Re: SOLVED! Re: [Samba] Files are being saved as read-only
On Mon, 26 Jun 2006, Rob Tanner wrote: It turns out that the problem is a Microsoftism since it only happens with Office documents. It also tiurns out that only if profile acls is set to 'yes' in smb.conf do you see the problem. Set it to 'no' and no problem. Wierd eh?? I believe I remember hearing somewhere that, instead of (the Win32 equivalent of) "open(); write(); write(); write(); close();", lots of MS products first create a new file, then write the save data to the new file, then remove the old file, then rename the new to have the same name as the old[1]. The point being, when these apps are saving a file, they're not updating an existing file; instead, they're CREATING a new file. So, I would check if new files are created read-only by default; maybe that is the real problem. - Logan [1] There is some benefit to this approach: you've always got a complete copy of the file on disk at any given time, for one thing. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] smbldap-passwd and uppercased schemes
Hey everyone, I'm looking at the IDEALX smbldap-passwd script (the version which comes with samba 3.0.22, in the examples directory), and it seems to want to set the password scheme to an uppercase string, i.e.: {CRYPT}foobarfoobar {MD5}barfoobarfoo However, looking at RFC 2307 ( http://www.ietf.org/rfc/rfc2307.txt ), in section 5.3, it would appear that these are supposed to be lowercase, like this: {crypt}foobarfoobar {md5}barfoobarfoo So, my question is, is the scheme case-sensitive? The RFC doesn't give any indication that case is irrelevant, but smbldap-passwd uses uppercase and (presumably) gets away with it. Obviously I easily hack the script to fix this, but I only want to do that if it's really necessary -- I like to stick with vanilla versions of things unless there's a good reason not to. - Logan -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
SOLVED! Re: [Samba] Files are being saved as read-only
Folks, It turns out that the problem is a Microsoftism since it only happens with Office documents. It also tiurns out that only if profile acls is set to 'yes' in smb.conf do you see the problem. Set it to 'no' and no problem. Wierd eh?? Thanks, Rob Rob Tanner said the following on 06/26/2006 02:45 PM: Hi, I'm using extended ACLs and winbind so that file ownerships and permissions are directly tied to domain accounts (e.g., owner is MYDOMAIN\myname). My problem is that when a user opens up, modifies, and then saves the file, the user's UNIX level permissions change from 'rw-' to 'r--' -- in other words, the write permission gets dropped. I've played with the basic and extended permissions of the parent folder, and I've looked at the masks in smb.conf, but nothing I've done so far has resolved the issue Any idea what's going on or what might be causing this? Thanks. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Memory leak in 3.0.22?
Jeremy Allison wrote: On Sun, Jun 25, 2006 at 10:48:35PM +0100, Mark Cullen wrote: Hi, I have just switched from FreeBSD 4.11 using 3.0.21b to NetBSD 3.0.1 using 3.0.22. With the same configuration, and the same clients, I am now seeing what appears to be some rather large memory leakage [ I am not sure if this is the fault of Samba or NetBSD ]. Eventually the process will run out of memory (machine only has 256MB of RAM) and the Windows clients (2000, SP4 and all the latest updates) pop up a message: "Insufficient system resources exist to complete the requested service" At which point the Samba server becomes unresponsive to the current user logged in. At the same time, I am seeing alot of errors in the logs regarding memory allocation errors: Try doing a smbcontrol pool-usage to get the amount of memory in the talloc pools. I doubt this is a Samba bug as such a problem has not been widely reported on other platforms. I think you may well be right. There was a memory leak in telldir() reported about 2 years ago that remains unfixed. I applied the patches in the PR [1] and it appears to have, at the very least, significantly reduced the leak. I am now able to hold F5 to refresh (Windows explorer) on a Samba share and the memory usage no longer constantly increases at least! I still seem to be seeing a bit of memory not being free'd (I think) when I copy a large directory tree, but if I then copy that same tree *again* it does not use any more memory. I think maybe it might get free'd eventually possibly. Time shall tell. Anyhow, apologies for the noise! Is there a MALLOC_DEBUG option in the NetBSD malloc that will dump out where the memory is going ? Jeremy. [1] http://mail-index.netbsd.org/netbsd-bugs/2004/02/05/0008.html -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Samba and trusted domains
Hi All, I installed samba 3.0.22 and join it to Win2003 AD domain. Users from my domain can access the samba shares successfully. My problem is that users from trusted domains can not access to my samba shares Wbinfo -m - show all the trusted domains Wbinfo -u - show all the users include the trusted domains users. Any Idea? My smb.conf global parameters: # Global parameters [global] allow trusted domains = yes netbios name = tiger realm = ITGIL.COM security = ADS encrypt passwords = yes wins server = 172.18.1.126 workgroup = ITGIL debug level = 3 idmap uid = 1-2 idmap gid = 1-2 winbind separator = \ winbind enum users = yes winbind enum groups = yes winbind use default domain = Yes winbind trusted domains only = Yes browsable = yes guest ok = yes The log.smbd: [2006/06/26 08:29:18, 3] smbd/process.c:check_reload(1428) Printcap cache time expired. [2006/06/26 08:29:18, 3] printing/pcap.c:pcap_cache_reload(117) reloading printcap cache [2006/06/26 08:29:18, 3] printing/print_svid.c:sysv_cache_reload(72) No Printers found!!! [2006/06/26 08:29:18, 3] printing/pcap.c:pcap_cache_reload(223) reload status: error [2006/06/26 08:29:18, 3] printing/pcap.c:pcap_cache_reload(117) reloading printcap cache [2006/06/26 08:29:18, 3] printing/print_svid.c:sysv_cache_reload(72) No Printers found!!! [2006/06/26 08:29:18, 3] printing/pcap.c:pcap_cache_reload(223) reload status: error [2006/06/26 08:29:18, 3] smbd/oplock.c:init_oplocks(871) open_oplock_ipc: initializing messages. [2006/06/26 08:29:18, 3] smbd/process.c:process_smb(1194) Transaction 0 of length 137 [2006/06/26 08:29:18, 3] smbd/process.c:switch_message(993) switch message SMBnegprot (pid 14477) conn 0x0 [2006/06/26 08:29:18, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2006/06/26 08:29:18, 3] smbd/negprot.c:reply_negprot(486) Requested protocol [PC NETWORK PROGRAM 1.0] [2006/06/26 08:29:18, 3] smbd/negprot.c:reply_negprot(486) Requested protocol [LANMAN1.0] [2006/06/26 08:29:18, 3] smbd/negprot.c:reply_negprot(486) Requested protocol [Windows for Workgroups 3.1a] [2006/06/26 08:29:18, 3] smbd/negprot.c:reply_negprot(486) Requested protocol [LM1.2X002] [2006/06/26 08:29:18, 3] smbd/negprot.c:reply_negprot(486) Requested protocol [LANMAN2.1] [2006/06/26 08:29:18, 3] smbd/negprot.c:reply_negprot(486) Requested protocol [NT LM 0.12] [2006/06/26 08:29:18, 3] smbd/negprot.c:reply_nt1(357) using SPNEGO [2006/06/26 08:29:18, 3] smbd/negprot.c:reply_negprot(579) Selected protocol NT LM 0.12 [2006/06/26 08:29:18, 3] smbd/process.c:process_smb(1194) Transaction 1 of length 240 [2006/06/26 08:29:18, 3] smbd/process.c:switch_message(993) switch message SMBsesssetupX (pid 14477) conn 0x0 [2006/06/26 08:29:18, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2006/06/26 08:29:18, 3] smbd/sesssetup.c:reply_sesssetup_and_X(822) wct=12 flg2=0xc807 [2006/06/26 08:29:18, 2] smbd/sesssetup.c:setup_new_vc_session(772) setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all old resources. [2006/06/26 08:29:18, 3] smbd/sesssetup.c:reply_sesssetup_and_X_spnego(633) Doing spnego session setup [2006/06/26 08:29:18, 3] smbd/sesssetup.c:reply_sesssetup_and_X_spnego(664) NativeOS=[Windows 2002 Service Pack 2 2600] NativeLanMan=[Windows 2002 5.1] PrimaryDomain=[] [2006/06/26 08:29:18, 3] smbd/sesssetup.c:reply_spnego_negotiate(525) Got OID 1 3 6 1 4 1 311 2 2 10 [2006/06/26 08:29:18, 3] smbd/sesssetup.c:reply_spnego_negotiate(528) Got secblob of size 40 [2006/06/26 08:29:18, 3] libsmb/ntlmssp.c:debug_ntlmssp_flags(63) Got NTLMSSP neg_flags=0xe2088297 [2006/06/26 08:29:18, 3] smbd/process.c:process_smb(1194) Transaction 2 of length 368 [2006/06/26 08:29:18, 3] smbd/process.c:switch_message(993) switch message SMBsesssetupX (pid 14477) conn 0x0 [2006/06/26 08:29:18, 3] smbd/sec_ctx.c:set_sec_ctx(288) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2006/06/26 08:29:18, 3] smbd/sesssetup.c:reply_sesssetup_and_X(822) wct=12 flg2=0xc807 [2006/06/26 08:29:18, 2] smbd/sesssetup.c:setup_new_vc_session(772) setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all old resources. [2006/06/26 08:29:18, 3] smbd/sesssetup.c:reply_sesssetup_and_X_spnego(633) Doing spnego session setup [2006/06/26 08:29:18, 3] smbd/sesssetup.c:reply_sesssetup_and_X_spnego(664) NativeOS=[Windows 2002 Service Pack 2 2600] NativeLanMan=[Windows 2002 5.1] PrimaryDomain=[] [2006/06/26 08:29:18, 3] libsmb/ntlmssp.c:ntlmssp_server_auth(662) Got user=[test1] domain=[EUROPE] workstation=[IL-EX-TEST2] len1=24 len2=24 [2006/06/26 08:29:18, 3] auth/auth.c:check_ntlm_password(219) check_ntlm_password: Checking password f
[Samba] help in printer sharing - reg
Dear Sir, I have installed samba and i am having a problem with sharing printers in linux using samba, could you please help me in configuring samba for network printers in linux. Thanks & Regards Mohanraj P System Manager Kongu Arts & Science College Erode - 638 107. Tamil Nadu -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Active Directory Primary group dont' show users
this is not fully implemented yet. See here: http://groups.google.com.au/group/linux.samba/browse_thread/thread/ a464f34c32de1184/4d20dc2e81cd2034? lnk=st&q=samba+domain+users+group+no+members&rnum=3&hl=en#4d20dc2e81cd20 34 cheers GS On 23 Jun 2006, at 20:44, Ashish Tyagi wrote: Hi all I have configured samba 3.0.11 in a windows 2003 domain as a domain member (security=ads).issue is, when i issue command getent group |grep domain users it shows DOMAIN+domain users:x:1004: it don't shows any user in this group while this group contains all the users in domain.it is primary group of all the users. if i set primary group of a user to something else then it shows user in 'domain user' group. Thanks Ashish -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] NT_STATUS_SHARING_VIOLATION when trying to delete files
-Original Message- From: Jeremy Allison [mailto:[EMAIL PROTECTED] Sent: Monday, June 26, 2006 10:47 AM To: Peeler, Wade M. Cc: samba@lists.samba.org Subject: Re: [Samba] NT_STATUS_SHARING_VIOLATION when trying to delete files On Mon, Jun 26, 2006 at 10:36:57AM -0600, Peeler, Wade M. wrote: > No help for me? > > My samba version is 3.0.4-SUSE It might help if you upgrade to a later version, or help us try out 3.0.23RC3 Jeremy. Alright, my IT guy said he would update to the current version next week, so I'll try that out. Wade -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Files are being saved as read-only
Hi, I'm using extended ACLs and winbind so that file ownerships and permissions are directly tied to domain accounts (e.g., owner is MYDOMAIN\myname). My problem is that when a user opens up, modifies, and then saves the file, the user's UNIX level permissions change from 'rw-' to 'r--' -- in other words, the write permission gets dropped. I've played with the basic and extended permissions of the parent folder, and I've looked at the masks in smb.conf, but nothing I've done so far has resolved the issue Any idea what's going on or what might be causing this? Thanks. -- Rob Tanner UNIX Services Manager Linfield College, McMinnville OR -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] samba-3.0.22 with Heimdal Kerberos - compilation problem
Logan Shaw wrote: On Sat, 24 Jun 2006, Doug VanLeuven wrote: Nir Barkan wrote: I'm trying to compile samba-3.0.22 with Heimdal Kerberos on Solaris 8 When I configure & compile from non -standard libs, I explicitly set the paths required. Some people like to put it on the command line, but I created a shell script to invoke configure with my required options and compiler flags. These are commented on at the end of output from "./configure --help" #!/bin/sh export LIBS="-L/usr/local/ldap/lib -L/usr/local/lib" export CFLAGS="-O2 -L/usr/local/ldap/include -I/usr/local/include" ^^ -I/usr/local/ldap/include export CPPFLAGS="-I/usr/local/ldap/include" ./configure \ (flag1=opt) \ (flag2=opt) On Solaris, you may want to do a "-R" for every "-L" you do (if using shared libraries); this will embed the path into the executable so that you don't have to LD_LIBRARY_PATH nonsense. To the original person with the problem: if you could post your compiler command line (the gcc or cc that actually generates that error message), that might help, since it would be nice to see what -I arguments and so on that the Makefile is passing it. Also, by the way, export FOO="bar" isn't legal Bourne shell syntax. It works in ksh and bash, but in sh you need FOO="bar" ; export FOO or similar. Of course, on a Linux system /bin/sh often is something other than straight Bourne shell, but if you're relying on non-Bourne shell features, you should put #!/bin/bash or something. Not that it matters a whole heck of a lot in a script that is designed to wrap "configure", though... OK OK, I stand corrected. It's just that it's been years since I worked on a system that doesn't link sh to ksh or bash. I forgot the original vi would bring one out of insert mode if one tried to move past the ends of the line too. Thanks for the tip about the -R (-rpath) in LIBS. I've just been plugging away with the LD_LIBRARY_PATH or OS equivalent. Just never occurred to me. I'll try that someday. If one overrides for configure, in samba compiles, the Makefile gets setup correctly to just run make later. So it does matter. At least I can correct the typo in the CFLAGS. No matter how many times I look at cut & paste, I usually miss something before posting. Regards, Doug -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] add machine account + ldap (again)
Edmundo Valle Neto escreveu: Geraldo Coelho escreveu: Hi all, I have a problem. I need to create an account machine with samba. The smbldap-useradd created the account, but only an unix account, like this: dn: uid=notedell$,ou=computers,dc=grupora,dc=com,dc=br objectClass: top objectClass: inetOrgPerson objectClass: posixAccount cn: notedell$ sn: notedell$ uid: notedell$ uidNumber: 15025 gidNumber: 515 homeDirectory: /dev/null loginShell: /bin/false description: Computer gecos: Computer How are you doing that? The "recommended" add machine script only does that what you are seeing. If you execute: smbldap-useradd -w machinename it will only create the account with posix attributes. As stated in the smbldap-tools documentation: "The script defined with the add machine script MUST NOT add the sambaSAMAccount objectclass of the machine account. The script must only add the Posix machine account. Samba will add the sambaSAMAccount when joining the domain." Look at an example of smbldap-useradd beeing executed through "add machine script" option: A samba log with a level 3 output: ... [2006/06/26 14:47:28, 3] rpc_server/srv_samr_nt.c:_samr_create_user(2324) _samr_create_user: Running the command `/usr/sbin/smbldap-useradd -w "testmachine$"' gave 0 ... [2006/06/26 14:47:28, 3] passdb/pdb_ldap.c:ldapsam_add_sam_account(1832) ldapsam_add_sam_account: User exists without samba attributes: adding them [2006/06/26 14:47:28, 2] passdb/pdb_ldap.c:init_ldap_from_sam(912) init_ldap_from_sam: Setting entry for user: testmachine$ [2006/06/26 14:47:28, 2] passdb/pdb_ldap.c:ldapsam_add_sam_account(1942) ldapsam_add_sam_account: added: uid == testmachine$ in the LDAP database ... So, "User exists without samba attributes: adding them", isnt the script that creates the samba attributes, samba do that. But, the samba doesn't created an valid account. Like this: dn: uid=notedell$,ou=Computers,dc=grupora,dc=com,dc=br uid: notedell$ sambaSID: S-1-5-21-243819190-2830005574-892836686-31036 sambaPrimaryGroupSID: S-1-5-21-243819190-2830005574-892836686-515 objectClass: sambaSamAccount objectClass: account displayName: NOTEDELL$ sambaPwdCanChange: 1150829558 sambaPwdMustChange: 2147483647 sambaNTPassword: D7CD95C07847C9DD38F14D8751D0B8F4 sambaPwdLastSet: 1150829558 sambaAcctFlags: [W ] Well, it should. so, windows rejects my login with a "bad password" error and doesn't join the domain I'm using user id = 0 (root) Does your root account have both posix and samba attributes? Have you configured the "add * script" and the ldap options properly? Have you added the ldap admin password to samba (smbpasswd -w yourldappassword)? What your logs say? Someone knows what's happening. Thanks in advance -- -- No virus found in this outgoing message. Checked by AVG Free Edition. Version: 7.1.394 / Virus Database: 268.9.4/375 - Release Date: 25/6/2006 OR if you want to do that by hand: smbldap-useradd -w -i machinename then put a blank password then join the workstation without typing a username or password. Regards. Edmundo Valle Neto Only to correct the last bullshit that I writed :) -i is for interdomain trust accounts To create a machine trust account by hand in LDAP: smbldap-useradd -w machinename smbpasswd -a -m machinename$ then join with a user that have rights to do it. Edmundo Valle Neto -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba WINS Questions
Maybe Samba4Wins could be used? http://enterprisesamba.org/index.php?id=88 Cheers, henrik 26 jun 2006 kl. 21:23 skrev Logan Shaw: On Mon, 26 Jun 2006, Vincent Fonteneau wrote: I'm using Samba 3.0.21c with PDC and severals BDC in different subnets. I'm triing to use Wins servers on all the BDC servers and on the PDC. The problems occurs in the network browsing. Hopefully someone will correct me if I'm wrong (please...), but as far as I know, the only valid WINS configuration is to have exactly one WINS server for a given domain. WINS servers can't sync, so if you have more than one, you would have two different, inconsistent view of the NetBIOS names available within the domain. - Logan -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Perl file conversion (dos2unix)
Logan Shaw escreveu: On Thu, 22 Jun 2006, [EMAIL PROTECTED] wrote: In samba digest volume 1 #199 there is a post entitled "Plain text file transfer problem". In there it states that there is a perl script that will do file translations from dos to unix. Would it be possible for me to get a copy of that? You might like this? perl -pe 's/\r//g' foo.dos.txt > foo.unix.txt All you have to do to convert a DOS text file to Unix is remove the carriage returns; that leaves you with linefeeds only, which is what Unix uses. - Logan Some distributions have precompiled packages with tools called "todos/fromdos" or "dos2unix/unix2dos" already that is used for that type of conversion too. Edmundo Valle Neto -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Memory leak in 3.0.22?
On Sun, Jun 25, 2006 at 10:48:35PM +0100, Mark Cullen wrote: > Hi, > > I have just switched from FreeBSD 4.11 using 3.0.21b to NetBSD 3.0.1 > using 3.0.22. With the same configuration, and the same clients, I am > now seeing what appears to be some rather large memory leakage [ I am > not sure if this is the fault of Samba or NetBSD ]. Eventually the > process will run out of memory (machine only has 256MB of RAM) and the > Windows clients (2000, SP4 and all the latest updates) pop up a message: > > "Insufficient system resources exist to complete the requested service" > > At which point the Samba server becomes unresponsive to the current user > logged in. At the same time, I am seeing alot of errors in the logs > regarding memory allocation errors: Try doing a smbcontrol pool-usage to get the amount of memory in the talloc pools. I doubt this is a Samba bug as such a problem has not been widely reported on other platforms. Is there a MALLOC_DEBUG option in the NetBSD malloc that will dump out where the memory is going ? Jeremy. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] 10-fold speed drop while transferring large files from Windows to Samba server
On Sun, Jun 25, 2006 at 05:04:11PM -0400, Dmitri Pechkin wrote: > Hi All, > > I have a Linux box (P3-800MHz/196MB RAM/10GB+320GB) running Samba > 3.0.22 server and a Windows XP (P3-800MHz/512MB RAM/200GB) client. > > The transfer speed (both ways) is about 5-7 MB/s when file is smaller > than 700MB. For larger files there is a difference: when the Win client > writes a file on the small Linux disk (10GB) the speed is as above. But > when I copy, let's say, a 1.5GB file from Win to the 320GB disk on > Linux the speed is 7 MB/s for the first 50% of the trasfer and then it > drops down to 600 KB/s. Here is an vmstat log of the session: vmstat doesn't help. What would help is an ethereal trace of the initial open I'm wondering if it has FILE_WRITE_THROUGH set on the inital create ? > socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 This is voodoo - no reason to set these that I can see. Please delete this. Jeremy. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] add machine account + ldap (again)
Geraldo Coelho escreveu: Hi all, I have a problem. I need to create an account machine with samba. The smbldap-useradd created the account, but only an unix account, like this: dn: uid=notedell$,ou=computers,dc=grupora,dc=com,dc=br objectClass: top objectClass: inetOrgPerson objectClass: posixAccount cn: notedell$ sn: notedell$ uid: notedell$ uidNumber: 15025 gidNumber: 515 homeDirectory: /dev/null loginShell: /bin/false description: Computer gecos: Computer How are you doing that? The "recommended" add machine script only does that what you are seeing. If you execute: smbldap-useradd -w machinename it will only create the account with posix attributes. As stated in the smbldap-tools documentation: "The script defined with the add machine script MUST NOT add the sambaSAMAccount objectclass of the machine account. The script must only add the Posix machine account. Samba will add the sambaSAMAccount when joining the domain." Look at an example of smbldap-useradd beeing executed through "add machine script" option: A samba log with a level 3 output: ... [2006/06/26 14:47:28, 3] rpc_server/srv_samr_nt.c:_samr_create_user(2324) _samr_create_user: Running the command `/usr/sbin/smbldap-useradd -w "testmachine$"' gave 0 ... [2006/06/26 14:47:28, 3] passdb/pdb_ldap.c:ldapsam_add_sam_account(1832) ldapsam_add_sam_account: User exists without samba attributes: adding them [2006/06/26 14:47:28, 2] passdb/pdb_ldap.c:init_ldap_from_sam(912) init_ldap_from_sam: Setting entry for user: testmachine$ [2006/06/26 14:47:28, 2] passdb/pdb_ldap.c:ldapsam_add_sam_account(1942) ldapsam_add_sam_account: added: uid == testmachine$ in the LDAP database ... So, "User exists without samba attributes: adding them", isnt the script that creates the samba attributes, samba do that. But, the samba doesn't created an valid account. Like this: dn: uid=notedell$,ou=Computers,dc=grupora,dc=com,dc=br uid: notedell$ sambaSID: S-1-5-21-243819190-2830005574-892836686-31036 sambaPrimaryGroupSID: S-1-5-21-243819190-2830005574-892836686-515 objectClass: sambaSamAccount objectClass: account displayName: NOTEDELL$ sambaPwdCanChange: 1150829558 sambaPwdMustChange: 2147483647 sambaNTPassword: D7CD95C07847C9DD38F14D8751D0B8F4 sambaPwdLastSet: 1150829558 sambaAcctFlags: [W ] Well, it should. so, windows rejects my login with a "bad password" error and doesn't join the domain I'm using user id = 0 (root) Does your root account have both posix and samba attributes? Have you configured the "add * script" and the ldap options properly? Have you added the ldap admin password to samba (smbpasswd -w yourldappassword)? What your logs say? Someone knows what's happening. Thanks in advance -- -- No virus found in this outgoing message. Checked by AVG Free Edition. Version: 7.1.394 / Virus Database: 268.9.4/375 - Release Date: 25/6/2006 OR if you want to do that by hand: smbldap-useradd -w -i machinename then put a blank password then join the workstation without typing a username or password. Regards. Edmundo Valle Neto -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba WINS Questions
On Mon, 26 Jun 2006, Vincent Fonteneau wrote: I'm using Samba 3.0.21c with PDC and severals BDC in different subnets. I'm triing to use Wins servers on all the BDC servers and on the PDC. The problems occurs in the network browsing. Hopefully someone will correct me if I'm wrong (please...), but as far as I know, the only valid WINS configuration is to have exactly one WINS server for a given domain. WINS servers can't sync, so if you have more than one, you would have two different, inconsistent view of the NetBIOS names available within the domain. - Logan -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] samba-3.0.22 with Heimdal Kerberos - compilation problem
On Sat, 24 Jun 2006, Doug VanLeuven wrote: Nir Barkan wrote: I'm trying to compile samba-3.0.22 with Heimdal Kerberos on Solaris 8 When I configure & compile from non -standard libs, I explicitly set the paths required. Some people like to put it on the command line, but I created a shell script to invoke configure with my required options and compiler flags. These are commented on at the end of output from "./configure --help" #!/bin/sh export LIBS="-L/usr/local/ldap/lib -L/usr/local/lib" export CFLAGS="-O2 -L/usr/local/ldap/include -I/usr/local/include" export CPPFLAGS="-I/usr/local/ldap/include" ./configure \ (flag1=opt) \ (flag2=opt) On Solaris, you may want to do a "-R" for every "-L" you do (if using shared libraries); this will embed the path into the executable so that you don't have to LD_LIBRARY_PATH nonsense. To the original person with the problem: if you could post your compiler command line (the gcc or cc that actually generates that error message), that might help, since it would be nice to see what -I arguments and so on that the Makefile is passing it. Also, by the way, export FOO="bar" isn't legal Bourne shell syntax. It works in ksh and bash, but in sh you need FOO="bar" ; export FOO or similar. Of course, on a Linux system /bin/sh often is something other than straight Bourne shell, but if you're relying on non-Bourne shell features, you should put #!/bin/bash or something. Not that it matters a whole heck of a lot in a script that is designed to wrap "configure", though... - Logan -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Perl file conversion (dos2unix)
On Thu, 22 Jun 2006, [EMAIL PROTECTED] wrote: In samba digest volume 1 #199 there is a post entitled "Plain text file transfer problem". In there it states that there is a perl script that will do file translations from dos to unix. Would it be possible for me to get a copy of that? You might like this? perl -pe 's/\r//g' foo.dos.txt > foo.unix.txt All you have to do to convert a DOS text file to Unix is remove the carriage returns; that leaves you with linefeeds only, which is what Unix uses. - Logan -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Re: samba 3.0.20 + squid 2.5 : automatic logon withinternetexplorer
after #net join Success in line command.I am searching the good sentence for squid.confwith, or not with that : --helper-protocol=squid-2.5-ntlmsspan idea ?"Rodolphe A." <[EMAIL PROTECTED]> wrote in message news:[EMAIL PROTECTED]> thanks for answer. > > my problem : > > after start winbind, i have tested > #/usr/bin/ntlm_auth "PARIS.VISEO.NET" --username=root > NT_STATUS_CANT_ACCESS_DOMAIN_INFO: NT_STATUS_CANT_ACCESS_DOMAIN_INFO > (0xc0da) > > the server squid is samba pdc. > > > > > > "Robert Schetterer" <[EMAIL PROTECTED]> wrote in message > news:[EMAIL PROTECTED] > > -BEGIN PGP SIGNED MESSAGE- > > Hash: SHA1 > > > > Rodolphe A. schrieb: > > > hello, > > > > > > samba is setup PDC with ldap > > > > > > client : windows xp pro sp2 > > > server : samba 3.0.20 + openldap 2.2 + squid 2.5stable14 + squidGuard > > > > > > is it possible to create an automatic logon with internet explorer ? > > > > > > perhaps with ntlm_auth, but i can't find the good sentence. > > > > > > > > > thanks. > > > > > > > > > > > > > > Hi, i ve did right this and i works now perfekt for nearly a year. > > But you have many choises to realize this. > > The setup which will include all possible features with a smb pdc ( with > > ldap )is like this. > > If you use firefox or ie with the automatic search proxy setting > > the search to files like proxy.dat , proxy.pac > > wpad.dat on a webserver on the gateway of the lokal network, these > > files held the data which where the browser will find the proxy. > > Additional you hav to have entries in you internal > > dns like > > wpad.tcpSRV 0 0 80 wpad > > wpadA 192.168.110.1 > > TXT "service: > > wpad:!http://intranet.gundk.intern:80/proxy.pac"; > > and on the internal dhcp server > > like this > > option wpad code 252 = text; > > option wpad "http://192.168.110.1/proxy.pac\n";; > > you can find faqs an doku about this on the squid side. > > I have implemented different groups > > in the win domain like wwwuser , which can join the internet via proxy , > > and a group filteroveride to join directly www without using > > squidguard ( for admins etc ). > > So you can manage the groups out from usrmgr. > > > > so i have entries like this in squid.conf > > > > # user group which are allowed to access the internet in general > > > > auth_param ntlm program /usr/bin/ntlm_auth > > - --helper-protocol=squid-2.5-ntlmssp > > - --require-membership-of=S-1-5-21-3962140368-478742891-1658383817-3001 > > auth_param basic program /usr/bin/ntlm_auth > > - --helper-protocol=squid-2.5-basic > > - --require-membership-of=S-1-5-21-3962140368-478742891-1658383817-3001 > > auth_param basic children 5 > > > > # auth_param ntlm use_ntlm_negotiate on > > # auth_param ntlm max_challenge_reuses 0 > > auth_param ntlm max_challenge_lifetime 15 minutes > > > > auth_param basic realm Squid proxy-caching web server > > auth_param basic credentialsttl 2 hours > > acl user proxy_auth REQUIRED > > http_access allow user > > > > #pam auth agains a system group works here too (nss_ldap), we use it to > > overide the redirector vor vips > > > > external_acl_type unix_group %LOGIN /usr/sbin/squid_unix_group -g > wwwdirect > > acl direct external unix_group wwwdirect > > redirector_access deny direct > > always_direct allow direct > > http_access allow direct > > > > as you see i used the sid of the nt groups , cause their names didint > > work, to overide the squidgauard i use a system group which is tha same > > as a nt group cause there is mapping over nss_ldap > > ( other setups may be better but this works ) > > > > the i configured winbind to use the lokal smb pdc ( just join your own > > domain )...im not sure why i did this but i think it was a must with > > squid , squid must run with a user that is able to join the winbind > > socket ( see squid, samba doku ) > > After all you need a few iptables rules to forbid bypass the proxy. > > > > note you cant use squid auth with a transparent proxy squid setup! > > But if you dont need auth and the group stuff > > a setup with a squid transparent proxy and iptables is much more easy to > > implement automatic filtering ( see squid faqs how to do this ), if you > > do so you can only manage things with the source ip of the client > > computer , but not by user name or group auth. > > > > ( dont copy and paste this , read the faqs ) > > Best Regards > > > > - -- > > Mit freundlichen Gruessen > > Best Regards > > Robert Schetterer > > > > robert_at_schetterer_dot_org > > Munich / Bavaria / Germany > > https://www.schetterer.org > > https://www.schetterer.com/public-gpg-robert-schetterer.key > > -BEGIN PGP SIGNATURE- > > Version: GnuPG v1.4.3 (MingW32) > > > > iD8DBQFEn6DeNxddAhXBw7QRAg3UAJ4rvf4cloRykMkbpWoyfEK+EEeRkQCfQB+s > > kf/FSvVp4RbIfgdY6pj1Hmw= > > =RYf+ > > -END PGP SIGNATURE- > > > > -- > > Diese Nachricht wurde auf Viren und andere gefährliche In
[Samba] Re: samba 3.0.20 + squid 2.5 : automatic logon with internetexplorer
thanks for answer. my problem : after start winbind, i have tested #/usr/bin/ntlm_auth "PARIS.VISEO.NET" --username=root NT_STATUS_CANT_ACCESS_DOMAIN_INFO: NT_STATUS_CANT_ACCESS_DOMAIN_INFO (0xc0da) the server squid is samba pdc. "Robert Schetterer" <[EMAIL PROTECTED]> wrote in message news:[EMAIL PROTECTED] > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA1 > > Rodolphe A. schrieb: > > hello, > > > > samba is setup PDC with ldap > > > > client : windows xp pro sp2 > > server : samba 3.0.20 + openldap 2.2 + squid 2.5stable14 + squidGuard > > > > is it possible to create an automatic logon with internet explorer ? > > > > perhaps with ntlm_auth, but i can't find the good sentence. > > > > > > thanks. > > > > > > > > > Hi, i ve did right this and i works now perfekt for nearly a year. > But you have many choises to realize this. > The setup which will include all possible features with a smb pdc ( with > ldap )is like this. > If you use firefox or ie with the automatic search proxy setting > the search to files like proxy.dat , proxy.pac > wpad.dat on a webserver on the gateway of the lokal network, these > files held the data which where the browser will find the proxy. > Additional you hav to have entries in you internal > dns like > wpad.tcpSRV 0 0 80 wpad > wpadA 192.168.110.1 > TXT "service: > wpad:!http://intranet.gundk.intern:80/proxy.pac"; > and on the internal dhcp server > like this > option wpad code 252 = text; > option wpad "http://192.168.110.1/proxy.pac\n";; > you can find faqs an doku about this on the squid side. > I have implemented different groups > in the win domain like wwwuser , which can join the internet via proxy , > and a group filteroveride to join directly www without using > squidguard ( for admins etc ). > So you can manage the groups out from usrmgr. > > so i have entries like this in squid.conf > > # user group which are allowed to access the internet in general > > auth_param ntlm program /usr/bin/ntlm_auth > - --helper-protocol=squid-2.5-ntlmssp > - --require-membership-of=S-1-5-21-3962140368-478742891-1658383817-3001 > auth_param basic program /usr/bin/ntlm_auth > - --helper-protocol=squid-2.5-basic > - --require-membership-of=S-1-5-21-3962140368-478742891-1658383817-3001 > auth_param basic children 5 > > # auth_param ntlm use_ntlm_negotiate on > # auth_param ntlm max_challenge_reuses 0 > auth_param ntlm max_challenge_lifetime 15 minutes > > auth_param basic realm Squid proxy-caching web server > auth_param basic credentialsttl 2 hours > acl user proxy_auth REQUIRED > http_access allow user > > #pam auth agains a system group works here too (nss_ldap), we use it to > overide the redirector vor vips > > external_acl_type unix_group %LOGIN /usr/sbin/squid_unix_group -g wwwdirect > acl direct external unix_group wwwdirect > redirector_access deny direct > always_direct allow direct > http_access allow direct > > as you see i used the sid of the nt groups , cause their names didint > work, to overide the squidgauard i use a system group which is tha same > as a nt group cause there is mapping over nss_ldap > ( other setups may be better but this works ) > > the i configured winbind to use the lokal smb pdc ( just join your own > domain )...im not sure why i did this but i think it was a must with > squid , squid must run with a user that is able to join the winbind > socket ( see squid, samba doku ) > After all you need a few iptables rules to forbid bypass the proxy. > > note you cant use squid auth with a transparent proxy squid setup! > But if you dont need auth and the group stuff > a setup with a squid transparent proxy and iptables is much more easy to > implement automatic filtering ( see squid faqs how to do this ), if you > do so you can only manage things with the source ip of the client > computer , but not by user name or group auth. > > ( dont copy and paste this , read the faqs ) > Best Regards > > - -- > Mit freundlichen Gruessen > Best Regards > Robert Schetterer > > robert_at_schetterer_dot_org > Munich / Bavaria / Germany > https://www.schetterer.org > https://www.schetterer.com/public-gpg-robert-schetterer.key > -BEGIN PGP SIGNATURE- > Version: GnuPG v1.4.3 (MingW32) > > iD8DBQFEn6DeNxddAhXBw7QRAg3UAJ4rvf4cloRykMkbpWoyfEK+EEeRkQCfQB+s > kf/FSvVp4RbIfgdY6pj1Hmw= > =RYf+ > -END PGP SIGNATURE- > > -- > Diese Nachricht wurde auf Viren und andere gefährliche Inhalte untersucht > und ist - aktuelle Virenscanner vorausgesetzt - sauber. > > > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] NT_STATUS_SHARING_VIOLATION when trying to delete files
On Mon, Jun 26, 2006 at 10:36:57AM -0600, Peeler, Wade M. wrote: > No help for me? > > My samba version is 3.0.4-SUSE It might help if you upgrade to a later version, or help us try out 3.0.23RC3 Jeremy. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] NT_STATUS_SHARING_VIOLATION when trying to delete files
No help for me? My samba version is 3.0.4-SUSE -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Peeler, Wade M. Sent: Friday, June 23, 2006 3:26 PM To: samba@lists.samba.org Subject: [Samba] NT_STATUS_SHARING_VIOLATION when trying to delete files I searched the archives already and couldn't find an answer to this. I'm running an automated process via a cron job on a SUSE Linux Enterprise Server 9 box. The cron runs a Perl script, which uses the SmbClientParser module. The Perl script grabs files from clients running Windows 2000. The files on the client computers are created by in-house MFC applications on those computers. Occasionally, when the Perl script tries to delete files from the client computers, it gets an NT_STATUS_SHARING_VIOLATION and is unable to delete the file. I sometimes even get this error long after the software on the client that created the file has exited. However, sometimes everything works just fine and the Perl script is able to delete the files without problems. Does anybody know what causes this, or at least can point me in the right direction towards solving this problem? Wade -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Fwd: [Fwd: Re: [Samba] : Win XP Client does not remove directories]]
On Mon, Jun 26, 2006 at 12:18:59PM +0200, Björn Mayer wrote: > Hi @all, > > Can someone please just confirm me, that Samba doesn't remove a > directory in case of a "SET_FILE_INFO"-Request for this directory? > > The following abstract is out of an Ethereal-Log and shows a > SET-FILE-INFO-Request for a directory: Yes, Samba should delete a directory once the delete on close bit is set and the handle is closed. There's code to do this. Jeremy. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Using Security ADS or Domain 3.0.22
Hi list, I'm trying to set upp a simple file server within a Windows 2003 AD domain. Its a FC4 machine with samba 3.0.22. I only need to be able to verify users with their AD account when accessing a Samba share. Can I accomplish this with Security Domain or do I need ADS? Or is there even a simpler way? I've been going through the How-to collection and I'm about 99% done with my Security ADS implementation and it works OK, I just got a little confused about if I really need Security = ADS for this. Any input is appreciated Thanks, Henrik -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] domain_client_validate: unable to validate password for user MACHINE$ in domain DOMAIN to Domain controller \\DC. Error was NT_STATUS_NOLOGON_WORKSTATION_TRUST_ACCOUNT
Hi Samba users - I recently upgraded my domain at home from being controlled by two somewhat messed up Windows DCs (one 2000 and the other 2003, messed up by my own inexpert management..) to a nice clean new single 2003 DC (SBS, if it matters). I rejoined all workstations, including a Redhat Fedora FC3 based machine, to the new domain. (Actually, I migrated all of the Windows workstations and servers, and simply rejoined the Linux machine). Since then, I'm getting lots (roughly 70 per day) of the following message in /var/log/samba/log.hostname where log.hostname is the hostname specific log file for one of the domain member workstations: [2006/06/26 05:18:25, 0] auth/auth_domain.c:domain_client_validate(199) domain_client_validate: unable to validate password for user BEAST5$ in domain FELINESAD2 to Domain controller \\RESET6. Error was NT_STATUS_NOLOGON_WORKSTATION_TRUST_ACCOUNT. I've done several Google searches and found very few mentions of this at all (except for many places where Google has indexed copies of the Samba source code, heh). Since users of that Windows workstation are successfully attaching to Samba shares on that Linux machine, and the Linux machine is able to authenticate those users to the 2003 DC, it seems that the Kerberos setup is complete. Why am I get the errors about the Linux machine being unable to authenticate the Windows workstation's Domain account to the Domain? It ought to be able to (since the Windows workstations is a valid Domain member), and why is it even trying in the first place (since it is a user, not the machine, which is connecting to the shares offered by the Samba server on the Linux machine) ? Thanks -Jay Libove, CISSP Atlanta, GA, US -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] add machine account + ldap (again)
Hi all, I have a problem. I need to create an account machine with samba. The smbldap-useradd created the account, but only an unix account, like this: dn: uid=notedell$,ou=computers,dc=grupora,dc=com,dc=br objectClass: top objectClass: inetOrgPerson objectClass: posixAccount cn: notedell$ sn: notedell$ uid: notedell$ uidNumber: 15025 gidNumber: 515 homeDirectory: /dev/null loginShell: /bin/false description: Computer gecos: Computer But, the samba doesn't created an valid account. Like this: dn: uid=notedell$,ou=Computers,dc=grupora,dc=com,dc=br uid: notedell$ sambaSID: S-1-5-21-243819190-2830005574-892836686-31036 sambaPrimaryGroupSID: S-1-5-21-243819190-2830005574-892836686-515 objectClass: sambaSamAccount objectClass: account displayName: NOTEDELL$ sambaPwdCanChange: 1150829558 sambaPwdMustChange: 2147483647 sambaNTPassword: D7CD95C07847C9DD38F14D8751D0B8F4 sambaPwdLastSet: 1150829558 sambaAcctFlags: [W ] so, windows rejects my login with a "bad password" error and doesn't join the domain I'm using user id = 0 (root) Someone knows what's happening. Thanks in advance -- -- No virus found in this outgoing message. Checked by AVG Free Edition. Version: 7.1.394 / Virus Database: 268.9.4/375 - Release Date: 25/6/2006 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Running multiple samba instances in a Sun Cluster 3.1 env.
We are currently using samba 3.0.22 with a two node SUN 3.1 cluster env. Each node has a unique instance. When the cluster failover to one node, we found that only one instance can run. With 2.2.2, we could run both instance on one node. I heard it might be a problem with the library directory being hard coded with 3.0.22. Does anyone know how I can run both instances? Thanks Richard Thomas IT Infrastructure The Baltimore Sun 410-332-6517 [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] samba rejecting machine accounts
Hi! I use Debian Sarge + Samba 3.0.22 + OpenLDAP 2.2.23 Server for a domain controller. Once a month i have to rejoin windows XP clients to the domain, because samba thinks they're not in the domain(users cannot log in). The error message found in each machine log: _net_auth2: creds_server_check failed. Rejecting auth request from client T2906 machine account T2906$ What's wrong? Thanks! Ferenc Ulrich IT Manager Here's a copy of my smb.conf: [global] workgroup = DOMAIN netbios name = SZERVER enable privileges = yes interfaces = 10.0. server string = Szerver security = user unix password sync = yes passwd program = /usr/sbin/smbldap-passwd -u "%u" passwd chat = "Changing password for*\nNew password*" % n\n "*Retype new password*" %n\n" ldap passwd sync = Yes log level = 3 syslog = 0 log file = /var/log/samba/log.%m max log size = 10 time server = Yes Dos charset = 852 Unix charset = ISO8859-2 logon script = startup.bat logon drive = J: domain logons = Yes os level = 65 preferred master = Yes domain master = Yes wins support = Yes passdb backend = ldapsam:ldap://127.0.0.1/ ldap admin dn = cn=Manager,dc=CSETE,dc=SULINET,dc=HU ldap suffix = dc=CSETE,dc=SULINET,dc=HU ldap group suffix = ou=Groups ldap user suffix = ou=Users ldap machine suffix = ou=Computers ldap ssl = no add user script = /usr/sbin/smbldap-useradd -m "%u" ldap delete dn = Yes add machine script = /usr/sbin/smbldap-useradd -w -i "%u" add group script = /usr/sbin/smbldap-groupadd -p "%g" add user to group script = /usr/sbin/smbldap-groupmod -m "% u" "%g" delete user from group script = /usr/sbin/smbldap-groupmod -x "% u" "%g" set primary group script = /usr/sbin/smbldap-usermod -g "%g" "% u" [homes] comment = repertoire de %U, %u read only = No create mask = 700 directory mask = 0700 browseable = No [netlogon] path = /etc/samba/netlogon/%a/ browseable = No read only = yes [profiles] path = /etc/samba/profiles read only = no create mask = 0600 directory mask = 0700 browseable = No guest ok = Yes profile acls = yes csc policy = disable # next line is a great way to secure the profiles force user = %U # next line allows administrator to access all profiles valid users = %U @"Domain Admins" hide files = /desktop.ini/ [vb] path = /vb browseable = Yes guest ok = Yes read only = No directory mask = 0775 create mask = 0775 [tanarok] path = /tanarok browseable = No guest ok = No read only = No directory mask = 0770 create mask = 0770 valid users = %U @"Domain Admins" invalid users = virusbuster [feladat] path = /feladat browseable = Yes guest ok = Yes read only = No directory mask = 0775 create mask = 0775 read list = virusbuster [vizsga] path = /vizsga browseable = Yes directory mask = 755 create mask = 755 write list = root _ 711 állásajánlat között biztosan találsz olyat, ami Neked is megfelel! http://ad.adverticum.net/b/cl,1,6022,105302,170442/click.prm -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Unable to cancel print-jobs with Samba+CUPS via WinXP
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 d.arun321 wrote: > Thanks Jerry -- for your assistance. > > The solution was precise but i am facing > an authentication issue. When I use the "use > security = user" in the smb.conf then its promoting > for a username and password. > > Is there any way for skipping this check. I'd suggest reading up on Samba configuration a little bit more. Look how details on how to setup a guest accessible server using 'map to guest' and 'username map' cheers, jerry = Samba--- http://www.samba.org Centeris --- http://www.centeris.com "What man is a man who does not make the world better?" --Balian -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.2 (GNU/Linux) Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org iD8DBQFEn7vuIR7qMdg1EfYRAvl5AKCCHbFFPgc3u1YBTKZ28W1mk/E4/gCfaM+w 1M7aQwUsKaHTjIoEiLKj5RM= =7iaV -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Samba and Windows 2003 interdomain trust
Hi all, I must establish a domain trust between a Samba and Windows 2003 domain. I'm using Samba 3.0.21b with LDAP backend (no Winbind, no kerberos). The domains are in differrent networks and between are some firewalls (ports and services are already configured). The first task for me is to configure Samba to trust the AD domain. What are the steps? Must both servers use the same Wins server, and is it possible for Samba to be a Wins server by itself and also using the option wins server = x.x.x.x ? Please if you have any ideas, ... Regards, -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Samba 3.0.22: share be r/w for LDAP-authenticated users, r/o for anonymous
hi, some hints: - unauthenticated can be treated as guests (map to guest =, read list = ) - there´re several threads about plaintext password support and samba v3 you should try to play with encrypt passwords = no and may be pam (obey pam restrictions = yes) just my 2 cents greez Ralf G. R. Bergs wrote: Hi there, we need to implement the following scenario: - Samba server 3.0.22 (NOT acting as a domain controller; we don't use Windows networking domains) - users use Linux and Windoze - anonymous users accessing a certain share should be granted read-only access - successfully authenticated users should be given read-write access - authentication should be performed against an LDAP that contains entries like this: dn: cn=rb,dc=intra,dc=ourdom,dc=de objectClass: top objectClass: person objectClass: organizationalPerson objectClass: jabberuser jid: [EMAIL PROTECTED] o: ourcompany cn: rb sn: Bergs givenName: Ralf telephoneNumber: +49xxx mobile: +49 userPassword: secret roomNumber: 4711 The "userPassword" key contains the password that is to be checked, the "cn" key the username for the respective user. Can this be accomplished? Is there anyone who would like to share some config snippets with me? I did some search on Google and found something pertaining to Samba 2.x, but this doesn't work anymore since LDAP support seems to have changed much since then. Thanks for any help you can give. Cheers, Ralf -- Michael Gasch Max Planck Institute for Evolutionary Anthropology Department of Human Evolution (IT Staff) Deutscher Platz 6 D-04103 Leipzig Germany Phone: 49 (0)341 - 3550 137 49 (0)341 - 3550 374 Fax: 49 (0)341 - 3550 399 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Fwd: [Fwd: Re: [Samba] : Win XP Client does not remove directories]]
Hi @all, Can someone please just confirm me, that Samba doesn't remove a directory in case of a "SET_FILE_INFO"-Request for this directory? The following abstract is out of an Ethereal-Log and shows a SET-FILE-INFO-Request for a directory: No. TimeSourceDestination Protocol Info 176 0.977041172.20.6.213 172.20.6.252 SMB Trans2 Request, SET_FILE_INFO, FID: 0x36c5 ... Transmission Control Protocol, Src Port: 1031 (1031), Dst Port: microsoft-ds (445), Seq: 6818, Ack: 25271, Len: 81 NetBIOS Session Service SMB (Server Message Block Protocol) SMB Header ... Trans2 Request (0x32) Word Count (WCT): 15 Total Parameter Count: 6 Total Data Count: 1 Max Parameter Count: 2 Max Data Count: 0 Max Setup Count: 0 Reserved: 00 Flags: 0x Timeout: Return immediately (0) Reserved: Parameter Count: 6 Parameter Offset: 68 Data Count: 1 Data Offset: 76 Setup Count: 1 Reserved: 00 Subcommand: SET_FILE_INFO (0x0008) Byte Count (BCC): 12 Padding: 00 SET_FILE_INFO Parameters FID: 0x36c5 Level of Interest: Set Disposition Information (1013) Reserved: Padding: SET_FILE_INFO Data ...1 = Delete on close: DELETE this file when closed Thanks in advance, Björn Mayer Original-Nachricht Betreff: [Fwd: Re: [Samba] : Win XP Client does not remove directories] Datum: Tue, 13 Jun 2006 10:00:38 +0200 Von: Björn Mayer <[EMAIL PROTECTED]> An: samba@lists.samba.org Hello Mailinglist, I still have the problem, which is described in my first and second post with this topic, that i sometimes can't delete directories on the Samba-Server from WinXP machines. I can't send my Ethereal-Logs to the list, but i send them to Jeremy, who never answered me anyway. If anyone can help me or would like to see the Ethereal-Logs, with the fact, that Windows sometimes (in faultcase) sends an other request ("SET_FILE_INFO") to delete a directory and this request does not work with Samba, just write back and I'll send you the files. By the way: The normal request seems to be "Delete Directory Request (0x01)". As I already said, I don't know, why Windows starts behaving like that irregulary and after one restart often everything is fine again, but I can say, that in the faultcase, where Win sends the different request, it is not possible to remove folders from Samba-Shares but still possible to remove folders from Win-Shares. (That's why i don't post it to Win-Bugzilla ;) ) Thanks in advance, Björn Mayer Original-Nachricht Betreff: Re: [Samba] : Win XP Client does not remove directories Datum: Fri, 05 May 2006 09:37:05 +0200 Von: Björn Mayer <[EMAIL PROTECTED]> An: samba@lists.samba.org Referenzen: <[EMAIL PROTECTED]> <[EMAIL PROTECTED]> <[EMAIL PROTECTED]> 1. here are the ethereal-files. I think the names are kind of self-explanatory, but anyway i will explain it shortly: The following files were recorded from a Windows-XP-Client, who was not able to delete a directory on the Samba-Share on the Server 172.20.6.252: 060502_wrong_working_pc.log bad_pc_with_a_file_in_the_directory.log In the second log i additionaly put a file into the directory, which should be removed. The following file was recorded from a Windows-XP-Client, who was able to delete a directory on the Samba-Share on the Server 172.20.6.252: 060502_correct_working_pc.log I additionaly made a new file today, which is recorded from a "not working" windows client accessing a Test-"Windows Share", where directory removing still worked well. infected_pc_accessing_windows_share.log 2. Jeremy Allison wrote: > What does this error mean ? "Datei oder Verzeichnis > nicht gefunden". That's the strerror output string when > the remove_directory call fails. In english this means "File or Directory not found." 3. Mark Johnson wrote: >I had a problem very similiar to this with roaming profiles. The >cause came down to the client and the servers time was not sync'd up. >I never figured out how far off it needed to be before it broke it, but >once I sync'd the time, I've never had a problem with the directories >since. First of all, there are no roaming profiles here, but nevertheless i gave it a try, but this didn't help. Today i have a new client, who behaves like that, but for example my own PC never showed this behaviour and believe me in the last days i tried very much to delete directories ;). By the way: I have found some other users in the net, who seem to have a similar problem. (German) http://linuxforum.linux-foren.de/linuxforum/viewtopic.php?p=4154 (English)
Re: [Samba] change ldap passwd
or "net rpc password ..." greez Logan Shaw wrote: On Wed, 21 Jun 2006, Craig Jackson wrote: I have what I believe to be a working samba installation using ldap as the back end. The set up is workgroup only -- no domain. Can someone tell me how root might change a user's samba password at the command prompt? I read pdbedit man page and saw nothing about changing passwords. Thanks. # smbpasswd joebob - Logan -- Michael Gasch Max Planck Institute for Evolutionary Anthropology Department of Human Evolution (IT Staff) Deutscher Platz 6 D-04103 Leipzig Germany Phone: 49 (0)341 - 3550 137 49 (0)341 - 3550 374 Fax: 49 (0)341 - 3550 399 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Sarge, Roaming Profiles Error
Hi all, Runing Samba 3.0.14a-3sarge1 PDC, using an LDAP backend Problem is I cant seem to load Roaming Profiles, as it gives the following error "Windows did not load your roaming profile and is attempting to log you on with your local profile. Changes to the profile will not be copied to the server when you logoff. Windows did not load your profile because a server copy of the profile folder already exists that does not have the correct security. Either the current user or the Administrator's group must be the owner of the folder. Contact your network administrator. " Here is my profiles share conf ---> Snip [profiles] path = /home/profiles read only = no create mask = 0600 directory mask = 0700 browseable = No guest ok = no profile acls = yes csc policy = disable # next line is a great way to secure the profiles force user = %U # next line allows administrator to access all profiles valid users = %U "Domain Admins" -> Snip Google suggested to "Do not check for user ownership of Roaming Profile Folders at Computer Configuration / Administrative Templates / System / User Profiles" but this is a client thing and at 200 workstations its tiring just to think about it Any solutions, Thanks, Wisu -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Problem with "hide unreadable" option
Hello, it seems that the "hide unreadable = yes" option prevents a Windows client from deleting or renaming files when using wildcards. Only the first ~150 files get processed. If "hide unreadable" is not used all files get removed or renamed. Kind regards, Andreas Octav Consultant anykey GmbH Koenigswinterer Strasse 418 D-53227 Bonn http://www.anykey.de -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] samba 3.0.20 + squid 2.5 : automatic logon with internet explorer
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Rodolphe A. schrieb: > hello, > > samba is setup PDC with ldap > > client : windows xp pro sp2 > server : samba 3.0.20 + openldap 2.2 + squid 2.5stable14 + squidGuard > > is it possible to create an automatic logon with internet explorer ? > > perhaps with ntlm_auth, but i can't find the good sentence. > > > thanks. > > > > Hi, i ve did right this and i works now perfekt for nearly a year. But you have many choises to realize this. The setup which will include all possible features with a smb pdc ( with ldap )is like this. If you use firefox or ie with the automatic search proxy setting the search to files like proxy.dat , proxy.pac wpad.dat on a webserver on the gateway of the lokal network, these files held the data which where the browser will find the proxy. Additional you hav to have entries in you internal dns like wpad.tcpSRV 0 0 80 wpad wpadA 192.168.110.1 TXT "service: wpad:!http://intranet.gundk.intern:80/proxy.pac"; and on the internal dhcp server like this option wpad code 252 = text; option wpad "http://192.168.110.1/proxy.pac\n";; you can find faqs an doku about this on the squid side. I have implemented different groups in the win domain like wwwuser , which can join the internet via proxy , and a group filteroveride to join directly www without using squidguard ( for admins etc ). So you can manage the groups out from usrmgr. so i have entries like this in squid.conf # user group which are allowed to access the internet in general auth_param ntlm program /usr/bin/ntlm_auth - --helper-protocol=squid-2.5-ntlmssp - --require-membership-of=S-1-5-21-3962140368-478742891-1658383817-3001 auth_param basic program /usr/bin/ntlm_auth - --helper-protocol=squid-2.5-basic - --require-membership-of=S-1-5-21-3962140368-478742891-1658383817-3001 auth_param basic children 5 # auth_param ntlm use_ntlm_negotiate on # auth_param ntlm max_challenge_reuses 0 auth_param ntlm max_challenge_lifetime 15 minutes auth_param basic realm Squid proxy-caching web server auth_param basic credentialsttl 2 hours acl user proxy_auth REQUIRED http_access allow user #pam auth agains a system group works here too (nss_ldap), we use it to overide the redirector vor vips external_acl_type unix_group %LOGIN /usr/sbin/squid_unix_group -g wwwdirect acl direct external unix_group wwwdirect redirector_access deny direct always_direct allow direct http_access allow direct as you see i used the sid of the nt groups , cause their names didint work, to overide the squidgauard i use a system group which is tha same as a nt group cause there is mapping over nss_ldap ( other setups may be better but this works ) the i configured winbind to use the lokal smb pdc ( just join your own domain )...im not sure why i did this but i think it was a must with squid , squid must run with a user that is able to join the winbind socket ( see squid, samba doku ) After all you need a few iptables rules to forbid bypass the proxy. note you cant use squid auth with a transparent proxy squid setup! But if you dont need auth and the group stuff a setup with a squid transparent proxy and iptables is much more easy to implement automatic filtering ( see squid faqs how to do this ), if you do so you can only manage things with the source ip of the client computer , but not by user name or group auth. ( dont copy and paste this , read the faqs ) Best Regards - -- Mit freundlichen Gruessen Best Regards Robert Schetterer robert_at_schetterer_dot_org Munich / Bavaria / Germany https://www.schetterer.org https://www.schetterer.com/public-gpg-robert-schetterer.key -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.3 (MingW32) iD8DBQFEn6DeNxddAhXBw7QRAg3UAJ4rvf4cloRykMkbpWoyfEK+EEeRkQCfQB+s kf/FSvVp4RbIfgdY6pj1Hmw= =RYf+ -END PGP SIGNATURE- -- Diese Nachricht wurde auf Viren und andere gefährliche Inhalte untersucht und ist - aktuelle Virenscanner vorausgesetzt - sauber. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Samba WINS Questions
Hi, I'm using Samba 3.0.21c with PDC and severals BDC in different subnets. I'm triing to use Wins servers on all the BDC servers and on the PDC. The problems occurs in the network browsing. I'm able to see all computers with the PDC on the different subnets but I just can see local servers in the network neighborhood on BDC When starting BDC i've got the "unable to find the domain master" message log error. I've tried the remote annouce and remote browse sync option without success. The Samba's docs show how to configure DMB and LMB with domain master option. Is it possible to get DMB from different machine than the PDC ? When putting Domain master = no the server is automatically BDC in the network. I've configured PDC and then while see the log.nmbd i can see that PDC goes first as the domain master and after few secondes came with Local master. Is it normal ? The PDC runs with Os level = 255 and BDC with 248. Local master option is yes on all servers. Remote announce and remote brose sync are options to synchronize LMB with others LMB, and not DMB is it right ? How to synchronize all Wins server (PDC to all BDC) on different subnets when I want to go with one wins server per site and is it possible ? I understand now that wins is using to pass routers when triing to send netbios informations between subnets, and i'm afraid that PDC and BDC can't communicate both without configuring one wins server option on one server and wins client on the others servers ??? Thanks for help Vincent -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: Re: [Samba] Unable to cancel print-jobs with Samba+CUPS via WinXP
Thanks Jerry -- for your assistance. The solution was precise but i am facing an auhentication issue. When I use the "use security = user" in the smb.conf then its promting for a username and password. Is there any way for skipping this check. "Gerald (Jerry) Carter" wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 d.arun321 wrote: > I am able to get print-outs and also able to Cancel, Pause > and Resume the print-jobs but only when I issue them via > a Win-2K client. > > If I try to manage the printing via Win-XP, I am able to only > give a print-command . The Cancel, Pause, Resume nothing > are working. ... > > The following is a part of the smb.conf configuration file: > > // > printcap name = cups > load printers = yes > printing = cups > > log file = /var/log/samba/log.%m > max log size = 50 > > security = share use security = user. > > [printers] > comment = Printers > path = /var/spool/samba > public = yes > use client driver = yes ^^^ Better not to set this if you want to manage print queues from windows clients. cheers, jerry = Samba --- http://www.samba.org Centeris --- http://www.centeris.com "What man is a man who does not make the world better?" --Balian -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.2 (GNU/Linux) Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org iD8DBQFEma4sIR7qMdg1EfYRApvdAJ9Q7Gse7Im8HtNilD44YXlA2LHR6ACgkxa/ 2vq7lb6jUC5/1iDYDf9AcAY= =iM8l -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] samba 3.0.20 + squid 2.5 : automatic logon with internet explorer
hello, samba is setup PDC with ldap client : windows xp pro sp2 server : samba 3.0.20 + openldap 2.2 + squid 2.5stable14 + squidGuard is it possible to create an automatic logon with internet explorer ? perhaps with ntlm_auth, but i can't find the good sentence. thanks. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba