Re: [Samba] Inclusion of libnss_wins in vendor distros?
Jonathan, Which distributions are you talking about? Also are you referring to the use of wins for hostname resolution in nsswitch.conf file? I was under then impression that only worked for SGI Irix? Am I mistaken? I am running RHEL/CentOS 4.x and Gentoo, but come with the wins library. In the case of Gentoo you have to use the right USE flags of course. Vijay Avarachen :wq! On 12/23/05, Jonathan Johnson <[EMAIL PROTECTED]> wrote: > > This might be a stupid question, but I ask only because I can't think of > a good reason... > > Why do so many vendors' builds of Samba not include libnss_wins, the > WINS/NetBIOS name resolution library? I find that it is very helpful for > my Linux/Samba servers to be able to resolve hostnames by WINS. It also > seems to improve domain browsing performance dramatically to have the > library present and enabled in nsswitch.conf. It seems to me to be such > a basic and essential part of the SMB protocol, yet many distributions > omit it. It's very annoying. I guess the solution is to always build > Samba using the latest stable sources from samba.org. > > Perhaps someone thinks it's a security vulnerability and therefore > shouldn't be included by default, but would a system be any less secure > if the library was included but not disabled by default? Besides, in my > experience, even when the WINS libraries are included, nsswitch.conf > must be edited to enable it -- I don't see the mere presence of > libnss_wins.so on a system making it any less vulnerable, just as having > a key on the inside of a locked door doesn't make the house any less > secure. > > Any good reasons why it wouldn't be included? > > -- > --Jon Johnson > Sutinen Consulting, Inc. > www.sutinen.com > > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/listinfo/samba > -- "Knowledge is the only wealth that grows as you spend it, and diminishes as you save it." -- ancient Sanskrit saying -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Do users have to have accounts on a Samba server to map drives?
On Thu, 2005-12-22 at 14:54 +, Steve Blackwell wrote: > I know this may be a very simple question but I cant seem to find the > answer in the O'Reilly Samba book or from Google. > > When using Samba 2 (actual version 2.2.12) we had W2K domain users > authentication via the ADS to access Samba shares. The W2K users did not > actually have Unix accounts on the Samba server, we used the users.map > file to map the W2K account name to a guest Unix account. > The only way I found to get the users to mount a Samba share is to create > a Unix account. I don't particularly want to create 600 Unix account for > users to access a couple of shares. The best option is to use winbindd, and it will cause the windows accounts to appear on the unix server. > Does anyone know how to get Samba 3 to act the same as Samba 2? Increases in correctness have caused some changes, but given the suggested mapping to 'ftp' above, perhaps you want the 'map to guest = bad user' option? I think there is another one for doing the same for authenticated users... Andrew Bartlett -- Andrew Bartletthttp://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org Student Network Administrator, Hawker College http://hawkerc.net signature.asc Description: This is a digitally signed message part -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Re: Samba 3.0.21 Available for Download
>>> >> Binary packages are available at >>> >> >>> >> http://download.samba.org/samba/ftp/Binary_Packages/ >>> > >>> > How long usually before the SRPM's are available? >>> >>> For what platform? >> >> Redhat. > RedHat xx ? Enterprise? I stopped producing SRPMS for RedHat > 7.3 + in hopes that it wouldn't be noticed. I'm assuming you > noticed. Is there still a great demand for RedHat 9 ? A lot of my install base is still RHL9, I guess a lot of more people do. I'd appreciate the SRPMS for RHL9 to be available at the SAMBA FTP site. I didn't look at the tar.gz file yet, but can I still make the SRPM for RHL9 by myself with the "makerpms.sh" command in the "packaging/RedHat" dir? Regards, Alex. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] 3.0.20 usermap script execution
I have created a mapusers.bash script (listed below) for mapping Active Directory handles to unix logins. This script is currently working as documented. I would like some insight into how and when this script gets called. I assumed that upon establishing each samba connection, after the active directory handle gets authenticated with the domain controller it passes the domain\handle to this script to determine the unix login to use. However, it seems to execute this script multiple times to establish a connection. I have tested this out by clearing the cache using nbtstat -R on the client and running smbstatus -u username and killing the procids then reconnecting. Samba consistently will pass just the active directory handle without the domain first which succeeds because my script will find the correct unix login to map to without the domain. Immediately after, Samba will pass the script the domain\handle which will also succeed. Why is this? Throughout the life of ! the connection it will continue to intermittently pass the active directory handle without the domain. Samba version 3.0.20 Configuration: ./configure --prefix=/opt/samba-3.0.20 --with-smbwrapper --with-nis --with-quotas --with-syslog --with-included-popt OS: Solaris 8 #!/bin/bash if [ $1 ] then echo "$1" >> /tmp/mhm4in #line needed for debugging #cut off the na0x\ part of input na0xlogin=`echo "$1" | cut -d '\' -f2` #search for a different unix login unixlogin=`ypcat users.map | grep "\$na0xlogin$" | cut -d ' ' -f1` if [[ $? = 0 && $unixlogin != "" ]] then #if unixlogin is in the users.map then return it echo "$unixlogin" echo "$unixlogin" >> /tmp/mhm4out #debugging only else #find unixlogin in NIS passwd map then return it unixlogin=`ypcat passwd | cut -d ':' -f1 | grep ^$na0xlogin$` echo "$unixlogin" echo "$unixlogin" >> /tmp/mhm4out #debugging only fi # below if statement for debugging only if [[ $unixlogin = "" ]] then #report to /tmp/mhm4error for any requests with no unix login echo $na0xlogin >> /tmp/mhm4error #debugging only fi else echo "You must enter a name to search." exit 1 fi smb.conf global section* [global] debug level = 3 security = domain encrypt passwords = yes password server = * netbios name = server1 netbios aliases = server1 server1a username map script = /opt/samba/lib/mapusers.bash server string = %h (Samba %v) workgroup = domain1 wins proxy = no dns proxy = no wins support = no wins server = w.x.y.z guest account = nobody lock directory = /opt/samba/var/locks browseable = no create mask = 775 directory mask = 775 delete readonly = yes name resolve order = wins lmhosts host bcast case sensitive = no preserve case = yes short preserve case = yes domain master = no local master = no preferred master = no os level = 0 remote announce = w.x.y.255 log file = /opt/samba/var/%I.log max log size = 1000 auto services = Unison locking = yes strict locking = no dead time = 15 load printers = no printing = sysv lpq cache time = 0 map archive = no read only = no bind interfaces only = yes interfaces = a.b.c.d socket options = SO_KEEPALIVE smb ports = 139 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] master.password instead of LDAP database.
Good day.
Help me please to solve my problem to login a user to samba domain.
Samba accepts user authorisation only if a user account exists both in
master.password and LDAP database.
Note that uid and gid are taken from master.password instead of LDAP
database.
Why?
my smb.cf
[global]
dos charset = CP866
unix charset = KOI8-R
workgroup = FISH
server string = Samba Server
passdb backend = ldapsam:ldap://localhost
passwd program = /usr/local/smbLDAPtools/sbin/smbldap-passwd
log file = /var/log/samba/log.%m
max log size = 50
load printers = No
add user script = /usr/local/smbLDAPtools/sbin/smbldap-useradd -a -m %u
delete user script = /usr/local/smbLDAPtools/sbin/smbldap-userdel %u
add group script = /usr/local/smbLDAPtools/sbin/smbldap-groupadd -p %g
delete group script = /usr/local/smbLDAPtools/sbin/smbldap-groupdel %g
add user to group script =
/usr/local/smbLDAPtools/sbin/smbldap-groupmod -m %u %g
delete user from group script =
/usr/local/smbLDAPtools/sbin/smbldap-groupmod -x %u %g
set primary group script = /usr/local/smbLDAPtools/sbin/smbldap-usermod
-g %g %u
add machine script = /usr/local/smbLDAPtools/sbin/smbldap-useradd -w -i
%u
domain logons = Yes
os level = 60
preferred master = Yes
domain master = Yes
dns proxy = No
wins support = Yes
ldap admin dn = cn=root,dc=offs,dc=tp
ldap group suffix = ou=Groups
ldap idmap suffix = ou=Idmap
ldap machine suffix = ou=Computers
ldap suffix = dc=offs,dc=tp
ldap ssl = no
ldap user suffix = ou=Users
Error message:
User serg in passdb, but getpwnam() fails!
nsswitch.conf
group: files ldap
group_compat: nis
hosts: files
networks: files
passwd: files ldap
passwd_compat: nis
shells: files
serg.ldif
#---
# This file has been generated on 12.23.2005 at 12:16 from 192.168.1.254:389
# by Softerra LDAP Browser 2.6 (http://www.ldapbrowser.com)
#---
version: 1
dn: uid=serg,ou=Users,dc=offs,dc=tp
objectClass: top
objectClass: inetOrgPerson
objectClass: posixAccount
objectClass: shadowAccount
objectClass: sambaSamAccount
cn: serg
sn: serg
uid: serg
uidNumber: 1002
gidNumber: 513
homeDirectory: /home/serg
loginShell: /sbin/nologin
gecos: System User
description: System User
sambaLogonTime: 0
sambaLogoffTime: 2147483647
sambaKickoffTime: 2147483647
sambaPwdCanChange: 0
displayName: System User
sambaSID: S-1-5-21-2252347010-2415896038-3271642905-3004
sambaPrimaryGroupSID: S-1-5-21-2252347010-2415896038-3271642905-513
sambaLogonScript: serg.bat
sambaProfilePath: \\offs\profiles\serg
sambaHomePath: \\offs\serg
sambaHomeDrive: Z:
sambaLMPassword: C2265B23734E0DACAAD3B435B51404EE
sambaAcctFlags: [U]
sambaNTPassword: 69943C5E63B4D2C104DBBCC15138B72B
sambaPwdLastSet: 1135351413
sambaPwdMustChange: 1139239413
userPassword: {SSHA}ZUR6trRjWg9PigrZbQAKXQ01gHx2OTBX
Software:
FreeBSD 6.0
samba-3.0.14a_1
nss_ldap-1.239
openldap-client-2.2.27
openldap-server-2.2.27
p5-perl-ldap-0.33
pam_ldap-1.8.0
smbldap-tools-0.9.1_1
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Hiding and showing folders in Samba.
Hi, I am using Samba as a file server; with 11 users : usr1, usr2, . usr10, usr 11. There are several folders on the server : sfold1, sfold2, .. sfold10, sfold23 Each user has full access (read/write) to some folders, only read access to some others and finally no access at all to some other folders. I would like the folders which are not accessible to a given user to be invisible when she/he browses the samba-server. How can I do that ? I have tried to use the "browseable", "only user", and a few other flags but it did not work. Either the folder is visible to everyone or to nobody. Of course I still can control the access rights, but it would be cleaner if the non-accessible folders did show up at all. Has anyboby got this problem ? Does anyone know how to solve it ? Thanks in advance. Michel -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] smbpasswd usage
Hi, I used to set up Samba password on the command line with smbpasswd using the following syntax : smbpasswd -a newuser "usersecretpasswd" smbpasswd -e newuser but it does work any more. How can I do the same without having to type in the password ? Thanks in advance. Michel -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Suse 10.0- Samba PDC with OpenLDAP and smbldap-tools
Hi NG, I'm trying to set up a PDC in my home office; just to practice (one of my clients needs this kind of setup). Followed the step-by-step example from samba.org (chapter 'Making Happy users'). Everything went fine up to the point, where the docs suggest to call the command ./smbldap-populate -a root -k 0 -m 0 This one fails with an errormsg: failed to add entry: modifications require authentication at... (repeated several times) Been looking around and read a pile of docs, but feel a little lost now. Seems like the error lies in the password configuration for the ldap Admin- but I'm just not sure where to dig. Anyone willing to help? Any help much appreciated, greets Thomas -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Samba 3.0.21 Available for Download
I have been having trouble building 3.0.21 on a Sparc Solaris 8 machine using the following packages: heimdal-0.7.1 openssl-0.9.8a openldap-2.3.13 The compiler is gcc-3.4.3. The problem appears in the ARCFOUR_subencrypt function. Here is a backtrace: (gdb) bt #0 0x7f989394 in RC4_set_key (key=0xffbee21a, len=16, data=0xffbee1ea "?4?o\230?-V??)E8\221Z@>?ZCg?\235?\0317 ?\2138~P>?ZCg?\235?\0317 ?\2138~P") at rc4.c:57 #1 0x7f3e5efc in ARCFOUR_subencrypt (context=0x356900, key=0x3581dc, data=0x356d80, len=150, usage=11, ivec=0x0) at crypto.c:2585 #2 0x7f3e6488 in ARCFOUR_encrypt (context=0x356900, key=0x3581dc, data=0x356d80, len=150, encrypt=1, usage=11, ivec=0x0) at crypto.c:2708 #3 0x7f3e79e8 in encrypt_internal_special (context=0x356900, crypto=0x3581d8, usage=11, data=0x356cf8, len=126, result=0xffbee6b8, ivec=0x0) at crypto.c:3415 #4 0x7f3e84ec in krb5_encrypt_ivec (context=0x356900, crypto=0x3581d8, usage=11, data=0x356cf8, len=126, result=0xffbee6b8, ivec=0x0) at crypto.c:3631 #5 0x7f3e8574 in krb5_encrypt (context=0x356900, crypto=0x3581d8, usage=11, data=0x356cf8, len=126, result=0xffbee6b8) at crypto.c:3645 #6 0x7f3d768c in krb5_build_authenticator (context=0x356900, auth_context=0x3577a0, enctype=ETYPE_ARCFOUR_HMAC_MD5, cred=0x357328, cksum=0xffbee6a8, auth_result=0x0, result=0xffbee6b8, usage=KRB5_KU_AP_REQ_AUTH) at build_auth.c:178 #7 0x7f40594c in _krb5_mk_req_internal (context=0x356900, auth_context=0xffbee8a4, ap_req_options=4, in_data=0xffbee7c0, in_creds=0x357328, outbuf=0xffbee8b0, checksum_usage=KRB5_KU_AP_REQ_AUTH_CKSUM, encrypt_usage=KRB5_KU_AP_REQ_AUTH) at mk_req_ext.c:144 #8 0x7f405a4c in krb5_mk_req_extended (context=0x356900, auth_context=0xffbee8a4, ap_req_options=4, in_data=0xffbee7c0, in_creds=0x357328, outbuf=0xffbee8b0) at mk_req_ext.c:172 #9 0x000a8a4c in ads_krb5_mk_req (context=0x356900, auth_context=0xffbee8a4, ap_req_options=4, principal=0x348e70 "[EMAIL PROTECTED]", ccache=0x357ba8, outbuf=0xffbee8b0) at libsmb/clikrb5.c:508 #10 0x000a8f54 in cli_krb5_get_ticket ( principal=0x348e70 "[EMAIL PROTECTED]", time_offset=0, ticket=0xffbee978, session_key_krb5=0xffbeea10, extra_ap_opts=0) at libsmb/clikrb5.c:569 #11 0x000aaf04 in spnego_gen_negTokenTarg ( principal=0x348e70 "[EMAIL PROTECTED]", time_offset=0, targ=0xffbeea30, session_key_krb5=0xffbeea10, extra_ap_opts=0) at libsmb/clispnego.c:335 #12 0x00291b24 in ads_sasl_spnego_krb5_bind (ads=0x34b5e0, principal=0x348e70 "[EMAIL PROTECTED]") at libads/sasl.c:149 #13 0x00292130 in ads_sasl_spnego_bind (ads=0x34b5e0) at libads/sasl.c:233 #14 0x00292bf4 in ads_sasl_bind (ads=0x34b5e0) at libads/sasl.c:456 #15 0x00286a34 in ads_connect (ads=0x34b5e0) at libads/ldap.c:341 #16 0x0003cffc in ads_startup () at utils/net_ads.c:183 #17 0x0003f268 in net_ads_join (argc=0, argv=0x347ad4) at utils/net_ads.c:732 #18 0x0003a238 in net_run_function (argc=1, argv=0x347ad0, table=0xffbeef78, usage_fn=0x3c990 ) at utils/net.c:129 #19 0x00041d54 in net_ads (argc=1, argv=0x347ad0) at utils/net_ads.c:1491 #20 0x0003a238 in net_run_function (argc=2, argv=0x347acc, table=0x331444, usage_fn=0x438dc ) at utils/net.c:129 #21 0x0003c8ac in main (argc=3, argv=0xffbef4b4) at utils/net.c:874 (gdb) Has anyone seen a similar problem. Ken -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] ads_connect
ads_connect: No such file or directory I was mystified by this error and could not find any solutions for it, even though I saw lots of inquiries about it. my solution was: make sure the "password server" line in smb.conf is either removed or set correctly. duh. Richard Simon Giant Killer Robots 361 Brannan St. San Francisco, CA 94107 (415) 777-2477 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Do users have to have accounts on a Samba server to map drives?
I know this may be a very simple question but I cant seem to find the answer in the O'Reilly Samba book or from Google. When using Samba 2 (actual version 2.2.12) we had W2K domain users authentication via the ADS to access Samba shares. The W2K users did not actually have Unix accounts on the Samba server, we used the users.map file to map the W2K account name to a guest Unix account. Running Samba 3 (actual version 3.0.14a) this process does not to seem to work the following error message appears in the log files. [2005/12/22 09:14:25, 2] lib/access.c:check_access(322) Allowed connection from (172.26.178.164) [2005/12/22 09:14:25, 0] auth/auth_util.c:make_server_info_info3(1195) make_server_info_info3: pdb_init_sam failed! [2005/12/22 09:14:25, 2] auth/auth.c:check_ntlm_password(310) check_ntlm_password: Authentication for user [darwin] -> [ftp] FAILED with error NT_STATUS_NO_SUCH_USER [2005/12/22 09:14:25, 2] smbd/sesssetup.c:setup_new_vc_session(608) setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all old resources. [2005/12/22 09:14:25, 2] smbd/sesssetup.c:setup_new_vc_session(608) setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all old resources. [2005/12/22 09:14:25, 0] auth/auth_util.c:make_server_info_info3(1195) make_server_info_info3: pdb_init_sam failed! [2005/12/22 09:14:25, 2] auth/auth.c:check_ntlm_password(310) check_ntlm_password: Authentication for user [darwin] -> [ftp] FAILED with error NT_STATUS_NO_SUCH_USER [2005/12/22 09:24:54, 2] smbd/server.c:exit_server(609) Closing connections The only way I found to get the users to mount a Samba share is to create a Unix account. I don't particularly want to create 600 Unix account for users to access a couple of shares. Does anyone know how to get Samba 3 to act the same as Samba 2? Cheers Steve -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Samba-Client questions: SMB-blocksize and caching
Dear Samba-Users, could you please help me with the following two questions: 1. How can I increase the maximum SMB-blocksize from currently 4 KByte to the "regular" 64 KByte with my Red Hat Samba-Client (The server is already configured to 64 KByte and with a Windows-client this SMB-blocksize can be used.) 2. How can I deactivate the buffer on the SMB-client, so that the same file is always transfered with the same rate - even if it just has been read. I have Red Hat Linux release 7.2 Kernel 2.4.18-86np on an i686. But even if you could give me just some general hints, I would be very pleased! Thank you very much Claus -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] pam_smb_auth.so support in version 3 or pam_winbind.so?
The work around That I have developed for this is diagramed as follows: --- --- | linux|<--->| samba 2 |<>| Samba 3 user info, passwords | | clients | | Server | | Server File share | | authN | --- --- ^ | | | Windows |<-/ | Clients | After countless configurations, rebuild and even OS reinstalls from square one I got the above to work. Samba 2 server acts as a domain member server and passes user auth to the samba 3 server. I do not know how this relates but as I stated in previous posts, if I try to authenticate linus directly against Samba 3 using Pam module the following error shows in the samba log [2005/11/17 14:21:53, 3] smbd/connection.c:yield_connection(76) yield_connection: tdb_delete for name failed with error Record does not exist. When I investigate user info with pdbedit I see the the NT username value is blank. I have seen posting that state it is an unused value. Maybe it is not related at all, but it makes me curious... Thanks, BTW, pam_winbindd is not an option. -- Matt Finlayson Information Technology Specialist School of Engineering and Computer Science Washington State University Vancouver 360-546-9481 It has been said, “A day that is without troubles is not fulfilling. Rather, give me a day of troubles well handled so that I can be content with my achievements.” Andrew Bartlett wrote: On Mon, 2005-11-28 at 10:46 -0800, Matt Finlayson wrote: I am having trouble getting pam_smb_auth.so to work with the latest version of samba. It was working with the 2.* versions but when I tried to upgrade to Samba 3 authentication fails on the client. I do not know if I need to reconfigure samba to work with pam_smb_auth.so, I have tried man options. Please also refer to: You mention that you are thinking of using pam_winbindd. I strongly suggest that option. Andrew Bartlett -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] mysql backend fix.
Well first, thanx to the samba team for the new release, here is a little feedback i just installed it, and it seems that the pdb_sql backend has a little flaw, if you upgrade from a earlier version. there is a new colom, witch will make smaba give an error. 'logon_hours' in the example database (./examples/pdb/mysq/mysql.dump) this field is missing aswell.. dunno why the developers made this extra field, bcoz there was already a field for the logon things (logon_div) and i thought unknown_6 was also part of that (dunno for sure) annyway, small work around for the mysql backend users: make an extra field called logon_hours (logon_hours - int(9) Thx Collen -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Inclusion of libnss_wins in vendor distros?
This might be a stupid question, but I ask only because I can't think of a good reason... Why do so many vendors' builds of Samba not include libnss_wins, the WINS/NetBIOS name resolution library? I find that it is very helpful for my Linux/Samba servers to be able to resolve hostnames by WINS. It also seems to improve domain browsing performance dramatically to have the library present and enabled in nsswitch.conf. It seems to me to be such a basic and essential part of the SMB protocol, yet many distributions omit it. It's very annoying. I guess the solution is to always build Samba using the latest stable sources from samba.org. Perhaps someone thinks it's a security vulnerability and therefore shouldn't be included by default, but would a system be any less secure if the library was included but not disabled by default? Besides, in my experience, even when the WINS libraries are included, nsswitch.conf must be edited to enable it -- I don't see the mere presence of libnss_wins.so on a system making it any less vulnerable, just as having a key on the inside of a locked door doesn't make the house any less secure. Any good reasons why it wouldn't be included? -- --Jon Johnson Sutinen Consulting, Inc. www.sutinen.com -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: Re[4]: [Samba] VFS for encryption/decryption
On Fri, 2005-12-23 at 09:54 +0100, Felix Brack wrote: > It's true (partially) that the administrator has access to all secrets > stored on the server. However the administrator does not _know_ a users > password or samba password. He can of course change those passwords. > This however would be noticed by the user who's password has been > changed and data encrypted with the users former password would still > not decrypt (with the new password) to some meaningful data, right? > > If this is correct my requirements would be fulfilled. > > I do not know at all how things are running within samba but fact is, > that any user authenticates himself when connecting to a server share > from his client. Wouldn't this be the method to tell a VFS module to > do encryption/decryption with the user's password? As I already > stated, I am aware that things are not that simple but the principle > should remain. The Samba server is never given the plaintext password. As such, it cannot decrypt anything with it. (This is because it uses a challenge-response authentication system. This means the server must hold the password-equivalent value). > My PDC is setup to present the user a network drive H: that holds his > home directory; this is great and very simple to configure with samba. > Why not present the user, say network drive Q:, showing the decrypted > contents of a file stored on the server that is encrypted with the > users password? The user wouldn't 'see' any difference between > accessing files on H: or Q:. This would provide a truly transparent > access to encrypted data. This would be great, if there were a secure, out of band way to push the password to the server. (This could be achieved by a local 'server' which interacts with the user's session to get the password, and then accesses the real server). Andrew Bartlett -- Andrew Bartletthttp://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org Student Network Administrator, Hawker College http://hawkerc.net signature.asc Description: This is a digitally signed message part -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] maximum password age
nik600 wrote: On 12/19/05, simo wrote: On lun, 2005-12-19 at 13:37 +0100, nik600 wrote: i've tried to set the maximum age of passwords with: [EMAIL PROTECTED]:~# pdbedit -P "maximum password age" -C 8035200 account policy value for maximum password age was 8035200 account policy value for maximum password age is now 8035200 as you can see Password must change: Fri, 13 Dec 1901 21:45:51 GMT is wrong! what can i do to set the password max age? The maximum password age is a server setting, not a specific user setting. It tells the server how to calculate the Password must change field when, and _only_ when the user password is changed. When the user changes it's password, the Password must change field is calculated as current time + maximum password age seconds. Changing the maximum password age setting will not change any existing user Password must change field. You either need to force a user to change his password or edit the password must change field by yourself. This is hot NT has been designed, and is also the only sane way it can work. Simo. thanks for your reply but i've tried to change the password and the value Password must change doesn't change! h let's check: # pdbedit -v -u storm | grep must Password must change: ven, 13 dic 1901 21:45:51 GMT Now I try to set "maximum password age" like yours: # pdbedit -P "maximum password age" -C 8035200 account policy value for maximum password age was 4294967295 account policy value for maximum password age is now 8035200 # smbpasswd storm New SMB password: Retype new SMB password: check it again: # pdbedit -v -u storm | grep must Password must change: dom, 26 mar 2006 22:37:01 GMT I think that's what you want but now let's have more days to play with: # pdbedit -P "maximum password age" -C 1003089564 # smbpasswd storm New SMB password: Retype new SMB password: # pdbedit -v -u storm | grep must Password must change: mar, 06 ott 2037 18:38:54 GMT Cheers... Alex! -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] winbind problem?
Hello list, I have recently updated SAMBA with samba 3.0.20a RPM on suse 9.1 because I needed to add it to a windows 2003 domain. I was able to join the machine to the domain and to setup smb.conf to where I can map files with domain users and domain groups. The problem I am having is connecting to the server. When I try to go to \\server I get prompted for username and password. Looking at the winbind log I see that there are two errors: [2005/12/23 11:35:40, 10] nsswitch/winbindd_cache.c:cache_retrieve_response(1533) Retrieving response for pid 16177 [2005/12/23 11:35:40, 10] nsswitch/winbindd_cache.c:cache_retrieve_response(1533) Retrieving response for pid 16177 [2005/12/23 11:35:40, 10] nsswitch/winbindd_cache.c:cache_retrieve_response(1555) Retrieving extra data length=224 [2005/12/23 11:35:40, 10] nsswitch/winbindd_cache.c:cache_store_request_data(1586) Storing request key mch5UA-cih7glLzY [2005/12/23 11:35:40, 10] nsswitch/winbindd_cache.c:cache_retrieve_response(1533) Retrieving response for pid 16177 [2005/12/23 11:35:20, 5] nsswitch/winbindd_async.c:getsidaliases_recv(774) getsidaliases returned an error [2005/12/23 11:35:20, 10] nsswitch/winbindd_async.c:gettoken_recvaliases(1023) Could not receive domain local groups I don't know why this is happening or how to fix it. Please Help Thank you Adrian Coroian -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] maximum password age
On 12/19/05, simo wrote: > > On lun, 2005-12-19 at 13:37 +0100, nik600 wrote: > > i've tried to set the maximum age of passwords with: > > > > [EMAIL PROTECTED]:~# pdbedit -P "maximum password age" -C 8035200 > > account policy value for maximum password age was 8035200 > > account policy value for maximum password age is now 8035200 > > > as you can see Password must change: Fri, 13 Dec 1901 21:45:51 GMT is > wrong! > > what can i do to set the password max age? > > The maximum password age is a server setting, not a specific user > setting. > > It tells the server how to calculate the Password must change field > when, and _only_ when the user password is changed. > > When the user changes it's password, the Password must change field is > calculated as current time + maximum password age seconds. > > Changing the maximum password age setting will not change any existing > user Password must change field. You either need to force a user to > change his password or edit the password must change field by yourself. > > This is hot NT has been designed, and is also the only sane way it can > work. > > Simo. thanks for your reply but i've tried to change the password and the value Password must change doesn't change! -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] RedHat 9 RPM and SRPM posted to samba.org
At 08:27 AM Friday, 12/23/2005, Gerald (Jerry) Carter wrote -=> -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 The Samba 3.0.21 RedHat 9 [S]RPM has been posted. Enjoy (those that requested it). Thanks Jerry! I upgraded this morning... Ed . . . . . . . . . . . . . . . . . . Randomly Generated Quote (537 of 1019): I don't suffer from insanity, I enjoy every minute of it. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] RedHat 9 RPM and SRPM posted to samba.org
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 The Samba 3.0.21 RedHat 9 [S]RPM has been posted. Enjoy (those that requested it). cheers, jerry -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.2 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFDrCVxIR7qMdg1EfYRAhAuAJ9utHGcf1bwPTkb7pYucqJayrGzRwCgrPgu NFdP+AQREDGl4iA2YzNCDU8= =+2ht -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] 3.0.21 packages for sarge
I've uploaded 3.0.21 packages for sarge. I'm not going to produce woody packages past the present 3.0.20b unless there is high demand. Have fun. Simo. -- Simo Sorce- [EMAIL PROTECTED] Samba Team- http://www.samba.org Italian Site - http://samba.xsec.it -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Joop Martens is afwezig.
I will be out of the office starting 23/12/2005 and will not return until 09/01/2006. Ik antwoord op uw bericht wanneer ik terug ben. Voor dringende zaken kunt u contact opnemen met: Paul de Bruijn ICT Lekkerland Nederland & Conway Belgie Databases,Middleware en Beheer tel: 040-2943039 0522-239870 email [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Michael Weiss ist außer Haus.
Ich werde ab 23.12.2005 nicht im Büro sein. Ich kehre zurück am 01.01.2006. Bitte wenden Sie sich mit wichtigen Angelegenheiten an [EMAIL PROTECTED] Danke. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Unable to upload printer drivers to 3.0.21 Samba
Hello, I am attemping to upload printer drivers onto a new samba server running 3.0.21. Client computers that I have tried to upload the drivers from are Windows XP SP2, Windows 2000 SP4. The upload process works just like it is documented 1.) double click on printer and answer NO to 2.) Click on new driver button under advanced 3.) Find Driver and click OK then Finish 4.) watch as windows copies the driver files over to $print ( on the server I do see files being saved) 5.) Windows prompts me with a.) Windows XP-->"The Driver that you are trying to install is not compatible with Windows XP, Please contact the manufacturer for an update version. b.) Windows 2000 -->"The print driver you selected is ether no compatible with your current version of Windows, or it may not be available. Select a compatible driver from the list, or contact you administrator for help. 6.) After clicking the all mighty OK, windows cleans up the driver from $print. leaving a empty $print. I know that the driver works from windows it is the HP 4000 PCL driver. So I know the message is not true. What can be done to fix this ??? My config is as follows my $print [EMAIL PROTECTED] printdrivers]# ls -lsa total 0 0 drwxrwxrwx 9 root root 200 Dec 22 16:33 . 0 drwxr-xr-x 6 root root 152 Dec 22 14:15 .. 0 drwxrwxrwx 2 root root 48 Dec 22 16:33 W32ALPHA 0 drwxrwxrwx 2 root root 48 Dec 22 16:33 W32MIPS 0 drwxrwxrwx 2 root root 48 Dec 22 16:33 W32PPC 0 drwxrwxrwx 4 root root 112 Dec 23 08:57 W32X86 0 drwxrwxrwx 2 root root 48 Dec 22 16:33 WIN40 [EMAIL PROTECTED] printdrivers]# #=== Local Master Settings=== domain master = no local master = no preferred master = no #os level = 10 #=== log file = /var/log/samba/%m.log load printers = yes socket options = TCP_NODELAY SO_SNDBUF=8192 SO_RCVBUF=8192 wins server = 172.27.1.17 encrypt passwords = yes dns proxy = no netbios name = newmedusa server string = Samba Server workgroup = CSQ security = domain max log size = 0 large readwrite = yes veto files = /*.eml/*.nws/riched20.dll/ #==Printer Stuff printer admin = @CSQ+"Programmers",@CSQ+"Domain Admins",@CSQ+"Domain Users",@CSQ+"PA Doctors" note: If I comment out the above line the new printer driver button on windows is disabled. printing = cups printcap = cups #===Winbindd Stuff == #===Winbindd Stuff == password server = * winbind uid = 1-2 winbind gid = 1-2 winbind separator = + template shell = /bin/bash template homedir = /home/%D/%U winbind cache time = 60 winbind enum users = yes winbind enum groups = yes winbind use default domain = yes [print$] path = /home/samba/printdrivers guest ok = yes guest only = yes browseable = yes read only = yes write list = @CSQ+"Programmers",@CSQ+"Domain Admins",@CSQ+"Domain Users",@CSQ+"PA Doctors" [printers] comment = All Printers path = /var/spool/samba browseable = yes guest ok = yes writable = yes printable = yes -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] backtrace of signal 11 in 2.2.12
Regarding yesterday's message about repeated "signal 11" errors in 2.2.12, I was able to capture a backtrace. #0 0x401543ae in waitpid () from /lib/tls/libc.so.6 #1 0x400e9d12 in system () from /lib/tls/libc.so.6 #2 0x0815ea98 in smb_panic () #3 0x0814d885 in fault_report () #4 0x0814d8e2 in sig_fault () #5 #6 ldap_free_urllist (ludlist=0x185) at url.c:1144 #7 0x402bdb3b in ldap_parse_vlv_control () from /usr/lib/libldap_r.so.2 #8 0x402a415b in ?? () from /usr/lib/libldap_r.so.2 #9 0x402cf000 in ?? () from /usr/lib/libldap_r.so.2 #10 0x402cf734 in ?? () from /usr/lib/libldap_r.so.2 #11 0xb5c8 in ?? () #12 0x402ca376 in _fini () from /usr/lib/libldap_r.so.2 #13 0x402ca376 in _fini () from /usr/lib/libldap_r.so.2 #14 0x4000c5e6 in _dl_init () from /lib/ld-linux.so.2 #15 0x400d6192 in exit () from /lib/tls/libc.so.6 #16 0x0806a444 in exit_server () #17 0x0806ae6d in main () Any idea what's causing the problem? Thanks, Ryan - This email transmission and any documents, files or previous email messages attached to it may contain information that is confidential or legally privileged. If you are not the intended recipient, you are hereby notified that any disclosure, copying, printing, distributing or use of this transmission is strictly prohibited. If you have received this transmission in error, please immediately notify the sender by telephone or return email and delete the original transmission and its attachments without reading or saving in any manner. The Evangelical Lutheran Good Samaritan Society. - -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Can Samba corrupt files?
Now my server is up and running and on line. One user has a bunch of CD labels made by MediaFace II as .ntf files. Once these files were copied to a Samba share, they became unusable. If we copy them from one workstation to another, they work fine. If we copy them from a workstation to a share then to another workstation, or try to run them from a share, MediaFace says they are an unrecognized file format. Ideas? Thanks, Michael -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Replacing a Samba+CUPS Print Server
I've had a Samba print server in my network for nearly 4 years now. The time has come for me to replace it with a more powerful machine. I have nearly 50 client machines (Windows 2000 and XP) attached to the printers that the existing server has and I don't want to have to touch them during this upgrade. I already have the new server built. Samba and CUPS are both ready for the cut-over, but I'm concerned about the clients loosing connection to the printers once the new server comes online. I have made sure to duplicate the printer's names exactly. I have made sure that the new server has the exact netbios name of the old server. I'm just about ready to take the old server out of the domain and shut Samba off, add the new server to the domain and start Samba up on the new server. But I'm now wonering if there is something else that I need to do before I actually do the cut-over to prevent the clients from loosing printing ability (without my intervention at every machine that is). So, can anyone give me advise, calming words or directions on how to best proceed? Thanks, -- Kevin L. Collins, MCSE Systems Manager Nesbitt Engineering, Inc. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Samba cd-rom shares do not work
Hello NG, my network sytem is consisting of AD/2003 as LDAP Server, SuSE 10.0 and xp clients, and SuSE 9.3 Samba/NFS-Fileserver for the homes of SuSE clients and Samba shares for the Xp clients. My problem is the cd-rom samba share. All other samba shares except the cd-rom share are working for me. If I open the network environment in the windows explorer of a succeded logon xp client, I can access all shares except the cd-rom share. At accessing the cd-rom share in the windows explorer, I am getting no errormessage, but the directories and files of the shared cd do not appeare in the right side side of the explorer. The right part of the windows exlorer is empty. All contents of all other samba shares are correctly appeared in the right part of the windows explorer except the content of the cd-rom. The cd-rom section in the smb.conf is: [cd] path = /media/TOOLS writeable = yes browseable = yes I think, it is a problem with unix access rights, but the rights of a cd-rom can not be changed, because it is a cd-rom. Any idea? Best regards and many thanks Andreas -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Crazy problem with excel and acls
I have a samba server with windbind, and support for acls. When a user modify one excel file with excel 2000 the file permissions change to "user::r--" If the excel version is 97 this problem does not exist and the file permisssions are the default "user::rwx". the smb.conf is this: [global] workgroup= realm=XXX.ES server string = servidor de ficheros samba security= ADS log level = 3 log file = /var/log/samba/%m max log size = 50 printcap name = cups preferred master = No idmap uid = 1-2 idmap gid = 1-2 winbind separator = + winbind cache time = 120 printing = cups print command = lpq command = %p lprm command = create mask = 0700 inherit acls = yes map acl inherit = yes I rpobe to change the parameter "create mask", "acl compatibility", and "acl group control" with no results. Thanks for all and sorry for my poor english. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Is it possible to write an "smbclient" automated script
At 12/23/05 01:04, Beast wrote: Pablo Graziano wrote: I'd like to write an automated smbclient script. Something simple, like: login cd to a certain directory copy that entire directory to client logout Is this possible, and how? Why not use smbmount instead? smbmount //svr/share /mnt/samba -o username=myuser,password=mypasswd cp -r /mnt/samba/source /tmp/destination --beast Wouldn't this transmit the password in the clear? Eric Hines There is no nonsense so errant that it cannot be made the creed of the vast majority by adequate governmental action. --Bertrand Russell -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Vampire process question
Hello, I am confused about the vampire process and the docs did not clear up my confusion. Do all the group names as well as all the user names on the WINDOWS PDC with spaces or uppercase need to be changed prior to the vampire process? Do you know if there are any consequences in doing this on the WINDOWS side with a production WINDOWS PDC? Do all the user names and all the group names have to be created in our SUSE Linux 10.0 (Samba 3.0.20b) prior to the vampire process? Does the Samba mapping of all the user names also have to be done prior to the vampire process? Can I get around this by using vigr rather than groupadd for the group names? (Since groupadd is the one that will not allow spaces) If I implement LDAP rather than use tdbsam, can I get away from having to change the WINDOWS PDC? Is there any way to avoid changing the WINDOWS PDC and do everything from the Samba side only??? Thanks, Guru -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] VFS for encryption/decryption
You just explain this perfect. I have the same problem. If i could provide something like this to my users I will be in heaven. I can't be the ONLY administrator to have full access to every single file. Even more, in my work, be use a LTSP enviroment. I don't have any user with hard drive to locally store something, everyone MUST use H:. Imagine that! I have so many users that says "I don't wanna use that! TI PEOPLE can see my files!!". Felix Brack wrote: It's true (partially) that the administrator has access to all secrets stored on the server. However the administrator does not _know_ a users password or samba password. He can of course change those passwords. This however would be noticed by the user who's password has been changed and data encrypted with the users former password would still not decrypt (with the new password) to some meaningful data, right? If this is correct my requirements would be fulfilled. I do not know at all how things are running within samba but fact is, that any user authenticates himself when connecting to a server share from his client. Wouldn't this be the method to tell a VFS module to do encryption/decryption with the user's password? As I already stated, I am aware that things are not that simple but the principle should remain. My PDC is setup to present the user a network drive H: that holds his home directory; this is great and very simple to configure with samba. Why not present the user, say network drive Q:, showing the decrypted contents of a file stored on the server that is encrypted with the users password? The user wouldn't 'see' any difference between accessing files on H: or Q:. This would provide a truly transparent access to encrypted data. - Felix Andrew Bartlett wrote: AB> We run into issues such as 'how do you key the crypto'. The AB> administrator has access to any secrets stored on the server, so how AB> would Samba decrypt the data, but the administrator not? AB> Without protocol modifications, or some extra client-side tool, this AB> becomes quite a challenge. And then the administrator could still AB> subvert the whole thing. AB> A slightly easier goal would be to protect files on a stolen hard disk AB> (ie trust the admin, but not always the person with the server), but I AB> still don't see how to do it without protocol modifications. AB> Andrew Bartlett -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba 3.0.21 Available for Download
On Tuesday 20 December 2005 22:45, Gerald (Jerry) Carter wrote: > === > Done with Fish. > -- John Laroche (Adaptation) > === > Release Announcements > = > > This is the latest stable release of Samba. This is the version > that production Samba servers should be running for all current > bug-fixes. Please read the following important changes in this > release. > > Common bugs fixed in 3.0.21 include: > > o Missing groups in a user's token when logging in via kerberos > o Incompatibilities with newer MS Windows hotfixes and > embedded OS platforms > o Portability and crash bugs. > o Performance issues in winbindd. > > New features introduced in Samba 3.0.21 include: > > o Complete NTLMv2 support by consolidating authentication > mechanism used at the CIFS and RPC layers. > o The capability to manage Unix services using the Win32 > Service Control API. > o The capability to view external Unix log files via the > Microsoft Event Viewer. > o New libmsrpc share library for application developers. > o Rewrite of CIFS oplock implementation. > o Performance Counter external daemon. > o Winbindd auto-detection query methods when communicating with > a domain controller. > o The ability to enumerate long share names in libsmbclient > applications. > > > Download Details > > > The uncompressed tarball and patch files have been signed > using GnuPG (ID 157BC95E). The source code can be > downloaded from: > > http://download.samba.org/samba/ftp/ > > The release notes are available online at: > > http://www.samba.org/samba/history/samba-3.0.21.html > > Binary packages are available at > > http://download.samba.org/samba/ftp/Binary_Packages/ Packages for Mandrake 10.1 (i586), Mandriva 2005le (i586 and x86_64) and Mandriva 2006 (i586 and x86_64) are available from http://anorien.csc.warwick.ac.uk/mirrors/buchan/samba/ . These packages are not officially supported by Mandriva (and I haven't been able to do much testing yet), so please send any feedback to me directly. Regards, Buchan -- Buchan Milne B.Eng,RHCE(803004789010797),LPIC-2(LPI74592) pgpJatos9j5MA.pgp Description: PGP signature -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Windows domain clients can't connect to samba share
I've recently inherited a working network consisting of: Win2k server running the domain controller (pdc) 20 Win2k Pro client machines with users that log in via the domain controller RedHat 9 server running Samba 2.0.20 hosting the network printer (ps) This is all running fine, all the users of the existing client machines can connect to the RedHat server and print using the printer that it hosts. I've had to start replacing a few client machines and built new shiny Win2k Pro boxes, fully service packed and patched. We're now experiencing a very weird problem that myself and my 2 predecessors haven't been able to solve. When the local administrator user logs in to one of the new client machines I can access \\ps connect to the shared printer and print things fine. When the domain administrator or any other domain account logs in to one of the new client machines, when trying to access \\ps I get the following error: \\ps is not accessible. The account is not authorized to log in from this station. I've no idea what's up, and and help or suggestions would be much appreciated thanks. Rus *** Start smb.conf *** # Samba config file created using SWAT # from UNKNOWN (192.168.0.12) # Date: 2001/08/08 11:26:39 # Global parameters [global] workgroup = MFI-GROUP netbios name = PS server string = Fax Server security = SHARE # security = ADS # realm = MFI-GROUP.COM # encrypt passwords = yes # password server = pdc.officelan.mfi-group.com debug level = 2 log file = /var/log/samba/%m.log max log size = 50 socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 local master = No dns proxy = No hosts allow = 127. 192.168.0. load printers = yes printing = cups printcap = cups [tmp] comment = tmp drive for dumping, do not overuse path = /tmp/ writeable = Yes guest ok = Yes hosts allow = 192.168.0.2 192.168.0.3 192.168.0.4 192.168.0.5 192. 168.0.6 192.168.0.7 [printers] comment = All Printers path = /var/spool/samba create mask = 0700 guest ok = No printable = Yes use client driver = yes [print$] comment = Printer Drivers path = /var/lib/samba/printers browsable = yes read only = yes guest ok = Yes write list = root *** End smb.conf *** -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Re: Samba 3.0.21 Available for Download
I think the sarge packages should work fine on ubuntu, or do you think 5.10 is so different they will not ? Simo. On Thu, 2005-12-22 at 13:46 +0700, Wisu wrote: > On Wed, 2005-12-21 at 15:18 +0100, Louis van Belle wrote: > > and the debian packages ;-) > > > > Louis > > > > Anyone building Ubuntu 5.10 packages? > > IT Would be nice :) > > TIA > > -- > Wisu > on amd64 kubuntu! > -- Simo Sorce- [EMAIL PROTECTED] Samba Team- http://www.samba.org Italian Site - http://samba.xsec.it -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] problem: Samba 10.0 with LDAP and smbldap-tools
Hi NG, I'm trying to set up a PDC in my home office; just to practice (one of my clients needs this kind of setup). Followed the step-by-step example from samba.org (chapter 'Making Happy users'). Everything went fine up to the point, where the docs suggest to call the command ./smbldap-populate -a root -k 0 -m 0 This one fails with an errormsg: failed to add entry: modifications require authentication at... (repeated several times) Been looking around and read a pile of docs, but feel a little lost now. Seems like the error lies in the password configuration for the ldap Admin- but I'm just not sure where to dig. Anyone willing to help? Any help much appreciated, greets Thomas -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba printing fails for Windows clients, was working, now fails...
On Wednesday 21 December 2005 12:55, activity superstore wrote: > Hi all > > The printing via Samba+Cups has stopped working. I'm > using Mandrake 10.0 Official as a Samba server for > file sharing and printing on a Windows network. > Printing from a WindowsXP client to the Samba server > now fails and I don't know why it has suddenly > stopped, it used to work. File sharing still works > okay. > > There are on no errors logged on the Linux Samba box, > the Windows application you try to print from just > says "not responding". I have used Knoppix as a client > and the printing works from Samba, so it is just a > Windows client to Linux Samba issue, but I can't > figure it out. > > Any ideas? > > Samba version samba-server-3.0.2a-3mdk Last update available for 10.0 was 3.0.10. > Kernel 2.6.3-4mdk > Mandrake 10.0 official Which is no longer supported by security updates, please consider upgrading. Regards, Buchan -- Buchan Milne B.Eng,RHCE(803004789010797),LPIC-2(LPI74592) pgp86HjDjYb21.pgp Description: PGP signature -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re[4]: [Samba] VFS for encryption/decryption
It's true (partially) that the administrator has access to all secrets stored on the server. However the administrator does not _know_ a users password or samba password. He can of course change those passwords. This however would be noticed by the user who's password has been changed and data encrypted with the users former password would still not decrypt (with the new password) to some meaningful data, right? If this is correct my requirements would be fulfilled. I do not know at all how things are running within samba but fact is, that any user authenticates himself when connecting to a server share from his client. Wouldn't this be the method to tell a VFS module to do encryption/decryption with the user's password? As I already stated, I am aware that things are not that simple but the principle should remain. My PDC is setup to present the user a network drive H: that holds his home directory; this is great and very simple to configure with samba. Why not present the user, say network drive Q:, showing the decrypted contents of a file stored on the server that is encrypted with the users password? The user wouldn't 'see' any difference between accessing files on H: or Q:. This would provide a truly transparent access to encrypted data. - Felix Andrew Bartlett wrote: AB> We run into issues such as 'how do you key the crypto'. The AB> administrator has access to any secrets stored on the server, so how AB> would Samba decrypt the data, but the administrator not? AB> Without protocol modifications, or some extra client-side tool, this AB> becomes quite a challenge. And then the administrator could still AB> subvert the whole thing. AB> A slightly easier goal would be to protect files on a stolen hard disk AB> (ie trust the admin, but not always the person with the server), but I AB> still don't see how to do it without protocol modifications. AB> Andrew Bartlett -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Problem with crpyt password under XP
hi, i installed samba with openldap support and all works fine ... I used scripts called smbldap_passwd (from idealx) to change the password of users on the linux server. I modified the parameter of the file smbldap.conf "hash_encrypt" to PLAINTEXT (I know it's dangerous but it's just for test). When i change the user's password with the command smblda_password , the encrpytion's format is good for the 3 following passwords : sambalmpassword,sambantpassword and userPassword.So the userPassword 's format is PLAINTEXT. All is good. But when a user change his password under windows XP or 2000 (ctrl-alt-sup + change password), it's ok but the userpassword 's format has changed .The format is SMD5 and not plaintext. what configuration'file i have to change to keep format plaintext when a user change his password under windows xp/2000? Thanks for your help -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
