[Samba] Promoting Samba BDC to PDC

[pavan]

Hi All,

Has any one got an idea of how to make clients automatically 
find the BDC when the PDC is stopped. Both PDC and BDC are running by 
Samba authenticating again a LDAPSAM backend replicated on both the PDC 
with master LDAP database and BDC with replicated LDAP database. But 
when I stop PDC the clients are not detecting the BDC broadcast. I can 
see that the replication is of the OpenLDAP data is perfect.


Any idea of where i may be wrong??

thankx in advance.

pavan.

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Re: Strange Behavior with Read Only files 3.0.20b

[Jeremy Allison]

On Tue, Nov 15, 2005 at 05:17:42PM -0500, [EMAIL PROTECTED] wrote:
> I haven't had a chance to look at the list very carefully for the past few  
> weeks, so I apologize in advance if I'm asking a question that has recently 
> been  discussed. I seem to recall there has been some discussion about a 
> similar  
> situation to the one I am in. 
> 
> My situation is that I am having an issue  with READ ONLY files -- and seeing 
> very different behavior with Samba 3.0.20b  versus 3.0.13. Here's a simple 
> example to show what's happening. 
> 
> I have  two users called Jim and Bill. They are both members of the Linux 
> group  "editors". We have a Linux share called "Shared Files", and in that 
> share 
> are  three directories -- one called "bill", one called "jim" and one called 
> "common"  
> 
> We are using the "inherit permissions" feature of Samba in this Share.  And 
> we are focing all files created by bill and jim to be owned by the group  
> "editors"  with the SGID. 
> 
> The "bill" directory is owned by -u bill  -g editors, with permissions 
> rwxr-s 
> The "jim" directory is owned by -u  jim -g editors, with permissions 
> rwxr-s--- 
> The "common" directory is owned  by -u supervisor -g editors with permissions 
> rwxrws--- 
> 
> The way we have  set up this Samba share, Jim (working in Windows XP SP2) is 
> able to move a file  out of HIS "jim" directory and put it into the "common" 
> directory (where all  members of "editors" have write permission).
> 
> Under Samba 3.0.13, Bill can  then move the file out of the "common" 
> directory and put it in his own "bill"  directory" (where only HE has write 
> permission). 
> 
> However, under Samba  3.0.20b, Bill get's an error message saying Access 
> Denied, the file is Read  Only. 
> 
> My question is, is the behavior Iwe're seeing with 3.0.20b a BUG?  Is the 
> behavior from 3.0.13 a BUG. Which behavior will future Samba version be  
> expected 
> to follow from here after? 
>  
> Thanks in advance for your replies (especially the Samba.org folks). 

Can you send a debug level 10 log of this, also how is the client doing
this mode ? Via explorer ? I don't have access to a Windows XP box at
the moment (travelling). I'll be back home with access to my vmware
sessions on thursday.

Sounds like a bug but I'd like to reproduce it and check it's fixed
in 3.0.21 (might be the delete on close issue that got fixed...).

Jeremy.
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Access denied when creating a new local group

[Adam Nielsen]

Hi,

If I run this: (where LOCALHOST is the local server name)

 $ net rpc group add test -U LOCALHOST\\root

Then providing I've put in the correct password, I get this:

 add group failed: NT_STATUS_ACCESS_DENIED

I'm using "security = domain", so is there some reason why local groups
are not allowed in this configuration?  I've tried other accounts, but
whether they're mapped to the root user in username.map or not, I still
get the access denied error.

What is the correct way to create a local group when using
"security = domain"?

Thanks,
Adam.
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] "wbinfo -n administrator" failed

[Ephi Dror]

Hi  all,
 
I have a strange situation, I hope someone can tell me what's wrong.
 
I have a samba server 3.014a joined win2003 AD.
 
When I run "wbinfo -n administrator", I am getting an error: "Could not
lookup name administrator"
 
BUT
 
If I first run "wbinfo -u" I get the list of users successfully and then
when I run "wbinfo -n administrator",  the command now  succeed.
 
Any hint what went wrong?
 
I don't see it with other domain controllers I have.
 
Thanks,
Ephi
 
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Multiple Login scripts

[Thomas Bork]

Julian Pilfold-Bagwell wrote:

I have several rooms each with a printer, and nearly a thousand users divided 
into two main groups - pupils and teachers who change rooms on a routine 
basis. Is it possible to set up multiple login scripts that would be executed 
in sequence i.e. run by user is %u, and machine is %m is it possible to say 
run %u to set up shares followed by %m  to set up the right printers for the 
room their in?


How about something like

logonscript="%u.bat %m"

and a %u.bat ending with

call %1.bat

which calls %m.bat?


You can easyly extend this, for example:

logonscript="%g.bat %u %m"

for calling first the group batch %g.bat for the groups pupils and
teachers, then at the end from %g.bat you are calling first the user
batch %u.bat with

call %1.bat

and then the machine batch %m.bat with

call %2.bat

Nothing special is needed, no kixstart or perl scripting.



der tom
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] workstation service failing on Windows XP (Samba + LDAP)

[Martin]

Hello All,

 

Quoting Terry Wood:

 

Greetings,
I am having problems with about 80% of my Windows XP machines that 
are connected to a PDC. The PDC is running Fedora Core 2, Samba 3.0.3-5, 
openldap 2.1.29-1 ***, and kernel 2.6.5-1.358. The XPs that don't work 
are all very new machines and I am guessing that they are running a 
different version of XP than the ones that do work. All of the Win98 
machines I have connected to the PDC work without any problems.
 
Whenever the troublesome XPs successfully authenticate to the PDC, 
the workstation service (a.k.a. svchost.exe) dies. This closes the 
connection to the PDC (no drives can be mapped, roaming profiles cannot 
be found, etc). I can manually restart the workstation service, log off, 
then log back in and everything works fine until the XP machine is 
rebooted. Searching the internet, I have concluded that this is either a 
Samba bug or an ldap misconfiguration (or both) combined with the usual 
Microsoft crud. My question is : Is there a newer version of samba or a 
hotfix for XP that will correct this? If it is a ldap misconfiguration, 
can someone guide through a unmisconfiguration :) ? I am willing to post 
my smb.conf, any ldap conf file, and any more info upon request. I 
greatly appreciate anyone who helps.
 

I have a similar issue. I however run Nitix a flavour of Linux. When an
account is deleted and then readded with the same name on the Nitix box,
Windows fails to authenticate the user and says " server cannot be found".
Is it possible that the profile for the deleted user still resides somewhere
inhibiting future logins for users of the same name.

 

Please advise.

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] OpenLDAP and SAMBA

[Pavan krishna]

I have done the similar in my company and had the same problem, I have 
now a centralized authentication of the linux local user, email and 
samba user. You need to check for the ACS's in the slapd.conf file 
first, making sure that every one has the full rights on their account 
in LDAP and the root or ldap admin has the full rights on all the 
records in the ldap.


then make the changes in the nssswitch.conf file and then change the 
entries in the /etc/pam.d directory for samba & login & passwd files.


this should solve your problem but when playing with pam.d directory, 
make sure you are logged in some other terminal as you may lock yourself.


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Windows->LDAP->Samba

[Craig White]

On Tue, 2005-11-15 at 14:30 -0800, Mont Rothstein wrote:
> Sorry for being so vague, I was tring not to be :-)
> 
> I actually dived in days ago and I am swiming in docs, books, manuals,
> and webpages.
> 
> Part of my challenge is that I'm not ever sure of what questions to
> ask.
> 
> Jeff's reply has helped (thanks Jeff).  Looking up ldap authentication
> has brought me to pages I hadn't seen yet.  I'm not sure which ones I
> want yet, but it is a start.
> 
> I wish are had specific technical questions to ask, I really do.
> 
> I have an LDAP server up and running as well as Samba.  The two may or
> may not be integrated correctly together.
> 
> I believe my next step is to get a windows machine to authenticate to
> the Linux server via LDAP, without having to create a Unix account for
> the user.
> 
> The step after that will be to see if ACLs work.
> 
> If/when I get those two then I think I'll have what I need.
> 
> If you know any good pages on authenticting a windows client to a non-
> PDC Linux Directory Server, I would love to see them.
> 
> Thank you for taking the time to ponder my troubles.
> 

1 - an LDAP user (more accurately I think, a DN) would have both the
objectclasses and attributes relevant for all of the required resources
so your concept of not having to create a Linux account is absurd. If
you don't want the users to have home directories or profiles, there are
ways around that.

# ldapsearch -x -h localhost -D 'uid=craig,ou=People,dc=azapple,dc=com'
-W '(uid=craig)'
Enter LDAP Password:
# extended LDIF
#
# LDAPv3
# base <> with scope sub
# filter: (uid=craig)
# requesting: ALL
#

# craig, People, azapple.com
dn: uid=craig,ou=People,dc=azapple,dc=com
shadowLastChange: 12340
sambaLMPassword: NOT-RELEVANT
sambaNTPassword: NOT-RELEVANT
sn: White
givenName: Craig
sambaPwdCanChange: 1091395680
sambaPwdMustChange: 2147483647
sambaPwdLastSet: 1091395680
labeledURI: http://linuxserver/horde/kronolith/fb.php?c=craig
shadowMax: 9
sambaProfilePath: \\srv1\profiles\craig
sambaLogonScript: logon.bat
cn: Craig White
uidNumber: 500
shadowWarning: 7
sambaPrimaryGroupSID: S-1-5-21-1123456789-0123456789-0123456790-513
sambaAcctFlags: [U  ]
gecos: Craig White
userPassword:: NOT-RELEVANT
mail: [EMAIL PROTECTED]
uid: craig
sambaHomePath: \\srv1\homes\craig
homeDirectory: /home/craig
objectClass: posixAccount
objectClass: shadowAccount
objectClass: person
objectClass: inetOrgPerson
objectClass: sambaSamAccount
objectClass: top
objectClass: calEntry
gidNumber: 500
sambaDomainName: AZAPPLE
sambaSID: S-1-5-21-1123456789-0123456789-0123456790-1000
sambaHomeDrive: h:
calFBURL: http://srv1/horde/kronolith/fb.php?c=craig
loginShell: /bin/bash

keep working

Craig

PS - a plug for Gerry's book...

LDAP System Administration by Gerald Carter - getting a little old now,
but still a great book for getting your feet off the ground with ldap


-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Windows->LDAP->Samba

[Mont Rothstein]

Sorry for being so vague, I was tring not to be :-)

I actually dived in days ago and I am swiming in docs, books, manuals, and
webpages.

Part of my challenge is that I'm not ever sure of what questions to ask.

Jeff's reply has helped (thanks Jeff). Looking up ldap authentication has
brought me to pages I hadn't seen yet. I'm not sure which ones I want yet,
but it is a start.

I wish are had specific technical questions to ask, I really do.

I have an LDAP server up and running as well as Samba. The two may or may
not be integrated correctly together.

I believe my next step is to get a windows machine to authenticate to the
Linux server via LDAP, without having to create a Unix account for the user.

The step after that will be to see if ACLs work.

If/when I get those two then I think I'll have what I need.

If you know any good pages on authenticting a windows client to a non-PDC
Linux Directory Server, I would love to see them.

Thank you for taking the time to ponder my troubles.

-Mont


On 11/15/05, Craig White <[EMAIL PROTECTED]> wrote:
>
> On Tue, 2005-11-15 at 12:23 -0800, Mont Rothstein wrote:
> > I am hoping someone can tell me if I am trying something that can't be
> done.
> >
> > What I would like to be able to do is setup a Linux file server that
> Windows
> > users can use, including the use of ACLs. AFIK this should not be a
> problem.
> >
> > The way I would like to go about doing this is what may be a problem.
> >
> > I would like to be able to add a user to the Directory Server (Fedora)
> and
> > only via interaction with the Directory Server enable the user to access
> the
> > Linux file server via Samba. The Samba server would simply be a file
> server,
> > not a PDC. Everything I have found thus far seems to require that I
> manually
> > create a Unix account for each user, and then add the Unix user to Samba
> and
> > LDAP.
> >
> > Is the way I want to do this not possible, or am I simply reading the
> wrong
> > docs/being a foolish noobie?
> >
> > I should also note that I am not tied to Fedora Directory Server if
> OpenLDAP
> > can do this but Fedora can't.
> >
> > If anyone can confirm that I can/can not do what I want I would greatly
> > appreciate it.
> 
> You make it really difficult to answer this because your questions focus
> only on the Posix side and what we are dealing with is Windows
> authentication and access to resources and obviously we need to account
> for Windows expectations for the Windows client to have a usable
> experience.
>
> LDAP can be a bunch of different things because it is a piece of putty
> to be shaped however you choose - the various implementations may or may
> not be limiting factors.
>
> Samba's expectations is that it ties a Windows authentication (generally
> a password hash and SID) to a Posix Account (a shell valid or not and a
> home directory) and the combination is used to evaluate access to
> resources. The beauty of open source is that the tools are there for you
> to modify as you see fit but you must always keep in mind that it's
> easier to swim in the direction of the tides.
>
> If your question is Fedora Directory Server or openldap, I simply can't
> answer that because I only have used openldap - perhaps some others can.
> I can tell you that for the most part, data can be migrated between the
> two (possibly with some editing but knowledge of perl/sed etc. can make
> that a much easier task) and that the knowledge of one ldap server will
> certainly leverage against learning the other.
>
> The only way for you to actually answer your question is to jump in
> because your question is a bit too general on all things windows and all
> things ldap to give you a specific answer.
>
> Craig
>
>
> --
> This message has been scanned for viruses and
> dangerous content by MailScanner, and is
> believed to be clean.
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/listinfo/samba
>
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Strange Behavior with Read Only files 3.0.20b

[AndyLiebman]

I haven't had a chance to look at the list very carefully for the past few  
weeks, so I apologize in advance if I'm asking a question that has recently 
been  discussed. I seem to recall there has been some discussion about a 
similar  
situation to the one I am in. 

My situation is that I am having an issue  with READ ONLY files -- and seeing 
very different behavior with Samba 3.0.20b  versus 3.0.13. Here's a simple 
example to show what's happening. 

I have  two users called Jim and Bill. They are both members of the Linux 
group  "editors". We have a Linux share called "Shared Files", and in that 
share 
are  three directories -- one called "bill", one called "jim" and one called 
"common"  

We are using the "inherit permissions" feature of Samba in this Share.  And 
we are focing all files created by bill and jim to be owned by the group  
"editors"  with the SGID. 

The "bill" directory is owned by -u bill  -g editors, with permissions 
rwxr-s 
The "jim" directory is owned by -u  jim -g editors, with permissions 
rwxr-s--- 
The "common" directory is owned  by -u supervisor -g editors with permissions 
rwxrws--- 

The way we have  set up this Samba share, Jim (working in Windows XP SP2) is 
able to move a file  out of HIS "jim" directory and put it into the "common" 
directory (where all  members of "editors" have write permission).

Under Samba 3.0.13, Bill can  then move the file out of the "common" 
directory and put it in his own "bill"  directory" (where only HE has write 
permission). 

However, under Samba  3.0.20b, Bill get's an error message saying Access 
Denied, the file is Read  Only. 

My question is, is the behavior Iwe're seeing with 3.0.20b a BUG?  Is the 
behavior from 3.0.13 a BUG. Which behavior will future Samba version be  
expected 
to follow from here after? 
 
Thanks in advance for your replies (especially the Samba.org folks). 
 
Andy Liebman
 
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Share access error

[Craig White]

On Tue, 2005-11-15 at 12:34 -0800, Ravi Natarajan wrote:
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] On Behalf Of
> Ravi Natarajan
> Sent: Friday, November 11, 2005 1:11 PM
> To: samba@lists.samba.org
> Subject: [Samba] STATUS_OBJECT_NAME_INVALID error
> 
> Hi,
> 
>  
> 
> I tried to access a file share on a Windows 2003 server that has around
> 150 other directories. It didn't succeed, the tcp dump indicates that
> the server returns STATUS_OBJECT_NAME_INVALID error for the trans2
> request (FIND_NEXT2). I can successfully access other directories on the
> server that has fewer directories. My samba client is version 2.2.7. I
> would appreciate if some one could help resolving this issue.
> 

samba 2.2.7 is ancient and should be updated.

the entire samba 2.2.x is obsolete but if you are intent on running
2.2.x, update to final which I think was 2.2.28

For samba 2.2.x to access things like Win2K3 servers, I think you need
to pull down the security features in the Win2K3 servers' local policy
requiring signorseal... I think you will find this stuff by googling
samba signorseal

Note...Samba 3.0.x does not require this

Craig


-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Windows->LDAP->Samba

[Craig White]

On Tue, 2005-11-15 at 12:23 -0800, Mont Rothstein wrote:
> I am hoping someone can tell me if I am trying something that can't be done.
> 
> What I would like to be able to do is setup a Linux file server that Windows
> users can use, including the use of ACLs. AFIK this should not be a problem.
> 
> The way I would like to go about doing this is what may be a problem.
> 
> I would like to be able to add a user to the Directory Server (Fedora) and
> only via interaction with the Directory Server enable the user to access the
> Linux file server via Samba. The Samba server would simply be a file server,
> not a PDC. Everything I have found thus far seems to require that I manually
> create a Unix account for each user, and then add the Unix user to Samba and
> LDAP.
> 
> Is the way I want to do this not possible, or am I simply reading the wrong
> docs/being a foolish noobie?
> 
> I should also note that I am not tied to Fedora Directory Server if OpenLDAP
> can do this but Fedora can't.
> 
> If anyone can confirm that I can/can not do what I want I would greatly
> appreciate it.

You make it really difficult to answer this because your questions focus
only on the Posix side and what we are dealing with is Windows
authentication and access to resources and obviously we need to account
for Windows expectations for the Windows client to have a usable
experience.

LDAP can be a bunch of different things because it is a piece of putty
to be shaped however you choose - the various implementations may or may
not be limiting factors.

Samba's expectations is that it ties a Windows authentication (generally
a password hash and SID) to a Posix Account (a shell valid or not and a
home directory) and the combination is used to evaluate access to
resources. The beauty of open source is that the tools are there for you
to modify as you see fit but you must always keep in mind that it's
easier to swim in the direction of the tides.

If your question is Fedora Directory Server or openldap, I simply can't
answer that because I only have used openldap - perhaps some others can.
I can tell you that for the most part, data can be migrated between the
two (possibly with some editing but knowledge of perl/sed etc. can make
that a much easier task) and that the knowledge of one ldap server will
certainly leverage against learning the other.

The only way for you to actually answer your question is to jump in
because your question is a bit too general on all things windows and all
things ldap to give you a specific answer.

Craig


-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

RE: [Samba] Multiple Login scripts

[Paul Gienger]

> basis. Is it possible to set up multiple login scripts that 
> would be executed 
> in sequence i.e. run by user is %u, and machine is %m is it 
> possible to say 
> run %u to set up shares followed by %m  to set up the right 
> printers for the 
> room their in?

With some clever scripting, anything is possible.  Some folks like to use
the built in dos scripting methods to do flow control, some like to use
kixtart(spelling?) and some like to use server side scripting to generate
static login scripts.  I can only comment on the latter.

We have a perl script set in the prelogon section of netlogon that will
determine lots of fun stuff about the user and where they are coming from.
Once the script has determined who/what is connecting and where from, it
will write out a batch file into the netlogon share that the user then
executes, since our logon script variable is something like %U.bat

If that gets you thinking, great, if not post back.

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Multiple Login scripts

[Tomasz Chmielewski]

Julian Pilfold-Bagwell schrieb:

Hi all,

Just a quick question about login scripts for a large number of users who 
change rooms a lot.


I have several rooms each with a printer, and nearly a thousand users divided 
into two main groups - pupils and teachers who change rooms on a routine 
basis. Is it possible to set up multiple login scripts that would be executed 
in sequence i.e. run by user is %u, and machine is %m is it possible to say 
run %u to set up shares followed by %m  to set up the right printers for the 
room their in?


what if you put into each user's script something like:

\\server\scripts\machines\%COMPUTERNAME%.bat

(computer-specific script)?


--
Tomek
http://wpkg.org
WPKG - software deployment and upgrades with Samba

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Multiple Login scripts

[Joachim Kieferle]

Julian Pilfold-Bagwell wrote:


Hi all,

Just a quick question about login scripts for a large number of users who 
change rooms a lot.


I have several rooms each with a printer, and nearly a thousand users divided 
into two main groups - pupils and teachers who change rooms on a routine 
basis. Is it possible to set up multiple login scripts that would be executed 
in sequence i.e. run by user is %u, and machine is %m is it possible to say 
run %u to set up shares followed by %m  to set up the right printers for the 
room their in?
 



Dear Julian,

you might have a look at "http://www.kixtart.org";. It should do, what 
you need.


Best

Joachim
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Windows-style quota / "profile size too big" warning?

[Tomasz Chmielewski]

Josh Kelley schrieb:

On 11/15/05, Jeremy Allison <[EMAIL PROTECTED]> wrote:


On Tue, Nov 15, 2005 at 08:44:30PM +0100, Tomasz Chmielewski wrote:


hmm don't know.

I just saw a similar window here where I work, and searched the internet
for something that looks similar.

But AFAIK, we don't install any 3rd party tools here, just a pure XP SP2.


Hmmm. If it's a group policy option we don't currently support it.



It's Group Policy, but it's implemented entirely on the client.  I
just tested it out against a Samba PDC with no server-side quotas
enabled, and it works.

Setting each computer's group policy without an Active Directory is
harder, but it's still doable.  (You could do it manually in
gpedit.msc, or try using a tool like Nitrobit, or try setting the
registry keys manually or with a script.)


could you elaborate some more about it (how you did it etc.)?

if it's just a couple of registry entries, it would be easy to add on 
each client even without Group Policy.



--
Tomek
http://wpkg.org
WPKG - software deployment and upgrades with Samba
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Locking Problems with Tracker 97

[Vitnam1]

hi
send me a copy of tracker 97 and i will see if i can help you. have you  
installed the application as a shared(see dos) booklet.
 
contact me at 
 
 [EMAIL PROTECTED] 
(mailto:[EMAIL PROTECTED]) 
 
cheers 
sal.
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Multiple Login scripts

[Julian Pilfold-Bagwell]

Hi all,

Just a quick question about login scripts for a large number of users who 
change rooms a lot.

I have several rooms each with a printer, and nearly a thousand users divided 
into two main groups - pupils and teachers who change rooms on a routine 
basis. Is it possible to set up multiple login scripts that would be executed 
in sequence i.e. run by user is %u, and machine is %m is it possible to say 
run %u to set up shares followed by %m  to set up the right printers for the 
room their in?

Thanks in advance...

Cheers,

Jpb 
-- 

Julian Pilfold-Bagwell
Borden Grammar School
Avenue of Remembrance
Sittingbourne
Kent
ME10 4DB

Tel: (+44)1795 424192 ext 121
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Share access error

[Ravi Natarajan]

From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of
Ravi Natarajan
Sent: Friday, November 11, 2005 1:11 PM
To: samba@lists.samba.org
Subject: [Samba] STATUS_OBJECT_NAME_INVALID error

Hi,

 

I tried to access a file share on a Windows 2003 server that has around
150 other directories. It didn't succeed, the tcp dump indicates that
the server returns STATUS_OBJECT_NAME_INVALID error for the trans2
request (FIND_NEXT2). I can successfully access other directories on the
server that has fewer directories. My samba client is version 2.2.7. I
would appreciate if some one could help resolving this issue.

 

Thanks

Ravi

 

 

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Windows-style quota / "profile size too big" warning?

[Josh Kelley]

On 11/15/05, Jeremy Allison <[EMAIL PROTECTED]> wrote:
> On Tue, Nov 15, 2005 at 08:44:30PM +0100, Tomasz Chmielewski wrote:
> >
> > hmm don't know.
> >
> > I just saw a similar window here where I work, and searched the internet
> > for something that looks similar.
> >
> > But AFAIK, we don't install any 3rd party tools here, just a pure XP SP2.
>
> Hmmm. If it's a group policy option we don't currently support it.

It's Group Policy, but it's implemented entirely on the client.  I
just tested it out against a Samba PDC with no server-side quotas
enabled, and it works.

Setting each computer's group policy without an Active Directory is
harder, but it's still doable.  (You could do it manually in
gpedit.msc, or try using a tool like Nitrobit, or try setting the
registry keys manually or with a script.)

Josh Kelley
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Windows->LDAP->Samba

[Mont Rothstein]

I am hoping someone can tell me if I am trying something that can't be done.

What I would like to be able to do is setup a Linux file server that Windows
users can use, including the use of ACLs. AFIK this should not be a problem.

The way I would like to go about doing this is what may be a problem.

I would like to be able to add a user to the Directory Server (Fedora) and
only via interaction with the Directory Server enable the user to access the
Linux file server via Samba. The Samba server would simply be a file server,
not a PDC. Everything I have found thus far seems to require that I manually
create a Unix account for each user, and then add the Unix user to Samba and
LDAP.

Is the way I want to do this not possible, or am I simply reading the wrong
docs/being a foolish noobie?

I should also note that I am not tied to Fedora Directory Server if OpenLDAP
can do this but Fedora can't.

If anyone can confirm that I can/can not do what I want I would greatly
appreciate it.

Thanks,
-Mont
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] What's a preferred linux distribution for my needs...

[Merle Reine]

If you want the best, most up to date, easiest to manage and most widely 
used distro (that is free anyways) , use CentOS.  Latest version is 4.2 
and available here:


http://centos.org


Christian Tylko wrote:


I've gone through samba.org and have tried to go through the samba archives
(but there are too many posts and too little time) to get an answer.



I would like to set up samba for simple file sharing (non-domain) using an
un-attended PC; i.e. I want the PC to be able to turn on or recover from a
power failure and load and run samba without any manual intervention
whatsoever.



Could someone please suggest an appropriate, simple and compact linux
distribution I could use? I think that once I have that running properly
samba should be relatively simple for the config I need.



A number of years ago I had a linux box running as a NAT router.the whole
thing ran off a floppy disk. Obviously this box would have one or more large
HD's so it can boot off one of the HD's.it's the simplicity I'm looking for.



Any chance there's a pre-packaged linux distribution with samba ready to
install?



Many thanks for any help.



Chris T



 


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] SWAT not accessible from remote sites

[Merle Reine]

"only_from = 127.0.0.1"

It looks like this option is only allowing users to access swat from the 
localhost (127.0.0.1).


You will need to change this option.


Kenny Sanders wrote:


Hello,

I am not able to access SWAT from any other host besides the one running
the SWAT daemon.

No firewall blocking access on either side.

# netstat -lnt | grep 901
tcp0  0 0.0.0.0:901 0.0.0.0:* 
LISTEN


works fine connecting from localhost using:
lynx localhost:901

Unavailable using public IP on a remote host.. i.e. going into Firefox and
http://1.2.3.4:901

SWAT is configured through xinetd:

# cat /etc/xinetd.d/swat
# default: off
# description: SWAT is the Samba Web Admin Tool. Use swat \
#  to configure your Samba server. To use SWAT, \
#  connect to port 901 with your favorite web browser.
service swat
{
   disable = no
   port= 901
   socket_type = stream
   wait= no
   only_from   = 127.0.0.1
   user= root
   server  = /usr/sbin/swat
   log_on_failure  += USERID
}

TIA,
Kenny Sanders
 


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Re: Security=user half as fast as share. Why?

[Merle Reine]

Try this, it sped mine up quite a bit:

in globals,

socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 
IPTOS_LOWDELAY IPTOS_THROUGHPUT



Do a man on smb.conf for an explanation of what they do to speed things up.

[EMAIL PROTECTED] wrote:



samba1.20.cdunham at spamgourmet.com escreveu:
> I'm running Suse 9.2 (kernel 2.6.8-24) with Samba 3.0.20b
>
> When I use security=user, my read/write performance is less than half
> the peformance with security=share.  Why?  There are no other changes,
> but performance is never better than half the speed.  This happens 
with

> WinXP, Win2K and Win98 clients, so I don't think the client
> configuration is the problem.  Network is gigabit, with Intel Pro/1000
> adapters.

 Did you setup the socket options?

 security = share has five "extra" steps to check the user,
perhaps it could be a delay from the backend (LDAP or winbind).

 Kind regards,



I'm not sure what you mean by socket options.  My smb.conf is shown 
below. I'm not using LDAP or winbind. No domain, just a workgroup.


My smb.conf file is:

[global]
workgroup = MYWORKGROUP
netbios name = SERVER1
wins support = yes
domain master = yes
local master = yes
preferred master = yes
os level = 65
map to guest = Bad User

restrict anonymous = no
server signing = Auto

[test]
comment = test
path = /home/users
read only = no
guest ok = yes



--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] () Unable to connect samba server using hostname

[updatemyself .]

Hai All,

I am Unable to connect samba server using hostname
the thing is.. its happen only from few windows machine
in my network... but they can access the sambe share
using IPAddress.. as like all other machine

All the other Windows system in my network can access samba share
using both... IP Address and Hostname..
This creating a big headache for me.
please suggest some solution to solve this problems...


Here is my smb.conf file configuration...

#=== Global Settings

[global]

workgroup = MYDOMAIN
server string = Samba Server
log file = /var/log/samba/%m.log
max log size = 50
security = ads
encrypt passwords = yes
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
dns proxy = no


#=== Share Definitions
==
#ldap idmap suffix = ou=emplist,dc=dqe,dc=com
password server = 172.16.20.200 
realm = MYDOMAIN.COM 
idmap uid = 16777216-33554431
idmap gid = 16777216-33554431
template shell = /bin/bash
template homedir = /home/%D/%U
allow trusted domains = no
idmap backend = idmap_rid:DQE=16777216-33554431
winbind use default domain = yes


[vol08]
path = /vol08_700
writable = yes
public = yes
nt acl support = yes
create mask = 0755
security mask = 0755
inherit permissions = yes
inherit acls = yes
force security mode = 0
directory security mask = 0777
force directory security mode = 0


=
Please Share Your knowledge to solve this problem...

Thank You in Advance,

Regards,
Jerrynikki.
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Windows-style quota / "profile size too big" warning?

[Jeremy Allison]

On Tue, Nov 15, 2005 at 08:44:30PM +0100, Tomasz Chmielewski wrote:
> Thomas Bork schrieb:
> >Tomasz Chmielewski wrote:
> >
> >>>Any chance of sending in a network trace when this message is
> >>>received ? We need to see how the client is getting this message
> >>>in order to be able to do the same.
> >>
> >>yeah why not, just tell me what do I have to capture (and how?) and 
> >>I'll try to do it.
> >
> >
> >Mmmh:
> >http://www.windowsitpro.com/Windows/Article/ArticleID/5057/5057.html
> >
> >Isn't proquota a client based tool? Think the checks for profile quotas 
> >are taking place locally and the message will be send locally.
> 
> hmm don't know.
> 
> I just saw a similar window here where I work, and searched the internet 
> for something that looks similar.
> 
> But AFAIK, we don't install any 3rd party tools here, just a pure XP SP2.

Hmmm. If it's a group policy option we don't currently support it.

Jeremy
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Windows-style quota / "profile size too big" warning?

[Tomasz Chmielewski]

Thomas Bork schrieb:

Tomasz Chmielewski wrote:


Any chance of sending in a network trace when this message is
received ? We need to see how the client is getting this message
in order to be able to do the same.


yeah why not, just tell me what do I have to capture (and how?) and 
I'll try to do it.



Mmmh:
http://www.windowsitpro.com/Windows/Article/ArticleID/5057/5057.html

Isn't proquota a client based tool? Think the checks for profile quotas 
are taking place locally and the message will be send locally.


hmm don't know.

I just saw a similar window here where I work, and searched the internet 
for something that looks similar.


But AFAIK, we don't install any 3rd party tools here, just a pure XP SP2.

--
Tomek
http://wpkg.org
WPKG - software deployment and upgrades with Samba
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Windows-style quota / "profile size too big" warning?

[Josh Kelley]

On 11/15/05, Tomasz Chmielewski <[EMAIL PROTECTED]> wrote:
> With Windows domain controllers with when the profile size is too big
> (and there are limits appled), when the user logs out, he/she gets a
> warning, and a list of files, sorted from the biggest, to the smallest.
>
> Is it possible to do something like that with a Samba domain controller?

You can do this client-side with Group Policy; no server quota support
is needed.  (proquota, in the article you linked to, is apparently
just a client-side tool, and it looks like it was replaced by Group
Policy settings in Win2K and above.)

Start -> Run -> gpedit.msc
Go under User Configuration, Administrative Templates, System, User Profiles.
Double-click on "Limit profile size" and reivew the options there.

Josh Kelley
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Samba 2.2 to Samba 3.0 migration - LDAP backend

[Josh Kelley]

On 11/15/05, Daniel Bramkamp <[EMAIL PROTECTED]> wrote:
> I am having some issues migrating a Samba 2.2 installation to Samba
> 3.0. I am using the LDAP backend and converted the LDAP database to the
> new schema using the provided convertSambaAccount script. As far as I
> can tell that worked fine. The new ldif file has everything in it.
> Populating the LDAP database with the converted ldif file works ok as
> well. However, when I try to login to the domain using a windows box
> the sambaNTpassword and sambaLMpassword attributes are deleted from the
> directory and I get an error. The same happens when I access Samba via
> smbclient -U administrator -L IP. Prior to that the attributes do exist.
>
> After using smbpasswd to set the password again everything works as
> expected. Any ideas what is causing this behaviour or if I made a
> mistake while migrating the database ?

It sounds like you might be running into the issue described here:
http://marc.theaimsgroup.com/?l=samba&m=113207146109418&w=2

Josh Kelley
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Pronounciation

[Gerald (Jerry) Carter]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Mark Adams wrote:
> Hi.
> 
>   I have search for the answer to this question, to no avail.  Does
> anybody know the authoritative pronounciation of  samba.  Maybe there
> isn't an authoritative pronounciation.  If anybody can help me I would
> greatly appreciate it.

It depends on whether you are Australian, British, or American.
:-)  Some say SAHM-ba (like the dance).  And others say "SAM-ba"
(like the proper name...Sam).  You're probably safer with the
first one.






cheers, jerry
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.0 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFDejQsIR7qMdg1EfYRAjF8AJ40u6SpW2MYI0atTZM22yqZyulkGQCg1Z0H
6idlgefohEUC0E1ucrDI7z8=
=ua6l
-END PGP SIGNATURE-
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Windows-style quota / "profile size too big" warning?

[Thomas Bork]

Tomasz Chmielewski wrote:


Any chance of sending in a network trace when this message is
received ? We need to see how the client is getting this message
in order to be able to do the same.
yeah why not, just tell me what do I have to capture (and how?) and I'll 
try to do it.


Mmmh:
http://www.windowsitpro.com/Windows/Article/ArticleID/5057/5057.html

Isn't proquota a client based tool? Think the checks for profile quotas 
are taking place locally and the message will be send locally.



der tom
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Fwd: [Samba] Pronounciation

[Zach]

Ment to send this to the list


I believe the pronounciation for the dance of the same name applies:
http://dictionary.reference.com/search?q=samba



On 11/15/05, Mark Adams <[EMAIL PROTECTED]> wrote:
>
> Hi.
>
> I have search for the answer to this question, to no avail.  Does
> anybody know the authoritative pronounciation of  samba.  Maybe there
> isn't an authoritative pronounciation.  If anybody can help me I would
> greatly appreciate it.
>
>
> Thanks,
> -Mark
>
> The information contained in this e-mail message is privileged and/or
> confidential and is intended only for the use of the individual or entity
> named above.  If the reader of this message is not the intended
> recipient, or the employee or agent responsible to deliver it to the
> intended recipient, you are hereby notified that any dissemination,
> distribution or copying of this communication is strictly prohibited.
> If you have received this communication in error, please immediately
> notify us by telephone (330-668-5000), and destroy the original
> message.  Thank you.
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/listinfo/samba
>


--
If you reply to a message I posted to a mailing list,
and you want me to see your reply, be sure to put my
address in the 'To:', or I might not see the message.


--
If you reply to a message I posted to a mailing list,
and you want me to see your reply, be sure to put my
address in the 'To:', or I might not see the message.
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Samba 2.2 to Samba 3.0 migration - LDAP backend

[Daniel Bramkamp]

Hi list,

I am having some issues migrating a Samba 2.2 installation to Samba 
3.0. I am using the LDAP backend and converted the LDAP database to the 
new schema using the provided convertSambaAccount script. As far as I 
can tell that worked fine. The new ldif file has everything in it. 
Populating the LDAP database with the converted ldif file works ok as 
well. However, when I try to login to the domain using a windows box 
the sambaNTpassword and sambaLMpassword attributes are deleted from the 
directory and I get an error. The same happens when I access Samba via 
smbclient -U administrator -L IP. Prior to that the attributes do exist.


After using smbpasswd to set the password again everything works as 
expected. Any ideas what is causing this behaviour or if I made a 
mistake while migrating the database ?


Thanks in advance

--
Daniel Bramkamp

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Windows-style quota / "profile size too big" warning?

[Tomasz Chmielewski]

Jeremy Allison schrieb:

On Tue, Nov 15, 2005 at 04:09:29PM +0100, Tomasz Chmielewski wrote:

With Windows domain controllers with when the profile size is too big 
(and there are limits appled), when the user logs out, he/she gets a 
warning, and a list of files, sorted from the biggest, to the smallest.


To get an idea how it looks like, here's a screenshot:

http://www.windowsitpro.com/Files/5057/Screen_03.gif
http://www.windowsitpro.com/Windows/Article/ArticleID/5057/5057.html


Is it possible to do something like that with a Samba domain controller?

With quota enabled on a Samba server, user just gets a small error 
window, and has to scroll down and read a lot of text to understand what 
happened (and in the end he/she will probably not notice/understand that 
the profile wasn't uploaded back to the server, which means some data 
may be lost).



Any chance of sending in a network trace when this message is
received ? We need to see how the client is getting this message
in order to be able to do the same.


yeah why not, just tell me what do I have to capture (and how?) and I'll 
try to do it.



--
Tomek
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Windows-style quota / "profile size too big" warning?

[Jeremy Allison]

On Tue, Nov 15, 2005 at 04:09:29PM +0100, Tomasz Chmielewski wrote:
> With Windows domain controllers with when the profile size is too big 
> (and there are limits appled), when the user logs out, he/she gets a 
> warning, and a list of files, sorted from the biggest, to the smallest.
> 
> To get an idea how it looks like, here's a screenshot:
> 
> http://www.windowsitpro.com/Files/5057/Screen_03.gif
> http://www.windowsitpro.com/Windows/Article/ArticleID/5057/5057.html
> 
> 
> Is it possible to do something like that with a Samba domain controller?
> 
> With quota enabled on a Samba server, user just gets a small error 
> window, and has to scroll down and read a lot of text to understand what 
> happened (and in the end he/she will probably not notice/understand that 
> the profile wasn't uploaded back to the server, which means some data 
> may be lost).

Any chance of sending in a network trace when this message is
received ? We need to see how the client is getting this message
in order to be able to do the same.

Jeremy.
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Pronounciation

[Mark Adams]

Hi.

I have search for the answer to this question, to no avail.  Does
anybody know the authoritative pronounciation of  samba.  Maybe there
isn't an authoritative pronounciation.  If anybody can help me I would
greatly appreciate it.


Thanks,
-Mark

The information contained in this e-mail message is privileged and/or
confidential and is intended only for the use of the individual or entity
named above.  If the reader of this message is not the intended
recipient, or the employee or agent responsible to deliver it to the
intended recipient, you are hereby notified that any dissemination,
distribution or copying of this communication is strictly prohibited.
If you have received this communication in error, please immediately
notify us by telephone (330-668-5000), and destroy the original
message.  Thank you. 
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] samba 3.0.20b-2 debian sarge - make_connection: refusing to connect with no session setup

[Nico De Wilde]

Hi,

After installing service pack 1 on our SBS 2K3 server, mac osx client (10.4.3) 
couldn't connect anymore (make_connection: refusing to connect with no session 
setup), so I upgraded to 3.0.20b-2 but the problem didn't go away. 

smb.conf:

[global]
realm = SOMEDOMAIN.LOCAL
workgroup = SOMEDOMAIN
password server = 192.168.1.5
security = ADS
encrypt passwords = true
client schannel = no

winbind separator = +
idmap uid = 1-2
idmap gid = 1-2
winbind enum users=yes
winbind enum groups=yes


# The shares

[Xserver]
create mask = 700
comment = Xserver
read only = no
writeable = yes
path = /Xserver
user = @"CHOCOWEB+domain users"

[Xserver-clean]
create mask = 700
comment = Nieuwe structuur Xserver
read only = no
writeable = yes
path = /mnt/usbdrive
user = @"CHOCOWEB+domain users"
preserve case = yes

Lots of entries in the log.smbd file:

Standard loglevel:

[2005/11/15 17:11:07, 1] smbd/service.c:make_connection(731)
  make_connection: refusing to connect with no session setup
[2005/11/15 17:11:10, 1] smbd/service.c:make_connection(731)
  make_connection: refusing to connect with no session setup

loglevel 10:

[2005/11/15 16:20:06, 10] lib/util.c:dump_data(2053)
  [000] 00 5C 00 5C 00 58 00 53  00 45 00 52 00 56 00 45  .\.\.X.S .E.R.V.E
  [010] 00 52 00 5C 00 49 00 50  00 43 00 24 00 00 00 3F  .R.\.I.P .C.$...?
  [020] 3F 3F 3F 3F 00.
[2005/11/15 16:20:06, 3] smbd/process.c:switch_message(900)
  switch message SMBtconX (pid 20552) conn 0x0
[2005/11/15 16:20:06, 3] smbd/sec_ctx.c:set_sec_ctx(288)
  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2005/11/15 16:20:06, 5] auth/auth_util.c:debug_nt_user_token(452)
  NT user token: (NULL)
[2005/11/15 16:20:06, 5] auth/auth_util.c:debug_unix_user_token(473)
  UNIX token of user 0
  Primary group is 0 and contains 0 supplementary groups
[2005/11/15 16:20:06, 5] smbd/uid.c:change_to_root_user(319)
  change_to_root_user: now uid=(0,0) gid=(0,0)
[2005/11/15 16:20:06, 4] smbd/reply.c:reply_tcon_and_X(618)
  Client requested device type [?] for share [IPC$]
[2005/11/15 16:20:06, 1] smbd/service.c:make_connection(731)
  make_connection: refusing to connect with no session setup
[2005/11/15 16:20:06, 3] smbd/error.c:error_packet(147)
  error packet at smbd/reply.c(626) cmd=117 (SMBtconX) NT_STATUS_ACCESS_DENIED
[2005/11/15 16:20:06, 5] lib/util.c:show_msg(454)
[2005/11/15 16:20:06, 5] lib/util.c:show_msg(464)

Can somebody shed a light on this? I completely stuck.

Regards,

Nico
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] When to use Winbind ??

[Gerald (Jerry) Carter]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Gary MacKay wrote:

> Am I correct that you only need to run winbind if you have 
> other servers are involved? If all I have is a samba server
> acting as the PDC and that is it, I do not need to run
> winbind, right?

The common reasons to run winbindd are

(a) handling users from windows domains (including trusted ones), and
(b) handling NTLM authentication for Unix processes such as
pam_winbindd or the ntlm_auth tool.




cheers, jerry
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.0 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFDehd9IR7qMdg1EfYRAjCHAJsE8SGlIselnwpasJbu7XGxCPSVtACfatvI
d/pMdb1ONifbw4PvmtHUGTE=
=1sgU
-END PGP SIGNATURE-
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Re: Debian Binary Packages from samba.org

[Michael Lueck]

Simo Sorce wrote:


Any suggestion is very welcome, feel free to write me, or keep me in Cc
as I often miss [EMAIL PROTECTED] threads.


Hi Simo-

Thanks for the great packaging work. We have upgraded two of our Debian Sarge 
production servers, after one Debian Sarge test server-ala-laptop and all is 
working well with these packages.

Your effort to maintain these binary packages is greatly appreciated!

--
Michael Lueck
Lueck Data Systems
http://www.lueckdatasystems.com/

Remove the upper case letters NOSPAM to contact me directly.

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] When to use Winbind ??

[Gary MacKay]

Am I correct that you only need to run winbind if you have other servers 
are involved? If all I have is a samba server acting as the PDC and that 
is it, I do not need to run winbind, right?


   The samba by example book shows using chkconfig to start smb, dhcpd, 
etc., but does not mention winbind. Later on it shows doing a 'ps ax' 
and it shows winbind running. Just wanted to confirm.

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] D flag at sambaAcctFlags

[Gerald (Jerry) Carter]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

[EMAIL PROTECTED] wrote:
> Hello,
> 
> I have a server with Samba(3.0.13-1.1)/OpenLDAP and
> sometimes my users get a D flag at sambaAcctFlags.
> 
> There are some users that don´t have all the samba
> attributes yet.
> 
> I would like to know why it happens. Which
> actions/attributes can tell to samba turn de D flag
> on?

Please read the release notes for 3.0.2a.  User's without
a valid sambaPwdLastSet time are disabled.



*** Attention! Achtung! Kree! *

Beginning with Samba 3.0.2, passwords for accounts with a last
change time (LCT-XXX in smbpasswd, sambaPwdLastSet attribute in
ldapsam, etc...) of zero (0) will be regarded as uninitialized
strings.  This will cause authentication to fail for such
accounts.  If you have valid passwords that meet this criteria,
you must update the last change time to a non-zero value.  If you
do not, then  'pdbedit --force-initialized-passwords' will disable
these accounts and reset the password hashes to a string of X's.

*** Attention! Achtung! Kree! *






cheers, jerry
=
Alleviating the pain of Windows(tm)  --- http://www.samba.org
GnuPG Key- http://www.plainjoe.org/gpg_public.asc
"There's an anonymous coward in all of us."   --anonymous
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.0 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFDegndIR7qMdg1EfYRAhGzAKDCtonsGXYXGLzHVKwYdPe8DvE+awCg3rXQ
GBfjy7n94sDvrxi0xD/oOzU=
=mrm4
-END PGP SIGNATURE-
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Re: Using group membership to access a symlink directory

[Chris Barnes]

> Can you access this on linux as the user?  ie, if you remove samba 
> from
> the equation, does it work?

Yes.

[EMAIL PROTECTED] cbarnes]$ id
uid=834(cbarnes) gid=503(staff) groups=503(staff),509(website)

[EMAIL PROTECTED] cbarnes]$ ls -alF www
lrwxrwxrwx  1 cbarnes website 37 Nov  9 11:33 www -> 
/home/websites/www2.physics.tamu.edu/

[EMAIL PROTECTED] cbarnes]$ cd www
[EMAIL PROTECTED] www]$ ls -dalF .  drwxrwsr-x  24 root website 4096 Nov 15
[EMAIL PROTECTED] www]$ touch hi
[EMAIL PROTECTED] www]$ ls -alF hi
-rw-r--r--  1 cbarnes website 0 Nov 15 09:07 hi

-- 

+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Chris Barnes   AOL IM: CNBarnes
[EMAIL PROTECTED]Yahoo IM: chrisnbarnes



-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] OpenLDAP and SAMBA

[John H Terpstra]

On Tuesday 15 November 2005 02:00, Tomasz Chmielewski wrote:
> Miguel Lopez schrieb:
> > Hi everybody!
> >
> > In my company, we want to migrate from Windows NT to a Linux PDC. I am
> > responsible for the change so I am searching for the best solution.
> > After some time surfnig in google, I decide to use a LDAP server for
> > users maintenance and SAMBA as a file server. and PDC controller
> >
> > The first step was configure LDAP for autenticating linux users, which
> > works fine. Then I configure SAMBA for file sharing using local
> > autentication (ie against passwd file) and works fine too. My problem
> > appears when i try to autenticate the SAMBA users against the LDAP
> >
> > I think the problem is getting the right pass or user or sthing similar.
> > I will be very grateful if someone can help me.
>
> try reading and following Samba by Example, I think it was in the
> chapter 6 where Samba + LDAP setup was explained in detail.

In the first edition of "Samba-3 by Example" chapters 6 and 7 dealt with 
Samba-3 plus LDAP.  In the second editiona this is in chapters 5 and 6.

The second edition also added section 5.1.3.7 which adds diagnostic guidance.

The second edition is available from Amazon.Com - check ISBN: 013188221X, or 
it can be downloaded from:

http://www.samba.org/samba/docs/Samba3-ByExample.pdf

The on-line version on Samba.Org is updated within 24 hours of any change or 
update.

- John T.
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Windows-style quota / "profile size too big" warning?

[Tomasz Chmielewski]

With Windows domain controllers with when the profile size is too big 
(and there are limits appled), when the user logs out, he/she gets a 
warning, and a list of files, sorted from the biggest, to the smallest.


To get an idea how it looks like, here's a screenshot:

http://www.windowsitpro.com/Files/5057/Screen_03.gif
http://www.windowsitpro.com/Windows/Article/ArticleID/5057/5057.html


Is it possible to do something like that with a Samba domain controller?

With quota enabled on a Samba server, user just gets a small error 
window, and has to scroll down and read a lot of text to understand what 
happened (and in the end he/she will probably not notice/understand that 
the profile wasn't uploaded back to the server, which means some data 
may be lost).



--
Tomek
http://wpkg.org
WPKG - software deployment and upgrades with Samba
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] what does VFS default_quota do?

[Tomasz Chmielewski]

What does VFS default_quota do?

The description from the Samba HOWTO says:

"This module allows the default quota values, in the windows explorer 
GUI, to be stored on a Samba-3 server."



Where exactly can I locate it "in the windows explorer GUI"?

Does this setting in smb.conf:

vfs objects = default_quota:quotasettings
quotasettings:  uid nolimit = no
quotasettings:  uid = 65534


mean that all users will have the quota of user with uid=65534 (i.e., I 
only need to et a quota for user with uid 65534, and all other users 
will also have this quota)?



--
Tomek
http://wpkg.org
WPKG - software deployment and upgrades with Samba
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] D flag at sambaAcctFlags

[guilhermemtorresbase-lista]

Hello,

I have a server with Samba(3.0.13-1.1)/OpenLDAP and
sometimes my users get a D flag at sambaAcctFlags.

There are some users that don´t have all the samba
attributes yet.

I would like to know why it happens. Which
actions/attributes can tell to samba turn de D flag
on?

This is a ldif of a user that yesterday got a D flag:

uid=fulano,ou=Users,dc=grad,dc=br
dn: uid=fulano,ou=Users,dc=grad,dc=br
objectClass: posixAccount
objectClass: inetOrgPerson
objectClass: shadowAccount
objectClass: sambaSamAccount
uid: fulano
cn: fulano da silva
sn: Silva
userPassword: {crypt}8hjnSm/xTf0ss
uidNumber: 2795
gidNumber: 127
gecos: Fulano Da Silva
shadowLastChange: 13012
shadowMax: 9
shadowWarning: 7
sambaSID:
S-1-5-21-3890934015-1816655379-4264717526-6590
homeDirectory: /export/home/fulano
loginShell: /bin/bash
sambaAcctFlags: [U ]

Thanks!










___ 
Yahoo! Acesso Grátis: Internet rápida e grátis. 
Instale o discador agora!
http://br.acesso.yahoo.com/

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Kerberos config.

[Meli Marco]

Somewhere I've read to rename krb5.conf file and leave "net ads join" found
the right ads server on the network.
Beliving that it could be flexible method I try to mv krb5.conf to
krb5.seek, but result is:
ads_connect: Cannot contact any KDC for requested realm!
What's wrong?
Also why leaving krb5.conf and settings password server = * it works but
takes an ads server on another network?
Who estabilish the precedence?
Thanks.
Marco.

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] maximum amount of data in a SMB read response packet

[Stijn Eeckhaut]

Hi,

When sniffing traffic between a WinXP client (WinXP Professional version 
2002 SP1) and a Samba server (Samba 3.0.9-2.1.5-SUSE on Suse Linux 9 
kernel 2.6.5), I observed the following behavior:


- Writing to the Mapped network drive occurs with SMB write request 
packets containing exactly 64kB of data.


- Reading from the Mapped network drive occurs with SMB read requests 
for 60kB of data, followed each time by a SMB read request for 4kB of data.



The smb.conf file looks like this:
=
# Global parameters
[global]
   workgroup = WORKGROUP1
   server string = server1
   printcap name = /etc/printcap
   log level = 0
   security = user
   socket options = TCP_NODELAY SO_RCVBUF=262144 SO_SNDBUF=262144
   encrypt passwords = yes
   smb passwd file = /etc/samba/smbpasswd
   max xmit = 65535 (= the default and maximum value)
   read raw = yes
   write raw = yes
   large readwrite = yes
[smb-share1]
   comment = share1 on server1
   path = /shareddirectory1
   read only = no
   browseable = yes
=


Is there a way of filling a Samba read response packet with 64kB of 
data, like in the write request case? Or is the total size of a Samba 
read response packet limited to 'max xmit'?



Thanks in advance,
Stijn Eeckhaut

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Roaming profiles migration

[Craig White]

On Tue, 2005-11-15 at 14:32 +0100, Daniel Ruiz Jimenez wrote:
> Hi!!
> 
> I'm going to migrate from an old debian machine to a new one. This new 
> machine has installed debian sarge 3.1 and samba 2.2. (old has samba 2 too).
> 
> I need an *easy* method to migrate my roaming users profiles to my new samba 
> server. I heard about some metod to change the sid, but only incomplete 
> information. 
> 
-
samba 2.2.x is no longer supported.

If I understand you correctly, the 'easy' way would have been to copy
all of the samba files (smbpasswd, smb.conf, wins.dat etc.) from 1
server to the other and the profiles from 1 system to the other and you
would have to take care of the user/group permissions of the move (and
thereby likely have to take your /etc/passwd /etc/group /etc/shadow
files too).

The samba How-To (www.samba.org - see documentation) has information on
migrating a user profile around.

Craig


-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Roaming profiles migration

[Daniel Ruiz Jimenez]

Hi!!

I'm going to migrate from an old debian machine to a new one. This new machine 
has installed debian sarge 3.1 and samba 2.2. (old has samba 2 too).

I need an *easy* method to migrate my roaming users profiles to my new samba 
server. I heard about some metod to change the sid, but only incomplete 
information. 

Thanks.
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Unable to connect samba server using hostname

[updatemyself .]

Hai Strebel, Franz R & ALL

while i try to connect share from machine those getting error...
its ask for username and password... but even if we give username
and password.. share will not open.. it will again ask user name and
passowrd..

but user name or password is not needed to.. access this share..
its connected to ADS

also its not asking for username or password.. while we access through IP
address
and its connecting..


i got following errors.. while i try with hostname

this log file is writed in "/var/log/samba/3dr21.log"

"3dr21" is the Host name of... windows XP Machine

[2005/11/15 17:33:07, 1] smbd/sesssetup.c:reply_spnego_kerberos(173)
Failed to verify incoming ticket!
[2005/11/15 17:33:07, 1] smbd/sesssetup.c:reply_spnego_kerberos(173)
Failed to verify incoming ticket!
[2005/11/15 17:33:07, 1] smbd/sesssetup.c:reply_spnego_kerberos(173)
Failed to verify incoming ticket!
[2005/11/15 17:33:07, 1] smbd/sesssetup.c:reply_spnego_kerberos(173)
Failed to verify incoming ticket!
[2005/11/15 17:33:08, 1] smbd/sesssetup.c:reply_spnego_kerberos(173)
Failed to verify incoming ticket!
[2005/11/15 17:33:08, 1] smbd/sesssetup.c:reply_spnego_kerberos(173)
Failed to verify incoming ticket!
[2005/11/15 17:33:08, 1] smbd/sesssetup.c:reply_spnego_kerberos(173)
Failed to verify incoming ticket!
[2005/11/15 17:33:08, 1] smbd/sesssetup.c:reply_spnego_kerberos(173)
Failed to verify incoming ticket!
[2005/11/15 17:33:08, 1] smbd/sesssetup.c:reply_spnego_kerberos(173)
Failed to verify incoming ticket!
[2005/11/15 17:33:31, 1] smbd/sesssetup.c:reply_spnego_kerberos(173)
Failed to verify incoming ticket!
[2005/11/15 17:33:31, 1] smbd/sesssetup.c:reply_spnego_kerberos(173)
Failed to verify incoming ticket!
[2005/11/15 17:33:32, 1] smbd/sesssetup.c:reply_spnego_kerberos(173)
Failed to verify incoming ticket!

regards
jerrynikki
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

RE: [Samba] Unable to connect samba server using hostname

[Strebel, Franz R.]

Hmm, what is the error message you get from the problematic
machines?  Does anything register at all in the samba logs
on the server?
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Unable to connect samba server using hostname

[updatemyself .]

Strebel, Franz R & kurt weiss

All My machines are in same subnet..
and its resolving the IP address .. correctly..
i am using samba-3.0.14a-1
(i download src rom from samb.org  and rebuid the rpm using

--with acl support option)

most of my clients are perfactly accessing samba share with out any
problem..
only few machines having above problem..

all are same configuration same Operating system
Windows XP with SP2
Firewall Disabled

On 11/15/05, Strebel, Franz R. <[EMAIL PROTECTED]> wrote:
>
> Netbios name resolution does not work across subnets
> so I am guessing that that is causing the problem. Using
> the IP address does not have this issue.
>
> There are two ways to deal with this:
>
> 1. have a WINS server
> 2. put appropriate entries in the LMHOSTS file
>
> More info can be found here:
> http://www.comptechdoc.org/os/windows/wintcp/wtcpname.html
>
> Hope this helps.
>
> Regards,
> Franz
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/listinfo/samba
>



--
regards,
Jerrynikki
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

RE: [Samba] Unable to connect samba server using hostname

[Strebel, Franz R.]

Netbios name resolution does not work across subnets
so I am guessing that that is causing the problem.  Using
the IP address does not have this issue.

There are two ways to deal with this:

1.  have a WINS server
2.  put appropriate entries in the LMHOSTS file

More info can be found here:
http://www.comptechdoc.org/os/windows/wintcp/wtcpname.html

Hope this helps.

Regards,
Franz
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Re: net rpc vampire - cannot login to migrated computer accounts

[Christoph Peus]

Andrew Bartlett wrote:


Yes, but what's the underlying technical cause for the cause? ;-)
It would be interesting to see how two identical XP-maschines would 
differ after having joined the one to a NT4-Domain and the other to an 
ADS domain. Which regkyes differ? Has somebody tried to make a "back to 
NT4-Style trust" conversation tool for Win2k/XP-maschines?
Otherwise I have to search a solution now for the task of letting 500 
clients rejoin the domain unattended/automatically somehow.



So, back in the early days of Samba3, a new RPC (QueryInfoPolicy2 on
lsarpc) was added, as we started to understand a bit more about ADS.  


The problem was, this was found to be the 'are you ADS' call, and seemed
to create a rachet like mechanism.  Being the silly boy I am, I was
running early Samba 3.0 pre-release code in production, and I still have
a lab of machines that I joined to that domain, while it was 'sort of
ADS'.  While in this case they still worked with Samba3, they would not
honour the NT4 style system policies.


Ok, but knowing that samba-3 is not ADS capable regarding maschine 
accounts I'm now looking for howto make an ADS capable Windows client 
use NT4-Style, not how to make samba accept ADS-Style login attempts ;-)



On the flip side, with Samba4 we can now really do ADS style logins, and
we really support the new RPCs, LDAP, Kerberos (including the PAC) and
all the rest...


You surely know that this is the type of statement which makes users ask 
when a production ready version of samba 4 will be available...  ;-)


Christoph

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Unable to connect samba server using hostname

[kurt weiss]

updatemyself . schrieb:


I am Unable to connect samba server using hostname
the thing is.. its happen only from few windows machine
in my network... but they can access the sambe share
using IPAddress.. as like all other machine

All the other Windows system in my network can access samba share
using both... IP Address and Hostname..
This creating a big headache for me.
please suggest some solution to solve this problems...




*) what's the result, if you try
"nslookup " on this machines?
*) which version samba you 're using?
*) which windows versions the broken machines are?

--
--
greetings,
kurt, austria. (http://www.kwnet.at)
===
this is a posting from a samba *user* - not a samba developer.
the posting is created on the base of experiences an may be faulty.
so, if contains any mistakes, please feel free to correct it
===

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

RE: [Samba] Unable to connect samba server using hostname

[Strebel, Franz R.]

The machines that could not access via hostname, are they
on a different subnet (not the same as the server)?
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Unable to connect samba server using hostname

[updatemyself .]

Hai All,

I am Unable to connect samba server using hostname
the thing is.. its happen only from few windows machine
in my network... but they can access the sambe share
using IPAddress.. as like all other machine

All the other Windows system in my network can access samba share
using both... IP Address and Hostname..
This creating a big headache for me.
please suggest some solution to solve this problems...


Here is my smb.conf file configuration...

#=== Global Settings

[global]

workgroup = MYDOMAIN
server string = Samba Server
log file = /var/log/samba/%m.log
max log size = 50
security = ads
encrypt passwords = yes
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
dns proxy = no


#=== Share Definitions
==
#ldap idmap suffix = ou=emplist,dc=dqe,dc=com
password server = 172.16.20.200 
realm = MYDOMAIN.COM 
idmap uid = 16777216-33554431
idmap gid = 16777216-33554431
template shell = /bin/bash
template homedir = /home/%D/%U
allow trusted domains = no
idmap backend = idmap_rid:DQE=16777216-33554431
winbind use default domain = yes


[vol08]
path = /vol08_700
writable = yes
public = yes
nt acl support = yes
create mask = 0755
security mask = 0755
inherit permissions = yes
inherit acls = yes
force security mode = 0
directory security mask = 0777
force directory security mode = 0


=
Please Share Your knowledge to solve this problem...

Thank You in Advance,

Regards,
Jerrynikki.
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Linux Primary Domain Controller Authentication

[Andrew Bartlett]

On Fri, 2005-11-11 at 01:16 -0800, Jose Medeiros wrote:
> Hi Cynthia,
> 
> I am not sure if you tried this yet, but you may want to check your
> local server security policy on the server and verify that you are
> accepting lanmanger based authentication and that SMB signing is
> turned off.

smb signing shouldn't be an issue here (but you could turn it on, if you
thought the client might insist on it).  LM authentication is *not
required* for any NT based client, but is required for the old 98
machine.

> Regards,
> 
> Jose Medeiros
> MCP+I, MCSE, NT4 MCT
> www.ntea.net
> www.sfntug.org
> www.tvnug.org
> 
> -
> 
> On 11/5/05, Cynthia Jeness <[EMAIL PROTECTED]> wrote:
> > I have setup my Linux server as a Primary Domain Controller using Samba
> > 3.   All other computers on the network run various versions of Windows
> > from 95 to XP.   All computers are able to join my Samba domain and the
> > user computers can log onto the network.   However, if they try to
> > access a file resource on one of the Windows 2003 file servers, the
> > authentication fails with System Error 1789.   The Windows 2003 file
> > server did successfully join my domain.I am not running Winbindd
> > primarily because it was not part of the Samba packaging provided by
> > Suse.   Is it necessary to run Winbindd in order to have the Windows
> > 2003 servers validate?
> >
> > Any suggestions would be greatly appreciated.
> >
> > Cynthia Jeness
> > --
> > To unsubscribe from this list go to the following URL and read the
> > instructions:  https://lists.samba.org/mailman/listinfo/samba
> >
-- 
Andrew Bartletthttp://samba.org/~abartlet/
Authentication Developer, Samba Team   http://samba.org
Student Network Administrator, Hawker College  http://hawkerc.net


signature.asc
Description: This is a digitally signed message part
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Re: OpenLDAP and SAMBA

[paul kölle]

Miguel Lopez wrote:
> access to *
> by self write
> by dn="cn=Administrador,dc=NT,dc=DPT,dc=ES" write
> by * read
> 
> 
> access to attr=sambaLMPassword,sambaNTPassword
> by dn="cn=Administrador,dc=BECARIOS,dc=DPT,dc=ES" write
> by * none
> 
> access to attr=userpassword
> by self write
> by * read
> 
You need to fix those ACLs, they are evaluated "in order". The first
match wins. Your first rule gives read access to everyone to all
attributes, including sambaLMPassword, sambaNTPassword and userPassword.
Put the password restrictions on top of your ACL list.

cheers
 Paul

BTW: WRT the logon problem, you can narrow things down by viewing samba
and ldap log files to see if the correct object is looked up in the
directory and if the correct attributes are returned. "loglevel 128"
will give you logs of ACL evaluation for ldap (yes, they are confusing
at first).


-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Using group membership to access a symlink directory

[Andrew Bartlett]

On Thu, 2005-11-10 at 16:56 -0600, Chris Barnes wrote:
> I am having a problem getting Samba to use the linux group membership 
> when following a symlink.
> 
> On the Linux side, I have a soft link from the user's home directory to 
> the shared directory.
>   ln -s /home/shared/testgroup testshare
> 

> IF the user maps to the "testshared" share, it works perfectly (ie. uses
> the group membership to give access).  However, if they try to browse to
> the testgroup "directory", it does not grant them access.
> 
> It shouldn't matter, but I have even changed the symlink 'file' to have
> the user be the owner.  Still no dice.

Can you access this on linux as the user?  ie, if you remove samba from
the equation, does it work?


Andrew Bartlett

-- 
Andrew Bartletthttp://samba.org/~abartlet/
Authentication Developer, Samba Team   http://samba.org
Student Network Administrator, Hawker College  http://hawkerc.net


signature.asc
Description: This is a digitally signed message part
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] roaming Profiles

[[EMAIL PROTECTED]]

Hi all

I've updated a server from samba 2.2.8 to 3.0.20 .
and i've got some problems with roaming  profiles on Win2k clients 
workstations .
On WinXp clients everything works fine but on win2k clients the client 
says that it cannot load roaming profiles.
I've disconnected and re-joined the machine to the domain , and if fails 
again:


logon path = \\%L\Profiles\%u

[Profiles]
   path = /%G/profiles
   browseable = no
   writable = yes
   root preexec = PROFILE='/%G/profiles/%u'; if [ ! -e $PROFILE ]; \
   then mkdir -pm777 $PROFILE; chown '%u':'%g' $PROFILE;fi

An idea ?
thanks in adavance


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] smbpasswd -a UID/privs checking needed

[Vladimir Jakubal]

FreeBSD 6.0 + Samba 3.0.20b
running "smbpasswd -a " under non-root privileges dumps core
instead of polite warning "not root ... cannot add users".

Samba should IMHO behave better at this point ...

Hugo
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

RE: RE [Samba] samba 3.0.21rc1 + ldap PDC - smbpasswd issue

[adrian sender]

Thank you Stephane,

Your responce time was less then 1 minute - truly amazing.

Copying the new samba.schema and restarting ldap & samba fixed this problem.

# cp/usr/share/doc/samba-3.0.21rc1/LDAP/samba.schema /etc/openldap/schema

Many Thanks
Adrian Sender.


From: [EMAIL PROTECTED]
To: samba@lists.samba.org
CC: "adrian sender" <[EMAIL PROTECTED]>
Subject: RE [Samba] samba 3.0.21rc1 +  ldap PDC - smbpasswd issue
Date: Tue, 15 Nov 2005 11:36:15 +0100

I have upgraded the samba.schema in /etc/openldap/schema ,

---
Stéphane PURNELLE [EMAIL PROTECTED]
Service Informatique   Corman S.A.   Tel : 00 32 087/342467

[EMAIL PROTECTED] a écrit sur
15/11/2005 11:36:40 :

> Hey Guys,
>
> I have just upgraded to version 3.0.21rc1. I decided to re-populate the
> database and test if everything is working.
>
> ./smbldap-populate -a root -k 0 -m 0 -> ok
>
> ./smbldap-useradd -m -a username -> ok
>
> ./smbldap-passwd username -> ok
>
> smbpasswd username - > fail
>
> [EMAIL PROTECTED] sbin]# smbpasswd asender
> New SMB password:
> Retype new SMB password:
> ldapsam_set_account_policy: Could not set account policy for
> sambaDomainName=DDESIGN,dc=ddesign,dc=com, error: Undefined attribute
type
> (sambaPwdHistoryLength: attribute type undefined)
> ldapsam_set_account_policy: Could not set account policy for
> sambaDomainName=DDESIGN,dc=ddesign,dc=com, error: Undefined attribute
type
> (sambaPwdHistoryLength: attribute type undefined)
> ldapsam_set_account_policy: Could not set account policy for
> sambaDomainName=DDESIGN,dc=ddesign,dc=com, error: Undefined attribute
type
> (sambaPwdHistoryLength: attribute type undefined)
> ldapsam_set_account_policy: Could not set account policy for
> sambaDomainName=DDESIGN,dc=ddesign,dc=com, error: Undefined attribute
type
> (sambaMaxPwdAge: attribute type undefined)
> ldapsam_set_account_policy: Could not set account policy for
> sambaDomainName=DDESIGN,dc=ddesign,dc=com, error: Undefined attribute
type
> (sambaMinPwdAge: attribute type undefined)
> ldapsam_set_account_policy: Could not set account policy for
> sambaDomainName=DDESIGN,dc=ddesign,dc=com, error: Undefined attribute
type
> (sambaPwdHistoryLength: attribute type undefined)
> ldapsam_set_account_policy: Could not set account policy for
> sambaDomainName=DDESIGN,dc=ddesign,dc=com, error: Undefined attribute
type
> (sambaPwdHistoryLength: attribute type undefined)
>
> hm any ideas; is this a bug?
>
>
> Please CC me the reply as well as the list.
> Adrian Sender.
>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/listinfo/samba



--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

RE [Samba] samba 3.0.21rc1 + ldap PDC - smbpasswd issue

[stephane . purnelle]

I have upgraded the samba.schema in /etc/openldap/schema ,

---
Stéphane PURNELLE [EMAIL PROTECTED]
Service Informatique   Corman S.A.   Tel : 00 32 087/342467

[EMAIL PROTECTED] a écrit sur 
15/11/2005 11:36:40 :

> Hey Guys,
> 
> I have just upgraded to version 3.0.21rc1. I decided to re-populate the 
> database and test if everything is working.
> 
> ./smbldap-populate -a root -k 0 -m 0 -> ok
> 
> ./smbldap-useradd -m -a username -> ok
> 
> ./smbldap-passwd username -> ok
> 
> smbpasswd username - > fail
> 
> [EMAIL PROTECTED] sbin]# smbpasswd asender
> New SMB password:
> Retype new SMB password:
> ldapsam_set_account_policy: Could not set account policy for 
> sambaDomainName=DDESIGN,dc=ddesign,dc=com, error: Undefined attribute 
type 
> (sambaPwdHistoryLength: attribute type undefined)
> ldapsam_set_account_policy: Could not set account policy for 
> sambaDomainName=DDESIGN,dc=ddesign,dc=com, error: Undefined attribute 
type 
> (sambaPwdHistoryLength: attribute type undefined)
> ldapsam_set_account_policy: Could not set account policy for 
> sambaDomainName=DDESIGN,dc=ddesign,dc=com, error: Undefined attribute 
type 
> (sambaPwdHistoryLength: attribute type undefined)
> ldapsam_set_account_policy: Could not set account policy for 
> sambaDomainName=DDESIGN,dc=ddesign,dc=com, error: Undefined attribute 
type 
> (sambaMaxPwdAge: attribute type undefined)
> ldapsam_set_account_policy: Could not set account policy for 
> sambaDomainName=DDESIGN,dc=ddesign,dc=com, error: Undefined attribute 
type 
> (sambaMinPwdAge: attribute type undefined)
> ldapsam_set_account_policy: Could not set account policy for 
> sambaDomainName=DDESIGN,dc=ddesign,dc=com, error: Undefined attribute 
type 
> (sambaPwdHistoryLength: attribute type undefined)
> ldapsam_set_account_policy: Could not set account policy for 
> sambaDomainName=DDESIGN,dc=ddesign,dc=com, error: Undefined attribute 
type 
> (sambaPwdHistoryLength: attribute type undefined)
> 
> hm any ideas; is this a bug?
> 
> 
> Please CC me the reply as well as the list.
> Adrian Sender.
> 
> 
> -- 
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/listinfo/samba
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] samba 3.0.21rc1 + ldap PDC - smbpasswd issue

[adrian sender]

Hey Guys,

I have just upgraded to version 3.0.21rc1. I decided to re-populate the 
database and test if everything is working.


./smbldap-populate -a root -k 0 -m 0 -> ok

./smbldap-useradd -m -a username -> ok

./smbldap-passwd username -> ok

smbpasswd username - > fail

[EMAIL PROTECTED] sbin]# smbpasswd asender
New SMB password:
Retype new SMB password:
ldapsam_set_account_policy: Could not set account policy for 
sambaDomainName=DDESIGN,dc=ddesign,dc=com, error: Undefined attribute type 
(sambaPwdHistoryLength: attribute type undefined)
ldapsam_set_account_policy: Could not set account policy for 
sambaDomainName=DDESIGN,dc=ddesign,dc=com, error: Undefined attribute type 
(sambaPwdHistoryLength: attribute type undefined)
ldapsam_set_account_policy: Could not set account policy for 
sambaDomainName=DDESIGN,dc=ddesign,dc=com, error: Undefined attribute type 
(sambaPwdHistoryLength: attribute type undefined)
ldapsam_set_account_policy: Could not set account policy for 
sambaDomainName=DDESIGN,dc=ddesign,dc=com, error: Undefined attribute type 
(sambaMaxPwdAge: attribute type undefined)
ldapsam_set_account_policy: Could not set account policy for 
sambaDomainName=DDESIGN,dc=ddesign,dc=com, error: Undefined attribute type 
(sambaMinPwdAge: attribute type undefined)
ldapsam_set_account_policy: Could not set account policy for 
sambaDomainName=DDESIGN,dc=ddesign,dc=com, error: Undefined attribute type 
(sambaPwdHistoryLength: attribute type undefined)
ldapsam_set_account_policy: Could not set account policy for 
sambaDomainName=DDESIGN,dc=ddesign,dc=com, error: Undefined attribute type 
(sambaPwdHistoryLength: attribute type undefined)


hm any ideas; is this a bug?


Please CC me the reply as well as the list.
Adrian Sender.


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] winbindd and user groups

[Strebel, Franz R.]

Hello,

I'm using samba 3.0.20b with security=domain and my server
is part of an NT 4.0 domain which trusts another domain being
run on AD mixed mode.  Accounts on samba are handled by
winbind.

Here's the problem:  I asked the admin of the trusted domain to
create a new domain group and add several users to it.  However,
after a couple of days, the group exists on my samba server
but a couple of accounts are still not seen as group members.
What's even more bizarre is that when I compare group membership
of those two accounts between the samba server and the trusted
domain, the listings are identical except for the new group.  So
on samba, they are members of let's say group A, but on the domain,
they are not and are instead members of group B (the one that 
was just created).

I've tried stopping the the samba server and deleting the winbind
cache in the locks directory to no avail.  Any ideas as to why this
is happening?

Regards,
Franz
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] OpenLDAP and SAMBA

[Tomasz Chmielewski]

Miguel Lopez schrieb:

Hi everybody!

In my company, we want to migrate from Windows NT to a Linux PDC. I am 
responsible for the change so I am searching for the best solution. 
After some time surfnig in google, I decide to use a LDAP server for 
users maintenance and SAMBA as a file server. and PDC controller


The first step was configure LDAP for autenticating linux users, which 
works fine. Then I configure SAMBA for file sharing using local 
autentication (ie against passwd file) and works fine too. My problem 
appears when i try to autenticate the SAMBA users against the LDAP


I think the problem is getting the right pass or user or sthing similar. 
I will be very grateful if someone can help me.


try reading and following Samba by Example, I think it was in the 
chapter 6 where Samba + LDAP setup was explained in detail.



--
Tomek
http://wpkg.org
WPKG - software deployment and upgrades with Samba
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

RE: [Samba] is this a DNS resolution problem ? bad news

[Strebel, Franz R.]

>From what I know, if your PDC is on a different subnet, then
the PCs won't be able to see it.  This is a limitation of netbios
and is addressed by having a WINS server.  I haven't followed
your problem entirely but I suppose that now that your server
has 2 interfaces, it is able to listen to another subnet and can
therefore address requests received there.

As for the loopback interface, it is useful for testing if samba
is working from the server itself via smbclient -L localhost for
example.

Regards,
Franz
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] NTLM & Kerberos.

[Meli Marco]

Hi all,
I'm working with samba 3.0.20a on Suse9.2, with followings files setted:

[global]
netbios name = NAME
wins server = XXX.XXX.XXX.XXX
workgroup = DOMAIN
realm = DOMAIN.COM
security = ADS
password server = *
encrypt passwords = yes
allow trusted domains = Yes
winbind use default domain = Yes
winbind separator = /
winbind enum users = Yes
winbind enum groups = Yes
winbind nested groups = Yes
idmap uid = 1-10
idmap gid = 1-10
admin users = ***
log file = /var/log/samba/log.%m
log level = 10 acls:10
max log size = 50
nt acl support = Yes
map acl inherit = Yes
hide unreadable = Yes
ldap ssl = No
[data]
comment = DATA repository
path = /data
read only = No

I have followings permissions folders setted:

/data   read permissions to domain
users and evryone
/user   read permissions to domain
users
/user_one   owned by user_one excluded
permissions by everyone
/user_two   owned by user_one excluded
permissions by everyone
/user_three owned by user_one excluded
permissions by everyone

Why with Parameter "hide unreadable = Yes" and I'm logged in as user_one I
can't see my personal folder since I have full permissions on it?
This behaviour isn't what I'm expected and it happened only by my samba file
server was joined to ADS while when joined to NT4 it worked.
Using Etheral I can only see that in the case Kerberos authentication
failes, NTLMSSP perform authentication task and in this case ACL settings
behaviour works as I'm expected as in NT4 style.
Thanks.
Marco.

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] OpenLDAP and SAMBA

[Miguel Lopez]

Hi everybody!

In my company, we want to migrate from Windows NT to a Linux PDC. I am 
responsible for the change so I am searching for the best solution. After 
some time surfnig in google, I decide to use a LDAP server for users 
maintenance and SAMBA as a file server. and PDC controller


The first step was configure LDAP for autenticating linux users, which works 
fine. Then I configure SAMBA for file sharing using local autentication (ie 
against passwd file) and works fine too. My problem appears when i try to 
autenticate the SAMBA users against the LDAP


I think the problem is getting the right pass or user or sthing similar. I 
will be very grateful if someone can help me.


P.D. Sorry for my bad English. These are my *.conf files:

--> SMB.CONF

[global]

workgroup = NT.DPT.ES
server string = LDAP Samba
load printers = yes
guest account = nobody
log file = /usr/local/samba/var/log.%m
max log size = 50
encrypt passwords = yes
passdb backend = tdbsam guest
passdb backend = ldapsam:ldap://172.21.2.160
debug level = 20

LDAP##
ldap admin dn = cn=administrador,dc=BECARIOS,dc=dpt,dc=es
ldap ssl = off
ldap delete dn = no
ldap filter = (&(uid=%u)(objectclass=sambaSamAccount))
ldap suffix = dc=BECARIOS,dc=DPT,dc=ES
security = user
passwd program = smbldap-passwd -o %u
passwd chat = *Enter\snew\sUNIX\spassword:* %n\n 
*Retype\snew\sUNIX\spassword:* %n\n .

socket options = TCP_NODELAY
dns proxy = no

[homes]
comment = Home Directories
browseable = no
writable = yes


[compartida]
comment = Carpeta compartida
path = /home/compartida
browseable = yes
public = yes
guest ok = yes
writable = yes
encrypt passwords = true


--> SLAPD.CONF

include /usr/local/openldap-2.3.9/etc/openldap/schema/core.schema
include /usr/local/openldap-2.3.9/etc/openldap/schema/cosine.schema
include /usr/local/openldap-2.3.9/etc/openldap/schema/inetorgperson.schema
include /usr/local/openldap-2.3.9/etc/openldap/schema/nis.schema
include /usr/local/openldap-2.3.9/etc/openldap/schema/samba.schema

SLAPD_USER="slapd"
SLAPD_GROUP="slapd"


pidfile /usr/local/openldap-2.3.9/var/run/slapd.pid
argsfile /usr/local/openldap-2.3.9/var/run/slapd.args

access to *
by self write
by dn="cn=Administrador,dc=NT,dc=DPT,dc=ES" write
by * read


access to attr=sambaLMPassword,sambaNTPassword
by dn="cn=Administrador,dc=BECARIOS,dc=DPT,dc=ES" write
by * none

access to attr=userpassword
by self write
by * read



# BDB database definitions

database ldbm
suffix "dc=BECARIOS,dc=DPT,dc=ES"
rootdn "cn=administrador,dc=BECARIOS,dc=DPT,dc=ES"
rootpw admin

directory /usr/local/openldap-2.3.9/var/openldap-data
# Indices to maintain
index objectClass eq

index default sub
index cn pres,sub,eq
index sn pres,sub,eq
index mail eq,subinitial
index givenname eq,subinitial

# Requerido para soportar pdb_getsampwnam
index uid pres,sub,eq

# Requerido para soportar pdb_getsambapwrid()
index displayName pres,sub,eq

# Descomente las siguientes líneas si está almacenando entradas
# posixAccount y posixGroup en el directorio
index uidNumber eq
index gidNumber eq
index memberUid eq

# Samba 3.*
index sambaSID eq
index sambaPrimaryGroupSID eq
index sambaDomainName eq


--> I get this error when i execute 'smbclient -d 488 
172.21.2.160\\compartida -U juanma' from a client

Password:
Doing spnego session setup (blob length=58)
got OID=1 3 6 1 4 1 311 2 2 10
got principal=NONE
write_socket(3,178)
write_socket(3,178) wrote 178
got smb length of 258
size=258
smb_com=0x73
smb_rcls=22
smb_reh=0
smb_err=49152
smb_flg=136
smb_flg2=51201
smb_tid=0
smb_pid=2715
smb_uid=100
smb_mid=2
smt_wct=4
smb_vwv[ 0]= 255 (0xFF)
smb_vwv[ 1]= 0 (0x0)
smb_vwv[ 2]= 0 (0x0)
smb_vwv[ 3]= 156 (0x9C)
smb_bcc=215
[000] A1 81 99 30 81 96 A0 03 0A 01 01 A1 0C 06 0A 2B ...0 ...+
[010] 06 01 04 01 82 37 02 02 0A A2 81 80 04 7E 4E 54 .7.. .~NT
[020] 4C 4D 53 53 50 00 02 00 00 00 06 00 06 00 30 00 LMSSP... ..0.
[030] 00 00 15 02 8A 60 52 12 65 25 D7 4E 7D EA 00 00 .`R. e%.N}...
[040] 00 00 00 00 00 00 48 00 48 00 36 00 00 00 31 00 ..H. H.6...1.
[050] 37 00 32 00 02 00 06 00 31 00 37 00 32 00 01 00 7.2. 1.7.2...
[060] 06 00 31 00 37 00 32 00 04 00 10 00 32 00 31 00 ..1.7.2. 2.1.
[070] 2E 00 32 00 2E 00 31 00 36 00 30 00 03 00 18 00 ..2...1. 6.0.
[080] 31 00 37 00 32 00 2E 00 32 00 31 00 2E 00 32 00 1.7.2... 2.1...2.
[090] 2E 00 31 00 36 00 30 00 00 00 00 00 00 55 00 6E ..1.6.0. .U.n
[0A0] 00 69 00 78 00 00 00 53 00 61 00 6D 00 62 00 61 .i.x...S .a.m.b.a
[0B0] 00 20 00 33 00 2E 00 30 00 2E 00 32 00 30 00 62 . .3...0 ...2.0.b
[0C0] 00 00 00 4E 00 54 00 2E 00 44 00 50 00 54 00 2E ...N.T.. .D.P.T..
[0D0] 00 45 00 53 00 00 00 .E.S...
size=258
smb_com=0x73
smb_rcls=22
smb_reh=0
smb_err=49152
smb_flg=136
smb_flg2=51201
smb_tid=0
smb_pid=2715
smb_uid=100
smb_mid=2
smt_wct=4
smb_vwv[ 0]= 255 (0xFF)
smb_vwv[ 1]= 0 (0x0)
smb_vwv[ 2]= 0 (0x0)
smb_vwv[ 3]= 156 (0x9C)
smb_bcc=215
[000] A1 81 99 30 81 96 A

Re: [Samba] is this a DNS resolution problem ? bad news

[Valéry Roché]

A good info : if I configure the server to listen on 2 interfaces, I can 
join the domain and authenticate.
What is the difference between listenning on 2 interfaces and listenning 
on 15 interfaces ?


Someone told me that I should add the loopback interface. Is it true ? 
And why (I like to understand what I'm doing) ?


Thanks,
Valéry
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] is this a DNS resolution problem ? bad news

[Valéry Roché]

What I thought was a solution was not.
As no one answered to my question, I presume that samba cannot serve 
multiple networks in the same time.

Has anybody been confronted to this problem ?

Thanks,
Valéry

Valéry Roché a écrit :

Hi again,

It seems the problem is solved by these two lines in smb.conf, [global] 
section  :
interfaces = x1.x2.x3.x4/yy, z1.z2.z3.z4/vv, etc... (enumerate all 
IP addresses, with the associated mask)

 bind interfaces only = yes

Before, the smb.conf was like that :
interfaces = *

On the client side, TCP/IP over Netbios must be enabled, no WINS 
required( it even seems that enabling a wins server may produce problems).


Everything seems quiet ok now. I hope it will work.

Valéry

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba