Re: [Samba] Missing 'smbmount' on Ubuntu?

[Adam Williams]

i know on fedora core 5 you use mount -t cifs "\\server\share" 
/mnt/point -o username=validuser


not sure about what kubuntu has but you should try that.

Larry Alkoff wrote:

I have just started running Kubuntu Badger version 6.06.
Although Samba seems to be installed, there is no smbmount program.

What would I use to mount a samba share?
Plain old 'mount -t smbfs'?

Larry


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Open files

[Jack Gostl]

I've attached the file. I'm past my testing window, so I'm not going to be 
able to test against 3.023 final for a few days. Meanwhile, I'm going to 
focust on getting it compiled on my AIX 5.3 system so that the testing is 
less traumatic.


I understand about priorities. Get to this when you can.

Jack

- Original Message - 
From: "Jeremy Allison" <[EMAIL PROTECTED]>

To: "Jack Gostl" <[EMAIL PROTECTED]>
Cc: "Jeremy Allison" <[EMAIL PROTECTED]>; "Samba" 
Sent: Friday, July 14, 2006 12:44 PM
Subject: Re: [Samba] Open files



On Fri, Jul 14, 2006 at 12:20:57PM -0400, Jack Gostl wrote:

I now have a coherent test. Run on 3.023rc3, with the failure, with debug
10. May I send it to you? Its about 85kb compressed (via Unix compress).


Please test 3.0.23 final. You can send it to me but I might not
get to it for a while. I have quite a few other things to work
on.

Jeremy.

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Cross-Subnet Browsing Problem

[Todd Pytel]

Edmundo,

Edmundo Valle Neto wrote:

   I already used samba in network with more than one segment and never 
needed any "remote ..." option too, it worked even through a VPN. The 
samba books says to use that options when more than one WINS server are 
used, for example. Using the same WINS server in both networks, the name 
registration is already made in unicast, and it should pass through a 
router.


Right, this is just one WINS server, so it should "just work". Like I 
said, I know I had it all working at one point without the remote 
options, and I don't think the network topology was significantly 
different back then.


   Have you looked inside wins.dat and browse.dat on the samba server to 
see if is everything there? You said that you have already tested with 
nblookup (maybe looking there doesnt make sense then), but I think its 
easyer to see what your WINS server has to offer, what are the available 
resources and if theres any name that shouldnt be registered there that 
way.


browse.dat shows only the server, not the desktop - which is the 
problem, the browse lists aren't syncing...


"SOPHROSUNE"  c0001000  "ARISTOTLE"  "SOPHROSUNE"
"ARISTOTLE"   400d9b0b  "Server" "SOPHROSUNE"

wins.dat shows...

"__MSBROWSE__#01" 1153237621 255.255.255.255 e4R
"ARISTOTLE#00" 1153196794 172.16.0.1 66R
"ARISTOTLE#03" 1153196794 172.16.0.1 66R
"ARISTOTLE#20" 1153196794 172.16.0.1 66R
"SOPHROSUNE#00" 1153237621 255.255.255.255 e4R
"SOPHROSUNE#1b" 1153196794 172.16.0.1 64R
"SOPHROSUNE#1c" 1153196794 172.16.0.1 e4R
"SOPHROSUNE#1e" 1153237621 255.255.255.255 e4R
"TIMAEUS#00" 1153237621 192.168.0.1 64R
"TIMAEUS#20" 1153237621 192.168.0.1 64R

Which shows at least that timaeus is properly registered. I can never 
keep the meanings of the other bits straight...


nbtstat -r, on the client shows that the names are really beeing 
resolved by the name server (WINS)?


nbtstat -r shows 0 names resolved/registered by broadcast, 2 names 
resolved by the name server, and 6 names registered by the name server.


Sure looks like everything should work, doesn't it? :)

--Todd



--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Cross-Subnet Browsing Problem

[Edmundo Valle Neto]

Todd.

   I already used samba in network with more than one segment and never 
needed any "remote ..." option too, it worked even through a VPN. The 
samba books says to use that options when more than one WINS server are 
used, for example. Using the same WINS server in both networks, the name 
registration is already made in unicast, and it should pass through a 
router.
   Have you looked inside wins.dat and browse.dat on the samba server 
to see if is everything there? You said that you have already tested 
with nblookup (maybe looking there doesnt make sense then), but I think 
its easyer to see what your WINS server has to offer, what are the 
available resources and if theres any name that shouldnt be registered 
there that way.
   nbtstat -r, on the client shows that the names are really beeing 
resolved by the name server (WINS)?


Regards.

Edmundo Valle Neto
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Cross-Subnet Browsing Problem

[Todd Pytel]

Anthony Messina wrote:

Todd Pytel wrote:

Yeah, the WINS server (which is just the single Samba server) is named
in the DHCP options, so the Windows desktops are set up for it
automatically. Again, all the name resolution works fine - the desktop
can successfully view \\aristotle\username and do nblookups.

Any other ideas?


is your windows computer set up to be a part of the "SOPHROSUNE" domain
or workgroup?  what i mean is, if the workgroup/domain is typo-d, then
the windows computer will only see it's own workgroup.


The workgroup is entered correctly on both the desktop and the server.

--Todd

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] PATCH: Binding to a local IP address when mounting smb file system.

[Ben Greear]

Ben Greear wrote:

I have completed the first draft of the patch to allow binding to
local addresses.  Many of the binaries do not fully support this
option since I did not know a clean way to get the config info to them,
didn't think it was really required for my needs.  As far as I can tell,
the libraries are well supported, so the applications can have support
added as needed.  smbmount and a few others *do* support the new options,
and I have tested that smbmount works as I had hoped.

The attached patch enables this behaviour:


Seems my patch was too big for the list.  Instead, please find it here:
http://www.candelatech.com/oss/samba_local_bind2.patch



SMB client machine:
eth0 IP:  172.2.2.230  netmask 255.255.255.0
eth1 IP:  172.2.2.231  netmask 255.255.255.0
eth2 IP:  173.2.2.232  netmask 255.255.255.0
...

local mount dirs:
/mnt/smb1
/mnt/smb2
/mnt/smb3


SMB server is exporting share 'samba'

I want to stress the SMB server as if many SMB clients are connecting.
I can make arbitrarily many of the (virtual) interfaces on the client,
but when mounting the SMB server, I want each mount point to use a specific
interface and local IP.

With my patch applied, I can bind the smbmount process to a particular
local IP and device:

smbmount //172.2.2.2/samba /mnt/smb2 -o 
local_dev=eth1,local_ip=173.2.2.231,username=lanforge,password=lanforge
smbmount //172.2.2.2/samba /mnt/smb3 -o 
local_dev=eth2,local_ip=173.2.2.232,username=lanforge,password=lanforge
...

As far as I can tell, the server treats each of the mounts as separate 
entities, accomplishing my goal.


I would like to see this patch included in the official samba code, and 
would like your feedback on any changes needed to make that happen.


I already know that I need to get rid of some of the debugging 'printf' 
statements, and will do that when the rest of the issues have been addressed.


Thanks,
Ben




--
Ben Greear <[EMAIL PROTECTED]>
Candela Technologies Inc  http://www.candelatech.com

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Cross-Subnet Browsing Problem

[Anthony Messina]

Todd Pytel wrote:
> Yeah, the WINS server (which is just the single Samba server) is named
> in the DHCP options, so the Windows desktops are set up for it
> automatically. Again, all the name resolution works fine - the desktop
> can successfully view \\aristotle\username and do nblookups.
> 
> Any other ideas?

is your windows computer set up to be a part of the "SOPHROSUNE" domain
or workgroup?  what i mean is, if the workgroup/domain is typo-d, then
the windows computer will only see it's own workgroup.

-- 
Anthony
http://messinet.com
http://messinet.com/~amessina/gallery
8F89 5E72 8DF0 BCF0 10BE 9967 92DC 35DC B001 4A4E



signature.asc
Description: OpenPGP digital signature
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Cross-Subnet Browsing Problem

[Todd Pytel]

Craig White wrote:

> you probably don't need that option if the clients know where to find
> the WINS servers (probably can set multiple WINS servers in DHCP
> configuration)

Yeah, the WINS server (which is just the single Samba server) is named 
in the DHCP options, so the Windows desktops are set up for it 
automatically. Again, all the name resolution works fine - the desktop 
can successfully view \\aristotle\username and do nblookups.


Any other ideas?

--Todd

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Cross-Subnet Browsing Problem

[Craig White]

On Fri, 2006-07-14 at 20:17 -0500, Todd Pytel wrote:
> Craig White wrote:
> 
> > I believe what you want is 'remote announce' - you can get a good
> > definition of it's usage in the man page for smb.conf
> 
> I've tried that as well (using remote announce = 192.168.0.255), but it 
> didn't seem to make any difference. That might be a routing issue - I 
> didn't thoroughly check whether the machine doing the routing will pass 
> broadcasts like that. But in any event, my understanding is that the 
> "remote" options were basically dirty hacks that shouldn't be necessary 
> anyway. I know that in the past when I've had this working I didn't need 
> to use them.

you probably don't need that option if the clients know where to find
the WINS servers (probably can set multiple WINS servers in DHCP
configuration) 

Craig

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Cross-Subnet Browsing Problem

[Todd Pytel]

Craig White wrote:


I believe what you want is 'remote announce' - you can get a good
definition of it's usage in the man page for smb.conf


I've tried that as well (using remote announce = 192.168.0.255), but it 
didn't seem to make any difference. That might be a routing issue - I 
didn't thoroughly check whether the machine doing the routing will pass 
broadcasts like that. But in any event, my understanding is that the 
"remote" options were basically dirty hacks that shouldn't be necessary 
anyway. I know that in the past when I've had this working I didn't need 
to use them.


--Todd


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Cross-Subnet Browsing Problem

[Craig White]

Hi

On Fri, 2006-07-14 at 19:42 -0500, Todd Pytel wrote:
> Hi all,
> 
> I've had cross-subnet browsing working in Samba in the past, though I 
> tend to struggle with it each time I set it up. For whatever reason, I 
> can't seem to get things working this time.
> 
> Summary: Only my desktop, not the file server, shows up in the desktop's 
> Network Neighborhood. (I have left the machines running for several 
> hours, in case there's a time-to-sync issue involved.)
> 
> Details: The Samba server (ARISTOTLE) is in the 172.16.0.x subnet and my 
> XP desktop (TIMAEUS) is in 192.168.0.x. There is no NAT or firewall 
> running in between the subnets. Aristotle acts as a WINS server and is 
> recognized as such in Timaeus' ipconfig output. Name lookups work fine, 
> as verified by MS's nblookup tool. Also, I can browse shares on 
> Aristotle using \\aristotle, so the problem is just that the server 
> doesn't register for browsing.
> 
> I ran a capture using ethereal, and everything in there looks OK. The 
> desktop boots up and registers its name with WINS on the server. Shortly 
> thereafter, the desktop looks up the DMB against WINS (which is the 
> server - it's the only one on the network), and sends it a "Backup List 
> Request" to which the server sends a "Backup List Response" naming 
> itself as the backup server. And that's it. Now, from what I can tell 
> from reading the SMB protocol specs, the desktop is supposed to contact 
> the named backup server in order to sync up its browse list. But that 
> doesn't happen - there's nothing else in the packet capture, and no 
> errors anywhere in the level 3 Samba logs or in the desktop's event 
> logs. So it seems like everything works except for the very last step. 
> Any idea what's going on?
> 
> What I'm guessing to be the relevant parts of smb.conf follow. If I can 
> provide any more info, let me know.
> 
> Thanks,
> Todd
> 
> smb.conf:
> 
> workgroup = SOPHROSUNE
> server string = File/Print Server
> security = user
> 
> guest account = guest
> (this account exists on the server)
> local master = yes
> os level = 99
> domain master = yes
> preferred master = yes
> 
> domain logons = yes
> (last time I set this up, this seemed to be needed for cross-subnet 
> browsing, but I don't really know. Something about IPC$ connections?)
> 
> wins support = yes
> 
> [homes]
>  comment = Home Directories
>  browseable = no
>  writable = yes
>  valid users = %S
>  hosts allow = 192.168.0.
>  hosts deny = 127.0.0.1
> 
> [netlogon]
>  comment = Network Logon Service
>  path = /usr/local/lib/samba/netlogon
>  guest ok = yes
>  writable = no
>  share modes = no
> (Like domain logons, prior experiments seemed to show that this was 
> needed, but I don't really know.)

I believe what you want is 'remote announce' - you can get a good
definition of it's usage in the man page for smb.conf

Craig

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Cross-Subnet Browsing Problem

[Todd Pytel]

Hi all,

I've had cross-subnet browsing working in Samba in the past, though I 
tend to struggle with it each time I set it up. For whatever reason, I 
can't seem to get things working this time.


Summary: Only my desktop, not the file server, shows up in the desktop's 
Network Neighborhood. (I have left the machines running for several 
hours, in case there's a time-to-sync issue involved.)


Details: The Samba server (ARISTOTLE) is in the 172.16.0.x subnet and my 
XP desktop (TIMAEUS) is in 192.168.0.x. There is no NAT or firewall 
running in between the subnets. Aristotle acts as a WINS server and is 
recognized as such in Timaeus' ipconfig output. Name lookups work fine, 
as verified by MS's nblookup tool. Also, I can browse shares on 
Aristotle using \\aristotle, so the problem is just that the server 
doesn't register for browsing.


I ran a capture using ethereal, and everything in there looks OK. The 
desktop boots up and registers its name with WINS on the server. Shortly 
thereafter, the desktop looks up the DMB against WINS (which is the 
server - it's the only one on the network), and sends it a "Backup List 
Request" to which the server sends a "Backup List Response" naming 
itself as the backup server. And that's it. Now, from what I can tell 
from reading the SMB protocol specs, the desktop is supposed to contact 
the named backup server in order to sync up its browse list. But that 
doesn't happen - there's nothing else in the packet capture, and no 
errors anywhere in the level 3 Samba logs or in the desktop's event 
logs. So it seems like everything works except for the very last step. 
Any idea what's going on?


What I'm guessing to be the relevant parts of smb.conf follow. If I can 
provide any more info, let me know.


Thanks,
Todd

smb.conf:

workgroup = SOPHROSUNE
server string = File/Print Server
security = user

guest account = guest
(this account exists on the server)
local master = yes
os level = 99
domain master = yes
preferred master = yes

domain logons = yes
(last time I set this up, this seemed to be needed for cross-subnet 
browsing, but I don't really know. Something about IPC$ connections?)


wins support = yes

[homes]
comment = Home Directories
browseable = no
writable = yes
valid users = %S
hosts allow = 192.168.0.
hosts deny = 127.0.0.1

[netlogon]
comment = Network Logon Service
path = /usr/local/lib/samba/netlogon
guest ok = yes
writable = no
share modes = no
(Like domain logons, prior experiments seemed to show that this was 
needed, but I don't really know.)


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Group Permission issue via winbindd?

[Doug Sampson]

Users are having trouble accessing Samba shares via winbindd in a NT domain.
If the 'valid users' parameter for a share contained the user name for
example as follows:

   valid users = DSP-John 

Then John who is a member of the DSP domain can access the share. If John is
a member of a domain group called DSP-production, and the 'valid users'
parameter is as follows:

   valid users = DSP-production

He cannot access the share. I have tried this parameter with and without the
'@' sign to no avail.

This occurred after upgrading to 3.0.23 from 3.0.22 on a FreeBSD 6.1 server.
This also occurs on another FreeBSD 5.4 server. Both are role server members
bouncing user authentications off WinNT PDC/BDCs.

I fixed the old nss_winbind.so library issue which got rid of some errors
but I still am faced with the issue of group authentication. 'wbinfo -u' and
'wbinfo -g' reports information correctly. 'id DSP-John' appears to provide
domain user information for that user including group membership.

/var/log/messages reports the following error:
Jul 14 15:57:00 aries winbindd[2705]: [2006/07/14 15:57:00, 0]
rpc_client/cli_pipe.c:cli_rpc_pipe_open_ntlmssp_internal(2356)
Jul 14 15:57:00 aries winbindd[2705]:   cli_rpc_pipe_open_ntlmssp_internal:
cli_rpc_pipe_bind failed with error NT_STATUS_NETWORK_ACCESS_DENIED

There is some information related to handling groups in the Release Notes
for Samba 3.0.23. Am I being affected by that?

~Doug
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Binding to a local IP address when mounting smb file system.

[Ben Greear]

I have completed the first draft of the patch to allow binding to
local addresses.  Many of the binaries do not fully support this
option since I did not know a clean way to get the config info to them,
didn't think it was really required for my needs.  As far as I can tell,
the libraries are well supported, so the applications can have support
added as needed.  smbmount and a few others *do* support the new options,
and I have tested that smbmount works as I had hoped.

The attached patch enables this behaviour:

SMB client machine:
eth0 IP:  172.2.2.230  netmask 255.255.255.0
eth1 IP:  172.2.2.231  netmask 255.255.255.0
eth2 IP:  173.2.2.232  netmask 255.255.255.0
...

local mount dirs:
/mnt/smb1
/mnt/smb2
/mnt/smb3


SMB server is exporting share 'samba'

I want to stress the SMB server as if many SMB clients are connecting.
I can make arbitrarily many of the (virtual) interfaces on the client,
but when mounting the SMB server, I want each mount point to use a specific
interface and local IP.

With my patch applied, I can bind the smbmount process to a particular
local IP and device:

smbmount //172.2.2.2/samba /mnt/smb2 -o 
local_dev=eth1,local_ip=173.2.2.231,username=lanforge,password=lanforge
smbmount //172.2.2.2/samba /mnt/smb3 -o 
local_dev=eth2,local_ip=173.2.2.232,username=lanforge,password=lanforge
...

As far as I can tell, the server treats each of the mounts as separate entities,
accomplishing my goal.

I would like to see this patch included in the official samba code, and would
like your feedback on any changes needed to make that happen.

I already know that I need to get rid of some of the debugging 'printf' 
statements,
and will do that when the rest of the issues have been addressed.

Thanks,
Ben


--
Ben Greear <[EMAIL PROTECTED]>
Candela Technologies Inc  http://www.candelatech.com

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Missing 'smbmount' on Ubuntu?

[Felipe Alfaro Solana]

What would I use to mount a samba share?
Plain old 'mount -t smbfs'?


mount -t cifs //server/share /mount/point 
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] testing a 2000 queues print server with smbtorture

[Bruno Gomes Pessanha]

Hi everyone,

I'm very interested in samba testing subject. Because I need to plan a
samba/cups/linux 2000 queues print server migration from W2K. But before that, I
wanted to generate the service load before listen users claiming the server is
running under a low performance. Somebody knows a good test set to simulate
printing share connections from clients in my print server using smbtorture? I
don't know how to start... I didn't find any good source of information on how
to test a samba server with smbtorture. Somebody knows any reference to suggest?

Thanks in advance,

Bruno Gomes Pessanha

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Re: Setting ACLs fail

[Stefan Tietze]

Hello,

Sven Strickroth  gym-oha.de> wrote:

> when I try to Left-Click-Properties on any file or directory on my
> samba-server (named fileserver, my PDC) and select the "security"-tab, all
> acls are listed as before the upgrade from 3.0.21b to 3.0.23, but when I
> click on "Add" I get the following error:
> 'The program cannot open the required dialog box
> because it because it cannot determine whether the compter named
> "FILESERVER" is joined to the domain.' followed by 'Unable to
> display the user selection dialog. The system cannot find message text for
> message number 0x%1 in the message file for %2'.

I've got the same problem. I'm unable to set ACLs on my Samba-Server, too.

After downgrading it worked again, but it's not a real soloution to me.
I don't believe it is a real windows bug, though it works with 3.0.21b.
It would be great if you fix it.

Regards,
Stefan 

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] PDC Question For Windows Clients

[Barry L. Kline]

zdennis wrote:
> My windows xp clients do not have the groups Domain Users, Domain Groups, 
> Domain Admins, etc... Are they supposed to have those
> groups?
> 
> My windows xp laptop has joined my domain, but I cannot login (even though my 
> LDAP backend is getting queried successfully). I do
> not know if this might be a cause of the problem.
> 
> After joining a domain, should my windows clients have the Domain * groups on 
> the machine, or no ? Thanks,


What does the command:

net groupmap list

produce on your PDC?
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] PDC Question For Windows Clients

[zdennis]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Barry L. Kline wrote:
> zdennis wrote:
> 
>>My windows xp clients do not have the groups Domain Users, Domain Groups, 
>>Domain Admins, etc... Are they supposed to have those
>>groups?
>>
>>My windows xp laptop has joined my domain, but I cannot login (even though my 
>>LDAP backend is getting queried successfully). I do
>>not know if this might be a cause of the problem.
>>
>>After joining a domain, should my windows clients have the Domain * groups on 
>>the machine, or no ? Thanks,
> 
> 
> 
> What does the command:
> 
> net groupmap list
> 
> produce on your PDC?


Domain Admins (S-1-5-21-3040749549-2843134544-1782940832-512) -> Domain Admins
Domain Users (S-1-5-21-3040749549-2843134544-1782940832-513) -> Domain Users
Domain Guests (S-1-5-21-3040749549-2843134544-1782940832-514) -> Domain Guests
Domain Computers (S-1-5-21-3040749549-2843134544-1782940832-515) -> Domain 
Computers
Administrators (S-1-5-32-544) -> Administrators
Account Operators (S-1-5-32-548) -> Account Operators
Print Operators (S-1-5-32-550) -> Print Operators
Backup Operators (S-1-5-32-551) -> Backup Operators
Replicators (S-1-5-32-552) -> Replicators


Zach
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.1 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFEuBCdMyx0fW1d8G0RAt2PAJ0TLrhbzaKVVJCKFk40cKDOib9ymQCggsc6
TNwKoQ9SOfpP8LfizK/mT1A=
=ET0x
-END PGP SIGNATURE-
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Upgrading from NT4 to Server 2003/Active Directory

[Volker Lendecke]

On Fri, Jul 14, 2006 at 02:26:15PM -0400, Sul, Young L wrote:
> 2)   Are there any issues I should be aware of during our upgrade to
> Active Directory? Again, our samba functionality is pretty basic -
> pretty much just UNIX file access for Windows clients. 

One issue I'm aware of is that w2k3 if configured as a DC
requires SMB signing by default. Samba 2.2 does not do it,
and I'm not 100% certain the early Samba 3 versions did it
correctly, recent 3.0 does. This means that your 2.2 servers
will not be able to connect to the DCs anymore.

There are registry settings on the DCs that remove this
requirement, but not everyone is willing to do that.

Volker


pgp51dfeJM48r.pgp
Description: PGP signature
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] PDC Question For Windows Clients

[zdennis]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Dariusz Dwornikowski wrote:
> zdennis wrote:
> 
>>Ok, Here is my samba log. Authentication succeeds but my user still
>>gets "The system could not log you on. Make sure your User
>>name and domain are correct..." Any ideas?
>>
> 
> 
> same problem here..
> 


ping... anyone able to resolve this issue?

Zach
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.1 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFEt/rHMyx0fW1d8G0RAl6wAJ9EqczwpnfQdeWdDTGPf1eTbSiAPwCcCVz/
yUVPlOklnaInRGpmWXcX33A=
=ddRx
-END PGP SIGNATURE-
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Respawn of smbd

[d.arun321]

Hi,

We are using Samba (Tried with both 3.0.22 and 3.0.23) in a Linux
Server and two XP machines are connected to the same.

Some stuff (like Printer Cancel) is not working from one XP (say
PC1) and it is working from the other machine (say PC2).

>From the analysis, it is found that smbd child process for PC1 is
getting exited often and another process for the same PC is getting
created. It is working fine in PC2

Following is the code flow of smbd exit :-


 smbd_process( )  -- This function exits as the failure from 
receive_message_or_smb()
   |-> receive_message_or_smb() 
   --  Returns False
|->  receive_smb()  
  -- Returns False
 |-> receive_smb_raw()  
 -- Returns False
  |-> read_smb_length_return_keepalive()
  --  Returns  -1 
   |-> read_data()  
  -- Returns 0
|-> sys_read()  
  -- Returns 0 (EOF of fd)


Following is the smbd.conf :

[global]
interfaces = eth0
netbios name = abcd
workgroup = ABCD
server string = Abcd
guest account = nobody
guest ok = yes

printcap name = cups
load printers = yes
printing = CUPS

log file = /var/log/samba/log.%m
max log size = 50

security = share
socket options = TCP_NODELAY

local master = no
preferred master = no
wins support = no
wins proxy = no
dns proxy = no
disable spoolss = yes

log level = 5

[printers]
comment = Printers
path = /var/spool/samba
public = yes
use client driver = yes
writable = no
printable = yes
browsable = yes

It will be helpful, if you provide some information on this issue,

Thanks,
ArunSign Up for your FREE eWallet at www.wallet365.com

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Upgrading from NT4 to Server 2003/Active Directory

[Sul, Young L]

Hi!

 

We're in the process of upgrading our old NT4 PDCs to 2003 Server. We
have several UNIX file servers that use Samba so Windows users can
access files store on them. Currently, we've got Samba versions running
from 2.2.7 up to 3. 

 

I've been doing some research on this, but there are some things that
are unclear to me, and I'm hoping someone can answer what I am sure are
some basic questions:

 

1)   Is it a *requirement* to upgrade all Samba servers to version
3, with ADS support compiled in? I ask because in our testing, it seemed
that if the samba server was already part of the Windows domain,
everything worked fine after the upgrade to 2003 Server. Due to
historical/legacy issues, we've had to keep older versions of Samba
around. It would be ideal not to have to upgrade the older servers (at
least in the short term...they certainly will be upgraded in the future)

2)   Are there any issues I should be aware of during our upgrade to
Active Directory? Again, our samba functionality is pretty basic -
pretty much just UNIX file access for Windows clients. 

 

Tia, sorry if these seem like basic questions (now, back to reading
samba docs!)

 

-young

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Re: (Samba) Winbind dies

[Dimitri Yioulos]

On Thursday July 13 2006 12:39 pm, you wrote:
> Dimitri Yioulos wrote:
> > Serious apologies if this has been discussed before,
> > but my search didn't turn up much:
> >
> > I have samba (kept up-to-date with latest) running on
> > several CentOS 3 and 4 boxes as part of a Win2k3
> > domain.  On one particular box,  winbind dies on
> > a regular basis (all the other installations run
> > flawlessly).  A quick restart, and we're good
> > again.  However, as  this is a very active server
> > that is accessed 18 hours a day, 7 days  a week,
> > I'm called at home during those few hours I spend
> > there to restart winbind on this particular machine.
>
> The is the second report of winbindd crash in the krb5 libs.
> The other was an FC5 box.
>
> > INTERNAL ERROR: Signal 6 in pid 23775 (3.0.23)
>
> ...
>
> > Jul 12 18:26:06 norwell winbindd[23775]:   BACKTRACE: 28 stack
> > frames: #0 winbindd(log_stack_trace+0x2d) [0x5f5add]
> > #1  winbindd(smb_panic+0x75) [0x5f5985]
> > #2 winbindd [0x5e10d6]
> > #3 /lib/tls/libc.so.6 [0x1b70d8]
> > #4 /lib/tls/libc.so.6 (abort+0x1d5) [0x1b8705]
> > #5 winbindd [0x61c6d2]
> > #6 winbindd [0x61c955]
> > #7 winbindd(cli_krb5_get_ticket+0x242) [0x61ce32]
> > #8 winbindd(spnego_gen_negTokenTarg+0x62) [0x61e9c2]
>
> We're working on it.  If you could get a backtrace
> including debugging symbols, that would help.
>
>
>
> cheers, jerry

I posted a backtrace (at least, I think it was) of the core dump 
yesterday.  Does that work to troubleshoot this issue?

Dimitri

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Moving homes from PDC server to large fileserver

[David]

Background: 10 windows clients which also boot linux
and solaris.  A samba PDC+LDAP(ver 3.0.22) working on
a server local to the clients(ie on same subnet). 
Recently recieved large Sun fileserver to house all
homes and lab data.  It is hosted in the server room
used by our university(so different subnet).  All user
and nis info is in our ldap server, so autofs is used
on all of our linux and solaris boxes.

Right now all homes are automounted to the Samba PDC
server, so those posix locking errors show up.  I read
about the nis homedir and homedir map options and
installed samba on the fileserver as a domain member. 
I can link directly to it using map network drive in
windows.  But when I log into the windows clients, the
PDC still serves the homes from itself(having them
automounted).  My understanding was that these options
would tell the client to do a smb connect to the
filesever for the home directories.  

Here is the smb.conf of the PDC:
[global]
workgroup = CBI
netbios name = PDC
map to guest = Bad User
encrypt passwords = yes
passdb backend = ldapsam:ldap://xxx.xxx.xxx.xxx
log level = 2
syslog = 0
time server = Yes
deadtime = 10
socket options = TCP_NODELAY SO_RCVBUF=8192
SO_SNDBUF=8192
add user script = /usr/sbin/smbldap-useradd -m '%u'
delete user script = /usr/sbin/smbldap-userdel %u
add group script = /usr/sbin/smbldap-groupadd -p '%g'
delete group script = /usr/sbin/smbldap-group-del
'%g'
add user to group script = /usr/sbin/smbldap-groupmod
-m '%u' '%g'
delete user from group script =
/usr/sbin/smbldap-groupmod -x '%u' '%g'
set primary group script = /usr/sbin/smbldap-usermod
-g '%g' '%u'
add machine script = /usr/sbin/smbldap-useradd -w
'%u'
logon path = \\%L\profiles
logon drive = X:
logon home = \\%L\%U
domain logons = Yes
os level = 64
preferred master = Yes
domain master = Yes
wins support = Yes
ldap admin dn = cn=samba,ou=DSA,dc=xxx,dc=xxx,dc=xxx
ldap group suffix = ou=group
ldap idmap suffix = ou=Idmap
ldap machine suffix = ou=machines
ldap passwd sync = Yes
ldap suffix = dc=xxx,dc=xxx,dc=xxx
ldap ssl = start tls
ldap user suffix = ou=people
##  printer admin = '@Print, Operators'
printing = cups
create mask = 0640
directory mask = 0750
case sensitive = No
dont descend =
/proc,/dev,/etc,/lib,/lost+found,/initrd
nis homedir = yes
homedir map = auto.home

[homes]
comment = Home Directories
path = %p
valid users = %S
read only = No
directory mask = 0700
locking = No

[netlogon]
comment = Network Logon Service
path = /etc/samba/netlogon
guest ok = Yes

[profiles]
path = /home/%u/.profile
valid users = %U, '@Domain, Admins'
force user = %U
read only = No
create mask = 0600
directory mask = 0700
profile acls = Yes
browseable = No
csc policy = disable

And here is the smb.conf of the fileserver:
[global]
interfaces = ce0 127.0.0.1
bind interfaces only = yes
encrypt passwords = yes
workgroup = CBI
security = domain
name resolve order = wins bcast host
deadtime = 5
ldap machine suffix = ou=machines
ldap admin dn =
cn=samba,ou=DSA,dc=xxx,dc=xxx,dc=xxx
preferred master = no
ldap idmap suffix = ou=Idmap
allow trusted domains = yes
netbios name = cajal
lanman auth = YES
ldap group suffix = ou=group
wins support = no
ldap user suffix = ou=people
ldap suffix = dc=xxx,dc=xxx,dc=xxx
ldap passwd sync = Yes
ldap ssl = start tls
wins server = xxx.xxx.xxx.xxx
max smbd processes = 0
server string = cajal
winbind trusted domains only = Yes
os level = 8
passdb backend =
ldapsam:ldap://xxx.xxx.xxx.xxx
socket options = TCP_NODELAY SO_RCVBUF=8192
SO_SNDBUF=8192
#   auth methods = guest winbind
local master = no
domain master = no
use spnego = yes
#   printer admin = @admin, @staff, unknown
ntlm auth = YES
syslog = 0
log level = 0

[homes]
read only = No
valid users = %S
comment = Home Directories
path = /tray1/home/%u

Any ideas?


Physics is like sex: sure, it may give some practical results, but that's not 
why we do it. ~ Richard Feynman

__
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com 
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Missing 'smbmount' on Ubuntu?

[Larry Alkoff]

I have just started running Kubuntu Badger version 6.06.
Although Samba seems to be installed, there is no smbmount program.

What would I use to mount a samba share?
Plain old 'mount -t smbfs'?

Larry
--
Larry Alkoff N2LA - Austin TX
Using Thunderbird on Slackware Linux
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Open files

[Jeremy Allison]

On Fri, Jul 14, 2006 at 12:20:57PM -0400, Jack Gostl wrote:
> I now have a coherent test. Run on 3.023rc3, with the failure, with debug 
> 10. May I send it to you? Its about 85kb compressed (via Unix compress).

Please test 3.0.23 final. You can send it to me but I might not
get to it for a while. I have quite a few other things to work
on.

Jeremy.
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Inkjet printers and samba

[Terry Orgill]

Using shared windows printers (win xp typically) I can ususally printer from a 
linux/unix machine running samba.  Most lasers work.  There is a breed of inket 
printers that will not work though.  You can pause the printer on the windows 
end and you will see the printjob, but it will not print when you resume.  I am 
currently working with a Dell Photo 924.  Any ideas on what it would take to 
make this thing print?
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Open files

[Jack Gostl]

I now have a coherent test. Run on 3.023rc3, with the failure, with debug 
10. May I send it to you? Its about 85kb compressed (via Unix compress).


- Original Message - 
From: "Jeremy Allison" <[EMAIL PROTECTED]>

To: "Jack Gostl" <[EMAIL PROTECTED]>
Cc: "Jeremy Allison" <[EMAIL PROTECTED]>; "Samba" 
Sent: Friday, July 14, 2006 11:45 AM
Subject: Re: [Samba] Open files



On Fri, Jul 14, 2006 at 11:44:00AM -0400, Jack Gostl wrote:


Bingo! That did it. Now I'm sure there is a penalty for this, like two 
PCs

hitting the same file at the same time, right? I'm willing to live with
that for awhile.


Actually no, so long as all the clients are coming in from Windows
everything will work fine. The "posix locking" parameter is used
to make the Windows locks visible to local (or NFS) access.

If all access is via Windows it doesn't cause any problems disabling
it.

Jeremy.



--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Excluding directories from a read-only = yes

[Ed Curtis]

I have a share with thousands of folders. In each of those folders there
is another directory named 'files'. I want to be able to lock down these
thousands of folders but allow r/w access to the 'files' folders inside of
them. Is there anyway to do this in smb.conf?

Thanks,

Ed


-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

RE: [Samba] Fedora packages or Enterprise packages of Samba on RHEL4?

[Don Meyer]

At 05:15 AM 7/14/2006, Alex de Vaal wrote:

> b) The smbd and nmbd services run fine under the standard RHEL4
> selinux-policy-targeted ruleset.   However, winbindd rules aren't in
> this set, and will fail if SELinux is enabled/enforcing.If you
> are running winbindd, (which you probably are in ads mode) you can deal
with this problem in a number of ways:
...
> This will load some additional rules that will allow winbindd to run
> without any (significant) AVC errors.   This should only need to be done
once.

Running winbindd failed indeed in the first instance on RHEL4 because of
SELinux. In SELinux there is however a "winbind_disable_trans" boolean (in
the file: /etc/selinux/targeted/booleans), which is default 0. If you change
this to 1 and reboot the server, winbind will run smoothly on RHEL4.



Thanks Alex, this is the trick to disabling enforcement for a 
particular daemon/subsystem.   There are a number of *_disable_trans 
boolean variables that essentially disable enforcement for the 
corresponding subsystem.


When set to active (1), the boolean flag disables the context 
transition from the root state to the specific context.   Since the 
base/root state has essentially unlimited access under the selinux 
targeted policy, the errors aren't generated and the blocks aren't 
enforced.Of course, this means the protections are disabled as 
well, but just for the winbind subsystem...


Personally, I prefer to have the protections in place and will 
continue to augment the rules as necessary.   Fortunately, the 
additional set of rules I've needed to add have been relatively 
stable over the past few builds.


However, the "winbind_disable_trans" method is certainly much 
simpler.   And would be recommended for those not worried about the 
security through the winbind service.


BTW, the command to change this without editing a file is:

setsebool -P winbind_disable_trans 1


Jerry, any thoughts on including this in the RHEL 
packaging?   Perhaps the following logic flow:


if SELinux is active and enforcing,
if selinux-policy-targeted-sources package is not installed,
if getsebool winbind_disable_trans = 0
then setsebool -P winbind_disable_trans 1

This could alleviate a whole lot of winbind problems for people 
installing RHEL-based packages, and as long as it is documented 
somewhere, is trivial/easy to undo for someone who wants to modify 
their SELinux config later.


This also reminds me that I've been wanting to write up a similar 
patch to handle the selinux chcons for the /var/cache/samba/ --> 
/var/lib/samba/ transition... ;-)



Cheers,
-D

Don Meyer   <[EMAIL PROTECTED]>
Network Manager, ACES Academic Computing Facility
Technical System Manager, ACES TeleNet System
UIUC College of ACES, Information Technology and Communication Services

  "They that can give up essential liberty to obtain a little 
temporary safety,
deserve neither liberty or safety." -- Benjamin Franklin, 1759 


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

RE: [Samba] NET ADS JOIN error

[Howard Wilkinson]

Check that the backslashes are not being interpolated by the shell you may want 
to try.
 
net ads join "United States\\Tredyffrin\\Resource\\Servers" -U trimblrd
 
Howard.
 
Coherent Technology Limited, 23 Northampton Square, Finsbury, London EC1V 0HL, 
United Kingdom
Telephone: +44 20 76907075  Fax: +44 20 79230110 Mobile: +44 7980 639379
Company Email: [EMAIL PROTECTED] Website: http://www.cohtech.com 
  



From: [EMAIL PROTECTED] on behalf of Trimble, Ronald D
Sent: Fri 2006-07-14 16:06
To: samba@lists.samba.org
Subject: [Samba] NET ADS JOIN error



Can anyone shed some light on this error?  I can't seem to find any
information as to why it is failing.  Thanks.



USTR-MINT-A-1:~ # net ads join "United
States\Tredyffrin\Resources\Servers" -U trimblrd

trimblrd's password:

Failed to pre-create the machine object in OU United
States\Tredyffrin\Resources\Servers.



I have tried two different domain admin accounts and I get the same
error each time.  It strange since the object already exists in AD.

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] NET ADS JOIN error

[Gerald (Jerry) Carter]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Trimble, Ronald D wrote:
> Can anyone shed some light on this error?  I can't seem to find any
> information as to why it is failing.  Thanks.
> 
>  
> 
> USTR-MINT-A-1:~ # net ads join "United
> States\Tredyffrin\Resources\Servers" -U trimblrd
> 
> trimblrd's password:
> 
> Failed to pre-create the machine object in OU United
> States\Tredyffrin\Resources\Servers.

If the account already exists, you don't need to specify
the OU when joining.



cheers, jerry
=
Samba--- http://www.samba.org
Centeris ---  http://www.centeris.com
"What man is a man who does not make the world better?"  --Balian
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.2 (GNU/Linux)
Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org

iD8DBQFEt71UIR7qMdg1EfYRAsVjAJ9kzvriagkMjRdCmVn3sn62gihXDACfU08V
GHzyqKrVL1FkU+gD5RH+Jls=
=tG/f
-END PGP SIGNATURE-
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Open files

[Jeremy Allison]

On Fri, Jul 14, 2006 at 11:44:00AM -0400, Jack Gostl wrote:
> 
> Bingo! That did it. Now I'm sure there is a penalty for this, like two PCs 
> hitting the same file at the same time, right? I'm willing to live with 
> that for awhile.

Actually no, so long as all the clients are coming in from Windows
everything will work fine. The "posix locking" parameter is used
to make the Windows locks visible to local (or NFS) access.

If all access is via Windows it doesn't cause any problems disabling
it.

Jeremy.
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Open files

[Jack Gostl]

- Original Message - 
From: "Jeremy Allison" <[EMAIL PROTECTED]>

To: "Jack Gostl" <[EMAIL PROTECTED]>
Cc: "Jeremy Allison" <[EMAIL PROTECTED]>; "Samba" 
Sent: Friday, July 14, 2006 11:12 AM
Subject: Re: [Samba] Open files



On Fri, Jul 14, 2006 at 11:10:44AM -0400, Jack Gostl wrote:


Pardon the idiot questions.

I added "posix locking=no" (with and without spaces) to the global 
section

of smb.conf and got an error from testparms.


You must have added something else... (just a point, don't add the " 
characters

around it - that was to differentiate it from the rest of the email text).

Here's the definition from the source code :

   {"posix locking", P_BOOL, P_LOCAL, &sDefault.bPosixLocking, NULL, 
NULL, FLAG_ADVANCED | FLAG_SHARE | FLAG_GLOBAL},


So it's definately in there (a per-share parameter).

Jeremy.



Bingo! That did it. Now I'm sure there is a penalty for this, like two PCs 
hitting the same file at the same time, right? I'm willing to live with that 
for awhile.


I have the two debug 10 level log file, but one is on 2.07 and the other is 
after I put in the posix locking = no. I would think that the 2.07 might be 
of some use, but I'll understand if its not.


I guess the next step is to get 3.0.23 to compile on my AIX 5.3 test box, 
and run the debug 10 again but without the posix lock = no.



--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

RE: [Samba] NET ADS JOIN error

[Trimble, Ronald D]

I get the same error either way.

-Original Message-
From: Howard Wilkinson [mailto:[EMAIL PROTECTED] 
Sent: Friday, July 14, 2006 11:16 AM
To: Trimble, Ronald D; samba@lists.samba.org
Subject: RE: [Samba] NET ADS JOIN error

Check that the backslashes are not being interpolated by the shell you
may want to try.
 
net ads join "United States\\Tredyffrin\\Resource\\Servers" -U trimblrd
 
Howard.
 
Coherent Technology Limited, 23 Northampton Square, Finsbury, London
EC1V 0HL, United Kingdom
Telephone: +44 20 76907075  Fax: +44 20 79230110 Mobile: +44 7980 639379
Company Email: [EMAIL PROTECTED] Website: http://www.cohtech.com
  



From: [EMAIL PROTECTED] on behalf of
Trimble, Ronald D
Sent: Fri 2006-07-14 16:06
To: samba@lists.samba.org
Subject: [Samba] NET ADS JOIN error



Can anyone shed some light on this error?  I can't seem to find any
information as to why it is failing.  Thanks.



USTR-MINT-A-1:~ # net ads join "United
States\Tredyffrin\Resources\Servers" -U trimblrd

trimblrd's password:

Failed to pre-create the machine object in OU United
States\Tredyffrin\Resources\Servers.



I have tried two different domain admin accounts and I get the same
error each time.  It strange since the object already exists in AD.

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Joop Martens is afwezig/out of office.

[joop . martens]

I will be out of the office starting  14/07/2006 and will not return until
31/07/2006.

Ik antwoord op uw bericht wanneer ik terug ben.
Voor dringende zaken kunt u contact opnemen met:

I will respond to your message when I’m back from holiday.
For imported things you can contact:

Paul de Bruijn
ICT Lekkerland Nederland & Conway Belgie
   Databases,Middleware en Beheer
tel: +31 (0)40-2943039
  +31 (0) 522-239870
email [EMAIL PROTECTED]-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Open files

[Jeremy Allison]

On Fri, Jul 14, 2006 at 11:10:44AM -0400, Jack Gostl wrote:
> 
> Pardon the idiot questions.
> 
> I added "posix locking=no" (with and without spaces) to the global section 
> of smb.conf and got an error from testparms.

You must have added something else... (just a point, don't add the " characters
around it - that was to differentiate it from the rest of the email text).

Here's the definition from the source code :

{"posix locking", P_BOOL, P_LOCAL, &sDefault.bPosixLocking, NULL, NULL, 
FLAG_ADVANCED | FLAG_SHARE | FLAG_GLOBAL},

So it's definately in there (a per-share parameter).

Jeremy.
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Open files

[Jack Gostl]

- Original Message - 
From: "Jeremy Allison" <[EMAIL PROTECTED]>

To: "Jack Gostl" <[EMAIL PROTECTED]>
Cc: "Samba" 
Sent: Friday, July 14, 2006 10:56 AM
Subject: Re: [Samba] Open files



On Fri, Jul 14, 2006 at 08:51:48AM -0400, Jack Gostl wrote:

Hello

I'm running a Win2K box with a dialogic voice application. The prompt 
files
are on an AIX 5.1 box. By using smbstatus I'm finding that the prompt 
files

aren't closing. The open files build up until the server hits the per
process limit, at which point everything falls apart.

I was running samba 2.07, but I just upgraded to 3.0.23rc3 and I still 
have

the problem.

I used fuser and lsof to verify that the files were indeed open and owned
by samba, so its not something as simple as a misunderstanding of locks.

The files are being managed by the Dialogic library so it is unlikely to 
be

an application problem, but to double check, I switched to NFS (ugh) and
lsof shows no open files. Dialogic (now Intel) of course washes their 
hands

in this, saying it doesn't happen with local files, it can't be there
problem. I quesiton that logic since shared files are never quite the 
same.


I'm running out of ideas.


Send in a debug level 10 log covering the point you think it should be
closing the files. If an outstanding POSIX lock is held on a file it
can be help open deliberately. To test this try setting "posix locking = 
no".


Jeremy.



Pardon the idiot questions.

I added "posix locking=no" (with and without spaces) to the global section 
of smb.conf and got an error from testparms.



--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] NET ADS JOIN error

[Trimble, Ronald D]

Can anyone shed some light on this error?  I can't seem to find any
information as to why it is failing.  Thanks.

 

USTR-MINT-A-1:~ # net ads join "United
States\Tredyffrin\Resources\Servers" -U trimblrd

trimblrd's password:

Failed to pre-create the machine object in OU United
States\Tredyffrin\Resources\Servers.

 

I have tried two different domain admin accounts and I get the same
error each time.  It strange since the object already exists in AD.

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Open files

[Jeremy Allison]

On Fri, Jul 14, 2006 at 08:51:48AM -0400, Jack Gostl wrote:
> Hello
> 
> I'm running a Win2K box with a dialogic voice application. The prompt files 
> are on an AIX 5.1 box. By using smbstatus I'm finding that the prompt files 
> aren't closing. The open files build up until the server hits the per 
> process limit, at which point everything falls apart.
> 
> I was running samba 2.07, but I just upgraded to 3.0.23rc3 and I still have 
> the problem.
> 
> I used fuser and lsof to verify that the files were indeed open and owned 
> by samba, so its not something as simple as a misunderstanding of locks.
> 
> The files are being managed by the Dialogic library so it is unlikely to be 
> an application problem, but to double check, I switched to NFS (ugh) and 
> lsof shows no open files. Dialogic (now Intel) of course washes their hands 
> in this, saying it doesn't happen with local files, it can't be there 
> problem. I quesiton that logic since shared files are never quite the same.
> 
> I'm running out of ideas.

Send in a debug level 10 log covering the point you think it should be
closing the files. If an outstanding POSIX lock is held on a file it
can be help open deliberately. To test this try setting "posix locking = no".

Jeremy.
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Win2k Master Browser believes Linux box is master browser

[Mark Cooke]

Hi,

We currently have a very small network with a Windows Small Business  
Server acting as an ADS Master Browser,
we also have a Debian Sarge Samba Server, this sharing a single  
directory at the Share level (security is not really that dig a concern,

as this is open to anyone in the company).
The Samba server has the workgroup set the the same domain as the  
Windows ADS, but it has not joined the domain.


In the windows logs we have the following errors (every so often):


Event Type: Error
Event Source:   MRxSmb
Event Category: None
Event ID:   8003
Date:   14/07/2006
Time:   12:08:48
User:   N/A
Computer:   SBS-SRV
Description:
The master browser has received a server announcement from the  
computer DEV that believes that it is the master browser for the  
domain on transport NetBT_Tcpip_{86ADC2FD-1F86-41AB-AEC1. The master  
browser is stopping or an election is being forced.




After some searching on this mailing list and google, I came up with  
some configuration options to add to the
smb.conf, but this mas not really helped eliminate the errors on the  
Windows box.


The following options have been added/commented out:

; remote browse sync
; remote announce
domain master = no
os level =


If anyone can point to any more options, I need to alter or add, any  
help would be greatly appreciated.


Thanks in advance

Mark
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] rpcclient: NT_STATUS_LOGON_FAILURE

[Daniel]

hi to everyone,

my name is Daniel and I'm currently trying to upload the driver for a
printer in a company's network. The printer in question is a Kyocera
Mita FS-C5016N, but actually that's not my problem.

My problem is that I'm not able to execute RPC calls on my laptop,.
I've successfully added the PostScript driver (with cupsaddsmb) to the
Samba share "print$", but I need to share the propretary/native driver
for the Windows clients. The cupsaddsmb executes also rpcclient, but
not through the network, but locally, and that seems to work.

I can't simply execute no command of rpcclient!

I'm working on a laptop (Windows XP Professional) and I'm connected
through SSH (with putty) to a Linux server (as root). The name/ip of
my laptop is "PC-Daniel"/192.168.100.117 and the username is Daniel.

Here is the output of the command:

INFO: Current debug levels:
 all: True/10
 tdb: False/0
 printdrivers: False/0
 lanman: False/0
 smb: False/0
 rpc_parse: False/0
 rpc_srv: False/0
 rpc_cli: False/0
 passdb: False/0
 sam: False/0
 auth: False/0
 winbind: False/0
 vfs: False/0
 idmap: False/0
 quota: False/0
 acls: False/0
 locking: False/0
 msdfs: False/0
added interface ip=192.168.100.4 bcast=192.168.100.255 nmask=255.255.255.0
Netbios name list:-
my_netbios_names[0]="SERVER04"
lp_load: refreshing parameters
Initialising global parameters
params.c:pm_process() - Processing configuration file "/etc/samba/smb.conf"
Processing section "[global]"
doing parameter workgroup = PANSUR
doing parameter load printers = yes
doing parameter printing = cups
doing parameter printcap name = cups
doing parameter printcap cache time = 750
doing parameter cups options = raw
doing parameter printer admin = @ntadmin, root, administrator
WARNING: The "printer admin" option is deprecated
doing parameter username map = /etc/samba/smbusers
doing parameter map to guest = Bad User
doing parameter logon path = \\%L\profiles\.msprofile
doing parameter logon home = \\%L\%U\.9xprofile
doing parameter logon drive = P:
doing parameter passdb backend = smbpasswd
doing parameter domain logons = no
doing parameter local master = yes
doing parameter wins server = 192.168.100.1
doing parameter wins support = no
doing parameter netbios name = server04
handle_netbios_name: set global_myname to: SERVER04
doing parameter add machine script =
doing parameter preferred master = auto
doing parameter encrypt passwords = yes
doing parameter security = domain
doing parameter password server = *
doing parameter winbind separator = +
doing parameter idmap uid = 1-2
doing parameter idmap gid = 1-2
doing parameter winbind enum users = yes
doing parameter winbind enum groups = yes
doing parameter winbind use default domain = yes
doing parameter template homedir = /home/%U
doing parameter template shell = /bin/false
doing parameter hosts allow = 192.168.100. 127.0.0.1
doing parameter server string = %L
pm_process() returned Yes
lp_servicenumber: couldn't find homes
set_server_role: role = ROLE_DOMAIN_MEMBER
Attempting to register new charset UCS-2LE
Registered charset UCS-2LE
Attempting to register new charset UTF-16LE
Registered charset UTF-16LE
Attempting to register new charset UCS-2BE
Registered charset UCS-2BE
Attempting to register new charset UTF-16BE
Registered charset UTF-16BE
Attempting to register new charset UTF8
Registered charset UTF8
Attempting to register new charset UTF-8
Registered charset UTF-8
Attempting to register new charset ASCII
Registered charset ASCII
Attempting to register new charset 646
Registered charset 646
Attempting to register new charset ISO-8859-1
Registered charset ISO-8859-1
Attempting to register new charset UCS2-HEX
Registered charset UCS2-HEX
Substituting charset 'UTF-8' for LOCALE
Substituting charset 'UTF-8' for LOCALE
Substituting charset 'UTF-8' for LOCALE
Substituting charset 'UTF-8' for LOCALE
Substituting charset 'UTF-8' for LOCALE
Substituting charset 'UTF-8' for LOCALE
Substituting charset 'UTF-8' for LOCALE
Substituting charset 'UTF-8' for LOCALE
Substituting charset 'UTF-8' for LOCALE
Substituting charset 'UTF-8' for LOCALE
Substituting charset 'UTF-8' for LOCALE
Substituting charset 'UTF-8' for LOCALE
Substituting charset 'UTF-8' for LOCALE
Substituting charset 'UTF-8' for LOCALE
Substituting charset 'UTF-8' for LOCALE
Substituting charset 'UTF-8' for LOCALE
Substituting charset 'UTF-8' for LOCALE
Substituting charset 'UTF-8' for LOCALE
Substituting charset 'UTF-8' for LOCALE
Substituting charset 'UTF-8' for LOCALE
Connecting to host=PC-DANIEL
internal_resolve_name: looking up PC-DANIEL#20
Opening cache file at /var/lib/samba/gencache.tdb
Returning valid cache entry: key = NBT/PC-DANIEL#20, value =
192.168.100.117:0, timeout = Fri Jul 14 15:46:58 2006

name PC-DANIEL#20 found.
Connecting to 192.168.100.117 at port 445
socket option SO_KEEPALIVE = 0
socket option SO_REUSEADDR = 0
socket option SO_BROADCAST = 0
socket option TCP_NODELAY = 1
socket option TCP_KEEPCNT = 9
socket option TCP_KEEPIDLE

[Samba] Open files

[Jack Gostl]

Hello

I'm running a Win2K box with a dialogic voice application. The prompt files 
are on an AIX 5.1 box. By using smbstatus I'm finding that the prompt files 
aren't closing. The open files build up until the server hits the per 
process limit, at which point everything falls apart.


I was running samba 2.07, but I just upgraded to 3.0.23rc3 and I still have 
the problem.


I used fuser and lsof to verify that the files were indeed open and owned by 
samba, so its not something as simple as a misunderstanding of locks.


The files are being managed by the Dialogic library so it is unlikely to be 
an application problem, but to double check, I switched to NFS (ugh) and 
lsof shows no open files. Dialogic (now Intel) of course washes their hands 
in this, saying it doesn't happen with local files, it can't be there 
problem. I quesiton that logic since shared files are never quite the same.


I'm running out of ideas.

Jack

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Authenticate users through an AD trust

[Josh]

I've recently connected a Samba server to our domain
(ourdomain.dom) and configured it to send
authentication requests to AD.  I can successfully
authenticate ourdomain.com users from the Samba
server.

ourdomain.com has a trust with a sister company
(theirdomain.com). With this trust we can assign NTFS
permissions to users within theirdomain.com to, for
example, file servers on ourdomain.com.  We also have
numerous groups on ourdomain.com that include many
users from theirdomain.com.

The Samba server does not have access (due to a
firewall on theirdomain.com) to send auth reqeusts
directly to DCs on theirdomain.com.  However,
ourdomain.com DCs can query theirdomain.com DCs (that
hole has been punched).  In addition, our XP machines
can see and select theirdomain.com from the windows
login dropdown and authenticate with a theirdomain.com
user -- since the machines are "connected" to
ourdomain.com the auth request is sent through our DCs
to theirdomain.com.

I'm attempting to do something simliar with Samba:
allow users from theirdomain.com to authenticate even
though the Samba server is "connected" to
ourdomain.com (thus, the auth requests will flow
through ourdomain.com DCs to theirdomain.com DCs). 
However, it doesn't appear to be working.

Here's the [global] section from smb.conf:

[global]
workgroup = OURDOMAIN
realm = OURDOMAIN.COM
preferred master = no
server string = Samba Server
security = ADS
encrypt passwords = yes
log level = 3
log file = /var/log/samba/%m
max log size = 50
winbind separator = +
printcap name = cups
printing = cups
idmap uid = 1-2
idmap gid = 1-2

And here's my krb5.conf:

[logging]
 default = FILE:/var/log/krb5libs.log
 kdc = FILE:/var/log/krb5kdc.log
 admin_server = FILE:/var/log/kadmind.log

[libdefaults]
 default_realm = OURDOMAIN.COM

[realms]
 THEIRDOMAIN.COM = {
  kdc = dc1.ourdomain.com
 }
 OURDOMAIN.COM = {
  kdc = dc1.ourdomain.com
 }

[domain_realms]
 .kerberos.server = OURDOMAIN.COM


I've been testing authentication by using:

> kinit [EMAIL PROTECTED]
This asks me for a password and then successfully
authenticates.

> kinit [EMAIL PROTECTED]
This gives me the following error:
kinit(v5): KRB5 error code 68 while getting initial
credentials


Sorry this is so long winded... I wanted to be sure to
give you the whole scenario.  Thanks for any
assistance you can offer.

Josh



__
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com 
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] USRMGR.exe not working properly

[Gerald (Jerry) Carter]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Holger Wesser wrote:
> Hi there,
> 
> I'm running Debian Sarge with the sernet-packages of Samba. 
> Yesterday I updated from 3.0.22 to 3.0.23. When I start
> the usrmgr.exe, I still are able to modify users but
> I cannot see/modify groups anymore.
> 
> Where could I start to find the problem?

Hmmm...works fine here.  Are none of the groups listed ?
What passdb backend are you using ?





cheers, jerry
=
Samba--- http://www.samba.org
Centeris ---  http://www.centeris.com
"What man is a man who does not make the world better?"  --Balian
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.2 (GNU/Linux)
Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org

iD8DBQFEt42wIR7qMdg1EfYRAij3AKCqLVvNng6janii+qCO2fIS37+u/gCgqrE7
1QdgHbxGUC5HH+D2q3s6vtA=
=URzF
-END PGP SIGNATURE-
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] 3.0.23: assigning users to printers

[Gerald (Jerry) Carter]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Robert Gehr wrote:

> The strange thing is that when in windows I want to assign a user to a
> printer it does not work any longer. A message comes up, telling me it
> could not be established that the printserver belongs to the domain.
> Funny thing is, that the printserver is the PDC. This problem only
> appears in 3.0.23. With 3.0.22 it works all right.

A few people have reported this but I've never been able to
reproduce it.  Please file a bug report and attach a raw
ethereal trace for me as well as level 10 debug log.  Thanks.






cheer, jerry
=
Samba--- http://www.samba.org
Centeris ---  http://www.centeris.com
"What man is a man who does not make the world better?"  --Balian
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.2 (GNU/Linux)
Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org

iD8DBQFEt40yIR7qMdg1EfYRAqirAJ96PSgY7hy5/zIlMHFa+yN6axlttACdGkOR
zUuMXDPxnclh2j/JdfYrd04=
=iSuh
-END PGP SIGNATURE-
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Re: samba Digest, Vol 43, Issue 20

[Ben Stewart]

Hello: I'm away on holidays right now!
If this is an Urgent ticket please submit a repair ticket
herehttp://ts.sd57.bc.ca

I will be checking  my mail still every few days

Or Page #613-4732

Thanks
Benny.nerd

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] 3.0.23: assigning users to printers

[Robert Gehr]

Hello

I just upgraded our PDC from 3.0.22 to 3.0.23 with all the bells and 
whistles.
I am running OpenLdap as a backend and did what's been written in the 
Changelog regarding indexing.


The new version started up fine and worked all right. Netlogons, shares, 
printing etc. I could also assign ACLs to my files as before.


The PDC also works as a printserver running cups with the drivers stored 
in samba.


The strange thing is that when in windows I want to assign a user to a 
printer it does not work any longer. A message comes up, telling me it 
could not be established that the printserver belongs to the domain.
Funny thing is, that the printserver is the PDC. This problem only 
appears in 3.0.23. With 3.0.22 it works all right.


Did I miss something??

Thanks for helping

Rob
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

RE: [Samba] Kerberos Keytab Code Update in 3.0.23

[Scott Armstrong]

Jerry,
>I'll have to check on the semantic checking for
>the UPN attribute. I'd rather (for safety's sake)
>just give it a value:  host/${dNSHostName} attribute.
>That way we know we are consistent.
The previous behavior was: host/[EMAIL PROTECTED] although I disagreed with
that format. I believe you've got the right value: host/[EMAIL PROTECTED]

>Yeah but the previous default required you to have more
>rights that Windows client required so we got slammed for
>that.

Unfortunately there are many cases where DC Group Policies are cranked down
such that only Domain Admins can add/remove machines anyway.

Here's a thought; why not split the two functions?
Adding the machine to the domain (net ads join) handles just what is
necessary for that.
Creating the keytab (net ads keytab create) handles those specific
functions.
Adding additional service principals (net ads keytab add princ1 princ2 ...)
places these principals in other keytabs so the admin can move them to the
appropriate location and set permissions. An example of how this might work
would be that the service principal for http is placed in apache's home with
appropriate permissions so mod_auth_kerb functions using client auth.
Another might be to create a service principal for ldap and place it in /etc
with ownership ldap:nscd so nss_ldap can be configured with sasl gssapi and
proxy auth while maintaining nscd functionality.
If Samba needs some off-the-wall formats for its Kerberos principals in
order to respond to requests for \\HoStNaMe.DOMAIN\Share then create them in
memory on-the-fly as before the keytab management functions were added.
The only other issue that you may have addressed before - why waste the
effort of creating principals using all the encryption types that the client
supports when the only ones that will succeed are those that the server
supports?
Of course it would be nice if all the distributions of Linux, Solaris, AIX,
etc. had versions of kerberos that support rc4-hmac...
Thanks,
Scott

-Original Message-
From: Gerald (Jerry) Carter [mailto:[EMAIL PROTECTED] 
Sent: Thursday, July 13, 2006 5:35 PM
To: Scott Armstrong
Cc: 'Doug VanLeuven'; samba@lists.samba.org
Subject: Re: [Samba] Kerberos Keytab Code Update in 3.0.23

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Scott Armstrong wrote:

>> Or I could add a switch to 'net ads join' that said 
>> "create the UPN".  I don't really want to make it
>> default behavior.  Would that be acceptable?
>
> That would be fine although if you can allow the format 
> of the hostname to be controllable that would be a bonus. I
> think allowing as much as possible to be done at the
> time the machine account is created is best.

I'll have to check on the semantic checking for
the UPN attribute. I'd rather (for safety's sake)
just give it a value:  host/${dNSHostName} attribute.
That way we know we are consistent.

> It's pretty labor intensive to have to log onto the
> Windows DC afterward and run ADSIEdit in order to achieve
> the same result that was the default before the code rewrite.

Yeah but the previous default required you to have more
rights that Windows client required so we got slammed for
that.





cheers, jerry
=
Samba--- http://www.samba.org
Centeris ---  http://www.centeris.com
"What man is a man who does not make the world better?"  --Balian
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.2 (GNU/Linux)
Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org

iD8DBQFEtrxtIR7qMdg1EfYRAvi4AJ0VrM6Y1GstFg9eN4z9F1I04ChC5ACg3AyS
y8sHkxCVnMo9FyFDFDqACH8=
=Etdm
-END PGP SIGNATURE-
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

RE: [Samba] Fedora packages or Enterprise packages of Samba on RHEL4?

[Alex de Vaal]

Don Meyer wrote:

> OK, my advice is to do the following:

> 1) Grab the latest 3.0.23 tarball from one of the Samba mirrors
> 2) expand it into a directory on your RHEL4 systems where you've been
building packages
> 3) cd ./samba-3.0.23/packaging/RHEL/
> 4) exec the command: ". makerpms.sh"
> 5) when the package build is finished: cd /usr/src/redhat/RPMS/i386/

> You should have a nice set of up-to-date packages for your RHEL4 
> system in this directory.   Thanks to Jerry and all the others for 
> the attention in the last couple versions to the RHEL packaging...

Thanx for the tip Don! Didn't know there was a RHEL section in the packaging
directory. I played before with the "makerpms.sh" script for RHL9, so I know
the drill... ;)
Good tip for newbies though. ;)


> There are two caveats with this:

> a) The cache directory is moved from /var/cache/samba/ to 
> /var/lib/samba/.   This move does not adjust the SELinux labels when 
> it creates the new directory, and since it copies files - the files are
created with the incorrect labels inherited from the new 
> directory.  I only had to do it once, but IIRC - executing "mv 
> /var/cache/samba /var/lib" before installing the new packages worked for
me on a new system.

Ok, the Samba databases are in RHL9 and Fedora already in the
/var/lib/samba/ dir. The Samba database of hte Fedora source package I
compiled and installed on RHEL4 are also in the /var/lib/samba/ dir.

> b) The smbd and nmbd services run fine under the standard RHEL4 
> selinux-policy-targeted ruleset.   However, winbindd rules aren't in 
> this set, and will fail if SELinux is enabled/enforcing.If you 
> are running winbindd, (which you probably are in ads mode) you can deal
with this problem in a number of ways:
...
> This will load some additional rules that will allow winbindd to run 
> without any (significant) AVC errors.   This should only need to be done
once.

Running winbindd failed indeed in the first instance on RHEL4 because of
SELinux. In SELinux there is however a "winbind_disable_trans" boolean (in
the file: /etc/selinux/targeted/booleans), which is default 0. If you change
this to 1 and reboot the server, winbind will run smoothly on RHEL4.

Regards,
Alex.


-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

RE: [Samba] Fedora packages or Enterprise packages of Samba on RHEL4?

[Alex de Vaal]

Gerald (Jerry) Carter wrote:

> If you need support for the SerNet packages, you will have to contact
SerNet.

Ok, clear. Does SerNet have their own SVN source of Samba then? Or are they
using the one of samba.org?
If not, what is the technical difference of enterprisesamba and the
"original" samba then?

> The Fedora specfile provided with Samba is compatible with RHEL4.  
> I don't build RHEL4 packages only because IMO if you pay for support for
RedHat,
> installing non-vendor supplied packages would void your support agreement.

Right, I only wanted to know if there are technical issues NOT to use the
Fedora packages on RHEL4. 
Somebody in the list already gave a tip that there is a RHEL section in the
packaging directory (tarball of 3.0.23), which contains the "makerpms.sh"
script to create the RPMS for RHEL4.
I'll use this one to create the RPMS for RHEL4, unless you say there is no
difference with the src.rpm of Fedora.
I'll ask Red Hat if I void the support agreement if I only use the Samba
packages of samba.org on my RHEL4 server. I'd like to use the samba packages
from "the source" on my servers, because I have very good experience with
that. I'd like to mention the patch for W2k3 server SP1 that was created
almost instantly by the Samba Team after the release of SP1 and a few other
issues I had, like the DC (LDAP) server failover, were solved by the Samba
Team. I doubt if I get this kind of support for Samba from Red Hat...

> Althought I could provide RPMS for the lates version of CentOS
> which should be binary comatible with RHEL4 systems.

Correct, my Swiss colleague uses CentOS and he uses the Red Hat
enterprisesamba packages of RHEL4 on his servers without problems.

> While I'm at it, is there any pressing need for 64-bit rpms as well?

For me not, but maybe for others out there... ;)

Regards,
Alex.


-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Q: mount -t smbfs: "cli_negprot: SMB signing is mandatory and we have disabled it."

[Ulrich Windl]

On 14 Jul 2006 at 15:47, Andrew Bartlett wrote:

> smbfs does not support SMB signing.  Try the more modern cifsfs.
> 

Thanks for the hint, it actually helped. However I'm having the problem that
mount -t cifs -ouser=uname //rkapoka1/HostData ~/stest
works when entering the password interactively, while
mount -t cifs -ocredentials=scred //rkapoka1/HostData ~/stest
does not work when the correct password had been specified in the credential 
file 
as documented.

OK, found that as well: there are no blanks allowed around '=' (in 
contradiction 
to "cmb.conf standards". Maybe add an extra line of warning to the manual page 
of 
mount.cifs.

Problem solved now, thanks for the excellent reply, and sorry about my dumbness.

Ulrich

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] USRMGR.exe not working properly

[Collen Blijenberg]

what do you see with the 'net groupmap list'  command..

maybe you need to map them manually, (net group add .)
coz' this became the default behavior for the 3.0.23 version...

Cheers

Collen

Holger Wesser wrote:

Hi there,

I'm running Debian Sarge with the sernet-packages of Samba. Yesterday I
updated from 3.0.22 to 3.0.23. When I start the usrmgr.exe, I still are
able to modify users but I cannot see/modify groups anymore.

Where could I start to find the problem?

Thanks.
Holger
  



--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] LDAP Attributes

[Carlos Eduardo Pedroza Santiviago]

Hi,

[...]


I was asked to implement logon and logoff control in our network. I read
in the link below that those parameters are no used (unless not yet). Is
there any other way to do it? Or any hope that it will be implemented
soon?


http://samba.org/samba/docs/man/Samba-HOWTO-Collection/passdb.html

sambaLogonTimeInteger value currently unused.
sambaLogoffTimeInteger value currently unused.


[...]

Maybe this can help you:

http://lists.samba.org/archive/samba/2006-January/115883.html
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Problem with winbind

[Nikolay V. Krasko]

Hello everyone!
I have samba-3.0.10-1.4E.6 under CentOS 4.3 and have such a kind of problem
with winbind:
when i am adding one of the Windows users to group those changes are not
visible on Linux box.
For example, i've add user 'vic' to group Webmasters under Windows. I wait
for 24 hours and after it i've entered command:

# id vic
uid=10124(vic) gid=10004(Domain Users) groups=10004(Domain Users)

but when i've made:
# getent group | grep Webmasters
Webmasters:x:10047:user1,user2,user3,user4,vic,user5

As we can see user vic and other users are in group Webmasters.

#id user5
uid=10068(user5) gid=10004(Domain Users) groups=10004(Domain
Users),10047(Webmasters),10048(Power Users)

i've reboted my PDC, restarted samba and winbind, but it didn't help me.

What is the problem?

Nikolay Krasko

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

Re: [Samba] Samba 3.0.23 winbind use default domain = yes behaviour

[Dietrich Streifert]

Hi John,

this is already filed as a bug:

https://bugzilla.samba.org/show_bug.cgi?id=3920

and Jerry is working on it.

I'v attached an inofficial not supported patch against relaease 3.0.23 
of nsswitch/winbindd_group.c which reverted the change and worked for me.




John schrieb:

Hello list,

I encountered a problem in Samba 3.0.23 regarding the winbind use default 
domain = yes behaviour.
It only works for the users an NOT anymore for the Group. So this make 
getent group to show NETBIOSDOMAINNAME/group which course mail squid 
configuration to fail. My squid configuration allowed access based on the AD 
groups, which are provided by Winbindd.

Tested distribution:
SuSE 9.0, CentOS 4.3
Samba build: Sernet 3.0.23
Is this a bug or is this by design? Does anybody know a way to getent group 
to honour the winbind use default domain = yes option?


Regards,
John
The Netherlands. 




  


--
Mit freundlichen Grüßen
Dietrich Streifert
Visionet GmbH

--- samba-3.0.23.orig/source/nsswitch/winbindd_group.c  Fri Jun 23 15:16:50 2006
+++ samba-3.0.23/source/nsswitch/winbindd_group.c   Thu Jul 13 10:34:06 2006
@@ -42,7 +42,7 @@
 {
fstring full_group_name;
 
-   fill_domain_username( full_group_name, dom_name, gr_name, False);
+   fill_domain_username( full_group_name, dom_name, gr_name, True);
 
gr->gr_gid = unix_gid;
 
@@ -146,7 +146,7 @@
 
/* Append domain name */
 
-   fill_domain_username(name, domain->name, the_name, False);
+   fill_domain_username(name, domain->name, the_name, True);
 
len = strlen(name);

@@ -752,7 +752,7 @@
/* Fill in group entry */
 
fill_domain_username(domain_group_name, ent->domain_name, 
-name_list[ent->sam_entry_index].acct_name, False);
+name_list[ent->sam_entry_index].acct_name, True);
 
result = fill_grent(&group_list[group_list_ndx], 
ent->domain_name,
@@ -929,7 +929,7 @@
groups.sam_entries)[i].acct_name; 
fstring name;
 
-   fill_domain_username(name, domain->name, group_name, 
False);
+   fill_domain_username(name, domain->name, group_name, 
True);
/* Append to extra data */  
memcpy(&extra_data[extra_data_len], name, 
strlen(name));
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] USRMGR.exe not working properly

[Holger Wesser]

Hi there,

I'm running Debian Sarge with the sernet-packages of Samba. Yesterday I
updated from 3.0.22 to 3.0.23. When I start the usrmgr.exe, I still are
able to modify users but I cannot see/modify groups anymore.

Where could I start to find the problem?

Thanks.
Holger
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

[Samba] Samba 3.0.23 winbind use default domain = yes behaviour

[John]

Hello list,

I encountered a problem in Samba 3.0.23 regarding the winbind use default 
domain = yes behaviour.
It only works for the users an NOT anymore for the Group. So this make 
getent group to show NETBIOSDOMAINNAME/group which course mail squid 
configuration to fail. My squid configuration allowed access based on the AD 
groups, which are provided by Winbindd.
Tested distribution:
SuSE 9.0, CentOS 4.3
Samba build: Sernet 3.0.23
Is this a bug or is this by design? Does anybody know a way to getent group 
to honour the winbind use default domain = yes option?

Regards,
John
The Netherlands. 



-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba