themselves. Setting up a domain 
> server isn't an option.
> 
> Thanks for your time!
> -Jules
> -- 
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/listinfo/samba
> 
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

RE: [Samba] ntlm_auth question

[Snodgrass, Micah]

Thank you much Andrew, joining the domain did the trick. For the record, doing 
a net rpc join -U administrator from the Linux/FreeRADIUS box joined the 
machine to the domain, but still no luck. I took a look at the Win2k3 AD 
server, and had to check the foolish little check box on the account for the 
Linux computer that said something like "This machine is a Pre-Windows 2000 
machine"  and then we were talking. 

thanks again for the reply, 
-MS

> -Original Message-
> From: Andrew Bartlett [mailto:[EMAIL PROTECTED]
> Sent: Thursday, March 31, 2005 5:31 AM
> To: Snodgrass, Micah
> Cc: samba@lists.samba.org
> Subject: Re: [Samba] ntlm_auth question
> 
> 
> On Wed, 2005-03-30 at 08:05 -0600, Snodgrass, Micah wrote:
> 
> > [EMAIL PROTECTED]:~# ntlm_auth --username=msnodgrass 
> --request-nt-key --domain=CECNT
> > password:
> > NT_STATUS_CANT_ACCESS_DOMAIN_INFO: 
> NT_STATUS_CANT_ACCESS_DOMAIN_INFO (0xc0da)
> > [EMAIL PROTECTED]:~#
> 
> You have to join the domain first - see the documentation on 
> setting up
> a fileserver as a domain member, and once you are joined you can just
> run winbindd and nmbd.
> 
> Andrew Bartlett
> 
> -- 
> Andrew Bartlett
> http://samba.org/~abartlet/
> Authentication Developer, Samba Team   http://samba.org
> Student Network Administrator, Hawker College  http://hawkerc.net
> 
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Re: Problem with pdf printing (SOLVED)

[Luca Olivetti]

Urs Rau wrote:
Luca,
Luca Olivetti wrote:
[...]
I don't know, but I bypassed the problem by using a pdf backend in 
cups (which is really a simple shell script that I tailored to my 
needs), so even the pdf printer is a "normal" cups printer.

Somebody called "misty" said the same thing in IRC #samba yesterday, but 
they had to run before they could show me the contents of the file. 
Would you mind sending this to the list? I think it is still at least 
slighlty "on-topic".

I already replied privately since I saw your personal message first, 
anyway, here it is again.

My cups distribution (mandrake 10.0) already came with a cups backend in 
 /usr/lib/cups/backend, this is my modified copy. Note that I don't 
export the users' home directory but the 'export' subdirectory in their 
home, so the script puts the generated pdf there or, if exists, in a pdf 
subdir. Users will see their file in the U: drive (that's mapped to 
their export dir) and there's no need to use a cron job to notify them 
since they can see if the job is still pending in the windows printer queue.
OTOH I had to upgrade ghostscript (to 8.15) since the stock one in mdk 
10.0 would choke on many ps files.

Bye
--
Luca Olivetti
Wetron Automatización S.A. http://www.wetron.es/
Tel. +34 93 5883004  Fax +34 93 5883007
#!/bin/sh
#
# This script is intended to be used as a CUPS backend, to create
# PDF file on-the-fly. Just create a printer using the device uri
# pdf:/path/to/dir/. When printing to this printer, a PDF file
# will be generated in the directory specified. The file name will
# be either ".pdf" or "unknown.pdf", depending wether the
# jobname is empty or not.
#
# To use it, simply copy this script to your backend directory, and
# create a printer with the correct URI. That's it.
#
# Copyright (C) Michael Goffioul ([EMAIL PROTECTED]) 2001
LOGFILE=/tmp/pdf.log
PDFBIN=`which ps2pdf`
FILENAME= 
# this is borrowed from printpdf script for the filename
PRINTTIME=`date +%b%d-%H%M%S`

echo "Executable: $PDFBIN" > $LOGFILE
echo "Arguments: |$1|$2|$3|$4|$5|$6|" >> $LOGFILE 
echo $# $PRINTTIME >> $LOGFILE

# case of no argument, prints available URIs
if [ $# -eq 0 ]; then
if [ ! -x "$PDFBIN" ]; then
exit 0
fi
echo "direct pdf \"Unknown\" \"PDF Writing\""
exit 0
fi 

# case of wrong number of arguments
if [ $# -ne 5 -a $# -ne 6 ]; then
echo "Usage: pdf job-id user title copies options [file]"
echo "Usage: pdf job-id user title copies options [file]" >> $LOGFILE
exit 1
fi 

# get PDF directory from device URI, and check write status
PDFDIR=${DEVICE_URI#pdf:}
if [ "$2" != "" ]; then
USER=`echo "$2" | tr '[:upper:]' '[:lower:]'`
PDFDIR=`getent passwd "$USER" | awk -F: '{print $6}'`
PDFDIR="${PDFDIR}/export"
if [ -d "${PDFDIR}/pdf" ]; then
PDFDIR="${PDFDIR}/pdf"
fi
fi 
if [ ! -d "$PDFDIR" -o ! -w "$PDFDIR" ]; then
echo "ERROR: directory $PDFDIR not writable"
echo "ERROR: directory $PDFDIR not writable" >> $LOGFILE
exit 1
fi 

echo "PDF directory: $PDFDIR" >> $LOGFILE 

# generate output filename
OUTPUTFILENAME=
if [ "$3" = "" ]; then
OUTPUTFILENAME="$PDFDIR/unknown.pdf"
else
TITLE=`echo $3 | sed -e 's/^smbprn\.[0-9]* //'`
OUTPUTFILENAME="$PDFDIR/${TITLE//[^[:alnum:]]/_}.pdf"
# I changed this to user name, and the printtime to track down who
# printed the PDF and when, samba printing just uses nobody

# OUTPUTFILENAME="$PDFDIR/$2-$PRINTTIME.pdf"
echo "PDF file: $OUTPUTFILENAME placed in: $PDFDIR" >> $LOGFILE
fi 

echo "Output file name: $OUTPUTFILENAME" >> $LOGFILE 

# run ghostscript
if [ $# -eq 6 ]; then
$PDFBIN $6 "$OUTPUTFILENAME"
#>& /dev/null
else
$PDFBIN - "$OUTPUTFILENAME" >& /dev/null
fi

# modify ownership and permissions on the file
#  - world readable
#  - owns to user specified in argument
#chmod a+r "$OUTPUTFILENAME"
if [ "$2" != "" ]; then
chown "$2" "$OUTPUTFILENAME"
fi 

exit 0
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] last file missing from wildcard searches (3.0.13)

[Mac]

Hi all,

We're at the preliminary stages of investigating this, but I
can't find any references to it on a Google etc.


Anyway.  We've just moved from 3.0.6 to 3.0.13 and users report a file
being missing.


On investigation it turns out that (as far as we could tell in a 5
minute minor panic) the last file in a directory is not included in
a wildcard search.  (last file is defined by 'ls -f').


Naming the file explicitly is not affected, but any wildcard (such as
'ls' or 'ls *B' fails to find the file.

This behaviour is consistent with both  Win XP SP1  and  smbclient

We're continuing to investigate, and when we've got the minimal
reproducible test cvase, we'll file a bugzilla report, but I just wanted
to flag this up here and now.

We've rolled back to 3.0.6 for now.

IRIX 6.5.5, Samba 3.0.6 with quotas support compiled in.  All compiled
from source.

   Mac
  Assistant Systems Adminstrator @nibsc.ac.uk
   [EMAIL PROTECTED]
   Work: +44 1707 641565  Everything else: +44 7956 237670 (anytime)
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] primary gid of user [1005] is not a Domain group !

[Bruno Quintas]

Hello have seen similar posts, but no conclusive corrections, the logons
take up to 1,30min.

Can somebody help?

TIA
Bruno


[2005/03/30 14:42:51, 1] smbd/service.c:make_connection_snum(648)
  praia2 (192.168.0.29) connect to service 1005 initially as user 1005
(uid=512, gid=513) (pid 2315)
[2005/03/30 14:55:06, 1] smbd/service.c:close_cnum(836)
  praia2 (192.168.0.29) closed connection to service 1005
[2005/03/30 14:57:37, 0] lib/util_sock.c:get_peer_addr(1000)
  getpeername failed. Error was Transport endpoint is not connected
[2005/03/30 14:57:37, 0] lib/util_sock.c:write_socket_data(430)
  write_socket_data: write failure. Error = Connection reset by peer
[2005/03/30 14:57:37, 0] lib/util_sock.c:write_socket(455)
  write_socket: Error writing 4 bytes to socket 22: ERRNO = Connection
reset by peer
[2005/03/30 14:57:37, 0] lib/util_sock.c:send_smb(647)
  Error writing 4 bytes to client. -1. (Connection reset by peer)
[2005/03/30 14:57:37, 1] smbd/service.c:make_connection_snum(648)
  praia2 (192.168.0.29) connect to service 1005 initially as user 1005
(uid=512, gid=513) (pid 4015)
[2005/03/30 15:35:22, 1] rpc_server/srv_util.c:get_domain_user_groups(298)
  get_domain_user_groups: primary gid of user [1005] is not a Domain group !
  get_domain_user_groups: You should fix it, NT doesn't like that
[2005/03/30 15:35:22, 0] rpc_server/srv_util.c:get_alias_user_groups(206)
  get_alias_user_groups: gid of user 1005 doesn't exist. Check your
/etc/passwd and /etc/group files

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] (no subject)

[Sean Fichera]

 

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Network printer via samba how?

[samba]

Hello all,

Am setting up samba, and it works fine, but trying to set up printers - but the
printers here is networked, such as photocopiers.  I don't need the linux
server to be able to print to the printer - I just need the Windows boxes to
print directly to the printer bypassing the server, so I need to add in the
printer information in Samba - but how?  I seem to need to add in the info in
/etc/printcap but what is the correct syntax?

Thanks very much for your help in advance

Cheers - Piers
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] IDMAP LDAP problems

[Meli Marco]

Hi,
I running samba-3.0.13-1 on RH9
(openldap-2.0.27-8,krb5-1.2.7-10,nss_ldap-202-5) and configured as show
below, my intention is only to make IDMAP storage in LDAP using winbind.
I've looked on SAMBA3 by example book and relatives official guide on the
site.
First I have try to run samba and winbind retriving users and groups from
ADS and storing them in winbindd_idmap.tdb and winbindd_cache.tdb files and
it seems to work fine.
After I have introduce the LDAP backend and relative configuration as shown
below, but I have received the errors at the bottom of the message.
Why it doesn't work? I found only example that show domains with only one
prefix could I wrong the ldap configuration?
Thanks.
Marco.

/etc/samba/smb.conf
netbios name = 03
os level = 16
wins server = XXX.XXX.XXX.XXX
socket options = IPTOS_LOWDELAY TCP_NODELAY SO_KEEPALIVE
unix charset = LOCALE
workgroup = WORKGROUP
realm = PREFIX1.PREFIX2.COM
security = ADS
password server = kdc01.sinter.gkn.com
encrypt passwords = yes
winbind use default domain = Yes
winbind separator = /
winbind enum users = Yes
winbind enum groups = Yes
ldap ssl = No
ldap admin dn = cn=Manager,dc=prefix1,dc=prefix2,dc=com
ldap idmap suffix = ou=Idmap
ldap suffix = dc=prefix1,dc=prefix2,dc=com
idmap backend = ldap:ldap://localhost
idmap uid = 1-4
idmap gid = 1-4
hide unreadable = Yes
template homedir = /data/user/%U
template shell = /bin/false
use sendfile = Yes

/etc/nsswitch.conf
passwd: compat ldap
shadow: compat ldap
group:compat ldap
hosts:files dns wins

/etc/ldap.conf
host 127.0.0.1
base dc=prefix1,dc=prefix2,dc=com
binddn cn=Manager,dc=prefix1,dc=prefix2,dc=com
bindpw secret
pam_password exop
nss_base_passwd ou=People,dc=prefix1,dc=prefix2,dc=com?one
nss_base_shadow ou=People,dc=prefix1,dc=prefix2,dc=com?one
nss_base_group  ou=Group,dc=prefix1,dc=prefix2,dc=com?one
ssl no

/etc/openldap/idmap.ldif
dn: dc=prefix1,dc=prefix2,dc=com
objectClass: dcObject
objectClass: organization
dc: prefix1.prefix2
o: xxx
description: xxx

dn: cn=Manager,dc=prefix1,dc=prefix2,dc=com
objectClass: organizationalRole
cn: Manager
description: Directory Manager

dn: ou=Idmap,dc=prefix1,dc=prefix2,dc=com
objectClass: organizationalUnit
ou: idmap

/etc/krb5.conf
[logging]
 default = FILE:/var/log/krb5libs.log 
 > 
 kdc = FILE:/var/log/krb5kdc.log 
 > 
 admin_server = FILE:/var/log/kadmind.log 
 > 

[libdefaults]
 ticket_lifetime = 24000
 default_realm = PREFIX1.PREFIX2.COM
 dns_lookup_realm = false
 dns_lookup_kdc = false

[realms]
 PREFIX1.PREFIX2.COM = {
  kdc = KDC01.PREFIX1.PREFIX2.COM
 }

[domain_realm]
 .prefix1.prefix2.com = PREFIX1.PREFIX2.COM
 prefix1.prefix2.com = PREFIX1.PREFIX2.COM

[kdc]
 profile = /var/kerberos/krb5kdc/kdc.conf

[appdefaults]
 pam = {
   debug = false
   ticket_lifetime = 36000
   renew_lifetime = 36000
   forwardable = true
   krb4_convert = false

/var/spool/samba/log.winbindd
[2005/03/30 17:53:26, 0] sam/idmap.c:idmap_init(138)
  idmap_init: failed to initialize remote backend!
[2005/03/30 17:53:26, 1] nsswitch/winbindd.c:main(897)
  Could not init idmap -- netlogon proxy only
[2005/03/30 17:54:34, 1] nsswitch/winbindd_user.c:winbindd_fill_pwent(50)
  error getting user id for sid
S-1-5-21-597916725-1483147915-620655208-19426
[2005/03/30 17:54:34, 1] nsswitch/winbindd_user.c:winbindd_fill_pwent(50)
  error getting user id for sid
S-1-5-21-597916725-1483147915-620655208-19426

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] ntlm_auth question

[Andrew Bartlett]

On Wed, 2005-03-30 at 08:05 -0600, Snodgrass, Micah wrote:

> [EMAIL PROTECTED]:~# ntlm_auth --username=msnodgrass --request-nt-key 
> --domain=CECNT
> password:
> NT_STATUS_CANT_ACCESS_DOMAIN_INFO: NT_STATUS_CANT_ACCESS_DOMAIN_INFO 
> (0xc0da)
> [EMAIL PROTECTED]:~#

You have to join the domain first - see the documentation on setting up
a fileserver as a domain member, and once you are joined you can just
run winbindd and nmbd.

Andrew Bartlett

-- 
Andrew Bartletthttp://samba.org/~abartlet/
Authentication Developer, Samba Team   http://samba.org
Student Network Administrator, Hawker College  http://hawkerc.net


signature.asc
Description: This is a digitally signed message part
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Re: Problem with pdf printing (SOLVED)

[Urs Rau]

Luca,
Luca Olivetti wrote:
Vincent Mikalinis wrote:
Hi all,
Has anyone figured out why some people are not having a problem with
similar configurations, however some people require that we add the "lpq
command = /bin/true" line?  It is a very good and simple solution. 
Should all pdf printers be set with this option for future reference?

I don't know, but I bypassed the problem by using a pdf backend in cups 
(which is really a simple shell script that I tailored to my needs), so 
even the pdf printer is a "normal" cups printer.

Somebody called "misty" said the same thing in IRC #samba yesterday, but 
they had to run before they could show me the contents of the file. 
Would you mind sending this to the list? I think it is still at least 
slighlty "on-topic".

The person on IRC said they then have another cron job that goes and 
emails the so created pdf every 5 minutes to the users that created 
them. For one situation here that would be THE ideal solution. So if 
misty or anybody else that happens to have the same solution wouldn't 
mind emailing me the details for that, that would be really appreciated.

Regards,
Urs Rau
Bye
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] sending messages via smbclient fails beginning with version 3.0.1 2

[Thomas Bork]

Masopust Christian wrote:
i'm sending some messages via "smbclient -M " from my
solaris-system to my windows-pc and this fails now since i installed
3.0.12 (it also does with 3.0.13).
comparing the debug-output of 3.0.11 and 3.0.12 shows that it now tries
to open a connection to port 445 instead of 139!
Use "smbclient -p 139 -M ..." or try this patch against 3.0.13:
http://www.mail-archive.com/samba%40lists.samba.org/msg55524.html
Don't know, why nobody answers, if this patch is ok or not. But with 
this patch, sending messages is possible again.

der tom
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Wbinfo -r

[thomas.elsaesser]

Dear all,

I have the problem that wbinfo -r myuser return following error message.

Could not get groups for user testweb

Version 3.0.12

wbinfo -t, -u, -g work fine.

The command:

net -S 1.2.3.4 -U testweb%123456 rpc group MEMBERS Internet

Return the correct value.

Wbinfo -n groupname and wbinfo -n username return me the right SID


Have anywhere a idea ???


Kind Regards


Thomas
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] samba username length supported

[neeraja . v]

Hi,

I am a newbie in samba. Actually I am trying to setup a samba 
server to share the filesystems in a solaris 8 box to the windows nt users 
in a domain. 
I am trying to map the windows user ids to a comman unix id. I noticed 
that i get a problem in authenticating the users with a username more than 
8 characters. Does samba not support usernames with more than 8 
characters?

Neeraja Vaidhinathan
Tata Consultancy Services Limited
Mailto: [EMAIL PROTECTED]
Website: http://www.tcs.com

Notice: The information contained in this e-mail message and/or attachments to 
it may contain confidential or privileged information.   If you are not the 
intended recipient, any dissemination, use, review, distribution, printing or 
copying of the information contained in this e-mail message and/or attachments 
to it are strictly prohibited.   If you have received this communication in 
error, please notify us by reply e-mail or telephone and immediately and 
permanently delete the message and any attachments.  Thank you
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Re: Problems with Excel & MS Word files (still)

[Thomas Werner]

hi jeremy,
my problem is, i made it on a production environment with over 100
workstations on our 3 campus and i have not a test environment. i
can make it only during a nightshift, our user are evil, thankless and
m$ fans ;)))
if you need this information/log output for help and to avoid m$ here,
i can check it on weekend. you need backup? :))
cheers tom
On Mar 31, 2005, at 0:59 Uhr, Jeremy Allison wrote:
On Thu, Mar 31, 2005 at 12:55:56AM +0200, Thomas Werner wrote:
no, it doesnt work :( i tested it with:
samba-3.0.11-acl (still broken, fails after some try's to save an 
excel
file)
samba-3.0.13-acl (still broken, same behavior )
samba-3.0.13-noacl (seems to work)

always the same violation error thing in excel with acl's and 
filetimes
param.
I need to see the ACL on the file plus the debug level 10 log of the
failure.
Thanks,
Jeremy.

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Samba 3.0.13 security=ADS / Problem to connect to a share in auth_util.c ==> change of group is not applied

[Guy Le Gac]

Hello,
My SAMBA v3.0.13 (over a linux Redhat 7.3.1 With kernel 2.4.27-4) is 
configured with " security = ADS " to communicate with Active directory 
(2003 server).

the only problem : When i modify the group of a user in the Active directory, 
this modification is not completely applied to SAMBA...
The orders "getent" and "wbinfo" gives good results but
the user cannot reach a share to which its group is allowed.
a sample => on Active directory (Domain name: GCA_CH22) : user=test, Primary group : "Domain's 
users", supplementary group : "office"
On samba server:
===
[EMAIL PROTECTED] log]# id GCA_CH22+test
uid=20037(GCA_CH22+test) gid=20014(GCA_CH22+Domain's users) 
groups=20014(GCA_CH22+Domain's users,20012(GCA_CH22+office)

Samba Trace with loglevel = 5:
=
auth/auth_util.c:debug_unix_user_token(506)
UNIX token of user 20037
Primary group is 20014 and contains 2 supplementary groups
Group[  0]: 20014
Group[  1]: 20050   ===> !!! OLD GROUP.I don't see 20012 group "office"
installed packages : Kerberos 1.3.4.1, openldap-2.0.23-4, libacl 2.2.7
--
Thank you
Guy Le Gac

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] LDAP storage for idmap.

[Meli Marco]

Hi,
I try to store the idmap in LDAP storage, but it gives me the follows
errors.
What's wrong? (further details are in the message post before)
Thanks, Marco.
/var/spool/samba/log.winbindd
 [2005/03/30 17:53:26, 0] sam/idmap.c:idmap_init(138)
 idmap_init: failed to initialize remote backend!
 [2005/03/30 17:53:26, 1] nsswitch/winbindd.c:main(897) 
Could not init idmap -- netlogon proxy only [2005/03/30 17:54:34, 1]
nsswitch/winbindd_user.c:winbindd_fill_pwent(50) error getting user id for
sid S-1-5-21-597916725-1483147915-620655208-19426 
[2005/03/30 17:54:34, 1] nsswitch/winbindd_user.c:winbindd_fill_pwent(50)
error getting user id for sid S-1-5-21-597916725-1483147915-620655208-19426 

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] help me

[suastana]

suastana wrote:
 my name made suastana
 from bali - indonesia
 work at IT Dept newbie for linux user
 i can speak engglish alittle,now i want to ask to who know about my
 problem. i have computer server :
 - linux redhat 9
 - samba 3.0.12prei1-1
 - qmail but canot run
 - named
 - etc
 i see my problem in cat /var/log/messages

 Mar 30 17:10:11 pdckecak smbd[2066]: [2005/03/30 17:10:11, 0]
 lib/util_sock.c:read_socket_data(384)
 Mar 30 17:10:11 pdckecak smbd[2066]:   read_socket_data: recv failure
 for 4. Error = Connection reset by peer
 Mar 30 17:10:26 pdckecak smbd[8417]: [2005/03/30 17:10:26, 0]
 lib/util_sock.c:read_socket_data(384)
 Mar 30 17:10:26 pdckecak smbd[8417]:   read_socket_data: recv failure
 for 4. Error = Connection reset by peer
 i hope you can help me to finish my problem

 made suastana.
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba