Re: [Samba] Repeat Review Request
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Friday 15 April 2005 02:11, Eric Feldhusen wrote: John H Terpstra wrote: Folks, I like criticism! Please give me lots of it - particularly in respect of the updated Samba-Guide. It should now be up on the Samba mirror sites. You can download it from: http://www.samba.org/samba/docs/Samba-Guide.pdf I have incorporated all feedback into this book. Did I get it right this time or should I give up? So far, not a word of feedback is deafening! Is it worth my effort to continue updating this book or is this a waste of time? There is no way either of these books are a waste of time. Your work is greatly appreciated. I know I keep the published volumes nearby as references, having purchased them to support the efforts, and I download the updated pdf's once a month or so to keep up with improvements in Samba and both manuals. My thanks for your hard work, I for one, thank you for your work. Loudly seconded! We issue both manuals as the standard reference for our engineers, and we've built and maintained Samba systems for some of the largest companies in the UK. Both books are essential reading for anyone serious about deploying Samba. Criticism is good (constructive of course), but acknowledgement is good too ;-) A big British thanks to you! Mark Taylor Eric Feldhusen -- NOTICE: New email address: [EMAIL PROTECTED] -- Eric Feldhusen Network Administrator for Adams, Chassell, Dollar Bay-Tamarack City, and Lake Linden-Hubbell Public Schools emailto:[EMAIL PROTECTED] - -- Mark Taylor, CEO Sirius www.siriusit.co.uk Tel +44 (0)870 608 0063 -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.6 (GNU/Linux) iD8DBQFCX1pcVvkj88A0On4RAoW1AJ9JZXyDafhVm/dnODA2+6t0QtJmgwCgubJo qSLgrYX3rdw5DwdAkWxys+Y= =re8P -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] How is this possible lol?
What was the question, again ?? Paul wrote: I can't figure out how there are so many knowledgeable people here yet I have not had a single response to my question/problem? Is there another place anyone can suggest for help? Thanks. Threads: Browse sync problem - any help appreciated! Browsing problems -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Second attempt
This one time, at band camp, Dan Am [EMAIL PROTECTED] wrote: mount -t smbfs -o username=photo //192.168.0.14/photo /mnt/smbshare success and thanks to you kind sir Kind regards Kevin -- Democracy is two wolves and a lamb voting on what to have for lunch. Liberty is a well-armed lamb contesting the vote. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] The conflicting domain portions are not supported for NETLOGON calls
Hello list, When I try to log in a samba 3.0.13 server from a XP Pro machine, I get this error: [2005/04/15 10:57:00, 1] rpc_server/srv_netlog_nt.c:_net_sam_logon(766) _net_sam_logon: user BETA\usuario1 has user sid S-1-5-21-528226156-890416033-2029241632 but group sid S-1-5-21-528226156-890416033-2029241632-513. The conflicting domain portions are not supported for NETLOGON calls What can this mean? Thank you. http://195.55.55.164/tests/samba/smb.conf.txt http://195.55.55.164/tests/samba/log.smb.txt # net groupmap list Usuarios Basicos (S-1-5-21-2403845858-3771094018-3344062789-100) - users usuarios de samba (S-1-5-21-2403845858-3771094018-3344062789-717) - usuarios NT Admins (S-1-5-21-2403845858-3771094018-3344062789-719) - ntadmin Domain Admins (S-1-5-21-528226156-890416033-2029241632-512) - domadmin Domain Users (S-1-5-21-528226156-890416033-2029241632-513) - domusers Domain Guests (S-1-5-21-528226156-890416033-2029241632-514) - domguests -- -BEGIN GEEK CODE BLOCK- Version: 3.1 GCS/IT d- s+:+() a31 C+++ UBL+++$ P+ L+++ E--- W++ N+ o++ K- w--- O+ M+ V- PS+ PE+ Y++ PGP t+ 5 X+$ R- tv-- b+++ DI D+ G++ e- h+(++) !r !z --END GEEK CODE BLOCK-- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Re: Repeat Review Request
John H Terpstra wrote: Is it worth my effort to continue updating this book or is this a waste of time? - John T. Your work is great! I regard the two books as THE reference for Samba. They were and are essential for me in successfully setting up and maintaining for two customers Samba PDCs with roaming profiles, logon scripts etc, and various Samba file and printer servers. PDC: samba 3.05 + FC1; file/printer serving: samba 2.27 + RH7.2/7.3 50 users Reading now again through your docs because in the near future I shall 'upgrade' from tdbsam to openldap and add a BDC. Please keep it up Regards Alan Dodd -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Domain reconnection after network outage - Repost
Hi All, Sorry to ask the question again, but I got no response last time, and wondered if there was any experienced people watching the mailing list today - My question was... We have a Samba server connecting to a Windows 2000 Domain controller for authentication purposes using windbind. We have had a couple of network outages recently and the other servers, which are Windows 2000 member servers seem to resume normal authenication when the network returns, but the Samba server does not recover until samba is restarted. We have had this problem when the domain server was down for maintainence, so it is not specifically related it the network interface going down. Is this behaviour limitation of samba, or is there an option I can set to continue retrying, or is it a bug? Is there a workaround? Any information would be useful. We are using Samba 3.0.11 suse 9.0 packages from samba.org. Please find at the bottom of the email the last few log entries in case it is of some use. Thanks in advance, Olly [2005/04/06 17:31:25, 1] nsswitch/winbindd_group.c:fill_grent_mem(134) could not lookup membership for group rid S-1-5-21-1078081533-152049171-725345 543-2641 in domain MYDOMAIN (error: NT_STATUS_DOMAIN_CONTROLLER_NOT_FOUND) [2005/04/06 17:31:25, 0] nsswitch/winbindd_group.c:winbindd_getgrent(790) could not lookup domain group MYDOMAIN\npd committee [2005/04/06 17:31:25, 1] nsswitch/winbindd_group.c:fill_grent_mem(134) could not lookup membership for group rid S-1-5-21-1078081533-152049171-725345 543-2717 in domain MYDOMAIN (error: NT_STATUS_DOMAIN_CONTROLLER_NOT_FOUND) [2005/04/06 17:31:25, 0] nsswitch/winbindd_group.c:winbindd_getgrent(790) could not lookup domain group MYDOMAIN\123users [2005/04/06 17:31:25, 1] nsswitch/winbindd_group.c:fill_grent_mem(134) could not lookup membership for group rid S-1-5-21-1078081533-152049171-725345 543-2739 in domain MYDOMAIN (error: NT_STATUS_DOMAIN_CONTROLLER_NOT_FOUND) [2005/04/06 17:31:25, 0] nsswitch/winbindd_group.c:winbindd_getgrent(790) could not lookup domain group MYDOMAIN\project team [2005/04/06 17:31:31, 1] nsswitch/winbindd_group.c:winbindd_getgrnam(299) group fileshare in domain LINUX does not exist [2005/04/06 17:31:53, 0] lib/util_sock.c:read_socket_with_timeout(321) read_socket_with_timeout: timeout read. read error = Connection reset by peer. [2005/04/06 17:31:53, 0] rpc_client/cli_pipe.c:rpc_api_pipe(435) cli_pipe: return critical error. Error was Read error: Connection reset by peer [2005/04/06 17:32:48, 0] rpc_client/cli_pipe.c:rpc_api_pipe(435) cli_pipe: return critical error. Error was Call timed out: server did not respond after 1 milliseconds [2005/04/06 17:32:59, 0] lib/util_sock.c:read_socket_with_timeout(321) read_socket_with_timeout: timeout read. read error = Connection reset by peer. [2005/04/06 17:32:59, 0] rpc_client/cli_pipe.c:rpc_api_pipe(435) cli_pipe: return critical error. Error was Read error: Connection reset by peer [2005/04/06 17:53:49, 0] rpc_client/cli_pipe.c:rpc_api_pipe(435) cli_pipe: return critical error. Error was Call timed out: server did not respond after 1 milliseconds -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] cannot write to share
I have a server 192.168.0.14 and the directory I wish to share is /home/photo I can mount from 192.168.0.1 with mount -t smbfs -o username=photo //192.168.0.14/photo /mnt/smbshare it prompts me for a password and I can see the contents of the share but I cannot write to it. Any pointers gladly recieved kind regards Kevin -- Democracy is two wolves and a lamb voting on what to have for lunch. Liberty is a well-armed lamb contesting the vote. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] ACL and delete files
Hello list I have the same problem with my Samba-3.0.13. This problem started after upgrading from 3.0.11. I have a rather huge fileserver with 300.000+ files, so this is kindda a big issue for me. Problem is when rename/deleting files, which is basicly not possible. Copying a new file to the same directory is not a problem. Not changeable thou. If you open the file in an editor and save it, it's not a problem either. Very strange. I will supply some information about my setup here: Distro: Gentoo Linux Arch: PPC64 (LPAR on IBM iSeries) Backend:OpenLDAP 2.2.19 Samba: 3.0.13 Users: ~350 I will try to attach some files with a lot of information. If not possible they are accessible from here: http://laps.dk/Problems/smb.conf (Samba configuration) http://laps.dk/Problems/log.jnilaptop (log level 4) http://laps.dk/Problems/ldd_smbd.txt (`ldd /usr/sbin/smbd`) http://laps.dk/Problems/smbd-b.txt (`/usr/sbin/smbd -b`) Looking forward hearing your responses. . __ _ || _ \__ \/ _/ || \__ \ | ___/\_ \ ||___ / __ \||/\ |___ ( /| /___ / \/\/ [EMAIL PROTECTED]\/ +-+ |As far as the laws of mathematics refer to reality, | |they are not certain; and as far as they are certain,| |they do not refer to reality.| +-+ tir, 05.04.2005 kl. 14.22 skrev Ivan Novosad: I have samba-3.0.13 on linux machine compiled with these parameters: --prefix=/usr/local/samba-3.0.13 --enable-cups --with-ldap --with-ldapsam --with-acl-support --with-quotas In smb.conf I defined share : [POBOX] comment = ! path = /data/disk1/pobox guest ok = no writable = yes directory mask = 0777 force directory mode = directory security mask = Take this line out, restart/reload smbd. The others are only defaults, anyway. Check 'man smb.conf' or SWAT's help to see why. I've found out it's a good thing to start with defaults (i.e. no parameter set in smb.conf) and then play around with parameters once things are all working. force directory security mode = inherit acls = yes [...] --Tonni -- Nothing sucksseeds like a pigeon without a beak ... mail: tonye at billy.demon.nl http://www.billy.demon.nl They love us, don't they, They feed us, won't they ... -- libldap-2.2.so.7 = /usr/lib/libldap-2.2.so.7 (0x00824000) liblber-2.2.so.7 = /usr/lib/liblber-2.2.so.7 (0x00877000) libgssapi_krb5.so.2 = /usr/lib/libgssapi_krb5.so.2 (0x0089c000) libkrb5.so.3 = /usr/lib/libkrb5.so.3 (0x008c9000) libk5crypto.so.3 = /usr/lib/libk5crypto.so.3 (0x00800016f000) libcom_err.so.3 = /usr/lib/libcom_err.so.3 (0x0080001ae000) libresolv.so.2 = /lib/libresolv.so.2 (0x0080001c6000) libcrypt.so.1 = /lib/libcrypt.so.1 (0x0080001eb000) libpam.so.0 = /lib/libpam.so.0 (0x00800022c000) libattr.so.1 = /lib/libattr.so.1 (0x008000247000) libacl.so.1 = /lib/libacl.so.1 (0x00800025c000) libnsl.so.1 = /lib/libnsl.so.1 (0x008000277000) libdl.so.2 = /lib/libdl.so.2 (0x00800029d000) libpopt.so.0 = /usr/lib/libpopt.so.0 (0x0080002af000) libc.so.6 = /lib/libc.so.6 (0x0080002cd000) libstdc++.so.6 = //usr/lib/gcc/powerpc64-unknown-linux-gnu/3.4.3/libstdc++.so.6 (0x00800044a000) libm.so.6 = /lib/libm.so.6 (0x0080005af000) libgcc_s.so.1 = //usr/lib/gcc/powerpc64-unknown-linux-gnu/3.4.3/libgcc_s.so.1 (0x008000636000) /lib64/ld64.so.1 (0x0080) ; ; jni, 2004 ; [Global] workgroup = NORDIC netbios name= g-file server string = Samba G-FILE Server interfaces = 10.17.151.3 username map= /etc/samba/smbusers ldap passwd sync= yes security= user encrypt passwords = Yes ;min passwd length = 6 obey pam restrictions = No log level = 0 syslog = 0 log file= /var/log/samba/log.%m max log size= 1000 time server = Yes socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 mangling method = hash2 Dos charset = 850 Unix charset= ISO8859-1 load printers = No # Make g-file a BDC domain logons = Yes logon path = logon home = \\g-file\userdrive\%U logon drive = X: logon script= %U.cmd os level
[Samba] ntlm_auth / winbind problem
Hello all, I'm sorry if my question doesn't match to this list but I don't know where I can find an answer. To resume my situation, I'm using samba and more particularly ntlm_auth to ask an active directory database from my radius server. I arrived to authenticate a user yesterday but I can't today and I find it's due to the ntlm_auth . I try only the ntlm_auth commands and I've this result: ntlm_auth --request-nt-key --username=xxx --domain=xxx password=xxx could not obtain winbind separator ! Reading winbind reply failed ! (0x01) : (0x0) I really don't know what and how do to correct this error because I don't modify anything in samba or winbind and the ntlm_auth command worked before. Thank you, sylvain clerc. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] ACL and delete files
Hello, Jacob Nielsen wrote: Hello list I have the same problem with my Samba-3.0.13. This problem started after upgrading from 3.0.11. I have a rather huge fileserver with 300.000+ files, so this is kindda a big issue for me. Problem is when rename/deleting files, which is basicly not possible. Copying a new file to the same directory is not a problem. Not changeable thou. If you open the file in an editor and save it, it's not a problem either. Very strange. Thanks for sharing this. I can confirm that this problem exists in 3.0.13. There has been a bug report #2521 which was closed although there was still one report saying the bug still was there. I have several reports of this same behaviour: creating of files work but modify/delete doesn't. Is it true the the directory in question does not give write permission to the user account but only the group the user belongs to? Regards, Peter -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] urgent kindly reply
Sir, we are running windows 2003 standard edition with group policies with restricted rights permission which are given below : Users are not able to install any software. restriction on network setting in local area connection sothat nobody can change the setting. hide the control panel or restrict any setting or should not visible to users except administrator. etc. can we have all these restriction in samba, if yes then in which version which linux flavour. kindly updata ASAP oblige. With warm regards Gaurav Gera Lakshya Digital Pvt. Ltd. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] ACL and delete files
Hi Peter Let me show you how it looks like. I'm doing a copy from a file which is allready present on the fileserver, from my Windows client. This results in: -rwxrwx---+ 1 fnorgaard Domain_Users 71168 May 29 2002 Copy of straksafvigelseKT.doc Here is the user credentials: g-file Produktion # id fnorgaard uid=1191(fnorgaard) gid=2000(Domain_Users) groups=2000(Domain_Users),2018(Denmark),2026(Frederikssund),2111(RW_ADJ_CC),2112(RW_ADJ_PROD),2115(RW_ADJ_SKAB),2035(RW_Adjuvanter),2034(RX_Adjuvanter) And the ACLs: g-file Produktion # getfacl ../. # file: ../. # owner: root # group: Domain_Users user::rwx user:skrohn:r-x group::--- group:RX_Adjuvanter:r-x group:RW_Adjuvanter:rwx mask::rwx other::--- g-file Produktion # getfacl . # file: . # owner: root # group: Domain_Users user::rwx group::r-x group:RX_Adjuvanter:r-x group:RW_ADJ_PROD:rwx mask::rwx other::--- g-file Produktion # All directories are group-owned by 2000 (Domain_Users) as showned in the acl. Now here is thefunny stuff. Lets do the same with smbclient: [EMAIL PROTECTED] jni $ smbclient //g-file/BrennTag -W NORDIC -U fnorgaard Password: Domain=[NORDIC] OS=[Unix] Server=[Samba 3.0.13] smb: \ cd Adjuvanter smb: \Adjuvanter\ cd Produktion smb: \Adjuvanter\Produktion\ put brenntag.png putting file brenntag.png as \Adjuvanter\Produktion\brenntag.png (96.9 kb/s) (average 96.9 kb/s) smb: \Adjuvanter\Produktion\ rename brenntag.png brenntag123.png smb: \Adjuvanter\Produktion\ rm brenntag123.png smb: \Adjuvanter\Produktion\ This works, but why and how? Do you want more info? - Jacob -- . __ _ || _ \__ \/ _/ || \__ \ | ___/\_ \ ||___ / __ \||/\ |___ ( /| /___ / \/\/ [EMAIL PROTECTED]\/ +-+ |As far as the laws of mathematics refer to reality, | |they are not certain; and as far as they are certain,| |they do not refer to reality.| +-+ On Fri, Apr 15, 2005 at 12:15:26PM +0200, Peter Kruse wrote: Hello, Jacob Nielsen wrote: Hello list I have the same problem with my Samba-3.0.13. This problem started after upgrading from 3.0.11. I have a rather huge fileserver with 300.000+ files, so this is kindda a big issue for me. Problem is when rename/deleting files, which is basicly not possible. Copying a new file to the same directory is not a problem. Not changeable thou. If you open the file in an editor and save it, it's not a problem either. Very strange. Thanks for sharing this. I can confirm that this problem exists in 3.0.13. There has been a bug report #2521 which was closed although there was still one report saying the bug still was there. I have several reports of this same behaviour: creating of files work but modify/delete doesn't. Is it true the the directory in question does not give write permission to the user account but only the group the user belongs to? Regards, Peter pgpUYb9SFmaYU.pgp Description: PGP signature -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] ACL and delete files
This sounds like the problem I was having as touched upon in my thread: Samba 3.0.13 and deleting files I sent JRA a set of log level 10 logs (all 10 MB worth for a short test, so they wouldn't go through to this list). Mind you he's a busy guy and may not have even gotten to them yet. I'm fairly certain this bug existed in the original 3.0.14 release as well, but I only tested it briefly and have no testbed box to toss it on. I was going to wait for 3.0.15 or something from Jeremy that said do this. I'll admit that's probably something I neglected to mention in my original posts - that group permissions say write but the user of the dir is different from the user creating the files. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Peter Kruse Sent: Friday, April 15, 2005 6:15 AM To: Jacob Nielsen Cc: samba@lists.samba.org Subject: Re: [Samba] ACL and delete files Hello, Jacob Nielsen wrote: Hello list I have the same problem with my Samba-3.0.13. This problem started after upgrading from 3.0.11. I have a rather huge fileserver with 300.000+ files, so this is kindda a big issue for me. Problem is when rename/deleting files, which is basicly not possible. Copying a new file to the same directory is not a problem. Not changeable thou. If you open the file in an editor and save it, it's not a problem either. Very strange. Thanks for sharing this. I can confirm that this problem exists in 3.0.13. There has been a bug report #2521 which was closed although there was still one report saying the bug still was there. I have several reports of this same behaviour: creating of files work but modify/delete doesn't. Is it true the the directory in question does not give write permission to the user account but only the group the user belongs to? Regards, Peter -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] urgent kindly reply
Hmm, these policies are a windows thing, not a samba.. so yep you still can have them. you can even use the poledit from nt4 to make policies, en put them in the NETLOGON share, to distribute across your network. (ntconfig.pol) Greets, Collen gauravg wrote: Sir, we are running windows 2003 standard edition with group policies with restricted rights permission which are given below : Users are not able to install any software. restriction on network setting in local area connection sothat nobody can change the setting. hide the control panel or restrict any setting or should not visible to users except administrator. etc. can we have all these restriction in samba, if yes then in which version which linux flavour. kindly updata ASAP oblige. With warm regards Gaurav Gera Lakshya Digital Pvt. Ltd. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Re: Review Request: Samba-3 by Example Update
On Thu, Apr 14, 2005 at 02:41:49AM -0600, John H Terpstra wrote: 2) Do the new Update and Migration chapters satisfy the demand for better documentation of the migration and update process? If not, what must be added to make this documentation complete? The major obstacle I see with customers upgrading from 2 is missing at least in http://us2.samba.org/samba/docs/man/Samba-Guide/upgrades.html: The change to unicode in file names. When you upgrade naively, you get garbled umlauts, as the files are encoded in some codepage. People then store new files with UTF-8 encoding as they don't have 'unix charset' set correctly. The end result is a mix of both encodings that is *very* hairy to split again. You could mention Björn Jacke's convmv. http://j3e.de/linux/convmv/. Volker pgpejmtWaYOs3.pgp Description: PGP signature -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] last version of samba?
Hi, I'm interested in the update of the samba version in one of our servers, but I'm confused: http://www.samba.org says the last stable version of samba is 3.0.14, but the link is not working, and in various ftp mirrors, in their stable subdirectory, I see the 3.0.9 versión as the last versión. What's happening? Can you help me? Thanks -- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] problems setting up raw printing with samba and cups
i'm having a hard time configuring point and print in samba/cups. i set up a raw print spool in cups, and then upload the driver to the samba server with the add printer wizard. if i connect to the printer driver from the server, and the drivers install automatically, the printer spits out blank pages. if i install the printer locally, change the port to the server and then print directly to cups, everything works as it should. it looks like samba is not communicating with cups correctly. i'm trying to use the windows drivers that came with the printer, not the ppd file. i'm successfully serving other postscript printers on the same server with the automatic install of ppd files. just can't get the automatic windows driver installation working correctly. any suggestions where to look for further information? thanks, asgeir. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] The conflicting domain portions are not supported for NETLOGON calls
Hi there, Your users sid should be something like S-1-5-21-528226156-890416033-2029241632-. I think your user ldap entry may have some problem. Another thing, do you have any trust account in place? If not, then something is really wrong, because you're not supposed to have two completely diferente domain SID's in net groupmap listing S-1-5-21-528226156-890416033-2029241632 and S-1-5-21-2403845858-3771094018-3344062789 What's the output of the net getlocalsid? It should match the SambaSID value in the SambaDomainName ldap entry. Best regards, Bruno Guerreiro -Original Message- From: José M. Fandiño [mailto:[EMAIL PROTECTED] Sent: sexta-feira, 15 de Abril de 2005 10:08 To: samba@lists.samba.org Subject: [Samba] The conflicting domain portions are not supported for NETLOGON calls Hello list, When I try to log in a samba 3.0.13 server from a XP Pro machine, I get this error: [2005/04/15 10:57:00, 1] rpc_server/srv_netlog_nt.c:_net_sam_logon(766) _net_sam_logon: user BETA\usuario1 has user sid S-1-5-21-528226156-890416033-2029241632 but group sid S-1-5-21-528226156-890416033-2029241632-513. The conflicting domain portions are not supported for NETLOGON calls What can this mean? Thank you. http://195.55.55.164/tests/samba/smb.conf.txt http://195.55.55.164/tests/samba/log.smb.txt # net groupmap list Usuarios Basicos (S-1-5-21-2403845858-3771094018-3344062789-100) - users usuarios de samba (S-1-5-21-2403845858-3771094018-3344062789-717) - usuarios NT Admins (S-1-5-21-2403845858-3771094018-3344062789-719) - ntadmin Domain Admins (S-1-5-21-528226156-890416033-2029241632-512) - domadmin Domain Users (S-1-5-21-528226156-890416033-2029241632-513) - domusers Domain Guests (S-1-5-21-528226156-890416033-2029241632-514) - domguests -- -BEGIN GEEK CODE BLOCK- Version: 3.1 GCS/IT d- s+:+() a31 C+++ UBL+++$ P+ L+++ E--- W++ N+ o++ K- w--- O+ M+ V- PS+ PE+ Y++ PGP t+ 5 X+$ R- tv-- b+++ DI D+ G++ e- h+(++) !r !z --END GEEK CODE BLOCK-- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] last version of samba?
On Fri, Apr 15, 2005 at 01:08:11PM +0200, María Isabel López Sánchez-Huete wrote: What's happening? Can you help me? http://lists.samba.org/archive/samba-announce/2005/71.html -- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: Repeat Review Request
My opinion also John T.! Any time I get confused or am doing something new and need to get my ideas straightened out about Samba your work on these books are the place to go! Regards, Eugenio Ruivo Alan Dodd wrote: John H Terpstra wrote: Is it worth my effort to continue updating this book or is this a waste of time? - John T. Your work is great! I regard the two books as THE reference for Samba. They were and are essential for me in successfully setting up and maintaining for two customers Samba PDCs with roaming profiles, logon scripts etc, and various Samba file and printer servers. PDC: samba 3.05 + FC1; file/printer serving: samba 2.27 + RH7.2/7.3 50 users Reading now again through your docs because in the near future I shall 'upgrade' from tdbsam to openldap and add a BDC. Please keep it up Regards Alan Dodd -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] hide unreadable files also hides readable files
Hello We have a Samba 3.0.11 Fileserver running on Solaris and joined to an Active Directory. I have shares, with many directories, and I want to hide the directories, people are not allowed to access anyway. So I engaged the hide unreadable files option. This basically works. The Problem arises, when the user is logged on locally (not authenticated to the Domain) and mounts the share by specifying his Username/Password. When he tries to look at his own files, they're hidden! He only sees world readable data. Can anybody explain this? Thanks alot Chris -- -- Christoph Kaegi [EMAIL PROTECTED] -- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] last version of samba?
Thank you, Stefanos. Only a questions more: if the 3.0.14 and 3.0.15pre1 have some problems, what happened about the versións between the 3.0.9 and 3.0.14? Why are they disappear? Does it mean that I must get the 3.0.9 version? Is that version the last stable at the moment? Thanks again. Stefanos Karasavvidis wrote: http://us2.samba.org/samba/news/#3.0.14_and_3.0.15pre1_update María Isabel López Sánchez-Huete wrote: Hi, I'm interested in the update of the samba version in one of our servers, but I'm confused: http://www.samba.org says the last stable version of samba is 3.0.14, but the link is not working, and in various ftp mirrors, in their stable subdirectory, I see the 3.0.9 versión as the last versión. What's happening? Can you help me? Thanks -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] The conflicting domain portions are not supported forNETLOGON calls
Bruno Guerreiro wrote: Hi there, Your users sid should be something like S-1-5-21-528226156-890416033-2029241632-. My current understanding is that they are created algorithmically by samba. I think your user ldap entry may have some problem. possibly :) Another thing, do you have any trust account in place? Yes, add machine script is working and the user info250$ was created on the fly by smbldap-tools. http://195.55.55.164/tests/samba/info250.ldif.txt Also I'm using enable privileges if this makes any difference. If not, then something is really wrong, because you're not supposed to have two completely diferente domain SID's in net groupmap listing S-1-5-21-528226156-890416033-2029241632 and S-1-5-21-2403845858-3771094018-3344062789 well, S-1-5-21-2403845858-3771094018-3344062789 was an old domain, but I think it isn't interfering with this. Anyway I removed all ldap entries with that SID and the problem persists. # net groupmap list Usuarios Basicos (S-1-5-21-528226156-890416033-2029241632-100) - users usuarios de samba (S-1-5-21-528226156-890416033-2029241632-717) - usuarios Domain Admins (S-1-5-21-528226156-890416033-2029241632-512) - domadmin Domain Users (S-1-5-21-528226156-890416033-2029241632-513) - domusers Domain Guests (S-1-5-21-528226156-890416033-2029241632-514) - domguests What's the output of the net getlocalsid? # net getlocalsid SID for domain ORA9I is: S-1-5-21-528226156-890416033-2029241632 It should match the SambaSID value in the SambaDomainName ldap entry. [2005/04/15 13:40:36, 10] auth/auth_util.c:debug_nt_user_token(490) NT user token of user S-1-5-21-528226156-890416033-2029241632 contains 8 SIDs SID[ 0]: S-1-5-21-528226156-890416033-2029241632 SID[ 1]: S-1-5-21-528226156-890416033-2029241632-513 SID[ 2]: S-1-1-0 SID[ 3]: S-1-5-2 SID[ 4]: S-1-5-11 SID[ 5]: S-1-5-21-528226156-890416033-2029241632-3001 SID[ 6]: S-1-5-21-528226156-890416033-2029241632-512 SID[ 7]: S-1-5-21-528226156-890416033-2029241632-2431 SE_PRIV 0x10 0x0 0x0 0x0 [2005/04/15 13:40:36, 5] auth/auth_util.c:make_server_info_sam(862) make_server_info_sam: made server info for user usuario1 - usuario1 [2005/04/15 13:40:36, 3] auth/auth.c:check_ntlm_password(268) check_ntlm_password: sam authentication for user [usuario1] succeeded [2005/04/15 13:40:36, 5] auth/auth.c:check_ntlm_password(292) check_ntlm_password: PAM Account for user [usuario1] succeeded [2005/04/15 13:40:36, 2] auth/auth.c:check_ntlm_password(305) check_ntlm_password: authentication for user [usuario1] - [usuario1] - [usuario1] succeeded [2005/04/15 13:40:36, 5] auth/auth_util.c:free_user_info(1380) attempting to free (and zero) a user_info structure [2005/04/15 13:40:36, 10] auth/auth_util.c:free_user_info(1383) structure was created for usuario1 [2005/04/15 13:40:36, 1] rpc_server/srv_netlog_nt.c:_net_sam_logon(766) _net_sam_logon: user BETA\usuario1 has user sid S-1-5-21-528226156-890416033-2029241632 but group sid S-1-5-21-528226156-890416033-2029241632-513. The conflicting domain portions are not supported for NETLOGON calls full log: http://195.55.55.164/tests/samba/log.smb.txt -Original Message- From: José M. Fandiño [mailto:[EMAIL PROTECTED] Sent: sexta-feira, 15 de Abril de 2005 10:08 To: samba@lists.samba.org Subject: [Samba] The conflicting domain portions are not supported for NETLOGON calls Hello list, When I try to log in a samba 3.0.13 server from a XP Pro machine, I get this error: [2005/04/15 10:57:00, 1] rpc_server/srv_netlog_nt.c:_net_sam_logon(766) _net_sam_logon: user BETA\usuario1 has user sid S-1-5-21-528226156-890416033-2029241632 but group sid S-1-5-21-528226156-890416033-2029241632-513. The conflicting domain portions are not supported for NETLOGON calls What can this mean? Thank you. http://195.55.55.164/tests/samba/smb.conf.txt http://195.55.55.164/tests/samba/log.smb.txt # net groupmap list Usuarios Basicos (S-1-5-21-2403845858-3771094018-3344062789-100) - users usuarios de samba (S-1-5-21-2403845858-3771094018-3344062789-717) - usuarios NT Admins (S-1-5-21-2403845858-3771094018-3344062789-719) - ntadmin Domain Admins (S-1-5-21-528226156-890416033-2029241632-512) - domadmin Domain Users (S-1-5-21-528226156-890416033-2029241632-513) - domusers Domain Guests (S-1-5-21-528226156-890416033-2029241632-514) - domguests -- -BEGIN GEEK CODE BLOCK- Version: 3.1 GCS/IT d- s+:+() a31 C+++ UBL+++$ P+ L+++ E--- W++ N+ o++ K- w--- O+ M+ V- PS+ PE+ Y++ PGP t+ 5 X+$ R- tv-- b+++ DI D+ G++ e- h+(++) !r !z --END GEEK CODE BLOCK-- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] The conflicting domain portions are not supported
Hi, maybe I didn't explained myself well. What i meant is that the user can't have the SID S-1-5-21-528226156-890416033-2029241632 but MUST have a sid like S-1-5-21-528226156-890416033-2029241632- ( where x is usually assigned automatically by the add user's script) Best Regards, Bruno Guerreiro -Original Message- From: José M. Fandiño [mailto:[EMAIL PROTECTED] Sent: sexta-feira, 15 de Abril de 2005 12:59 Cc: samba@lists.samba.org Subject: Re: [Samba] The conflicting domain portions are not supported Bruno Guerreiro wrote: Hi there, Your users sid should be something like S-1-5-21-528226156-890416033-2029241632-. My current understanding is that they are created algorithmically by samba. I think your user ldap entry may have some problem. possibly :) Another thing, do you have any trust account in place? Yes, add machine script is working and the user info250$ was created on the fly by smbldap-tools. http://195.55.55.164/tests/samba/info250.ldif.txt Also I'm using enable privileges if this makes any difference. If not, then something is really wrong, because you're not supposed to have two completely diferente domain SID's in net groupmap listing S-1-5-21-528226156-890416033-2029241632 and S-1-5-21-2403845858-3771094018-3344062789 well, S-1-5-21-2403845858-3771094018-3344062789 was an old domain, but I think it isn't interfering with this. Anyway I removed all ldap entries with that SID and the problem persists. # net groupmap list Usuarios Basicos (S-1-5-21-528226156-890416033-2029241632-100) - users usuarios de samba (S-1-5-21-528226156-890416033-2029241632-717) - usuarios Domain Admins (S-1-5-21-528226156-890416033-2029241632-512) - domadmin Domain Users (S-1-5-21-528226156-890416033-2029241632-513) - domusers Domain Guests (S-1-5-21-528226156-890416033-2029241632-514) - domguests What's the output of the net getlocalsid? # net getlocalsid SID for domain ORA9I is: S-1-5-21-528226156-890416033-2029241632 It should match the SambaSID value in the SambaDomainName ldap entry. [2005/04/15 13:40:36, 10] auth/auth_util.c:debug_nt_user_token(490) NT user token of user S-1-5-21-528226156-890416033-2029241632 contains 8 SIDs SID[ 0]: S-1-5-21-528226156-890416033-2029241632 SID[ 1]: S-1-5-21-528226156-890416033-2029241632-513 SID[ 2]: S-1-1-0 SID[ 3]: S-1-5-2 SID[ 4]: S-1-5-11 SID[ 5]: S-1-5-21-528226156-890416033-2029241632-3001 SID[ 6]: S-1-5-21-528226156-890416033-2029241632-512 SID[ 7]: S-1-5-21-528226156-890416033-2029241632-2431 SE_PRIV 0x10 0x0 0x0 0x0 [2005/04/15 13:40:36, 5] auth/auth_util.c:make_server_info_sam(862) make_server_info_sam: made server info for user usuario1 - usuario1 [2005/04/15 13:40:36, 3] auth/auth.c:check_ntlm_password(268) check_ntlm_password: sam authentication for user [usuario1] succeeded [2005/04/15 13:40:36, 5] auth/auth.c:check_ntlm_password(292) check_ntlm_password: PAM Account for user [usuario1] succeeded [2005/04/15 13:40:36, 2] auth/auth.c:check_ntlm_password(305) check_ntlm_password: authentication for user [usuario1] - [usuario1] - [usuario1] succeeded [2005/04/15 13:40:36, 5] auth/auth_util.c:free_user_info(1380) attempting to free (and zero) a user_info structure [2005/04/15 13:40:36, 10] auth/auth_util.c:free_user_info(1383) structure was created for usuario1 [2005/04/15 13:40:36, 1] rpc_server/srv_netlog_nt.c:_net_sam_logon(766) _net_sam_logon: user BETA\usuario1 has user sid S-1-5-21-528226156-890416033-2029241632 but group sid S-1-5-21-528226156-890416033-2029241632-513. The conflicting domain portions are not supported for NETLOGON calls full log: http://195.55.55.164/tests/samba/log.smb.txt -Original Message- From: José M. Fandiño [mailto:[EMAIL PROTECTED] Sent: sexta-feira, 15 de Abril de 2005 10:08 To: samba@lists.samba.org Subject: [Samba] The conflicting domain portions are not supported for NETLOGON calls Hello list, When I try to log in a samba 3.0.13 server from a XP Pro machine, I get this error: [2005/04/15 10:57:00, 1] rpc_server/srv_netlog_nt.c:_net_sam_logon(766) _net_sam_logon: user BETA\usuario1 has user sid S-1-5-21-528226156-890416033-2029241632 but group sid S-1-5-21-528226156-890416033-2029241632-513. The conflicting domain portions are not supported for NETLOGON calls What can this mean? Thank you. http://195.55.55.164/tests/samba/smb.conf.txt http://195.55.55.164/tests/samba/log.smb.txt # net groupmap list Usuarios Basicos (S-1-5-21-2403845858-3771094018-3344062789-100) - users usuarios de samba (S-1-5-21-2403845858-3771094018-3344062789-717) - usuarios NT Admins (S-1-5-21-2403845858-3771094018-3344062789-719) - ntadmin Domain Admins (S-1-5-21-528226156-890416033-2029241632-512) - domadmin Domain Users (S-1-5-21-528226156-890416033-2029241632-513) - domusers Domain Guests (S-1-5-21-528226156-890416033-2029241632-514) - domguests -- -BEGIN GEEK CODE BLOCK- Version: 3.1
Re: [Samba] The conflicting domain portions are not supported
Bruno Guerreiro wrote: Hi, maybe I didn't explained myself well. What i meant is that the user can't have the SID S-1-5-21-528226156-890416033-2029241632 but MUST have a sid like S-1-5-21-528226156-890416033-2029241632- ( where x is usually assigned automatically by the add user's script) ok, now I understand it. add user script is not being used here since users are managed with other tool and I forget add the - prefix. Thank you for all Bruno. -- -BEGIN GEEK CODE BLOCK- Version: 3.1 GCS/IT d- s+:+() a31 C+++ UBL+++$ P+ L+++ E--- W++ N+ o++ K- w--- O+ M+ V- PS+ PE+ Y++ PGP t+ 5 X+$ R- tv-- b+++ DI D+ G++ e- h+(++) !r !z --END GEEK CODE BLOCK-- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] urgent kindly reply
You may also want to look at www.nitrobit.com. They have developed a group policy management system that does not require AD server. I am also in the middle of developing a system that is a bit more flexible than the poledit method which I will hopefully be able to document soon. Lee Baker MEng MIEE Music Technology Coordinator The McAuley Catholic High School Specialist College for the Performing Arts Cantley Lane Doncaster DN3 3QF Telephone: 01302 537396 Ext. 254 Mobile: 07092 044794 Fax: 01302 533923 Email: [EMAIL PROTECTED] http://www.pa.mcauley.org.uk Information contained in this email or any attachment may be of a confidential nature which should not be disclosed to, copied or used by anyone other than the addressee. If you receive this email in error, please delete the email from your computer. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of gauravg Sent: 15 April 2005 11:24 To: samba@lists.samba.org Subject: [Samba] urgent kindly reply Sir, we are running windows 2003 standard edition with group policies with restricted rights permission which are given below : Users are not able to install any software. restriction on network setting in local area connection sothat nobody can change the setting. hide the control panel or restrict any setting or should not visible to users except administrator. etc. can we have all these restriction in samba, if yes then in which version which linux flavour. kindly updata ASAP oblige. With warm regards Gaurav Gera Lakshya Digital Pvt. Ltd. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Samba Panic
Running Samba 3.0.13 on SLES8. I have the following errors in log.winbind does anyone have any ideas on what is wrong? [2005/04/15 02:30:00, 0] sam/idmap_rid.c:rid_idmap_get_id_from_sid(476) rid_idmap_get_id_from_sid: no suitable range available for sid: S-1-5-32-545 [2005/04/15 02:30:00, 0] lib/fault.c:fault_report(36) === [2005/04/15 02:30:00, 0] lib/fault.c:fault_report(37) INTERNAL ERROR: Signal 11 in pid 1112 (3.0.13) Please read the appendix Bugs of the Samba HOWTO collection [2005/04/15 02:30:00, 0] lib/fault.c:fault_report(39) === [2005/04/15 02:30:00, 0] lib/util.c:smb_panic2(1495) PANIC: internal error [2005/04/15 02:30:00, 0] sam/idmap_rid.c:rid_idmap_get_id_from_sid(476) rid_idmap_get_id_from_sid: no suitable range available for sid: S-1-5-32-545 [2005/04/15 02:30:00, 0] lib/util.c:smb_panic2(1503) BACKTRACE: 25 stack frames: #0 [0x80496444] #1 [0x80482184] #2 [0x80482240] #3 [0xd1d0] #4 [0x8056447a] #5 [0x804baa6c] #6 [0x804bad14] #7 [0x804bb0b2] #8 [0x804bbc02] #9 [0x8053dc76] #10 [0x8053deec] #11 [0x8053e560] #12 [0x80538858] #13 [0x80542b26] #14 [0x80542d28] #15 [0x8054342a] #16 [0x8044b8e2] #17 [0x8043ffe8] #18 [0x8043a4b8] #19 [0x80434a48] #20 [0x80434da8] #21 [0x8044dad8] #22 [0x80435d82] #23 [0xc01df7bc] #24 [0x804340c8] [2005/04/15 02:40:00, 0] sam/idmap_rid.c:rid_idmap_get_id_from_sid(476) rid_idmap_get_id_from_sid: no suitable range available for sid: S-1-5-32-545 [2005/04/15 02:45:00, 0] sam/idmap_rid.c:rid_idmap_get_id_from_sid(476) rid_idmap_get_id_from_sid: no suitable range available for sid: S-1-5-32-545 Josh Konkol, CCSE CNE MCSE Technical Research Specialist .~.GuideOne Insurance /V\ /( )\ ^^-^^ [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] ntlm_auth / winbind problem
On Fri, 2005-04-15 at 11:52 +0200, Sylvain Clerc wrote: Hello all, I'm sorry if my question doesn't match to this list but I don't know where I can find an answer. could not obtain winbind separator ! Reading winbind reply failed ! (0x01) : (0x0) I really don't know what and how do to correct this error because I don't modify anything in samba or winbind and the ntlm_auth command worked before. I strongly suspect either: Winbind is dead (try 'wbinfo -p' to 'ping' it, and check it in ps ax). or Winbind has been upgraded on your system, but not restarted, so you have a mismatch with client code. Andrew Bartlett -- Andrew Bartletthttp://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org Student Network Administrator, Hawker College http://hawkerc.net signature.asc Description: This is a digitally signed message part -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] 'Add...' button inoperable in WinXP Security Properties outside of domain
Dear List, I have a problem with an installation of Samba 3.0.11 on Debian Unstable, used as a PDC. When sitting on a machine that has joined the domain serviced by the Samba PDC, I can view the ACLs of shared folders and files without problems, using the Windows Properties / Security... Tab. Moreover, the 'Add...' button works perfectly. Whenever I add an entry, the associated POSIX ACL is created on the Samba server's ext3 fs, I have confirmed that with getfacl locally. When sitting on a machine that has not yet joined the domain, although I log in the Samba PDC with the same (Domain Admin) account, I cannot use the 'Add...' dialog box to modify existing ACLs. The ACLs are displayed properly, all SIDs are converted to meaningful usernames, but the 'Add...' part fails with: The program cannot open the required dialog box because no locations can be found. Close this message, and try again followed immediately by: Unable to display the user selection dialog. The parameter is incorrect The only appropriate excerpt I could find from the log files is: [2005/04/15 16:13:55, 3] smbd/trans2.c:call_trans2qfilepathinfo(2410) call_trans2qfilepathinfo: TRANSACT2_QFILEINFO: level = 1007 [2005/04/15 16:13:55, 3] smbd/trans2.c:call_trans2qfilepathinfo(2499) call_trans2qfilepathinfo grads/vkoukis (fnum = 5056) level=1007 call=7 total_data=0 [2005/04/15 16:13:55, 3] smbd/process.c:process_smb(1091) Transaction 6631 of length 208 [2005/04/15 16:13:55, 3] smbd/process.c:switch_message(886) switch message SMBntcreateX (pid 22958) conn 0x8402b60 [2005/04/15 16:13:55, 4] smbd/uid.c:change_to_user(194) change_to_user: Skipping user change - already user [2005/04/15 16:13:55, 3] smbd/error.c:error_packet(129) error packet at smbd/nttrans.c(730) cmd=162 (SMBntcreateX) NT_STATUS_OBJECT_PATH_NOT_FOUND [2005/04/15 16:13:55, 3] smbd/process.c:process_smb(1091) Transaction 6632 of length 45 [2005/04/15 16:13:55, 3] smbd/process.c:switch_message(886) switch message SMBclose (pid 22958) conn 0x8402b60 [2005/04/15 16:13:55, 4] smbd/uid.c:change_to_user(194) change_to_user: Skipping user change - already user Note that when using 'rpcclient -c enumdomusers' on a Linux machine, not joined in the domain, I can enumerate all domain users without problems. I also attach the output of 'testparm -v'. Thanks in advance. -- Vangelis Koukis [EMAIL PROTECTED] OpenPGP public key ID: pub 1024D/1D038E97 2003-07-13 Vangelis Koukis [EMAIL PROTECTED] Key fingerprint = C5CD E02E 2C78 7C10 8A00 53D8 FBFC 3799 1D03 8E97 Load smb config files from /etc/samba/smb.conf Processing section [netlogon] Processing section [profiles] Processing section [printers] Processing section [print$] Processing section [home] Loaded services file OK. Server role: ROLE_DOMAIN_PDC Press enter to see a dump of your service definitions # Global parameters [global] dos charset = CP850 unix charset = iso8859-7 display charset = LOCALE workgroup = NT4_STYLE_DOMAIN_NAME_HERE realm = DNS_DOMAIN_IN_CAPS_HERE netbios name = SERVER_NAME_HERE netbios aliases = netbios scope = server string = %h server (Samba %v) interfaces = bind interfaces only = No security = USER auth methods = encrypt passwords = Yes update encrypted = No client schannel = Auto server schannel = Auto allow trusted domains = Yes hosts equiv = min password length = 5 map to guest = Never null passwords = No obey pam restrictions = Yes password server = * smb passwd file = /etc/samba/smbpasswd private dir = /etc/samba passdb backend = tdbsam, guest algorithmic rid base = 1000 root directory = guest account = nobody enable privileges = No pam password change = No passwd program = /usr/bin/passwd %u passwd chat = *Enter\snew\sUNIX\spassword:* %n\n *Retype\snew\sUNIX\spassword:* %n\n . passwd chat debug = No passwd chat timeout = 2 check password script = username map = password level = 0 username level = 0 unix password sync = No restrict anonymous = 0 lanman auth = Yes ntlm auth = Yes client NTLMv2 auth = No client lanman auth = Yes client plaintext auth = Yes preload modules = use kerberos keytab = No log level = 4 syslog = 0 syslog only = No log file = /var/log/samba/log.%m max log size = 1000 debug timestamp = Yes debug hires timestamp = No debug pid = No debug uid = No smb ports = 445 139 large readwrite = Yes max protocol = NT1 min protocol = CORE read bmpx = No read raw = Yes write raw = Yes disable netbios = No acl compatibility =
[Samba] Domain login problem
I have installed a new samba 3.0.11 server everything seemed to be going ok Winbindd is running fine wbinfo -t wbinfo -u wbinfo -g getent passwd getent groups all work correctly I can perform a chgrp or chmod using a domain user or group. I have stopped nscd the problem occurs when I try to issue this command smbclient -L localhost -Udomain+user or smbclient -L localhost -Uroot I get prompted for a password, which I enter. I get this error back:- session setup failed: NT_STATUS_ACCESS_DENIED Hopefully I am missing something straight forwards, but I have been googling for days now and I am still unable to resolve. please can somebody point me in the right direction. I think it seems to be when it goes off to the PDC to validate the user, I must have configured something incorrectly, or do I need to change some default? Thanks very much Keith Allen Unencrypted electronic mail is not secure and may not be authentic. If you have any doubts as to the contents please telephone to confirm. The information contained in this message is confidential and is intended for the addressee(s) only. If you have received this message in error or there are any problems, please notify the originator immediately. The unauthorised use, disclosure, copying or alteration of this message is strictly forbidden. Opinions, conclusions and other information expressed in this message are not given or endorsed by Safeway unless otherwise indicated by an authorised representative independent of this message. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] how to use a samba patch
Hi! Sorry for this question, but I didn`t find the answere in the documentation or the web. I use samba 3.0.8 on a SuSE linux 8.2. Now, I have found a patch for samba = 3.0.9 ( samba-3.0.9-CAN-2004-1154.patch on www.samba.org) I have the old source-files from my samba 3.0.8. Also I know that you need the tool patch to install the patch. But how? in which directory must I execute the command, which option , ...? Are newer source files necessary? I know, that the best way is to install the newer samba versions. And I will do that, but anyway I won't to know how to install such a patch, may be for the next time. Thanks in advance, Stephan -- Stephan Graf Forschungszentrum Juelich GmbH Tel: 02461/61-6578 ZAM, Abt. IuT-BuB E-Mail: [EMAIL PROTECTED] FAX: 02461/61-6656 Webseite: http://www.fz-juelich.de/zam -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Repeat Review Request
Eric Feldhusen wrote about the Samba books: I know I keep the published volumes nearby as references, having purchased them to support the efforts... Despite the paper books becoming partially (or fully!) obsolete as soon as they were printed, I, too, bought them primarily to support the Samba project, since I don't know how else to do so -- aside from posts to the lists when I see one I can field. Are there other avenues that people have used to contribute materially to Samba's success? Also, he continued: ...I download the updated pdf's once a month or so to keep up with improvements in Samba and both manuals. Me, too, but I am getting a little tired of the haze of toner that hangs in the air every time I print them out! -wde -- Will Enestvedt UNIX System Administrator Johnson Wales University -- Providence, RI -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Samba 3.0.14a Available for Download
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Release Announcement Samba 3.0.14a is the latest stable release of Samba. This is the version that production Samba servers should be running for all current bug-fixes. Please read the following important changes in this release. Common bugs fixed in 3.0.14a include: ~ o Compatibility issues between Winbind and Windows 2003 SP1 ~domain controllers (*2k3sp1*). ~ o MS-DFS errors with Windows XP SP2 clients. ~ o High CPU loads caused by infinite loops in the FindNext() ~server code. ~ o Fixed invalid ASSERT() call that caused an smbd panic ~when accessing files with ACLs. Download Details The uncompressed tarball and patch file have been signed using GnuPG (ID F17F9772). The source code can be downloaded from: http://download.samba.org/samba/ftp/ The release notes are available online at: http://www.samba.org/samba/history/samba-3.0.14a.html Binary packages are available at http://download.samba.org/samba/ftp/Binary_Packages/ Our Code, Our Bugs, Our Responsibility. (https://bugzilla.samba.org/) --Enjoy The Samba Team -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.5 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFCX2j+IR7qMdg1EfYRArzeAJ9lM4ratXznofQwQ2yYmkRdZBtXmgCgsPPl sW2bjwbZa3396dOHUk92knQ= =AWyr -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] SID
How can i get de SID on samba 2.2.8a-1 on redhat 7.3. Lasaro -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Repeat Review Request
William Enestvedt wrote: ...I download the updated pdf's once a month or so to keep up with improvements in Samba and both manuals. Me, too, but I am getting a little tired of the haze of toner that hangs in the air every time I print them out! It's rough on my eyes, but I read them on the computer. Hard to scribble notes too, I've scratched the heck out of my laptop screen. Eric -- NOTICE: New email address: [EMAIL PROTECTED] -- Eric Feldhusen Network Administrator for Adams, Chassell, Dollar Bay-Tamarack City, and Lake Linden-Hubbell Public Schools emailto:[EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] cannot write to share
On Friday 15 April 2005 03:26, Kevin Waterson wrote: I have a server 192.168.0.14 and the directory I wish to share is /home/photo I can mount from 192.168.0.1 with mount -t smbfs -o username=photo //192.168.0.14/photo /mnt/smbshare it prompts me for a password and I can see the contents of the share but I cannot write to it. Any pointers gladly recieved First, smbfs is not Samba. It is a Linux kernel driver. Samba provides only some of the interface glue for it. This is not the best list to ask questions regarding smbfs. Asking here is a bit like taking your GM car to a Ford dealer for warranty repairs. :-) The solution to your problem is: 1. Change the ownership and group of the mount point on the UNIX/Linux system to a user and group that everyone who needs to use the data can access, eg: auser and agroup. Set this as follows: chown auser:agroup /mnt/smbshare 2. Set the permissions as required. eg: chmod a+rwx /mnt/smbshare 3. Mount the resource as follows: mount -t smbfs -o \ username=photo,uid=ausers,gid=agroup //192.168.0.14/photo /mnt/smbshare 4. On the Windows server (if it is Windows NT/200X/XP) set acls so that the Windows user 'photo' has Full Control Enjoy! - John T. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] urgent kindly reply
Please pass me any pointers or documentation or notes you have so I can include this in the updates to the Samba HOWTO and the Samba Guide. - John T. On Friday 15 April 2005 07:06, Lee Baker wrote: You may also want to look at www.nitrobit.com. They have developed a group policy management system that does not require AD server. I am also in the middle of developing a system that is a bit more flexible than the poledit method which I will hopefully be able to document soon. Lee Baker MEng MIEE Music Technology Coordinator The McAuley Catholic High School Specialist College for the Performing Arts Cantley Lane Doncaster DN3 3QF Telephone: 01302 537396 Ext. 254 Mobile: 07092 044794 Fax: 01302 533923 Email: [EMAIL PROTECTED] http://www.pa.mcauley.org.uk Information contained in this email or any attachment may be of a confidential nature which should not be disclosed to, copied or used by anyone other than the addressee. If you receive this email in error, please delete the email from your computer. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of gauravg Sent: 15 April 2005 11:24 To: samba@lists.samba.org Subject: [Samba] urgent kindly reply Sir, we are running windows 2003 standard edition with group policies with restricted rights permission which are given below : Users are not able to install any software. restriction on network setting in local area connection sothat nobody can change the setting. hide the control panel or restrict any setting or should not visible to users except administrator. etc. can we have all these restriction in samba, if yes then in which version which linux flavour. kindly updata ASAP oblige. With warm regards Gaurav Gera Lakshya Digital Pvt. Ltd. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- John H Terpstra Samba-Team Member Phone: +1 (650) 580-8668 Author: The Official Samba-3 HOWTO Reference Guide, ISBN: 0131453556 Samba-3 by Example, ISBN: 0131472216 Hardening Linux, ISBN: 0072254971 Other books in production. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] SID
On Friday 15 April 2005 08:19, Lasaro wrote: How can i get de SID on samba 2.2.8a-1 on redhat 7.3. smbpasswd -S 'server-name' - John T. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] SID
bash# net getlocalsid ...also works. Dan Lasaro wrote: How can i get de SID on samba 2.2.8a-1 on redhat 7.3. Lasaro -- Daniel Wilson Systems Administrator IT Communications Service University of Sunderland Unit 1a Technology Park Chester Road Sunderland SR2 7PT Tel: 0191 515 2695 This e-mail contains information which is confidential and may be privileged and is for the exclusive use of the recipient. It is the responsibility of the recipient to ensure that this message and its attachments are virus free. Any views or opinions presented are solely those of the author and do not necessarily represent those of the University, unless otherwise specifically stated. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] SID
Daniel Wilson wrote: bash# net getlocalsid ...also works. Not on the version he was referring to, 2.2.8a, or at least it's not in my old 2.2.8 binaries. This was a new function in 3.0.x Dan Lasaro wrote: How can i get de SID on samba 2.2.8a-1 on redhat 7.3. Lasaro -- Paul GiengerOffice: 701-281-1884 Applied Engineering Inc. Systems Architect Fax:701-281-1322 URL: www.ae-solutions.com mailto: [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] ACL and delete files
Hello, Here's a way to force the error. Please try it. To summarize: Create a file with permission bits set to 470, owned by root. With setfacl give write permission to a group. Users in that group will not be able to modify the file when accessing the share from a windows client. This is true for smbclient as well. Modifying the file under Linux works as expected. Please confirm if you observe the same behaviour. $ ls -l testi2.txt -r--rwx---+ 1 root QLEAP+domänen-benutzer 14 Apr 15 16:40 testi2.txt (Note the file belongs to root but has no write permission) $ getfacl testi2.txt # file: testi2.txt # owner: root # group: QLEAP+dom\303\244nen-benutzer user::r-- user:QLEAP+testi2:rwx group::r-- group:QLEAP+testgruppe20:rwx mask::rwx other::--- $ id uid=10032(QLEAP+testi2) gid=10029(QLEAP+domänen-benutzer) ...,10067(QLEAP+testgruppe20),... $ vi testi2.txt (can edit the file) $ smbcacls -U testi2 //hatest1/admin testgruppe20/testi2.txt creating lame upcase table creating lame lowcase table Password: REVISION:1 OWNER:HATEST1+root GROUP:QLEAP+Domänen-Benutzer ACL:HATEST1+root:ALLOWED/0/R ACL:QLEAP+testgruppe20:ALLOWED/0/FULL ACL:QLEAP+Domänen-Benutzer:ALLOWED/0/R ACL:QLEAP+testi2:ALLOWED/0/FULL ACL:+Jeder:ALLOWED/0/ $ smbclient -U testi2 //hatest1/admin creating lame upcase table creating lame lowcase table Password: Domain=[QLEAP] OS=[Unix] Server=[Samba 3.0.13-Debian] smb: \ cd testgruppe20 smb: \testgruppe20\ lcd /etc smb: \testgruppe20\ put passwd putting file passwd as \testgruppe20\passwd (1122.9 kb/s) (average 1123.0 kb/s) smb: \testgruppe20\ put passwd testi2.txt NT_STATUS_ACCESS_DENIED opening remote file \testgruppe20\testi2.txt smb: \testgruppe20\ q $ With this information I hope it is possible to find the bug. Thanks, Peter -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Re: Using idmap_rid backend, cannot browse home directory from XP
John- Thanks for answering! Changing the range had no
effect - the logs still look the same. I know that
it's mapping the group:
tx3linux01 root # getent passwd DOMAIN1\ssmith
DOMAIN1\ssmith:x:13830:1513:Smith,
Scott:/export/home/DOMAIN1/ssmith:/bin/bash
tx3linux01 root # getent group 1513
DOMAIN1\Domain Users:x:1513:DOMAIN1\swops
Something I noticed while running idmap_rid module is
that root sees all the groups that the user is a
member of, while the user just shows the primary
group:
tx3linux01 root # id DOMAIN1\ssmith
uid=13830(DOMAIN1\ssmith) gid=1513(DOMAIN1\Domain
Users) groups=1513(DOMAIN1\Domain
Users),30820(DOMAIN1\SDVT),13409(DOMAIN1\black),20772(DOMAIN1\TAQ_USERS),27685(DOMAIN1\TX3_USERS),9233(DOMAIN1\Instant
MessengerGG),15530(DOMAIN1\Taq
ENG_Richardson),15539(DOMAIN1\TaqDevelopment),15540(DOMAIN1\TaqAll),20804(DOMAIN1\TaqLegacy)
tx3linux01 root # su - DOMAIN1\ssmith
[EMAIL PROTECTED] ssmith $ id
uid=13830(DOMAIN1\ssmith) gid=1513(DOMAIN1\Domain
Users) groups=1513(DOMAIN1\Domain Users)
However, when not using idmap_rid, the user can see
all the groups he is a member of - although I don't
know what that means.
Any other ideas?
Regards,
Scott
On Thursday 14 April 2005 09:45, Scott E. Smith
wrote:
Samba version is 3.0.10 on Gentoo linux. I am
trying
to use idmap_rid backend in a Windows AD
environment,
the Linux PC acting only as a domain member. I am
using idmap_rid because I need UID/GID
predictability.
I can log in to console correctly, and it shows
the
right user and the Domain Users as the group.
When I use default winbind TDB, I can browse the
home
directory from an XP PC.
When using idmap_rid, and I try to browse to a
home
directory from a Windows XP PC, the user/password
dialog pops up. When I enter the DOMAIN\user +
password, the box merely pops up again, and this
is
what I see in log.winbind on the Samba domain
member:
You have set the UID and GID range to 10 to
1000.
This is the range that all RIDs must fit into. Below
is a predictable failure
to allocate a UID of hex 513 because it is out of
range.
Does that make sense? Change the IDMAP UID and IDMAP
GID ranges to start at
1000 and it should work.
- John T.
[2005/04/14 10:11:15, 3]
nsswitch/winbindd_misc.c:winbindd_interface_version(261)
[11340]: request interface version
[2005/04/14 10:11:15, 3]
nsswitch/winbindd_misc.c:winbindd_priv_pipe_dir(297)
[11340]: request location of privileged pipe
[2005/04/14 10:11:15, 3]
nsswitch/winbindd_misc.c:winbindd_ping(238)
[11340]: ping
[2005/04/14 10:11:15, 3]
nsswitch/winbindd_pam.c:winbindd_pam_auth_crap(465)
[11340]: pam auth crap domain: DOMAIN1 user:
ssmith
[2005/04/14 10:11:15, 3]
nsswitch/winbindd_misc.c:winbindd_interface_version(261)
[11340]: request interface version
[2005/04/14 10:11:15, 3]
nsswitch/winbindd_misc.c:winbindd_priv_pipe_dir(297)
[11340]: request location of privileged pipe
[2005/04/14 10:11:15, 3]
nsswitch/winbindd_user.c:winbindd_getpwnam(126)
[11340]: getpwnam domain1\ssmith
[2005/04/14 10:11:15, 3]
lib/charcnv.c:convert_string_allocate(576)
) convert_string_allocate: Conversion error:
Illegal
multibyte sequence(µ
[2005/04/14 10:11:15, 3]
nsswitch/winbindd_group.c:winbindd_getgroups(1003)
[11340]: getgroups DOMAIN1\ssmith
[2005/04/14 10:11:15, 0]
sam/idmap_rid.c:rid_idmap_get_id_from_sid(461)
rid_idmap_get_id_from_sid: no suitable range
available for sid:
S-1-5-21-1844237615-1644491937-725345543-513
When I execute 'id', the following is logged in
log.winbind:
[2005/04/14 10:15:46, 3]
nsswitch/winbindd_misc.c:winbindd_interface_version(261)
[11343]: request interface version
[2005/04/14 10:15:46, 3]
nsswitch/winbindd_misc.c:winbindd_priv_pipe_dir(297)
[11343]: request location of privileged pipe
[2005/04/14 10:15:46, 3]
nsswitch/winbindd_user.c:winbindd_getpwuid(225)
[11343]: getpwuid 112830
[2005/04/14 10:15:46, 3]
nsswitch/winbindd_ads.c:sequence_number(792)
ads: fetch sequence_number for DOMAIN1
[2005/04/14 10:15:46, 3]
lib/charcnv.c:convert_string_allocate(576)
) convert_string_allocate: Conversion error:
Illegal
multibyte sequence(µ
[2005/04/14 10:15:46, 3]
nsswitch/winbindd_user.c:winbindd_getpwuid(225)
[11343]: getpwuid 112830
[2005/04/14 10:15:46, 3]
nsswitch/winbindd_rpc.c:msrpc_sid_to_name(338)
sid_to_name [rpc]
S-1-5-21-725345543-1677128483-839522115-12830 for
domain DOMAIN1
[2005/04/14 10:15:46, 3]
nsswitch/winbindd_group.c:winbindd_getgrgid(348)
[11343]: getgrgid 100513
[2005/04/14 10:15:46, 3]
lib/charcnv.c:convert_string_allocate(567)
convert_string_allocate: Conversion error:
Incomplete multibyte
sequence(#9618;`#9618;`#9618;`#9618;{#9618;#9472;#9618;`#9618;#947;
2;#9618;) [2005/04/14 10:15:46, 3]
lib/charcnv.c:convert_string_allocate(567)
convert_string_allocate: Conversion error:
[Samba] winbind problems. it just wont work
hi, I am still batteling with winbind, and frankly, i am getting desperate enough to long for a weekend without any computers in sight (that is bad for an addict) I know I probably make a small stuid blunder but still, I cant find it. The attachment is my smb.conf file. I created the needed paths, I even made sure the ermissions are set! I created asmbusers file with contains the following line: root = Administrator admin Then I added a user root to the smbpasswd file smbpasswd -a root password: after a couple of errors that the smbpasswd file doesnt exists it becomes smart enough to create the file. Then I made the neccessary changes in my /etc/nsswitch.conf file as an added bonus I tried to join the samba to its own domain (Dunno if that should be working, but it doesnt!) rpc net join -S SMB3-MAIN -U root password: Could not connect to server SMB3-MAIN (I checked the processtatus, and everything is running!) Then I started the winbind daemon, and typed in wbinfo -u error looking up domain users I give up. can anyone PLEASE PLEASE PLEASE tell me where I goofed up, and that I am a stupid dutchman for doing so? Thanks and a great weekend everyone! ramses-- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] SID
On Friday 15 April 2005 08:52, Daniel Wilson wrote: bash# net getlocalsid ...also works. Are you certain that this works on Samba 2.2.8a? It does on 3.0.x. - John T. Dan Lasaro wrote: How can i get de SID on samba 2.2.8a-1 on redhat 7.3. Lasaro -- Daniel Wilson Systems Administrator IT Communications Service University of Sunderland Unit 1a Technology Park Chester Road Sunderland SR2 7PT Tel: 0191 515 2695 This e-mail contains information which is confidential and may be privileged and is for the exclusive use of the recipient. It is the responsibility of the recipient to ensure that this message and its attachments are virus free. Any views or opinions presented are solely those of the author and do not necessarily represent those of the University, unless otherwise specifically stated. -- John H Terpstra Samba-Team Member Phone: +1 (650) 580-8668 Author: The Official Samba-3 HOWTO Reference Guide, ISBN: 0131453556 Samba-3 by Example, ISBN: 0131472216 Hardening Linux, ISBN: 0072254971 Other books in production. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] ACL and delete files
Please file this as a bug report on https://bugzilla.samba.org if you want this to be dealt with. All Samba bug related issues are dealt with via bugzilla. - John T. On Friday 15 April 2005 08:59, Peter Kruse wrote: Hello, Here's a way to force the error. Please try it. To summarize: Create a file with permission bits set to 470, owned by root. With setfacl give write permission to a group. Users in that group will not be able to modify the file when accessing the share from a windows client. This is true for smbclient as well. Modifying the file under Linux works as expected. Please confirm if you observe the same behaviour. $ ls -l testi2.txt -r--rwx---+ 1 root QLEAP+domänen-benutzer 14 Apr 15 16:40 testi2.txt (Note the file belongs to root but has no write permission) $ getfacl testi2.txt # file: testi2.txt # owner: root # group: QLEAP+dom\303\244nen-benutzer user::r-- user:QLEAP+testi2:rwx group::r-- group:QLEAP+testgruppe20:rwx mask::rwx other::--- $ id uid=10032(QLEAP+testi2) gid=10029(QLEAP+domänen-benutzer) ..,10067(QLEAP+testgruppe20), $ vi testi2.txt (can edit the file) $ smbcacls -U testi2 //hatest1/admin testgruppe20/testi2.txt creating lame upcase table creating lame lowcase table Password: REVISION:1 OWNER:HATEST1+root GROUP:QLEAP+Domänen-Benutzer ACL:HATEST1+root:ALLOWED/0/R ACL:QLEAP+testgruppe20:ALLOWED/0/FULL ACL:QLEAP+Domänen-Benutzer:ALLOWED/0/R ACL:QLEAP+testi2:ALLOWED/0/FULL ACL:+Jeder:ALLOWED/0/ $ smbclient -U testi2 //hatest1/admin creating lame upcase table creating lame lowcase table Password: Domain=[QLEAP] OS=[Unix] Server=[Samba 3.0.13-Debian] smb: \ cd testgruppe20 smb: \testgruppe20\ lcd /etc smb: \testgruppe20\ put passwd putting file passwd as \testgruppe20\passwd (1122.9 kb/s) (average 1123.0 kb/s) smb: \testgruppe20\ put passwd testi2.txt NT_STATUS_ACCESS_DENIED opening remote file \testgruppe20\testi2.txt smb: \testgruppe20\ q $ With this information I hope it is possible to find the bug. Thanks, Peter -- John H Terpstra Samba-Team Member Phone: +1 (650) 580-8668 Author: The Official Samba-3 HOWTO Reference Guide, ISBN: 0131453556 Samba-3 by Example, ISBN: 0131472216 Hardening Linux, ISBN: 0072254971 Other books in production. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] winbind problems. it just wont work
On Friday 15 April 2005 09:04, Ramses van Pinxteren wrote: hi, I am still batteling with winbind, and frankly, i am getting desperate enough to long for a weekend without any computers in sight (that is bad for an addict) I know I probably make a small stuid blunder but still, I cant find it. The attachment is my smb.conf file. I created the needed paths, I even made sure the ermissions are set! I created asmbusers file with contains the following line: root = Administrator admin Then I added a user root to the smbpasswd file smbpasswd -a root password: after a couple of errors that the smbpasswd file doesnt exists it becomes smart enough to create the file. Then I made the neccessary changes in my /etc/nsswitch.conf file as an added bonus I tried to join the samba to its own domain (Dunno if that should be working, but it doesnt!) rpc net join -S SMB3-MAIN -U root password: Could not connect to server SMB3-MAIN (I checked the processtatus, and everything is running!) Then I started the winbind daemon, and typed in wbinfo -u error looking up domain users I give up. can anyone PLEASE PLEASE PLEASE tell me where I goofed up, and that I am a stupid dutchman for doing so? How stupid can a Dutchman be? I have been practicing for over 50 years and want the stupid Dutchman of the Century award! How much harder do I have to work to get there? Have you followed the Samba-Guide carefully? If you can point me to the exact step in the Samba-Guide that is not working I will help you to resolve the issue. Wat scrijft, blijft. - Jan (de man die niet alles kan!) -- John H Terpstra Samba-Team Member Phone: +1 (650) 580-8668 Author: The Official Samba-3 HOWTO Reference Guide, ISBN: 0131453556 Samba-3 by Example, ISBN: 0131472216 Hardening Linux, ISBN: 0072254971 Other books in production. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] ACL and delete files
John H Terpstra wrote: Please file this as a bug report on https://bugzilla.samba.org if you want this to be dealt with. All Samba bug related issues are dealt with via bugzilla. The closed bug #2521 looks like related to this, and I was thinking to reopen it if I can. Ptr - John T. On Friday 15 April 2005 08:59, Peter Kruse wrote: Hello, Here's a way to force the error. Please try it. To summarize: Create a file with permission bits set to 470, owned by root. With setfacl give write permission to a group. Users in that group will not be able to modify the file when accessing the share from a windows client. This is true for smbclient as well. Modifying the file under Linux works as expected. Please confirm if you observe the same behaviour. $ ls -l testi2.txt -r--rwx---+ 1 root QLEAP+domänen-benutzer 14 Apr 15 16:40 testi2.txt (Note the file belongs to root but has no write permission) $ getfacl testi2.txt # file: testi2.txt # owner: root # group: QLEAP+dom\303\244nen-benutzer user::r-- user:QLEAP+testi2:rwx group::r-- group:QLEAP+testgruppe20:rwx mask::rwx other::--- $ id uid=10032(QLEAP+testi2) gid=10029(QLEAP+domänen-benutzer) ..,10067(QLEAP+testgruppe20), $ vi testi2.txt (can edit the file) $ smbcacls -U testi2 //hatest1/admin testgruppe20/testi2.txt creating lame upcase table creating lame lowcase table Password: REVISION:1 OWNER:HATEST1+root GROUP:QLEAP+Domänen-Benutzer ACL:HATEST1+root:ALLOWED/0/R ACL:QLEAP+testgruppe20:ALLOWED/0/FULL ACL:QLEAP+Domänen-Benutzer:ALLOWED/0/R ACL:QLEAP+testi2:ALLOWED/0/FULL ACL:+Jeder:ALLOWED/0/ $ smbclient -U testi2 //hatest1/admin creating lame upcase table creating lame lowcase table Password: Domain=[QLEAP] OS=[Unix] Server=[Samba 3.0.13-Debian] smb: \ cd testgruppe20 smb: \testgruppe20\ lcd /etc smb: \testgruppe20\ put passwd putting file passwd as \testgruppe20\passwd (1122.9 kb/s) (average 1123.0 kb/s) smb: \testgruppe20\ put passwd testi2.txt NT_STATUS_ACCESS_DENIED opening remote file \testgruppe20\testi2.txt smb: \testgruppe20\ q $ With this information I hope it is possible to find the bug. Thanks, Peter -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Unable to join samba server to a NT4 style domain
Jim, I tried removing the domain machine account for the Samba server from the PDC and made sure that the smbd, nmbd daemons were down before I execute the net rpc join commands. The result was the same as before, it wasnt able to join the domain and gave the message: Unable to join domain domain-name. The --long option does not seem to give me any additional information on the screen. Would it post any information in logs anywhere else? Any thoughts? Regards, Ash --Original Message- -From: Van Sickler, Jim [mailto:[EMAIL PROTECTED] -Sent: Thursday, April 14, 2005 09:42 PM -To: ''Ashutosh Kamdar'', samba@lists.samba.org -Subject: RE: [Samba] Unable to join samba server to a NT4 style domain - -Ash, - -net help rpc shows the following for the --long option: - --l or --longDisplay full information - -In what I've found from googling and -the Samba-Guide (thanks, John!), -it looks like net rpc join will create the -Domain machine account when you run it; if -MYSERVER already exists, you'll be prevented -from creating a duplicate entry. - -Try deleting MYSERVER from the Domain. - -then run your original command... - -./net rpc join -U administrator%'' - -or ./net rpc join -S NT4SERVER -U administrator%'' - -and see what happens. - -If this works, it reinforces this comment from my earlier link: - -This process joins the server to the domain -without having to create the machine trust -account on the PDC beforehand. - -and is a change from Samba 2.x, which required -the creation of the machine trust account -on the PDC before running smbpasswd -j DOM -r DOMPDC. - -John: if this is true, can Chap 7 be amended to -reflect the change? - -Jim - - -Original Message- - From: Ashutosh Kamdar [mailto:[EMAIL PROTECTED] - Sent: Thursday, April 14, 2005 2:25 PM - To: Van Sickler, Jim; 'Ashutosh Kamdar'; samba@lists.samba.org - Subject: Re: [Samba] Unable to join samba server to a NT4 style domain - - - Jim, - - I have Samba shut down while executing the net rpc join - commands, as the HOW-TO says. - - On trying the following, - - # ./net rpc join -S NTSERVER - Password: - - This is the response I get, - - Could not connect to server NTSERVER - The username or password was not correct. - - The password used was that of the administrator authorized to - add machines to the domain. Is there any other - username/password I should be using? - - On trying this, - - net join -S NT4SERVER -U administrator%'' -W - MYWORKGROUP --long - - This is the response I get, - - Unable to join domain domain-name. - - BTW, what does the switch --long do? - - I have followed the exact steps in the document you have - pointed out and the HOW-TOs. Thanks for pointing that out - this particular chapter. - - Regards, - - Ash - - --Original Message- - -From: Van Sickler, Jim [mailto:[EMAIL PROTECTED] - -Sent: Thursday, April 14, 2005 08:30 PM - -To: ''Ashutosh Kamdar'', samba@lists.samba.org - -Subject: RE: [Samba] Unable to join samba server to a NT4 - style domain - - - -Ash, - - - -Do you have Samba shut down while you're - -running net rpc join? The daemons - -shouldn't be running, AFAIK. - - - -Make sure they're down, and try your earlier - -net rpc join commands... - - - -If that doesn't work, try just: - - net rpc join -S NT4SERVER - - - -Maybe try deleting MYSERVER from the domain, - -then - -net join -S NT4SERVER -U administrator%'' -W - MYWORKGROUP --long - - - -See - -http://aosda.net/docs/samba/3.0/Samba-HOWTO-Collection/domain - -member.html#id - -2522086 - - - - - -Jim - - - - - - -Original Message- - - From: Ashutosh Kamdar [mailto:[EMAIL PROTECTED] - - Sent: Thursday, April 14, 2005 12:50 PM - - To: Van Sickler, Jim; 'Ashutosh Kamdar'; samba@lists.samba.org - - Subject: Re: [Samba] Unable to join samba server to a NT4 - style domain - - - - - - Jim, - - - - Yes, the NTSERVER is a PDC. Do you know of a way to see any - - kind of logs on the net join rpc command? - - - - -Ash - - - - --Original Message- - - -From: Van Sickler, Jim [mailto:[EMAIL PROTECTED] - - -Sent: Thursday, April 14, 2005 07:40 PM - - -To: ''Ashutosh Kamdar'', samba@lists.samba.org - - -Subject: RE: [Samba] Unable to join samba server to a NT4 - - style domain - - - - - -Ash, - - - - - -Is NT4SERVER the PDC? - - -If not, use -S PDC instead of -S NT4SERVER - - - - - -Jim - - - - - - -Original Message- - - - From: Ashutosh Kamdar [mailto:[EMAIL PROTECTED] - - - Sent: Thursday, April 14, 2005 12:24 PM - - - To: Van Sickler, Jim; 'Ashutosh Kamdar'; samba@lists.samba.org - - - Subject: Re: [Samba] Unable to join samba server to a NT4 - - style domain - - - - - - - - - Jim, - - - - - - For all of the four commands you have mentioned, I get the - - - same response: - - - - - - Unable to join domain domain-name. - - - - - - There are no error messages or explanation with it, just the - - - plain text. - - - - - - Regards, - - - - - - Ash - - - - - -
Re: [Samba] Unable to join samba server to a NT4 style domain
Jim, I tried something as per your suggestion: # ./net rpc join -S NTSERVER -d 3 -l -U administrator%'x' This gave me the output listed below. Hopefully, this will help shed some light on the problem. Do you know what does status NT_STATUS_ACCESS_DENIED mean? Thanks, Ash -8 [2005/04/15 12:09:30, 3] param/loadparm.c:lp_load(3907) lp_load: refreshing parameters [2005/04/15 12:09:30, 3] param/loadparm.c:init_globals(1321) Initialising global parameters [2005/04/15 12:09:30, 3] param/params.c:pm_process(573) params.c:pm_process() - Processing configuration file /usr/local/samba/lib/smb.conf [2005/04/15 12:09:30, 3] param/loadparm.c:do_section(3409) Processing section [global] [2005/04/15 12:09:30, 2] lib/interface.c:add_interface(81) added interface ip=192.168.2.37 bcast=192.168.2.255 nmask=255.255.255.0 [2005/04/15 12:09:30, 3] libsmb/namequery.c:resolve_lmhosts(855) resolve_lmhosts: Attempting lmhosts lookup for name gnsi_server10x20 [2005/04/15 12:09:30, 3] libsmb/namequery.c:resolve_wins(752) resolve_wins: Attempting wins lookup for name gnsi_server10x20 [2005/04/15 12:09:30, 3] libsmb/namequery.c:resolve_wins(755) resolve_wins: WINS server resolution selected and no WINS servers listed. [2005/04/15 12:09:30, 3] libsmb/namequery.c:resolve_hosts(917) resolve_hosts: Attempting host lookup for name gnsi_server10x20 [2005/04/15 12:09:30, 3] libsmb/cliconnect.c:cli_start_connection(1406) Connecting to host=gnsi_server1 [2005/04/15 12:09:30, 3] lib/util_sock.c:open_socket_out(752) Connecting to 192.168.2.11 at port 445 [2005/04/15 12:09:30, 1] libsmb/cliconnect.c:cli_full_connection(1506) failed tcon_X with NT_STATUS_ACCESS_DENIED [2005/04/15 12:09:30, 1] utils/net.c:connect_to_ipc_anonymous(207) Cannot connect to server (anonymously). Error was NT_STATUS_ACCESS_DENIED [2005/04/15 12:09:30, 3] libsmb/cliconnect.c:cli_start_connection(1406) Connecting to host=gnsi_server1 [2005/04/15 12:09:30, 3] lib/util_sock.c:open_socket_out(752) Connecting to 192.168.2.11 at port 445 [2005/04/15 12:09:30, 3] libsmb/cliconnect.c:cli_session_setup_spnego(708) Doing spnego session setup (blob length=110) [2005/04/15 12:09:30, 3] libsmb/cliconnect.c:cli_session_setup_spnego(733) got OID=1 2 840 48018 1 2 2 [2005/04/15 12:09:30, 3] libsmb/cliconnect.c:cli_session_setup_spnego(733) got OID=1 2 840 113554 1 2 2 [2005/04/15 12:09:30, 3] libsmb/cliconnect.c:cli_session_setup_spnego(733) got OID=1 2 840 113554 1 2 2 3 [2005/04/15 12:09:30, 3] libsmb/cliconnect.c:cli_session_setup_spnego(733) got OID=1 3 6 1 4 1 311 2 2 10 [2005/04/15 12:09:30, 3] libsmb/cliconnect.c:cli_session_setup_spnego(740) got [EMAIL PROTECTED] [2005/04/15 12:09:30, 3] libsmb/ntlmssp.c:ntlmssp_client_challenge(869) Got challenge flags: [2005/04/15 12:09:30, 3] libsmb/ntlmssp.c:debug_ntlmssp_flags(62) Got NTLMSSP neg_flags=0x62890215 [2005/04/15 12:09:30, 3] libsmb/ntlmssp.c:ntlmssp_client_challenge(891) NTLMSSP: Set final flags: [2005/04/15 12:09:30, 3] libsmb/ntlmssp.c:debug_ntlmssp_flags(62) Got NTLMSSP neg_flags=0x60080215 [2005/04/15 12:09:30, 3] libsmb/ntlmssp_sign.c:ntlmssp_sign_init(319) NTLMSSP Sign/Seal - Initialising with flags: [2005/04/15 12:09:30, 3] libsmb/ntlmssp.c:debug_ntlmssp_flags(62) Got NTLMSSP neg_flags=0x60080215 [2005/04/15 12:09:30, 3] rpc_parse/parse_lsa.c:lsa_io_sec_qos(181) lsa_io_sec_qos: length c does not match size 8 [2005/04/15 12:09:30, 3] libsmb/cliconnect.c:cli_start_connection(1406) Connecting to host=gnsi_server1 [2005/04/15 12:09:30, 3] lib/util_sock.c:open_socket_out(752) Connecting to 192.168.2.11 at port 445 [2005/04/15 12:09:30, 1] libsmb/cliconnect.c:cli_full_connection(1506) failed tcon_X with NT_STATUS_ACCESS_DENIED [2005/04/15 12:09:30, 1] utils/net.c:connect_to_ipc_anonymous(207) Cannot connect to server (anonymously). Error was NT_STATUS_ACCESS_DENIED Unable to join domain GLOBALNET. [2005/04/15 12:09:30, 2] utils/net.c:main(897) return code = 1 -8--- --Original Message- -From: Van Sickler, Jim [mailto:[EMAIL PROTECTED] -Sent: Thursday, April 14, 2005 09:42 PM -To: ''Ashutosh Kamdar'', samba@lists.samba.org -Subject: RE: [Samba] Unable to join samba server to a NT4 style domain - -Ash, - -net help rpc shows the following for the --long option: - --l or --longDisplay full information - -In what I've found from googling and -the Samba-Guide (thanks, John!), -it looks like net rpc join will create the -Domain machine account when you run it; if -MYSERVER already exists, you'll be prevented -from creating a duplicate entry. - -Try deleting MYSERVER from the Domain. - -then run your original command... - -./net rpc join -U administrator%'' - -or ./net rpc join -S NT4SERVER -U administrator%'' - -and see what happens. - -If this works, it reinforces this comment from my earlier link: - -This process joins the
Re: [Samba] SID
im not 100% certain, i presumed that it might work, never used version 2.X.X, only started using samba with version 3.0.x, it was just a suggestion to try! :) Regards John H Terpstra wrote: On Friday 15 April 2005 08:52, Daniel Wilson wrote: bash# net getlocalsid ...also works. Are you certain that this works on Samba 2.2.8a? It does on 3.0.x. - John T. Dan Lasaro wrote: How can i get de SID on samba 2.2.8a-1 on redhat 7.3. Lasaro -- Daniel Wilson Systems Administrator IT Communications Service University of Sunderland Unit 1a Technology Park Chester Road Sunderland SR2 7PT Tel: 0191 515 2695 This e-mail contains information which is confidential and may be privileged and is for the exclusive use of the recipient. It is the responsibility of the recipient to ensure that this message and its attachments are virus free. Any views or opinions presented are solely those of the author and do not necessarily represent those of the University, unless otherwise specifically stated. -- Daniel Wilson Systems Administrator IT Communications Service University of Sunderland Unit 1a Technology Park Chester Road Sunderland SR2 7PT Tel: 0191 515 2695 This e-mail contains information which is confidential and may be privileged and is for the exclusive use of the recipient. It is the responsibility of the recipient to ensure that this message and its attachments are virus free. Any views or opinions presented are solely those of the author and do not necessarily represent those of the University, unless otherwise specifically stated. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] SID
thanks, works smbpasswd -S 'domain' - Original Message - From: Daniel Wilson To: [EMAIL PROTECTED] Cc: samba@lists.samba.org Sent: Friday, April 15, 2005 1:33 PM Subject: Re: [Samba] SID im not 100% certain, i presumed that it might work, never used version 2.X.X, only started using samba with version 3.0.x, it was just a suggestion to try! :) Regards John H Terpstra wrote: On Friday 15 April 2005 08:52, Daniel Wilson wrote: bash# net getlocalsid ...also works. Are you certain that this works on Samba 2.2.8a? It does on 3.0.x. - John T. Dan Lasaro wrote: How can i get de SID on samba 2.2.8a-1 on redhat 7.3. Lasaro -- Daniel Wilson Systems Administrator IT Communications Service University of Sunderland Unit 1a Technology Park Chester Road Sunderland SR2 7PT Tel: 0191 515 2695 This e-mail contains information which is confidential and may be privileged and is for the exclusive use of the recipient. It is the responsibility of the recipient to ensure that this message and its attachments are virus free. Any views or opinions presented are solely those of the author and do not necessarily represent those of the University, unless otherwise specifically stated. -- Daniel Wilson Systems Administrator IT Communications Service University of Sunderland Unit 1a Technology Park Chester Road Sunderland SR2 7PT Tel: 0191 515 2695 This e-mail contains information which is confidential and may be privileged and is for the exclusive use of the recipient. It is the responsibility of the recipient to ensure that this message and its attachments are virus free. Any views or opinions presented are solely those of the author and do not necessarily represent those of the University, unless otherwise specifically stated. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] ACL and delete files
On Fri, Apr 15, 2005 at 12:15:26PM +0200, Peter Kruse wrote: Hello, Jacob Nielsen wrote: Hello list I have the same problem with my Samba-3.0.13. This problem started after upgrading from 3.0.11. I have a rather huge fileserver with 300.000+ files, so this is kindda a big issue for me. Problem is when rename/deleting files, which is basicly not possible. Copying a new file to the same directory is not a problem. Not changeable thou. If you open the file in an editor and save it, it's not a problem either. Very strange. Thanks for sharing this. I can confirm that this problem exists in 3.0.13. There has been a bug report #2521 which was closed although there was still one report saying the bug still was there. I have several reports of this same behaviour: creating of files work but modify/delete doesn't. Is it true the the directory in question does not give write permission to the user account but only the group the user belongs to? Yes, this was something I fixed for 3.0.14a. Jeremy. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Unable to join samba server to a NT4 style domain
Ash, Can you check the value of the restrictanonymous registry key on your NT4 server - I think if it's set higher than 0 or 1 you'll be prevented from joining the Domain. Set it to 0, let the Samba box join, and set it back to the previous level. You'll find the setting in 3 places with regedit; 2 are editable, and the 3rd is the current setting. Also, I'm using the smbusers file to map *nix-Windows users, because I'm not running winbindd (it's an OpenBSD box). I've got an entry of: root=administrator You might try adding that file/entry to see if it helps. I guess the --long doesn't display anything, or you have to tell it to debug in order for it to work... If you're not using a WINS server, I'd add this to your smb.conf: name resolve order = lmhosts host bcast I'm not sure if your lmhosts entry for the NT4 server is gnsi_server1 or gnsi_server10x20 I think it should be the former. Jim -Original Message- From: Ashutosh Kamdar [mailto:[EMAIL PROTECTED] Sent: Friday, April 15, 2005 9:20 AM To: Van Sickler, Jim; 'Ashutosh Kamdar'; samba@lists.samba.org Subject: Re: [Samba] Unable to join samba server to a NT4 style domain Jim, I tried something as per your suggestion: # ./net rpc join -S NTSERVER -d 3 -l -U administrator%'x' This gave me the output listed below. Hopefully, this will help shed some light on the problem. Do you know what does status NT_STATUS_ACCESS_DENIED mean? Thanks, Ash -8 [2005/04/15 12:09:30, 3] param/loadparm.c:lp_load(3907) lp_load: refreshing parameters [2005/04/15 12:09:30, 3] param/loadparm.c:init_globals(1321) Initialising global parameters [2005/04/15 12:09:30, 3] param/params.c:pm_process(573) params.c:pm_process() - Processing configuration file /usr/local/samba/lib/smb.conf [2005/04/15 12:09:30, 3] param/loadparm.c:do_section(3409) Processing section [global] [2005/04/15 12:09:30, 2] lib/interface.c:add_interface(81) added interface ip=192.168.2.37 bcast=192.168.2.255 nmask=255.255.255.0 [2005/04/15 12:09:30, 3] libsmb/namequery.c:resolve_lmhosts(855) resolve_lmhosts: Attempting lmhosts lookup for name gnsi_server10x20 [2005/04/15 12:09:30, 3] libsmb/namequery.c:resolve_wins(752) resolve_wins: Attempting wins lookup for name gnsi_server10x20 [2005/04/15 12:09:30, 3] libsmb/namequery.c:resolve_wins(755) resolve_wins: WINS server resolution selected and no WINS servers listed. [2005/04/15 12:09:30, 3] libsmb/namequery.c:resolve_hosts(917) resolve_hosts: Attempting host lookup for name gnsi_server10x20 [2005/04/15 12:09:30, 3] libsmb/cliconnect.c:cli_start_connection(1406) Connecting to host=gnsi_server1 [2005/04/15 12:09:30, 3] lib/util_sock.c:open_socket_out(752) Connecting to 192.168.2.11 at port 445 [2005/04/15 12:09:30, 1] libsmb/cliconnect.c:cli_full_connection(1506) failed tcon_X with NT_STATUS_ACCESS_DENIED [2005/04/15 12:09:30, 1] utils/net.c:connect_to_ipc_anonymous(207) Cannot connect to server (anonymously). Error was NT_STATUS_ACCESS_DENIED [2005/04/15 12:09:30, 3] libsmb/cliconnect.c:cli_start_connection(1406) Connecting to host=gnsi_server1 [2005/04/15 12:09:30, 3] lib/util_sock.c:open_socket_out(752) Connecting to 192.168.2.11 at port 445 [2005/04/15 12:09:30, 3] libsmb/cliconnect.c:cli_session_setup_spnego(708) Doing spnego session setup (blob length=110) [2005/04/15 12:09:30, 3] libsmb/cliconnect.c:cli_session_setup_spnego(733) got OID=1 2 840 48018 1 2 2 [2005/04/15 12:09:30, 3] libsmb/cliconnect.c:cli_session_setup_spnego(733) got OID=1 2 840 113554 1 2 2 [2005/04/15 12:09:30, 3] libsmb/cliconnect.c:cli_session_setup_spnego(733) got OID=1 2 840 113554 1 2 2 3 [2005/04/15 12:09:30, 3] libsmb/cliconnect.c:cli_session_setup_spnego(733) got OID=1 3 6 1 4 1 311 2 2 10 [2005/04/15 12:09:30, 3] libsmb/cliconnect.c:cli_session_setup_spnego(740) got [EMAIL PROTECTED] [2005/04/15 12:09:30, 3] libsmb/ntlmssp.c:ntlmssp_client_challenge(869) Got challenge flags: [2005/04/15 12:09:30, 3] libsmb/ntlmssp.c:debug_ntlmssp_flags(62) Got NTLMSSP neg_flags=0x62890215 [2005/04/15 12:09:30, 3] libsmb/ntlmssp.c:ntlmssp_client_challenge(891) NTLMSSP: Set final flags: [2005/04/15 12:09:30, 3] libsmb/ntlmssp.c:debug_ntlmssp_flags(62) Got NTLMSSP neg_flags=0x60080215 [2005/04/15 12:09:30, 3] libsmb/ntlmssp_sign.c:ntlmssp_sign_init(319) NTLMSSP Sign/Seal - Initialising with flags: [2005/04/15 12:09:30, 3] libsmb/ntlmssp.c:debug_ntlmssp_flags(62) Got NTLMSSP neg_flags=0x60080215 [2005/04/15 12:09:30, 3] rpc_parse/parse_lsa.c:lsa_io_sec_qos(181) lsa_io_sec_qos: length c does not match size 8 [2005/04/15 12:09:30, 3] libsmb/cliconnect.c:cli_start_connection(1406) Connecting to host=gnsi_server1 [2005/04/15 12:09:30, 3] lib/util_sock.c:open_socket_out(752) Connecting to 192.168.2.11 at port 445 [2005/04/15 12:09:30, 1]
[Samba] still ACL bug in 3.0.14a
Sparc Solaris / UFS file system. I have some ACL's set up for a handful of users and its all worked flawlessly with every incarnation of Samba I've used over the past couple years, which would be most. Last Friday evening I upgraded from 3.0.11 to 3.0.13 and some of the users I have some ACL's set up for promptly found Monday that they couldn't save new Excel files, they'd be informed the file already exists be prompted to overwrite and then be informed the folder is marked read only. They end up with two 0 byte files, one with the name they where trying to save the Excel file as and another of the form fsaxx.tmp. So Tuesday afternoon I reverted the less crucial Samba servers back to 3.0.11 and came in at 6:30AM Wednesday to revert the other servers back to 3.0.11. Everything is gravy with 3.0.11 as it always been. I noticed 3.0.14 and 3.0.15pre had been up and back down. But the change logs where there and mentioned items dealing with ACLs so I thought I'd hold off posting to this forum and see if a new Samba would fix it. I downloaded 3.0.14a today, compiled, and tested. Sadly, No! The same problem is there. Just before I began posting this very message I came across the thread ACL and delete files and it turns out what the numerous messages in that thread are describing is exactly what I'm seeing to. I had thought it was more of an Excel thing but as I've tested it today in conjunction with 3.0.14a it turns it is a general thing, exactly as that thread describes - a file can be created or modified, but not deleted or renamed. Actually, I have determined one additional interesting item not in that other thread -- Windows XP SP1 works fine with a directory using ACLs with 3.0.13 and 3.0.14a IF AND ONLY IF you do not have Microsoft patch KB885835 installed. XP with SP2 is always screwed. I've only tested with one Win 2K system and it exhibits the same problem with the new Sambas as well. The problem is totally reproducible across different boxes here and even using the most very basic of a smb.conf. User schaefer should be able to connect to his home share, go into his tmp/crap/ folder and create, modify, and delete files as he pleases. In any Samba 3.0.11 or prior he can. Haven't tried 3.0.12. 3.0.13 and 3.0.14a he can't... [EMAIL PROTECTED]:/accounts/staff/schaefer/tmp bash# ls -ld crap d-+ 2 root root 512 Apr 15 11:15 crap/ [EMAIL PROTECTED]:/accounts/staff/schaefer/tmp bash# getfacl crap # file: crap # owner: root # group: root user::--- group::--- #effective:--- group:203:rwx #effective:rwx group:cfusion:rwx #effective:rwx mask:rwx other:--- [EMAIL PROTECTED]:/accounts/staff/schaefer/tmp bash# id schaefer uid=241(schaefer) gid=60003(cfusion) [EMAIL PROTECTED]:/accounts/staff/schaefer/tmp bash# cat /usr/local/samba/lib/smb.conf # Samba config file created using SWAT # from TOMCAT.umsl.edu (134.124.15.21) # Date: 2001/08/31 11:24:37 # Global parameters [global] hosts allow = 134.124. 128.206. workgroup = UMSL netbios name = HUCKFINN interfaces = 134.124.15.26 127.0.0.1 bind interfaces only = Yes security = SHARE encrypt passwords = Yes nt acl support = No name resolve order = lmhosts wins bcast host os level = 19 preferred master = no wins server = 134.124.45.45 username map = /usr/local/samba/lib/usernamemap unix extensions = no # unix charset = ISO8859-1 smb ports = 139 [Homes] comment = Home Directories username = %S valid users = %S writeable = Yes map archive = No browseable = No create mask = 664 directory mask = 775 force create mode = 664 force directory mode = 775 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Unable to join samba server to a NT4 style domain
Ash, One more thing to try... according to http://www.spinics.net/lists/samba/msg20429.html (Re: RE: Microsoft hotfix MS04-011, breaks Samba password change.) The samba 3 command net rpc oldjoin works in the same way as smbpasswd -j dom -r pdc in samba 2 did. You don't have to type the root password You might have to add the Samba box to the Domain again, in order to get this to work... You WILL prevail (eventually)! Jim -Original Message- From: Ashutosh Kamdar [mailto:[EMAIL PROTECTED] Sent: Friday, April 15, 2005 9:05 AM To: Van Sickler, Jim; 'Ashutosh Kamdar'; samba@lists.samba.org Subject: Re: [Samba] Unable to join samba server to a NT4 style domain Jim, I tried removing the domain machine account for the Samba server from the PDC and made sure that the smbd, nmbd daemons were down before I execute the net rpc join commands. The result was the same as before, it wasnt able to join the domain and gave the message: Unable to join domain domain-name. The --long option does not seem to give me any additional information on the screen. Would it post any information in logs anywhere else? Any thoughts? Regards, Ash --Original Message- -From: Van Sickler, Jim [mailto:[EMAIL PROTECTED] -Sent: Thursday, April 14, 2005 09:42 PM -To: ''Ashutosh Kamdar'', samba@lists.samba.org -Subject: RE: [Samba] Unable to join samba server to a NT4 style domain - -Ash, - -net help rpc shows the following for the --long option: - --l or --longDisplay full information - -In what I've found from googling and -the Samba-Guide (thanks, John!), -it looks like net rpc join will create the -Domain machine account when you run it; if -MYSERVER already exists, you'll be prevented -from creating a duplicate entry. - -Try deleting MYSERVER from the Domain. - -then run your original command... - -./net rpc join -U administrator%'' - -or ./net rpc join -S NT4SERVER -U administrator%'' - -and see what happens. - -If this works, it reinforces this comment from my earlier link: - -This process joins the server to the domain -without having to create the machine trust -account on the PDC beforehand. - -and is a change from Samba 2.x, which required -the creation of the machine trust account -on the PDC before running smbpasswd -j DOM -r DOMPDC. - -John: if this is true, can Chap 7 be amended to -reflect the change? - -Jim - - -Original Message- - From: Ashutosh Kamdar [mailto:[EMAIL PROTECTED] - Sent: Thursday, April 14, 2005 2:25 PM - To: Van Sickler, Jim; 'Ashutosh Kamdar'; samba@lists.samba.org - Subject: Re: [Samba] Unable to join samba server to a NT4 style domain - - - Jim, - - I have Samba shut down while executing the net rpc join - commands, as the HOW-TO says. - - On trying the following, - - # ./net rpc join -S NTSERVER - Password: - - This is the response I get, - - Could not connect to server NTSERVER - The username or password was not correct. - - The password used was that of the administrator authorized to - add machines to the domain. Is there any other - username/password I should be using? - - On trying this, - - net join -S NT4SERVER -U administrator%'' -W - MYWORKGROUP --long - - This is the response I get, - - Unable to join domain domain-name. - - BTW, what does the switch --long do? - - I have followed the exact steps in the document you have - pointed out and the HOW-TOs. Thanks for pointing that out - this particular chapter. - - Regards, - - Ash - - --Original Message- - -From: Van Sickler, Jim [mailto:[EMAIL PROTECTED] - -Sent: Thursday, April 14, 2005 08:30 PM - -To: ''Ashutosh Kamdar'', samba@lists.samba.org - -Subject: RE: [Samba] Unable to join samba server to a NT4 - style domain - - - -Ash, - - - -Do you have Samba shut down while you're - -running net rpc join? The daemons - -shouldn't be running, AFAIK. - - - -Make sure they're down, and try your earlier - -net rpc join commands... - - - -If that doesn't work, try just: - - net rpc join -S NT4SERVER - - - -Maybe try deleting MYSERVER from the domain, - -then - -net join -S NT4SERVER -U administrator%'' -W - MYWORKGROUP --long - - - -See - -http://aosda.net/docs/samba/3.0/Samba-HOWTO-Collection/domain - -member.html#id - -2522086 - - - - - -Jim - - - - - - -Original Message- - - From: Ashutosh Kamdar [mailto:[EMAIL PROTECTED] - - Sent: Thursday, April 14, 2005 12:50 PM - - To: Van Sickler, Jim; 'Ashutosh Kamdar'; samba@lists.samba.org - - Subject: Re: [Samba] Unable to join samba server to a NT4 - style domain - - - - - - Jim, - - - - Yes, the NTSERVER is a PDC. Do you know of a way to see any - - kind of logs on the net join rpc command? - - - - -Ash - - - - --Original Message- - - -From: Van Sickler, Jim [mailto:[EMAIL PROTECTED] - - -Sent: Thursday, April 14,
[Samba] Re: still ACL bug in 3.0.14a
Hello, just filed it as #2619. If you wish, put additional information there. Regards, Peter Tom Schaefer wrote: Sparc Solaris / UFS file system. I have some ACL's set up for a handful of users and its all worked flawlessly with every incarnation of Samba I've used over the past couple years, which would be most. Last Friday evening I upgraded from 3.0.11 to 3.0.13 and some of the users I have some ACL's set up for promptly found Monday that they couldn't save new Excel files, they'd be informed the file already exists be prompted to overwrite and then be informed the folder is marked read only. They end up with two 0 byte files, one with the name they where trying to save the Excel file as and another of the form fsaxx.tmp. So Tuesday afternoon I reverted the less crucial Samba servers back to 3.0.11 and came in at 6:30AM Wednesday to revert the other servers back to 3.0.11. Everything is gravy with 3.0.11 as it always been. I noticed 3.0.14 and 3.0.15pre had been up and back down. But the change logs where there and mentioned items dealing with ACLs so I thought I'd hold off posting to this forum and see if a new Samba would fix it. I downloaded 3.0.14a today, compiled, and tested. Sadly, No! The same problem is there. Just before I began posting this very message I came across the thread ACL and delete files and it turns out what the numerous messages in that thread are describing is exactly what I'm seeing to. I had thought it was more of an Excel thing but as I've tested it today in conjunction with 3.0.14a it turns it is a general thing, exactly as that thread describes - a file can be created or modified, but not deleted or renamed. Actually, I have determined one additional interesting item not in that other thread -- Windows XP SP1 works fine with a directory using ACLs with 3.0.13 and 3.0.14a IF AND ONLY IF you do not have Microsoft patch KB885835 installed. XP with SP2 is always screwed. I've only tested with one Win 2K system and it exhibits the same problem with the new Sambas as well. The problem is totally reproducible across different boxes here and even using the most very basic of a smb.conf. User schaefer should be able to connect to his home share, go into his tmp/crap/ folder and create, modify, and delete files as he pleases. In any Samba 3.0.11 or prior he can. Haven't tried 3.0.12. 3.0.13 and 3.0.14a he can't... [EMAIL PROTECTED]:/accounts/staff/schaefer/tmp bash# ls -ld crap d-+ 2 root root 512 Apr 15 11:15 crap/ [EMAIL PROTECTED]:/accounts/staff/schaefer/tmp bash# getfacl crap # file: crap # owner: root # group: root user::--- group::--- #effective:--- group:203:rwx #effective:rwx group:cfusion:rwx #effective:rwx mask:rwx other:--- [EMAIL PROTECTED]:/accounts/staff/schaefer/tmp bash# id schaefer uid=241(schaefer) gid=60003(cfusion) [EMAIL PROTECTED]:/accounts/staff/schaefer/tmp bash# cat /usr/local/samba/lib/smb.conf # Samba config file created using SWAT # from TOMCAT.umsl.edu (134.124.15.21) # Date: 2001/08/31 11:24:37 # Global parameters [global] hosts allow = 134.124. 128.206. workgroup = UMSL netbios name = HUCKFINN interfaces = 134.124.15.26 127.0.0.1 bind interfaces only = Yes security = SHARE encrypt passwords = Yes nt acl support = No name resolve order = lmhosts wins bcast host os level = 19 preferred master = no wins server = 134.124.45.45 username map = /usr/local/samba/lib/usernamemap unix extensions = no # unix charset = ISO8859-1 smb ports = 139 [Homes] comment = Home Directories username = %S valid users = %S writeable = Yes map archive = No browseable = No create mask = 664 directory mask = 775 force create mode = 664 force directory mode = 775 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] still ACL bug in 3.0.14a
On Fri, Apr 15, 2005 at 12:03:06PM -0500, Tom Schaefer wrote: The problem is totally reproducible across different boxes here and even using the most very basic of a smb.conf. User schaefer should be able to connect to his home share, go into his tmp/crap/ folder and create, modify, and delete files as he pleases. In any Samba 3.0.11 or prior he can. Haven't tried 3.0.12. 3.0.13 and 3.0.14a he can't... Ok, I'll try to reproduce this here before I have to catch the plane to LinuxConfAu. Thanks, Jeremy. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] File listing problems in 3.0.13
Thanks for another quick response, I have done some poking in the code and found that the cause of the problem for the missing file is that in the function get_lanman2_dir_entry in trans2.c, dname returns false on the last entry of the directory. I also noticed that where changes in the assignment of dname between 11 and 12 trans2.c.3.0.11 trans2.c.3.0.12 --- prev_dirpos = TellDir(conn-dirptr); dname = ReadDirName(conn-dirptr); --- long curr_dirpos = prev_dirpos = dptr_TellDir(conn-dirptr); dname = dptr_ReadDirName(conn-dirptr,curr_dirpos,sbuf); if (!dname) return(False) I am going to try and track it down further but I am wondering if this triggers any thoughts. Another thing that I notice in the code is that I get messages such as: get_lanman2_dir_entry:readdir on dirptr 0x10425968 now at offset -183597246 in the logs, the offset grows through the positive numbers and then it prints negative from high to low (long int overflow) yet the files seem to be shown. However the last entry printed is very close to -1 again (possible overflow of unsigned long?) Sorry to bother you about this again but I don't really know how to approach SGI with this since I don't know how to describe the problem to them so that they understand it and I get differing results with the same OS and the same compilers. Cale Fairchild Systems Administrator Computer Science Brock University [EMAIL PROTECTED] On Thu, 14 Apr 2005, Jeremy Allison wrote: On Thu, Apr 14, 2005 at 03:11:09PM -0400, Cale Fairchild wrote: Thanks for the reply, I have just tried out the version in the SAMBA_3_0_STABLE branch of the subversion tree, tagged 3.0.14a, and it has the same problem. If there is anywhere in particular that I should take a look at I would be grateful for suggestions. I don't know what to advise. James Peach of SGI can't reproduce your problem on his versions of IRIX with the same code, and this code works without problems on all other systems we know of Time to get SGI support heavily involved I think. Jeremy. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] File listing problems in 3.0.13
On Fri, Apr 15, 2005 at 01:27:29PM -0400, Cale Fairchild wrote: Thanks for another quick response, I have done some poking in the code and found that the cause of the problem for the missing file is that in the function get_lanman2_dir_entry in trans2.c, dname returns false on the last entry of the directory. I also noticed that where changes in the assignment of dname between 11 and 12 trans2.c.3.0.11 trans2.c.3.0.12 --- prev_dirpos = TellDir(conn-dirptr); dname = ReadDirName(conn-dirptr); --- long curr_dirpos = prev_dirpos = dptr_TellDir(conn-dirptr); dname = dptr_ReadDirName(conn-dirptr,curr_dirpos,sbuf); if (!dname) return(False) I am going to try and track it down further but I am wondering if this triggers any thoughts. Another thing that I notice in the code is that I get messages such as: get_lanman2_dir_entry:readdir on dirptr 0x10425968 now at offset -183597246 in the logs, the offset grows through the positive numbers and then it prints negative from high to low (long int overflow) yet the files seem to be shown. However the last entry printed is very close to -1 again (possible overflow of unsigned long?) Sorry to bother you about this again but I don't really know how to approach SGI with this since I don't know how to describe the problem to them so that they understand it and I get differing results with the same OS and the same compilers. Work with James Peach of SGI on this. What is the size of the result from a telldir() on a 64-bit IRIX box. Jeremy. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Smbd hangs for users...
I love to if I just know how, not used to debuging...can you give me a hint? Please! Jeremy Allison skrev: On Thu, Apr 14, 2005 at 11:52:46AM +0200, Anders Troback wrote: Sorry for the bad input:-( It looks like if a folder contains lots of files with names (ls -w on the BSD box) like \303\204NDRINGAR ENLIGT NY STD.doc or milj\224prov.doc the smbd hangs for that user and a new session starts and sometimes a user have 10 smbd procceses running at 40-80%. The stange characters a old (old mening a error from a upgrade from 2.x to 3.x) swedish letters. Can you attach to the spinning process with gdb and tell me where it is within the code please ? Thanks, Jeremy. -- Microsoft is not the answer. Microsoft is the question. And 'No' is the answer! http://www.troback.com - -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Error: Access to the resource \\netbiosname has been disallowed?
Hey all, I have a samba server running 3.0.10 and I am getting a weird response from PC (XP and 2K) clients. The PCs are joined to the domain as is the samba server. When any PCs try to connect using the netbios name or IP I get the error: Access to the resource \\netbiosname has been disallowed. If I unjoin the PCs from the ADS domain, they can connect fine. I see no kerberos errors and smb.conf is not set up to use it so its passing through non kerberos auth. The weird thing is, if I go into a user account in AD, click the profile tab and then add a path to a share on my samba box (using \\IPaddress\Sharename) it maps the drive for the PCs when they log in, but subsequent attempts to connect to the same samba server (even by IP) after login fail with the above message. This leads me to think that there is some policy being applied to the PCs that is preventing them from connecting. I looked on the domain controller (win2k3) and see that: Start - All Programs - Administrative Tools - Domain Controller Security Policy. in Local Policies: Security Options, and set the following: * Microsoft Network Server: Digitally sign communications (always): DISABLED * Microsoft Network Server: Digitally sign communications (if client agrees): ENABLED * Microsoft Network Client: Digitally sign communications (always): DISABLED * Microsoft Network Client: Digitally sign communications (if server agrees): ENABLED * Domain Member: Digitally encrypt or sign secure data channel (always): DISABLED * Domain Member: Digitally encrypt secure data channel (when possible): ENABLED * Domain Member: Digitally sign secure data channel (when possible): ENABLED And then I also checked that: Network Security: LAN Manager authentication level: Sent NTLM response only After changing these settings I did a: gpuupdate /Force /Wait:0 to apply the settings on the domain controller. However, my PC clients still can't connect. Has anyone run into this before? Any more policies to look for? Is this a known issue with this combination? thanks Aaron -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Request: Documentation Review - Update
Folks, Over the past week I have significantly updated the book Samba-3 by Example that is available on-line as the Samba-Guide. The latest changes will be reflected in the on-line version within 24 hours at: http://www.samba.org/samba/docs/Samba-Guide.pdf The feedback since my last request for documentation review has been welcome. Please keep this coming. Your help is essential so that the quality and validity of the documentation can be assured. I have read through and tidied up so much of the Samba-Guide now that my eyes just see what I believe was added. The time is now right for the many eyes will find all the bugs process to make me humble. :-) In particular feedback is needed (in order of priority) for the following: 1. Chapter 9 2. Chapter 7 3. Chapter 5 4. Chapter 10 In all about 100 pages have been added. The documentation is now more or less up to date for Samba 3.0.15 (soon to be released). I have had some feedback on chapter 10, but no suggestions for improvement. I would welcome hearing directly from anyone who has migrated NetWare servers to Samba. I need more expert input. When all the feedback has been incorporated into the book the final step will be to clean up the formatting before it is reprinted. When this book goes into print its success in the book market is essential otherwise the liklihood of it being reprinted in future will be low. For this reason I am actively asking for the most critical review feedback with no shots held back. Personally, I feel that this book has reached the point where the return for effort to add valuable content is lower than the energy it takes to add it. If I am on the wrong track anywhere in this book I would appreciate being told bluntly. Again, thanks for the feedback so far. PS: Please be kind to dead trees - print only as much as necessary for review. :-) - John T. -- John H Terpstra Samba-Team Member Phone: +1 (650) 580-8668 Author: The Official Samba-3 HOWTO Reference Guide, ISBN: 0131453556 Samba-3 by Example, ISBN: 0131472216 Hardening Linux, ISBN: 0072254971 Other books in production. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Unable to join samba server to a NT4 style domain
Jim, It worked! The modification of the registry value on the PDC allowed the samba server to join the domain. Phew! I can get some peace now :) I have also acted upon your suggestions about adding the entry to smb.conf. You were right about the server name, it was the former. Now, what we have done in terms of setting the registryvalue to 0 is a workaround. Does this have to be done everytime a Samba server joins the domain? I am going to ask my NT admin to change the value back to its original setting. Hope this doesnt cause any problems. Is there a patch for this problem that you are aware of? I would think this is a problem which the community knows about (I found a few references to this problem on Google) Thanks for you efforts. Samba and Me both prevail! Regards, Ash --Original Message- -From: Van Sickler, Jim [mailto:[EMAIL PROTECTED] -Sent: Friday, April 15, 2005 04:57 PM -To: ''Ashutosh Kamdar'', samba@lists.samba.org -Subject: RE: [Samba] Unable to join samba server to a NT4 style domain - -Ash, - - Can you check the value of the -restrictanonymous registry key on your -NT4 server - I think if it's set higher -than 0 or 1 you'll be prevented from -joining the Domain. Set it to 0, let the -Samba box join, and set it back to the -previous level. You'll find the -setting in 3 places with regedit; 2 are -editable, and the 3rd is the current -setting. - -Also, I'm using the smbusers file to -map *nix-Windows users, because I'm not -running winbindd (it's an OpenBSD box). -I've got an entry of: -root=administrator - -You might try adding that file/entry -to see if it helps. - -I guess the --long doesn't display -anything, or you have to tell it to -debug in order for it to work... - -If you're not using a WINS server, -I'd add this to your smb.conf: -name resolve order = lmhosts host bcast - -I'm not sure if your lmhosts entry for the -NT4 server is gnsi_server1 or gnsi_server10x20 -I think it should be the former. - -Jim - - -Original Message- - From: Ashutosh Kamdar [mailto:[EMAIL PROTECTED] - Sent: Friday, April 15, 2005 9:20 AM - To: Van Sickler, Jim; 'Ashutosh Kamdar'; samba@lists.samba.org - Subject: Re: [Samba] Unable to join samba server to a NT4 style domain - - - Jim, - - I tried something as per your suggestion: - - # ./net rpc join -S NTSERVER -d 3 -l -U administrator%'x' - - This gave me the output listed below. Hopefully, this will - help shed some light on the problem. Do you know what does - status NT_STATUS_ACCESS_DENIED mean? - - Thanks, - - Ash - - -8 - - [2005/04/15 12:09:30, 3] param/loadparm.c:lp_load(3907) - lp_load: refreshing parameters - [2005/04/15 12:09:30, 3] param/loadparm.c:init_globals(1321) - Initialising global parameters - [2005/04/15 12:09:30, 3] param/params.c:pm_process(573) - params.c:pm_process() - Processing configuration file - /usr/local/samba/lib/smb.conf - [2005/04/15 12:09:30, 3] param/loadparm.c:do_section(3409) - Processing section [global] - [2005/04/15 12:09:30, 2] lib/interface.c:add_interface(81) - added interface ip=192.168.2.37 bcast=192.168.2.255 - nmask=255.255.255.0 - [2005/04/15 12:09:30, 3] libsmb/namequery.c:resolve_lmhosts(855) - resolve_lmhosts: Attempting lmhosts lookup for name - gnsi_server10x20 - [2005/04/15 12:09:30, 3] libsmb/namequery.c:resolve_wins(752) - resolve_wins: Attempting wins lookup for name gnsi_server10x20 - [2005/04/15 12:09:30, 3] libsmb/namequery.c:resolve_wins(755) - resolve_wins: WINS server resolution selected and no WINS - servers listed. - [2005/04/15 12:09:30, 3] libsmb/namequery.c:resolve_hosts(917) - resolve_hosts: Attempting host lookup for name gnsi_server10x20 - [2005/04/15 12:09:30, 3] - libsmb/cliconnect.c:cli_start_connection(1406) - Connecting to host=gnsi_server1 - [2005/04/15 12:09:30, 3] lib/util_sock.c:open_socket_out(752) - Connecting to 192.168.2.11 at port 445 - [2005/04/15 12:09:30, 1] libsmb/cliconnect.c:cli_full_connection(1506) - failed tcon_X with NT_STATUS_ACCESS_DENIED - [2005/04/15 12:09:30, 1] utils/net.c:connect_to_ipc_anonymous(207) - Cannot connect to server (anonymously). Error was - NT_STATUS_ACCESS_DENIED - [2005/04/15 12:09:30, 3] - libsmb/cliconnect.c:cli_start_connection(1406) - Connecting to host=gnsi_server1 - [2005/04/15 12:09:30, 3] lib/util_sock.c:open_socket_out(752) - Connecting to 192.168.2.11 at port 445 - [2005/04/15 12:09:30, 3] - libsmb/cliconnect.c:cli_session_setup_spnego(708) - Doing spnego session setup (blob length=110) - [2005/04/15 12:09:30, 3] - libsmb/cliconnect.c:cli_session_setup_spnego(733) - got OID=1 2 840 48018 1 2 2 - [2005/04/15 12:09:30, 3] - libsmb/cliconnect.c:cli_session_setup_spnego(733) - got OID=1 2 840 113554 1 2 2 - [2005/04/15 12:09:30, 3] - libsmb/cliconnect.c:cli_session_setup_spnego(733) - got OID=1 2 840 113554 1 2 2 3 - [2005/04/15 12:09:30, 3] - libsmb/cliconnect.c:cli_session_setup_spnego(733) - got OID=1 3
Re: [Samba] still ACL bug in 3.0.14a
On Fri, Apr 15, 2005 at 12:03:06PM -0500, Tom Schaefer wrote: The problem is totally reproducible across different boxes here and even using the most very basic of a smb.conf. User schaefer should be able to connect to his home share, go into his tmp/crap/ folder and create, modify, and delete files as he pleases. In any Samba 3.0.11 or prior he can. Haven't tried 3.0.12. 3.0.13 and 3.0.14a he can't... [EMAIL PROTECTED]:/accounts/staff/schaefer/tmp bash# ls -ld crap d-+ 2 root root 512 Apr 15 11:15 crap/ [EMAIL PROTECTED]:/accounts/staff/schaefer/tmp bash# getfacl crap # file: crap # owner: root # group: root user::--- group::--- #effective:--- group:203:rwx #effective:rwx group:cfusion:rwx #effective:rwx mask:rwx other:--- [EMAIL PROTECTED]:/accounts/staff/schaefer/tmp bash# id schaefer uid=241(schaefer) gid=60003(cfusion) Ok, I'm trying to reproduce this here with a Windows XP Professional SP2 box and Linux ext3+ea+acl filesystem and I can't. Here is my test setup : # ls -ld /tmp/crap d---rwx---+ 2 root root 4096 Apr 15 11:05 /tmp/crap # getfacl crap # file: crap # owner: root # group: root user::--- user:jeremy:rwx group::--- group:jeremy:rwx mask::rwx other::--- User jeremy can create/delete and modify files from a cmd.exe shell and Windows explorer to his hearts content, no problems. It's possible this is a Solaris specific issue. Can you reproduce the problem with 3.0.14a on a Linux box ? Jeremy. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Smbd hangs for users...
On Fri, Apr 15, 2005 at 07:48:29PM +0200, Anders Trobäck wrote: I love to if I just know how, not used to debuging...can you give me a hint? Please! Compile with -g to ensure you have symbols in place. Add the following line to the smb.conf global section : panic action = /bin/sleep 9 to catch any panics. If smbd seems to be frozen look for any sleep processes. If it's not an appears to be spinning, find the processid of the spinning process and type : gdb /usr/local/samba/sbin/smbd then attach pid (of the spinning process), then type bt to get a backtrace to see where the smbd is in the call path. Good luck ! Jeremy. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] still ACL bug in 3.0.14a
I'm pretty sure I did (though it's Friday and I have a significantly shorter attention span/less attention for detail) and I sent you (JRA directly) logfiles and a configuration file for a 3.0.14a test on RHEL 3. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Jeremy Allison Sent: Friday, April 15, 2005 2:29 PM To: Tom Schaefer Cc: samba@lists.samba.org Subject: Re: [Samba] still ACL bug in 3.0.14a On Fri, Apr 15, 2005 at 12:03:06PM -0500, Tom Schaefer wrote: The problem is totally reproducible across different boxes here and even using the most very basic of a smb.conf. User schaefer should be able to connect to his home share, go into his tmp/crap/ folder and create, modify, and delete files as he pleases. In any Samba 3.0.11 or prior he can. Haven't tried 3.0.12. 3.0.13 and 3.0.14a he can't... [EMAIL PROTECTED]:/accounts/staff/schaefer/tmp bash# ls -ld crap d-+ 2 root root 512 Apr 15 11:15 crap/ [EMAIL PROTECTED]:/accounts/staff/schaefer/tmp bash# getfacl crap # file: crap # owner: root # group: root user::--- group::--- #effective:--- group:203:rwx #effective:rwx group:cfusion:rwx #effective:rwx mask:rwx other:--- [EMAIL PROTECTED]:/accounts/staff/schaefer/tmp bash# id schaefer uid=241(schaefer) gid=60003(cfusion) Ok, I'm trying to reproduce this here with a Windows XP Professional SP2 box and Linux ext3+ea+acl filesystem and I can't. Here is my test setup : # ls -ld /tmp/crap d---rwx---+ 2 root root 4096 Apr 15 11:05 /tmp/crap # getfacl crap # file: crap # owner: root # group: root user::--- user:jeremy:rwx group::--- group:jeremy:rwx mask::rwx other::--- User jeremy can create/delete and modify files from a cmd.exe shell and Windows explorer to his hearts content, no problems. It's possible this is a Solaris specific issue. Can you reproduce the problem with 3.0.14a on a Linux box ? Jeremy. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] still ACL bug in 3.0.14a
Hello, (please see below) Jeremy Allison wrote: [EMAIL PROTECTED]:/accounts/staff/schaefer/tmp bash# getfacl crap # file: crap # owner: root # group: root user::--- group::--- #effective:--- group:203:rwx #effective:rwx group:cfusion:rwx #effective:rwx mask:rwx other:--- # getfacl crap # file: crap # owner: root # group: root user::--- user:jeremy:rwx group::--- group:jeremy:rwx mask::rwx other::--- User jeremy can create/delete and modify files from a cmd.exe shell and Windows explorer to his hearts content, no problems. The difference is that you gave write permissions to user jeremy. In the other example, permissions are granted _only_ to the group the user belongs to. So you have to remove the user:jeremy:rwx to see the bug. Peter It's possible this is a Solaris specific issue. Can you reproduce the problem with 3.0.14a on a Linux box ? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Upgrading Samba
How easy would it be to upgrade?? Is it a simple matter of overwriting files, or is there more involved? We currently have ver. 2.2.7 and will probably upgrade to 3.0.14a soon... We would be compiling from source... Thanks -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] still ACL bug in 3.0.14a
On Fri, Apr 15, 2005 at 08:49:10PM +0200, Peter Kruse wrote: User jeremy can create/delete and modify files from a cmd.exe shell and Windows explorer to his hearts content, no problems. The difference is that you gave write permissions to user jeremy. In the other example, permissions are granted _only_ to the group the user belongs to. So you have to remove the user:jeremy:rwx to see the bug. No, makes no difference to me. I can still create/rename/delete from cmd.exe and explorer with the following permissions on the containing directory : # ls -ld crap d---rwx---+ 2 root root 4096 Apr 15 12:00 crap/ # getfacl crap # file: crap # owner: root # group: root user::--- group::--- group:jeremy:rwx mask::rwx other::--- I'm beginning to think this is a Solaris specific problem. Jeremy. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Upgrading Samba
On Friday 15 April 2005 12:52, Jason Lavetan wrote: How easy would it be to upgrade?? Is it a simple matter of overwriting files, or is there more involved? We currently have ver. 2.2.7 and will probably upgrade to 3.0.14a soon... We would be compiling from source... Doesn't anyone read documentation? Sheesh! :-) Please refer to chapter 8 of the Samba-Guide. It is on-line at: http://www.samba.org/samba/docs/Samba-Guide.pdf This book has very recently been updated. I hope the instructions / guide-lines are adequately documented. If you find any difficulty please let me know. - John T. -- John H Terpstra Samba-Team Member Phone: +1 (650) 580-8668 Author: The Official Samba-3 HOWTO Reference Guide, ISBN: 0131453556 Samba-3 by Example, ISBN: 0131472216 Hardening Linux, ISBN: 0072254971 Other books in production. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] still ACL bug in 3.0.14a
Jeremy Allison wrote: I'm beginning to think this is a Solaris specific problem. Can't be, because here is Linux 2.4.29, and have the same problem. Peter -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Re: still ACL bug in 3.0.14a
I've the same problem with AIX 4.3.3 and samba 3.0.13 (bug report #2606) users can create and write, but cannot delete and rename I'll try 3.0.14a but I don't think this would resolve anything -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] still ACL bug in 3.0.14a
Sigh. Good catch Peter but I set up my test environment (Sparc Solaris 8, UFS filesystem) to match what Jeremy used and still have the same problem. I set it up like this... [EMAIL PROTECTED]:/accounts/staff/schaefer/tmp bash# ls -ld crap d---rwx---+ 2 root root1024 Apr 15 13:53 crap/ [EMAIL PROTECTED]:/accounts/staff/schaefer/tmp bash# getfacl crap # file: crap # owner: root # group: root user::--- user:schaefer:rwx #effective:rwx group::rwx #effective:rwx group:203:rwx #effective:rwx group:cfusion:rwx #effective:rwx mask:rwx other:--- User schaefer still can't rename or delete files in the crap directory. How frustrating. Jeremy we don't do a lot of Linux around here but yes I should be able to cobble a test together. Also, Peter, I know you use Linux and have been seeing these exact same symptoms, but have you actually tried it against 3.0.14a yet? Tom Schaefer On Fri, 15 Apr 2005 13:49:10 -0500 Peter Kruse [EMAIL PROTECTED] wrote: Hello, (please see below) Jeremy Allison wrote: [EMAIL PROTECTED]:/accounts/staff/schaefer/tmp bash# getfacl crap # file: crap # owner: root # group: root user::--- group::--- #effective:--- group:203:rwx #effective:rwx group:cfusion:rwx #effective:rwx mask:rwx other:--- # getfacl crap # file: crap # owner: root # group: root user::--- user:jeremy:rwx group::--- group:jeremy:rwx mask::rwx other::--- User jeremy can create/delete and modify files from a cmd.exe shell and Windows explorer to his hearts content, no problems. The difference is that you gave write permissions to user jeremy. In the other example, permissions are granted _only_ to the group the user belongs to. So you have to remove the user:jeremy:rwx to see the bug. Peter It's possible this is a Solaris specific issue. Can you reproduce the problem with 3.0.14a on a Linux box ? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] creating user problems under samba 3
Hi all!! I am using Samba 3 (3.0.4) and SuSE SLES 9. I am having troubles trying to create new users and machines accounts on the newly created domain. Could somebody answer me why i am receiving this error messages? linuxserv:~ # smbpasswd -m -a testmachine Failed to initialise SAM_ACCOUNT for user testmachine$. Failed to modify password entry for user testmachine$ linuxserv:~ # smbpasswd -a testmachine New SMB password: Retype new SMB password: tdb_update_sam: Failing to store a SAM_ACCOUNT for [testmachine] without a primary group RID Failed to add entry for user testmachine. Failed to modify password entry for user testmachine Thanxs in advance Victor -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] still ACL bug in 3.0.14a
Hello again, Peter Kruse wrote: The difference is that you gave write permissions to user jeremy. In the other example, permissions are granted _only_ to the group the user belongs to. So you have to remove the user:jeremy:rwx to see the bug. Doesn't seem to make the difference, sorry, in my example write permissions were also set for the user. Must be something else then. Check if you can create a file with similair permissions as described in #2619 not only the directory, please. Thanks for taking the time btw. Peter -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] creating user problems under samba 3
On Friday 15 April 2005 13:15, Victor Medina wrote: Hi all!! I am using Samba 3 (3.0.4) and SuSE SLES 9. I am having troubles trying to create new users and machines accounts on the newly created domain. Could somebody answer me why i am receiving this error messages? The problem could be caused by a large number of possible factors. Send me the output of: testparm -s Also, have you followed the Samba documentation? The best document for comparing your configuration with the official recommendations is the book Samba-3 by Exampe available from Amazon.Com or by downloading from: http://www.samba.org/samba/docs/Samba-Guide.pdf This book is currently being updated. All my test work is done with SLES 9. - John T. linuxserv:~ # smbpasswd -m -a testmachine Failed to initialise SAM_ACCOUNT for user testmachine$. Failed to modify password entry for user testmachine$ linuxserv:~ # smbpasswd -a testmachine New SMB password: Retype new SMB password: tdb_update_sam: Failing to store a SAM_ACCOUNT for [testmachine] without a primary group RID Failed to add entry for user testmachine. Failed to modify password entry for user testmachine Thanxs in advance Victor -- John H Terpstra Samba-Team Member Phone: +1 (650) 580-8668 Author: The Official Samba-3 HOWTO Reference Guide, ISBN: 0131453556 Samba-3 by Example, ISBN: 0131472216 Hardening Linux, ISBN: 0072254971 Other books in production. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] still ACL bug in 3.0.14a
Tom Schaefer wrote: Sigh. Good catch Peter but I set up my test environment (Sparc Solaris 8, UFS filesystem) to match what Jeremy used and still have the same problem. but what permissions do the _files_ have that you can no longer modify? User schaefer still can't rename or delete files in the crap directory. How frustrating. Jeremy we don't do a lot of Linux around here but yes I should be able to cobble a test together. Also, Peter, I know you use Linux and have been seeing these exact same symptoms, but have you actually tried it against 3.0.14a yet? to be honest - no. If you cannot reproduce it, Jeremy, then I will try 3.0.14a. Peter -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Unable to join samba server to a NT4 style domain
Ash, I'd try adding the next Samba box to the Domain, and use the net rpc oldjoin command first, to see if it works that way. If it does, then you won't have to mess with the restrictanonymous setting at all. I don't think setting it back to the original setting will cause problems, as everything else was working at that setting. I'm also glad that it's a dynamic setting; you don't have to reboot the server every time you change it... Maybe the reason the Samba 2.x server setups worked was that the NT4 default restrictanonymous setting was 0, and about the time 2.2x/3.x was released, NT Admins were made aware of the vulnerability at 0 and were changing it to 1 or 2. Anyway, I'm glad it's up running! Jim -Original Message- From: Ashutosh Kamdar [mailto:[EMAIL PROTECTED] Sent: Friday, April 15, 2005 11:26 AM To: Van Sickler, Jim; 'Ashutosh Kamdar'; samba@lists.samba.org Subject: Re: [Samba] Unable to join samba server to a NT4 style domain Jim, It worked! The modification of the registry value on the PDC allowed the samba server to join the domain. Phew! I can get some peace now :) I have also acted upon your suggestions about adding the entry to smb.conf. You were right about the server name, it was the former. Now, what we have done in terms of setting the registryvalue to 0 is a workaround. Does this have to be done everytime a Samba server joins the domain? I am going to ask my NT admin to change the value back to its original setting. Hope this doesnt cause any problems. Is there a patch for this problem that you are aware of? I would think this is a problem which the community knows about (I found a few references to this problem on Google) Thanks for you efforts. Samba and Me both prevail! Regards, Ash --Original Message- -From: Van Sickler, Jim [mailto:[EMAIL PROTECTED] -Sent: Friday, April 15, 2005 04:57 PM -To: ''Ashutosh Kamdar'', samba@lists.samba.org -Subject: RE: [Samba] Unable to join samba server to a NT4 style domain - -Ash, - - Can you check the value of the -restrictanonymous registry key on your -NT4 server - I think if it's set higher -than 0 or 1 you'll be prevented from -joining the Domain. Set it to 0, let the -Samba box join, and set it back to the -previous level. You'll find the -setting in 3 places with regedit; 2 are -editable, and the 3rd is the current -setting. - -Also, I'm using the smbusers file to -map *nix-Windows users, because I'm not -running winbindd (it's an OpenBSD box). -I've got an entry of: -root=administrator - -You might try adding that file/entry -to see if it helps. - -I guess the --long doesn't display -anything, or you have to tell it to -debug in order for it to work... - -If you're not using a WINS server, -I'd add this to your smb.conf: -name resolve order = lmhosts host bcast - -I'm not sure if your lmhosts entry for the -NT4 server is gnsi_server1 or gnsi_server10x20 -I think it should be the former. - -Jim - - -Original Message- - From: Ashutosh Kamdar [mailto:[EMAIL PROTECTED] - Sent: Friday, April 15, 2005 9:20 AM - To: Van Sickler, Jim; 'Ashutosh Kamdar'; samba@lists.samba.org - Subject: Re: [Samba] Unable to join samba server to a NT4 style domain - - - Jim, - - I tried something as per your suggestion: - - # ./net rpc join -S NTSERVER -d 3 -l -U administrator%'x' - - This gave me the output listed below. Hopefully, this will - help shed some light on the problem. Do you know what does - status NT_STATUS_ACCESS_DENIED mean? - - Thanks, - - Ash - - -8 - - [2005/04/15 12:09:30, 3] param/loadparm.c:lp_load(3907) - lp_load: refreshing parameters - [2005/04/15 12:09:30, 3] param/loadparm.c:init_globals(1321) - Initialising global parameters - [2005/04/15 12:09:30, 3] param/params.c:pm_process(573) - params.c:pm_process() - Processing configuration file - /usr/local/samba/lib/smb.conf - [2005/04/15 12:09:30, 3] param/loadparm.c:do_section(3409) - Processing section [global] - [2005/04/15 12:09:30, 2] lib/interface.c:add_interface(81) - added interface ip=192.168.2.37 bcast=192.168.2.255 - nmask=255.255.255.0 - [2005/04/15 12:09:30, 3] libsmb/namequery.c:resolve_lmhosts(855) - resolve_lmhosts: Attempting lmhosts lookup for name - gnsi_server10x20 - [2005/04/15 12:09:30, 3] libsmb/namequery.c:resolve_wins(752) - resolve_wins: Attempting wins lookup for name gnsi_server10x20 - [2005/04/15 12:09:30, 3] libsmb/namequery.c:resolve_wins(755) - resolve_wins: WINS server resolution selected and no WINS - servers listed. - [2005/04/15 12:09:30, 3] libsmb/namequery.c:resolve_hosts(917) - resolve_hosts: Attempting host lookup for name gnsi_server10x20 - [2005/04/15 12:09:30, 3] - libsmb/cliconnect.c:cli_start_connection(1406) - Connecting to host=gnsi_server1 - [2005/04/15 12:09:30, 3]
Re: FW: [Samba] AIX and libldap.a
Roy Vickers wrote: In the configure file I find: --with-ldap LDAP support (default yes) What if I turn ldap off in that statement... What would the repercussions be? All I'm interested in doing is simple file sharing. By the way, what's the opposite of --with? --without? Thanks As far as I know, no ldap or kerberos means no support for Active Directory net ads. In other words, you won't be able to join as a member server of a 2000 or 2003 AD in native mode, but old fashioned NT40 net rpc commands ought to work with a NT40 PDC or 2000 in mixed mode. Or just old peer to peer workgroup. Maybe someone who's used samba3 net rpc or net rap will correct me if I'm wrong. I never used no, but from configure --help Optional Packages: --with-PACKAGE[=ARG]use PACKAGE [ARG=yes] --without-PACKAGE do not use PACKAGE (same as --with-PACKAGE=no) so my guess is --with-ldap=no or --without-ldap Regards, Doug -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] ACL and delete files
Peter Kruse wrote: John H Terpstra wrote: Please file this as a bug report on https://bugzilla.samba.org if you want this to be dealt with. All Samba bug related issues are dealt with via bugzilla. The closed bug #2521 looks like related to this, and I was thinking to reopen it if I can. Ptr - John T. On Friday 15 April 2005 08:59, Peter Kruse wrote: Hello, Here's a way to force the error. Please try it. To summarize: Create a file with permission bits set to 470, owned by root. With setfacl give write permission to a group. Users in that group will not be able to modify the file when accessing the share from a windows client. This is true for smbclient as well. Modifying the file under Linux works as expected. Check out the delete readonly option in smb.conf. Since the owner does not have write permission it shows as read only. You'll get what you want by setting delete readonly = yes on the share. Regards, Doug -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] still ACL bug in 3.0.14a
Okay: 3.0.14a RHEL 3, client is a Windows 2003 Server SP 1. Simple (minimally sanitized) configuration using Winbind and Samba: = Begin Config = [global] load printers = no guest account = nobody hosts allow = (our local ranges) workgroup = (our domain) security = domain password server = * client schannel = no encrypt passwords = yes local master = no os level = 1 wins server = (the wins server IP) preserve case = yes invalid users = root mail daemon log level = 10 debug uid = yes debug pid = yes log file = /usr/local/samba/var/log.%m lock directory = /usr/local/samba/var/locks share modes = yes allow trusted domains = no winbind separator = + winbind uid = 12500-1 winbind gid = 12500-1 winbind enum users = yes winbind enum groups = yes winbind use default domain = no template homedir = /dev/null [junk] comment = junk test browseable = yes force create mode = 0664 force directory mode = 0775 force group = mysql# a linux group that group owns junk follow symlinks = no path = /usr/local/samba/junk valid users = @(winbind enumerated group) read only = no == End Config == Taking a file as a valid user and copying it to the destination succeeds. Here's the long ls of the junk dir: # l junk total 5560 drwxrwxr-x2 bb mysql4096 Apr 15 15:32 ./ drwxr-xr-x 11 root root 4096 Apr 15 15:21 ../ -rwxrw-r--1 LIB+eric mysql 5668947 Mar 25 09:11 HPLJ4250-070323-ILLiad.pdf* Ignoring the minor issue of the created files perms not matching the force create mode (I know it's now an OR thing that I can fix), I should still be able to delete this file, as I've been forced to the mysql group properly (as evidenced by the fact that the file was given that group). But I can't. Jeremy: if you want the logs from this box, let me know - they'll be about 4-5 MB. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Peter Kruse Sent: Friday, April 15, 2005 3:30 PM To: Tom Schaefer Cc: samba@lists.samba.org; [EMAIL PROTECTED] Subject: Re: [Samba] still ACL bug in 3.0.14a Tom Schaefer wrote: Sigh. Good catch Peter but I set up my test environment (Sparc Solaris 8, UFS filesystem) to match what Jeremy used and still have the same problem. but what permissions do the _files_ have that you can no longer modify? User schaefer still can't rename or delete files in the crap directory. How frustrating. Jeremy we don't do a lot of Linux around here but yes I should be able to cobble a test together. Also, Peter, I know you use Linux and have been seeing these exact same symptoms, but have you actually tried it against 3.0.14a yet? to be honest - no. If you cannot reproduce it, Jeremy, then I will try 3.0.14a. Peter -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] still ACL bug in 3.0.14a
Peter Kruse wrote: Hello, (please see below) Jeremy Allison wrote: [EMAIL PROTECTED]:/accounts/staff/schaefer/tmp bash# getfacl crap # file: crap # owner: root # group: root user::--- group::--- #effective:--- group:203:rwx #effective:rwx group:cfusion:rwx #effective:rwx mask:rwx other:--- # getfacl crap # file: crap # owner: root # group: root user::--- user:jeremy:rwx group::--- group:jeremy:rwx mask::rwx other::--- User jeremy can create/delete and modify files from a cmd.exe shell and Windows explorer to his hearts content, no problems. The difference is that you gave write permissions to user jeremy. In the other example, permissions are granted _only_ to the group the user belongs to. So you have to remove the user:jeremy:rwx to see the bug. What I see is that I have to use: delete readonly = yes to get delete rights on the file. Doug -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] creating user problems under samba 3
John H Terpstra wrote: On Friday 15 April 2005 13:15, Victor Medina wrote: Hi all!! I am using Samba 3 (3.0.4) and SuSE SLES 9. I am having troubles trying to create new users and machines accounts on the newly created domain. Could somebody answer me why i am receiving this error messages? Also, have you followed the Samba documentation? The best document for comparing your configuration with the official recommendations is the book Samba-3 by Exampe available from Amazon.Com or by downloading from: http://www.samba.org/samba/docs/Samba-Guide.pdf This book is currently being updated. All my test work is done with SLES 9. linuxserv:~ # smbpasswd -m -a testmachine Failed to initialise SAM_ACCOUNT for user testmachine$. Failed to modify password entry for user testmachine$ linuxserv:~ # smbpasswd -a testmachine New SMB password: Retype new SMB password: tdb_update_sam: Failing to store a SAM_ACCOUNT for [testmachine] without a primary group RID Failed to add entry for user testmachine. Failed to modify password entry for user testmachine You might need to do: linuxserv:~ # useradd -M testmachine$ to create the machine account in the Unix password database (usu. /etc/passwd) before attempting to add it to the Samba password database. Note that the -M option prevents the creation of a home directory and other default files, and the $ is required for machine accounts. Note also when adding machine accounts to Samba, the $ is automatically appended so you should NOT include it. Likewise for users, you may need to do: linuxserv:~ # useradd someuser Now that being said, it's also possible to use LDAP for all of your authentication, which would eliminate the need for adding machine and user accounts to the Unix password database. Heck, it would elminate the need FOR a unix password database. Don't ask me how (as I've never done it), but a fellow by the name of John H. Terpstra has written an excellent book on the subject, see above. ;-) ~Jonathan Johnson [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] authentication via smbpasswd or tdbsam
the comments in smb.conf confused me regarding smbpasswd and tdbsam. If I store user accounts in tdbsam, can I no longer use unix password sync? -- David Bear phone: 480-965-8257 fax:480-965-9189 College of Public Programs/ASU Wilson Hall 232 Tempe, AZ 85287-0803 Beware the IP portfolio, everyone will be suspect of trespassing -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] ACL and delete files
Hi, Doug VanLeuven wrote: Peter Kruse wrote: Here's a way to force the error. Please try it. To summarize: Create a file with permission bits set to 470, owned by root. With setfacl give write permission to a group. Users in that group will not be able to modify the file when accessing the share from a windows client. This is true for smbclient as well. Modifying the file under Linux works as expected. Check out the delete readonly option in smb.conf. Since the owner does not have write permission it shows as read only. You'll get what you want by setting delete readonly = yes on the share. Thanks for the hint, just tried but unfortunately doesn't make difference. It's not the owner of the file (root) trying to modify it but only a user that is a member of a group. This group is given write access to the file via ACLs. Regards, Ptr -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba Version 3.0.10 or 3.0.14
Josef Royena wrote: I need your help on where we could download samba software version 3.0.10 or latest 3.0.14 on AIX 5.3 platform. You can try UCLA Public Domain Software Library for AIX. They only have compiled for 5.1, but it might work. The 5.1 compiles generally work on AIX 5.2. http://aixpdslib.seas.ucla.edu/ Regards, Doug -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] still ACL bug in 3.0.14a
Stewart, Eric wrote: ... # l junk total 5560 drwxrwxr-x2 bb mysql4096 Apr 15 15:32 ./ drwxr-xr-x 11 root root 4096 Apr 15 15:21 ../ -rwxrw-r--1 LIB+eric mysql 5668947 Mar 25 09:11 HPLJ4250-070323-ILLiad.pdf* does solaris ls not indicate ACLs with a +? What does getfacl HPLJ4250-070323-ILLiad.pdf give? Ptr -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] creating user problems under samba 3
Now that being said, it's also possible to use LDAP for all of your authentication, which would eliminate the need for adding machine and user accounts to the Unix password database. Heck, it would elminate the need FOR a unix password database. Don't ask me how (as I've never Not exactly, you still have a password database, but it is then extended to include the data in the LDAP tree. Given what appears to be your expertise level in this area, I'd suggest you gain a thorough understanding of what you're doing right now, that is the basic samba setup with a files based UNIX backend. If you decide that you need multiple servers on the UNIX side, then by all means go for an LDAP setup. There are tools to help you move your files database to an LDAP one. Once you have LDAP running well, you can use samba tools to migrate your smbpasswd data into LDAP as well. -- Paul GiengerOffice: 701-281-1884 Applied Engineering Inc. Systems Architect Fax:701-281-1322 URL: www.ae-solutions.com mailto: [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] creating user problems under samba 3
Hi John! Thanks for taking time to answer me. On Fri, 2005-04-15 at 13:28 -0600, John H Terpstra wrote: On Friday 15 April 2005 13:15, Victor Medina wrote: Hi all!! I am using Samba 3 (3.0.4) and SuSE SLES 9. I am having troubles trying to create new users and machines accounts on the newly created domain. Could somebody answer me why i am receiving this error messages? The problem could be caused by a large number of possible factors. Send me the output of: testparm -s Also, have you followed the Samba documentation? The best document for comparing your configuration with the official recommendations is the book Samba-3 by Exampe available from Amazon.Com or by downloading from: YEAP! I have the latest version dated, April 15. This domain is a migration from a OLD nt4 domain. We are following the book almost religiously(both, the how-tos and the by examples). We've been using the new domain in a test basis, we migrate some of our machines to the newly created domain, the problem seems to be to create new accounts. All of the old accounts (machines and users) are working just fine with the new domain. I suspect i can join a machine ONLY if it's already in the domain (migrated from the old one) but new joins fails, as a create a new users fails also. AM i crazy? or this could happen? I am even sending you a list of the groups mapping. Best Regards Victor # Global parameters [global] workgroup = EPA0.VE.EPA.COM map to guest = Bad User passdb backend = tdbsam pam password change = Yes passwd chat = *New*Password* %n\n *Re-enter*new*password* %n\n *Password*changed* username map = /etc/samba/smbusers unix password sync = Yes name resolve order = wins bcast hosts time server = Yes printcap cache time = 750 add user script = /usr/sbin/useradd -m %u delete user script = /usr/sbin/userdel -r %u add group script = /usr/sbin/groupadd %g delete group script = /usr/sbin/groupdel %g add user to group script = /usr/sbin/usermod -G %g %u add machine script = /usr/sbin/useradd -s /bin/false %u logon script = scripts\logon.bat logon path = logon drive = H: logon home = \\%L\%U\.9xprofile domain logons = Yes os level = 65 preferred master = Yes domain master = Yes wins support = Yes printer admin = @ntadmin, root, administrator cups options = raw printer name = Sistemas [homes] comment = Home Directories valid users = %S read only = No inherit permissions = Yes browseable = No [profiles] comment = Network Profiles Service path = %H read only = No create mask = 0600 directory mask = 0700 store dos attributes = Yes [users] comment = All users path = /home read only = No inherit permissions = Yes veto files = /aquota.user/groups/shares/ [groups] comment = All groups path = /home/groups read only = No inherit permissions = Yes [pdf] comment = PDF creator path = /var/tmp create mask = 0600 printable = Yes [printers] comment = All Printers path = /var/tmp create mask = 0600 printable = Yes browseable = No [print$] comment = Printer Drivers path = /var/lib/samba/drivers write list = @ntadmin, root force group = ntadmin create mask = 0664 directory mask = 0775 [netlogon] path = /var/lib/samba/netlogon guest ok = Yes [documentos] path = /export/Documentos read only = No create mask = 0770 directory mask = 0770 guest ok = Yes [impresorasistemas] comment = HP Jaserjet path = /var/tmp printer admin = @ntadmin, root, administrator, @users read only = No create mask = 0600 guest ok = Yes printable = Yes printer name = ImpresoraSistemas oplocks = No share modes = No [entrepito] path = /tmp Opers. de servidores (S-1-5-32-549) - daemon Domain Guests (S-1-5-21-134045413-280566717-701057205-514) - nobody Gmedios (S-1-5-21-134045413-280566717-701057205-3536) - Gmedios GCostaRica (S-1-5-21-134045413-280566717-701057205-4063) - GCostaRica Gventas (S-1-5-21-134045413-280566717-701057205-3511) - Gventas Beneficios (S-1-5-21-134045413-280566717-701057205-2228) - Beneficios Gadiestramiento (S-1-5-21-134045413-280566717-701057205-3507) - Gadiestramiento Rredes (S-1-5-21-134045413-280566717-701057205-2236) - Rredes Duplicadores (S-1-5-32-552) - kmem Invitados (S-1-5-32-546) - nobody Domain Admins (S-1-5-21-134045413-280566717-701057205-512) - root Gredes (S-1-5-21-134045413-280566717-701057205-3337) - Gredes TWGSuperAdmins (S-1-5-21-134045413-280566717-701057205-1881)
Re: [Samba] still ACL bug in 3.0.14a
On Fri, Apr 15, 2005 at 09:29:58PM +0200, Peter Kruse wrote: Tom Schaefer wrote: Sigh. Good catch Peter but I set up my test environment (Sparc Solaris 8, UFS filesystem) to match what Jeremy used and still have the same problem. but what permissions do the _files_ have that you can no longer modify? User schaefer still can't rename or delete files in the crap directory. How frustrating. Jeremy we don't do a lot of Linux around here but yes I should be able to cobble a test together. Also, Peter, I know you use Linux and have been seeing these exact same symptoms, but have you actually tried it against 3.0.14a yet? to be honest - no. If you cannot reproduce it, Jeremy, then I will try 3.0.14a. Ah, I didn't know you were not using 3.0.14a. I'm testing against that release and also the current SAMBA_3_0 SVN and can't reproduce. That does make sense as I made changes in smbd/posix_acls.c for this very problem from 3.0.13 (and messed them up in the 3.0.14 original release, that's why we had to do 3.0.14a). Jeremy. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] still ACL bug in 3.0.14a
I still have the bug after upgrading to 3.0.14a logfile [2005/04/15 16:18:28, 10] smbd/statcache.c:stat_cache_lookup(243) stat_cache_lookup: lookup succeeded for name [CBBSP/CBBSP6/NEW TEXT DOCUMENT.TXT] - [CBBSP/CBBSP6/New Text Document.txt] [2005/04/15 16:18:28, 10] smbd/reply.c:can_delete(1502) can_delete: CBBSP/CBBSP6/New Text Document.txt, dirtype = 0 [2005/04/15 16:18:28, 8] smbd/dosmode.c:dos_mode(283) dos_mode: CBBSP/CBBSP6/New Text Document.txt [2005/04/15 16:18:28, 8] smbd/dosmode.c:dos_mode_from_sbuf(151) dos_mode_from_sbuf returning a [2005/04/15 16:18:28, 8] smbd/dosmode.c:dos_mode(315) dos_mode returning a [2005/04/15 16:18:28, 10] smbd/posix_acls.c:check_posix_acl_group_write(3912) check_posix_acl_group_write: file CBBSP/CBBSP6 failed to match on user or group in token (ret = -1). [2005/04/15 16:18:28, 10] smbd/posix_acls.c:check_posix_acl_group_write(3919) check_posix_acl_group_write: file CBBSP/CBBSP6 returning (ret = -1). -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] still ACL bug in 3.0.14a
Jeremy Allison wrote: Ah, I didn't know you were not using 3.0.14a. I'm testing against that release and also the current SAMBA_3_0 SVN and can't reproduce. That does make sense as I made changes in smbd/posix_acls.c for this very problem from 3.0.13 (and messed them up in the 3.0.14 original release, that's why we had to do 3.0.14a). Ok, I'll give 3.0.14a a try. have a good flight, Peter -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] still ACL bug in 3.0.14a
On Fri, Apr 15, 2005 at 04:18:59PM -0400, Yannick Bergeron wrote:
I still have the bug after upgrading to 3.0.14a
logfile
[2005/04/15 16:18:28, 10] smbd/statcache.c:stat_cache_lookup(243)
stat_cache_lookup: lookup succeeded for name [CBBSP/CBBSP6/NEW TEXT
DOCUMENT.TXT] - [CBBSP/CBBSP6/New Text Document.txt]
[2005/04/15 16:18:28, 10] smbd/reply.c:can_delete(1502)
can_delete: CBBSP/CBBSP6/New Text Document.txt, dirtype = 0
[2005/04/15 16:18:28, 8] smbd/dosmode.c:dos_mode(283)
dos_mode: CBBSP/CBBSP6/New Text Document.txt
[2005/04/15 16:18:28, 8] smbd/dosmode.c:dos_mode_from_sbuf(151)
dos_mode_from_sbuf returning a
[2005/04/15 16:18:28, 8] smbd/dosmode.c:dos_mode(315)
dos_mode returning a
[2005/04/15 16:18:28, 10]
smbd/posix_acls.c:check_posix_acl_group_write(3912)
check_posix_acl_group_write: file CBBSP/CBBSP6 failed to match on user or
group in token (ret = -1).
[2005/04/15 16:18:28, 10]
smbd/posix_acls.c:check_posix_acl_group_write(3919)
check_posix_acl_group_write: file CBBSP/CBBSP6 returning (ret = -1).
Wait a minute. Did you configure with --with-acl-support ?
From this log I don't see the debug line :
DEBUG(10,(check_posix_acl_group_write: ret = %d before check_stat:\n, ret));
which should always be written if you're getting to the line :
DEBUG(10,(check_posix_acl_group_write: file %s \
failed to match on user or group in token (ret = %d).\n, fname, ret ));
That means it failed to read the ACL (ie. this line :
if ((posix_acl = SMB_VFS_SYS_ACL_GET_FILE(conn, fname,
SMB_ACL_TYPE_ACCESS)) == NULL) {
goto check_stat;
}
failed and so you went directly to check_stat, do not pass Go, do
not collect your $200.
If you're running in an ACL aware environment, in order for smbd to
accurately check if you have write access to a directory it must be
compiled with acl support so it can actually read the ACL entries.
I'm starting to think this is the cause of the problems for people.
I can check this by compiling without acl support and seeing if I
can reproduce the bug.
The reason we need ACL support in Samba is that to determine
*before deletion* that file can be deleted in a ACL environment
we must read the full directory ACL. If we don't do this then
the delete access can sometimes silently fail (ie. no error return
to the client) as the open for delete request will succeed,
but then the delete open file request fails - we return the
error but the client ignores it. So we must detect failure to
delete at *open* time - which means checking the directory ACL.
The delete silently failing bug was the reason this ACL
check was added in the first place - it improves corretness
w.r.t. delete semantics.
Jeremy.
Jeremy.
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Unable to join samba server to a NT4 style domain (po st-SOLVED)
Ash, Out of curiosity, what restrictanonymous setting was the NT4 server set to originally, and what was it set to when it allowed the net rpc join command to work? Jim -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] still ACL bug in 3.0.14a
On Fri, Apr 15, 2005 at 01:31:40PM -0700, Jeremy Allison wrote: I'm starting to think this is the cause of the problems for people. I can check this by compiling without acl support and seeing if I can reproduce the bug. Yep - confirmed it. For the people who are reporting this bug, you're failing to add the --with-acl-support when configuring Samba. I agree this is a change compared to 3.0.11, but is obviously needed when you're dealing with ACLs. I'll talk with Jerry to see if we can get a tech note prepared. Jeremy. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Poor Samba Preformance
I recently upgraded a part of my network to Gigabit ethernet, basically between my Linux machine and my main windows machine, is now gigabit. The problem is that, and the whole reason I went with it, is to get faster speeds with samba. I've only been able to get 13.4 MB/s as a maximum transfer speed. I don't expect to be able to get 125 MB/s. If I use HTTP I can get around 18 MB/s, and that would be fine I suppose for now. Now what samba can do is, that I can get two connections to two different machines going at about 13 MB/s one and 12 MB/s (100 Mbps) the other, and they don't really affect eachother, so the bandwidth is there, but getting samba to send as much as possible down one connection seems to be a problem. iperf between the machines, managed to get 528 Mbps. I tried fooling with the socket options, raw read, and and max xmit values in smb.conf adjusting raw read, and max xmit just make it alot worse, I've settled on the following socket options as being the best but they only get me 13 MB/s as opposed to lets say 11 MB/s or 12 MB/s. socket options = TCP_NODELAY, IPTOS_LOWDELAY, SO_REUSEADDR, SO_SNDBUF=4096, SO_RCVBUF=4096 SO_REUSEADDR doesn't seem to do anything actually, but the other ones made noticable difference based on what they were set to. So I'm sorta out of ideas. Would adjusting the MTU of my network help? Steve R -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Unable to join samba server to a NT4 style domain (po st-SOLVED)
Jim, The restrictanonymous value was set to 2, by default and was changed to 0 to allow net rpc join to work. It's back to 2 and there are no problems, yet. Thanks, Ash --Original Message- -From: Van Sickler, Jim [mailto:[EMAIL PROTECTED] -Sent: Friday, April 15, 2005 08:33 PM -To: ''Ashutosh Kamdar'', samba@lists.samba.org -Subject: RE: [Samba] Unable to join samba server to a NT4 style domain (po st-SOLVED) - -Ash, - - Out of curiosity, what restrictanonymous -setting was the NT4 server set to -originally, and what was it set to when it -allowed the net rpc join command to work? - -Jim - -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba Question
On Wednesday 13 April 2005 13:25, Gerry Maddock wrote: I have a share access question for you. I have been running Samba 2.2.7 as a PDC on my RH7.2 box for several years now. I just setup a new PDC running Samba 3.0.10 on a FC3 box. I used to control read-write acces to shares via samba like: [TRData] path = /tr/TRData valid users = administrator,@IT,@fl,@tx,@eu,@ca,@ny,@wa,@uk write list = administrator,@IT,@FLTR force group = FLTR read only = no create mask = 0777 directory mask = 0777 That would work fine when I was running Samba 2.2.7, but now it doesnt work with Samba 3.0.10. What can I enter to my new smb.conf (3.0.10) to get the shares to behave like they did when I ran 2.2.7? Thanks in advance!!! The valid users and write list now require @DOMAIN\IT @DOMAIN\fl etc. - John T. -- John H Terpstra Samba-Team Member Phone: +1 (650) 580-8668 Author: The Official Samba-3 HOWTO Reference Guide, ISBN: 0131453556 Samba-3 by Example, ISBN: 0131472216 Hardening Linux, ISBN: 0072254971 Other books in production. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] still ACL bug in 3.0.14a
Hello again list Here is my output from configure 3.0.13: g-file root # grep -i acl samba.log * myconf is: --with-acl-support --with-pam --with-pam_smbpass --disable-cups --with-ldap --without-ldapsam --with-quotas --with-sys-quotas --with-winbind --with-python=yes --with-readline --with-ads ./configure --prefix=/usr --host=powerpc64-unknown-linux-gnu --mandir=/usr/share/man --infodir=/usr/share/info --datadir=/usr/share --sysconfdir=/etc --localstatedir=/var/lib --prefix=/usr --libdir=/usr/lib/samba --with-libdir=/usr/lib/samba --with-swatdir=/usr/share/doc/samba-3.0.13/swat --localstatedir=/var --with-piddir=/var/run/samba --with-lockdir=/var/cache/samba --with-logfilebase=/var/log/samba --sysconfdir=/etc/samba --with-configdir=/etc/samba --with-privatedir=/var/lib/samba/private --enable-static --enable-shared --with-manpages-langs=en --without-spinlocks --with-libsmbclient --with-automount --with-smbmount --with-syslog --with-idmap --host=powerpc64-unknown-linux-gnu --with-acl-support --with-pam --with-pam_smbpass --disable-cups --with-ldap --without-ldapsam --with-quotas --with-sys-quotas --with-winbind --with-python=yes --with-readline --with-ads checking sys/acl.h usability... yes checking sys/acl.h presence... yes checking for sys/acl.h... yes checking for _acl... no checking for __acl... no checking for _facl... no checking for __facl... no checking whether to support ACLs... checking for getxattr in -lattr... yes checking for acl_get_file in -lacl... yes checking for ACL support... yes Using posix ACLs checking for acl_get_perm_np... no checking how to build vfs_afsacl... not the samba.log was tee'd when emerging on Gentoo. So as you can see the '--with-acl-support' is there and discovered later on during configure. I haven't had the time to test 3.0.14a yet. I'm waiting to see what Peter Kruse will say about this '--with-acl-support' on his machinery. - Jacob Jeremy Allison wrote: On Fri, Apr 15, 2005 at 01:31:40PM -0700, Jeremy Allison wrote: I'm starting to think this is the cause of the problems for people. I can check this by compiling without acl support and seeing if I can reproduce the bug. Yep - confirmed it. For the people who are reporting this bug, you're failing to add the --with-acl-support when configuring Samba. I agree this is a change compared to 3.0.11, but is obviously needed when you're dealing with ACLs. I'll talk with Jerry to see if we can get a tech note prepared. Jeremy. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Unable to join samba server to a NT4 style domain/Sam ba-Guide feedback
John, The restrictanonymous setting was the primary culprit in Ash's issue. I think he's using basically the same setup as I am; no winbind/LDAP involved. I'm thinking there's some initial handshaking that requires an anonymous connection to PDC, and it's being blocked if the restrictanonymous setting is too high. I sent a note to Ash ( the list) asking for the restrictanonymous settings on his server. They were 2 (no join) and 0 (successful join). His admin has changed it back to 2 now that the Samba server is a member server. The setting is dynamic; no NT4 server reboot is required. Can this be added to Chap 7 as a note for section 7.3.2.3? In the case of using net rpc join -U administrator%xx his result was Unable to find a suitable server which indicate Samba wasn't finding the PDC. In the case of using net rpc join -S NT4SERVER -U administrator net rpc join -S NT4SERVER -U administrator%'' net rpc join -W MYWORKGROUP -U administrator net rpc join -W MYWORKGROUP -U administrator%'' his results were Unable to join domain domain which indicate a connection to the PDC. He had the PDC entry in smb.conf and /etc/lmhosts, so I think the syntax for the example in the Guide should be revised to net join rpc -S PDC -U root%not24get (which are %not24et on pgs 241/242 in the current Guide) to aid in first-try success. Section 7.3.2 might be broken into 2 sections: 7.3.2.1 NT4/Samba Domain with Samba Domain Member Server - Using smbusers Detailing use of the /etc/samba/smbusers file for *nix/Domain users Incorporate the current Item 3 for joining the domain Using net rpc info/net rpc testjoin to validate membership This is for OS that support Samba but don't support Winbind 7.3.2.2 NT4/Samba Domain with Samba Domain Member Server - Using Winbind Containing the current 7.3.2 contents That's all for now... Jim Van Sickler Network Administrator Kaman Aerospace Corp -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
