Re: [Samba] Re: LDAP account management tools?

[Beast]

Graham Leggett wrote:

Craig White wrote:


If you look at the fedora directory list archives, I was asking about
that. It would seem to be mostly html.

But this is for LDAP management and not for editing configuration files
for samba.



The Fedora Directory console's tool for editing objects in the directory 
has "views" of different objectclasses, giving a more specific editing 
interface than the generic "edit this attribute".


Some of the views include groups, persons, an "NT user" (for their 
legacy Windows NT integration). The idea was to extend this into a 
"Samba user", "Samba group", Samba Domain", etc.




Somthing like this might useful for fresh people migrating from NT :

http://sum.i6x.org/sum/depan.html

And as usual, volunteer needed ;-)


--

--beast

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Unicode support in samba

[Gayathri Sundar]

 Original Message 
Subject: Unicode support in samba
From:"Gayathri Sundar" <[EMAIL PROTECTED]>
Date:Mon, December 19, 2005 11:51 pm
To:  samba@lists.samba.org
--

Hi.,

Does samba (smb client) connect to servers whose names are in UTF-16
as part of internationalization?
i.e if I have a chinese installation on windows 200X, and the server name
is in chinese charset, can the smb client enumerate that and list the
chinese name?

I searched the net for this information and didnt get any. I see only
unicode file and share names, and no mention of server names in unicode at
all. For example can the LANMAN NetServerEnum2 comeback with unicode
server names on the wire?

Please assist.

Thanks
--Gayathri



-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Re: SAMBA3 + LDAP

[mallapadi niranjan]

Hi craig

i have stopped the ldap and checked the "slapindex" and it does not produce
any output  and
my /var/lib/ldap is owned by ldap user and all the files created are created
by user ldap only mode 600.

i hope i am missing something in slapd.acl's
The following is my slapd.conf file
##
include/etc/openldap/schema/core.schema
include/etc/openldap/schema/cosine.schema
include/etc/openldap/schema/inetorgperson.schema
include/etc/openldap/schema/nis.schema
include/etc/openldap/schema/samba.schema

pidfile/var/run/slapd.pid
argsfile/var/run/slapd.args
databasebdb
suffix"dc=msdpl,dc=com"
rootdn"cn=manager,dc=msdpl,dc=com"
rootpwsecret
directory/var/lib/ldap

# Indices to maintain for this database
index objectClass   eq,pres
index ou,cn,mail,surname,givenname  eq,pres,sub
index loginShell eq,pres
index nisMapName,nisMapEntryeq,pres,sub
index displayNameeq,pres,sub
index uidNumbereq
index gidNumbereq
index memberUIDeq
index sambaSIDeq
index sambaPrimaryGroupSIDeq
index defaultsub

#access to dn.base="dc=msdpl,dc=com"
access to attrs=sambaLMPassword,sambaNTPassword
by dn="uid=.*,ou=People,dc=msdpl,dc=com" write
by dn="uid=.*,ou=Domain Admins,dc=msdpl,dc=com" read
by * none
access to attr=userPassword
by dn="uid=.*,ou=People,dc=msdpl,dc=com" write
by self write
by anonymous auth
by * none
access to *
by * read
###
On 12/19/05, Craig White <[EMAIL PROTECTED]> wrote:
>
> On Mon, 2005-12-19 at 15:19 +0100, Louis van Belle wrote:
> > wel,
> >
> > index objectClass eq,pres
> > index ou,cn,mail,surname,givenname eq,pres,sub
> > index loginShell eq,pres
> > index nisMapName,nisMapEntry eq,pres,sub
> > index displayName eq,pres,sub
> > index uidNumber eq
> > index gidNumber eq
> > index memberUID eq
> > index sambaSID eq
> > index sambaPrimaryGroupSID eq
> > index default sub
> >
> > one of these is wrong, of you did not run
> > slapindex
> >
> > stop the ldap server
> > slapindex
> > start the ldap server
> -
> on RHEL 4...this would necessarily be...
>
> service ldap stop
> slapindex
> chown -R ldap:ldap /var/lib/ldap
> service ldap start
>
> when you run slapindex as root, new index files are root:root and that
> doesn't work for openldap which runs as user ldap.
>
> Craig
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/listinfo/samba
>
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Re: SAMBA3 + LDAP

[mallapadi niranjan]

Hi paul

i have changed the ldap.conf file to the following

host testdomain.com
base dc=msdpl,dc=com
bindpw secret
rootbinddn cn=manager,dc=msdpl,dc=com
timelimit 15
pam_filter objectclass=posixAccount
pam_login_attribute uid
pam_member_attribute memberUID
pam_password md5
nss_base_passwddc=msdpl,dc=com?sub
nss_base_shadowdc=msdpl,dc=com?sub
nss_base_groupdc=msdpl,dc=com?sub
ssl no
##

I am able to add the computer with smbldap-useradd machine script, after
changing as you said.

now, i am unable to login as administrator, and able to login only as root.
and

The ldap log file is
###
Dec 20 10:52:43 testsystem slapd[3549]: conn=6 op=5 SEARCH RESULT tag=101
err=0 nentries=0 text=
Dec 20 10:52:43 testsystem slapd[3549]: conn=7 op=3 SRCH
base="dc=msdpl,dc=com" scope=2 deref=0
filter="(&(objectClass=posixAccount)(uid=nobody))"
Dec 20 10:52:43 testsystem slapd[3549]: <= bdb_equality_candidates: (uid)
index_param failed (18)
Dec 20 10:52:43 testsystem slapd[3549]: conn=7 op=3 SEARCH RESULT tag=101
err=0 nentries=1 text=
Dec 20 10:52:43 testsystem slapd[3549]: conn=7 op=4 SRCH
base="dc=msdpl,dc=com" scope=2 deref=0
filter="(&(objectClass=posixGroup)(|(memberUid=nobody)(uniqueMember=uid=nobody,ou=people,dc=msdpl,dc=com)))"
Dec 20 10:52:43 testsystem slapd[3549]: conn=7 op=4 SRCH attr=gidNumber
Dec 20 10:52:43 testsystem slapd[3549]: <= bdb_equality_candidates:
(uniqueMember) index_param failed (18)
Dec 20 10:52:43 testsystem slapd[3549]: conn=7 op=4 SEARCH RESULT tag=101
err=0 nentries=0 text=
Dec 20 10:52:43 testsystem slapd[3549]: conn=6 op=6 SRCH
base="dc=msdpl,dc=com" scope=2 deref=0
filter="(&(uid=administrator)(objectClass=sambaSamAccount))"
Dec 20 10:52:43 testsystem slapd[3549]: conn=6 op=6 SRCH attr=uid uidNumber
gidNumber homeDirectory sambaPwdLastSet sambaPwdCanChange sambaPwdMustChange
sambaLogonTime sambaLogoffTime sambaKickoffTime cn displayName
sambaHomeDrive sambaHomePath sambaLogonScript sambaProfilePath description
sambaUserWorkstations sambaSID sambaPrimaryGroupSID sambaLMPassword
sambaNTPassword sambaDomainName objectClass sambaAcctFlags sambaMungedDial
sambaBadPasswordCount sambaBadPasswordTime sambaPasswordHistory
modifyTimestamp sambaLogonHours modifyTimestamp
Dec 20 10:52:43 testsystem slapd[3549]: <= bdb_equality_candidates: (uid)
index_param failed (18)
Dec 20 10:52:43 testsystem slapd[3549]: conn=6 op=6 SEARCH RESULT tag=101
err=0 nentries=0 text=
#

i have created a testuser using smbldap-useradd -a -m -A 1 -P testuser, and
gave password.
i could able to login with the user in the windows client, and able to
change password.
but that password is not getting updated shadow password.

my query is the ldap password and shadow password should be same. ie if i
change a user password, will it get updated even in shadow password.
so that if i login with the "testuser" in linux, i should able to login with
the same password.

Regards
Niranjan





On 12/20/05, Paul Kölle <[EMAIL PROTECTED] > wrote:
>
> mallapadi niranjan wrote:
> > Hi all
> Hi, please keep replies on the list and cut your configs down to the
> relevant entries.
>
> > **
> > Dec 19 19:28:46 testsystem slapd[6010]: <= bdb_equality_candidates:
> > (uid) index_param failed (18)
> >
> > Dec 19 19:28:46 testsystem slapd[6010]: conn=6 op=6 SEARCH RESULT
> > tag=101 err=0 nentries=0 text=
> >
> > Dec 19 19:28:46 testsystem slapd[6010]: conn=6 op=7 SRCH
> > base="ou=People,dc=msdpl,dc=com" scope=1 deref=0
> > filter="(&(objectClass=posixAccount)(uid=test1$))"
> No entries found. Change in /etc/ldap.conf
>
> nss_base_passwd ou=People,dc=msdpl,dc=com?one
>
> to:
>
> nss_base_passwd dc=msdpl,dc=com?sub
>
> nss_ldap needs to find both, users and computers with the
> nss_base_passwd filter. So either you put them all in one container and
> stick with onelevel searches or change like outlined above.
>
> cheers
> Paul
>
>
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Too many open files

[John H Terpstra]

On Monday 19 December 2005 22:17, David Highley wrote:
> We have Dell Quad Xeon server that we end up rebooting about every 2-3
> weeks when the number of open samba files sky rockets. The system is a
> ClearCase server system. We have been monitoring this system for a few
> months now and are not able to pin down a cause to this issue. The
> system keeps a pretty constant number of samba open files until what
> ever triggers the issue and then the number of file opens climbs at a
> steep exponential rate.
>
> We have an excel graph, but the moderator rejected the large e-mail.
>
> RedHat Advanced Server 3 update 3
> Linux quinault 2.4.21-27.0.2.ELsmp #1 SMP Wed Jan 12 23:35:44 EST 2005 i686
> i686 i386 GNU/Linux Samba version=3.0.4

Please file a bug report on https://bugzilla.samba.org an attach your graph to 
the bug report.

Cheers,
- John T.
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Too many open files

[David Highley]

We have Dell Quad Xeon server that we end up rebooting about every 2-3
weeks when the number of open samba files sky rockets. The system is a
ClearCase server system. We have been monitoring this system for a few
months now and are not able to pin down a cause to this issue. The
system keeps a pretty constant number of samba open files until what
ever triggers the issue and then the number of file opens climbs at a
steep exponential rate.

We have an excel graph, but the moderator rejected the large e-mail.

RedHat Advanced Server 3 update 3
Linux quinault 2.4.21-27.0.2.ELsmp #1 SMP Wed Jan 12 23:35:44 EST 2005 i686 
i686 i386 GNU/Linux
Samba version=3.0.4
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Re: samba Digest, Vol 36, Issue 25 (Resigned Staff email Automatic Reply)

[Craig Silva]

We wish to inform you that this person no longer works for Moreland City 
Council.
If this email is Council business related and follow up is required, please 
email [EMAIL PROTECTED] or alternatively contact 03 9240  and someone will 
be able to assist you.

We sincerely apologise for any inconvenience caused.
Thank you.

Moreland City Council
03 9240 
[EMAIL PROTECTED] 

-
This Email and any attachments transmitted with it ARE 
CONFIDENTIAL.  If you are not the intended recipient or 
person responsible for delivering the email to the intended
recipient, you are prohibited from disclosing, copying or
using the information contained in it.  If you have received
this email in error, please inform us by email reply and then
immediately delete the message and attached documents.
---
This e-mail message has been scanned for Viruses and Content
and cleared by MailMarshal
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Removing the comments listing

[Allan Levene]

Does anyone know how to remove the browse list comments listing? In other
words, in our instance, when you browse the my network places, both the
resource name and comments are lengthy Samba 3.0.13. listings.

 

Thanks,

 

 

 

 

 

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Shared permission problem

[Thang Tran]

I try to shared a folder on samba let say /data/test1,
it working fine BUT when I try to added any user to
that folder with some access by right click on the
test1 folder property -> Security-> Add it then come
back and said:
 
You're logged on with an account that does not have
access to: Caliber, where as Caliber id Redhat Linux
Samba server
my account is Admin and had all the privilege on the
Samba server, the test1 folder had 777 permission, and
smb.conf look like this:
 
 [test1]
path = /data/test1
Admin user = account1
comment = Data Storage location
   path = /storage/Georgia
   writeable = yes
   browseable = yes
   guest ok = no
   printable = no
   directory mask = 777
   valid users = users
 
Any Idea ??? The Samba server is standalone.
 
 
Regards,
Victor


 
Regards,   
Thang M. Tran  email: [EMAIL PROTECTED]


__
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com 
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Setting "Calling name" in NBSS

[Ravi Natarajan]

Is it mandatory to set "Calling name" in NetBIOS session request in
samba-2.2.7a? We've a smbclient that sets neither scopeID nor
callingname in the NBSS and it works fine accessing win2k3 servers. Just
wondering whether not setting the calling name is going to cause any
issues?

 

Thanks

Ravi 

 

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] HOW TO: Migrating users' locally-stored profiles from one domain or workgroup to a new domain

[Jonathan Johnson]

I "read the fine manual" (Samba HOWTO and Reference Guide, ch. 26) and
discovered that there's a Windows Resource Kit (2000 and later) tool
that does this: moveuser.exe

It's amazing what you learn when you stop and read the directions. ;-)

--Jon Johnson
Sutinen Consulting, Inc.
www.sutinen.com



Jonathan Johnson wrote:

>Migrating Users Profiles When Changing Domain Affiliation: A Primer
>
>
>  
>
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Error in documentation: Samba 3 By Example: Chapter 5 - Making Users Happy in re: Outlook

[Jonathan Johnson]

Chapter 5 of Samba 3 By Example (
http://www.samba.org/samba/docs/man/Samba-Guide/happy.html ) states thusly:

-

Configuration of MS Outlook to Relocate PST File

Microsoft Outlook can store a Personal Storage file, generally known as
a PST file. It is the nature of email storage that this file grows, at
times quite rapidly. So that users' email is available to them at every
workstation they may log onto, it is common practice in well-controlled
sites to redirect the PST folder to the users' home directory. Follow
these steps for each user who wishes to do this.

Note
It is presumed that Outlook Express has been configured for use.

Launch Outlook Express 6. Click Tools->Options->Maintenance->Store
Folder->Change.

Follow the on-screen prompts to relocate the PST file to the desired
location.

-

First, it should be noted that the above documentation is confusing, as
it first mentions Outlook then mentions Outlook Express. I recommend
updating the documentation:



Configuration of MS Outlook to Relocate PST File

Microsoft Outlook can store a Personal Folders file, generally known as
a PST file. It is the nature of email storage that this file grows, at
times quite rapidly. So that users' email is available to them at every
workstation they may log onto, it is common practice in well-controlled
sites to redirect the PST folder to the users' home directory. Follow
these steps for each user who wishes to do this.

To redirect the Outlook PST file in Outlook 2003 (older versions of
Outlook are slightly different), follow these steps:

1. Close Outlook.

2. From the control panel, launch the Mail icon

3. Click Email Accounts

4. Make a note of the location of the PST file(s). From this location,
move the files to the desired location.

5. Add a new data file, selecting the PST file in the desired location.
Give this entry (not the filename) a different name such as "Personal
Folders - on server"

6. Close the Data Files window and click Email Accounts.

7. Select View or Change existing email accounts then click Next

8. Change the Mail Delivery Location to the "new" data file.

9. Go back to the Data Files window and delete the "old" data file entry.

Note that you may have to remove and reinstall Outlook Address Book
(Contacts) entries, otherwise the user may be unable to retrieve
contacts when addressing a new email message.

NOTE: Outlook Express store files are quite different from Outlook store
files. Outlook Express store files can not be redirected to network
shares (the options panel won't allow it), but they can be moved to
folders outside the user's profile, or excluded from synchronization
with the roaming profile. While it is possible to redirect the data
stores by editing the registry, experience has shown that data
corruption and loss of messages will result. Like Outlook store files,
Outlook Express store files can become quite large, and when used with
roaming profiles can result in excruciatingly long login and logout
times while the stores are synchronized. For this reason, it is
recommended not to use Outlook Express in a roaming profiles environment.



To expand on the last note about Outlook Express -- using OE's tools (as
described in the confusing documentation above) will allow you to change
the location where the OE store files are kept. However, it will only
permit you to change it to a local drive. This path is stored in the
registry. I have attempted to change to a network path via the registry,
which indeed does take, but I've run into problems. It seems that
Outlook Express expects very fast response when reading these files. If
there is any lag at all, such as you might find across a network, it
assumes the files are unavailable and creates new, blank store files.
Old messages are effectively lost, and cannot be retrieved without the
use of third-party mailbox recovery tools. If you ask me, that's sloppy
and irresponsible programming on Microsoft's part -- but then again,
maybe it's intentional to force you to buy Outlook.

-- 
--Jon Johnson
Sutinen Consulting, Inc.
www.sutinen.com
(360) 270-9317 cell

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] windows env variable for USERDOMAIN is wrong

[Jonathan Johnson]

You said...

> Just a guess, but this might have been an issue because I created some
users before I made Samba a PDC. (since I think this is why I had the
name wrong, it's really my prob :)

Yup, I've run into a similar situation. The Samba server was running in
workgroup mode (not domain controller) for quite some time before it was
converted to a domain controller. After that change, when I'd log in
with pre-DC accounts, the userdomain would be the name of the samba
server, not the domain. To fix it, I converted the passdb backend from
tdbsam to smbpasswd then back again.

--Jon Johnson
Sutinen Consulting, Inc.
www.sutinen.com
(360) 270-9317 cell



Greg Fischer wrote:

>I am not logged in locally.  I checked for that.
>
>I did, however, find a cure...  since it's a new install with new user
>accts, I just deleted the samba account and recreated it.  (not the unix
>acct)
>
>smbpasswd -x username
>smbpasswd -a username
>
>The user then had the domain name set correctly for USERDOMAIN.  And this
>didnt affect the XP profile.  (since this fixed it, I have to assume this is
>a Samba prob)
>
>Just a guess, but this might have been an issue because I created some users
>before I made Samba a PDC. (since I think this is why I had the name wrong,
>it's really my prob :)
>
>Thanks for the help.
>
>Greg
>
>On 12/18/05, Doug VanLeuven <[EMAIL PROTECTED]> wrote:
>  
>
>>Greg Fischer wrote:
>>
>>
>>>Hi all,
>>>
>>>I just setup my Samba PDC.  Mostly everything works, but I am wondering
>>>  
>>>
>>why
>>
>>
>>>on some clients, they have the wrong USERDOMAIN environment
>>>  
>>>
>>variable.  (when
>>
>>
>>>you run 'set' in win xp cmd)
>>>
>>>The domain name is MEIDLING, and the user and computer are joined
>>>  
>>>
>>ok.  But
>>
>>
>>>in set, it shows USERDOMAIN as the Server name. Which is MAIN.
>>>
>>>How do I change that?
>>>  
>>>
>>As far as I know, when the environment variable USERDOMAIN is set to the
>>machine
>>name, it means you have logged in locally to the machine instead of on the
>>domain.
>>
>>Not a samba problem.
>>
>>Regards, Doug
>>
>>
>>
>
>
>
>--
>Greg Fischer
>1st Byte Solutions
>http://www.1stbyte.com
>  
>
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Stop WinXP from attempting to remount a share

[Adam Nielsen]

> Windows seems to persistently remember the server\share and want to 
> reconnect with it.  Is there a way to stop this?

On the XP box, from a cmd prompt run:

  net use

Find the connection you're after, then run

  net use \\server\share /delete

That should fix it.

Cheers,
Adam.
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] smbclient lookup fails when querying local machine

[Adam Nielsen]

> I can telnet to 139:

Hmm, that's bizarre.  It seems like smbd is ignoring the connection on
purpose.  I'm afraid I'm out of ideas.  You could try adding "hosts
allow = 127." line to smb.conf just in case (along with your other
subnets so they can still access the server) however I don't think it
would make much difference.

I would suggest getting hold of a packet sniffer like Ethereal just to
see what's going on, but I suspect all you'd see is the initial request
being sent on port 139 and then nothing further.

Sorry I couldn't be more helpful!

Cheers,
Adam.
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Re: LDAP account management tools?

[Graham Leggett]

Craig White wrote:


that is specifically what I was referring to...I called them 'templates'
for lack of a better term but I like your 'views' terminology better.

The code for those is actually html.
ls -l /opt/fedora-ds/clients/dsgw/config/


The code I found was in mcc70.jar, which implements the console 
management system in Java. Seems if it's done there, it would have to be 
done in the dsgw/html section as well.


Regards,
Graham
--
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Re: LDAP account management tools?

[Craig White]

On Mon, 2005-12-19 at 21:40 +0200, Graham Leggett wrote:
> Craig White wrote:
> 
> > If you look at the fedora directory list archives, I was asking about
> > that. It would seem to be mostly html.
> > 
> > But this is for LDAP management and not for editing configuration files
> > for samba.
> 
> The Fedora Directory console's tool for editing objects in the directory 
> has "views" of different objectclasses, giving a more specific editing 
> interface than the generic "edit this attribute".
> 
> Some of the views include groups, persons, an "NT user" (for their 
> legacy Windows NT integration). The idea was to extend this into a 
> "Samba user", "Samba group", Samba Domain", etc.

that is specifically what I was referring to...I called them 'templates'
for lack of a better term but I like your 'views' terminology better.

The code for those is actually html.
ls -l /opt/fedora-ds/clients/dsgw/config/

Craig

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] PDC - Windows cliente change passwd

[Patricio Bruna V.]

Hi, i have a problems with windows clients when they try to change the 
password, windows respond with "Please enter valid character..." but the pass 
get changed.

i have this in smb.conf 
passwd chat = *Enter\snew\sUNIX\spassword:* %n\n 
*Retype\snew\sUNIX\spassword:* %n\n .

when i change that to:
passwd chat = *New*UNIX*password* %n *Re*ype*new*UNIX*password* %n 
*passwd:*all*authentication*tokens*updated*successfully*

i got:
"Dont have enought privileges to change the password"

any hint?


-- 
Patricio Bruna V.
Jefe de Proyectos y Operaciones de Capacitación

Linux Center Latin América
http://www.linuxcenterla.com


Edificio Birmann 24
Mariano Sanchez Fontecilla 310
Las Condes, Santiago - Chile

Central : 56-2-483.4000
Directo : 56-2-483.4042
Fax : 56-2-483.4050 
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] why does't the printer name direct the serivce to this printer

[Gerald (Jerry) Carter]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Ralph Blach wrote:

> [HP DeskJet 5700]
> comment = HP Deskjet 5700
> map to guest = Bad User
^

off comment:  this is a global option and not a per share
option.

> browseable = Yes
> guest only = Yes
> path = /var/spool/samba
> guest ok =Yes
> public = Yes
> printable = Yes
> printer name = deskjet-5700-1
>  use client driver = Yes
> 
> yet when I try to add this printer, cups uses the 
> HP Deskjet 5700 as the printer name,
> instead of the deskjet-5700-1

I know where the offending code is but could you send me
a level 10 debug log from smbd to verify?  Thanks.






cheers, jerry
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.2 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFDpxVfIR7qMdg1EfYRAl/DAJ9dw2mxP+6a5OogFODgOncJv2CdhgCfY3HN
UIdgU+CqBvxybu/RH64vIIQ=
=Pq5z
-END PGP SIGNATURE-
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Re: LDAP account management tools?

[Graham Leggett]

Craig White wrote:


If you look at the fedora directory list archives, I was asking about
that. It would seem to be mostly html.

But this is for LDAP management and not for editing configuration files
for samba.


The Fedora Directory console's tool for editing objects in the directory 
has "views" of different objectclasses, giving a more specific editing 
interface than the generic "edit this attribute".


Some of the views include groups, persons, an "NT user" (for their 
legacy Windows NT integration). The idea was to extend this into a 
"Samba user", "Samba group", Samba Domain", etc.


Regards,
Graham
--
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] maximum password age

[simo]

On lun, 2005-12-19 at 13:37 +0100, nik600 wrote:
> i've tried to set the maximum age of passwords with:
> 
> [EMAIL PROTECTED]:~# pdbedit -P "maximum password age" -C 8035200
> account policy value for maximum password age was 8035200
> account policy value for maximum password age is now 8035200

> as you can see Password must change: Fri, 13 Dec 1901 21:45:51 GMT is wrong!
> what can i do to set the password max age?

The maximum password age is a server setting, not a specific user
setting.

It tells the server how to calculate the Password must change field
when, and _only_ when the user password is changed.

When the user changes it's password, the Password must change field is
calculated as current time + maximum password age seconds.

Changing the maximum password age setting will not change any existing
user Password must change field. You either need to force a user to
change his password or edit the password must change field by yourself.

This is hot NT has been designed, and is also the only sane way it can
work.

Simo.


-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Re: Reading tdbsam (was "NT_STATUS_LOGON_FAILURE")

[Michael Barnes]

pdbedit is your tool.  pdbedit -L will list the users.  pdbedit -Lv will 
give much more info.  pdbedit -Lv  will give you data on a 
particular user.  man pdbedit for more.


Michael

Mathew D. Watson told me on 12/19/2005 12:26:



Not to hijack a thread, but does anyone know how root can find out who 
is in the samba password database if you use the tdbsam backend? For 
system accounts I just look in /etc/passwd.


Mat


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] About getent passwd.

[Vijay Avarachen]

Why do you want to edit the uid?  The UID is auto assigned on a first come
first serve basis.  If you are having problems with permissions when writing
to a NFS share because the UID/GID are different on each Linux hosts, then
you should consider using an OpenLDAP based backend for keeping track of
things.

What backend are you using right now?

On 12/19/05, Latrell <[EMAIL PROTECTED]> wrote:
>
> Hi! All:
>
> After joining domain, I can use getent passwd to retrieve domain users
> information.
> My problem is how can we edit the output of getent passwd?
> For example, I want to change uid of ntu3 from 16 to 17 after
> getent passwd.
> (ntu3:x:16:10:ntu3:/tmp/users/home/WIN2KNT/ntu3:/bin/bash)
> In /etc/passwd, I can edit information of local users, what if domain
> users?
> Is there a passwd file in existence?
> Thanks for any reply.
>
> Best,
> Latrell
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/listinfo/samba
>



--
"Knowledge is the only wealth that grows as you spend it, and diminishes as
you save it."
-- ancient Sanskrit saying
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Invalid Disk Full errors with 3.0.20b

[Michael St. Laurent]

I'm seeing invalid 'Disk Full' errors when writing a file to a Samba share
that has a large number of files on it.  I also noticed a big slowdown when
opening said share when we upgraded from 3.0.10 (I think) to 3.0.20b.

Are these being corrected in 3.0.21?  I looked at the release notes but I
didn't see them listed.  That would lead me to think that they're not being
fixed but then I don't always correctly interpret what the notes are saying.

-- 
Michael St. Laurent
Hartwell Corporation
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Startup and/or Access Problem

[Dennis B. Hopp]

Quoting Gene Poole <[EMAIL PROTECTED]>:



I attempted to upgrade from FC3 to FC4 without success (the system would
still run).  So I ended up doing a full FC4 install.  While still running
FC3 (with a perfectly running Samba), I copied all of the important Samba
files (smb.conf, smbusers, lmhosts, etc.) to a safe place (burned it to a
CD).

After getting the new FC4 install up and running and installing Webmin, I
copied the Samba files from the CD to the standard location (/etc/samba).
I attempted to do a start on the product (while being logged on as root)
and received the following:

 Entered:service start smb
 Received:   smbd start failed
 nmbd start successful

Using Webmin I get:

 "Access Control error on smbd"
 "Start Failed"


What does /var/log/messages, /var/log/samba/smbd.log say?

--Dennis

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Startup and/or Access Problem

[Gene Poole]

I attempted to upgrade from FC3 to FC4 without success (the system would
still run).  So I ended up doing a full FC4 install.  While still running
FC3 (with a perfectly running Samba), I copied all of the important Samba
files (smb.conf, smbusers, lmhosts, etc.) to a safe place (burned it to a
CD).

After getting the new FC4 install up and running and installing Webmin, I
copied the Samba files from the CD to the standard location (/etc/samba).
I attempted to do a start on the product (while being logged on as root)
and received the following:

  Entered:service start smb
  Received:   smbd start failed
  nmbd start successful

Using Webmin I get:

  "Access Control error on smbd"
  "Start Failed"

What is it trying to tell me?

TIA,
Gene Poole
[EMAIL PROTECTED]

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] "NT_STATUS_LOGON_FAILURE"

[Mathew D. Watson]

Donald Musser wrote:

I've tried that already. All I get is an error about being unable to open
passwd.tbd. I've checked the file and, although it exists, it is empty. Is
this supposed to be the case?

-Myles


Hmm ... sounds like your tdbsam setup isn't quite right?

On my system both passdb.tdb and secrets.tdb are 131 bytes long (one 
password stored); I don't know about a passwd.tdb. BTW, they're both in 
/var/lib/samba.


Not to hijack a thread, but does anyone know how root can find out who 
is in the samba password database if you use the tdbsam backend? For 
system accounts I just look in /etc/passwd.


Mat



On 12/17/05, Mathew D. Watson <[EMAIL PROTECTED]> wrote:


Donald Musser wrote:


Hi everyone,

I'm using the online HOWTO manual in the "Quick Start" reference to try


and


get a basic domain controller going. So I set up smb.conf, and testparm
checked out okay, I've started nmbd and smbd, but when I try to to run

[EMAIL PROTECTED] samba]#smbclient -L  -U%
session setup failed: NT_STATUS_LOGON_FAILURE <-- I get this error



I recently got this message, and the solution in my case was to run (as
root):

# smbpasswd -a 

where  is a valid user account on the samba server.

Mat





--
Mathew D. Watson
Eclipse Optics Corporation
10439 NE 28th Pl.
Bellevue, WA 98004
425 827 0427
[EMAIL PROTECTED]

This email and any attachments thereto may contain private, 
confidential, and privileged material for the sole use of the intended 
recipient. Any review, copying, or distribution of this email (or any 
attachments thereto) by others is strictly prohibited. If you are not 
the intended recipient, please contact the sender immediately and 
permanently delete the original and any copies of this email and any 
attachments thereto.


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Stop WinXP from attempting to remount a share

[Jason Mader]

I've noticed that a Windows XP client continually tries to reconnect to 
a Samba share that no longer exists.  This is despite rebooting, and 
despite having disconnected the share on the client.


Windows seems to persistently remember the server\share and want to 
reconnect with it.  Is there a way to stop this?


---Jason Mader, FHWA/NHTSA National Crash Analysis Center,
The George Washington University, VA Campus
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] why does't the printer name direct the serivce to this printer

[Ralph Blach]

I have [global section]
[global]

printing = cups
cups server = desktop
printcap name = /etc/printcap
load printers = yes


[HP DeskJet 5700]
comment = HP Deskjet 5700
map to guest = Bad User
browseable = Yes
guest only = Yes
path = /var/spool/samba
guest ok =Yes
public = Yes
printable = Yes
printer name = deskjet-5700-1
use client driver = Yes

yet when I try to add this printer, cups uses the HP Deskjet 5700 as the 
printer name,
instead of the deskjet-5700-1

Anybody know why?

Thanks

Chip
--
Ralph "Chip" Blach
[EMAIL PROTECTED]
IBM Linux Technology Center
Raleigh, North Carolina
919 543 1207
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] LDAP and CA certificates

[Svend Sorensen]

On 12/17/05, Graham Leggett <[EMAIL PROTECTED]> wrote:
>
> When configuring Samba against an LDAP server, it is possible to
> configure an SSL connection by using "ldap ssl = on" in the smb.conf file.
>
> Is there a way of telling Samba's LDAP code to ensure that the
> certificate presented by the LDAP server is signed by a specific CA?

I am not certain, but OpenLDAP uses the  TLS_CACERT and TLS_CACERTDIR
options in ldap.conf.  See ldap.conf(5) for details on these settings.

The location of ldap.conf is a complile time option, but it is usually
under PREFIX/etc/openldap/ldap.conf or PREFIX/etc/ldap/ldap.conf.  You
could also try 'strings `which ldapsearch` | grep ldap.conf'
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Implementation Question

[Dennis B. Hopp]

Quoting Vijay Avarachen <[EMAIL PROTECTED]>:


Excellent OpenLDAP Authentication starter guide
http://www.gentoo.org/doc/en/ldap-howto.xml


That's convienent since I'm doing this all on gentoo :)

Thanks!

--Dennis

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Share Access for SAMBA 2.2.8a on HP-UX 11.11

[eric roseme]

Michalek, Tom S wrote:

Security=server
Username map=/etc/opt/samba/username.map

All NT ids are mapped to the same unix id via username.map.  Some NT
id's don't see all the SHARES when they access SAMBA...Not sure why this
would be if all NT ids are being translated to the same unix id.


Is it just browsing?  Can the users mount the unseen shares? If yes, 
does a "net view \\server" from the affect client(s) display all shares?


A.  Is this opensource Samba or HP CIFS Server?
B.  Either way, you should be on Samba 3 for 11i (2.2 is okay for 11.0)
C.  You should try to use "security = domain" - "server" is not 
recommended.


If you would like to discuss Samba/CIFS versions at Boeing, I am fairly 
clued-in about that.  We can discuss it offline.



Eric Roseme
Hewlett-Packard

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Basic samba/swat setup prob

[Mathew D. Watson]

dave s wrote:

On Sunday 18 December 2005 15:49, Mathew D. Watson wrote:


dave wrote:


I am running kubuntu, samba 3.0.14a, my smb.conf file is ...

[global]
   workgroup = METRAN
   encrypt passwords = yes
[test]
   comment = For testing only, please
   path = /etc/samba/tmp
   read only = no
   guest ok = yes

I have a /etc/samba/tmp directory,

I am user dave on the system so I ...

smbpasswd -a dave

I gave it a password of 'testing', it complained that a file did not
exist then created it for me ... all looked AOK

I pointed my browser to http://localhost:901, an authentication dialogue
popped up, I entered 'dave', 'testing' hopeing for the swat screen but
all I get is authentication failed, retry.


This is a guess, but try adding

security = user



Tried it but no go , did a /etc/init.d/samba restart, authentication still 
failed




to the [global] section.

You might also try, as I did, using the /etc/samba/smb.conf file that
came with the samba package. Then run swat, and use it to make your
changes.



Tried using the default config as well, authentication still failed. But 
thanks for the suggestions.





Mat




mmm

Can anyone tell me where the smb passwords are kept, they are not 
in /etc/samba/... if I can find the file I can verify if dave really exists 
in it.


Cheers

Dave


Check in /var/lib/samba. My ubuntu system puts secrets.tdb (and others) 
there, and I think this is where your encrypted password goes if you use 
the tdbsam backend. I have no idea how to see what's inside them (I 
tried). Let me know if you succeed.


Mat

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] OT: NIC

[Eric Hines]

Folks,

I'm trying to add a network interface card to my SUSE 9.3 box, and 
I'm not having much luck with a US Robotics version.  What 
manufacturer do any of you use in your machines--either 10/100MB or GigE NIC?


Thanks

Eric Hines

There is no nonsense so errant that it cannot be made the creed of 
the vast majority by adequate governmental action.

--Bertrand Russell

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Password Policy in Samba

[Andrew Bartlett]

On Mon, 2005-12-19 at 13:40 -0200, Marcelo Gonçalves Diotto wrote:
> Hello Everybody,
> I have a domain with Samba 3 + OpenLDAP and i would like to create a 
> password policy, for example:
> - At least 8 characters
> - Different from the last one
> - At least 2 numbers
> 
> Does anyone knows how do i do it?
> Thanks

The way I do this is via the 'check password script' option.  If you see
the smb.conf manpange, there is the example usage.  The crackcheck
source is in example/auth in your samba tarball.

This checks for password complexity (and is very nasty, also no
dictionary words etc), but not difference - that is configured in the
account policy.  I think that's all documented in the Guide.

Andrew Bartlett

-- 
Andrew Bartletthttp://samba.org/~abartlet/
Authentication Developer, Samba Team   http://samba.org
Student Network Administrator, Hawker College  http://hawkerc.net


signature.asc
Description: This is a digitally signed message part
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Samba over PVFS: Corrupted Data

[Jeremy Allison]

On Mon, Dec 19, 2005 at 10:11:10AM -0500, Justin Mazzola Paluska wrote:
> On Sat, Dec 17, 2005 at 09:46:08AM -0800, Andrew Bartlett wrote:
> > The Samba 3.0.13 would be the first thing I would fix.  Samba 3.0.21 is
> > about to be released, and with oplock rewrites and other things since
> > 3.0.13, it should provide a better basis for distributed filesystem
> > work.  
> > 
> > My guess is that the lack of posix locking is causing Word to fail, as
> > it uses a lot of locks.
> 
> I upgraded to 3.0.21rc2 last night and still have the same problems,
> though I kept much better records of what's going on, so maybe that
> helps.
> 
> 1.  Corruption of PDF files.
> 
> Copying PDF files from my Windows desktop to the Samba share
> results in corruption.  It looks like only the beginning of the
> file is getting corrupted.  For example, the file normally starts
> with:

Get an ethereal trace and debug level 10 of this and then do an
md5 checksum of a truncated copy of the start of the file - say
512 bytes then 1024 bytes then 2048 and binary chop until you
find the sizer that's being corrupted.

Samba works well with many network filesystems so it's doubtful
this is a Samba bug (although anything is possible :-).

Jeremy.
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Implementation Question

[Vijay Avarachen]

Excellent OpenLDAP Authentication starter guide
http://www.gentoo.org/doc/en/ldap-howto.xml

On 12/18/05, Graham Leggett <[EMAIL PROTECTED]> wrote:
>
> Dennis B. Hopp wrote:
>
> > Did you just use the LDAP schema that is included with Samba or did you
> > make your own and then make Samba use that?
>
> I used the standard v3.0 schema that came with Samba.
>
> > Did you use some howto or come up with it on your own?
>
> As I recall I used the normal Samba manual, but it was a while ago, I
> may have used some other info as well.
>
> > I'm pretty familiar with Samba but LDAP is sort of new to me (I can
> > query an LDAP database for information I need, but to actually construct
> > an LDAP schema ground up is a different story).
>
> Sticking to standard schemas gives you better odds that tools you add to
> your system will work without any fiddling around.
>
> I used a tool called directory_administrator to admin the LDAP server,
> although the tool can be flaky at times.
>
> Start off by creating a small experimental LDAP based PDC, and then
> slowly adding users to it as you get it working. Don't try migrate
> everything in one go, otherwise it will give you major headaches.
>
> Regards,
> Graham
> --
>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/listinfo/samba
>
>


--
"Knowledge is the only wealth that grows as you spend it, and diminishes as
you save it."
-- ancient Sanskrit saying
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Password Policy in Samba

[Marcelo Gonçalves Diotto]

Hello Everybody,
   I have a domain with Samba 3 + OpenLDAP and i would like to create a 
password policy, for example:

   - At least 8 characters
   - Different from the last one
   - At least 2 numbers

Does anyone knows how do i do it?
Thanks

--
Marcelo Gonçalves Diotto   e-mail: [EMAIL PROTECTED]
Analista de Suporte Computacional / Administrador de Redes
Centro Superior de Educação Tecnológica - CESETFone: (19) 3404-7270
Universidade Estadual de Campinas - UNICAMPFax:  (19) 3404-7164


"Se um dia tiver que escolher entre o mundo e o amor... 
Lembre-se: Se escolher o mundo, ficará sem o amor, 
mas se escolher o amor, com ele conquistará o mundo!"

Albert Einstein

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Samba over PVFS: Corrupted Data

[Justin Mazzola Paluska]

On Sat, Dec 17, 2005 at 09:46:08AM -0800, Andrew Bartlett wrote:
> The Samba 3.0.13 would be the first thing I would fix.  Samba 3.0.21 is
> about to be released, and with oplock rewrites and other things since
> 3.0.13, it should provide a better basis for distributed filesystem
> work.  
> 
> My guess is that the lack of posix locking is causing Word to fail, as
> it uses a lot of locks.

I upgraded to 3.0.21rc2 last night and still have the same problems,
though I kept much better records of what's going on, so maybe that
helps.

1.  Corruption of PDF files.

Copying PDF files from my Windows desktop to the Samba share
results in corruption.  It looks like only the beginning of the
file is getting corrupted.  For example, the file normally starts
with:

  %PDF-1.4
  5 0 obj <<
  /Length 3232
  /Filter /FlateDecode

But after the copy from the windows desktop, the same file starts
with:

   678 0 729 562 716 0 0 0 0 0 0 0 0 0 0 0 0 511 460 460 511 460 307 460
   511 307 0
   460 256 818 562 511 0 460 422 409 332 537 460 0 0 486 ]
  endobj
  25 0 obj <<
  /Length1 1997
  /Length2 14184
  /Length3 532
  /Length 15276
  /Filter /FlateDecode
  >>

The binary data that follows is different too.

2.  We can copy Word files to and from the share without any problems.
However, Word refuses to save to the share.  It reports the error
"The save failed due to out of memory or disk space."  The share
has terabytes of space available (as reported by du), so this
shouldn't be a problem.

3.  We also use Avid -- a video editing program -- that complains
"Assertion Failed: ReadSize > 0,
file/coresw/core/filesys/diskrtnsWIN.c,line 444" and then locks
up.

We've run some other tests:

1.  using the same configuration, but writing to an ext3 or xfs
partition works normally with no problems.

2.  Writing to and from the PVFS partition from within Linux also
works with no problems.

All of the above lead me to believe that there's something about PVFS
that samba doesn't like.

We have logs for these tests, at log level 3 and at log level 10.
They're quite big, so I can put them on a website instead of posting
them to the list if they would be helpful.

Sincerely,
--Justin
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] "NT_STATUS_LOGON_FAILURE"

[Donald Musser]

I've tried that already. All I get is an error about being unable to open
passwd.tbd. I've checked the file and, although it exists, it is empty. Is
this supposed to be the case?

-Myles

On 12/17/05, Mathew D. Watson <[EMAIL PROTECTED]> wrote:
>
> Donald Musser wrote:
> > Hi everyone,
> >
> > I'm using the online HOWTO manual in the "Quick Start" reference to try
> and
> > get a basic domain controller going. So I set up smb.conf, and testparm
> > checked out okay, I've started nmbd and smbd, but when I try to to run
> >
> > [EMAIL PROTECTED] samba]#smbclient -L  -U%
> > session setup failed: NT_STATUS_LOGON_FAILURE <-- I get this error
> >
>
> I recently got this message, and the solution in my case was to run (as
> root):
>
> # smbpasswd -a 
>
> where  is a valid user account on the samba server.
>
> Mat
>
>
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

RE: [Samba] Re: SAMBA3 + LDAP

[Craig White]

On Mon, 2005-12-19 at 15:19 +0100, Louis van Belle wrote:
> wel, 
> 
> index objectClass eq,pres
> index ou,cn,mail,surname,givenname eq,pres,sub
> index loginShell eq,pres
> index nisMapName,nisMapEntry eq,pres,sub
> index displayName eq,pres,sub
> index uidNumber eq
> index gidNumber eq
> index memberUID eq
> index sambaSID eq
> index sambaPrimaryGroupSID eq
> index default sub 
> 
> one of these is wrong, of you did not run 
> slapindex
> 
> stop the ldap server
> slapindex
> start the ldap server
-
on RHEL 4...this would necessarily be...

service ldap stop
slapindex
chown -R ldap:ldap /var/lib/ldap
service ldap start

when you run slapindex as root, new index files are root:root and that
doesn't work for openldap which runs as user ldap.

Craig

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] smbclient lookup fails when querying local machine

[ryan punt]

OK, I've opened port 445 in the iptables config. Further testing shows no 
changed after doing this.

I can telnet to 139:

boothost:~# telnet localhost 139
Trying 127.0.0.1...
Connected to localhost.localdomain.
Escape character is '^]'.
^]
telnet> quit
Connection closed.


Trying to smbclient to NETBios name, public IP, and loopback all produce the 
same error:

session setup failed: Call timed out: server did not respond after 2 
milliseconds


I have neither a "hosts allow" nor a "hosts deny" line in my smb.conf.

Thanks a bunch for all your help, Adam.

Ryan


>>> Adam Nielsen <[EMAIL PROTECTED]> 12/18/2005 5:02:30 PM >>>
Hmm, I have an additional port open:

tcp0  0 192.168.0.1:139 0.0.0.0:*   LISTEN  
2694/smbd   
tcp0  0 127.0.0.1:139   0.0.0.0:*   LISTEN  
2694/smbd   
tcp0  0 192.168.0.1:445 0.0.0.0:*   LISTEN  
2694/smbd   
tcp0  0 127.0.0.1:445   0.0.0.0:*   LISTEN  
2694/smbd   

But I don't know whether that's CIFS or something.  Are you able to
"telnet localhost 139"?  I suspect that doing that would also timeout,
whereas I can connect immediately.  If telnet also times out, it's
almost certainly a firewall issue.  Also check your "hosts allow" line
in smb.conf.

Cheers,
Adam.


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

RE: [Samba] Re: SAMBA3 + LDAP

[Louis van Belle]

wel, 

index objectClass eq,pres
index ou,cn,mail,surname,givenname eq,pres,sub
index loginShell eq,pres
index nisMapName,nisMapEntry eq,pres,sub
index displayName eq,pres,sub
index uidNumber eq
index gidNumber eq
index memberUID eq
index sambaSID eq
index sambaPrimaryGroupSID eq
index default sub 

one of these is wrong, of you did not run 
slapindex

stop the ldap server
slapindex
start the ldap server

Louis


>-Oorspronkelijk bericht-
>Van: [EMAIL PROTECTED] 
>[mailto:[EMAIL PROTECTED] 
>Namens mallapadi niranjan
>Verzonden: maandag 19 december 2005 15:15
>Aan: paul kölle
>CC: samba@lists.samba.org
>Onderwerp: Re: [Samba] Re: SAMBA3 + LDAP
>
>Hi all
>
>
>I have system with Redhat Enterprise Linux 4,
>OpenLDAP version is 2.2.13
>samba version is 3.0.10-1.4E
>
>i have configured SAMBA PDC with LDAPSAM .
>1). i am unable to join computer to domain with machin add  script in
>smb.conf file,
>but i am able to join the computer only when i add smbpasswd -a -m
>
>
>please let me know where i am wrong
>
>**
>###
>
>Dec 19 19:28:46 testsystem slapd[6010]: conn=6 op=6 SRCH
>base="ou=People,dc=msdpl,dc=com" scope=1 deref=0
>filter="(&(objectClass=posixAccount)(uid=test1$))"
>
>Dec 19 19:28:46 testsystem slapd[6010]: conn=6 op=6 SRCH attr=uid
>userPassword uidNumber gidNumber cn homeDirectory loginShell gecos
>description objectClass
>
>Dec 19 19:28:46 testsystem slapd[6010]: <= 
>bdb_equality_candidates: (uid)
>index_param failed (18)
>
>Dec 19 19:28:46 testsystem slapd[6010]: conn=6 op=6 SEARCH 
>RESULT tag=101
>err=0 nentries=0 text=
>
>Dec 19 19:28:46 testsystem slapd[6010]: conn=6 op=7 SRCH
>base="ou=People,dc=msdpl,dc=com" scope=1 deref=0
>filter="(&(objectClass=posixAccount)(uid=test1$))"
>
>Dec 19 19:28:46 testsystem slapd[6010]: conn=6 op=7 SRCH attr=uid
>userPassword uidNumber gidNumber cn homeDirectory loginShell gecos
>description objectClass
>
>*Dec 19 19:28:46 testsystem slapd[6010]: <= 
>bdb_equality_candidates: (uid)
>index_param failed (18)*
>
>Dec 19 19:28:46 testsystem slapd[6010]: conn=6 op=7 SEARCH 
>RESULT tag=101
>err=0 nentries=0 text=
>
>Dec 19 19:28:46 testsystem slapd[6010]: conn=5 fd=10 closed
>
>Dec 19 19:28:46 testsystem slapd[6010]: conn=6 fd=13 closed
>
> ###
>
>I have been told that above error comes if the nss_ldap is not 
>configured
>
>The following is the ldap.conf file
>
>###
>
># @(#)$Id: ldap.conf,v 1.34 2004/09/16 23:32:02 lukeh Exp $
>
>#
>
># This is the configuration file for the LDAP nameservice
>
># switch library and the LDAP PAM module.
>
>#
>
># PADL Software
>
># http://www.padl.com
>
>#
>
># Your LDAP server. Must be resolvable without using LDAP.
>
># Multiple hosts may be specified, each separated by a
>
># space. How long nss_ldap takes to failover depends on
>
># whether your LDAP client library supports configurable
>
># network or connect timeouts (see bind_timelimit).
>
>host testdomain.com
>
># The distinguished name of the search base.
>
>base dc=msdpl,dc=com
>
>
>
># Another way to specify your LDAP server is to provide an
>
># uri with the server name. This allows to use
>
># Unix Domain Sockets to connect to a local LDAP Server.
>
>#uri ldap://testdomain.com
>
>#uri ldaps://127.0.0.1/
>
>#uri ldapi://%2fvar%2frun%2fldapi_sock/
>
># Note: %2f encodes the '/' used as directory separator
>
># The LDAP version to use (defaults to 3
>
># if supported by client library)
>
>#ldap_version 3
>
># The distinguished name to bind to the server with.
>
># Optional: default is to bind anonymously.
>
>binddn cn=manager,dc=msdpl,dc=com
>
># The credentials to bind with.
>
># Optional: default is no credential.
>
>bindpw secret
>
># The distinguished name to bind to the server with
>
># if the effective user ID is root. Password is
>
># stored in /etc/ldap.secret (mode 600)
>
>rootbinddn cn=manager,dc=msdpl,dc=com
>
># The port.
>
># Optional: default is 389.
>
>#port 389
>
># The search scope.
>
>#scope sub
>
>#scope one
>
>#scope base
>
># Search timelimit
>
>timelimit 15
>
># Bind/connect timelimit
>
>#bind_timelimit 30
>
># Reconnect policy: hard (default) will retry connecting to
>
># the software with exponential backoff, soft will fail
>
># immediately.
>
>#bind_policy hard
>
># Idle timelimit; client will close connections
>
># (nss_ldap only) if the server has not been contacted
>
># for the number of seconds specified below.
>
>#idle_timelimit 3600
>
># Filter to AND with uid=%s
>
>pam_filter objectclass=posixAccount
>
># The user ID attribute (defaults to uid)
>
>pam_login_attribute uid
>
># Search the root DSE for the password policy (works
>
># with Netscape Directory Server)
>
>#pam_lookup_policy yes
>
># Check the 'host' attribute for access control
>
># Default is no; if set to yes, and user has no
>
># value for the host attribute, and pam_ldap is
>
># con

Re: [Samba] Re: SAMBA3 + LDAP

[mallapadi niranjan]

Hi all


I have system with Redhat Enterprise Linux 4,
OpenLDAP version is 2.2.13
samba version is 3.0.10-1.4E

i have configured SAMBA PDC with LDAPSAM .
1). i am unable to join computer to domain with machin add  script in
smb.conf file,
but i am able to join the computer only when i add smbpasswd -a -m


please let me know where i am wrong

**
###

Dec 19 19:28:46 testsystem slapd[6010]: conn=6 op=6 SRCH
base="ou=People,dc=msdpl,dc=com" scope=1 deref=0
filter="(&(objectClass=posixAccount)(uid=test1$))"

Dec 19 19:28:46 testsystem slapd[6010]: conn=6 op=6 SRCH attr=uid
userPassword uidNumber gidNumber cn homeDirectory loginShell gecos
description objectClass

Dec 19 19:28:46 testsystem slapd[6010]: <= bdb_equality_candidates: (uid)
index_param failed (18)

Dec 19 19:28:46 testsystem slapd[6010]: conn=6 op=6 SEARCH RESULT tag=101
err=0 nentries=0 text=

Dec 19 19:28:46 testsystem slapd[6010]: conn=6 op=7 SRCH
base="ou=People,dc=msdpl,dc=com" scope=1 deref=0
filter="(&(objectClass=posixAccount)(uid=test1$))"

Dec 19 19:28:46 testsystem slapd[6010]: conn=6 op=7 SRCH attr=uid
userPassword uidNumber gidNumber cn homeDirectory loginShell gecos
description objectClass

*Dec 19 19:28:46 testsystem slapd[6010]: <= bdb_equality_candidates: (uid)
index_param failed (18)*

Dec 19 19:28:46 testsystem slapd[6010]: conn=6 op=7 SEARCH RESULT tag=101
err=0 nentries=0 text=

Dec 19 19:28:46 testsystem slapd[6010]: conn=5 fd=10 closed

Dec 19 19:28:46 testsystem slapd[6010]: conn=6 fd=13 closed

 ###

I have been told that above error comes if the nss_ldap is not configured

The following is the ldap.conf file

###

# @(#)$Id: ldap.conf,v 1.34 2004/09/16 23:32:02 lukeh Exp $

#

# This is the configuration file for the LDAP nameservice

# switch library and the LDAP PAM module.

#

# PADL Software

# http://www.padl.com

#

# Your LDAP server. Must be resolvable without using LDAP.

# Multiple hosts may be specified, each separated by a

# space. How long nss_ldap takes to failover depends on

# whether your LDAP client library supports configurable

# network or connect timeouts (see bind_timelimit).

host testdomain.com

# The distinguished name of the search base.

base dc=msdpl,dc=com



# Another way to specify your LDAP server is to provide an

# uri with the server name. This allows to use

# Unix Domain Sockets to connect to a local LDAP Server.

#uri ldap://testdomain.com

#uri ldaps://127.0.0.1/

#uri ldapi://%2fvar%2frun%2fldapi_sock/

# Note: %2f encodes the '/' used as directory separator

# The LDAP version to use (defaults to 3

# if supported by client library)

#ldap_version 3

# The distinguished name to bind to the server with.

# Optional: default is to bind anonymously.

binddn cn=manager,dc=msdpl,dc=com

# The credentials to bind with.

# Optional: default is no credential.

bindpw secret

# The distinguished name to bind to the server with

# if the effective user ID is root. Password is

# stored in /etc/ldap.secret (mode 600)

rootbinddn cn=manager,dc=msdpl,dc=com

# The port.

# Optional: default is 389.

#port 389

# The search scope.

#scope sub

#scope one

#scope base

# Search timelimit

timelimit 15

# Bind/connect timelimit

#bind_timelimit 30

# Reconnect policy: hard (default) will retry connecting to

# the software with exponential backoff, soft will fail

# immediately.

#bind_policy hard

# Idle timelimit; client will close connections

# (nss_ldap only) if the server has not been contacted

# for the number of seconds specified below.

#idle_timelimit 3600

# Filter to AND with uid=%s

pam_filter objectclass=posixAccount

# The user ID attribute (defaults to uid)

pam_login_attribute uid

# Search the root DSE for the password policy (works

# with Netscape Directory Server)

#pam_lookup_policy yes

# Check the 'host' attribute for access control

# Default is no; if set to yes, and user has no

# value for the host attribute, and pam_ldap is

# configured for account management (authorization)

# then the user will not be allowed to login.

#pam_check_host_attr yes

# Check the 'authorizedService' attribute for access

# control

# Default is no; if set to yes, and the user has no

# value for the authorizedService attribute, and

# pam_ldap is configured for account management

# (authorization) then the user will not be allowed

# to login.

#pam_check_service_attr yes

# Group to enforce membership of

#pam_groupdn cn=PAM,ou=Groups,dc=example,dc=com

# Group member attribute

pam_member_attribute memberUID

# Specify a minium or maximum UID number allowed

#pam_min_uid 0

#pam_max_uid 0

# Template login attribute, default template user

# (can be overriden by value of former attribute

# in user's entry)

#pam_login_attribute userPrincipalName

#pam_template_login_attribute uid

#pam_templa

Re: [Samba] Re: LDAP account management tools?

[Craig White]

On Mon, 2005-12-19 at 15:49 +0200, Graham Leggett wrote:
> Craig White said:
> 
> > there is of course swat
> >
> > and I am speaking on my own behalf and I have little knowledge of the
> > toolsets under development either in the 3.x or 4.x branches.
> >
> > You should consider webmin  if you want a web
> > based interface to access/interact the smb.conf but I find that it makes
> > a mess of my organization of the smb.conf file and don't use it for that
> > purpose.
> 
> The Fedora Directory server console has looked promising - did some
> digging over the weekend to find out how hard it would be to teach it how
> to handle the Samba objectclasses natively.
> 
> When I get some time, going to see if I can get any progress on it.

If you look at the fedora directory list archives, I was asking about
that. It would seem to be mostly html.

But this is for LDAP management and not for editing configuration files
for samba.

BTW - I actually use webmin's LDAP Users and Groups with both openldap
and fedora directory server to edit users and groups. The topic started
as account management tools and migrated over to samba configuration
tools. The folks from idealx halso have an account management web based
server.

Craig

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Re: LDAP account management tools?

[Graham Leggett]

Craig White said:

> there is of course swat
>
> and I am speaking on my own behalf and I have little knowledge of the
> toolsets under development either in the 3.x or 4.x branches.
>
> You should consider webmin  if you want a web
> based interface to access/interact the smb.conf but I find that it makes
> a mess of my organization of the smb.conf file and don't use it for that
> purpose.

The Fedora Directory server console has looked promising - did some
digging over the weekend to find out how hard it would be to teach it how
to handle the Samba objectclasses natively.

When I get some time, going to see if I can get any progress on it.

Regards,
Graham
--

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Re: LDAP account management tools?

[Craig White]

On Mon, 2005-12-19 at 07:10 -0500, Matt Lung wrote:
> 
> Craig White wrote:
> 
> >On Thu, 2005-12-15 at 10:32 -0500, Matt Lung wrote:
> >
> >  
> >
> >>>
> >>>There are lots of resources for getting support - this list is user
> >>>supported for free. Expecting personal attention to one's situation is
> >>>probably not reasonable. You can always contract for support, setup
> >>>assistance, etc.
> >>>
> >>>Craig
> >>>
> >>> 
> >>>
> >>>  
> >>>
> >>Agreed, there are lots of resources for getting help.  Of course 
> >>expecting personal attention to one's problems is not always going to 
> >>happen on a free platform.  When I post to this list however I am asking 
> >>for personal attention every time.  If someone gives that attention back 
> >>is another thing.  But it is free support so you always must keep that 
> >>in mind.  Contracting for support for getting say your home network 
> >>going???  Who is going to want to do that?  Samba is not just used as an 
> >>Enterprise server application.  I'm just suggesting making it easier to 
> >>setup and maintain so just keep an open mind. 
> >>
> >>
> >
> >  
> >
> >of course home networking isn't going to involve LDAP (unless you are at
> >my house) so that isn't an issue and most of the distributions give you
> >a tool to configure samba for your home network now or you can always
> >use swat.
> >
> >  
> >
> >This list is simply a users helping users and infrequently, when someone
> >is fortunate enough to have properly researched their problem and stated
> >it simply and clearly enough, they will get answers from samba
> >developers. 
> >
> >These simple facts remain...
> >- open source usage requires the implementer to get involved in the
> >configuation details.
> >
> >- there aren't always nice, neat gui tools for these configuration
> >issues...remember, UNIX/Linux is about text based configuration files
> >and the gui tools tend to make a bludgeon of things that in text
> >form...can be organized, logical and easy enough to change with a simple
> >editor.
> >
> >- samba has the best documentation that I am aware of all open source
> >projects and because of the detail/scope/breadth, people don't want to
> >read it and instead, want to use the mail lists instead.
> >
> >- if we are talking about a business and there's no one on staff capable
> >of handling the issues involved, businesses pay for support.
> >
> >Craig
> >
> >  
> >
> 
> The simple fact was I was just asking if there were plans for a nice 
> web-based server configuration/administration tool that would be offered 
> up by the Samba team.   Since your either part of the Samba Team or are 
> speaking on their behalf, you could have simply said we don't have the 
> developers to take on a project like this, or simply said NO we are not 
> even thinking of doing a project like that.  Good discussion though. 

there is of course swat

and I am speaking on my own behalf and I have little knowledge of the
toolsets under development either in the 3.x or 4.x branches.

You should consider webmin  if you want a web
based interface to access/interact the smb.conf but I find that it makes
a mess of my organization of the smb.conf file and don't use it for that
purpose.

Craig

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Samba doesn't trust Win2k3 domain

[samba]

Dear All,

I am trying to set up a two way trust with a Win2k3 domain controller.
The Win2k3 domain trusts the Samba domain with no problems but Samba will not 
trust Win2k3.

The command, net rpc trustdom establish [Win2k3_domain],
produces the following message after supplying the password:

  Could not connect to server [Win2k3_domain]
  [timestamp] rpc_client/cli_pipe.c:cli_nt_session_open(1451)
  cli_nt_session_open: cli_nt_create failed on pipe \wkssvc to machine 
[Win2k3_domain]
  Error was NT_STATUS_ACCESS_DENIED
  [timestamp] utils/net_rpc.c:rpc_trustdom_establish(4363)
  Couldn't not initialise wkssvc pipe

I have two way trusts with other NT4 and Samba domain controllers working 
perfectly.

wbinfo -m does not list the Win2k3 domain.

My Samba setup is:
RHEL3
Samba 3.0.9-1.3E.5
PDC/WINS/DHCP

Thanks in advance for any help or suggestions.

Andy.


-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] maximum password age

[nik600]

i've tried to set the maximum age of passwords with:

[EMAIL PROTECTED]:~# pdbedit -P "maximum password age" -C 8035200
account policy value for maximum password age was 8035200
account policy value for maximum password age is now 8035200

but if try to see the accounts with: pdbedit -L -v

i get this:

Unix username:nicola
NT username:
Account Flags:[U  ]
User SID: S-1-5-21-3614578222-3141096634-3044101766-3082
Primary Group SID:S-1-5-21-3614578222-3141096634-3044101766-513
Full Name:Nicola Mosca,,,
Home Directory:   \\server_name\nicola\.profile
HomeDir Drive:H:
Logon Script: netlogon.bat
Profile Path: \\server_name\profili\nicola
Domain:   DOMAIN_NAME
Account desc:
Workstations:
Munged dial:
Logon time:   0
Logoff time:  Fri, 13 Dec 1901 21:45:51 GMT
Kickoff time: Fri, 13 Dec 1901 21:45:51 GMT
Password last set:Mon, 19 Dec 2005 09:10:18 GMT
Password can change:  Mon, 19 Dec 2005 09:10:18 GMT
Password must change: Fri, 13 Dec 1901 21:45:51 GMT
Last bad password   : 0
Bad password count  : 0


as you can see Password must change: Fri, 13 Dec 1901 21:45:51 GMT is wrong!
what can i do to set the password max age?

thanks
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] VFS for encryption/decryption

[Felix Brack]

Hello,

Does anybody know of an existing VFS module that allows on the fly
encryption of the contents of a samba file share?

thanks, Felix

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Recommended LDAP access settings for a Samba admin DN

[Andrey Voitenkov]

Marek Szuba wrote:


At the moment everything works fine, but I'd like Samba to use a
dedicated LDAP access DN instead of the global directory admin one.
Could you give me any recommendations as to how access rules should be
set for this DN so that it  both can work without problems and have no
unnecessary privileges?


I use following settings:
--- cut ---
access to dn.subtree="dc=GYRUS,dc=office,dc=local" 
attrs=sambaLMPassword,sambaNTPassword

by dn="uid=ssamba,ou=Shadow,dc=office,dc=local" write
by dn="uid=radiusd,ou=Shadow,dc=office,dc=local" read
by * none
access to attr=userPassword
by dn="uid=ssamba,ou=Shadow,dc=office,dc=local" write
by self write
by anonymous auth
by * none
access to dn.subtree="dc=GYRUS,dc=office,dc=local"
by dn="uid=ssamba,ou=Shadow,dc=office,dc=local" write
by * read
access to *
by * read
--- cut ---

Samba domain stored under dc=GYRUS,dc=office,dc=local node,
samba uses posixAccount record uid=ssamba,ou=Shadow,dc=office,dc=local
to access LDAP-server. May be it is not the best way, but it works for me.

--
mccloud@
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] The single WINS problem: question

[Michael Gasch]

werner maes wrote:

I know what you mean but that's something we've tried.

If we shut down the PDC (and WINS server) then the clients were not able 
to login even with the BDC running. They could not resolve the Domain !

maybe I misconfigured something...

you said in a prior mail, that the BDC is in the same subnet like the
PDC and the clients are in another subnet. that won´t work (if PDC/WINS
is down), because they cannot resolve the DCs via broadcast, because
they are in another subnet. that´s why i adviced setting up DCs in each
subnet

greez



werner

At 10:53 19/12/2005, you wrote:


you misunderstood my recommendation:
the BDCs should not be WINS server.
if you have multiple subnets, each subnet should get its own BDCs for 
logins to avoid login problems if the PDC and WINS server is down!


greez


werner maes wrote:


At 10:32 19/12/2005, you wrote:


werner maes wrote:


no, because all our client are not located on the same subnet!



ok, you´re right. that´s another story.

i thought all clients/servers are in the same subnet, because your 
BDC is on the same subnet as the PDC.


why don´t you setup BDCs for each subnet that your clients are at 
least able to login?


greetz



problem remains that the single point of failure is your WINS server 
(the PDC in my case). it's not recommend that you set each BDC to act 
as a WINS server.

werner

Disclaimer: http://www.kuleuven.be/cwis/email_disclaimer.htm




--
Michael Gasch
Max Planck Institute for Evolutionary Anthropology
Department of Human Evolution (IT)
Deutscher Platz 6
D-04103 Leipzig
Germany!

Phone: 49 (0)341 - 3550 137





Disclaimer: http://www.kuleuven.be/cwis/email_disclaimer.htm





--
Michael Gasch
Max Planck Institute for Evolutionary Anthropology
Department of Human Evolution (IT)
Deutscher Platz 6
D-04103 Leipzig
Germany

Phone: 49 (0)341 - 3550 137

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] The single WINS problem: question

[Michael Gasch]

you misunderstood my recommendation:
the BDCs should not be WINS server.
if you have multiple subnets, each subnet should get its own BDCs for
logins to avoid login problems if the PDC and WINS server is down!

greez


werner maes wrote:

At 10:32 19/12/2005, you wrote:


werner maes wrote:


no, because all our client are not located on the same subnet!


ok, you´re right. that´s another story.

i thought all clients/servers are in the same subnet, because your BDC 
is on the same subnet as the PDC.


why don´t you setup BDCs for each subnet that your clients are at 
least able to login?


greetz



problem remains that the single point of failure is your WINS server 
(the PDC in my case). it's not recommend that you set each BDC to act as 
a WINS server.


werner


Disclaimer: http://www.kuleuven.be/cwis/email_disclaimer.htm





--
Michael Gasch
Max Planck Institute for Evolutionary Anthropology
Department of Human Evolution (IT)
Deutscher Platz 6
D-04103 Leipzig
Germany

Phone: 49 (0)341 - 3550 137

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] The single WINS problem: question

[Michael Gasch]

werner maes wrote:

no, because all our client are not located on the same subnet!

ok, you´re right. that´s another story.

i thought all clients/servers are in the same subnet, because your BDC
is on the same subnet as the PDC.

why don´t you setup BDCs for each subnet that your clients are at least
able to login?

greez



werner

At 10:17 19/12/2005, you wrote:


werner maes wrote:


no, the BDC is on the same subnet as the PDC


so single WINS should be no prob, because your clients will fall back 
to broadcast/DNS in your subnet and are still able to locate DCs


greez


--
Michael Gasch
Max Planck Institute for Evolutionary Anthropology
Department of Human Evolution (IT)
Deutscher Platz 6
D-04103 Leipzig
Germany

Phone: 49 (0)341 - 3550 137





Disclaimer: http://www.kuleuven.be/cwis/email_disclaimer.htm





--
Michael Gasch
Max Planck Institute for Evolutionary Anthropology
Department of Human Evolution (IT)
Deutscher Platz 6
D-04103 Leipzig
Germany

Phone: 49 (0)341 - 3550 137

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Re: LDAP account management tools?

[Matt Lung]

Craig White wrote:


On Thu, 2005-12-15 at 10:32 -0500, Matt Lung wrote:

 



There are lots of resources for getting support - this list is user
supported for free. Expecting personal attention to one's situation is
probably not reasonable. You can always contract for support, setup
assistance, etc.

Craig



 

Agreed, there are lots of resources for getting help.  Of course 
expecting personal attention to one's problems is not always going to 
happen on a free platform.  When I post to this list however I am asking 
for personal attention every time.  If someone gives that attention back 
is another thing.  But it is free support so you always must keep that 
in mind.  Contracting for support for getting say your home network 
going???  Who is going to want to do that?  Samba is not just used as an 
Enterprise server application.  I'm just suggesting making it easier to 
setup and maintain so just keep an open mind. 
   



 


of course home networking isn't going to involve LDAP (unless you are at
my house) so that isn't an issue and most of the distributions give you
a tool to configure samba for your home network now or you can always
use swat.

 


This list is simply a users helping users and infrequently, when someone
is fortunate enough to have properly researched their problem and stated
it simply and clearly enough, they will get answers from samba
developers. 


These simple facts remain...
- open source usage requires the implementer to get involved in the
configuation details.

- there aren't always nice, neat gui tools for these configuration
issues...remember, UNIX/Linux is about text based configuration files
and the gui tools tend to make a bludgeon of things that in text
form...can be organized, logical and easy enough to change with a simple
editor.

- samba has the best documentation that I am aware of all open source
projects and because of the detail/scope/breadth, people don't want to
read it and instead, want to use the mail lists instead.

- if we are talking about a business and there's no one on staff capable
of handling the issues involved, businesses pay for support.

Craig

 



The simple fact was I was just asking if there were plans for a nice 
web-based server configuration/administration tool that would be offered 
up by the Samba team.   Since your either part of the Samba Team or are 
speaking on their behalf, you could have simply said we don't have the 
developers to take on a project like this, or simply said NO we are not 
even thinking of doing a project like that.  Good discussion though. 


Matt


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] [patch] fs/smbfs/proc.c: fix data corruption in smb_proc_setattr_unix()

[Adrian Bunk]

From: Maciej W. Rozycki <[EMAIL PROTECTED]>


This patch fixes a data corruption in smb_proc_setattr_unix() 
(smb_filetype_from_mode() returns an u32, and there are only four bytes 
reserved for it in data.

Signed-off-by: Adrian Bunk <[EMAIL PROTECTED]>


--- linux-2.6.14-rc3-git3/fs/smbfs/proc.c   2005-10-04 19:24:37.0 
+1000
+++ .6877.trivial/fs/smbfs/proc.c   2005-10-04 19:29:50.0 +1000
@@ -3113,7 +3113,7 @@ smb_proc_setattr_unix(struct dentry *d, 
LSET(data, 32, SMB_TIME_NO_CHANGE);
LSET(data, 40, SMB_UID_NO_CHANGE);
LSET(data, 48, SMB_GID_NO_CHANGE);
-   LSET(data, 56, smb_filetype_from_mode(attr->ia_mode));
+   DSET(data, 56, smb_filetype_from_mode(attr->ia_mode));
LSET(data, 60, major);
LSET(data, 68, minor);
LSET(data, 76, 0);

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] About getent passwd.

[Latrell]

Hi! All:

After joining domain, I can use getent passwd to retrieve domain users 
information.
My problem is how can we edit the output of getent passwd?
For example, I want to change uid of ntu3 from 16 to 17 after getent 
passwd.
(ntu3:x:16:10:ntu3:/tmp/users/home/WIN2KNT/ntu3:/bin/bash)
In /etc/passwd, I can edit information of local users, what if domain users?
Is there a passwd file in existence?
Thanks for any reply.

Best,
Latrell

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] The single WINS problem: question

[Michael Gasch]

werner maes wrote:

no, the BDC is on the same subnet as the PDC
so single WINS should be no prob, because your clients will fall back to 
broadcast/DNS in your subnet and are still able to locate DCs


greez


--
Michael Gasch
Max Planck Institute for Evolutionary Anthropology
Department of Human Evolution (IT)
Deutscher Platz 6
D-04103 Leipzig
Germany

Phone: 49 (0)341 - 3550 137
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Re: The single WINS problem: question (Michael Gasch)

[werner maes]

Message: 14
Date: Fri, 16 Dec 2005 12:34:38 +0100
From: Michael Gasch <[EMAIL PROTECTED]>
Subject: Re: [Samba] The single WINS problem: question
To: werner maes <[EMAIL PROTECTED]>
Cc: samba@lists.samba.org
Message-ID: <[EMAIL PROTECTED]>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed

do you have multiple subnets for each BDC?

greez


no, the BDC is on the same subnet


Disclaimer: http://www.kuleuven.be/cwis/email_disclaimer.htm

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba