[Samba] Can't see files/directories with Last Changed Attribute set
Following on from my missing directories post the other day, I have narrowed the problem down to the following cases. It seems that I can see files or directories where the Last Changed Attribute of a file or directory is "Unknown". Where it is set to a valid date, the file simply doesn't appear. It doesn't matter is I'm connecting from Linux or Windows. Any thoughts welcome. Bill -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Problems uploading printer drivers
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Cyrille Bollu wrote: | | Hi Jerry, | | Sorry to contact you directly but we have quite the | same problem here in my company. | | Did you finally succeed in solving this issue? | | Here we have several dozen of printers but a particular | Dell 3000cn won't work (with approximately the same | behaviour). We follow the same procedure as Greg do. Cyrille, Did you see greg's post about the dns cname records? Does that match your situation as well? cheers, jerry -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (Darwin) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFC6q+zIR7qMdg1EfYRAs4ZAKDiCU/PWjJjNGneSkPb9L1ixzl4xwCfako5 UpwIdYu/D121liyHpEQsXFs= =w436 -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Local groups support
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Carlos Eduardo Pedroza Santiviago wrote: | Hi all, | | Has anyone been able to get local groups support with a | Samba Server through winbindd? Specifically, i am able | to store several SIDs in sambaSIDList, but i | can't get winbind working to retrieve (or expand) its members. | Is Winbindd supposed to work _only_ with NT servers? Local groups are local to winbindd (or should be at least). Works fine for me last I checked. That might have been in 3.0.15pre2 or something. cheers, jerry = Alleviating the pain of Windows(tm) --- http://www.samba.org GnuPG Key- http://www.plainjoe.org/gpg_public.asc "I never saved anything for the swim back." Ethan Hawk in Gattaca -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (Darwin) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFC6qv5IR7qMdg1EfYRArd8AKDavVZRLaCZpLPhvBZTgzY/zzDr6gCgz5zX sppOe0nl088/r/hzzwEamnk= =Wdxj -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Duplicate entries in winbindd_idmap.tdb
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 [EMAIL PROTECTED] wrote: | We are having problems with numerous duplicate entries in | winbindd_idmap.tdb resulting in the available userid | range set in smb.conf being quickly and repeatedly exhausted. | The duplicate entries all appear to have a WBA_PASSWD key, e.g Set 'winbind enable local accounts = no' in smbn.conf. This parameter and the associated functionality has been removed in the upcoming 3.0.20 release. cheers, jerry = Alleviating the pain of Windows(tm) --- http://www.samba.org GnuPG Key- http://www.plainjoe.org/gpg_public.asc "I never saved anything for the swim back." Ethan Hawk in Gattaca -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (Darwin) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFC6qpyIR7qMdg1EfYRAsk8AJ9P3KGZqLfBsnX/XJ/eri4rkT0bTgCgyUr9 gCte+hJ1kkVXrs91MiW1sw0= =ZcQt -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Can't rename read-only files
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Bradley Tate wrote: | G'day, | | We have some software which uses the ability of Windows | to rename read-only files. To me it makes no sense to | allow this, but that's what the developers have done | and what Windows does. Renaming seems to work "normally" | on Samba 3.0.10 (Centos4) but gives an Access Denied error | when tried on Samba 3.0.13 (Suse9.3). Does anyone | know if this might be an issue with the O/S or with Samba? Might be fixed in 3.0.14a. Should be fixed for sure in 3.0.20rc1. Please test and let me know. cheers, jerry = Alleviating the pain of Windows(tm) --- http://www.samba.org GnuPG Key- http://www.plainjoe.org/gpg_public.asc "I never saved anything for the swim back." Ethan Hawk in Gattaca -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (Darwin) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFC6qlGIR7qMdg1EfYRAoElAKDZ0OOrbTg+i906AEyETulINl36BACgl4m9 j0PAeHcze8cIw66LVkefK64= =mp/i -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] samba ignores supplementary groups for acl
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Kent Tong wrote: | [EMAIL PROTECTED]:~$ getfacl /var/Share/ | getfacl: Removing leading '/' from absolute path names | # file: var/Share | # owner: root | # group: root | user::rwx | group::r-x | group:staff:r-x | mask::r-x | other::--- | default:user::rwx | default:group::r-x | default:group:staff:r-x | default:mask::r-x | default:other::--- | | [EMAIL PROTECTED]:~$ id | uid=1(CYBERLAB+kent) gid=1(CYBERLAB+domain users) | groups=50(staff),1 (CYBERLAB+domain users), | 10001(CYBERLAB+staffs) | I believe this problem only happens when used with | winbind (a domain user whose is in a linux group). If I | set security to user and access the share as linux user | "kent" who is in the "staff" group (but not primary group), | then it will work. This is actually by design. smbd only uses the Windows group when setting the group list for a domain user. So you cannot mix winbind and unix groups. cheers, jerry = Alleviating the pain of Windows(tm) --- http://www.samba.org GnuPG Key- http://www.plainjoe.org/gpg_public.asc "I never saved anything for the swim back." Ethan Hawk in Gattaca -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (Darwin) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFC6qjjIR7qMdg1EfYRAgbPAKCOkMi/VFbQ1Wwn+1Ijk8AdMXqS5wCfQxdy 9Ck0NkIQpGlq/U8mypf3dco= =Z7yc -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] net join fails but it tells "Joined domain"
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Mauro wrote: | | when i try to join to domain vi anet join command i | got some errors but net joins tells "Joined domain". | Could you help me? ... | rpc command function failed! (NT_STATUS_ACCESS_DENIED) | Joined domain mydomain. | return code = 0 Best to look at a level 10 debug log and get a better description of the error. My probably are missing an error check somewhere. I assume that the machine account is not successfully created on the domain controller? cheers, jerry = Alleviating the pain of Windows(tm) --- http://www.samba.org GnuPG Key- http://www.plainjoe.org/gpg_public.asc "I never saved anything for the swim back." Ethan Hawk in Gattaca -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (Darwin) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFC6qXcIR7qMdg1EfYRAsF4AKCKjDysE8H28NzzxRzUvIlz/yPG3QCffzFg +PUMDkRceul0w2PUvh6/qWQ= =THaG -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Programatically Modifying Users
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Nigel Rantor wrote: | | - Is there a set of documentation around for the API? | I can't seem to find any on the samba site, the developer | docs talk about the underlying protocols and provide | starting points for that but I can't seem to find | API docs. Nope. no api docs. But what I would suggest is talking to Chris Nichols on the samba-technical mailing list about his libmsrpc work. The better choice here in my opinion would be to use the SAMR rpc functions and talk to smbd directly. you could also be doing us and the Samba community a great service to help this mature. | - Is there an existing set of Java JNI wrappers for | this kind of functionality (I know, I'm reaching now...) Nope. But if you follow the line of thinking above, you might be able to use jCIFS. | - If I just want to access the SAM database functionality | which bits of Samba will i need to link against (of | course, this will be easy to find out from trial-and-error) Our code is not currently easy to pull parts from. but if you choose to follow the passdb API route, then look at the Makefile for linking pdbedit. cheers, jerry = Alleviating the pain of Windows(tm) --- http://www.samba.org GnuPG Key- http://www.plainjoe.org/gpg_public.asc "I never saved anything for the swim back." Ethan Hawk in Gattaca -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (Darwin) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFC6qVFIR7qMdg1EfYRAi0vAJ9qNcqWLIpVnJL4AdjIXm3c7YmYKgCcDZzG akPSLYBP+ER6EKn8VvSIE18= =4vLl -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] adddriver strange behavior
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 andreas burger wrote: | # /usr/local/samba/bin/rpcclient -c 'getdriver... | | [Windows NT x86] | Printer Driver Info 3: | Version: [3] | Driver Name: [x4500] | Architecture: [Windows NT x86] | Driver Path: [\\xxx\print$\W32X86\3\PSCRIPT5.DLL] | Datafile: [\\xxx\print$\W32X86\3\XR4500DT.PPD] | Configfile: [\\xxx\print$\W32X86\3\PS5UI.DLL] | Helpfile: [\\xxx\print$\W32X86\3\PSCRIPT.HLP] | | Dependentfiles: [\\xxx\print$\W32X86\3\XR4500DT.OPT] | | Monitorname: [] | Defaultdatatype: [RAW] | | *** | | it seems, that the printer works, but i think, that all these | depend files bring some additional possiblities, that are not | given with only one of them installed. How did you install the driver ? From a Windows client? Samba does not modify the driver info structure per say. We take is as the client describes it in the AddPrinterDriver() call. If you installed the driver by some other means, try using a Windows client instead. cheers, jerry = Alleviating the pain of Windows(tm) --- http://www.samba.org GnuPG Key- http://www.plainjoe.org/gpg_public.asc "I never saved anything for the swim back." Ethan Hawk in Gattaca -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (Darwin) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFC6qQLIR7qMdg1EfYRAiohAKCZxN4p0OfAJfc1lhIaENf9ukoVowCeKKC3 bRDB440lmSXSj69QPi1zIkk= =rM3H -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Samba share file permission problems
Dear all: Is it possible to set Samba share (and the files under the share) from Samba using setfacl? I want to set up a common directory for certain group of people to read, write and execute it (user::rwx group::rwx). I assigned user1 as the owner of all the files under this common directory and here is the thing: when user2(or any other users in the same group) accessed any of the files, she becomes owner of the files and the group permission changes to read only so other people in the group cannot edit the same file. Why is this happening? Is it because it's not a good idea to use setfacl? If so, is there any other tool to do it? Thanks in advance for any help. hc -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] create and manage groups
I have a samba PDC 3.0.14a and is running as a PDC. My domain members are windows 2003. I have several users and several unix groups. I want to create some domain groups and map them to the unix groups. When i check my current groups i get this: net rpc group list Password: System Operators Replicators Guests Power Users Print Operators Administrators Account Operators Backup Operators Users But when i want to add a new group... net rpc group add "SysAdmins" Password: add group failed: NT_STATUS_ACCESS_DENIED grep root /etc/samba/smb.conf admin users = root Any ideas? Tnxs in advance. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Automated reply from [EMAIL PROTECTED]
Thank you for your email. I will be on leave until August and may not be checking emails regularly. If you need assistance for library or archival matters, please contact Niles Parker at [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Validating as different users, domain user mapping to local (not happening?)
Thierry ITTY a écrit: maybe if you access a share on a server as user1 and want to access another share on the same server as user2, windows complains that you can't use different credentials at the same time (error 1236 ? I think) --- Yeah, something similar thought this doesn't forbid you to have shares accessed as user1 and runas something as user2 I doesn't seem like it should. the following works : open a session as user1, access a share, run cmd, then "net use" : you will see your share --- Yes. then runas "cmd" as user2. what will happen is that from user2's command prompt "net use" will show an empty list. --- Yes. but you'll be able to access the same or another share from there and "net use" will show it. Yes. (had to map local account to remote user 'user1'), as local user2 didn't exist on the server. user1 and user2 will access their shares each with their own credentials even on the same server --- Yep -- as soon as I created "user2" on the server (:-)). the following doesn't work : open a session as user1, access a share (implicitely "as" user1), access a share as user2 on the same server (net use /user:...), this pops up the credentials error message --- Haven't tried that scenario, specifically. Where I've seen it is on trying to add sharing permissions on a directory: - Click "Menu" (right click on my mouse) over a folder to share and choose "Sharing and Security". - Select Sharing tab, select "Share this folder", then select "Permissions". (You can duplicate the problem using the Security tab as well on an NTFS-based directory) - Click "Add...". On my computer, the *default* location to select objects from is my domain name. If you are not part of a domain, I'm not sure if this error will come up. I should note that my "file server" in my home also functions as the PDC (right now I really only have a 2 computer setup: 1 server (linux based), 1 client (Win XP-Pro)). - Select a username from the domain (or the computer you have open share's to). (in my case, I chose "user1" using your above examples). - click "OK"; Now I see a Popup Dialog that says: *** "Enter Network Password": Enter the name and password of an account with permissions for . *** I have tried "user1" as well as "Domain\user1". I get the dual connection error message here: *** The following error occured while using the username (user1) and password you entered: Multiple connections to a server or shared resource by the same user, using more than one user name, are not allowed. Disconnect all previous connections to the server or shared resource and try again. *** The only way I've gotten around this is by unsharing (net use [drive|sharename] /d). ... Hm...ok...now RUNAS is working (though not exactly as I'd like...but can probably figure that out by consulting my books)... Seems [EMAIL PROTECTED] doesn't work in simple case -- their example shows: [EMAIL PROTECTED] Maybe it needs the dots in the domain name? As for the "\\" syntax...it doesn't want a double slash in front of the domain name and I have to remember to quote the backslash before the user, either double \ or single (not double! *kick self*) quotes around the argument. so the only solution I see is : open your session as user1, runas cmd as user2 (local program, no problem), access the share where bash is on, then run bash from the share - Bash.exe (cygwin toolset) is on the local machine. I can now start bash, but not "explorer". When I try to start Explorer, I get no error message and nothing happens (or starts). Even though my remote user is listed as being in the Domain Admins group, trying to run, say the disk defragmenter gives an error about my remote user not having administrative priviledges. Well...guess that's more work to figure out in the future... I hoped this too a while ago the main difference in such situations is that linux (and other unices) sets up "shares" at the system level whereas windows sets them up at the user level Yes, I can see that if I log in as a different user. Thanks for the things to try...made some progress on this-- just have to figure out what is needed for remote users to have their remote privileges. My original intent was to have my credential information be on the Domain Server (but cached locally), and to have my home directory on the local machine. What I think I ended up with is a local-only account that happens to work with "file-sharing" because the passwords for the two users on the two boxes are the same. I'd wanted "domain based" security and know I had security=domain in my smb.conf file, but it appears to have been removed, perhaps by an upgrade in my SuSE version around December of last year. Do you happen to know the default for security when a server is setup to be both a domain master and a domain logon server? Thanks, Linda p
[Samba] ADS/Winbind - works for everything except actually authenticating Windows logins!
On Thursday 21 July 2005 12:36 pm, [EMAIL PROTECTED] wrote: > I'm having a bizarre problem doing authentication via winbind against a > Windows 2003 server. [...etc...] Following up, still having this strange problem. More information - from the Samba box (now running the X86_64 SLES9 3.0.20rc1 rpm's, previously running the 3.0.14a ones) ALL of the wbinfo functions seem to work correctly: wbinfo -n (name) pulls up an SID. wbinfo -t says it's okay. wbinfo -a (user)%(password) succeeds. wbinfo -u gets the username list, etc. "getent passwd" successfully shows all users (including domain users) and "getent group" shows the domain groups in the list. "getent passwd (name of user that worked fine in 'wbinfo -n')" fails - no output at all, including no error messages. Same for "getent group (domain group name)" and "getent group (gid)". /var/log/samba/log.winbind shows: [2005/07/29 18:33:53, 1] nsswitch/winbindd.c:main(977) winbindd version 3.0.20rc1-0.1-SUSE started. Copyright The Samba Team 2000-2004 [2005/07/29 18:34:36, 0] nsswitch/winbindd.c:request_len_recv(573) process_loop: Invalid request size received: 1824 [2005/07/29 18:40:54, 0] nsswitch/winbindd.c:request_len_recv(573) process_loop: Invalid request size received: 1824 And, of course, trying to connect to a share from a Windows box, logged into the domain with an authorized user account, it pops up with the "enter your name and password" box, and the name and password don't work. I'm assuming this is caused by the same problem that's causing "getent passwd (user)" to fail. Any hints where to go from here? Thanks -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] NTLMv2 - wrong password with samba? (SOLVED)
On Thu, 2005-07-28 at 10:57 -0400, Tim P wrote: > I upgraded as well after seeing your post but it still gives me the > same error. Any log files I should be looking at on windows or the > samba side. I know the password is correct, I logged into windows > with it and didn't fat-finger it. There is clearly some more we need to understand about NTLMv2 in these environments. The plaintext failures don't matter, nor do the 'wrong password' warnings on tests that don't spit out a 'test failed' message. This testsuite has been migrated to Samba4, where the RPC-SAMLOGON smbtorture test tests a few more combinations of this area. Andrew Bartlett -- Andrew Bartletthttp://samba.org/~abartlet/ Samba Developer, SuSE Labs, Novell Inc.http://suse.de Authentication Developer, Samba Team http://samba.org Student Network Administrator, Hawker College http://hawkerc.net signature.asc Description: This is a digitally signed message part -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] samba-vscan
Guido Lorenzutti wrote: Hi people, im using Debian Sarge with samba 3.0.14a. Im using tdbsam with 400 users. Well, if you run without a gui then it would be tight. With the gui I doubt your users would be at all happy with performance. I run all my samba servers on FBSD without X. I wouldn't try what your doing on FBSD with those limited resources. Recomend: If this thing can run sata drives, do it. Also plan ~ 5mb per smb childso that's 2.0GB Memory. In actuality 1.5 GB should be enough. TMS III My specs are: vendor_id : AuthenticAMD cpu family : 6 model : 8 model name : AMD Athlon(tm) XP 2000+ stepping: 1 cpu MHz : 1670.860 cache size : 256 KB fdiv_bug: no hlt_bug : no f00f_bug: no coma_bug: no fpu : yes fpu_exception : yes cpuid level : 1 wp : yes flags : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 mmx fxsr sse syscall mmxext 3dnowext 3dnow bogomips: 3309.56 total used free sharedbuffers cached Mem:516608 509516 7092 0 96988 337520 -/+ buffers/cache: 75008 441600 Swap: 979956664 979292 My idea is to start using samba-vscan + clamd to check my fileserver. Questions: Anyone using this on a production server? Comments? How much this would impact on my performance? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] samba-vscan
Hi people, im using Debian Sarge with samba 3.0.14a. Im using tdbsam with 400 users. My specs are: vendor_id : AuthenticAMD cpu family : 6 model : 8 model name : AMD Athlon(tm) XP 2000+ stepping: 1 cpu MHz : 1670.860 cache size : 256 KB fdiv_bug: no hlt_bug : no f00f_bug: no coma_bug: no fpu : yes fpu_exception : yes cpuid level : 1 wp : yes flags : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 mmx fxsr sse syscall mmxext 3dnowext 3dnow bogomips: 3309.56 total used free sharedbuffers cached Mem:516608 509516 7092 0 96988 337520 -/+ buffers/cache: 75008 441600 Swap: 979956664 979292 My idea is to start using samba-vscan + clamd to check my fileserver. Questions: Anyone using this on a production server? Comments? How much this would impact on my performance? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] winbind gives NT_STATUS_INSUFFICIENT_RESOURCES error after a few hours of running
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 We're using NT4 style authentication (security = domain) against an 2000 ADS server. I'll run that command the next time it happens. - -tom Guenther Deschner wrote: | Hi, | | On Fri, Jul 29, 2005 at 07:33:28AM -0700, Tom Dickson wrote: | |>We have a samba 3.0.14a server connected via NT4 to an ADS domain, and after a few |>hours of access, winbind stops autheticating, and gives errors like this: |> |>[2005/07/29 09:32:33, 1] nsswitch/winbindd_group.c:fill_grent_mem(133) |>~ could not lookup membership for group rid |>S-1-5-21-1957994488-1409082233-725345543-512 in domain MERCYHOME (error: |>NT_STATUS_INSUFFICIENT_RESOURCES) |>[2005/07/29 09:32:33, 1] nsswitch/winbindd_group.c:fill_grent_mem(133) |>~ could not lookup membership for group rid |>S-1-5-21-1957994488-1409082233-725345543-513 in domain MERCYHOME (error: |>NT_STATUS_INSUFFICIENT_RESOURCES) |> |>Restarting smbd and winbindd doesn't help, I have to make it use another domain |>controller or reboot the domain controller. |> |>What can I do to make this not happen? | | | What exactly do you mean with "connected via NT4 to an ADS domain" ? Is | this a more complex trusted domain setup? Is MERCYHOME running on NT4 or | on Windows 2000/2003 ? | | This sounds like an effect I've seen somewhere else. Could you, when the | error shows up, call | | net rpc file -S DC_OF_MERCYHOME -U administrator%password | | and send us the output ? | | Thanks, | Guenther -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFC6qFh2dxAfYNwANIRAie4AKCArt3j/9RYZJc5VeZeauNb2t5wLQCfeKWn MDOeYKObL05cPFLWsZ9tArU= =vmjD -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] winbind gives NT_STATUS_INSUFFICIENT_RESOURCES error after a few hours of running
Hi, On Fri, Jul 29, 2005 at 07:33:28AM -0700, Tom Dickson wrote: > We have a samba 3.0.14a server connected via NT4 to an ADS domain, and after > a few > hours of access, winbind stops autheticating, and gives errors like this: > > [2005/07/29 09:32:33, 1] nsswitch/winbindd_group.c:fill_grent_mem(133) > ~ could not lookup membership for group rid > S-1-5-21-1957994488-1409082233-725345543-512 in domain MERCYHOME (error: > NT_STATUS_INSUFFICIENT_RESOURCES) > [2005/07/29 09:32:33, 1] nsswitch/winbindd_group.c:fill_grent_mem(133) > ~ could not lookup membership for group rid > S-1-5-21-1957994488-1409082233-725345543-513 in domain MERCYHOME (error: > NT_STATUS_INSUFFICIENT_RESOURCES) > > Restarting smbd and winbindd doesn't help, I have to make it use another > domain > controller or reboot the domain controller. > > What can I do to make this not happen? What exactly do you mean with "connected via NT4 to an ADS domain" ? Is this a more complex trusted domain setup? Is MERCYHOME running on NT4 or on Windows 2000/2003 ? This sounds like an effect I've seen somewhere else. Could you, when the error shows up, call net rpc file -S DC_OF_MERCYHOME -U administrator%password and send us the output ? Thanks, Guenther -- Günther DeschnerGPG-ID: 8EE11688 Novell / SUSE LINUX [EMAIL PROTECTED] Samba Team [EMAIL PROTECTED] pgpSmd8papvmF.pgp Description: PGP signature -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Re: smbclient (2.6 kernel): File size limit exceeded
Perhaps I should flush out the question a bit more, ;) Are there any filesize limitations in the smbfs/cifs drivers in 2.6.9? How can I access files >2GB using Samba and remote Windows shares? On Fri, 29 Jul 2005, William R. Lorenz wrote: In attempting to `dd if=/dev/zero of=/mnt/windows-share)`, the dd stops at 2.0GB with an error that states 'File size limit exceeded'. The share was mounted with `mount -t smbfs //SERVER/share /mnt/windows-share`. The box is a Red Hat Enterprise Linux 4 box running the 2.6.9-11.EL kernel. -- William R. Lorenz <[EMAIL PROTECTED]> -- http://www.express.org/~wrl/ ; "Every revolution was first -- a thought in one man's mind." - Ralph Waldo Emerson -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] smbclient (2.6 kernel): File size limit exceeded
Hi All, In attempting to `dd if=/dev/zero of=/mnt/windows-share)`, the dd stops at 2.0GB with an error that states 'File size limit exceeded'. The share was mounted with `mount -t smbfs //SERVER/share /mnt/windows-share`. The box is a Red Hat Enterprise Linux 4 box running the 2.6.9-11.EL kernel. -- William R. Lorenz <[EMAIL PROTECTED]> -- http://www.express.org/~wrl/ ; "Every revolution was first -- a thought in one man's mind." - Ralph Waldo Emerson -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] My Windows RAS won't authenticate against Samba PDC; do I need radius
We're replacing an NT4 PDC with a samba PDC and after a bit of work everything is working fine except that our VPN server won't authenticate users against the domain. We're using Windows 2003 Server Remote Access Service (RAS) as our VPN server and it was working with our old NT4 PDC. The Windows 2003 Server is otherwise cooperating with the new Samba PDC (I can log in using domain accounts, etc). And for various reasons, we don't wish to change our VPN server at this time. First, I just wanted to make sure that I'm not wasting a lot of time going down a dead end. RAS operates in two general modes for authentication: Windows Authentication, and using a radius server. We had been using Windows Authentication mode. Does anyone know if Windows Authentication in RAS will operate with a Samba PDC (if I can just find the right configuration)? If so, any pointers on the configuration. Or, (as my reading seems to suggest) do I have to install a radius server and have RAS authenticate against that? I'm running Samba 3.0.4 with an LDAP backend on SLES 9. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Sessions migration
On Friday 29 Jul 2005 18:48, Bahya NASSR EDDINE wrote: > Hello there, > > Is there a way I can use my local windows session even > if I log on to a samba domain? How is Samba setup? Roaming profiles? > > I maen that after joining the samba domain, I would > like to logg on to the same session I used to before > joining the domain. You can do all sorts with yout profile, see: http://us2.samba.org/samba/docs/man/Samba-HOWTO-Collection/ProfileMgmt.html > > Thanks > > > > > > > ___ > Appel audio GRATUIT partout dans le monde avec le nouveau Yahoo! Messenger > Téléchargez cette version sur http://fr.messenger.yahoo.com -- Kind Regards, Gavin Henry. Managing Director. T +44 (0) 1224 279484 M +44 (0) 7930 323266 F +44 (0) 1224 742001 E [EMAIL PROTECTED] Open Source. Open Solutions(tm). http://www.suretecsystems.com/ -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Michael Weiss ist außer Haus.
Ich werde ab 29.07.2005 nicht im Büro sein. Ich kehre zurück am 30.07.2005. Bitte wenden Sie sich mit wichtigen Angelegenheiten an [EMAIL PROTECTED] Danke. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Sessions migration
Hello there, Is there a way I can use my local windows session even if I log on to a samba domain? I maen that after joining the samba domain, I would like to logg on to the same session I used to before joining the domain. Thanks ___ Appel audio GRATUIT partout dans le monde avec le nouveau Yahoo! Messenger Téléchargez cette version sur http://fr.messenger.yahoo.com -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba 3.0.20rc1 Available for Download
Gerald (Jerry) Carter wrote: This is a release candidate of the 3.0.20 code base and Is this ok?: [2005/07/17 21:32:10, 0] smbd/server.c:main(802) smbd version 3.0.20pre2 started. Copyright Andrew Tridgell and the Samba Team 1992-2004 [2005/07/17 21:32:10, 0] printing/nt_printing.c:upgrade_to_version_5(505) upgrade_to_version_5: normalizing printer keys [...] [2005/07/29 19:24:38, 0] smbd/server.c:main(802) smbd version 3.0.20rc1 started. Copyright Andrew Tridgell and the Samba Team 1992-2004 [2005/07/29 19:24:38, 0] printing/nt_printing.c:upgrade_to_version_4(438) upgrade_to_version_4: upgrading printer security descriptors [2005/07/29 19:24:38, 0] printing/nt_printing.c:upgrade_to_version_5(505) upgrade_to_version_5: normalizing printer keys First samba version was 3.0.20pre2 with http://www.samba.org/~jerry/patches/post-3.0.20pre2/print_upgrade_v1.patch tdb's were upgraded to version 5 Second samba version is 3.0.20rc1. tdb's were upgraded to version 4 and then to 5, but the old version was 5... der tom -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba, VPN, and Mac OSX 10.4.2
* <[EMAIL PROTECTED]> [29/07/2005 1242EDT]: > We have tried both IPSecuritas and VPN Tracker on the client machines. > Both have the same errors. A google on that error message suggests > that it is being generated in smbfs_smb.c in the Samba code. At least we know where the problem is probably hiding. I don't have access to Tiger; still running Panther (10.3.9) on my laptop. However I could try to reproduce this error over the weekend. Any other mac users out there? Please chime in. :) > One thing I forgot to mention - the Mac clients can connect without > problems to a WinNT server, VPN or local. Dangit. :/ -- SA Valaran Corp GPG: 0xEC705AE9 I put the sh in IT. pgp0IYUaO5qk5.pgp Description: PGP signature -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Automatically creating home directories?
You can add a pam module to create them but that would require users to login first. I did a quick google and found this which might help you. http://mirrors.techiesabode.com/linuxgazette/101/levkovich.html Michael Luich Unix Admininstrator DSCI corp [EMAIL PROTECTED] cell: 603-475-5799 "The mark of an immature man is that he wants to die nobly for a cause, while the mark of the mature man is that he wants to live humbly for one." --W. Stekel -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Dimitri Yioulos Sent: Friday, July 29, 2005 12:50 PM To: Samba Subject: [Samba] Automatically creating home directories? Hello to all. I want to use winbind to automatically create email accounts. I've added several linux boxes to our win2k3 AD and working pretty well (more in a new post about this). When I create a new user on the win2k3 box, users can access various shares on the linux boxes, as it should be. I also have a sendmail server sitting in a DMZ. I have to create the email user account on this box separately. I'd like to eliminate this step. I've added 3.0.14a to the email server, and fired up winbind. It works like a charm! But ... I still need to create user home directories so that mail gets deilvered to thier mailboxes. I know there's a samba directive as follows: "template homedir = home/%D/%U". Should this create user home directories? If not, is there a way to do this automatically, and if so, how. As always, many thanks. Dimitri -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Problem joining a samba domain
To update my post from yesterday. I went ahead and exported an LDIF and here is what my machine account looks like: dn: uid=vpcpc$,ou=Machines,dc=engr,dc=arizona,dc=edu objectClass: top objectClass: inetOrgPerson objectClass: posixAccount objectClass: organizationalPerson objectClass: person cn: vpcpc$ sn: vpcpc$ uid: vpcpc$ uidNumber: 1007 gidNumber: 515 homeDirectory: /dev/null loginShell: /bin/false description: Computer gecos: Computer creatorsName: cn=sambaagent,ou=profile,dc=engr,dc=arizona,dc=edu modifiersName: cn=sambaagent,ou=profile,dc=engr,dc=arizona,dc=edu createTimestamp: 20050727223420Z modifyTimestamp: 20050727223420Z nsUniqueId: 861f2581-1dd211b2-804df911-84f2b358 So it looks like the idealx script is working, but the samba piece isn't doing its part to complete the account. Does Samba still not recognize accounts that sit in another ou than the regular user accounts (I remember this behavior was by design, but wasn't it changed?)? Thanks, Tony -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba permissions
Scott Mayo wrote: Scott Mayo wrote: Keith Warno wrote: * <[EMAIL PROTECTED]> [29/07/2005 1119EDT]: I am working on my permissions and something does not quite make sense to me. Here is what I have set. /DIR (Unix permissions are 3777) Then in samba I have the following [dir] path = /DIR read only = no valid users @teach @student create mask 3660 directory mask 3770 Then from a windows workstation, I create a new directory inside 'dir', and call it 'teach'. The permissions of 'teach' are 2770. It looks like it should be 3770 to me since the 'directory mask' commands does a bitwise 'AND'. Anyone know why this is? Maybe it is because of the DOS attributes or something. You're right about the bitwise AND. But default mode for a new directory is 0777. Observe: [EMAIL PROTECTED]:~$ cd tmp [EMAIL PROTECTED]:~/tmp$ umask 0 [EMAIL PROTECTED]:~/tmp$ umask [EMAIL PROTECTED]:~/tmp$ file foodir foodir: cannot open (foodir) [EMAIL PROTECTED]:~/tmp$ mkdir foodir [EMAIL PROTECTED]:~/tmp$ ls -ld foodir drwxrwxrwx 2 kw users 4096 Jul 29 11:59 foodir However, your new directory *inherited* the setgid bit (effectively a bitwise OR); this is simply the behavior of setgid bits on directories. From the man page for the stat() system call (section 2): The set GID bit (S_ISGID) has several special uses: For a directory it indicates that BSD semantics is to be used for that directory: files created there inherit their group ID from the directory, not from the effective gid of the creating process, and directories created there will also get the S_ISGID bit set. For a file that does not have the group execution bit (S_IXGRP) set, it indicates mandatory file/record locking. So, for your case: (3770 & 0777) | 2000 = 2770 It is doing exactly what it should be doing. :) Keith Ok, I guess that makes sense after you explained it. I got it to work by using both the 'directory mask' and the 'force directory mode'. That works but I have no idea why. I also just tried to use the 'force directory mode' which is a bitwise 'OR' to see what I would get and here are the permissions that I end up with in both cases. I cannot figure out where they are coming from. With both 'directory mask = 3770' and 'force directory mode = 3770' I get: drwxrws--T DIR (which would be 3770) If I just use 'force directory mode = 3770', then I get the following permissions: drwxrwsr-t DIR (which would be 3775) Thanks for any help. I am glad that it works in with using both directives, but I just want to understand why. I have been doing a lot of reading, and just when I think that I understand how it should work...it throws me a curve. :) Actually the first one does make sense I guess, but not the 2nd. Here is how I understand it. [(3777 & 0770) | 3770] | 2000 = 3770 I have no ide where the rx permissions come from in the last example though. Well, I had to reply to my post twice. :) Thanks for the help. I think I see it now. 'directory mask' defaults to 755. That is where the rx came in on my last example. Thanks for the great explanation. -- Scott Mayo Technology Coordinator Bloomfield Schools PH: 573-568-5669 FA: 573-568-4565 Pager: 800-264-2535 X2549 Duct tape is like the force, it has a light side and a dark side and it holds the universe together. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Automatically creating home directories?
Hello to all. I want to use winbind to automatically create email accounts. I've added several linux boxes to our win2k3 AD and working pretty well (more in a new post about this). When I create a new user on the win2k3 box, users can access various shares on the linux boxes, as it should be. I also have a sendmail server sitting in a DMZ. I have to create the email user account on this box separately. I'd like to eliminate this step. I've added 3.0.14a to the email server, and fired up winbind. It works like a charm! But ... I still need to create user home directories so that mail gets deilvered to thier mailboxes. I know there's a samba directive as follows: "template homedir = home/%D/%U". Should this create user home directories? If not, is there a way to do this automatically, and if so, how. As always, many thanks. Dimitri -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba permissions
Scott Mayo wrote: Keith Warno wrote: * <[EMAIL PROTECTED]> [29/07/2005 1119EDT]: I am working on my permissions and something does not quite make sense to me. Here is what I have set. /DIR (Unix permissions are 3777) Then in samba I have the following [dir] path = /DIR read only = no valid users @teach @student create mask 3660 directory mask 3770 Then from a windows workstation, I create a new directory inside 'dir', and call it 'teach'. The permissions of 'teach' are 2770. It looks like it should be 3770 to me since the 'directory mask' commands does a bitwise 'AND'. Anyone know why this is? Maybe it is because of the DOS attributes or something. You're right about the bitwise AND. But default mode for a new directory is 0777. Observe: [EMAIL PROTECTED]:~$ cd tmp [EMAIL PROTECTED]:~/tmp$ umask 0 [EMAIL PROTECTED]:~/tmp$ umask [EMAIL PROTECTED]:~/tmp$ file foodir foodir: cannot open (foodir) [EMAIL PROTECTED]:~/tmp$ mkdir foodir [EMAIL PROTECTED]:~/tmp$ ls -ld foodir drwxrwxrwx 2 kw users 4096 Jul 29 11:59 foodir However, your new directory *inherited* the setgid bit (effectively a bitwise OR); this is simply the behavior of setgid bits on directories. From the man page for the stat() system call (section 2): The set GID bit (S_ISGID) has several special uses: For a directory it indicates that BSD semantics is to be used for that directory: files created there inherit their group ID from the directory, not from the effective gid of the creating process, and directories created there will also get the S_ISGID bit set. For a file that does not have the group execution bit (S_IXGRP) set, it indicates mandatory file/record locking. So, for your case: (3770 & 0777) | 2000 = 2770 It is doing exactly what it should be doing. :) Keith Ok, I guess that makes sense after you explained it. I got it to work by using both the 'directory mask' and the 'force directory mode'. That works but I have no idea why. I also just tried to use the 'force directory mode' which is a bitwise 'OR' to see what I would get and here are the permissions that I end up with in both cases. I cannot figure out where they are coming from. With both 'directory mask = 3770' and 'force directory mode = 3770' I get: drwxrws--T DIR (which would be 3770) If I just use 'force directory mode = 3770', then I get the following permissions: drwxrwsr-t DIR (which would be 3775) Thanks for any help. I am glad that it works in with using both directives, but I just want to understand why. I have been doing a lot of reading, and just when I think that I understand how it should work...it throws me a curve. :) Actually the first one does make sense I guess, but not the 2nd. Here is how I understand it. [(3777 & 0770) | 3770] | 2000 = 3770 I have no ide where the rx permissions come from in the last example though. -- Scott Mayo Technology Coordinator Bloomfield Schools PH: 573-568-5669 FA: 573-568-4565 Pager: 800-264-2535 X2549 Duct tape is like the force, it has a light side and a dark side and it holds the universe together. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba, VPN, and Mac OSX 10.4.2
Keith Warno wrote: * <[EMAIL PROTECTED]> [29/07/2005 1028EDT]: We're having an odd problem with connecting to Samba shares over a VPN with a Mac client. [...] Brian Daniels Brian, curious -- which VPN client are you using? I know there were issue w/ Tiger and some versions of Cisco's client. Keith We have tried both IPSecuritas and VPN Tracker on the client machines. Both have the same errors. A google on that error message suggests that it is being generated in smbfs_smb.c in the Samba code. One thing I forgot to mention - the Mac clients can connect without problems to a WinNT server, VPN or local. Dangit. -- Brian Daniels -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba permissions
Keith Warno wrote: * <[EMAIL PROTECTED]> [29/07/2005 1119EDT]: I am working on my permissions and something does not quite make sense to me. Here is what I have set. /DIR (Unix permissions are 3777) Then in samba I have the following [dir] path = /DIR read only = no valid users @teach @student create mask 3660 directory mask 3770 Then from a windows workstation, I create a new directory inside 'dir', and call it 'teach'. The permissions of 'teach' are 2770. It looks like it should be 3770 to me since the 'directory mask' commands does a bitwise 'AND'. Anyone know why this is? Maybe it is because of the DOS attributes or something. You're right about the bitwise AND. But default mode for a new directory is 0777. Observe: [EMAIL PROTECTED]:~$ cd tmp [EMAIL PROTECTED]:~/tmp$ umask 0 [EMAIL PROTECTED]:~/tmp$ umask [EMAIL PROTECTED]:~/tmp$ file foodir foodir: cannot open (foodir) [EMAIL PROTECTED]:~/tmp$ mkdir foodir [EMAIL PROTECTED]:~/tmp$ ls -ld foodir drwxrwxrwx 2 kw users 4096 Jul 29 11:59 foodir However, your new directory *inherited* the setgid bit (effectively a bitwise OR); this is simply the behavior of setgid bits on directories. From the man page for the stat() system call (section 2): The set GID bit (S_ISGID) has several special uses: For a directory it indicates that BSD semantics is to be used for that directory: files created there inherit their group ID from the directory, not from the effective gid of the creating process, and directories created there will also get the S_ISGID bit set. For a file that does not have the group execution bit (S_IXGRP) set, it indicates mandatory file/record locking. So, for your case: (3770 & 0777) | 2000 = 2770 It is doing exactly what it should be doing. :) Keith Ok, I guess that makes sense after you explained it. I got it to work by using both the 'directory mask' and the 'force directory mode'. That works but I have no idea why. I also just tried to use the 'force directory mode' which is a bitwise 'OR' to see what I would get and here are the permissions that I end up with in both cases. I cannot figure out where they are coming from. With both 'directory mask = 3770' and 'force directory mode = 3770' I get: drwxrws--T DIR (which would be 3770) If I just use 'force directory mode = 3770', then I get the following permissions: drwxrwsr-t DIR (which would be 3775) Thanks for any help. I am glad that it works in with using both directives, but I just want to understand why. I have been doing a lot of reading, and just when I think that I understand how it should work...it throws me a curve. :) -- Scott Mayo Technology Coordinator Bloomfield Schools PH: 573-568-5669 FA: 573-568-4565 Pager: 800-264-2535 X2549 Duct tape is like the force, it has a light side and a dark side and it holds the universe together. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba permissions
* <[EMAIL PROTECTED]> [29/07/2005 1205EDT]: [...] > However, your new directory *inherited* the setgid bit (effectively a > bitwise OR); this is simply the behavior of setgid bits on directories. > From the man page for the stat() system call (section 2): > > The set GID bit (S_ISGID) has several special uses: For a > directory it indicates that BSD semantics is to be used for > that directory: files created there inherit their group ID from > the directory, not from the effective gid of the creating > process, and directories created there will also get the S_ISGID > bit set. For a file that does not have the group execution > bit (S_IXGRP) set, it indicates mandatory file/record locking. > > So, for your case: > > (3770 & 0777) | 2000 = 2770 I hate replying to my own mails, but just to clarify it'd make more sense to write the above like so: 0777|2000 = 2777 = new dir mode before 'directory mask' 3770 is applied 2777&3770 = 2770 = new dir mode after directory mask is applied -- SA Valaran Corp GPG: 0xEC705AE9 I put the sh in IT. pgpwuwJQSGEvn.pgp Description: PGP signature -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba permissions
* <[EMAIL PROTECTED]> [29/07/2005 1119EDT]: > I am working on my permissions and something does not quite make sense > to me. Here is what I have set. > > /DIR (Unix permissions are 3777) > > Then in samba I have the following > > [dir] > path = /DIR > read only = no > valid users @teach @student > create mask 3660 > directory mask 3770 > > Then from a windows workstation, I create a new directory inside 'dir', > and call it 'teach'. > > The permissions of 'teach' are 2770. It looks like it should be 3770 to > me since the 'directory mask' commands does a bitwise 'AND'. Anyone > know why this is? Maybe it is because of the DOS attributes or something. You're right about the bitwise AND. But default mode for a new directory is 0777. Observe: [EMAIL PROTECTED]:~$ cd tmp [EMAIL PROTECTED]:~/tmp$ umask 0 [EMAIL PROTECTED]:~/tmp$ umask [EMAIL PROTECTED]:~/tmp$ file foodir foodir: cannot open (foodir) [EMAIL PROTECTED]:~/tmp$ mkdir foodir [EMAIL PROTECTED]:~/tmp$ ls -ld foodir drwxrwxrwx 2 kw users 4096 Jul 29 11:59 foodir However, your new directory *inherited* the setgid bit (effectively a bitwise OR); this is simply the behavior of setgid bits on directories. From the man page for the stat() system call (section 2): The set GID bit (S_ISGID) has several special uses: For a directory it indicates that BSD semantics is to be used for that directory: files created there inherit their group ID from the directory, not from the effective gid of the creating process, and directories created there will also get the S_ISGID bit set. For a file that does not have the group execution bit (S_IXGRP) set, it indicates mandatory file/record locking. So, for your case: (3770 & 0777) | 2000 = 2770 It is doing exactly what it should be doing. :) Keith -- SA Valaran Corp GPG: 0xEC705AE9 I put the sh in IT. pgp7T4uJeN89b.pgp Description: PGP signature -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba, VPN, and Mac OSX 10.4.2
* <[EMAIL PROTECTED]> [29/07/2005 1028EDT]: > We're having an odd problem with connecting to Samba shares over a VPN > with a Mac client. [...] > Brian Daniels Brian, curious -- which VPN client are you using? I know there were issue w/ Tiger and some versions of Cisco's client. Keith -- SA Valaran Corp GPG: 0xEC705AE9 I put the sh in IT. pgpwaJndoYGZt.pgp Description: PGP signature -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] windows security of files and folders
Hi, i have a samba 3.0.12 PDC (LDAP) with many windows clients. All works correctly but when i show properties (security) of one file or folder many times i see the SID and not the user or group. I can't assign the perms with the windows because i don't see the groups of ldap. My configuration: 1 samba-3 PDC-LDAP (scripts, bats, etc. This scripts mount shares of other samba) In this samba, if i mount a share and click security of a file i see the users but not the groups 1 Samba-3 (other samba, server FS) (shares, data, etc) In this samba, if i mount a share and click security of a file i don't see users and groups) My groupmap: # net groupmap list Domain Computers (S-1-5-21-3984604316-2900431957-2958281145-515) -> maquinaspdc Domain Admins (S-1-5-21-3984604316-2900431957-2958281145-512) -> domadmin Domain Users (S-1-5-21-3984604316-2900431957-2958281145-513) -> domuser PDC configuration: [global] workgroup = LDAP server string = Servidor LDAP netbios name = serverldap os level = 128 time server = Yes unix extensions = Yes encrypt passwords = Yes add user script = /etc/samba/idealx/smbldap-useradd -m "%u" add machine script = /etc/samba/idealx/smbldap-useradd -w "%u" add group script = /etc/samba/idealx/smbldap-groupadd -p "%g" add user to group script = /etc/samba/idealx/smbldap-groupmod -m "%u" "%g" delete user from group script = /etc/samba/idealx/smbldap-groupmod -x "%u" "%g" set primary group script = /etc/samba/idealx/smbldap-usermod -g "%g" "%u" username map = /etc/samba/smbusers map to guest = Bad User security = user include = /etc/samba/dhcp.conf ;LDAP passdb backend = ldapsam:"ldap://127.0.0.1"; ldap suffix = o=root ldap admin dn = cn=Manager, o=root idmap backend = ldap:ldap://127.0.0.1 ldap idmap suffix = o=root ldap passwd sync = yes idmap uid = 1000-3 idmap gid = 1000-3 hosts allow = 192.168. 192.9.200. 127. localhost remote announce = 192.9.200.146 remote browse sync = 192.9.200.146 local master = yes preferred master = yes domain master = yes domain logons = yes wins support = yes name resolve order = wins hosts lmhosts bcast time server = yes # log level = 10 [netlogon] path = /opt/samba/netlogon guest ok = Yes [...] The other smb configuration (FS server): [global] workgroup = LDAP server string = Servidor FICHEROS netbios name = serversamba os level = 65 unix extensions = Yes encrypt passwords = Yes username map = /etc/samba/smbusers map to guest = Bad User security = user #include = /etc/samba/dhcp.conf ;LDAP passdb backend = ldapsam:"ldap://192.168.1.146"; ldap suffix = o=root ldap admin dn = cn=Manager, o=root idmap backend = ldap:ldap://192.168.1.146 ldap idmap suffix = o=root ldap passwd sync = yes idmap uid = 1000-3 idmap gid = 1000-3 hosts allow = 192.168. 192.9.200. 127. localhost # remote announce = 192.9.200.146 # remote browse sync = 192.9.200.146 wins support = no wins server = 192.168.1.146 name resolve order = wins hosts lmhosts bcast acl compatibility = Win2k [shares definition] [...] before i had samba-2 in two samba and the users and groups i saw them anyone help me please? thanks -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Samba permissions
I am working on my permissions and something does not quite make sense to me. Here is what I have set. /DIR (Unix permissions are 3777) Then in samba I have the following [dir] path = /DIR read only = no valid users @teach @student create mask 3660 directory mask 3770 Then from a windows workstation, I create a new directory inside 'dir', and call it 'teach'. The permissions of 'teach' are 2770. It looks like it should be 3770 to me since the 'directory mask' commands does a bitwise 'AND'. Anyone know why this is? Maybe it is because of the DOS attributes or something. Thanks for any help. -- Scott Mayo Technology Coordinator Bloomfield Schools PH: 573-568-5669 FA: 573-568-4565 Pager: 800-264-2535 X2549 Duct tape is like the force, it has a light side and a dark side and it holds the universe together. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] profiles reverting from local to roaming
Hello, I have a shiny new RHES4 box running Samba 3.0.10-1.4E (as included in the Red Hat distribution) which is set up as a domain controller, using openLDAP and the IdealX scripts. User PCs are Windows 2000 and XP. We would like to avoid roaming profiles altogether, so we set "logon path =" and "logon home =" (with no argument to the right of the equals sign) in smb.conf. We also went around to user Windows PCs and, from the System control panel, changed profiles from "roaming" to "local". However, when the user logs out and back in, the profile changes back to roaming, with ugly consequences on our WAN. I do have a "profiles" share defined, and when the user is set for roaming profiles it does work correctly, but I need not to do roaming profiles at all. Thanks, Jonathan Wilson -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] problems with Windows XP clients becoming local master?
According the the docs, samba should always win elections with these settings. For whatever reason it sometimes doesn't and loses to a Windows XP machine. local master = yes preferred master = yes domain master = yes os level = 255 Changing the registry setting on the clients solved the problem for us. We never want a Windows XP client to be the master anyway. Chris <[EMAIL PROTECTED]> Sent by: [EMAIL PROTECTED] 07/29/2005 09:13 AM To samba@lists.samba.org cc Subject Re: [Samba] problems with Windows XP clients becoming local master? On Friday 29 July 2005 09:36 am, daryn wrote: Are these two items: > domain logons = Yes > domain master = Yes really even valid or useful in security-share mode? There a comment about this in the smb.conf man page: > preferred master = Yes Maybe leaving it at the default (auto) is better. Chris -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] winbind gives NT_STATUS_INSUFFICIENT_RESOURCES error after a few hours of running
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 We have a samba 3.0.14a server connected via NT4 to an ADS domain, and after a few hours of access, winbind stops autheticating, and gives errors like this: [2005/07/29 09:32:33, 1] nsswitch/winbindd_group.c:fill_grent_mem(133) ~ could not lookup membership for group rid S-1-5-21-1957994488-1409082233-725345543-512 in domain MERCYHOME (error: NT_STATUS_INSUFFICIENT_RESOURCES) [2005/07/29 09:32:33, 1] nsswitch/winbindd_group.c:fill_grent_mem(133) ~ could not lookup membership for group rid S-1-5-21-1957994488-1409082233-725345543-513 in domain MERCYHOME (error: NT_STATUS_INSUFFICIENT_RESOURCES) Restarting smbd and winbindd doesn't help, I have to make it use another domain controller or reboot the domain controller. What can I do to make this not happen? - -tom -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFC6j432dxAfYNwANIRAn0iAJsFtDUpgMcdJoxzoM8BddJY3NXdxgCbBunw 5nkWIXrQT0ibBIMbj/cnXjY= =ri7a -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Samba, VPN, and Mac OSX 10.4.2
We're having an odd problem with connecting to Samba shares over a VPN with a Mac client. We have several Mac clients connecting to a Samba 3.0.10-1.fc2 installation. Prior to upgrading them to Tiger, everything worked fine both local and over an IPSec VPN. After upgrading to Tiger, they still work fine when on our LAN. But if they try to connect to a share over the VPN, Finder hangs. The Mac logs the following messages in /var/log/system.log during the hang: Jul 29 09:59:46 brian-daniels-powerbook-g4-15 kernel[0]: bug: ecnt = 32, but m_len = 0 and m_next = 0 (please report) Jul 29 09:59:46 brian-daniels-powerbook-g4-15 kernel[0]: bug: ecnt = 33, but m_len = 0 and m_next = 0 (please report) Jul 29 09:59:46 brian-daniels-powerbook-g4-15 kernel[0]: bug: ecnt = 32, but m_len = 0 and m_next = 0 (please report) Jul 29 09:59:46 brian-daniels-powerbook-g4-15 kernel[0]: bug: ecnt = 33, but m_len = 0 and m_next = 0 (please report) Jul 29 09:59:46 brian-daniels-powerbook-g4-15 kernel[0]: bug: ecnt = 32, but m_len = 0 and m_next = 0 (please report) Jul 29 09:59:46 brian-daniels-powerbook-g4-15 kernel[0]: bug: ecnt = 33, but m_len = 0 and m_next = 0 (please report) Jul 29 09:59:46 brian-daniels-powerbook-g4-15 kernel[0]: bug: ecnt = 32, but m_len = 0 and m_next = 0 (please report) Jul 29 09:59:46 brian-daniels-powerbook-g4-15 kernel[0]: bug: ecnt = 33, but m_len = 0 and m_next = 0 (please report) Jul 29 09:59:46 brian-daniels-powerbook-g4-15 kernel[0]: bug: ecnt = 32, but m_len = 0 and m_next = 0 (please report) Jul 29 09:59:47 brian-daniels-powerbook-g4-15 kernel[0]: t) Jul 29 09:59:47 brian-daniels-powerbook-g4-15 kernel[0]: bug: ecnt = 32, but m_len = 0 and m_next = 0 (please report) It keeps logging these errors until Finder is forced to quit. Interestingly, if the server connected to has only a few files (<~30) in the root directory, then the hang does not occur. But if the user then tries to cd to a dir containing more files, the above problem appears. Other actions over the VPN (ssh, VNC, etc) work without problems. I'd appreciate any suggestions. Thanks, Brian -- Brian Daniels -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] problems with win98 and samba 3
we're using samba 3.0.11 (updated from 2.2.19) after the update, the windows 98 machines all showing only the short filenames on the server. (on other servers there are long filenames still available). can anybody give me an idea? thx in advance kurt smb.conf: == [global] # 2005-01-05 einbau wixp # vfs object = /opt/GData/lib/bdvfs228a.so # log level = 9 log level = 1 log file = /usr/local/samba/var/log.%m server string = PDC (%L) samba %v workgroup = keepalive = 60 guest account = nobody keep alive = 30 os level = 65 security = users encrypt passwords = yes add user script = /usr/sbin/useradd -d /dev/null -g100 -s /bin/false -M %u netbios name = sv01samba printing = lprng printcap name = /etc/printcap load printers = yes socket options = IPTOS_LOWDELAY TCP_NODELAY SO_SNDBUF=33288 SO_RCVBUF=33288 # socket options = IPTOS_LOWDELAY TCP_NODELAY SO_SNDBUF=16644 SO_RCVBUF=16644 # socket options = IPTOS_LOWDELAY TCP_NODELAY SO_SNDBUF=8322 SO_RCVBUF=8322 map to guest = Bad User local master = yes interfaces = *** bind interfaces only = yes hosts allow = *** wins support = no logon script =%G.bat domain logons = yes domain master = yes logon path = \\%N\profiles\%u logon drive = i: logon home = \\%N\ich admin users = root ### ###wixp ###use nameserver instead of... name resolve order = host lmhosts bcast disable spoolss = yes max protocol = LANMAN2 time server = yes ###/wixp ### [netlogon] comment = skripts fuer login browsable = yes path = /usr/smbdata/netlogon writable = yes create mask = 0744 directory mask = 2744 [profiles] csc policy = disable browsable = no # nt acl support = no profile acls = yes path = /usr/smbdata/profiles writable = yes create mask = 0600 directory mask = 0700 [ich] comment = Heimatverzeichnis browseable = no read only = no create mask = 0750 directory mask = 2750 path = /usr/smbdata/daten/kwnet.at/%G/%U [cdrom] comment = Linux CD-ROM path = /cdrom read only = yes locking = no [floppy] comment = Linux CD-ROM path = /floppy read only = no locking = no [printers] printer admin = @edv comment = All Printers browseable = no printable = yes public = yes read only = no create mode = 0666 path = /tmp use client driver = yes lpq command = /usr/bin/lpq -P%p lprm command = /usr/bin/lprm -P%p %j ... == -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] problems with Windows XP clients becoming local master?
Sorry for that, if you use only secure share dont set the domain logons and the domain master. next time ill read better ;-) i think my pain killers are working.. u CAN use preferred master = yes though, somebody correct me if im wrong. >-Oorspronkelijk bericht- >Van: [EMAIL PROTECTED] >[mailto:[EMAIL PROTECTED] Namens Chris >Verzonden: vrijdag 29 juli 2005 16:13 >Aan: samba@lists.samba.org >Onderwerp: Re: [Samba] problems with Windows XP clients >becoming local master? > >On Friday 29 July 2005 09:36 am, daryn wrote: > >Are these two items: > >> domain logons = Yes >> domain master = Yes > >really even valid or useful in security-share mode? > >There a comment about this in the smb.conf man page: > >> preferred master = Yes > >Maybe leaving it at the default (auto) is better. > >Chris >-- >To unsubscribe from this list go to the following URL and read the >instructions: https://lists.samba.org/mailman/listinfo/samba > -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] problems with Windows XP clients becoming local master?
On Friday 29 July 2005 09:36 am, daryn wrote: Are these two items: > domain logons = Yes > domain master = Yes really even valid or useful in security-share mode? There a comment about this in the smb.conf man page: > preferred master = Yes Maybe leaving it at the default (auto) is better. Chris -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] problems with Windows XP clients becoming local master?
Or set your samba server to be the master, this is prefered. example.. prefered master = yes Domain Master = Yes os level = 65 >-Oorspronkelijk bericht- >Van: [EMAIL PROTECTED] >[mailto:[EMAIL PROTECTED] >Namens Vickie L. Kidder >Verzonden: vrijdag 29 juli 2005 15:57 >Aan: samba@lists.samba.org >Onderwerp: Re: [Samba] problems with Windows XP clients >becoming local master? > >You can prevent Windows XP clients from trying to become the master >browser by changing this registry setting. > >HKEY_LOCAL_MACHINE > SYSTEM > CurrentControlSet > Services > Browser > >Parameters MaintainServerList >Default value is "Auto". Change value to "No" and reboot machine. > > > > > >"daryn" <[EMAIL PROTECTED]> >Sent by: [EMAIL PROTECTED] >07/29/2005 08:36 AM > >To >samba@lists.samba.org >cc > >Subject >[Samba] problems with Windows XP clients becoming local master? > > > > > > >Hi there. First time posting to this but I'm getting desperate so >apologies >for any netiquette faux pas... > >I'm running a Suse box with Samba on it, with Windows XP SP2 clients >viewing >it in a workgroup. Some pc's are having timeouts when >attempting to view a > >network share though. In the logs, sometimes at the same time as the >timeouts, this appears: > > >[2005/07/28 13:19:08, 0] >nmbd/nmbd_incomingdgrams.c:process_local_master_announce(311) > process_local_master_announce: Server PCSTEVE at IP 192.168.0.204 is >announcing itself as a local master browser for workgroup >WORKGROUP and we > >think we are master. Forcing election. >[2005/07/28 13:19:08, 0] >nmbd/nmbd_become_lmb.c:unbecome_local_master_success >(149) > * > > Samba name server WORKGROUPSHARE has stopped being a local master >browser >for workgroup WORKGROUP on subnet 192.168.0.10 > > * >[2005/07/28 13:19:26, 0] >nmbd/nmbd_become_lmb.c:become_local_master_stage2 >(396) > * > > Samba name server WORKGROUPSHARE is now a local master browser for >workgroup WORKGROUP on subnet 192.168.0.10 > > * > > >And thus it carries on until someone else on the network tries to take >over. >On the net, there are loads of people querying this but mostly either >samba v >samba conflicts (solved by making one master and one not) or >other windows > >conflicts (solved by raising the os level). The os level of >this server is > >already at 65 when an XP client is apparently at 16. At no >point should >samba >give up (even for a second, as I understand it) it's master >browser rights >to >an XP client. The smb.conf is listed below in part. Can anyone >PLEASE shed > >light on this since this is driving me nuts and users are >complaining of >slow >access to files on the WORKGROUPSHARE samba box's share. > >Thanks very much > >Steve > >smb.conf (in part) follows: > >[global] >workgroup = WORKGROUPSHARE >netbios name = WORKGROUPSHARE >server string = PAH Network Share >interfaces = 127.0.0.1, eth0 >bind interfaces only = Yes >security = SHARE >map to guest = Bad User >add machine script = /usr/sbin/useradd -c Machine - >d /var/lib/nobody -s /bin/false %m$ >domain logons = Yes >os level = 65 >preferred master = Yes >domain master = Yes >ldap suffix = dc=pahltd,dc=com >printer admin = @ntadmin, root, administrator > >-- >To unsubscribe from this list go to the following URL and read the >instructions: https://lists.samba.org/mailman/listinfo/samba > >-- >To unsubscribe from this list go to the following URL and read the >instructions: https://lists.samba.org/mailman/listinfo/samba > -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] problems with Windows XP clients becoming local master?
You can prevent Windows XP clients from trying to become the master browser by changing this registry setting. HKEY_LOCAL_MACHINE > SYSTEM > CurrentControlSet > Services > Browser > Parameters MaintainServerList Default value is "Auto". Change value to "No" and reboot machine. "daryn" <[EMAIL PROTECTED]> Sent by: [EMAIL PROTECTED] 07/29/2005 08:36 AM To samba@lists.samba.org cc Subject [Samba] problems with Windows XP clients becoming local master? Hi there. First time posting to this but I'm getting desperate so apologies for any netiquette faux pas... I'm running a Suse box with Samba on it, with Windows XP SP2 clients viewing it in a workgroup. Some pc's are having timeouts when attempting to view a network share though. In the logs, sometimes at the same time as the timeouts, this appears: [2005/07/28 13:19:08, 0] nmbd/nmbd_incomingdgrams.c:process_local_master_announce(311) process_local_master_announce: Server PCSTEVE at IP 192.168.0.204 is announcing itself as a local master browser for workgroup WORKGROUP and we think we are master. Forcing election. [2005/07/28 13:19:08, 0] nmbd/nmbd_become_lmb.c:unbecome_local_master_success (149) * Samba name server WORKGROUPSHARE has stopped being a local master browser for workgroup WORKGROUP on subnet 192.168.0.10 * [2005/07/28 13:19:26, 0] nmbd/nmbd_become_lmb.c:become_local_master_stage2 (396) * Samba name server WORKGROUPSHARE is now a local master browser for workgroup WORKGROUP on subnet 192.168.0.10 * And thus it carries on until someone else on the network tries to take over. On the net, there are loads of people querying this but mostly either samba v samba conflicts (solved by making one master and one not) or other windows conflicts (solved by raising the os level). The os level of this server is already at 65 when an XP client is apparently at 16. At no point should samba give up (even for a second, as I understand it) it's master browser rights to an XP client. The smb.conf is listed below in part. Can anyone PLEASE shed light on this since this is driving me nuts and users are complaining of slow access to files on the WORKGROUPSHARE samba box's share. Thanks very much Steve smb.conf (in part) follows: [global] workgroup = WORKGROUPSHARE netbios name = WORKGROUPSHARE server string = PAH Network Share interfaces = 127.0.0.1, eth0 bind interfaces only = Yes security = SHARE map to guest = Bad User add machine script = /usr/sbin/useradd -c Machine - d /var/lib/nobody -s /bin/false %m$ domain logons = Yes os level = 65 preferred master = Yes domain master = Yes ldap suffix = dc=pahltd,dc=com printer admin = @ntadmin, root, administrator -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Subcribe
-- Marcos Altamirano A. <[EMAIL PROTECTED]> Este mensaje es confidencial y puede contener informacion privilegiada y protegida por ley. Si Ud. no es el destinatario, debera abtenerse de copiarlo, distribuirlo, divulgarlo o usar la informacion contenida en cualquier forma. Por favor, avise inmediatamente al emisor y borre este mensaje de su sistema. Los mensajes electronicos son susceptibles de ser cambiados, infectados o adulterados sin autorizacion; no asumimos responsabilidad alguna por ninguna clase de cambios o sus consecuencias. Ud. debe estar informado que la Empresa puede hacer un seguimiento de sus mensajes electronicos." "This e-mail is confidential and may contain legally privileged information. If you are not the intended recipient, you should not copy, distribute, disclose or use the information it contains in any way. Please e-mail the sender inmediately and delete this message from your system. E-mail are susceptible to corruption, interception and unauthorized amendment; we do not accept liability for any such changes, or their consequences. You should be aware, that the Company may monitor your e-mails." -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Problem to logon after join LDAP/SAMBA domain
Have you tried this register hacks already. /snap cut here. REGEDIT4 ;- ; do not roam the following folders [HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] "ExcludeProfileDirs"="Temporary Internet Files;History;Temp" ;- ; force Windows XP Professional clients to accept Samba as a PDC [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters] "requiresignorseal"=dword: "signsecurechannel"=dword: ;- ; Do not check for user ownership of Roaming Profile Folders [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\System] "CompatibleRUPSecurity"=dword:0001 /snap end. >-Oorspronkelijk bericht- >Van: Felipe [mailto:[EMAIL PROTECTED] >Verzonden: vrijdag 29 juli 2005 15:14 >Aan: Louis van Belle >Onderwerp: Re: [Samba] Problem to logon after join LDAP/SAMBA domain > >Thanks Louis, but unfortunately no... it didn't work.. it seems that >the Samba isn't getting the user and pass or the windows XP isn't >sending in the right way because in the log.workstation file the last >line is: > >2005/07/29 10:01:39, 3] >smbd/sesssetup.c:reply_sesssetup_and_X_spnego(535) > Doing spnego session setup >[2005/07/29 10:01:39, 3] >smbd/sesssetup.c:reply_sesssetup_and_X_spnego(566) > NativeOS=[Windows 2002 Service Pack 2 2600] NativeLanMan=[Windows >2002 5.1] PrimaryDomain=[] >[2005/07/29 10:01:39, 3] libsmb/ntlmssp.c:ntlmssp_server_auth(606) > Got user=[] domain=[] workstation=[TEC01] len1=1 len2=0 > >other ideas? > > > > >2005/7/29, Louis van Belle <[EMAIL PROTECTED]>: >> I think you have to do this on the console >> >> 1 set the password again for the user. => reset the password >> 2 smbldap-usermod -J username => >enable the user >> >> somethimes users are disabled, you can check this with the >usrmgr.exe from >> the nt tools >> >> >> >> >-Oorspronkelijk bericht- >> >Van: [EMAIL PROTECTED] >> >[mailto:[EMAIL PROTECTED] >Namens Felipe >> >Verzonden: vrijdag 29 juli 2005 14:22 >> >Aan: Samba users-list >> >Onderwerp: [Samba] Problem to logon after join LDAP/SAMBA domain >> > >> >Hi all, >> > >> >I'm using SAMBA with LDAP as my PDC but after I join a workstations >> >Windows XP to the domain, I can't authenticate any user with this >> >workstation, It gives the fallowing error when I press ctrl+alt+del >> >and try to logon: >> > >> >"The system can't authenticate the user. Check if the user and >> >password is correct then retype them press ok" etc. >> > >> >In the server, I can see the workstation in Ldap database, in getent >> >passwd. The users I try to logon works when I authenticate >in ftp, ssh >> >and other several services when I use the same workstation >as a local >> >machine. >> > >> >I'm using: >> >samba-3.0.14 >> >pam_ldap-178-1 >> >openldap-devel-2.2.17-1 >> >nss_ldap-238-1 >> >smbldap-tools-0.8.8-1 >> >openldap-2.2.17-1 >> > >> >Someone know what is going on? Is there any problem with >> >windows or with me? >> > >> >best regards, >> >-- >> >To unsubscribe from this list go to the following URL and read the >> >instructions: https://lists.samba.org/mailman/listinfo/samba >> > >> >> -- >> To unsubscribe from this list go to the following URL and read the >> instructions: https://lists.samba.org/mailman/listinfo/samba >> > -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] uid + gid mapping problem
Hi everyone, Ok I can log in locally as a windows user. I can su to a windows user as well. But once I'm there: [EMAIL PROTECTED] ~]# su mluich bash-3.00$ whoami whoami: cannot find username for UID 16777253 bash-3.00$ ls -l total 4 drwxr-xr-x 2 16777253 16777218 4096 Jul 28 16:21 Desktop -rwxr--r-- 1 16777253 167772180 Jul 28 15:31 test.txt Getent passwd returns: mluich:*:16777253:16777218:Mike Luich:/home/mluich:/bin/bash Plus others. The system does not seem to be mapping uid's + gid's correctly. Any idea's? [EMAIL PROTECTED] ~]# ps -ef|grep nscd root 3491 2907 0 13:33 pts/100:00:00 grep nscd Smb.conf: [global] workgroup = dsci server string = Samba Server printcap name = /etc/printcap cups options = raw log file = /var/log/samba/%m.log max log size = 50 socket options = TCP_NODELAY SO_SNDBUF=8192 SO_RCVBUF=8192 dns proxy = no template shell = /bin/bash password server = 192.168.109.1 restrict anonymous = no domain master = no preferred master = no max protocol = NT ldap ssl = No server signing = Auto realm = DSCICORP.COM security = ads idmap uid = 1-5 idmap gid = 1-5 winbind trusted domains only = no template homedir = /home/%U winbind use default domain = yes winbind separator = + nsswitch.conf: passwd: files winbind ldap shadow: files winbind ldap group: files winbind ldap hosts: files dns bootparams: nisplus [NOTFOUND=return] files ethers: files netmasks: files networks: files protocols: files winbind ldap rpc:files services: files winbind ldap netgroup: files winbind ldap publickey: nisplus automount: files winbind ldap aliases:files nisplus pam.d/sshd: auth required pam_stack.so service=system-auth auth sufficient pam_winbind.so auth required pam_nologin.so accountrequired pam_stack.so service=system-auth accountsufficient pam_winbind.so password required pam_stack.so service=system-auth sessionrequired pam_stack.so service=system-auth Michael Luich Unix Admininstrator DSCI corp [EMAIL PROTECTED] cell: 603-475-5799 "The mark of an immature man is that he wants to die nobly for a cause, while the mark of the mature man is that he wants to live humbly for one." --W. Stekel -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] problems with Windows XP clients becoming local master?
Hi there. First time posting to this but I'm getting desperate so apologies for any netiquette faux pas... I'm running a Suse box with Samba on it, with Windows XP SP2 clients viewing it in a workgroup. Some pc's are having timeouts when attempting to view a network share though. In the logs, sometimes at the same time as the timeouts, this appears: [2005/07/28 13:19:08, 0] nmbd/nmbd_incomingdgrams.c:process_local_master_announce(311) process_local_master_announce: Server PCSTEVE at IP 192.168.0.204 is announcing itself as a local master browser for workgroup WORKGROUP and we think we are master. Forcing election. [2005/07/28 13:19:08, 0] nmbd/nmbd_become_lmb.c:unbecome_local_master_success (149) * Samba name server WORKGROUPSHARE has stopped being a local master browser for workgroup WORKGROUP on subnet 192.168.0.10 * [2005/07/28 13:19:26, 0] nmbd/nmbd_become_lmb.c:become_local_master_stage2 (396) * Samba name server WORKGROUPSHARE is now a local master browser for workgroup WORKGROUP on subnet 192.168.0.10 * And thus it carries on until someone else on the network tries to take over. On the net, there are loads of people querying this but mostly either samba v samba conflicts (solved by making one master and one not) or other windows conflicts (solved by raising the os level). The os level of this server is already at 65 when an XP client is apparently at 16. At no point should samba give up (even for a second, as I understand it) it's master browser rights to an XP client. The smb.conf is listed below in part. Can anyone PLEASE shed light on this since this is driving me nuts and users are complaining of slow access to files on the WORKGROUPSHARE samba box's share. Thanks very much Steve smb.conf (in part) follows: [global] workgroup = WORKGROUPSHARE netbios name = WORKGROUPSHARE server string = PAH Network Share interfaces = 127.0.0.1, eth0 bind interfaces only = Yes security = SHARE map to guest = Bad User add machine script = /usr/sbin/useradd -c Machine - d /var/lib/nobody -s /bin/false %m$ domain logons = Yes os level = 65 preferred master = Yes domain master = Yes ldap suffix = dc=pahltd,dc=com printer admin = @ntadmin, root, administrator -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] writing to windows 2003 cifs-mounted share?
Hello world; currently I am running into some strange problem with a setup that incorporates servers running Windows 2003 and Debian GNU stable (samba 3.0.14). Here's the situation: * There's a share on the windows box that the unix machines need to access. This is mounted using CIFS with uid= / oid= options to ensure the desired unix user account is able to access the data in the share. * When I do "ls -l" across the share, I see that the permissions, same as owner and group information, are the way I want them to. * Anyhow, whenever I try to write to that share as the user that (obviously) owns all the files on it, I just get a "permission denied". This is strange. Can anyone point me a way out? TIA and bye, Kris -- Kristian Rink -- Programmierung/Systembetreuung planConnect GmbH * Strehlener Str. 12 - 14 * 01069 Dresden Tel. 0351 4657716 * Fax 0351 4657707 * [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba 3.0.20rc1 Available for Download
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Thomas Bork wrote: > Gerald (Jerry) Carter wrote: > >> This is a release candidate of the 3.0.20 code base and > [...] >> The release notes are available online at: >> >> http://www.samba.org/samba/ftp/pre/WHATSNEW-3-0-20rc1.txt > > http://www.samba.org/samba/ftp/rc/WHATSNEW-3-0-20rc1.txt > Doh! My infamous proofreading skilzs strike again. Thanks Tom. cheers, jerry -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.0 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFC6i5UIR7qMdg1EfYRAobDAJsG1fDDp9GBu4TJ00kt59WfcdFgQQCgvUK4 gCPlSh3O2uDU6Hu5O1UBBLg= =+I6Y -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] No Printer Port
Hi, I am having problems adding printers to Windows. The printers are setup on a Samba 3.0.2a server running on Solaris 9 and using CUPS. When I add the printer to Windows it seems to install OK but no printer port is added. The "Comment" and "Location" fields in the Windows printers box are also empty as though it isn't talking to the Samba server. When I look at the Ports page of the printer properties, I can see all the usual LPT and COM ports ( although none are ticked ), but the Add Port, Delete Port and Configure Port are greyed out. This did not used to be the case. We have been working fine since we moved onto our new Sun V250 about a year ago. We have added printers since then and they worked OK. Does anyone have any ideas? Thanks for any help Stuart K Jeffery CONFIDENTIALITY NOTICE The information contained in this e-mail is intended only for the confidential use of the above named recipient. If you are not the intended recipient or person responsible for delivering it to the intended recipient, you have received this communication in error and must not distribute or copy it. Please accept the sender's apologies, notify the sender immediately by return e-mail and delete this communication. Thank you. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Problem to logon after join LDAP/SAMBA domain
I think you have to do this on the console 1 set the password again for the user. => reset the password 2 smbldap-usermod -J username => enable the user somethimes users are disabled, you can check this with the usrmgr.exe from the nt tools >-Oorspronkelijk bericht- >Van: [EMAIL PROTECTED] >[mailto:[EMAIL PROTECTED] Namens Felipe >Verzonden: vrijdag 29 juli 2005 14:22 >Aan: Samba users-list >Onderwerp: [Samba] Problem to logon after join LDAP/SAMBA domain > >Hi all, > >I'm using SAMBA with LDAP as my PDC but after I join a workstations >Windows XP to the domain, I can't authenticate any user with this >workstation, It gives the fallowing error when I press ctrl+alt+del >and try to logon: > >"The system can't authenticate the user. Check if the user and >password is correct then retype them press ok" etc. > >In the server, I can see the workstation in Ldap database, in getent >passwd. The users I try to logon works when I authenticate in ftp, ssh >and other several services when I use the same workstation as a local >machine. > >I'm using: >samba-3.0.14 >pam_ldap-178-1 >openldap-devel-2.2.17-1 >nss_ldap-238-1 >smbldap-tools-0.8.8-1 >openldap-2.2.17-1 > >Someone know what is going on? Is there any problem with >windows or with me? > >best regards, >-- >To unsubscribe from this list go to the following URL and read the >instructions: https://lists.samba.org/mailman/listinfo/samba > -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] How to prevent users from deleting users from domain via usrmgr.exe ???
You should use the LDAP access rights to do this. http://www.idealx.org/prj/samba/smbldap-howto.en.html read section 5 and section 11.1.1 good luck >-Oorspronkelijk bericht- >Van: [EMAIL PROTECTED] >[mailto:[EMAIL PROTECTED] >Namens Michael Gasch >Verzonden: vrijdag 29 juli 2005 14:15 >Aan: samba@lists.samba.org >Onderwerp: [Samba] How to prevent users from deleting users >from domain via usrmgr.exe ??? > >hi, > >weird thing: >i thought when commenting out "delete user script" and "ldap >delete dn" >nobody is able to delete users from the domain. > >what happens: users are deleted, to be more specific their samba >attributes are deleted but not their posix values. > >i won't let our admins delete users from our domain becaus we have >another management to add/delete users to/from a domain. > >adding does not work already because samba does not find posix account >information and add user script is set to "blank". > >i thought of setting delete user script to blank but samba >does not care >about that and deletes only samba attributes. > >to be clear: none of the attributes of a user should be removed!!! > >any help without patching the source? > >thx >-- >Michael Gasch >Max Planck Institute for Evolutionary Anthropology >Department of Human Evolution >Deutscher Platz 6 >D-04103 Leipzig >Germany > >Phone: 49 (0)341 - 3550 137 >-- >To unsubscribe from this list go to the following URL and read the >instructions: https://lists.samba.org/mailman/listinfo/samba > -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Problem to logon after join LDAP/SAMBA domain
Hi all, I'm using SAMBA with LDAP as my PDC but after I join a workstations Windows XP to the domain, I can't authenticate any user with this workstation, It gives the fallowing error when I press ctrl+alt+del and try to logon: "The system can't authenticate the user. Check if the user and password is correct then retype them press ok" etc. In the server, I can see the workstation in Ldap database, in getent passwd. The users I try to logon works when I authenticate in ftp, ssh and other several services when I use the same workstation as a local machine. I'm using: samba-3.0.14 pam_ldap-178-1 openldap-devel-2.2.17-1 nss_ldap-238-1 smbldap-tools-0.8.8-1 openldap-2.2.17-1 Someone know what is going on? Is there any problem with windows or with me? best regards, -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] How to prevent users from deleting users from domain via usrmgr.exe ???
hi, weird thing: i thought when commenting out "delete user script" and "ldap delete dn" nobody is able to delete users from the domain. what happens: users are deleted, to be more specific their samba attributes are deleted but not their posix values. i won't let our admins delete users from our domain becaus we have another management to add/delete users to/from a domain. adding does not work already because samba does not find posix account information and add user script is set to "blank". i thought of setting delete user script to blank but samba does not care about that and deletes only samba attributes. to be clear: none of the attributes of a user should be removed!!! any help without patching the source? thx -- Michael Gasch Max Planck Institute for Evolutionary Anthropology Department of Human Evolution Deutscher Platz 6 D-04103 Leipzig Germany Phone: 49 (0)341 - 3550 137 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[SOLVED] Re: [Samba] weird problem with smbldap-tools and usrmgr.exe
hi, thank you for your response louis!!! i fixed it by commenting out all "print" statements when adding/modifying/deleting users/groups nothing will be printed to STDOUT currently when working with usrmgr.exe which seems to be fine greez -- Michael Gasch Max Planck Institute for Evolutionary Anthropology Department of Human Evolution Deutscher Platz 6 D-04103 Leipzig Germany Phone: 49 (0)341 - 3550 137 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] winbind: idmap = ad togeter with nested groups? + offline solution for notebooks available?
1.Works idmap with ad-plugin (for uid/gid from sfu) also together with nested groups ? 2. Is a offline solution (caching) for notebooks available with "idmap = ad" ? works backend for this situation? Can anybody send me his [globals] from smb.conf as template? thanks a lot Best regards Steffen -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba 3.0.20rc1 Available for Download
Gerald (Jerry) Carter wrote: This is a release candidate of the 3.0.20 code base and [...] The release notes are available online at: http://www.samba.org/samba/ftp/pre/WHATSNEW-3-0-20rc1.txt http://www.samba.org/samba/ftp/rc/WHATSNEW-3-0-20rc1.txt der tom -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Scripts for NT Server Tools Handling
With the "add user script" and "add group script" etc. parameters, are these scripts executed before or after Samba actually adds the user to its password backend? I would guess that it is executed before, so that the UNIX user is ready for Samba. However, this is a problem because I'd like to be able to configure further options for the user in tdbsam at creation time (i.e. set their home directory and profile path), and at the time the script is run, the user doesn't exist in Samba so this fails. Can anyone see a way round this - is there a way to have a script take total control over the addition of a user rather than having Samba make the user after the script has run? It would be quite simple to arrange if this was possible - do the UNIX adduser first, then do the pdbedit user -a. Using: Samba 3.0.12 FreeBSD 5.4 tdbsam Backend -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] smb_proc_readdir_long - ls not showing files
Paul Warner wrote: -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Paul Warner Sent: 27 July 2005 12:37 To: samba@lists.samba.org Subject: [Samba] smb_proc_readdir_long - ls not showing files Hello, We are getting a baffling problem with a samba mounted drive on Redhat, mounted from a windows box. We cannot always see files in the mounted directory with ls or perl. The directory has 237 files in it. We sometimes see 197 files with ls. Sometimes we see nothing. This can happen from one try to the next (i.e. run ls, see the files, immediately run ls again and see nothing). We have searched the web, and searched the samba lists, but have not found an answer (although we have found postings about the same problem). We have tried adding a new file to the windows directory - then we can see the files! But delete the file in windows and suddenly we cannot see anything in the linux mount. We have found files that can break it as well, i.e., add the file in windows and you suddenly see no files at all in the linux mount. But it is not a specific file, since the same file with a different name will not cause a problem, or if you load the files in a different order the behavior can change as well. The directory contains files with very long names, such as: "Bullying and Harassment- Fostering dignity at work and managing complaints.doc" We are running Redhat Linux 9, and Redhat Enterprise Linux 3. We have the same problem on both systems, and in fact one of our colleagues observes the same problem on Suse 9.3 (with the 2.6 kernel). The windows box is running Windows 2003 Server. Our samba is version 3.0.14a. dmesg output when we have the problem: smb_proc_readdir_long: name=, result=-2, rcls=1, err=123 samba mount command: mount -t smbfs -o username=user,password=,gid=501,dmask=775,workgroup=internal //windowsserver/doc /mnt/doc This problem has broken an important perl script for us. Hopefully someone on the list can provide the answer, or point us to the place to get the answer. Thanks, Paul Hi again, I posted this email (above) a few days ago, and haven't received a reply. I'm not sure if it went through properly to the list or not, so I'm resending it. If no one really has an idea or an answer - should I post this as a samba bug? Thanks, Paul Hi, Reply quoted rom a previous post about smbfs: "Oops. This is a General Motors dealership, we do not do Ford warranty work." With that said, smbfs is a Linux kernel driver that is not part of Samba. smbfs has been superceded by cifsfs in the 2.6 kernel. Suggest you update and if you still have trouble contact with the cifsfs developers. You might also check the CIFSFS Home page at: http://us1.samba.org/samba/Linux_CIFS_client.html I don't personally use smbfs mounted drives. But I have this in my archives. Regards, Doug -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] incoherent oplock request/reply
Hello, I'm running a samba 3.0.14a server in production on a fedora core 3 (kernel 2.6.9-1.667smp) with a least 250 clients (XP Pro SP2) (up to 400 sometimes). A few days ago, a problem appeared with a soft that we are using for a long time. (Petit Robert, a french dictionnary). When someone launch the dictionnary, many clients are freezed when they try to access to the "start menu" (a part of the windows XP menus are stored on the samba server) In the logs, we found : Broken leases in the /var/log/messages : Jul 29 09:44:06 Karma kernel: lease broken - owner pid = 14556 Jul 29 09:44:28 Karma kernel: lease broken - owner pid = 14556 Jul 29 09:46:47 Karma kernel: lease broken - owner pid = 14138 Jul 29 09:47:25 Karma kernel: lease broken - owner pid = 14138 Jul 29 09:47:25 Karma kernel: lease broken - owner pid = 14138 Jul 29 09:48:07 Karma kernel: lease broken - owner pid = 14795 Jul 29 09:48:42 Karma kernel: lease broken - owner pid = 15014 [...] If we look at the first incriminated pid (14556), it's a samba process accessing to the dictionnary. While looking in the samba logs, we can find various clients blocked by this pid : For one workstation it says : -- [2005/07/29 09:43:43, 0] smbd/oplock.c:request_oplock_break(1054) request_oplock_break: no response received to oplock break request to pid 14556 on port 59668 for dev = 6911, inode = 680216880, file_id = 3491 [2005/07/29 09:43:43, 0] smbd/open.c:open_mode_check(743) open_mode_check: exlusive oplock left by process 14556 after break ! For file PC-BIB/PC_BIB.EXE, dev = 6911, inode = 680216880. Deleting it to continue... [2005/07/29 09:43:43, 0] smbd/open.c:open_mode_check(747) open_mode_check: Existent process 14556 left active oplock. [2005/07/29 09:44:28, 0] smbd/oplock.c:process_local_message(420) process_local_message: Received unsolicited break reply - dumping info. [2005/07/29 09:44:28, 0] smbd/oplock.c:process_local_message(435) process_local_message: unsolicited oplock break reply from pid 14748, port 59668, dev = 6911, inode = 680216880, file_id = 3491 For another one, it says : -- [2005/07/29 09:43:21, 0] smbd/oplock.c:request_oplock_break(1054) request_oplock_break: no response received to oplock break request to pid 14556 on port 59668 for dev = 6811, inode = 2801670, file_id = 3503 [2005/07/29 09:43:21, 0] smbd/open.c:open_mode_check(743) open_mode_check: exlusive oplock left by process 14556 after break ! For file Bureautique/WROBERT/CITATION.EXE, dev = 6811, inode = 2801670. Deleting it to continue... [...] [2005/07/29 09:44:28, 0] smbd/oplock.c:process_local_message(420) process_local_message: Received unsolicited break reply - dumping info. [2005/07/29 09:44:28, 0] smbd/oplock.c:process_local_message(435) process_local_message: unsolicited oplock break reply from pid 14978, port 59668, dev = 6811, inode = 2801670, file_id = 3503 The process 14556 is owned by a third user : - [2005/07/29 09:08:17, 1] smbd/service.c:make_connection_snum(642) uc003135 (172.25.11.111) connect to service netlogon initially as user root (uid=0, gid=100) (pid 14556) [2005/07/29 09:08:32, 1] smbd/service.c:make_connection_snum(642) uc003135 (172.25.11.111) connect to service m-tchagaspanian initially as user m-tchagaspanian (uid=553, gid=100) (pid 14556) [...] [2005/07/29 09:42:37, 0] smbd/oplock.c:request_oplock_break(1054) request_oplock_break: no response received to oplock break request to pid 14402 on port 57594 for dev = 6911, inode = 201422791, file_id = 5454 [2005/07/29 09:42:37, 0] smbd/open.c:open_mode_check(743) open_mode_check: exlusive oplock left by process 14402 after break ! For file CDlepetitRobert/PR1Data/PR1.LCK, dev = 6911, inode = 201422791. Deleting it to continue... [2005/07/29 09:42:37, 0] smbd/open.c:open_mode_check(747) open_mode_check: Existent process 14402 left active oplock. [2005/07/29 09:44:06, 0] smbd/oplock.c:oplock_break(874) oplock_break: no break received from client within 30 seconds. oplock_break failed for file (null) (dev = 6811, inode = 2801670, file_id = 3503). [2005/07/29 09:44:28, 0] smbd/oplock.c:process_local_message(420) process_local_message: Received unsolicited break reply - dumping info. [2005/07/29 09:44:28, 0] smbd/oplock.c:process_local_message(435) process_local_message: unsolicited oplock break reply from pid 14556, port 57594, dev = 6911, inode = 201422791, file_id = 5454 The last 2 messages are strange... Doesn't it looks like a bug ? (such messages are appearing in my various tests) Any ideas to solve this problem ? Thanks in advance Pierre Dinh-van PS : sorry for my bad english -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] browsing shares with ads
hi, i have a vanilla redhat 3 i'm trying to integrate into an ads tree. i think i'm pretty much there, but... net ads join worked net ads info works wbinfo -u works wbinfo -a user works smbclient -L localhost -U domain\user doesn't (but smbclient -L localhost does) if i try to browse from xp i can use a local (redhat) user to browse, but not the domain. 192.168.0.134.log gives: [2005/07/26 14:28:00, 1] smbd/sesssetup.c:reply_spnego_kerberos(250) Username PORTFIELD\stevep is invalid on this system wierdly enough i did have it working for a couple of minutes, but then i did something... i've tried the documentation and google, but have just got bogged down. any pointers or suggestions would be gratefully received. thanks, mike. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] smb_proc_readdir_long - ls not showing files
> -Original Message- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] > Behalf Of Paul > Warner > Sent: 27 July 2005 12:37 > To: samba@lists.samba.org > Subject: [Samba] smb_proc_readdir_long - ls not showing files > > > Hello, > > We are getting a baffling problem with a samba mounted drive > on Redhat, mounted > from a windows box. We cannot always see files in the > mounted directory with ls > or perl. The directory has 237 files in it. We sometimes > see 197 files with > ls. Sometimes we see nothing. This can happen from one try > to the next (i.e. > run ls, see the files, immediately run ls again and see > nothing). We have > searched the web, and searched the samba lists, but have not > found an answer > (although we have found postings about the same problem). We > have tried adding > a new file to the windows directory - then we can see the > files! But delete the > file in windows and suddenly we cannot see anything in the > linux mount. We have > found files that can break it as well, i.e., add the file in > windows and you > suddenly see no files at all in the linux mount. But it is > not a specific file, > since the same file with a different name will not cause a > problem, or if you > load the files in a different order the behavior can change as well. > > The directory contains files with very long names, such as: > "Bullying and Harassment- Fostering dignity at work and > managing complaints.doc" > > We are running Redhat Linux 9, and Redhat Enterprise Linux 3. > We have the same > problem on both systems, and in fact one of our colleagues > observes the same > problem on Suse 9.3 (with the 2.6 kernel). The windows box > is running Windows > 2003 Server. Our samba is version 3.0.14a. > > dmesg output when we have the problem: > smb_proc_readdir_long: name=, result=-2, rcls=1, err=123 > > samba mount command: > mount -t smbfs -o > username=user,password=,gid=501,dmask=775,workgroup=internal > //windowsserver/doc /mnt/doc > > This problem has broken an important perl script for us. > Hopefully someone on > the list can provide the answer, or point us to the place to > get the answer. > > Thanks, > Paul > Hi again, I posted this email (above) a few days ago, and haven't received a reply. I'm not sure if it went through properly to the list or not, so I'm resending it. If no one really has an idea or an answer - should I post this as a samba bug? Thanks, Paul -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] weird problem with smbldap-tools and usrmgr.exe
I know this problem, i also have this. But not with all the users, only some. You probely also have a unknown user. I have 1 unknow user, on some direcoties this Unknown user appers in the ACL of directories. If i remove this user and apply the rights, this one reappeers. I'm also on Debian Sarge, Ldap, but i use smbldap-tools 0.91, own rebuild to deb. >-Oorspronkelijk bericht- >Van: [EMAIL PROTECTED] >[mailto:[EMAIL PROTECTED] >Namens Michael Gasch >Verzonden: vrijdag 29 juli 2005 10:48 >Aan: samba@lists.samba.org >Onderwerp: [Samba] weird problem with smbldap-tools and usrmgr.exe > >hi folks, > >i hope you can help me!!! > >i'm using samba v3.0.14a (sernet) on debian sarge. >openldap v2 is my backend, smbldap-tools 0.8.4 (patched for our >organization). > >when adding a user via usrmgr.exe to an existing domain group >i get the >following error: > >[in usrgmr] >The following error occured changing the properies of the user xxx >User does not belong to this group > >[in smbd.logs] >smbldap-groupmod -m "xxx" group gave 0 >NT_STATUS_MEMBER_NOT_IN_GROUP >called ntsamr successfully > >the user is addedd to the group but the error message disturbs >our admins :( > >thx in advance > >-- >Michael Gasch >Max Planck Institute for Evolutionary Anthropology >Department of Human Evolution >Deutscher Platz 6 >D-04103 Leipzig >Germany > >Phone: 49 (0)341 - 3550 137 >-- >To unsubscribe from this list go to the following URL and read the >instructions: https://lists.samba.org/mailman/listinfo/samba > -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] weird problem with smbldap-tools and usrmgr.exe
hi folks, i hope you can help me!!! i'm using samba v3.0.14a (sernet) on debian sarge. openldap v2 is my backend, smbldap-tools 0.8.4 (patched for our organization). when adding a user via usrmgr.exe to an existing domain group i get the following error: [in usrgmr] The following error occured changing the properies of the user xxx User does not belong to this group [in smbd.logs] smbldap-groupmod -m "xxx" group gave 0 NT_STATUS_MEMBER_NOT_IN_GROUP called ntsamr successfully the user is addedd to the group but the error message disturbs our admins :( thx in advance -- Michael Gasch Max Planck Institute for Evolutionary Anthropology Department of Human Evolution Deutscher Platz 6 D-04103 Leipzig Germany Phone: 49 (0)341 - 3550 137 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Linux-Samba-Server
Dear Samba Team, I have got a question concerning your product. We are using an ADS-Domain on Win2k3 servers in our Company. Now we want to join several subdomains to the existing network environment. Therefor I would like to use a Samba-Server on a Linux-System configured as domain-controller for these subdomains. Do you have any expirience concerning this subject? Does the replication between the Windows- an Linux-DCs work? Before starting a big project it would be good to know if this intention is actually possible. Would be very nice if you could help me with that. -- Mit freundlichen Grüssen Martin Walter === PC-System und Netzwerkadministration Martin Walter, A454, SAMSON AG Weismuellerstrasse 3, 60314 Frankfurt Tel.: (+49) 69 40 09 -2093, Fax: (+49) 69 40 09 -1660 EMail: [EMAIL PROTECTED] E-Mail Zentralabteilung: [EMAIL PROTECTED] Homepage: http://www.samson.de === -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Why is netbios name duplicated on network after joining a samba domain?
Hi, I have a samba 3 PDC. My domain name is "expl.test.com". In smb.conf I set "WORKGROUP=EXPL" and "netbios name=EXPL". I can join a Windows XP client to the samba domain. But after rebooting the client machine to make changes effective, I get the error bellow: "Windows system error, A DUPLICATE NAME EXISTS ON THE NETWORK". Also, if I choose to log on to the domain from the client machine (after rebooting it), I get this error message: "The system cannot log you on now because the domain EXPL is not available". I changed the machine netbios name but the problem is still there. Would you please have any suggestion? Thanks ___ Appel audio GRATUIT partout dans le monde avec le nouveau Yahoo! Messenger Téléchargez cette version sur http://fr.messenger.yahoo.com -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Usermap not linking accounts
Hello @ll, I have recently installed a RHEL 4 system with the default samba packages : samba-common-3.0.10-1.4E samba-swat-3.0.10-1.4E samba-3.0.10-1.4E samba-client-3.0.10-1.4E Now I have successfully linked this server to our Windows domain. This means that all the windows IDs are known. Now we have our systems setup in away that only people with existing GNU&Linux accounts can have access to there home folders. This setup is configured and working on several other server RHEL3 and HP-UX11.11 servers. But on the RHEL4 the link to the existing Unix account seems to be broken? Also the GNU&Linux accounts have been setup by a NIS, in case this would be important. contents of the smb.conf, basic setup actually : [global] workgroup = realm = server string = CLearCase server security = DOMAIN auth methods = winbind obey pam restrictions = Yes password server = username map = /etc/opt/samba/smbusers log level = 3 log file = /var/log/samba/smbd.log max log size = 50 socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 dns proxy = No ldap ssl = no idmap uid = 1-2 idmap gid = 1-2 template shell = /bin/bash winbind separator = / winbind cache time = 10 winbind use default domain = Yes hosts allow = 192.168.1. [homes] comment = Home Directories path = %H read only = No [sharing] comment = File sharing area path = /home/sharing read only = No guest ok = Yes and the layout of the smbusers file is: LinuxAccount = DOMAIN\Windows.Account etc... also tried layout like this LinuxAccount = Windows.Account etc.. but no effect. Does anybody have any more ideas of what could be setup wrongly? Or is this related to a bug in samba? -- Kristof.Bruyninckx We are Microsoft. What you are experiencing is not a problem; it is an undocumented feature. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Can't validate [EMAIL PROTECTED] in Runas
A 17:48 28/07/2005 -0700, Linda W a écrit : >Thierry ITTY wrote: >> can you open a session on your machine with the username/domain you wish to >> "runas" ? >--- >This was a "semi"-yes. It couldn't find the profile for Home/Linda, so >said it would use the local profile -- then it said it couldn't find it, so it >logged me in to a temporary directory. My "home" directory was setup as >/// -- not //DOMAIN/. Despite unexpected location >for the home directory, it did allow me to log in with the Domain/User >credentials. > >It *may* be that I have drives mounted from the server and windows >generally complains about having more than 1 connection to a server >with different credentials (lame!?), but usually it says that's the >problem instead of giving a failure with with wrong user/password, >no? maybe if you access a share on a server as user1 and want to access another share on the same server as user2, windows complains that you can't use different credentials at the same time (error 1236 ? I think) thought this doesn't forbid you to have shares accessed as user1 and runas something as user2 the following works : open a session as user1, access a share, run cmd, then "net use" : you will see your share then runas "cmd" as user2. what will happen is that from user2's command prompt "net use" will show an empty list. but you'll be able to access the same or another share from there and "net use" will show it. user1 and user2 will access their shares each with their own credentials even on the same server the following doesn't work : open a session as user1, access a share (implicitely "as" user1), access a share as user2 on the same server (net use /user:...), this pops up the credentials error message I remember (?) that the program (bash ?) you want to exec is on a share then runas will set up user2's environment in which there are no shares (at least no one set up in user1's session) and thus thought "bash.exe" existed at the time "runas" was invoked, it didn't exist anymore when runas had to call it so the only solution I see is : open your session as user1, runas cmd as user2 (local program, no problem), access the share where bash is on, then run bash from the share >I was hoping to have "runas" act as something like a "su" in linux... I hoped this too a while ago the main difference in such situations is that linux (and other unices) sets up "shares" at the system level whereas windows sets them up at the user level hth -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba