Re: [Samba] Administrator-installed printers unavailable to regular users
On Thursday 11 August 2005 10:41 pm, jurgen wrote: Administrator can install a printer, but other users can't see it. Again, normal when installed as a "network printer". I don't understand why this worked before, then. If that was broken behaviour in NT Workstation, I want to find out how to break it again, because within the limits of NT, it was quite convenient. I want to confess that my info is based on 2k/xp systems. It has been very long since I've seen an NT system (outside of some old servers I still maintain but wouldn't want to breath on them for fear that they will croak before we are ready), and there are some details I just no longer remember (and it gets worse every year). So NT 4 (or is it 3.51? - I don't think anyone is still running something before that) may be different in this regard. I read somewhere that because NT installs printer drives into non-user-space, ordinary users aren't allowed to install drivers, no matter what the policy says. Of course that's contradicted by pages like this: http://www.windowsitlibrary.com/Content/121/18/2.htm Under 2k/xp the driver needs to be installed by an admin user (the first instance of the network printer) before the domain users can add their instances of the printer. You can tweak it by managing GPO/LGPO, yes, by default only Administrators can upload device drivers, but You can allow that thing for anyone. actually there're two bad solutions provided by Microsoft: 1) the need of uploading printer drivers at least once by Administrator 2) or the need to allow anyone to upload any driver. Isn't it time to update those workstations? Chris -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Replacing a PDC
On Wed, Aug 10, 2005 at 07:39:30PM +0100, Paul Furness wrote: > Hi. > > I'm having a helluva time trying to replace my Samba PDC machine with > new hardware, and I'd really appreciate some pointers about how I should > be doing it. I'm sorry, I wrote a lot of detail in this email - trying > to mention everything that might be relevant. > > Here's the detail: > > > I tried setting up the new server as a BDC, and joining the domain > (using 'net join'). I copied and edited the smb.conf file from the > working server, then copied over passdb.tdb and smbusers. I then used > 'net rpc getsid' to set the sid of the BDC and started smb. The new > machine thought that it was working fine as a BDC, but none of the > windows machines connected to it. I then stopped the PDC service, and > again none of the windows boxes could see any kind of domain controller > (even after rebooting them). Here I mis net getlocalsid [NAME]to get the SID for local name net setlocalsid SID to set the local domain SID > > > Any help appreciated. > > Paul. HTH Geert Stappers -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] smbldap-tools unresovled problem.
On Fri, Aug 12, 2005 at 08:10:29AM +0800, Chris Ong wrote: > Geoffrey Scott wrote: > >Is this on the command line? Because in the smb.conf this would be > >correct, > >as samba adds the necessary SambaSAMAccount attributes by itself. But if > >you are using the smbldap-tools on the command line you need to specify the > >"-a" option to have SambaSAMAccount attributes added. > It's in the smb.conf > As I use phpldapadmin to monitor the changes in the LDAP tree. It's sure > that it doesn't add the SambaSAMAccount attributes. Recently changed the LDAP master account passwd in phpldapadmin? Did you also update it the samba side? ( smbpasswd -w ) Cheers Geert Stappers -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Administrator-installed printers unavailable to regular users
Heya > Isn't it time to update those workstations? It has been for quite some time. :-/ If it weren't for our reliance on MS Access, they would already be running Linux, and this whole problem would be moot. But that's a topic for another list. :-) .jurgen -- [EMAIL PROTECTED] is jurgen's gmail address. Visit http://jurgen.ca/ for more yummy goodness. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Administrator-installed printers unavailable to regular users
On Thursday 11 August 2005 10:41 pm, jurgen wrote: > > > Administrator can install a printer, but other > > > users can't see it. > > > > Again, normal when installed as a "network printer". > > I don't understand why this worked before, then. If that was broken > behaviour in NT Workstation, I want to find out how to break it > again, because within the limits of NT, it was quite convenient. I want to confess that my info is based on 2k/xp systems. It has been very long since I've seen an NT system (outside of some old servers I still maintain but wouldn't want to breath on them for fear that they will croak before we are ready), and there are some details I just no longer remember (and it gets worse every year). So NT 4 (or is it 3.51? - I don't think anyone is still running something before that) may be different in this regard. > I read somewhere that because NT installs printer drives into > non-user-space, ordinary users aren't allowed to install drivers, no > matter what the policy says. Of course that's contradicted by pages > like this: http://www.windowsitlibrary.com/Content/121/18/2.htm Under 2k/xp the driver needs to be installed by an admin user (the first instance of the network printer) before the domain users can add their instances of the printer. Isn't it time to update those workstations? Chris -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: SuSE 9.3 + Samba 3 + LDAP
On Aug 12, 2005 07:36 AM, Robert Schetterer <[EMAIL PROTECTED]> wrote: >-BEGIN PGP SIGNED MESSAGE- >Hash: SHA1 > >Horst B. Simon schrieb: >| On Aug 11, 2005 10:35 AM, Geoffrey Scott <[EMAIL PROTECTED]> >wrote: >| >| >|>Horst B. Simon wrote: >|> >|>>Hi All, >|>> >|>>I have OX with Samba 3 and Ldap working fine, except that >workstation >|>>can not join the domain. When I try to join the domain I get >|>>following error message: The following error occurred attempting to >|>>join the domain. Can not find user name in Domain. But the user is >|>>there and it creates the computer in ou=computers in ldap. All users >|>>have no problems accessing the samba shares and using OX. Anyone in >|>>this group has successful joined a computer into ldap with OX and >|>>Samba3? >|>> >|>>Regards, >|>>Horst >|> >|>Horst, >|>Is the user either root account in LDAP or been given sepriveledges >|>as per chapter 5 of JHT example book? Does your smb.conf point to the >|>correct part of ldap for your users? Have nss and pam been configured >|>pointing correctly to where to the users are? Is the user that you >are >|>trying actually in that part of LDAP? Eg. You aren't trying to use: >|> >|>cn=Manager,dc=hsimon,dc=com,dc=au >|> >|>When your users are in : >|> >|>ou=Users,ou=OxObjects,dc=hsimon,dc=com,dc=au >|> >|>Are you? >|> >|>Cheers Geoff >|> >| >| Hi Geoff, >| >| I am not near the box now, I think you are on the right track. I will >| post tonight the relevant parts of my ldap.conf and smb.conf. Yes my >| binddn is uid=Manager,dc=hsimon,dc=com,dc=au and the user are in >| ou=Users,ou=OxObjects,dc=hsimon,dc=com,dc=au. I tried to use the root >| user and I set up a administrator according >| to the information in the IDEALX document. >| >| Cheers, >| Horst >| >| >i had problems too with suse 9.3 too with ldap samba pdc, at last i >could fix it an now it works but only with the idealx tool versions >included in the samba sources , the newer directly downloaded ( from >idealx )higher versions did not work. >I was never able to find out the exact problems ( but i think it was >some kind of perl trouble ) never had this probs before suse versions >lower than 9.3 >for more analysis what might gets you into trouble, look in your smb >logs >Regards > >- -- >Mit freundlichen Gruessen >Best Regards >Robert Schetterer > >robert_at_schetterer.org >Munich / Bavaria / Germany >https://www.schetterer.org > >** >* gnupgp >* public key: >* https://www.schetterer.org/public.key >** >-BEGIN PGP SIGNATURE- >Version: GnuPG v1.4.1 (MingW32) >Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org > >iD8DBQFC+8Tnb0iqzJq+0MgRAif0AJ9nw+/xKOPm6ABRBwdN2EpeMjaMAACfSYW5 >UOOR6n0JA5mFb7noX00IE40= >=7t2w >-END PGP SIGNATURE- Following are the lines from the clients samba log file. I don't know what to look for, does anyone with more samba knowledge see where it is going wrong? Thanks and Regards, Horst [2005/08/07 10:22:31, 3] smbd/sec_ctx.c:push_sec_ctx(256) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2005/08/07 10:22:31, 3] smbd/uid.c:push_conn_ctx(365) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2005/08/07 10:22:31, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2005/08/07 10:22:31, 3] smbd/sec_ctx.c:pop_sec_ctx(386) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2005/08/07 10:22:31, 3] auth/auth.c:check_ntlm_password(219) check_ntlm_password: Checking password for unmapped user [EMAIL PROTECTED] with the new password interface [2005/08/07 10:22:31, 3] auth/auth.c:check_ntlm_password(222) check_ntlm_password: mapped user is: [EMAIL PROTECTED] [2005/08/07 10:22:31, 3] smbd/sec_ctx.c:push_sec_ctx(256) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2005/08/07 10:22:31, 3] smbd/uid.c:push_conn_ctx(365) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2005/08/07 10:22:31, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2005/08/07 10:22:31, 2] lib/smbldap.c:smbldap_open_connection(692) smbldap_open_connection: connection opened [2005/08/07 10:22:31, 3] lib/smbldap.c:smbldap_connect_system(866) ldap_connect_system: succesful connection to the LDAP server ldap_connect_system: LDAP server does support paged results [2005/08/07 10:22:31, 2] passdb/pdb_ldap.c:init_sam_from_ldap(499) init_sam_from_ldap: Entry found for user: root [2005/08/07 10:22:31, 3] smbd/sec_ctx.c:pop_sec_ctx(386) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2005/08/07 10:22:31, 3] smbd/sec_ctx.c:push_sec_ctx(256) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2005/08/07 10:22:31, 3] smbd/uid.c:push_conn_ctx(365) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2005/08/07 10:22:31, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2005/08/07 10:22:31, 3] smbd/sec_ctx.c:push_sec_ctx(256) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 [2005/08/07 10:22:31, 3] smbd/uid.c:push_conn_ctx(365) push_conn_ctx(0) : conn_ctx_stack
Re: [Samba] Administrator-installed printers unavailable to regular users
Hi, Thanks for your help so far. > You can install the remote printer as a local printer by choosing > "Local" in the wizard and using the UNC path to the device > (\\servername\printer_share_name). I tried this, thinking it could at least solve the problem in the short term, but I can't see anything in "Local" to enter a UNC path. XP/2000 have that option, as I recall, but NT Workstation doesn't. > I think "net groupmap cleanup" can clean that up. It did, but it also deleted a few groups I needed! Luckily, it reported exactly what it was doing, so I was able to put them back. > Group policy can prevent install and delete of printers, you may want to > examine the settings. I read somewhere that because NT installs printer drives into non-user-space, ordinary users aren't allowed to install drivers, no matter what the policy says. Of course that's contradicted by pages like this: http://www.windowsitlibrary.com/Content/121/18/2.html that suggest changing a value in the registry will allow anyone to install drivers. Changing that value doesn't change anything though. Poledit on NT with the default templates doesn't mention anything about installing printer drivers either. > > Administrator can install a printer, but other > > users can't see it. > > Again, normal when installed as a "network printer". I don't understand why this worked before, then. If that was broken behaviour in NT Workstation, I want to find out how to break it again, because within the limits of NT, it was quite convenient. ..jurgen -- [EMAIL PROTECTED] is jurgen's gmail address. Visit http://jurgen.ca/ for more yummy goodness. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Migrated fine except passwords
Kevin B wrote: >> Kevin B wrote: > The effect of this was the user could see their home directory [so > they did auth propery with CRYPT] but they could not connect to > their own home directory as it was 'owned' by some other uid. So I > removed everything including the /home directories and now they > connect. I'm not sure why a password reset with SSHA did anything but > it's all good now running with CRYPT. > > Thanks for the info and the prompt reply. > > Kevin B I would say that you are better off using MD5. Most service just work with it. Cheers GS -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Migrated fine except passwords
> Kevin B wrote: >> Hello, > >> We couldn't connect to the server as any user from client PC's. >> The smbldaptools were set to use SSHA encryption for password >> attribute but phpldapadmin showed the passwords as CRYPT with only 8 >> chars for all users. I suspect the passwords never came over. In my >> previous lab, the passwords migrated as SSHA encryption and worked >> fine. > > You know that no POSIX passwd info will come over don't you? To do that > the > samba passwd stuff would have to be cracked ond then put into SSHA or MD5 > format. Which the tools don't do. So you will only get the samba passwd > and then if you are wanting to use other linux services that require POSIX > passwords you will need to use some of the password sync option s in > smb.conf. > > Cheers GS Hello I dodn't know that. What I discovered later on was that when I originally migrated, I had some errors getting groups to come over. So I removed all of the .tdb and .dat files and deleted the ldap files to start over with everything neat and tidy. I fixed the errors and the migration looked perfect. What I didn't do was remove all of the users home directories. When I vampired the second time, I rec'd no errors but the uid mappings on the filesystem in were all messed up. I didn't see that untill a couple of hours later. The effect of this was the user could see their home directory [so they did auth propery with CRYPT] but they could not connect to their own home directory as it was 'owned' by some other uid. So I removed everything including the /home directories and now they connect. I'm not sure why a password reset with SSHA did anything but it's all good now running with CRYPT. Thanks for the info and the prompt reply. Kevin B -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Cross-subnet browsing...AGAIN!!!
Robin Bowes wrote: If I browse to My Network Places\Microsoft Windows Network\Home on each of the XP machines, here's what I see under Home on each machine: Tosh2: Tosh2 All shares on Dude under My Network Places Batmobile: Batmobile, Dude Tosh: Batmobile, Dude Some shares on Dude under My Network Places Some shares on Batmobile under My Network Places What I don't understand is: 1. Why can't I see Tosh from Batmobile? 2. Why can't I see Tosh from Tosh ??!! 3. Why can't I see Tosh, Batmobile, or Dude from Tosh2? 4. Why can't I see Tosh2 from Tosh, Batmobile, or Dude? Name resolution appears to be working (I can ping tosh|tosh2|batmobile|dude from tosh|tosh2|batmobile|dude) Am I missing something? Tosh can't see Tosh because file sharing is turned off on Tosh? All the XP machines are pointing to 192.168.1.5 for wins? All the 192.168.1 machines have a route to 192.168.4 ? Regards, Doug -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] net ads join on AIX 5.2 - Mission Impossible ?
[EMAIL PROTECTED] wrote: Hi all, is it possible at all to get Samba 3 on AIX 5.2 to join a Win 2003 > Domain natively ? All the precompiled versions do not have AD Support > and having AIX krb5 installed (let alone using --with-ads)is enough to make a compile run fail - both 3.0.14 and 3.0.20rc2. Might Heimdal solve this ? Has ANYONE got a working installation ? Solving this would make quite a difference to my current life, so any advice would be appreciated. Yeah. Been there. Done that. AIX 5.2, samba 3.0.14 I went the route of installing the linux affinity toolkit. Used gcc to compile. Use at least gcc 3.x http://aixpdslib.seas.ucla.edu/index.html has a good gcc. Compiled and installed openldap to /usr/local/openldap just to link against samba. Compiled and installed Kerberos to /usr/local using rpm so if IBM ever got the development files up to speed it would be easy to uninstall & switch back. At the time, last year, IBM Kerberos didn't support rc4-hmac either. In configure use CPFLAGS, CPPFLAGS, & LDFLAGS to insure the paths picked the homebrew versions. I had a special account to log in where LIBPATH and PATH would pickup the homebrew and linux affinity directories before the system ones. When I was done, not only did samba work in "ADS = security" mode, but I could use the kerberos utilities natively with the MS AD as the key distribution center. I had to turn off sendfile because, although the test machine worked fine, the production machine ran out of file handles about 3 hours into the workday. Couldn't even reboot cleanly. Total lockup. That was several months ago, maybe rc20 fixes that. I wouldn't know. Never figured how to simulate the load on the development machine. I set "winbind trusted domains only = yes" because I had NIS and an identical user name correspondence between windows and unix. Used idmap_ad before it was rolled into the distribution for winbindd resolution. Didn't test other modes. Regards, Doug -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Administrator-installed printers unavailable to regular users
On Thursday 11 August 2005 08:31 pm, jurgen wrote: > I should have been more clear about how the administrator installs > printers to the workstations. They're installed via the "Add Printer" > Wizard. Selecting "Network printer", navigating to the server, and > picking the printer. It asks for a driver, which is manually > installed. The printer is now available to anyone using the machine. Your last sentence is incorrect (as you too clearly know) - network printers are installed per user, not per machine; this is normal. You can install the remote printer as a local printer by choosing "Local" in the wizard and using the UNC path to the device (\\servername\printer_share_name). > Hmm. Yes and no. That's a bit strange. There are two "Domain Users" > groups, and only one is mapped properly: I think "net groupmap cleanup" can clean that up. I think the dup groups should not exist. > A regular user (member of Domain Users) gets a "Can't install printer > because you don't have enough privileges to install a driver into > this machine" error. Group policy can prevent install and delete of printers, you may want to examine the settings. > Administrator can install a printer, but other > users can't see it. Again, normal when installed as a "network printer". Chris -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Administrator-installed printers unavailable to regular users
Hi, > In the wonderful world of Windows you can install a network printer as a > "local" printer. This may have been what you did previously. I should have been more clear about how the administrator installs printers to the workstations. They're installed via the "Add Printer" Wizard. Selecting "Network printer", navigating to the server, and picking the printer. It asks for a driver, which is manually installed. The printer is now available to anyone using the machine. > Normally you would get a message if the proper driver wasn't available. > Are the users added to the mapped Domain Users group? Hmm. Yes and no. That's a bit strange. There are two "Domain Users" groups, and only one is mapped properly: yarra# net groupmap list System Operators (S-1-5-32-549) -> -1 Replicators (S-1-5-32-552) -> -1 Guests (S-1-5-32-546) -> -1 Domain Print Operators (S-1-5-21-1073446153-1192918827-1877560073-550) -> mc_user Domain Users (S-1-5-21-1752829885-2314611046-3909587037-513) -> mc_user Admin Support (S-1-5-21-1752829885-2314611046-3909587037-2249) -> mc_adminsupport Power Users (S-1-5-32-547) -> -1 Print Operators (S-1-5-32-550) -> mc_user Administrators (S-1-5-32-544) -> -1 Domain Users (S-1-5-21-3126122381-2164987421-561208686-513) -> -1 Domain Admins (S-1-5-21-3126122381-2164987421-561208686-512) -> -1 Account Operators (S-1-5-32-548) -> -1 Domain Guests (S-1-5-21-3126122381-2164987421-561208686-514) -> -1 Domain Guests (S-1-5-21-1752829885-2314611046-3909587037-514) -> -1 Management (S-1-5-21-1752829885-2314611046-3909587037-3177) -> mc_management Domain Admins (S-1-5-21-1752829885-2314611046-3909587037-512) -> wheel Backup Operators (S-1-5-32-551) -> -1 Users (S-1-5-32-545) -> -1 That might be it. I've just: net groupmap modify sid=S-1-5-21-3126122381-2164987421-561208686-513 unixgroup=mc_user type=domain to the second Domain Users, but nothing changes. A regular user (member of Domain Users) gets a "Can't install printer because you don't have enough privileges to install a driver into this machine" error. Administrator can install a printer, but other users can't see it. Even after the Administrator installs a printer (assuming that installs the driver into the local PC), regular users can't install the printer, with the same privilege error. Very confusing. ..jurgen -- [EMAIL PROTECTED] is jurgen's gmail address. Visit http://jurgen.ca/ for more yummy goodness. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: Still having samba join domain problems (solved!)
OK, I switched from storing the next available uidNumber and gidNumber in the sambaDomainName object and put them into the old way of doing it - putting them in cn=NextFreeUnixId. Now I can join machines to the domain. Actually what put me on the right path was the suggestion that it was a schema problem. Well, looking at the Netscape DS5 schema it hasn't been updated since January, and Im pretty sure storing them in sambaDomainName is newer than that. So - yay! Thanks for the help guys! Tony -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] smbldap-tools unresovled problem.
Geoffrey Scott wrote: Is this on the command line? Because in the smb.conf this would be correct, as samba adds the necessary SambaSAMAccount attributes by itself. But if you are using the smbldap-tools on the command line you need to specify the "-a" option to have SambaSAMAccount attributes added. It's in the smb.conf As I use phpldapadmin to monitor the changes in the LDAP tree. It's sure that it doesn't add the SambaSAMAccount attributes. -- Regards, C. K. Ong (Chris) Linux System Engineer, RHCT Cert No: 603004347692007 http://www.redhat.com/rhce/rhce603004347692007.html My Directory Sdn. Bhd. Your Open Source Partner. http://www.md.com.my http://www.net.my 2005 --- After watching Gentoo in Antartica, I decided to go home with RedHat on my head. --- * **POWERED BY BYNARI INSIGHT SERVER* * * The Enterprise Email Server That Rocks! * * -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] smbldap-tools unresovled problem.
Chris Ong wrote: > smbldap-useradd -w "%u" will add a workstation account to the LDAP > tree with all POSIX attribute but without all the SambaSAMAccount > attribute. Is this on the command line? Because in the smb.conf this would be correct, as samba adds the necessary SambaSAMAccount attributes by itself. But if you are using the smbldap-tools on the command line you need to specify the "-a" option to have SambaSAMAccount attributes added. Eg: -a is a Windows User (otherwise, Posix stuff only) Regards Geoff -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Migrated fine except passwords
Kevin B wrote: > Hello, > We couldn't connect to the server as any user from client PC's. > The smbldaptools were set to use SSHA encryption for password > attribute but phpldapadmin showed the passwords as CRYPT with only 8 > chars for all users. I suspect the passwords never came over. In my > previous lab, the passwords migrated as SSHA encryption and worked > fine. You know that no POSIX passwd info will come over don't you? To do that the samba passwd stuff would have to be cracked ond then put into SSHA or MD5 format. Which the tools don't do. So you will only get the samba passwd and then if you are wanting to use other linux services that require POSIX passwords you will need to use some of the password sync option s in smb.conf. Cheers GS -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Permissions not recursive on win2K?
Way back on Mar 10 2004, I wrote this: == Perhaps this is a known problem, and if so, hopefully it is fixed in 3.x: Win2K SP4 clients, Samba 2.2.8a servers on Linux using ACL support with XFS filesystem (Redhat SGI-XFS build, and Mandrake 9.2). Adding/editing an ACL for an NT domain group (or user) to a folder on samba, and attempting to apply permissions to all subdirs and files only goes one level deep when using the win2k standard gui tool. ie: Only ACLS for the selected folder and files in top level are touched. Problem does not occur when using an NT4 client. Interestingly, using the NT4 security dialog on win2k (by way of the RSHXMENU powertoy for NT) works fine on win2K. Is this a known issue? I can provide conf and debug output if necessary, but I assumed someone else must have seen this already (and fixed it? :-) == Then, I got this reply: >On 24 Mar 2004 at 9:13, Gerald (Jerry) Carter wrote: > > Yup. It is fixed in 3.0 what what I remember. Jeremy worked on it. Eventually I got around to upgrading the affected servers to 3.0.11, but the problem persists, and I didn't have time to dig into it. Now I need to replace two samba servers, and would like to resolve this issue. I've now read the release notes from 3.0.12 to 3.0.20RC2 and couldn't find mention of a fix. Any ideas? Shawn Wright, I.T. Manager Shawnigan Lake School [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
R: [Samba] Problem logon from a Windows Server 2003 by a RDPConnection
Has anyone come up with a solution to this? I'm preparing to set up a Win2K3 Terminal Server on a Samba-3 domain. I noticed at least two people with this same issue, but so far no documented solution. Samba-3 on CentOS 4.1 comes with a Windows registry hack that seems to allow multiple users to each have their own connections, but that is the absolute extent of the documentation. It doesn't indicate which version of Windows Server it's intended for, or if it's intended for a Samba PDC. Is that registry hack the solution to this problem? Thanks! Calvin -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] network drive display
Hello -- I am running a samba PDC server (samba 3.0.14a). Windows XP clients can join the domain successfully. The network drive shows on clients' "my computer' as "UserName on 'Samba 3.0.14a (ServerName)' (Z:)". I would like to have it shown just simply as "Z:" . How can I do this? Thanks, --Taolizhong - Start your day with Yahoo! - make it your home page -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] vfs module license particulars
On Thu, Aug 11, 2005 at 10:44:27AM -0700, Jeremy Drake wrote: > > OK, let's try a slightly different question/approach. If I, as a random > samba user interested in such a thing, wanted to write an oracle vfs > module such as described in the original quote, and I released this vfs > code under the gpl, would this be allowed? The library for calling into > oracle is proprietary, as is oracle itself, but the logic for mapping an > oracle db into a filesystem-like structure would be contained in the vfs > and thus gpl. I find it hard to believe that someone who uses oracle and > uses samba, and would like to interface them and distribute an open source > work could not do so due to mis-matching between the oracle license and > the gpl. An example of such a thing is pam_oci8, which is a GPL module > which (indirectly) links against OCI. It's probably in violation, but the writer and distributor is not in violation - the user who links the two together is. I told you it was complicated :-). IANAL - this is similar to the NVidia case, where NVidia is not in violation as they don't ship Linux, but people who ship the Linux kernel + the NVidia driver probably are. Jeremy. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: SuSE 9.3 + Samba 3 + LDAP
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Horst B. Simon schrieb: | On Aug 11, 2005 10:35 AM, Geoffrey Scott <[EMAIL PROTECTED]> wrote: | | |>Horst B. Simon wrote: |> |>>Hi All, |>> |>>I have OX with Samba 3 and Ldap working fine, except that workstation |>>can not join the domain. When I try to join the domain I get |>>following error message: The following error occurred attempting to |>>join the domain. Can not find user name in Domain. But the user is |>>there and it creates the computer in ou=computers in ldap. All users |>>have no problems accessing the samba shares and using OX. Anyone in |>>this group has successful joined a computer into ldap with OX and |>>Samba3? |>> |>>Regards, |>>Horst |> |>Horst, |>Is the user either root account in LDAP or been given sepriveledges |>as per chapter 5 of JHT example book? Does your smb.conf point to the |>correct part of ldap for your users? Have nss and pam been configured |>pointing correctly to where to the users are? Is the user that you are |>trying actually in that part of LDAP? Eg. You aren't trying to use: |> |>cn=Manager,dc=hsimon,dc=com,dc=au |> |>When your users are in : |> |>ou=Users,ou=OxObjects,dc=hsimon,dc=com,dc=au |> |>Are you? |> |>Cheers Geoff |> | | Hi Geoff, | | I am not near the box now, I think you are on the right track. I will | post tonight the relevant parts of my ldap.conf and smb.conf. Yes my | binddn is uid=Manager,dc=hsimon,dc=com,dc=au and the user are in | ou=Users,ou=OxObjects,dc=hsimon,dc=com,dc=au. I tried to use the root | user and I set up a administrator according | to the information in the IDEALX document. | | Cheers, | Horst | | i had problems too with suse 9.3 too with ldap samba pdc, at last i could fix it an now it works but only with the idealx tool versions included in the samba sources , the newer directly downloaded ( from idealx )higher versions did not work. I was never able to find out the exact problems ( but i think it was some kind of perl trouble ) never had this probs before suse versions lower than 9.3 for more analysis what might gets you into trouble, look in your smb logs Regards - -- Mit freundlichen Gruessen Best Regards Robert Schetterer robert_at_schetterer.org Munich / Bavaria / Germany https://www.schetterer.org \** \* gnupgp \* public key: \* https://www.schetterer.org/public.key \** -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.1 (MingW32) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFC+8Tnb0iqzJq+0MgRAif0AJ9nw+/xKOPm6ABRBwdN2EpeMjaMAACfSYW5 UOOR6n0JA5mFb7noX00IE40= =7t2w -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] net ads join on AIX 5.2 - Mission Impossible ?
Hi all, is it possible at all to get Samba 3 on AIX 5.2 to join a Win 2003 Domain natively ? All the precompiled versions do not have AD Support and having AIX krb5 installed (let alone using --with-ads)is enough to make a compile run fail - both 3.0.14 and 3.0.20rc2. Might Heimdal solve this ? Has ANYONE got a working installation ? Solving this would make quite a difference to my current life, so any advice would be appreciated. TIA & regards Dan -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Migrated fine except passwords
Hello, I migrated 140 users and computer accounts from NT4 to Samba 3.0.14 with ldap today. Smbldap-tools are the latest stable version from tarball. No errors during vampire and everyone came over and the groups and group memberships populated fine. We couldn't connect to the server as any user from client PC's. The smbldaptools were set to use SSHA encryption for password attribute but phpldapadmin showed the passwords as CRYPT with only 8 chars for all users. I suspect the passwords never came over. In my previous lab, the passwords migrated as SSHA encryption and worked fine. I used smbldap-passwd to reset the password for one of the users and it shows it is now SSHA and phpldapadmin lets me confirm the password. Remote MS and Linux clients can now connect with the reset password. I can reset all the user passwords manually but wonder what I may have missed. TIA Kevin [global] unix charset = LOCALE workgroup = GDAY netbios name = GDAY1 server string = GDAY1 encrypt passwords = Yes username map = /etc/samba/smbusers log level = 0 syslog = 0 os level = 35 passdb backend = ldapsam:ldap://localhost add user script = /usr/local/sbin/smbldap-useradd -m '%u' #delete user script = /usr/local/sbin/smbldap-userdel '%u' add group script = /usr/local/sbin/smbldap-groupadd '%g' #delete group script = /usr/local/sbin/smbldap-groupdel '%g' add user to group script = /usr/local/sbin/smbldap-groupmod -m '%u' '%g' #delete user from group script = /usr/local/sbin/smbldap-groupmod -x '%u' '%g' set primary group script = /usr/local/sbin/smbldap-usermod -g '%g' '%u' add machine script = /usr/local/sbin/smbldap-useradd -w '%u' domain logons = yes preferred master = no domain master = no ldap suffix = dc=domain,dc=net ldap machine suffix = ou=People ldap user suffix = ou=People ldap group suffix = ou=Groups ldap idmap suffix = ou=Idmap ldap admin dn = cn=admin,dc=domain,dc=net ldap ssl = no idmap uid = 1-2 idmap gid = 1-2 logon path = logon drive = H: wins support = yes [homes] comment = Home Directories valid users = %S read only = no browseable = no -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] ACLs - backup and restore
Have you checked on the home page? This link specifies hints for using Star and ACL support: http://cdrecord.berlios.de/old/private/star-acl.html Felipe wrote: Thanks for the link, Lee. I'm testing "star" but I didn't find many informations about it.. I used this way to backup my files: [EMAIL PROTECTED] shares]# star -c -Hexustar -acl -C /home/shares/data/ . f=/home/tmp/backup2.tgz star: 2 blocks + 0 bytes (total of 20480 bytes = 20.00k). And this way to restore: [EMAIL PROTECTED] shares]# star -xp -acl -C /home/shares/data/ f=/home/tmp/backup2.tgz star: current './' newer. star: current 'publica/' newer. star: current 'felipe/' newer. star: current 'felipe/teste/' newer. star: current 'felipe/teste.txt' newer. star: current 'felipe/aazevedo/' newer. star: 2 blocks + 0 bytes (total of 20480 bytes = 20.00k). But it didn't restore the acls of my files and folders.. Do anybody know what I'm doing wrong? thanks! regards, Felipe. 2005/8/10, Lee Ball <[EMAIL PROTECTED]>: Try using star (http://freshmeat.net/projects/star/) it supports ACLs whereas tar doesn't. Felipe wrote: Hi all, How is the best way to perform backups of my files witch has acls in order to don't lose then when I need to recover some file or folder? Is there anybody here who has problems of losing acls when backup files and restore? thanks! Felipe. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba 3.0.14a Not restoring connections - Help ??
On Thursday 11 August 2005 04:20 pm, Todd Johnson wrote: > When our users log off for the evening and log back in in the > morning they are having to re-enter the SMB password for the network > shares they had saved when mapping them. In the past when the local > username and password matched the smbpasswd file then all connections > restored w/o a hitch. Its now not working. > > [global] > netbios name = woot > local master = yes > preferred master = no > workgroup = DNR > interfaces = 146.63.45.22 > lock directory = /var/lock/samba > os level = 62 > remote announce = 146.63.45..255 > security = user > password level = 20 > encrypt passwords = no > smb passwd file = /etc/samba/private/smbpasswd Not that it should matter but I would be inclined to leave "preferred master" out so it can default to auto. Also would question the use of non-encrypted passwords. Also "remote announce" seems unnecessary here (but I don't know your subnet mask), you wouldn't need it if this is the same subnet that this interface is on. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Can't open files
Hi List, sorry for my bad English.. I got a problem with opening some files from an Samba Server 3.0.13 I can't open compiled Windows help files ( .chm) Some other files too. When i open this files from a Windows Server, i got no Problem. Maybe misconfigured? Give for that a parameter? I found nothing in the man pages or Readme's Frank -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Slow sequential write on Samba drive
Jeremy Allison wrote: Firstly I need to reproduce the problem. I haven't been able to do that using a simple "copy XX n:\XX" command or using Windows explorer cut and paste. Once I get my XP vmware session to reproduce the behaviour I can start to experiment with fixing the problem. *Exactly* what are you doing to see this problem/SMB traffic pattern from an XP client ? All I am doing is running the evaluation version of PerformanceTest V5.0 that I downloaded from http://www.passmark.com/. I go to Edit / Preferences on the windows app, select my network mapped disk drive, leave the test duration as 3 secs and number of processes as 1, and then go to Tests / Disk and select the "All" option to test sequential read, write and random seek + RW. When I do this it takes a lot longer than 3 seconds, and my smbd process on the server hovers around 10% cpu usage for several seconds, then heads up to 95-99% and stays there for what appears to be the duration of the write test. During this time there is no other activities going on on the machine. The Sequential Write portion of the test lasts a very long time - around 30 or 40 minutes. The reason why I'm doing this test is that I've observed that working with this networked drive from a winxp client "seems slow", so I'm trying to benchmark the performance so I can identify where the problem is and determine if any "fixes" I do have made anything better. I'm using an out-of-the-box FC3 system (2.6.9-1.667), and samba 3.0.14a-1. Samba config file I sent in on the initial post. I do not notice any slowness over nfs. However, that was why I was wondering if there are some linux benchmarking tools that I should try using to get more information on this problem. Thanks, Don -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba - XP performance problem
On Thu, Aug 11, 2005 at 12:39:55PM -0700, Jeremy Allison wrote: > > Ok, I'm using the "disk test" part of www.passmark.com and can reproduce > the "1 byte write every 64k followed by a qfilinfo" call against Samba, > latest SVN code - but it also does the same against my Windows 2003 SP1 > server Looking closely, the "disk test" here does the 1 byte per 32k write until it's set the "full size" for the test - then does writes. The "full size" for the test seems to be related to the size of the underlying disk you're testing. I don't see a difference in behaviour between Samba3 and W2K3 here with an XP client. Jeremy. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Network Map, query and log problem
Hello Friends, I have a lot of small problems with a Samba Server and I would like some help please ! About my network --- - Server Samba version 3.0.10-1.fc2 - The Samba server uses NIS to maintain the users account and I just need to create the samba users (smbpasswd -a user) - There is an entry in the /etc/passwd for each cliente machine (machine account) - The machine are created in the Samba (machine account) - The client machines are W2000 loging in the domain. Problem 01 - The client machines were added to the domain, however the users home directories are not automatically mapped on logon, each user have to map it by hand (with: net use U: \\myserver\userhome) If I create a new user in the server (in the local /etc/passwd and samba) the home directory is automatically mapped in the logon, the map problem occurs only with NIS users Problem 02 - When trying to use the name resolution the server queries only by broadcasting in my network, the clients machine names are in the /etc/hosts and /etc/samba/lmhosts files however these files are not consulted by nmbd How do I tell samba to look in lmhosts and hosts files instead of use broadcast ? # nmblookup client01 querying client01 on 192.168.1.127 ( The machines are in a subnet with mask 255.255.255.192 ) Problem 03 --- The log files always have the machine and machine ip lognames format e.g. cliente01.log and 192.168.1.100.log Is possible to say to samba do not log in IP log names format ? Below my smb.conf file [global] local master = yes domain master = yes preferred master = yes wins support = yes name resolve order = lmhosts hosts wins bcast encrypt passwords = yes share modes = no security = user workgroup = mylab os level = 65 netbios name = myserver server string = Samba File Server domain logons = yes logon drive = U: logon script = /etc/samba/logon/login.bat logon home = \\%L\%U load printers = yes printing = cups printcap name = cups use client driver = yes log file = /var/log/samba/%m.log max log size = 50 socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 unix charset = iso8859-1 display charset = cp850 null passwords = no smb passwd file = /etc/samba/smbpasswd [homes] comment = Users Home browseable = no writable = yes follow symlinks = no hide dot files = yes hide unreadable = yes [NETLOGON] comment = domain logon service path = /etc/samba/logon public = yes writeable = no browseable = no [printers] comment = All Printers path = /var/spool/samba browseable = no guest ok = no writable = no printable = yes Regards Claudemir F. Martins -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Samba 3.0.14a Not restoring connections - Help ??
Hello- When our users log off for the evening and log back in in the morning they are having to re-enter the SMB password for the network shares they had saved when mapping them. In the past when the local username and password matched the smbpasswd file then all connections restored w/o a hitch. Its now not working. Can anyone tell me what I am doing wrong? Below is my small smb.conf file global settings [global] netbios name = woot local master = yes preferred master = no workgroup = DNR interfaces = 146.63.45.22 lock directory = /var/lock/samba os level = 62 remote announce = 146.63.45..255 security = user password level = 20 encrypt passwords = no smb passwd file = /etc/samba/private/smbpasswd -- Thank you Todd Johnson == Todd Johnson State of Alaska Dept. of Natural Resources Computer Information Center MicroComputer/Network Specialist (907) 269-8831 (907) 269-8920 FAX [EMAIL PROTECTED] == -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] ACLs - backup and restore
Thanks for the link, Lee. I'm testing "star" but I didn't find many informations about it.. I used this way to backup my files: [EMAIL PROTECTED] shares]# star -c -Hexustar -acl -C /home/shares/data/ . f=/home/tmp/backup2.tgz star: 2 blocks + 0 bytes (total of 20480 bytes = 20.00k). And this way to restore: [EMAIL PROTECTED] shares]# star -xp -acl -C /home/shares/data/ f=/home/tmp/backup2.tgz star: current './' newer. star: current 'publica/' newer. star: current 'felipe/' newer. star: current 'felipe/teste/' newer. star: current 'felipe/teste.txt' newer. star: current 'felipe/aazevedo/' newer. star: 2 blocks + 0 bytes (total of 20480 bytes = 20.00k). But it didn't restore the acls of my files and folders.. Do anybody know what I'm doing wrong? thanks! regards, Felipe. 2005/8/10, Lee Ball <[EMAIL PROTECTED]>: > Try using star (http://freshmeat.net/projects/star/) it supports ACLs > whereas tar doesn't. > > Felipe wrote: > > Hi all, > > > > How is the best way to perform backups of my files witch has acls in > > order to don't lose then when I need to recover some file or folder? > > > > Is there anybody here who has problems of losing acls when backup > > files and restore? > > > > thanks! > > Felipe. > -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba - XP performance problem
On Wed, Aug 10, 2005 at 11:05:06AM +0200, David Beck wrote: > Thank you for the suggestion. I'll keep the info for reference. > > Followup for the performance issue: > > The trace shows that the conversation changes right after the "trans2: > query file info internal" stage, so I looked into the samba code at this > file: > > http://websvn.samba.org/cgi-bin/viewcvs.cgi/branches/SAMBA_3_0/source/smbd/trans2.c?rev=8959&view=markup > > case SMB_FILE_INTERNAL_INFORMATION: > /* This should be an index number - looks like > dev/ino to me :-) > > I think this causes us to fail the IFSKIT > BasicFileInformationTest. -tpot */ > > DEBUG(10,("call_trans2qfilepathinfo: > SMB_FILE_INTERNAL_INFORMATION\n")); > SIVAL(pdata,0,sbuf.st_dev); > SIVAL(pdata,4,sbuf.st_ino); > data_size = 8; > break; > > The comment speaks for itself. I suspect the 8 byte here contains some > magic that makes XP behaves as I found. > > I made an other experiment: I turned off the oplock support ("Oplocks = > No") and this made XP behave like if it was talking to a Windows server. > No extra tran2 calls and 1 byte writes. The performance got better > because the slowdowns disappeared, but it was still slower compared to > the windows machine. Ok, I'm using the "disk test" part of www.passmark.com and can reproduce the "1 byte write every 64k followed by a qfilinfo" call against Samba, latest SVN code - but it also does the same against my Windows 2003 SP1 server BTW: - just using a cmd.exe prompt "COPY" command or using cut and paste from a Windows explorer Windows doesn't reproduce this problem, that writes completely normally. What Windows server are you using ? It looks like a reported allocation issue to me - but I'm still trying to understand what triggers this behaviour in the client ? Jeremy. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Network Map, query and log problem
Hello Friends, I have a lot of small problems with a Samba Server and I would like some help please ! About my network --- - Server Samba version 3.0.10-1.fc2 - The Samba server uses NIS to maintain the users account and I just need to create the samba users (smbpasswd -a user) - There is an entry in the /etc/passwd for each cliente machine (machine account) - The machine are created in the Samba (machine account) - The client machines are W2000 loging in the domain. Problem 01 - The client machines were added to the domain, however the users home directories are not automatically mapped on logon, each user have to map it by hand (with: net use U: \\myserver\userhome) If I create a new user in the server (in the local /etc/passwd and samba) the home directory is automatically mapped in the logon, the map problem occurs only with NIS users Problem 02 - When trying to use the name resolution the server queries only by broadcasting in my network, the clients machine names are in the /etc/hosts and /etc/samba/lmhosts files however these files are not consulted by nmbd How do I tell samba to look in lmhosts and hosts files instead of use broadcast ? # nmblookup client01 querying client01 on 192.168.1.127 ( The machines are in a subnet with mask 255.255.255.192 ) Problem 03 --- The log files always have the machine and machine ip lognames format e.g. cliente01.log and 192.168.1.100.log Is possible to say to samba do not log in IP log names format ? Below my smb.conf file [global] local master = yes domain master = yes preferred master = yes wins support = yes name resolve order = lmhosts hosts wins bcast encrypt passwords = yes share modes = no security = user workgroup = mylab os level = 65 netbios name = myserver server string = Samba File Server domain logons = yes logon drive = U: logon script = /etc/samba/logon/login.bat logon home = \\%L\%U load printers = yes printing = cups printcap name = cups use client driver = yes log file = /var/log/samba/%m.log max log size = 50 socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 unix charset = iso8859-1 display charset = cp850 null passwords = no smb passwd file = /etc/samba/smbpasswd [homes] comment = Users Home browseable = no writable = yes follow symlinks = no hide dot files = yes hide unreadable = yes [NETLOGON] comment = domain logon service path = /etc/samba/logon public = yes writeable = no browseable = no [printers] comment = All Printers path = /var/spool/samba browseable = no guest ok = no writable = no printable = yes Regards Claudemir F. Martins -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Slow sequential write on Samba drive
On Thu, Aug 11, 2005 at 10:17:53AM -0700, Don wrote: > Jeremy, do you have any advice for me? I saw on an earlier post that > you were at LinuxWorld so maybe you don't have time right at the moment > to look at this problem... > > I saw a recent posting about "smbtorture.c" but couldn't find it on the > ftp site. Does anyone have suggestions for a SMB testing/benchmarking > program, especially one that can run under both windows and linux? Firstly I need to reproduce the problem. I haven't been able to do that using a simple "copy XX n:\XX" command or using Windows explorer cut and paste. Once I get my XP vmware session to reproduce the behaviour I can start to experiment with fixing the problem. *Exactly* what are you doing to see this problem/SMB traffic pattern from an XP client ? Jeremy. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba - XP performance problem
On Wed, Aug 10, 2005 at 11:05:06AM +0200, David Beck wrote: > >> > >>After spending a lot of time with investigation I decided to go > >>deeper in this issue. I installed ethereal to capture the traffic and > >>compare the results bw XP-Windows and XP-Tru64. The test was to copy > >>50Meg file to both servers and capture the packets. To my surprise > >>the conversation was quite different. > >> > >>XP-Windows (excerpt): > >>- nt create and x > >>- trans2: query file info internal > >>- set file info > >>- tcp data stream... > >> > >>XP-Samba (excerpt): > >>- nt create and x > >>- trans2: query file info internal > >>- (query file info + write and x request) many times, incresing > >>offset, one byte length > >>- tcp data stream > >> > >>In case of XP-Samba, the last two steps are repeated many times. > >>Large part of the effective bandwith is filled with query file info > >>and 1 byte writes. I can't reproduce this on my XP vmware session. *exactly* how are you getting this traffic pattern ? Jeremy. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] kerberos_kinit_password host/[EMAIL PROTECTED] failed: Client not found in Kerberos database
I'm using Solaris 8, samba 3, kerberos and openldap. I'm anexing: log.smbd, smb.conf, krb5.conf, nsswitch.conf and the ktpass command in AD. Somebody can help me? I get this output in log.smbd: --- [2005/08/11 12:41:45, 0] smbd/server.c:main(802) smbd version 3.0.20rc1 started. Copyright Andrew Tridgell and the Samba Team 1992-2004 [2005/08/11 12:41:45, 0] libads/kerberos.c:ads_kinit_password(146) kerberos_kinit_password host/[EMAIL PROTECTED] failed: Client not found in K erberos database [2005/08/11 12:41:45, 0] printing/nt_printing.c:nt_printing_init(636) nt_printing_init: error checking published printers: WERR_ACCESS_DENIED I've configured smb.conf with this data: --- [global] # general options workgroup = LEXI2K netbios name = SUNDEV # winbindd configuration # default winbind separator is \, which is good if you # use mod_ntlm since that is the character it uses. # users only need to know the one syntax # winbind separator = + # idmap uid and idmap gid are aliases for # winbind uid and winbid gid, respectively idmap uid = 1-2 idmap gid = 1-2 winbind enum users = yes winbind enum groups = yes template homedir = /home/%D/%U template shell = /bin/bash # Active directory joining # "ads server" is only necessary if your kdc # can't be located using /etc/krb5.conf -- JamesSpooner # # Note that more recent Samba versions have renamed "ads server" # to "password server", so if /var/log/messages reports # 'Unknown parameter encountered: "ads server"' on restart, # change 'ads' to 'password' -- ChetHosey # # ads server = test1.thinclient.test.org security = ads # encrypt passwords = yes is now default in Samba3 -- Enigma encrypt passwords = yes realm = lexi.com.mx # this handles the "ads server = " directive as well -- Enigma password server = lexidc.flexi.com.mx [shared1] comment = Datos compartidos path = /home/Samba force user = Administrator browseable = yes The krb5.conf file is this: - [libdefaults] ticket_lifetime = 24000 default_realm = LEXI.COM.MX #default_tgs_enctypes = des-cbc-crc des-cbc-md5 #default_tkt_enctypes = des-cbc-crc des-cbc-md5 forwardable = true proxiable = true dns_lookup_realm = true dns_lookup_kdc = true [realms] LEXI.COM.MX = { kdc = lexidc.lexi.com.mx admin_server = lexidc.lexi.com.mx default_domain = lexi.com.mx } [domain_realm] .lexi.com.mx = LEXI.COM.MX lexi.com.mx = LEXI.COM.MX .lexi2k = LEXI.COM.MX lexi2k = LEXI.COM.MX [logging] default = FILE:/var/krb5/kdc.log kdc = FILE:/var/krb5/kdc.log admin_server = FILE:/var/krb5/kdc.log kdc_rotate = { # How often to rotate kdc.log. Logs will get rotated no more # often than the period, and less often if the KDC is not used # frequently. period = 1d # how many versions of kdc.log to keep around (kdc.log.0, kdc.log.1, ...) versions = 10 } [kdc] profile = /var/kerberos/krb5kdc/kdc.conf [appdefaults] pam = { debug = false ticket_lifetime = 36000 renew_lifetime = 36000 forwardable = true krb4_convert = false } The nsswitch.conf is this: --- passwd: files winbind group: files winbind hosts: files wins shadow: files winbind ... The instruction in the ActiveDirectory Domain Controller was: C:\temp>ktpass -princ host/[EMAIL PROTECTED] -mapuser SUNDEV -pass password -out sundev.keytab Start your day with Yahoo! - make it your home page http://www.yahoo.com/r/hs -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Cross-subnet browsing...AGAIN!!!
Hi, I've been struggling with getting subnet browsing to work on my home network for some time and have decided to give it another go. This is my network configuration: Internet - Cisco SOHO97 (192.168.1.1) | | | ++ | ++ | | || | (192.168.1.5) (192.168.1.250) (192.168.1.249) | dudebatmobiletosh | (samba server) (XP client) (XP client) | (192.168.1.4) Linksys WRT54GS (192.168.4.1) | | (192.168.4.147) tosh2 (XP client) The Linksys router is routing between networks - no NAT is involved. I'm using the workgroup "HOME" and all XP clients are members of this workgroup. My smb.conf is as follows: # Global parameters [global] workgroup = HOME server string = Samba Server guest account = ftp log file = /var/log/samba/%m.log max log size = 50 socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 os level = 255 domain master = yes preferred master = yes local master = yes os level = 255 dns proxy = No wins support = Yes ldap ssl = no remote announce = 192.168.4.255/HOME 192.168.3.255/HOME remote browse sync = 192.168.4.255 192.168.3.255 cups options = raw name resolve order = wins,lmhosts,host,bcast hosts allow = 192.168.1. 192.168.2. 192.168.3. 192.168.4. [homes] comment = Home Directories read only = No browseable = yes [printers] comment = All Printers path = /var/spool/samba printable = Yes browseable = No [music] comment = Music files used by slimserver path = /home/slimserver/music write list = robin read only = No [test] comment = Test share path = /home/test write list = robin read only = No [cdrom] comment = DVD/CD Writer on Dude path = /media/cdrecorder read only = Yes [slim] comment = Slimserver source tree path = /usr/local/slimserver read only = Yes [apache] comment = Apache home path = /home/apache write list = robin read only = No I've shutdown all XP machines and restarted samba (smbd and nmbd) then restarted all XP machines. If I browse to My Network Places\Microsoft Windows Network\Home on each of the XP machines, here's what I see under Home on each machine: Tosh2: Tosh2 All shares on Dude under My Network Places Batmobile: Batmobile, Dude Tosh: Batmobile, Dude Some shares on Dude under My Network Places Some shares on Batmobile under My Network Places What I don't understand is: 1. Why can't I see Tosh from Batmobile? 2. Why can't I see Tosh from Tosh ??!! 3. Why can't I see Tosh, Batmobile, or Dude from Tosh2? 4. Why can't I see Tosh2 from Tosh, Batmobile, or Dude? Name resolution appears to be working (I can ping tosh|tosh2|batmobile|dude from tosh|tosh2|batmobile|dude) Am I missing something? R. -- http://robinbowes.com If a man speaks in a forest, and his wife's not there, is he still wrong? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Joining XP SP2 to a Samba PDC
Dont know if the typo was only in your email but you have [global] workgroup = ETNET in your smb.conf and then tried to join I change from workgroup: workgroup to Domain:ETINET Good luck Manannan From: DSanchez <[EMAIL PROTECTED]> To: samba@lists.samba.org Subject: [Samba] Joining XP SP2 to a Samba PDC Date: Wed, 10 Aug 2005 09:51:28 -0700 Hello and Thanks in advance. I have a CentOS 4.1 Server and i have samba Version 3.0.10-1.4E I have 2 users on this server right now: Root, Dsanchez. I have also issued this command to set up these 2 users on the Samba Server as well. smbpasswd -a root smbpasswd -a dsanchez and i set up the password to match the linux account. Here is my SMB.conf file: # Global parameters [global] workgroup = ETNET server string = Samba PDC Server passwd program = /usr/bin/passwd %u passwd chat = *New*UNIX*password* %n\n *ReType*new*UNIX*password* %n\n *passwd:*all*authentication*tokens*updated*successfully* unix password sync = Yes log file = /var/log/samba/%m.log max log size = 50 socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 printcap name = /etc/printcap add user script = /usr/sbin/useradd -d /dev/null -g 100 -s /bin/false -M %u add machine script = /usr/sbin/useradd -c Machine -d /dev/null -s /bin/false machine_name$ domain logons = Yes os level = 65 preferred master = Yes domain master = Yes dns proxy = No idmap uid = 16777216-33554431 idmap gid = 16777216-33554431 hosts allow = 10.78., 127. cups options = raw [homes] comment = Home Directories read only = No browseable = No [netlogon] comment = Network Logon Service path = /home/netlogon guest ok = Yes share modes = No [printers] comment = All Printers path = /var/spool/samba printable = Yes browseable = No I have also made the following changes to the XP box. Registry changes: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NetLogon\Parameters\Requiresignorseal Which i set to '0' from '1' I have made sure the following in Local Security Policy is set: I edited or checked the following entries: "Domain member: Digitally encrypt or sign secure channel(Disabled)" "Domain member: Disable machine account password changes(Disabled)." "Domain member: Require strong (Windows 2000 or later) session key(Disabled)" Then i go to the Systems Properties/computer name change/ I change from workgroup: workgroup to Domain:ETINET Then i click the 'ok' button, and a login window pops up. I then use the following usernames to 'Join' root admin administrator dsanchez etinet\root etinet\admin etinet\administrator etinet\dsanchez I get the following error when i try to join as: administrator admin etinet\admin etinet\administrator The following error occurred attempting to join the domain "ETINET": Logon Failure: Unknown Username or bad password. When i try using the following this is what i get: root etinet\root The following error occurred attempting to join the domain "ETINET": The username could not be found. Then, if i try and use my account, whcih i added to the root group. Dsanchez etinet\Dsanchez The following error occurred attempting to join the domain "ETINET": Access is Denied. Note, this is an XP SP2 Machine and i only have 1 user on this machine (Dsanchez) Also, I did find that this script add machine script = /usr/sbin/useradd -d /dev/null -g 102 -s /bin/false has a group of 102 and the machine log file that was in /var/log/samba/.log had this error in it. useradd: unknown group 102 however i do have this script in the smb.conf file. add user script = /usr/sbin/useradd -d /dev/null -g 100 -s /bin/false -M %u So do i need both of these lines? do i need to make a group with the Gid of 102? Thanks. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba _ It's fast, it's easy and it's free. Get MSN Messenger 7.0 today! http://messenger.msn.co.uk -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Make process stops with errors
Johan, I had the same problem here. [EMAIL PROTECTED] schrieb: Hi, I'm trying to compile Samba 3.0.14a with Active Directory support on AIX 5.3 with AIX C 7.0. The make process stops with the following error: "nsswitch/pam_winbind.c", line 341.32: 1506-045 (S) Undeclared identifier PAM_AUTHTOK_RECOVER_ERR. see https://www.redhat.com/archives/pam-list/2005-February/msg00012.html "nsswitch/pam_winbind.c", line 448.1: 1506-485 (S) Parameter declaration list is incompatible with declarator for PAM_EXTERN. see https://www.redhat.com/archives/pam-list/2005-February/msg00013.html I was able to compile Samba 3.0.14a on AIX 5.3 with adding -DPAM_AUTHTOK_RECOVER_ERR=PAM_AUTHTOK_RECOVERY_ERR and -DPAM_EXTERN=extern to CFLAGS. Regards Carsten -- . -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] phpBB forum
On Jeu 11 août 2005 18:54, CPNT : Eddy BOELS a écrit : > Hi my name is Eddy > > I'm working with a samba serveur and 20 pc (windows xp). > > I would like to install a forum on intranet. > > I was trying to install phpBB but an error occured > > I had installed MySQL and APACHE but the error message is < you seem not > have a good database to work with phpBB > > > > > An idea ? > > > > Thanks for help and sorry for my pity english > > > > Eddy > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/listinfo/samba > Hi, Your problem isn't Samba related, and thus has nothing to do here ;) Try the phpBB mailling-list instead. Cheers. -- Salut, Ton problème n'a rien à voir avec Samba, et donc ton message n'a pas sa place ici ;) Essaye la liste de diffusion de phpBB à la place. Bye. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] short ip range host allow in smb.conf
On Jeu 11 août 2005 17:32, Ken Walker a écrit : > how would i put the following into smb.conf in a shorthand format > > host allow all ip's from 192.168.0.151 to 192.168.0.185 but non outside > this > range > > without putting them all in separately, is it > > host allow 192.168.0.151 - 192.168.0.185 > > ? > > > Many thanks > > Ken > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/listinfo/samba > Hum, not sure you can... Did you try 192.168.0.151-185 ? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] SMB 3.0.14a - SMB Shares - UserName/Passwords not remembered ?
Folks - Is there a way to have SMB remember its password when SMB connections are set to be re-mapped when a users logs back into the workstation? In the past SMB would take the username and password of the local account being sent it on login. Now the users login and have to go under My Computer and access the share and reauthenticate on it. It then works. Thoughts? -- Thank you Todd Johnson -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Slow sequential write on Samba drive
Jeremy, do you have any advice for me? I saw on an earlier post that you were at LinuxWorld so maybe you don't have time right at the moment to look at this problem... I saw a recent posting about "smbtorture.c" but couldn't find it on the ftp site. Does anyone have suggestions for a SMB testing/benchmarking program, especially one that can run under both windows and linux? Thanks, Don Jeremy Allison wrote: On Tue, Aug 09, 2005 at 10:01:32AM -0700, Don wrote: Hi, I am experiencing very slow writes over samba. We have a modest linux network (about 6 servers) and a medium sized office (20-30 windows boxes). We have had a single linux file server that has done us yeoman service for several years. It is running RH 7.3. I am trying to set up the next generation file server with a huge (to me anyway) 2TB Promise VTrak 12110 RAID disk. I've installed Fedora Core 3 and got the file server up and running and it works fine... except it seemed slower than the older system. So, I downloaded "Performance Test" from www.passmark.com that tests things like hard drive speeds under Windows. What the test told me was: Thanks for that - I'll download and play with this test and see if I can reproduce the problem. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] vfs module license particulars
On Thu, 11 Aug 2005, Jeremy Allison wrote: > On Thu, Aug 11, 2005 at 01:15:01AM -0700, Jeremy Drake wrote: > > For instance, would it be allowed to write a vfs module which talks to > > Oracle to get the data which backs the filesystem rather than an actual > > filesystem? Even if it involves linking against Oracle's > > proprietary OCI library for calls into the database? > > > > Quoting from a message from the archives which I found in my searches > > (http://lists.samba.org/archive/samba-technical/2002-February/019881.html): > > > > "For example, a vfs plugin that links to Oracle as a backend would > > be GPL, but Oracle itself would not come under the GPL. This is > > because Oracle is a program that is of itself functional without > > Samba." > > > > If you want to link to proprietary code from a Samba VFS you need to > talk to a lawyer. No other advice will do. It's a very dicey thing to > do and most ways of doing it will not be legal. Seek legal advice from > your company. OK, let's try a slightly different question/approach. If I, as a random samba user interested in such a thing, wanted to write an oracle vfs module such as described in the original quote, and I released this vfs code under the gpl, would this be allowed? The library for calling into oracle is proprietary, as is oracle itself, but the logic for mapping an oracle db into a filesystem-like structure would be contained in the vfs and thus gpl. I find it hard to believe that someone who uses oracle and uses samba, and would like to interface them and distribute an open source work could not do so due to mis-matching between the oracle license and the gpl. An example of such a thing is pam_oci8, which is a GPL module which (indirectly) links against OCI. > > Jeremy. > -- Sam: What's new, Norm? Norm: Most of my wife. -- Cheers, The Spy Who Came in for a Cold One Coach: Beer, Norm? Norm: Naah, I'd probably just drink it. -- Cheers, Now Pitching, Sam Malone Coach: What's doing, Norm? Norm: Well, science is seeking a cure for thirst. I happen to be the guinea pig. -- Cheers, Let Me Count the Ways -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: SuSE 9.3 + Samba 3 + LDAP
Dear Horst, as far as I understand from Chapter 5 in "Samba by example", users AND machines are treated the same way. Thats why JHT (by the way thanks to John for writing this chapter, otherwise I would not have gotten Samba + LDAP to work) is using in his smb.conf both for users AND machines /|ldap machine suffix = ou=People|//| ldap user suffix = ou=People|/ In the IDEALX-tools you should correct also computersdn="ou=People,${suffix}" At least with my installation that's working. If you find a way that it works with ou=computers, please let me know. Best Joachim Horst Simon wrote: On Thu, 11 Aug 2005 10:35, Geoffrey Scott wrote: Horst B. Simon wrote: Hi All, I have OX with Samba 3 and Ldap working fine, except that workstation can not join the domain. When I try to join the domain I get following error message: The following error occurred attempting to join the domain. Can not find user name in Domain. But the user is there and it creates the computer in ou=computers in ldap. All users have no problems accessing the samba shares and using OX. Anyone in this group has successful joined a computer into ldap with OX and Samba3? Regards, Horst Horst, Is the user either root account in LDAP or been given sepriveledges as per chapter 5 of JHT example book? Does your smb.conf point to the correct part of ldap for your users? Have nss and pam been configured pointing correctly to where to the users are? Is the user that you are trying actually in that part of LDAP? Eg. You aren't trying to use: cn=Manager,dc=hsimon,dc=com,dc=au When your users are in : ou=Users,ou=OxObjects,dc=hsimon,dc=com,dc=au Are you? Cheers Geoff Hi, Following are part of slapd.conf, smb.conf and samba log for the client. Maybe someone know what the log file output mean. Regards, Horst in /etc/openldap/slapd.conf suffix "dc=hsc-consulting,dc=com,dc=au" rootdn "uid=mailadmin,dc=hsc-consulting,dc=com,dc=au" in /etc/ldap.conf host 127.0.0.1 base dc=hsc-consulting,dc=com,dc=au ldap_version 3 binddn uid=mailadmin,dc=hsc-consulting,dc=com,dc=au timelimit 50 bind_timelimit 50 bind_policy hard nss_base_passwd ou=Users,ou=OxObjects,dc=hsc-consulting,dc=com,dc=au?one nss_base_shadow ou=Users,ou=OxObjects,dc=hsc-consulting,dc=com,dc=au?one nss_base_group ou=Groups,ou=OxObjects,dc=hsc-consulting,dc=com,dc=au?one in smb.conf passdb backend = ldapsam:ldap://127.0.0.1/ ldap admin dn = uid=mailadmin,dc=hsc-consulting,dc=com,dc=au ldap suffix = dc=hsc-consulting,dc=com,dc=au ldap group suffix = ou=Groups,ou=OxObjects ldap user suffix = ou=Users,ou=OxObjects ldap machine suffix = ou=Computers,ou=OxObjects ldap ssl = No add user script = /usr/local/sbin/smbldap-useradd -m "%u" add machine script = /usr/local/sbin/smbldap-useradd -w "%u" add group script = /usr/local/sbin/smbldap-groupadd -p "%g" add user to group script = /usr/local/sbin/smbldap-groupmod -m "%u" "%g" delete user from group script = /usr/local/sbin/smbldap-groupmod -x "%u" "%g" set primary group script = /usr/local/sbin/smbldap-usermod -g "%g" "%u" enable privileges = yes domain master = yes domain logons = yes encrypt passwords = yes ldap passwd sync = Yes log level = 3 syslog = 0 log file = /var/log/samba/log.%m part of client log [2005/08/07 10:22:31, 3] smbd/sec_ctx.c:push_sec_ctx(256) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2005/08/07 10:22:31, 3] smbd/uid.c:push_conn_ctx(365) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2005/08/07 10:22:31, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2005/08/07 10:22:31, 3] smbd/sec_ctx.c:pop_sec_ctx(386) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2005/08/07 10:22:31, 3] auth/auth.c:check_ntlm_password(219) check_ntlm_password: Checking password for unmapped user [EMAIL PROTECTED] with the new password interface [2005/08/07 10:22:31, 3] auth/auth.c:check_ntlm_password(222) check_ntlm_password: mapped user is: [EMAIL PROTECTED] [2005/08/07 10:22:31, 3] smbd/sec_ctx.c:push_sec_ctx(256) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2005/08/07 10:22:31, 3] smbd/uid.c:push_conn_ctx(365) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2005/08/07 10:22:31, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2005/08/07 10:22:31, 2] lib/smbldap.c:smbldap_open_connection(692) smbldap_open_connection: connection opened [2005/08/07 10:22:31, 3] lib/smbldap.c:smbldap_connect_system(866) ldap_connect_system: succesful connection to the LDAP server ldap_connect_system: LDAP server does support paged results [2005/08/07 10:22:31, 2] passdb/pdb_ldap.c:init_sam_from_ldap(499) init_sam_from_ldap: Entry found for user: root [2005/08/07 10:22:31, 3] smbd/sec_ctx.c:pop_sec_ctx(386) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2005/08/07 10:22:31, 3] smbd/sec_
[Samba] forum phpBB
Hi my name is Eddy, i'm french I'm working with a samba serveur and 20 pc (windows xp). I would like to install a forum on intranet. I was trying to install phpBB but an error occured I had installed MySQL and APACHE but the error message is < you seem not have a good database to work with phpBB > An idea ? Thanks for help and sorry for my pity english Eddy -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] phpBB forum
Hi my name is Eddy I'm working with a samba serveur and 20 pc (windows xp). I would like to install a forum on intranet. I was trying to install phpBB but an error occured I had installed MySQL and APACHE but the error message is < you seem not have a good database to work with phpBB > An idea ? Thanks for help and sorry for my pity english Eddy -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: Finding the GID of AD groups on samba
On 8/11/05, Tim Holmes <[EMAIL PROTECTED]> wrote: > > Tim Holmes [EMAIL PROTECTED] wrote: > > > > > > Can someone point me in the right direction. Specifically, what I > am > > > looking for is a command that will allow me to generate a list of > all > > > the user groups on the system and their GID. This will allow me to > > > chgrp the folders as necessary. > > > > getent groups I believe you meant 'getent group' (not plural). -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Re: Finding the GID of AD groups on samba
> Tim Holmes [EMAIL PROTECTED] wrote: > > > > Can someone point me in the right direction. Specifically, what I am > > looking for is a command that will allow me to generate a list of all > > the user groups on the system and their GID. This will allow me to > > chgrp the folders as necessary. > > getent groups > > ;-))) > > Generally, "getent" is meant to dump the contents of every NSS > database that supports enumeration. Of course what you'd enumerate > depends on your privileges too. You will find all databases unix > machine uses in /etc/nsswitch.conf. > > There are also utilities for working with individual databases. > For example "id" for "getent passwd", "groups" for "getent groups". > > Cheers, > > -- > Michal Kurowski [Tim Holmes] Michal: here is the output [EMAIL PROTECTED] ~]# getent groups Unknown database: groups Try `getent --help' or `getent --usage' for more information. [EMAIL PROTECTED] ~]# Tim -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Re: Finding the GID of AD groups on samba
Tim Holmes [EMAIL PROTECTED] wrote: > > Can someone point me in the right direction. Specifically, what I am > looking for is a command that will allow me to generate a list of all > the user groups on the system and their GID. This will allow me to > chgrp the folders as necessary. getent groups ;-))) Generally, "getent" is meant to dump the contents of every NSS database that supports enumeration. Of course what you'd enumerate depends on your privileges too. You will find all databases unix machine uses in /etc/nsswitch.conf. There are also utilities for working with individual databases. For example "id" for "getent passwd", "groups" for "getent groups". Cheers, -- Michal Kurowski perl -e '$_=q#: 13_2: 12/o{>: 8_4) (_4: 6/2^-2; 3;-2^\2: 5/7\_/\7: 12m m::#; y#:#\n#;s#(\D)(\d+)#$1x$2#ge;print' -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] short ip range host allow in smb.conf
how would i put the following into smb.conf in a shorthand format host allow all ip's from 192.168.0.151 to 192.168.0.185 but non outside this range without putting them all in separately, is it host allow 192.168.0.151 - 192.168.0.185 ? Many thanks Ken -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] vfs module license particulars
On Thu, Aug 11, 2005 at 01:15:01AM -0700, Jeremy Drake wrote: > >From what I have been able to piece together from the archives of prior > discussions on this topic, it appears that one cannot write a proprietary > vfs module, correct? > > If that is true, how far does the non-proprietary nature need to extend? > For instance, would it be allowed to write a vfs module which talks to > Oracle to get the data which backs the filesystem rather than an actual > filesystem? Even if it involves linking against Oracle's > proprietary OCI library for calls into the database? > > Quoting from a message from the archives which I found in my searches > (http://lists.samba.org/archive/samba-technical/2002-February/019881.html): > > "For example, a vfs plugin that links to Oracle as a backend would > be GPL, but Oracle itself would not come under the GPL. This is > because Oracle is a program that is of itself functional without > Samba." > > Say I work for a company, and I wish to write a vfs driver which > interfaces with the company's proprietary product. What would be a > reasonably efficient mechanism to do this while not violating any license > terms for samba? Would this be writing a GPL vfs module which calls into > the company's proprietary libraries? This would seem to be the case if > writing an Oracle vfs client is allowed, since the only mechanism for > calling into Oracle from C is, AFAIK, via OCI, which is a proprietary > library (either directly or indirectly, such as through ODBC). > > Another clarification which I believe would be beneficial to the > community would be, do vfs modules have to be GPL and only GPL, or could > they be instead some other OSI-approved license? > > Thanks for any clarification you can provide, and I hope I don't trigger > some sort of licensing holy war on the list ;) If you want to link to proprietary code from a Samba VFS you need to talk to a lawyer. No other advice will do. It's a very dicey thing to do and most ways of doing it will not be legal. Seek legal advice from your company. Jeremy. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] replacing microsoft file server with linux samba server ?
That's also the conclusion I came to after reading doc on microsoft's website (e.g: http://www.microsoft.com/resources/sam/lic_cal.mspx). On that page they only speak about M$ servers. [EMAIL PROTECTED] a écrit sur 11/08/2005 16:46:32 : > > This is a question about microsoft license fees for desktop connections. > > If a microsoft file/print server is replaced with with a linux samba > > server > > or if the company starts out with a linux samba server, how would > > the desktop connections be monitored for the purpose of microsoft > > collecting connection fees? When using the linux samba server > > is there even a need to consider this scenario? > > You pay for client access licenses (CALs) on the server, if there is no MS > server employed then there is no reason to believe that you are violating > any licenses. > > > The reason I ask is that I read about a ms client that continued > > to pay desktop connection fees to microsoft after replacing > > a windows file/print server with linux and samba. > Then somebody was getting ripped off, of course there could be more to the > story... such as having an exchange or ms-sql server still in place that > maintains it's own CAL count. > > > > My small client is currently not on a file server and all their pc's > > come from dell so they are properly licensed as desktops. I > > have them networked so that they can share files and assume > > up to this point that microsoft does not need to be involved. > > After the linux file/print server is installed, I do not see the > > point of contacting microsoft to offer money for any reason > > but I need to ask if anyone knows about this because I > > dont want to put my client at risk due to my ignorance. > > Until you buy a Windows server, there are no licenses to consider, assuming > you're using all legal software on your clients. When you do buy that > server, you will have some number of CALs that the server will enforce > counting of. If you find you're running out of licenses you buy more. > There are no perpetual fees unless you sign up for that licensing model. > Either way, no Win server, no lics to count. > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] smbldap-tools unresovled problem.
Hi All, I am current working on Samba + LDAP PDC in RHEL-4. I some problem when doing the smbldap-useradd -w command. When I have a WinXP box try to join the PDC, smbldap-useradd -w "%u" will add a workstation account to the LDAP tree with all POSIX attribute but without all the SambaSAMAccount attribute. So, the WinXP box can find it's workstation account and wouldn't join the account. After searcing the Samba archive I found a patch that added an extra if (defined($Options{'w'})) section and will force to add an workstation account with all SambaSAMAccount attribute. But, magic happend here. When the first time a machine joining the PDC, it will eventually failed as the machine still not be able to find it's workstation account. But immidiately at the second time, it works. And it has been proven that it behave this way after joing 7 workstation to the PDC. Attached files is the patch file. Please advise. Thaks for all the good comment and help. -- Regards, C. K. Ong (Chris) Linux System Engineer, RHCT Cert No: 603004347692007 http://www.redhat.com/rhce/rhce603004347692007.html My Directory Sdn. Bhd. Your Open Source Partner. http://www.md.com.my http://www.net.my 2005 --- After watching Gentoo in Antartica, I decided to go home with RedHat on my head. --- * **POWERED BY BYNARI INSIGHT SERVER* * * The Enterprise Email Server That Rocks! * * --- smbldap-useradd 2005-05-31 11:49:26.0 +0300 +++ patched 2005-06-06 09:53:50.0 +0300 @@ -1,6 +1,6 @@ #!/usr/bin/perl -w -# $Id: smbldap-useradd,v 1.27 2005/05/27 14:21:00 jtournier Exp $ +# $Id: smbldap-useradd,v 1.26 2005/02/26 11:12:25 jtournier Exp $ # # This code was developped by IDEALX (http://IDEALX.org/) and # contributors (their names can be found in the CONTRIBUTORS file). @@ -164,7 +164,7 @@ my $userGroupSID; my $userRid; my $user_sid; -if (defined $Options{'a'} or defined $Options{'i'}) { +if (defined $Options{'a'} or defined $Options{'i'} or defined $Options{'w'}) { # as grouprid we use the value of the sambaSID attribute for # group of gidNumber=$userGidNumber $group_entry = read_group_entry_gid($userGidNumber); @@ -265,6 +265,28 @@ $modify->code && die "failed to add entry: ", $modify->error ; } + + if (defined($Options{'w'})) { +my $date=time; +my $modify = $ldap_master->modify ( "uid=$userName,$config{computersdn}", + changes => [ + replace => [objectClass => ['inetOrgPerson', 'posixAccount', 'sambaSAMAccount']], + add => [sambaAcctFlags => '[W ]'], + add => [sambaSID => "$user_sid"], + add => [sambaLogonTime => '0'], + add => [sambaLogoffTime => '2147483647'], + add => [sambaLMPassword => "kala"], + add => [sambaNTPassword => "kala"], + add => [sambaKickoffTime => '2147483647'], + add => [sambaPwdCanChange => '0'], + add => [sambaPwdMustChange => '2147483647'], + add => [sambaPwdLastSet => "$date"], + add => [sambaPrimaryGroupSID => "$config{SID}-515"] + ] + ); + +$modify->code && die "failed to add entry: ", $modify->error ; + } $ldap_master->unbind; exit 0; @@ -311,11 +333,7 @@ system "mkdir $userHomeDirectory 2>/dev/null"; system "cp -a $config{skeletonDir}/.[a-z,A-Z]* $config{skeletonDir}/* $userHomeDirectory 2>/dev/null"; system "chown -R $userUidNumber:$userGidNumber $userHomeDirectory 2>/dev/null"; - if (defined $config{userHomeDirectoryMode}) { - system "chmod $config{userHomeDirectoryMode} $userHomeDirectory 2>/dev/null"; - } else { - system "chmod 700 $userHomeDirectory 2>/dev/null"; - } + system "chmod 700 $userHomeDirectory 2>/dev/null"; } } } -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Change location of PID file for samba
Hi, I want to run multiple Samba instances. Each instance would maintain its own PID file. How do I configure each Samba instance to have a separate PID file? Can we configure the smb.conf in any way to achieve the same? I am running Samba on HP-UX Thanks in advance. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Machine accounts removed from domain
Greetings. I was wondering if anyone else was experienceing this problem. If so, how to remedy it. We're using SaMBa 2.2.7 (I know it's EOL, but it's the only one available from the IBM AIX Toolbox download site). After some length of time (seems to be weeks or months), the machine account is gone from the domain. It's not browseable, won't authenticate even by \\ip-address\. We have to reset the machine account and re-run smbpasswd to get it back. It's almost as if the domain controllers don't "hear" from the server it's assumed to be "gone" and removed from the domain. Is this truly what's happening, and if so , is there a way to prevent it? Does a later version provide a remedy? Thanks! --Doug ++ Doug Eckert TES Server Engineering 609.520.4993 mailto:[EMAIL PROTECTED] =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Finding the GID of AD groups on samba
Hi Folks: A couple weeks ago, the list helped me develop the way to find the UID of users on my AD system. At the time I did not think that it would be necessary to know the GID of the AD Groups, but I am hitting some snags where I need to change the group ownership of folders etc. I suspect that the necessary command is a variant of the getent command, but man getent has not yielded where I should look for them. Can someone point me in the right direction. Specifically, what I am looking for is a command that will allow me to generate a list of all the user groups on the system and their GID. This will allow me to chgrp the folders as necessary. Thanks TIM Timothy A. Holmes IT Manager / Webmaster / Computer Teacher Medina Christian Academy A Higher Standard... Jeremiah 33:3 Jeremiah 29:11 Esther 4:14 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] replacing microsoft file server with linux samba server ?
> This is a question about microsoft license fees for desktop connections. > If a microsoft file/print server is replaced with with a linux samba > server > or if the company starts out with a linux samba server, how would > the desktop connections be monitored for the purpose of microsoft > collecting connection fees? When using the linux samba server > is there even a need to consider this scenario? You pay for client access licenses (CALs) on the server, if there is no MS server employed then there is no reason to believe that you are violating any licenses. > The reason I ask is that I read about a ms client that continued > to pay desktop connection fees to microsoft after replacing > a windows file/print server with linux and samba. Then somebody was getting ripped off, of course there could be more to the story... such as having an exchange or ms-sql server still in place that maintains it's own CAL count. > My small client is currently not on a file server and all their pc's > come from dell so they are properly licensed as desktops. I > have them networked so that they can share files and assume > up to this point that microsoft does not need to be involved. > After the linux file/print server is installed, I do not see the > point of contacting microsoft to offer money for any reason > but I need to ask if anyone knows about this because I > dont want to put my client at risk due to my ignorance. Until you buy a Windows server, there are no licenses to consider, assuming you're using all legal software on your clients. When you do buy that server, you will have some number of CALs that the server will enforce counting of. If you find you're running out of licenses you buy more. There are no perpetual fees unless you sign up for that licensing model. Either way, no Win server, no lics to count. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Problem with AD/Samba and too many AD groups
I have a Redhat Enterprise Linux (v3.0) box running Samba 3.0.9-1.3E.3. This box only has two Samba shares created on it, each of them with a single "valid user" entry. The relevant smb.conf information is included below. The problem is that when user1 tries to connect to \\server\user1 and authenticate via AD, the connection fails with a "unknown username or bad password" error on their Windows box. On the Samba server, the error in the logs relates to NT_STATUS_WRONG_PASSWORD. Here's the catch though. When I remove that account from a couple of AD groups, the connection succeeds. It appears there is some limit on the number of groups that user1 can be a member of. wbinfo -G DOMAIN\\USER1 returns ~423 AD groups. When I get that number down under ~400, the connection works fine. As an aside, user2 belongs to ~180 groups and has no problems connecting. Is there some limit within Samba that can be increased to allow for a user to be a member of >400 AD groups? I don't want to remove the user from the groups they are a member of if at all possible. Some are dis lists, others needed for security and so on. NGROUPS_MAX is set to 32, but we are obviously way past that limit for both accounts, so I don't know if that setting comes into play or not. Any help on this would be greatly appreciated. Thanks in advance, Don # Global parameters [global] workgroup = QG realm = QG.COM security = ADS log file = /var/log/samba/%m.log dns proxy = no ldap ssl = no idmap uid = 1-10 idmap gid = 1-10 winbind cache time = 60 winbind enum users = no winbind enum groups = no log level = 3 [user1] path = /user1 valid users = DOMAIN\USER1 read only = No create mask = 0700 directory mask = 0700 browseable = No [user2] path = /user2 valid users = DOMAIN\USER2 read only = No create mask = 0700 directory mask = 0700 browseable = No -- Log file output [2005/08/11 09:27:14, 3] auth/auth.c:check_ntlm_password(219) check_ntlm_password: Checking password for unmapped user [domain] [EMAIL PROTECTED] with the new password interface [2005/08/11 09:27:14, 3] auth/auth.c:check_ntlm_password(222) check_ntlm_password: mapped user is: [EMAIL PROTECTED] [2005/08/11 09:27:14, 3] smbd/sec_ctx.c:push_sec_ctx(256) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2005/08/11 09:27:14, 3] smbd/uid.c:push_conn_ctx(365) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2005/08/11 09:27:14, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2005/08/11 09:27:14, 3] smbd/sec_ctx.c:pop_sec_ctx(386) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2005/08/11 09:27:14, 2] auth/auth.c:check_ntlm_password(312) check_ntlm_password: Authentication for user [user1] -> [user1] FAILED with error NT_STATUS_WRONG_PASSWORD [2005/08/11 09:27:17, 3] smbd/process.c:process_smb(1091) Transaction 5 of length 16626 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] What is the right script: W2K AD, Solaris8-SMB/KRB/LDAP, Win Clients?
I'm so confused about the use of Samba. This is my situation: I have one Win2k domain with Active Directory. The main network has only one PDC, but in others networks I have 5 servers more, all under the same main domain (I don't have subdomains). I need to put some files in a Solaris 8 and 9 servers that Win2kPro and WinXP can to access, with its domain accounts. Aditionally, I neet to put security to the shares in Solaris under the Active Directory Accounts. So, when a user with permisions to access the shared folder in Solaris, get the files, through his/her Windows Active Directory account. First: Is this possible? I've installed samba-3.0.20rc1.tar.gz (before I tested samba-3.0.14a.tar.gz, but I cannot get connected). I installed openldap-2.2.26.tar and krb5-1.4.1-signed.tar. I've compile Samba with this options: LDFLAGS="-L/opt/local/openldap/lib -Wl,-R/opt/local/openldap/lib" CPPFLAGS=-I/opt/local/openldap/include ./configure --prefix=/opt/local/samba --with-winbind --with-ads --with-ldap --with-krb5=/opt/local/kerberos5 I get the executables right and correctly installed. After I've test all scripts and directions in each sheet of the HOW-TO's and whatever, but I cannot get the desired results. So: what are the correct scripts to install? somebody would help me to understand how to make an installation to works? Thanks in advance. __ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] replacing microsoft file server with linux samba server ?
This is a question about microsoft license fees for desktop connections. If a microsoft file/print server is replaced with with a linux samba server or if the company starts out with a linux samba server, how would the desktop connections be monitored for the purpose of microsoft collecting connection fees? When using the linux samba server is there even a need to consider this scenario? The reason I ask is that I read about a ms client that continued to pay desktop connection fees to microsoft after replacing a windows file/print server with linux and samba. My small client is currently not on a file server and all their pc's come from dell so they are properly licensed as desktops. I have them networked so that they can share files and assume up to this point that microsoft does not need to be involved. After the linux file/print server is installed, I do not see the point of contacting microsoft to offer money for any reason but I need to ask if anyone knows about this because I dont want to put my client at risk due to my ignorance. Thanks -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] NTBackup on WinServer2003 and SAMBA problem
Hi all, I have a problem with using NTBackup with SAMBA shares. I know about bug in version 3.0.x. I have SAMBA 1.9.18 at the moment on AIX machine and two Windows2003 Server. While trying to select SAMBA shares for backup I have "Access to this device or folder has been denied" error. This problem appears only on Win2003Srv. When I tried it on Win2kSrv with exactly the same configuration of AIX machine there's no problem with backup. Maybe someone had similar problem. I'll appreciate any help TIA inż. bartosz kowalski administrator systemowy system administrator imp imp engineering poland sp. zo.o. ul. szewska 3a PL 50-053 wrocław tel.: +48 71 37 66 9-99 fax: +48 71 37 66 9-80 [EMAIL PROTECTED] www.imp-poland.pl member of the ALTEN group Wichtiger Hinweis: Diese Information ist für den Gebrauch durch die Person oder Firma/Organisation bestimmt, die in der Empfänger- adresse benannt ist. Wenn Sie nicht der angegebene Empfänger sind, nehmen Sie bitte zur Kenntnis, dass Weitergabe, Kopieren, Verteilung oder Nutzung des Inhalts dieser Email-Übertragung unzulässig ist. Falls Sie diese Email irrtümlich erhalten haben, benachrichtigen Sie den Absender bitte unverzüglich telefonisch oder durch eine Email. Important Note: This e-mail may contain trade secrets or privileged, undisclosed or otherwise confidential information. If you have received this e-mail in error, you are hereby notified that any review, copying or distribution of it is strictly prohibited. Please inform us immediately and destroy the original transmittal. The address is written above. Thank you for your cooperation. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Re: SuSE 9.3 + Samba 3 + LDAP
On Thu, 11 Aug 2005 10:35, Geoffrey Scott wrote: > Horst B. Simon wrote: > > Hi All, > > > > I have OX with Samba 3 and Ldap working fine, except that workstation > > can not join the domain. When I try to join the domain I get > > following error message: The following error occurred attempting to > > join the domain. Can not find user name in Domain. But the user is > > there and it creates the computer in ou=computers in ldap. All users > > have no problems accessing the samba shares and using OX. Anyone in > > this group has successful joined a computer into ldap with OX and > > Samba3? > > > > Regards, > > Horst > > Horst, > Is the user either root account in LDAP or been given sepriveledges > as per chapter 5 of JHT example book? Does your smb.conf point to the > correct part of ldap for your users? Have nss and pam been configured > pointing correctly to where to the users are? Is the user that you are > trying actually in that part of LDAP? Eg. You aren't trying to use: > > cn=Manager,dc=hsimon,dc=com,dc=au > > When your users are in : > > ou=Users,ou=OxObjects,dc=hsimon,dc=com,dc=au > > Are you? > > Cheers Geoff Hi, Following are part of slapd.conf, smb.conf and samba log for the client. Maybe someone know what the log file output mean. Regards, Horst in /etc/openldap/slapd.conf suffix "dc=hsc-consulting,dc=com,dc=au" rootdn "uid=mailadmin,dc=hsc-consulting,dc=com,dc=au" in /etc/ldap.conf host 127.0.0.1 base dc=hsc-consulting,dc=com,dc=au ldap_version 3 binddn uid=mailadmin,dc=hsc-consulting,dc=com,dc=au timelimit 50 bind_timelimit 50 bind_policy hard nss_base_passwd ou=Users,ou=OxObjects,dc=hsc-consulting,dc=com,dc=au?one nss_base_shadow ou=Users,ou=OxObjects,dc=hsc-consulting,dc=com,dc=au?one nss_base_group ou=Groups,ou=OxObjects,dc=hsc-consulting,dc=com,dc=au?one in smb.conf passdb backend = ldapsam:ldap://127.0.0.1/ ldap admin dn = uid=mailadmin,dc=hsc-consulting,dc=com,dc=au ldap suffix = dc=hsc-consulting,dc=com,dc=au ldap group suffix = ou=Groups,ou=OxObjects ldap user suffix = ou=Users,ou=OxObjects ldap machine suffix = ou=Computers,ou=OxObjects ldap ssl = No add user script = /usr/local/sbin/smbldap-useradd -m "%u" add machine script = /usr/local/sbin/smbldap-useradd -w "%u" add group script = /usr/local/sbin/smbldap-groupadd -p "%g" add user to group script = /usr/local/sbin/smbldap-groupmod -m "%u" "%g" delete user from group script = /usr/local/sbin/smbldap-groupmod -x "%u" "%g" set primary group script = /usr/local/sbin/smbldap-usermod -g "%g" "%u" enable privileges = yes domain master = yes domain logons = yes encrypt passwords = yes ldap passwd sync = Yes log level = 3 syslog = 0 log file = /var/log/samba/log.%m part of client log [2005/08/07 10:22:31, 3] smbd/sec_ctx.c:push_sec_ctx(256) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2005/08/07 10:22:31, 3] smbd/uid.c:push_conn_ctx(365) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2005/08/07 10:22:31, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2005/08/07 10:22:31, 3] smbd/sec_ctx.c:pop_sec_ctx(386) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2005/08/07 10:22:31, 3] auth/auth.c:check_ntlm_password(219) check_ntlm_password: Checking password for unmapped user [EMAIL PROTECTED] with the new password interface [2005/08/07 10:22:31, 3] auth/auth.c:check_ntlm_password(222) check_ntlm_password: mapped user is: [EMAIL PROTECTED] [2005/08/07 10:22:31, 3] smbd/sec_ctx.c:push_sec_ctx(256) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2005/08/07 10:22:31, 3] smbd/uid.c:push_conn_ctx(365) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2005/08/07 10:22:31, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2005/08/07 10:22:31, 2] lib/smbldap.c:smbldap_open_connection(692) smbldap_open_connection: connection opened [2005/08/07 10:22:31, 3] lib/smbldap.c:smbldap_connect_system(866) ldap_connect_system: succesful connection to the LDAP server ldap_connect_system: LDAP server does support paged results [2005/08/07 10:22:31, 2] passdb/pdb_ldap.c:init_sam_from_ldap(499) init_sam_from_ldap: Entry found for user: root [2005/08/07 10:22:31, 3] smbd/sec_ctx.c:pop_sec_ctx(386) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2005/08/07 10:22:31, 3] smbd/sec_ctx.c:push_sec_ctx(256) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2005/08/07 10:22:31, 3] smbd/uid.c:push_conn_ctx(365) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2005/08/07 10:22:31, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2005/08/07 10:22:31, 3] smbd/sec_ctx.c:push_sec_ctx(256) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 [2005/08/07 10:22:31, 3] smbd/uid.c:push_conn_ctx(365) push_conn_ctx(0) : conn_ctx_stack_ndx = 1 [2005/08/07 10:22:31, 3] smbd/sec_ctx.c:set_s
Re: [Samba] Make process stops with errors
I just compiled Samba (but in Solaris) with this options: export LDFLAGS="-L/opt/local/openldap/lib -Wl,-R/opt/local/openldap/lib" export CPPFLAGS=-I/opt/local/openldap/include ./configure --prefix=/opt/local/samba --with-winbind --with-ads --with-ldap --with-krb5=/opt/local/kerberos5 Maybe it can works for you. Regards. --- [EMAIL PROTECTED] wrote: > Hi, > > I'm trying to compile Samba 3.0.14a with Active > Directory support on > AIX 5.3 with AIX C 7.0. > > The make process stops with the following error: > > Using FLAGS = -I/opt/compiled/include > -I/opt/compiled/include > -I/opt/freeware/include -D_LINUX_SOURCE_COMPAT > -qmaxmem=32000 -I./popt > -Iinclude > -I/home/johsod/freyasamba/samba/samba-3.0.14a/source/include > -I/home/johsod/freyasamba/samba/samba-3.0.14a/source/ubiqx > -I/home/johsod/freyasamba/samba/samba-3.0.14a/source/smbwrapper > -I. > -I/opt/compiled/include -I/opt/compiled/include > -I/opt/freeware/include > -I/opt/freeware/include/openssl > -I/opt/compiled/include/sasl > -I/opt/compiled/include/gssapi > -I/opt/compiled/include > -I/home/johsod/freyasamba/samba/samba-3.0.14a/source > LIBS = -liconv > LDSHFLAGS = > -Wl,-bexpall,-bM:SRE,-bnoentry,-berok > -L/opt/compiled/lib -lcrypto -L/opt/freeware/lib > -L/opt/compiled/lib > -L/opt/compiled/lib/sasl2 -L/opt/compiled/lib > LDFLAGS = -L/opt/compiled/lib -lcrypto > -L/opt/freeware/lib > -L/opt/compiled/lib -L/opt/compiled/lib/sasl2 > -L/opt/compiled/lib > Compiling nsswitch/pam_winbind.c with -O2 > "nsswitch/pam_winbind.c", line 71.43: 1506-280 (W) > Function argument > assignment between types "void**" and "const void**" > is not allowed. > "nsswitch/pam_winbind.c", line 73.36: 1506-280 (W) > Function argument > assignment between types "struct pam_message**" and > "const struct > pam_message**" is not allowed. > "nsswitch/pam_winbind.c", line 89.20: 1506-068 (W) > Operation between > types "char*" and "const char*" is not allowed. > "nsswitch/pam_winbind.c", line 329.59: 1506-280 (W) > Function argument > assignment between types "void**" and "const void**" > is not allowed. > "nsswitch/pam_winbind.c", line 341.32: 1506-045 (S) > Undeclared > identifier PAM_AUTHTOK_RECOVER_ERR. > "nsswitch/pam_winbind.c", line 362.36: 1506-068 (W) > Operation between > types "char*" and "const char*" is not allowed. > "nsswitch/pam_winbind.c", line 370.30: 1506-068 (W) > Operation between > types "char*" and "const char*" is not allowed. > "nsswitch/pam_winbind.c", line 376.38: 1506-068 (W) > Operation between > types "char*" and "const char*" is not allowed. > "nsswitch/pam_winbind.c", line 434.40: 1506-280 (W) > Function argument > assignment between types "void**" and "const void**" > is not allowed. > "nsswitch/pam_winbind.c", line 451.1: 1506-277 (S) > Syntax error: > possible missing ';' or ','? > "nsswitch/pam_winbind.c", line 454.25: 1506-277 (S) > Syntax error: > possible missing ';' or ','? > "nsswitch/pam_winbind.c", line 459.15: 1506-277 (S) > Syntax error: > possible missing ';' or ','? > "nsswitch/pam_winbind.c", line 448.1: 1506-485 (S) > Parameter > declaration list is incompatible with declarator for > PAM_EXTERN. > "nsswitch/pam_winbind.c", line 464.13: 1506-045 (S) > Undeclared identifier ctrl. > "nsswitch/pam_winbind.c", line 469.6: 1506-273 (E) > Missing type in > declaration of retval. > "nsswitch/pam_winbind.c", line 471.39: 1506-045 (S) > Undeclared > identifier password. > "nsswitch/pam_winbind.c", line 469.38: 1506-045 (S) > Undeclared identifier pamh. > "nsswitch/pam_winbind.c", line 469.44: 1506-045 (S) > Undeclared identifier ctrl. > "nsswitch/pam_winbind.c", line 469.15: 1506-221 (S) > Initializer must > be a valid constant expression. > "nsswitch/pam_winbind.c", line 473.6: 1506-046 (S) > Syntax error. > make: 1254-004 The error code from the last command > is 1. > > > Stop. > > > I'm now wondering if anyone else is experiencing > this and if anyone > has a solution to the problem? > > Thanks in advance, > > Regards, > > /Johan > -- > To unsubscribe from this list go to the following > URL and read the > instructions: > https://lists.samba.org/mailman/listinfo/samba > Start your day with Yahoo! - make it your home page http://www.yahoo.com/r/hs -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Administrator-installed printers unavailable to regular users
On Thursday 11 August 2005 01:31 am, jurgen wrote: > The way it worked before: Administrator would install printers into > an NT workstation. Those printers would be able to be used by any > user who logs into that machine. Users would inherit whichever > printer set is installed on the machine they're using. The printers > were named "Printername on Servername". So, were these network or > local printers? In the wonderful world of Windows you can install a network printer as a "local" printer. This may have been what you did previously. In fact I have a client with a certain TS application that will not print correctly unless the remote printer is installed this way (I think it's a PCL bug but the vendor doesn't know how to spell PS). You can do it this way but the general trend is to pick network printer in the printer wizard setup box for non-local printers. > > Generally default permissions allow Windows users to install > > network printers. If your users can't then something is changed. > > That's what I'm trying to figure out. My users can't install > printers. Administrator can install printers, but users can't see > them. What has changed? Where can I look to find this *something* > that has changed? Is it a domain administration, policy, group issue? > Is it some weird mismatch between driver types? Normally you would get a message if the proper driver wasn't available. Are the users added to the mapped Domain Users group? Chris -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] newbie: Samba with Mysql question
Yes, they are generally coming from over the Internet and is the reason for the OpenVPN part of the project. Thanks, Lonnie Cumberland Lee Ball wrote: Are the people who you want to connect to Samba locally on your network or will they be connecting over the Internet? Its just I don't see why you would need OpenVPN unless they were connecting over a public network. You may also want to look at http://samba.linuxforum.net/samba/docs/man/Samba-HOWTO-Collection/passdb.html#id2571894 Lonnie wrote: Greetings All, I am new to this list and currently have a Fedora 3 server set up with Samba which just needs to be configured. I would like to set up the MySQL database support for users and passwords as we have another project that will want to add entries to the Samba database so when the users are created so that they will have access to their home directories via samba. Could someone please give me a little guidance on how to set this up? I have Samba "samba-3.0.10-1.fc3" installed and my next step after getting it to function cleanly will be to install the OpenVPN software on the server so the clients will have clean and secure access through samba. Thanks for any help and guidance that you could provide to get me started on the configurations. Lonnie Cumberland -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] i can't see users and groups from samba pdc
i have a samba client 3.x (shareserver) with many shares. This server is a client machine of samba LDAP 3.x (sambaldapserver). When i click properties of any share of ldap server i can see ldap users and groups but my samba shareserver can't see users and groups of ldap server when click properties of a file or directory. I added the shareserver$ in LDAP. I can mount shares from shareserver to windows clients without problems What is the problem? Thanks -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] name resolving on a simple network
Pardon me if I don't adhere to list protocol - this is my first post: I have a simple home network with a seemingly intractable problem. I'm pretty new to Samba, though, and I can't help but think the answer, like the purloined letter in Edgar Allan Poe's story, is staring me in the face. Various folks have been helping me over on the Fedora list for 9 days, now, so I thought I'd try this problem here. The networks consists of the following: A linux Fedora Core server running several services, right on the net: It's Samba name is vrproductions2 - it's robustly firewalled but, temporarily, all connections are allowed between the lan and the firewall. This machine is doing dhcp for the lan, and routing. The lan consists of three Windows machines: FHB is not a concern, is running Win98, and is just getting routed to the net. StudioPC is fixed ip 192.168.2.32 and two hard drives are being shared. Julimobile is a laptop that gets its ip from the dhcp server on the Linux box and both of its drives are shared. As currently configured, I get the following: Open a konqueror browser window and enter "smb:/ and I get my 'workgroup' icon; click on that, and I get the three PC's that have shares opened, VRPRODUCTIONS2, STUDYPC, and JULIMOBILE; Click on each of these in turn, and I see the shares; in the case of JULIMOBILE and VRPRODUCTIONS2, clicking on these shares allows me to enter to the root directories of the shares, and then browse all shared folders; clicking on STUDIOPC results in an error. "Internal Error Please send a full bug report at http://bugs.kde.org libsmbclient reported an error, but did not specify what the problem is. This might indicate a severe problem with your network - but also might indicate a problem with libsmbclient. If you want to help us, please provide a tcpdump of the network interface while you try to browse (be aware that it might contain private data, so do not post it if you are unsure about that - you can send it privately to the developers if they ask for it)" On the other hand, if I enter "smb://192.168.2.32" in the konqueror address window, I can get into STUDYPC and browse its folders just fine... STUDYPC is listed in hosts and lmhosts Here is my smb.conf: [global] workgroup=workgroup hosts allow = 192.168.2., 127. local master=yes domain master=yes os level = 65 wins support=yes name resolve order=lmhosts host wins bcast ldap ssl = No restrict anonymous = no server string = Samba max protocol = NT server signing = Disabled interfaces = 192.168.2.1 127.0.0.1 security = share netbios name = VRPRODUCTIONS2 log file=/var/log/samba/smb.log.%m log level=3 [CJ home] case sensitive = no guest ok = yes msdfs proxy = no read only = no path = /home/cj Can anyone see what we've overlooked? -- Claude Jones Bluemont, VA, USA -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Make process stops with errors
Hi, I'm trying to compile Samba 3.0.14a with Active Directory support on AIX 5.3 with AIX C 7.0. The make process stops with the following error: Using FLAGS = -I/opt/compiled/include -I/opt/compiled/include -I/opt/freeware/include -D_LINUX_SOURCE_COMPAT -qmaxmem=32000 -I./popt -Iinclude -I/home/johsod/freyasamba/samba/samba-3.0.14a/source/include -I/home/johsod/freyasamba/samba/samba-3.0.14a/source/ubiqx -I/home/johsod/freyasamba/samba/samba-3.0.14a/source/smbwrapper -I. -I/opt/compiled/include -I/opt/compiled/include -I/opt/freeware/include -I/opt/freeware/include/openssl -I/opt/compiled/include/sasl -I/opt/compiled/include/gssapi -I/opt/compiled/include -I/home/johsod/freyasamba/samba/samba-3.0.14a/source LIBS = -liconv LDSHFLAGS = -Wl,-bexpall,-bM:SRE,-bnoentry,-berok -L/opt/compiled/lib -lcrypto -L/opt/freeware/lib -L/opt/compiled/lib -L/opt/compiled/lib/sasl2 -L/opt/compiled/lib LDFLAGS = -L/opt/compiled/lib -lcrypto -L/opt/freeware/lib -L/opt/compiled/lib -L/opt/compiled/lib/sasl2 -L/opt/compiled/lib Compiling nsswitch/pam_winbind.c with -O2 "nsswitch/pam_winbind.c", line 71.43: 1506-280 (W) Function argument assignment between types "void**" and "const void**" is not allowed. "nsswitch/pam_winbind.c", line 73.36: 1506-280 (W) Function argument assignment between types "struct pam_message**" and "const struct pam_message**" is not allowed. "nsswitch/pam_winbind.c", line 89.20: 1506-068 (W) Operation between types "char*" and "const char*" is not allowed. "nsswitch/pam_winbind.c", line 329.59: 1506-280 (W) Function argument assignment between types "void**" and "const void**" is not allowed. "nsswitch/pam_winbind.c", line 341.32: 1506-045 (S) Undeclared identifier PAM_AUTHTOK_RECOVER_ERR. "nsswitch/pam_winbind.c", line 362.36: 1506-068 (W) Operation between types "char*" and "const char*" is not allowed. "nsswitch/pam_winbind.c", line 370.30: 1506-068 (W) Operation between types "char*" and "const char*" is not allowed. "nsswitch/pam_winbind.c", line 376.38: 1506-068 (W) Operation between types "char*" and "const char*" is not allowed. "nsswitch/pam_winbind.c", line 434.40: 1506-280 (W) Function argument assignment between types "void**" and "const void**" is not allowed. "nsswitch/pam_winbind.c", line 451.1: 1506-277 (S) Syntax error: possible missing ';' or ','? "nsswitch/pam_winbind.c", line 454.25: 1506-277 (S) Syntax error: possible missing ';' or ','? "nsswitch/pam_winbind.c", line 459.15: 1506-277 (S) Syntax error: possible missing ';' or ','? "nsswitch/pam_winbind.c", line 448.1: 1506-485 (S) Parameter declaration list is incompatible with declarator for PAM_EXTERN. "nsswitch/pam_winbind.c", line 464.13: 1506-045 (S) Undeclared identifier ctrl. "nsswitch/pam_winbind.c", line 469.6: 1506-273 (E) Missing type in declaration of retval. "nsswitch/pam_winbind.c", line 471.39: 1506-045 (S) Undeclared identifier password. "nsswitch/pam_winbind.c", line 469.38: 1506-045 (S) Undeclared identifier pamh. "nsswitch/pam_winbind.c", line 469.44: 1506-045 (S) Undeclared identifier ctrl. "nsswitch/pam_winbind.c", line 469.15: 1506-221 (S) Initializer must be a valid constant expression. "nsswitch/pam_winbind.c", line 473.6: 1506-046 (S) Syntax error. make: 1254-004 The error code from the last command is 1. Stop. I'm now wondering if anyone else is experiencing this and if anyone has a solution to the problem? Thanks in advance, Regards, /Johan -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Re: problem joining the domain
Hi all I have solved the pb... I had specified smb port 139, got rid of that. Made it to accept domain logon, and changed the Administrator uid to 0 (smbldap-tools 0.8.7) Thanks to the folks in IRC :) (especially _ranger_) chap On 8/11/05, Fred Blaise <[EMAIL PROTECTED]> wrote: > Hey all > > I have installed a new Debian 3.1, with samba 3.0.14a-3 from apt-get. > I have configured samba to use the LDAP backend. I used the > smbldap-populate to get my directory going. No problem until then. > > I currently only have 1 machine, which is also configured to be the PDC. > > But, I can't join that PDC to the domain, damn it. > > Here is what it says, debug level 2: > > pdc:~# net rpc join -U Administrator -d 2 > [2005/08/11 07:50:26, 2] lib/interface.c:add_interface(81) > added interface ip=192.168.0.100 bcast=192.168.0.255 nmask=255.255.255.0 > [2005/08/11 07:50:26, 2] lib/util_sock.c:open_socket_out(789) > error connecting to 192.168.0.100:445 (Connection refused) > [2005/08/11 07:50:26, 1] utils/net_rpc.c:run_rpc_command(138) > rpc command function failed! (NT_STATUS_ACCESS_DENIED) > Password: > [2005/08/11 07:50:27, 2] lib/util_sock.c:open_socket_out(789) > error connecting to 192.168.0.100:445 (Connection refused) > Creation of workstation account failed > Unable to join domain SMBPDC. > [2005/08/11 07:50:27, 2] utils/net.c:main(897) > return code = 1 > > A netstat -an |grep 445 doesn't return anything... Any idea why it is > not listening? > > Also, other commands are fine, such as: > > pdc:~# net rpc info > Domain Name: ILR > Domain SID: S-1-5-21-223096953-1148827292-541513073 > Sequence number: 1123739472 > Num users: 23 > Num domain groups: 4 > Num local groups: 0 > > That was a glimpse of the problem. Any suggestions most welcome. > > Thanks for your time. > > chap > -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Migrating from samba to win 2k3 pdc
Many thanks for this, will stop me having to mess around with cut etc getting usernames and such out :) Im not too worried about workstations as they are all being rebuilt, its still mostly the passwords. My "get around" is that they really only need it for webmail, so what I will do is hold off AD'ing the webmail machine and copy the passwd/shaddow files across to the webmail box. Then when they all come back and change their passwords, change it to use AD authentication. Such a pain :/ Still. Life goes on :) Cheers Ross -Original Message- From: Jonathan Johnson [mailto:[EMAIL PROTECTED] Sent: 09 August 2005 19:22 To: Ross McInnes Cc: samba@lists.samba.org Subject: Re: [Samba] Migrating from samba to win 2k3 pdc I've used Microsoft's Active Directory Migration Tool with reasonably good success to migrate user and machine accounts from Samba to ADS. ADMT is able to retrieve the passwords from a Windows NT domain, but to my knowledge, NOT from a Samba domain. ADMT is on your Windows 2K3 CD. Some gotchas with regard to migration of workstations: 1) The local Administrator password on the workstations (and the Administrator password on the old domain) MUST be the same as the Administrator password on the new domain 2) Do not have users logged into the computer when migrating workstations 3) On the workstation, make sure there is no "DNS Suffix" specified 4) There is something else but I can't remember it off the top of my head. Search the archives -- I've posted on this before. --Jonathan Johnson Ross McInnes wrote: >Yes I know it's a bad thing, but due to several issues I am moving from >a samba pdc to a windows 2k3 pdc > >But, im keeping samba as the file store, ive sorted it so that samba >will talk to the w2k3 pdc and auth using winbindd etc that's nps. > >But, I need to get the users and passwords off the linux/samba server >and onto the w2k3 server... > >Any ideas? Password crackers/hax methods accepted! > >Either that or it's a reset over 2000 users passwords job (my poor >fingers) > >Many thanks > >Ross > > > -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] newbie: Samba with Mysql question
Are the people who you want to connect to Samba locally on your network or will they be connecting over the Internet? Its just I don't see why you would need OpenVPN unless they were connecting over a public network. You may also want to look at http://samba.linuxforum.net/samba/docs/man/Samba-HOWTO-Collection/passdb.html#id2571894 Lonnie wrote: Greetings All, I am new to this list and currently have a Fedora 3 server set up with Samba which just needs to be configured. I would like to set up the MySQL database support for users and passwords as we have another project that will want to add entries to the Samba database so when the users are created so that they will have access to their home directories via samba. Could someone please give me a little guidance on how to set this up? I have Samba "samba-3.0.10-1.fc3" installed and my next step after getting it to function cleanly will be to install the OpenVPN software on the server so the clients will have clean and secure access through samba. Thanks for any help and guidance that you could provide to get me started on the configurations. Lonnie Cumberland -- Lee Ball 08707 45 87 14 effective it. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] vfs module license particulars
>From what I have been able to piece together from the archives of prior discussions on this topic, it appears that one cannot write a proprietary vfs module, correct? If that is true, how far does the non-proprietary nature need to extend? For instance, would it be allowed to write a vfs module which talks to Oracle to get the data which backs the filesystem rather than an actual filesystem? Even if it involves linking against Oracle's proprietary OCI library for calls into the database? Quoting from a message from the archives which I found in my searches (http://lists.samba.org/archive/samba-technical/2002-February/019881.html): "For example, a vfs plugin that links to Oracle as a backend would be GPL, but Oracle itself would not come under the GPL. This is because Oracle is a program that is of itself functional without Samba." Say I work for a company, and I wish to write a vfs driver which interfaces with the company's proprietary product. What would be a reasonably efficient mechanism to do this while not violating any license terms for samba? Would this be writing a GPL vfs module which calls into the company's proprietary libraries? This would seem to be the case if writing an Oracle vfs client is allowed, since the only mechanism for calling into Oracle from C is, AFAIK, via OCI, which is a proprietary library (either directly or indirectly, such as through ODBC). Another clarification which I believe would be beneficial to the community would be, do vfs modules have to be GPL and only GPL, or could they be instead some other OSI-approved license? Thanks for any clarification you can provide, and I hope I don't trigger some sort of licensing holy war on the list ;) -- "Experience has proved that some people indeed know everything." -- Russell Baker -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Problems with tdbsam database
Hi I am trying to set up a PDC with a tdbsam backend. I ran into problems and decided to try starting the smb user list afresh deleting the contents of the private directory, adding the samba users and converting the database using the command pdbedit -I smbpasswd -e tdbsam I get the message for all but the client$ user: the name of my test machine tdb_update_sam: Failing to store a SAM account for [username] without a primary group RID. Can anyone tell me what I have done wrong? Thanks in advance Tim -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] problem joining the domain
Hey all I have installed a new Debian 3.1, with samba 3.0.14a-3 from apt-get. I have configured samba to use the LDAP backend. I used the smbldap-populate to get my directory going. No problem until then. I currently only have 1 machine, which is also configured to be the PDC. But, I can't join that PDC to the domain, damn it. Here is what it says, debug level 2: pdc:~# net rpc join -U Administrator -d 2 [2005/08/11 07:50:26, 2] lib/interface.c:add_interface(81) added interface ip=192.168.0.100 bcast=192.168.0.255 nmask=255.255.255.0 [2005/08/11 07:50:26, 2] lib/util_sock.c:open_socket_out(789) error connecting to 192.168.0.100:445 (Connection refused) [2005/08/11 07:50:26, 1] utils/net_rpc.c:run_rpc_command(138) rpc command function failed! (NT_STATUS_ACCESS_DENIED) Password: [2005/08/11 07:50:27, 2] lib/util_sock.c:open_socket_out(789) error connecting to 192.168.0.100:445 (Connection refused) Creation of workstation account failed Unable to join domain SMBPDC. [2005/08/11 07:50:27, 2] utils/net.c:main(897) return code = 1 A netstat -an |grep 445 doesn't return anything... Any idea why it is not listening? Also, other commands are fine, such as: pdc:~# net rpc info Domain Name: ILR Domain SID: S-1-5-21-223096953-1148827292-541513073 Sequence number: 1123739472 Num users: 23 Num domain groups: 4 Num local groups: 0 That was a glimpse of the problem. Any suggestions most welcome. Thanks for your time. chap -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba