Re: [Samba] Two samba's not playing together
Koenraad Lelong schreef: Hi, I just tried to migrate my NT-PDC to samba-3.0.20b. Everything worked fine except for a problem with my old file-server running samba-2.2.5 with winbind. I can connect to and use shares on the new PDC and I can manage users and groups. But when I try to connect to the file-server I'm refused access. When I prepared this mail, I remarked that in smb.conf I somehow deleted the netbios-name of the new PDC (I used a modified copy of it to vampire the old PDC). Could this be the reason why access was refused ? What I don't understand is that with that same smb.conf I could see the PDC in the Windows neighboorhood, and I could select shares and use them. And I could accesss it using user-manager and server-manager. For the configuration files go to : http://users.edpnet.be/brouwerij/samba/ smb.conf-PDC is what was in use for the new PDC. smb.conf-FileServer is what is in use for the fileserver. First I tried NEWPDC, then I tried * for the password server, both didn't work. Any opinions ? How to debug this further ? Thanks, Koenraad Lelong ACE electronics. You may ask 'why don't you try'. Well I had to revert to the NT-PDC, can't afford the downtime of the production servers. I didn't expect this so I hadn't tried in the test-setup. I'm setting up another samba-server to try this out. Koenraad Lelong ACE electronics. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] getpwnam fails on ldap
Today, WebMaster wrote: I have a samba PDC on a network with 100 machines and 200 users. Everything worked fine with FC2 and samba 3.0.14a, but a hd crash decided me to update system to FC4. I can see now, in the logs file "User jon in passdb, but getpwnam() fails! when an user try to log in. On XP I can not login neither add new machine to domain. I have noticed the same issue here, that only came to light as I started deleting user entries from the files (passwd, shadow, group) as part of the migration process. What is more frustrating is that the server that has the master ldap server works fine, but the slave instance is the one that has the problems described above, yet both run identical binaries (same RPMS installed). samba 3.0.14a nss_ldap 220 pam_ldap 169 glibc 2.2.5 openldap 2.2.24 tom. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Internet explorer not authenticating properly
Is it possible to test the challenge/response strings that internet explorer Uses to validate where the problem lies using the following options --challenge=STRING challenge (HEX encoded) --lm-response=STRING LM Response to the challenge (HEX encoded) --nt-response=STRING NT or NTLMv2 Response to the challenge (HEX encoded) This raises another questions, is the challenge/response questions the same over a period Of time or are the challenges unique each time? Below is some output from a successful ntlm response: GET http://www.google.com/ HTTP/1.0 Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/vnd.ms-excel, application/vnd.ms-powerpoint, application/msword, */* Accept-Language: en-au Proxy-Authorization: NTLM TlRMTVNTUAADGAAYAFsYABgAcwMAAwBIBgAGAEsKAAoAUQAA AACLBgIAAgUBKAoPQk9IQUNMQVJLV1MwMDAwNDA2Mcqy1BlECOrX/0aK5lXSDRv3 Vyl/Cz0QPqBFYp3vsixnzBGbbNsq13AjQeJgdduJAA== User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1) Host: www.google.com Proxy-Connection: Keep-Alive -Original Message- From: Andrew Bartlett [mailto:[EMAIL PROTECTED] Sent: Friday, 2 December 2005 7:45 PM To: Adam Clark Cc: samba@lists.samba.org Subject: Re: [Samba] Internet explorer not authenticating properly On Fri, 2005-12-02 at 14:16 +1100, Adam Clark wrote: > Hi all, > We are having a an ongoing problem with out NTLM authentication on > out squid system. > The problem tends to arise when users change their passwords. > > I have read a KB article that says that DC's will still continue to > authenticate Old password for an hour or so after the password is > changed. This seems to happen on win2k3 SP1 DCs, from my testing. (But not earlier versions). > But I think it is between IE and winbindd that is the problem. > > Below is a trace at debug level 5 from winbindd. The first is a > correct authentication Attempt from boh\mobeid. The second is the > user that had chaged his password > 2.5 hours before this trace. NTLM authentication has failed and he is > Prompted for basic, he types in his name and it attempts to > authenticate as Proxy\james.clavering, which no such user exists. > > If I manually use ntlm_auth to authenticate with the new password I > get a result code 0, So I know that the DC's are working correctly. > > [22734]: pam auth crap domain: BOH user: MOBEID Using cleartext > machine password cred_create cred_create cred_assert > [22734]: pam auth crap domain: PROXY user: JAMES.CLAVERING Using > cleartext machine password cred_create cred_create cred_assert NTLM > CRAP authentication for user [PROXY]\[JAMES.CLAVERING] returned > NT_STATUS_NO_SUCH_USER (PAM: 10) > [22734]: pam auth crap domain: BOH user: MVELLA Using cleartext > machine password cred_create cred_create cred_assert > > Has anybody else experienced these problems with NTLM auth. > > Our installation is RedHad ES Linux 3, with samba-3.0.9-1.3E.5 The problem with the [PROXY] domain is that the user is entering no domain. They should enter domain\\username for the basic authentication. You could set 'winbind use default domain = yes' to get the behaviour your users are after. It is frustrating that IE isn't picking up the new password after the change. It would be interesting to see how firefox reacts (as a comparison/contrast). Andrew Bartlett -- Andrew Bartlett http://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org Student Network Administrator, Hawker College http://hawkerc.net -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] getpwnam fails on ldap
Hi all (excuse my poor english): I have a samba PDC on a network with 100 machines and 200 users. Everything worked fine with FC2 and samba 3.0.14a, but a hd crash decided me to update system to FC4. I can see now, in the logs file "User jon in passdb, but getpwnam() fails! when an user try to log in. On XP I can not login neither add new machine to domain. My pass backend is ldap://localhost When I do "getent passwd" I get all users, files and ldap. When I do "net user" I get the complete users list. When joining a machine to domain, the machine account is created on ldap by add machine script ( I use smbldap-tools), but can not join actually to domain. Also, ntlm_auth works without problems. I used the "getpwnam " system call on a simple C program and works fine. Winbind works fine. When I add the "getent passwd" output to /etc/passwd, users can login with no problems again, but now getent duplicate users. Samba versions was both 3.0.14a, on FC1 and FC4. Any idea for solving this situation? Thank you in advance Ppablo -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba closes my file session
On Mon, 2005-12-05 at 12:25 +, Toni Casueps wrote: > When I am working with MS Access and the mdb file is in a Samba share, when > I close it and Access compacts the file, I have to reenter my username and > password for that share. > > These are the logs in /var/log/samba (the lib/util_sock.c errors are common, > I get them other times without having my session closed) > > [2005/12/05 12:59:54, 1] smbd/service.c:close_cnum(833) > pablo-w (192.168.0.60) closed connection to service ARCHIVOS > [2005/12/05 12:59:58, 1] smbd/service.c:make_connection_snum(645) > pablo-w (192.168.0.60) connect to service ARCHIVOS initially as user pablo > (uid=509, gid=505) (pid 7459) > [2005/12/05 12:59:58, 1] smbd/service.c:close_cnum(833) > pablo-w (192.168.0.60) closed connection to service ARCHIVOS I suggest you map the drive. I think what is happening is that the connection is reference counted, and you only have the access DB open on the share. When you compact, the files are closed (to then be re-opened by the compactor), and the session goes away. That's my best guess. (I thought this had a grace period, but this is my theory anyway...). Andrew Bartlett -- Andrew Bartletthttp://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org Student Network Administrator, Hawker College http://hawkerc.net signature.asc Description: This is a digitally signed message part -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Problem with Samba as Member of AD, Kerberos
Hello all, I have this configuration: Samba 3.0.20 as a member server in Win2K3 AD (runs on Madrake 10.2 - no flames please ;-) ). Winbind works fine (wbinfo etc are ok), kinit is ok (or seems ok...), and all users are happy... Of course there is a BUT... All the above work fine as long as I use NetBIOS resolution. For example, my server has "XXX" as a name and "YYY" as NetBIOS alias. When I access the box as \\YYY\ or \\ip.add.re.ss\ everything is ok and authentication is done by my PDC/BDC (both Win2K3) without popups. But if try \\XXX\ (as registered in AD and DNS) I get a prompt for credentials (which, of course, never get accepted...). The exact same thing happens when I disable NetBIOS over TCP for a client and try to access the server with any name (from the DNS-only client). All my clients are WinXP Pro (except one Win2K) and my 2 Win2K3 DCs. I thought I could disable NetBIOS (and WINS on my DCs) as I read that DNS in AD is much faster and reliable etc... Can anyone point me to the right direction? Or convince me that I will not earn much if I disable NetBIOS... Hmm, yes, I know... If it works, don't f-u with it but I want to get as much as I can from my network (there is A LOT of traffic to and from the Samba box). -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Re: CentOS 3.6, samba-3.0.9-1.3E.5 tdbsam to ldapsam export
Robert, First off, the Samba Technical mailing list is not a help facility. Its purpose is purely for discussion of samba design and code implementation issues. Please confine your email to the normal Samba list. There are several avenues for Samba support: 1. The official documentation that consists of: Samba-3 by Example - a book that provides detailed deployment gudiance The Official Samba-3 HOWTO and Reference Guide - a book that provides detailed information regarding how the functional components of samba function and may be configured. This book does NOT provide presecriptive deployment guidance - it is more like a mechanics maual. Both books are available from: http://www.samba.org/samba/docs For examples of how to deploy Samba please refer to: http://www.samba.org/samba/docs/Samba3-ByExample.pdf Each example network provided in this book is fully documented in step-by-step mode. 2. The Samba mailing list: The [EMAIL PROTECTED] mailing list is subscriber supported. Noone has a right to an answer, noone is owed an answer. All answers provided on the list are a privilege provided by users to each other. Any advice provided is free and there is no assurance that the advice given is correct. The mailing list is essentially a free-for-all, with attempts by Samba-Team members to moderate as time permits. Sometime we are all too busy to respond. It is a fact that many postings go unanswered. The challenge posters face is one of gaining attention and winning someone over to help you. 3. Paid Support When someone accepts payment for support they are responsible to provide the remedy sought. You can find paid support for Samba from: httP//www.samba.org/samba/support/ The Samba-Team offers no assurances, guarrantees, or warrantys in respect of the companies and individuals whose names appear in the support pages of the Samba.Org web site. Since I have obviously expended some time to answer your posting, and so that you will not have cause to complain of my reply, the answer to your problem is that before migrating the SambaSAMAccount information from the tdbsam file to the LDAP directory it is essential that you migrate the POSIX account information. The account for Andrea lacks the POSIX account data. The POSIX account information is the data that is presently in your /etc/passwd file. You can obtain a utility to migrate the POSIX account from http://www.padl.com/OSS/MigrationTools.html Specifically, you must first execute one of the "migrate_all_{online,offline}.sh" scripts, then you can execute the "pdbedit -i tdbsam -e ldapsam" process. The book, "The Official Samba-3 HOWTO and Reference Guide" specifically mentions the fact that the POSIX account information is essential to Samba in addition to the SAmbaSAMAccount information. Cheers, John T. On Monday 05 December 2005 06:16, Robert Becskei wrote: > NOTE: Since I haven't gotten any replies to my questions lately, maybe they > were stupid or something, or I've written them to the wrong mailing list. > If this e-mail is on the wrong mailing list THEN PLEASE tell > me, where to write. > > Dear List, > > I've setup a samba domain controller with ldap backend, work okay , users > like root and nobody show up correctly with smbldap-usershow root , or > smbldap-usershow nobody, or via usrmgr.exe from winXX client. > > Now since I have some old users on the other samba 3.0.9-1.3E.5 server > which uses tdbsam backend I've decieded to import the users from there. So > I've setup a test server. > I've coppied over passdb.tdb file and /var/cache/samba expect browse.dat > and wins.dat. > > I did a pdbedit -v -i tdbsam -e ldapsam > > but it seems something went wrong because even tough I see the user in > slapcat > old.ldif , smbldap-usershow andrea says no such user, id andrea > says no such user.Please note I did not add these users on this computer > via adduser. > > here is the working entry for root : > > dn: uid=root,ou=Users,dc=capriolobike,dc=com > cn: root > sn: root > objectClass: inetOrgPerson > objectClass: sambaSamAccount > objectClass: posixAccount > objectClass: shadowAccount > gidNumber: 512 > uid: root > uidNumber: 0 > homeDirectory: /home/root > sambaLogonTime: 0 > sambaLogoffTime: 2147483647 > sambaKickoffTime: 2147483647 > sambaPwdMustChange: 2147483647 > sambaHomePath: \\PDC-SERVER\homes\root > sambaHomeDrive: X: > sambaProfilePath: \\PDC-SERVER\profiles\root\ > sambaPrimaryGroupSID: S-1-5-21-4026663590-1589568591-1594268601-512 > sambaAcctFlags: [U ] > sambaSID: S-1-5-21-4026663590-1589568591-1594268601-2996 > loginShell: /bin/false > gecos: Netbios Domain Administrator > structuralObjectClass: inetOrgPerson > entryUUID: fdc5834c-f9da-1029-8b52-823807df0058 > creatorsName: cn=Manager,dc=capriolobike,dc=com > createTimestamp: 20051205130127Z > sambaPwdCanChange: 1133787703 > sambaLMPassword: 8540236CBC8AD7364
Re: [Samba] net rpc vampire not working
On Sunday 04 December 2005 18:25, Del wrote: > > Use > > http://www.samba.org/samba/docs/man/Samba-Guide/ntmigration.html > > Thanks, that is a great help. I have it working now. > > > I would recommend that the user is familiar with setup, usage, > > maintenance of LDAP prior to doing this. > > Oh, LDAP is no problem. I'm the author of the LdapImport scripts > which some of you may have seen > > http://wiki.babel.com.au/index.php?area=Linux_Projects&page=LdapImport > > The problem I was having was correct configuration of samba prior to > running net rpc vampire. > > Just some notes on the migration guide above that you might want to > incorporate into a later edition: > > -- > > example 9.1: "security = user" is missing? Is this intentional? > the "configure.pl" script from smbldap-tools adds it to smb.conf > in any case. > > May be useful to mention extending the LDAP schema before attempting > any of this, e.g. with the samba.schema file. > > Before Step 7: You can't run ./configure.pl in the smbldap-tools directory > unless samba is running. So you need to do "service smb start" or > your OS equivalent first. In fact, before doing that you need to > inform samba of your LDAP bind DN password using: > > smbpasswd -w > > Step 8: Since you need to start samba before you run ./configure.pl, and > since samba tries to connect to the LDAP server when it starts, you > will need to start LDAP before you start samba. So this probably belongs > around step 4 or 5. > > Step 10: You need to do this before starting Samba, so again this needs > to happen earlier than step 7. > > Step 11: Also, starting Samba will attempt to populate the LDAP directory. > On Fedora Directory Server (and in fact any non-OpenLDAP server) you may > hit troubles doing this because the entries aren't formatted correctly > with the "top" objectClass (on OpenLDAP this parent object class is added > automatically). To fix this, what I did was: > > cd /opt/IDEALX/sbin > /smbldap-populate -e /root/LDAP/smb-populate.ldif. > vi /root/LDAP/smb-populate.ldif > > Change the last LDIF entry in this file to include "objectClass: top" > > ldapadd -x -c -D 'cn=Directory Manager' -W -f /root/LDAP/smb-populate.ldif > > .. and you will need to supply your root DN password to the above command.. > > Step 12: This should not actually be necessary on non-OpenLDAP servers. A > running LDAP server will notice that its directory has been populated. It > is, however, the case that the OpenLDAP directory is completely empty after > installation so you may need to do this. > > Step 14: It might be useful to test this using: > > net rpc testjoin > > Step 17: This seems to take a long time. Expect that -- nothing happens > in the log file for a few seconds at least, don't panic. > > -- > Del Del, I will review your comments when I get an opportunity. If I recall correctly, Chapter 9 does say that you need to create a fully functional server per the example of chapter 5 before attempting to perform vapire migration. One of the key challenges of prescriptive guidance documentation is the fact that most people want to short-circuit the learning process ignoring the fact that every short-cut has consequences. :-) - John T. -- John H Terpstra Samba-Team Member Phone: +1 (650) 580-8668 Author: The Official Samba-3 HOWTO & Reference Guide, 2 Ed., ISBN: 0131882228 Samba-3 by Example, 2 Ed., ISBN: 0131882221X Hardening Linux, ISBN: 0072254971 Other books in production. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] (no subject)
Hello samba, -- Best regards, Ken mailto:[EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Windows users, linux users and home drives on another server.
I need some help. We currently have all users using Windows XP with their home drives on a Samba server. I need to set up a way for some users to log on to Ubuntu and to have the same home drives mapped as their linux home drives. How can I do this? Pete -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Read only
Hi there I am running a Suse Linux Professional 9.1 with samba3-3.0.14a-21 from SerNet. The clients are using Windows XP. In the smb.conf I have the following settings: browsable = yes writables = yey create mask = 0770 directory mask = 2770 force create mode = 0770 force directory mode = 2770 Now I have the following question: When the user click the "Read only" checkbox under the file properties in Windows there is no effect. How can I enable that the user can click thix checkbox and then the file can only be accessed in read only mode? TIA Chris ___ Christian Jancso System Administrator Plenum Securities Ltd. Bellerivestrasse 33 P.O.Box 872 CH-8034 Zurich Phone: +41 43 499 14 10 Direct: +41 43 499 14 38 Fax: +41 43 499 14 11 e-mail: [EMAIL PROTECTED] www.plenum.ch ** ** This e-mail message is intended only for the use of the address(es) named herein and may contain information that is confidential, proprietary in nature, legally privileged or otherwise protected by law from disclosure. If you are not an intended recipient or a person responsible for delivering or copy it in any form or take any action in reliance on it. If you have received this message in error, please notify the sender immediately and kindly take all steps to delete the message completely from your computer system. Internet transmissions cannot be guaranteed to be secure or error-free as information can be intercepted, corrupted, lost, destroyed, arrive late or incomplete, or contain viruses. The sender therefore makes no warranty or representation as to the accuracy or completeness of any information and does not assume whatever for any information and does not assume whatever commitment hereby. The sender excludes any liability whatsoever for any direct or consequential loss arising from the use or reliance on this e-mail or its contents. If verification is required please request a duly signed hard-copy version. Thank you. ** ** -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Strange automount problem with samba & LDAP
Hi all, I've installed samba-3.0.21rc2 on a solaris 10 machine (latest patches applied) by compiling from source: #uname -a SunOS newton 5.10 Generic_118844-20 i86pc i386 i86pc User's home is mounted using automount without any problem. But when I try to mount using samba, it can not access the users home directory when it 's share is not mounted and gives following error: [2005/12/05 15:49:30, 0] smbd/service.c:(690) '/home/stf4/yusuf' does not exist or permission denied when connecting to [yusuf] Error was No such file or directory I also get following message in "/var/adm/messages" when I try to mount a user's samba share. Dec 5 15:49:30 newton automountd[18951]: [ID 293258 daemon.warning] libsldap: Status: 7 Mesg: Session error no available conn. Dec 5 15:49:30 newton last message repeated 11 times Also following code segment I added to smbd/service.c does not work and prints failure for both cases: code=stat(conn->connectpath,mystatus); if(code) DEBUG(0,("stat to (%s) failed!\n",conn->connectpath)); else DEBUG(0,("stat to (%s) suceeded.\n",conn->connectpath)); code=S_ISDIR(mystatus->st_mode); if(!code) DEBUG(0,("S_ISDIR to (%s) failed!\n",conn->connectpath)); else DEBUG(0,("S_ISDIR to (%s) suceeded.\n",conn->connectpath)); The same code runs without any problem alone (mounts the user's share if not mounted and returns success) and users can login and see their home directories without any problem. Is samba using something else to access the filesystem other than the system calls ? How can I make it to access using system calls or how can I resolv the problem ? -regards. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Big into winbindd ? 100% of cpu after 5mn of utilisation
Hi anyone know if they have a big bug to winbindd ? : After 5 mn of utilisation, winbindd use 100% of cpu resource : PID USER PR NI VIRTRES SHR S %CPU %MEMTIME+ COMMAND 17096 root 25 010700 3556 9432 R 99.3 0.7 1:03.02 winbindd and we have into the log: [2005/12/05 16:29:06, 5] nsswitch/winbindd.c:process_loop(817) winbindd: Exceeding 200 client connections, removing idle connection. [2005/12/05 16:29:06, 0] nsswitch/winbindd.c:process_loop(822) winbindd: Exceeding 200 client connections, no idle connection found [2005/12/05 16:29:06, 6] nsswitch/winbindd.c:new_connection(596) accepted socket 229 [2005/12/05 16:29:06, 10] nsswitch/winbindd.c:process_request(325) process_request: request fn AUTH_CRAP [2005/12/05 16:29:06, 3] nsswitch/winbindd_pam.c:winbindd_pam_auth_crap(538) [0]: pam auth crap domain: [LINUX] user: MAIRE [2005/12/05 16:29:06, 8] lib/util.c:is_myname(1874) is_myname("LINUX") returns 0 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] net getlocalsid and net getlocalsid
Hi, does the output of the two commands really mean that the server FILESERVER is not in the domain?: # net getlocalsid SID for domain FILESERVER is: S-1-5-21-4161338278-3756552359-245403906 # net getlocalsid SID for domain is: S-1-5-21-2018781741-1218349122-1862352094 Is there another method to check if a server is in a domain? Can I use 'net rpc testjoin' to see if the join to the above domain is valid? Thanks. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] wbinfo and user group
Hello, I have a problem with to obtain an user group. My config is : Redhat server 3.0 update 1 samba-3.0.20b my smb.conf is : [global] workgroup = domxxx password server = , security = ads winbind uid = 1-2 winbind gid = 1-2 winbind use default domain = yes winbind enum users = yes winbind enum groups = yes wins proxy = no wins server = x dns proxy = no realm = DOMXXX.AD name resolve order = wins lmhosts host bcast [homes] [printers] * my krb5.conf is : * [logging] default = FILE:/var/log/krb5libs.log kdc = FILE:/var/log/krb5kdc.log admin_server = FILE:/var/log/kadmind.log [libdefaults] ticket_lifetime = 24000 default_realm = DOMXXX.AD dns_lookup_realm = false dns_lookup_kdc = false [realms] DOMXXX.AD = { kdc = :88 admin_server = :749 default_domain = domxxx.ad } [domain_realm] .domxxx.ad = DOMXXX.AD domxxx.ad = DOMXXX.AD [kdc] profile = /var/kerberos/krb5kdc/kdc.conf [appdefaults] pam = { debug = false ticket_lifetime = 36000 renew_lifetime = 36000 forwardable = true krb4_convert = false } all work fine : wbinfo -t wbinfo -m wbinfo -u wbinfo -g wbinfo -a but when i do a wbinfo -r "domxxx\toto" "Could not get groups for user " Have you an idea ? Sincerly. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Windows Server 2003 can't join samba PDC domain
Hello! I'm running samba 3.0.20 on Solaris as PDC. But I cannot add Windows Server 2003 clients to the domain. After authenticating as root, I get the following error message: "The parameter is incorrect." in Windows. The result is that the computer isn't added to the domain. :( Any ideas? Thanks. The samba log says: [2005/12/05 15:54:37, 2] auth/auth.c:check_ntlm_password(307) check_ntlm_password: authentication for user [root] -> [root] -> [root] succeeded [2005/12/05 15:54:37, 0] rpc_server/srv_pipe.c:api_pipe_bind_req(1006) api_pipe_bind_req: unknown auth type 9 requested. [2005/12/05 15:54:37, 2] smbd/server.c:exit_server(608) Closing connections [2005/12/05 15:54:37, 2] smbd/server.c:exit_server(608) Closing connections [2005/12/05 15:54:38, 2] auth/auth.c:check_ntlm_password(307) check_ntlm_password: authentication for user [root] -> [root] -> [root] succeeded [2005/12/05 15:54:38, 0] rpc_server/srv_pipe.c:api_pipe_bind_req(1006) api_pipe_bind_req: unknown auth type 9 requested. [2005/12/05 15:54:38, 2] rpc_server/srv_samr_nt.c:_samr_lookup_domain(2276) Returning domain sid for domain INIT -> S-1-5-352321536-1501522528-1984630070-2013738094 [2005/12/05 15:54:38, 2] rpc_parse/parse_samr.c:samr_io_userinfo_ctr(6439) samr_io_userinfo_ctr: unknown switch level 0x1a [2005/12/05 15:54:38, 0] rpc_server/srv_samr.c:api_samr_set_userinfo(786) api_samr_set_userinfo: Unable to unmarshall SAMR_Q_SET_USERINFO. [2005/12/05 15:54:38, 2] smbd/server.c:exit_server(608) Closing connections -- Stefan Lindström -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Temporary Profiles
Hi, I have looked at that PDF file, but I don't get my mistake. I was told, to go with roaming profiles, so I try it. Like I mentioned before, root can log on from everywhere and root gets his roaming profile. If i put a customized userprofile in the profile - path, then it gets loadet on login. But again, it't only a temporary profile, so no update on logoff. So again, here are all informations I can get from my system. [global] time server = yes log level = 3 include = /etc/samba/dhcp.conf socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 logon drive = H: hide dot files = yes domain master = Yes username map = /etc/samba/smbusers map to guest = Bad User printer admin = @ntadmin, root, administrator, oliver.schneider logon home = \\%L\%U\.9xprofile passwd program = /usr/bin/passwd %u wins support = true printcap cache time = 750 netbios name = fileserver cups options = raw printing = cups unix password sync = yes local master = Yes logon path = \\fileserver\profiles\%U logon script = logon.bat workgroup = SJ os level = 65 printcap name = cups security = user add machine script = /usr/sbin/useradd -c Machine -d /var/lib/nobody -s /bin/false %m$ domain logons = Yes preferred master = Yes load printers = yes passdb backend = smbpasswd [homes] comment = Home Directories valid users = %S browseable = No read only = No inherit acls = Yes [profiles] comment = Network Profiles Service path = /var/lib/samba/profiles browseable = no writeable = yes write list = @users # store dos attributes = Yes # create mask = 0600 # directory mask = 0700 profile acls = yes read only = no [users] comment = All users path = /home read only = No inherit acls = Yes veto files = /aquota.user/groups/shares/ [groups] comment = All groups path = /home/groups read only = No inherit acls = Yes [printers] comment = All Printers path = /var/tmp printable = Yes create mask = 0600 browseable = No [print$] comment = Printer Drivers path = /var/lib/samba/drivers write list = @ntadmin root oliver.schneider force group = ntadmin create mask = 0664 directory mask = 0775 [netlogon] comment = Network Logon Service path = /var/lib/samba/netlogon write list = root #net groupmap list fileserver:/var/lib/samba # net groupmap list System Operators (S-1-5-32-549) -> -1 Domain Guests (S-1-5-21-3376943168-3023405898-1803579022-514) -> users Replicators (S-1-5-32-552) -> -1 Guests (S-1-5-32-546) -> -1 Power Users (S-1-5-32-547) -> users Print Operators (S-1-5-32-550) -> -1 Administrators (S-1-5-32-544) -> -1 Domain Users (S-1-5-21-3376943168-3023405898-1803579022-513) -> users S-1-5-21-1161395039-3549078232-660113211-513 (S-1-5-21-1161395039-3549078232-660113211-513) -> users Domain Admins (S-1-5-21-1161395039-3549078232-660113211-512) -> -1 Account Operators (S-1-5-32-548) -> -1 Domain Guests (S-1-5-21-1161395039-3549078232-660113211-514) -> -1 Backup Operators (S-1-5-32-551) -> -1 Users (S-1-5-32-545) -> -1 Power Users (S-1-5-21-3376943168-3023405898-1803579022-1201) -> users Domain Admins (S-1-5-21-3376943168-3023405898-1803579022-512) -> -1 fileserver:/var/lib/samba # ls -l insgesamt 255 drwxr-xr-x 6 root root 664 2005-12-05 15:56 . drwxr-xr-x 37 root root 984 2005-11-15 08:54 .. -rw--- 1 root root 8192 2005-07-12 18:23 account_policy.tdb -rw-r--r-- 1 root root 8192 2005-12-05 15:12 brlock.tdb -rw-r--r-- 1 root root 1179 2005-12-05 15:54 browse.dat -rw-r--r-- 1 root root 24576 2005-12-05 15:19 connections.tdb drwxr-xr-x 7 root ntadmin 1032 2005-12-05 15:47 drivers -rw-r--r-- 1 root root 8192 2005-07-13 15:36 gencache.tdb -rw--- 1 root root 8192 2005-07-12 18:23 group_mapping.tdb -rw-r--r-- 1 root root114688 2005-12-05 15:20 locking.tdb -rw--- 1 root root 8192 2005-11-16 07:13 messages.tdb drwxrwxrwx 3 root users 144 2005-12-05 15:28 netlogon -rw--- 1 root root 8192 2005-07-13 09:24 ntdrivers.tdb -rw--- 1 root root 696 2005-07-13 09:24 ntforms.tdb -rw--- 1 root root 8192 2005-07-13 09:24 ntprinters.tdb drwxr-xr-x 2 root root 416 2005-12-05 15:56 printing drwxrws--- 11 root users 320 2005-12-05 14:48 profiles -rw--- 1 root root 8192 2005-07-13 09:24 registry.tdb -rw-r--r-- 1 root root 24576 2005-12-05 14:50 sessionid.tdb -rw--- 1 root root 8192 2005-07-13 09:24 share_info.tdb -rw-r--r-- 1 root root 8192 2005-12-05 14:50 unexpec
[Samba] Kerberos Errors with winbind?
Hi i have this error now into my logs : [2005/12/05 13:39:43, 3] libsmb/clikrb5.c:ads_krb5_mk_req(478) ads_krb5_mk_req: krb5_cc_get_principal failed (No credentials cache found) [2005/12/05 13:39:43, 0] libads/kerberos.c:ads_kinit_password(164) kerberos_kinit_password host/[EMAIL PROTECTED] failed: Client not found in Kerberos database [2005/12/05 13:39:43, 1] nsswitch/winbindd_ads.c:ads_cached_connection(109) ads_connect for domain LINUX failed: Client not found in Kerberos database Anyone know this problems ? I don't know Active Directory, but for my linux samba server can access to Kerberos on my W2000 Server Ads, what is the parametter into W2000K ? or only net join ads are suffisient ? on other server, i have another message : [2005/12/05 13:20:47, 3] lib/util.c:fcntl_lock(1826) fcntl_lock: fcntl lock gave errno 11 (Resource temporarily unavailable) [2005/12/05 13:20:47, 3] lib/util.c:fcntl_lock(1845) fcntl_lock: lock failed at offset 0 count 1 op 13 type 0 (Resource temporarily unavailable) [2005/12/05 13:20:47, 3] nsswitch/winbindd_cm.c:cm_get_ipc_userpass(105) cm_get_ipc_userpass: No auth-user defined Thanks bye -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Samba closes my file session
When I am working with MS Access and the mdb file is in a Samba share, when I close it and Access compacts the file, I have to reenter my username and password for that share. These are the logs in /var/log/samba (the lib/util_sock.c errors are common, I get them other times without having my session closed) [2005/12/05 12:59:54, 1] smbd/service.c:close_cnum(833) pablo-w (192.168.0.60) closed connection to service ARCHIVOS [2005/12/05 12:59:58, 1] smbd/service.c:make_connection_snum(645) pablo-w (192.168.0.60) connect to service ARCHIVOS initially as user pablo (uid=509, gid=505) (pid 7459) [2005/12/05 12:59:58, 1] smbd/service.c:close_cnum(833) pablo-w (192.168.0.60) closed connection to service ARCHIVOS [2005/12/05 12:59:58, 1] smbd/service.c:make_connection_snum(645) pablo-w (192.168.0.60) connect to service ARCHIVOS initially as user pablo (uid=509, gid=505) (pid 7459) [2005/12/05 12:59:58, 1] smbd/service.c:close_cnum(833) pablo-w (192.168.0.60) closed connection to service ARCHIVOS [2005/12/05 12:59:59, 1] smbd/service.c:make_connection_snum(645) pablo-w (192.168.0.60) connect to service ARCHIVOS initially as user pablo (uid=509, gid=505) (pid 7459) [2005/12/05 13:00:00, 1] smbd/service.c:close_cnum(833) pablo-w (192.168.0.60) closed connection to service ARCHIVOS [2005/12/05 13:00:00, 1] smbd/service.c:make_connection_snum(645) pablo-w (192.168.0.60) connect to service ARCHIVOS initially as user pablo (uid=509, gid=505) (pid 7459) [2005/12/05 13:00:00, 1] smbd/service.c:close_cnum(833) pablo-w (192.168.0.60) closed connection to service ARCHIVOS [2005/12/05 13:01:00, 1] smbd/service.c:make_connection_snum(645) pablo-w (192.168.0.60) connect to service ARCHIVOS initially as user pablo (uid=509, gid=505) (pid 9312) [2005/12/05 13:01:38, 0] lib/util_sock.c:write_socket_data(430) write_socket_data: write failure. Error = Connection reset by peer [2005/12/05 13:01:38, 0] lib/util_sock.c:write_socket(455) write_socket: Error writing 4 bytes to socket 24: ERRNO = Connection reset by peer [2005/12/05 13:01:38, 0] lib/util_sock.c:send_smb(647) Error writing 4 bytes to client. -1. (Connection reset by peer) -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] net rpc vampire not working
I actually fooled with your LdapImport and didn't get it to work straight away and for the most part, I didn't have much of an issue with conversion from openldap slapcat output. Yeah, I haven't had enough different systems to test LdapImport on thoroughly. It works for me in most places but it's definitely best at doing LDAP -> LDAP not so much at anything else -> LDAP. But I'm slowly hacking away at the various bugs and things, trying to make it more useable. Any bug reports are appreciated of course, as other people have systems they can test on that I can't. I also see the need to use groupOfUniqueNames but I haven't figured that one out either but I'm working on it. groupOfUniqueNames is a nice idea and very neat but in the end the IETF RFC standards maintainers didn't go with it. So the very few systems that support it are likely to end up being orphaned in doing so. The only reason I made any use of it at all is because (a) directory administrator handles it, and (b) it works on Linux using the PADL software and (c) it's interesting. There is no real compelling reason to do it other than that it's interesting. I could make better use of my time by writing some useful code. -- Del -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Outlook2003 forget password
Hello, Samba: 3.0.20 as PDC OS: FreeBSD 4.11 Clients: WindowsXP SP2 (Outlook 2003) Policies: account policy value for maximum password age is now 2592000 (30 days) Problem: After 30 days all users are prompted to change their samba password. When they do so, Outlook is losing the stored password for the mail account, as well. When the users change their password manually (Ctrl+Alt+Del) the problem does not occur. Thanks in advance Niels -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Two samba's not playing together
Hi, I just tried to migrate my NT-PDC to samba-3.0.20b. Everything worked fine except for a problem with my old file-server running samba-2.2.5 with winbind. I can connect to and use shares on the new PDC and I can manage users and groups. But when I try to connect to the file-server I'm refused access. When I prepared this mail, I remarked that in smb.conf I somehow deleted the netbios-name of the new PDC (I used a modified copy of it to vampire the old PDC). Could this be the reason why access was refused ? What I don't understand is that with that same smb.conf I could see the PDC in the Windows neighboorhood, and I could select shares and use them. And I could accesss it using user-manager and server-manager. For the configuration files go to : http://users.edpnet.be/brouwerij/samba/ smb.conf-PDC is what was in use for the new PDC. smb.conf-FileServer is what is in use for the fileserver. First I tried NEWPDC, then I tried * for the password server, both didn't work. Any opinions ? How to debug this further ? Thanks, Koenraad Lelong ACE electronics. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Updates of the printer.tdb
Hello, I want to know at which time the tdb-File of a printer located at /var/lib/samba/printing will be updated? I have my printerdrivers! After this I looked at the directory and the files untouched. I have done some changes with the windows panels, but there are no changes of the timestamps? How does it work? regards Franz -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba