RE: [Samba] wbinfo -u: Error looking up domain users
Hello Sean: I had the same your same problems during my initial setup last week (including the difficulty finding any other posts on the subject). I'm an extreme neophyte in the matter but from my highly limited experience I'd suggest that something is up with your winbind/Kerberos configs/setup, perhaps your /etc/krb4.conf...? Check out the following simple how-to. It's aimed at FreeBSD but I imagine it would serve as a guideline for other systems as well; it's a no-frills samba AD setup with a few tips like how what additional samba modules ought to be installed. After doing it "this way" I was able to get wbinfo -u to work, and everything else has fallen into place since slowly but surely (phew). http://web.irtnog.org/Members/xenophon/freebsd/winbind simple step-by-step how-to for setting up samba with ACLs on FreeBSD 5.3... A few weirdnesses about this how-to involve his use of ed as a text editor (basically in his examples he's using ed to either add a bit of text at the bottom of a config file or do a search/replace). If you aren't using FreeBSD you might have different paths; and FreeBSD uses the Heimal Kerberos. Good luck; maybe someone with more expertise could guide you better. For me it's been a hair-tearing but pretty rewarding experience. The coolest things so far have been seeing windows acls on a FreeBSD system, and being able to log on to FreeBSD as a windows user... Regards, Tom Wolfe -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Sean Kennedy Sent: Friday, May 20, 2005 9:17 PM To: samba@lists.samba.org Subject: [Samba] wbinfo -u: Error looking up domain users Hi all, Sorry if this has been asked, but I haven't had any luck with my searches, so I would assume it hasn't. I have joined my samba box to my AD domain ( win2k server ). I can do individual user lookups with wbinfo -a user%pass successfully. But I can't retrieve a domain user list with `wbinfo -u`. `wbinfo -g` works, sorta, but it only returns the BUILTIN accounts ( System Operator, Replicators, Guests, Power users, Print Operators, Administrators, Account Operators, Backup Operators, and User ). I do not get any domain groups. I can log into the C$ share on the domain controller, so I know I'm joined to the domain. I am at a loss at how to troubleshoot this, so if anybody has any suggestions, I'd greatly apprecaite them Sean -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] RPC error logging in to PDC on Win-64
On Fri, May 20, 2005 at 09:56:47PM -0500, EA wrote: > I ran tethereal and captured smb,rtt packets on the ports used by SMB but > only those from the XP-64 box. I used tethereal -i 3 -z > smb,rtt,ip.addr==192.168.1.6 -f tcp port 137 or tcp port 137 or port 138 or > tcp port 139 or tcp port 445 -w scan > > I dumped it to a text file -> http://home.mindspring.com/~ops21/scan > > Let me know if there was something else I should have scanned for. Test files are no good as packet captures. We need the raw data. Please just capture the entire conversation with snaplen > 2000 and dump the raw capture somewhere. As I keep saying, TEXT FILES ARE NOT PACKET CAPTURES !!! (Sorry, it's a pet peeve of mine :-). Jeremy. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] ssh + pam_winbind error 'incorrect password or invaid membership'
Configuration: Samba 3.0.14a-1 (on debian 3.1) + winbind 3.0.14a-1 + krb5-user 1.3.6-2 I need help debugging pam_winbind.so in /etc/pam.d/ssh on debian. Samba is a member of an AD domain, authenticating access to shares via winbind+nsswitch.conf. Authentication to shares works great. Now I want winbind to authenticate ssh users as a pam module and it's failing. Below I show the output of an ssh attempt with the auth.log and winbind (in debug 3). If you see any problems with the configs/logs below, our you need any other confgs/logs, please let me know. Thank you very much. No problem with any of the following tests: smbd -b |egrep 'KRB|LDAP' # Shows Samba has needed Libs. wbinfo -u # Shows winbind is doing lookups from ADS johns wbinfo -g # Shows winbind is doing lookups from ADS getent passwd # Shows nsswitch is correct, to resolve ADSusers. johns:x:1:1:John Stile:/home/MS/johns:/usr/local/bin/bash getent group# Shows nsswitch is correct, to resolve ADS groups. net ads info # Show AD info LDAP server: 192.168.50.42 LDAP server name: stan Realm: MS.STILEN.COM Bind Path: dc=MS,dc=STILEN,dc=COM LDAP port: 389 Server time: Fri, 20 May 2005 21:15:29 GMT KDC server: 192.168.50.42 Server time offset: 0 net ads join -Ujohns%passwd # Joined the domain net ads testjoin# Shows join is ok wbinfo -a johns%password # Test if winbind can authenticate plaintext password authentication succeeded challenge/response password authentication succeeded kinit johns # Test kerberose authentication Password for [EMAIL PROTECTED]: smbclient -L localhost -U ms\\johns%password # list shares using passwd Configuration: Samba 3.0.14a-1 (on debian 3.1) + winbind 3.0.14a-1 + krb5-user 1.3.6-2 Ran winbind in debug mode during a ssh attempt winbindd -d 3 -i [ 3195]: request interface version [ 3195]: request location of privileged pipe [ 3195]: pam auth johns cm_get_ipc_userpass: No auth-user defined Doing spnego session setup (blob length=105) got OID=1 2 840 48018 1 2 2 got OID=1 2 840 113554 1 2 2 got OID=1 2 840 113554 1 2 2 3 got OID=1 3 6 1 4 1 311 2 2 10 got [EMAIL PROTECTED] Doing kerberos session setup Ticket in ccache[MEMORY:cliconnect] expiration Sat, 21 May 2005 06:58:43 GMT Plain-text authentication for user johns returned NT_STATUS_WRONG_PASSWORD (PAM: 7) - Authlog ==> /var/log/auth.log <== May 20 20:58:31 localhost sshd[3195]: Illegal user johns from :::192.168.60.161 May 20 20:58:43 localhost pam_winbind[3195]: request failed: Wrong Password, PAM error was 7, NT error was NT_STATUS_WRONG_PASSWORD May 20 20:58:43 localhost pam_winbind[3195]: user `johns' denied access (incorrect password or invalid membership) - Only added the winbind stuff to default debian /etc/pam.d/ssh # PAM configuration for the Secure Shell service auth sufficient pam_winbind.so auth required pam_nologin.so auth required pam_env.so # [1] @include common-auth account sufficient pam_winbind.so @include common-account session required pam_mkhomedir.so skel=/etc/skel umask=0022 @include common-session sessionoptional pam_motd.so # [1] sessionoptional pam_mail.so standard noenv # [1] sessionrequired pam_limits.so @include common-password - [global] realm = MS.STILEN.COM idmap uid = 1-2 idmap gid = 1-2 template homedir = /home/%D/%U template shell = /usr/local/bin/bash winbind enum users = yes winbind enum groups = yes winbind nested groups = Yes winbind use default domain = Yes winbind separator = + workgroup = MS security = ADS password server = stan.ms.stilen.com wins support = yes wins server = stan.ms.stilen.com server string = %h server (Samba %v) dns proxy = no ldap ssl = no log file = /var/log/samba/log.%m max log size = 1000 syslog = 0 panic action = /usr/share/samba/panic-action %d encrypt passwords = true passdb backend = tdbsam guest obey pam restrictions = no invalid users = root Debian-exim daemon bin sys adm lp listen noaccess www-data passwd program = /usr/bin/passwd %u passwd chat = *Enter\snew\sUNIX\spassword:* %n\n *Retype\snew\sUNIX\spassword:* %n\n . load printers = no - /etc/resolv.conf search ms.stilen.com - -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] (no subject)
Dear Applicant, Thank you for the time you have taken to prepare and send your resume to Adecco. If your qualifications and experience are relevant to the positions for which Adecco recruit, we would be delighted to keep your details on file for consideration for any future positions. If we have a position suited to your skills and experience, we will contact you directly to make an appointment for you to come in and see us. Please do not hesitate to call us in the event that your employment status or contact details change. Thank you for considering Adecco and good luck with your job search. Regards, Adecco - Melbourne City Local This message has been generated automatically - please do not reply. This communication is confidential and may be legally privileged and/or contain material protected by copyright or other intellectual property laws. If you are not the intended recipient of this email, any use, forwarding, printing or reproduction of it or any attachment, is prohibited. If you have received this communication in error, immediately contact us by return email or by calling +61 3 9954 2100 and then irretrievably delete it and any attachments. Email sent from or to us may be monitored for the purposes of quality control, systems administration and legal compliance. You should check for viruses or other harmful components before opening or using any attachments to this email. Our liability is limited by all applicable laws, and otherwise restricted to resupplying any affected attachments. Our Privacy Policy can be viewed at http:\\www.adecco.com.au -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] (no subject)
Thank you for your application, we would like to advise that it has been received by Adecco Brisbane City Major Account Centre. We will consider your application, and make contact with you should the skills noted in your resume meet those our clients have requested. If we do not contact you within 14 days, we advise that your application has been unsuccessful. Again thank you for contacting Adecco, we wish you well in your job search. Kind Regards Adecco Brisbane Major Account Centre This communication is confidential and may be legally privileged and/or contain material protected by copyright or other intellectual property laws. If you are not the intended recipient of this email, any use, forwarding, printing or reproduction of it or any attachment, is prohibited. If you have received this communication in error, immediately contact us by return email or by calling +61 3 9954 2100 and then irretrievably delete it and any attachments. Email sent from or to us may be monitored for the purposes of quality control, systems administration and legal compliance. You should check for viruses or other harmful components before opening or using any attachments to this email. Our liability is limited by all applicable laws, and otherwise restricted to resupplying any affected attachments. Our Privacy Policy can be viewed at http:\\www.adecco.com.au -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] wbinfo -u: Error looking up domain users
Hi all, Sorry if this has been asked, but I haven't had any luck with my searches, so I would assume it hasn't. I have joined my samba box to my AD domain ( win2k server ). I can do individual user lookups with wbinfo -a user%pass successfully. But I can't retrieve a domain user list with `wbinfo -u`. `wbinfo -g` works, sorta, but it only returns the BUILTIN accounts ( System Operator, Replicators, Guests, Power users, Print Operators, Administrators, Account Operators, Backup Operators, and User ). I do not get any domain groups. I can log into the C$ share on the domain controller, so I know I'm joined to the domain. I am at a loss at how to troubleshoot this, so if anybody has any suggestions, I'd greatly apprecaite them Sean -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] (no subject)
Many thanks for sending in your resume and details to the St Kilda Road office of Adecco . We do receive a lot of responses and resumes so if you have not heard back from us within 5 days please take it that on this occasion you have not been short-listed or that we do not have any available positions suitable at this time. Due to the privacy law brought in last year we are not able to keep unsolicited resumes on file however we do recommend that you look at our web site www.adecco.com.au for positions that we advertise for and please feel free to respond to these positions again. In the meantime we wish you every success in your search. Dominic Walker Branch Manager Adecco St Kilda Road Phone: 03 9865 4200 Mobile: 0439 005 764 Fax: 03 9821 5573 Email: [EMAIL PROTECTED] Disclaimer: This transmission, or any part of it, is intended solely for the named addressee. It is confidential and may contain privileged information. If you have received this transmission in error, please contact the sender at the telephone number above or by reply e-mail. You must destroy the original transmission and its contents. Any views expressed herein are that of the author and not necessarily that of Adecco Australia Pty Ltd. This communication is confidential and may be legally privileged and/or contain material protected by copyright or other intellectual property laws. If you are not the intended recipient of this email, any use, forwarding, printing or reproduction of it or any attachment, is prohibited. If you have received this communication in error, immediately contact us by return email or by calling +61 3 9954 2100 and then irretrievably delete it and any attachments. Email sent from or to us may be monitored for the purposes of quality control, systems administration and legal compliance. You should check for viruses or other harmful components before opening or using any attachments to this email. Our liability is limited by all applicable laws, and otherwise restricted to resupplying any affected attachments. Our Privacy Policy can be viewed at http:\\www.adecco.com.au -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] RPC error logging in to PDC on Win-64
I ran tethereal and captured smb,rtt packets on the ports used by SMB but only those from the XP-64 box. I used tethereal -i 3 -z smb,rtt,ip.addr==192.168.1.6 -f tcp port 137 or tcp port 137 or port 138 or tcp port 139 or tcp port 445 -w scan I dumped it to a text file -> http://home.mindspring.com/~ops21/scan Let me know if there was something else I should have scanned for. -Original Message- From: Jeremy Allison <[EMAIL PROTECTED]> Sent: May 20, 2005 8:36 PM To: EA <[EMAIL PROTECTED]> Cc: samba@lists.samba.org Subject: Re: [Samba] RPC error logging in to PDC on Win-64 On Fri, May 20, 2005 at 08:31:24PM -0500, EA wrote: > Sorry, but Ethereal doesn't work on 64-bit windows, WinPcap hasn't been > recompiled for it yet. If there is something else I can get to help let me > know. But ethereal should work on the Samba PDC :-). Collect the data there... Jeremy. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: RESOLVED--Re: [Samba] Print Share Problem
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 David Schlenk wrote: > > On May 20, 2005, at 4:08 PM, John H Terpstra wrote: > >> The only time it is necessary to specify the printer configuration in >> detail >> is where you want to restrict certain printers from use. > > Just to share something I do with the greater community: > > My samba machine receives it's CUPS printers from the printers that our > main CUPS servers broadcast, so when the machine first boots it takes a > couple minutes for the list of printers to fully populate. This > obviously causes samba to not advertise all the printers after a reboot > until you restart the service after the list is fully populated a couple > minutes after boot. Recent Samba releases have the 'printcap cache time' global smb.conf option to address this issue. chgeers, jerry = Alleviating the pain of Windows(tm) --- http://www.samba.org GnuPG Key- http://www.plainjoe.org/gpg_public.asc "I never saved anything for the swim back." Ethan Hawk in Gattaca -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.5 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFCjpqxIR7qMdg1EfYRAhhEAJ0Yv0qNh66lkDMbr1eL9w7gYh3wIQCffa8c 9G6y8jaD+PhXvPLIYymj4pw= =dnxe -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba-3 by Example Exercise 2.3
On Friday 20 May 2005 19:16, Eric Hines wrote: > The FAQ (question/answer 2) says that the DHCP server config > /etc/dhcpd.conf) automatically provides each client with the IP address of > the WINS server. I've been over the provided dhcpd.conf, and I cannot find > which line(s) are referring to the WINS server. option netbios-name-servers > > Also, as written, when I tried to start my dhcpd, I got an error saying I > had to specify a ddns-update-style. I wound up adding at the top the > following: > ddns-update-style interim; > ignore client-updates; The ISC dhcpd has changed a little over the past year. > This has worked well, so far. > > Eric Hines > > Government programs provide enough to keep you alive, but they don't offer > any hope of living your dreams. > --Grim The executioner has often been kinder than government programs. - John T. -- John H Terpstra Samba-Team Member Phone: +1 (650) 580-8668 Author: The Official Samba-3 HOWTO & Reference Guide, ISBN: 0131453556 Samba-3 by Example, ISBN: 0131472216 Hardening Linux, ISBN: 0072254971 Other books in production. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] RPC error logging in to PDC on Win-64
On Fri, May 20, 2005 at 08:31:24PM -0500, EA wrote: > Sorry, but Ethereal doesn't work on 64-bit windows, WinPcap hasn't been > recompiled for it yet. If there is something else I can get to help let me > know. But ethereal should work on the Samba PDC :-). Collect the data there... Jeremy. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] RPC error logging in to PDC on Win-64
Sorry, but Ethereal doesn't work on 64-bit windows, WinPcap hasn't been recompiled for it yet. If there is something else I can get to help let me know. -Original Message- From: "Gerald (Jerry) Carter" <[EMAIL PROTECTED]> Sent: May 20, 2005 1:25 PM To: EA <[EMAIL PROTECTED]> Cc: samba@lists.samba.org Subject: Re: [Samba] RPC error logging in to PDC on Win-64 -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 EA wrote: > I've upgraded one of my client boxes to Windows 64 bit > edition but now it cannot login to the Samba PDC, instead > it gives a RPC error after entering the password. The > Win32 boxes can still login fine. > > I can get accounts without admin rights to login but those > with the rights are given a message stating "The system > cannot log you on due to the following error: > A remote procedure call (RPC) protocol error occurred. > Please try again or consult your system administrator. bugger :-( Can you get a raw ethereal trace for me of the failure and the success ? Thanks. cheers,jerry = Alleviating the pain of Windows(tm) --- http://www.samba.org GnuPG Key- http://www.plainjoe.org/gpg_public.asc "I never saved anything for the swim back." Ethan Hawk in Gattaca -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.5 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFCjiuvIR7qMdg1EfYRAisfAJ0e3zVI29qTfA8ugzGSPu7M3YPPTgCfeiSM 15UqGso0rUkz6f7/I5D8PRo= =MeKo -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Samba-3 by Example Exercise 2.3
The FAQ (question/answer 2) says that the DHCP server config /etc/dhcpd.conf) automatically provides each client with the IP address of the WINS server. I've been over the provided dhcpd.conf, and I cannot find which line(s) are referring to the WINS server. Also, as written, when I tried to start my dhcpd, I got an error saying I had to specify a ddns-update-style. I wound up adding at the top the following: ddns-update-style interim; ignore client-updates; This has worked well, so far. Eric Hines Government programs provide enough to keep you alive, but they don't offer any hope of living your dreams. --Grim -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] samba server as dfs host?
On 5/20/05, Gerald (Jerry) Carter <[EMAIL PROTECTED]> wrote: > the linux cifs fs doesn't support ms-dfs referrals yet. I think this > is what you saying is not working for you. recent smbclient release > should follow the link ok. Thanks for the reply. But it turned out to be something more basic. At the time, I was logged in a local machine admin account, not a domain account. Now I never expected to be authenticated directly, but I did expect to be prompted for a user name and password. That was not the case. But when I logged in on a domain account, the dfs took me right where it should have, with no quarrel (or prompting for a valid user account). I'm still getting my feet wet with Server 2003, as opposed to 2000 Server domains, so I suspect it was all something having to do with Server 2003 ADS not liking a referrel from a non domain user. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: RESOLVED--Re: [Samba] Print Share Problem
On May 20, 2005, at 4:08 PM, John H Terpstra wrote: The only time it is necessary to specify the printer configuration in detail is where you want to restrict certain printers from use. Just to share something I do with the greater community: My samba machine receives it's CUPS printers from the printers that our main CUPS servers broadcast, so when the machine first boots it takes a couple minutes for the list of printers to fully populate. This obviously causes samba to not advertise all the printers after a reboot until you restart the service after the list is fully populated a couple minutes after boot. I resolved this by putting each printer explicitly in the smb.conf file. Granted, having a 900 line smb.conf file is kind of obnoxious, but the silver lining is has actually made my life easier since I can make changes/restrictions to specific queues now. -- David Schlenk Operating Systems Analyst Bethel University Saint Paul, Minnesota [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: RESOLVED--Re: [Samba] Print Share Problem
On Friday 20 May 2005 14:57, Eric Hines wrote: > The printer stanza has to be _called_ [printers]? [pserver1]--the name > [pserver1]--the name of the specific share--isn't sufficient? If the only > stanza is [printers], then how does the specific printer get found? > > I changed [pserver1] to [printers], and now the correct specific printer > shows up, but still--my question stands. For systems running SYSV or BSD printing do: testparm -sv | grep lp This will return the actual commands smbd uses to find print queues. On cups systems, smbd directly queries the cupsd using a built-in interface. The only time it is necessary to specify the printer configuration in detail is where you want to restrict certain printers from use. - John T. > > Thanks > > Eric Hines > > At 05/20/05 14:11, you wrote: > >On Friday 20 May 2005 13:03, E Hines wrote: > > > I'm running FC3 and Samba 3.0.14a. I'm trying to work through Exercise > > > 2.3 of the on-line Samba-3 by Example, and mostly things ore OK, but I > > > can't get my print share to show up when I run smbclient -L localhost > > > -U %. Everything else shows up correctly (although I do get two > > > workgroups to appear, as there is another workgroup to which I used to > > > belong before I separated from it (I thought) to set up a test LAN for > > > these exercises), and I both can ping my printer by name and get back > > > its correct MAC address from a subsequent arp -a. > > > >Where is your [printers] meta-service stanza? That is in the example > > smb.conf file and is necessary. > > > >- John T. > > > > > > > >-- > >John H Terpstra > >Samba-Team Member > >Phone: +1 (650) 580-8668 > > > >Author: > >The Official Samba-3 HOWTO & Reference Guide, ISBN: 0131453556 > >Samba-3 by Example, ISBN: 0131472216 > >Hardening Linux, ISBN: 0072254971 > >Other books in production. > > Government programs provide enough to keep you alive, but they don't offer > any hope of living your dreams. > --Grim -- John H Terpstra Samba-Team Member Phone: +1 (650) 580-8668 Author: The Official Samba-3 HOWTO & Reference Guide, ISBN: 0131453556 Samba-3 by Example, ISBN: 0131472216 Hardening Linux, ISBN: 0072254971 Other books in production. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RESOLVED--Re: [Samba] Print Share Problem
The printer stanza has to be _called_ [printers]? [pserver1]--the name [pserver1]--the name of the specific share--isn't sufficient? If the only stanza is [printers], then how does the specific printer get found? I changed [pserver1] to [printers], and now the correct specific printer shows up, but still--my question stands. Thanks Eric Hines At 05/20/05 14:11, you wrote: On Friday 20 May 2005 13:03, E Hines wrote: > I'm running FC3 and Samba 3.0.14a. I'm trying to work through Exercise > 2.3 of the on-line Samba-3 by Example, and mostly things ore OK, but I > can't get my print share to show up when I run smbclient -L localhost -U > %. Everything else shows up correctly (although I do get two workgroups > to appear, as there is another workgroup to which I used to belong > before I separated from it (I thought) to set up a test LAN for these > exercises), and I both can ping my printer by name and get back its > correct MAC address from a subsequent arp -a. Where is your [printers] meta-service stanza? That is in the example smb.conf file and is necessary. - John T. -- John H Terpstra Samba-Team Member Phone: +1 (650) 580-8668 Author: The Official Samba-3 HOWTO & Reference Guide, ISBN: 0131453556 Samba-3 by Example, ISBN: 0131472216 Hardening Linux, ISBN: 0072254971 Other books in production. Government programs provide enough to keep you alive, but they don't offer any hope of living your dreams. --Grim -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Print Share Problem
I'm running FC3 and Samba 3.0.14a. I'm trying to work through Exercise 2.3 of the on-line Samba-3 by Example, and mostly things ore OK, but I can't get my print share to show up when I run smbclient -L localhost -U %. Everything else shows up correctly (although I do get two workgroups to appear, as there is another workgroup to which I used to belong before I separated from it (I thought) to set up a test LAN for these exercises), and I both can ping my printer by name and get back its correct MAC address from a subsequent arp -a. Relevant parts of my smb.conf follow. [global] workgroup = DOM_TEST name resolve order = wins bcast hosts lmhosts socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 printcap name = /etc/printcap show add printer wizard = No domain logons = Yes preferred master = Yes wins support = Yes [pserver1] ## print share comment = Samsung monochrome laser path = /var/spool/samba guest ok = Yes printable = Yes use client driver = Yes browseable = No Thanks for your help. Eric Hines -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] ACLs on a member server
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Misty Stanley-Jones wrote: > Hi all, > > i have ACLs working fine on my PDC, but they do not work on a member server. > Here is a summary of my set-up: > > I am using LDAP backend, with nss_ldap on all of my member servers. Samba > 3.0.12pre1 on the PDC and Samba 3.0.14a on the member server. > > I have winbindd running on my member server, and it is pointing at LDAP as > its > backend. áwbinfo -u and wbinfo -g both work. I am using > "security=domain" > on the member server and it is joined to the domain. > > However when I view ACEs on a file from a Windows client, on the member > server > the users / groups resolve to SERVER\user instead of DOMAIN\user. I have > provided a screen shot of what it looks like for files on the PDC and files > on the member server, here: http://www.borkholder.com/admin/ Try setting 'winbind trusted domains only = yes' cheers, jerry = Alleviating the pain of Windows(tm) --- http://www.samba.org GnuPG Key- http://www.plainjoe.org/gpg_public.asc "I never saved anything for the swim back." Ethan Hawk in Gattaca -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.5 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFCjjMXIR7qMdg1EfYRAu4SAJ4o6I5l2YP96tIyBGoRY+5nbg2MUACeOCsf pueYYC82bpJlZOtmiu/cDKY= =G7Fx -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] samba server as dfs host?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Basil Copeland wrote: > I'm trying to configure a samba server in a Win2K3 domain as a dfs host. > > The dfs host part is working: from a win client I can map the dfs root > on the samba server (on FC3 fwiw) and see the link I've created to a > share on a Win2k3 active directory domain controller. From samba > server, I can smbclient to the share on the Win2k3 DC, and can mount > the share as "-t cifs" (but not "-t smbfs" if that's any clue: this > returns the smb signing error). > > For testing purposes I've added "everyone" to the security permissions > for the share on the Win2k3 DC, but that doesn't seem to do anything. > With the mount "-t cifs" I am prompted for a domain user account and > password. But trying to get to the share through the dfs link doesn't > even do that (prompt for a user and password). the linux cifs fs doesn't support ms-dfs referrals yet. I think this is what you saying is not working for you. recent smbclient release should follow the link ok. cheers, jerry -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.5 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFCjjJyIR7qMdg1EfYRAi32AJ9XQcIp5Vs1a3s2aIBy8qCg5MrkHwCeJrNJ I7HCrtJfa4zO+xRpIr8epfY= =KwvY -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Slow Session Setup AndX
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Murphy, William wrote: > We are experiencing some slowness when opening files > from a Samba file share using Microsoft Word 2003. Upon > examination with Ethereal it became apparent that Session Setup > AndX calls are taking a long time to complete, varying from 2 to > 8 seconds between the time the client provides an NTLMSSP_AUTH > and the server responds. I have also noticed a > peculiar NetBIOS name query for GSBS_STAFF<1c> immediately > after the client's NTLMSSP_AUTH packet, but I am not sure > if or how that's related. The server is running Solaris 9 and > Samba 3.0.10. I would be grateful for any advice or help > anyone can offer. Thanks in advance... Bill, tail a level 10 smbd debug log for the client's connection and see where smbd stalls. That might give you a clue. If you are using a remote server for authentication, my bet would be on name resolution timeouts/delays. cheers, jerry = Alleviating the pain of Windows(tm) --- http://www.samba.org GnuPG Key- http://www.plainjoe.org/gpg_public.asc "I never saved anything for the swim back." Ethan Hawk in Gattaca -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.5 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFCjjGdIR7qMdg1EfYRArlMAJ4jMYXON7sjCNDad9JR77uQv7jOSwCfeslV D6dnmcdtrLmZ0TZ4cUbGlbI= =O3yF -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: Strange Problem with Sharp PCL Printer Drivers
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Thorsten Greeb wrote: > Gerald (Jerry) Carter samba.org> writes: > >> My money would be on a driver bug. I've seen >> instances wheredrivers work with MS servers but fail >> on Samba boxes due to the fact the the driver doesn't >> NULL terminate REG_SZ values. The Windows server just >> happens to use a different buffer size and zeros the >> memory before sending the reply. Could be something >> similar here. > > Could you give me any hints how to make sure this is > a driver bug? The first thing I do is to test the driver on a remote Windows print server after unchecking the 'enable advanced print features' box. This force the printer to use RAW printing only. I've found that some drivers only work with EMF printing. Other than that it gets pretty hard to definitely determine a driver bug in the registry data. Basically comes down to comparing bits in the PrinterData registry values between a Samba printer and a local printer object using the same driver. cheers, jerry = Alleviating the pain of Windows(tm) --- http://www.samba.org GnuPG Key- http://www.plainjoe.org/gpg_public.asc "I never saved anything for the swim back." Ethan Hawk in Gattaca -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.5 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFCjjCkIR7qMdg1EfYRAjTsAJ4+dXTuPO6YJSfPhs9FhlzdYSOyKQCgxbXy hNk+fZovZWpttJBWd2YuE8s= =3mSt -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Solaris, Winbind and Active Directory Authentication
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 L. Mark Stone wrote: > We have not worked with Solaris much, and our contract Solaris guy has > very little experience with Winbind. So, we are like two blind people > touching opposite ends of the elephant and trying to come to a > solution. (No comments please on which end I drew...) :-) > > The question involves authentication in a native mode Windows 2000 > Active Directory domain. > > Is there any reason Samba/Winbind running on Solaris could not be used > for authenticating users who want to access resources on the Solaris > box against the AD user/group accounts? We have done this with a SuSE > box, but never with a Solaris box (yet!). > > Currently, the Solaris system (9 now, upgrading to 10 later this > year...) is manually populated with a set of *NIX user accounts that > mirror the accounts in AD. This creates a lot of administrative > overhead (there are some 300+ user accounts, and employee turnover is > by nature fairly high), and will create even more help desk issues as > the AD environment is about to implement a GPO forcing frequent > password changes. > > Any major "gotchas" we should watch out for? There is a bug in the current Samba code where we never change the machine trust account password when configured for 'security = ads'. If the AD administrators are disabling accounts based on the last password change time, this will be an issue for you. But then, we need to fix it anyways. Other than that, you should be ok. cheers, jerry = Alleviating the pain of Windows(tm) --- http://www.samba.org GnuPG Key- http://www.plainjoe.org/gpg_public.asc "I never saved anything for the swim back." Ethan Hawk in Gattaca -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.5 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFCji6cIR7qMdg1EfYRAoF/AJ95VXZv3kaK1cTkqObEhGdU2b0WLgCcCt5m dNkYYW0qH2I1T9u3NLGIskM= =nOL3 -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] samba and Active Directory
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 [EMAIL PROTECTED] wrote: > Can someone provide a definitive answer please > > Question: Can a Samba 3 server be introduced into my AD forest when the > forest runs in a functional level of Windows 2003 server ? 'security = ads' support mixed, native 2000 and native 2003 mode domains. cheers, jerry -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.5 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFCji22IR7qMdg1EfYRAm3SAKCdjqa7WAI5h9o0eVi2Eme25EVI9ACg8Qzn uqlH3YruMBtlPxU7eBiIPa4= =Dvz/ -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] samba and Apple's open directory
Yes - Apple's OpenDirectory server uses standard OpenLDAP as it's backend... You can run whatever type of db you want from it - including samba and linux clients. -- Nathan Vidican [EMAIL PROTECTED] Windsor Match Plate & Tool Ltd. http://www.wmptl.com/ -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Alex Bustamante Sent: Thursday, May 19, 2005 7:00 AM To: samba@lists.samba.org Subject: [Samba] samba and Apple's open directory Hello list, Is it possible to get a linux samba to authenticate against Apple's open directory? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] login and WinNT
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Trash wrote: > encrypt passwords = Yes > passwd program = /usr/bin/passwd %u > > If you're using a password server, you don't need to define passwd program, > if you are using a password server, you need: > security = server > > security can equal server, user, or share 'security = server' is deprecated. Best to use 'security = domain' in this case. >> password server = kappa.desq.feq.unicamp.br ... >> domain master = Yes However, by setting 'domain master= yes', windows clients will think the Samba host is a PDC. Definitely not what you want since you have also defined a remote password server. cheers, jerry = Alleviating the pain of Windows(tm) --- http://www.samba.org GnuPG Key- http://www.plainjoe.org/gpg_public.asc "I never saved anything for the swim back." Ethan Hawk in Gattaca -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.5 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFCjiy2IR7qMdg1EfYRAnzJAKDWY+sVUknv1ywjb+vYBE9s6QBe+gCeM5kr l3hMrM3supAH7VKZ2DbrjCI= =Hm31 -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] RPC error logging in to PDC on Win-64
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 EA wrote: > I've upgraded one of my client boxes to Windows 64 bit > edition but now it cannot login to the Samba PDC, instead > it gives a RPC error after entering the password. The > Win32 boxes can still login fine. > > I can get accounts without admin rights to login but those > with the rights are given a message stating "The system > cannot log you on due to the following error: > A remote procedure call (RPC) protocol error occurred. > Please try again or consult your system administrator. bugger :-( Can you get a raw ethereal trace for me of the failure and the success ? Thanks. cheers,jerry = Alleviating the pain of Windows(tm) --- http://www.samba.org GnuPG Key- http://www.plainjoe.org/gpg_public.asc "I never saved anything for the swim back." Ethan Hawk in Gattaca -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.5 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFCjiuvIR7qMdg1EfYRAisfAJ0e3zVI29qTfA8ugzGSPu7M3YPPTgCfeiSM 15UqGso0rUkz6f7/I5D8PRo= =MeKo -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba Comple Problem on Solaris 2.8
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Derek Yarnell wrote: > So I am compling the newest release of samba 3.0.14a on Solaris 2.8. > > I can get it to compile but I don't get all the built in modules that I > should and smbd when fired up bombs out with something like, > --- > [EMAIL PROTECTED]:/opt/UMsmb/sbin# ./smbd -c /etc/samba/smb.conf -i > smbd version 3.0.14a started. > Copyright Andrew Tridgell and the Samba Team 1992-2004 > No builtin nor plugin backend for smbpasswd found > Loading smbpasswd failed! ... > Builtin modules: > pdb_guest rpc_srv rpc_spoolss idmap_tdb Make sure that /usr/ucb is not in your PATH when compiling. It's a problem with /usr/ucb/tr IIRC. cheers, jerry = Alleviating the pain of Windows(tm) --- http://www.samba.org GnuPG Key- http://www.plainjoe.org/gpg_public.asc "I never saved anything for the swim back." Ethan Hawk in Gattaca -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.5 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFCjiqTIR7qMdg1EfYRAhYVAJ9VBiJoWNRhgNsWvIn3afuQBTQrUgCaA6Uw 80yxrrM1vPxOPu4GonhBUf8= =aHQF -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] SMB service not starting automatically
This would depend on what OS you run. For Solaris, I create an smb script
in /etc/init.d, then link to this from /etc/rc2.d. I also create a kill
link in /etc/rc0.d:
# ln -s /etc/init.d/smb /etc/rc0.d/K90smb
# ln -s /etc/init.d/smb /etc/rc2.d/S90smb
# more /etc/init.d/smb
#!/bin/sh
case "$1" in
start)
/usr/local/samba/sbin/smbd -D
/usr/local/samba/sbin/nmbd -D
;;
stop)
/usr/bin/pkill -x -u 0 smbd
/usr/bin/pkill -x -u 0 nmbd
;;
*)
echo "Usage: smb {start|stop}"
;;
esac
exit 0
#
Cheers,
Chuck
At 09:42 AM 5/20/2005, Liz Ackerman wrote:
The smb service is not starting automatically. I can type service smb start
at the prompt and it loads, and I can then connect, but its not loading
automatically as it used to. Can someone point me in the right direction as
what file I need to change to make it load at startup. Thanks!
Liz
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba
Chuck Theobald
System Administrator
The Robert and Beverly Lewis Center for Neuroimaging
University of Oregon
P: 541-346-0343
F: 541-346-0345
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Compiling mount.cifs on OS X Client 10.3.x and headache
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 DashKappei wrote: > I tried but...I can only see a huge list of warnings and > errors :(( Why?? When I compiled Samba on other BSD and > SysV operating systems everything worked. > I always thought that OS X is *not* a full-compatible BSD > system (if you try to compile any tarball of any free > software, you have to fight a lot) but now I think I'm > pretty sure about it. > > Is there a solution or not? mount.cifs is only for the cifs vfs linux kernel code. It's of no use on OS X. cheers, jerry = Alleviating the pain of Windows(tm) --- http://www.samba.org GnuPG Key- http://www.plainjoe.org/gpg_public.asc "I never saved anything for the swim back." Ethan Hawk in Gattaca -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.5 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFCjiaNIR7qMdg1EfYRAgYQAJ9xpglLqXbGPXXrABG0xeJJHqDCGQCgjZAt NJFdWcAPzF6O0EmJCArh7HU= =qlEf -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] NetShareEnum
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hervé Kergourlay wrote: > Is there anybody to help me ? > Is it the right place for that sort of technical request ? > > I have the same problem on AS400 > Hervé Kergourlay a écrit : > >> I'm trying to list my Linux shared exported by samba >> from a Windows 2003 I'm using the NetShareEnum api >> the sample is working between 2 windows but it fails >> on the linux with error 5 Access Denied >> >> who to configure samba on the linux to ba able to >> do that ? This kind of questions are better suited for the samba-technical ml. This is the general community list. Have you looked at the traces against the linux box? Also look at a level 10 debug log from smbd to see why the call is failing. cheers, jerry = Alleviating the pain of Windows(tm) --- http://www.samba.org GnuPG Key- http://www.plainjoe.org/gpg_public.asc "I never saved anything for the swim back." Ethan Hawk in Gattaca -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.5 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFCjiYeIR7qMdg1EfYRAphAAKCHBoC24vmJm58JnIC0wfjtSphpOACfaK49 XiLgcsFDVmL3c9IpfcTJdjY= =15Zq -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] SMB service not starting automatically
automatically as it used to. Can someone point me in the right direction as what file I need to change to make it load at startup. Thanks! You could have at least provided the OS you're running on. Since you reference the service command, I am going to assume Fedora, since that's the only thing I've seen that has it. I bet there's others, but without a proper description, I'll use what's on the top of my head. This also assumes you've installed from rpm, whether you made it or got it from redhat or somplace like dag. In Fedora, you can easily work on the daemons running at startup with the chkconfig command. chkconfig --list smb will show you the run levels that samba will be started in. To change it for a particular runlevel issue the following: chkconfig --level N smb on|off N can be any valid runlevel -> 12345 or a combo. On my systems I do chkconfig --level 345 smb on You can use 'off' to shut off any services you don't want. This only changes the startup command, it doesn't affect the current state of the service. -- Paul GiengerOffice: 701-281-1884 Applied Engineering Inc. Systems Architect Fax:701-281-1322 URL: www.ae-solutions.com mailto: [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] SMB service not starting automatically
You must have a file in /etc/init.d like smb and call the command chkconfig smb on A example file can be found in examples directory in samba sources files. Liz Ackerman a écrit : The smb service is not starting automatically. I can type service smb start at the prompt and it loads, and I can then connect, but its not loading automatically as it used to. Can someone point me in the right direction as what file I need to change to make it load at startup. Thanks! Liz -- Stéphane Purnelle <[EMAIL PROTECTED]> Site Web : http://www.linuxplusvalue.be -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] winbind cache time?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Nerijus Baliunas wrote: > On Sat, 07 May 2005 11:20:14 -0500 "Gerald (Jerry) Carter" <[EMAIL > PROTECTED]> wrote: > >>| BTW, it happens even if I restart winbind (i.e. >>| changes to group membership reflect only after a few hours). >> >>Try removing the netsamlogon_cache.tdb file and see if the >>behavior is more consistent. If so, please let me know and >>we'll work harder on fixing this. > > Yes, removing netsamlogon_cache.tdb and restarting winbind helped. > BTW, can I remove netsamlogon_cache.tdb when winbind is running? No. The file is mmap()'d by winbindd. However, the cache is updated everytime the user logs in using NTLM authentication. We need to expire cached entries based on a reference count of the active sessions. cheers, jerry = Alleviating the pain of Windows(tm) --- http://www.samba.org GnuPG Key- http://www.plainjoe.org/gpg_public.asc "I never saved anything for the swim back." Ethan Hawk in Gattaca -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.5 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFCjh6LIR7qMdg1EfYRAtS6AJ0cq9vs/Qj8WCqwmK3jy8DZ7ZqNXACfZyJF tOnhQYBDGAUjqZH5J5Rh5U4= =rkQ1 -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba and Window 2003
Thanks, Toby. That actually answers a question I had, as I use CentOS 3. Since this is an RHEL AS 3 clone it, too, uses krb5 1.2.7. Although samba has worked great, and several CentOS boxes have joined my Win2k3 ADS, it's still comforting. Dimitri On Friday May 20 2005 12:50 pm, Tobias Bluhm wrote: > If you have all the latest krb5 & samba rpm updates installed, it should > work as is. RedHat backports quite a bit of code. RH's current krb5 1.2.7 > has stuff from 1.3 already patched in , for example. > > This is speaking from experience with Whitebox Linux3 ( a RHES3 clone ) > using stock rpms and connecting to AD 2003. > > > - > toby bluhm > philips medical systems, cleveland ohio > [EMAIL PROTECTED] > 440-483-5323 > > > > > > > > > > "Esquivel, Vicente" <[EMAIL PROTECTED]> > Sent by: > [EMAIL PROTECTED] > 05/20/2005 10:35 AM > > To: samba@lists.samba.org > cc: (bcc: Tobias Bluhm/CLE/MS/PHILIPS) > Subject:[Samba] Samba and Window 2003 > Classification: > > > > > I am trying to find a good how-to on setting up samba to use Windows 2003 > for authentication, if anyone knows of a good link let me know. I am > using > RedHat ES 3 and our Windows is running in native mode with NT style > authentication allowed. I cant use ADS and Kerberos because the current > version of Kerberos on my RH server is 1.2.7 and from what I have read I > need 1.3+ in order for it to work that way. I just cant upgrade right now > so I am trying to find a way to get this to work somehow. Any advice > would > GREATLY appreciated. > > Thanks > Vince > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: One more
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Rex Dieter wrote: > Etienne Goyer wrote: > >> Is it possible to make available as Unix user only members of a specific >> Windows group ? > > I too would be very interested in this. I don't want/need to give > access to our Linux boxes to *every* AD user. There was effort to start the required-membership-of pam_winbind option but if never got finished. Anyone got some spare time ? cheers, jerry = Alleviating the pain of Windows(tm) --- http://www.samba.org GnuPG Key- http://www.plainjoe.org/gpg_public.asc "I never saved anything for the swim back." Ethan Hawk in Gattaca -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.5 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFCjht+IR7qMdg1EfYRAqtvAJ9DNdlA56xuOVbqbjtdtNpNdxfo9QCfSIXC 7yl14uqcWTuVGnVF5B1wMuo= =z7RP -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Print servers lose connection
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 David Tanner wrote: > I have Samba configured on a Fedora Core 3 box. It's only > used now as a file server. However, when I connect it to > the network, my print servers all kick off within about > 30 min. > > Local net > 10.0.0.* > 255.255.255.0 > > Any ideas on what is causing this? Thanks for the help David, you'll probably get a better response by clarifying what you mean by "kick off". Are you sure it's not the windows client disconnecting from an idle server ? cheers, jerry = Alleviating the pain of Windows(tm) --- http://www.samba.org GnuPG Key- http://www.plainjoe.org/gpg_public.asc "I never saved anything for the swim back." Ethan Hawk in Gattaca -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.5 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFCjhqnIR7qMdg1EfYRAkVHAJ9Tqzb/uD/3w6yualInx0DeZhF0PACgxk8B JKk2Y14nwR6LFVYM7YXIBA8= =SfsH -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] LDAP master-slave and BDC ?
What do you mean by fail-over? A BDC can handle network logon requests, but it can never replace a PDC. In other words, the PDC is still the weakest link. If a PDC is off the air for a prolonged outage the network will eventually fail. So is it OK if I set up all my Samba servers as PDCs? Then if one PDC fails, another PDC will handel all "writes" etc. I did some quick tests, and it *seemed* to work. I assume that it is *not* OK to have multiple PDC servers though, because I've read so in Samba documentation - but it wasn't very clear for me why there should be one and *only one* PDC. -- Tomek -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] run a script with "administrator" credentials?
I saw Active Directory a bit today and was impressed with the ease one can manage many Windows workstations with that. Especially I liked the software installation (too bad it can install MSI packages only) and the ability to run custom scripts on the workstations (when the boot up etc.). Is it possible to run a custom script for a given machine when it boots up (that is already joined to the domain), with administrator credentials (for example, to install software)? For now it seems to me that it's only possible to run a "machine script - %m" or a "user script - %u" with the credentials of a user. -- Tomek -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Non-algorithmic RIDs
On Fri, 20 May 2005, William Jojo wrote: > > > On Fri, 20 May 2005, Misty Stanley-Jones wrote: > > > When I set up my initial users for the Samba domain i did not realize that > > RIDs were supposed to be dynamic. I was creating the user as a posixAccount > > in LDAP, and then adding the Samba elements via a script that I wrote. > > Their RIDs are the same as their UID. For instance if I have a user with > > uidNumber 1036, her SID would be -1036. This is fine except for > > idmapping for member servers, for ACLs. I have about 30 users with this > > problem. Is there a non-disruptive way for me to convert their RIDs to be > > Yes. The default argorithmic way is uidNumber+1000 for RID of user and > gidNumber+1001 for RID of group entries (sambaGroupMapping). > Duh! I meant 2*uidNumber+1000, 2*gidNumber+1001! Sorryit's friday. Should try sleeping today... :-) Bill > I do the same as you and wrote some in house stuff to fill in some blanks. > > > algorithmic based on their UIDs, without destroying their roaming profiles > > etc? If not I think we will just have to deal with not being able to use > > ACLs on member servers, but I thought I would query first. To reiterate, we > > are using a LDAP backend. > > You will however need to run the "/sambapath/bin/profiles" program against > the user's ntuser.dat to reflect the new SID-RID value. > > > Shouldn't take long. > > > > Bill > > > > > > Misty > > -- > > To unsubscribe from this list go to the following URL and read the > > instructions: https://lists.samba.org/mailman/listinfo/samba > > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/listinfo/samba > -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Non-algorithmic RIDs
On Fri, 20 May 2005, Misty Stanley-Jones wrote: > When I set up my initial users for the Samba domain i did not realize that > RIDs were supposed to be dynamic. I was creating the user as a posixAccount > in LDAP, and then adding the Samba elements via a script that I wrote. > Their RIDs are the same as their UID. For instance if I have a user with > uidNumber 1036, her SID would be -1036. This is fine except for > idmapping for member servers, for ACLs. I have about 30 users with this > problem. Is there a non-disruptive way for me to convert their RIDs to be Yes. The default argorithmic way is uidNumber+1000 for RID of user and gidNumber+1001 for RID of group entries (sambaGroupMapping). I do the same as you and wrote some in house stuff to fill in some blanks. > algorithmic based on their UIDs, without destroying their roaming profiles > etc? If not I think we will just have to deal with not being able to use > ACLs on member servers, but I thought I would query first. To reiterate, we > are using a LDAP backend. You will however need to run the "/sambapath/bin/profiles" program against the user's ntuser.dat to reflect the new SID-RID value. Shouldn't take long. Bill > > Misty > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/listinfo/samba > -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba and Window 2003
> Yes I've done that back when I used to use Red Hat. ps - even better yet, to avoid the "I don't want to upgrade the system packages" problem, go to www.gentoo.org, download and install Gentoo. Then add +kerberos +ldap +ssl and +winbind to your /etc/make.conf. Then type 'emerge samba' and follow the instructions at http://us2.samba.org/samba/docs/man/Samba-HOWTO-Collection/domain-member .html When a new version of samba, openldap, kerberos, etc. comes out, just do an emerge -vDu world and you'll always be up to date. --- Chris Covington IT Plus One Health Management 75 Maiden Lane Suite 801 NY, NY 10038 646-312-6269 http://www.plusoneactive.com -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] LDAP master-slave and BDC ?
The BDC pretty much gets the same treatment as the PDC. Meaning I would have to set-it up like an LDAP server? Can I just copy my smb.conf from my LDAP server, and make a few adjustments? What would those changes or what should I look for to change in my BDC smb.conf configuration? -mark -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of John H Terpstra Sent: Thursday, May 19, 2005 8:10 PM To: samba@lists.samba.org; Msdigital Subject: Re: [Samba] LDAP master-slave and BDC ? On Thursday 19 May 2005 20:04, Msdigital wrote: > I am a bit confused, about the LDAP master-slave and BDC. I have an > Samba-LDAP server that serves as my PDC. All my users authenticate to this > server. I would like to set up a BDC for failover. What is the difference > between a BDC and a LDAP Slave server? A BDC is a NT4 domain controller that handles network logon authentication. A Samba BDC will relay all network account updates to a PDC. Only the PDC will write to the passdb backend. A BDC will read authentication data from the passdb backend it is configured to use. A Slave LDAP server is a read-only mirror of an LDAP Master server. A PDC would normally be directed at a Master LDAP server, but can work with a Slave LDAP server. If a PDC is configured to use a Slave LDAP server all write requests to the directory will be handled via a referral to the Master LDAP server. In other words, all write requests are handled by the Master LDAP server. It does not matter whether a BDC uses a Master or a Slave LDAP server - it only ever reads directory information from it. What do you mean by fail-over? A BDC can handle network logon requests, but it can never replace a PDC. In other words, the PDC is still the weakest link. If a PDC is off the air for a prolonged outage the network will eventually fail. > Second part. > > Does anyone on this list have this type of configuration, PDC-BDC or > Master/Slave and can help do the same? Please refer to the book: "Samba-3 by Example" Chapters 5 and 6. You can obtain a copy from: http://www.samba.org/samba/docs/Samba-Guide.pdf Enjoy. - John T. -- John H Terpstra Samba-Team Member Phone: +1 (650) 580-8668 Author: The Official Samba-3 HOWTO & Reference Guide, ISBN: 0131453556 Samba-3 by Example, ISBN: 0131472216 Hardening Linux, ISBN: 0072254971 Other books in production. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba and Window 2003
If you have all the latest krb5 & samba rpm updates installed, it should work as is. RedHat backports quite a bit of code. RH's current krb5 1.2.7 has stuff from 1.3 already patched in , for example. This is speaking from experience with Whitebox Linux3 ( a RHES3 clone ) using stock rpms and connecting to AD 2003. - toby bluhm philips medical systems, cleveland ohio [EMAIL PROTECTED] 440-483-5323 "Esquivel, Vicente" <[EMAIL PROTECTED]> Sent by: [EMAIL PROTECTED] 05/20/2005 10:35 AM To: samba@lists.samba.org cc: (bcc: Tobias Bluhm/CLE/MS/PHILIPS) Subject:[Samba] Samba and Window 2003 Classification: I am trying to find a good how-to on setting up samba to use Windows 2003 for authentication, if anyone knows of a good link let me know. I am using RedHat ES 3 and our Windows is running in native mode with NT style authentication allowed. I cant use ADS and Kerberos because the current version of Kerberos on my RH server is 1.2.7 and from what I have read I need 1.3+ in order for it to work that way. I just cant upgrade right now so I am trying to find a way to get this to work somehow. Any advice would GREATLY appreciated. Thanks Vince -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba and Window 2003
> Did you do that or has anyone accomplished reinstalling a > new version of Kerberos Yes I've done that back when I used to use Red Hat. Download the MITKRB5 source and install it in a different directory from the RH one. Read the readme files in the MITKRB5 source tarball to learn how to do this. Then when compiling samba, point it to the alternate MITKRB5 location when you compile it. Read the readme files in the samba source tarball to learn how to do this. Then follow this document http://us2.samba.org/samba/docs/man/Samba-HOWTO-Collection/domain-member .html to get samba working with ADS. Make sure you read the end of this page for a Windows 2003 configuration option. --- Chris Covington IT Plus One Health Management 75 Maiden Lane Suite 801 NY, NY 10038 646-312-6269 http://www.plusoneactive.com -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] SMB service not starting automatically
The smb service is not starting automatically. I can type service smb start at the prompt and it loads, and I can then connect, but its not loading automatically as it used to. Can someone point me in the right direction as what file I need to change to make it load at startup. Thanks! Liz -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Non-algorithmic RIDs
On Friday 20 May 2005 10:56 am, Tony Earnshaw wrote: > > So do I, awk/sed/shell. I use smbpasswd (amongst other Samba utilities) > and I don't have your problem. Don't you know what smbpasswd is? Try > 'man smbpasswd' ;) Yes, I know what it is. No, I did not use it. I use LDAP, and I did all of my entries in LDAP directly, skipping the Samba layer. It may have been the wrong way, but it is done and I have a fully running domain that has been running for more than 6 months that way. I do not even use smbpasswd now, but smbldap-tools. > > smbpasswd will do what you want, if you already have posixGroup entries > for users, groups and computers. Are you telling me that smbpasswd will change the RIDs for already-existing Samba users? I did not know that. I get the feeling I have really frustrated you. Sorry. Misty > > --Tonni > > -- > Nothing sucksseeds like a pigeon without a beak ... > > mail: [EMAIL PROTECTED] > http://www.billy.demon.nl > > They'll love us, won't they? They feed us, don't they? ... -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: Re-2: [Samba] Samba3 on SCO Openserver
On Friday 20 May 2005 18:08, [EMAIL PROTECTED] wrote: > Hi Chris > I made it installing the KDE/KDevelop (SCO Skunkware), but when the > configure find gcc, exit with a lot of errors without producing the > Makefile! Any idea? Thanks is sco even still supported? at least some open source projects removed sco support, samba too? so you better choose an other operating system. -- Regards, Robert Robert Penz robert DOT penz AT outertech DOT com pgpcOecjFty8H.pgp Description: PGP signature -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] SMB issues across VPN
Ok.. perhaps someone could enlighten me on the basics of TCP/IP. I ran a tcpdump while a VPN user was using the SMB shares the bulk of the output looks like this: 09:56:01.725437 IP 192.168.2.40.4198 > 192.168.0.2.netbios-ssn: P 45330:45393(63) ack 3127776 win 64512 NBT Packet 09:56:01.725561 IP 192.168.0.2.netbios-ssn > 192.168.2.40.4198: . 3127776:3129156(1380) ack 45393 win 8576 NBT Packet 09:56:01.725570 IP 192.168.0.2.netbios-ssn > 192.168.2.40.4198: . 3129156:3130536(1380) ack 45393 win 8576 NBT Packet 09:56:01.725575 IP 192.168.0.2.netbios-ssn > 192.168.2.40.4198: . 3130536:3131916(1380) ack 45393 win 8576 NBT Packet 09:56:01.725579 IP 192.168.0.2.netbios-ssn > 192.168.2.40.4198: P 3131916:3131935(19) ack 45393 win 8576 NBT Packet 192.168.2.40 is the remote user and 192.168.0.2 is the xserve. I notice that 8575 is shown (my xserve buffer values) and 64512 is listed for the remote user. I am right to say that the remote user has a buffer roughly 7.5 times larger than the xserve. 8576 = 16* 536 and 64512 = 128*504. From my googling I have seen references to the buffer and multiples of the MSS value. Again I do not claim any real understanding of TCP/IP - I just going on a hunch. Would changing my buffer values to 68608 be wise?? I have played with the smb.cnf and non-multiples of 536 cause a huge performance hit. Dan T On May 19, 2005, at 10:07 AM, Dan Tappin wrote: I have Samba v3.0.5 running on OS X Server 10.3. On our local office LAN we have no SMB browsing or speed issues at all. We recently set-up a VPN between this office and an offsite location via synchronous 3Mb/s wireless internet and two Sonicwall firewall / VPN devices. The offsite users are having issues with SMB browsing and file transfer speeds and reliability. The offsite users are seeing decent copy speeds (8MB file in 50 seconds) but the browsing is horrible. It takes them a few minutes to view the contents of a directory. The same action locally is instantaneous. If they try accessing a native PC share across the VPN the browsing is fast. This makes me think it is some sort of specific samba issue. Are there any browsing related speed tweaks that can be done. Also the smb.conf file (see below) is pretty much the standard Apple dist besides the socket options and getwd cache that I added. If I change the socket options buffer values performance takes a huge hit. I just found something in the smb.conf manual page on the samba.org site: enhanced browsing = yes My local subnet is 192.168.0.* and the offsite location is 192.168.2.*. Could this be part of the issue? The "enhanced browsing" mentions cross subnet support. Any tips / suggestions would be greatly appreciated. Thanks, Dan smb.conf file below... - [global] getwd cache = yes workgroup = OROURKE display charset = UTF-8-MAC print command = /usr/sbin/PrintServiceAccess printps %p %s lprm command = /usr/sbin/PrintServiceAccess remove %p %j security = user guest account = unknown encrypt passwords = yes printing = BSD allow trusted domains = no preferred master = yes lppause command = /usr/sbin/PrintServiceAccess hold %p %j netbios name = fileserver wins support = yes add machine script = /usr/bin/opendirectorypdbconfig -c create_computer_account -r %u -n "/LDAPv3/127.0.0.1" max smbd processes = 0 printcap = server string = Apple Xserve / RAID lpresume command = /usr/sbin/PrintServiceAccess release %p %j logon drive = H: client ntlmv2 auth = no domain logons = yes lpq command = /usr/sbin/PrintServiceAccess jobs %p admin users = @admin passdb backend = opendirectorysam guest dos charset = CP437 unix charset = UTF-8-MAC socket options = TCP_NODELAY SO_KEEPALIVE SO_RCVBUF=8576 SO_SNDBUF=8576 IPTOS_LOWDELAY auth methods = guest opendirectory local master = yes use spnego = no domain master = yes logon path = \\%N\profiles\%u printer admin = @admin, @staff map to guest = Never log level = 2 [netlogon] path = /etc/netlogon oplocks = yes strict locking = no write list = @admin browseable = no [homes] browseable = no root preexec = /usr/sbin/inituser %U create mode = 0750 read only = no comment = User Home Directories [projects] oplocks = 1 map archive = no path = /Volumes/Data/Projects read only = no inherit permissions = 1 strict locking = 1 comment = macosx create mask = 0644 guest ok = 0 directory mask = 0755 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] samba4 openldap
I see that samba4 will have it's own LDAP database. How will the support for OpenLDAP be? if anyone knows. Will I have the option to use OpenLDAP still for all the new features so as to be able to use current apps that use OpenLDAP already? If anyone has info regarding this, it would be appreciated. Thanks. Caleb O'Connell -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba3 on SCO Openserver
fre, 20.05.2005 kl. 16.13 skrev [EMAIL PROTECTED]: > I'm tryng to compile and install samba 3.0.14a on a SCO Openserver 5.0.6 > server (i want to use some shared printers from MS server2003 on a customer > network, but with samba SCO ver 2.2, i can't obtain the authorization from > the domain controller to use shared resources), but i'm havig a lot of > trouble. > > I had dowloaded samba-3.0.14a.tar.gz fro Samba.org. > I had put all the source code in the directory "/local/samba", and i have > uncompressed and unzipped all the files using gunzip an tar. > I have installed the development package (SCO) on my machine so now i have cc. > Then i run /local/samba/samba-3.0.14a/source/configure to obtain the Makefile > (ad i think it's all OK) > When i run make, i obtain a lot (one for each source file .c) of WARNING like > this: > > UX:ACOMP:WARNING: "include/vfs.h", line 475: no macro replacement within a > string literal > > then the linker stop with a fatal error: > > Undefined first referenced symbol in file > __unsafe_string_function_usage_here__ smbd/msdfs.o > UX:ld: ERROR: BIN/smbd: fatal error: Symbol referencing errors. no output > written to bin/smbd > UX:MAKE: ERROR: FATAL ERROR. > > Can anyone help me please? > Note that i'm not a C or Shell programmer so i don't know what i'm really > doing!!! > I think that something is wrong in the compiler directive (./configure?)o in > some of the include files (includes.h?) are not good for SCO openserver > environment. You'll not find that you have half the headers or libraries you need, even though you've installed SCO's development system. Furthermore, all the utilities are years out of date. You'd at least stand a better chance if you installed GNU's gcc, binutils and other stuff. I once compiled all these on Open Server 5.0.5, but I wouldn't recommend it to anyone. Go to usenet comp.unix.sco.misc and ask there. Jean-Pierre Radley has an arsenal of ready-compiled stuff; furthermore, I'm sure other Open Server users have done/tried to do what you want and could help one way or another. Better still is ditching Open Server and choosing a more modern OS, but then you probably already know that. Best, --Tonni -- Nothing sucksseeds like a pigeon without a beak ... mail: [EMAIL PROTECTED] http://www.billy.demon.nl They'll love us, won't they? They feed us, don't they? ... -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Non-algorithmic RIDs
fre, 20.05.2005 kl. 17.13 skrev Misty Stanley-Jones: > > I use 3.0.11/3.0.14a (2 sites) on RHAS3 and LDAP. When I use smbpasswd > > -a to add a POSIX group user to Samba, both user and group RIDs are > > calculated from uidNumber and gidNumber on the basis of a simple > > algorithm. This is something that smbpasswd just does; moreover it's > > documented. Why should mine be different from yours > > It is obviously that I did not use those scripts. What scripts? > I wrote my own scripts to > create an LDIF. So do I, awk/sed/shell. I use smbpasswd (amongst other Samba utilities) and I don't have your problem. Don't you know what smbpasswd is? Try 'man smbpasswd' ;) > I am no Windows admin and simply had no idea that it > mattered. It's all fully documented and explained in the Samba doco, all you have to do is read it. > The simplest solution would be to change the UIDs but that would > put them below 1000. smbpasswd will do what you want, if you already have posixGroup entries for users, groups and computers. --Tonni -- Nothing sucksseeds like a pigeon without a beak ... mail: [EMAIL PROTECTED] http://www.billy.demon.nl They'll love us, won't they? They feed us, don't they? ... -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re-2: [Samba] Samba3 on SCO Openserver
Hi Chris I made it installing the KDE/KDevelop (SCO Skunkware), but when the configure find gcc, exit with a lot of errors without producing the Makefile! Any idea? Thanks > > I have installed the development package (SCO) on my machine so > > now i have cc. > > Why don't you try to find gcc instezad of using SCO's cc? > > --- > Chris Covington > IT > Plus One Health Management > 75 Maiden Lane Suite 801 > NY, NY 10038 > 646-312-6269 > http://www.plusoneactive.com -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Having it both ways with winbind
I appreciate the feedback so far from Michael and Basil. Michael,Thanks for the nsswitch.conf suggestion but I already have "files nis winbind" in nsswitch.conf and my pam.conf has login auth requisite pam_authtok_get.so.1 login auth sufficient pam_dhkeys.so.1 login auth sufficient pam_unix_auth.so.1 login auth sufficient pam_dial_auth.so.1 login auth sufficient /usr/lib/security/pam_winbind.so.1 try_first_pass rlogin auth sufficient pam_rhosts_auth.so.1 rlogin auth requisite pam_authtok_get.so.1 rlogin auth sufficient pam_dhkeys.so.1 rlogin auth sufficient pam_unix_auth.so.1 rlogin auth sufficient /usr/lib/security/pam_winbind.so.1 try_first_pass other auth requisite pam_authtok_get.so.1 other auth sufficient pam_dhkeys.so.1 other auth sufficient pam_unix_auth.so.1 other auth sufficient /usr/lib/security/pam_winbind.so.1 try_first_pass Basil, what I mean is that I have all my unix users in NIS (should have mentioned that to start). Those people are fine when they actually log into any Unix box but if they connect to the samba shares, from windows like run -> \\sambashares, Winbind gets in the way and assigns them a new UID, GID and home directory based on these settings winbind uid = 37000-3 winbind gid = 37000-3 winbind enum users = yes winbind enum groups = yes template homedir = /tmp/winbind/%D/%U instead of using the information out of NIS. What I want is for the users that have a valid entry in NIS to connect to the shares with that UID, GID and home directory. If they connect to the shares as a valid ADS user but there is no matching username in NIS then winbind should kick in and auto generate the UID, GID and home directory. -- Bill -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Message Stopped by Bothways : Block Greater than 40 recip
MailMarshal has stopped the following message: Message: Bedbce.0001.mml From:[EMAIL PROTECTED] To: [EMAIL PROTECTED]; [EMAIL PROTECTED]; [EMAIL PROTECTED]; [EMAIL PROTECTED]; [EMAIL PROTECTED]; [EMAIL PROTECTED]; [EMAIL PROTECTED]; [EMAIL PROTECTED]; [EMAIL PROTECTED]; [EMAIL PROTECTED]; [EMAIL PROTECTED]; [EMAIL PROTECTED]; [EMAIL PROTECTED]; [EMAIL PROTECTED]; [EMAIL PROTECTED]; [EMAIL PROTECTED]; [EMAIL PROTECTED]; [EMAIL PROTECTED]; [EMAIL PROTECTED]; [EMAIL PROTECTED]; [EMAIL PROTECTED]; [EMAIL PROTECTED]; [EMAIL PROTECTED]; [EMAIL PROTECTED]; [EMAIL PROTECTED]; [EMAIL PROTECTED]; [EMAIL PROTECTED]; [EMAIL PROTECTED]; [EMAIL PROTECTED]; [EMAIL PROTECTED]; [EMAIL PROTECTED]; [EMAIL PROTECTED]; [EMAIL PROTECTED]; [EMAIL PROTECTED]; [EMAIL PROTECTED]; [EMAIL PROTECTED]; [EMAIL PROTECTED]; [EMAIL PROTECTED]; kvdb@ meandermc.nl; [EMAIL PROTECTED]; [EMAIL PROTECTED]; [EMAIL PROTECTED]; [EMAIL PROTECTED]; [EMAIL PROTECTED]; [EMAIL PROTECTED]; [EMAIL PROTECTED]; [EMAIL PROTECTED]; [EMAIL PROTECTED]; [EMAIL PROTECTED]; [EMAIL PROTECTED] Subject: Auf Streife durch den Berliner Wedding The original mail message and its processing log are attached. MailMarshal Rule: Bothways : Block Greater than 40 recip For more information on email virus scanning, security and content management, visit http://www.marshalsoftware.com 0224 17:40:58.421 Message From <[EMAIL PROTECTED]>, Return-path <[EMAIL PROTECTED]>, Recipients (50) - <[EMAIL PROTECTED]> <[EMAIL PROTECTED]> <[EMAIL PROTECTED]> <[EMAIL PROTECTED]> <[EMAIL PROTECTED]> <[EMAIL PROTECTED]> <[EMAIL PROTECTED]> <[EMAIL PROTECTED]> <[EMAIL PROTECTED]> <[EMAIL PROTECTED]> <[EMAIL PROTECTED]> <[EMAIL PROTECTED]> <[EMAIL PROTECTED]> <[EMAIL PROTECTED]> <[EMAIL PROTECTED]> <[EMAIL PROTECTED]> <[EMAIL PROTECTED]> <[EMAIL PROTECTED]> <[EMAIL PROTECTED]> <[EMAIL PROTECTED]> <[EMAIL PROTECTED]> <[EMAIL PROTECTED]> <[EMAIL PROTECTED]> <[EMAIL PROTECTED]> <[EMAIL PROTECTED]> <[EMAIL PROTECTED]> <[EMAIL PROTECTED]> <[EMAIL PROTECTED]> <[EMAIL PROTECTED]> <[EMAIL PROTECTED]> <[EMAIL PROTECTED]> <[EMAIL PROTECTED]> <[EMAIL PROTECTED]> <[EMAIL PROTECTED]> <[EMAIL PROTECTED]> <[EMAIL PROTECTED]> <[EMAIL PROTECTED]> <[EMAIL PROTECTED]> <[EMAIL PROTECTED]> <[EMAIL PROTECTED]> <[EMAIL PROTECTED]> <[EMAIL PROTECTED]> <[EMAIL PROTECTED]> <[EMAIL PROTECTED]> <[EMAIL PROTECTED]> <[EMAIL PROTECTED]> <[EMAIL PROTECTED]> <[EMAIL PROTECTED]> <[EMAIL PROTECTED]> <[EMAIL PROTECTED]> 0224 17:40:58.421 RuleSet Outbound Messages does not split the msg - no users match 0224 17:40:58.421 Thread 4 Starting to unpack 0224 17:40:58.421 Type=MAIL, size=1338, Name=Bedbce.0001.mml 0224 17:40:58.421 Type=MHDR, size=1203, Name=MsgHeader.txt 0224 17:40:58.421 Type=MBODY, size=133, Name=Plain.txt 0224 17:40:58.421 50 user(s) match ruleset - Inbound Messages 0224 17:40:58.421 0 user(s) match rule - Block banned accounts (standard rule) 0224 17:40:58.421 0 user(s) match rule - Block mail from banned domains 0224 17:40:58.421 50 user(s) match rule - Block Subject: Er staat een eCard voor u klaar! 0224 17:40:58.421 Name=U1\Bedbce.0001.mml (MAIL,1338) False 0224 17:40:58.421 50 user(s) match rule - Block Subject: Mail Delivery Failure 0224 17:40:58.421 Name=U1\Bedbce.0001.mml (MAIL,1338) False 0224 17:40:58.421 50 user(s) match rule - Block Subject: Single-word-subjects 0224 17:40:58.421 Name=U1\Bedbce.0001.mml (MAIL,1338) False 0224 17:40:58.421 0 user(s) match rule - Strip attachments to '[EMAIL PROTECTED]' 0224 17:40:58.421 50 user(s) match rule - Block Virus 0224 17:40:58.453 Command OK file Result= 0 after 32 millisecs 0224 17:40:58.468 Command OK file Result= 0 after 15 millisecs 0224 17:40:58.468 Command OK file Result= 0 after 0 millisecs 0224 17:40:58.468 Name=U1\Bedbce.0001.mml (MAIL,1338) False 0224 17:40:58.468 Name=U2\MsgHeader.txt (MHDR,1203) False 0224 17:40:58.468 Name=U2\Plain.txt (MBODY,133) False 0224 17:40:58.468 50 user(s) match rule - Block German Spam 0224 17:40:58.468 Name=U1\Bedbce.0001.mml (MAIL,1338) False 0224 17:40:58.484 50 user(s) match rule - SpamCensor 0224 17:40:58.484 Name=U1\Bedbce.0001.mml (MAIL,1338) False 0224 17:40:58.484 50 user(s) match rule - Spam Filter 0224 17:40:58.484 Name=U1\Bedbce.0001.mml (MAIL,1338) False 0224 17:40:58.484 Name=U2\MsgHeader.txt (MHDR,1203) False 0224 17:40:58.484 Name=U2\Plain.txt (MBODY,133) False 0224 17:40:58.484 50 user(s) match rule - PornSpam Filter 0224 17:40:58.484 Name=U1\Bedbce.0001.mml (MAIL,1338) False 0224 17:40:58.484 Name=U2\MsgHeader.txt (MHDR,1203) False 0224 17:40:58.484 Name=U2\Plain.txt (MBODY,133) False 0224 17:40:58.484 50 user(s) match rule - Block Dangerous Attachments 0224 17:40:58.484 Name=U1\Bedbce.0001.mml (MAIL,1338
[Samba] Print servers lose connection
I have Samba configured on a Fedora Core 3 box. It's only used now as a file server. However, when I connect it to the network, my print servers all kick off within about 30 min. Local net 10.0.0.* 255.255.255.0 Any ideas on what is causing this? Thanks for the help David -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Non-algorithmic RIDs
On Friday 20 May 2005 09:08 am, Tony Earnshaw wrote: > I use 3.0.11/3.0.14a (2 sites) on RHAS3 and LDAP. When I use smbpasswd > -a to add a POSIX group user to Samba, both user and group RIDs are > calculated from uidNumber and gidNumber on the basis of a simple > algorithm. This is something that smbpasswd just does; moreover it's > documented. Why should mine be different from yours It is obviously that I did not use those scripts. I wrote my own scripts to create an LDIF. I am no Windows admin and simply had no idea that it mattered. The simplest solution would be to change the UIDs but that would put them below 1000. Misty > > --Tonni > > -- > Nothing sucksseeds like a pigeon without a beak ... > > mail: [EMAIL PROTECTED] > http://www.billy.demon.nl > > They'll love us, won't they? They feed us, don't they? ... -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Samba and Window 2003
Did you do that or has anyone accomplished reinstalling a new version of Kerberos and getting it to work with 2003 AD? Vince -Original Message- From: Covington, Chris [mailto:[EMAIL PROTECTED] Sent: Friday, May 20, 2005 9:46 AM To: Esquivel, Vicente; samba@lists.samba.org Subject: Re: [Samba] Samba and Window 2003 > ...our Windows is running in native mode... > I cant use ADS and Kerberos because the current version of Kerberos on > my RH server is 1.2.7 and from what I have read I need 1.3+ in order > for it to work that way. Why don't you just upgrade Kerberos - install the new version in an alternate location and preserve the existing system one? You can't use samba then, as a Domain Member. Maybe you could configure Samba to use your domain as its workgroup & allow all SMB traffic or something like that, if you don't mind a free-for-all with no security whatsoever. --- Chris Covington IT Plus One Health Management 75 Maiden Lane Suite 801 NY, NY 10038 646-312-6269 http://www.plusoneactive.com -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] No Folder browseable
Hi, and here's an excerpt from the logs: [2005/05/20 16:51:34, 3] smbd/process.c:process_smb(1091) Transaction 9 of length 104 [2005/05/20 16:51:34, 3] smbd/process.c:switch_message(886) switch message SMBtrans2 (pid 15743) conn 0x83a06d8 [2005/05/20 16:51:34, 3] smbd/trans2.c:call_trans2qfilepathinfo(2418) call_trans2qfilepathinfo: TRANSACT2_QPATHINFO: level = 1004 [2005/05/20 16:51:34, 3] smbd/trans2.c:call_trans2qfilepathinfo(2443) call_trans2qfilepathinfo: SMB_VFS_STAT of desktop.ini failed (No such file or directory) [2005/05/20 16:51:34, 3] smbd/error.c:error_packet(105) error string = No such file or directory [2005/05/20 16:51:34, 3] smbd/error.c:error_packet(129) error packet at smbd/trans2.c(2197) cmd=50 (SMBtrans2) NT_STATUS_OBJECT_NAME_NOT_FOUND [2005/05/20 16:51:35, 3] smbd/process.c:process_smb(1091) Transaction 10 of length 39 [2005/05/20 16:51:35, 3] smbd/process.c:switch_message(886) switch message SMBtdis (pid 15743) conn 0x83a06d8 [2005/05/20 16:51:35, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2005/05/20 16:51:35, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2005/05/20 16:51:35, 1] smbd/service.c:close_cnum(830) fscf2byo0efuvvx (192.168.150.30) closed connection to service DATA$ [2005/05/20 16:51:35, 3] smbd/connection.c:yield_connection(69) Yielding connection to DATA$ [2005/05/20 16:51:35, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2005/05/20 16:52:35, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 and the smb.conf file: [global] private dir = /samba/ages003/conf/private name resolve order = lmhosts, wins, bcast idmap gid = 1-2 wtmp directory = /samba/ages003/conf/wtmp lock directory = /samba/ages003/conf/locks netbios name = AGES003 writeable = yes idmap uid = 1-2 workgroup = SZ_GESIS os level = 20 socket address = 192.168.84.36 security = domain winbind separator = + log level = 3 log file = /samba/ages003/conf/log/%m.log smb passwd file = /samba/ages003/conf/private/smbpasswd load printers = No map hidden = yes socket options = SO_SNDBUF=4096 SO_KEEPALIVE TCP_NODELAY IPTOS_LOWDELAY IPTOS_THROUGHPUT pid directory = /samba/ages003/conf/pids wins server = 193.29.124.81, 193.29.122.75 username map = /samba/ages003/conf/private/smbusers interfaces = 192.168.84.36/255.255.255.0 domain master = No encrypt passwords = yes template shell = /bin/bash server string = GESIS Profileserver A (Samba %v) winbind enum users = yes password server = bkgesis01 bkgesis02 bkgesis10 winbind nested groups = Yes template homedir = /samba/ages003/data/tmp/winbindjail winbind enum groups = no # unix charset = UTF8 preferred master = no utmp directory = /samba/ages003/conf/utmp [...] [PROFILE01$] nt acl support = yes dos filetimes = yes dos filetime resolution = yes browseable = no writable = yes inherit permissions = yes hide unreadable = yes admin users = PREUSSAG+GESIS_ADM path = /samba/ages003/data/profile01 #hide files = /lost+found/ hide dot files = yes comment = PROFILE SHARE #hide special files = yes inherit acls = yes root preexec = /usr/sbin/samba/create_profile_dirs.sh %u profile01 Mit freundlichem Gruß, Dirk Laurenz Systems Engineer Fujitsu Siemens Computers S CE DE SE PS N/O Sales Central Europe Deutschland Professional Service Nord / Ost Hildesheimer Strasse 25 30880 Laatzen Germany Telephone: +49 (511) 84 89 - 18 08 Telefax:+49 (511) 84 89 - 25 18 08 Mobile: +49 (170) 22 10 781 Email: mailto:[EMAIL PROTECTED] Internet: http://www.fujitsu-siemens.com http://www.fujitsu-siemens.de/services/index.html *** -| -Original Message- -| From: Laurenz, Dirk -| Sent: Wednesday, May 18, 2005 3:48 PM -| To: Laurenz, Dirk; samba-technical@lists.samba.org -| Cc: Lutz, Mathias; Oeltze, Benjamin -| Subject: RE: [Samba] No Folder browseable -| -| Hello everybody! -| -| after no answer has been send, i've read a little bit -| around and searched -| the docs and found this hints, where i think this could be -| the origin of -| the problem. -| -| "It also included a change -| in behavior of winbindd. Please refer to the man page -| for smb.conf before implementing -| any update from versions prior to 3.0.8 to a current version." -| -| The main problem is, i have read both man pages of smb.conf -| (3.0.
Re: [Samba] Samba and Window 2003
> ...our Windows is running in native mode... > I cant use ADS and Kerberos because the current version of > Kerberos on my RH server is 1.2.7 and from what I have read > I need 1.3+ in order for it to work that way. Why don't you just upgrade Kerberos - install the new version in an alternate location and preserve the existing system one? You can't use samba then, as a Domain Member. Maybe you could configure Samba to use your domain as its workgroup & allow all SMB traffic or something like that, if you don't mind a free-for-all with no security whatsoever. --- Chris Covington IT Plus One Health Management 75 Maiden Lane Suite 801 NY, NY 10038 646-312-6269 http://www.plusoneactive.com -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Alert Re MS Microsoft Office 2003 Pro / XP shortcuts on Samba
This is to follow up with my previous posting: All works except MS Office 2003 Pro navigation of win. shortcuts to shares -I cant figure out how to reply to a thread :( Alert Re MS Microsoft Office 2003 Pro / XP shortcuts on Samba It happens that ... the "event" could have happened and all would've been well, but I didn't want to wait...and the light dawned... The solution to Office 2003 / XP patched or unpatched being able to 'see' and follow, or not follow depending on permissions , windoze shortcuts on a Samba share using \\server\sharename syntax is to put the desired share(s) to valid users = @"Domain Users" first, create the shortcut, *then* restrict share permissions in smb.conf ... and they lived happily ever after! Hats off to all ye opensourcers!! BTW Redhat ES 3 Samba 3.0.9 / OpenLDAP 2.0.27 / a la Idealx IBM Server 2005/05/19 ...implementing Ontario municipal file plan structure with 100+ shares. Mapping drive letters to Windoze is limited to 26 so we mapped one drive to each pc calle 'fileplan' with the 13 main headings (folders) and within those shortcuts to each share. __ Post your free ad now! http://personals.yahoo.ca -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Non-algorithmic RIDs
fre, 20.05.2005 kl. 15.42 skrev Misty Stanley-Jones: > When I set up my initial users for the Samba domain i did not realize that > RIDs were supposed to be dynamic. I was creating the user as a posixAccount > in LDAP, and then adding the Samba elements via a script that I wrote. > Their RIDs are the same as their UID. For instance if I have a user with > uidNumber 1036, her SID would be -1036. This is fine except for > idmapping for member servers, for ACLs. I have about 30 users with this > problem. Is there a non-disruptive way for me to convert their RIDs to be > algorithmic based on their UIDs, without destroying their roaming profiles > etc? If not I think we will just have to deal with not being able to use > ACLs on member servers, but I thought I would query first. To reiterate, we > are using a LDAP backend. I use 3.0.11/3.0.14a (2 sites) on RHAS3 and LDAP. When I use smbpasswd -a to add a POSIX group user to Samba, both user and group RIDs are calculated from uidNumber and gidNumber on the basis of a simple algorithm. This is something that smbpasswd just does; moreover it's documented. Why should mine be different from yours? --Tonni -- Nothing sucksseeds like a pigeon without a beak ... mail: [EMAIL PROTECTED] http://www.billy.demon.nl They'll love us, won't they? They feed us, don't they? ... -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Samba and Window 2003
I am trying to find a good how-to on setting up samba to use Windows 2003 for authentication, if anyone knows of a good link let me know. I am using RedHat ES 3 and our Windows is running in native mode with NT style authentication allowed. I cant use ADS and Kerberos because the current version of Kerberos on my RH server is 1.2.7 and from what I have read I need 1.3+ in order for it to work that way. I just cant upgrade right now so I am trying to find a way to get this to work somehow. Any advice would GREATLY appreciated. Thanks Vince -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba3 on SCO Openserver
> I have installed the development package (SCO) on my machine so > now i have cc. Why don't you try to find gcc instezad of using SCO's cc? --- Chris Covington IT Plus One Health Management 75 Maiden Lane Suite 801 NY, NY 10038 646-312-6269 http://www.plusoneactive.com -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Samba3 on SCO Openserver
Dears Sirs; I'm tryng to compile and install samba 3.0.14a on a SCO Openserver 5.0.6 server (i want to use some shared printers from MS server2003 on a customer network, but with samba SCO ver 2.2, i can't obtain the authorization from the domain controller to use shared resources), but i'm havig a lot of trouble. I had dowloaded samba-3.0.14a.tar.gz fro Samba.org. I had put all the source code in the directory "/local/samba", and i have uncompressed and unzipped all the files using gunzip an tar. I have installed the development package (SCO) on my machine so now i have cc. Then i run /local/samba/samba-3.0.14a/source/configure to obtain the Makefile (ad i think it's all OK) When i run make, i obtain a lot (one for each source file .c) of WARNING like this: UX:ACOMP:WARNING: "include/vfs.h", line 475: no macro replacement within a string literal then the linker stop with a fatal error: Undefined first referenced symbol in file __unsafe_string_function_usage_here__ smbd/msdfs.o UX:ld: ERROR: BIN/smbd: fatal error: Symbol referencing errors. no output written to bin/smbd UX:MAKE: ERROR: FATAL ERROR. Can anyone help me please? Note that i'm not a C or Shell programmer so i don't know what i'm really doing!!! I think that something is wrong in the compiler directive (./configure?)o in some of the include files (includes.h?) are not good for SCO openserver environment. Many thank in advance Roberto Guerra [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Winbind/ads/pam auth
MAGIC! Thanks sk Well at the moment its not a problem since im only using one domain and probably only will be. Maybes heh On a side note, even though nsswitch.conf has shadow set to files and winbind any ideas if and why it doesn't show domain users/crypted passwords? Thanks for your help. Ross -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Stefanos Karasavvidis Sent: 20 May 2005 14:46 To: [EMAIL PROTECTED] Subject: Re: [Samba] Winbind/ads/pam auth you can setup your samba configuration to have a default Domain so the usernames as the linux machine sees them, will have only the username part (without the Domain) and you can work as expected. Simply put winbind use default domain = yes in your smb.conf There is a catch though. You can't have users with the same username under different domains sk Ross McInnes wrote: > Hi list > > Got an odd "problem" here. > > But, ive followed the howtos etc getting pam authentication to work > etc > > Ive just setup imap, the domain username is "test" > > When I run getent passwd im returned with > > DEV-DOMAIN+test:x:10012:10023:test > DEV-DOMAIN+test:/home/DEV-DOMAIN/test:/bin/false > > When I logon onto the windows 2k3 AD as test, it all logs on, sees the > Home drive on the samba server (authenticates etc) but when I setup > imap it wont let me logon. > > dev1 imapd[11078]: Login failed user=test auth=test > host=[172.16.2.252] > dev1 imapd[11079]: Login failed user=test auth=test > host=[172.16.2.252] > dev1 imapd[11083]: Login failed user=test auth=test > host=[172.16.2.252] > > But when I change the user name on the mail client to what getent > password sees (i.e DEV-DOMAIN+test) > > dev1 pam_winbind[11077]: user 'DEV-DOMAIN+test' granted access > dev1 imapd[11077]: Login user=DEV-DOMAIN+test host=[172.16.2.252] > > It works! > > Why wont it accept just "test" since I cannot expect my users to put > in > AD+username > > Any thoughts/ideas/magical faq page ive over looked?? > > Cheers > > Ross > -- == Stefanos Karasavvidis Electronic & Computer Engineer, M.Eng. e-mail : [EMAIL PROTECTED] Technical University of Crete, Campus Information Systems Center Address: Akrotiri, Chania, 73100 Tel.: (+30) 28210 37352, 37355 (central), 37766 (ENV.ENG. buildings) Fax: (+30) 28210 37571 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] LDAP master-slave and BDC ?
Thank you for the explanation. It is clear to me now. Your last comment is interesting. If the PDC is the weakest link, what are the other alternatives that are strong links? By fail-over I mean if the authentication server fails or is down, my user would still be able to login and use the workstation. -mark - Original Message - From: "John H Terpstra" <[EMAIL PROTECTED]> To: ; "Msdigital" <[EMAIL PROTECTED]> Sent: Thursday, May 19, 2005 8:09 PM Subject: Re: [Samba] LDAP master-slave and BDC ? On Thursday 19 May 2005 20:04, Msdigital wrote: I am a bit confused, about the LDAP master-slave and BDC. I have an Samba-LDAP server that serves as my PDC. All my users authenticate to this server. I would like to set up a BDC for failover. What is the difference between a BDC and a LDAP Slave server? A BDC is a NT4 domain controller that handles network logon authentication. A Samba BDC will relay all network account updates to a PDC. Only the PDC will write to the passdb backend. A BDC will read authentication data from the passdb backend it is configured to use. A Slave LDAP server is a read-only mirror of an LDAP Master server. A PDC would normally be directed at a Master LDAP server, but can work with a Slave LDAP server. If a PDC is configured to use a Slave LDAP server all write requests to the directory will be handled via a referral to the Master LDAP server. In other words, all write requests are handled by the Master LDAP server. It does not matter whether a BDC uses a Master or a Slave LDAP server - it only ever reads directory information from it. What do you mean by fail-over? A BDC can handle network logon requests, but it can never replace a PDC. In other words, the PDC is still the weakest link. If a PDC is off the air for a prolonged outage the network will eventually fail. Second part. Does anyone on this list have this type of configuration, PDC-BDC or Master/Slave and can help do the same? Please refer to the book: "Samba-3 by Example" Chapters 5 and 6. You can obtain a copy from: http://www.samba.org/samba/docs/Samba-Guide.pdf Enjoy. - John T. -- John H Terpstra Samba-Team Member Phone: +1 (650) 580-8668 Author: The Official Samba-3 HOWTO & Reference Guide, ISBN: 0131453556 Samba-3 by Example, ISBN: 0131472216 Hardening Linux, ISBN: 0072254971 Other books in production. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Q.'s about file system rights and winbind
I have just setup winbind on a RedHat EP 3 server with samba 3.0.9 I have everything setup except the pam mods. I have a windows 2003 domain running in mix mode (due to old system that can not be updated) so I am running the samba server in domain mode. smb.conf [global] Unix charset = LOCALE workgroup = netbois name = server string = Samba server security = domain log file = /var/log/samba/%m.log max log size = 50 winbind separator = + idmap uid = 1-2 idmap gid = 1-2 winbind enum users = yes winbind enum groups = yes encrypt password = yes smb passwd file = /etc/samba/smbpasswd sock options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 wins server = 128.135.182.84 template shell = /bin/bash template homedir = /tmp template primary group = "Domain Users" winbind use default domain = yes [data] path = /home/data browseable = yes writeable =yes ## Q. do I need pam configured for just file sharing? ## Q. how do I / can I add domain groups to the file share for my ACL's ? Q. do I need to created a mapping for this or will winbind just do the translation ( which would be great ). ? Thanks for any time and effort put forth. -Ian -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Winbind/ads/pam auth
you can setup your samba configuration to have a default Domain so the usernames as the linux machine sees them, will have only the username part (without the Domain) and you can work as expected. Simply put winbind use default domain = yes in your smb.conf There is a catch though. You can't have users with the same username under different domains sk Ross McInnes wrote: Hi list Got an odd "problem" here. But, ive followed the howtos etc getting pam authentication to work etc Ive just setup imap, the domain username is "test" When I run getent passwd im returned with DEV-DOMAIN+test:x:10012:10023:test test:/home/DEV-DOMAIN/test:/bin/false When I logon onto the windows 2k3 AD as test, it all logs on, sees the Home drive on the samba server (authenticates etc) but when I setup imap it wont let me logon. dev1 imapd[11078]: Login failed user=test auth=test host=[172.16.2.252] dev1 imapd[11079]: Login failed user=test auth=test host=[172.16.2.252] dev1 imapd[11083]: Login failed user=test auth=test host=[172.16.2.252] But when I change the user name on the mail client to what getent password sees (i.e DEV-DOMAIN+test) dev1 pam_winbind[11077]: user 'DEV-DOMAIN+test' granted access dev1 imapd[11077]: Login user=DEV-DOMAIN+test host=[172.16.2.252] It works! Why wont it accept just "test" since I cannot expect my users to put in AD+username Any thoughts/ideas/magical faq page ive over looked?? Cheers Ross -- == Stefanos Karasavvidis Electronic & Computer Engineer, M.Eng. e-mail : [EMAIL PROTECTED] Technical University of Crete, Campus Information Systems Center Address: Akrotiri, Chania, 73100 Tel.: (+30) 28210 37352, 37355 (central), 37766 (ENV.ENG. buildings) Fax: (+30) 28210 37571 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Non-algorithmic RIDs
When I set up my initial users for the Samba domain i did not realize that RIDs were supposed to be dynamic. I was creating the user as a posixAccount in LDAP, and then adding the Samba elements via a script that I wrote. Their RIDs are the same as their UID. For instance if I have a user with uidNumber 1036, her SID would be -1036. This is fine except for idmapping for member servers, for ACLs. I have about 30 users with this problem. Is there a non-disruptive way for me to convert their RIDs to be algorithmic based on their UIDs, without destroying their roaming profiles etc? If not I think we will just have to deal with not being able to use ACLs on member servers, but I thought I would query first. To reiterate, we are using a LDAP backend. Misty -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] keeping tdb synchronized.
Hi folks, in order to keep my winbind database synchronized over two fileservers with samba-2.2.8a I did make a backup of winbind_idmap.tdb with tdbbackup and then I moved the file, did stop the second server, deleted winbind_cache.tdb, replaced the given winbind_idmap.tdb file and fired the smb processes again. Nevertheless I see the old user info - the "new" users on second server are still only numbers for me. Why ? Should I copy more files ? Regards, mpr. -- Marcin Przyczyna Net & Sys Admin, citiworks AG [EMAIL PROTECTED] +49 89 9925 75356 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] client mysteriously restricted to read-only
We have a linux samba server running 3.014a. A windows xp machine sometimes experiences a state where it can only read the shares, and not write to them. This happens at seemingly arbitrary times. The machine will go for days at a time functioning normally, and then suddenly is only allowed read access. Furthermore, there is no consistent solution. Even a full reboot of both the Samba machine and the windows machine sometimes does not allow write access. Below is the output of testparm, and attached is the configuration file. Anyway ideas would be greatly appreciated. Thanks, John Load smb config files from /usr/lib/smb.conf Processing section "[clp]" Processing section "[managers]" Loaded services file OK. Server role: ROLE_STANDALONE Press enter to see a dump of your service definitions # Global parameters [global] workgroup = CLPMAIN server string = samba server log file = /var/log/samba/%m.log max log size = 50 keepalive = 0 socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 printcap name = /etc/printcap dns proxy = No hosts allow = 192.168.1., 192.168.2., 127. hide files = /._*/.DS_Store/ veto oplock files = /*.xls/ [clp] comment = CLP Home path = /home/clpmain valid users = clp, managers read only = No guest ok = Yes [managers] comment = CLP Managers path = /home/managers valid users = managers read only = No -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Winbind/ads/pam auth
Hi list Got an odd "problem" here. But, ive followed the howtos etc getting pam authentication to work etc Ive just setup imap, the domain username is "test" When I run getent passwd im returned with DEV-DOMAIN+test:x:10012:10023:test test:/home/DEV-DOMAIN/test:/bin/false When I logon onto the windows 2k3 AD as test, it all logs on, sees the Home drive on the samba server (authenticates etc) but when I setup imap it wont let me logon. dev1 imapd[11078]: Login failed user=test auth=test host=[172.16.2.252] dev1 imapd[11079]: Login failed user=test auth=test host=[172.16.2.252] dev1 imapd[11083]: Login failed user=test auth=test host=[172.16.2.252] But when I change the user name on the mail client to what getent password sees (i.e DEV-DOMAIN+test) dev1 pam_winbind[11077]: user 'DEV-DOMAIN+test' granted access dev1 imapd[11077]: Login user=DEV-DOMAIN+test host=[172.16.2.252] It works! Why wont it accept just "test" since I cannot expect my users to put in AD+username Any thoughts/ideas/magical faq page ive over looked?? Cheers Ross -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Converting passwords to Linux (NIS)
The irony wasn't lost on me, but I look at it this way: I'm abandoning Windows, not Samba. Samba was a fantastic tool for the job I wanted to do at the time, and I would recommend it to anyone who needs to use both OSes. I remain hopeful that the tool (or a method) is out there, and suspect that the community that provides a bridge between Windows and Linux is the most likely to have heard about it. > You are asking a Samba list for help moving off Samba? I'm not > criticizing, just pointing out the irony. I'd be surprised if a samba > tool exists to move NT accounts to NIS. > * This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify [EMAIL PROTECTED] The views expressed within this email are those of the individual, and not necessarily those of the organisation * -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Migrating from NT4 questions
Hi,
I'm preparing to do a migration, but I'm having some doubts.
I installed 3.0.14a (from/for Suse) and I successfully joined the domain.
When I did a "net rpc vampire -S ..." there were some things that worry me :
...
Creating account: Administrator
[2005/05/17 12:35:31, 0] passdb/pdb_tdb.c:tdbsam_tdbopen(195)
Unable to open/create TDB passwd
[2005/05/17 12:35:31, 0] passdb/pdb_tdb.c:tdbsam_getsampwrid(488)
pdb_getsampwrid: Unable to open TDB rid database!
[2005/05/17 12:35:31, 0] utils/net_rpc_samsync.c:fetch_account_info(578)
Could not find unix group 4294967295 for user Administrator (group
SID=S-1-5-21-177555115-702490737-1861429907-513)
Creating account: Guest
[2005/05/17 12:35:31, 0] utils/net_rpc_samsync.c:fetch_account_info(578)
Could not find unix group 4294967295 for user Guest (group
SID=S-1-5-21-177555115-702490737-1861429907-514)
...
Creating account: ACE_SERVER_2$
[2005/05/17 12:35:31, 0] utils/net_rpc_samsync.c:fetch_account_info(578)
Could not find unix group 4294967295 for user ACE_SERVER_2$ (group
SID=S-1-5-21-177555115-702490737-1861429907-513)
...
I think the messages "Unable to open ..." are normal for a brand-new
installation, but the "Could not find unix group 4294967295" is what
worries me : that number is a representation of -1. Unix-group -1 does
indeed not exist. Also all machine-ID's give the same error. All these
errors concern SID -513, except for user Guest, there it's SID -514.
Is it normal to have unix-users for machines ($-suffix) ?
I do have a "smbusers"-file containing "root = Administrator".
net groupmap list gives a list of my groups, but several are linked to
unix-group -1 (like Users, Print Operators, Power Users, etc).
pdbedit -L give all my users, plus machine-names. But Administrator has
it's own linux-account. Then there is a user that has
user-number 4294967295 : "Koenraad:4294967295:Koenraad Lelong", that's
me, my linux-user-name (koenraad) already existed.
smb.conf is enclosed.
Is there anything wrong with my procedure/setup ? Any pointers ?
TIA
--
Met vriendelijke groeten,
Koenraad Lelong
R&D Manager
ACE electronics n.v.
# Global parameters
[global]
workgroup = ACE_DOMAIN
netbios name = LACE2
interfaces = eth0, lo
bind interfaces only = Yes
passdb backend = tdbsam
pam password change = Yes
passwd program = /usr/bin/passwd %u
passwd chat = *New*Password* %n\n *Re-enter*new*password*%n\n
*Password*changed*
username map = /etc/samba/smbusers
unix password sync = Yes
log level = 1
syslog = 0
log file = /var/log/samba/%m
max log size = 50
smb ports = 139 445
name resolve order = wins bcast hosts
time server = Yes
printcap name = CUPS
show add printer wizard = No
add user script = /usr/sbin/useradd -m '%u'
delete user script = /usr/sbin/userdel -r '%u'
add group script = /usr/sbin/groupadd '%g'
delete group script = /usr/sbin/groupdel '%g'
add user to group script = /usr/sbin/usermod -G '%g' '%u'
add machine script = /usr/sbin/useradd -s /bin/false -d /tmp '%u'
shutdown script = /var/lib/samba/scripts/shutdown.sh
abort shutdown script = /sbin/shutdown -c
logon script = scripts\logon.bat
logon path = \\%L\profiles\%U
logon drive = X:
logon home = \\%L\%U
domain logons = Yes
domain master = No
# preferred master = Yes
wins support = Yes
utmp = Yes
map acl inherit = Yes
printing = cups
veto files = /*.eml/*.nws/*.{*}/
veto oplock files = /*.doc/*.xls/*.mdb/
[IPC$]
path = /tmp
hosts allow = 192.168.0.0/24, 127.0.0.1
hosts deny = 0.0.0.0/0
[homes]
comment = Home Directories
valid users = %S
read only = No
browseable = No
[printers]
comment = SMB Print Spool
path = /var/spool/samba
guest ok = Yes
printable = Yes
use client driver = Yes
default devmode = Yes
browseable = No
[netlogon]
comment = Network Logon Service
path = /var/lib/samba/netlogon
guest ok = Yes
locking = No
[profiles]
comment = Profile Share
path = /var/lib/samba/profiles
read only = No
profile acls = Yes
[test-share]
comment = Test Share
path = /net/samba
read only = No
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Having it both ways with winbind
Braden Bill wrote: We already have a large complement of Unix users that are also Windows users but we also have non-unix users that need access to some samba shares. How can I setup samba so that Users who already have a Unix account will get that account and home directory when they connect through samba but valid domain users that do not already have a Unix account will authenticate through winbind and get the winbind generated UID, GID and home directory? Thanks. --Bill how about putting things like passwd files ldap winbind in nsswitch.conf? would that work? -- Michael Gasch Max Planck Institute for Evolutionary Anthropology Department of Human Evolution Deutscher Platz 6 D-04103 Leipzig Germany Phone: 49 (0)341 - 3550 137 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Samba and Windows XP
Hi I'm having problems with Samba and Windows XP SP2 where the XP machines cannot seem to stay connected to the file shares and the Printers. The connection/ disconnection is intermitent but W2k is fine, just a minor problem with MS Access Not Printing. Any advice would be helpful Thanks Robb -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Having it both ways with winbind
On 5/19/05, Braden Bill <[EMAIL PROTECTED]> wrote: > We already have a large complement of Unix users that are also Windows > users but we also have non-unix users that need access to some samba > shares. How can I setup samba so that Users who already have a Unix > account will get that account and home directory when they connect > through samba but valid domain users that do not already have a Unix > account will authenticate through winbind and get the winbind generated > UID, GID and home directory? What do you mean by the users with Unix accounts getting "that account and home directory when they connect through samba? Connect how? I'm really having a hard time understanding the context. Unless you are using NIS, unix accounts are always local. And even in that case, their home directories are intially local unless linked to directories exported through NFS on another server. All of which shows just how confused I am by your expression "connect through samba." Logged in locally through unix, they will have access to their home directories the usual way. Samba has nothing to do with that: they are not "connecting through samba". For *other* samba shares locally or on other samba servers, they can access them in the usual ways -- smbclient, mount - t smbfs. I feel I'm missing something in understanding your question. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Converting passwords to Linux (NIS)
On 5/20/05, R. Holtz <[EMAIL PROTECTED]> wrote: > On our network, some users authenticate against a linux server running NIS, > while some authenticate against a Windows NT machine via Samba. We want to > dispense with the Windows machine (who wouldn't!). > > Ideally, I'd like to preserve the users' current passwords. Does the Samba > suite include tools that allow this? Thank you for your help! You are asking a Samba list for help moving off Samba? I'm not criticizing, just pointing out the irony. I'd be surprised if a samba tool exists to move NT accounts to NIS. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] NetShareEnum
Is there anybody to help me ? Is it the right place for that sort of technical request ? I have the same problem on AS400 best regards hervé Hervé Kergourlay a écrit : I'm trying to list my Linux shared exported by samba from a Windows 2003 I'm using the NetShareEnum api the sample is working between 2 windows but it fails on the linux with error 5 Access Denied who to configure samba on the linux to ba able to do that ? thanks hervé -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Converting passwords to Linux (NIS)
On our network, some users authenticate against a linux server running NIS, while some authenticate against a Windows NT machine via Samba. We want to dispense with the Windows machine (who wouldn't!). Ideally, I'd like to preserve the users' current passwords. Does the Samba suite include tools that allow this? Thank you for your help! * This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify [EMAIL PROTECTED] The views expressed within this email are those of the individual, and not necessarily those of the organisation * -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Virus notification ...
SecureSynergy VirusScreen ASaP detected virus in attachment you sent to <[EMAIL PROTECTED]> with the subject header 'Re: Test'. The file has been processed with the following result: details_webmaster.txt.pif: W32/[EMAIL PROTECTED](cleaned) -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
