[Samba] Remove Directory Recursively

2006-03-26 Thread Youssef Eldakar 
In 'smbclient', how do I remove a directory recursively? 'rm -fr' does not work.
 
Youssef Eldakar
Bibliotheca Alexandrina
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Question: How to solve the Windows Drive Mapping Problem?

2006-03-26 Thread C.K. Chua 
Hi, how do I solve the problem of Windows Clients disconnecting at every
logon? Can I do something to ensure that the clients do not need to manually
reconnect to the Samba drive? Thanks.

 

Reve Technology Sdn Bhd

C.K. Chua

Technical Support Manager

Mobile : +6012.723.6993

Office : +607.222.8766

 


-- 
No virus found in this outgoing message.
Checked by AVG Free Edition.
Version: 7.1.375 / Virus Database: 268.2.6/288 - Release Date: 3/22/2006
 
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

RE: [Samba] Linux box talks to XP Pro, XP Pro permissions denied on LinuxBox

2006-03-26 Thread Michael Munger 
Thanks for helping me resolve the problem. It ended up being that I was
matching the case of the accounts on the windows box. 

I was creating accounts on the linux box that were identical (case-wise) to
the Linux machine, and samba just couldn't figure it out. When I changed
everything on the Linux box to lower case, I had much better results.

I also disabled SELinux.

Everything works like a charm now!

Thanks everyone!






 


-Original Message-
From: Kurt Weiss [mailto:[EMAIL PROTECTED] 
Sent: Monday, March 27, 2006 12:38 AM
To: Michael Munger
Subject: Re: [Samba] Linux box talks to XP Pro, XP Pro permissions denied on
LinuxBox

samba 2?

Michael Munger schrieb:
> My linux box can see, browse, and copy files from an XP Share. However,
when
> I try to access the box either via its network name (\\linuxbox
>  ) or by ip address (\\192.168.1.231
>  ) Windows shows me an error stating I don't have
> permissions to access the resource.
> 
>  
> 
> I have been through the HowTo, and the Troubleshooting section of the
Sam's
> book recommended in the docs section of samba.org. No firewall problems,
> machines see each other fine. Network names resolve, subnet is fine, etc.
> 
>  
> 
> What am I missing?
> 
> Thanks in advance.
> 
>  
> 
> Michael Munger
> 
>  
> 

-- 
--
greetings,
kurt, austria. (http://www.kwnet.at)
===
this is a posting from a samba *user* - not a samba developer.
the posting is created on the base of experiences an may be faulty.
so, if contains any mistakes, please feel free to correct it
===


-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Smbd hanging

2006-03-26 Thread mallapadi niranjan 
Hi matt

Did you get any success.
one more query , do you have logon scripts in place. ?

at my server. i have place logon scripts but are not working correctly
some time logon scripts run when user logons. some times it doesn't run,

when runs gives semaphore error
below is my configuration, can you help me out.

I have a samba 3.0.21c with ldap backend , i have about 100 users connecting
to my domain.
i have a linux system which acts as a file server (prjsrv01) where i have
declared 2 shares.
projects and datalib. The users get drives mapped with the help of logon
script. so i map
projects share as P: drive
net use p: //prjsrv01/projects.
but whent the logon script runs the command. it says
semaphore error.

At the prjsrv01. i increased the log level and the following is the output
of the file . when user locuz logged in.

[2006/03/25 12:43:17, 4] lib/username.c:map_username(143)
  Scanning username map /usr/local/samba3c2/lib/smbusers
[2006/03/25 12:43:17, 3] auth/auth.c:check_ntlm_password(219)
 check_ntlm_password:  Checking password for unmapped user
[MSDPL.COM[EMAIL PROTECTED]
with the new password interface
[2006/03/25 12:43:17, 3] auth/auth.c:check_ntlm_password(222)
  check_ntlm_password:  mapped user is: [MSDPL.COM 
[EMAIL PROTECTED]
[2006/03/25 12:43:17, 3] smbd/sec_ctx.c:push_sec_ctx(256)
 push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
[2006/03/25 12:43:17, 3] smbd/uid.c:push_conn_ctx(393)
 push_conn_ctx(0) : conn_ctx_stack_ndx = 0
[2006/03/25 12:43:17, 3] smbd/sec_ctx.c:set_sec_ctx(288)
 setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2006/03/25 12:43:27, 3] smbd/sec_ctx.c:pop_sec_ctx(386)
  pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
[2006/03/25 12:43:27, 2] auth/auth.c:check_ntlm_password(317)
  check_ntlm_password:  Authentication for user [locuz] -> [locuz] FAILED
with error NT_STATUS_IO_TIMEOUT
[2006/03/25 12:43:31, 3] smbd/process.c:process_smb(1194)
  Transaction 9 of length 43
[2006/03/25 12:43:31, 3] smbd/process.c:switch_message(993)
  switch message SMBulogoffX (pid 3596) conn 0x0
[2006/03/25 12:43:31, 3] smbd/sec_ctx.c:set_sec_ctx(288)
  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2006/03/25 12:43:31, 3] smbd/reply.c:reply_ulogoffX(1595)
  ulogoff, vuser id 102 does not map to user.
[2006/03/25 12:43:31, 3] smbd/reply.c:reply_ulogoffX(1606)
  ulogoffX vuid=102
[2006/03/25 12:43:31, 3] smbd/process.c:timeout_processing(1447)
  timeout_processing: End of file from client (client has disconnected).
[2006/03/25 12:43:31, 3] smbd/sec_ctx.c:set_sec_ctx(288)
  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2006/03/25 12:43:31, 2] smbd/server.c:exit_server(614)
  Closing connections
[2006/03/25 12:43:31, 3] smbd/connection.c:yield_connection(69)
  Yielding connection to
[2006/03/25 12:43:31, 3] smbd/server.c:exit_server(655)
  Server exit (normal exit)
[2006/03/25 12:43:31, 4] lib/username.c:map_username(143)
  Scanning username map /usr/local/samba3c2/lib/smbusers
[2006/03/25 12:43:31, 3] auth/auth.c:check_ntlm_password(219)
  check_ntlm_password:  Checking password for unmapped user
[MSDPL.COM[EMAIL PROTECTED]
with the new password interface
[2006/03/25 12:43:31, 3] auth/auth.c:check_ntlm_password(222)
  check_ntlm_password:  mapped user is: [MSDPL.COM 
[EMAIL PROTECTED]
[2006/03/25 12:43:31, 3] smbd/sec_ctx.c:push_sec_ctx(256)
  push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
[2006/03/25 12:43:31, 3] smbd/uid.c:push_conn_ctx(393)
  push_conn_ctx(0) : conn_ctx_stack_ndx = 0
[2006/03/25 12:43:31, 3] smbd/sec_ctx.c:set_sec_ctx(288)
  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2006/03/25 12:43:33, 3] smbd/sec_ctx.c:pop_sec_ctx(386)
  pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
[2006/03/25 12:43:33, 4] lib/username.c:map_username(143)
  Scanning username map /usr/local/samba3c2/lib/smbusers
[2006/03/25 12:43:33, 3] smbd/sec_ctx.c:push_sec_ctx(256)
  push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
[2006/03/25 12:43:33, 3] smbd/uid.c:push_conn_ctx(393)
  push_conn_ctx(0) : conn_ctx_stack_ndx = 0
[2006/03/25 12:43:33, 3] smbd/sec_ctx.c:set_sec_ctx(288)
  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2006/03/25 12:43:33, 2] lib/smbldap.c:smbldap_open_connection(722)
  smbldap_open_connection: connection opened
[2006/03/25 12:43:33, 3] lib/smbldap.c:smbldap_connect_system(905)
  ldap_connect_system: succesful connection to the LDAP server
[2006/03/25 12:43:33, 4] lib/smbldap.c:smbldap_open(969)
  The LDAP server is succesfully connected
[2006/03/25 12:43:33, 2] passdb/pdb_ldap.c:init_group_from_ldap(2199)
  init_group_from_ldap: Entry found for group: 513
[2006/03/25 12:43:33, 3] smbd/sec_ctx.c:pop_sec_ctx(386)
  pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
[2006/03/25 12:43:33, 4] lib/substitute.c:automount_server(359)
  Home server: prjsrv01
[2006/03/25 12:43:33, 4] lib/substitute.c:automount_server(359)

RE: [Samba] Windows not letting me connect to a samba server

2006-03-26 Thread John Heeyeol Yu 
Dear all

In my case, when I click the exposed directory through Samba in Linux at XP
explore, the ID in window is already set "\Guest".
I tried to create Guest at regular Linux and Samba account. But that didn't
work.
What else should I do?

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Adam
Tauno Williams
Sent: Sunday, March 26, 2006 9:39 PM
To: Steve Timpson
Cc: samba@lists.samba.org
Subject: Re: [Samba] Windows not letting me connect to a samba server

> Every time I try to make the connection it asks for the user name and
> password.  When
> I enter same widows keeps pre-pending the name of the computer to my
> username
> Thus:
> Computername/username
> And the aix box of coarse rejects the connection.  I am unable to find the
> reason for the

That is how windows works.Try entering the username of
"{DOMAIN}\{USERNAME}".

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] samba does not lock files

2006-03-26 Thread Adam Tauno Williams 
> The problem: Two users can have the same OOo file open at the same time, and
> both edit it. The last one to save the file wins!
> The system: 3 Ubuntu 5.10 client boxes and one WinXPPro client box, all 
> running
> OOo 2.0; one server with RedHat 9.0 running samba version
> 2.2.7a-security-rollup-fix.

I doubt this has anything to do with Samba.  If you want to have proper
file locking you need to actually mount the CIFS filesystem;   otherwise
you are most likely opening and saving the file via GNOME-VFS
(ldd /usr/lib/ooo-2.0/program/ucpgvfs1.uno.so | grep -i vfs).If your
using GNOME-VFS it works by getting the file to a temporary local file
and when you save it puts the file back to the server, like and FTP
GET/PUT;  therefore there is no file lock and the last writer wins.

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Samba LDAP rootpw error

2006-03-26 Thread Gary Dale 
Further to my previous message: I've gone over section 8.1 of 
http://samba.idealx.org/smbldap-tools.en.html, which shows some working 
.conf files, and put back a few things the way I'd previously had them. 
The example files use Manager while I use admin is the main thing. I've 
kept samba in smb.conf however. Because there is now a samba user in the 
LDAP database, this seems to work now.


However, I still can't do smbpasswd -a root. I'm still getting:

semper:/etc/ldap# smbpasswd -a root
New SMB password:
Retype new SMB password:
ldapsam_modify_entry: Failed to add user dn= 
uid=root,ou=Users,dc=rahim-dale,dc=org with: Insufficient access

   no write access to parent
ldapsam_add_sam_account: failed to modify/add user with uid = root (dn = 
uid=root,ou=Users,dc=rahim-dale,dc=org)

Failed to add entry for user root.
Failed to modify password entry for user root

I have a samba-access.conf file that is included in slapd.conf that 
combines the 8.2 samba uid stuff with a shorter list from the original 
howto I was following. I've attached it in case it helps.



An ldap search gives the following results:
semper:/etc/ldap# ldapsearch -D cn=admin,dc=rahim-dale,dc=org -b 
dc=rahim-dale,dc=org -h 127.0.0.1 -x -W ""

Enter LDAP Password:
# extended LDIF
#
# LDAPv3
# base  with scope sub
# filter: (objectclass=*)
# requesting:
#

# rahim-dale.org
dn: dc=rahim-dale,dc=org

# admin, rahim-dale.org
dn: cn=admin,dc=rahim-dale,dc=org

# Users, rahim-dale.org
dn: ou=Users,dc=rahim-dale,dc=org

# Groups, rahim-dale.org
dn: ou=Groups,dc=rahim-dale,dc=org

# Computers, rahim-dale.org
dn: ou=Computers,dc=rahim-dale,dc=org

# Idmap, rahim-dale.org
dn: ou=Idmap,dc=rahim-dale,dc=org

# rahim-dale, rahim-dale.org
dn: sambaDomainName=rahim-dale,dc=rahim-dale,dc=org

# Administrator, Users, rahim-dale.org
dn: uid=Administrator,ou=Users,dc=rahim-dale,dc=org

# nobody, Users, rahim-dale.org
dn: uid=nobody,ou=Users,dc=rahim-dale,dc=org

# Domain Admins, Groups, rahim-dale.org
dn: cn=Domain Admins,ou=Groups,dc=rahim-dale,dc=org

# Domain Users, Groups, rahim-dale.org
dn: cn=Domain Users,ou=Groups,dc=rahim-dale,dc=org

# Domain Guests, Groups, rahim-dale.org
dn: cn=Domain Guests,ou=Groups,dc=rahim-dale,dc=org

# Domain Computers, Groups, rahim-dale.org
dn: cn=Domain Computers,ou=Groups,dc=rahim-dale,dc=org

# Administrators, Groups, rahim-dale.org
dn: cn=Administrators,ou=Groups,dc=rahim-dale,dc=org

# Print Operators, Groups, rahim-dale.org
dn: cn=Print Operators,ou=Groups,dc=rahim-dale,dc=org

# Backup Operators, Groups, rahim-dale.org
dn: cn=Backup Operators,ou=Groups,dc=rahim-dale,dc=org

# Replicators, Groups, rahim-dale.org
dn: cn=Replicators,ou=Groups,dc=rahim-dale,dc=org

# samba, Users, rahim-dale.org
dn: uid=samba,ou=Users,dc=rahim-dale,dc=org

# search result
search: 2
result: 0 Success

# numResponses: 19
# numEntries: 18

# users can authenticate and change their password
access to 
attrs=userPassword,sambaNTPassword,sambaLMPassword,sambaPwdLastSet,sambaPwdMustChange
  by dn="uid=samba,ou=Users,dc=rahim-dale,dc=org" write
  by self write
  by anonymous auth
  by * none
# some attributes need to be readable anonymously so that 'id user' can answer 
correctly
access to 
attrs=objectClass,entry,gecos,homeDirectory,uid,uidNumber,gidNumber,cn,memberUid
  by dn="uid=samba,ou=Users,dc=rahim-dale,dc=org" write
  by * read
# somme attributes can be writable by users themselves
access to attrs=description,telephoneNumber
  by dn="uid=samba,ou=Users,dc=rahim-dale,dc=org" write
  by self write
  by * read
# some attributes need to be writable for samba
access to 
attrs=cn,sambaLMPassword,sambaNTPassword,sambaPwdLastSet,sambaLogonTime,sambaLogoffTime,sambaKickoffTime,sambaPwdCanChange,sambaPwdMustChange,sambaAcctFlags,displayName,sambaHomePath,sambaHomeDrive,sambaLogonScript,sambaProfilePath,description,sambaUserWorkstations,sambaPrimaryGroupSID,sambaDomainName,sambaSID,sambaGroupType,sambaNextRid,sambaNextGroupRid,sambaNextUserRid,sambaAlgorithmicRidBase
  by dn="uid=samba,ou=Users,dc=rahim-dale,dc=org" write
  by self read
  by * none
# samba need to be able to create the samba domain account
access to dn.base="dc=rahim-dale,dc=org"
  by dn="uid=samba,ou=Users,dc=rahim-dale,dc=org" write
  by * none
# samba need to be able to create new users account
access to dn="ou=Users,dc=rahim-dale,dc=org"
  by dn="uid=samba,ou=Users,dc=rahim-dale,dc=org" write
  by * none
# samba need to be able to create new groups account
access to dn="ou=Groups,dc=rahim-dale,dc=org"
  by dn="uid=samba,ou=Users,dc=rahim-dale,dc=org" write
  by * none
# samba need to be able to create new computers account
access to dn="ou=Computers,dc=rahim-dale,dc=org"
  by dn="uid=samba,ou=Users,dc=rahim-dale,dc=org" write
  by * none
# this can be omitted but we leave it: there could be other branch
# in the directory
access to *
  by self read
  by * none

access to 
attrs=us

Re: [Samba] Windows not letting me connect to a samba server

2006-03-26 Thread Adam Tauno Williams 
> Every time I try to make the connection it asks for the user name and
> password.  When
> I enter same widows keeps pre-pending the name of the computer to my
> username
> Thus:
> Computername/username
> And the aix box of coarse rejects the connection.  I am unable to find the
> reason for the

That is how windows works.Try entering the username of
"{DOMAIN}\{USERNAME}".

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Samba LDAP rootpw error

2006-03-26 Thread Gary Dale 

Matt Richards wrote:


:) glad its working, hehe er.
ldap_connect_system: Failed to retrieve password from secrets.tdb

from the http://samba.idealx.org/smbldap-tools.en.html doc ...

don't forget to also set the samba account password in secrets.tdb file :

smbpasswd -w samba

... from man smbpasswd ...

  -w password
 This parameter is only available if Samba has been compiled
with
 LDAP support. The -w switch is used to specify the  password
to
 be  used with theldap admin dn. Note that the password is
stored
 in the secrets.tdb and is keyed off  of  the  admin's  DN. 
This

 means that if the value of ldap admin dn ever changes, the
pass-
 word will need to be manually updated as well.

HTH

Matt.


 


I found section 8.2 in the text about changing the administrative
account. I followed the directions to change it from admin to samba (the
samba-access.conf file is now a lot larger) and I now seem to have some
kind of connection. However, when I try the smbpasswd -a root, I get errors:

semper:/var/lib/ldap# smbpasswd -a root
New SMB password:
Retype new SMB password:
ldapsam_modify_entry: Failed to add user dn=
uid=root,ou=Users,dc=rahim-dale,dc=org with: Insufficient access
   no write access to parent
ldapsam_add_sam_account: failed to modify/add user with uid = root (dn =
uid=root,ou=Users,dc=rahim-dale,dc=org)
Failed to add entry for user root.
Failed to modify password entry for user root


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Samba LDAP rootpw error

2006-03-26 Thread Matt Richards 
> Sorry Matt, I've got it going now - at least to the point of getting the
> smbldap-populate to work. The next issue is smbpasswd -a root. It's not
> working. Also, I've installed phpldapadmin and can't get it to connect
> either. The issue now seems to be a TLS connection between Samba and
> LDAP. I didn't think I was using one, but LDAP seems to think otherwise.
> For example, both phpldapadmin and lsmbldap-usermod -J Administrator
> complain about TLS connections to the LDAP server.
>
> I've been looking at the idealx.org instructions for TLS with LDAP but
> still not getting it working.
>
>
> ---
>
> Further to the above:
> Trying to get TLS working is a pain. I've also had only slightly better
> luck with trying to not use it. When I don't use it, I can get
> ldapsearch to return a result. However, Samba doesn't seem to want to
> talk to it. When I try to get TLS running, I get TLS errors everywhere. :(
>
>
> Right now I've got it configured, I believe, to not use TLS. When I run
> smbpasswd, I get:
>
> semper:/etc/smbldap-tools# smbpasswd -a root
> fetch_ldap_pw: neither ldap secret retrieved!
> ldap_connect_system: Failed to retrieve password from secrets.tdb
> Connection to LDAP server failed for the 1 try!
>

:) glad its working, hehe er.
ldap_connect_system: Failed to retrieve password from secrets.tdb

from the http://samba.idealx.org/smbldap-tools.en.html doc ...

don't forget to also set the samba account password in secrets.tdb file :

smbpasswd -w samba

... from man smbpasswd ...

   -w password
  This parameter is only available if Samba has been compiled
with
  LDAP support. The -w switch is used to specify the  password
 to
  be  used with theldap admin dn. Note that the password is
stored
  in the secrets.tdb and is keyed off  of  the  admin's  DN. 
This
  means that if the value of ldap admin dn ever changes, the
pass-
  word will need to be manually updated as well.

HTH

Matt.


> I've attached my various .conf files again. Sorry to be such a pain, but
> I am not having any luck by myself.
>
> -
>
> BTW - Here's the results of an ldapsearch:
>
> semper:/var/lib/ldap# smbldap-populate -a Administrator -b nobody
> -semper:/var/lib/ldap# ldapsearch -D cn=admin,dc=rahim-dale,dc=org -b
> dc=rahim-dale,dc=org -h 127.0.0.1 -x -W ""
> Enter LDAP Password:
> # extended LDIF
> #
> # LDAPv3
> # base  with scope sub
> # filter: (objectclass=*)
> # requesting:
> #
>
> # rahim-dale.org
> dn: dc=rahim-dale,dc=org
>
> # admin, rahim-dale.org
> dn: cn=admin,dc=rahim-dale,dc=org
>
> # Users, rahim-dale.org
> dn: ou=Users,dc=rahim-dale,dc=org
>
> # Groups, rahim-dale.org
> dn: ou=Groups,dc=rahim-dale,dc=org
>
> # Computers, rahim-dale.org
> dn: ou=Computers,dc=rahim-dale,dc=org
>
> # Idmap, rahim-dale.org
> dn: ou=Idmap,dc=rahim-dale,dc=org
>
> # rahim-dale, rahim-dale.org
> dn: sambaDomainName=rahim-dale,dc=rahim-dale,dc=org
>
> # Administrator, Users, rahim-dale.org
> dn: uid=Administrator,ou=Users,dc=rahim-dale,dc=org
>
> # nobody, Users, rahim-dale.org
> dn: uid=nobody,ou=Users,dc=rahim-dale,dc=org
>
> # Domain Admins, Groups, rahim-dale.org
> dn: cn=Domain Admins,ou=Groups,dc=rahim-dale,dc=org
>
> # Domain Users, Groups, rahim-dale.org
> dn: cn=Domain Users,ou=Groups,dc=rahim-dale,dc=org
>
> # Domain Guests, Groups, rahim-dale.org
> dn: cn=Domain Guests,ou=Groups,dc=rahim-dale,dc=org
>
> # Domain Computers, Groups, rahim-dale.org
> dn: cn=Domain Computers,ou=Groups,dc=rahim-dale,dc=org
>
> # Administrators, Groups, rahim-dale.org
> dn: cn=Administrators,ou=Groups,dc=rahim-dale,dc=org
>
> # Print Operators, Groups, rahim-dale.org
> dn: cn=Print Operators,ou=Groups,dc=rahim-dale,dc=org
>
> # Backup Operators, Groups, rahim-dale.org
> dn: cn=Backup Operators,ou=Groups,dc=rahim-dale,dc=org
>
> # Replicators, Groups, rahim-dale.org
> dn: cn=Replicators,ou=Groups,dc=rahim-dale,dc=org
>
> # search result
> search: 2
> result: 0 Success
>
> # numResponses: 18
> # numEntries: 17
>
>


-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Why does Samba need a password and Windows doesn't

2006-03-26 Thread Vayu 
For both my FreeBSD and my Linux machine to access my WinXP machine I need to 
supply the username and password.   From the WinXP machine I can access both 
the FreeBSD machine and the Linux machine directly, there is no pause for 
username and password.

I would like to not use a password in both directions. If windows doesn't need 
it why should Samba?  

To make it easy on my pathetic networking skills I've set up the exact same 
username and password on all three machines. All three machine have the same 
workgroup.  Once I give the password I have successful read/write on all 
machines in both directions.  

If the answer is that I need to setup a domain, then I don't understand why 
doesn't the WinXP box think that?

Here's my smb.conf for the FreeBSD machine after testparm -s:
[global]
workgroup = VAYU
server string = Akasha
log file = /var/log/samba/log.%m
max log size = 50
dns proxy = No

[satyam]
comment = Akasha/usr/home/satyam
path = /usr/home/satyam
valid users = satyam
read only = No

[printers]
comment = All Printers
path = /var/spool/samba
printable = Yes
browseable = No


Here's smb.conf for the Linux machine:
[global]
workgroup = VAYU
server string = %h server (Samba, Ubuntu)
obey pam restrictions = Yes
passdb backend = tdbsam, guest
passwd program = /usr/bin/passwd %u
passwd chat = *Enter\snew\sUNIX\spassword:* %n\n 
*Retype\snew\sUNIX\spassword:* %n\n .
syslog = 0
log file = /var/log/samba/log.%m
max log size = 1000
max protocol = LANMAN2
dns proxy = No
panic action = /usr/share/samba/panic-action %d
invalid users = root

[Satyam]
comment = Santosha-Ubuntu/home/satyam
path = /home/satyam
valid users = satyam
read only = No
create mask = 0700
directory mask = 0700

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Samba LDAP rootpw error

2006-03-26 Thread Gary Dale 

Sorry Matt, I've got it going now - at least to the point of getting the
smbldap-populate to work. The next issue is smbpasswd -a root. It's not
working. Also, I've installed phpldapadmin and can't get it to connect
either. The issue now seems to be a TLS connection between Samba and
LDAP. I didn't think I was using one, but LDAP seems to think otherwise.
For example, both phpldapadmin and lsmbldap-usermod -J Administrator
complain about TLS connections to the LDAP server.

I've been looking at the idealx.org instructions for TLS with LDAP but
still not getting it working.


---

Further to the above:
Trying to get TLS working is a pain. I've also had only slightly better
luck with trying to not use it. When I don't use it, I can get
ldapsearch to return a result. However, Samba doesn't seem to want to
talk to it. When I try to get TLS running, I get TLS errors everywhere. :(


Right now I've got it configured, I believe, to not use TLS. When I run
smbpasswd, I get:

semper:/etc/smbldap-tools# smbpasswd -a root
fetch_ldap_pw: neither ldap secret retrieved!
ldap_connect_system: Failed to retrieve password from secrets.tdb
Connection to LDAP server failed for the 1 try!

I've attached my various .conf files again. Sorry to be such a pain, but
I am not having any luck by myself.

-

BTW - Here's the results of an ldapsearch:

semper:/var/lib/ldap# smbldap-populate -a Administrator -b nobody 
-semper:/var/lib/ldap# ldapsearch -D cn=admin,dc=rahim-dale,dc=org -b 
dc=rahim-dale,dc=org -h 127.0.0.1 -x -W ""

Enter LDAP Password:
# extended LDIF
#
# LDAPv3
# base  with scope sub
# filter: (objectclass=*)
# requesting:
#

# rahim-dale.org
dn: dc=rahim-dale,dc=org

# admin, rahim-dale.org
dn: cn=admin,dc=rahim-dale,dc=org

# Users, rahim-dale.org
dn: ou=Users,dc=rahim-dale,dc=org

# Groups, rahim-dale.org
dn: ou=Groups,dc=rahim-dale,dc=org

# Computers, rahim-dale.org
dn: ou=Computers,dc=rahim-dale,dc=org

# Idmap, rahim-dale.org
dn: ou=Idmap,dc=rahim-dale,dc=org

# rahim-dale, rahim-dale.org
dn: sambaDomainName=rahim-dale,dc=rahim-dale,dc=org

# Administrator, Users, rahim-dale.org
dn: uid=Administrator,ou=Users,dc=rahim-dale,dc=org

# nobody, Users, rahim-dale.org
dn: uid=nobody,ou=Users,dc=rahim-dale,dc=org

# Domain Admins, Groups, rahim-dale.org
dn: cn=Domain Admins,ou=Groups,dc=rahim-dale,dc=org

# Domain Users, Groups, rahim-dale.org
dn: cn=Domain Users,ou=Groups,dc=rahim-dale,dc=org

# Domain Guests, Groups, rahim-dale.org
dn: cn=Domain Guests,ou=Groups,dc=rahim-dale,dc=org

# Domain Computers, Groups, rahim-dale.org
dn: cn=Domain Computers,ou=Groups,dc=rahim-dale,dc=org

# Administrators, Groups, rahim-dale.org
dn: cn=Administrators,ou=Groups,dc=rahim-dale,dc=org

# Print Operators, Groups, rahim-dale.org
dn: cn=Print Operators,ou=Groups,dc=rahim-dale,dc=org

# Backup Operators, Groups, rahim-dale.org
dn: cn=Backup Operators,ou=Groups,dc=rahim-dale,dc=org

# Replicators, Groups, rahim-dale.org
dn: cn=Replicators,ou=Groups,dc=rahim-dale,dc=org

# search result
search: 2
result: 0 Success

# numResponses: 18
# numEntries: 17

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Samba LDAP rootpw error

2006-03-26 Thread Gary Dale 

Sorry Matt, I've got it going now - at least to the point of getting the
smbldap-populate to work. The next issue is smbpasswd -a root. It's not
working. Also, I've installed phpldapadmin and can't get it to connect
either. The issue now seems to be a TLS connection between Samba and
LDAP. I didn't think I was using one, but LDAP seems to think otherwise.
For example, both phpldapadmin and lsmbldap-usermod -J Administrator
complain about TLS connections to the LDAP server.

I've been looking at the idealx.org instructions for TLS with LDAP but
still not getting it working.


---

Further to the above:
Trying to get TLS working is a pain. I've also had only slightly better 
luck with trying to not use it. When I don't use it, I can get 
ldapsearch to return a result. However, Samba doesn't seem to want to 
talk to it. When I try to get TLS running, I get TLS errors everywhere. :(



Right now I've got it configured, I believe, to not use TLS. When I run 
smbpasswd, I get:


semper:/etc/smbldap-tools# smbpasswd -a root
fetch_ldap_pw: neither ldap secret retrieved!
ldap_connect_system: Failed to retrieve password from secrets.tdb
Connection to LDAP server failed for the 1 try!

I've attached my various .conf files again. Sorry to be such a pain, but 
I am not having any luck by myself.
access to 
attrs=userPassword,sambaNTPassword,sambaLMPassword,sambaPwdLastSet,sambaPWDMustChange
by dn="cn=admin,dc=rahim-dale,dc=org" write
by anonymous auth
by self write
by * none

access to attrs=loginShell
by dn="cn=admin,dc=rahim-dale,dc=org" write
by * none

access to 
attrs=description,telephoneNumber,roomNumber,homePhone,gecos,cn,sn,givenname
by dn="cn=admin,dc=rahim-dale,dc=org" write
by self write
by * read

# Allow LDAPv2 binds
# allow bind_v2

# This is the main slapd configuration file. See slapd.conf(5) for more
# info on the configuration options.

###
# Global Directives:

# Features to permit
#allow bind_v2

# Schema and objectClass definitions
include /etc/ldap/schema/core.schema
include /etc/ldap/schema/cosine.schema
include /etc/ldap/schema/nis.schema
include /etc/ldap/schema/inetorgperson.schema
include /etc/ldap/schema/samba.schema

# Schema check allows for forcing entries to
# match schemas for their objectClasses's
schemacheck on

# Where the pid file is put. The init.d script
# will not stop the server if you change this.
pidfile /var/run/slapd/slapd.pid

# List of arguments that were passed to the server
argsfile/var/run/slapd.args

# Read slapd.conf(5) for possible values
loglevel0

# Where the dynamically loaded modules are stored
modulepath  /usr/lib/ldap
moduleload  back_bdb

TLSCACertificateFile/etc/ldap/ssl/ldap-server.pem
TLSCertificateFile  /etc/ldap/ssl/ldap-server.pem
TLSCertificateKeyFile   /etc/ldap/ssl/ldap-server.pem

###
# Specific Backend Directives for bdb:
# Backend specific directives apply to this backend until another
# 'backend' directive occurs
backend bdb
checkpoint 512 30

###
# Specific Backend Directives for 'other':
# Backend specific directives apply to this backend until another
# 'backend' directive occurs
#backend

###
# Specific Directives for database #1, of type bdb:
# Database specific directives apply to this databasse until another
# 'database' directive occurs
databasebdb

# The base of your directory in database #1
suffix  "dc=rahim-dale,dc=org"

rootdn  "cn=admin,dc=rahim-dale,dc=org"
rootpw  {MD5}hdduy/+JqjCnJjCWiKOGBQ==

# Where the database file are physically stored for database #1
directory   "/var/lib/ldap"

# Indexing options for database #1
index   objectClass,uidNumber,gidNumber eq
index   cn,sn,uid,displayName pres,eq,sub
index   memberUid,mail,givenname eq,subinitial
index   sambaSID,sambaPrimaryGroupSID,sambaDomainName eq
# default index
index   default eq

# Save the time that the entry gets modified, for database #1
lastmod on

# Where to store the replica logs for database #1
# replogfile/var/lib/ldap/replog

# The userPassword by default can be changed
# by the entry owning it if they are authenticated.
# Others should not be able to see it, except the
# admin entry below
# These access lines apply to database #1 only
access to attrs=userPassword
by dn="cn=admin,dc=rahim-dale,dc=org" write
by anonymous auth
by self write
by * none

# Ensure read access to the base for things like
# supportedSASLMechanisms.  Without

Re: [Samba] Samba LDAP rootpw error

2006-03-26 Thread Matt Richards 
> Matt Richards wrote:
>
>>>Matt Richards wrote:
>>>
>>>
>>>
>Matt Richards wrote:
>
>
>
>
>
>>>Matt Richards wrote:
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>Matt Richards wrote:
>
>
>
>
>
>
>
>
>
>>>I was following the howto below (originally posted on this list
>>> as
>>>BIG
>>>Samba howto for debian only.) to see if I could get my
>>>not-quite-working
>>>Samba 3.0.14a (debian) server fully working and able to handle
>>> my
>>>Linux
>>>logins too. The problem I'm having with my Samba setup is that I
>>>can't
>>>change user passwords except through Swat. Users can't change
>>> them
>>>from
>>>their machines using the Windows password change - but they are
>>>notified
>>>to change them by when they expire.
>>>
>>>Anyway, my attempts to follow the howto hit a roadblock at "3
>>> LDAP
>>>Server configuration". Neither slapindex nor slapd will run. It
>>>looks
>>>like it doesn't like something about my root password, but I'm
>>> not
>>>sure
>>>what it wants (I'm no expert on LDAP).  :)
>>>
>>>Slapindex complains "bad configuration file". Slapd gives the
>>> more
>>>detailed:
>>>line 65 (rootpw ***)
>>>/etc/ldap/slapd.conf: line 65: rootpw can only be set when
>>> rootdn
>>>is
>>>under suffix
>>>
>>>I've attached my slapd.conf file if that is of any assistance.
>>> Any
>>>help
>>>will be greatly appreciated.
>>>
>>>
>>>Louis van Belle wrote:
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>[..snip..]
>>
>>humm well looking at the config file the first thing that i
>> notice
>>is
>>this
>>...
>>
>># The base of your directory in database #1
>>suffix  "dc=rahim-dale,dc=org"
>>rootdn"cn=admin,dc=toronto,dc=ontario,dc=ca"
>>
>>
>>your root dn isn't in the base of your ldap tree, this should
>>probuly
>>be
>>something like ...
>>
>>suffix  "dc=rahim-dale,dc=org"
>>rootdn"cn=admin,dc=rahim-dale,dc=org"
>>
>>try it n let us know what happens :).
>>
>>HTH
>>
>>Matt.
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>You got it in one!  I've got slapd running.
>
>Now I'm stuck at "5.4 set the samba ldap admin password". I can
> set
>the
>admin password and get the expected response, but when I try
>"smbldap-populate -a Administrator -b nobody -u 2000 -g 2000", it
>fails
>to add the various groups. I get "failed to add entry:
> modifications
>require authentication at /usr/sbin/smbldap-populate line 460,
>
>line 3." for each ou= it tries to add.
>
>Any ideas?
>
>
>
>
>
>
>
>
the smbldap-populate scripts requires authentication to the ldap
server
there is probuly a problem with the login you have set in
smbldap.conf
..
if you have set any at!

i would recommend looking through the smbldap-tools howto at
http://samba.idealx.org/smbldap-tools.en.html
and see if there is anything you have missed out, but the first
 thing
i
would try is this ..

...
3 Configuring the smbldap-tools
As mentioned in the previous section, you'll have to update two
configuration files. The first (smbldap.conf) allows you to set
global
parameter that are readable by everybody, and the second
(smbldap_bind.conf) defines two administrative accounts to bind to
 a
slave
and a master ldap server: this file must thus be readable only by
root.
A
script is named configure.pl can help you to set their contents up.
It
is
located in the tarball downloaded or in the documentation directory
if
you
got the RPM archive (see /usr/share/doc/smbldap-tools/). Just
 invoke
it:

/usr/share/doc/smbldap-tools/configure.pl
...

note : the smbldap-tools dir might not be located in your
/usr/share/doc/
directory.

if this doesn't work you could attach your smbldap config file
 (with
>

Re: [Samba] Samba LDAP rootpw error

2006-03-26 Thread Gary Dale 

Matt Richards wrote:


Matt Richards wrote:

   


Matt Richards wrote:



   


Matt Richards wrote:





   


Matt Richards wrote:







   


I was following the howto below (originally posted on this list as
BIG
Samba howto for debian only.) to see if I could get my
not-quite-working
Samba 3.0.14a (debian) server fully working and able to handle my
Linux
logins too. The problem I'm having with my Samba setup is that I
can't
change user passwords except through Swat. Users can't change them
from
their machines using the Windows password change - but they are
notified
to change them by when they expire.

Anyway, my attempts to follow the howto hit a roadblock at "3 LDAP
Server configuration". Neither slapindex nor slapd will run. It
looks
like it doesn't like something about my root password, but I'm not
sure
what it wants (I'm no expert on LDAP).  :)

Slapindex complains "bad configuration file". Slapd gives the more
detailed:
line 65 (rootpw ***)
/etc/ldap/slapd.conf: line 65: rootpw can only be set when rootdn
is
under suffix

I've attached my slapd.conf file if that is of any assistance. Any
help
will be greatly appreciated.


Louis van Belle wrote:









   


[..snip..]

humm well looking at the config file the first thing that i notice
is
this
...

# The base of your directory in database #1
suffix  "dc=rahim-dale,dc=org"
rootdn"cn=admin,dc=toronto,dc=ontario,dc=ca"


your root dn isn't in the base of your ldap tree, this should
probuly
be
something like ...

suffix  "dc=rahim-dale,dc=org"
rootdn"cn=admin,dc=rahim-dale,dc=org"

try it n let us know what happens :).

HTH

Matt.









 


You got it in one!  I've got slapd running.

Now I'm stuck at "5.4 set the samba ldap admin password". I can set
the
admin password and get the expected response, but when I try
"smbldap-populate -a Administrator -b nobody -u 2000 -g 2000", it
fails
to add the various groups. I get "failed to add entry: modifications
require authentication at /usr/sbin/smbldap-populate line 460,

line 3." for each ou= it tries to add.

Any ideas?






   


the smbldap-populate scripts requires authentication to the ldap
server
there is probuly a problem with the login you have set in
smbldap.conf
..
if you have set any at!

i would recommend looking through the smbldap-tools howto at
http://samba.idealx.org/smbldap-tools.en.html
and see if there is anything you have missed out, but the first thing
i
would try is this ..

...
3 Configuring the smbldap-tools
As mentioned in the previous section, you'll have to update two
configuration files. The first (smbldap.conf) allows you to set
global
parameter that are readable by everybody, and the second
(smbldap_bind.conf) defines two administrative accounts to bind to a
slave
and a master ldap server: this file must thus be readable only by
root.
A
script is named configure.pl can help you to set their contents up.
It
is
located in the tarball downloaded or in the documentation directory
if
you
got the RPM archive (see /usr/share/doc/smbldap-tools/). Just invoke
it:

/usr/share/doc/smbldap-tools/configure.pl
...

note : the smbldap-tools dir might not be located in your
/usr/share/doc/
directory.

if this doesn't work you could attach your smbldap config file (with
the
passwd taken out of cause) so we can have a little look.

Matt.







 


I can't see anything wrong with my setup but even when I tweak the
settings a little, I get the same result. Here are: smbldap.conf,
smbldap_bind.conf (with passwords removed) and the smb.conf I'm using
for ldap (renamed right now because I'm keeping my old setup available
until I get this working).

One issue is my password does have an apostrophe and a period in it.
It
shouldn't be an issue because the bind file has them in quotes. I've
also tried them escaped ("\") but that didn't change anything.





   


ok i have looked over everything and the only thing i can see at this
moment is this ...

in your smbldap_bind.conf file you arn't using a bind dn of
cn=admin,dc=family,dc=rahim-dale,dc=org for authentication against the
ldap server but the line in the config i gave you before was rootdn
"cn=admin,dc=rahim-dale,dc=org" ... when you first setup ldap no
accounts
exist in the ldap database the rootdn account is like a virtual account
that will always have full access and because of this (and i'm guessing
your ldap tree is blank) you will only be able to use the rootdn to
bind
at this time.

there are a few lines you can try to attempt to bind to the ldap server
...

ldapsearch -D cn=admin,dc=family,dc=rahim-dale,dc=org -h 127.0.0.1 -x
-W
""
ldapsearch -D cn=admin,dc=rahim-dale,dc=org -h 127.0.0.1 -x -W ""

the first the the bind dn in your smbldap_bind.conf and the second is
using the rootdn from the other email.

as your ldap tree is blank you wont get much output but one should fail
with a bind error

Re: [Samba] Samba LDAP rootpw error

2006-03-26 Thread Matt Richards 
> Matt Richards wrote:
>
>>>Matt Richards wrote:
>>>
>>>
>>>
>Matt Richards wrote:
>
>
>
>
>
>>>Matt Richards wrote:
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>I was following the howto below (originally posted on this list as
>BIG
>Samba howto for debian only.) to see if I could get my
>not-quite-working
>Samba 3.0.14a (debian) server fully working and able to handle my
>Linux
>logins too. The problem I'm having with my Samba setup is that I
>can't
>change user passwords except through Swat. Users can't change them
>from
>their machines using the Windows password change - but they are
>notified
>to change them by when they expire.
>
>Anyway, my attempts to follow the howto hit a roadblock at "3 LDAP
>Server configuration". Neither slapindex nor slapd will run. It
>looks
>like it doesn't like something about my root password, but I'm not
>sure
>what it wants (I'm no expert on LDAP).  :)
>
>Slapindex complains "bad configuration file". Slapd gives the more
>detailed:
>line 65 (rootpw ***)
>/etc/ldap/slapd.conf: line 65: rootpw can only be set when rootdn
>is
>under suffix
>
>I've attached my slapd.conf file if that is of any assistance. Any
>help
>will be greatly appreciated.
>
>
>Louis van Belle wrote:
>
>
>
>
>
>
>
>
>
[..snip..]

humm well looking at the config file the first thing that i notice
 is
this
...

# The base of your directory in database #1
suffix  "dc=rahim-dale,dc=org"
rootdn"cn=admin,dc=toronto,dc=ontario,dc=ca"


your root dn isn't in the base of your ldap tree, this should
 probuly
be
something like ...

suffix  "dc=rahim-dale,dc=org"
rootdn"cn=admin,dc=rahim-dale,dc=org"

try it n let us know what happens :).

HTH

Matt.









>>>You got it in one!  I've got slapd running.
>>>
>>>Now I'm stuck at "5.4 set the samba ldap admin password". I can set
>>>the
>>>admin password and get the expected response, but when I try
>>>"smbldap-populate -a Administrator -b nobody -u 2000 -g 2000", it
>>>fails
>>>to add the various groups. I get "failed to add entry: modifications
>>>require authentication at /usr/sbin/smbldap-populate line 460,
>>> 
>>>line 3." for each ou= it tries to add.
>>>
>>>Any ideas?
>>>
>>>
>>>
>>>
>>>
>>>
>>the smbldap-populate scripts requires authentication to the ldap
>> server
>>there is probuly a problem with the login you have set in
>> smbldap.conf
>>..
>>if you have set any at!
>>
>>i would recommend looking through the smbldap-tools howto at
>>http://samba.idealx.org/smbldap-tools.en.html
>>and see if there is anything you have missed out, but the first thing
>> i
>>would try is this ..
>>
>>...
>>3 Configuring the smbldap-tools
>>As mentioned in the previous section, you'll have to update two
>>configuration files. The first (smbldap.conf) allows you to set
>> global
>>parameter that are readable by everybody, and the second
>>(smbldap_bind.conf) defines two administrative accounts to bind to a
>>slave
>>and a master ldap server: this file must thus be readable only by
>> root.
>>A
>>script is named configure.pl can help you to set their contents up.
>> It
>>is
>>located in the tarball downloaded or in the documentation directory
>> if
>>you
>>got the RPM archive (see /usr/share/doc/smbldap-tools/). Just invoke
>>it:
>>
>>/usr/share/doc/smbldap-tools/configure.pl
>>...
>>
>>note : the smbldap-tools dir might not be located in your
>>/usr/share/doc/
>>directory.
>>
>>if this doesn't work you could attach your smbldap config file (with
>>the
>>passwd taken out of cause) so we can have a little look.
>>
>>Matt.
>>
>>
>>
>>
>>
>>
>>
>I can't see anything wrong with my setup but even when I tweak the
>settings a little, I get the same result. Here are: smbldap.conf,
>smbldap_bind.conf (with passwords removed) and the smb.conf I'm using
>for ldap (renamed right now because I'm keeping my old setup available
>until I get this working).
>
>One issue is my password does have an apostrophe and a period in it.
> It
>shouldn't be an issue because the bind file has them

Re: [Samba] Samba LDAP rootpw error

2006-03-26 Thread Gary Dale 

Matt Richards wrote:


Matt Richards wrote:

   


Matt Richards wrote:



   


Matt Richards wrote:





   


I was following the howto below (originally posted on this list as
BIG
Samba howto for debian only.) to see if I could get my
not-quite-working
Samba 3.0.14a (debian) server fully working and able to handle my
Linux
logins too. The problem I'm having with my Samba setup is that I
can't
change user passwords except through Swat. Users can't change them
from
their machines using the Windows password change - but they are
notified
to change them by when they expire.

Anyway, my attempts to follow the howto hit a roadblock at "3 LDAP
Server configuration". Neither slapindex nor slapd will run. It
looks
like it doesn't like something about my root password, but I'm not
sure
what it wants (I'm no expert on LDAP).  :)

Slapindex complains "bad configuration file". Slapd gives the more
detailed:
line 65 (rootpw ***)
/etc/ldap/slapd.conf: line 65: rootpw can only be set when rootdn
is
under suffix

I've attached my slapd.conf file if that is of any assistance. Any
help
will be greatly appreciated.


Louis van Belle wrote:







   


[..snip..]

humm well looking at the config file the first thing that i notice is
this
...

# The base of your directory in database #1
suffix  "dc=rahim-dale,dc=org"
rootdn"cn=admin,dc=toronto,dc=ontario,dc=ca"


your root dn isn't in the base of your ldap tree, this should probuly
be
something like ...

suffix  "dc=rahim-dale,dc=org"
rootdn"cn=admin,dc=rahim-dale,dc=org"

try it n let us know what happens :).

HTH

Matt.







 


You got it in one!  I've got slapd running.

Now I'm stuck at "5.4 set the samba ldap admin password". I can set
the
admin password and get the expected response, but when I try
"smbldap-populate -a Administrator -b nobody -u 2000 -g 2000", it
fails
to add the various groups. I get "failed to add entry: modifications
require authentication at /usr/sbin/smbldap-populate line 460, 
line 3." for each ou= it tries to add.

Any ideas?




   


the smbldap-populate scripts requires authentication to the ldap server
there is probuly a problem with the login you have set in smbldap.conf
..
if you have set any at!

i would recommend looking through the smbldap-tools howto at
http://samba.idealx.org/smbldap-tools.en.html
and see if there is anything you have missed out, but the first thing i
would try is this ..

...
3 Configuring the smbldap-tools
As mentioned in the previous section, you'll have to update two
configuration files. The first (smbldap.conf) allows you to set global
parameter that are readable by everybody, and the second
(smbldap_bind.conf) defines two administrative accounts to bind to a
slave
and a master ldap server: this file must thus be readable only by root.
A
script is named configure.pl can help you to set their contents up. It
is
located in the tarball downloaded or in the documentation directory if
you
got the RPM archive (see /usr/share/doc/smbldap-tools/). Just invoke
it:

/usr/share/doc/smbldap-tools/configure.pl
...

note : the smbldap-tools dir might not be located in your
/usr/share/doc/
directory.

if this doesn't work you could attach your smbldap config file (with
the
passwd taken out of cause) so we can have a little look.

Matt.





 


I can't see anything wrong with my setup but even when I tweak the
settings a little, I get the same result. Here are: smbldap.conf,
smbldap_bind.conf (with passwords removed) and the smb.conf I'm using
for ldap (renamed right now because I'm keeping my old setup available
until I get this working).

One issue is my password does have an apostrophe and a period in it. It
shouldn't be an issue because the bind file has them in quotes. I've
also tried them escaped ("\") but that didn't change anything.



   


ok i have looked over everything and the only thing i can see at this
moment is this ...

in your smbldap_bind.conf file you arn't using a bind dn of
cn=admin,dc=family,dc=rahim-dale,dc=org for authentication against the
ldap server but the line in the config i gave you before was rootdn
"cn=admin,dc=rahim-dale,dc=org" ... when you first setup ldap no accounts
exist in the ldap database the rootdn account is like a virtual account
that will always have full access and because of this (and i'm guessing
your ldap tree is blank) you will only be able to use the rootdn to bind
at this time.

there are a few lines you can try to attempt to bind to the ldap server
...

ldapsearch -D cn=admin,dc=family,dc=rahim-dale,dc=org -h 127.0.0.1 -x -W
""
ldapsearch -D cn=admin,dc=rahim-dale,dc=org -h 127.0.0.1 -x -W ""

the first the the bind dn in your smbldap_bind.conf and the second is
using the rootdn from the other email.

as your ldap tree is blank you wont get much output but one should fail
with a bind error and the other should say something like no such object.

HTH, let me know if

Re: [Samba] Samba LDAP rootpw error

2006-03-26 Thread Matt Richards 
> Matt Richards wrote:
>
>>>Matt Richards wrote:
>>>
>>>
>>>
>Matt Richards wrote:
>
>
>
>
>
>>>I was following the howto below (originally posted on this list as
>>> BIG
>>>Samba howto for debian only.) to see if I could get my
>>>not-quite-working
>>>Samba 3.0.14a (debian) server fully working and able to handle my
>>>Linux
>>>logins too. The problem I'm having with my Samba setup is that I
>>> can't
>>>change user passwords except through Swat. Users can't change them
>>>from
>>>their machines using the Windows password change - but they are
>>>notified
>>>to change them by when they expire.
>>>
>>>Anyway, my attempts to follow the howto hit a roadblock at "3 LDAP
>>>Server configuration". Neither slapindex nor slapd will run. It
>>> looks
>>>like it doesn't like something about my root password, but I'm not
>>>sure
>>>what it wants (I'm no expert on LDAP).  :)
>>>
>>>Slapindex complains "bad configuration file". Slapd gives the more
>>>detailed:
>>> line 65 (rootpw ***)
>>> /etc/ldap/slapd.conf: line 65: rootpw can only be set when rootdn
>>> is
>>>under suffix
>>>
>>>I've attached my slapd.conf file if that is of any assistance. Any
>>>help
>>>will be greatly appreciated.
>>>
>>>
>>>Louis van Belle wrote:
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>[..snip..]
>>
>>humm well looking at the config file the first thing that i notice is
>>this
>>...
>>
>># The base of your directory in database #1
>>suffix  "dc=rahim-dale,dc=org"
>>rootdn"cn=admin,dc=toronto,dc=ontario,dc=ca"
>>
>>
>>your root dn isn't in the base of your ldap tree, this should probuly
>>be
>>something like ...
>>
>>suffix  "dc=rahim-dale,dc=org"
>>rootdn"cn=admin,dc=rahim-dale,dc=org"
>>
>>try it n let us know what happens :).
>>
>>HTH
>>
>>Matt.
>>
>>
>>
>>
>>
>>
>>
>You got it in one!  I've got slapd running.
>
>Now I'm stuck at "5.4 set the samba ldap admin password". I can set
> the
>admin password and get the expected response, but when I try
>"smbldap-populate -a Administrator -b nobody -u 2000 -g 2000", it
> fails
>to add the various groups. I get "failed to add entry: modifications
>require authentication at /usr/sbin/smbldap-populate line 460, 
>line 3." for each ou= it tries to add.
>
>Any ideas?
>
>
>
>
the smbldap-populate scripts requires authentication to the ldap server
there is probuly a problem with the login you have set in smbldap.conf
 ..
if you have set any at!

i would recommend looking through the smbldap-tools howto at
http://samba.idealx.org/smbldap-tools.en.html
and see if there is anything you have missed out, but the first thing i
would try is this ..

...
3 Configuring the smbldap-tools
As mentioned in the previous section, you'll have to update two
configuration files. The first (smbldap.conf) allows you to set global
parameter that are readable by everybody, and the second
(smbldap_bind.conf) defines two administrative accounts to bind to a
slave
and a master ldap server: this file must thus be readable only by root.
 A
script is named configure.pl can help you to set their contents up. It
 is
located in the tarball downloaded or in the documentation directory if
you
got the RPM archive (see /usr/share/doc/smbldap-tools/). Just invoke
 it:

/usr/share/doc/smbldap-tools/configure.pl
...

note : the smbldap-tools dir might not be located in your
 /usr/share/doc/
directory.

if this doesn't work you could attach your smbldap config file (with
 the
passwd taken out of cause) so we can have a little look.

Matt.





>>>I can't see anything wrong with my setup but even when I tweak the
>>>settings a little, I get the same result. Here are: smbldap.conf,
>>>smbldap_bind.conf (with passwords removed) and the smb.conf I'm using
>>>for ldap (renamed right now because I'm keeping my old setup available
>>>until I get this working).
>>>
>>>One issue is my password does have an apostrophe and a period in it. It
>>>shouldn't be an issue because the bind file has them in quotes. I've
>>>also tried them escaped ("\") but that didn't change anything.
>>>
>>>
>>>
>>
>>ok i have looked over everything and the only thing i can see at this
>>moment is this ...
>>
>>in your smbldap_bind.conf file you arn't using a bind dn of
>>cn=admin,dc=family,dc=rahim-dale,dc=org for authentication against the
>>ldap server but the line in the config i gave you before was rootdn
>>"cn=admin,dc=rahim-dale,dc=org" ... when you first setup ldap no accounts
>>exist in the ldap d

[Samba] cannot browse server or see shares

2006-03-26 Thread Jon Miller 
I cannot browse a new samba server nor see the shares.
I have set in each share 
browseable = Yes
and when I run testparm it shows the shares no errors.

The server has 2 nics, but the firewall is shut down for the moment.  Any ideas 
would be greatly appreciated.


Thanks

Jon





I cannot browse a new samba server nor see the shares.
I have set in each share 
browseable = Yes
and when I run testparm it shows the shares no errors.
 
The server has 2 nics, but the firewall is shut down for the moment.  
Any ideas would be greatly appreciated.
 
 
Thanks
 
Jon
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Added lp, access denied ?

2006-03-26 Thread Dave S 
Hi all,

I have kubuntu running samba as a file server, I have my wifes kubuntu machine 
as a cllient and my works XP machine as a client. All is well and has worked 
great for some time.

I decided to add a samba printer for XP. I modified smb.conf, I can now see 
the printer on XP, I installed the printer driver 'have disk' all AOK then I 
get a message from XP in what looks like a printer spool box

'epson on dave-comp access denied, unable to connect'

I can still access my samba shares through XP AOK, I must have authenticated 
AOK. I get the feeling it is something really simple.

Cheers

Dave




/var/log/samba/

[2006/03/26 10:26:37, 2] lib/access.c:check_access(324)
  Allowed connection from  (192.168.0.2)
[2006/03/26 10:26:37, 2] smbd/sesssetup.c:setup_new_vc_session(608)
  setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all 
old resources.
[2006/03/26 10:26:37, 2] smbd/sesssetup.c:setup_new_vc_session(608)
  setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all 
old resources.
[2006/03/26 10:27:01, 2] lib/access.c:check_access(324)
  Allowed connection from  (192.168.0.2)
[2006/03/26 10:27:01, 2] smbd/reply.c:reply_special(236)
  netbios connect: name1=DAVE-COMP   name2=WINDOWS
[2006/03/26 10:27:01, 2] smbd/reply.c:reply_special(243)
  netbios connect: local=dave-comp remote=windows, name type = 0


my smb.conf is ...

[global]
comment = Samba Server

netbios name = DAVE-COMP
server string = %v on %L

workgroup = OFFICE
wins support = yes
security = user

# Give Samba more authority in elections as master browser
prefered master = yes
os level = 255

# Max permissions for a share
create mode = 0666
directory mode = 0777

# Only on my LAN
hosts allow = 192.168.0.

# Various system users and superusers cannot be forged for access
invalid users = root bin daemon adm sync shutdown halt mail news uucp 
operator

# Stop symink outside of share tree
wide links = no

# Hide .??? files from windows
hide dot files = yes

# Allow super users dave and vanda access to all
# admin users = dave,vanda


# No oplocks, M$ on system & can be dodgey
level2 oplocks = no
oplocks = no

# Setup logging
syslog = 0
# syslog 3 for more thorough logging to syslog
#syslog = 3
log level = 2

log file = /var/log/samba/log.%m
max log size = 50
debug timestamp = yes

[common]
comment = Common Linux Directory
path = /export/samba/common
read only = no
valid users = @smblinux

[windows]
comment = M$ Directory
path = /export/samba/windows
read only = no
valid users = @smbwindows

[archive]
comment = Archive Directory
# Permissions when creating files in this share
create mode = 0660
directory mode = 0777
path = /export/samba/archive
read only = no
valid users = @smblinux

[epson]
printable = yes
print command = /usr/bin/lpr -P%p -r %s
printer = smb_epson
printing = BSD
path = /var/tmp
valid users = @smbwindows

  
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba