[Samba] Samba as a domain controller for Linux workstations?

[Alysson Chen]

I came across this product called Quro
http://www.resolvo.com/products/quro/index.htm

It seems to have a web-based centralised management console that
allows you to configure ldap and samba without having to edit smb.conf
file. It supposedly comes with a migration tool to migrate all NT/2000
server users profiles to a Linux server too.

Regards,
Alysson

>>Well, basically I only wanted to know how would it look if we wanted one 
>>day to switch the whole company or half of it to Linux workstations.
>>
>>So I can see, there are lots of approaches, but there are some serious 
>>problems:
>>
>>- no standard, as Samba in a Windows world (i.e., widely used)
>>- laptop users will have a problem if they are out of the company building
>>- have to engineer, build, test, everything from scratch; with Samba, 
>>90% of work is editing the smb.conf file
>>
>>What we talk about is a little not very specific to this Samba group, 
>>but certainly it is nice to hear how the things can be solved in the 
>>UNIX/Linux environment.
>>
>>-- 
>>Tomek
>>http://wpkg.org
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] More Info: Mac permission problems after Debian update

[Michael Gasch]

hi,

you mean the problem, that OSX clients are manipulating rights on the 
servers?


M$ is still investigating. we've had a lot of trouble with them. we 
could not always follow their comments, they wanted dozens of network 
traffic snapshots (always the same by the way). after that they were 
able to reproduce this even with excel, which works fine here. currently 
so they told us, they're in contact with apple. for M$ it seems to be a 
problem on the client (mac) side.


i've no hope for solving this problem ever. currently we are using cron 
scripts to adjust the rights.


greez

mark jonckheere wrote:

Michael,
Got any solutions to this.  We are confronted with the same problem only
SUSE 9.x ,Samba , W200 workstations.  Only few of them have this problem.
(exactly as how you describe it).
Mark



--
Michael Gasch
Max Planck Institute for Evolutionary Anthropology
Department of Human Evolution (IT)
Deutscher Platz 6
D-04103 Leipzig
Germany

Phone: 49 (0)341 - 3550 137
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] add user to smbpasswd

[kaupo]

code:
##
pisike:/usr/local/samba# mksmbpasswd /etc/passwd /usr/local/samba/smbpasswd
#
# SMB password file.
#
root:0:::[U  
]:LCT-:root
kaupo:1001:::[U 
 ]:LCT-:kaupo,,,
nelli:1006:::[U 
 ]:LCT-:Nelli,,,
::::[U   
   ]:LCT-:

pisike:/usr/local/samba# /etc/init.d/samba restart
Stopping Samba daemons: nmbd smbd.
Starting Samba daemons: nmbd smbd.
pisike:/usr/local/samba# smbpasswd -x kaupo
Deleted user kaupo.
pisike:/usr/local/samba# smbpasswd -a kaupo
New SMB password:
Retype new SMB password:
Added user kaupo.
pisike:/usr/local/samba# pico smbpasswd
pisike:/usr/local/samba# ls -l
total 20
drwxrwxrwx  2 root staff 4096 2005-08-31 14:07 netlogon
-rw-r--r--  1 root staff1 2005-09-01 10:33 smbpasswd
-rw-r--r--  1 root staff 5014 2005-09-01 10:32 smbpasswd.backup
-rw---  1 root staff6 2005-08-31 16:03 smbpasswd.save
pisike:/usr/local/samba#
#

Action like this (also tried "cat /etc/passwd | mksmbpasswd > 
/usr/local/samba/smbpasswd") should add users from Debian password file 
passwd to smbpasswd. It adds users, buet in password place, there are onli X 
letters. Encrypted passwords shouldn`t look like this, i think...


Just in case, i tried to delete one user, then add it again. NOTHING CHANGES 
in smbpasswd file. Some help?


here is part of my smb.conf file (the part, that matters :))


[global]
   workgroup = BDS2
   server string = Samba @ Debian Linux
   update encrypted = Yes
   smb passwd file = /usr/local/samba/smbpasswd
   passdb backend = tdbsam
   passwd program = /usr/bin/passwd %u
   unix password sync = Yes
   socket options = TCP_NODELAY IPTOS_LOWDELAY SO_RCVBUF=8192 
SO_SNDBUF=81$

   logon script = /usr/local/samba/netlogon/syslogin.bat
   domain logons = Yes
   os level = 65
   domain master = Yes
   wins support = Yes
   ldap ssl = no
   hosts allow = ALL
###


Kaupo Karuse
[EMAIL PROTECTED]
+3725580414
www.kalender.ee


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Re: Roots of Samba

[Tim Potter]

On Fri, 2005-09-02 at 02:45 +0200, Michal Kurowski wrote:

> > Anyway, I can give them my perspective, but I want them to know what an Open
> > Source project is like. Andrew Tridgell is one of or the original 
> > developer. Can
> > anyone give me brief history to tell the class?
> 
> In the source distribution there is a file:
> 
>   docs/history
> 
> It should give exactly the info you need.

There's also the 10 years of Samba document at:

http://us1.samba.org/samba/docs/10years.html


Tim.


signature.asc
Description: This is a digitally signed message part
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Samba PDC + Openldap (no database connection established after reboot)

[notinh notien]

Hi, all.  I really need your helps in determing what I did wrong.  I have 
been trying to setup Samba PDC (not using TLS at this initial stage yet) by 
hand on SLES 9.1 and did not use YAST because somehow it just did not work.


I followed all the steps from the "The Linux Samba-OpenLDAP Howto (1.10) 
from IDEALX.org) and Chapter 5 Making Happy Users from the book and a bunch 
of other papers, and finally I got something working.  I was able to do:


getent passwd
getent group
getent hosts
getent shadow

ldapsearch -x -b "dc=sample,dc=com" "(ObjectClass=*)"
slapcat


I was able to add a user using
smbldap-useradd -m -a testuser
smbldap-passwd testuser
id testuser
pdbedit -Lv testuser
pdbedit -L -v
net groupmap list
smbclient -L localhost -U%

Basically many steps recommended for testing and all the outputs are correct 
according to the example outputs.   I did turn on debbuging values for all 
components and everything seems to work ok without any errors.


So I rebooted the server and then after everything came up, I tried to do 
these testings again,
Now slapcat, ldsearch would show no outputs and the log show no error of any 
kinds (from my intepretation).


I set up everything again and backup all the config files just in case.  I 
rebooted the server and the same problem happened.



From a Linux box, I could ssh to the server and get this prompt for root:

Password:
LDAP Password:

Log for this:
Sep  1 17:13:43 Ns02 slapd[9137]: conn=218 op=0 RESULT tag=97 err=0 text=
Sep  1 17:13:43 Ns02 slapd[9137]: conn=218 op=1 SRCH base="dc=sample,dc=com" 
scope=1 deref=0 filter="(&(objectClass=posixAccount)(uid=root))"
Sep  1 17:13:43 Ns02 slapd[9137]: conn=218 op=1 SEARCH RESULT tag=101 err=32 
nentries=0 text=
Sep  1 17:13:50 Ns02 slapd[9137]: conn=219 fd=12 ACCEPT from 
IP=127.0.0.1:1745 (IP=0.0.0.0:389)


However, If I tried to logged in as the  test user then:
Password:
LDAP Password:
Password:
LDAP Password:
Password:
LDAP Password

Log for this:
Sep  1 17:11:45 Ns02 slapd[9137]: conn=217 fd=11 ACCEPT from 
IP=127.0.0.1:1742 (IP=0.0.0.0:389)
Sep  1 17:11:45 Ns02 slapd[9137]: conn=217 op=0 BIND 
dn="cn=Admin,dc=sample,dc=com" method=128
Sep  1 17:11:45 Ns02 slapd[9137]: conn=217 op=0 BIND 
dn="cn=Admin,dc=sample,dc=com" mech=SIMPLE ssf=0

Sep  1 17:11:45 Ns02 slapd[9137]: conn=217 op=0 RESULT tag=97 err=0 text=
Sep  1 17:11:45 Ns02 slapd[9137]: conn=217 op=1 SRCH base="dc=sample,dc=com" 
scope=1 deref=0 filter="(&(objectClass=posixAccount)(uid=testuser))"
Sep  1 17:11:45 Ns02 slapd[9137]: conn=217 op=1 SEARCH RESULT tag=101 err=32 
nentries=0 text=

Sep  1 17:12:30 Ns02 slapd[9137]: conn=217 fd=11 closed

I checked the /var/lib/ldap where the database for OpenLDAP and the files 
are current and exist.


I restarted samba + openldap + nmb and nothing was changed. I checked and 
restarted my firewall (no errors regarding unable to access port 139 or 445 
or 389 for that matter)

At times the log file would indicate this message:


ep  1 17:29:12 Ns02 slapd[9137]: conn=239 fd=11 ACCEPT from 
IP=127.0.0.1:1774 (IP=0.0.0.0:389)
Sep  1 17:29:12 Ns02 slapd[9137]: conn=239 op=0 BIND 
dn="cn=Admin,dc=sample,dc=com" method=128
Sep  1 17:29:12 Ns02 slapd[9137]: conn=239 op=0 BIND 
dn="cn=Admin,dc=sample,dc=com" mech=SIMPLE ssf=0

Sep  1 17:29:12 Ns02 slapd[9137]: conn=239 op=0 RESULT tag=97 err=0 text=
Sep  1 17:29:12 Ns02 slapd[9137]: conn=239 op=1 SRCH base="" scope=0 deref=0 
filter="(objectClass=*)"

Sep  1 17:29:12 Ns02 slapd[9137]: conn=239 op=1 SRCH attr=supportedControl
Sep  1 17:29:12 Ns02 slapd[9137]: conn=239 op=1 SEARCH RESULT tag=101 err=0 
nentries=1 text=
Sep  1 17:29:12 Ns02 slapd[9137]: conn=239 op=2 SRCH base="dc=sample,dc=com" 
scope=2 deref=0 filter="(&(uid=steven)(objectClass=sambaSamAccount))"
Sep  1 17:29:12 Ns02 slapd[9137]: conn=239 op=2 SRCH attr=uid uidNumber 
gidNumber homeDirectory sambaPwdLastSet sambaPwdCanChange sambaPwdMustChange 
sambaLogonTime sambaLogoffTime sambaKickoffTime cn displayName 
sambaHomeDrive sambaHomePath sambaLogonScript sambaProfilePath description 
sambaUserWorkstations sambaSID sambaPrimaryGroupSID sambaLMPassword 
sambaNTPassword sambaDomainName objectClass sambaAcctFlags sambaMungedDial 
sambaBadPasswordCount sambaBadPasswordTime sambaPasswordHistory 
modifyTimestamp sambaLogonHours modifyTimestamp
Sep  1 17:29:12 Ns02 slapd[9137]: conn=239 op=2 SEARCH RESULT tag=101 err=32 
nentries=0 text=

Sep  1 17:29:21 Ns02 slapd[9137]: conn=239 fd=11 closed

(STEVEN is a user name of an account from a XP box)
##
I tried to google the problem but nothing seemed to be anything similar to 
this problem.

And here are my config files.

#/etc/smb/smb.conf
[global]
   workgroup = SAMPLE
   server string = Ns02
   interfaces = lo, eth0
   bind interfaces only = Yes
   min password length = 7
   map to guest = Bad User
   passdb backend = ldapsam:ldap://127.0.0.1/
   enable privil

[Samba] Re: Roots of Samba

[Michal Kurowski]

kent [EMAIL PROTECTED] wrote:
> Hi all,
> 
> I have a class of Linux/OpenSource newbies and want to explain the origins of
> Samba as a typical Open Source project. My interest in Samba has grown, as 
> well
> as my implementation of Samba. I started with 3 users on one server and now 
> have
> ~2300 users in 10 buildings using Samba w/LDAP backend in a public school
> district.
> 
> Anyway, I can give them my perspective, but I want them to know what an Open
> Source project is like. Andrew Tridgell is one of or the original developer. 
> Can
> anyone give me brief history to tell the class?

In the source distribution there is a file:

  docs/history

It should give exactly the info you need.

Cheers,

-- 
Michal Kurowski
perl -e '$_=q#: 13_2: 12/o{>: 8_4) (_4: 6/2^-2; 3;-2^\2: 5/7\_/\7: 12m m::#;
y#:#\n#;s#(\D)(\d+)#$1x$2#ge;print'

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Roots of Samba

[kent]

Hi all,

I have a class of Linux/OpenSource newbies and want to explain the origins of
Samba as a typical Open Source project. My interest in Samba has grown, as well
as my implementation of Samba. I started with 3 users on one server and now have
~2300 users in 10 buildings using Samba w/LDAP backend in a public school
district.

Anyway, I can give them my perspective, but I want them to know what an Open
Source project is like. Andrew Tridgell is one of or the original developer. Can
anyone give me brief history to tell the class?

Thanks in advance.

Kent Nasveschuk
Open Source, alive and well in Wareham, MA...


-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

RE: [Samba] samba banner string

[Geoffrey Scott]

Edson Capitani wrote:
> 
> How do I do to rid of the banner  "SAMBA 3.0.14a  on Debian on sarge
> (pdcsrv)" 

This thread should answer all your questions:

http://lists.samba.org/archive/samba/2005-June/107373.html

Cheers GS

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Access Denied using samba 3.0.4 and Solaris 5.10 i386

[Hector Lopez]

Access Denied using samba 3.0.4 and Solaris 5.10 i386

I have some samba machines running freebsd without problems, two running 
Solaris and one Win NT 4 server on the same LAN.
The Solaris was done over two PC machines one a no brand Pentium III (only for 
testing)  and Other a HP Proliant, for production.

The server that has the problem is an HP Proliant ML110 G2 Tower P3.2Ghz Hot 
Plug SATA with RAID SATA controller and two *) GB SATA disks (The production 
one).
The Operating system is a Solaris, SunOS, Release = 5.10, KernelID = Generic, 
Machine = i86pc.
Samba 3.0.4 (The version that Solaris distributes in their software comanion 
cd).

The clients are Windows 2000 and some win 95/98, all can logon to all servers.
The win95/98 has not problems (We use some administrative software that run 
over DOS).
All clients can use the samba shares, upload and download files, create 
directories, etc, not is a permanent problem.

After a period of time "some" Win 2000 clients have problems using the shares 
at the HP server, the error message is Access Denied
But there are two simtoms:

1) You see the shares, you see the disk (for example M:) but you can't see the 
content, the disk don't appear as disconnected.
If you deletes the share (net use j:/delete) and reconnects if (net use j: 
\\server\share) the problem persists.
2) You can see and use the shares, you can access they using Windows, but not 
using DOS. It gives an "Access denied Error".

The only way to fix the situation is closing the current session and open a new 
one. Then you can access the shares without problems.

I detect that all windows 2000 machines logs first as the username/password 
scheme, then after a period of time changes to the guest account.

I change the default autodisconnect time for windows 2000 clients from 10 
minutes to 10 hours with (net config server /autodisconnect:600), this not fix 
the problem.

Anybody has an idea about how to fix this problem ? 

Please take in care that is not the first time that I use samba, and I search 
the web and this list for a solution before post this note.

Very thanks In Advance!!


PD, Samba Configuration and log files.



# Samba config file created using SWAT
# from 10.0.0.10 (10.0.0.10)
# Date: 2005/08/30 15:37:38

# Global parameters
[global]
workgroup = SAMBA
netbios name = SAMBA
netbios aliases = SAMBA
server string = Server
interfaces = 127.0.0.1/32, 192.168.32.1/24
bind interfaces only = Yes
min passwd length = 6
guest account = validguest
passwd program = /usr/bin/passwd
log file = /var/log/samba/log.%U
max log size = 50
time server = Yes
socket options = SO_KEEPALIVE  SO_BROADCAST TCP_NODELAY SO_RCVBUF=4096 
SO_SNDBUF=4096
load printers = No
logon script = %U.bat
logon path = \\%N\Profiles\%U
domain logons = Yes
os level = 65
preferred master = Yes
ldap ssl = no
idmap uid = 1-2
idmap gid = 1-2
template shell = /bin/sh
winbind cache time = 10
valid users = @staff
admin users = root 
read list = @staff
write list = @staff
printer admin = @staff
create mask = 0764
security mask = 0775
hosts allow = 127., 192.168.

[netlogon]
comment = Network Logon Service
path = /usr/local/samba/lib/netlogon
browseable = No
locking = No

[profiles]
comment = User's Profiles
path = /usr/local/samba/profiles
read only = No
browseable = No

[data]
comment = datos
path = /export/home/data
read list = 
read only = No
create mask = 0664
directory mask = 0775


Username = lionel

User log log.lionel

[2005/08/22 13:43:55, 1] smbd/service.c:(619)
  pclionel (10.0.0.10) connect to service data initially as user lionel (uid=0, 
gid=10) (pid 956)
[2005/08/22 13:44:36, 1] auth/auth_util.c:(822)
  User noacces in passdb, but getpwnam() fails!
[2005/08/22 13:44:36, 1] smbd/service.c:(619)
  pclionel (10.0.0.10) connect to service data initially as user lionel (uid=0, 
gid=10) (pid 956)
[2005/08/22 13:47:53, 1] auth/auth_util.c:(822)
  User noacces in passdb, but getpwnam() fails!
[2005/08/22 13:58:20, 1] smbd/service.c:(801)
  pclionel (10.0.0.10) closed connection to service data


After creating a valid Guest account validguest (I add some lines, not the full 
log) :

[2005/08/29 17:48:20, 10] lib/username.c:(530)
  user_in_list: checking user |lionel| against |@staff|




[2005/08/29 17:48:20, 6] param/loadparm.c:(2665)
  lp_file_list_changed()
  file /etc/sfw/smb.conf -> /etc/sfw/smb.conf  last mod_time: Mon Aug 29 
17:28:09 2005
  


[2005/08/29 17:48:20, 10] lib/username.c:(526)
  user_in_list: checking user lionel in list
[2005/08/29 17:48:20, 10] lib/username.c:(530)
  user_in_list: checking user |lione

Re: [Samba] net rpc vampire

[John H Terpstra]

On Thursday 01 September 2005 09:26, Julian Pilfold-Bagwell wrote:
> Ok folks, here goes:
>
>
> We have an old NT4 machine that we wish to replace as the PDC on our
> network.
>
> In it's place, we've got a dual xeon box with Mandrake LE2005 and Samba
> 3.0.13-2 and I'm currently trying to draw the accounts over with vampire.
> I'm using tdbsam as a backend.
>
> I've been through  several readme's and howto's and have created all the
> UNIX accounts, mapped unix groups to Windows groups etc and the NT4 server
> sees it as a BDC.
>
> When I run:
>
>  net rpc getsid -S NTserver -W SCHOOL -Uuser%password  (and the
> credentials aren't the real ones there)

What account name are you using?

- John T.

>
> I get:
>
> Storing SID S-1-5-WHATEVER-THE-SID-IS for Domain SCHOOL in secrets.tdb
>
> If I then run:
>
> net rpc vampire -S NTServer -W SCHOOL -Uuser%password
>
>
> it returns "could not retrieve domain trust secret"
>
>
>
>
>
> Running smb4k I can log into the domain controller and browse all the
> shares including the admin only ones so I'm sure that that name/password
> combination is fine.
>
>
> One other thing is that I get the reply "Error domain join verification
> (reused connection)" when I run "net rpc join blah blah" but according
> to the nmbd log it is functioning as a BDC - Problem?
>
> Also, I can find no way of seeing whether or not the SID was copied into
> the secrets.tdb file. Is there a way?
>
> The smb.conf is as shown below:
>
>
> [global]
> workgroup = SCHOOL
> netbios name = LINUXSERVER
> server string = Samba Server %v
> log file = /var/log/samba/log.%m
> max log size = 50
> log level = 3
> hosts allow = xxx.xxx.xxx.xx, xxx.xxx.xxx.xx
> security = user
> encrypt passwords = yes
> passdb backend = tdbsam
> unix password sync = Yes
> passwd program = /usr/bin/passwd '%u'
> passwd chat = *New*UNIX*password* %n\n *Re*ype*new*UNIX*password* %n\n \
> *passwd:*all*authentication*tokens*updated*successfully*
> socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
> remote announce = xxx.xxx.xxx.xx, xxx.xxx.xxx.xx
> domain logons = Yes
> local master = No
> domain master = No
> preferred master = No
> os level = 22
> enable privileges = yes
> name resolve order = bcast lmhost wins
> add user script = /usr/sbin/useradd -s /bin/false '%u'
> delete user script = /usr/sbin/userdel '%s'
> add user to group script = /usr/bin/gpasswd -a '%u' '%g'
> delete user from group script = /usr/bin/gpasswd -d '%u' '%g'
> set primary group script = /usr/sbin/usermod -g '%g' '%u'
> add group script = /usr/sbin/groupadd %g && getent group '%g'|awk -F:
> '{print $3}'
> delete group script = /usr/sbin/groupdel '%g'
> add machine script = /usr/sbin/useradd -d /dev/null -g machines -c "machine
> account" -s /bin/false %u
> logon path = \\%L\Profiles\%G
> logon script = %G.bat
> logon drive = n:
> logon home = \\xen\%u
> wins support = no
> wins server = xxx.xxx.xxx.xx
> dns proxy = no

-- 
John H Terpstra
Samba-Team Member
Phone: +1 (650) 580-8668

Author:
The Official Samba-3 HOWTO & Reference Guide, 2 Ed., ISBN: 0131882228
Samba-3 by Example, 2 Ed., ISBN: 0131882221X
Hardening Linux, ISBN: 0072254971
Other books in production.
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] [PATCH] 3.0.20, usermgr.exe, and setting group information

[Gerald (Jerry) Carter]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Patch URL: http://samba.org/~jerry/patches/usrmgr_groups_v1.patch

This one fixes issues when setting group information via usrmgr.exe
and 'passdb backend = ldapsam'.  The symptom in the logs
is  the dreaded "smbldap_open: cannot access LDAP when not root.."
error.  Also refer to https://bugzilla.samba.org/show_bug.cgi?id=3047

Thanks to John Janosik for pointing out the root cause of
the bug.

After some more feedback, I'll move this over to the patches
page.





cheers, jerry
=
Alleviating the pain of Windows(tm)  --- http://www.samba.org
GnuPG Key- http://www.plainjoe.org/gpg_public.asc
"I never saved anything for the swim back." Ethan Hawk in Gattaca
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.0 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFDF3n6IR7qMdg1EfYRAls1AJ9osK95w/14qWzJ1fWie1l2dC4W8QCfdVJo
MDtHp1r/s32FFRx5Y6nqzhk=
=0wSi
-END PGP SIGNATURE-
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

RE: [Samba] Wbinfo -Y couldn't work with idmap_rid for BUILTIN groups

[Li, Ying (ESG)]

A bug #3056 has been filed.

Thanks.
-Ying

> -Original Message-
> From: Gerald (Jerry) Carter [mailto:[EMAIL PROTECTED] 
> Sent: Thursday, September 01, 2005 7:18 AM
> To: Li, Ying (ESG)
> Cc: samba@lists.samba.org
> Subject: Re: [Samba] Wbinfo -Y couldn't work with idmap_rid 
> for BUILTIN groups
> 
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
> 
> Li, Ying (ESG) wrote:
> | By the way, without idmap_rid, BUILTIN group's gid can be displayed 
> | when 'winbind nested groups = No'
> 
> Ying,
> 
> Would you file a bug report for me at https://bugzilla.samba.org?
> That way the issue won't get lost in my inbox :-)
> 
> Thanks.
> 
> 
> 
> 
> cheers, jerry
> 
> -BEGIN PGP SIGNATURE-
> Version: GnuPG v1.4.0 (GNU/Linux)
> Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
> 
> iD8DBQFDFw2CIR7qMdg1EfYRAl/TAKDksTXV150X3RN1YtEAev17A1BtBgCfeR61
> o5NhLBjZ44C+If2fcSkxnNc=
> =LyFf
> -END PGP SIGNATURE-
> 
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] net rpc vampire

[Julian Pilfold-Bagwell]

Ok folks, here goes:


We have an old NT4 machine that we wish to replace as the PDC on our network.

In it's place, we've got a dual xeon box with Mandrake LE2005 and Samba 
3.0.13-2 and I'm currently trying to draw the accounts over with vampire. I'm 
using tdbsam as a backend.

I've been through  several readme's and howto's and have created all the UNIX 
accounts, mapped unix groups to Windows groups etc and the NT4 server sees it 
as a BDC.

When I run:

 net rpc getsid -S NTserver -W SCHOOL -Uuser%password  (and the 
credentials aren't the real ones there)

I get:

Storing SID S-1-5-WHATEVER-THE-SID-IS for Domain SCHOOL in secrets.tdb

If I then run:

net rpc vampire -S NTServer -W SCHOOL -Uuser%password


it returns "could not retrieve domain trust secret" 





Running smb4k I can log into the domain controller and browse all the shares 
including the admin only ones so I'm sure that that name/password combination 
is fine.


One other thing is that I get the reply "Error domain join verification 
(reused connection)" when I run "net rpc join blah blah" but according to 
the nmbd log it is functioning as a BDC - Problem?

Also, I can find no way of seeing whether or not the SID was copied into the 
secrets.tdb file. Is there a way?

The smb.conf is as shown below:


[global]
workgroup = SCHOOL
netbios name = LINUXSERVER
server string = Samba Server %v
log file = /var/log/samba/log.%m
max log size = 50
log level = 3
hosts allow = xxx.xxx.xxx.xx, xxx.xxx.xxx.xx
security = user
encrypt passwords = yes
passdb backend = tdbsam 
unix password sync = Yes
passwd program = /usr/bin/passwd '%u'
passwd chat = *New*UNIX*password* %n\n *Re*ype*new*UNIX*password* %n\n \
*passwd:*all*authentication*tokens*updated*successfully*
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
remote announce = xxx.xxx.xxx.xx, xxx.xxx.xxx.xx
domain logons = Yes
local master = No
domain master = No
preferred master = No
os level = 22
enable privileges = yes
name resolve order = bcast lmhost wins
add user script = /usr/sbin/useradd -s /bin/false '%u'
delete user script = /usr/sbin/userdel '%s'
add user to group script = /usr/bin/gpasswd -a '%u' '%g'
delete user from group script = /usr/bin/gpasswd -d '%u' '%g'
set primary group script = /usr/sbin/usermod -g '%g' '%u'
add group script = /usr/sbin/groupadd %g && getent group '%g'|awk -F: '{print 
$3}'
delete group script = /usr/sbin/groupdel '%g'
add machine script = /usr/sbin/useradd -d /dev/null -g machines -c "machine 
account" -s /bin/false %u 
logon path = \\%L\Profiles\%G
logon script = %G.bat
logon drive = n:
logon home = \\xen\%u
wins support = no
wins server = xxx.xxx.xxx.xx
dns proxy = no
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] More Info: Mac permission problems after Debian update

[mark jonckheere]

Michael,
Got any solutions to this.  We are confronted with the same problem only
SUSE 9.x ,Samba , W200 workstations.  Only few of them have this problem.
(exactly as how you describe it).
Mark
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Cannot upload >2Gb file to samba server - solved

[Mark Cooke]

On Mon, 2005-08-29 at 21:47 +0100, Mark Cooke wrote:
> > On Monday 29 August 2005 08:50, Andrey V. Romanchev wrote:
> > > I use samba on my embedded Linux-2.4.24 (uclibc-0.9.27, samba - 3.0.11)
> > > box and meet subj problem.

> Prime candidates for the problem with large files will be either how
> samba 3.0.11 was compiled or uclibc.  uclibc does need large file
> support explicitly enabling (according to a quick google).

Turns out it was a cross-compile issue, and adding -D_LARGEFILE64_SOURCE
-D_FILE_OFFSET_BITS=64 to CFLAGS wen compiling samba was the solution.

Cheers,

Mark

-- 
Mark Cooke <[EMAIL PROTECTED]>

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Samba 3.0.14a on HPUX 11.00

[Jesse Waters]

Hello all,

 Having trouble accessing samba shares on the hpux boxes from windows
machines.
After starting smbd, nmbd, & winbindd I receive these errors in the
log.smbd file.

Log.smbd
[2005/09/01 09:40:44, 0] auth/auth_util.c:make_server_info_info3(1195)
  make_server_info_info3: pdb_init_sam failed!

I am able to wbinfo -t, -g, & -u without any issues. 

Any help will be appriciated

Jesse Waters
Timco 







This is a custom compile with gcc-3.3.2 options used:

./configure --prefix=/usr/local/samba-3.0.14a \
--with-krb5 \
--with-ads \
--with-libiconv=/usr/local \
--with-quotas \
--with-winbind \
--with-pam \
--with-sendfile-support \
--with-shared-modules=idmap_rid \
--without-swat

db 4.2.52
flex 2.5.4a
gettext 0.12
libiconv 1.9
gmake 3.80
Ncurses 5.4
Perl 5.8.2


smb.conf
[globals]  
realm   = TIMCO.AERO   
workgroup   = AERO 
security= DOMAIN   
server string   = HP DEV   
encrypt passwords   = yes  
password server = 10.114.1.15, 10.114.1.17 
username map= /usr/local/samba/lib/smbusers
guest account   = smbnull  
load printers   = no   

   
dns proxy   = no   
wins server = 10.114.1.15  
wins proxy  = no   

### WINBIND
winbind use default domain = no
winbind enum users  = yes  
winbind enum groups = yes  
winbind separator   = +
idmap uid   = 1-5  
idmap gid   = 1-5  
template shell  = /usr/sbin/ksh
template homedir= /home/%U 

[homes] 
comment = User DATA 
valid users = %S
read only   = no
browseable  = no

[tmp]   
comment = TEMP  
path= /tmp  
guest ok= yes   
case sensitive  = yes   
browseable  = yes   




--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Samba - PDC(Windows 2003) connection trouble

[av.podrezov]

Hello.
We have squid proxy server with ntlm authentication and 20 trusted domains.
All work fine, but sometimes winbind stop authenticate users and squid restart.

OS: Linux 2.4.30
Samba: 3.0.14a 
Kerberos: krb5-1.4
Squid: 2.5.Stable10 


2005/08/31 at 17:02:30 run commands:

/usr/bin/wbinfo -a 'department\tmpuser'%'xx'
plaintext password authentication failed
Could not authenticate user department\tmpuser%xx with plaintext password

/usr/bin/ntlm_auth --username=tmpuser --domain=department --password=xx
could not obtain winbind separator!


After several minutes all work fine again.


winbind log:
...
[2005/08/31 17:02:30, 0] rpc_client/cli_pipe.c:rpc_api_pipe(435)
  cli_pipe: return critical error. Error was Call timed out: server did not 
respond after 1 milliseconds
[2005/08/31 17:02:30, 3] nsswitch/winbindd_cm.c:connection_ok(724)
  Connection to  for domain DEPARTMENT (pipe \PIPE\NETLOGON) has died or was 
never started (fd == -1)
...


windows 2003 log:
Event Type: Failure Audit 
Event Source: Security 
Event Category: Account Logon 
Event ID: 675 
Date: 31.08.2005 
Time: 17:02:30 
User: NT AUTHORITY\SYSTEM 
Computer: PDC 
Description: 
Pre-authentication failed: 
User Name: tmpuser$ 
User ID: DEPARTMENT\tmpuser$ 
Service Name: krbtgt/DEPARTMENT.COMPANY.COM 
Pre-Authentication Type: 0x0 
Failure Code: 0x19 
Client Address: 1.2.3.4


smb.conf:

[global]
   hosts allow = 1. 127.
   interfaces = 1.2.3.4/24 
   socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 
   load printers = no
   guest account = nobody
   log file = /var/log/samba.%m
   log level = 4 passdb:5 auth:10 winbind:4 
   max log size = 102400
   unix charset = UTF8
   display charset = ASCII
   syslog = 0
   server string = proxy
   netbios name = PROXY
   security = ads
   workgroup = DEPARTMENT
   realm = DEPARTMENT.COMPANY.COM
   password server = PDC BDC 
   allow trusted domains = yes
   client use spnego = yes 
   local master = no
   domain master = no
   preferred master = no
   domain logons = no
   wins support = no
   wins server = 1.2.3.5
   dns proxy = no
   disable netbios = no
   auth methods = winbind
   winbind use default domain = no
   winbind uid = 1-10
   winbind gid = 1-10
   winbind enum users = yes
   winbind enum groups = yes


krb5.conf:

[libdefaults]
default_realm = DEPARTMENT.COMPANY.COM
dns_lookup_realm = true
dns_lookup_kdc = true
[realms]
DEPARTMENT.COMPANY.COM = {
tcp/kdc = pdc.department.company.com
admin_server = pdc.department.company.com
}
[domain_realms]
.department.company.com = DEPARTMENT.COMPANY.COM
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] samba 3.0.14 fails on boot, getpwnam cannot find nobody

[Huw Blackwell]

I have been trying to get a share running for public access to part of a 
workstations hard disk. Realise now that this is not possible at 
userlevel security without a username, password pair. Part of my playing 
around involved creating on the machine user nobody, then setting guest 
account = nobody in samba.conf. Once realising i needed a passwrd pair I 
 smbpasswd -X nobody and then userdel nobody from my machine as a 
prefix to setting up a valid user/pssword. Now samba fails on boot with 
the log reading


auth/auth_util.c:make_server_info_sam(840)
User nobody in passdb but getpwnam() fails!

Checking passdb with pdbedit shows no users present

This problem is solved by creating a user account on the machine 
(useradd nobody), but I don't want spare users floating around as they 
are a security risk, particularly with such an obvious username.


I am running gentoo linux

Thanks for any help in this matter.

Huw
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] net ads join error

[Sanjay Upadhyay]

I have seen that reinstalling the samba works for me... dont know why
although... I take the binaries from the Samba Site..


+++ Gerald (Jerry) Carter [Sat, Aug 27, 2005 at 10:41:46AM -0500]:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
> 
> Guille wrote:
> | Hi,
> |
> | You are not alone with regards to this error message joining FC4 to Win2k
> | ADS.
> | I got this after I joined.
> 
> It's bugs in the e2fsprogs + krb5 libs shipped on FC4.
> You'll have to talk to the Fedora folks to get this fixed.
> I've confirmed with some RedHat developers that this is not
> our bug.
> 
> ...
> |  *** glibc detected *** /usr/bin/net: free(): invalid
> | pointer: >0x00fe0db0 ***
> | === Backtrace: = /lib/libc.so.6[0x1a6424]
> | /lib/libc.so.6(__libc_free+0x77)[0x1a695f]
> | /lib/libcom_err.so.2(remove_error_table+0x4b)[0x140abb]
> | /usr/lib/libkrb5.so.3[0xf7e8c4]
> | /usr/lib/libkrb5.so.3[0xf7e5c7]
> | /usr/lib/libkrb5.so.3[0xfcf9da]
> | /lib/ld-linux.so.2[0x82a058]
> | /lib/libc.so.6(exit+0xc5)[0x16dc69]
> | /lib/libc.so.6(__libc_start_main+0xce)[0x157dee]
> | /usr/bin/net[0x8e70f1]
> | === Memory map: 
> 
> 
> 
> 
> cheers, jerry
> -BEGIN PGP SIGNATURE-
> Version: GnuPG v1.4.0 (GNU/Linux)
> Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
> 
> iD8DBQFDEIm6IR7qMdg1EfYRAritAKDiFU1/vBE/1bG5+XNA+C01iRRXLwCfaGhi
> F4o8vXRA0kSyjwEWfsbQnRI=
> =GnaH
> -END PGP SIGNATURE-
> -- 
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/listinfo/samba

-- 
==
Warp 7 -- It's a law we can live with.
==
 Sanjay Upadhyay
 http://supadhyay.blogspot.com

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] removal from Samba list

[Chris Cejka]

Hello everyone,

 

Can anyone tell me how I can get removed from the Samba list?

 

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Samba-console

[Sérgio A P Ferreira]

Hi all,

Somebody has a howto or some documentation to install Samba-console, IMC
-Idealx graphical interface for a Debian Distro? There is another good one
for this purpose?

Any suggestions about this topic will be wellcome.

Thanks,

Sergio

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] removal from Samba list

[William Pope]

Go to https://lists.samba.org/mailman/listinfo/samba
and fill out the unsubscribe information


Chris Cejka wrote:


Hello everyone,



Can anyone tell me how I can get removed from the Samba list?



 



--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Vampire and smbusers map file

[Julian Pilfold-Bagwell]

Hi All,

I've solved the capital letter NT username problem from the earlier
post but still can't get Vampire to pull across accounts with
numerical IDs (about 700 of them).


Does vampire allow the mapping of UNIX to NT ID's during the transfer
or am I stuffed.

Thanks,

Joolz
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Administrators and Users Rights for Windows workstations

[Edgar Fonseca]

Hi,

The error when the user of Administrators group was log in was caused for 
other things, sorry for my precipitation. It was the nscd daemon, sometimes 
he causes strange results.

I'm thinking about the strange comportament of logged users. If the user is 
in Administrators group (created on LDAP) the user can log in but he doesn't 
Administrator. He has limited privileges. I'm not sure yet, but I thing that 
he is Power User. I'm really not sure.

Edgar


2005/9/1, Paul Gienger <[EMAIL PROTECTED]>:
> 
> > I having a problem with rights in Windows workstations. I want that all
> > users can be administrators of yours stations when they are logged in 
> your
> > stations, but I don't want that they can see the share C$ of other 
> > stations.
> > They can see this because they are administrators of the domain.
> > They have primary group "Domain Admins". If I try put the users on
> > "Administrators" group, they can't logon. 
> 
> Since this is the more 'proper' way to do it, lets find out why they can't
> log in under this condition. What kind of errors do you get here?
> 
> > If I try put them on "Domain
> > Users" group, they aren't administrators. If I put them in 
> > "Administrators"
> > (primary group) and "Domain Users", they aren't administrators.
> 
> How are you making this their primary group?? Administrators should be a
> local group and you shouldn't be able to make a network users's primary 
> group a local group unless you're doing something horribly wrong (by
> convention).
> 
> > The only
> > possibility for the users log as administrators is that they are 
> inserted
> > in
> > "Domain Admins" group. 
> > The problem is the C$. We thinking about use a script to remove this 
> share
> > from Windows, but I'm not sure about if this solution is the best.
> > Does someone know about any solution for this problem? 
> >
> > I'm using samba 3.0.14 + LDAP
> >
> > Thanks
> >
> > Edgar
> > --
> > To unsubscribe from this list go to the following URL and read the
> > instructions: https://lists.samba.org/mailman/listinfo/samba
> 
>
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Administrators and Users Rights for Windows workstations

[Edgar Fonseca]

Hi,

When the users are in Administrators group, they can map the C$ of all 
domain, even if they doesn't in "Domain Admins" group. Is it correct?
If it's correct, I can't do this, because they can map.
But your idea can be used on Power Users (I think). Because I don't want 
that the users be administrators, I want that they can do administratives 
works (example: install programs). I hadn't explain right, sorry.
I was talking about it with other frinds, I think that other solution is put 
the users on "Domain Users" group and run a .reg , built with poledit, for 
push this file and give permission of install and others (many others) to 
users.

Edgar

2005/9/1, [EMAIL PROTECTED] <[EMAIL PROTECTED] 
>:
> 
>  Hi,
>  it's simple:
> 1.) put all users in YOURDOMAIN\Domain Users or YOURDOMAIN\Workstation 
> Admins or what you would like
> 2.) put this group (YOURDOMAIN\Domain Users, YOURDOMAIN\Workstation 
> Admins) into the local group
>  Administrators of each Workstation (you may use vbscript to automate 
> this...)
>   Mit freundlichem Gruß, 
> 
> 
> Dirk Laurenz 
> Systems Engineer 
> PSO - Professional Service Organisation 
> Fujitsu Siemens Computers 
> Hildesheimer Strasse 25 
> 30880 Laatzen 
> Germany 
> Telephone: +49 (511) 84 89 - 18 08 
> Telefax: +49 (511) 84 89 - 25 18 08 
> Mobile: +49 (170) 22 10 781 
> Email: mailto:[EMAIL PROTECTED]<[EMAIL PROTECTED]> 
> Internet: 
> http://www.fujitsu-siemens.com
>  
> http://www.fujitsu-siemens.de/rl/servicesupport/itdienstleistungen/competencecenter.html
>  
> 
> ***
>  
> 
> --
> *Von:* [EMAIL PROTECTED] im 
> Auftrag von Edgar Fonseca
> *Gesendet:* Do 01.09.2005 16:23
> *An:* samba@lists.samba.org
> *Betreff:* [Samba] Administrators and Users Rights for Windows 
> workstations
> 
>  Hello,
> 
> I having a problem with rights in Windows workstations. I want that all
> users can be administrators of yours stations when they are logged in your
> stations, but I don't want that they can see the share C$ of other 
> stations.
> They can see this because they are administrators of the domain.
> They have primary group "Domain Admins". If I try put the users on
> "Administrators" group, they can't logon. If I try put them on "Domain
> Users" group, they aren't administrators. If I put them in 
> "Administrators"
> (primary group) and "Domain Users", they aren't administrators. The only
> possibility for the users log as administrators is that they are inserted 
> in
> "Domain Admins" group.
> The problem is the C$. We thinking about use a script to remove this share
> from Windows, but I'm not sure about if this solution is the best.
> Does someone know about any solution for this problem?
> 
> I'm using samba 3.0.14 + LDAP
> 
> Thanks
> 
> Edgar
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/listinfo/samba 
> 
>
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Samba 3.0.14a on HPUX 11.00

[Jesse Waters]

Hello all,

Having trouble accessing samba shares on the hpux boxes from windows machines.
After starting smbd, nmbd, & winbindd I receive these errors in the
log.smbd file.

Log.smbd
[2005/09/01 09:40:44, 0] auth/auth_util.c:make_server_info_info3(1195)
  make_server_info_info3: pdb_init_sam failed!

I am able to wbinfo -t, -g, & -u without any issues. 

Any help will be appriciated

Jesse Waters

This is a custom compile with gcc-3.3.2 options used:

./configure --prefix=/usr/local/samba-3.0.14a \
--with-krb5 \
--with-ads \
--with-libiconv=/usr/local \
--with-quotas \
--with-winbind \
--with-pam \
--with-sendfile-support \
--with-shared-modules=idmap_rid \
--without-swat

db 4.2.52
flex 2.5.4a
gettext 0.12
libiconv 1.9
gmake 3.80
Ncurses 5.4
Perl 5.8.2


smb.conf
[globals]  
realm   = TIMCO.AERO   
workgroup   = AERO 
security= DOMAIN   
server string   = HP DEV   
encrypt passwords   = yes  
password server = 10.114.1.15, 10.114.1.17 
username map= /usr/local/samba/lib/smbusers
guest account   = smbnull  
load printers   = no   

   
dns proxy   = no   
wins server = 10.114.1.15  
wins proxy  = no   

### WINBIND
winbind use default domain = no
winbind enum users  = yes  
winbind enum groups = yes  
winbind separator   = +
idmap uid   = 1-5  
idmap gid   = 1-5  
template shell  = /usr/sbin/ksh
template homedir= /home/%U 

[homes] 
comment = User DATA 
valid users = %S
read only   = no
browseable  = no

[tmp]   
comment = TEMP  
path= /tmp  
guest ok= yes   
case sensitive  = yes   
browseable  = yes
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] USRMGR.EXE doesn't work anymore.

[Gerald (Jerry) Carter]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Umberto Zanatta wrote:
| Hi,
|
| my test system is a w2k server. my server is a SLES8 with Samba 3.0.20
| (I get it from ftp.sernet.de).
|
| I've tried to start srvmgr: same result!
|
| it says: «Il servizio Server non è avviato» - I can translate in: «The
| service Server is not start».
|
| There are some strange randoms errors on smbd (but not when usrmgr e
| srvmgr starts):
|
| Sep  1 20:44:41 provtvlp smbd[7699]:   Failed to setup RT_SIGNAL_LEASE
| handler
| Sep  1 20:44:41 provtvlp smbd[7699]: [2005/09/01 20:44:41, 0,
| effective(0, 0), real(0, 0)]
| smbd/notify_kernel.c:kernel_notify_init(224)
|
| On other way samba is working better than old one.

So I'm confused.  What is not working in 3.0.20 after
applying the patches at http://www.samba.org/samba/patches/ ?




cheers, jerry
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.0 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFDF1H/IR7qMdg1EfYRAvxqAKCDe/LbKWHsLNLOk9q+sok4hk3TfACffTSM
SQZC1Yb/ducNZ3YIs18y6uY=
=xK/A
-END PGP SIGNATURE-
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] USRMGR.EXE doesn't work anymore.

[Umberto Zanatta]

Hi,

my test system is a w2k server. my server is a SLES8 with Samba 3.0.20
(I get it from ftp.sernet.de).

I've tried to start srvmgr: same result!

it says: «Il servizio Server non è avviato» - I can translate in: «The
service Server is not start».

There are some strange randoms errors on smbd (but not when usrmgr e
srvmgr starts):

Sep  1 20:44:41 provtvlp smbd[7699]:   Failed to setup RT_SIGNAL_LEASE
handler
Sep  1 20:44:41 provtvlp smbd[7699]: [2005/09/01 20:44:41, 0,
effective(0, 0), real(0, 0)]
smbd/notify_kernel.c:kernel_notify_init(224)

On other way samba is working better than old one.

thanks.

Il giorno gio, 01/09/2005 alle 06.43 -0500, Gerald (Jerry) Carter ha
scritto:

> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
> 
> ok Folks
> 
> I've tried but cannot reproduce this.  The REG_CREATE_EX
> failure is during a domain logon from Windows XP.  The
> client is trying to create
> 
> [System\CurrentControlSet\Control\Terminal Server\
> DefaultUserConfiguration]
> 
> I can fix this, but it appears to have nothing to do
> with user manager.  Until I get those logs or a faw
> network sniff of the connection failure, I'm stuck.
> 
> 
> 
> 
> 
> cheers, jerry
> 
> 
> -BEGIN PGP SIGNATURE-
> Version: GnuPG v1.4.0 (GNU/Linux)
> Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
> 
> iD8DBQFDFulZIR7qMdg1EfYRArG8AKC4ciUg01uELfBdcSbbZKrF+9kD3ACeP7SW
> 3sG3s43tc1vrKj/5VfzPe+Q=
> =HMRV
> -END PGP SIGNATURE-
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] ldap guest account mapping looks broken

[Eric A. Hall]

Judging from these lines in the log.smbd file:

| [2005/09/01 01:00:02, 4] lib/smbldap.c:smbldap_open(869)
|   The LDAP server is succesfully connected
| [2005/09/01 01:00:02, 4] passdb/pdb_ldap.c:ldapsam_getsampwnam(1335)
|   ldapsam_getsampwnam: Unable to locate user [] count=0

and the detailed output from ldap log file:

| Sep  1 01:00:02 rhino slapd[8360]: conn=123 op=2 SRCH
| base="dc=labs,dc=ntrg,dc=com" scope=2 deref=0
| filter="(&(?=undefined)(objectClass=sambaSamAccount))"

it would indeed appear that the "(?=undefined)" LDAP search filter is
being generated by pdb_ldap.c but a grep through that file doesn't return
any obvious hits

Anybody got any suggestions here?


On 9/1/2005 1:18 AM, Eric A. Hall wrote:
> I'm running the samba-3.0.20-0.1 SUSE RPM. I was using the
> version that came with 9.3 but upgraded to see if this specific
> problem would go away.
> 
> Guest access does not appear to be working correctly, and it looks
> like the problem is due to guest not getting mapped into the LDAP
> query correctly.
> 
> Specifically, I can login with local account, join workstation to the
> domain, browse shares, and everything else that requires
> authentication, but cannot login to domain nor browse the domain in
> explorer or anything else that requires guest access.
> 
> Looking at the smbd log with loglevel 4 shows:
> 
> [2005/09/01 01:00:02, 3] libsmb/ntlmssp.c:ntlmssp_server_auth(606)
>   Got user=[] domain=[] workstation=[RHINO-VM-PC-1] len1=1 len2=0
> [2005/09/01 01:00:02, 3] smbd/sec_ctx.c:push_sec_ctx(256)
>   push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
> [2005/09/01 01:00:02, 3] smbd/uid.c:push_conn_ctx(388)
>   push_conn_ctx(0) : conn_ctx_stack_ndx = 0
> [2005/09/01 01:00:02, 3] smbd/sec_ctx.c:set_sec_ctx(288)
>   setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
> [2005/09/01 01:00:02, 3] smbd/sec_ctx.c:pop_sec_ctx(386)
>   pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
> [2005/09/01 01:00:02, 3] auth/auth.c:check_ntlm_password(219)
>   check_ntlm_password:  Checking password for unmapped user
> [EMAIL PROTECTED] with the new password interface
> [2005/09/01 01:00:02, 3] auth/auth.c:check_ntlm_password(222)
>   check_ntlm_password:  mapped user is: [EMAIL PROTECTED]
> [2005/09/01 01:00:02, 3] smbd/sec_ctx.c:push_sec_ctx(256)
>   push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
> [2005/09/01 01:00:02, 3] smbd/uid.c:push_conn_ctx(388)
>   push_conn_ctx(0) : conn_ctx_stack_ndx = 0
> [2005/09/01 01:00:02, 3] smbd/sec_ctx.c:set_sec_ctx(288)
>   setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
> [2005/09/01 01:00:02, 2] lib/smbldap.c:smbldap_open_connection(630)
>   smbldap_open_connection: connection opened
> [2005/09/01 01:00:02, 3] lib/smbldap.c:smbldap_connect_system(805)
>   ldap_connect_system: succesful connection to the LDAP server
> [2005/09/01 01:00:02, 4] lib/smbldap.c:smbldap_open(869)
>   The LDAP server is succesfully connected
> [2005/09/01 01:00:02, 4] passdb/pdb_ldap.c:ldapsam_getsampwnam(1335)
>   ldapsam_getsampwnam: Unable to locate user [] count=0
> [2005/09/01 01:00:02, 3] smbd/sec_ctx.c:pop_sec_ctx(386)
>   pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
> [2005/09/01 01:00:02, 3] auth/auth_sam.c:check_sam_security(260)
>   check_sam_security: Couldn't find user '' in passdb.
> [2005/09/01 01:00:02, 2] auth/auth.c:check_ntlm_password(317)
>   check_ntlm_password:  Authentication for user [] -> [] FAILED with
> error NT_STATUS_NO_SUCH_USER
> 
> Looking in the slapd log with loglevel 256 shows:
> 
> Sep  1 01:00:02 rhino slapd[8360]: conn=123 fd=28 ACCEPT from
> IP=207.65.71.3:55418 (IP=0.0.0.0:389)
> Sep  1 01:00:02 rhino slapd[8360]: conn=123 op=0 BIND
> dn="***hidden***" method=128
> Sep  1 01:00:02 rhino slapd[8360]: conn=123 op=0 BIND
> dn="uid=root,ou=Users,dc=labs,dc=ntrg,dc=com" mech=SIMPLE ssf=0
> Sep  1 01:00:02 rhino slapd[8360]: conn=123 op=0 RESULT tag=97 err=0
> text=
> Sep  1 01:00:02 rhino slapd[8360]: conn=123 op=1 SRCH base="" scope=0
> deref=0 filter="(objectClass=*)"
> Sep  1 01:00:02 rhino slapd[8360]: conn=123 op=1 SRCH
> attr=supportedControl
> Sep  1 01:00:02 rhino slapd[8360]: conn=123 op=1 SEARCH RESULT tag=101
> err=0 nentries=1 text=
> Sep  1 01:00:02 rhino slapd[8360]: conn=123 op=2 SRCH
> base="dc=labs,dc=ntrg,dc=com" scope=2 deref=0
> filter="(&(?=undefined)(objectClass=sambaSamAccount))"
> Sep  1 01:00:02 rhino slapd[8360]: conn=123 op=2 SRCH attr=uid
> uidNumber gidNumber homeDirectory sambaPwdLastSet sambaPwdCanChange
> sambaPwdMustChange sambaLogonTime sambaLogoffTime sambaKickoffTime cn
> displayName sambaHomeDrive sambaHomePath sambaLogonScript
> sambaProfilePath description sambaUserWorkstations sambaSID
> sambaPrimaryGroupSID sambaLMPassword sambaNTPassword sambaDomainName
> objectClass sambaAcctFlags sambaMungedDial sambaBadPasswordCount
> sambaBadPasswordTime sambaPasswordHistory modifyTimestamp
> sambaLogonHours modifyTimestamp
> Sep  1 01:00:02 rhino slapd[8360]: conn=123 op=2 SEARCH RESULT tag=101
> err=0 nentries=0 text=
> Sep  1 01:00:13 rhino 

Re: [Samba] ?The network name cannot be found?

[felipe]

Just a complemention: If I put smith in the admins users (under global), smith
can login. Strange. Any idea?

after:
admin users = john
before:
admin users = john, smith

Felipe.



- Mensagem de [EMAIL PROTECTED] -
   Data: Thu, 01 Sep 2005 14:43:43 -0300
   De: [EMAIL PROTECTED]
Endereço para Resposta (Reply-To): [EMAIL PROTECTED]
Assunto: [Samba] ?The network name cannot be found?
 Para: samba@lists.samba.org



Hi,

I'm running samba-3.0.14a_1,1 under FreeBSD 5.4-STABLE. I migrated
all my data
from samba 2 to samba 3, and I'm having a problem with some users.

For example, user john can login perfectly to the network. It´s ok. But user
smith not, him get the error ?The network name cannot be found?. But all
configurations of john and smith are the same. I found this on Samba Official
Hanbook:

?The network name cannot be found?
This error can be caused by one of these misconfigurations:

You specified a nonexisting path for the share in smb.conf.

The user you are trying to access the share with does not have sufficient
permissions to access the path for the share. Both read (r) and access (x)
should be possible.

The share you are trying to access does not exist.


But everything is ok and I still getting this erros. Take a look for this
comparations between john and smith:

su-2.05b# ls -laF /data | grep john
drwx--   2 john john  512 Sep  1 11:57 john/
su-2.05b# ls -laF /data | grep valdinei
drwx--   2 smithsmith 512 Sep  1 14:25 smith/

su-2.05b# ls -laF /data/PROFILES/ | grep john
drwx--   3 john john  512 Sep  1 14:28 john/
su-2.05b# ls -laF /data/PROFILES/ | grep smith
drwx--   2 smithsmith 512 Sep  1 14:25 smith/

Does anybody knows what does it could be?

Take a look at my smb.conf:

[global]
   netbios name = SERVER
   workgroup = ASD
   server string = MY FILESERVER
   passdb backend = smbpasswd
   os level = 255
   preferred master = yes
   domain master = yes
   local master = yes
   security = user
   domain logons = yes
   logon path = \\%N\profiles\%U
   logon drive = H:
   logon home = \\homeserver\%U\winprofile
   admin users = john
   time server = yes
   logon script = %u.bat
[netlogon]
   path = /data/NETLOGON
   writable = no
   browseable = no
[profiles]
   path = /data/PROFILES
   browseable = no
   writable = yes
   create mask = 0660
   directory mask = 0770
[homes]
   read only = no
   browseable = no
   guest ok = no
   map archive = yes
[fullaccess]
   comment = Full Access
   writable = yes
   path = /data/SHARE/fullaccess
   create mode = 0666
   force create mode = 0666
   directory mode = 0777
   force directory mode = 0777
[one]
   comment = one
   writable = yes
   valid users = @one
   path = /data/SHARE/one
   create mode = 0660
   force create mode = 0660
   directory mode = 0770
   force directory mode = 0770
[two]
   comment = two
   writable = yes
   valid users = @two
   path = /data/SHARE/two
   create mode = 0660
   force create mode = 0660
   directory mode = 0770
   force directory mode = 0770

Thank u,

Felipe.



--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba




- Final da mensagem de [EMAIL PROTECTED] -





--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] ?The network name cannot be found?

[felipe]

Hi,

I'm running samba-3.0.14a_1,1 under FreeBSD 5.4-STABLE. I migrated all my data
from samba 2 to samba 3, and I'm having a problem with some users.

For example, user john can login perfectly to the network. It´s ok. But user
smith not, him get the error ?The network name cannot be found?. But all
configurations of john and smith are the same. I found this on Samba Official
Hanbook:

?The network name cannot be found?
This error can be caused by one of these misconfigurations:

You specified a nonexisting path for the share in smb.conf.

The user you are trying to access the share with does not have sufficient
permissions to access the path for the share. Both read (r) and access (x)
should be possible.

The share you are trying to access does not exist.


But everything is ok and I still getting this erros. Take a look for this
comparations between john and smith:

su-2.05b# ls -laF /data | grep john
drwx--   2 john john  512 Sep  1 11:57 john/
su-2.05b# ls -laF /data | grep valdinei
drwx--   2 smithsmith 512 Sep  1 14:25 smith/

su-2.05b# ls -laF /data/PROFILES/ | grep john
drwx--   3 john john  512 Sep  1 14:28 john/
su-2.05b# ls -laF /data/PROFILES/ | grep smith
drwx--   2 smithsmith 512 Sep  1 14:25 smith/

Does anybody knows what does it could be?

Take a look at my smb.conf:

[global]
netbios name = SERVER
workgroup = ASD
server string = MY FILESERVER
passdb backend = smbpasswd
os level = 255
preferred master = yes
domain master = yes
local master = yes
security = user
domain logons = yes
logon path = \\%N\profiles\%U
logon drive = H:
logon home = \\homeserver\%U\winprofile
admin users = john
time server = yes
logon script = %u.bat
[netlogon]
path = /data/NETLOGON
writable = no
browseable = no
[profiles]
path = /data/PROFILES
browseable = no
writable = yes
create mask = 0660
directory mask = 0770
[homes]
read only = no
browseable = no
guest ok = no
map archive = yes
[fullaccess]
comment = Full Access
writable = yes
path = /data/SHARE/fullaccess
create mode = 0666
force create mode = 0666
directory mode = 0777
force directory mode = 0777
[one]
comment = one
writable = yes
valid users = @one
path = /data/SHARE/one
create mode = 0660
force create mode = 0660
directory mode = 0770
force directory mode = 0770
[two]
comment = two
writable = yes
valid users = @two
path = /data/SHARE/two
create mode = 0660
force create mode = 0660
directory mode = 0770
force directory mode = 0770

Thank u,

Felipe.



--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] USRMGR.EXE doesn't work anymore.

[Gerald (Jerry) Carter]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Thomas Bork wrote:
| Gerald (Jerry) Carter wrote:
|
|> failure error though.  I've also gone ahead and added
|> the registry key to the Samba's registry.tdb file in
|> the patch posted at http://www.samba.org/samba/patches/
|
| The only error message in the samba logs while joining
| the 3.0.20 samba domain with XP SP2 is now:
|
| [2005/09/01 18:55:09.745874, 0, pid=26389]
| rpc_server/srv_samr.c:api_samr_set_userinfo(786)
|   api_samr_set_userinfo: Unable to unmarshall SAMR_Q_SET_USERINFO.

That's normal.  It's an unsupported info level and has been
there for a while now.

Glad the other part worked out ok.




cheers, jerry

-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.0 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFDFzaeIR7qMdg1EfYRAukEAJ9F0ke87AMLn/FIr4Y6/BTvNkrCJwCdFBfc
jBVUmcI2TrYTcc6MTezasjE=
=MsYL
-END PGP SIGNATURE-
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] USRMGR.EXE doesn't work anymore. cant reproduce it

[Gerald (Jerry) Carter]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Robert Schetterer wrote:
| Hi Folks,
|
| i had doubled checked any procedure with usrmgr
| with smb pdc ldap on suse 9.3 latest stable samba version 3.20 from suse
| so i have no failures with create user, delete user,
| create groups, delete Groups, and add/del  users to group
| so i am total happy.
| Are you sure about this failure, i cant reproduce it

I'm in the same boat.  Everything works for me.  But
the RegCreateKeyEx() is real.  I've seen it on a domain
logon from a Windows XP client.  So whether or not
the usrmgr.exe failurea are related, this was still a bug.





cheers, jerry
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.0 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFDFzX7IR7qMdg1EfYRAgXBAKCyjVvP/rQMslM9a/qCkLdsARnEygCfTQGb
x47d/1Yc0zmRUTwxqbZqluk=
=tGiS
-END PGP SIGNATURE-
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] USRMGR.EXE doesn't work anymore.

[Thomas Bork]

Gerald (Jerry) Carter wrote:


failure error though.  I've also gone ahead and added
the registry key to the Samba's registry.tdb file in
the patch posted at http://www.samba.org/samba/patches/


The only error message in the samba logs while joining the 3.0.20 samba 
domain with XP SP2 is now:


[2005/09/01 18:55:09.745874, 0, pid=26389] 
rpc_server/srv_samr.c:api_samr_set_userinfo(786)

  api_samr_set_userinfo: Unable to unmarshall SAMR_Q_SET_USERINFO.

Without the patch 
http://samba.org/samba/patches/regcreatekey_winxp_v1.patch it was:


[2005/08/09 18:45:07, 0] rpc_server/srv_samr.c:api_samr_set_userinfo(786)
  api_samr_set_userinfo: Unable to unmarshall SAMR_Q_SET_USERINFO.
[2005/08/09 18:46:03, 0] lib/util_sock.c:get_peer_addr(1222)
  getpeername failed. Error was Transport endpoint is not connected
[2005/08/09 18:46:03, 0] lib/util_sock.c:get_peer_addr(1222)
  getpeername failed. Error was Transport endpoint is not connected
[2005/08/09 18:46:03, 0] lib/util_sock.c:get_peer_addr(1222)
  getpeername failed. Error was Transport endpoint is not connected
[2005/08/09 18:46:03, 0] lib/access.c:check_access(328)
[2005/08/09 18:46:03, 0] lib/util_sock.c:get_peer_addr(1222)
  getpeername failed. Error was Transport endpoint is not connected
  Denied connection from  (0.0.0.0)
[2005/08/09 18:46:03, 0] lib/util_sock.c:write_data(554)
  write_data: write failure in writing to client 0.0.0.0. Error 
Connection reset by peer

[2005/08/09 18:46:03, 0] lib/util_sock.c:send_smb(762)
  Error writing 5 bytes to client. -1. (Connection reset by peer)
[2005/08/09 18:50:21, 0] rpc_server/srv_pipe.c:api_pipe_bind_req(981)
  Attempt to bind using schannel without successful serverauth2
[2005/08/09 18:50:26, 0] rpc_parse/parse_prs.c:prs_mem_get(533)
  prs_mem_get: reading data of size 4 would overrun buffer.
[2005/08/09 18:50:26, 0] rpc_server/srv_pipe.c:api_rpcTNP(1572)
  api_rpcTNP: winreg: REG_CREATE_KEY_EX failed.

Thanks a lot!

der tom
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] USRMGR.EXE doesn't work anymore. cant reproduce it

[Robert Schetterer]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Hi Folks,

i had doubled checked any procedure with usrmgr
with smb pdc ldap on suse 9.3 latest stable samba version 3.20 from suse
so i have no failures with create user, delete user,
create groups, delete Groups, and add/del  users to group
so i am total happy.
Are you sure about this failure, i cant reproduce it
Regards

Gerald (Jerry) Carter schrieb:
| ok Folks
|
| I've tried but cannot reproduce this.  The REG_CREATE_EX
| failure is during a domain logon from Windows XP.  The
| client is trying to create
|
| [System\CurrentControlSet\Control\Terminal Server\
| DefaultUserConfiguration]
|
| I can fix this, but it appears to have nothing to do
| with user manager.  Until I get those logs or a faw
| network sniff of the connection failure, I'm stuck.
|
|
|
|
|
| cheers, jerry
|
|

- --
Mit freundlichen Gruessen
Best Regards
Robert Schetterer

robert_at_schetterer.org
Munich / Bavaria / Germany
https://www.schetterer.org

\**
\* gnupgp
\* public key:
\* https://www.schetterer.org/public.key
\**
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.1 (MingW32)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFDFy2lb0iqzJq+0MgRApkvAJwP0HEWRDkduuKZCqd5a1YLGew9oQCePLUn
foiEtfxgTJTSApX4oW12So0=
=XJ94
-END PGP SIGNATURE-
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] USRMGR.EXE doesn't work anymore.

[Gerald (Jerry) Carter]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Bruno Guerreiro wrote:

| I started by getting  to the point where users and
| local groups were listed. Then a "Stub received bad
| data" message appeared. Tried net rpc groupmap list
| and net rpc group It worked.
| Tried usermanager again, no errors
| Tried using usermanager to modify user/groups. It worked.
| Restarted samba and Ldap. Usermanager still works.
| Restarted windows client. Usermanager still works.
|
| So, i guessed you smashed the right bug. :-)

Still very curious to me.  Wonder why I could never
reproduce the usrmgr.exe failure.   Hmmm...

| The weird thing is the REG_CREATE_KEY_EX still
| gives an error:

It's a failure to create the key rather than an RPC
failure error though.  I've also gone ahead and added
the registry key to the Samba's registry.tdb file in
the patch posted at http://www.samba.org/samba/patches/

Thanks for the help testing the changes.




cheers, jerry
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.0 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFDFyprIR7qMdg1EfYRAi4bAJ9j4Zr+kuI5izGi00ysfP7rntic/gCfQM0p
8z9c27lHJBJH2jApcRrQEag=
=zq+2
-END PGP SIGNATURE-
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

RE: [Samba] USRMGR.EXE doesn't work anymore.

[Bruno Guerreiro]

Hi, 
I started by getting  to the point where users and local groups were listed.
Then a "Stub received bad data" message appeared.
Tried net rpc groupmap list and net rpc group
It worked.
Tried usermanager again, no errors
Tried using usermanager to modify user/groups. It worked.
Restarted samba and Ldap. Usermanager still works.
Restarted windows client. Usermanager still works.

So, i guessed you smashed the right bug. :-)

The weird thing is the REG_CREATE_KEY_EX still gives an error:

[2005/08/31 18:26:56, 7] rpc_server/srv_reg_nt.c:open_registry_key(133)
  open_registry_key: name = [HKLM][System\CurrentControlSet\Control\Terminal
Server\DefaultUserConfiguration]
[2005/08/31 18:26:56, 10] registry/reg_cachehook.c:reghook_cache_find(95)
  reghook_cache_find: Searching for keyname
[/HKLM/System/CurrentControlSet/Control/Terminal
Server/DefaultUserConfiguration]
[2005/08/31 18:26:56, 10] lib/adt_tree.c:pathtree_find(388)
  pathtree_find: Enter [/HKLM/System/CurrentControlSet/Control/Terminal
Server/DefaultUserConfiguration]
[2005/08/31 18:26:56, 10] lib/adt_tree.c:pathtree_find(460)
  pathtree_find: Exit
[2005/08/31 18:26:56, 5] registry/reg_db.c:regdb_fetch_keys(382)
  regdb_fetch_keys: tdb lookup failed to locate key
[HKLM\System\CurrentControlSet\Control\Terminal
Server\DefaultUserConfiguration]
[2005/08/31 18:26:56, 7] rpc_server/srv_reg_nt.c:open_registry_key(200)
  open_registry_key: exit



[2005/08/31 18:26:56, 5] rpc_server/srv_pipe.c:api_pipe_request(1509)
  Requested \PIPE\winreg
[2005/08/31 18:26:56, 4] rpc_server/srv_pipe.c:api_rpcTNP(1543)
  api_rpcTNP: winreg op 0x6 - api_rpcTNP: rpc command: REG_CREATE_KEY_EX
[2005/08/31 18:26:56, 6] rpc_server/srv_pipe.c:api_rpcTNP(1569)
  api_rpc_cmds[15].fn == 0xb7df43e0
[2005/08/31 18:26:56, 5] rpc_parse/parse_prs.c:prs_debug(82)
  00 reg_io_q_create_key_ex
[2005/08/31 18:26:56, 6] rpc_parse/parse_prs.c:prs_debug(82)
  00 smb_io_pol_hnd
[2005/08/31 18:26:56, 5] rpc_parse/parse_prs.c:prs_uint32(669)
   data1: 
[2005/08/31 18:26:56, 5] rpc_parse/parse_prs.c:prs_uint32(669)
  0004 data2: 0047
[2005/08/31 18:26:56, 5] rpc_parse/parse_prs.c:prs_uint16(640)
  0008 data3: 
[2005/08/31 18:26:56, 5] rpc_parse/parse_prs.c:prs_uint16(640)
  000a data4: 
[2005/08/31 18:26:56, 5] rpc_parse/parse_prs.c:prs_uint8s(756)
  000c data5: 60 e8 15 43 de 42 00 00
[2005/08/31 18:26:56, 6] rpc_parse/parse_prs.c:prs_debug(82)
  14 prs_unistr4 name
[2005/08/31 18:26:56, 5] rpc_parse/parse_prs.c:prs_uint16(640)
  0014 length: 0094
[2005/08/31 18:26:56, 5] rpc_parse/parse_prs.c:prs_uint16(640)
  0016 size: 0094
[2005/08/31 18:26:56, 5] rpc_parse/parse_prs.c:prs_uint32(669)
  0018 ptr: 76bc3bc0
[2005/08/31 18:26:56, 7] rpc_parse/parse_prs.c:prs_debug(82)
  1c smb_io_unistr2 name
[2005/08/31 18:26:56, 5] rpc_parse/parse_prs.c:prs_uint32(669)
  001c uni_max_len: 004a
[2005/08/31 18:26:56, 5] rpc_parse/parse_prs.c:prs_uint32(669)
  0020 offset : 
[2005/08/31 18:26:56, 5] rpc_parse/parse_prs.c:prs_uint32(669)
  0024 uni_str_len: 004a
[2005/08/31 18:26:56, 5] rpc_parse/parse_prs.c:dbg_rw_punival(841)
  0028 buffer :
S.y.s.t.e.m.\.C.u.r.r.e.n.t.C.o.n.t.r.o.l.S.e.t.\.C.o.n.t.r.o.l.\.T.e.r.m.i.
n.a.l. .S.e.r.v.e.r.\.D.e.f.a.u.l.t.U.s.e.r.C.o.n.
f.i.g.u.r.a.t.i.o.n...
[2005/08/31 18:26:56, 6] rpc_parse/parse_prs.c:prs_debug(82)
  bc prs_unistr4 key_class
[2005/08/31 18:26:56, 5] rpc_parse/parse_prs.c:prs_uint16(640)
  00bc length: 
[2005/08/31 18:26:56, 5] rpc_parse/parse_prs.c:prs_uint16(640)
  00be size: 
[2005/08/31 18:26:56, 5] rpc_parse/parse_prs.c:prs_uint32(669)
  00c0 ptr: 
[2005/08/31 18:26:56, 5] rpc_parse/parse_prs.c:prs_uint32(669)
  00c4 options: 
[2005/08/31 18:26:56, 5] rpc_parse/parse_prs.c:prs_uint32(669)
  00c8 access: 000f003f
[2005/08/31 18:26:56, 5] rpc_parse/parse_prs.c:prs_uint32(669)
  00cc ptr: 
[2005/08/31 18:26:56, 5] rpc_parse/parse_prs.c:prs_uint32(669)
  00d0 ptr: 0006e1fc
[2005/08/31 18:26:56, 5] rpc_parse/parse_prs.c:prs_uint32(669)
  00d4 disposition: 0006ee54
[2005/08/31 18:26:56, 4]
rpc_server/srv_lsa_hnd.c:find_policy_by_hnd_internal(162)
  Found policy hnd[0] [000] 00 00 00 00 47 00 00 00  00 00 00 00 60 E8 15 43
G... `..C
  [010] DE 42 00 00   .B..
[2005/08/31 18:26:56, 7] rpc_server/srv_reg_nt.c:open_registry_key(133)
  open_registry_key: name = [HKLM][System\CurrentControlSet\Control\Terminal
Server]
[2005/08/31 18:26:56, 10] registry/reg_cachehook.c:reghook_cache_find(95)
  reghook_cache_find: Searching for keyname
[/HKLM/System/CurrentControlSet/Control/Terminal Server]
[2005/08/31 18:26:56, 10] lib/adt_tree.c:pathtree_find(388)
  pathtree_find: Enter [/HKLM/System/CurrentControlSet/Control/Terminal
Server]
[2005/08/31 18:26:56, 10] 

[Samba] RPC Vamp + caps

[Julian Pilfold-Bagwell]

Hi all,

Am using RPC Vampire to pull accounts from an NT4 PDC to a Linux box. 

The unit is connected as a BDC and vampire succeeds in extracting accounts on 
the NT box but only those which  match the UNIX password parameters e.g. 
lower case and staring with a letter.

Unfortunately, there are about 500 NT accounts that are witrh four digit 
numbers or are capitalised.

I used a spreadsheet to drop the usernames to lower case and put an l in from 
the numerical usernames to get them to work on Linux. 

I have generated an smbusers file mapping the nam,es across in the form:

linux name = nt name

e.g.

l1000 = 1000
l1001 = ... 
fred = FRED

etc.

but when vampire ruins it doesn't seem to see the usermap file. I have the 
username map = /etc/samba/smbusers 

in smb.conf and vampire does everything it should other than these accounts.


Any ideas please?

Thanks,

Julian PB
Borden Grammar School
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba]SOLVED - idmap_rid / roaming profile permissions / NTAUTHORITY\SYSTEM

[Stefanos Karasavvidis]

My roaming profiles did not work. No error message whatsoever.
How could anyone imagine that the case sensitivity was the problem??!!
And it did write the changed profile data back to the server. It just 
did not load them back again...


And I have also to note some other annoyances I encountered (that lead 
me to the solution):
- auto completion from windows console sometimes worked, and sometimes 
did not work (although the file names were typed with correct case)
- issuing cd from windows console to a directory with wrong case, 
sometimes worked and sometimes did not work!! Of course in the cases it 
did work, issuing a dir command resulted in an error.


By the way. The hole thing began because the server was set up as a file 
server for linux home directories (so the explicit case setting). The 
windows home directories came up later.


sk

Jeremy Allison wrote:

On Thu, Sep 01, 2005 at 11:27:19AM +0300, Stefanos Karasavvidis wrote:


I solved the problem with my roaming profiles by just changing from
case sensitive = yes
to
case sensitive = auto
in smb.conf!!!

No permissions change, no nothing.



Not suprising Windows clients are *not* case sensitive (in case
you hadn't noticed). Don't mess with the "case" parameters unless
you know exactly what you're doing.

Jeremy.



--
==
Stefanos Karasavvidis
Electronic & Computer Engineer, M.Eng.
e-mail : [EMAIL PROTECTED]

Technical University of Crete, Campus
Information Systems Center
Address: Akrotiri, Chania, 73100
Tel.: Library Buildings
  (+30) 28210 37352, (+30) 28210 37355, (+30) 28210 37376
  Environmental Engineering Buildings
  (+30) 28210 37766
Fax:  (+30) 28210 37571
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba]SOLVED - idmap_rid / roaming profile permissions / NTAUTHORITY\SYSTEM

[Jeremy Allison]

On Thu, Sep 01, 2005 at 11:27:19AM +0300, Stefanos Karasavvidis wrote:
> I solved the problem with my roaming profiles by just changing from
> case sensitive = yes
> to
> case sensitive = auto
> in smb.conf!!!
> 
> No permissions change, no nothing.

Not suprising Windows clients are *not* case sensitive (in case
you hadn't noticed). Don't mess with the "case" parameters unless
you know exactly what you're doing.

Jeremy.
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] (no subject)

[Jesse Waters]

Hello all,

 Having trouble accessing samba shares on the hpux boxes from windows machines.
After starting smbd, nmbd, & winbindd I receive these errors in the
log.smbd file.

Log.smbd
[2005/09/01 09:40:44, 0] auth/auth_util.c:make_server_info_info3(1195)
  make_server_info_info3: pdb_init_sam failed!

I am able to wbinfo -t, -g, & -u without any issues. 

Any help will be appriciated

Jesse Waters


This is a custom compile with gcc-3.3.2 options used:

./configure --prefix=/usr/local/samba-3.0.14a \
--with-krb5 \
--with-ads \
--with-libiconv=/usr/local \
--with-quotas \
--with-winbind \
--with-pam \
--with-sendfile-support \
--with-shared-modules=idmap_rid \
--without-swat

db 4.2.52
flex 2.5.4a
gettext 0.12
libiconv 1.9
gmake 3.80
Ncurses 5.4
Perl 5.8.2


smb.conf
[globals]  
realm   = TIMCO.AERO   
workgroup   = AERO 
security= DOMAIN   
server string   = HP DEV   
encrypt passwords   = yes  
password server = 10.114.1.15, 10.114.1.17 
username map= /usr/local/samba/lib/smbusers
guest account   = smbnull  
load printers   = no   

   
dns proxy   = no   
wins server = 10.114.1.15  
wins proxy  = no   

### WINBIND
winbind use default domain = no
winbind enum users  = yes  
winbind enum groups = yes  
winbind separator   = +
idmap uid   = 1-5  
idmap gid   = 1-5  
template shell  = /usr/sbin/ksh
template homedir= /home/%U 

[homes] 
comment = User DATA 
valid users = %S
read only   = no
browseable  = no

[tmp]   
comment = TEMP  
path= /tmp  
guest ok= yes   
case sensitive  = yes   
browseable  = yes
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] LDAP compile problem (not the usual)

[Oliver Neubauer]

Okay, my bad (as I suspected).

The logical && operators were unnecessary and caused breakage.
This worked instead:
...
LDFLAGS="-L$PREFIX/lib" \
CFLAGS="-I$PREFIX/include"  \
CPPFLAGS="-I$PREFIX/include"\
./configure \
...

Thanks to Thomas Anders for the tip.

cheers
Oliver

Oliver Neubauer wrote:

Hello all,

I'm trying to compile samba 3.0.20 on Freebsd 4.10 with ldap support.

The ./configure script fails because it can't find ldap.h:


checking whether to use AFS fake-kaserver... no
checking whether to use DFS clear-text auth... no
checking for LDAP support... auto
checking ldap.h usability... no
checking ldap.h presence... no
checking for ldap.h... no
checking lber.h usability... no
checking lber.h presence... no
checking for lber.h... no
configure: WARNING: ldap.h is needed for LDAP support
checking for Active Directory and krb5 support... yes
configure: error: Active Directory Support requires LDAP support


The openLDAP include and lib files are in non-standard directories, but 
I have CPPFLAGS and CFLAGS correctly set.

Here is a snippet from the script used to compile:


LDFLAGS="-L$PREFIX/lib"  \
&& CFLAGS="-I$PREFIX/include"   \
&& CPPFLAGS="-I$PREFIX/include" \
&& ./configure  \
--prefix=$PREFIX\
--disable-xmltest   \
--with-krb5=$PREFIX \
--with-quotas   \
--with-syslog   \
--with-winbind  \
--with-ads  \
--disable-cups  \
--with-pam  \
--with-readline \
--with-sendfile-support \
--without-libsmbclient  \
--without-python\
--with-ldap \
&& make \
&& make install


Of course, $PREFIX is correctly defined to the base dir of the 
environment I'm installing to, and the libraries and includes are there 
and readable by all.


I figure I'm either missing something really obvious  
or something is broken in the configure script. Not being a big fan of 
tracing m4 macros, I'd rather not have to delve too far into that. :)


Any suggestions?

Regards
Oliver




--
Oliver Neubauer
System Administrator

Netfirms Inc.
5160 Yonge St.
Toronto, ON, CA
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Samba with LDAP -> Can't include Windows Client

[Benjamin Nagel [sedo.de]]

Thanks that had fix my problem, but now I have a new problem:

I can include a Windows Computer into the domain, but the users can't 
use the shares:


Here my Problem in the smbd.log

[2005/09/01 16:37:37, 5] lib/smbldap.c:smbldap_search(1021)
 smbldap_search: base => [ou=Groups,dc=cologne,dc=domain,dc=domain], 
filter => [(&(objectClass=sambaGroupMapping)(gidNumber=65534))], scope 
=> [2]

[2005/09/01 16:37:37, 11] lib/smbldap.c:smbldap_open(893)
 smbldap_open: already connected to the LDAP server
[2005/09/01 16:37:37, 0] passdb/pdb_ldap.c:ldapsam_search_one_group(2028)
 ldapsam_search_one_group: Problem during the LDAP search: LDAP error:  
(No such object)
 ldapsam_search_one_group: Query was: ou=Groups,dc=domain,dc=domain, 
(&(objectClass=sambaGroupMapping)(gidNumber=65534))

[2005/09/01 16:37:37, 3] smbd/sec_ctx.c:pop_sec_ctx(386)
 pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0



--

Mit freundlichen Grüßen
Benjamin Nagel

Sedo GmbH  Mediapark 6  50670 Köln
tel +49 221.420758.191  fax +49 221.420758.11
http://www.sedo.de  mailto:[EMAIL PROTECTED]

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

RE: [Samba] Administrators and Users Rights for Windows workstations

[Louis van Belle]

just disable the administrative shares.

but why give users Administrator rights thats stupid.

but use poledit and policy templates to disabled the c$ 
You can find the nessesary templates in the samba list.
there's a link 2 a packages with howto examples policy templates
etc.


Louis 

>-Oorspronkelijk bericht-
>Van: [EMAIL PROTECTED] 
>[mailto:[EMAIL PROTECTED] 
>Namens Edgar Fonseca
>Verzonden: donderdag 1 september 2005 16:24
>Aan: samba@lists.samba.org
>Onderwerp: [Samba] Administrators and Users Rights for Windows 
>workstations
>
>Hello,
>
>I having a problem with rights in Windows workstations. I want 
>that all 
>users can be administrators of yours stations when they are 
>logged in your 
>stations, but I don't want that they can see the share C$ of 
>other stations. 
>They can see this because they are administrators of the domain.
>They have primary group "Domain Admins". If I try put the users on 
>"Administrators" group, they can't logon. If I try put them on "Domain 
>Users" group, they aren't administrators. If I put them in 
>"Administrators" 
>(primary group) and "Domain Users", they aren't 
>administrators. The only 
>possibility for the users log as administrators is that they 
>are inserted in 
>"Domain Admins" group.
>The problem is the C$. We thinking about use a script to 
>remove this share 
>from Windows, but I'm not sure about if this solution is the best.
>Does someone know about any solution for this problem?
>
>I'm using samba 3.0.14 + LDAP
>
>Thanks
>
>Edgar
>-- 
>To unsubscribe from this list go to the following URL and read the
>instructions:  https://lists.samba.org/mailman/listinfo/samba
>

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

AW: [Samba] Administrators and Users Rights for Windows workstations

[Dirk.Laurenz]

Hi,
 
it's simple:
1.) put all users in YOURDOMAIN\Domain Users or YOURDOMAIN\Workstation Admins 
or what you would like
2.) put this group (YOURDOMAIN\Domain Users, YOURDOMAIN\Workstation Admins) 
into the local group
Administrators of each Workstation (you may use vbscript to automate 
this...)
 
Mit freundlichem Gruß, 


Dirk Laurenz 
Systems Engineer
PSO - Professional Service Organisation 
Fujitsu Siemens Computers 
Hildesheimer Strasse 25 
30880 Laatzen 
Germany 
Telephone:  +49 (511) 84 89 - 18 08 
Telefax:+49 (511) 84 89 - 25 18 08 
Mobile: +49 (170) 22 10 781 
Email:  mailto:[EMAIL PROTECTED] 
Internet:   http://www.fujitsu-siemens.com 

http://www.fujitsu-siemens.de/rl/servicesupport/itdienstleistungen/competencecenter.html
 
***
 



Von: [EMAIL PROTECTED] im Auftrag von Edgar Fonseca
Gesendet: Do 01.09.2005 16:23
An: samba@lists.samba.org
Betreff: [Samba] Administrators and Users Rights for Windows workstations



Hello,

I having a problem with rights in Windows workstations. I want that all
users can be administrators of yours stations when they are logged in your
stations, but I don't want that they can see the share C$ of other stations.
They can see this because they are administrators of the domain.
They have primary group "Domain Admins". If I try put the users on
"Administrators" group, they can't logon. If I try put them on "Domain
Users" group, they aren't administrators. If I put them in "Administrators"
(primary group) and "Domain Users", they aren't administrators. The only
possibility for the users log as administrators is that they are inserted in
"Domain Admins" group.
The problem is the C$. We thinking about use a script to remove this share
from Windows, but I'm not sure about if this solution is the best.
Does someone know about any solution for this problem?

I'm using samba 3.0.14 + LDAP

Thanks

Edgar
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba 

 


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

RE: [Samba] Administrators and Users Rights for Windows workstations

[Paul Gienger]

> I having a problem with rights in Windows workstations. I want that all
> users can be administrators of yours stations when they are logged in your
> stations, but I don't want that they can see the share C$ of other
> stations.
> They can see this because they are administrators of the domain.
> They have primary group "Domain Admins". If I try put the users on
> "Administrators" group, they can't logon. 

Since this is the more 'proper' way to do it, lets find out why they can't
log in under this condition.  What kind of errors do you get here?

> If I try put them on "Domain
> Users" group, they aren't administrators. If I put them in
> "Administrators"
> (primary group) and "Domain Users", they aren't administrators. 

How are you making this their primary group??  Administrators should be a
local group and you shouldn't be able to make a network users's primary
group a local group unless you're doing something horribly wrong (by
convention).

> The only
> possibility for the users log as administrators is that they are inserted
> in
> "Domain Admins" group.
> The problem is the C$. We thinking about use a script to remove this share
> from Windows, but I'm not sure about if this solution is the best.
> Does someone know about any solution for this problem?
> 
> I'm using samba 3.0.14 + LDAP
> 
> Thanks
> 
> Edgar
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/listinfo/samba

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Administrators and Users Rights for Windows workstations

[Edgar Fonseca]

Hello,

I having a problem with rights in Windows workstations. I want that all 
users can be administrators of yours stations when they are logged in your 
stations, but I don't want that they can see the share C$ of other stations. 
They can see this because they are administrators of the domain.
They have primary group "Domain Admins". If I try put the users on 
"Administrators" group, they can't logon. If I try put them on "Domain 
Users" group, they aren't administrators. If I put them in "Administrators" 
(primary group) and "Domain Users", they aren't administrators. The only 
possibility for the users log as administrators is that they are inserted in 
"Domain Admins" group.
The problem is the C$. We thinking about use a script to remove this share 
from Windows, but I'm not sure about if this solution is the best.
Does someone know about any solution for this problem?

I'm using samba 3.0.14 + LDAP

Thanks

Edgar
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Wbinfo -Y couldn't work with idmap_rid for BUILTIN groups

[Gerald (Jerry) Carter]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Li, Ying (ESG) wrote:
| By the way, without idmap_rid, BUILTIN group's gid can
| be displayed when 'winbind nested groups = No'

Ying,

Would you file a bug report for me at https://bugzilla.samba.org?
That way the issue won't get lost in my inbox :-)

Thanks.




cheers, jerry

-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.0 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFDFw2CIR7qMdg1EfYRAl/TAKDksTXV150X3RN1YtEAev17A1BtBgCfeR61
o5NhLBjZ44C+If2fcSkxnNc=
=LyFf
-END PGP SIGNATURE-
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] samba banner string

[Dimitri Yioulos]

On Thursday 01 September 2005 08:14, Wolfgang Ratzka wrote:
> > How do I do to rid of the banner  "SAMBA 3.0.14a  on debian on sarge
> > (pdcsrv)"
>
> Just edit the "server string" parameter in your smb.conf file.
>
> --
> Wolfgang Ratzka  Phone: +49 6421 2823531  FAX: +49 6421 2826994
> Uni Marburg,  HRZ, Hans-Meerwein-Str., D-35032 Marburg, Germany
>   http://www.uni-marburg.de/hrz/mitarbeiter/ratzka.html

in smb.conf:

server string = ""
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] USRMGR.EXE doesn't work anymore.

[Gerald (Jerry) Carter]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Thomas Bork wrote:
| Gerald (Jerry) Carter wrote:
|
|> ok.  Can you folks try out the patch at
|> http://samba.org/~jerry/patches/regcreatekey_v1.patch
|> and let me know if that fixes the usrmgr.exe failures
|> you are seeing?  It should at least fix the REG_CREATE_KEY_EX
|> failures in the logs.
|
| +"HKLM\\SYSTEM\\CurrentControlSet\\Control\\Termininal
| Server\DefaultUserConfiguration",
|
| Are you shure, you only need one backslash before
| DefaultUserConfiguration and not two backslashes as in the rest of
| rpc_reg.h?

Your right.  Thanks for catching it.

But that's ifdef'd out for now.  I wanted to focus on the
rpc fault before adding the key (which would prevent the
client from sending the RegCraetKeyEx() request altogether.
That mistake, shouldn't make any difference in the patch
for now.




cheers, jerry
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.0 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFDFwMBIR7qMdg1EfYRAqiRAJ4l031odqMidvBVrxmQJoWAB7CuMwCcD4Nk
IHCWtLyVObEBz0/tLIggyI8=
=lZwu
-END PGP SIGNATURE-
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] USRMGR.EXE doesn't work anymore.

[Thomas Bork]

Gerald (Jerry) Carter wrote:


ok.  Can you folks try out the patch at
http://samba.org/~jerry/patches/regcreatekey_v1.patch
and let me know if that fixes the usrmgr.exe failures
you are seeing?  It should at least fix the REG_CREATE_KEY_EX
failures in the logs.


+	"HKLM\\SYSTEM\\CurrentControlSet\\Control\\Termininal 
Server\DefaultUserConfiguration",


Are you shure, you only need one backslash before 
DefaultUserConfiguration and not two backslashes as in the rest of 
rpc_reg.h?


--
der tom
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] ntlm_auth and high load fault

[Andrew Bartlett]

On Thu, 2005-09-01 at 17:25 +0400, Vitaly Protsko wrote:
> Hi!
> 
> Seems, this problem can be easily solved:
> 
> It is needed to check _lenght_ of the user name
> in ntlm_auth utility. Zero length name (not only NULL ptr) is
> not a valid user name. Same for domain name given by client.
> 
> For now I have no time :( to make patch.
> May be authors or somebody else can do it now?

The utility is segfaulting, or what exactly is happening?

Andrew Bartlett

-- 
Andrew Bartletthttp://samba.org/~abartlet/
Samba Developer, SuSE Labs, Novell Inc.http://suse.de
Authentication Developer, Samba Team   http://samba.org
Student Network Administrator, Hawker College  http://hawkerc.net


signature.asc
Description: This is a digitally signed message part
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] ntlm_auth and high load fault

[Vitaly Protsko]

Hi!

Seems, this problem can be easily solved:

It is needed to check _lenght_ of the user name
in ntlm_auth utility. Zero length name (not only NULL ptr) is
not a valid user name. Same for domain name given by client.

For now I have no time :( to make patch.
May be authors or somebody else can do it now?

/aTan

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Plans for Samba 3.0.21

[Gerald (Jerry) Carter]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Jörn Nettingsmeier wrote:

|> * More POSIX CIFS server work for better Linux
|> ~  CIFS fs support.
|
| i'd be very interested in testing this, if anyone is
| working on it. my goal is to have linux workstations
| mount their /home from a samba  server and authenticate
| via winbindd.
|
| during my last attempt, i ran into problems during
| kde startup that were  apparently related to different
| symlink semantics on the remote cifs  server - some
| kde processes that rely on creating links during startup
| would hang, preventing the desktop environment from
| starting up.

This is mostly up to Jeremy (Allison) and Steve
(French).  I expect most of the discussion will take
place on [EMAIL PROTECTED]  You might want
to subscribe to that list if you aren't already.







cheers, jerry
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.0 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFDFwACIR7qMdg1EfYRAu6wAJwJ6b1vNaF/3QDyv6PuOY4lMR7xRQCgowa5
8OpDi6TcVtnQJgZoF2YcYxI=
=5cSE
-END PGP SIGNATURE-
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] samba banner string

[Wolfgang Ratzka]

> How do I do to rid of the banner  "SAMBA 3.0.14a  on debian on sarge
> (pdcsrv)" 

Just edit the "server string" parameter in your smb.conf file.

-- 
Wolfgang Ratzka  Phone: +49 6421 2823531  FAX: +49 6421 2826994
Uni Marburg,  HRZ, Hans-Meerwein-Str., D-35032 Marburg, Germany
  http://www.uni-marburg.de/hrz/mitarbeiter/ratzka.html
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] USRMGR.EXE doesn't work anymore.

[Gerald (Jerry) Carter]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Gerald (Jerry) Carter wrote:
| ok Folks
|
| I've tried but cannot reproduce this.  The REG_CREATE_EX
| failure is during a domain logon from Windows XP.  The
| client is trying to create
|
| [System\CurrentControlSet\Control\Terminal Server\
| DefaultUserConfiguration]
|
| I can fix this, but it appears to have nothing to do
| with user manager.  Until I get those logs or a faw
| network sniff of the connection failure, I'm stuck.

ok.  Can you folks try out the patch at

http://samba.org/~jerry/patches/regcreatekey_v1.patch

and let me know if that fixes the usrmgr.exe failures
you are seeing?  It should at least fix the REG_CREATE_KEY_EX
failures in the logs.






cheer,s jerry
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.0 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFDFv99IR7qMdg1EfYRAjEQAKDSu2KW1wglAXbMkWePCXQNAc0RoQCfV1Hk
hdNoTno8WFF8iFDRzdmGPSg=
=+K+E
-END PGP SIGNATURE-
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] LDAP compile problem (not the usual)

[Oliver Neubauer]

Hello all,

I'm trying to compile samba 3.0.20 on Freebsd 4.10 with ldap support.

The ./configure script fails because it can't find ldap.h:


checking whether to use AFS fake-kaserver... no
checking whether to use DFS clear-text auth... no
checking for LDAP support... auto
checking ldap.h usability... no
checking ldap.h presence... no
checking for ldap.h... no
checking lber.h usability... no
checking lber.h presence... no
checking for lber.h... no
configure: WARNING: ldap.h is needed for LDAP support
checking for Active Directory and krb5 support... yes
configure: error: Active Directory Support requires LDAP support


The openLDAP include and lib files are in non-standard directories, but 
I have CPPFLAGS and CFLAGS correctly set.

Here is a snippet from the script used to compile:


LDFLAGS="-L$PREFIX/lib"  \
&& CFLAGS="-I$PREFIX/include"   \
&& CPPFLAGS="-I$PREFIX/include" \
&& ./configure  \
--prefix=$PREFIX\
--disable-xmltest   \
--with-krb5=$PREFIX \
--with-quotas   \
--with-syslog   \
--with-winbind  \
--with-ads  \
--disable-cups  \
--with-pam  \
--with-readline \
--with-sendfile-support \
--without-libsmbclient  \
--without-python\
--with-ldap \
&& make \
&& make install


Of course, $PREFIX is correctly defined to the base dir of the 
environment I'm installing to, and the libraries and includes are there 
and readable by all.


I figure I'm either missing something really obvious  
or something is broken in the configure script. Not being a big fan of 
tracing m4 macros, I'd rather not have to delve too far into that. :)


Any suggestions?

Regards
Oliver


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Samba with LDAP -> Can't include Windows Client

[Joachim Kieferle]

Benjamin Nagel [sedo.de] wrote:


Hi,

at first sorry for my horrible englisch.
My name is Benjamin Nagel and I had setup a lot of Samba Server, but 
untill now without LDAP as backend.


My data:
Suse 9.2
Samba 3.0.9-2.3-SUSE
OpenLDAP: slapd 2.2.15

I had setup Samba and OpenLDAP like the IDEALX documentation. I can 
create a linux user with the smbldap-useradd script and I can login 
with this user.

But when I want to include a Windows XP client I get a error.



[ ... ]

Dear Benjamin,

we have Samba running on SuSE 9.3. What we found out is that for the 
machine accounts you MUST NOT use ou=computers BUT ou=people, that means 
the same ou as you use for normal accounts. This phenomenon is also 
somewhere described in the Samba by example tutorial.


At least in our environment this works.

Hope this helps,

best

Joachim
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Samba with LDAP -> Can't include Windows Client

[Benjamin Nagel [sedo.de]]

Hi,

at first sorry for my horrible englisch.
My name is Benjamin Nagel and I had setup a lot of Samba Server, but 
untill now without LDAP as backend.


My data:
Suse 9.2
Samba 3.0.9-2.3-SUSE
OpenLDAP: slapd 2.2.15

I had setup Samba and OpenLDAP like the IDEALX documentation. I can 
create a linux user with the smbldap-useradd script and I can login with 
this user.

But when I want to include a Windows XP client I get a error.

Samba create the machine account.

This is a snapshot of the client logfile:

[2005/09/01 13:26:49, 2] lib/smbldap.c:smbldap_open_connection(692)
 smbldap_open_connection: connection opened
[2005/09/01 13:26:49, 2] passdb/pdb_ldap.c:init_sam_from_ldap(518)
 init_sam_from_ldap: Entry found for user: root
[2005/09/01 13:26:49, 0] passdb/pdb_ldap.c:ldapsam_search_one_group(2028)
 ldapsam_search_one_group: Problem during the LDAP search: LDAP error:  
(No such object)

[2005/09/01 13:26:49, 0] passdb/pdb_ldap.c:ldapsam_search_one_group(2028)
 ldapsam_search_one_group: Problem during the LDAP search: LDAP error:  
(No such object)

[2005/09/01 13:26:49, 0] passdb/pdb_ldap.c:ldapsam_search_one_group(2028)
 ldapsam_search_one_group: Problem during the LDAP search: LDAP error:  
(No such object)

[2005/09/01 13:26:49, 0] passdb/pdb_ldap.c:ldapsam_search_one_group(2028)
 ldapsam_search_one_group: Problem during the LDAP search: LDAP error:  
(No such object)

[2005/09/01 13:26:49, 0] passdb/pdb_ldap.c:ldapsam_search_one_group(2028)
 ldapsam_search_one_group: Problem during the LDAP search: LDAP error:  
(No such object)

[2005/09/01 13:26:49, 2] auth/auth.c:check_ntlm_password(305)
 check_ntlm_password:  authentication for user [root] -> [root] -> 
[root] succeeded

[2005/09/01 13:26:50, 2] smbd/server.c:exit_server(575)
 Closing connections
[2005/09/01 13:26:50, 2] lib/smbldap.c:smbldap_open_connection(692)
 smbldap_open_connection: connection opened
[2005/09/01 13:26:50, 2] passdb/pdb_ldap.c:init_sam_from_ldap(518)
 init_sam_from_ldap: Entry found for user: root
[2005/09/01 13:26:50, 0] passdb/pdb_ldap.c:ldapsam_search_one_group(2028)
 ldapsam_search_one_group: Problem during the LDAP search: LDAP error:  
(No such object)

[2005/09/01 13:26:50, 0] passdb/pdb_ldap.c:ldapsam_search_one_group(2028)
 ldapsam_search_one_group: Problem during the LDAP search: LDAP error:  
(No such object)

[2005/09/01 13:26:50, 0] passdb/pdb_ldap.c:ldapsam_search_one_group(2028)
 ldapsam_search_one_group: Problem during the LDAP search: LDAP error:  
(No such object)

[2005/09/01 13:26:50, 0] passdb/pdb_ldap.c:ldapsam_search_one_group(2028)
 ldapsam_search_one_group: Problem during the LDAP search: LDAP error:  
(No such object)

[2005/09/01 13:26:50, 0] passdb/pdb_ldap.c:ldapsam_search_one_group(2028)
 ldapsam_search_one_group: Problem during the LDAP search: LDAP error:  
(No such object)

[2005/09/01 13:26:50, 2] auth/auth.c:check_ntlm_password(305)
 check_ntlm_password:  authentication for user [root] -> [root] -> 
[root] succeeded

[2005/09/01 13:26:51, 2] rpc_server/srv_samr_nt.c:_samr_lookup_domain(2482)
 Returning domain sid for domain MYDOMAIN -> 
S-1-5-21-3304255874-2887972702-1555624387

[2005/09/01 13:26:52, 2] smbd/server.c:exit_server(575)
 Closing connections
[2005/09/01 13:43:32, 2] smbd/server.c:exit_server(575)
 Closing connections
[2005/09/01 13:43:32, 2] lib/smbldap.c:smbldap_open_connection(692)
 smbldap_open_connection: connection opened
[2005/09/01 13:43:32, 2] passdb/pdb_ldap.c:init_sam_from_ldap(518)
 init_sam_from_ldap: Entry found for user: root
[2005/09/01 13:43:32, 0] passdb/pdb_ldap.c:ldapsam_search_one_group(2028)
 ldapsam_search_one_group: Problem during the LDAP search: LDAP error:  
(No such object)

[2005/09/01 13:43:32, 0] passdb/pdb_ldap.c:ldapsam_search_one_group(2028)
 ldapsam_search_one_group: Problem during the LDAP search: LDAP error:  
(No such object)

[2005/09/01 13:43:32, 0] passdb/pdb_ldap.c:ldapsam_search_one_group(2028)
 ldapsam_search_one_group: Problem during the LDAP search: LDAP error:  
(No such object)

[2005/09/01 13:43:32, 0] passdb/pdb_ldap.c:ldapsam_search_one_group(2028)
 ldapsam_search_one_group: Problem during the LDAP search: LDAP error:  
(No such object)

[2005/09/01 13:43:32, 0] passdb/pdb_ldap.c:ldapsam_search_one_group(2028)
 ldapsam_search_one_group: Problem during the LDAP search: LDAP error:  
(No such object)

[2005/09/01 13:43:32, 2] auth/auth.c:check_ntlm_password(305)
 check_ntlm_password:  authentication for user [root] -> [root] -> 
[root] succeeded

[2005/09/01 13:43:33, 2] smbd/server.c:exit_server(575)
 Closing connections
[2005/09/01 13:43:34, 2] lib/smbldap.c:smbldap_open_connection(692)
 smbldap_open_connection: connection opened
[2005/09/01 13:43:34, 2] passdb/pdb_ldap.c:init_sam_from_ldap(518)
 init_sam_from_ldap: Entry found for user: root
[2005/09/01 13:43:34, 0] passdb/pdb_ldap.c:ldapsam_search_one_group(2028)
 ldapsam_search_one_group: Problem during the LDAP search: LDAP error:  
(No such object)

[2005/09/01 13:43:34

RE: [Samba] ntlm_auth and high load fault

[Vitaly Protsko]

Hi!

I'm serving ~3K users with 40 childs. Comp is 2x3.2 Intel, 4GB RAM, 2xSCSI
HDD in RAID0

Yes, it is partial solution to pass windowsupdate w/o auth, but here still
other "robots" ... :(
Seems to me it is not a problem around perfomance, rather logic.

/aTan

> -Original Message-
> From: Bruno Guerreiro [mailto:[EMAIL PROTECTED] 
> Sent: Thursday, September 01, 2005 3:43 PM
> To: 'Vitaly Protsko'; samba@lists.samba.org
> Subject: RE: [Samba] ntlm_auth and high load fault
> 
> 
> Hi,
> I've noticed that Windows Updates, just won't do NTLM auth, 
> so i've just added a no_auth exception for windows update 
> sites. How many children are you starting. I'm serving +700 
> users with just one squid with 30 ntlm_auth processes on a 
> PII/800 MHZ/256 MB Ram with no problems wathsoever.
> 
> Best Regards,
> Bruno Guerreiro
> 
> >-Original Message-
> >From: Vitaly Protsko [mailto:[EMAIL PROTECTED]
> >Sent: quinta-feira, 1 de Setembro de 2005 12:41
> >To: samba@lists.samba.org
> >Subject: [Samba] ntlm_auth and high load fault
> >
> >
> >Hi!
> >
> >Here is situation:
> >
> >1. We decide to switch on "Auto proxy config" in our network 
> (you know, 
> >wpad.example.com, etc.) 2. After that there are lot of 
> robots (checking 
> >for new versions, upgrading,
> >esp. M$ upg) on client
> >   computers start trying to fetch resources, but w/o any 
> >authentication (or
> >I dont understand what is going on :).
> >3. Result is unxepected: alot of "requests in queue" to 
> >ntlm_auth, because
> >of this squid restarts every
> >2 min when in morning computers are going up. :(
> >
> >Tech info:
> >
> >Linux 2.6.11.12
> >glibc-2.3.5
> >gcc-3.4.4
> >samba-3.0.20, no patches
> >krb5-1.3.1 (MIT)
> >squid-2.5.10
> >ntlm_auth from samba pack
> >
> >Joined to 2k3 AD.
> >
> >
> >My ideas about why this happens are exausted (all of them are
> >unproductive
> >:).
> >ANYBODY, please, if you have similar, or heard about this 
> >situation, please
> >let me know.
> >May be some ideas about fighting against it?
> >
> >Thnx in advance.
> >/aTan
> >
> >--
> >To unsubscribe from this list go to the following URL and read the
> >instructions:  https://lists.samba.org/mailman/listinfo/samba
> >
> 

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Kerberos problem with net ads join under AIX

[Kurt . Gerber]

Hi, 
With Heimdal- oder MIT-kerberos it is not necessary to cofigure the 
kerberos-config-file.
But a reverse DNS lookup has to give the netbios name of the KDC.
I solved that with a corresponding entry in /etc/hosts (on linux...)

xxx.xxx.xxx.xxx NETBIOSNAME-OF-KDC (uppercase)

All can be read in chapter 6 of the official Samba-howto.

Cheers Kurt


> 

> 
> Hi,
> 
> please configure your kerberos-config-file and verify the connection
> to the KDC (physical connection, DNS, etc.). But one thing is very 
> strange, how can kinit works with your default kerberos configuration?!
> 
> 
> Cheers Stefan
> 
>  Original Message 
> Subject: [Samba] Kerberos problem with net ads join under AIX (01-
> Sep-2005 8:04)
> From:[EMAIL PROTECTED]
> To:  samba@lists.samba.org
> 
> > Hello!
> > 
> > If i try a net ads join i get a kerberos error , but my kerberos works
> > fine, i can do a kinit,klist and so on.
> > 
> > the error i get is the following.
> > 
> > [2005/09/01 08:02:16, 0] libads/kerberos.c:ads_kinit_password(146)
> >   kerberos_kinit_password [EMAIL PROTECTED] failed: Cannot resolve 
network
> > address for KDC in requested realm
> > [2005/09/01 08:02:16, 0] utils/net_ads.c:ads_startup(191)
> >   ads_connect: Cannot resolve network address for KDC in requested 
realm
> > 
> > I tried nearly everthing until now, but i get no other result than the 
one
> > above - can anybody help me?
> > 
> > I run under AIX 5.3 .
> > 
> >   Regards
> >   Markus
> > -- 
> > To unsubscribe from this list go to the following URL and read the
> > instructions:  https://lists.samba.org/mailman/listinfo/samba
> > 
> > 
> 
> 
> 
> 
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] USRMGR.EXE doesn't work anymore.

[Gerald (Jerry) Carter]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

ok Folks

I've tried but cannot reproduce this.  The REG_CREATE_EX
failure is during a domain logon from Windows XP.  The
client is trying to create

[System\CurrentControlSet\Control\Terminal Server\
DefaultUserConfiguration]

I can fix this, but it appears to have nothing to do
with user manager.  Until I get those logs or a faw
network sniff of the connection failure, I'm stuck.





cheers, jerry


-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.0 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFDFulZIR7qMdg1EfYRArG8AKC4ciUg01uELfBdcSbbZKrF+9kD3ACeP7SW
3sG3s43tc1vrKj/5VfzPe+Q=
=HMRV
-END PGP SIGNATURE-
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

RE: [Samba] ntlm_auth and high load fault

[Bruno Guerreiro]

Hi,
I've noticed that Windows Updates, just won't do NTLM auth, so i've just
added a no_auth exception for windows update sites.
How many children are you starting. I'm serving +700 users with just one
squid with 30 ntlm_auth processes on a PII/800 MHZ/256 MB Ram with no
problems wathsoever.

Best Regards,
Bruno Guerreiro

>-Original Message-
>From: Vitaly Protsko [mailto:[EMAIL PROTECTED]
>Sent: quinta-feira, 1 de Setembro de 2005 12:41
>To: samba@lists.samba.org
>Subject: [Samba] ntlm_auth and high load fault
>
>
>Hi!
>
>Here is situation:
>
>1. We decide to switch on "Auto proxy config" in our network (you know,
>wpad.example.com, etc.)
>2. After that there are lot of robots (checking for new 
>versions, upgrading,
>esp. M$ upg) on client
>   computers start trying to fetch resources, but w/o any 
>authentication (or
>I dont understand what is going on :).
>3. Result is unxepected: alot of "requests in queue" to 
>ntlm_auth, because
>of this squid restarts every
>2 min when in morning computers are going up. :(
>
>Tech info:
>
>Linux 2.6.11.12
>glibc-2.3.5
>gcc-3.4.4
>samba-3.0.20, no patches
>krb5-1.3.1 (MIT)
>squid-2.5.10
>ntlm_auth from samba pack
>
>Joined to 2k3 AD.
>
>
>My ideas about why this happens are exausted (all of them are 
>unproductive
>:).
>ANYBODY, please, if you have similar, or heard about this 
>situation, please
>let me know.
>May be some ideas about fighting against it?
>
>Thnx in advance.
>/aTan
>
>-- 
>To unsubscribe from this list go to the following URL and read the
>instructions:  https://lists.samba.org/mailman/listinfo/samba
>
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] samba banner string

[Edson Capitani]

Hi list! 

 

I need your expertise. 

 

How do I do to rid of the banner  "SAMBA 3.0.14a  on debian on sarge
(pdcsrv)" 

 

I can see that when I use the M$ server tools and I've tried to rewrite the
string but when I click "ok" the string still the same, what I mean is that
no matter what I write there it doesn't change. 

 

I use JXplorer to navigate throw my ldap directory  but  the string is from
samba and not from ldap so I can't see the string in ldap.

 

By the way I would like to say thanks to Joachim for the kixtart logon tip,
It is working like charm now. 

 

Thank you all advance. 

 

Edson Capitani.

FDUP

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

RE: [Samba] USRMGR.EXE doesn't work anymore.

[Bruno Guerreiro]

Where goes.
The log.vmxp is for the client running usrmgr

Best regards,
Bruno Guerreiro

>-Original Message-
>From: Gerald (Jerry) Carter [mailto:[EMAIL PROTECTED]
>Sent: quinta-feira, 1 de Setembro de 2005 11:56
>To: Bruno Guerreiro
>Cc: 'samba@lists.samba.org'
>Subject: Re: [Samba] USRMGR.EXE doesn't work anymore.
>
>
>-BEGIN PGP SIGNED MESSAGE-
>Hash: SHA1
>
>Bruno Guerreiro wrote:
>| Hi,
>| I've got the same problem (
>| http://lists.samba.org/archive/samba/2005-August/109895.html ).
>| It seems this has been laying around since RC1/2 (
>| http://lists.samba.org/archive/samba/2005-August/109465.html )
>| I've already supplied a level 10 log to Günther Deschner,
>| If you wish I may forward it to you.
>
>Please do. If it's just the REG_CREATE_KEY issue, then
>I might be able to fix that today.
>
>
>
>
>
>cheers, jerry
>
>-BEGIN PGP SIGNATURE-
>Version: GnuPG v1.4.0 (GNU/Linux)
>Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
>
>iD8DBQFDFt5CIR7qMdg1EfYRAnTiAKDUD4YQ5ay4SKCAD+Gkrt+XWCxWUwCfZQdT
>II0cpiE9vLCnSKuRksD2rTY=
>=SltA
>-END PGP SIGNATURE-
>

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] ntlm_auth and high load fault

[Vitaly Protsko]

Hi!

Here is situation:

1. We decide to switch on "Auto proxy config" in our network (you know,
wpad.example.com, etc.)
2. After that there are lot of robots (checking for new versions, upgrading,
esp. M$ upg) on client
   computers start trying to fetch resources, but w/o any authentication (or
I dont understand what is going on :).
3. Result is unxepected: alot of "requests in queue" to ntlm_auth, because
of this squid restarts every
2 min when in morning computers are going up. :(

Tech info:

Linux 2.6.11.12
glibc-2.3.5
gcc-3.4.4
samba-3.0.20, no patches
krb5-1.3.1 (MIT)
squid-2.5.10
ntlm_auth from samba pack

Joined to 2k3 AD.


My ideas about why this happens are exausted (all of them are unproductive
:).
ANYBODY, please, if you have similar, or heard about this situation, please
let me know.
May be some ideas about fighting against it?

Thnx in advance.
/aTan

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Adding static wins entries

[Benjamin.Oeltze]

I have read, adding static wins entries should work without stopping and 
starting nmbd
I´ve tried this and it seems not to work for me.
We have Samba 3.0.14a-21 running on a SuSE SLES9.
If I add entries to the wins.dat when samba is running, nmblookup wont get a 
positive answer. After some time the wins.dat gets overwritten with the old 
wins.dat without the entries.
 
When I stop nmbd, add the entries and start nmbd nmblookup get a positive 
answer and th wins.dat stays there.
 
Is adding entries without restarting samba possible (maybe with a newer 
version)?
 
Benny
 
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] net ads join error

[Sanjay Upadhyay]

I have seen that reinstalling the samba works for me... dont know why
although... I had taken the binaries from the Samba Site..


On 8/27/05, Gerald (Jerry) Carter <[EMAIL PROTECTED]> wrote:
> 
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
> 
> Guille wrote:
> | Hi,
> |
> | You are not alone with regards to this error message joining FC4 to 
> Win2k
> | ADS.
> | I got this after I joined.
> 
> It's bugs in the e2fsprogs + krb5 libs shipped on FC4.
> You'll have to talk to the Fedora folks to get this fixed.
> I've confirmed with some RedHat developers that this is not
> our bug.
> 
> ...
> | *** glibc detected *** /usr/bin/net: free(): invalid
> | pointer: >0x00fe0db0 ***
> | === Backtrace: = /lib/libc.so.6[0x1a6424]
> | /lib/libc.so.6(__libc_free+0x77)[0x1a695f]
> | /lib/libcom_err.so.2(remove_error_table+0x4b)[0x140abb]
> | /usr/lib/libkrb5.so.3[0xf7e8c4]
> | /usr/lib/libkrb5.so.3[0xf7e5c7]
> | /usr/lib/libkrb5.so.3[0xfcf9da]
> | /lib/ld-linux.so.2[0x82a058]
> | /lib/libc.so.6(exit+0xc5)[0x16dc69]
> | /lib/libc.so.6(__libc_start_main+0xce)[0x157dee]
> | /usr/bin/net[0x8e70f1]
> | === Memory map: 
> 
> 
> 
> 
> cheers, jerry
> -BEGIN PGP SIGNATURE-
> Version: GnuPG v1.4.0 (GNU/Linux)
> Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
> 
> iD8DBQFDEIm6IR7qMdg1EfYRAritAKDiFU1/vBE/1bG5+XNA+C01iRRXLwCfaGhi
> F4o8vXRA0kSyjwEWfsbQnRI=
> =GnaH
> -END PGP SIGNATURE-
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/listinfo/samba
> 



-- 
Sanjay Upadhyay
http://saneax.blogspot.com
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] File Monitoring on samba server

[Arun Sharma]

///


///

I have spent long time on research on How to manage or monitor files 
which are opened by users in Samba sever

IS this concept is implemented in Samba .

My Working environment.
  Fedora core 4
  Samba verson 3.0.20

My requirement is to check or monitor actions which is occuring in samba 
server.

Actions are:
 a) Files currently accesed in samba server by all users.
 b) Files which are currenly opened in samba server.
 c) What are the files which are opened by specified user.
 d) If needed then how can i logout/cut a connection of specified user .


I am trying with the below command it does'nt give me proper output.

To list all files which are opened in server .
   
[EMAIL PROTECTED] ~]# net rpc file -U administrator%password -S 192.168.0.77


Enumerating open files on remote server:

FileId  Opened byPerms  Locks  Path
--  --  -  
0   \PIPE\samr   0x35   0  dummy user

Can some body help me out.?
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] USRMGR.EXE doesn't work anymore.

[Gerald (Jerry) Carter]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Bruno Guerreiro wrote:
| Hi,
| I've got the same problem (
| http://lists.samba.org/archive/samba/2005-August/109895.html ).
| It seems this has been laying around since RC1/2 (
| http://lists.samba.org/archive/samba/2005-August/109465.html )
| I've already supplied a level 10 log to Günther Deschner,
| If you wish I may forward it to you.

Please do. If it's just the REG_CREATE_KEY issue, then
I might be able to fix that today.





cheers, jerry

-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.0 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFDFt5CIR7qMdg1EfYRAnTiAKDUD4YQ5ay4SKCAD+Gkrt+XWCxWUwCfZQdT
II0cpiE9vLCnSKuRksD2rTY=
=SltA
-END PGP SIGNATURE-
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: Re-2: [Samba]SOLVED - idmap_rid / roaming profile permissions /NTAUTHORITY\SYSTEM

[Stefanos Karasavvidis]

because the same samba fileserver will also have the home directories 
for linux users!


According to the smb.conf man pages, the value auto will corretcly apply 
case insensitivity for windows users, and case sensitive for the linux 
users.


Of course I don't know what will happen if a linux user creates two 
files with the same name and different case, and then logs in from a 
windows workstation??!!


Stefanos


[EMAIL PROTECTED] wrote:

Hi,

the default value of case sensitive is auto! But no Windows OS supports case sensitiv 
filename so why don´t you use case "sensitive = no" helping to prevent 
problems?!

Cheers Stefan

 Original Message 
Subject: Re: [Samba]SOLVED - idmap_rid / roaming profile permissions / 
NTAUTHORITY\SYSTEM (01-Sep-2005 10:27)
From:[EMAIL PROTECTED]
To:  samba@lists.samba.org



I solved the problem with my roaming profiles by just changing from
case sensitive = yes
to
case sensitive = auto
in smb.conf!!!

No permissions change, no nothing.

Stefanos

Stefanos Karasavvidis wrote:

I'm struggling with roaming profile permissions as I can not "see" the 
NT AUTHORITY\SYSTEM account.


I have:
-samba file server with acl 3.0.14a
-authentication with winbind and idmap_rid against Windows 2003 ADS
-using "default domain" in smb.conf for winbind

The roaming profile directories are on the samba machine under the users 
home directory. As noted on several sites, the profile directory must 
have the following permissions:

owner full control (this is ok)
SYSTEM (S-1-5-18) full control (here is the problem)

I can't add the permissions for the system account, as it is "not seen" 
from samba. The result is that roaming profile do not work


I get the following output with wbinfo
wbinfo -s "S-1-5-18"
NT AUTHORITY\SYSTEM 5

wbinfo -n "NT AUTHORITY\SYSTEM"
S-1-5-18 Well-known Group (5)

wbinfo -Y "S-1-5-18"
Could not convert sid S-1-5-18 to gid   <

wbinfo -S "S-1-5-18"
Could not convert sid S-1-5-18 to uid   <

I tried to fix it with net groupmap, but it did not work (maybe I miss 
something?)


So the question is: how do I set permissions for the SYSTEM account???


regards
Stefanos


--
==
Stefanos Karasavvidis
Electronic & Computer Engineer, M.Eng.
e-mail : [EMAIL PROTECTED]

Technical University of Crete, Campus
Information Systems Center
Address: Akrotiri, Chania, 73100
Tel.: Library Buildings
  (+30) 28210 37352, (+30) 28210 37355, (+30) 28210 37376
  Environmental Engineering Buildings
  (+30) 28210 37766
Fax:  (+30) 28210 37571

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba




--
==
Stefanos Karasavvidis
Electronic & Computer Engineer, M.Eng.
e-mail : [EMAIL PROTECTED]

Technical University of Crete, Campus
Information Systems Center
Address: Akrotiri, Chania, 73100
Tel.: Library Buildings
  (+30) 28210 37352, (+30) 28210 37355, (+30) 28210 37376
  Environmental Engineering Buildings
  (+30) 28210 37766
Fax:  (+30) 28210 37571

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

RE: [Samba] Problems with the valid users setting in smb.confandwinbind/AD (repost) [SOLVED]

[Ross McInnes]

Ah

Ok im not specifing the domain/seperator, but then I have 

winbind separator = +
winbind use default domain = yes

In my smb conf and didn't think to use it.

Just tried it and yes its fixed it :)

Thanks very much Stefan, don't know why I didn't even think of trying that.
Guess im too used to samba without the AD stuff :) 

Any chance this can be put in the docs somewhere? :) or a note in the
default smb.conf (and if it is already I appologise :( )

Cheers

Ross

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of
[EMAIL PROTECTED]
Sent: 01 September 2005 10:08
To: samba@lists.samba.org
Subject: Re: [Samba] Problems with the valid users setting in
smb.confandwinbind/AD (repost)

Hi,

is there any samba error message? Please make sure that you use the
parameter  "valid users = REALMusername".


Cheers Stefan


 Original Message 
Subject: [Samba] Problems with the valid users setting in smb.conf
andwinbind/AD (repost) (01-Sep-2005 10:57)
From:[EMAIL PROTECTED]
To:  samba@lists.samba.org

>  
> Hi the list
> 
> Got a small issue in that the directive "valid users = username" 
> doesn't work under a share when using winbind/AD for authentication.
> 
> If I remove it, it works, but obviously anyone can see/use it.
> 
> Everything else seems to work, getent passwd wbinfo -u etc permissions 
> etc all working.
> 
> Any help gratefully received as always :)
> 
> Ross
> 
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/listinfo/samba
> 
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/listinfo/samba
> 
> 


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

RE: [Samba] Hash

[Bruno Guerreiro]

Hi, 
Check your smbldap.conf variables.
Many of this erros are caused by some variable not beeing set.

Espero ter ajudado ;-)
Bruno Guerreiro

>-Original Message-
>From: Sérgio A P Ferreira [mailto:[EMAIL PROTECTED]
>Sent: quarta-feira, 31 de Agosto de 2005 15:40
>To: samba@lists.samba.org
>Subject: [Samba] Hash
>
>
>Hi,
>
>Anyone knows how to fix It?
>
>smbldap-passwd testuser
>Changing password for testuser
>New password : 
>Retype new password :
>
>Use of uninitialized value in concatenation (.) or string at
>/usr/sbin/smbldap-passwd line 263,  line 2.
>I cannot generate the proper hash!
>
>I tried without a "mangling type" parameter, but doesn´t cause 
>any different
>efect.
>
>Thanks,
>
> 
>
>Sergio
>
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Problems with the valid users setting in smb.conf andwinbind/AD (repost)

[stefanke]

Hi,

is there any samba error message? Please make sure that you use the parameter  
"valid users = REALMusername".


Cheers Stefan


 Original Message 
Subject: [Samba] Problems with the valid users setting in smb.conf 
andwinbind/AD (repost) (01-Sep-2005 10:57)
From:[EMAIL PROTECTED]
To:  samba@lists.samba.org

>  
> Hi the list
> 
> Got a small issue in that the directive "valid users = username" doesn't
> work under a share when using winbind/AD for authentication.
> 
> If I remove it, it works, but obviously anyone can see/use it.
> 
> Everything else seems to work, getent passwd wbinfo -u etc permissions etc
> all working.
> 
> Any help gratefully received as always :)
> 
> Ross
> 
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/listinfo/samba
> 
> -- 
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/listinfo/samba
> 
> 


-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Problems with the valid users setting in smb.conf andwinbind/AD (repost)

[Ross McInnes]

 
Hi the list

Got a small issue in that the directive "valid users = username" doesn't
work under a share when using winbind/AD for authentication.

If I remove it, it works, but obviously anyone can see/use it.

Everything else seems to work, getent passwd wbinfo -u etc permissions etc
all working.

Any help gratefully received as always :)

Ross

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba]SOLVED - idmap_rid / roaming profile permissions / NTAUTHORITY\SYSTEM

[Stefanos Karasavvidis]

I solved the problem with my roaming profiles by just changing from
case sensitive = yes
to
case sensitive = auto
in smb.conf!!!

No permissions change, no nothing.

Stefanos

Stefanos Karasavvidis wrote:
I'm struggling with roaming profile permissions as I can not "see" the 
NT AUTHORITY\SYSTEM account.


I have:
-samba file server with acl 3.0.14a
-authentication with winbind and idmap_rid against Windows 2003 ADS
-using "default domain" in smb.conf for winbind

The roaming profile directories are on the samba machine under the users 
home directory. As noted on several sites, the profile directory must 
have the following permissions:

owner full control (this is ok)
SYSTEM (S-1-5-18) full control (here is the problem)

I can't add the permissions for the system account, as it is "not seen" 
from samba. The result is that roaming profile do not work


I get the following output with wbinfo
wbinfo -s "S-1-5-18"
NT AUTHORITY\SYSTEM 5

wbinfo -n "NT AUTHORITY\SYSTEM"
S-1-5-18 Well-known Group (5)

wbinfo -Y "S-1-5-18"
Could not convert sid S-1-5-18 to gid   <

wbinfo -S "S-1-5-18"
Could not convert sid S-1-5-18 to uid   <

I tried to fix it with net groupmap, but it did not work (maybe I miss 
something?)


So the question is: how do I set permissions for the SYSTEM account???


regards
Stefanos


--
==
Stefanos Karasavvidis
Electronic & Computer Engineer, M.Eng.
e-mail : [EMAIL PROTECTED]

Technical University of Crete, Campus
Information Systems Center
Address: Akrotiri, Chania, 73100
Tel.: Library Buildings
  (+30) 28210 37352, (+30) 28210 37355, (+30) 28210 37376
  Environmental Engineering Buildings
  (+30) 28210 37766
Fax:  (+30) 28210 37571

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Kerberos problem with net ads join under AIX

[stefanke]

Hi,

please configure your kerberos-config-file and verify the connection to the KDC 
(physical connection, DNS, etc.). But one thing is very strange, how can kinit 
works with your default kerberos configuration?!


Cheers Stefan

 Original Message 
Subject: [Samba] Kerberos problem with net ads join under AIX (01-Sep-2005 8:04)
From:[EMAIL PROTECTED]
To:  samba@lists.samba.org

> Hello!
> 
> If i try a net ads join i get a kerberos error , but my kerberos works
> fine, i can do a kinit,klist and so on.
> 
> the error i get is the following.
> 
> [2005/09/01 08:02:16, 0] libads/kerberos.c:ads_kinit_password(146)
>   kerberos_kinit_password [EMAIL PROTECTED] failed: Cannot resolve network
> address for KDC in requested realm
> [2005/09/01 08:02:16, 0] utils/net_ads.c:ads_startup(191)
>   ads_connect: Cannot resolve network address for KDC in requested realm
> 
> I tried nearly everthing until now, but i get no other result than the one
> above - can anybody help me?
> 
> I run under AIX 5.3 .
> 
>   Regards
>   Markus
> -- 
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/listinfo/samba
> 
> 


-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

RE: [Samba] USRMGR.EXE doesn't work anymore.

[Bruno Guerreiro]

Hi,
I've got the same problem (
http://lists.samba.org/archive/samba/2005-August/109895.html ).
It seems this has been laying around since RC1/2 (
http://lists.samba.org/archive/samba/2005-August/109465.html )
I've already supplied a level 10 log to Günther Deschner,
If you wish I may forward it to you.


Best Regards,
Bruno Guerreiro

>-Original Message-
>From: Gerald (Jerry) Carter [mailto:[EMAIL PROTECTED]
>Sent: quarta-feira, 31 de Agosto de 2005 17:45
>To: Umberto Zanatta
>Cc: samba@lists.samba.org
>Subject: Re: [Samba] USRMGR.EXE doesn't work anymore.
>
>
>-BEGIN PGP SIGNED MESSAGE-
>Hash: SHA1
>
>Umberto Zanatta wrote:
>| This is the log about usrmgr.
>|
>|
>| Aug 31 18:26:55 provtvlp smbd[17237]: [2005/08/31 18:26:55, 0,
>| effective(0, 512), real(0, 0)] rpc_parse/parse_prs.c:prs_mem_get(533)
>| Aug 31 18:26:55 provtvlp smbd[17237]:   prs_mem_get: reading data of
>| size 4 would overrun buffer.
>| Aug 31 18:26:55 provtvlp smbd[17237]: [2005/08/31 18:26:55, 0,
>| effective(0, 512), real(0, 0)] rpc_server/srv_pipe.c:api_rpcTNP(1572)
>| Aug 31 18:26:55 provtvlp smbd[17237]:   api_rpcTNP: winreg:
>| REG_CREATE_KEY_EX failed.
>|
>| Thank you.
>
>Seriously?  ok.  I'll fix that up.  Might be later
>this week.  I'll post a patch once I'm done.
>
>
>
>
>
>cheers, jerry
>-BEGIN PGP SIGNATURE-
>Version: GnuPG v1.4.0 (GNU/Linux)
>Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
>
>iD8DBQFDFd6PIR7qMdg1EfYRAl+JAJ9TEpPUHW26rm0/gBHSw/NvqMzhQwCfT8qy
>dTvq/Hxm6iTM3m7jeRWFD5k=
>=G0R0
>-END PGP SIGNATURE-
>-- 
>To unsubscribe from this list go to the following URL and read the
>instructions:  https://lists.samba.org/mailman/listinfo/samba
>
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Samba 3 problem with unc name connections

[Martin Bergien]

Gerald (Jerry) Carter wrote:

>Could you send me a
>raw network packet trace and I'll look in it.

I'm sorry, I can't because we work with very serious data and have no
test environment.
But I'm not the only one, having this problem and I'm sure, that will
have the same problem in any test environment.
Could you (ore anyone else) create a trace in a test environment?

-- 
bye
Martin Bergien


-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba