[Samba] Unable to see linux filesystem with samba running

[Goel, Parveen (AS01)]

Hi 

I am new to Linux. I am using Redhat 9.0. I have installed the Samba
software, configured the smb.conf, added my client Windows XP box into the
hosts.allow, hosts.equiv etc and started the smb service.

 

Still I am unable to map the Linux share on to my Windows XP box. I have
tried enabling and disabling the XP firewall also. I can see the Linux
machine name in the Windows explorer "My network Places" under the
configured workgroup, but I can not see the shares. It gives me the error
"Network path \\as01pgoelvm1\apac   not found"

 

"apac" is the name of the share I have created on my Linux VMware machine
"as01pgoelvm1"

 

Can some please help me?

 

Thanks & Regards

 

Parveen Goel

Honeywell Software Center

2 Richardson Place, North Ryde, NSW 2113, Australia

Ph: (612)9353 7268 Fax: (612)93537237

 

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] reverse veto files?

[Guido Lorenzutti]

I know how veto files works, but there is anyway to have some "valid 
files" like the "valid users" to ONLY allow files with some extension 
and not have to restrict one by one on the veto files?


tnxs in advance.
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Dreaded homes not sharing problem

[Jim C.]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

I just upgraded to Mdv LE 2005 fm MDK 10.1.
Sure enough, I've got the dreaded homes not sharing problem. Anybody got
the answer to this?


Jim C.
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.0 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFCn9gS57L0B7uXm9oRAs/9AJ9irks7SWmCiaAAEqsYz0dr5JYq/ACfXNA/
A4tceyTN1Ued0AsBvf3ERNs=
=epiP
-END PGP SIGNATURE-

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Migration from NT Domain to AD

[John Welch]

My company is in the process of migrating from an NT 4.0 Domain to a
Windows 2003 Active Directory Domain.  We have setup a pristine AD
domain and have begun moving machines and users over to it.  Part of
this migration process is moving to a new domain name.  We have several
Samba servers that are currently members of the NT 4.0 domain.  These
Samba servers are running on a mix of both Linux and AIX machines.  The
Samba servers are all used for basic file and print sharing.  My plan is
to leave these servers in "security = domain" mode, rather than
switching to "security = ads"; at least initially.  

The Linux servers are all running fairly current versions of Samba,
ranging from 3.0.7 to 3.0.11.  On most of these servers we are using
winbind to authenticate through the NT domain.  On a test server I
updated the smb.conf to reflect the new domain name and the new password
servers, and joined the new AD domain.  Everything seems to be working
OK on this test system.  The one question I have on these Linux/winbind
servers is: Are there any tools or scripts available to update file and
folder security?  For example, File.txt is owned by OLDDOMAIN+USER1.  Is
there anything available to update this file so that it is now owned by
NEWDOMAIN+USER1?  I know I can use the chown command to update the file,
but I'm wondering if there are any tools to do this on a complete
directory structure.
My bigger problem is with the AIX servers.  They are currently running
Samba version 2.2.8a.  I tried joining the new AD domain on one of these
systems and ran into "Access denied" problems.  I knew it was probably
about time to get these servers more up to date with Samba, so I didn't
waste too much time trying to figure out this problem.  Instead I
compiled and installed the latest (3.0.14a) version.  After doing this I
first checked to make sure everything was OK with this version before
migrating to the new domain.  Once I verified that things were OK, I
updated the smb.conf and joined the new AD domain (successfully).
However, when I started Samba back up I began getting errors and/or
prompts for user-name/password on the client side.  In the server logs I
am also seeing errors, the most significant of which seems to be the
following: "domain_client_validate: could not fetch trust account
password for domain BROSCO".  After trying a few things unsuccessfully,
I tried rejoining the original NT 4.0 domain.  Again the join was
successful, but I was getting the same errors/problems on both the
client and server.  I eventually had to restore Samba from backup in
order to get things working again.  I'm not sure where the problem lies
or what to try next.

Any help or suggestions for either my Linux/winbind question or (mostly)
my AIX problem would be appreciated.

Thanks in advance.

John



-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Samba Password Expiry Date

[Hiu Yen Onn]

Matthias Spork wrote:


Hello,


#> pdbedit -P "maximum password age" -C 5007600


Does it apply for all users in my domain???



This feature must be activated on yout domain-master. I've set this 
option also at all other samba domain-controllers (PDC's an BDC's). I 
don't know, if this is required.


There is the ldap-attribute "shadowMax: 60" for each user, but I don't 
know if this works yet with samba 3.0.14.


matze



i think i have prompt in
pdbedit -P "maximum password age" -C 86400
it is almost 1 day, just for testing only purpose.
then, when i get to show all the accounts, it shows this to me

Unix username:yohiu
NT username:  yohiu
Account Flags:[U  ]
User SID: S-1-5-21-1584484687-1589642492-3641120062-3006
Primary Group SID:S-1-5-21-1584484687-1589642492-3641120062-513
Full Name:Hiu Yen Onn
Home Directory:   \\SY\homes\yohiu
HomeDir Drive:H:
Logon Script: mis.bat
Profile Path: \\SY\profiles\yohiu
Domain:   SHINYANG
Account desc: Network Engineer
Workstations:
Munged dial:
Logon time:   0
Logoff time:  Sat, 14 Dec 1901 04:45:51 GMT
Kickoff time: 0
Password last set:Thu, 02 Jun 2005 15:17:38 GMT
Password can change:  Thu, 02 Jun 2005 15:17:38 GMT
Password must change: Sat, 14 Dec 1901 04:45:51 GMT
Last bad password   : 0
Bad password count  : 0

from the above, the password must change flag indicating the password is 
expired on Sat, 14 Dec 1901 04:45:51 GMT, but, it is not 1 day after the 
password have been changed. weird i am so confusing... thanks for 
helps...anyway...



--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] smbfs intermittent errors: tdb_lock failed, ERRDOS 71

[John Locke]

Hi,

I recently upgraded an older box running as a file server for a small 
company to Mandriva (Mandrake) 10.1. It's running Samba 3.0.10.1, the 
default Mandrake package.


We have a custom script that mounts a Windows share using smbfs, backs 
up specific directories, and unmounts when it's done. The problem is, 
it's not mounting reliably.


There is an entry in /etc/fstab for the share, complete with login 
credentials. Usually I can just log in as root and run:


mount /home/dubois/smb/dumas

... and it mounts and runs just fine. But sometimes it fails to mount, 
returning



Mounting: /home/dubois/smb/dumas
6606: tree connect failed: ERRDOS - 71
SMB connection failed


Other shares on other computers mount just fine--it's always this same 
remote computer, which is running Windows XP Professional.


I find in the /var/log/samba/smbmount.log this:


[2005/06/02 03:19:50, 0] tdb/tdbutil.c:tdb_log(725)
  tdb(/var/cache/samba/gencache.tdb): tdb_lock failed on list 16 
ltype=0 (Bad file descriptor)

[2005/06/02 03:19:50, 0] tdb/tdbutil.c:tdb_log(725)
  tdb(/var/cache/samba/gencache.tdb): tdb_lock failed on list 16 
ltype=1 (Bad file descriptor)

[2005/06/02 03:19:50, 0] tdb/tdbutil.c:tdb_log(725)
  tdb(/var/cache/samba/gencache.tdb): tdb_lock failed on list 48 
ltype=0 (Bad file descriptor)

[2005/06/02 03:19:51, 0] tdb/tdbutil.c:tdb_log(725)
  tdb(/var/cache/samba/gencache.tdb): tdb_lock failed on list 16 
ltype=1 (Bad file descriptor)



With the previous Linux installation, an older Red Hat install with 
somewhere around version 2.1, this share had been mounting flawlessly 
every night for the last month. Since upgrading, it seems to fail 50% of 
the time, and succeed 50% of the time. I'm using the old smb.conf and 
smbpasswd files, but otherwise all the other supporting Samba files are 
from the new installation.


Anybody have any hints, tips, fixes, or troubleshooting steps? What more 
information should I provide?


Thanks,

--
John Locke
"Open Source Solutions for Small Business Problems"
published by Charles River Media, June 2004
http://www.freelock.com

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Samba Password Expiry Date

[Hiu Yen Onn]

Matthias Spork wrote:


Hello,


#> pdbedit -P "maximum password age" -C 5007600


Does it apply for all users in my domain???



This feature must be activated on yout domain-master. I've set this 
option also at all other samba domain-controllers (PDC's an BDC's). I 
don't know, if this is required.


There is the ldap-attribute "shadowMax: 60" for each user, but I don't 
know if this works yet with samba 3.0.14.


matze



how to activated this account
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Windows logon doesn't work, Samba says it's fine

[Chris St. Pierre]

This is an immensely frustrating problem.

I try to logon to my Samba 3.0.11 PDC running on SuSE, and the Samba
logs report that it all went swimmingly:

[2005/06/02 16:34:45, 2] auth/auth.c:check_ntlm_password(305)
  check_ntlm_password:  authentication for user [stpierre] ->
  [stpierre] -> [stpierre] succeeded

So w00t, right.  But no!  Windows rejects my login with a "bad
password" error.  The strange thing is that I can mount volumes from
that server without a problem -- it's only domain logons that are
broken.

Googling didn't turn up much, but it seemed in general to be a problem
with mismatched SIDs.  Here are mine:

>From the server:

# net getlocalsid
SID for domain FLUFFY is: S-1-5-21-2946021175-1172358965-46922411

In my LDAP backend (all of these were copied directly from the results
of ldapsearch):

The machine account:
sambaSID=S-1-5-21-2946021175-1172358965-46922411-3048

The user account:
sambaSID=S-1-5-21-2946021175-1172358965-46922411-5546

The domain account:
sambaSID=S-1-5-21-2946021175-1172358965-46922411

As you can see, they're all identical.  I dearly wish the problem
could be mismatched SIDs, but it doesn't appear to be.  My full
smb.conf is below.  Any ideas?

Chris St. Pierre
Unix Systems Administrator
Nebraska Wesleyan University

---
smb.conf:
---
[global]
server string = Fluffy
workgroup = NWU_FLUFFY
netbios name = FLUFFY

log level = 2
encrypt passwords = yes
max smbd processes = 0
socket options = TCP_NODELAY
use sendfile = no

add machine script = /usr/local/samba/scripts/trust-acct.pl '%u'

logon script = scripts\logon.bat
logon path = \\%L\profiles\%U

domain logons = yes
domain master = yes
local master = yes
preferred master = yes
wins server = 10.9.1.12
security = user
admin users = stpierre
os level = 33

passdb backend = ldapsam:ldap://ldap.nebrwesleyan.edu
ldap suffix = o=nebrwesleyan.edu,o=isp
ldap machine suffix = ou=People
ldap user suffix = ou=People
ldap group suffix = ou=Groups
ldap filter = (uid=%u)
ldap admin dn = cn=manager
ldap ssl = no

#idmap backend = ldap:ldap://newman.nebrwesleyan.edu
idmap uid = 1-2
idmap gid = 1-2

[netlogon]
comment = Network Logon Service
path = /usr/local/samba/var/netlogon
guest ok = yes
locking = No

[profiles]

[profiles]
comment = Profile Share
path = /usr/local/samba/var/profiles
read only = No
create mask = 0600
directory mask = 0700
nt acl support = Yes
csc policy = disable
share modes = no
profile acls = yes

[tmp]
comment = temporary files
path = /tmp
read only = yes

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Authenticate users through PAM

[Carlos Hernandez]

Sorry if you've heard this question a lot of times
before, but, ¿Is there any way to use the users in
/etc/passwd /etc/shadow as Samba users?
I am using Fedora Core 3 and samba-3.0.10-1.fc3 and I
don't want to have two separated user databases. Maybe
through PAM or something...

Thanks!
Carlos


__
Correo Yahoo!
Espacio para todos tus mensajes, antivirus y antispam ¡gratis! 
Regístrate ya - http://correo.espanol.yahoo.com/ 
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Crashing Suse 9.2 box - Samba prime suspect

[Julian Opificius]

I'm running Suse 9.2, up to date via Yast, samba 3.0.9-2.3, openssh 
3.9p1-3.2.


I had two hard crashes on my Suse 9.2 server in the last four days since 
I mounted two Windows server shares to the Linux box. Prior to that, 
machine has been stable for several months. Primary use is cvs server 
with ssh tunnelling pserver from PuTTY.


Crash 1:
I connected in from home using WSFTP Pro 9.01 in FTP/SSH mode to 
download a Windows directory tree mounted to the Suse server via smbmount.


After transfer was successfully completed, Linux went down hard as I 
tried to start another transfer.


I repeated process using direct a LAN connection with the same result.

The "messages" log shows :
May 29 01:27:40 engsrv sshd[13206]: Accepted publickey for deleted> from  port 12690 ssh2
May 29 01:27:40 engsrv pure-ftpd: ([EMAIL PROTECTED]) [INFO] New connection 
from local

host
May 29 01:27:40 engsrv pure-ftpd: ([EMAIL PROTECTED]) [INFO] Logout.
May 29 01:27:41 engsrv sshd[13209]: subsystem request for sftp
May 29 11:50:29 engsrv syslogd 1.4.1: restart.

text in <> is my comment.

I deduce from the timestamps that the "subsystem request for sftp" line 
is the last thing written before the crash.


Crash 2:
User using ssh shell on local lan does a "find", and the server crashes.

I see in the messages logfile a string of errors like this :
Jun  2 07:50:19 engsrv kernel: smb_proc_readdir_long: dirent pointer 
outside buffer! c084bba3  [EMAIL PROTECTED]


followed by a restart entry.

As these two error events both relate to samba, I thought this would be 
a place to ask for help. Can anyone offer any clues or suggestions?


Cheers,

julian.

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] failed to add domain dn= sambaDomainName=hostname

[Geert Stappers]

On Tue, May 31, 2005 at 12:38:13AM +0200, Geert Stappers wrote:
> Hello,
> 
> On a computer, a sparc64 with Debian, with hostname tw89
> and domain name KUDDE 
> thinks `smbpasswd` that the domain name is TW89
> 
 
> 
> | tw89:~
> | # smbpasswd -D 4 -a mymom
> | Searching for:[(&(objectClass=sambaDomain)(sambaDomainName=TW89))]
> | smbldap_open_connection: connection opened
> | ldap_connect_system: succesful connection to the LDAP server
> | ldap_connect_system: LDAP server does support paged results
> | The LDAP server is succesfully connected
> | Got no domain info entries for domain
> | Adding new domain
> | failed to add domain dn= sambaDomainName=TW89,dc=gst,dc=stappers,dc=nl
> | with: Insufficient access
> | no write access to parent
> | Adding domain info for TW89 failed with NT_STATUS_UNSUCCESSFUL
> | pdb_init_ldapsam: WARNING: Could not get domain info, nor add one to the
> | domain
> | pdb_init_ldapsam: Continuing on regardless, will be unable to allocate
> | new users/groups, and will risk BDCs having inconsistant SIDs
> | New SMB password: ^C
> | Interupted by signal.
> | tw89:~
> | #
> 
> Why does it use it's hostname 
> and the workgroup?
 and not the workgroup?
> 

It seems to happen in source/passdb/pdb_ldap.c
and from what I can see now, is that works fine.

> Cheers
> Geert Stappers

TNX

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Samba trusted domains and access control lists problem (cannot delete or rename)

[Ian Clancy]

Hi,
I am having difficuly deleting and renaming files with users from a 
foreign domain using acls.

My setup is as follows :
I have two Samba (3.0.14a)/LDAP domains connected via a VPN (OpenVPN) 
with a bi-directional trust relationship established. The trust 
relationship appears to be working correctly. I can log on onto PC's at 
either end on either Domain :) and the browse lists of both domains are 
syncronising properly.
I am using the same WINS server for both domains and this is located in 
DomA on the Primary Domain Controller.
I want users on DomB to be able to access shares on Domain Member 
servers on DomA.
Winbind is running on my fileservers and i am using ldap as an idmap 
backend.
Users from DomA are mapped on my Domain member server using ldap and 
DomB users are mapped using winbind. I have the following entry in my 
nsswitch.conf file:


passwd: files ldap winbind
shadow: files ldap winbind
group:  files ldap winbind

I have not seen anyone else do this so i am not sure if it is correct 
:). It appears to work however as  'getent passwd' and 'getent group' 
return users from both Domains. Users of DomB are prepended with DomB+ 
(as expected). So far so good ...


The following is a share on one of my Domain member server on DomA

[Materials]
   comment = Materials Share
   path = /var/shares/Materials
   read only = No
   inherit permissions = Yes
   inherit acls = Yes

I can successfully set the acls's from the shell using setfacl. The 
permissions on the above share are as follows


# file: Materials
# owner: root
# group: DomA Users
user::rwx
group::rwx
group:DomB+DomB users:rwx
mask::rwx
other::---
default:user::rwx
default:user:root:rwx
default:group::rwx
default:group:DomA Users:rwx
default:group:DomB+DomB users:rwx
default:mask::rwx
default:other::---


Users from DomB can successfully access the share. They can even create 
files as follows in the root directory of the above share :


# file: New Text Document.txt
# owner: DomB+yorketom
# group: DomB+domain users
user::rwx
user:root:rwx   #effective:rw-
group::rwx  #effective:rw-
group:DomA Users:rwx #effective:rw-
group:DomB+DomB users:rwx #effective:rw-
mask::rw-
other::---

However, I cannot delete or rename this file ?!.

So to summerise i have two main questions:

1. Why are the effective permissions on the file above 'rw-' ?

2. In windows i can see permissions for the owner, group and also 
Everyone but none of the other permissions, for example 'group:DomA 
Users:rwx #effective:rw-' as listed above ?



If you've managed to get this far, thanks for reading :).
regards,
Ian


--
Ian Clancy
IT Systems Engineer
Connaught Electronics Ltd.
Dunmore Rd,
Tuam,
Co. Galway,
Ireland.

P : ++353 93 23151
F : ++353 93 23110
E : mailto:[EMAIL PROTECTED]
W : http://www.cel-europe.com


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] multiple connections failure

[Lance Murri]

Sorry to bother those of you who are faced with issues probably not as 
trivial my concern, but I am hitting a brick wall.

I am upgrading from Samba 2.2.5 to 3.0.14a on a Solaris 8 box. I have 
configured, run make, makepkg and installed using pkgadd. I am using the 
same smbpasswd file and smb.conf file I used with 2.2.5. However, these 
files are now in the /etc/samba directory rather than the directory where 
Samba is installed.

When I start the smbd and nmbd daemons (as follows),

/opt/samba-3.0.14a/sbin/smdb -D
/opt/samba-3.0.14a/sbin/nmdb -D

I am able to see (on WinXp SP1) the two UNIX file systems that I have 
mapped to the F: and G: drives. Things seem to be OK.  However, when a 
second user tries the same thing, the Windows Explorer locks up and the 
Unix file system is not recognized. If the explorer is killed, all of the 
XP icons (and the entire desktop) is erased until I kill the Samba 
processes.

It feels like there is only one connection being allowed. I set the 'max 
connections' flag in the smb.conf file but it made no difference. I have 
searched the docs included with the installation, but since I am not 
really sure what I am looking for (what is causing the problem) I have not 
found a solution.

Is there something elementary that I have failed to realize or is there a 
ton of modifications required to the .conf file for 3.0.14a which I have 
not addressed (since I am using the same smb.conf used with 2.2.5).

Thank you for any insight you may have on what I have missed.

Lance Murri
208 526 2661
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Re: net password from OS/2 client

[Olivier Eymere]

Jeremy Allison wrote: 
> Can you compile with -DDEBUG_PASSWORD and send in a debug level 100 for
> an attempt to change the password for a dummy user.
> 
> Jeremy.

I have done so and sent the log but evidently it was too large to be posted.
I took at stab at editing it to make it smaller, hopefully I have not cut
out important information.  If I have let me know and I will post the parts
that I have edited out.  

liv
[2005/06/01 13:04:12, 5] lib/util.c:show_msg(464)
  size=134
  smb_com=0x25
  smb_rcls=0
  smb_reh=0
  smb_err=0
  smb_flg=8
  smb_flg2=3
  smb_tid=1
  smb_pid=168
  smb_uid=100
  smb_mid=2356
  smt_wct=14
  smb_vwv[ 0]=   58 (0x3A)
  smb_vwv[ 1]=0 (0x0)
  smb_vwv[ 2]=4 (0x4)
  smb_vwv[ 3]=0 (0x0)
  smb_vwv[ 4]=0 (0x0)
  smb_vwv[ 5]=0 (0x0)
  smb_vwv[ 6]= 5000 (0x1388)
  smb_vwv[ 7]=0 (0x0)
  smb_vwv[ 8]=0 (0x0)
  smb_vwv[ 9]=   58 (0x3A)
  smb_vwv[10]=   76 (0x4C)
  smb_vwv[11]=0 (0x0)
  smb_vwv[12]=0 (0x0)
  smb_vwv[13]=0 (0x0)
  smb_bcc=71
[2005/06/01 13:04:12, 10] lib/util.c:dump_data(2034)
  [000] 5C 50 49 50 45 5C 4C 41  4E 4D 41 4E 00 73 00 7A  \PIPE\LA NMAN.s.z
  [010] 62 31 36 62 31 36 57 57  00 00 74 65 73 74 75 73  b16b16WW ..testus
  [020] 65 72 00 2F CD 40 B6 8B  92 EF 62 FD F6 06 9E 35  er./[EMAIL PROTECTED] 
..b5
  [030] 78 8D 05 F1 9E AA EA C7  B4 45 A5 81 99 25 49 F6  x... .E...%I.
  [040] 34 25 9B 01 00 08 00  4%. 
[2005/06/01 13:04:12, 3] smbd/process.c:switch_message(893)
  switch message SMBtrans (pid 5495) conn 0x83c67b0
[2005/06/01 13:04:12, 0] smbd/process.c:smb_dump(847)
  created /tmp/SMBtrans.20.req len 138
[2005/06/01 13:04:12, 4] smbd/uid.c:change_to_user(194)
  change_to_user: Skipping user change - already user
[2005/06/01 13:04:12, 3] smbd/ipc.c:reply_trans(539)
  trans <\PIPE\LANMAN> data=0 params=58 setup=0
[2005/06/01 13:04:12, 5] smbd/ipc.c:reply_trans(560)
  calling named_pipe
[2005/06/01 13:04:12, 3] smbd/ipc.c:named_pipe(334)
  named pipe command on  name
[2005/06/01 13:04:12, 3] smbd/lanman.c:api_reply(3580)
  Got API command 115 of form  <> 
(tdscnt=0,tpscnt=58,mdrcnt=0,mprcnt=4)
[2005/06/01 13:04:12, 3] smbd/lanman.c:api_reply(3584)
  Doing SetUserPassword
[2005/06/01 13:04:12, 3] smbd/lanman.c:api_SetUserPassword(2012)
  Set password for 
[2005/06/01 13:04:12, 5] auth/auth.c:make_auth_context_subsystem(480)
  Making default auth method list for standalone security=user, encrypt 
passwords = yes
[2005/06/01 13:04:12, 5] auth/auth.c:load_auth_module(384)
  load_auth_module: Attempting to find an auth method to match guest
[2005/06/01 13:04:12, 5] auth/auth.c:load_auth_module(409)
  load_auth_module: auth method guest has a valid init
[2005/06/01 13:04:12, 5] auth/auth.c:load_auth_module(384)
  load_auth_module: Attempting to find an auth method to match sam
[2005/06/01 13:04:12, 5] auth/auth.c:load_auth_module(409)
  load_auth_module: auth method sam has a valid init
[2005/06/01 13:04:12, 5] auth/auth.c:get_ntlm_challenge(95)
  auth_get_challenge: module guest did not want to specify a challenge
[2005/06/01 13:04:12, 5] auth/auth.c:get_ntlm_challenge(95)
  auth_get_challenge: module sam did not want to specify a challenge
[2005/06/01 13:04:12, 5] auth/auth.c:get_ntlm_challenge(135)
  auth_context challenge created by random
[2005/06/01 13:04:12, 5] auth/auth.c:get_ntlm_challenge(136)
  challenge is: 
[2005/06/01 13:04:12, 5] lib/util.c:dump_data(2034)
  [000] 3F E9 0C D4 32 81 1F 8A   ?...2... 
[2005/06/01 13:04:12, 5] auth/auth_util.c:make_user_info_for_reply(397)
  make_user_info_for_reply: User passwords not in encrypted format.
[2005/06/01 13:04:12, 10] auth/auth_util.c:make_user_info_for_reply(403)
  Unencrypted password (len 17):
[2005/06/01 13:04:12, 100] lib/util.c:dump_data(2034)
  [000] 2F CD 40 B6 8B 92 EF 62  FD F6 06 9E 35 78 8D 05  /[EMAIL PROTECTED] 
5x..
  [010] 00. 
[2005/06/01 13:04:12, 3] lib/charcnv.c:convert_string_allocate(585)
  convert_string_allocate: Conversion error: Illegal multibyte sequence([EMAIL 
PROTECTED])
[2005/06/01 13:04:12, 3] lib/charcnv.c:convert_string_allocate(576)
  convert_string_allocate: Conversion error: Incomplete multibyte 
sequence(¶‹’ïbýöž5x)
[2005/06/01 13:04:12, 3] lib/charcnv.c:convert_string_allocate(576)
  convert_string_allocate: Conversion error: Incomplete multibyte 
sequence(‹’ïbýöž5x)
[2005/06/01 13:04:12, 3] lib/charcnv.c:convert_string_allocate(576)
  convert_string_allocate: Conversion error: Incomplete multibyte 
sequence(’ïbýöž5x)
[2005/06/01 13:04:12, 3] lib/charcnv.c:convert_string_allocate(585)
  convert_string_allocate: Conversion error: Illegal multibyte 
sequence(ïbýöž5x)
[2005/06/01 13:04:12, 3] lib/charcnv.c:convert_string_allocate(576)
  convert_string_allocate: Conversion error: Incomplete multibyte 
sequence(ýöž5x)
[2005/06/01 13:04:12, 3] lib/charcnv.c:convert_string_allocate(585)
  convert_string_allocate:

RE: [Samba] printing totally broken

[Nathan Vidican]

Had a similar, if not identical problem on our network too. Wasn't so much a
problem with samba though.

Turned out to be a resolution issue between CUPS and any network print
servers (mostly built-in or external HP Jet Direct Units). Seems CUPS wants
a hostname to resolve one way or another to an IP address, we did manage to
fix the problem relatively easily at that.

We simply gave each of the printer servers on the network a legit hostname
and associated reverse dns entry as well and the delay pretty much
disappeared. Seems the HP units in particular (by default too) have various
protocols enabled, and reply using their own 'default' hostnames on the
network ... If no actual mapping for this hostname exists, then huge
communication delays occur between cups and the jet directs, which in turn
seemed to delay samba from requests to/from the queue... Like I said though,
simple DNS records did solve it - may or may not be the same for yourself,
but worth looking at nonetheless.


--
Nathan Vidican
[EMAIL PROTECTED]
Windsor Match Plate & Tool Ltd.
http://www.wmptl.com/

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Chuck
Theobald
Sent: Wednesday, June 01, 2005 4:58 PM
To: samba@lists.samba.org
Subject: [Samba] printing totally broken


Hi All,

I have a serious problem with my Samba printing.  Basically, it is totally
broken.  The symptoms include client machines waiting forever for a print
dialog to appear, especially Win2k machines, and a complete inability to
get a properties dialog reliably.  I run Samba 3.0.14a + OpenLDAP 2.2.24 on
Solaris 8 on a V880.  My smb.conf is as below.  Any advice would be
appreciated.


lauterbur{33}# more /usr/local/samba/lib/smb.conf

## LCNI Configuration, passed through testparm, 2005.05.15.cdt ## # Global
parameters [global]
 workgroup = LCNI
 server string = Lauterbur Server
 passdb backend = ldapsam:ldap://lauterbur.uoregon.edu
 password level = 8
 username level = 8
 log level = 2 winbind:10
 log file = /var/adm/samba/smblog.%m
 max log size = 500
 printcap name = /etc/printers.conf
 add user script = /usr/local/samba/sbin/smbldap-useradd -m "%u"
 delete user script = /usr/local/samba/sbin/smbldap-userdel "%u"
 add group script = /usr/local/samba/sbin/smbldap-groupadd -p "%g"
 delete group script = /usr/local/samba/sbin/smbldap-groupdel "%g"
 add user to group script = /usr/local/samba/sbin/smbldap-groupmod
-m "%u" "%g"
 delete user from group script =
/usr/local/samba/sbin/smbldap-groupmod -x "%u" "%g"
 set primary group script = /usr/local/samba/sbin/smbldap-usermod
-g "%g" "%u"
 add machine script = /usr/local/samba/sbin/smbldap-useradd -w "%u"
##logon script = logon.bat
 logon path =
 logon drive = H:
 logon home =
 domain logons = Yes
 os level = 33
 preferred master = Yes
 domain master = Yes
 dns proxy = No
 wins support = Yes
 ldap admin dn = cn=smbadmin,ou=People,dc=lcni,dc=uoregon,dc=edu
 ldap delete dn = Yes
 ldap group suffix = ou=Groups
 ldap machine suffix = ou=Computers
 ldap passwd sync = Yes
 ldap suffix = dc=lcni,dc=uoregon,dc=edu
 ldap ssl = start tls
 ldap user suffix = ou=People
 admin users = chuck
 printer admin = chuck, @sysadmin, root, @staff
 printing = sysv
##print command = /usr/ucb/lpr -r -h -P'%p' %s
##lpq command = /usr/ucb/lpq -P'%p'
##lprm command = /usr/ucb/lprm -P'%p' %j

[printers]
 path = /var/spool/samba
 printable = Yes
 browseable = No

[print$]
 comment = Print Driver Area
 path = /usr/local/samba/lib/printers
 write list = chuck, @sysadmin, root, @staff
 browseable = No

[homes]
 comment = Home Directories
 read only = No
 browseable = No

[netlogon]
 comment = Domain Logon
 path = /usr/local/samba/lib/netlogon
 browseable = No

[profiles]
 comment = Roaming Profiles
 path = /usr/local/samba/lib/profiles
 read only = No
 create mask = 0600
 directory mask = 0700
 browseable = No

[staff]
 comment = Lauterbur Staff Share
 path = /vxfsvol/staff
 read only = No

[public]
 comment = Lauterbur Public Share
 path = /vxfsvol/public
 read only = No

[office-admin]
 comment = Office Administrative Share
 path = /vxfsvol/home/staff/office-admin
 read only = No

lauterbur{34}#



Chuck Theobald
System Administrator
The Robert and Beverly Lewis Center for Neuroimaging
University of Oregon
P: 541-346-0343
F: 541-346-0345

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Access Permissions for Network Resource

[Eric Lommatsch]

Hello,
 
I have used Samba to create a file share of a folder on a linux box that I
have setup for testing purposes. When I go to map a drive to this share on my
Windows XP machine I can see the shared folder on this computer. However when
I try to open this folder or map it to a drive even after entering the root
user and the associated password for this Linux box I am continually seeing
the message 
 
"\\Mytest\linuxWWW is not accessible. You might not have permission to use
this network resource. Contact the administrator of this server to find out
if you have access permissions. 
 
Multiple connections to a server or shared resource by the same user, using
more then one user name, are not allowed. Disconnect all previous connections
to the server or shared resource and try again.."
 
I have look five times over the resources that I have set up and I am not
seeing another connection.
 
Just in case it might be of use to sombody who can help me I am going to post
sbm.conf file that I currently have on this linux box.
 

# This is the main Samba configuration file. You should read the
# smb.conf(5) manual page in order to understand the options listed
# here. Samba has a huge number of configurable options (perhaps too
# many!) most of which are not shown in this example
#
# Any line which starts with a ; (semi-colon) or a # (hash) 
# is a comment and is ignored. In this example we will use a #
# for commentry and a ; for parts of the config file that you
# may wish to enable
#
# NOTE: Whenever you modify this file you should run the command "testparm"
# to check that you have not made any basic syntactic errors. 
#
#=== Global Settings
=
[global]
 dns proxy = no 
 log file = /var/log/samba/log.%m
 smb passwd file = /etc/samba/smbpasswd
 load printers = yes
 printing = cups
 server string = Samba Server %v
 socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
 workgroup = MDKGROUP
 map to guest = bad user
 encrypt passwords = yes
 printcap name = cups
 security = user
 printer admin = @adm
 max log size = 50
 
[homes]
 browseable = no
 comment = Home Directories
 valid users = andy,ericl,root
 writeable = yes
 public = yes
 
[printers]
   comment = All Printers
   path = /var/spool/samba
   browseable = no
# to allow user 'guest account' to print.
   guest ok = yes
   writable = no
   printable = yes
   create mode = 0700
# =
# print command: see above for details.
# =
   print command = lpr-cups -P %p -o raw %s -r   # using client side printer
drivers.
#   print command = lpr-cups -P %p %s # using cups own drivers (use generic
PostScript on clients).
# If you install drivers on the server, you will want to uncomment this so
# clients request the driver 
   use client driver = yes
 
# This share is used for Windows NT-style point-and-print support.
# To be able to install drivers, you need to be either root, or listed
# in the printer admin parameter above. Note that you also need write access
# to the directory and share definition to be able to upload the drivers.
# For more information on this, please see the Printing Support Section of
# /usr/share/doc/samba-/docs/Samba-HOWTO-Collection.pdf 
#
# A special case is using the CUPS Windows Postscript driver, which allows
# all features available via CUPS on the client, by publishing the ppd file
# and the cups driver by using the 'cupsaddsmb' tool. This requires the
# installation of the CUPS driver (http://www.cups.org/windows.php) 
# on the server, but doesn't require you to use Windows at all :-).
[print$]
   path = /var/lib/samba/printers
   browseable = yes
   write list = @adm root
   guest ok = yes
   inherit permissions = yes
   # Settings suitable for Winbind:
   # write list = @"Domain Admins" root
   # force group = +@"Domain Admins"
 
# A useful application of samba is to make a PDF-generation service
# To streamline this, install windows postscript drivers (preferably colour)
# on the samba server, so that clients can automatically install them.
# Note that this only works if 'printing' is *not* set to 'cups'
 
[pdf-gen]
   path = /var/tmp
   guest ok = No
   printable = Yes
   comment = PDF Generator (only valid users)
   printing = bsd
   #print command = /usr/share/samba/scripts/print-pdf file path win_path
recipient IP &
   print command = /usr/share/samba/scripts/print-pdf "%s" "%H" "//%L/%u"
"%m" "%I" "%J" &
lpq command = /bin/true
 
# A share allowing administrators to set ACLs on, or access for backup
purposes
# ll files (as root).
#[admin] 
#  path = /
#  admin users = @"Domain Admins"
#  valid users = @"Domain Admins"
#  browseable = no
#  writeable = yes 
 
# This one is useful for people to share files
;[tmp]
;   comment = Temporary file space
;   path = /tmp
;   read only = no
;   public = yes
 
# A publicly accessible directory, but read only, except for people in
# the "staff" group
;[public]

RE: [Samba] more on ailing printer system

[Paul Gienger]

> I think the fancy names presented by Samba come from the actual driver
> files, perhaps some .inf file.  

Yep, they sure are, and you can rename them.


> For now, I am turning off everything related to printing in Samba - the
> users are beginning to contemplate what it would be like to print their
> documents again - and going with locally installed printers.  Installing
> drivers on each of 20 workstations beats the headache I have now.

Did things change at all when you tried my suggestion of renaming them to a
shortened, no-spaces version?  I know I've had problems when the names were
long and obnoxious, but I honestly can't remember what versions with

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

RE: [Samba] more on ailing printer system

[Chuck Theobald]

The Unix print spools are cni-hp-8150 and the like, letters, numbers, and 
dashes.  The printcap file is /etc/printers.conf:


lauterbur{75}# more /etc/printers.conf
#
#   If you hand edit this file, comments and structure may change.
#   The preferred method of modifying this file is through the use of
#   lpset(1M)
#
cni-hp-8150:\
:bsdaddr=lauterbur,cni-hp-8150,Solaris:\
:description=HP 8150 in the MRI Control Room:

cni-hp-2200:\
:bsdaddr=lauterbur,cni-hp-2200,Solaris:\
:description=HP 2200 in the Image Analysis Room:

cni-oki-c7400:\
:bsdaddr=lauterbur,cni-oki-c7400,Solaris:\
:description=Oki Color Printer:
cni-hp-4500:\
:bsdaddr=lauterbur,cni-hp-4500,Solaris:\
:description=HP 4500 in the MR Control Room:

lauterbur{76}#

I think the fancy names presented by Samba come from the actual driver 
files, perhaps some .inf file.  Adding sections to smb.conf for each 
printer did not improve the situation, I still have clients who can, after 
waiting minutes, obtain a Properties dialog for some printers, but not 
others.  Other clients go off forever, permitting me to restart 
explorer.exe if I need to get rid of those windows.


For now, I am turning off everything related to printing in Samba - the 
users are beginning to contemplate what it would be like to print their 
documents again - and going with locally installed printers.  Installing 
drivers on each of 20 workstations beats the headache I have now.


Cheers,
Chuck


At 06:09 AM 6/2/2005, Paul Gienger wrote:

> [2005/06/01 17:15:17, 3] smbd/service.c:find_service(164)
>checking whether HP Color LaserJet 4500 PCL 6 is a valid printer
> name...
> [2005/06/01 17:15:17, 3] smbd/service.c:find_service(174)
>HP Color LaserJet 4500 PCL 6 is not a valid printer name
> [2005/06/01 17:15:17, 3] smbd/service.c:find_service(211)
>find_service() failed to find service HP Color LaserJet 4500 PCL 6
> [2005/06/01 17:15:17, 10] printing/nt_printing.c:get_a_printer(4095)
>get_a_printer: [printers] level 2

What is the name of your printer spool on the unix side?  Perhaps something
without spaces?  What would happen if you renamed your printer to not have
spaces, like hp4500?  I don't know if it applies currently but there are
some references on the web to the 2.2 series that cannot handle spaces in
printer names.


Chuck Theobald
System Administrator
The Robert and Beverly Lewis Center for Neuroimaging
University of Oregon
P: 541-346-0343
F: 541-346-0345

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Winbindd chokes on W2K users in only one group

[neil klopfenstein]

Hi there,

I've been trying to set up Samba 3.0.14a with Active Directory 
integration on a network with an ordinary W2k Server PDC. I'm currently 
having a problem which I'm convinced has nothing to do with my Windows 
or Samba configuration.


The problem only occurs when trying to connect to the Samba server from 
an authenticated domain account which is only a member of the default 
'Domain users' group. When this is the case, the 
'make_server_info_from_pw' function returns NT_STATUS_NO_SUCH_USER, 
incorrectly.


Here is an appropriate log fragment (debug = 5):
[2005/06/02 12:51:19, 3] libads/ads_ldap.c:ads_sid_to_dn(222)
  ads sid_to_dn mapped CN=Neil Klopfenstein,CN=Users,DC=geovectra,DC=cl
[2005/06/02 12:51:19, 5] libads/ldap_utils.c:ads_do_search_retry(56)
  Search for (objectclass=*) gave 1 replies
[2005/06/02 12:51:19, 3] nsswitch/winbindd_ads.c:lookup_usergroups_alt(463)
  ads: lookup_usergroups_alt
[2005/06/02 12:51:19, 5] libads/ldap_utils.c:ads_do_search_retry(56)
  Search for (&(member=CN=Neil 
Klopfenstein,CN=Users,DC=geovectra,DC=cl)(objectClass=group)) gave 0 replies

[2005/06/02 12:51:19, 5] nsswitch/winbindd_ads.c:lookup_usergroups_alt(498)
  lookup_usergroups: No supp groups found
[2005/06/02 12:51:19, 4] auth/auth_util.c:add_user_groups(796)
  get_user_groups_from_local_sam failed
[2005/06/02 12:51:19, 5] auth/auth_util.c:free_server_info(1406)
  attempting to free (and zero) a server_info structure
[2005/06/02 12:51:19, 1] smbd/sesssetup.c:reply_spnego_kerberos(265)
  make_server_info_from_pw failed!
[2005/06/02 12:51:19, 3] smbd/error.c:error_packet(105)
  error string = No such file or directory
[2005/06/02 12:51:19, 3] smbd/error.c:error_packet(129)
  error packet at smbd/sesssetup.c(270) cmd=115 (SMBsesssetupX) 
NT_STATUS_NO_SUCH_USER


If the same user is added to another group, it works fine, though.

I'm a little surprised that I have not seen this problem reported 
anywhere else, so there is probably something else going on. For what 
it's worth, I am using a Spanish version of Redhat 9, compiling Samba 
with the 'makerpms.sh' script, and also using the Spanish version of 
Windows 2000 Server with the most recent service pack.


I have experienced this problem in 3.0.13 and 3.0.14a. I didn't try any 
earlier versions.


-- neil klopfenstein
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

RE: [Samba] Samba and AD

[Michael Andrewjeski]

Do you have kerberos compiled on your machine? If so you may need to
include the path to kerberos in your configure line
Something like this:

./configure --with-ads  --with-krb5=base=/usr/kerberos (or wherever
kerberos lives..)

Read the docs for version compatibilities between samba & kerberos first
though..

HTH

Mike 

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On
Behalf Of Mattier, Ricardo
Sent: Wednesday, June 01, 2005 2:33 PM
To: [EMAIL PROTECTED]
Subject: [Samba] Samba and AD


Hello,

  I can't seem to get Samba-3 to work  with Active Directory.

 I'm currently running Solaris 9(Sparc). When I run ./configure
--with-ads it seems to compile fine. However, when 

 I goto join the AD domain, It come with an error.,"ADS support not
compiled in" and ideas?

 
Rick Mattier
Systems Analyst II
Windriver Systems
120 Royall St
Canton, Ma 02021
[EMAIL PROTECTED]
Canton: 781 364-2002
Nashua: 603 897-2084
 
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Help: Failed to verify incoming ticket! revisited, problems with Samba/2003

[Joshua Weage]

I am struggling with a Samba/Server 2003 problem which doesn't make
sense.

I have compiled Samba 3.0.14a and MIT Kerberos 1.3.6 several times on
different machines.  I have a set of RPMS which work fine on one of my
workstations, but do not work on the server.  On the server I get the
dreaded:

reply_spnego_kerberos(173)
Failed to verify incoming ticket!

in the logs.  I have compiled kerberos and samba on this machine, and
still get the same error message.  What is strange is that everything
was working with this version of Kerberos and Samba a few days ago.  I
deleted this and installed from my custom RPMS and nothing has worked
since.

I've deleted all old executables.  I've made sure libnss_winbind.so is
installed properly.  nsswitch.conf is configured.  I've checked the
system time.  The server is joined to the domain, yet still it doesn't
work.

wbinfo, getent passwd both work correctly on the server.  kinit works
correctly on the server.


-- log.smbd with log level 3 --

[2005/06/02 11:47:24, 3] smbd/process.c:process_smb(1091)
  Transaction 7 of length 1418
[2005/06/02 11:47:24, 3] smbd/process.c:switch_message(886)
  switch message SMBsesssetupX (pid 5968) conn 0x0
[2005/06/02 11:47:24, 3] smbd/sec_ctx.c:set_sec_ctx(288)
  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2005/06/02 11:47:24, 3] smbd/sesssetup.c:reply_sesssetup_and_X(655)
  wct=12 flg2=0xc807
[2005/06/02 11:47:24, 2] smbd/sesssetup.c:setup_new_vc_session(608)
  setup_new_vc_session: New VC == 0, if NT4.x compatible we would close
all old resources.
[2005/06/02 11:47:24, 3]
smbd/sesssetup.c:reply_sesssetup_and_X_spnego(535)
  Doing spnego session setup
[2005/06/02 11:47:24, 3]
smbd/sesssetup.c:reply_sesssetup_and_X_spnego(566)
  NativeOS=[Windows 2002 Service Pack 2 2600] NativeLanMan=[Windows
2002 5.1] PrimaryDomain=[]
[2005/06/02 11:47:24, 3] smbd/sesssetup.c:reply_spnego_negotiate(444)
  Got OID 1 2 840 48018 1 2 2
[2005/06/02 11:47:24, 3] smbd/sesssetup.c:reply_spnego_negotiate(444)
  Got OID 1 2 840 113554 1 2 2
[2005/06/02 11:47:24, 3] smbd/sesssetup.c:reply_spnego_negotiate(444)
  Got OID 1 3 6 1 4 1 311 2 2 10
[2005/06/02 11:47:24, 3] smbd/sesssetup.c:reply_spnego_negotiate(447)
  Got secblob of size 1187
[2005/06/02 11:47:24, 3]
libads/kerberos_verify.c:ads_secrets_verify_ticket(235)
  ads_secrets_verify_ticket: enc type [23] failed to decrypt with error
Decrypt integrity check failed
[2005/06/02 11:47:24, 3]
libads/kerberos_verify.c:ads_verify_ticket(347)
  ads_verify_ticket: krb5_rd_req with auth failed (Unknown code 0)
[2005/06/02 11:47:24, 1] smbd/sesssetup.c:reply_spnego_kerberos(173)
  Failed to verify incoming ticket!
[2005/06/02 11:47:24, 3] smbd/error.c:error_packet(129)
  error packet at smbd/sesssetup.c(174) cmd=115 (SMBsesssetupX)
NT_STATUS_LOGON_FAILURE
[2005/06/02 11:47:24, 3] smbd/process.c:process_smb(1091)
  Transaction 8 of length 1568
[2005/06/02 11:47:24, 3] smbd/process.c:switch_message(886)
  switch message SMBsesssetupX (pid 5968) conn 0x0
[2005/06/02 11:47:24, 3] smbd/sec_ctx.c:set_sec_ctx(288)
  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2005/06/02 11:47:24, 3] smbd/sesssetup.c:reply_sesssetup_and_X(655)
  wct=12 flg2=0xc807
[2005/06/02 11:47:24, 2] smbd/sesssetup.c:setup_new_vc_session(608)
  setup_new_vc_session: New VC == 0, if NT4.x compatible we would close
all old resources.
[2005/06/02 11:47:24, 3]
smbd/sesssetup.c:reply_sesssetup_and_X_spnego(535)
  Doing spnego session setup
[2005/06/02 11:47:24, 3]
smbd/sesssetup.c:reply_sesssetup_and_X_spnego(566)
  NativeOS=[Windows 2002 Service Pack 2 2600] NativeLanMan=[Windows
2002 5.1] PrimaryDomain=[]
[2005/06/02 11:47:24, 3] smbd/sesssetup.c:reply_spnego_negotiate(444)
  Got OID 1 2 840 48018 1 2 2
[2005/06/02 11:47:24, 3] smbd/sesssetup.c:reply_spnego_negotiate(444)
  Got OID 1 2 840 113554 1 2 2
[2005/06/02 11:47:24, 3] smbd/sesssetup.c:reply_spnego_negotiate(444)
  Got OID 1 3 6 1 4 1 311 2 2 10
[2005/06/02 11:47:24, 3] smbd/sesssetup.c:reply_spnego_negotiate(447)
  Got secblob of size 1337
[2005/06/02 11:47:24, 3]
libads/kerberos_verify.c:ads_secrets_verify_ticket(235)
  ads_secrets_verify_ticket: enc type [23] failed to decrypt with error
Decrypt integrity check failed
[2005/06/02 11:47:24, 3]
libads/kerberos_verify.c:ads_verify_ticket(347)
  ads_verify_ticket: krb5_rd_req with auth failed (Unknown code 0)
[2005/06/02 11:47:24, 1] smbd/sesssetup.c:reply_spnego_kerberos(173)
  Failed to verify incoming ticket!
[2005/06/02 11:47:24, 3] smbd/error.c:error_packet(129)
  error packet at smbd/sesssetup.c(174) cmd=115 (SMBsesssetupX)
NT_STATUS_LOGON_FAILURE
[2005/06/02 11:48:24, 3] smbd/sec_ctx.c:set_sec_ctx(288)
  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0

Any suggestions?

Josh





__ 
Discover Yahoo! 
Get on-the-go sports scores, stock quotes, news and more. Check it out! 
http://discover.yahoo.com/mobile.html
-- 
To unsubscribe from this list go to the following URL and read the
instruc

RE: [Samba] Samba and Windows ACL Issue

[Tony Earnshaw]

tor, 02.06.2005 kl. 15.46 skrev Ross McInnes:

> Ah... I can use setfacl
> 
> setfacl -m user:ross:rwx crap
>  
> Getfacl shows that ross has rwx perms too.
> 
> However, its not reported back into windows, i.e security permissions for
> the file crap still shows administrator/domain admins  :/  also when I try
> and add another user, still nothing. But progress!

Ok. Now for the last attempt:

right click on file crap, security tab, advanced button, try it from one
of the tabs there (I've fscked my only Win XP Pro test m/c here, so
can't try it for you).

--Tonni

-- 
mail: [EMAIL PROTECTED]
http://www.billy.demon.nl


-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Re: [EMAIL PROTECTED]@DOMAIN.LOCAL failed: Preauthentication failed

[Rex Dieter]

Rex Dieter wrote:


OK, now after having some more wierdness, I tried re-joining our domain, and
now I get:

# net ads join 


[2005/05/16 14:37:04, 0] libads/ldap.c:ads_add_machine_acct(1405)
  ads_add_machine_acct: Host account for SAMBA_CLIENT1 already exists -
modifying old account
Using short domain name -- DOMAIN
[2005/05/16 14:37:20, 0] libads/kerberos.c:get_service_ticket(337)
  get_service_ticket: kerberos_kinit_password
[EMAIL PROTECTED]@DOMAIN.LOCAL failed: Preauthentication failed
Joined 'SAMBA_CLIENT1' to realm 'DOMAIN.LOCAL'

except it doesn't work.

Is this something wrong with samba or with AD?  (This same setup was working
a couple of days ago).


I'm able to faithfully reproduce this problem over the past few days. 
Attached is the output of:

$ net ads join -d8

I'll open a bugzilla ticket for this issue later today, unless I hear 
something otherwise soon.


-- Rex
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Re: net ads join -> "No such file or directory" error ???

[Rex Dieter]

Rex Dieter wrote:

Chin Teongli wrote:


On Thursday 26 May 2005 18:50, Rex Dieter wrote:


Here's one that's got me baffled.  "No such file or directory"?

# net ads join -U'AD-Administrator'
AD-Administrator's password:
[2005/05/26 08:15:00, 0] utils/net_ads.c:ads_startup(191)
  ads_connect: No such file or directory

I've been testing 'net ads join' to our AD all week, but I've not seen
this error before.  I don't even know what it means so I don't know what
to do about it.




Hope you have the /etc/krb5.conf...


I was able to replicate the same "No such file or directory" error on 
another box where I had inadvertantly made a typo specifying the 
Kerberos realm (Thought in this case, I'm 95% certain that I had it set 
correctly).  Regardless of a typo or not, the error is still not very 
helpful in diagnosing the real problem.


Let's consider this one a fluke unless I can reproduce the error again.

-- Rex

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] smbclient not using winbind to authenticate

[Gerald (Jerry) Carter]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Clinton Gormley wrote:
|
| I have followed all the steps in the instructions, and
| wbinfo -a DOMAIN\\user%pass succeeds, as does getent
| passwd user, but I can't seem to persuade smbclient
| to trigger authentication through winbind.
|
| My smb.conf file on the standalone server looks like this:
|
| [global]
| workgroup = DOMAINNAME
| netbios name = SERVERNAME
| username map = /etc/samba/smbusers
| log level = 3
| syslog = 0
| log file = /var/log/samba/%m
| max log size = 50
| smb ports = 139 445
| name resolve order = wins bcast hosts
| time server = Yes
| utmp = Yes
| map acl inherit = Yes
| veto files = /*.eml/*.nws/*.{*}/
| veto oplock files = /*.doc/*.xls/*.mdb/
| preferred master = Yes
| wins server = 192.168.0.3
| idmap uid = 15000-2
| idmap gid = 15000-2

With security = user (the default) all authentication
is against  the local passdb backend.  I think you want
security = domain.




cheers, jerry
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.0 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFCnxbLIR7qMdg1EfYRAh2dAJ0WKELKJgCUrKarI139Se8bAKnt0QCfXW48
7PmN42TIT3d33CbupGDIof0=
=1dez
-END PGP SIGNATURE-
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

RE: [Samba] Accesse Outside...

[mourik jan heupink]

an option is also access files using webdav via https:

http://davenport.sourceforge.net/



> -Original Message-
> From: Luca Olivetti [mailto:[EMAIL PROTECTED] 
> Sent: 02 June 2005 16:12
> To: samba@lists.samba.org
> Subject: Re: [Samba] Accesse Outside...
> 
> 
> En/na Tomasz Chmielewski ha escrit:
> > Deleo Paulo Ribeiro Junior schrieb:
> > 
> >> Hello!
> >>
> >> Today, my second client asked me if it is possible to have access,
> >> using Samba, from the data they have in their networks.
> >>
> >> I am trying to make this work but, despite of all my efforts, I can
> >> not access the shared directories.
> >>
> >> Could, please, anyone tell me if this is possible and how 
> to make it.
> >> I have read a lot about it but I did not find any information...
> > 
> > 
> > Perhaps if you could write more clearly, someone would give you an 
> > answer?
> > 
> > So my guess is you have a Samba server with files in some 
> company, and
> > its employee (or boss) wants to access these files when 
> he/she is at home?
> > 
> > VPN would be an answer here - try looking for OpenVPN, it has a 
> > Windows
> > and Linux server/clients and is good supported / relatively easy to 
> > install.
> 
> Another option could be smbwebclient: 
> http://smbwebclient.sourceforge.net
> 
> "What is SMB Web Client?
> 
> SMB Web Client is a simple script written by Victor M. Varela to use 
> Windows Networks from a web browser. "
> 
> Bye
> -- 
> Luca Olivetti
> Wetron Automatización S.A. http://www.wetron.es/
> Tel. +34 93 5883004  Fax +34 93 5883007
> -- 
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/listinfo/samba
> 
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Can we export Cluster File System mounted partitions using Samba?

[Gerald (Jerry) Carter]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Sudhindra Prasad wrote:
| Hi All,
| I was wondering if SAMBA server can be used to
| export CFS (Cluster File System) mounted partitions.
| That is, can you view a CFS directory present on a
| UNIX machine, from a Windows machine, with the SAMBA
| server running on the UNIX machine without any hitch.
| If so is there any issue related to performance or
| something? Could you please clarify this for me?
|
| Also can multiple SAMBA servers running on multiple
| machines which have the same CFS mount point  export
| the same directory without any problem?

As a user space daemon, smbd doesn't really care about the
type of underlying file system as long as it is posix
compliant.  However, the difficulty in clustering Samba is
the state needed for each session on each node.  The state
needs to be shared among all nodes exporting the same
directory tree in order to get share modes and oplocks
correct.

This state is stored in various tdbs.  These tdb's
are mmap()'d on each node so if your share the tdb's
between nodes (assuming your file system gets this
right in the first place), the shared memory performance
better be really good.

btw...if you had searched some, this information has
been discussed on the mailing lists before and you would
probably find some presentations on the topic as well.



cheers, jerry
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.0 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFCnxU6IR7qMdg1EfYRAn49AJ4v3cB4p8HI8JkpnYA0m2eJNvNNWACeJ+g2
yAPLhqm8S5wPiC40o5IW4X4=
=ow+D
-END PGP SIGNATURE-
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Accesse Outside...

[Luca Olivetti]

En/na Tomasz Chmielewski ha escrit:

Deleo Paulo Ribeiro Junior schrieb:


Hello!

Today, my second client asked me if it is possible to have access, 
using Samba, from the data they have in their networks.


I am trying to make this work but, despite of all my efforts, I can 
not access the shared directories.


Could, please, anyone tell me if this is possible and how to make it. 
I have read a lot about it but I did not find any information...



Perhaps if you could write more clearly, someone would give you an answer?

So my guess is you have a Samba server with files in some company, and 
its employee (or boss) wants to access these files when he/she is at home?


VPN would be an answer here - try looking for OpenVPN, it has a Windows 
and Linux server/clients and is good supported / relatively easy to 
install.


Another option could be smbwebclient: http://smbwebclient.sourceforge.net

"What is SMB Web Client?

SMB Web Client is a simple script written by Victor M. Varela to use 
Windows Networks from a web browser. "


Bye
--
Luca Olivetti
Wetron Automatización S.A. http://www.wetron.es/
Tel. +34 93 5883004  Fax +34 93 5883007
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Can we export Cluster File System mounted partitions using Samba?

[Sudhindra Prasad]

Hi All,
I was wondering if SAMBA server can be used to export CFS (Cluster
File System) mounted partitions. That is, can you view a CFS directory
present on a UNIX machine, from a Windows machine, with the SAMBA
server running on the UNIX machine without any hitch. If so is there
any issue related to performance or something? Could you please
clarify this for me?

Also can multiple SAMBA servers running on multiple machines which
have the same CFS mount point  export the same directory without any
problem?
I want this info urgently.

Thanking you in advance,
Sudhindra.
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Re: Problem adding users from Windows using svrtool package

[Gerald (Jerry) Carter]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Bill Lumbergh wrote:
| Hi,
|
| I have exactly the same situation:
|
| # pdbedit -a -u user
|
| ...works as expected. However adding a user
| without explicitly setting  "logon script",
| "logon path" and "logon drive" in USRMGR.EXE
| ignores the  settings in smb.conf and leaves
| these fields empty in tsbsam.

That's expected.  usrmgr.exe sets these fields to
an emtpy string unless you explicitly define otherwise.




cheers, jerry
=
Alleviating the pain of Windows(tm)  --- http://www.samba.org
GnuPG Key- http://www.plainjoe.org/gpg_public.asc
"I never saved anything for the swim back." Ethan Hawk in Gattaca
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.0 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFCnxBZIR7qMdg1EfYRAk1+AKDTvJ2ajbZvAODWQ7ZPd0b7TfF1tQCeOVwe
8DefAABoxo+obqu4xNNmRIg=
=xaVQ
-END PGP SIGNATURE-
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

RE: [Samba] Samba and Windows ACL Issue

[Ross McInnes]

Heh, nope. 

Ah... I can use setfacl

setfacl -m user:ross:rwx crap
 
Getfacl shows that ross has rwx perms too.

However, its not reported back into windows, i.e security permissions for
the file crap still shows administrator/domain admins  :/  also when I try
and add another user, still nothing. But progress!

Cheers

Ross
-Original Message-
From: Tony Earnshaw [mailto:[EMAIL PROTECTED] 
Sent: 02 June 2005 13:22
To: Ross McInnes
Cc: samba@lists.samba.org
Subject: RE: [Samba] Samba and Windows ACL Issue

tor, 02.06.2005 kl. 13.55 skrev Ross McInnes:

> Yeah sorry about that, replied to all this time :)

No sweat :)

> All of those returned positive, so from that I can assume that its 
> running acl/xattr?

Well, that's what I have; in short, you have all that I have. But then I
can't understand that you're getting errors with setfacl, let alone Windows.
Check your syntax, use the examples in 'man setfacl'. As for Samba, you
don't have 'nt acl support = no' in smb.conf? Naaaeh :)

--Tonni

--
mail: [EMAIL PROTECTED]
http://www.billy.demon.nl


-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] list of all shared resources

[Ilia Chipitsine]

smbtree ?



Hi !
Is exist possibillity get list of all samba and win shared resources from *nix 
box,
like in windows Network Environment ?

Prompt, please, how ?


Thanks.
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] list of all shared resources

[Виталий Новиков]

 Hi !
Is exist possibillity get list of all samba and win shared resources from *nix 
box,
like in windows Network Environment ?

Prompt, please, how ?


 Thanks.
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

RE: [Samba] Samba and Windows ACL Issue

[Tony Earnshaw]

tor, 02.06.2005 kl. 13.55 skrev Ross McInnes:

> Yeah sorry about that, replied to all this time :)

No sweat :)

> All of those returned positive, so from that I can assume that its running
> acl/xattr?

Well, that's what I have; in short, you have all that I have. But then I
can't understand that you're getting errors with setfacl, let alone
Windows. Check your syntax, use the examples in 'man setfacl'. As for
Samba, you don't have 'nt acl support = no' in smb.conf? Naaaeh :)

--Tonni

-- 
mail: [EMAIL PROTECTED]
http://www.billy.demon.nl


-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] The Samba project particpating Google's summer of code

[Gerald (Jerry) Carter]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Just to let everyone know in case you don't already:

Samba is now listed as a mentor organization for
Google's Summer of Code.

More details on Samba's participation can be found at

http://www.samba.org/samba/projects/summercode05.html

More details on Google's program can be found here:

http://code.google.com/summerofcode.html




cheers, jerry
=
Alleviating the pain of Windows(tm)  --- http://www.samba.org
GnuPG Key- http://www.plainjoe.org/gpg_public.asc
"I never saved anything for the swim back." Ethan Hawk in Gattaca
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.0 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFCnwhPIR7qMdg1EfYRAu1YAKDcuDxHvu7Yl5jLz4ODVE4aKrw9JQCfUi+0
lik2F78rIOeWzj1w+d6cq4Y=
=sEg6
-END PGP SIGNATURE-
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] "Unable to display security information"

[Gerald (Jerry) Carter]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

jkelly wrote:
| Hello,
|
| When adding a new printer it appears in the list
| and the administrator can add the printer, but no
| one else can. The security tab for printers is coming up
| with an error ("Unable to display security
| information") when we try to access  it from windows
| (via the printers and faxes area). This does
| not happen with  the printers that are already
| installed (it comes up like a normal windows
| printer would). Is there something we need to
| add to the samba config to allow us to change
| the security settings?

What Samba version ? I made some changes to the code
that creates the default printer security descriptor
but I've not seen any issues with it.  And I don't remember
which version the change went in to.  Might have been
post 3.0.14a.

Can you run

`rpcclient samba -U adminuser%pw -c 'getprinter  3'

and send me the output?





cheers, jerry
=
Alleviating the pain of Windows(tm)  --- http://www.samba.org
GnuPG Key- http://www.plainjoe.org/gpg_public.asc
"I never saved anything for the swim back." Ethan Hawk in Gattaca
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.0 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFCnwXNIR7qMdg1EfYRAjZqAKCeQ7933XmhL1uvqzW/b/ZjlkmB6wCgs4+m
ajCKlQiRq+xeFIF4XtThbIg=
=WcEf
-END PGP SIGNATURE-
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

RE: [Samba] more on ailing printer system

[Paul Gienger]

> [2005/06/01 17:15:17, 3] smbd/service.c:find_service(164)
>checking whether HP Color LaserJet 4500 PCL 6 is a valid printer
> name...
> [2005/06/01 17:15:17, 3] smbd/service.c:find_service(174)
>HP Color LaserJet 4500 PCL 6 is not a valid printer name
> [2005/06/01 17:15:17, 3] smbd/service.c:find_service(211)
>find_service() failed to find service HP Color LaserJet 4500 PCL 6
> [2005/06/01 17:15:17, 10] printing/nt_printing.c:get_a_printer(4095)
>get_a_printer: [printers] level 2

What is the name of your printer spool on the unix side?  Perhaps something
without spaces?  What would happen if you renamed your printer to not have
spaces, like hp4500?  I don't know if it applies currently but there are
some references on the web to the 2.2 series that cannot handle spaces in
printer names.


-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Logon script execution intermittent

[Douglas Sterner]

Using Suse Enterprise 9.1 and Samba 3.013 and Win XP SP1 and SP2 
workstations. Users logon scripts are not being run during logon in a 
reliable fashion. The could run without issue for 10 logons and on the 
11th no mapped drives doesn't seem to be a specific workstation or XP 
version. Currently running with cranked up logging levels looking for a 
needle in a haystack. Anyone run into this?


Douglas Sterner 
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Re: kerberos problem

[New Line, Inc.]

Ima li ovde Darka?
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] net setlocalsid for doimain doesn't work as wanted

[Marcus Hermsen]

Hallo Herr Trapp,

ich bin am verzweifeln. Haben Sie eine Lösung gefunden,
um mittels setlocalsid die DomänenSID zu ändern? Ich weiss, es ist
schon länger her.

Ich soll einen alten SAMBA 2 durch eine neue Maschine mit SAMBA 3
ersetzen. Der Server läuft gut, aber mit net setlocalsid, dem Kommando
profiles (es ersetzt mir die USER und GRUPPEN-ID in der NTUSER.dat, aber nur
im Output; physikalisch ändert er die Datei nicht)  oder pdbedit habe ich
keinen Erfolg.
Keines dieser Kommandos funktioniert wie erwartet. Wenn Sie einen Hinweis
hätten, wie
ich die SID anpassen kann, ohne auf den Workstations die registry zu
editieren, wäre ich
glücklich.


Mit freundlichen Grüßen

Marcus Hermsen

bofest consult GmbH
Christinenstraße 14
D-40880 Ratingen

fon:  +49(0) 2102 770 89 0
fax:  +49(0) 2102 770 89 20
mobil :  +49(0) 177  493 10 96
mail: [EMAIL PROTECTED]


 

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Problems sending transferling large files from windows 2000 to Linux, via gigabit ethernet.

[Alex February]

Hi All,
 
I am currently using Samba v3.0.14a and it's incredibly responsive...except 
when it comes to large files.
Currently my specs are as follows:

Santiago
Dell PowerEdge SC1420, which is using SATA (RAID 5), and reiserfs 3.6

Ottawa:
Desktop PC
Windows XP
100/10 Ethernet Card.

Douglas:
Desktop PC
Windows XP
Gigabit Ethernet Card.

These are the tests that I have performed: 

Test Set 1:

1. Windows Copy from Ottawa to Santiago. (>1 GB)
- Works but extremely slow...copy times vary wildly from 3 minutes to 
30 minutes, but copy completes.
2. Windows Copy from Ottawa to Santiago. (<1 GB)
- Works wonderfully.
3. FTP Copy from Ottawa to Santiago.
- Works perfectly. 
4. SCP Copy from Ottawa
- Works perfectly.

Test Set 2:
--
1. Windows Copy from Douglas to Santiago. (>1 GB)
-Fails after 1 GB mark, approx 20 seconds in:
2. Windows Copy from Douglas to Santiago. (<1 GB)
- Works wonderfully.
3. FTP Copy from Douglas to Santiago.
-Works Perfectly
4. SCP Copy from Douglas to Santiago.
-Works Perfectly.

-
Here is my Smb.conf file.

socket options = TCP_NODELAY SO_RCVBUF=65535 SO_SNDBUF=65535 SO_KEEPALIVE 
IPTOS_LOWDELAY read size=65535 max xmit=65535
hosts allow = 10. 127.
max log size = 0
security = server
password server = SRV01
password level = 8
username level = 8
username map = /usr/local/samba/private/smbusers
wins server = 10.0.0.212

[data]
   path = /data/SMB_Store/
   comment = CVS/Datashare
   browseable = yes
   writeable = yes
   create mode = 0777
   directory mode = 0777
   public = yes
   guest ok = yes
   read only = no


Has anyone come across this before ? 
Thanks very much for all for your help, 
Alex 


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

RE: [Samba] Samba and Windows ACL Issue

[Ross McInnes]

Yeah sorry about that, replied to all this time :)


All of those returned positive, so from that I can assume that its running
acl/xattr?

Many thanks

Ross 

-Original Message-
From: Tony Earnshaw [mailto:[EMAIL PROTECTED] 
Sent: 02 June 2005 12:19
To: Ross McInnes
Cc: samba@lists.samba.org
Subject: RE: [Samba] Samba and Windows ACL Issue

tor, 02.06.2005 kl. 12.34 skrev Ross McInnes:

> [EMAIL PROTECTED] FixUserPerms]# ldd /usr/local/samba/sbin/smbd | grep attr
> libattr.so.1 => /lib/libattr.so.1 (0xb74ec000)
> [EMAIL PROTECTED] FixUserPerms]# ldd /usr/local/samba/sbin/smbd | grep acl
> libacl.so.1 => /lib/libacl.so.1 (0xb74e6000)
>  
> 
> /dev/sdb1 on /export/1 type ext3 (rw,acl,user_xattr)
> /dev/sdc1 on /export/2 type ext3 (rw,acl,user_xattr)
> 
> 
> Is what I get :/ Still cannot add another user to a file/directory

cd /lib/modules/2.4.21-20.EL/kernel/fs/ext3
grep -i acl ext3.o
Binary file ext3.o matches

or

strings ext3.o | less
search for acl:

system.posix_acl_access
system.posix_acl_default
ext3_xattr_set_acl

Please do at least CC the samba list. I'd far rather answer there, and
others can help you - not just me.

--Tonni

--
mail: [EMAIL PROTECTED]
http://www.billy.demon.nl


-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Re: Problem adding users from Windows using svrtool package

[Bill Lumbergh]

Hi,

I have exactly the same situation:

# pdbedit -a -u user

...works as expected. However adding a user without explicitly setting 
"logon script", "logon path" and "logon drive" in USRMGR.EXE ignores 
the settings in smb.conf and leaves these fields empty in tsbsam.



--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

RE: [Samba] Samba and Windows ACL Issue

[Tony Earnshaw]

tor, 02.06.2005 kl. 12.34 skrev Ross McInnes:

> [EMAIL PROTECTED] FixUserPerms]# ldd /usr/local/samba/sbin/smbd | grep attr
> libattr.so.1 => /lib/libattr.so.1 (0xb74ec000)
> [EMAIL PROTECTED] FixUserPerms]# ldd /usr/local/samba/sbin/smbd | grep acl
> libacl.so.1 => /lib/libacl.so.1 (0xb74e6000)
>  
> 
> /dev/sdb1 on /export/1 type ext3 (rw,acl,user_xattr)
> /dev/sdc1 on /export/2 type ext3 (rw,acl,user_xattr)
> 
> 
> Is what I get :/ Still cannot add another user to a file/directory

cd /lib/modules/2.4.21-20.EL/kernel/fs/ext3
grep -i acl ext3.o
Binary file ext3.o matches

or

strings ext3.o | less
search for acl:

system.posix_acl_access
system.posix_acl_default
ext3_xattr_set_acl

Please do at least CC the samba list. I'd far rather answer there, and
others can help you - not just me.

--Tonni

-- 
mail: [EMAIL PROTECTED]
http://www.billy.demon.nl


-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Problems regarding the security of your PayPal account.

[PayPal Inc.]

Now and then, ball bearing defined by buy an expensive gift for corporation 
inside.A few ruffians, and crank case beyond abstraction) to arrive at a state 
of briar patchA few dilettantes, and espadrille around) to arrive at a state of 
turn signal
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

RE: [Samba] Samba and Windows ACL Issue

[Tony Earnshaw]

tor, 02.06.2005 kl. 11.08 skrev Ross McInnes:

> I think acl's are working. But it doesnʼt work from windows. I also get an
> error message with setfacl.
> 
> Is there an easy way to tell if ACL is enabled in the kernel? I know ive put
> in the right syntax in /etc/fstab

You're running RHEL3. RHAS3 has native POSIX ACL support, so RHEL3
should have, too.

> And samba is compiled with acl support.

Do 'ldd /path/to/smbd-binary'. You should see both:

libattr.so.1 => /lib/libattr.so.1 (0x00387000)
and
libacl.so.1 => /lib/libacl.so.1 (0x00716000)

or suchlike.

what does 'mount' show you for the partition for which you think you
have ACL support? E.g., on my test rig:

/dev/hda10 on /m type ext3 (rw,acl,user_xattr)

--Tonni

-- 
mail: [EMAIL PROTECTED]
http://www.billy.demon.nl


-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Home Directories

[Ross McInnes]

Hi all.

Quick question, (background 1st)

Using Win2k3 AD with samba as a service (filestore)

Added a user called sb05

C:\>net user sb05
User namesb05
Full NameSomeone Bright
Comment  stu00
User's comment
Country code 000 (System Default)
Account active   Yes
Account expires  Never

Password last set5/27/2005 10:49 AM
Password expires 7/9/2005 9:37 AM
Password changeable  5/28/2005 10:49 AM
Password requiredYes
User may change password Yes

Workstations allowed All
Logon script logon.bat
User profile \\DEV1\sb05\PC\Profile
Home directory   \\DEV1\sb05
Last logon   Never

Logon hours allowed  All

Local Group Memberships
Global Group memberships *Domain Users *students
The command completed successfully.

Home directory is set to \\dev1\sb05 etc

However, getent passwd shows

sb05:x:10017:10018:sb05:/home/DEV-DOMAIN/sb05:/bin/false

Ergo they don't match up :/

[EMAIL PROTECTED] 2005]# cd ~sb05
-bash: cd: /home/DEV-DOMAIN/sb05: No such file or directory

Technically the home is /home/Students/2005/sb05

Any thoughts / ideas why they are different?

Thanks

Ross

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Samba Password Expiry Date

[Tony Earnshaw]

tor, 02.06.2005 kl. 10.17 skrev Hiu Yen Onn:

[...]

> i prompt in the pdbedit -P "maximum password age". it yields to me this
> "account policy value for maximum password age is 4294967295"
> 
> what is the digits means to me?? how can i make use of it??? thanks

'convdate -c 4294967295'

--Tonni

-- 
mail: [EMAIL PROTECTED]
http://www.billy.demon.nl


-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Samba Password Expiry Date

[Matthias Spork]

Hello,


#> pdbedit -P "maximum password age" -C 5007600


Does it apply for all users in my domain???


This feature must be activated on yout domain-master. I've set this 
option also at all other samba domain-controllers (PDC's an BDC's). I 
don't know, if this is required.


There is the ldap-attribute "shadowMax: 60" for each user, but I don't 
know if this works yet with samba 3.0.14.


matze
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Cannot share printer HP1012, using Ubuntu and Samba

[Armis Upis]

Hello!
I have a big problem - I cann't share the printer HP1012. I am using GNU Linux
Ubuntu, I try to share the printer, using Samba (when I used RH9, then it was
very easy to share the printer and I hadn't any problem with sharing (except
PCL, but thats the other story)). So, can you tell me, whats the problem? I use
cups. My /etc/smb.conf file:

## Printing ##

# If you want to automatically load your printer list rather
# than setting them up individually then you'll need this
load printers = yes

# lpr(ng) printing. You may wish to override the location of the
# printcap file
; printing = bsd
; printcap name = /etc/printcap #the printcap in Ubunutu is located in 
# /var/run/spool/printcap (or something like that)

# CUPS printing. See also the cupsaddsmb(Cool manpage in the
# cupsys-client package.
printing = cups
printcap name = cups

# When using [print$], root is implicitly a 'printer admin', but you can
# also give this right to other users to add drivers and set printer
# properties
; printer admin = @ntadmin

=== Share Definitions ===
[printers]
comment = All Printers
browseable = yes
path = /tmp
path = /tmp
printable = yes
public = yes
writable = no
create mode = 0700

[HP1012]
comment = HP LaserJet 1012
path = /tmp # not in /var/spool/samba
printable = yes
guest ok = yes
public = yes 

# Windows clients look for this share name as a source of downloadable
# printer drivers
[print$]
comment = Printer Drivers
path = /var/lib/samba/printers
browseable = yes
read only = yes
guest ok = yes

someone adviced make simlink:
cd /usr/lib/cups/backend/
ln -n /usr/bin/smbspool smb
so I did, but no results...
I Also tryed to share folder (to check out whether the samba have problem), so
it work, but printer share don't...?:-(((
Somebody can help me? 

---
http://www.one.lv - Tavs mobilais e-pasts!

Tagad lasi savu e-pastu ar mobilo telefonu - wap.one.lv!
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Samba Password Expiry Date

[spu]

Normally for compute the value must be set :

nb days * 24 * 60 * 60

* 24 for 24 hours
* 60 for minutes
* 60 for secondes

ex : for 60 days : 5184000

---
Stéphane PURNELLE [EMAIL PROTECTED]
Service Informatique   Corman S.A.   Tel : 00 32 087/342467

[EMAIL PROTECTED] a écrit sur
02/06/2005 10:15:01 :

> Matthias Spork wrote:
>
> > Hello,
> >
> > > so, i am seeking the solution making the password expiry feature
> > > avaiable in my pdc. FYI, i am using FC2, samba 3.0.3-5. thanks.
> >
> > the password expires in Unix and Samba.
> >
> > Samba does all changes for itself. You can set password-age to 60 days
> > by typing:
> >
> > #> pdbedit -P "maximum password age" -C 5007600
> >
> > For Linux you have to change "shadowlastchange" in LDAP. I wrote a
> > script for this:
> >
> > smb.conf:
> > #-
> > unix password sync = yes
> > passwd program = /etc/samba/scripts/ldap_userPassword_change %u
> > passwd chat = *New*password* %n\n *new*password* %n\n *Success*
> > #-
> >
> > /etc/samba/scripts/ldap_userPassword_change:
> > #-
> > #!/bin/sh
> >
> > LDAP_SERVER="ldapserver"
> > LDAP_USER="uid=userPassChange,o=mydomain,c=com"
> > LDAP_PASS="secret"
> > LDAP_PASSWD="/usr/bin/ldappasswd"
> > LDAP_MODIFY="/usr/bin/ldapmodify"
> >
> > #DN of User
> > USER_DN="uid=$1,ou=users,o=mydomain,c=com"
> >
> > #Get Date
> > TS=`date +%s`
> > SLC="$(($TS/24/3600))"
> >
> > #-> MODIFY userPassword
> > $LDAP_PASSWD -x -h $LDAP_SERVER -D $LDAP_USER -w $LDAP_PASS -S $USER_DN
> >
> > #-> MODIFY shadowlastchange
> > if [ $? -eq 0 ]; then
> > echo "dn: $USER_DN
> > changetype: modify
> > replace: shadowLastChange
> > shadowLastChange: $SLC" | $LDAP_MODIFY -x -h $LDAP_SERVER -D
> > $LDAP_USER -w $LDAP_PASS >/dev/null 2>&1
> > fi
> >
> > exit
> > #-
> >
> > kind regards
> > Matthias
> >
> >
> > Hiu Yen Onn schrieb:
> >
> >> Hi,
> >>
> >> i have configured a Samba PDC based on idealx.org.
> >> now, whenever i set the sambaMustChangePassword flag to 0, then
> >> from the subsequent logon, there is a popup urge me for changing
> >> password.
> >> now, the problem is after i have changed the password, the
> >> sambaMustChangePassword
> >> is set to 2147483647(unix timestamp), which if i converted it into
> >> human readable format, it will be  2038 year, bla..bla..and bla
> >> second. it is really unbelieveable that my password will be lasted
> >> until year 2038 year??? i have looked thoroughly on the internet
> >> resources, some mentioning about on defaultMaxPasswordAge flag. I
> >> think i have set it to 55 (actually, i dunno whether what is the
> >> quantity representing, day?? time??). but, i have no point to make it
> >> works.
> >>
> >> so, i am seeking the solution making the password expiry feature
> >> avaiable in my pdc. FYI, i am using FC2, samba 3.0.3-5. thanks.
> >>
> >> Cheers,
> >> yenonn
> >
> >
> >
> how can u calculate the 5007600. thanks
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/listinfo/samba--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Samba Password Expiry Date

[Hiu Yen Onn]

Matthias Spork wrote:


Hello,

> so, i am seeking the solution making the password expiry feature
> avaiable in my pdc. FYI, i am using FC2, samba 3.0.3-5. thanks.

the password expires in Unix and Samba.

Samba does all changes for itself. You can set password-age to 60 days 
by typing:


#> pdbedit -P "maximum password age" -C 5007600

For Linux you have to change "shadowlastchange" in LDAP. I wrote a 
script for this:


smb.conf:
#-
unix password sync = yes
passwd program = /etc/samba/scripts/ldap_userPassword_change %u
passwd chat = *New*password* %n\n *new*password* %n\n *Success*
#-

/etc/samba/scripts/ldap_userPassword_change:
#-
#!/bin/sh

LDAP_SERVER="ldapserver"
LDAP_USER="uid=userPassChange,o=mydomain,c=com"
LDAP_PASS="secret"
LDAP_PASSWD="/usr/bin/ldappasswd"
LDAP_MODIFY="/usr/bin/ldapmodify"

#DN of User
USER_DN="uid=$1,ou=users,o=mydomain,c=com"

#Get Date
TS=`date +%s`
SLC="$(($TS/24/3600))"

#-> MODIFY userPassword
$LDAP_PASSWD -x -h $LDAP_SERVER -D $LDAP_USER -w $LDAP_PASS -S $USER_DN

#-> MODIFY shadowlastchange
if [ $? -eq 0 ]; then
echo "dn: $USER_DN
changetype: modify
replace: shadowLastChange
shadowLastChange: $SLC" | $LDAP_MODIFY -x -h $LDAP_SERVER -D 
$LDAP_USER -w $LDAP_PASS >/dev/null 2>&1

fi

exit
#-

kind regards
Matthias


Hiu Yen Onn schrieb:


Hi,

i have configured a Samba PDC based on idealx.org.
now, whenever i set the sambaMustChangePassword flag to 0, then
from the subsequent logon, there is a popup urge me for changing 
password.
now, the problem is after i have changed the password, the 
sambaMustChangePassword
is set to 2147483647(unix timestamp), which if i converted it into 
human readable format, it will be  2038 year, bla..bla..and bla 
second. it is really unbelieveable that my password will be lasted 
until year 2038 year??? i have looked thoroughly on the internet 
resources, some mentioning about on defaultMaxPasswordAge flag. I 
think i have set it to 55 (actually, i dunno whether what is the 
quantity representing, day?? time??). but, i have no point to make it 
works.


so, i am seeking the solution making the password expiry feature 
avaiable in my pdc. FYI, i am using FC2, samba 3.0.3-5. thanks.


Cheers,
yenonn





i prompt in the pdbedit -P "maximum password age". it yields to me this
"account policy value for maximum password age is 4294967295"

what is the digits means to me?? how can i make use of it??? thanks

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Samba Password Expiry Date

[Hiu Yen Onn]

Matthias Spork wrote:


Hello,

> so, i am seeking the solution making the password expiry feature
> avaiable in my pdc. FYI, i am using FC2, samba 3.0.3-5. thanks.

the password expires in Unix and Samba.

Samba does all changes for itself. You can set password-age to 60 days 
by typing:


#> pdbedit -P "maximum password age" -C 5007600

For Linux you have to change "shadowlastchange" in LDAP. I wrote a 
script for this:


smb.conf:
#-
unix password sync = yes
passwd program = /etc/samba/scripts/ldap_userPassword_change %u
passwd chat = *New*password* %n\n *new*password* %n\n *Success*
#-

/etc/samba/scripts/ldap_userPassword_change:
#-
#!/bin/sh

LDAP_SERVER="ldapserver"
LDAP_USER="uid=userPassChange,o=mydomain,c=com"
LDAP_PASS="secret"
LDAP_PASSWD="/usr/bin/ldappasswd"
LDAP_MODIFY="/usr/bin/ldapmodify"

#DN of User
USER_DN="uid=$1,ou=users,o=mydomain,c=com"

#Get Date
TS=`date +%s`
SLC="$(($TS/24/3600))"

#-> MODIFY userPassword
$LDAP_PASSWD -x -h $LDAP_SERVER -D $LDAP_USER -w $LDAP_PASS -S $USER_DN

#-> MODIFY shadowlastchange
if [ $? -eq 0 ]; then
echo "dn: $USER_DN
changetype: modify
replace: shadowLastChange
shadowLastChange: $SLC" | $LDAP_MODIFY -x -h $LDAP_SERVER -D 
$LDAP_USER -w $LDAP_PASS >/dev/null 2>&1

fi

exit
#-

kind regards
Matthias


Hiu Yen Onn schrieb:


Hi,

i have configured a Samba PDC based on idealx.org.
now, whenever i set the sambaMustChangePassword flag to 0, then
from the subsequent logon, there is a popup urge me for changing 
password.
now, the problem is after i have changed the password, the 
sambaMustChangePassword
is set to 2147483647(unix timestamp), which if i converted it into 
human readable format, it will be  2038 year, bla..bla..and bla 
second. it is really unbelieveable that my password will be lasted 
until year 2038 year??? i have looked thoroughly on the internet 
resources, some mentioning about on defaultMaxPasswordAge flag. I 
think i have set it to 55 (actually, i dunno whether what is the 
quantity representing, day?? time??). but, i have no point to make it 
works.


so, i am seeking the solution making the password expiry feature 
avaiable in my pdc. FYI, i am using FC2, samba 3.0.3-5. thanks.


Cheers,
yenonn





how can u calculate the 5007600. thanks
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Windows XP Home accessing a Samba PDC

[Richard Gaywood]

Thanks to everyone for your help, I've got some useful suggestions
there to try out. Thanks again! Hopefully, this will be enough to stop
them migrating the server to Windows, at $ENORMOUS_COST.
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Samba Password Expiry Date

[Matthias Spork]

Hello,

> so, i am seeking the solution making the password expiry feature
> avaiable in my pdc. FYI, i am using FC2, samba 3.0.3-5. thanks.

the password expires in Unix and Samba.

Samba does all changes for itself. You can set password-age to 60 days 
by typing:


#> pdbedit -P "maximum password age" -C 5007600

For Linux you have to change "shadowlastchange" in LDAP. I wrote a 
script for this:


smb.conf:
#-
unix password sync = yes
passwd program = /etc/samba/scripts/ldap_userPassword_change %u
passwd chat = *New*password* %n\n *new*password* %n\n *Success*
#-

/etc/samba/scripts/ldap_userPassword_change:
#-
#!/bin/sh

LDAP_SERVER="ldapserver"
LDAP_USER="uid=userPassChange,o=mydomain,c=com"
LDAP_PASS="secret"
LDAP_PASSWD="/usr/bin/ldappasswd"
LDAP_MODIFY="/usr/bin/ldapmodify"

#DN of User
USER_DN="uid=$1,ou=users,o=mydomain,c=com"

#Get Date
TS=`date +%s`
SLC="$(($TS/24/3600))"

#-> MODIFY userPassword
$LDAP_PASSWD -x -h $LDAP_SERVER -D $LDAP_USER -w $LDAP_PASS -S $USER_DN

#-> MODIFY shadowlastchange
if [ $? -eq 0 ]; then
echo "dn: $USER_DN
changetype: modify
replace: shadowLastChange
shadowLastChange: $SLC" | $LDAP_MODIFY -x -h $LDAP_SERVER -D $LDAP_USER 
-w $LDAP_PASS >/dev/null 2>&1

fi

exit
#-

kind regards
Matthias


Hiu Yen Onn schrieb:

Hi,

i have configured a Samba PDC based on idealx.org.
now, whenever i set the sambaMustChangePassword flag to 0, then
from the subsequent logon, there is a popup urge me for changing password.
now, the problem is after i have changed the password, the 
sambaMustChangePassword
is set to 2147483647(unix timestamp), which if i converted it into human 
readable format, it will be  2038 year, bla..bla..and bla second. it is 
really unbelieveable that my password will be lasted until year 2038 
year??? i have looked thoroughly on the internet resources, some 
mentioning about on defaultMaxPasswordAge flag. I think i have set it to 
55 (actually, i dunno whether what is the quantity representing, day?? 
time??). but, i have no point to make it works.


so, i am seeking the solution making the password expiry feature 
avaiable in my pdc. FYI, i am using FC2, samba 3.0.3-5. thanks.


Cheers,
yenonn

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Samba Password Expiry Date

[Hiu Yen Onn]

Hi,

i have configured a Samba PDC based on idealx.org.
now, whenever i set the sambaMustChangePassword flag to 0, then
from the subsequent logon, there is a popup urge me for changing password.
now, the problem is after i have changed the password, the 
sambaMustChangePassword
is set to 2147483647(unix timestamp), which if i converted it into human 
readable format, it will be  2038 year, bla..bla..and bla second. it is 
really unbelieveable that my password will be lasted until year 2038 
year??? i have looked thoroughly on the internet resources, some 
mentioning about on defaultMaxPasswordAge flag. I think i have set it to 
55 (actually, i dunno whether what is the quantity representing, day?? 
time??). but, i have no point to make it works.


so, i am seeking the solution making the password expiry feature 
avaiable in my pdc. FYI, i am using FC2, samba 3.0.3-5. thanks.


Cheers,
yenonn
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba