RE: [Samba] Machine failing to keep its trust with Domain Controller

[Masopust, Christian]

I had the same problem on my RHEL 4 system.
after setting "machine password timeout = 0" the problems have
gone away.

chris
 

> -Original Message-
> From: 
> [EMAIL PROTECTED] 
> [mailto:[EMAIL PROTECTED]
> ba.org] On Behalf Of Dukhan, Meir
> Sent: Tuesday, January 24, 2006 8:15 PM
> To: samba@lists.samba.org
> Cc: Dukhan, Meir
> Subject: [Samba] Machine failing to keep its trust with 
> Domain Controller
> 
> Hi, 
>  
> We have a Linux (RHEL 3.0, update 3) Samba 3 server which worked fine
> for months
> but suddently have trouble to keep its trust with the DC server. 
>  
> The only way to recover is to reset the machine account from 
> the Windows
> DC side 
> and do a "net join" to the domain from the Linux side. The 
> Linux machine
> is able to 
> keep its "trust" with the domain exactly 7 days, which, AFAIU, is the
> default in Samba and 
> also in the DC side.
>  
> It is somewhat surprizing since this Linux Samba server w/o 
> problems for
> months. 
> >From the Windows DC side, the only thing which was done just 
> before this
> problem 
> appeared, was to patch the DC to SP1 as far as I remember. 
>  
> Below are the messages we can see in the 
> /var/log/samba/samba.log file: 
>  
> [2006/01/18 10:49:57, 0]
> smbd/change_trust_pw.c:change_trust_account_password(45)
>   Can't get IP for PDC for domain MY_DOMAIN
> [2006/01/18 10:49:57, 0]
> smbd/change_trust_pw.c:change_trust_account_password(93)
>   2006/01/18 10:49:57 : change_trust_account_password: Failed 
> to change
> password for domain MY_DOMAIN.
> 
> Linux Kernel: 2.4.21-20.ELsmp
> Samba: 
> samba-3.0.4-6.3E  
> samba-common-3.0.4-6.3E 
>  
> /etc/smb.conf: see below
>  
> Tia 
>  
> -- Meir 
> /etc/smb.conf
> # Global parameters
> 
> [global]
> workgroup = MY_DOMAIN
> netbios name = Samba_Server
> server string = Samba Server
> security = DOMAIN
> encrypt passwords = Yes
> password server = mydc-server.com
> log file = /var/log/samba/samba.log
> log level = 1
> max log size = 0
> socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
> dns proxy = No
> wins server = our_wins
> kernel oplocks = No
> create mask = 0775
> directory mask = 0775
> oplocks = No
> username map = /etc/samba/username.map
> case sensitive = no
> preserve case = yes
> local master = no
> use sendfile = no
> 
> [homes]
> comment = Home Directories
> valid users = %S
> read only = No
> create mask = 0664
> browseable = No
> 
>  
> 
>  
> 
> **
> *
> This email message and any attachments thereto are intended 
> only for use by the addressee(s) named above, and may contain 
> legally privileged and/or confidential information. If the 
> reader of this message is not the intended recipient, or the 
> employee or agent responsible to deliver it to the intended 
> recipient, you are hereby notified that any dissemination, 
> distribution or copying of this communication is strictly 
> prohibited. If you have received this communication in error, 
> please immediately notify the [EMAIL PROTECTED] and destroy 
> the original message.
> **
> *
> -- 
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/listinfo/samba
> 
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Idmap Query

[mallapadi niranjan]

Hi all,

i have samba 3.0.21, with openldap, which is configured as PDC,
i have created users and all windows users are able to login to PDC.
but there is an OU=idmap,

but i have only these entries in ou=Idmap,
dn:ou=Idmap,dc=mydomain,dc=com
objectClass: Organizational Unit
objectClass: SambaunixIdpool
ou: idmap
uidnumber: 1
gidnumber: 1

Apart from these entries in ou=Idmap, i donot have any other entries,

i home some how feel, there should be more entires, ie when ever a user is
created
there should some entry.

what is wrong,

now since i have already created users, and all my windows clients are
already joined,
without disturibing the current environment, is it possible to correct the
Idmap problem.

please guide  me


Regards
Niranjan
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Can't Get to Shares

[Eric Hines]

Folks,

I have two problems that may be related, and I'm hoping that with the 
mailing list back on the air, some of you can offer some help on 
resolving them/it.  I'm running SUSE 9.3 and Samba 3.0.21a (which is 
managing a LAN with an XP laptop and a Win2k PC).  Samba has joined 
the domain and is the PDC, winbindd is running, wins support = yes.


The first problem is that, while I can get to some shares (e.g., home 
directory, printers, netlogon, profiles), others I cannot get to--I 
just get back NT_STATUS_BAD_NETWORK_NAME.  These non-connecting 
shares are owned by a user and a group (of course), and the users 
trying to connect are members of the owning group.  Googling, and 
checking the archives here turn up others with this problem, but no 
solutions.  Tests I've run exploring this include:
smbstatus--returns the connections from the PC (the laptop 
is off at the moment; it has the same symptoms) that are active and open

getent passwd--succeeds
getent group--succeeds
wbinfo -t--succeeds
Samba has successfully joined the domain
However, these tests fail:
smbclient /// -U  --returns the 
BAD_NETWORK_NAME error
net use \\ from the PC returns "network name 
cannot be found"--the same as above
net use \\ from the PC returns 
"network name cannot be found."  Clearly not getting to the point of 
authentication.

wbinfo -u and wbinfo -g return error looking up domain users/groups

The second problem (and I suspect the cause of the first) is that I 
cannot get my PC to join the domain.  When I try, whether I use my 
Linux box root and password, as  is the correct way, or I use the 
PC's Admin account to authenticate the joining in response to the 
prompts, I just get a "credentials supplied conflict with an existing 
set of credentials" error.


How can I fix this?  I suspect I need first to get the PC to join the 
domain, but I'm clueless as to how, given this error.  Right click on 
My Computer|Properties|Network ID Tab|Network ID or Properties, 
either one, returns the conflicting credentials error message.


Thanks for your help.

Eric Hines


There is no nonsense so errant that it cannot be made the creed of 
the vast majority by adequate governmental action.

--Bertrand Russell

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] samba as bdc

[mallapadi niranjan]

Hi Andreas

I too have the same issue, but i think, if we using slave ldap server in
BDC,
i hope it's possible, the slave LDAP server has updateref entry in
slapd.conf, which points to
master LDAP server, so any changes is referred back to PDC,

but i am not sure, what happen's when the link between PDC and BDC is down,
and if any changes are done, how is to propogated when the link is up again.



Regards
Niranjan




On 1/25/06, Andreas Fladischer <[EMAIL PROTECTED]> wrote:
>
> [EMAIL PROTECTED]
>
> i have a samba server with ldap as pdc. everything works fine and now
> i'm testing samba as bdc.
> i copied the smb.conf from the pdc to the bdc and changed the domain
> master = yes to no!
>
> then i stopped the smb service on the pdc and tried to login on an winxp
> machine and this also worked (the log file show me that the login is on
> the bdc)! is it possible that the users can change their passwords when
> the pdc isn't available or must the pdc be online?how can i do this?
>
> with best regards and thanks in advance for your answers
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/listinfo/samba
>
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] What is the status of bug 765

[Ephi Dror]

 
Hi,
 
I am running SAMBA 3.0.14a and having the problem described in bug 765.
 
https://bugzilla.samba.org/show_bug.cgi?id=765
 
Which is:
If  Win2k3 policy: "Domain Controller: LDAP server signing requirements"
set to  "Require Signing", net ads join fails
 
 
My questions:
1. If I upgrade to the  latest SAMBA will it solve the problem.  Meaning
that  "Allow StartTLS support when connecting to Windows 2003 by
  leaving the default setting 'ldap ssl = start_tls'"  is solve this
issue?

2. Other than disabling signing on the DC, is there any workaround or
particular configuration on the SAMBA 3.0.14a server to overcome this
problem.
 
Cheers,
Ephi
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] pam_winbind.so user expired password config for Solaris/etc/pam.conf

[Bruce Speidel +1 303 607-5061]

Jerry,

Doh!  3.0.21a is what I compiled last week!  I'll give it a shot
in the coming days to see if it has been fixed.  Hopefully I will
figure out the correct pam.conf.

Thanks,
Bruce

"Gerald (Jerry) Carter" wrote:

> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
>
> Bruce Speidel +1 303 607-5061 wrote:
> > Jerry,
> >
> > That is the version I compiled just last week and
> > found this problem. It also fails on 3.0.20b as well.
> > I don't think I've ever been able to get this working.
>
> WellYou couldn't have compiled 3.0.21b last week
> since I haven't released it yet. :-)
>
> Either tomorrow or Monday. but you can check out the
> SAMBA_3_0_RELEASE tree right now if you like.
>
> cheers, jerry
> =
> I live in a Reply-to-All world---
> Samba--- http://www.samba.org
> Centeris ---  http://www.centeris.com
> -BEGIN PGP SIGNATURE-
> Version: GnuPG v1.4.2 (MingW32)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
>
> iD8DBQFD2ZD2IR7qMdg1EfYRAqbxAJ9cEI/K7/LBaTTtvj/R2W3yEQ6rYgCgidHO
> F7dtwThY9gXmwRtWyrU8sLE=
> =+Bz7
> -END PGP SIGNATURE-

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] pam_winbind.so user expired password config for Solaris/etc/pam.conf

[Gerald (Jerry) Carter]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Bruce Speidel +1 303 607-5061 wrote:
> Jerry,
> 
> That is the version I compiled just last week and 
> found this problem. It also fails on 3.0.20b as well.
> I don't think I've ever been able to get this working.

WellYou couldn't have compiled 3.0.21b last week
since I haven't released it yet. :-)

Either tomorrow or Monday. but you can check out the
SAMBA_3_0_RELEASE tree right now if you like.





cheers, jerry
=
I live in a Reply-to-All world---
Samba--- http://www.samba.org
Centeris ---  http://www.centeris.com
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.2 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFD2ZD2IR7qMdg1EfYRAqbxAJ9cEI/K7/LBaTTtvj/R2W3yEQ6rYgCgidHO
F7dtwThY9gXmwRtWyrU8sLE=
=+Bz7
-END PGP SIGNATURE-
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] pam_winbind.so user expired password config for Solaris/etc/pam.conf

[Bruce Speidel +1 303 607-5061]

Jerry,

That is the version I compiled just last week and found this problem.
It also fails on 3.0.20b as well.  I don't think I've ever been able to get
this working.

Thanks,
Bruce

"Gerald (Jerry) Carter" wrote:

> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
>
> Speidel, Bruce wrote:
> > I'm trying to configure my Solaris 9 pam.conf for CDE login/password
> > expiration using
> > ADS security on W2003.  If my AD account password is in good standing,
> > my config works great in /etc/pam.conf.  However - I'm having trouble
> > getting it to recognize that my password in AD has expired to ask me
> > to reset it on the CDE screen.  With the config below - it just tells
> > me "login incorrect".  Any ideas?
>
> This is fixed in 3.0.21b based on what I understand from Guenther.
>
> cheers, jerry
> =
> I live in a Reply-to-All world---
> Samba--- http://www.samba.org
> Centeris ---  http://www.centeris.com
> -BEGIN PGP SIGNATURE-
> Version: GnuPG v1.4.2 (MingW32)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
>
> iD8DBQFD2Y3uIR7qMdg1EfYRAj+0AKCP5QlLy4rCuZLxtiVr9tA0LZ4sJQCg4XNS
> oMWMWtwdoH/MbKk33O2gaok=
> =JdyO
> -END PGP SIGNATURE-

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Server variable %L expansion

[Gerald (Jerry) Carter]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Steve Sigafoos wrote:
>  
> I have been successfully using the technique of creating "virtual
> servers" via the method outlined below in my smb.conf file.
> [global]
> netbios name = %h 
> workgroup = WORKGROUP 
> netbios aliases = cifs1 cifs2
> include = /etc/samba/smb.conf.%L
> 
> Now under Red Hat ES release 4 with kernel "2.6.9-11.EL" 
> and Samba version "samba-3.0.10-1.4E" the variable
> expansion of %L for either /etc/samba/smb.conf.cifs[1,2]
> does not seem  to work anymore.

[global]
smb ports = 139.






cheers, jerry
=
I live in a Reply-to-All world---
Samba--- http://www.samba.org
Centeris ---  http://www.centeris.com
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.2 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFD2Y43IR7qMdg1EfYRAs1LAKC80V1rpwYXNf+OAa3y3eEBgjZcLQCgteNL
RHT//xjLGXfXhFkMj6X+uZ8=
=neBD
-END PGP SIGNATURE-
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] pam_winbind.so user expired password config for Solaris /etc/pam.conf

[Gerald (Jerry) Carter]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Speidel, Bruce wrote:
> I'm trying to configure my Solaris 9 pam.conf for CDE login/password
> expiration using
> ADS security on W2003.  If my AD account password is in good standing, 
> my config works great in /etc/pam.conf.  However - I'm having trouble
> getting it to recognize that my password in AD has expired to ask me
> to reset it on the CDE screen.  With the config below - it just tells
> me "login incorrect".  Any ideas?

This is fixed in 3.0.21b based on what I understand from Guenther.









cheers, jerry
=
I live in a Reply-to-All world---
Samba--- http://www.samba.org
Centeris ---  http://www.centeris.com
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.2 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFD2Y3uIR7qMdg1EfYRAj+0AKCP5QlLy4rCuZLxtiVr9tA0LZ4sJQCg4XNS
oMWMWtwdoH/MbKk33O2gaok=
=JdyO
-END PGP SIGNATURE-
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Error when using mount with smbfs

[Josh Kelley]

On 1/24/06, Mark R. White <[EMAIL PROTECTED]> wrote:
> I can use smbclient with no probs, can transfer files back and forth
> and it works flawlessly, but, when I try to use mount with smbfs or
> smbmount, it continuously gives me an error.  See below.

I would guess that your Windows server is set up with some security
options (such as "Digitally encrypt or sign secure channel data") that
smbfs doesn't support but smbclient does.

smbfs is outdated.  Try using cifs instead (mount.cifs).

Josh Kelley
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Share Admin

[Dennis B. Hopp]

Dennis B. Hopp wrote:
I've got a share that I'm trying to get so I can set permissions 
through the normal windows way (right click on 
folder/file->properties->security).


The share definition is:

[test]
   comment = Test share on magellan
   path = /var/test
   browseable = yes
   writable = yes
   hide unreadable = yes
   admin users = @"Domain Admins"

The server is a member server in an AD domain.  The winbind 
configuration is:


 idmap backend = idmap_rid:CSC=15000-2
  idmap uid = 15000-2
  idmap gid = 15000-2
  template shell = /bin/bash
  template homedir = /home/%D/%U
  winbind separator = +
  winbind enum users = yes
  winbind enum groups = yes
  winbind use default domain = yes
  winbind cache time = 10
  realm = GOCSC.COM
  allow trusted domains = no


In /var/log/messages I am seeing:

Jan 26 17:38:01 magellan winbindd[11151]: [2006/01/26 17:38:01, 0] 
lib/util_sid.c:string_to_sid(285)
Jan 26 17:38:01 magellan winbindd[11151]:   string_to_sid: Sid S-0-0 
is not in a valid format.


When I try to save the permssions I get an "Access Denied" message.


Nevermind...

I had checked that everything was compiled to support ACLs, but I never 
checked to see that the filesystem had been mounted with the acl and 
user_xattr flags


--Dennis
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] samba machines as PDC and member

[harry forbess]

I have set up samba to be a AD member and no other linux boxes.It worked
well.
I set up samba to be a PDS with no other linux boxes. It worked well.

Now, I need to make a samba client that works with the samba PDS. I can join
the domain.  winbind can list users and such. getent doesnt work.

I can see the authentication succeeding on the PDS but I cant access any
shares. smbclient -L DOMAIN shows all the shares.

I just cant seem to authenticate except as root.

I realize that this PDC is not AD so i dont need krb but I dont know what I
need to authenticate between the samba machines.  I thought this was going
to be easy.

Here is my PDC smb.conf

# PDC Samba Configuration File
# by Lorenzo Allori <[EMAIL PROTECTED]>
# To be edited and then copied to /usr/local/samba/lib/smb.conf

# REMEMBER TO EDIT THIS BEFORE COPYNG IN THE DIRECTORY AND RUNNING SAMBA.




[global]
netbios name =  SERENITY
workgroup = SERENITY
log level = 2
log file = /var/log/samba/sambapdc.log
security = share
;invalid users = root
interfaces = 192.168.1.172/255.255.255.0
security = user
server string = %h server (Samba %v)
syslog only = no

# Performance tuning
# Remember to increase or decrease by 1024 SO_SNBUF and SO_RCVBUF

socket options = IPTOS_LOWDELAY TCP_NODELAY SO_SNBUF=4096
SO_RCVBUF=4096


# If you are accessing by multiple users to a single MSAccess File (*.mdb)
# Uncomment theese two lines about oplocks you have to disable them.
#   oplocks = False
#   level2oplocks = False

encrypt passwords = yes


# NT Domain Section
wins support = yes
os level = 34
domain master = yes
local master = yes
preferred master = yes
domain logons = yes


logon script = logon.bat
# Where the scripts resides.
logon path = \\SERENITY\profiles\%u
# Where the profiles are
logon home = \\SERENITY\home\samba\users\%u

name resolve order = lmhosts host wins bcast
dns proxy = no

smb passwd file = /usr/local/samba/private/smbpasswd


# Uncomment this lines only if you know what you are doing.

#   unix password sync = yes
#   passwd program = /usr/bin/passwd %u
#   passwd chat = *Enter\snew\sUNIX\spassword:*\
#   %n\n *Retype\snew\sUNIX\spassword:* %n\n .


# How long do you want the samba log file to be?
max log size = 2000

time server = yes

[netlogon]
path = /home/samba/netlogon
public = no
writeable = no
browsable = no
read only = yes
write list = administrator

[profiles]
create mode = 0600
directory mode = 0700
path = /home/samba/profiles
;profile acls = yes
read only = no
writable = yes
browseable = no

And this works fine with windows boxes. Roaming profiles and the whole bit.

here is my member smb.conf

[global]
workgroup = SERENITY
security = domain
password server = *
hosts allow = 192.168.1., 192.168.3., 127.
load printers = yes
printing = cups
printcap name = cups
[printers]
comment = All Printers
path = /var/spool/samba
browseable = no
public = yes
guest ok = yes
writable = no
printable = yes
printer admin = root, @"SERENITY\domain"
[print$]
   comment = Printer Drivers
   path = /var/lib/samba/printers
   browseable = yes
   read only = yes
   guest ok = no
   write list = root
[public]
path = /shares
public = Yes
read only = no
browseable = Yes
valid users = @"SERENITY\users"
[homes]
comment = Home Directories
read only = No
browseable = Yes
valid users = %D+%S
create mode = 0664

Is there someting I need to change to in nsswitch.conf or /etc/pam.d/samba.
Another way to authenticate?

I hope someone can point me in the right direction.
thanks
harry
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Share Admin

[Dennis B. Hopp]

I've got a share that I'm trying to get so I can set permissions 
through the normal windows way (right click on 
folder/file->properties->security).


The share definition is:

[test]
   comment = Test share on magellan
   path = /var/test
   browseable = yes
   writable = yes
   hide unreadable = yes
   admin users = @"Domain Admins"

The server is a member server in an AD domain.  The winbind configuration is:

 idmap backend = idmap_rid:CSC=15000-2
  idmap uid = 15000-2
  idmap gid = 15000-2
  template shell = /bin/bash
  template homedir = /home/%D/%U
  winbind separator = +
  winbind enum users = yes
  winbind enum groups = yes
  winbind use default domain = yes
  winbind cache time = 10
  realm = GOCSC.COM
  allow trusted domains = no


In /var/log/messages I am seeing:

Jan 26 17:38:01 magellan winbindd[11151]: [2006/01/26 17:38:01, 0] 
lib/util_sid.c:string_to_sid(285)
Jan 26 17:38:01 magellan winbindd[11151]:   string_to_sid: Sid S-0-0 is 
not in a valid format.


When I try to save the permssions I get an "Access Denied" message.

[EMAIL PROTECTED] samba]# ls -l /var/test
total 4
drwxr-xr-x  2 root Domain Users 4096 Jan 26 17:41 test

getfacl: Removing leading '/' from absolute path names
# file: var/test
# owner: root
# group: root
user::rwx
group::r-x
other::r-x

The user I am trying this as is a member of Domain Admin in Active Directory.

I did some quick searching on the net and in the archives and didn't 
find anything that helped me.


samba version is 3.0.21a-1, OS is FC4 fully updated via yum.

Any ideas?

Thanks,

--Dennis

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Support

[Frederico Fava Lopes]

My name is Fred.  When I want to save a document of the MSword in the
serving Samba I do not have permission to edit the document.  Because?  I
possess permission to edit but he does not make this.

version: samba 3.0.8


--

Frederico Fava Lopes
Desenvolvimento Web
Instituto Vianna Junior
Minas Gerais - Brasil
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Upgrading Samba

[Daulton Theodore]

I am in the process of planning for a samba upgrade. The current version
of Samba (2.2.8a) runs on a Sunfire 280R with Solaris 8. The intended
new platform is a sunfire V240 with Solaris 9 as the OS. The new version of 
Samba will be Samba-3.0.10. Please note that the Samba server will be a 
member of a domain.

I've read Samba-3 by Example, Chapter 8 which describes to the process of
updating from Samba 1.x and 2.x (without LDAP). It all seems very straight 
forward but refers to doing the upgrade on the same box. In my case I will
will be doing a migration to a new box and an upgrade at the same time. 

My plan is to prepare the V240 by installing samba3, and create the users.
I will then stop the samba2x, move the smbpasswd, smb.conf and tdb files 
(including secrets), and move the data files over from the old server. I 
will then shutdown old 280R and restart the new V240 with the ip address of
the the old server. I will then restart the samba daemon on the new server.

I am hoping that with the old server already a member of the domain and the
fact that I will be using the same ip address it will not be necessary to 
rejoin the domain. I am hoping this will work because I have had no luck in my
attempts to setup Samba3 as a test server (different ip address and netbios
name) and have it join the domain. The test machine account has been created
and recreated a number of times but I keep getting challenged for 
a password and end up with 'unable to join the domain' (Frustrating).

Any comments/suggestions on the above plan will be much appreciated. This
has been a work in progress for sometime now and I would really like to
move along.

One more question: If my attempt with Samba3 fails would there be any 
problems restarting the old 2.x server?

My conf file follows.

Thanks much in advance for all comments/suggestions.

==
# Global parameters
[globals]
   netbios name  = horntail
   server string = Library's %L %v
   workgroup = domain_name
   local master  = no

   allow hosts   = 111.222.10. 111.222.200. 111.222.97. 
111.222.98.128/255.255.255.192 111.222.98.64/255.255.255.224

   security  = domain
   browsable = yes

   password server = server1 server2 server3 server4
   machine password timeout = 314496000
   remote announce = 111.222.135.95
   wins server = blackbird.nt.domain

#  force Samba to bind only to hme0
   interfaces= 111.222.10.213/255.255.255.0
   bind interfaces only = yes
   socket options = SO_KEEPALIVE TCP_NODELAY
   deadtime = 0

#  Encrypt all passwords stored in /usr/local/samba.private/smbpasswd
   encrypt passwords = yes
   username map = /usr/local/samba/lib/nt-names
   smb passwd file   = /usr/local/samba/private/smbpasswd

#  not allowed to log in
   invalid users = root daemon bin sys adm lp listen sshd\
   erl webspirs samba rob jan daulton 

   writeable = yes

#  Debug Logging information
#  lowered from 3 20050302 - dt
   log level = 2
   log file = /usr/local/samba/var/log.%m
   max log size = 2000
   debug timestamp = yes


#  printing stuff
   printing  = SYSV
   load printers = yes
   use client driver = yes
   printer admin = dtheodor


# ---
# Home Directory
# ---
[homedir]
   comment = %u
   path = /files1/user/%g/%u
   browseable = yes
   writeable = yes
   create mode = 0700

# ---
# Departments
# ---
[dept]
   comment = %g
   path = /files1/user/%g
   browseable = yes
   writeable = yes
   read only = no
   create mode = 0770


# --
# All department shares
# --
[alldepts]
   comment = All Departments
   path= /files1/user
   browseable  = no
   writeable   = yes
   hide files = /lost+found/

# --
# GIS on Array2
# --
[allgis]
   comment = All GIS 
   path= /files2/gis1
   browseable  = yes
   writeable   = yes
   hide files = /lost+found/

# 
# Shared directory for each department
# 
[deptshr]
   comment = %g Shared Directory
   path = /files1/user/%g/common
   read only= no
   create mask = 0770
   force create mode = 0770
   directory mask = 0770
   writable = yes
   browseable   = yes
   invalid users = +circdesk
   
# --
# shared directory for ALL staff
# --
[libshare]
   comment = Library staff shared directory
   path= /files1/user/common
   browseable  = yes
   writeable   = yes
   create mask = 0777
   force create mode = 0777
   directory mask = 0777
   valid users = +libsys +libmgmt +libacq +libarc +libcat +libcirc +librs 
+libmdgc +libgift +libcoll +libtrain +libill +libcof +libgis
   invalid users = +circdesk train1 train2 train3

Re: [Samba] Samba daemons hang trying to lock locking.tdb

[Fermin Molina]

On Thu, 2006-01-26 at 12:23 -0800, Jeremy Allison wrote:
> On Wed, Jan 25, 2006 at 04:11:33PM +0100, Fermin Molina wrote:
> > Hi,
> > 
> > A day or so after starting samba, some daemons (diferent forks) begin to
> > hang. Then, the WinXP clients hang too completely.
> > 
> > When I try to figure out what is happen, I see that smbd daemons hangs
> > always in a fcntl64() call:
> > 
> > # strace -p 6414
> > Process 6414 attached - interrupt to quit
> > fcntl64(14, F_SETLKW64, {type=F_WRLCK, whence=SEEK_SET, start=3684, len=1}  
> > 
> > Process 6414 detached
> > # 
> > 
> > The file descriptor 14 corresponds to /var/lib/samba/locking.tdb file.
> > A backtrace using gdb from one stalled daemon:
> 
> Known bug we fixed with 3.0.21a (in fact this was the *reason*
> for 3.0.21a... :-).


Errr... well, please, read at end of my email :-)

---
The number of smbd daemons stalled increases in time.
I'm using FC4 with last updates installed and samba 3.0.21a.

Maybe is a kernel related problem with file locking?

Thanx in advance!
---

The fact is that I have installed 3.0.21a samba version. FC4's RPMs from
samba.org web, and I get the same behaviour.

Thanx in advance!

-- 
Fermin Molina Ibarz
Tècnic sistemes - ASIC
Universitat de Lleida
Tel: +34 973 702151
GPG: 0x060F857A


-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Server crash results in no printing (SuSE, Samba 3.0.4)

[Robert Schetterer]

hey josh ,
have your users rights to write in in /var/spool/samba ?
try to chmod -R /var/spool/samba
if you use the pure http cups printer from win xp ( or a linux machine 
)directly set permissions in /etc/cups.conf in cups server machine

you cant trust the suse defaults for this stuff
Regards

Josh Kelley schrieb:

On 1/26/06, Gareth Robert Halfacree <[EMAIL PROTECTED]> wrote:

Printing from the cups web interface ('Print Test Page') works fine.
Printing when logged on as 'administrator' works fine.  Printing as a
Joe-Blow user fails miserably.

I'm getting the following error message in the logs:

[2006/01/26 08:48:58, 0] printing/print_cups.c:cups_queue_get(903)
   Unable to get jobs for ipp://localhost/printers/IT_Office -
client-error-not-authorized


I may be wrong, but this sounds to me like a CUPS error - it sounds
like CUPS isn't permitting connections from Samba.

Josh Kelley


--
Mit freundlichen Gruessen
Best Regards
Robert Schetterer

robert_at_schetterer_dot_org
Munich / Bavaria / Germany
https://www.schetterer.org
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Server variable %L expansion

[Steve Sigafoos]

 

I have been successfully using the technique of creating "virtual
servers" via the method outlined below in my smb.conf file.

 

[global]

netbios name = %h 

workgroup = WORKGROUP 

netbios aliases = cifs1 cifs2

include = /etc/samba/smb.conf.%L

 

Now under Red Hat ES release 4 with kernel "2.6.9-11.EL" and Samba
version "samba-3.0.10-1.4E" the variable expansion of %L for 

either /etc/samba/smb.conf.cifs[1,2]  does not seem to work anymore. 

 

Anyone have any thoughts on this?

 

Hardcoding the name works, but it's not optimal for my environment.

 

Thanks

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Novice question - How to completely disable printing and /etc/printcap errors ?

[Josh Kelley]

On 1/26/06, Elizabeth Schwartz <[EMAIL PROTECTED]> wrote:
> I got rid of the "Unable to connect to CUPS Server" errors by adding to
> smb.conf the line
>printing=bsd
> but I am still getting
>  smbd[4809]: [ID 702911 daemon.error]   Unable to open printcap file
> /etc/printcap for read!
>
> Is there a way to get rid of this error short of recompiling?  (it is nice
> to be using the

The following (or something like it) was suggested earlier on the list
by Jerry Carter:
load printers = no
printing = bsd
printcap name = /dev/null
disable spoolss = yes

Josh Kelley
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Server crash results in no printing (SuSE, Samba 3.0.4)

[Josh Kelley]

On 1/26/06, Gareth Robert Halfacree <[EMAIL PROTECTED]> wrote:
> Printing from the cups web interface ('Print Test Page') works fine.
> Printing when logged on as 'administrator' works fine.  Printing as a
> Joe-Blow user fails miserably.
>
> I'm getting the following error message in the logs:
>
> [2006/01/26 08:48:58, 0] printing/print_cups.c:cups_queue_get(903)
>Unable to get jobs for ipp://localhost/printers/IT_Office -
> client-error-not-authorized

I may be wrong, but this sounds to me like a CUPS error - it sounds
like CUPS isn't permitting connections from Samba.

Josh Kelley
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Question about executable permissions with samba

[Josh Kelley]

On 1/25/06, Harshal Dharia <[EMAIL PROTECTED]> wrote:
> I have a setup where i am using samba to access my linux box through
> windows, to edit scripts and stuff. But say if a script as executable
> permissions for all when i open it in windows through samba, on saving it
> the prior permissions are overwritten by samba's default permission. Is
> there a way to tell samba to keep the file prior permission.

By default, Samba uses the executable flags to store DOS attributes. 
To change this, see the "map hidden", "map system", "map archive", and
"store dos attributes" options in smb.conf.

Josh Kelley
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] share home to more than one user

[f]

Hi, i'm trying to share the home directory of one single user to some
other users of my samba server, and don't know how...

My problem is that the [homes] section of smb.conf includes all users
of my samba server and this is right, but i want to do an exception
with one user, i need that this user home's directory can be shared to
some other users...

i tried to create a new share using a home's directory as a path to
permit other users to read and write it, but it dosn't work cause says
that the "resource is in use"

thanks in advance

--
f
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] pam_winbind.so user expired password config for Solaris /etc/pam.conf

[Speidel, Bruce]

I'm trying to configure my Solaris 9 pam.conf for CDE login/password
expiration using
ADS security on W2003.  If my AD account password is in good standing, 
my config works great in /etc/pam.conf.  However - I'm having trouble
getting it to recognize that my password in AD has expired to ask me
to reset it on the CDE screen.  With the config below - it just tells
me "login incorrect".  Any ideas?
 
My /opt/samba/smb.conf file looks like:
 
[global]
workgroup = QACCESST
realm = QACCESST.ADTEST.AD.LAB
server string = %h server (Samba %v)
security = ADS
update encrypted = Yes
obey pam restrictions = Yes
enable privileges = Yes
pam password change = Yes
passwd program = /bin/passwd %u
username map = /etc/samba/smbusers
unix password sync = Yes
log level = 5
time server = Yes
socket options = TCP_NODELAY SO_RCVBUF=16384 SO_SNDBUF=16384
preferred master = No
local master = No
domain master = No
dns proxy = No
ldap ssl = no
idmap uid = 500-1
idmap gid = 500-1
template shell = /bin/bash
winbind cache time = 10
winbind use default domain = Yes
winbind trusted domains only = Yes
winbind nested groups = Yes
 
[homes]
valid users = %S
read only = No
browseable = No
 

/etc/nsswitch.conf:
 
passwd: files winbind
group:  files winbind
hosts:  files dns winbind
ipnodes:files
networks:   files
protocols:  files
rpc:files
ethers: files
netmasks:   files
bootparams: files
publickey:  files
# At present there isn't a 'files' backend for netgroup;  the system
will
#   figure it out pretty quickly, and won't use netgroups at all.
netgroup:   files
automount:  files
aliases:files
services:   files
sendmailvars:   files
printers:   user files
 
auth_attr:  files
prof_attr:  files
project:files
 
/etc/pam.conf (snipped for the dtlogin section only):
 
# CDE login and screenlock
dtlogin authsufficient  pam_winbind.so
debug   use_first_pass  use_authtok
dtlogin authrequisite   pam_authtok_get.so.1
debug
dtlogin authrequiredpam_dhkeys.so.1
debug
#dtloginauthoptionalpam_krb5.so
use_first_pass  creds   debug
dtlogin authsufficient  pam_unix_auth.so.1
debug   try_first_pass
#dtloginauthsufficient
pam_dial_auth.so.1  debug
#dtloginaccount requisite   pam_roles.so.1
debug
#dtloginaccount requisite
pam_projects.so.1   debug
#dtloginaccount sufficient
pam_unix_account.so.1   debug
dtlogin account requiredpam_winbind.so
use_authtok
#dtloginpasswordsufficient  pam_dhkeys.so.1
debug
#dtloginpasswordrequisite
pam_authtok_get.so.1debug
#dtloginpasswordrequisite
pam_authtok_check.so.1  debug
#dtloginpasswordsufficient
pam_authtok_store.so.1  debug
dtlogin passwordrequiredpam_winbind.so
debug   use_authtok
dtsession   authsufficient  pam_winbind.so
debug   try_first_pass
dtsession   authrequiredpam_unix.so.1
 
Thanks in advance!
Bruce
 
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] List problems

[Pete Charles]

I can't unsubscribe either...



From: James Watkins <[EMAIL PROTECTED]>
To: Samba 
Subject: Re: [Samba] List problems
Date: Thu, 26 Jan 2006 16:57:27 +

How peculiar, I wonder how long it takes on average for a list to be quiet 
before someone sends the inevitable "Hello, is anyone out there?" message.


Thanks for the replies,
James.

Larry McElderry wrote:

It has been uncharacteristically quiet the past couple of days.

Larry

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Behalf Of
James Watkins
Sent: Thursday, January 26, 2006 9:44 AM
To: Samba
Subject: [Samba] List problems


Hi all, is it just me or has this list stopped working.  I haven't 
received anything for a couple of days now.


Cheers,

James.


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba



--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Creating a machine account manually (EMC, Samba PDC)

[Bryan Ragon]

Greetings,
I am trying to join a EMC Celerra NS502 CIFS server to our Samba
3.0.21a domain controller.  According to EMC, I was told that we need to
manually create the machine account first.  How is the best way to do this?
We are using an openLDAP backend, using the idealx scripts.  Joining a
windows machine from the computer properties dialog of that machine works
perfectly.

Things I have tried:

Running the NT4 SVRMGR.exe as domain\administrator, file ->Add Computer to
domain

Result:  Dialog box that says "Access is denied"

/var/log/samba/machine_i_ran_svrmgr_on.log

[2006/01/26 15:32:09, 2] passdb/pdb_ldap.c:init_sam_from_ldap(640)
  init_sam_from_ldap: Entry found for user: root
[2006/01/26 15:32:09, 2] auth/auth.c:check_ntlm_password(307)
  check_ntlm_password:  authentication for user [root] -> [root] -> [root]
succeeded
[2006/01/26 15:32:09, 2] lib/access.c:check_access(324)
  Allowed connection from  (XX.XXX.X.XX)
[2006/01/26 15:32:09, 2] rpc_server/srv_samr_nt.c:_samr_lookup_domain(2610)
  Returning domain sid for domain ZAPATA ->
S-1-5-21-482552267-1952276571-1847928075
[2006/01/26 15:32:09, 2] passdb/pdb_ldap.c:init_group_from_ldap(2199)
  init_group_from_ldap: Entry found for group: 515
[2006/01/26 15:32:09, 2] passdb/pdb_ldap.c:init_ldap_from_sam(1064)
  init_ldap_from_sam: Setting entry for user: boxer$
[2006/01/26 15:32:09, 2] passdb/pdb_ldap.c:ldapsam_add_sam_account(2141)
  ldapsam_add_sam_account: added: uid == boxer$ in the LDAP database
[2006/01/26 15:32:09, 2] passdb/pdb_ldap.c:init_sam_from_ldap(640)
  init_sam_from_ldap: Entry found for user: boxer$
[2006/01/26 15:32:09, 2] passdb/pdb_ldap.c:init_sam_from_ldap(640)
  init_sam_from_ldap: Entry found for user: boxer$
[2006/01/26 15:32:09, 2] passdb/pdb_ldap.c:init_sam_from_ldap(640)
  init_sam_from_ldap: Entry found for user: boxer$
[2006/01/26 15:32:09, 2] passdb/pdb_ldap.c:init_ldap_from_sam(1064)
  init_ldap_from_sam: Setting entry for user: boxer$
[2006/01/26 15:32:09, 1] passdb/pdb_ldap.c:ldapsam_modify_entry(1648)
  ldapsam_modify_entry: Failed to modify user dn=
uid=boxer$,ou=Computers,dc=zapeng,dc=com with: No such attribute
modify/delete: sambaPrimaryGroupSID: no such value
[2006/01/26 15:32:09, 0] passdb/pdb_ldap.c:ldapsam_update_sam_account(1873)
  ldapsam_update_sam_account: failed to modify user with uid = boxer$,
error: modify/delete: sambaPrimaryGroupSID: no such value (Success)
[2006/01/26 15:32:09, 2] passdb/pdb_ldap.c:init_sam_from_ldap(640)
  init_sam_from_ldap: Entry found for user: boxer$

However when I check the ldap logs the error that cathes my eye:

Jan 26 15:31:44 smokey slapd[14109]: conn=1625 op=58 MOD
dn="uid=boxer$,ou=Computers,dc=zapeng,dc=com"
Jan 26 15:31:44 smokey slapd[14109]: conn=1625 op=58 MOD
attr=sambaPrimaryGroupSID sambaPrimaryGroupSID displayName description
sambaKickoff
Time sambaPwdCanChange sambaPwdMustChange sambaLMPassword sambaNTPassword
sambaPwdLastSet sambaLogonHours sambaAcctFlags sambaAcctFlags
Jan 26 15:31:44 smokey slapd[14109]: conn=1625 op=58 RESULT tag=103 err=16
text=modify/delete: sambaPrimaryGroupSID: no such value


Now let's suppose I try to run SVRMGR as my own account (who has been
granted seMachineAccountAdd Privileges)

Dialog:  "The user name could not be found"

Samba log:

[2006/01/26 15:39:56, 2] rpc_server/srv_samr_nt.c:_samr_lookup_domain(2610)
  Returning domain sid for domain ZAPATA ->
S-1-5-21-482552267-1952276571-1847928075
Could not find base dn, to get next uidNumber at
/usr/local/sbin/samba//smbldap_tools.pm line 875.
[2006/01/26 15:39:56, 0] rpc_server/srv_samr_nt.c:_samr_create_user(2359)
  _samr_create_user: Running the command
`/usr/local/sbin/samba/smbldap-useradd -w 'boxer$'' gave 3
[2006/01/26 15:39:58, 2] lib/access.c:check_access(324)

And checking the ldap logs, it appears that the bind is done anonymously,
which it shouldn't do.


-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Samba daemons hang trying to lock locking.tdb

[Jeremy Allison]

On Wed, Jan 25, 2006 at 04:11:33PM +0100, Fermin Molina wrote:
> Hi,
> 
> A day or so after starting samba, some daemons (diferent forks) begin to
> hang. Then, the WinXP clients hang too completely.
> 
> When I try to figure out what is happen, I see that smbd daemons hangs
> always in a fcntl64() call:
> 
> # strace -p 6414
> Process 6414 attached - interrupt to quit
> fcntl64(14, F_SETLKW64, {type=F_WRLCK, whence=SEEK_SET, start=3684, len=1}  
> 
> Process 6414 detached
> # 
> 
> The file descriptor 14 corresponds to /var/lib/samba/locking.tdb file.
> A backtrace using gdb from one stalled daemon:

Known bug we fixed with 3.0.21a (in fact this was the *reason*
for 3.0.21a... :-).

Jeremy.
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

RE: [Samba] Samba (+ NAV?) and bad printer names?

[Barry, Christopher]

> -Original Message-
> From: Steve Snyder [mailto:[EMAIL PROTECTED] 
> Sent: Tuesday, January 24, 2006 10:46 AM
> To: samba@lists.samba.org
> Subject: [Samba] Samba (+ NAV?) and bad printer names?
> 
> At 4:00 every morning the 2 WinXP machines on my network 
> generate a slew 
> of queries to bad printer names.  These names are variations 
> on the name 
> of a valid printer exported by Samba.  
> 
> Samba v3.0.10 is running on a RHEL4 system.  It exports 
> several shared 
> drives and a single printer.  The printer is named "lj4500", 
> is managed by 
> CUPS v1.1.22, and works correctly via Samba from both WinXP boxes.  
> 
> Here's a snippet of my smb.conf file:
> 
>load printers = yes
>printing = cups
>printcap name = cups
> 
> So what is going on with those WinXP machines at 4:00AM?  The 
> only thing I 
> can think of is the daily system-wide scan done by Norton 
> Antivirus (NAV).  
> 
> Can anyone shed some light on what is going on here and how I 
> can stop 
> these queries to bogus printer names?  
> 
> Thanks.


run a manual scan now while tailing the logs. that will show if it's
NAV.

-Chris
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] nmbd terminates with error code 58

[Gerald (Jerry) Carter]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Martin Meiler wrote:

>>From time to time our nmbd daemon quits his job and the last 
> time he did this he told us:
> 
> [2006/01/25 15:56:02, 0] nmbd/nmbd.c:terminate(58)
>   Got SIGTERM: going down...
> 
> So my question is: What is the cause of this behaviour 
> and in special what is happening when nmbd exists with error code
> 58.

That's not an exist code.  That a line number in the source
code. :-)






cheers, jerry
=
I live in a Reply-to-All world---
Samba--- http://www.samba.org
Centeris ---  http://www.centeris.com
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.2 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFD2Sh3IR7qMdg1EfYRAlVCAKCRBUvdKMk+rSP4NvwtjtLiXsDsZwCgmXjQ
L9ygek4nAWdGkIhpbKdwOSQ=
=rxOC
-END PGP SIGNATURE-
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] grant administrator rights

[Robert Adkins]

Patrick DUBAU wrote:


Hi,

we want to give all our users all the rights on the stations, i see 2 
solutions :

- on the station goto local group administrators and add everyone
-  on the sation goto local group administrator annd add an LDAP group 
call UA (created by us with containing all ou users)



Which  way is the best in term of charge ?
Someone told to me that in the first case windows has to handle all 
the users on the stations, but in the second case only one group 
(group UA).


We have about 4000 users accounts in LDAP
Does  windows have problem handling so much users?

Thanks for any suggestion or return of experience

   I see absolutely no reason to have 4000 users setup as 
Administrators on their local machines.


   However, if you wish to go down that route (Which I think is VERY 
dangerous from a security perspective.) inside your Samba Configuration 
file, you can setup a group to act as "Administrator" and just add all 
of your users to that group.


   If the OS you are hosting Samba on already has a "Global" Users 
group that every account is automatically part of, simply add this Group 
to the line detailing which groups/users are to have Administrator rights.


   Good luck.
   Robert Adkins
   IT Manger/Buyer
   Impel Industries, Inc.
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] RE: Print Migrator help needed...

[Aarti Varshney (asadhnan)]

 
This snippet from the error log: Looks like something is timing out...
Anyone knows how to increase the timeout?
 
Thanks in advance.
Aarti.
 
 
[2006/01/26 19:29:22, 3] smbd/ipc.c:reply_trans(538)
  trans <\PIPE\> data=544 params=0 setup=2
[2006/01/26 19:29:22, 3] smbd/ipc.c:named_pipe(334)
  named pipe command on <> name
[2006/01/26 19:29:22, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1169)
  search for pipe pnum=7435
[2006/01/26 19:29:22, 3] smbd/ipc.c:api_fd_reply(294)
  Got API command 0x26 on pipe "spoolss" (pnum 7435)
[2006/01/26 19:29:22, 3]
rpc_server/srv_pipe_hnd.c:free_pipe_context(542)
  free_pipe_context: destroying talloc pool of size 0
[2006/01/26 19:29:22, 4] rpc_server/srv_pipe.c:api_rpcTNP(1543)
  api_rpcTNP: spoolss op 0x0 - api_rpcTNP: rpc command:
SPOOLSS_ENUMPRINTERS
[2006/01/26 19:29:22, 4]
rpc_server/srv_spoolss_nt.c:_spoolss_enumprinters(4724)
  _spoolss_enumprinters
[2006/01/26 19:29:22, 4]
rpc_server/srv_spoolss_nt.c:enum_all_printers_info_1_local(4450)
  enum_all_printers_info_1_local
[2006/01/26 19:29:22, 4]
rpc_server/srv_spoolss_nt.c:enum_all_printers_info_1(4393)
  enum_all_printers_info_1
[2006/01/26 19:29:22, 4]
rpc_server/srv_spoolss_nt.c:enum_all_printers_info_1(4397)
  Found a printer in smb.conf: testPrintQueue[4]
[2006/01/26 19:29:22, 4]
rpc_server/srv_spoolss_nt.c:enum_all_printers_info_1(4407)
  ReAlloced memory for [0] PRINTER_INFO_1
[2006/01/26 19:29:22, 4]
rpc_server/srv_spoolss_nt.c:enum_all_printers_info_1(4397)
  Found a printer in smb.conf: printQueue1[5]
[2006/01/26 19:29:22, 4]
rpc_server/srv_spoolss_nt.c:enum_all_printers_info_1(4407)
  ReAlloced memory for [1] PRINTER_INFO_1
[2006/01/26 19:29:22, 4]
rpc_server/srv_spoolss_nt.c:enum_all_printers_info_1(4397)
  Found a printer in smb.conf: HPLaserJ[6]
[2006/01/26 19:29:22, 4]
rpc_server/srv_spoolss_nt.c:enum_all_printers_info_1(4407)
  ReAlloced memory for [2] PRINTER_INFO_1
[2006/01/26 19:29:22, 3]
rpc_server/srv_pipe_hnd.c:free_pipe_context(542)
  free_pipe_context: destroying talloc pool of size 3100
[2006/01/26 19:29:22, 3] smbd/process.c:process_smb(1114)
  Transaction 15 of length 45
[2006/01/26 19:29:22, 3] smbd/process.c:switch_message(900)
  switch message SMBclose (pid 14118) conn 0x83ec6c8
[2006/01/26 19:29:22, 4] smbd/uid.c:change_to_user(217)
  change_to_user: Skipping user change - already user
[2006/01/26 19:29:22, 4] rpc_server/srv_pipe_hnd.c:get_rpc_pipe(1169)
  search for pipe pnum=7435
[2006/01/26 19:29:22, 4]
rpc_server/srv_pipe_hnd.c:close_rpc_pipe_hnd(1081)
  closed pipe name spoolss pnum=7435 (pipes_open=0)
[2006/01/26 19:29:22, 3] smbd/process.c:process_smb(1114)
  Transaction 16 of length 39
[2006/01/26 19:29:22, 3] smbd/process.c:switch_message(900)
  switch message SMBtdis (pid 14118) conn 0x83ec6c8
[2006/01/26 19:29:22, 3] smbd/sec_ctx.c:set_sec_ctx(287)
  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2006/01/26 19:29:22, 3] smbd/sec_ctx.c:set_sec_ctx(287)
  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2006/01/26 19:29:22, 3] smbd/service.c:close_cnum(833)
  bd-s6 (10.86.41.170) closed connection to service IPC$
[2006/01/26 19:29:22, 3] smbd/connection.c:yield_connection(69)
  Yielding connection to IPC$
[2006/01/26 19:29:22, 4] smbd/vfs.c:vfs_ChDir(737)
  vfs_ChDir to /
[2006/01/26 19:29:22, 3] smbd/sec_ctx.c:set_sec_ctx(287)
  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
 >> [2006/01/26 19:29:22, 3]
smbd/process.c:timeout_processing(1366)
 >>  timeout_processing: End of file from client (client
has disconnected).


 


From: Aarti Varshney (asadhnan) 
Sent: Wednesday, January 25, 2006 3:45 PM
To: 'samba@lists.samba.org'
Subject: Print Migrator help needed...


Hi,
 
I am trying to migrate print queues from a windows server to a samba
share.
1. I ran printmig.exe on the windows server. 
2. Backed up the printers on the windows servers to a cab file.
3. Tries to restore the printers to the sambashare by specifying the
target as //sambaShare.
But I get the following error: 
 
2006:01:25 15:35:38   Access Granted to: \\sambaShare
2006:01:25 15:35:38   Couldn't start the target spooler
2006:01:25 15:35:38   Remote Tree View Failed
 
How do I starter the target spooler?
Do I need some config in smb.conf?
In smb.conf I have a addprinter command.
 
Thanks,
Aarti.
 



From: Aarti Varshney (asadhnan) 
Sent: Monday, January 23, 2006 2:55 PM
To: 'samba@lists.samba.org'
Subject: guest account security = domain doesn't work...


Hi,
 
my security is domain, i would like to map users who fail authentication
to be
mapped to a guest account so they can access printers.

My conf file looks like this:
[global]
workgroup = LAB2000DOMAIN2
security = DOMAIN
client schannel = No
map to guest = Bad Password
password server = 10.86.32.27
log level = 4 passdb:5 auth:10 winbind:4
log file = /local/local1/errorlog/samba.log
max log size = 

Re: [Samba] Windows XP suddenly can't login to PDC

[Jeremy Allison]

On Tue, Jan 24, 2006 at 11:36:42AM +0100, Micha Kersloot wrote:
> Hi,
> 
> I've got a Samba 3.0.2a PDC running for some time now (like more than a
> year) with MS Windows XP clients. But suddenly on January 23 2006 none
> of the clients where able to login anymore. The error on the client was
> (translated from dutch):
> Unable to connect to domain server.
> 
> The logfile on the samba side showed:
> [2006/01/23 11:36:30, 2] lib/smbldap.c:smbldap_open_connection(722)
>   smbldap_open_connection: connection opened
> [2006/01/23 11:36:30, 3] lib/smbldap.c:smbldap_connect_system(905)
>   ldap_connect_system: succesful connection to the LDAP server
> [2006/01/23 11:36:30, 2] passdb/pdb_ldap.c:init_sam_from_ldap(640)
>   init_sam_from_ldap: Entry found for user: computer3$
> [2006/01/23 11:36:30, 3] smbd/sec_ctx.c:pop_sec_ctx(386)
>   pop_sec_ctx (65534, 65534) - sec_ctx_stack_ndx = 0
> [2006/01/23 11:36:30, 0] libsmb/credentials.c:creds_server_check(159)
>   creds_server_check: credentials check failed.
> [2006/01/23 11:36:30, 0] rpc_server/srv_netlog_nt.c:_net_auth_2(424)
>   _net_auth2: creds_server_check failed. Rejecting auth request from
> client COMPUTER3 machine account COMPUTER3$
> 
> I was able to solve the problem by upgrading to 3.0.21a, and rejoining
> the MS Windows XP clients to the domain. But as i have now idea what
> caused this problem, i don't know if this suddenly could happen again.
> Anyone an idea what was going on?

This is something we specifically added in a fix into 3.0.21a for.
The netlogon code needed to cache the credentials between connections,
and we now do this.

Jeremy.
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] oplocks and Excel

[Josh Kelley]

On 1/25/06, Matt Morgan <[EMAIL PROTECTED]> wrote:
> When they save open Excel files from Windows, they are prompted to
> overwrite the existing file. I mean, when they click the little disk
> icon or use Ctrl-S or File--Save. Excel would normally just write over
> the file, not check with an "are you sure?" prompt. But that's what
> they get.

This bug was fixed in Samba 3.0.11, IIRC.  If you don't want to
upgrade Samba, you should be able to get rid of the message by setting
your Excel workbooks for sharing.  (Under Excel's Tools menu, choose
Share Workbook.)  Microsoft's knowledgebase also describes the issue
at http://support.microsoft.com/default.aspx/kb/324491/en-us?; I
remember trying the fix they suggest there, but I can't remember if it
worked or not.

Regarding your oplocks question, we've left them on for everything but
Outlook .pst files (which sometimes had locking errors with oplocks
enabled) and have had no problems that I'm aware of, but others are
probably more qualified to speak on this.

Josh Kelley
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

RE: [Samba] SAMBA on AIX 5.1

[Lamar.Saxon]

Best guess is it was compiled with a 64 bit kernel and the machine you
have installed it on is set for a 32 bit kernel.

Lamar

-Original Message-
From: Antonio Sosa [mailto:[EMAIL PROTECTED]
Sent: Thursday, January 26, 2006 9:50 AM
To: samba@lists.samba.org
Cc: [EMAIL PROTECTED]
Subject: [Samba] SAMBA on AIX 5.1

I installed the binary from
http://us2.samba.org/samba/ftp/Binary_Packages/AIX/

Opt-samba-AIX5-3.0.21a.tar.gz

Installed fine but when I go to run the samba binaries, this is what I
get:



Can anyone help - thanks in advanced.





/opt/Samba/3.0.21a/sbin> ./nmbd -D &  
[1] 544860
oldpetes: root] /opt/Samba/3.0.21a/sbin> exec(): 0509-036 Cannot load
program ./nmbd because of the following errors:
0509-130 Symbol resolution failed for nmbd because:
0509-136   Symbol statvfs64 (number 134) is not exported from
   dependent module /usr/lib/libc.a(shr.o).
0509-136   Symbol opendir64 (number 169) is not exported from
   dependent module /usr/lib/libc.a(shr.o).
0509-136   Symbol closedir64 (number 170) is not exported from
   dependent module /usr/lib/libc.a(shr.o).
0509-136   Symbol readdir64 (number 171) is not exported from
   dependent module /usr/lib/libc.a(shr.o).
0509-136   Symbol seekdir64 (number 180) is not exported from
   dependent module /usr/lib/libc.a(shr.o).
0509-136   Symbol telldir64 (number 229) is not exported from
   dependent module /usr/lib/libc.a(shr.o).
0509-192 Examine .loader section symbols with the
 'dump -Tv' command.

[1] +  Done(255)   ./nmbd -D &
oldpetes: root] /opt/Samba/3.0.21a/sbin>







Privileged and Confidential.  This e-mail, and any attachments there to, is 
intended only for use by the addressee(s) named herein and may contain 
privileged or confidential information.  If you have received this e-mail in 
error, please notify me immediately by a return e-mail and delete this e-mail.  
You are hereby notified that any dissemination, distribution or copying of this 
e-mail and/or any attachments thereto, is strictly prohibited.
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Backing up a windows 2003 server to a samba share

[James Watkins]

Good evening/morning/afternoon.  This may be a little off topic but I 
was wondering if anyone has had any experience backing up a Windows 2003 
SBS to a samba share.  I succeeded in setting up the samba box as a 
member server on the AD domain and domain users can login and add files 
to the samba share but all attempts to run the backup fail with 
'Username LIME\SBS\ Backup\ User is invalid on this system' appearing in 
the logs.  I believe that the problem is linked to the fact that the 
'SBS Backup User' account is disabled by default, however, the obvious 
fix - enabling the account - doesn't work because Windows kindly 
disables it again as soon as the backup process begins.
   On a temporary basis, I have given up and am now backing up the 
server to one of our Windows XP Professial workstations but I would like 
to at least understand why it doesn't work and preferably fix it.


Sorry for the rather lengthy mail and thanks in advance for any pointers.

Cheers,

James.
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Re: SFU UID Mapping

[Rex Dieter]

John Halfpenny wrote:


But for this to work I need to drag over the UIDs from Services For Unix which 
I have read is possible on Samba 3.0.20+
Joined Samba to the Win2k3 domain with no problems, 


Silly question: You *do* have SFU installed on the Win2k3 domain 
controller, right?


-- Rex

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Re: oplocks and Excel

[Rex Dieter]

Matt Morgan wrote:


2) More generally, has anyone else seen this problem before and been
able to do anything about it?


I saw it, upgraded samba.

-- Rex

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Can printer names be mapped?

[Gerald (Jerry) Carter]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Gururajan Ramachandran wrote:
> 
> Can printer names be mapped between unix names and windows names just
> like groups? I have a printer that is shared as "HP Mode9" (with a space
> in the name) in windows domain. CUPS will not let me create the name
> that way so I called it HP_Mode9 (with an underscore). Everybody in the
> domain is hooked to "HP Mode9" (with a space). How do I avoid
> reinstalling driver in all the windows clients?

See the 'printer' parameter ni smb.conf(5).





cheers, jerry
=
I live in a Reply-to-All world---
Samba--- http://www.samba.org
Centeris ---  http://www.centeris.com
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.2 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFD2RXuIR7qMdg1EfYRAhsEAJ9JkKKqFXeBX9wro9JXVaecp/CMowCgytXX
UH7asu6YTH9aVRUwJak/NTg=
=k37k
-END PGP SIGNATURE-
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Novice question - How to completely disable printing and /etc/printcap errors ?

[Elizabeth Schwartz]

I'm running Samba 3.0.21a (blastwave build) on Solaris 9. The Solaris
servers have no printers attached or accessible, just file service. Samba
users authenticate off a Win2003 AD controller and get printing from that.

I got rid of the "Unable to connect to CUPS Server" errors by adding to
smb.conf the line
   printing=bsd
but I am still getting
 smbd[4809]: [ID 702911 daemon.error]   Unable to open printcap file
/etc/printcap for read!

Is there a way to get rid of this error short of recompiling?  (it is nice
to be using the

thanks Betsy
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] winbind authentication fails with STATUS_BUFFER_OVERFLOW

[Alex Laslavic (Lenox)]

Using samba-3.0.10-1.4E.2 as supplied by RedHat Enterprise 4.  Using
security=ADS mode, and using winbind and pam_winbind to authenticate.  

I was able to sucessfully join the domain, and can enumerate users and
groups.  

Whenever I try to authenticate, it always fails with the status
STATUS_BUFFER_OVERFLOW.  

---pieces of Winbind Logs---
[2006/01/26 13:08:55, 5] rpc_parse/parse_prs.c:prs_ntstatus(672)
  0024 status: STATUS_BUFFER_OVERFLOW
[2006/01/26 13:08:55, 3]
rpc_client/cli_netlogon.c:cli_nt_setup_creds(290)
  cli_nt_setup_creds: auth2 challenge failed STATUS_BUFFER_OVERFLOW

[2006/01/26 13:08:55, 3] nsswitch/winbindd_pam.c:winbindd_pam_auth(289)
  could not open handle to NETLOGON pipe
[2006/01/26 13:08:55, 2] nsswitch/winbindd_pam.c:winbindd_pam_auth(361)
  Plain-text authentication for user alaslavic returned
STATUS_BUFFER_OVERFLOW (PAM: 4)
[2006/01/26 13:08:55, 5] nsswitch/winbindd.c:winbind_client_read(477)
  read failed on sock 23, pid 11620: EOF
[2006/01/26 13:08:55, 3] nsswitch/winbindd_user.c:winbindd_getpwnam(126)
  [11620]: getpwnam alaslavic
[2006/01/26 13:08:55, 3] lib/charcnv.c:convert_string_allocate(567)
  convert_string_allocate: Conversion error: Incomplete multibyte
sequence(°VÜ*U)
[2006/01/26 13:08:55, 3] lib/charcnv.c:convert_string_allocate(576)
  convert_string_allocate: Conversion error: Illegal multibyte
sequence(Ü*U)
[2006/01/26 13:08:59, 5] nsswitch/winbindd.c:winbind_client_read(477)
  read failed on sock 20, pid 11620: EOF
[2006/01/26 13:09:11, 5] lib/smbldap.c:smbldap_close(929)
  The connection to the LDAP server was closed
[2006/01/26 13:09:11, 5] sam/idmap_ldap.c:ldap_idmap_close(765)
  The connection to the LDAP server was closed
[2006/01/26 13:09:11, 5] nsswitch/winbindd.c:winbind_client_read(477)
  read failed on sock 10, pid 11586: EOF



---smb.conf
# Globals
[global]
workgroup = WORLDTRAVEL
netbios name = usgalnx1tuxmgmt01
realm = WORLDTRAVEL.LOCAL
server string = Linux Management Server
security = ADS
log level = 7
ldap admin dn = cn=,dc=worldtravel,dc=local
ldap idmap suffix = ou=Idmap
ldap suffix = dc=worldtravel,dc=local
idmap backend = ldap:ldap://usgalnx1tuxmgmt01.worldtravel.local
idmap uid = 10-90
idmap gid = 10-90
template shell = /bin/bash
winbind use default domain = Yes
winbind nested groups = Yes
use spnego = yes
socket options = TCP_NODELAY SO_RCVBUF=16384

include = /etc/samba/smb.include


-- 
***
*  Alex Laslavic   
*  Linux Engineer  
*  WorldTravel BTI 
*  x49511
*  gpg/pgp key at   
*   http://keys.jumpbox.net
***


signature.asc
Description: This is a digitally signed message part
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Re: Cannot map guest shares in 'security = SERVER' mode on samba-3.0.9

[Rex Dieter]

Rene Kapeller wrote:

== problem =

'net use n: \\smbs1\public' on Windows XP, always asks for a password.

'smbmount //smbs1/public /mnt/public -o password=' does not.

This all used to work fine under Redhat-9 and Samba-2.2

...

map to guest = Bad User


man smb.conf, read up on the options available for 'map to guest'.


-- Rex

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] samba domain controller with ldap and groupOfUniqueNames groups

[Gordon Messmer]

Gordon Messmer wrote:

I'm having some trouble with groups which contain the groupofuniquenames
objectclass.


I was wrong.  My conclusions were totally erronious.  Somehow or other, 
the indexes were incomplete and the sambaSID attribute wasn't indexed 
for older entries, where I had groupOfUniqueNames members.  Since that 
was the only difference in the data, I presumed that to be the cause.

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Fw: SAMBA on AIX 5.1

[William Jojo]

forwarding this for AIX people...forgot to CC list D'oh!


- Original Message - 
From: Antonio Sosa 
To: William Jojo 
Sent: Thursday, January 26, 2006 12:05 PM
Subject: RE: SAMBA on AIX 5.1


Thanks William - I'll try it out.

 

Antonio  Sosa

C.E.O.

Ansotech Inc.

"We Design Technology Around You"

Tel: 877-389-8728

Cell: 773-406-3663

 




From: William Jojo [mailto:[EMAIL PROTECTED] 
Sent: Thursday, January 26, 2006 11:02 AM
To: Antonio Sosa
Subject: Re: SAMBA on AIX 5.1

 

 

 

Nope. This is 5.2 not 5.1 :-)

 

You'll need to go to at least 5200-06 (5200-07 is available)

 

 

Cheers,

 

Bill

 

  - Original Message - 

  From: Antonio Sosa 

  To: William Jojo 

  Sent: Thursday, January 26, 2006 11:22 AM

  Subject: RE: SAMBA on AIX 5.1

   

  oldpetes: root] /opt/Samba/3.0.21a/sbin> oslevel -r 
  5200-04

   

  it appears high enough right?

   

  Antonio  Sosa

  C.E.O.

  Ansotech Inc.

  "We Design Technology Around You"

  Tel: 877-389-8728

  Cell: 773-406-3663

   


--

  From: William Jojo [mailto:[EMAIL PROTECTED] 
  Sent: Thursday, January 26, 2006 10:02 AM
  To: Antonio Sosa; samba@lists.samba.org
  Subject: Re: SAMBA on AIX 5.1

   

   

- Original Message - 

From: Antonio Sosa 

To: samba@lists.samba.org 

Cc: [EMAIL PROTECTED] 

Sent: Thursday, January 26, 2006 10:49 AM

Subject: SAMBA on AIX 5.1

 

I installed the binary from 
http://us2.samba.org/samba/ftp/Binary_Packages/AIX/

Opt-samba-AIX5-3.0.21a.tar.gz

Installed fine but when I go to run the samba binaries, this is what I get:

 

Can anyone help - thanks in advanced.

 

  What does "oslevel -r" report?

   

   

  5100-09 is available at the IBM site and those functions should be supported 
in that release (I think actually at 06 or 07).

   

  http://www-03.ibm.com/servers/eserver/support/unixservers/aixfixes.html

   

  Select AIX 5.1 under Maintenance Packages.

   

   

  Cheers,

   

  Bill

   

   

 

/opt/Samba/3.0.21a/sbin> ./nmbd -D &   
[1] 544860 
oldpetes: root] /opt/Samba/3.0.21a/sbin> exec(): 0509-036 Cannot load 
program ./nmbd because of the following errors: 
0509-130 Symbol resolution failed for nmbd because: 
0509-136   Symbol statvfs64 (number 134) is not exported from 
   dependent module /usr/lib/libc.a(shr.o). 
0509-136   Symbol opendir64 (number 169) is not exported from 
   dependent module /usr/lib/libc.a(shr.o). 
0509-136   Symbol closedir64 (number 170) is not exported from 
   dependent module /usr/lib/libc.a(shr.o). 
0509-136   Symbol readdir64 (number 171) is not exported from 
   dependent module /usr/lib/libc.a(shr.o). 
0509-136   Symbol seekdir64 (number 180) is not exported from 
   dependent module /usr/lib/libc.a(shr.o). 
0509-136   Symbol telldir64 (number 229) is not exported from 
   dependent module /usr/lib/libc.a(shr.o). 
0509-192 Examine .loader section symbols with the 
 'dump -Tv' command. 

[1] +  Done(255)   ./nmbd -D & 
oldpetes: root] /opt/Samba/3.0.21a/sbin>

 

 
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] SAMBA client extremely slow over WAN

[Dracula]

Hello,
When copying files using the RedHat Samba client over  Network we
experience file copy times 5 times slower than we experience with other
SAMBA clients. 

As a test file we are using a 45MB file. Using a HPUX samba client to a
windows file server it takes approximately 1 minute to copy this file.  

Using a windows SAMBA client also takes about 1 minute to copy the
file. 

Using the RHEL 3.0 Samba client it takes well over 5 minutes, and
sometimes up to 7 minutes to copy the same file.  

This is a client only issue with samba however as if we run a SAMBA
server on RHEL 3.0 and copy to it with the Windows client it will again
only take about a minute.  

We have tried many different rsize,wsize combinations as well have
followed the SAMBA optimization guides by RedHat and O'reily with no
significant improvement on performance.  

Thanks

Regards,

Komal

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] List problems

[James Watkins]

How peculiar, I wonder how long it takes on average for a list to be 
quiet before someone sends the inevitable "Hello, is anyone out there?" 
message.


Thanks for the replies,
James.

Larry McElderry wrote:

It has been uncharacteristically quiet the past couple of days.

Larry

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Behalf Of
James Watkins
Sent: Thursday, January 26, 2006 9:44 AM
To: Samba
Subject: [Samba] List problems


Hi all, is it just me or has this list stopped working.  I haven't 
received anything for a couple of days now.


Cheers,

James.


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] test

[Gerald (Jerry) Carter]

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

RE: [Samba] List problems

[Larry McElderry]

It has been uncharacteristically quiet the past couple of days.

Larry

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Behalf Of
James Watkins
Sent: Thursday, January 26, 2006 9:44 AM
To: Samba
Subject: [Samba] List problems


Hi all, is it just me or has this list stopped working.  I haven't 
received anything for a couple of days now.

Cheers,

James.
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] List problems

[Michael Gasch]

same here, too. they seem to have problems

greez

James Watkins wrote:
Hi all, is it just me or has this list stopped working.  I haven't 
received anything for a couple of days now.


Cheers,

James.



--
Michael Gasch
Max Planck Institute for Evolutionary Anthropology
Department of Human Evolution (IT)
Deutscher Platz 6
D-04103 Leipzig
Germany

Phone: 49 (0)341 - 3550 137
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] List problems

[Mark R. White]

I signed up and sent a mail 3 days ago, and never got confirmation
that it was received nor have I received any other samba list mailings
until just now and I received 3 within 5 minutes.

Mark

On 1/26/06, James Watkins <[EMAIL PROTECTED]> wrote:
> Hi all, is it just me or has this list stopped working.  I haven't
> received anything for a couple of days now.
>
> Cheers,
>
> James.
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/listinfo/samba
>


--
Mark R. White
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] List problems

[Kerie]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

As far as I can see I have not been receiving any messages after
01/24/2006, from 16:39 GMT +1 onwards I have received two messages
however.

Cheers,

Jeroen

James Watkins wrote:
| Hi all, is it just me or has this list stopped working.  I haven't
| received anything for a couple of days now.
|
| Cheers,
|
| James.
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.2 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFD2PLANdf2PDF7b1IRAj2iAJ9whzA+X0nuO8Omdn0CciiHuQsg3wCgw1hW
912SLpoAxN9EJpR/luFALVM=
=uoqT
-END PGP SIGNATURE-

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] List problems

[Stephen Bosch]

James Watkins wrote:
> Hi all, is it just me or has this list stopped working.  I haven't
> received anything for a couple of days now.

No, it's not just you -- same problem here. I made two posts yesterday
that never made it.

-Stephen-

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] grant administrator rights

[Patrick DUBAU]

Hi,

we want to give all our users all the rights on the stations, i see 2 
solutions :

- on the station goto local group administrators and add everyone
-  on the sation goto local group administrator annd add an LDAP group 
call UA (created by us with containing all ou users)



Which  way is the best in term of charge ?
Someone told to me that in the first case windows has to handle all the 
users on the stations, but in the second case only one group (group UA).


We have about 4000 users accounts in LDAP
Does  windows have problem handling so much users?

Thanks for any suggestion or return of experience

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] nmbd terminates with error code 58

[Martin Meiler]

Hello everybody,

i have already posted this message yesterday, but i didn't receive my
posting. There i want to repeat it.

>From time to time our nmbd daemon quits his job and the last time he did
this he told us:

[2006/01/25 15:56:02, 0] nmbd/nmbd.c:terminate(58)
  Got SIGTERM: going down...

So my question is: What is the cause of this behaviour and in special
what is happening when nmbd exists with error code 58.

I am relly sorry if there is a documentation where i could have read
about it, but i did not find anything concerning my problem.

Thanks in advance for an answer.

Regards

Martin


-- 


  _/ _/_/   _/_/_/ Friedrich Alexander Universität Erlangen
 _/_/   _/ _/   Lehrstuhl für Sensorik
_/_/  _/   Paul-Gordanstr. 5, 91052 Erlangen, Germany
   _/  _/_/  _/_/
  _/ _/ _/  University of Erlangen
 _/_/   _/ _/  Department of Sensor Technology
_/_/_/  _/_/  _/_/_/   Paul-Gordanstr. 5, 91052 Erlangen, Germany


Dipl.-Ing. Martin Meiler

tel.:   (+49)-9131-85-23140
fax.:   (+49)-9131-85-23133

email:  [EMAIL PROTECTED]


-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Re: SAMBA on AIX 5.1

[William Jojo]

  - Original Message - 
  From: Antonio Sosa 
  To: samba@lists.samba.org 
  Cc: [EMAIL PROTECTED] 
  Sent: Thursday, January 26, 2006 10:49 AM
  Subject: SAMBA on AIX 5.1


  I installed the binary from 
http://us2.samba.org/samba/ftp/Binary_Packages/AIX/

  Opt-samba-AIX5-3.0.21a.tar.gz

  Installed fine but when I go to run the samba binaries, this is what I get:

   

  Can anyone help - thanks in advanced.



What does "oslevel -r" report?


5100-09 is available at the IBM site and those functions should be supported in 
that release (I think actually at 06 or 07).

http://www-03.ibm.com/servers/eserver/support/unixservers/aixfixes.html

Select AIX 5.1 under Maintenance Packages.


Cheers,

Bill




  /opt/Samba/3.0.21a/sbin> ./nmbd -D &   
  [1] 544860 
  oldpetes: root] /opt/Samba/3.0.21a/sbin> exec(): 0509-036 Cannot load program 
./nmbd because of the following errors: 
  0509-130 Symbol resolution failed for nmbd because: 
  0509-136   Symbol statvfs64 (number 134) is not exported from 
 dependent module /usr/lib/libc.a(shr.o). 
  0509-136   Symbol opendir64 (number 169) is not exported from 
 dependent module /usr/lib/libc.a(shr.o). 
  0509-136   Symbol closedir64 (number 170) is not exported from 
 dependent module /usr/lib/libc.a(shr.o). 
  0509-136   Symbol readdir64 (number 171) is not exported from 
 dependent module /usr/lib/libc.a(shr.o). 
  0509-136   Symbol seekdir64 (number 180) is not exported from 
 dependent module /usr/lib/libc.a(shr.o). 
  0509-136   Symbol telldir64 (number 229) is not exported from 
 dependent module /usr/lib/libc.a(shr.o). 
  0509-192 Examine .loader section symbols with the 
   'dump -Tv' command. 

  [1] +  Done(255)   ./nmbd -D & 
  oldpetes: root] /opt/Samba/3.0.21a/sbin>

   

   
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] List problems

[Anthony Messina]

James Watkins wrote:
Hi all, is it just me or has this list stopped working.  I haven't 
received anything for a couple of days now.


Cheers,

James.

well, i got your message.  -anthony

--
My Website: http://messinet.com
My Online Gallery: 
http://messinet.com/modules.php?name=Web_Links&l_op=visit&lid=3

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] List problems now resolved

[Gerald (Jerry) Carter]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Folks,

There was a problem with the mail server digest for for this list
which clogged the mail queue for the past 48 hours.  Sorry for
the delayed response.  Things should be working fine now.  And
you will probably see a flood of mail.

Enjoy.  :-)





cheers, jerry
=
I live in a Reply-to-All world.   ---
Samba--- http://www.samba.org
Centeris ---  http://www.centeris.com
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.2 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFD2PHRIR7qMdg1EfYRAokyAJ9Joiz/XjbtFEH9b4Auba6/mzrk7ACfahCE
gS6IaABz9tLu4v5zYXH3+WI=
=dSbC
-END PGP SIGNATURE-
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] testing list

[Gerald (Jerry) Carter]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Please ignore.  checking if the mail server glitch is fixed.





-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.2 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFD2MRfIR7qMdg1EfYRAlQ8AKDUxiM9eUjmBa3jQsTJ3jPKmNzpOACfdVxV
3srBhmhhdMt1wUAi6SyQjNg=
=J7gw
-END PGP SIGNATURE-
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] share user's home directory

[f]

Hi, i'm trying to share the home directory of one single user to some
other users of my samba server, and don't know how...

My problem is that the [homes] section of smb.conf includes all users
of my samba server and this is right, but i want to do an exception
with one user, i need that this user home's directory can be shared to
some other users...

i tried to create a new share using a home's directory as a path to
permit other users to read and write it, but it dosn't work cause says
that the "resource is in use"

thanks in advance

--
f
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Server crash results in no printing (SuSE, Samba 3.0.4)

[Gareth Robert Halfacree]

(yes, I know it's an old version of Samba but I *really* don't want to 
mess about upgrading right now)


The server in question (SuSE Enterprise Linux 9) got itself in a tizz 
last night and was restarted cleanly via the shutdown -r command this 
morning.  Everything comes back up, including Samba, and all is fine.


Except that no-one can print.

Nothing has changed in any of the configuration files.  tdbbackup 
reports that all the tdb files are intact.


Printing from the cups web interface ('Print Test Page') works fine. 
Printing when logged on as 'administrator' works fine.  Printing as a 
Joe-Blow user fails miserably.


I'm getting the following error message in the logs:

[2006/01/26 08:48:58, 0] printing/print_cups.c:cups_queue_get(903)
  Unable to get jobs for ipp://localhost/printers/IT_Office - 
client-error-not-authorized


I'm also seeing a number of:

process_request_pdu: failed to do schannel processing

This thing is kicking my hindquarters, and as it's the central 
logon/print server for a not-small educational establishment the 
pressure is on to get it sorted.


I've doubled-checked all the configuration files, scanned the tdb files 
with tdbbackup, restarted the smbd process after clearing out the 
volatile tdbs, and googled my little heart out.


Any ideas?

--
Gareth Halfacree
http://gareth.halfacree.co.uk
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] SFU UID Mapping

[John Halfpenny]

Hi Everyone,

I'm trying to set up a central home storage area with Samba for our PC and Mac 
clients. I thought that the most logical (ie. easy) way to do this would be to 
have Samba take care of the Windows connectivity and use NFS for the Macs. 

But for this to work I need to drag over the UIDs from Services For Unix which 
I have read is possible on Samba 3.0.20+

Joined Samba to the Win2k3 domain with no problems, the portion of my winbind 
file is here

   idmap backend = ad
   idmap uid = 1-6
   idmap gid = 1-6
   winbind enum users = yes
   winbind enum groups = yes
   winbind nss info = template sfu

If I do a 'getent passwd' with the top line in the config, nothing is returned, 
if I comment that line out then I get my user info but the UIDs are wrong!

Will I have to install Samba from source to get this working? Presently I 
installed the RPM for Fedora 4 and I'm wondering if a component isn't there. 
Worried I'll get in a mess if I start putting the source code version on!

Thanks for any help you can give :-)

John

___
Join Excite! - http://www.excite.com
The most personalized portal on the Web!


-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Test - please ignore

[RNuno]

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] cupsaddsmb

[Andreas Fladischer]

hi!

i've a problem with my samba server and the cupsaddsmb tool for windows 
nt4.0 clients. I'm using cups 1.1.22 and samba 3.0.20b!


the problem is, if i do a cupsaddsmb printer it will generate a 
directory with the drivers for windows. these drivers works perfectly 
with Win2000 Xp but they don't work with Win NT4.0!


i used the cups-samba-1.1.19.tar.gz package to install the cups printer 
drivers but they wouldn't work under nt4.0!


maybe someone can help me - i hope so! :-)

thanks in advance

andreas
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Odd Samba behavior using Windows XP client API RemoveDirectory function

[Gerald (Jerry) Carter]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Jean Cyr wrote:
> I'm having problems with a utility I wrote deleting folders from a
> Thecus N4100 Samba based fileserver. I do not have access or control
> over its Samba config file and this may not be a Samba problem but
> perhaps someone here can point me in the right direction???
>  
> When I issue a Windows API RemoveDirectory function against an empty
> folder residing on a Samba share, the function returns with a success
> return code but does not delete the folder! This is a known problem
> and is documented in the Cygwin rmdir command as occurring when the
> folder is flagged as read-only, which is the Samba default.

See the 'map readonly' smb.conf(5) parameter in 3.0.21.
Or the better solution is to use 'store dos attributes'
parameter with file system EAs.







cheers, jerry
=
I live in a Reply-to-All world---
Samba--- http://www.samba.org
Centeris ---  http://www.centeris.com
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.2 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFD17aWIR7qMdg1EfYRAqXDAJwJ2gHZN3aL5OJrJlvqLn7QzKRMgQCcCPEt
x3SPMXVR4Lmi12V+LFVN9wI=
=ViX2
-END PGP SIGNATURE-
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] test ignore

[Robert Schetterer]

--
Mit freundlichen Gruessen
Best Regards
Robert Schetterer

robert_at_schetterer_dot_org
Munich / Bavaria / Germany
https://www.schetterer.org
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] grant administrator rights

[Patrick DUBAU]

Hi,

we want to give all our users all the rights on the stations, i see 2 
solutions :

- on the station goto local group administrators and add everyone
-  on the sation goto local group administrator annd add an LDAP group 
call UA (created by us with containing all ou users)



Which  way is the best in term of charge ?
Someone told to me that in the first case windows has to handle all the 
users on the stations, but in the second case only one group (group UA).


We have about 4000 users accounts in LDAP
Does  windows have problem handling so much users?

Thanks for any suggestion or return of experience





--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] oplocks and Excel

[Matt Morgan]

I have a small business client with a new samba file server. It's
CentOS 4.2 and Samba samba-3.0.10-1.4E.2.

When they save open Excel files from Windows, they are prompted to
overwrite the existing file. I mean, when they click the little disk
icon or use Ctrl-S or File--Save. Excel would normally just write over
the file, not check with an "are you sure?" prompt. But that's what
they get.

So I looked into this a little, and although I can't find anyone with
this specific issue, I do see that newer versions of Excel create a
bit of file-locking trouble for samba. Now, I don't know enough to
know whether my problem has anything to do with file-locking, but it
seems likely enough. So I have two questions:

1) I find very conflicting opinions on this list, and across the net,
about whether to leave oplocks and level2 oplocks on. I have never had
to touch them in the past, but most of the places where I've used
samba have old versions of Excel and/or OOo. If this place does not
use much MS-Access, can I turn off oplocks? Might I expect doing so to
help with this prompt-to-overwrite problem?

2) More generally, has anyone else seen this problem before and been
able to do anything about it?

Thanks,
Matt
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] ldap authentication fails

[Andy Kesterson]

Well as it turns out our problem eas with the sambaSID values in ldap.
Apprently Samba 3.0 want the full SID value in those fields (sambaSID,
and sambaGroupSID) for any user. We only had the last 4 digits, which
are the unique digits for us (I'm not sure if the amount of digits at
the end can change). Once we setup the users with with the full Samba
SID we were able to execute every Samba command without a problem.

Thanks for the help

On 1/23/06, Gordon Messmer <[EMAIL PROTECTED]> wrote:
> Andy Kesterson wrote:
> >
> >The problem that we are having is when Samba has the "encrypt
> > passwords" option is enabled, we recieve an "session setup failed:
> > NT_STATUS_LOGON_FAILURE" message. When "encrypt passwords" is disabled
> > the login is succesful.
> ...
> >   We have setup Samba, OpenLDAP, and PAM to use MD5 as their hashing 
> > function.
>
> When "encrypt passwords" is disabled, and the client is appropriately
> configured, the client will establish a session by sending its username
> and password, both in plain text.  With the plain text password from the
> client, the server can use PAM to authenticate the user.
>
> However, if you don't want to reconfigure all of your Windows desktops,
> and you don't want your passwords sent across the network in plain text
> for each connection, you should have "encrypt passwords" turned on.  In
> this configuration, the client and server engage in a challenge-response
> conversation to authenticate the users.  To do that, the server needs to
> have the plain-text equivalent of the user's password.  If you had a
> smbpasswd file before converting to LDAP, you can use that to get the
> values that you need.  If not, then you'll need all of your users to set
> their password.  However you choose to solve that problem, you need to
> make sure that in addition to the "userPassword" attribute, each user
> has a "sambaLMPassword" and a "sambaNTPassword" attribute.  The values
> for those two attributes can be formed using the "mkntpwd" program, if
> you want to script the password changes.
>
> Be careful to configure your LDAP server such that users can not read
> the sambaLMPassword and sambaNTPassword attributes from the server.
> Those values are plain-text equivalents, and could be used to log in as
> the user to whom they belong.
>
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Samba 3.0.14 - very puzzling domain browsing problems

[Anthony Messina]

Stephen Bosch wrote:

Anthony Messina wrote:


stephen, might you try setting:

hosts allow = 10.0.0.0/8

or change the network/mask bit for each lan you'd like to allow

and:
hosts deny = 0.0.0.0/0

and:
interfaces = eth0
bind interfaces only = yes

change eth0 to whatever eth* interface your lan is connected to, and
also add "lo" if you use printers attached to this samba server.  this
will tell samba to only bind to the interfaces that you have configured
here and may route broswing properly.

anyone else here have any suggestions?



We did

interfaces = 10.10.10.12/24

and

remote announce = 10.10.10.255/HEDLIN-LAUDER

following the smb.conf man page, but that had no discernable effect.

-Stephen-



stephen, it seems like you've tried to go through everything in the 
right manner.  and you've done the ethereal to make sure packets are 
being sent/received between windows computers and your nmbd server.  i 
am not able to spot where the trouble is so i've included my smb.conf, 
which works as a pdc in the local subnet and as a hub across 2 vpn spoke 
connections without a problem.  perhaps we're both missing something 
that this config can clarify.  -anthony


i do not use firewalling on the lan side of my pdc.

--- smb.conf---
workgroup = example.com
netbios name = home
server string = Samba Domain Server

hosts allow = 127.0.0.1 192.168.1.0/24 192.168.2.0/24 192.168.3.0/24
hosts deny = 0.0.0.0/0

interfaces = lo eth0
bind interfaces only = yes

socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192

printcap name = cups
load printers = yes
printing = cups
cups options = raw

guest account = nobody

log file = /var/log/samba/samba.log
max log size = 1024
log level = 1

security = user
lanman auth = no
client ntlmv2 auth = yes
null passwords = yes

enable privileges = yes

ldap passwd sync = no
ldap admin dn = "uid=sambaroot,ou=People,dc=example,dc=com"
passdb backend = ldapsam:ldap://127.0.0.1
ldap ssl = off
ldap delete dn = no
ldap suffix = dc=example,dc=com
ldap user suffix = ou=People
ldap group suffix = ou=Group
ldap machine suffix = ou=People
ldap filter = (&(objectClass=sambaSamAccount)(uid=%u))

add user script = /usr/sbin/smbldap-useradd -m "%u"
delete user script = /usr/sbin/smbldap-userdel "%u"
add machine script = /usr/sbin/smbldap-useradd -w "%u"
add group script = /usr/sbin/smbldap-groupadd -p "%g"
delete group script = /usr/sbin/smbldap-groupdel "%g"
add user to group script = /usr/sbin/smbldap-groupmod -m "%u" "%g"
delete user from group script = /usr/sbin/smbldap-groupmod -x "%u" "%g"
set primary group script = /usr/sbin/smbldap-usermod -g "%g" "%u"

encrypt passwords = yes

unix password sync = Yes
passwd program = /usr/bin/passwd %u
passwd chat = *New*UNIX*password* %n\n *ReType*new*UNIX*password* %n\n 
*passwd:*all*authentication*tokens*updated*successfully*


username map = /etc/samba/smbusers

local master = yes
os level = 33
domain master = yes
preferred master = yes
domain logons = yes

logon script = %U.bat
logon drive = H:
logon home = \\%L\%U

name resolve order = wins lmhosts bcast
wins support = yes
wins proxy = no
dns proxy = no

preserve case = yes
nt acl support = yes

Shares would be here
---end smb.conf---

-anthony

--
My Website: http://messinet.com
My Online Gallery: 
http://messinet.com/modules.php?name=Web_Links&l_op=visit&lid=3

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Can printer names be mapped?

[Gururajan Ramachandran]

Can printer names be mapped between unix names and windows names just like 
groups? I have a printer that is shared as "HP Mode9" (with a space in the 
name) in windows domain. CUPS will not let me create the name that way so 
I called it HP_Mode9 (with an underscore). Everybody in the domain is 
hooked to "HP Mode9" (with a space). How do I avoid reinstalling driver in 
all the windows clients?


Thanks,

Guru

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Samba LDAP caching when LDAP server unavailable - possible?

[Christopher Smith]

We've used slave ldap servers as our "local office" solution, it seems 
like PITA at first, but really its not much trouble... we redistribute 
old Optiplex GX100's with bigger IDE drives as the local pdc.


Chris Smith

Tomasz Chmielewski wrote:


Michael Gasch schrieb:

you could set up openldap to do syncrepl and have a full copy of 
your samba domain stuff that's in ldap.  if the connection goes 
down, the ldap stuff is there and if you have it set up like a bdc, 
you can still login, etc.




Yep, that's how it's normally done.



what about setting up a BDC in the subnet the router can access by 
ethernet (builtin switch, subnet behind the router). this connection 
is alays "on", isn´t it?



It's a solution for a small office.

A couple of workstations, this tiny router running Samba instead of a 
server; connection to the outside through ADSL, nothing more.


When ADSL doesn't connect (because an employee disconnected the modem, 
because he needed a power outlet to make tee), we're in trouble.




--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] windows print migrator + "add printer command"

[Aarti Varshney (asadhnan)]

hi Geoff,
 
Looks like you have figured out how to use the printmig.exe.
Can you please give me some pointers:
I am trying to migrate print queues from a windows server to a samba
share.
 
this is what I did:
1. I ran printmig.exe on the windows server. 
2. Backed up the printers on the windows servers to a cab file.
3. Tries to restore the printers to the sambashare by specifying the
target as //sambaShare.
But I get the following error: 
 
2006:01:25 15:35:38   Access Granted to: \\sambaShare
 
2006:01:25 15:35:38   Couldn't start the target spooler
2006:01:25 15:35:38   Remote Tree View Failed
 
How do I starter the target spooler?
Do I need some config in smb.conf?
In smb.conf I have a addprinter command.
 
Thanks,
Aarti.
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Print Migrator help needed...

[Aarti Varshney (asadhnan)]

Hi,
 
I am trying to migrate print queues from a windows server to a samba
share.
1. I ran printmig.exe on the windows server. 
2. Backed up the printers on the windows servers to a cab file.
3. Tries to restore the printers to the sambashare by specifying the
target as //sambaShare.
But I get the following error: 
 
2006:01:25 15:35:38   Access Granted to: \\sambaShare
2006:01:25 15:35:38   Couldn't start the target spooler
2006:01:25 15:35:38   Remote Tree View Failed
 
How do I starter the target spooler?
Do I need some config in smb.conf?
In smb.conf I have a addprinter command.
 
Thanks,
Aarti.
 



From: Aarti Varshney (asadhnan) 
Sent: Monday, January 23, 2006 2:55 PM
To: 'samba@lists.samba.org'
Subject: guest account security = domain doesn't work...


Hi,
 
my security is domain, i would like to map users who fail authentication
to be
mapped to a guest account so they can access printers.

My conf file looks like this:
[global]
workgroup = LAB2000DOMAIN2
security = DOMAIN
client schannel = No
map to guest = Bad Password
password server = 10.86.32.27
log level = 4 passdb:5 auth:10 winbind:4
log file = /local/local1/errorlog/samba.log
max log size = 50
smb ports = 50139
lpq cache time = 0
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
printcap name = cups
preferred master = No
local master = No
domain master = No
dns proxy = No
wins server = 10.86.32.27
idmap uid = 7-20
idmap gid = 7-20
template homedir = /local/local1/
template shell = /admin-shell
winbind cache time = 10
winbind use default domain = Yes
printer admin = @cupsAdmin
cups options = "raw"
force printername = Yes

[print$]
path = /state/samba/printers
write list = @cupsAdmin
force user = root
force group = root
guest ok = Yes

[printers]
comment = All Printers
path = /local/local1/spool/samba
guest ok = Yes
printable = Yes
browseable = No
But this does not work.
Any ideas?
Would greatly apreciate your help.
Thanks,
Aarti.
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] how to rename/label network drives

[Taolizhong]

Hello --
   
  I am running samba 3.0.20b as PDC. The clients are running Windows XP SP2.  I 
have a question about how to rename/label the network drive on the clients.
   
  It appears when users login, Windows OS automatically names the mapped drives 
shown in Windows explorer as sharename & server name & (drive letter), such as 
public on 'Samba 3.0.21b (pdc.example.com)' (P:).  The user could rename it 
manually via right click on the drive and choose "rename" option.  I wonder if 
it is possible for Samba system administrtors to rename/label it such that when 
users log onto their account, the drive(s) have desired label/name.
   
  BTW, I tried DOS command "label P:myname". It gave me error message like 
"Parameters are not compatible".
   
  Thanks,
   
  --Ling
   


-
Bring words and photos together (easily) with
 PhotoMail  - it's free and works with your Yahoo! Mail.
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] swat problem with open files

[Jeremy Allison]

On Wed, Jan 18, 2006 at 02:19:40PM -0800, Jeremy Koski wrote:
> 
> On Tue, 17 Jan 2006, Jeremy Allison wrote:
> 
> >On Tue, Jan 17, 2006 at 02:12:27PM -0800, Jeremy Koski wrote:
> >>
> >>
> >>Not sure when this started happening, but we first noticed it about 3
> >>months ago. We have two seperate Samba servers, both having the same
> >>problem when using swat. Both are running 3.0.21a.
> >>
> >>When clicking on Status after logging into to swat, the Open Files
> >>section isn't displaying properly. Each process says DENY_DOS under
> >>Sharing, and under File, each process says A[] (The letter A and then a
> >>square).
> >>
> >>Does anybody have any idea what happend and how I can fix this?
> >
> >Probably just a bug. Can you test smbstatus from the same build
> >and ensure that it is displaying the open file list correctly ?
> >
> >Jeremy.
> >
> 
> 
> smbstatus works fine from the 3.0.21a distribution. In swat, no luck.

I'll look into this for 3.0.21b. Thanks,

Jeremy.
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Samba 3.0.21a and AIX 5.3 - Cannot see server on network

[Dan Engelsen]

I compiled the 3.0.21a samba software with the
following configure options:

configure --prefix=/opt/samba --exec-prefix=/opt/samba
--with-krb=/usr/krb5 --with-smbwrapper --with-syslog
--with-mandir=/usr/man --with-winbind

Everything compiled fine; however, I am unable to see
the server on the microsoft network.

My smb.conf file looks like the this:

[global]
workgroup = CAREMARKRX
netbios name = AZSHSAMBAD01
server string = Micro Strategy Dev Samba
Server 3.0.21a
interfaces = 127.0.0.1, r10dev01/255.255.255.0
security = DOMAIN
log file = /opt/samba/logs/log.%m
preferred master = No
local master = No
domain master = No
dns proxy = No
wins server = WINS1, WINS2
ldap ssl = no
passdb expand explicit = No
admin users = is81301, ds066

[/dano]
path = /tmp
guest ok = Yes
  

When I do a netstat -a, I do not see ports 137 or 139
listed:

tcp4   0  0  *.daytime  *.*   
LISTEN
tcp0  0  *.ftp  *.*   
LISTEN
tcp4   0  0  *.ssh  *.*   
LISTEN
tcp0  0  *.telnet   *.*   
LISTEN
tcp4   0  0  *.time *.*   
LISTEN
tcp4   0  0  *.sunrpc   *.*   
LISTEN
tcp4   0  0  *.netbios- *.*   
LISTEN
tcp4   0  0  *.microsof *.*   
LISTEN
tcp0  0  *.exec *.*   
LISTEN
tcp0  0  *.login*.*   
LISTEN
tcp0  0  *.shell*.*   
LISTEN
tcp4   0  0  *.rmc  *.*   
LISTEN
tcp4   0  0  *.rsync*.*   
LISTEN
tcp4   0  0  *.swat *.*   
LISTEN
tcp4   0  0  *.writesrv *.*   
LISTEN
tcp0  0  *.shilp*.*   
LISTEN
tcp4   0  0  r10dev01.shilp
r10dev02.interna.34383 ESTABLISHED
tcp4   0  0  *.filenet- *.*   
LISTEN
tcp4   0  0  *.filenet- *.*   
LISTEN
tcp4   0  0  *.filenet- *.*   
LISTEN
tcp4   0  0  *.33138*.*   
LISTEN
tcp4   0  0  *.wsmserve *.*   
LISTEN
tcp4   0 52  r10dev01.ssh  
dpcs0395590.care.atc-l ESTABLISHED
tcp4   0  0  r10dev01.ssh  
dpcs0395590.care.1187  ESTABLISHED
udp4   0  0  *.daytime  *.*
udp4   0  0  *.time *.*
udp4   0  0  *.sunrpc   *.*
udp4   0  0  127.255.255.255.ntp*.*
udp4   0  0  rs123ws255.inter.ntp   *.*
udp4   0  0  loopback.ntp   *.*
udp4   0  0  r10dev01.ntp   *.*
udp4   0  0  *.ntp  *.*
udp4   0  0  r10dev01.netbios-  *.*
udp4   0  0  *.netbios- *.*
udp4   0  0  r10dev01.netbios-  *.*
udp4   0  0  *.netbios- *.*
udp4   0  0  *.syslog   *.*
udp4   0  0  *.ntalk*.*
udp4   0  0  *.rmc  *.*
udp4   0  0  *.shilp*.*
udp4   0  0  *.xmquery  *.*
udp4   0  0  *.32775*.*
udp4   0  0  *.32776*.*
udp4   0  0  *.32777*.*
udp4   0  0  *.32781*.*
udp4   0  0  *.32782*.*
udp4   0  0  *.32819*.*
udp4   0  0  *.32820*.*
udp4   0  0  *.33402*.*
udp4   0  0  *.33403*.*
udp4   0  0  *.35480*.*
udp4   0  0  *.35481*.*
udp4   0  0  *.35482*.*
udp4   0  0  *.37966*.*
udp4   0  0  *.37967*.*

The processes are up and running:

[EMAIL PROTECTED]/etc # ps -ef|grep samba
root 634946  1   0 10:52:30  -  0:00
/opt/samba/sbin/smbd -D
root 671958 634946   0 10:52:31  -  0:00
/opt/samba/sbin/smbd -D
root 680114  1   0 10:52:31  -  0:00
/opt/samba/sbin/nmbd -D

When I try the echo "help"|telnet localhost 139, it
works, but it hangs for about 5 minutes.

[EMAIL PROTECTED]/etc # echo "hello" |telnet localhost
139
Trying...
Connected to loopback.
Escape character is '^]'.  (It hangs at this point)
Connection closed.
[EMAIL PROTECTED]/etc #

I do not start the samba daemons out of inetd.  I have
a startup script that runs from the inittab called
/etc/rc.samba.

#!/bin/ksh

if [ -x /opt/samba/sbin/smbd ]
then
e

[Samba] RESOLVED: Linux/AD authentication stops working after ~5 minutes

[McGlorfin]

McGlorfin wrote:

I'm trying to do something fairly simple: login to a Linux box using a
Windows AD-based account. [...]



[...] Is this more likely to be a
misconfiguration or an issue with my version of Samba? 


After upgrading to version 3.0.21a, my problems have disappeared. The 
WHATSNEW file gives a hint as to the source of the problem:


  Common bugs fixed in 3.0.14a include:

o Compatibility issues between Winbind and Windows 2003 SP1
  domain controllers (*2k3sp1*).

-McG

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] net ads join segmentation fault

[Gerald (Jerry) Carter]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Robert J. Collins wrote:

> On FreeBSD 6.0-RELEASE-p2 using samba-3.0.21a,1 the 
> net command seg faults. Does anyone know what is going
> on?

Can you get a backtrace from gdb after building Samba
with the --enable-debug option (or just the -g gcc compile
flag)?  Thanks.





cheers, jerry
=
I live in a Reply-to-All world---
Samba--- http://www.samba.org
Centeris ---  http://www.centeris.com

-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.2 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFD17ZAIR7qMdg1EfYRAinYAKDzbHIHzgNkbAYhP0LUjpQa3fwgcACg1dv1
y9bP7gb4sJYxGd9Fmw6rxp8=
=zYh7
-END PGP SIGNATURE-
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Need help debugging the printer related "Access denied, unable to connect" message

[taso]

Gerald (Jerry) Carter wrote:


taso wrote:

Gerald (Jerry) Carter wrote:

Read the smb.conf(5) man page entry for 'user client driver'.

Thanks, someone emailed me to that effect. Is it 
possible to add that attribute to print shares

that are otherwise entirely manufactured by Samba?


Do you mean from the [printers] dynamic share?  The standard
rules for default service options apply.  You will probably


I didn't (and maybe still don't) know precisely what those rules are.
My question was, Can I explicitly define a print share, nominate that
it inherits attributes from X, but over-ride the 'use client driver'
attribute. X being whatever the automatically created print shares get
their attributes from. My current understanding says that the answer
is approximately, yes. A bare print share gets its attributes from the
default settings which can be adjusted with [printers].



need to define an explicit share for the problem printers
(or follow the recommended solution and just install the
drivers on the server).



That was the plan but for unknown reasons I could only upload one
set of drivers - trying to upload for additional printers kept failing.
Eventually, I deleted all of the printer related tdb files, crossed my
fingers, and was then able to upload several printer drivers. (Didn't
cross my fingers the first time.)

Can Samba tell me which printers it thinks that it has drivers for, and
for every such printer the set of files that constitute the driver?


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Samba 3.0.14 - very puzzling domain browsing problems

[Stephen Bosch]

I am just going to attach an Ethereal packet capture file in native
format without commentary. I welcome feedback, because at this point,
I'm truly stumped.
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Re: Samba - joining TO THE DOMAIN

[eric roseme]

First, this should go to samba@lists.samba.org - not technical.

Second - with "net join", you are probably in "security = domain".  So 
you need to add the computer to the domain using the Users and Computers 
MMC on the domain controller.



Eric Roseme
Hewlett-Packard


Nagendra KV wrote:

HI

 


Help is required!

 


I get following error when joining the domain Samba used: 3.0.10 on
HP-UX 11i

 

 


# net join -I a.b.c.d -U 

[2006/01/25 20:00:57, 0]
rpc_client/cli_netlogon.c:cli_nt_setup_creds(256)

  cli_nt_setup_creds: request challenge failed

Password:

[2006/01/25 20:01:21, 0]
rpc_client/cli_netlogon.c:cli_nt_setup_creds(256)

  cli_nt_setup_creds: request challenge failed

[2006/01/25 20:01:21, 0] utils/net_rpc_join.c:net_rpc_join_newstyle(319)

  Error domain join verification (reused connection):
NT_STATUS_INVALID_COMPUTER_NAME

 


Unable to join domain 

 


Please help me out to resolve this issue.

 

 


Thanks

Regards

Nagendra KV

 

 

 


Nagendra KV | Technology (STS) | M P H A S I S  Architecting Value | IT
SERVICES
#139/1, Hosur Road, Koramangala, Bangalore - 560095, | Tel: (80)
25522713/14 Ext-1016| Fax: (80) 25522719| www.mphasis.com
 


Information transmitted by this e-mail is proprietary to MphasiS and/ or
its Customers and is intended for use only by the individual or entity
to which it is addressed, and may contain information that is
privileged, confidential or exempt from disclosure under applicable law.
If you are not the intended recipient or it appears that this mail has
been forwarded to you without proper authority, you are notified that
any use or dissemination of this information in any manner is strictly
prohibited. In such cases, please notify us immediately at
[EMAIL PROTECTED]   and delete this
mail from your records

 




--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Samba 3.0.14 - very puzzling domain browsing problems

[Stephen Bosch]

Anthony Messina wrote:
> stephen, might you try setting:
> 
> hosts allow = 10.0.0.0/8
> 
> or change the network/mask bit for each lan you'd like to allow
> 
> and:
> hosts deny = 0.0.0.0/0
> 
> and:
> interfaces = eth0
> bind interfaces only = yes
> 
> change eth0 to whatever eth* interface your lan is connected to, and
> also add "lo" if you use printers attached to this samba server.  this
> will tell samba to only bind to the interfaces that you have configured
> here and may route broswing properly.
> 
> anyone else here have any suggestions?

We did

interfaces = 10.10.10.12/24

and

remote announce = 10.10.10.255/HEDLIN-LAUDER

following the smb.conf man page, but that had no discernable effect.

-Stephen-

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Samba 3.0.14 - very puzzling domain browsing problems

[Stephen Bosch]

Jesse Spangenberger wrote:
> Also, try to run Ethereal (www.ethereal.org) with the filter "nbns || smb"
> and see if the samba server is broadcasting the right packets.
> 
> Umm, You could try "remote browser = " making sure the PDC
> and workstations are in the same subnet and not across a router.

We have tried:

1. Specifying the interface in smb.conf
2. Adding the "remote announce" line with the local subnet in it
3. Turning on WINS

No hosts appear in My Network Places (these are 2000 machines).

Last night I did some packet captures on workstations using Ethereal. I
definitely need some help in interpreting them.

I'll attach a capture here and briefly describe what was done.

The Samba PDC is at 10.10.10.12; the host where the capture was done (in
non-promiscuous mode) is 10.10.10.58.

During the packet capture, I open My Network Places | Entire Network |
Microsoft Windows Network | HEDLIN-LAUDER

Nothing appears, so I go up a few levels, then back down.

I repeatedly click the "HEDLIN-LAUDER" domain.

What I see in the packet capture is interesting. For example, when I
click on the HEDLIN-LAUDER domain for the first time:

> No. TimeSourceDestination   Protocol Info
>   3 8.12306210.10.10.58   10.10.10.12   TCP  1061 
> > netbios-ssn [SYN] Seq=0 Ack=0 Win=16384 Len=0 MSS=1460
> 
> Frame 3 (62 bytes on wire, 62 bytes captured)
> Ethernet II, Src: Micro-St_e1:98:d0 (00:0c:76:e1:98:d0), Dst: 
> 00:48:45:44:02:01 (00:48:45:44:02:01)
> Internet Protocol, Src: 10.10.10.58 (10.10.10.58), Dst: 10.10.10.12 
> (10.10.10.12)
> Transmission Control Protocol, Src Port: 1061 (1061), Dst Port: netbios-ssn 
> (139), Seq: 0, Ack: 0, Len: 0
> 
> No. TimeSourceDestination   Protocol Info
>   4 8.12694710.10.10.12   10.10.10.58   TCP  
> netbios-ssn > 1061 [SYN, ACK] Seq=0 Ack=1 Win=5840 Len=0 MSS=1460
> 
> Frame 4 (62 bytes on wire, 62 bytes captured)
> Ethernet II, Src: 00:48:45:44:02:01 (00:48:45:44:02:01), Dst: 
> Micro-St_e1:98:d0 (00:0c:76:e1:98:d0)
> Internet Protocol, Src: 10.10.10.12 (10.10.10.12), Dst: 10.10.10.58 
> (10.10.10.58)
> Transmission Control Protocol, Src Port: netbios-ssn (139), Dst Port: 1061 
> (1061), Seq: 0, Ack: 1, Len: 0
> 
> No. TimeSourceDestination   Protocol Info
>   5 8.12697010.10.10.58   10.10.10.12   TCP  1061 
> > netbios-ssn [ACK] Seq=1 Ack=1 Win=17520 Len=0
> 
> Frame 5 (54 bytes on wire, 54 bytes captured)
> Ethernet II, Src: Micro-St_e1:98:d0 (00:0c:76:e1:98:d0), Dst: 
> 00:48:45:44:02:01 (00:48:45:44:02:01)
> Internet Protocol, Src: 10.10.10.58 (10.10.10.58), Dst: 10.10.10.12 
> (10.10.10.12)
> Transmission Control Protocol, Src Port: 1061 (1061), Dst Port: netbios-ssn 
> (139), Seq: 1, Ack: 1, Len: 0
> 
> No. TimeSourceDestination   Protocol Info
>   6 8.12700610.10.10.58   10.10.10.12   NBSS 
> Session request, to PDC<20> from HL08<00>
> 
> Frame 6 (126 bytes on wire, 126 bytes captured)
> Ethernet II, Src: Micro-St_e1:98:d0 (00:0c:76:e1:98:d0), Dst: 
> 00:48:45:44:02:01 (00:48:45:44:02:01)
> Internet Protocol, Src: 10.10.10.58 (10.10.10.58), Dst: 10.10.10.12 
> (10.10.10.12)
> Transmission Control Protocol, Src Port: 1061 (1061), Dst Port: netbios-ssn 
> (139), Seq: 1, Ack: 1, Len: 72
> NetBIOS Session Service
> Message Type: Session request
> Flags: 0x00
> Length: 68
> Called name: PDC<20> (Server service)
> Calling name: HL08<00> (Workstation/Redirector)
> 
> No. TimeSourceDestination   Protocol Info
>   7 8.13115010.10.10.12   10.10.10.58   TCP  
> netbios-ssn > 1061 [ACK] Seq=1 Ack=73 Win=5840 Len=0
> 
> Frame 7 (60 bytes on wire, 60 bytes captured)
> Ethernet II, Src: 00:48:45:44:02:01 (00:48:45:44:02:01), Dst: 
> Micro-St_e1:98:d0 (00:0c:76:e1:98:d0)
> Internet Protocol, Src: 10.10.10.12 (10.10.10.12), Dst: 10.10.10.58 
> (10.10.10.58)
> Transmission Control Protocol, Src Port: netbios-ssn (139), Dst Port: 1061 
> (1061), Seq: 1, Ack: 73, Len: 0
> 
> No. TimeSourceDestination   Protocol Info
>   8 8.13958910.10.10.12   10.10.10.58   NBSS 
> Positive session response
> 
> Frame 8 (60 bytes on wire, 60 bytes captured)
> Ethernet II, Src: 00:48:45:44:02:01 (00:48:45:44:02:01), Dst: 
> Micro-St_e1:98:d0 (00:0c:76:e1:98:d0)
> Internet Protocol, Src: 10.10.10.12 (10.10.10.12), Dst: 10.10.10.58 
> (10.10.10.58)
> Transmission Control Protocol, Src Port: netbios-ssn (139), Dst Port: 1061 
> (1061), Seq: 1, Ack: 73, Len: 4
> NetBIOS Session Service
> Message Type: Positive session response
> Flags: 0x00
> Length: 0
> 
> No. TimeSourceDestination   Protocol Info
>   9 8.13964310.10.10.58   10.10.10.12   SMB   

[Samba] Question about executable permissions with samba

[Harshal Dharia]

I have a setup where i am using samba to access my linux box through 
windows, to edit scripts and stuff. But say if a script as executable 
permissions for all when i open it in windows through samba, on saving it 
the prior permissions are overwritten by samba's default permission. Is 
there a way to tell samba to keep the file prior permission.

   Harshal Dharia
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] userPassword in a LDAP database of a Samba3 domain

[fabricio bianco abreu]

Hi folks,

I have been able to migrate a WinNT4 domain to a Samba3 PDC domain using
openldap as a backend and smbldap-tools to vampire the WinNT4 domain (pretty
much following Samba3 by Example and documentation in smbldap project by 
IDEALX).

Nevertheless, all 600 users migraged from the WinNT4 domain have attributes like
these on the ldap database:

 userPassword: {crypt}x
 sambaLMPassword: blablabla
 sambaNTPassword: blablabla

Every user that have had their password changed since the migration (using Win9x
control panel or WinXP tools or smbldap-passwd) have attributes like these on
the ldap database:

 userPassword: {MD5}foobar==
 sambaLMPassword: blablabla
 sambaNTPassword: blablabla

Now I am trying to use the same ldap server to support authentication to
unix/linux services. 
Users that have userPassword attribute in the MD5 form can be authentication by
unix/linux services. The other users cannot.

My question is: Is there a way to populate userPassword attribute in the MD5
format so that users are not required to have their password changed? I believe
a good opportunity to do so occurs whenever a user logs to the domain.

Thanks a lot. Best regards,

Fabricio







 Information from NOD32 
This message was checked by NOD32 Antivirus System for Linux Mail Server.
http://www.nod32.com
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] nmbd terminates with error code 58

[Martin Meiler]

Hello everybody,

from time to time our nmbd daemon quits his job and the last time he did
this he told us:

[2006/01/25 15:56:02, 0] nmbd/nmbd.c:terminate(58)
  Got SIGTERM: going down...

So my question is: What is the cause of this behaviour and in special
what is happening when nmbd exists with error code 58.

I am relly sorry if there is a documentation where i could have read
about it, but i did not find anything concerning my problem.

Thanks in advance for an answer.

Regards

Martin


-- 


  _/ _/_/   _/_/_/ Friedrich Alexander Universität Erlangen
 _/_/   _/ _/   Lehrstuhl für Sensorik
_/_/  _/   Paul-Gordanstr. 5, 91052 Erlangen, Germany
   _/  _/_/  _/_/
  _/ _/ _/  University of Erlangen
 _/_/   _/ _/  Department of Sensor Technology
_/_/_/  _/_/  _/_/_/   Paul-Gordanstr. 5, 91052 Erlangen, Germany


Dipl.-Ing. Martin Meiler

tel.:   (+49)-9131-85-23140
fax.:   (+49)-9131-85-23133

email:  [EMAIL PROTECTED]

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Samba daemons hang trying to lock locking.tdb

[Fermin Molina]

Hi,

A day or so after starting samba, some daemons (diferent forks) begin to
hang. Then, the WinXP clients hang too completely.

When I try to figure out what is happen, I see that smbd daemons hangs
always in a fcntl64() call:

# strace -p 6414
Process 6414 attached - interrupt to quit
fcntl64(14, F_SETLKW64, {type=F_WRLCK, whence=SEEK_SET, start=3684, len=1}  

Process 6414 detached
# 

The file descriptor 14 corresponds to /var/lib/samba/locking.tdb file.
A backtrace using gdb from one stalled daemon:

(gdb) bt
#0  0x00faf402 in __kernel_vsyscall ()
#1  0x003dbd7a in fcntl () from /lib/libc.so.6
#2  0x008e50eb in tdb_set_lock_alarm () from /usr/sbin/smbd
#3  0x008e5307 in tdb_set_lock_alarm () from /usr/sbin/smbd
#4  0x008e5868 in tdb_chainlock () from /usr/sbin/smbd
#5  0x00880da8 in get_share_mode_lock () from /usr/sbin/smbd
#6  0x00881677 in get_delete_on_close_flag () from /usr/sbin/smbd
#7  0x007718fb in reply_trans2 () from /usr/sbin/smbd
#8  0x007906bc in smb_fn_name () from /usr/sbin/smbd
#9  0x007913c4 in process_smb () from /usr/sbin/smbd
#10 0x00791899 in smbd_process () from /usr/sbin/smbd
#11 0x0096c5c0 in main () from /usr/sbin/smbd
(gdb)


A backtrace from another stalled daemon:


(gdb) bt
#0  0x00faf402 in __kernel_vsyscall ()
#1  0x003dbd7a in fcntl () from /lib/libc.so.6
#2  0x008e50eb in tdb_set_lock_alarm () from /usr/sbin/smbd
#3  0x008e5307 in tdb_set_lock_alarm () from /usr/sbin/smbd
#4  0x008e5868 in tdb_chainlock () from /usr/sbin/smbd
#5  0x00880da8 in get_share_mode_lock () from /usr/sbin/smbd
#6  0x0077ab8b in open_file_ntcreate () from /usr/sbin/smbd
#7  0x0074a922 in reply_ntcreate_and_X () from /usr/sbin/smbd
#8  0x007906bc in smb_fn_name () from /usr/sbin/smbd
#9  0x007913c4 in process_smb () from /usr/sbin/smbd
#10 0x00791899 in smbd_process () from /usr/sbin/smbd
#11 0x0096c5c0 in main () from /usr/sbin/smbd
(gdb)   


The number of smbd daemons stalled increases in time.
I'm using FC4 with last updates installed and samba 3.0.21a.

Maybe is a kernel related problem with file locking?

Thanx in advance!

-- 
Fermin Molina Ibarz
Tècnic sistemes - ASIC
Universitat de Lleida
Tel: +34 973 702151
GPG: 0x060F857A


-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] create smbpasswd/tdbsam from ldapsam/LDAP query?

[Tomasz Chmielewski]

Josh Kelley schrieb:

On 1/23/06, Tomasz Chmielewski <[EMAIL PROTECTED]> wrote:


Ilia Chipitsine schrieb:


pdbedit

it is beatiful thing for converting from anything to anything :-)


Almost.
I don't see if it can "convert" ldapsam to /etc/passwd and /etc/group.



To get /etc/passwd and /etc/group from LDAP, run "getent passwd" and
"getent group" on a computer that has LDAP/nsswitch configured.


And I began to think how to do it with sed/awk from the ldapsearch query :)

Indeed, it is perhaps easier to do getent and then transfer the 
resulting files.

But then it's the "push" method, not pull (when I want exactly).
Perhaps I could use ssh keys to pull the data when I want from a central 
server, but I'm not sure if it wouldn't be a unnecessary security risk.



Good, I have some options, now I need to evaluate them.


--
Tomasz Chmielewski
http://wpkg.org
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Removing rsync

[Bhuwan Chawla]

how to remove rsync succesfully?
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] enable privileges: samba 3.0.14a (fc4) pdc with ldap

[Anthony Messina]

Gerald (Jerry) Carter wrote:

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Anthony Messina wrote:



1.
when you do, "enable privileges = yes" and set some 
privileges on the pdc, are those privileges effective

throughout the entire domain?



Not currently.



2.
and then does "enable privileges = yes" need to be set 
on each samba member server of a domain?



Depends on what you need.  The SeMachineAccountPrivilege
doesn't really apply on member servers but the
SePrintOperatorPrivilege does.



3.
would i need to grant the same privileges on every 
samba member server in the domain?



See above comments.






cheers, jerry
=
I live in a Reply-to-All world---
Samba--- http://www.samba.org
Centeris ---  http://www.centeris.com
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.2 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFD132SIR7qMdg1EfYRAgzVAJ9s7duhIJRYC+Wf9wbR9sqL4739mwCfQtp7
vPFNZLJwf7jukRxMWLAnbkg=
=ngTW
-END PGP SIGNATURE-



thank you jerry.  that cleared things up quite appropriately.  -anthony

--
My Website: http://messinet.com
My Online Gallery: 
http://messinet.com/modules.php?name=Web_Links&l_op=visit&lid=3

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] create smbpasswd/tdbsam from ldapsam/LDAP query?

[Josh Kelley]

On 1/23/06, Tomasz Chmielewski <[EMAIL PROTECTED]> wrote:
> Ilia Chipitsine schrieb:
> > pdbedit
> >
> > it is beatiful thing for converting from anything to anything :-)
>
> Almost.
> I don't see if it can "convert" ldapsam to /etc/passwd and /etc/group.

To get /etc/passwd and /etc/group from LDAP, run "getent passwd" and
"getent group" on a computer that has LDAP/nsswitch configured.

Josh Kelley
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] smbtar works only in verbose mode

[Gerald (Jerry) Carter]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Pierre Hanser wrote:
> hello
> i've observed on the last samba release, on a mandriva 2005 linux
> machine, something I had already seen in the past on older samba
> versions; when i try to dump a share from a win XP box, if i
> switch off verbose mode, many files at random are missing. If
> i run the smbtar in verbose mode all files are present.
> 
> Is this a known fact? workaround? ideas?
> 
> In the past i suspected a problem in my compilation of samba,
> but the same observation on an other machine, with an other
> linux and an other samba: it seems there is something here.
> thanks for any help or tips

This sounds like and old bug that has already been fixed.
What version of Samba are you running?





cheers, jerry
=
I live in a Reply-to-All world---
Samba--- http://www.samba.org
Centeris ---  http://www.centeris.com
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.2 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFD137cIR7qMdg1EfYRAvLEAKDTFqvHxSKolaaKy9XS3JJYSn9AAgCfXDQK
jgi3or24x1QL/4ErLUYRHV4=
=3SBC
-END PGP SIGNATURE-
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Need help debugging the printer related "Access denied, unable to connect" message

[Gerald (Jerry) Carter]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

taso wrote:
> Gerald (Jerry) Carter wrote:
>>
>> Read the smb.conf(5) man page entry for 'user client driver'.
>>
> 
> Thanks, someone emailed me to that effect. Is it 
> possible to add that attribute to print shares
> that are otherwise entirely manufactured by Samba?

Do you mean from the [printers] dynamic share?  The standard
rules for default service options apply.  You will probably
need to define an explicit share for the problem printers
(or follow the recommended solution and just install the
drivers on the server).




cheers, jerry
=
I live in a Reply-to-All world---
Samba--- http://www.samba.org
Centeris ---  http://www.centeris.com
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.2 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFD136qIR7qMdg1EfYRAkvOAJ4rjHPkZxIu3Cbsm4E9vgvQF+yU1gCfQBuW
hF3Z76Tulu959mWcP2K0WlI=
=oCdk
-END PGP SIGNATURE-
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] enable privileges: samba 3.0.14a (fc4) pdc with ldap

[Gerald (Jerry) Carter]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Anthony Messina wrote:

> 1.
> when you do, "enable privileges = yes" and set some 
> privileges on the pdc, are those privileges effective
> throughout the entire domain?

Not currently.

> 2.
> and then does "enable privileges = yes" need to be set 
> on each samba member server of a domain?

Depends on what you need.  The SeMachineAccountPrivilege
doesn't really apply on member servers but the
SePrintOperatorPrivilege does.

> 3.
> would i need to grant the same privileges on every 
> samba member server in the domain?

See above comments.






cheers, jerry
=
I live in a Reply-to-All world---
Samba--- http://www.samba.org
Centeris ---  http://www.centeris.com
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.2 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFD132SIR7qMdg1EfYRAgzVAJ9s7duhIJRYC+Wf9wbR9sqL4739mwCfQtp7
vPFNZLJwf7jukRxMWLAnbkg=
=ngTW
-END PGP SIGNATURE-
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] ldap filter

[Gerald (Jerry) Carter]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Remy Zandwijk wrote:

> I have a situation were the ldap filter option is needed as 
> well. It's very anoying this was removed from Samba. Never
> read an explanation either, only 'configure your nss_ldap
> to relfect the ldap filter', which is not really an option
> on our Solaris 9 systems. Samba Team, please give us back the
> 'ldap filter' option!

Propose a patch on the samba-technical ml.  You won't
gain any traction on this list.  The original implementation
was broken.   Period.  Just caused too many problems.





cheers, jerry
=
I live in a Reply-to-All world---
Samba--- http://www.samba.org
Centeris ---  http://www.centeris.com
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.2 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFD13mfIR7qMdg1EfYRAvhiAKDDgCly04GB27X3M/EEugvZicL96QCZAV2/
3YDb3iYHHBowmNA1/f9tn/U=
=+z+6
-END PGP SIGNATURE-
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] samba as bdc

[Andreas Fladischer]

[EMAIL PROTECTED]

i have a samba server with ldap as pdc. everything works fine and now 
i'm testing samba as bdc.
i copied the smb.conf from the pdc to the bdc and changed the domain 
master = yes to no!


then i stopped the smb service on the pdc and tried to login on an winxp 
machine and this also worked (the log file show me that the login is on 
the bdc)! is it possible that the users can change their passwords when 
the pdc isn't available or must the pdc be online?how can i do this?


with best regards and thanks in advance for your answers
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Unique profile

[Edson Capitani]

 

Hi list! 

 

I need your help! 

 

I want to use a single profile to every user in my domain (samba3+ldap
backend) and I want to make this profile read only so every user will be in
moment using the same profile and this profile is roaming.  

 

My idea. 

 

|---|
|---|
|-|   

|   SMB-Server   |   |
WorkStation  |  |WorkStation   |

|---|UserLogon
|---|UserLogOff  |-
|

|  singleUser-Profile| -->   |
UserMoment-Profile  |  | UserMoment-Profile|

|---||
ReadOnly   |->| Deleted |


 
|---|
|-|   

 

if there somebody out there that can guide me in the right direction please
help. 

 

Thankyou all in advance. 

 

Edson Capitani.

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Problems with smbd...

[rasper . lemm]

Hello together!
I run Samba 3.0.9-2.3 on Suse 9.2. This Server is in an Active Directory
Domain, but it is not able to make it a domainmemberserver. So i uses the
following configuration:

/etc/samba/smb.conf
*
[global]
security = Server
domain logons = no
NIS homedir = no
encrypt passwords = yes
update encrypted = no
password server = EMEA
guest account = nobody
username map = /etc/samba/smbusers

# host access security
hosts allow = ip-range

# browsing
workgroup = RABBIT  #AD- Domainname
domain master = no
local master = no
preferred master = no
os level = 0

# printing
disable spoolss = yes
load printers = no
show add printer wizard = no

#other options
smb ports = 445
interfaces = eth0
bind interfaces only = yes
disable netbios = yes
min password length = 8

#file handling
keepalive = 30
share modes = yes
locking = yes
strict locking = yes
create mask = 0770
directory mask = 0770
hide dot files = no

#handle european characters
#character set = ISO8859-1
#client code page = 850

#Defaults
inherit acls = yes
inherit permissions = no
read only = no
browseable = no
available = no
guest ok = no

#=
#Shares
[Abteilung]
browseable = yes
available = yes
comment = Abteilungsdaten
path = /usr/abt/
oplock contention limit = 1
*

This solution works more or less good. My mainproblem: many times a day the
message

/var/log/messages
*
SERVERNAME smbd[28175]:   password server not available
Jan 25 12:00:28 SERVERNAME smbd[28175]: [2006/01/25 12:00:28, 0]
auth/auth_server.c:server_cryptkey(83)
*
appears and then noone can access the shares. Resarting samba does not
solve the problem. Google was not able to give me a useable result, so i
ask you for help.

PS: sorry for my poor english grammar!!

greets Lucky_dc!

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Samba Active Directory NT_STATUS_ACCESS_DENIED - expired?

[Andreas Unterkircher]

Hello list,

I'm using several samba server (mix between v2.2 and v3.0 versions) 
within an Active Directory domain. These servers are normal domain 
members and winbind is used to lookup the domain users on the linux 
machines.


Sometimes it looks like that some of the servers get kicked out of the 
domain. In the samba logs suddenly NT_STATUS_ACCESS_DENIED messages 
appear and samba stopps authenticate users against domain.


The computer account is still present in Active Directory. I've check 
if the account has expired but it's expired time is far away 
(9223372036854775807, in 2038 ...). The account is neither inactive, 
disabled or locked out.


When I try to rejoin on the existing computer account (smbpasswd -j, 
net join) it works on samba side but in the domain controllers event 
log I see some of the following errors:


The session setup from the computer SRV-MFM-30 failed to authenticate. 
The name of the account referenced in the security database is 
SRV-MFM-30$.  The following error occurred: Access is denied.


I have to remove the computer object and join the domain again. Then 
everything works again (for some time).


This happens with security=domain (rpc) and also with security=ads 
(ldap,kdc,...). The timeframe ist mostly 2 or 3 months.


Anyone has a clue what can cause this or encountered similar problems?

Cheers,
Andreas Unterkircher

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Cannot map guest shares in 'security = SERVER' mode on samba-3.0.9

[Rene Kapeller]

== platform =

Linux version: RHEL-3 resp. Scientific Linux 305
Samba vesrion: 3.0.9-1.3E.3
Samba operating mode: security = SERVER

== problem =

'net use n: \\smbs1\public' on Windows XP, always asks for a password.

'smbmount //smbs1/public /mnt/public -o password=' does not.

This all used to work fine under Redhat-9 and Samba-2.2


== smb.conf =

[global]
workgroup = MSDOM
netbios name = SMBS1
interfaces = XXX.XXX.XXX.XXX/255.255.255.0, 127.0.0.1
bind interfaces only = Yes
security = SERVER
map to guest = Bad User
password server = pdc1.XXX.XXX
guest account = guest
log level = 3
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
load printers = No
local master = No
domain master = No
dns proxy = No
wins server = wins00.XXX.XXX


[public]
comment = Public share
path = /export/public
guest ok = Yes
hosts allow = XXX.XXX., 127.0.0.1



 also tested, but no success =


#null passwords = yes
#max protocol = LANMAN1
#client use spnego = no


== log when Windows XP tries 

[2006/01/25 09:48:14, 3] smbd/process.c:process_smb(1091)
  Transaction 1 of length 137
[2006/01/25 09:48:14, 3] smbd/process.c:switch_message(886)
  switch message SMBnegprot (pid 770) conn 0x0
[2006/01/25 09:48:14, 3] smbd/sec_ctx.c:set_sec_ctx(288)
  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2006/01/25 09:48:14, 3] smbd/negprot.c:reply_negprot(461)
  Requested protocol [PC NETWORK PROGRAM 1.0]
[2006/01/25 09:48:14, 3] smbd/negprot.c:reply_negprot(461)
  Requested protocol [LANMAN1.0]
[2006/01/25 09:48:14, 3] smbd/negprot.c:reply_negprot(461)
  Requested protocol [Windows for Workgroups 3.1a]
[2006/01/25 09:48:14, 3] smbd/negprot.c:reply_negprot(461)
  Requested protocol [LM1.2X002]
[2006/01/25 09:48:14, 3] smbd/negprot.c:reply_negprot(461)
  Requested protocol [LANMAN2.1]
[2006/01/25 09:48:14, 3] smbd/negprot.c:reply_negprot(461)
  Requested protocol [NT LM 0.12]
[2006/01/25 09:48:14, 3] smbd/negprot.c:reply_nt1(333)
  using SPNEGO
[2006/01/25 09:48:14, 3] smbd/negprot.c:reply_negprot(549)
  Selected protocol NT LM 0.12
[2006/01/25 09:48:14, 3] smbd/process.c:process_smb(1091)
  Transaction 2 of length 240
[2006/01/25 09:48:14, 3] smbd/process.c:switch_message(886)
  switch message SMBsesssetupX (pid 770) conn 0x0
[2006/01/25 09:48:14, 3] smbd/sec_ctx.c:set_sec_ctx(288)
  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2006/01/25 09:48:14, 3] smbd/sesssetup.c:reply_sesssetup_and_X(655)
  wct=12 flg2=0xc807
[2006/01/25 09:48:14, 2] smbd/sesssetup.c:setup_new_vc_session(608)
  setup_new_vc_session: New VC == 0, if NT4.x compatible we would close 
all old resources.

[2006/01/25 09:48:14, 3] smbd/sesssetup.c:reply_sesssetup_and_X_spnego(535)
  Doing spnego session setup
[2006/01/25 09:48:14, 3] smbd/sesssetup.c:reply_sesssetup_and_X_spnego(566)
  NativeOS=[Windows 2002 Service Pack 2 2600] NativeLanMan=[Windows 
2002 5.1] PrimaryDomain=[]

[2006/01/25 09:48:14, 3] smbd/sesssetup.c:reply_spnego_negotiate(444)
  Got OID 1 3 6 1 4 1 311 2 2 10
[2006/01/25 09:48:14, 3] smbd/sesssetup.c:reply_spnego_negotiate(447)
  Got secblob of size 40
[2006/01/25 09:48:14, 3] libsmb/ntlmssp.c:debug_ntlmssp_flags(62)
  Got NTLMSSP neg_flags=0xe2088297
[2006/01/25 09:48:14, 3] lib/util_sock.c:open_socket_out(752)
  Connecting to XXX.XXX.230.102 at port 445
[2006/01/25 09:48:14, 3] auth/auth_server.c:server_cryptkey(75)
  connected to password server D.XXX.CH
[2006/01/25 09:48:14, 3] auth/auth_server.c:server_cryptkey(100)
  got session
[2006/01/25 09:48:14, 3] auth/auth_server.c:server_cryptkey(133)
  password server OK
[2006/01/25 09:48:14, 3] auth/auth_server.c:auth_get_challenge_server(183)
  using password server validation
[2006/01/25 09:48:14, 3] smbd/process.c:process_smb(1091)
  Transaction 3 of length 274
[2006/01/25 09:48:14, 3] smbd/process.c:switch_message(886)
  switch message SMBsesssetupX (pid 770) conn 0x0
[2006/01/25 09:48:14, 3] smbd/sec_ctx.c:set_sec_ctx(288)
  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2006/01/25 09:48:14, 3] smbd/sesssetup.c:reply_sesssetup_and_X(655)
  wct=12 flg2=0xc807
[2006/01/25 09:48:14, 2] smbd/sesssetup.c:setup_new_vc_session(608)
  setup_new_vc_session: New VC == 0, if NT4.x compatible we would close 
all old resources.

[2006/01/25 09:48:14, 3] smbd/sesssetup.c:reply_sesssetup_and_X_spnego(535)
  Doing spnego session setup
[2006/01/25 09:48:14, 3] smbd/sesssetup.c:reply_sesssetup_and_X_spnego(566)
  NativeOS=[Windows 2002 Service Pack 2 2600] NativeLanMan=[Windows 
2002 5.1] PrimaryDomain=[]

[2006/01/25 09:48:14, 3] libsmb/ntlmssp.c:ntlmssp_server_auth(615)
  Got user=[] domain=[] workstation=[PC3247] len1=1 len2=0
[2006/01/25 09:48:14, 3] auth/auth.c:chec

[Samba] Machine failing to keep its trust with Domain Controller

[Dukhan, Meir]

 
 Hi, 
 
We have a Linux (RHEL 3.0, update 3) Samba 3 server which worked fine
for months
but suddently have trouble to keep its trust with the DC server. 
 
The only way to recover is to reset the machine account from the Windows
DC side 
and do a "net join" to the domain from the Linux side. The Linux machine
is able to 
keep its "trust" with the domain exactly 7 days, which, AFAIU, is the
default in Samba and also in the DC side.
 
It is somewhat surprizing since this Linux Samba server w/o problems for
months. 
>From the Windows DC side, the only thing which was done just before this
problem 
appeared, was to patch the DC to SP1 as far as I remember. 
 
Below are the messages we can see in the /var/log/samba/samba.log file: 
 
[2006/01/18 10:49:57, 0]
smbd/change_trust_pw.c:change_trust_account_password(45)
  Can't get IP for PDC for domain MY_DOMAIN
[2006/01/18 10:49:57, 0]
smbd/change_trust_pw.c:change_trust_account_password(93)
  2006/01/18 10:49:57 : change_trust_account_password: Failed to change
password for domain MY_DOMAIN.

Linux Kernel: 2.4.21-20.ELsmp
Samba: 
samba-3.0.4-6.3E  
samba-common-3.0.4-6.3E 
 
/etc/smb.conf: see below
 
Tia 
 
-- Meir 
/etc/smb.conf
# Global parameters

[global]
workgroup = MY_DOMAIN
netbios name = Samba_Server
server string = Samba Server
security = DOMAIN
encrypt passwords = Yes
password server = mydc-server.com
log file = /var/log/samba/samba.log
log level = 1
max log size = 0
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
dns proxy = No
wins server = our_wins
kernel oplocks = No
create mask = 0775
directory mask = 0775
oplocks = No
username map = /etc/samba/username.map
case sensitive = no
preserve case = yes
local master = no
use sendfile = no

[homes]
comment = Home Directories
valid users = %S
read only = No
create mask = 0664
browseable = No

 

 
***
This email message and any attachments thereto are intended only for use by the 
addressee(s) named above, and may contain legally privileged and/or 
confidential information. If the reader of this message is not the intended 
recipient, or the employee or agent responsible to deliver it to the intended 
recipient, you are hereby notified that any dissemination, distribution or 
copying of this communication is strictly prohibited. If you have received this 
communication in error, please immediately notify the [EMAIL PROTECTED] and 
destroy the original message.
***
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba